@frontmcp/sdk 0.4.0 → 0.5.0

package/src/auth/auth.utils.js.map

@@ -1 +1 @@
-{"version":3,"file":"auth.utils.js","sourceRoot":"","sources":["../../../src/auth/auth.utils.ts"],"names":[],"mappings":";;AAWA,kDAMC;AAED,sCA0DC;AASD,8CAeC;AArGD,qBAAqB;AACrB,sDAAuE;AACvE,sCAMmB;AACnB,4DAAsD;AAEtD,SAAgB,mBAAmB,CAAC,GAAqB;IACvD,OAAO,MAAM,CAAC,OAAO,CAAC,mCAA0B,CAAC,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE;QAClF,OAAO,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE;YAC7B,CAAC,GAAG,CAAC,EAAE,IAAA,4BAAW,EAAC,KAAK,EAAE,GAAG,CAAC;SAC/B,CAAC,CAAC;IACL,CAAC,EAAE,EAA0B,CAAC,CAAC;AACjC,CAAC;AAED,SAAgB,aAAa,CAAC,IAAsB;IAClD,IAAI,IAAA,qBAAO,EAAC,IAAI,CAAC,EAAE,CAAC;QAClB,kCAAkC;QAClC,MAAM,QAAQ,GAAG,mBAAmB,CAAC,IAAI,CAAC,CAAC;QAC3C,OAAO,EAAE,IAAI,EAAE,yBAAgB,CAAC,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;IACzE,CAAC;IACD,IAAI,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QACrC,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,GAAG,QAAQ,EAAE,GAAG,IAAW,CAAC;QAErF,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,GAAI,IAAY,EAAE,IAAI,IAAI,UAAU,CAAC;YAC/C,MAAM,IAAI,KAAK,CAAC,SAAS,IAAI,yBAAyB,CAAC,CAAC;QAC1D,CAAC;QAED,IAAI,QAAQ,EAAE,CAAC;YACb,IAAI,CAAC,IAAA,qBAAO,EAAC,QAAQ,CAAC,EAAE,CAAC;gBACvB,MAAM,IAAI,KAAK,CACb,uBAAuB,IAAA,uBAAS,EAAC,OAAO,CAAC,oBAAoB,CAC9D,CAAC;YACJ,CAAC;YACD,OAAO;gBACL,IAAI,EAAE,yBAAgB,CAAC,KAAK;gBAC5B,OAAO;gBACP,QAAQ;gBACR,QAAQ;aACT,CAAC;QACJ,CAAC;QAED,IAAI,UAAU,EAAE,CAAC;YACf,IAAI,OAAO,UAAU,KAAK,UAAU,EAAE,CAAC;gBACrC,MAAM,IAAI,KAAK,CACb,yBAAyB,IAAA,uBAAS,EAAC,OAAO,CAAC,uBAAuB,CACnE,CAAC;YACJ,CAAC;YACD,MAAM,GAAG,GAAG,OAAO,MAAM,KAAK,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,EAAW,CAAC;YACtE,OAAO;gBACL,IAAI,EAAE,yBAAgB,CAAC,OAAO;gBAC9B,OAAO;gBACP,MAAM,EAAE,GAAG;gBACX,UAAU;gBACV,QAAQ;aACT,CAAC;QACJ,CAAC;QAED,IAAI,UAAU,IAAI,IAAI,EAAE,CAAC;YACvB,OAAO;gBACL,IAAI,EAAE,yBAAgB,CAAC,KAAK;gBAC5B,OAAO;gBACP,QAAQ;gBACR,QAAQ;aACT,CAAC;QACJ,CAAC;IACH,CAAC;IAED,MAAM,IAAI,GAAI,IAAY,EAAE,IAAI,IAAI,MAAM,CAAC,IAAI,CAAC,CAAC;IACjD,MAAM,IAAI,KAAK,CACb,iBAAiB,IAAI,uCAAuC,CAC7D,CAAC;AACJ,CAAC;AAGD;;;;;GAKG;AACH,SAAgB,iBAAiB,CAAC,GAAuB;IACvD,QAAQ,GAAG,CAAC,IAAI,EAAE,CAAC;QACjB,KAAK,yBAAgB,CAAC,KAAK,CAAC;QAC5B,KAAK,yBAAgB,CAAC,OAAO;YAC3B,OAAO,EAAE,CAAC;QAEZ,KAAK,yBAAgB,CAAC,OAAO,CAAC,CAAC,CAAC;YAC9B,OAAO,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;QAC3B,CAAC;QACD,KAAK,yBAAgB,CAAC,KAAK;YACzB,OAAO,IAAA,yBAAW,EAAC,GAAG,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;QAEhD,KAAK,yBAAgB,CAAC,WAAW;YAC/B,OAAO,IAAA,yBAAW,EAAC,GAAG,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;IACjD,CAAC;AACH,CAAC","sourcesContent":["// auth/auth.utils.ts\nimport { depsOfClass, isClass, tokenName } from '../utils/token.utils';\nimport {\n  AuthProviderMetadata,\n  FrontMcpAuthProviderTokens,\n  AuthProviderType,\n  Token,\n  AuthProviderRecord, AuthProviderKind,\n} from '../common';\nimport { getMetadata } from '../utils/metadata.utils';\n\nexport function collectAuthMetadata(cls: AuthProviderType): AuthProviderMetadata {\n  return Object.entries(FrontMcpAuthProviderTokens).reduce((metadata, [key, token]) => {\n    return Object.assign(metadata, {\n      [key]: getMetadata(token, cls),\n    });\n  }, {} as AuthProviderMetadata);\n}\n\nexport function normalizeAuth(item: AuthProviderType): AuthProviderRecord {\n  if (isClass(item)) {\n    // read McpAuthMetadata from class\n    const metadata = collectAuthMetadata(item);\n    return { kind: AuthProviderKind.CLASS_TOKEN, provide: item, metadata };\n  }\n  if (item && typeof item === 'object') {\n    const { provide, useClass, useValue, useFactory, inject, ...metadata } = item as any;\n\n    if (!provide) {\n      const name = (item as any)?.name ?? '[object]';\n      throw new Error(`Auth '${name}' is missing 'provide'.`);\n    }\n\n    if (useClass) {\n      if (!isClass(useClass)) {\n        throw new Error(\n          `'useClass' on auth '${tokenName(provide)}' must be a class.`,\n        );\n      }\n      return {\n        kind: AuthProviderKind.CLASS,\n        provide,\n        useClass,\n        metadata,\n      };\n    }\n\n    if (useFactory) {\n      if (typeof useFactory !== 'function') {\n        throw new Error(\n          `'useFactory' on auth '${tokenName(provide)}' must be a function.`,\n        );\n      }\n      const inj = typeof inject === 'function' ? inject : () => [] as const;\n      return {\n        kind: AuthProviderKind.FACTORY,\n        provide,\n        inject: inj,\n        useFactory,\n        metadata,\n      };\n    }\n\n    if ('useValue' in item) {\n      return {\n        kind: AuthProviderKind.VALUE,\n        provide,\n        useValue,\n        metadata,\n      };\n    }\n  }\n\n  const name = (item as any)?.name ?? String(item);\n  throw new Error(\n    `Invalid auth '${name}'. Expected a class or a auth object.`,\n  );\n}\n\n\n/**\n * For graph/cycle detection. Returns dependency tokens that should be graphed.\n * - VALUE: no deps\n * - FACTORY: only includes deps that are registered (others will be resolved)\n * - CLASS / CLASS_TOKEN: deps come from the class constructor or static with(...)\n */\nexport function authDiscoveryDeps(rec: AuthProviderRecord): Token[] {\n  switch (rec.kind) {\n    case AuthProviderKind.VALUE:\n    case AuthProviderKind.PRIMARY:\n      return [];\n\n    case AuthProviderKind.FACTORY: {\n      return [...rec.inject()];\n    }\n    case AuthProviderKind.CLASS:\n      return depsOfClass(rec.useClass, 'discovery');\n\n    case AuthProviderKind.CLASS_TOKEN:\n      return depsOfClass(rec.provide, 'discovery');\n  }\n}\n"]}
+{"version":3,"file":"auth.utils.js","sourceRoot":"","sources":["../../../src/auth/auth.utils.ts"],"names":[],"mappings":";;AAWA,kDAMC;AAED,sCAoDC;AAQD,8CAeC;AA9FD,qBAAqB;AACrB,oCAAwE;AACxE,sCAOmB;AAEnB,SAAgB,mBAAmB,CAAC,GAAqB;IACvD,OAAO,MAAM,CAAC,OAAO,CAAC,mCAA0B,CAAC,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE;QAClF,OAAO,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE;YAC7B,CAAC,GAAG,CAAC,EAAE,IAAA,mBAAW,EAAC,KAAK,EAAE,GAAG,CAAC;SAC/B,CAAC,CAAC;IACL,CAAC,EAAE,EAA0B,CAAC,CAAC;AACjC,CAAC;AAED,SAAgB,aAAa,CAAC,IAAsB;IAClD,IAAI,IAAA,eAAO,EAAC,IAAI,CAAC,EAAE,CAAC;QAClB,kCAAkC;QAClC,MAAM,QAAQ,GAAG,mBAAmB,CAAC,IAAI,CAAC,CAAC;QAC3C,OAAO,EAAE,IAAI,EAAE,yBAAgB,CAAC,WAAW,EAAE,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;IACzE,CAAC;IACD,IAAI,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QACrC,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,GAAG,QAAQ,EAAE,GAAG,IAAW,CAAC;QAErF,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,GAAI,IAAY,EAAE,IAAI,IAAI,UAAU,CAAC;YAC/C,MAAM,IAAI,KAAK,CAAC,SAAS,IAAI,yBAAyB,CAAC,CAAC;QAC1D,CAAC;QAED,IAAI,QAAQ,EAAE,CAAC;YACb,IAAI,CAAC,IAAA,eAAO,EAAC,QAAQ,CAAC,EAAE,CAAC;gBACvB,MAAM,IAAI,KAAK,CAAC,uBAAuB,IAAA,iBAAS,EAAC,OAAO,CAAC,oBAAoB,CAAC,CAAC;YACjF,CAAC;YACD,OAAO;gBACL,IAAI,EAAE,yBAAgB,CAAC,KAAK;gBAC5B,OAAO;gBACP,QAAQ;gBACR,QAAQ;aACT,CAAC;QACJ,CAAC;QAED,IAAI,UAAU,EAAE,CAAC;YACf,IAAI,OAAO,UAAU,KAAK,UAAU,EAAE,CAAC;gBACrC,MAAM,IAAI,KAAK,CAAC,yBAAyB,IAAA,iBAAS,EAAC,OAAO,CAAC,uBAAuB,CAAC,CAAC;YACtF,CAAC;YACD,MAAM,GAAG,GAAG,OAAO,MAAM,KAAK,UAAU,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,EAAW,CAAC;YACtE,OAAO;gBACL,IAAI,EAAE,yBAAgB,CAAC,OAAO;gBAC9B,OAAO;gBACP,MAAM,EAAE,GAAG;gBACX,UAAU;gBACV,QAAQ;aACT,CAAC;QACJ,CAAC;QAED,IAAI,UAAU,IAAI,IAAI,EAAE,CAAC;YACvB,OAAO;gBACL,IAAI,EAAE,yBAAgB,CAAC,KAAK;gBAC5B,OAAO;gBACP,QAAQ;gBACR,QAAQ;aACT,CAAC;QACJ,CAAC;IACH,CAAC;IAED,MAAM,IAAI,GAAI,IAAY,EAAE,IAAI,IAAI,MAAM,CAAC,IAAI,CAAC,CAAC;IACjD,MAAM,IAAI,KAAK,CAAC,iBAAiB,IAAI,uCAAuC,CAAC,CAAC;AAChF,CAAC;AAED;;;;;GAKG;AACH,SAAgB,iBAAiB,CAAC,GAAuB;IACvD,QAAQ,GAAG,CAAC,IAAI,EAAE,CAAC;QACjB,KAAK,yBAAgB,CAAC,KAAK,CAAC;QAC5B,KAAK,yBAAgB,CAAC,OAAO;YAC3B,OAAO,EAAE,CAAC;QAEZ,KAAK,yBAAgB,CAAC,OAAO,CAAC,CAAC,CAAC;YAC9B,OAAO,CAAC,GAAG,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;QAC3B,CAAC;QACD,KAAK,yBAAgB,CAAC,KAAK;YACzB,OAAO,IAAA,mBAAW,EAAC,GAAG,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;QAEhD,KAAK,yBAAgB,CAAC,WAAW;YAC/B,OAAO,IAAA,mBAAW,EAAC,GAAG,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC;IACjD,CAAC;AACH,CAAC","sourcesContent":["// auth/auth.utils.ts\nimport { depsOfClass, isClass, tokenName, getMetadata } from '../utils';\nimport {\n  AuthProviderMetadata,\n  FrontMcpAuthProviderTokens,\n  AuthProviderType,\n  Token,\n  AuthProviderRecord,\n  AuthProviderKind,\n} from '../common';\n\nexport function collectAuthMetadata(cls: AuthProviderType): AuthProviderMetadata {\n  return Object.entries(FrontMcpAuthProviderTokens).reduce((metadata, [key, token]) => {\n    return Object.assign(metadata, {\n      [key]: getMetadata(token, cls),\n    });\n  }, {} as AuthProviderMetadata);\n}\n\nexport function normalizeAuth(item: AuthProviderType): AuthProviderRecord {\n  if (isClass(item)) {\n    // read McpAuthMetadata from class\n    const metadata = collectAuthMetadata(item);\n    return { kind: AuthProviderKind.CLASS_TOKEN, provide: item, metadata };\n  }\n  if (item && typeof item === 'object') {\n    const { provide, useClass, useValue, useFactory, inject, ...metadata } = item as any;\n\n    if (!provide) {\n      const name = (item as any)?.name ?? '[object]';\n      throw new Error(`Auth '${name}' is missing 'provide'.`);\n    }\n\n    if (useClass) {\n      if (!isClass(useClass)) {\n        throw new Error(`'useClass' on auth '${tokenName(provide)}' must be a class.`);\n      }\n      return {\n        kind: AuthProviderKind.CLASS,\n        provide,\n        useClass,\n        metadata,\n      };\n    }\n\n    if (useFactory) {\n      if (typeof useFactory !== 'function') {\n        throw new Error(`'useFactory' on auth '${tokenName(provide)}' must be a function.`);\n      }\n      const inj = typeof inject === 'function' ? inject : () => [] as const;\n      return {\n        kind: AuthProviderKind.FACTORY,\n        provide,\n        inject: inj,\n        useFactory,\n        metadata,\n      };\n    }\n\n    if ('useValue' in item) {\n      return {\n        kind: AuthProviderKind.VALUE,\n        provide,\n        useValue,\n        metadata,\n      };\n    }\n  }\n\n  const name = (item as any)?.name ?? String(item);\n  throw new Error(`Invalid auth '${name}'. Expected a class or a auth object.`);\n}\n\n/**\n * For graph/cycle detection. Returns dependency tokens that should be graphed.\n * - VALUE: no deps\n * - FACTORY: only includes deps that are registered (others will be resolved)\n * - CLASS / CLASS_TOKEN: deps come from the class constructor or static with(...)\n */\nexport function authDiscoveryDeps(rec: AuthProviderRecord): Token[] {\n  switch (rec.kind) {\n    case AuthProviderKind.VALUE:\n    case AuthProviderKind.PRIMARY:\n      return [];\n\n    case AuthProviderKind.FACTORY: {\n      return [...rec.inject()];\n    }\n    case AuthProviderKind.CLASS:\n      return depsOfClass(rec.useClass, 'discovery');\n\n    case AuthProviderKind.CLASS_TOKEN:\n      return depsOfClass(rec.provide, 'discovery');\n  }\n}\n"]}

package/src/auth/authorization/authorization.class.d.ts

@@ -0,0 +1,125 @@
+import { Authorization, AuthorizationCreateCtx, AuthorizedPrompt, AuthorizedTool, AuthUser, LLMSafeAuthContext } from './authorization.types';
+import { TransportSession, TransportProtocol } from '../session';
+import { ProviderSnapshot } from '../session/session.types';
+import { AuthMode } from '../../common';
+/**
+ * Get the current machine ID
+ */
+export declare function getMachineId(): string;
+/**
+ * Base Authorization class - represents authenticated user context
+ * Subclasses implement mode-specific behavior (Public, Transparent, Orchestrated)
+ */
+export declare abstract class AuthorizationBase implements Authorization {
+    #private;
+    readonly id: string;
+    abstract readonly mode: AuthMode;
+    readonly isAnonymous: boolean;
+    readonly user: AuthUser;
+    readonly claims?: Record<string, unknown>;
+    readonly expiresAt?: number;
+    readonly scopes: string[];
+    readonly authorizedProviders: Record<string, ProviderSnapshot>;
+    readonly authorizedProviderIds: string[];
+    readonly authorizedApps: Record<string, {
+        id: string;
+        toolIds: string[];
+    }>;
+    readonly authorizedAppIds: string[];
+    readonly authorizedTools: Record<string, AuthorizedTool>;
+    readonly authorizedToolIds: string[];
+    readonly authorizedPrompts: Record<string, AuthorizedPrompt>;
+    readonly authorizedPromptIds: string[];
+    readonly authorizedResources: string[];
+    /** The original bearer token (for transparent mode) */
+    protected readonly token?: string;
+    /** Creation timestamp */
+    readonly createdAt: number;
+    protected constructor(ctx: AuthorizationCreateCtx);
+    /**
+     * Create a new transport session for this authorization
+     * @param protocol - Transport protocol (sse, streamable-http, etc.)
+     * @param fingerprint - Optional client fingerprint for tracking
+     */
+    createTransportSession(protocol: TransportProtocol, fingerprint?: string): TransportSession;
+    /**
+     * Get existing transport session by ID
+     */
+    getTransportSession(sessionId: string): TransportSession | undefined;
+    /**
+     * Get all active transport sessions
+     */
+    getAllSessions(): TransportSession[];
+    /**
+     * Remove a transport session
+     */
+    removeTransportSession(sessionId: string): boolean;
+    /**
+     * Get count of active sessions
+     */
+    get sessionCount(): number;
+    /**
+     * Abstract: Get access token for a provider
+     * Implementation varies by mode:
+     * - Public: throws (no tokens)
+     * - Transparent: returns the original bearer token
+     * - Orchestrated: retrieves from vault/store
+     */
+    abstract getToken(providerId?: string): Promise<string>;
+    /**
+     * Check if a scope is granted
+     */
+    hasScope(scope: string): boolean;
+    /**
+     * Check if all scopes are granted
+     */
+    hasAllScopes(scopes: string[]): boolean;
+    /**
+     * Check if any scope is granted
+     */
+    hasAnyScope(scopes: string[]): boolean;
+    /**
+     * Check if a tool is authorized
+     */
+    canAccessTool(toolId: string): boolean;
+    /**
+     * Check if a prompt is authorized
+     */
+    canAccessPrompt(promptId: string): boolean;
+    /**
+     * Check if an app is authorized.
+     * Used for progressive authorization to determine if tools from this app can be executed.
+     * @param appId - App ID to check
+     */
+    isAppAuthorized(appId: string): boolean;
+    /**
+     * Build URL for progressive/incremental authorization.
+     * Used when a tool requires authorization for an app that was skipped during initial auth.
+     * @param appId - App ID that requires authorization
+     * @param baseUrl - Base URL of the server
+     */
+    getProgressiveAuthUrl(appId: string, baseUrl: string): string;
+    /**
+     * Check if the authorization is expired
+     */
+    isExpired(): boolean;
+    /**
+     * Get time until expiration in milliseconds
+     * Returns undefined if no expiration, negative if expired
+     */
+    getTimeToExpiry(): number | undefined;
+    /**
+     * Convert a transport session to encrypted session JWT
+     * This is what gets sent in the Mcp-Session-Id header
+     */
+    toSessionJwt(session: TransportSession): string;
+    /**
+     * Convert to LLM-safe context (no tokens exposed)
+     */
+    toLLMSafeContext(session: TransportSession): LLMSafeAuthContext;
+    /**
+     * Validate that no tokens are leaked in data
+     * Throws if JWT pattern detected
+     */
+    static validateNoTokenLeakage(data: unknown): void;
+}

package/src/auth/authorization/authorization.class.js

@@ -0,0 +1,224 @@
+"use strict";
+// auth/authorization/authorization.class.ts
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AuthorizationBase = void 0;
+exports.getMachineId = getMachineId;
+const crypto_1 = require("crypto");
+const session_id_utils_1 = require("../session/utils/session-id.utils");
+// Single-process machine id generated at server launch
+const MACHINE_ID = (() => {
+    return process.env['MACHINE_ID'] || (0, crypto_1.randomUUID)();
+})();
+/**
+ * Get the current machine ID
+ */
+function getMachineId() {
+    return MACHINE_ID;
+}
+/**
+ * Base Authorization class - represents authenticated user context
+ * Subclasses implement mode-specific behavior (Public, Transparent, Orchestrated)
+ */
+class AuthorizationBase {
+    id;
+    isAnonymous;
+    user;
+    claims;
+    expiresAt;
+    scopes;
+    authorizedProviders;
+    authorizedProviderIds;
+    authorizedApps;
+    authorizedAppIds;
+    authorizedTools;
+    authorizedToolIds;
+    authorizedPrompts;
+    authorizedPromptIds;
+    authorizedResources;
+    /** The original bearer token (for transparent mode) */
+    token;
+    /** Active transport sessions for this authorization */
+    #sessions = new Map();
+    /** Creation timestamp */
+    createdAt;
+    constructor(ctx) {
+        this.id = ctx.id;
+        this.isAnonymous = ctx.isAnonymous;
+        this.user = ctx.user;
+        this.claims = ctx.claims;
+        this.expiresAt = ctx.expiresAt;
+        this.scopes = ctx.scopes ?? [];
+        this.token = ctx.token;
+        this.createdAt = Date.now();
+        // Initialize authorization projections
+        this.authorizedProviders = ctx.authorizedProviders ?? {};
+        this.authorizedProviderIds = ctx.authorizedProviderIds ?? Object.keys(this.authorizedProviders);
+        this.authorizedApps = ctx.authorizedApps ?? {};
+        this.authorizedAppIds = ctx.authorizedAppIds ?? Object.keys(this.authorizedApps);
+        this.authorizedTools = ctx.authorizedTools ?? {};
+        this.authorizedToolIds = ctx.authorizedToolIds ?? Object.keys(this.authorizedTools);
+        this.authorizedPrompts = ctx.authorizedPrompts ?? {};
+        this.authorizedPromptIds = ctx.authorizedPromptIds ?? Object.keys(this.authorizedPrompts);
+        this.authorizedResources = ctx.authorizedResources ?? [];
+    }
+    /**
+     * Create a new transport session for this authorization
+     * @param protocol - Transport protocol (sse, streamable-http, etc.)
+     * @param fingerprint - Optional client fingerprint for tracking
+     */
+    createTransportSession(protocol, fingerprint) {
+        const sessionId = (0, crypto_1.randomUUID)();
+        const session = {
+            id: sessionId,
+            authorizationId: this.id,
+            protocol,
+            createdAt: Date.now(),
+            expiresAt: this.expiresAt,
+            nodeId: MACHINE_ID,
+            clientFingerprint: fingerprint,
+        };
+        this.#sessions.set(session.id, session);
+        return session;
+    }
+    /**
+     * Get existing transport session by ID
+     */
+    getTransportSession(sessionId) {
+        return this.#sessions.get(sessionId);
+    }
+    /**
+     * Get all active transport sessions
+     */
+    getAllSessions() {
+        return Array.from(this.#sessions.values());
+    }
+    /**
+     * Remove a transport session
+     */
+    removeTransportSession(sessionId) {
+        return this.#sessions.delete(sessionId);
+    }
+    /**
+     * Get count of active sessions
+     */
+    get sessionCount() {
+        return this.#sessions.size;
+    }
+    /**
+     * Check if a scope is granted
+     */
+    hasScope(scope) {
+        return this.scopes.includes(scope);
+    }
+    /**
+     * Check if all scopes are granted
+     */
+    hasAllScopes(scopes) {
+        return scopes.every((s) => this.scopes.includes(s));
+    }
+    /**
+     * Check if any scope is granted
+     */
+    hasAnyScope(scopes) {
+        return scopes.some((s) => this.scopes.includes(s));
+    }
+    /**
+     * Check if a tool is authorized
+     */
+    canAccessTool(toolId) {
+        return toolId in this.authorizedTools || this.authorizedToolIds.includes(toolId);
+    }
+    /**
+     * Check if a prompt is authorized
+     */
+    canAccessPrompt(promptId) {
+        return promptId in this.authorizedPrompts || this.authorizedPromptIds.includes(promptId);
+    }
+    /**
+     * Check if an app is authorized.
+     * Used for progressive authorization to determine if tools from this app can be executed.
+     * @param appId - App ID to check
+     */
+    isAppAuthorized(appId) {
+        return appId in this.authorizedApps || this.authorizedAppIds.includes(appId);
+    }
+    /**
+     * Build URL for progressive/incremental authorization.
+     * Used when a tool requires authorization for an app that was skipped during initial auth.
+     * @param appId - App ID that requires authorization
+     * @param baseUrl - Base URL of the server
+     */
+    getProgressiveAuthUrl(appId, baseUrl) {
+        return `${baseUrl}/oauth/authorize?app=${encodeURIComponent(appId)}&mode=incremental`;
+    }
+    /**
+     * Check if the authorization is expired
+     */
+    isExpired() {
+        if (!this.expiresAt)
+            return false;
+        return Date.now() > this.expiresAt;
+    }
+    /**
+     * Get time until expiration in milliseconds
+     * Returns undefined if no expiration, negative if expired
+     */
+    getTimeToExpiry() {
+        if (!this.expiresAt)
+            return undefined;
+        return this.expiresAt - Date.now();
+    }
+    /**
+     * Convert a transport session to encrypted session JWT
+     * This is what gets sent in the Mcp-Session-Id header
+     */
+    toSessionJwt(session) {
+        const payload = {
+            sid: session.id,
+            aid: this.id,
+            proto: session.protocol,
+            nid: session.nodeId,
+            iat: Math.floor(Date.now() / 1000),
+            exp: this.expiresAt ? Math.floor(this.expiresAt / 1000) : undefined,
+        };
+        return (0, session_id_utils_1.encryptJson)(payload);
+    }
+    /**
+     * Convert to LLM-safe context (no tokens exposed)
+     */
+    toLLMSafeContext(session) {
+        return {
+            authorizationId: this.id,
+            sessionId: session.id,
+            mode: this.mode,
+            isAnonymous: this.isAnonymous,
+            user: {
+                sub: this.user.sub,
+                name: this.user.name,
+            },
+            scopes: this.scopes,
+            authorizedToolIds: this.authorizedToolIds,
+            authorizedPromptIds: this.authorizedPromptIds,
+        };
+    }
+    /**
+     * Validate that no tokens are leaked in data
+     * Throws if JWT pattern detected
+     */
+    static validateNoTokenLeakage(data) {
+        const json = JSON.stringify(data);
+        // Detect JWT pattern (header.payload.signature)
+        if (/eyJ[A-Za-z0-9_-]+\.eyJ[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+/.test(json)) {
+            throw new Error('SECURITY: Token detected in data - potential LLM context leak');
+        }
+        // Detect sensitive field names
+        const sensitiveFields = ['access_token', 'refresh_token', 'id_token', 'tokenEnc', 'secretRefId'];
+        for (const field of sensitiveFields) {
+            if (json.includes(`"${field}"`)) {
+                throw new Error(`SECURITY: Sensitive field "${field}" detected - potential leak`);
+            }
+        }
+    }
+}
+exports.AuthorizationBase = AuthorizationBase;
+//# sourceMappingURL=authorization.class.js.map

package/src/auth/authorization/authorization.class.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"authorization.class.js","sourceRoot":"","sources":["../../../../src/auth/authorization/authorization.class.ts"],"names":[],"mappings":";AAAA,4CAA4C;;;AAwB5C,oCAEC;AAxBD,mCAAoC;AAWpC,wEAAgE;AAGhE,uDAAuD;AACvD,MAAM,UAAU,GAAG,CAAC,GAAG,EAAE;IACvB,OAAO,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,IAAA,mBAAU,GAAE,CAAC;AACnD,CAAC,CAAC,EAAE,CAAC;AAEL;;GAEG;AACH,SAAgB,YAAY;IAC1B,OAAO,UAAU,CAAC;AACpB,CAAC;AAED;;;GAGG;AACH,MAAsB,iBAAiB;IAC5B,EAAE,CAAS;IAEX,WAAW,CAAU;IACrB,IAAI,CAAW;IACf,MAAM,CAA2B;IACjC,SAAS,CAAU;IACnB,MAAM,CAAW;IACjB,mBAAmB,CAAmC;IACtD,qBAAqB,CAAW;IAChC,cAAc,CAAoD;IAClE,gBAAgB,CAAW;IAC3B,eAAe,CAAiC;IAChD,iBAAiB,CAAW;IAC5B,iBAAiB,CAAmC;IACpD,mBAAmB,CAAW;IAC9B,mBAAmB,CAAW;IAEvC,uDAAuD;IACpC,KAAK,CAAU;IAElC,uDAAuD;IAC9C,SAAS,GAAkC,IAAI,GAAG,EAAE,CAAC;IAE9D,yBAAyB;IAChB,SAAS,CAAS;IAE3B,YAAsB,GAA2B;QAC/C,IAAI,CAAC,EAAE,GAAG,GAAG,CAAC,EAAE,CAAC;QACjB,IAAI,CAAC,WAAW,GAAG,GAAG,CAAC,WAAW,CAAC;QACnC,IAAI,CAAC,IAAI,GAAG,GAAG,CAAC,IAAI,CAAC;QACrB,IAAI,CAAC,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC;QACzB,IAAI,CAAC,SAAS,GAAG,GAAG,CAAC,SAAS,CAAC;QAC/B,IAAI,CAAC,MAAM,GAAG,GAAG,CAAC,MAAM,IAAI,EAAE,CAAC;QAC/B,IAAI,CAAC,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC;QACvB,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAE5B,uCAAuC;QACvC,IAAI,CAAC,mBAAmB,GAAG,GAAG,CAAC,mBAAmB,IAAI,EAAE,CAAC;QACzD,IAAI,CAAC,qBAAqB,GAAG,GAAG,CAAC,qBAAqB,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;QAChG,IAAI,CAAC,cAAc,GAAG,GAAG,CAAC,cAAc,IAAI,EAAE,CAAC;QAC/C,IAAI,CAAC,gBAAgB,GAAG,GAAG,CAAC,gBAAgB,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QACjF,IAAI,CAAC,eAAe,GAAG,GAAG,CAAC,eAAe,IAAI,EAAE,CAAC;QACjD,IAAI,CAAC,iBAAiB,GAAG,GAAG,CAAC,iBAAiB,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QACpF,IAAI,CAAC,iBAAiB,GAAG,GAAG,CAAC,iBAAiB,IAAI,EAAE,CAAC;QACrD,IAAI,CAAC,mBAAmB,GAAG,GAAG,CAAC,mBAAmB,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;QAC1F,IAAI,CAAC,mBAAmB,GAAG,GAAG,CAAC,mBAAmB,IAAI,EAAE,CAAC;IAC3D,CAAC;IAED;;;;OAIG;IACH,sBAAsB,CAAC,QAA2B,EAAE,WAAoB;QACtE,MAAM,SAAS,GAAG,IAAA,mBAAU,GAAE,CAAC;QAE/B,MAAM,OAAO,GAAqB;YAChC,EAAE,EAAE,SAAS;YACb,eAAe,EAAE,IAAI,CAAC,EAAE;YACxB,QAAQ;YACR,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,SAAS,EAAE,IAAI,CAAC,SAAS;YACzB,MAAM,EAAE,UAAU;YAClB,iBAAiB,EAAE,WAAW;SAC/B,CAAC;QAEF,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;QACxC,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;OAEG;IACH,mBAAmB,CAAC,SAAiB;QACnC,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IACvC,CAAC;IAED;;OAEG;IACH,cAAc;QACZ,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC,CAAC;IAC7C,CAAC;IAED;;OAEG;IACH,sBAAsB,CAAC,SAAiB;QACtC,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAC1C,CAAC;IAED;;OAEG;IACH,IAAI,YAAY;QACd,OAAO,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC;IAC7B,CAAC;IAWD;;OAEG;IACH,QAAQ,CAAC,KAAa;QACpB,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IACrC,CAAC;IAED;;OAEG;IACH,YAAY,CAAC,MAAgB;QAC3B,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IACtD,CAAC;IAED;;OAEG;IACH,WAAW,CAAC,MAAgB;QAC1B,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;IACrD,CAAC;IAED;;OAEG;IACH,aAAa,CAAC,MAAc;QAC1B,OAAO,MAAM,IAAI,IAAI,CAAC,eAAe,IAAI,IAAI,CAAC,iBAAiB,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IACnF,CAAC;IAED;;OAEG;IACH,eAAe,CAAC,QAAgB;QAC9B,OAAO,QAAQ,IAAI,IAAI,CAAC,iBAAiB,IAAI,IAAI,CAAC,mBAAmB,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC3F,CAAC;IAED;;;;OAIG;IACH,eAAe,CAAC,KAAa;QAC3B,OAAO,KAAK,IAAI,IAAI,CAAC,cAAc,IAAI,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC/E,CAAC;IAED;;;;;OAKG;IACH,qBAAqB,CAAC,KAAa,EAAE,OAAe;QAClD,OAAO,GAAG,OAAO,wBAAwB,kBAAkB,CAAC,KAAK,CAAC,mBAAmB,CAAC;IACxF,CAAC;IAED;;OAEG;IACH,SAAS;QACP,IAAI,CAAC,IAAI,CAAC,SAAS;YAAE,OAAO,KAAK,CAAC;QAClC,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC;IACrC,CAAC;IAED;;;OAGG;IACH,eAAe;QACb,IAAI,CAAC,IAAI,CAAC,SAAS;YAAE,OAAO,SAAS,CAAC;QACtC,OAAO,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACrC,CAAC;IAED;;;OAGG;IACH,YAAY,CAAC,OAAyB;QACpC,MAAM,OAAO,GAAsB;YACjC,GAAG,EAAE,OAAO,CAAC,EAAE;YACf,GAAG,EAAE,IAAI,CAAC,EAAE;YACZ,KAAK,EAAE,OAAO,CAAC,QAAQ;YACvB,GAAG,EAAE,OAAO,CAAC,MAAM;YACnB,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;YAClC,GAAG,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS;SACpE,CAAC;QACF,OAAO,IAAA,8BAAW,EAAC,OAAO,CAAC,CAAC;IAC9B,CAAC;IAED;;OAEG;IACH,gBAAgB,CAAC,OAAyB;QACxC,OAAO;YACL,eAAe,EAAE,IAAI,CAAC,EAAE;YACxB,SAAS,EAAE,OAAO,CAAC,EAAE;YACrB,IAAI,EAAE,IAAI,CAAC,IAAI;YACf,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,IAAI,EAAE;gBACJ,GAAG,EAAE,IAAI,CAAC,IAAI,CAAC,GAAG;gBAClB,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI;aACrB;YACD,MAAM,EAAE,IAAI,CAAC,MAAM;YACnB,iBAAiB,EAAE,IAAI,CAAC,iBAAiB;YACzC,mBAAmB,EAAE,IAAI,CAAC,mBAAmB;SAC9C,CAAC;IACJ,CAAC;IAED;;;OAGG;IACH,MAAM,CAAC,sBAAsB,CAAC,IAAa;QACzC,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QAClC,gDAAgD;QAChD,IAAI,sDAAsD,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;YACtE,MAAM,IAAI,KAAK,CAAC,+DAA+D,CAAC,CAAC;QACnF,CAAC;QACD,+BAA+B;QAC/B,MAAM,eAAe,GAAG,CAAC,cAAc,EAAE,eAAe,EAAE,UAAU,EAAE,UAAU,EAAE,aAAa,CAAC,CAAC;QACjG,KAAK,MAAM,KAAK,IAAI,eAAe,EAAE,CAAC;YACpC,IAAI,IAAI,CAAC,QAAQ,CAAC,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;gBAChC,MAAM,IAAI,KAAK,CAAC,8BAA8B,KAAK,6BAA6B,CAAC,CAAC;YACpF,CAAC;QACH,CAAC;IACH,CAAC;CACF;AAxOD,8CAwOC","sourcesContent":["// auth/authorization/authorization.class.ts\n\nimport { randomUUID } from 'crypto';\nimport {\n  Authorization,\n  AuthorizationCreateCtx,\n  AuthorizedPrompt,\n  AuthorizedTool,\n  AuthUser,\n  LLMSafeAuthContext,\n} from './authorization.types';\nimport { TransportSession, TransportProtocol, SessionJwtPayload } from '../session';\nimport { ProviderSnapshot } from '../session/session.types';\nimport { encryptJson } from '../session/utils/session-id.utils';\nimport { AuthMode } from '../../common';\n\n// Single-process machine id generated at server launch\nconst MACHINE_ID = (() => {\n  return process.env['MACHINE_ID'] || randomUUID();\n})();\n\n/**\n * Get the current machine ID\n */\nexport function getMachineId(): string {\n  return MACHINE_ID;\n}\n\n/**\n * Base Authorization class - represents authenticated user context\n * Subclasses implement mode-specific behavior (Public, Transparent, Orchestrated)\n */\nexport abstract class AuthorizationBase implements Authorization {\n  readonly id: string;\n  abstract readonly mode: AuthMode;\n  readonly isAnonymous: boolean;\n  readonly user: AuthUser;\n  readonly claims?: Record<string, unknown>;\n  readonly expiresAt?: number;\n  readonly scopes: string[];\n  readonly authorizedProviders: Record<string, ProviderSnapshot>;\n  readonly authorizedProviderIds: string[];\n  readonly authorizedApps: Record<string, { id: string; toolIds: string[] }>;\n  readonly authorizedAppIds: string[];\n  readonly authorizedTools: Record<string, AuthorizedTool>;\n  readonly authorizedToolIds: string[];\n  readonly authorizedPrompts: Record<string, AuthorizedPrompt>;\n  readonly authorizedPromptIds: string[];\n  readonly authorizedResources: string[];\n\n  /** The original bearer token (for transparent mode) */\n  protected readonly token?: string;\n\n  /** Active transport sessions for this authorization */\n  readonly #sessions: Map<string, TransportSession> = new Map();\n\n  /** Creation timestamp */\n  readonly createdAt: number;\n\n  protected constructor(ctx: AuthorizationCreateCtx) {\n    this.id = ctx.id;\n    this.isAnonymous = ctx.isAnonymous;\n    this.user = ctx.user;\n    this.claims = ctx.claims;\n    this.expiresAt = ctx.expiresAt;\n    this.scopes = ctx.scopes ?? [];\n    this.token = ctx.token;\n    this.createdAt = Date.now();\n\n    // Initialize authorization projections\n    this.authorizedProviders = ctx.authorizedProviders ?? {};\n    this.authorizedProviderIds = ctx.authorizedProviderIds ?? Object.keys(this.authorizedProviders);\n    this.authorizedApps = ctx.authorizedApps ?? {};\n    this.authorizedAppIds = ctx.authorizedAppIds ?? Object.keys(this.authorizedApps);\n    this.authorizedTools = ctx.authorizedTools ?? {};\n    this.authorizedToolIds = ctx.authorizedToolIds ?? Object.keys(this.authorizedTools);\n    this.authorizedPrompts = ctx.authorizedPrompts ?? {};\n    this.authorizedPromptIds = ctx.authorizedPromptIds ?? Object.keys(this.authorizedPrompts);\n    this.authorizedResources = ctx.authorizedResources ?? [];\n  }\n\n  /**\n   * Create a new transport session for this authorization\n   * @param protocol - Transport protocol (sse, streamable-http, etc.)\n   * @param fingerprint - Optional client fingerprint for tracking\n   */\n  createTransportSession(protocol: TransportProtocol, fingerprint?: string): TransportSession {\n    const sessionId = randomUUID();\n\n    const session: TransportSession = {\n      id: sessionId,\n      authorizationId: this.id,\n      protocol,\n      createdAt: Date.now(),\n      expiresAt: this.expiresAt,\n      nodeId: MACHINE_ID,\n      clientFingerprint: fingerprint,\n    };\n\n    this.#sessions.set(session.id, session);\n    return session;\n  }\n\n  /**\n   * Get existing transport session by ID\n   */\n  getTransportSession(sessionId: string): TransportSession | undefined {\n    return this.#sessions.get(sessionId);\n  }\n\n  /**\n   * Get all active transport sessions\n   */\n  getAllSessions(): TransportSession[] {\n    return Array.from(this.#sessions.values());\n  }\n\n  /**\n   * Remove a transport session\n   */\n  removeTransportSession(sessionId: string): boolean {\n    return this.#sessions.delete(sessionId);\n  }\n\n  /**\n   * Get count of active sessions\n   */\n  get sessionCount(): number {\n    return this.#sessions.size;\n  }\n\n  /**\n   * Abstract: Get access token for a provider\n   * Implementation varies by mode:\n   * - Public: throws (no tokens)\n   * - Transparent: returns the original bearer token\n   * - Orchestrated: retrieves from vault/store\n   */\n  abstract getToken(providerId?: string): Promise<string>;\n\n  /**\n   * Check if a scope is granted\n   */\n  hasScope(scope: string): boolean {\n    return this.scopes.includes(scope);\n  }\n\n  /**\n   * Check if all scopes are granted\n   */\n  hasAllScopes(scopes: string[]): boolean {\n    return scopes.every((s) => this.scopes.includes(s));\n  }\n\n  /**\n   * Check if any scope is granted\n   */\n  hasAnyScope(scopes: string[]): boolean {\n    return scopes.some((s) => this.scopes.includes(s));\n  }\n\n  /**\n   * Check if a tool is authorized\n   */\n  canAccessTool(toolId: string): boolean {\n    return toolId in this.authorizedTools || this.authorizedToolIds.includes(toolId);\n  }\n\n  /**\n   * Check if a prompt is authorized\n   */\n  canAccessPrompt(promptId: string): boolean {\n    return promptId in this.authorizedPrompts || this.authorizedPromptIds.includes(promptId);\n  }\n\n  /**\n   * Check if an app is authorized.\n   * Used for progressive authorization to determine if tools from this app can be executed.\n   * @param appId - App ID to check\n   */\n  isAppAuthorized(appId: string): boolean {\n    return appId in this.authorizedApps || this.authorizedAppIds.includes(appId);\n  }\n\n  /**\n   * Build URL for progressive/incremental authorization.\n   * Used when a tool requires authorization for an app that was skipped during initial auth.\n   * @param appId - App ID that requires authorization\n   * @param baseUrl - Base URL of the server\n   */\n  getProgressiveAuthUrl(appId: string, baseUrl: string): string {\n    return `${baseUrl}/oauth/authorize?app=${encodeURIComponent(appId)}&mode=incremental`;\n  }\n\n  /**\n   * Check if the authorization is expired\n   */\n  isExpired(): boolean {\n    if (!this.expiresAt) return false;\n    return Date.now() > this.expiresAt;\n  }\n\n  /**\n   * Get time until expiration in milliseconds\n   * Returns undefined if no expiration, negative if expired\n   */\n  getTimeToExpiry(): number | undefined {\n    if (!this.expiresAt) return undefined;\n    return this.expiresAt - Date.now();\n  }\n\n  /**\n   * Convert a transport session to encrypted session JWT\n   * This is what gets sent in the Mcp-Session-Id header\n   */\n  toSessionJwt(session: TransportSession): string {\n    const payload: SessionJwtPayload = {\n      sid: session.id,\n      aid: this.id,\n      proto: session.protocol,\n      nid: session.nodeId,\n      iat: Math.floor(Date.now() / 1000),\n      exp: this.expiresAt ? Math.floor(this.expiresAt / 1000) : undefined,\n    };\n    return encryptJson(payload);\n  }\n\n  /**\n   * Convert to LLM-safe context (no tokens exposed)\n   */\n  toLLMSafeContext(session: TransportSession): LLMSafeAuthContext {\n    return {\n      authorizationId: this.id,\n      sessionId: session.id,\n      mode: this.mode,\n      isAnonymous: this.isAnonymous,\n      user: {\n        sub: this.user.sub,\n        name: this.user.name,\n      },\n      scopes: this.scopes,\n      authorizedToolIds: this.authorizedToolIds,\n      authorizedPromptIds: this.authorizedPromptIds,\n    };\n  }\n\n  /**\n   * Validate that no tokens are leaked in data\n   * Throws if JWT pattern detected\n   */\n  static validateNoTokenLeakage(data: unknown): void {\n    const json = JSON.stringify(data);\n    // Detect JWT pattern (header.payload.signature)\n    if (/eyJ[A-Za-z0-9_-]+\\.eyJ[A-Za-z0-9_-]+\\.[A-Za-z0-9_-]+/.test(json)) {\n      throw new Error('SECURITY: Token detected in data - potential LLM context leak');\n    }\n    // Detect sensitive field names\n    const sensitiveFields = ['access_token', 'refresh_token', 'id_token', 'tokenEnc', 'secretRefId'];\n    for (const field of sensitiveFields) {\n      if (json.includes(`\"${field}\"`)) {\n        throw new Error(`SECURITY: Sensitive field \"${field}\" detected - potential leak`);\n      }\n    }\n  }\n}\n"]}