npm - @frontmcp/sdk - Versions diffs - 0.4.0 → 0.5.0 - Mend

@frontmcp/sdk 0.4.0 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (558) hide show

package/README.md +30 -18
package/package.json +20 -5
package/src/app/app.registry.d.ts +3 -2
package/src/app/app.registry.js +3 -1
package/src/app/app.registry.js.map +1 -1
package/src/app/instances/app.local.instance.js +2 -2
package/src/app/instances/app.local.instance.js.map +1 -1
package/src/auth/auth.registry.d.ts +34 -2
package/src/auth/auth.registry.js +162 -24
package/src/auth/auth.registry.js.map +1 -1
package/src/auth/auth.utils.js +8 -9
package/src/auth/auth.utils.js.map +1 -1
package/src/auth/authorization/authorization.class.d.ts +125 -0
package/src/auth/authorization/authorization.class.js +224 -0
package/src/auth/authorization/authorization.class.js.map +1 -0
package/src/auth/authorization/authorization.types.d.ts +300 -0
package/src/auth/authorization/authorization.types.js +79 -0
package/src/auth/authorization/authorization.types.js.map +1 -0
package/src/auth/authorization/index.d.ts +5 -0
package/src/auth/authorization/index.js +19 -0
package/src/auth/authorization/index.js.map +1 -0
package/src/auth/authorization/orchestrated.authorization.d.ts +242 -0
package/src/auth/authorization/orchestrated.authorization.js +306 -0
package/src/auth/authorization/orchestrated.authorization.js.map +1 -0
package/src/auth/authorization/public.authorization.d.ts +91 -0
package/src/auth/authorization/public.authorization.js +132 -0
package/src/auth/authorization/public.authorization.js.map +1 -0
package/src/auth/authorization/transparent.authorization.d.ts +130 -0
package/src/auth/authorization/transparent.authorization.js +147 -0
package/src/auth/authorization/transparent.authorization.js.map +1 -0
package/src/auth/consent/consent.types.d.ts +111 -0
package/src/auth/consent/consent.types.js +119 -0
package/src/auth/consent/consent.types.js.map +1 -0
package/src/auth/consent/index.d.ts +1 -0
package/src/auth/consent/index.js +13 -0
package/src/auth/consent/index.js.map +1 -0
package/src/auth/detection/auth-provider-detection.d.ts +84 -0
package/src/auth/detection/auth-provider-detection.js +230 -0
package/src/auth/detection/auth-provider-detection.js.map +1 -0
package/src/auth/detection/index.d.ts +1 -0
package/src/auth/detection/index.js +15 -0
package/src/auth/detection/index.js.map +1 -0
package/src/auth/flows/auth.verify.flow.d.ts +110 -0
package/src/auth/flows/auth.verify.flow.js +379 -0
package/src/auth/flows/auth.verify.flow.js.map +1 -0
package/src/auth/flows/oauth.authorize.flow.d.ts +118 -164
package/src/auth/flows/oauth.authorize.flow.js +701 -33
package/src/auth/flows/oauth.authorize.flow.js.map +1 -1
package/src/auth/flows/oauth.callback.flow.d.ts +117 -0
package/src/auth/flows/oauth.callback.flow.js +357 -0
package/src/auth/flows/oauth.callback.flow.js.map +1 -0
package/src/auth/flows/oauth.register.flow.d.ts +32 -125
package/src/auth/flows/oauth.token.flow.d.ts +52 -154
package/src/auth/flows/oauth.token.flow.js +193 -55
package/src/auth/flows/oauth.token.flow.js.map +1 -1
package/src/auth/flows/session.verify.flow.d.ts +66 -321
package/src/auth/flows/session.verify.flow.js +107 -18
package/src/auth/flows/session.verify.flow.js.map +1 -1
package/src/auth/flows/well-known.jwks.flow.d.ts +34 -205
package/src/auth/flows/well-known.jwks.flow.js +15 -8
package/src/auth/flows/well-known.jwks.flow.js.map +1 -1
package/src/auth/flows/well-known.oauth-authorization-server.flow.d.ts +48 -223
package/src/auth/flows/well-known.oauth-authorization-server.flow.js +2 -3
package/src/auth/flows/well-known.oauth-authorization-server.flow.js.map +1 -1
package/src/auth/flows/well-known.prm.flow.d.ts +19 -120
package/src/auth/flows/well-known.prm.flow.js +3 -4
package/src/auth/flows/well-known.prm.flow.js.map +1 -1
package/src/auth/instances/instance.local-primary-auth.d.ts +91 -4
package/src/auth/instances/instance.local-primary-auth.js +236 -6
package/src/auth/instances/instance.local-primary-auth.js.map +1 -1
package/src/auth/instances/instance.remote-primary-auth.d.ts +4 -3
package/src/auth/instances/instance.remote-primary-auth.js +2 -2
package/src/auth/instances/instance.remote-primary-auth.js.map +1 -1
package/src/auth/session/authorization-vault.d.ts +611 -0
package/src/auth/session/authorization-vault.js +817 -0
package/src/auth/session/authorization-vault.js.map +1 -0
package/src/auth/session/authorization.store.d.ts +301 -0
package/src/auth/session/authorization.store.js +323 -0
package/src/auth/session/authorization.store.js.map +1 -0
package/src/auth/session/encrypted-authorization-vault.d.ts +181 -0
package/src/auth/session/encrypted-authorization-vault.js +493 -0
package/src/auth/session/encrypted-authorization-vault.js.map +1 -0
package/src/auth/session/index.d.ts +4 -4
package/src/auth/session/index.js +11 -7
package/src/auth/session/index.js.map +1 -1
package/src/auth/session/session.schema.d.ts +1 -1
package/src/auth/session/session.service.d.ts +1 -1
package/src/auth/session/transport-session.manager.d.ts +101 -0
package/src/auth/session/transport-session.manager.js +300 -0
package/src/auth/session/transport-session.manager.js.map +1 -0
package/src/auth/session/transport-session.types.d.ts +457 -0
package/src/auth/session/transport-session.types.js +110 -0
package/src/auth/session/transport-session.types.js.map +1 -0
package/src/auth/session/utils/session-id.utils.d.ts +14 -2
package/src/auth/session/utils/session-id.utils.js +68 -19
package/src/auth/session/utils/session-id.utils.js.map +1 -1
package/src/auth/session/vault-encryption.d.ts +189 -0
package/src/auth/session/vault-encryption.js +263 -0
package/src/auth/session/vault-encryption.js.map +1 -0
package/src/auth/ui/base-layout.d.ts +188 -0
package/src/auth/ui/base-layout.js +292 -0
package/src/auth/ui/base-layout.js.map +1 -0
package/src/auth/ui/htmx-templates.d.ts +135 -0
package/src/auth/ui/htmx-templates.js +433 -0
package/src/auth/ui/htmx-templates.js.map +1 -0
package/src/auth/ui/index.d.ts +11 -0
package/src/auth/ui/index.js +35 -0
package/src/auth/ui/index.js.map +1 -0
package/src/auth/utils/audience.validator.d.ts +129 -0
package/src/auth/utils/audience.validator.js +196 -0
package/src/auth/utils/audience.validator.js.map +1 -0
package/src/auth/utils/index.d.ts +2 -0
package/src/auth/utils/index.js +7 -0
package/src/auth/utils/index.js.map +1 -0
package/src/auth/utils/www-authenticate.utils.d.ts +97 -0
package/src/auth/utils/www-authenticate.utils.js +183 -0
package/src/auth/utils/www-authenticate.utils.js.map +1 -0
package/src/common/common.schema.d.ts +2 -16
package/src/common/constants.d.ts +3 -0
package/src/common/constants.js +6 -1
package/src/common/constants.js.map +1 -1
package/src/common/decorators/decorator-utils.d.ts +131 -0
package/src/common/decorators/decorator-utils.js +195 -0
package/src/common/decorators/decorator-utils.js.map +1 -0
package/src/common/decorators/front-mcp.decorator.js +3 -2
package/src/common/decorators/front-mcp.decorator.js.map +1 -1
package/src/common/decorators/hook.decorator.d.ts +58 -2
package/src/common/decorators/hook.decorator.js +127 -17
package/src/common/decorators/hook.decorator.js.map +1 -1
package/src/common/decorators/plugin.decorator.d.ts +1 -1
package/src/common/decorators/plugin.decorator.js +11 -10
package/src/common/decorators/plugin.decorator.js.map +1 -1
package/src/common/decorators/resource.decorator.d.ts +32 -3
package/src/common/decorators/resource.decorator.js +46 -4
package/src/common/decorators/resource.decorator.js.map +1 -1
package/src/common/decorators/tool.decorator.d.ts +54 -5
package/src/common/decorators/tool.decorator.js.map +1 -1
package/src/common/dynamic/dynamic.plugin.d.ts +22 -11
package/src/common/dynamic/dynamic.plugin.js +7 -1
package/src/common/dynamic/dynamic.plugin.js.map +1 -1
package/src/common/entries/prompt.entry.d.ts +46 -2
package/src/common/entries/prompt.entry.js +10 -0
package/src/common/entries/prompt.entry.js.map +1 -1
package/src/common/entries/resource.entry.d.ts +69 -6
package/src/common/entries/resource.entry.js +27 -3
package/src/common/entries/resource.entry.js.map +1 -1
package/src/common/entries/scope.entry.d.ts +5 -1
package/src/common/entries/scope.entry.js +3 -3
package/src/common/entries/scope.entry.js.map +1 -1
package/src/common/flow/flow.utils.d.ts +56 -0
package/src/common/flow/flow.utils.js +96 -0
package/src/common/flow/flow.utils.js.map +1 -0
package/src/common/index.d.ts +2 -2
package/src/common/index.js +2 -2
package/src/common/index.js.map +1 -1
package/src/common/interfaces/execution-context.interface.d.ts +59 -0
package/src/common/interfaces/execution-context.interface.js +81 -0
package/src/common/interfaces/execution-context.interface.js.map +1 -0
package/src/common/interfaces/flow.interface.d.ts +1 -1
package/src/common/interfaces/flow.interface.js.map +1 -1
package/src/common/interfaces/index.d.ts +1 -0
package/src/common/interfaces/index.js +1 -0
package/src/common/interfaces/index.js.map +1 -1
package/src/common/interfaces/internal/primary-auth-provider.interface.d.ts +17 -2
package/src/common/interfaces/internal/primary-auth-provider.interface.js +52 -4
package/src/common/interfaces/internal/primary-auth-provider.interface.js.map +1 -1
package/src/common/interfaces/internal/registry.interface.d.ts +16 -2
package/src/common/interfaces/internal/registry.interface.js.map +1 -1
package/src/common/interfaces/plugin.interface.js.map +1 -1
package/src/common/interfaces/prompt.interface.d.ts +53 -4
package/src/common/interfaces/prompt.interface.js +78 -0
package/src/common/interfaces/prompt.interface.js.map +1 -1
package/src/common/interfaces/resource.interface.d.ts +47 -17
package/src/common/interfaces/resource.interface.js +53 -0
package/src/common/interfaces/resource.interface.js.map +1 -1
package/src/common/interfaces/tool.interface.d.ts +39 -22
package/src/common/interfaces/tool.interface.js +61 -34
package/src/common/interfaces/tool.interface.js.map +1 -1
package/src/common/metadata/adapter.metadata.d.ts +1 -9
package/src/common/metadata/app.metadata.d.ts +425 -730
package/src/common/metadata/auth-provider.metadata.d.ts +2 -12
package/src/common/metadata/flow.metadata.d.ts +10 -25
package/src/common/metadata/front-mcp.metadata.d.ts +602 -1023
package/src/common/metadata/front-mcp.metadata.js +6 -4
package/src/common/metadata/front-mcp.metadata.js.map +1 -1
package/src/common/metadata/hook.metadata.d.ts +1 -1
package/src/common/metadata/hook.metadata.js.map +1 -1
package/src/common/metadata/index.d.ts +1 -0
package/src/common/metadata/index.js +1 -0
package/src/common/metadata/index.js.map +1 -1
package/src/common/metadata/logger.metadata.d.ts +1 -9
package/src/common/metadata/plugin.metadata.d.ts +8 -30
package/src/common/metadata/prompt.metadata.d.ts +4 -161
package/src/common/metadata/provider.metadata.d.ts +2 -12
package/src/common/metadata/resource.metadata.d.ts +6 -98
package/src/common/metadata/resource.metadata.js +15 -6
package/src/common/metadata/resource.metadata.js.map +1 -1
package/src/common/metadata/tool-ui.metadata.d.ts +10 -0
package/src/common/metadata/tool-ui.metadata.js +12 -0
package/src/common/metadata/tool-ui.metadata.js.map +1 -0
package/src/common/metadata/tool.metadata.d.ts +78 -199
package/src/common/metadata/tool.metadata.js +11 -14
package/src/common/metadata/tool.metadata.js.map +1 -1
package/src/common/providers/base-config.provider.d.ts +84 -0
package/src/common/providers/base-config.provider.js +128 -0
package/src/common/providers/base-config.provider.js.map +1 -0
package/src/common/records/plugin.record.d.ts +5 -6
package/src/common/records/plugin.record.js.map +1 -1
package/src/common/records/prompt.record.js.map +1 -1
package/src/common/records/resource.record.d.ts +17 -1
package/src/common/records/resource.record.js +12 -6
package/src/common/records/resource.record.js.map +1 -1
package/src/common/records/tool.record.js.map +1 -1
package/src/common/schemas/annotated-class.schema.d.ts +9 -9
package/src/common/schemas/annotated-class.schema.js +92 -27
package/src/common/schemas/annotated-class.schema.js.map +1 -1
package/src/common/schemas/http-input.schema.d.ts +6 -30
package/src/common/schemas/http-output.schema.d.ts +326 -1630
package/src/common/schemas/http-output.schema.js +39 -1
package/src/common/schemas/http-output.schema.js.map +1 -1
package/src/common/tokens/front-mcp.tokens.js +4 -1
package/src/common/tokens/front-mcp.tokens.js.map +1 -1
package/src/common/tokens/resource.tokens.d.ts +2 -0
package/src/common/tokens/resource.tokens.js +4 -1
package/src/common/tokens/resource.tokens.js.map +1 -1
package/src/common/tokens/tool.tokens.d.ts +2 -0
package/src/common/tokens/tool.tokens.js +2 -0
package/src/common/tokens/tool.tokens.js.map +1 -1
package/src/common/types/auth/jwt.types.d.ts +5 -31
package/src/common/types/auth/session.types.d.ts +97 -192
package/src/common/types/auth/session.types.js +24 -11
package/src/common/types/auth/session.types.js.map +1 -1
package/src/common/types/options/auth.options.d.ts +1013 -490
package/src/common/types/options/auth.options.js +554 -36
package/src/common/types/options/auth.options.js.map +1 -1
package/src/common/types/options/http.options.d.ts +1 -9
package/src/common/types/options/logging.options.d.ts +7 -13
package/src/common/types/options/logging.options.js +4 -0
package/src/common/types/options/logging.options.js.map +1 -1
package/src/common/types/options/server-info.options.d.ts +3 -31
package/src/common/types/options/session.options.d.ts +90 -10
package/src/common/types/options/session.options.js +26 -3
package/src/common/types/options/session.options.js.map +1 -1
package/src/common/utils/decide-request-intent.utils.d.ts +8 -46
package/src/common/utils/decide-request-intent.utils.js +88 -23
package/src/common/utils/decide-request-intent.utils.js.map +1 -1
package/src/completion/flows/complete.flow.d.ts +74 -0
package/src/completion/flows/complete.flow.js +199 -0
package/src/completion/flows/complete.flow.js.map +1 -0
package/src/errors/authorization-required.error.d.ts +189 -0
package/src/errors/authorization-required.error.js +274 -0
package/src/errors/authorization-required.error.js.map +1 -0
package/src/errors/index.d.ts +2 -1
package/src/errors/index.js +17 -1
package/src/errors/index.js.map +1 -1
package/src/errors/mcp.error.d.ts +101 -1
package/src/errors/mcp.error.js +147 -2
package/src/errors/mcp.error.js.map +1 -1
package/src/flows/flow.instance.js +4 -3
package/src/flows/flow.instance.js.map +1 -1
package/src/flows/flow.registry.js.map +1 -1
package/src/flows/flow.stages.js +14 -11
package/src/flows/flow.stages.js.map +1 -1
package/src/front-mcp/front-mcp.providers.d.ts +464 -102
package/src/front-mcp/front-mcp.providers.js +3 -5
package/src/front-mcp/front-mcp.providers.js.map +1 -1
package/src/hooks/hook.instance.d.ts +1 -1
package/src/hooks/hook.instance.js +5 -2
package/src/hooks/hook.instance.js.map +1 -1
package/src/hooks/hook.registry.js +7 -5
package/src/hooks/hook.registry.js.map +1 -1
package/src/index.d.ts +28 -9
package/src/index.js +5 -1
package/src/index.js.map +1 -1
package/src/logger/instances/instance.logger.js +3 -2
package/src/logger/instances/instance.logger.js.map +1 -1
package/src/logger/logger.registry.js +7 -2
package/src/logger/logger.registry.js.map +1 -1
package/src/logging/flows/set-level.flow.d.ts +62 -0
package/src/logging/flows/set-level.flow.js +108 -0
package/src/logging/flows/set-level.flow.js.map +1 -0
package/src/mcp-apps/csp.d.ts +111 -0
package/src/mcp-apps/csp.js +267 -0
package/src/mcp-apps/csp.js.map +1 -0
package/src/mcp-apps/index.d.ts +23 -0
package/src/mcp-apps/index.js +91 -0
package/src/mcp-apps/index.js.map +1 -0
package/src/mcp-apps/schemas.d.ts +403 -0
package/src/mcp-apps/schemas.js +345 -0
package/src/mcp-apps/schemas.js.map +1 -0
package/src/mcp-apps/template.d.ts +94 -0
package/src/mcp-apps/template.js +419 -0
package/src/mcp-apps/template.js.map +1 -0
package/src/mcp-apps/types.d.ts +323 -0
package/src/mcp-apps/types.js +59 -0
package/src/mcp-apps/types.js.map +1 -0
package/src/notification/index.d.ts +1 -0
package/src/notification/index.js +13 -0
package/src/notification/index.js.map +1 -0
package/src/notification/notification.service.d.ts +378 -0
package/src/notification/notification.service.js +727 -0
package/src/notification/notification.service.js.map +1 -0
package/src/plugin/plugin.registry.js +12 -9
package/src/plugin/plugin.registry.js.map +1 -1
package/src/prompt/flows/get-prompt.flow.d.ts +153 -0
package/src/prompt/flows/get-prompt.flow.js +214 -0
package/src/prompt/flows/get-prompt.flow.js.map +1 -0
package/src/prompt/flows/prompts-list.flow.d.ts +67 -0
package/src/prompt/flows/prompts-list.flow.js +176 -0
package/src/prompt/flows/prompts-list.flow.js.map +1 -0
package/src/prompt/index.d.ts +7 -0
package/src/prompt/index.js +17 -0
package/src/prompt/index.js.map +1 -0
package/src/prompt/prompt.events.d.ts +17 -0
package/src/prompt/prompt.events.js +25 -0
package/src/prompt/prompt.events.js.map +1 -0
package/src/prompt/prompt.instance.d.ts +30 -0
package/src/prompt/prompt.instance.js +120 -0
package/src/prompt/prompt.instance.js.map +1 -0
package/src/prompt/prompt.registry.d.ts +79 -12
package/src/prompt/prompt.registry.js +360 -15
package/src/prompt/prompt.registry.js.map +1 -1
package/src/prompt/prompt.types.d.ts +26 -0
package/src/prompt/prompt.types.js +11 -0
package/src/prompt/prompt.types.js.map +1 -0
package/src/prompt/prompt.utils.d.ts +26 -0
package/src/prompt/prompt.utils.js +136 -0
package/src/prompt/prompt.utils.js.map +1 -0
package/src/provider/provider.registry.d.ts +12 -5
package/src/provider/provider.registry.js +30 -138
package/src/provider/provider.registry.js.map +1 -1
package/src/regsitry/registry.base.d.ts +1 -1
package/src/regsitry/registry.base.js.map +1 -1
package/src/resource/flows/read-resource.flow.d.ts +91 -0
package/src/resource/flows/read-resource.flow.js +270 -0
package/src/resource/flows/read-resource.flow.js.map +1 -0
package/src/resource/flows/resource-templates-list.flow.d.ts +64 -0
package/src/resource/flows/resource-templates-list.flow.js +191 -0
package/src/resource/flows/resource-templates-list.flow.js.map +1 -0
package/src/resource/flows/resources-list.flow.d.ts +64 -0
package/src/resource/flows/resources-list.flow.js +196 -0
package/src/resource/flows/resources-list.flow.js.map +1 -0
package/src/resource/flows/subscribe-resource.flow.d.ts +45 -0
package/src/resource/flows/subscribe-resource.flow.js +123 -0
package/src/resource/flows/subscribe-resource.flow.js.map +1 -0
package/src/resource/flows/unsubscribe-resource.flow.d.ts +44 -0
package/src/resource/flows/unsubscribe-resource.flow.js +107 -0
package/src/resource/flows/unsubscribe-resource.flow.js.map +1 -0
package/src/resource/index.d.ts +8 -0
package/src/resource/index.js +20 -0
package/src/resource/index.js.map +1 -0
package/src/resource/resource.events.d.ts +24 -0
package/src/resource/resource.events.js +17 -0
package/src/resource/resource.events.js.map +1 -0
package/src/resource/resource.instance.d.ts +35 -0
package/src/resource/resource.instance.js +163 -0
package/src/resource/resource.instance.js.map +1 -0
package/src/resource/resource.registry.d.ts +106 -12
package/src/resource/resource.registry.js +449 -13
package/src/resource/resource.registry.js.map +1 -1
package/src/resource/resource.types.d.ts +35 -0
package/src/resource/resource.types.js +11 -0
package/src/resource/resource.types.js.map +1 -0
package/src/resource/resource.utils.d.ts +30 -0
package/src/resource/resource.utils.js +151 -0
package/src/resource/resource.utils.js.map +1 -0
package/src/scope/flows/http.request.flow.d.ts +48 -330
package/src/scope/flows/http.request.flow.js +306 -78
package/src/scope/flows/http.request.flow.js.map +1 -1
package/src/scope/scope.instance.d.ts +12 -0
package/src/scope/scope.instance.js +145 -15
package/src/scope/scope.instance.js.map +1 -1
package/src/tool/flows/call-tool.flow.d.ts +64 -1110
package/src/tool/flows/call-tool.flow.js +303 -15
package/src/tool/flows/call-tool.flow.js.map +1 -1
package/src/tool/flows/tools-list.flow.d.ts +32 -473
package/src/tool/flows/tools-list.flow.js +111 -10
package/src/tool/flows/tools-list.flow.js.map +1 -1
package/src/tool/tool.events.d.ts +8 -1
package/src/tool/tool.events.js.map +1 -1
package/src/tool/tool.instance.d.ts +3 -1
package/src/tool/tool.instance.js +17 -3
package/src/tool/tool.instance.js.map +1 -1
package/src/tool/tool.registry.d.ts +7 -1
package/src/tool/tool.registry.js +26 -10
package/src/tool/tool.registry.js.map +1 -1
package/src/tool/tool.types.d.ts +4 -4
package/src/tool/tool.types.js.map +1 -1
package/src/tool/tool.utils.d.ts +3 -12
package/src/tool/tool.utils.js +39 -193
package/src/tool/tool.utils.js.map +1 -1
package/src/tool/ui/index.d.ts +22 -0
package/src/tool/ui/index.js +63 -0
package/src/tool/ui/index.js.map +1 -0
package/src/tool/ui/platform-adapters.d.ts +10 -0
package/src/tool/ui/platform-adapters.js +18 -0
package/src/tool/ui/platform-adapters.js.map +1 -0
package/src/tool/ui/template-helpers.d.ts +46 -0
package/src/tool/ui/template-helpers.js +112 -0
package/src/tool/ui/template-helpers.js.map +1 -0
package/src/tool/ui/ui-resource-template.d.ts +34 -0
package/src/tool/ui/ui-resource-template.js +64 -0
package/src/tool/ui/ui-resource-template.js.map +1 -0
package/src/tool/ui/ui-resource.handler.d.ts +74 -0
package/src/tool/ui/ui-resource.handler.js +129 -0
package/src/tool/ui/ui-resource.handler.js.map +1 -0
package/src/transport/adapters/transport.local.adapter.d.ts +2 -2
package/src/transport/adapters/transport.local.adapter.js +28 -7
package/src/transport/adapters/transport.local.adapter.js.map +1 -1
package/src/transport/adapters/transport.sse.adapter.d.ts +2 -2
package/src/transport/adapters/transport.sse.adapter.js +4 -3
package/src/transport/adapters/transport.sse.adapter.js.map +1 -1
package/src/transport/adapters/transport.streamable-http.adapter.d.ts +10 -3
package/src/transport/adapters/transport.streamable-http.adapter.js +54 -8
package/src/transport/adapters/transport.streamable-http.adapter.js.map +1 -1
package/src/transport/flows/handle.sse.flow.d.ts +29 -63
package/src/transport/flows/handle.sse.flow.js +78 -10
package/src/transport/flows/handle.sse.flow.js.map +1 -1
package/src/transport/flows/handle.stateless-http.flow.d.ts +29 -0
package/src/transport/flows/handle.stateless-http.flow.js +102 -0
package/src/transport/flows/handle.stateless-http.flow.js.map +1 -0
package/src/transport/flows/handle.streamable-http.flow.d.ts +32 -64
package/src/transport/flows/handle.streamable-http.flow.js +158 -26
package/src/transport/flows/handle.streamable-http.flow.js.map +1 -1
package/src/transport/legacy/legacy.sse.tranporter.d.ts +9 -0
package/src/transport/legacy/legacy.sse.tranporter.js +17 -2
package/src/transport/legacy/legacy.sse.tranporter.js.map +1 -1
package/src/transport/mcp-handlers/call-tool-request.handler.js +27 -1
package/src/transport/mcp-handlers/call-tool-request.handler.js.map +1 -1
package/src/transport/mcp-handlers/complete-request.handler.d.ts +69 -0
package/src/transport/mcp-handlers/complete-request.handler.js +11 -0
package/src/transport/mcp-handlers/complete-request.handler.js.map +1 -0
package/src/transport/mcp-handlers/get-prompt-request.handler.d.ts +87 -0
package/src/transport/mcp-handlers/get-prompt-request.handler.js +11 -0
package/src/transport/mcp-handlers/get-prompt-request.handler.js.map +1 -0
package/src/transport/mcp-handlers/index.d.ts +517 -208
package/src/transport/mcp-handlers/index.js +39 -2
package/src/transport/mcp-handlers/index.js.map +1 -1
package/src/transport/mcp-handlers/initialize-request.handler.d.ts +1 -1
package/src/transport/mcp-handlers/initialize-request.handler.js +73 -7
package/src/transport/mcp-handlers/initialize-request.handler.js.map +1 -1
package/src/transport/mcp-handlers/list-prompts-request.handler.d.ts +54 -0
package/src/transport/mcp-handlers/list-prompts-request.handler.js +11 -0
package/src/transport/mcp-handlers/list-prompts-request.handler.js.map +1 -0
package/src/transport/mcp-handlers/list-resource-templates-request.handler.d.ts +51 -0
package/src/transport/mcp-handlers/list-resource-templates-request.handler.js +12 -0
package/src/transport/mcp-handlers/list-resource-templates-request.handler.js.map +1 -0
package/src/transport/mcp-handlers/list-resources-request.handler.d.ts +51 -0
package/src/transport/mcp-handlers/list-resources-request.handler.js +12 -0
package/src/transport/mcp-handlers/list-resources-request.handler.js.map +1 -0
package/src/transport/mcp-handlers/list-tools-request.handler.d.ts +19 -146
package/src/transport/mcp-handlers/logging-set-level-request.handler.d.ts +46 -0
package/src/transport/mcp-handlers/logging-set-level-request.handler.js +34 -0
package/src/transport/mcp-handlers/logging-set-level-request.handler.js.map +1 -0
package/src/transport/mcp-handlers/mcp-handlers.types.d.ts +3 -7
package/src/transport/mcp-handlers/mcp-handlers.types.js.map +1 -1
package/src/transport/mcp-handlers/read-resource-request.handler.d.ts +46 -0
package/src/transport/mcp-handlers/read-resource-request.handler.js +12 -0
package/src/transport/mcp-handlers/read-resource-request.handler.js.map +1 -0
package/src/transport/mcp-handlers/roots-list-changed-notification.handler.d.ts +11 -0
package/src/transport/mcp-handlers/roots-list-changed-notification.handler.js +26 -0
package/src/transport/mcp-handlers/roots-list-changed-notification.handler.js.map +1 -0
package/src/transport/mcp-handlers/subscribe-request.handler.d.ts +37 -0
package/src/transport/mcp-handlers/subscribe-request.handler.js +34 -0
package/src/transport/mcp-handlers/subscribe-request.handler.js.map +1 -0
package/src/transport/mcp-handlers/unsubscribe-request.handler.d.ts +37 -0
package/src/transport/mcp-handlers/unsubscribe-request.handler.js +34 -0
package/src/transport/mcp-handlers/unsubscribe-request.handler.js.map +1 -0
package/src/transport/transport.local.js +7 -2
package/src/transport/transport.local.js.map +1 -1
package/src/transport/transport.registry.d.ts +30 -0
package/src/transport/transport.registry.js +84 -1
package/src/transport/transport.registry.js.map +1 -1
package/src/transport/transport.types.d.ts +3 -3
package/src/transport/transport.types.js.map +1 -1
package/src/utils/content.utils.d.ts +48 -0
package/src/utils/content.utils.js +194 -0
package/src/utils/content.utils.js.map +1 -0
package/src/utils/index.d.ts +8 -0
package/src/utils/index.js +55 -0
package/src/utils/index.js.map +1 -0
package/src/utils/lineage.utils.d.ts +40 -0
package/src/utils/lineage.utils.js +82 -0
package/src/utils/lineage.utils.js.map +1 -0
package/src/utils/naming.utils.d.ts +46 -0
package/src/utils/naming.utils.js +136 -0
package/src/utils/naming.utils.js.map +1 -0
package/src/utils/types.utils.d.ts +2 -2
package/src/utils/types.utils.js.map +1 -1
package/src/utils/uri-template.utils.d.ts +57 -0
package/src/utils/uri-template.utils.js +113 -0
package/src/utils/uri-template.utils.js.map +1 -0
package/src/utils/uri-validation.utils.d.ts +40 -0
package/src/utils/uri-validation.utils.js +76 -0
package/src/utils/uri-validation.utils.js.map +1 -0
package/src/__test-utils__/fixtures/hook.fixtures.d.ts +0 -46
package/src/__test-utils__/fixtures/hook.fixtures.js +0 -114
package/src/__test-utils__/fixtures/hook.fixtures.js.map +0 -1
package/src/__test-utils__/fixtures/index.d.ts +0 -7
package/src/__test-utils__/fixtures/index.js +0 -11
package/src/__test-utils__/fixtures/index.js.map +0 -1
package/src/__test-utils__/fixtures/plugin.fixtures.d.ts +0 -46
package/src/__test-utils__/fixtures/plugin.fixtures.js +0 -127
package/src/__test-utils__/fixtures/plugin.fixtures.js.map +0 -1
package/src/__test-utils__/fixtures/provider.fixtures.d.ts +0 -69
package/src/__test-utils__/fixtures/provider.fixtures.js +0 -131
package/src/__test-utils__/fixtures/provider.fixtures.js.map +0 -1
package/src/__test-utils__/fixtures/scope.fixtures.d.ts +0 -14
package/src/__test-utils__/fixtures/scope.fixtures.js +0 -59
package/src/__test-utils__/fixtures/scope.fixtures.js.map +0 -1
package/src/__test-utils__/fixtures/tool.fixtures.d.ts +0 -36
package/src/__test-utils__/fixtures/tool.fixtures.js +0 -91
package/src/__test-utils__/fixtures/tool.fixtures.js.map +0 -1
package/src/__test-utils__/helpers/assertion.helpers.d.ts +0 -45
package/src/__test-utils__/helpers/assertion.helpers.js +0 -153
package/src/__test-utils__/helpers/assertion.helpers.js.map +0 -1
package/src/__test-utils__/helpers/async.helpers.d.ts +0 -48
package/src/__test-utils__/helpers/async.helpers.js +0 -112
package/src/__test-utils__/helpers/async.helpers.js.map +0 -1
package/src/__test-utils__/helpers/index.d.ts +0 -6
package/src/__test-utils__/helpers/index.js +0 -10
package/src/__test-utils__/helpers/index.js.map +0 -1
package/src/__test-utils__/helpers/setup.helpers.d.ts +0 -54
package/src/__test-utils__/helpers/setup.helpers.js +0 -106
package/src/__test-utils__/helpers/setup.helpers.js.map +0 -1
package/src/__test-utils__/index.d.ts +0 -9
package/src/__test-utils__/index.js +0 -14
package/src/__test-utils__/index.js.map +0 -1
package/src/__test-utils__/mocks/flow-instance.mock.d.ts +0 -50
package/src/__test-utils__/mocks/flow-instance.mock.js +0 -72
package/src/__test-utils__/mocks/flow-instance.mock.js.map +0 -1
package/src/__test-utils__/mocks/hook-registry.mock.d.ts +0 -25
package/src/__test-utils__/mocks/hook-registry.mock.js +0 -65
package/src/__test-utils__/mocks/hook-registry.mock.js.map +0 -1
package/src/__test-utils__/mocks/index.d.ts +0 -8
package/src/__test-utils__/mocks/index.js +0 -12
package/src/__test-utils__/mocks/index.js.map +0 -1
package/src/__test-utils__/mocks/plugin-registry.mock.d.ts +0 -43
package/src/__test-utils__/mocks/plugin-registry.mock.js +0 -70
package/src/__test-utils__/mocks/plugin-registry.mock.js.map +0 -1
package/src/__test-utils__/mocks/provider-registry.mock.d.ts +0 -39
package/src/__test-utils__/mocks/provider-registry.mock.js +0 -72
package/src/__test-utils__/mocks/provider-registry.mock.js.map +0 -1
package/src/__test-utils__/mocks/tool-registry.mock.d.ts +0 -43
package/src/__test-utils__/mocks/tool-registry.mock.js +0 -79
package/src/__test-utils__/mocks/tool-registry.mock.js.map +0 -1
package/src/auth/path.utils.d.ts +0 -20
package/src/auth/path.utils.js +0 -71
package/src/auth/path.utils.js.map +0 -1
package/src/common/decorators-old/async-with.decorator.d.ts +0 -10
package/src/common/decorators-old/async-with.decorator.js +0 -24
package/src/common/decorators-old/async-with.decorator.js.map +0 -1
package/src/common/decorators-old/auth-hook.decorator.d.ts +0 -14
package/src/common/decorators-old/auth-hook.decorator.js +0 -27
package/src/common/decorators-old/auth-hook.decorator.js.map +0 -1
package/src/common/decorators-old/session-hook.decorator.d.ts +0 -14
package/src/common/decorators-old/session-hook.decorator.js +0 -27
package/src/common/decorators-old/session-hook.decorator.js.map +0 -1

package/src/auth/session/authorization-vault.d.ts ADDED Viewed

@@ -0,0 +1,611 @@
+/**
+ * Authorization Vault
+ *
+ * Secure storage for stateful authorization sessions.
+ * Stores provider tokens, consent selections, and session metadata.
+ *
+ * Supports multiple credential types:
+ * - OAuth tokens (access_token, refresh_token, scopes)
+ * - API Keys (key value, header name)
+ * - Basic Auth (username, password)
+ * - Private Keys (PEM/JWK format for signing)
+ * - Custom credentials (extensible)
+ *
+ * In stateful mode:
+ * - Access token is a non-rotatable key to this vault
+ * - All sensitive data stored server-side
+ * - Supports incremental authorization via links
+ *
+ * In stateless mode:
+ * - No vault used, all data in JWT claims
+ * - No incremental authorization support
+ */
+import { z } from 'zod';
+/**
+ * Supported credential types for app authentication
+ */
+export declare const credentialTypeSchema: z.ZodEnum<{
+    custom: "custom";
+    oauth: "oauth";
+    api_key: "api_key";
+    basic: "basic";
+    bearer: "bearer";
+    private_key: "private_key";
+    mtls: "mtls";
+}>;
+export type CredentialType = z.infer<typeof credentialTypeSchema>;
+/**
+ * OAuth credential - standard OAuth 2.0 tokens
+ */
+export declare const oauthCredentialSchema: z.ZodObject<{
+    type: z.ZodLiteral<"oauth">;
+    accessToken: z.ZodString;
+    refreshToken: z.ZodOptional<z.ZodString>;
+    tokenType: z.ZodDefault<z.ZodString>;
+    expiresAt: z.ZodOptional<z.ZodNumber>;
+    scopes: z.ZodDefault<z.ZodArray<z.ZodString>>;
+    idToken: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>;
+/**
+ * API Key credential - sent in header or query param
+ */
+export declare const apiKeyCredentialSchema: z.ZodObject<{
+    type: z.ZodLiteral<"api_key">;
+    key: z.ZodString;
+    headerName: z.ZodDefault<z.ZodString>;
+    headerPrefix: z.ZodOptional<z.ZodString>;
+    queryParam: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>;
+/**
+ * Basic Auth credential - username and password
+ */
+export declare const basicAuthCredentialSchema: z.ZodObject<{
+    type: z.ZodLiteral<"basic">;
+    username: z.ZodString;
+    password: z.ZodString;
+    encodedValue: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>;
+/**
+ * Bearer token credential - static bearer token
+ */
+export declare const bearerCredentialSchema: z.ZodObject<{
+    type: z.ZodLiteral<"bearer">;
+    token: z.ZodString;
+    expiresAt: z.ZodOptional<z.ZodNumber>;
+}, z.core.$strip>;
+/**
+ * Private key credential - for JWT signing or request signing
+ */
+export declare const privateKeyCredentialSchema: z.ZodObject<{
+    type: z.ZodLiteral<"private_key">;
+    format: z.ZodEnum<{
+        pem: "pem";
+        jwk: "jwk";
+        pkcs8: "pkcs8";
+        pkcs12: "pkcs12";
+    }>;
+    keyData: z.ZodString;
+    keyId: z.ZodOptional<z.ZodString>;
+    algorithm: z.ZodOptional<z.ZodString>;
+    passphrase: z.ZodOptional<z.ZodString>;
+    certificate: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>;
+/**
+ * mTLS credential - client certificate for mutual TLS
+ */
+export declare const mtlsCredentialSchema: z.ZodObject<{
+    type: z.ZodLiteral<"mtls">;
+    certificate: z.ZodString;
+    privateKey: z.ZodString;
+    passphrase: z.ZodOptional<z.ZodString>;
+    caCertificate: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>;
+/**
+ * Custom credential - extensible for app-specific auth
+ */
+export declare const customCredentialSchema: z.ZodObject<{
+    type: z.ZodLiteral<"custom">;
+    customType: z.ZodString;
+    data: z.ZodRecord<z.ZodString, z.ZodUnknown>;
+    headers: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
+}, z.core.$strip>;
+/**
+ * Union of all credential types
+ */
+export declare const credentialSchema: z.ZodDiscriminatedUnion<[z.ZodObject<{
+    type: z.ZodLiteral<"oauth">;
+    accessToken: z.ZodString;
+    refreshToken: z.ZodOptional<z.ZodString>;
+    tokenType: z.ZodDefault<z.ZodString>;
+    expiresAt: z.ZodOptional<z.ZodNumber>;
+    scopes: z.ZodDefault<z.ZodArray<z.ZodString>>;
+    idToken: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>, z.ZodObject<{
+    type: z.ZodLiteral<"api_key">;
+    key: z.ZodString;
+    headerName: z.ZodDefault<z.ZodString>;
+    headerPrefix: z.ZodOptional<z.ZodString>;
+    queryParam: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>, z.ZodObject<{
+    type: z.ZodLiteral<"basic">;
+    username: z.ZodString;
+    password: z.ZodString;
+    encodedValue: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>, z.ZodObject<{
+    type: z.ZodLiteral<"bearer">;
+    token: z.ZodString;
+    expiresAt: z.ZodOptional<z.ZodNumber>;
+}, z.core.$strip>, z.ZodObject<{
+    type: z.ZodLiteral<"private_key">;
+    format: z.ZodEnum<{
+        pem: "pem";
+        jwk: "jwk";
+        pkcs8: "pkcs8";
+        pkcs12: "pkcs12";
+    }>;
+    keyData: z.ZodString;
+    keyId: z.ZodOptional<z.ZodString>;
+    algorithm: z.ZodOptional<z.ZodString>;
+    passphrase: z.ZodOptional<z.ZodString>;
+    certificate: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>, z.ZodObject<{
+    type: z.ZodLiteral<"mtls">;
+    certificate: z.ZodString;
+    privateKey: z.ZodString;
+    passphrase: z.ZodOptional<z.ZodString>;
+    caCertificate: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>, z.ZodObject<{
+    type: z.ZodLiteral<"custom">;
+    customType: z.ZodString;
+    data: z.ZodRecord<z.ZodString, z.ZodUnknown>;
+    headers: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
+}, z.core.$strip>], "type">;
+export type OAuthCredential = z.infer<typeof oauthCredentialSchema>;
+export type ApiKeyCredential = z.infer<typeof apiKeyCredentialSchema>;
+export type BasicAuthCredential = z.infer<typeof basicAuthCredentialSchema>;
+export type BearerCredential = z.infer<typeof bearerCredentialSchema>;
+export type PrivateKeyCredential = z.infer<typeof privateKeyCredentialSchema>;
+export type MtlsCredential = z.infer<typeof mtlsCredentialSchema>;
+export type CustomCredential = z.infer<typeof customCredentialSchema>;
+export type Credential = z.infer<typeof credentialSchema>;
+/**
+ * Credential stored for an app in the vault
+ */
+export declare const appCredentialSchema: z.ZodObject<{
+    appId: z.ZodString;
+    providerId: z.ZodString;
+    credential: z.ZodDiscriminatedUnion<[z.ZodObject<{
+        type: z.ZodLiteral<"oauth">;
+        accessToken: z.ZodString;
+        refreshToken: z.ZodOptional<z.ZodString>;
+        tokenType: z.ZodDefault<z.ZodString>;
+        expiresAt: z.ZodOptional<z.ZodNumber>;
+        scopes: z.ZodDefault<z.ZodArray<z.ZodString>>;
+        idToken: z.ZodOptional<z.ZodString>;
+    }, z.core.$strip>, z.ZodObject<{
+        type: z.ZodLiteral<"api_key">;
+        key: z.ZodString;
+        headerName: z.ZodDefault<z.ZodString>;
+        headerPrefix: z.ZodOptional<z.ZodString>;
+        queryParam: z.ZodOptional<z.ZodString>;
+    }, z.core.$strip>, z.ZodObject<{
+        type: z.ZodLiteral<"basic">;
+        username: z.ZodString;
+        password: z.ZodString;
+        encodedValue: z.ZodOptional<z.ZodString>;
+    }, z.core.$strip>, z.ZodObject<{
+        type: z.ZodLiteral<"bearer">;
+        token: z.ZodString;
+        expiresAt: z.ZodOptional<z.ZodNumber>;
+    }, z.core.$strip>, z.ZodObject<{
+        type: z.ZodLiteral<"private_key">;
+        format: z.ZodEnum<{
+            pem: "pem";
+            jwk: "jwk";
+            pkcs8: "pkcs8";
+            pkcs12: "pkcs12";
+        }>;
+        keyData: z.ZodString;
+        keyId: z.ZodOptional<z.ZodString>;
+        algorithm: z.ZodOptional<z.ZodString>;
+        passphrase: z.ZodOptional<z.ZodString>;
+        certificate: z.ZodOptional<z.ZodString>;
+    }, z.core.$strip>, z.ZodObject<{
+        type: z.ZodLiteral<"mtls">;
+        certificate: z.ZodString;
+        privateKey: z.ZodString;
+        passphrase: z.ZodOptional<z.ZodString>;
+        caCertificate: z.ZodOptional<z.ZodString>;
+    }, z.core.$strip>, z.ZodObject<{
+        type: z.ZodLiteral<"custom">;
+        customType: z.ZodString;
+        data: z.ZodRecord<z.ZodString, z.ZodUnknown>;
+        headers: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
+    }, z.core.$strip>], "type">;
+    acquiredAt: z.ZodNumber;
+    lastUsedAt: z.ZodOptional<z.ZodNumber>;
+    expiresAt: z.ZodOptional<z.ZodNumber>;
+    isValid: z.ZodDefault<z.ZodBoolean>;
+    invalidReason: z.ZodOptional<z.ZodString>;
+    userInfo: z.ZodOptional<z.ZodObject<{
+        sub: z.ZodOptional<z.ZodString>;
+        email: z.ZodOptional<z.ZodString>;
+        name: z.ZodOptional<z.ZodString>;
+    }, z.core.$strip>>;
+    metadata: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+}, z.core.$strip>;
+export type AppCredential = z.infer<typeof appCredentialSchema>;
+/**
+ * Consent record stored in vault
+ */
+export declare const vaultConsentRecordSchema: z.ZodObject<{
+    enabled: z.ZodBoolean;
+    selectedToolIds: z.ZodArray<z.ZodString>;
+    availableToolIds: z.ZodArray<z.ZodString>;
+    consentedAt: z.ZodNumber;
+    version: z.ZodDefault<z.ZodString>;
+}, z.core.$strip>;
+/**
+ * Federated login record stored in vault
+ */
+export declare const vaultFederatedRecordSchema: z.ZodObject<{
+    selectedProviderIds: z.ZodArray<z.ZodString>;
+    skippedProviderIds: z.ZodArray<z.ZodString>;
+    primaryProviderId: z.ZodOptional<z.ZodString>;
+    completedAt: z.ZodNumber;
+}, z.core.$strip>;
+/**
+ * Pending incremental authorization request
+ */
+export declare const pendingIncrementalAuthSchema: z.ZodObject<{
+    id: z.ZodString;
+    appId: z.ZodString;
+    toolId: z.ZodOptional<z.ZodString>;
+    authUrl: z.ZodString;
+    requiredScopes: z.ZodOptional<z.ZodArray<z.ZodString>>;
+    elicitId: z.ZodOptional<z.ZodString>;
+    createdAt: z.ZodNumber;
+    expiresAt: z.ZodNumber;
+    status: z.ZodEnum<{
+        pending: "pending";
+        completed: "completed";
+        cancelled: "cancelled";
+        expired: "expired";
+    }>;
+}, z.core.$strip>;
+/**
+ * Authorization vault entry (the full session state)
+ */
+export declare const authorizationVaultEntrySchema: z.ZodObject<{
+    id: z.ZodString;
+    userSub: z.ZodString;
+    userEmail: z.ZodOptional<z.ZodString>;
+    userName: z.ZodOptional<z.ZodString>;
+    clientId: z.ZodString;
+    createdAt: z.ZodNumber;
+    lastAccessAt: z.ZodNumber;
+    appCredentials: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodObject<{
+        appId: z.ZodString;
+        providerId: z.ZodString;
+        credential: z.ZodDiscriminatedUnion<[z.ZodObject<{
+            type: z.ZodLiteral<"oauth">;
+            accessToken: z.ZodString;
+            refreshToken: z.ZodOptional<z.ZodString>;
+            tokenType: z.ZodDefault<z.ZodString>;
+            expiresAt: z.ZodOptional<z.ZodNumber>;
+            scopes: z.ZodDefault<z.ZodArray<z.ZodString>>;
+            idToken: z.ZodOptional<z.ZodString>;
+        }, z.core.$strip>, z.ZodObject<{
+            type: z.ZodLiteral<"api_key">;
+            key: z.ZodString;
+            headerName: z.ZodDefault<z.ZodString>;
+            headerPrefix: z.ZodOptional<z.ZodString>;
+            queryParam: z.ZodOptional<z.ZodString>;
+        }, z.core.$strip>, z.ZodObject<{
+            type: z.ZodLiteral<"basic">;
+            username: z.ZodString;
+            password: z.ZodString;
+            encodedValue: z.ZodOptional<z.ZodString>;
+        }, z.core.$strip>, z.ZodObject<{
+            type: z.ZodLiteral<"bearer">;
+            token: z.ZodString;
+            expiresAt: z.ZodOptional<z.ZodNumber>;
+        }, z.core.$strip>, z.ZodObject<{
+            type: z.ZodLiteral<"private_key">;
+            format: z.ZodEnum<{
+                pem: "pem";
+                jwk: "jwk";
+                pkcs8: "pkcs8";
+                pkcs12: "pkcs12";
+            }>;
+            keyData: z.ZodString;
+            keyId: z.ZodOptional<z.ZodString>;
+            algorithm: z.ZodOptional<z.ZodString>;
+            passphrase: z.ZodOptional<z.ZodString>;
+            certificate: z.ZodOptional<z.ZodString>;
+        }, z.core.$strip>, z.ZodObject<{
+            type: z.ZodLiteral<"mtls">;
+            certificate: z.ZodString;
+            privateKey: z.ZodString;
+            passphrase: z.ZodOptional<z.ZodString>;
+            caCertificate: z.ZodOptional<z.ZodString>;
+        }, z.core.$strip>, z.ZodObject<{
+            type: z.ZodLiteral<"custom">;
+            customType: z.ZodString;
+            data: z.ZodRecord<z.ZodString, z.ZodUnknown>;
+            headers: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
+        }, z.core.$strip>], "type">;
+        acquiredAt: z.ZodNumber;
+        lastUsedAt: z.ZodOptional<z.ZodNumber>;
+        expiresAt: z.ZodOptional<z.ZodNumber>;
+        isValid: z.ZodDefault<z.ZodBoolean>;
+        invalidReason: z.ZodOptional<z.ZodString>;
+        userInfo: z.ZodOptional<z.ZodObject<{
+            sub: z.ZodOptional<z.ZodString>;
+            email: z.ZodOptional<z.ZodString>;
+            name: z.ZodOptional<z.ZodString>;
+        }, z.core.$strip>>;
+        metadata: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+    }, z.core.$strip>>>;
+    consent: z.ZodOptional<z.ZodObject<{
+        enabled: z.ZodBoolean;
+        selectedToolIds: z.ZodArray<z.ZodString>;
+        availableToolIds: z.ZodArray<z.ZodString>;
+        consentedAt: z.ZodNumber;
+        version: z.ZodDefault<z.ZodString>;
+    }, z.core.$strip>>;
+    federated: z.ZodOptional<z.ZodObject<{
+        selectedProviderIds: z.ZodArray<z.ZodString>;
+        skippedProviderIds: z.ZodArray<z.ZodString>;
+        primaryProviderId: z.ZodOptional<z.ZodString>;
+        completedAt: z.ZodNumber;
+    }, z.core.$strip>>;
+    pendingAuths: z.ZodArray<z.ZodObject<{
+        id: z.ZodString;
+        appId: z.ZodString;
+        toolId: z.ZodOptional<z.ZodString>;
+        authUrl: z.ZodString;
+        requiredScopes: z.ZodOptional<z.ZodArray<z.ZodString>>;
+        elicitId: z.ZodOptional<z.ZodString>;
+        createdAt: z.ZodNumber;
+        expiresAt: z.ZodNumber;
+        status: z.ZodEnum<{
+            pending: "pending";
+            completed: "completed";
+            cancelled: "cancelled";
+            expired: "expired";
+        }>;
+    }, z.core.$strip>>;
+    authorizedAppIds: z.ZodArray<z.ZodString>;
+    skippedAppIds: z.ZodArray<z.ZodString>;
+}, z.core.$strip>;
+export type VaultConsentRecord = z.infer<typeof vaultConsentRecordSchema>;
+export type VaultFederatedRecord = z.infer<typeof vaultFederatedRecordSchema>;
+export type PendingIncrementalAuth = z.infer<typeof pendingIncrementalAuthSchema>;
+export type AuthorizationVaultEntry = z.infer<typeof authorizationVaultEntrySchema>;
+export interface AuthorizationVault {
+    /**
+     * Create a new vault entry
+     */
+    create(params: {
+        userSub: string;
+        userEmail?: string;
+        userName?: string;
+        clientId: string;
+        consent?: VaultConsentRecord;
+        federated?: VaultFederatedRecord;
+        authorizedAppIds?: string[];
+        skippedAppIds?: string[];
+    }): Promise<AuthorizationVaultEntry>;
+    /**
+     * Get vault entry by ID
+     */
+    get(id: string): Promise<AuthorizationVaultEntry | null>;
+    /**
+     * Update vault entry
+     */
+    update(id: string, updates: Partial<AuthorizationVaultEntry>): Promise<void>;
+    /**
+     * Delete vault entry
+     */
+    delete(id: string): Promise<void>;
+    /**
+     * Update consent in the vault
+     */
+    updateConsent(vaultId: string, consent: VaultConsentRecord): Promise<void>;
+    /**
+     * Add app to authorized list (for incremental auth)
+     */
+    authorizeApp(vaultId: string, appId: string): Promise<void>;
+    /**
+     * Create a pending incremental auth request
+     */
+    createPendingAuth(vaultId: string, params: {
+        appId: string;
+        toolId?: string;
+        authUrl: string;
+        requiredScopes?: string[];
+        elicitId?: string;
+        ttlMs?: number;
+    }): Promise<PendingIncrementalAuth>;
+    /**
+     * Get pending auth by ID
+     */
+    getPendingAuth(vaultId: string, pendingAuthId: string): Promise<PendingIncrementalAuth | null>;
+    /**
+     * Complete a pending incremental auth
+     */
+    completePendingAuth(vaultId: string, pendingAuthId: string): Promise<void>;
+    /**
+     * Cancel a pending incremental auth
+     */
+    cancelPendingAuth(vaultId: string, pendingAuthId: string): Promise<void>;
+    /**
+     * Check if app is authorized
+     */
+    isAppAuthorized(vaultId: string, appId: string): Promise<boolean>;
+    /**
+     * Get all pending auths for a vault
+     */
+    getPendingAuths(vaultId: string): Promise<PendingIncrementalAuth[]>;
+    /**
+     * Add an app credential to the vault
+     * Only stores if app is authorized AND (consent disabled OR app tools in consent)
+     */
+    addAppCredential(vaultId: string, credential: AppCredential): Promise<void>;
+    /**
+     * Remove an app credential from the vault
+     */
+    removeAppCredential(vaultId: string, appId: string, providerId: string): Promise<void>;
+    /**
+     * Get all credentials for a specific app
+     */
+    getAppCredentials(vaultId: string, appId: string): Promise<AppCredential[]>;
+    /**
+     * Get a specific credential for an app and provider
+     */
+    getCredential(vaultId: string, appId: string, providerId: string): Promise<AppCredential | null>;
+    /**
+     * Get all credentials in the vault (filtered by consent if enabled)
+     * @param filterByConsent If true, only returns credentials for apps with consented tools
+     */
+    getAllCredentials(vaultId: string, filterByConsent?: boolean): Promise<AppCredential[]>;
+    /**
+     * Update credential metadata (last used, validity, etc.)
+     */
+    updateCredential(vaultId: string, appId: string, providerId: string, updates: Partial<Pick<AppCredential, 'lastUsedAt' | 'isValid' | 'invalidReason' | 'expiresAt' | 'metadata'>>): Promise<void>;
+    /**
+     * Check if a credential should be stored based on consent
+     * Returns true if:
+     * - Consent is disabled, OR
+     * - The app has at least one tool in the consent selection
+     */
+    shouldStoreCredential(vaultId: string, appId: string, toolIds?: string[]): Promise<boolean>;
+    /**
+     * Invalidate a credential (mark as invalid without removing)
+     */
+    invalidateCredential(vaultId: string, appId: string, providerId: string, reason: string): Promise<void>;
+    /**
+     * Refresh an OAuth credential (update tokens)
+     */
+    refreshOAuthCredential(vaultId: string, appId: string, providerId: string, tokens: {
+        accessToken: string;
+        refreshToken?: string;
+        expiresAt?: number;
+    }): Promise<void>;
+    /**
+     * Cleanup expired entries and pending auths
+     */
+    cleanup(): Promise<void>;
+}
+/**
+ * In-Memory Authorization Vault
+ *
+ * Development/testing implementation. Data is lost on restart.
+ * For production, use RedisAuthorizationVault.
+ */
+export declare class InMemoryAuthorizationVault implements AuthorizationVault {
+    private vaults;
+    /** Default TTL for pending auth requests (10 minutes) */
+    private readonly pendingAuthTtlMs;
+    create(params: {
+        userSub: string;
+        userEmail?: string;
+        userName?: string;
+        clientId: string;
+        consent?: VaultConsentRecord;
+        federated?: VaultFederatedRecord;
+        authorizedAppIds?: string[];
+        skippedAppIds?: string[];
+    }): Promise<AuthorizationVaultEntry>;
+    get(id: string): Promise<AuthorizationVaultEntry | null>;
+    update(id: string, updates: Partial<AuthorizationVaultEntry>): Promise<void>;
+    delete(id: string): Promise<void>;
+    updateConsent(vaultId: string, consent: VaultConsentRecord): Promise<void>;
+    authorizeApp(vaultId: string, appId: string): Promise<void>;
+    createPendingAuth(vaultId: string, params: {
+        appId: string;
+        toolId?: string;
+        authUrl: string;
+        requiredScopes?: string[];
+        elicitId?: string;
+        ttlMs?: number;
+    }): Promise<PendingIncrementalAuth>;
+    getPendingAuth(vaultId: string, pendingAuthId: string): Promise<PendingIncrementalAuth | null>;
+    completePendingAuth(vaultId: string, pendingAuthId: string): Promise<void>;
+    cancelPendingAuth(vaultId: string, pendingAuthId: string): Promise<void>;
+    isAppAuthorized(vaultId: string, appId: string): Promise<boolean>;
+    getPendingAuths(vaultId: string): Promise<PendingIncrementalAuth[]>;
+    cleanup(): Promise<void>;
+    /** Create a credential key from appId and providerId */
+    private credentialKey;
+    addAppCredential(vaultId: string, credential: AppCredential): Promise<void>;
+    removeAppCredential(vaultId: string, appId: string, providerId: string): Promise<void>;
+    getAppCredentials(vaultId: string, appId: string): Promise<AppCredential[]>;
+    getCredential(vaultId: string, appId: string, providerId: string): Promise<AppCredential | null>;
+    getAllCredentials(vaultId: string, filterByConsent?: boolean): Promise<AppCredential[]>;
+    updateCredential(vaultId: string, appId: string, providerId: string, updates: Partial<Pick<AppCredential, 'lastUsedAt' | 'isValid' | 'invalidReason' | 'expiresAt' | 'metadata'>>): Promise<void>;
+    shouldStoreCredential(vaultId: string, appId: string, toolIds?: string[]): Promise<boolean>;
+    invalidateCredential(vaultId: string, appId: string, providerId: string, reason: string): Promise<void>;
+    refreshOAuthCredential(vaultId: string, appId: string, providerId: string, tokens: {
+        accessToken: string;
+        refreshToken?: string;
+        expiresAt?: number;
+    }): Promise<void>;
+}
+/**
+ * Redis Authorization Vault (placeholder)
+ *
+ * Production implementation using Redis for distributed storage.
+ * TODO: Implement after in-memory vault is validated.
+ */
+export declare class RedisAuthorizationVault implements AuthorizationVault {
+    private readonly redis;
+    private readonly namespace;
+    constructor(redis: any, namespace?: string);
+    private key;
+    /** Create a credential key from appId and providerId */
+    private credentialKey;
+    create(params: {
+        userSub: string;
+        userEmail?: string;
+        userName?: string;
+        clientId: string;
+        consent?: VaultConsentRecord;
+        federated?: VaultFederatedRecord;
+        authorizedAppIds?: string[];
+        skippedAppIds?: string[];
+    }): Promise<AuthorizationVaultEntry>;
+    get(id: string): Promise<AuthorizationVaultEntry | null>;
+    update(id: string, updates: Partial<AuthorizationVaultEntry>): Promise<void>;
+    delete(id: string): Promise<void>;
+    updateConsent(vaultId: string, consent: VaultConsentRecord): Promise<void>;
+    authorizeApp(vaultId: string, appId: string): Promise<void>;
+    createPendingAuth(vaultId: string, params: {
+        appId: string;
+        toolId?: string;
+        authUrl: string;
+        requiredScopes?: string[];
+        elicitId?: string;
+        ttlMs?: number;
+    }): Promise<PendingIncrementalAuth>;
+    getPendingAuth(vaultId: string, pendingAuthId: string): Promise<PendingIncrementalAuth | null>;
+    completePendingAuth(vaultId: string, pendingAuthId: string): Promise<void>;
+    cancelPendingAuth(vaultId: string, pendingAuthId: string): Promise<void>;
+    isAppAuthorized(vaultId: string, appId: string): Promise<boolean>;
+    getPendingAuths(vaultId: string): Promise<PendingIncrementalAuth[]>;
+    cleanup(): Promise<void>;
+    addAppCredential(vaultId: string, credential: AppCredential): Promise<void>;
+    removeAppCredential(vaultId: string, appId: string, providerId: string): Promise<void>;
+    getAppCredentials(vaultId: string, appId: string): Promise<AppCredential[]>;
+    getCredential(vaultId: string, appId: string, providerId: string): Promise<AppCredential | null>;
+    getAllCredentials(vaultId: string, filterByConsent?: boolean): Promise<AppCredential[]>;
+    updateCredential(vaultId: string, appId: string, providerId: string, updates: Partial<Pick<AppCredential, 'lastUsedAt' | 'isValid' | 'invalidReason' | 'expiresAt' | 'metadata'>>): Promise<void>;
+    shouldStoreCredential(vaultId: string, appId: string, toolIds?: string[]): Promise<boolean>;
+    invalidateCredential(vaultId: string, appId: string, providerId: string, reason: string): Promise<void>;
+    refreshOAuthCredential(vaultId: string, appId: string, providerId: string, tokens: {
+        accessToken: string;
+        refreshToken?: string;
+        expiresAt?: number;
+    }): Promise<void>;
+}