npm - @frontmcp/sdk - Versions diffs - 0.4.0 → 0.5.0 - Mend

@frontmcp/sdk 0.4.0 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (558) hide show

package/README.md +30 -18
package/package.json +20 -5
package/src/app/app.registry.d.ts +3 -2
package/src/app/app.registry.js +3 -1
package/src/app/app.registry.js.map +1 -1
package/src/app/instances/app.local.instance.js +2 -2
package/src/app/instances/app.local.instance.js.map +1 -1
package/src/auth/auth.registry.d.ts +34 -2
package/src/auth/auth.registry.js +162 -24
package/src/auth/auth.registry.js.map +1 -1
package/src/auth/auth.utils.js +8 -9
package/src/auth/auth.utils.js.map +1 -1
package/src/auth/authorization/authorization.class.d.ts +125 -0
package/src/auth/authorization/authorization.class.js +224 -0
package/src/auth/authorization/authorization.class.js.map +1 -0
package/src/auth/authorization/authorization.types.d.ts +300 -0
package/src/auth/authorization/authorization.types.js +79 -0
package/src/auth/authorization/authorization.types.js.map +1 -0
package/src/auth/authorization/index.d.ts +5 -0
package/src/auth/authorization/index.js +19 -0
package/src/auth/authorization/index.js.map +1 -0
package/src/auth/authorization/orchestrated.authorization.d.ts +242 -0
package/src/auth/authorization/orchestrated.authorization.js +306 -0
package/src/auth/authorization/orchestrated.authorization.js.map +1 -0
package/src/auth/authorization/public.authorization.d.ts +91 -0
package/src/auth/authorization/public.authorization.js +132 -0
package/src/auth/authorization/public.authorization.js.map +1 -0
package/src/auth/authorization/transparent.authorization.d.ts +130 -0
package/src/auth/authorization/transparent.authorization.js +147 -0
package/src/auth/authorization/transparent.authorization.js.map +1 -0
package/src/auth/consent/consent.types.d.ts +111 -0
package/src/auth/consent/consent.types.js +119 -0
package/src/auth/consent/consent.types.js.map +1 -0
package/src/auth/consent/index.d.ts +1 -0
package/src/auth/consent/index.js +13 -0
package/src/auth/consent/index.js.map +1 -0
package/src/auth/detection/auth-provider-detection.d.ts +84 -0
package/src/auth/detection/auth-provider-detection.js +230 -0
package/src/auth/detection/auth-provider-detection.js.map +1 -0
package/src/auth/detection/index.d.ts +1 -0
package/src/auth/detection/index.js +15 -0
package/src/auth/detection/index.js.map +1 -0
package/src/auth/flows/auth.verify.flow.d.ts +110 -0
package/src/auth/flows/auth.verify.flow.js +379 -0
package/src/auth/flows/auth.verify.flow.js.map +1 -0
package/src/auth/flows/oauth.authorize.flow.d.ts +118 -164
package/src/auth/flows/oauth.authorize.flow.js +701 -33
package/src/auth/flows/oauth.authorize.flow.js.map +1 -1
package/src/auth/flows/oauth.callback.flow.d.ts +117 -0
package/src/auth/flows/oauth.callback.flow.js +357 -0
package/src/auth/flows/oauth.callback.flow.js.map +1 -0
package/src/auth/flows/oauth.register.flow.d.ts +32 -125
package/src/auth/flows/oauth.token.flow.d.ts +52 -154
package/src/auth/flows/oauth.token.flow.js +193 -55
package/src/auth/flows/oauth.token.flow.js.map +1 -1
package/src/auth/flows/session.verify.flow.d.ts +66 -321
package/src/auth/flows/session.verify.flow.js +107 -18
package/src/auth/flows/session.verify.flow.js.map +1 -1
package/src/auth/flows/well-known.jwks.flow.d.ts +34 -205
package/src/auth/flows/well-known.jwks.flow.js +15 -8
package/src/auth/flows/well-known.jwks.flow.js.map +1 -1
package/src/auth/flows/well-known.oauth-authorization-server.flow.d.ts +48 -223
package/src/auth/flows/well-known.oauth-authorization-server.flow.js +2 -3
package/src/auth/flows/well-known.oauth-authorization-server.flow.js.map +1 -1
package/src/auth/flows/well-known.prm.flow.d.ts +19 -120
package/src/auth/flows/well-known.prm.flow.js +3 -4
package/src/auth/flows/well-known.prm.flow.js.map +1 -1
package/src/auth/instances/instance.local-primary-auth.d.ts +91 -4
package/src/auth/instances/instance.local-primary-auth.js +236 -6
package/src/auth/instances/instance.local-primary-auth.js.map +1 -1
package/src/auth/instances/instance.remote-primary-auth.d.ts +4 -3
package/src/auth/instances/instance.remote-primary-auth.js +2 -2
package/src/auth/instances/instance.remote-primary-auth.js.map +1 -1
package/src/auth/session/authorization-vault.d.ts +611 -0
package/src/auth/session/authorization-vault.js +817 -0
package/src/auth/session/authorization-vault.js.map +1 -0
package/src/auth/session/authorization.store.d.ts +301 -0
package/src/auth/session/authorization.store.js +323 -0
package/src/auth/session/authorization.store.js.map +1 -0
package/src/auth/session/encrypted-authorization-vault.d.ts +181 -0
package/src/auth/session/encrypted-authorization-vault.js +493 -0
package/src/auth/session/encrypted-authorization-vault.js.map +1 -0
package/src/auth/session/index.d.ts +4 -4
package/src/auth/session/index.js +11 -7
package/src/auth/session/index.js.map +1 -1
package/src/auth/session/session.schema.d.ts +1 -1
package/src/auth/session/session.service.d.ts +1 -1
package/src/auth/session/transport-session.manager.d.ts +101 -0
package/src/auth/session/transport-session.manager.js +300 -0
package/src/auth/session/transport-session.manager.js.map +1 -0
package/src/auth/session/transport-session.types.d.ts +457 -0
package/src/auth/session/transport-session.types.js +110 -0
package/src/auth/session/transport-session.types.js.map +1 -0
package/src/auth/session/utils/session-id.utils.d.ts +14 -2
package/src/auth/session/utils/session-id.utils.js +68 -19
package/src/auth/session/utils/session-id.utils.js.map +1 -1
package/src/auth/session/vault-encryption.d.ts +189 -0
package/src/auth/session/vault-encryption.js +263 -0
package/src/auth/session/vault-encryption.js.map +1 -0
package/src/auth/ui/base-layout.d.ts +188 -0
package/src/auth/ui/base-layout.js +292 -0
package/src/auth/ui/base-layout.js.map +1 -0
package/src/auth/ui/htmx-templates.d.ts +135 -0
package/src/auth/ui/htmx-templates.js +433 -0
package/src/auth/ui/htmx-templates.js.map +1 -0
package/src/auth/ui/index.d.ts +11 -0
package/src/auth/ui/index.js +35 -0
package/src/auth/ui/index.js.map +1 -0
package/src/auth/utils/audience.validator.d.ts +129 -0
package/src/auth/utils/audience.validator.js +196 -0
package/src/auth/utils/audience.validator.js.map +1 -0
package/src/auth/utils/index.d.ts +2 -0
package/src/auth/utils/index.js +7 -0
package/src/auth/utils/index.js.map +1 -0
package/src/auth/utils/www-authenticate.utils.d.ts +97 -0
package/src/auth/utils/www-authenticate.utils.js +183 -0
package/src/auth/utils/www-authenticate.utils.js.map +1 -0
package/src/common/common.schema.d.ts +2 -16
package/src/common/constants.d.ts +3 -0
package/src/common/constants.js +6 -1
package/src/common/constants.js.map +1 -1
package/src/common/decorators/decorator-utils.d.ts +131 -0
package/src/common/decorators/decorator-utils.js +195 -0
package/src/common/decorators/decorator-utils.js.map +1 -0
package/src/common/decorators/front-mcp.decorator.js +3 -2
package/src/common/decorators/front-mcp.decorator.js.map +1 -1
package/src/common/decorators/hook.decorator.d.ts +58 -2
package/src/common/decorators/hook.decorator.js +127 -17
package/src/common/decorators/hook.decorator.js.map +1 -1
package/src/common/decorators/plugin.decorator.d.ts +1 -1
package/src/common/decorators/plugin.decorator.js +11 -10
package/src/common/decorators/plugin.decorator.js.map +1 -1
package/src/common/decorators/resource.decorator.d.ts +32 -3
package/src/common/decorators/resource.decorator.js +46 -4
package/src/common/decorators/resource.decorator.js.map +1 -1
package/src/common/decorators/tool.decorator.d.ts +54 -5
package/src/common/decorators/tool.decorator.js.map +1 -1
package/src/common/dynamic/dynamic.plugin.d.ts +22 -11
package/src/common/dynamic/dynamic.plugin.js +7 -1
package/src/common/dynamic/dynamic.plugin.js.map +1 -1
package/src/common/entries/prompt.entry.d.ts +46 -2
package/src/common/entries/prompt.entry.js +10 -0
package/src/common/entries/prompt.entry.js.map +1 -1
package/src/common/entries/resource.entry.d.ts +69 -6
package/src/common/entries/resource.entry.js +27 -3
package/src/common/entries/resource.entry.js.map +1 -1
package/src/common/entries/scope.entry.d.ts +5 -1
package/src/common/entries/scope.entry.js +3 -3
package/src/common/entries/scope.entry.js.map +1 -1
package/src/common/flow/flow.utils.d.ts +56 -0
package/src/common/flow/flow.utils.js +96 -0
package/src/common/flow/flow.utils.js.map +1 -0
package/src/common/index.d.ts +2 -2
package/src/common/index.js +2 -2
package/src/common/index.js.map +1 -1
package/src/common/interfaces/execution-context.interface.d.ts +59 -0
package/src/common/interfaces/execution-context.interface.js +81 -0
package/src/common/interfaces/execution-context.interface.js.map +1 -0
package/src/common/interfaces/flow.interface.d.ts +1 -1
package/src/common/interfaces/flow.interface.js.map +1 -1
package/src/common/interfaces/index.d.ts +1 -0
package/src/common/interfaces/index.js +1 -0
package/src/common/interfaces/index.js.map +1 -1
package/src/common/interfaces/internal/primary-auth-provider.interface.d.ts +17 -2
package/src/common/interfaces/internal/primary-auth-provider.interface.js +52 -4
package/src/common/interfaces/internal/primary-auth-provider.interface.js.map +1 -1
package/src/common/interfaces/internal/registry.interface.d.ts +16 -2
package/src/common/interfaces/internal/registry.interface.js.map +1 -1
package/src/common/interfaces/plugin.interface.js.map +1 -1
package/src/common/interfaces/prompt.interface.d.ts +53 -4
package/src/common/interfaces/prompt.interface.js +78 -0
package/src/common/interfaces/prompt.interface.js.map +1 -1
package/src/common/interfaces/resource.interface.d.ts +47 -17
package/src/common/interfaces/resource.interface.js +53 -0
package/src/common/interfaces/resource.interface.js.map +1 -1
package/src/common/interfaces/tool.interface.d.ts +39 -22
package/src/common/interfaces/tool.interface.js +61 -34
package/src/common/interfaces/tool.interface.js.map +1 -1
package/src/common/metadata/adapter.metadata.d.ts +1 -9
package/src/common/metadata/app.metadata.d.ts +425 -730
package/src/common/metadata/auth-provider.metadata.d.ts +2 -12
package/src/common/metadata/flow.metadata.d.ts +10 -25
package/src/common/metadata/front-mcp.metadata.d.ts +602 -1023
package/src/common/metadata/front-mcp.metadata.js +6 -4
package/src/common/metadata/front-mcp.metadata.js.map +1 -1
package/src/common/metadata/hook.metadata.d.ts +1 -1
package/src/common/metadata/hook.metadata.js.map +1 -1
package/src/common/metadata/index.d.ts +1 -0
package/src/common/metadata/index.js +1 -0
package/src/common/metadata/index.js.map +1 -1
package/src/common/metadata/logger.metadata.d.ts +1 -9
package/src/common/metadata/plugin.metadata.d.ts +8 -30
package/src/common/metadata/prompt.metadata.d.ts +4 -161
package/src/common/metadata/provider.metadata.d.ts +2 -12
package/src/common/metadata/resource.metadata.d.ts +6 -98
package/src/common/metadata/resource.metadata.js +15 -6
package/src/common/metadata/resource.metadata.js.map +1 -1
package/src/common/metadata/tool-ui.metadata.d.ts +10 -0
package/src/common/metadata/tool-ui.metadata.js +12 -0
package/src/common/metadata/tool-ui.metadata.js.map +1 -0
package/src/common/metadata/tool.metadata.d.ts +78 -199
package/src/common/metadata/tool.metadata.js +11 -14
package/src/common/metadata/tool.metadata.js.map +1 -1
package/src/common/providers/base-config.provider.d.ts +84 -0
package/src/common/providers/base-config.provider.js +128 -0
package/src/common/providers/base-config.provider.js.map +1 -0
package/src/common/records/plugin.record.d.ts +5 -6
package/src/common/records/plugin.record.js.map +1 -1
package/src/common/records/prompt.record.js.map +1 -1
package/src/common/records/resource.record.d.ts +17 -1
package/src/common/records/resource.record.js +12 -6
package/src/common/records/resource.record.js.map +1 -1
package/src/common/records/tool.record.js.map +1 -1
package/src/common/schemas/annotated-class.schema.d.ts +9 -9
package/src/common/schemas/annotated-class.schema.js +92 -27
package/src/common/schemas/annotated-class.schema.js.map +1 -1
package/src/common/schemas/http-input.schema.d.ts +6 -30
package/src/common/schemas/http-output.schema.d.ts +326 -1630
package/src/common/schemas/http-output.schema.js +39 -1
package/src/common/schemas/http-output.schema.js.map +1 -1
package/src/common/tokens/front-mcp.tokens.js +4 -1
package/src/common/tokens/front-mcp.tokens.js.map +1 -1
package/src/common/tokens/resource.tokens.d.ts +2 -0
package/src/common/tokens/resource.tokens.js +4 -1
package/src/common/tokens/resource.tokens.js.map +1 -1
package/src/common/tokens/tool.tokens.d.ts +2 -0
package/src/common/tokens/tool.tokens.js +2 -0
package/src/common/tokens/tool.tokens.js.map +1 -1
package/src/common/types/auth/jwt.types.d.ts +5 -31
package/src/common/types/auth/session.types.d.ts +97 -192
package/src/common/types/auth/session.types.js +24 -11
package/src/common/types/auth/session.types.js.map +1 -1
package/src/common/types/options/auth.options.d.ts +1013 -490
package/src/common/types/options/auth.options.js +554 -36
package/src/common/types/options/auth.options.js.map +1 -1
package/src/common/types/options/http.options.d.ts +1 -9
package/src/common/types/options/logging.options.d.ts +7 -13
package/src/common/types/options/logging.options.js +4 -0
package/src/common/types/options/logging.options.js.map +1 -1
package/src/common/types/options/server-info.options.d.ts +3 -31
package/src/common/types/options/session.options.d.ts +90 -10
package/src/common/types/options/session.options.js +26 -3
package/src/common/types/options/session.options.js.map +1 -1
package/src/common/utils/decide-request-intent.utils.d.ts +8 -46
package/src/common/utils/decide-request-intent.utils.js +88 -23
package/src/common/utils/decide-request-intent.utils.js.map +1 -1
package/src/completion/flows/complete.flow.d.ts +74 -0
package/src/completion/flows/complete.flow.js +199 -0
package/src/completion/flows/complete.flow.js.map +1 -0
package/src/errors/authorization-required.error.d.ts +189 -0
package/src/errors/authorization-required.error.js +274 -0
package/src/errors/authorization-required.error.js.map +1 -0
package/src/errors/index.d.ts +2 -1
package/src/errors/index.js +17 -1
package/src/errors/index.js.map +1 -1
package/src/errors/mcp.error.d.ts +101 -1
package/src/errors/mcp.error.js +147 -2
package/src/errors/mcp.error.js.map +1 -1
package/src/flows/flow.instance.js +4 -3
package/src/flows/flow.instance.js.map +1 -1
package/src/flows/flow.registry.js.map +1 -1
package/src/flows/flow.stages.js +14 -11
package/src/flows/flow.stages.js.map +1 -1
package/src/front-mcp/front-mcp.providers.d.ts +464 -102
package/src/front-mcp/front-mcp.providers.js +3 -5
package/src/front-mcp/front-mcp.providers.js.map +1 -1
package/src/hooks/hook.instance.d.ts +1 -1
package/src/hooks/hook.instance.js +5 -2
package/src/hooks/hook.instance.js.map +1 -1
package/src/hooks/hook.registry.js +7 -5
package/src/hooks/hook.registry.js.map +1 -1
package/src/index.d.ts +28 -9
package/src/index.js +5 -1
package/src/index.js.map +1 -1
package/src/logger/instances/instance.logger.js +3 -2
package/src/logger/instances/instance.logger.js.map +1 -1
package/src/logger/logger.registry.js +7 -2
package/src/logger/logger.registry.js.map +1 -1
package/src/logging/flows/set-level.flow.d.ts +62 -0
package/src/logging/flows/set-level.flow.js +108 -0
package/src/logging/flows/set-level.flow.js.map +1 -0
package/src/mcp-apps/csp.d.ts +111 -0
package/src/mcp-apps/csp.js +267 -0
package/src/mcp-apps/csp.js.map +1 -0
package/src/mcp-apps/index.d.ts +23 -0
package/src/mcp-apps/index.js +91 -0
package/src/mcp-apps/index.js.map +1 -0
package/src/mcp-apps/schemas.d.ts +403 -0
package/src/mcp-apps/schemas.js +345 -0
package/src/mcp-apps/schemas.js.map +1 -0
package/src/mcp-apps/template.d.ts +94 -0
package/src/mcp-apps/template.js +419 -0
package/src/mcp-apps/template.js.map +1 -0
package/src/mcp-apps/types.d.ts +323 -0
package/src/mcp-apps/types.js +59 -0
package/src/mcp-apps/types.js.map +1 -0
package/src/notification/index.d.ts +1 -0
package/src/notification/index.js +13 -0
package/src/notification/index.js.map +1 -0
package/src/notification/notification.service.d.ts +378 -0
package/src/notification/notification.service.js +727 -0
package/src/notification/notification.service.js.map +1 -0
package/src/plugin/plugin.registry.js +12 -9
package/src/plugin/plugin.registry.js.map +1 -1
package/src/prompt/flows/get-prompt.flow.d.ts +153 -0
package/src/prompt/flows/get-prompt.flow.js +214 -0
package/src/prompt/flows/get-prompt.flow.js.map +1 -0
package/src/prompt/flows/prompts-list.flow.d.ts +67 -0
package/src/prompt/flows/prompts-list.flow.js +176 -0
package/src/prompt/flows/prompts-list.flow.js.map +1 -0
package/src/prompt/index.d.ts +7 -0
package/src/prompt/index.js +17 -0
package/src/prompt/index.js.map +1 -0
package/src/prompt/prompt.events.d.ts +17 -0
package/src/prompt/prompt.events.js +25 -0
package/src/prompt/prompt.events.js.map +1 -0
package/src/prompt/prompt.instance.d.ts +30 -0
package/src/prompt/prompt.instance.js +120 -0
package/src/prompt/prompt.instance.js.map +1 -0
package/src/prompt/prompt.registry.d.ts +79 -12
package/src/prompt/prompt.registry.js +360 -15
package/src/prompt/prompt.registry.js.map +1 -1
package/src/prompt/prompt.types.d.ts +26 -0
package/src/prompt/prompt.types.js +11 -0
package/src/prompt/prompt.types.js.map +1 -0
package/src/prompt/prompt.utils.d.ts +26 -0
package/src/prompt/prompt.utils.js +136 -0
package/src/prompt/prompt.utils.js.map +1 -0
package/src/provider/provider.registry.d.ts +12 -5
package/src/provider/provider.registry.js +30 -138
package/src/provider/provider.registry.js.map +1 -1
package/src/regsitry/registry.base.d.ts +1 -1
package/src/regsitry/registry.base.js.map +1 -1
package/src/resource/flows/read-resource.flow.d.ts +91 -0
package/src/resource/flows/read-resource.flow.js +270 -0
package/src/resource/flows/read-resource.flow.js.map +1 -0
package/src/resource/flows/resource-templates-list.flow.d.ts +64 -0
package/src/resource/flows/resource-templates-list.flow.js +191 -0
package/src/resource/flows/resource-templates-list.flow.js.map +1 -0
package/src/resource/flows/resources-list.flow.d.ts +64 -0
package/src/resource/flows/resources-list.flow.js +196 -0
package/src/resource/flows/resources-list.flow.js.map +1 -0
package/src/resource/flows/subscribe-resource.flow.d.ts +45 -0
package/src/resource/flows/subscribe-resource.flow.js +123 -0
package/src/resource/flows/subscribe-resource.flow.js.map +1 -0
package/src/resource/flows/unsubscribe-resource.flow.d.ts +44 -0
package/src/resource/flows/unsubscribe-resource.flow.js +107 -0
package/src/resource/flows/unsubscribe-resource.flow.js.map +1 -0
package/src/resource/index.d.ts +8 -0
package/src/resource/index.js +20 -0
package/src/resource/index.js.map +1 -0
package/src/resource/resource.events.d.ts +24 -0
package/src/resource/resource.events.js +17 -0
package/src/resource/resource.events.js.map +1 -0
package/src/resource/resource.instance.d.ts +35 -0
package/src/resource/resource.instance.js +163 -0
package/src/resource/resource.instance.js.map +1 -0
package/src/resource/resource.registry.d.ts +106 -12
package/src/resource/resource.registry.js +449 -13
package/src/resource/resource.registry.js.map +1 -1
package/src/resource/resource.types.d.ts +35 -0
package/src/resource/resource.types.js +11 -0
package/src/resource/resource.types.js.map +1 -0
package/src/resource/resource.utils.d.ts +30 -0
package/src/resource/resource.utils.js +151 -0
package/src/resource/resource.utils.js.map +1 -0
package/src/scope/flows/http.request.flow.d.ts +48 -330
package/src/scope/flows/http.request.flow.js +306 -78
package/src/scope/flows/http.request.flow.js.map +1 -1
package/src/scope/scope.instance.d.ts +12 -0
package/src/scope/scope.instance.js +145 -15
package/src/scope/scope.instance.js.map +1 -1
package/src/tool/flows/call-tool.flow.d.ts +64 -1110
package/src/tool/flows/call-tool.flow.js +303 -15
package/src/tool/flows/call-tool.flow.js.map +1 -1
package/src/tool/flows/tools-list.flow.d.ts +32 -473
package/src/tool/flows/tools-list.flow.js +111 -10
package/src/tool/flows/tools-list.flow.js.map +1 -1
package/src/tool/tool.events.d.ts +8 -1
package/src/tool/tool.events.js.map +1 -1
package/src/tool/tool.instance.d.ts +3 -1
package/src/tool/tool.instance.js +17 -3
package/src/tool/tool.instance.js.map +1 -1
package/src/tool/tool.registry.d.ts +7 -1
package/src/tool/tool.registry.js +26 -10
package/src/tool/tool.registry.js.map +1 -1
package/src/tool/tool.types.d.ts +4 -4
package/src/tool/tool.types.js.map +1 -1
package/src/tool/tool.utils.d.ts +3 -12
package/src/tool/tool.utils.js +39 -193
package/src/tool/tool.utils.js.map +1 -1
package/src/tool/ui/index.d.ts +22 -0
package/src/tool/ui/index.js +63 -0
package/src/tool/ui/index.js.map +1 -0
package/src/tool/ui/platform-adapters.d.ts +10 -0
package/src/tool/ui/platform-adapters.js +18 -0
package/src/tool/ui/platform-adapters.js.map +1 -0
package/src/tool/ui/template-helpers.d.ts +46 -0
package/src/tool/ui/template-helpers.js +112 -0
package/src/tool/ui/template-helpers.js.map +1 -0
package/src/tool/ui/ui-resource-template.d.ts +34 -0
package/src/tool/ui/ui-resource-template.js +64 -0
package/src/tool/ui/ui-resource-template.js.map +1 -0
package/src/tool/ui/ui-resource.handler.d.ts +74 -0
package/src/tool/ui/ui-resource.handler.js +129 -0
package/src/tool/ui/ui-resource.handler.js.map +1 -0
package/src/transport/adapters/transport.local.adapter.d.ts +2 -2
package/src/transport/adapters/transport.local.adapter.js +28 -7
package/src/transport/adapters/transport.local.adapter.js.map +1 -1
package/src/transport/adapters/transport.sse.adapter.d.ts +2 -2
package/src/transport/adapters/transport.sse.adapter.js +4 -3
package/src/transport/adapters/transport.sse.adapter.js.map +1 -1
package/src/transport/adapters/transport.streamable-http.adapter.d.ts +10 -3
package/src/transport/adapters/transport.streamable-http.adapter.js +54 -8
package/src/transport/adapters/transport.streamable-http.adapter.js.map +1 -1
package/src/transport/flows/handle.sse.flow.d.ts +29 -63
package/src/transport/flows/handle.sse.flow.js +78 -10
package/src/transport/flows/handle.sse.flow.js.map +1 -1
package/src/transport/flows/handle.stateless-http.flow.d.ts +29 -0
package/src/transport/flows/handle.stateless-http.flow.js +102 -0
package/src/transport/flows/handle.stateless-http.flow.js.map +1 -0
package/src/transport/flows/handle.streamable-http.flow.d.ts +32 -64
package/src/transport/flows/handle.streamable-http.flow.js +158 -26
package/src/transport/flows/handle.streamable-http.flow.js.map +1 -1
package/src/transport/legacy/legacy.sse.tranporter.d.ts +9 -0
package/src/transport/legacy/legacy.sse.tranporter.js +17 -2
package/src/transport/legacy/legacy.sse.tranporter.js.map +1 -1
package/src/transport/mcp-handlers/call-tool-request.handler.js +27 -1
package/src/transport/mcp-handlers/call-tool-request.handler.js.map +1 -1
package/src/transport/mcp-handlers/complete-request.handler.d.ts +69 -0
package/src/transport/mcp-handlers/complete-request.handler.js +11 -0
package/src/transport/mcp-handlers/complete-request.handler.js.map +1 -0
package/src/transport/mcp-handlers/get-prompt-request.handler.d.ts +87 -0
package/src/transport/mcp-handlers/get-prompt-request.handler.js +11 -0
package/src/transport/mcp-handlers/get-prompt-request.handler.js.map +1 -0
package/src/transport/mcp-handlers/index.d.ts +517 -208
package/src/transport/mcp-handlers/index.js +39 -2
package/src/transport/mcp-handlers/index.js.map +1 -1
package/src/transport/mcp-handlers/initialize-request.handler.d.ts +1 -1
package/src/transport/mcp-handlers/initialize-request.handler.js +73 -7
package/src/transport/mcp-handlers/initialize-request.handler.js.map +1 -1
package/src/transport/mcp-handlers/list-prompts-request.handler.d.ts +54 -0
package/src/transport/mcp-handlers/list-prompts-request.handler.js +11 -0
package/src/transport/mcp-handlers/list-prompts-request.handler.js.map +1 -0
package/src/transport/mcp-handlers/list-resource-templates-request.handler.d.ts +51 -0
package/src/transport/mcp-handlers/list-resource-templates-request.handler.js +12 -0
package/src/transport/mcp-handlers/list-resource-templates-request.handler.js.map +1 -0
package/src/transport/mcp-handlers/list-resources-request.handler.d.ts +51 -0
package/src/transport/mcp-handlers/list-resources-request.handler.js +12 -0
package/src/transport/mcp-handlers/list-resources-request.handler.js.map +1 -0
package/src/transport/mcp-handlers/list-tools-request.handler.d.ts +19 -146
package/src/transport/mcp-handlers/logging-set-level-request.handler.d.ts +46 -0
package/src/transport/mcp-handlers/logging-set-level-request.handler.js +34 -0
package/src/transport/mcp-handlers/logging-set-level-request.handler.js.map +1 -0
package/src/transport/mcp-handlers/mcp-handlers.types.d.ts +3 -7
package/src/transport/mcp-handlers/mcp-handlers.types.js.map +1 -1
package/src/transport/mcp-handlers/read-resource-request.handler.d.ts +46 -0
package/src/transport/mcp-handlers/read-resource-request.handler.js +12 -0
package/src/transport/mcp-handlers/read-resource-request.handler.js.map +1 -0
package/src/transport/mcp-handlers/roots-list-changed-notification.handler.d.ts +11 -0
package/src/transport/mcp-handlers/roots-list-changed-notification.handler.js +26 -0
package/src/transport/mcp-handlers/roots-list-changed-notification.handler.js.map +1 -0
package/src/transport/mcp-handlers/subscribe-request.handler.d.ts +37 -0
package/src/transport/mcp-handlers/subscribe-request.handler.js +34 -0
package/src/transport/mcp-handlers/subscribe-request.handler.js.map +1 -0
package/src/transport/mcp-handlers/unsubscribe-request.handler.d.ts +37 -0
package/src/transport/mcp-handlers/unsubscribe-request.handler.js +34 -0
package/src/transport/mcp-handlers/unsubscribe-request.handler.js.map +1 -0
package/src/transport/transport.local.js +7 -2
package/src/transport/transport.local.js.map +1 -1
package/src/transport/transport.registry.d.ts +30 -0
package/src/transport/transport.registry.js +84 -1
package/src/transport/transport.registry.js.map +1 -1
package/src/transport/transport.types.d.ts +3 -3
package/src/transport/transport.types.js.map +1 -1
package/src/utils/content.utils.d.ts +48 -0
package/src/utils/content.utils.js +194 -0
package/src/utils/content.utils.js.map +1 -0
package/src/utils/index.d.ts +8 -0
package/src/utils/index.js +55 -0
package/src/utils/index.js.map +1 -0
package/src/utils/lineage.utils.d.ts +40 -0
package/src/utils/lineage.utils.js +82 -0
package/src/utils/lineage.utils.js.map +1 -0
package/src/utils/naming.utils.d.ts +46 -0
package/src/utils/naming.utils.js +136 -0
package/src/utils/naming.utils.js.map +1 -0
package/src/utils/types.utils.d.ts +2 -2
package/src/utils/types.utils.js.map +1 -1
package/src/utils/uri-template.utils.d.ts +57 -0
package/src/utils/uri-template.utils.js +113 -0
package/src/utils/uri-template.utils.js.map +1 -0
package/src/utils/uri-validation.utils.d.ts +40 -0
package/src/utils/uri-validation.utils.js +76 -0
package/src/utils/uri-validation.utils.js.map +1 -0
package/src/__test-utils__/fixtures/hook.fixtures.d.ts +0 -46
package/src/__test-utils__/fixtures/hook.fixtures.js +0 -114
package/src/__test-utils__/fixtures/hook.fixtures.js.map +0 -1
package/src/__test-utils__/fixtures/index.d.ts +0 -7
package/src/__test-utils__/fixtures/index.js +0 -11
package/src/__test-utils__/fixtures/index.js.map +0 -1
package/src/__test-utils__/fixtures/plugin.fixtures.d.ts +0 -46
package/src/__test-utils__/fixtures/plugin.fixtures.js +0 -127
package/src/__test-utils__/fixtures/plugin.fixtures.js.map +0 -1
package/src/__test-utils__/fixtures/provider.fixtures.d.ts +0 -69
package/src/__test-utils__/fixtures/provider.fixtures.js +0 -131
package/src/__test-utils__/fixtures/provider.fixtures.js.map +0 -1
package/src/__test-utils__/fixtures/scope.fixtures.d.ts +0 -14
package/src/__test-utils__/fixtures/scope.fixtures.js +0 -59
package/src/__test-utils__/fixtures/scope.fixtures.js.map +0 -1
package/src/__test-utils__/fixtures/tool.fixtures.d.ts +0 -36
package/src/__test-utils__/fixtures/tool.fixtures.js +0 -91
package/src/__test-utils__/fixtures/tool.fixtures.js.map +0 -1
package/src/__test-utils__/helpers/assertion.helpers.d.ts +0 -45
package/src/__test-utils__/helpers/assertion.helpers.js +0 -153
package/src/__test-utils__/helpers/assertion.helpers.js.map +0 -1
package/src/__test-utils__/helpers/async.helpers.d.ts +0 -48
package/src/__test-utils__/helpers/async.helpers.js +0 -112
package/src/__test-utils__/helpers/async.helpers.js.map +0 -1
package/src/__test-utils__/helpers/index.d.ts +0 -6
package/src/__test-utils__/helpers/index.js +0 -10
package/src/__test-utils__/helpers/index.js.map +0 -1
package/src/__test-utils__/helpers/setup.helpers.d.ts +0 -54
package/src/__test-utils__/helpers/setup.helpers.js +0 -106
package/src/__test-utils__/helpers/setup.helpers.js.map +0 -1
package/src/__test-utils__/index.d.ts +0 -9
package/src/__test-utils__/index.js +0 -14
package/src/__test-utils__/index.js.map +0 -1
package/src/__test-utils__/mocks/flow-instance.mock.d.ts +0 -50
package/src/__test-utils__/mocks/flow-instance.mock.js +0 -72
package/src/__test-utils__/mocks/flow-instance.mock.js.map +0 -1
package/src/__test-utils__/mocks/hook-registry.mock.d.ts +0 -25
package/src/__test-utils__/mocks/hook-registry.mock.js +0 -65
package/src/__test-utils__/mocks/hook-registry.mock.js.map +0 -1
package/src/__test-utils__/mocks/index.d.ts +0 -8
package/src/__test-utils__/mocks/index.js +0 -12
package/src/__test-utils__/mocks/index.js.map +0 -1
package/src/__test-utils__/mocks/plugin-registry.mock.d.ts +0 -43
package/src/__test-utils__/mocks/plugin-registry.mock.js +0 -70
package/src/__test-utils__/mocks/plugin-registry.mock.js.map +0 -1
package/src/__test-utils__/mocks/provider-registry.mock.d.ts +0 -39
package/src/__test-utils__/mocks/provider-registry.mock.js +0 -72
package/src/__test-utils__/mocks/provider-registry.mock.js.map +0 -1
package/src/__test-utils__/mocks/tool-registry.mock.d.ts +0 -43
package/src/__test-utils__/mocks/tool-registry.mock.js +0 -79
package/src/__test-utils__/mocks/tool-registry.mock.js.map +0 -1
package/src/auth/path.utils.d.ts +0 -20
package/src/auth/path.utils.js +0 -71
package/src/auth/path.utils.js.map +0 -1
package/src/common/decorators-old/async-with.decorator.d.ts +0 -10
package/src/common/decorators-old/async-with.decorator.js +0 -24
package/src/common/decorators-old/async-with.decorator.js.map +0 -1
package/src/common/decorators-old/auth-hook.decorator.d.ts +0 -14
package/src/common/decorators-old/auth-hook.decorator.js +0 -27
package/src/common/decorators-old/auth-hook.decorator.js.map +0 -1
package/src/common/decorators-old/session-hook.decorator.d.ts +0 -14
package/src/common/decorators-old/session-hook.decorator.js +0 -27
package/src/common/decorators-old/session-hook.decorator.js.map +0 -1

package/src/auth/authorization/transparent.authorization.d.ts ADDED Viewed

@@ -0,0 +1,130 @@
+import { AuthorizationBase } from './authorization.class';
+import { AuthorizationCreateCtx } from './authorization.types';
+import { AuthMode } from '../../common';
+/**
+ * Verified JWT payload from transparent auth provider
+ */
+export interface TransparentVerifiedPayload {
+    /** Subject identifier */
+    sub: string;
+    /** Issuer */
+    iss?: string;
+    /** Audience */
+    aud?: string | string[];
+    /** Expiration (seconds since epoch) */
+    exp?: number;
+    /** Issued at (seconds since epoch) */
+    iat?: number;
+    /** Scopes (space-separated or array) */
+    scope?: string | string[];
+    /** Display name */
+    name?: string;
+    /** Email */
+    email?: string;
+    /** Picture URL */
+    picture?: string;
+    /** Additional claims */
+    [key: string]: unknown;
+}
+/**
+ * Context for creating a TransparentAuthorization
+ */
+export interface TransparentAuthorizationCreateCtx {
+    /**
+     * The original bearer token (passed through to downstream)
+     */
+    token: string;
+    /**
+     * Verified JWT payload from the upstream provider
+     */
+    payload: TransparentVerifiedPayload;
+    /**
+     * Provider ID for this authorization
+     */
+    providerId: string;
+    /**
+     * Provider name for display/logging
+     */
+    providerName?: string;
+    /**
+     * Precomputed authorization projections
+     */
+    authorizedTools?: AuthorizationCreateCtx['authorizedTools'];
+    authorizedToolIds?: string[];
+    authorizedPrompts?: AuthorizationCreateCtx['authorizedPrompts'];
+    authorizedPromptIds?: string[];
+    authorizedApps?: AuthorizationCreateCtx['authorizedApps'];
+    authorizedAppIds?: string[];
+    authorizedResources?: string[];
+}
+/**
+ * TransparentAuthorization - Pass-through OAuth tokens
+ *
+ * In transparent mode:
+ * - The client's token is forwarded directly to downstream services
+ * - Token validation happens via the upstream provider's JWKS
+ * - getToken() returns the original bearer token
+ * - Ideal when the auth server is the source of truth
+ */
+export declare class TransparentAuthorization extends AuthorizationBase {
+    readonly mode: AuthMode;
+    /**
+     * Provider ID that issued the token
+     */
+    readonly providerId: string;
+    /**
+     * Provider display name
+     */
+    readonly providerName?: string;
+    private constructor();
+    /**
+     * Create a TransparentAuthorization from a verified JWT
+     *
+     * @param ctx - Creation context with token and verified payload
+     * @returns A new TransparentAuthorization instance
+     *
+     * @example
+     * ```typescript
+     * const auth = TransparentAuthorization.fromVerifiedToken({
+     *   token: bearerToken,
+     *   payload: verifiedClaims,
+     *   providerId: 'auth0',
+     * });
+     *
+     * // Pass token through to downstream
+     * const token = await auth.getToken();
+     * ```
+     */
+    static fromVerifiedToken(ctx: TransparentAuthorizationCreateCtx): TransparentAuthorization;
+    /**
+     * Get the original bearer token for pass-through
+     *
+     * In transparent mode, the same token is returned regardless of providerId
+     * since only one provider (the upstream) issued the token.
+     *
+     * @param _providerId - Ignored in transparent mode
+     * @returns The original bearer token
+     */
+    getToken(_providerId?: string): Promise<string>;
+    /**
+     * Parse scope claim from JWT payload
+     */
+    private static parseScopes;
+    /**
+     * Generate authorization ID from token signature
+     * Uses SHA-256 fingerprint of the token signature for uniqueness
+     */
+    private static generateAuthorizationId;
+    /**
+     * Get the issuer from the token claims
+     */
+    get issuer(): string | undefined;
+    /**
+     * Get the audience from the token claims
+     */
+    get audience(): string | string[] | undefined;
+    /**
+     * Check if the token was issued for a specific audience
+     */
+    hasAudience(aud: string): boolean;
+}

package/src/auth/authorization/transparent.authorization.js ADDED Viewed

@@ -0,0 +1,147 @@
+"use strict";
+// auth/authorization/transparent.authorization.ts
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TransparentAuthorization = void 0;
+const crypto_1 = require("crypto");
+const authorization_class_1 = require("./authorization.class");
+/**
+ * TransparentAuthorization - Pass-through OAuth tokens
+ *
+ * In transparent mode:
+ * - The client's token is forwarded directly to downstream services
+ * - Token validation happens via the upstream provider's JWKS
+ * - getToken() returns the original bearer token
+ * - Ideal when the auth server is the source of truth
+ */
+class TransparentAuthorization extends authorization_class_1.AuthorizationBase {
+    mode = 'transparent';
+    /**
+     * Provider ID that issued the token
+     */
+    providerId;
+    /**
+     * Provider display name
+     */
+    providerName;
+    constructor(ctx) {
+        super(ctx);
+        this.providerId = ctx.providerId;
+        this.providerName = ctx.providerName;
+    }
+    /**
+     * Create a TransparentAuthorization from a verified JWT
+     *
+     * @param ctx - Creation context with token and verified payload
+     * @returns A new TransparentAuthorization instance
+     *
+     * @example
+     * ```typescript
+     * const auth = TransparentAuthorization.fromVerifiedToken({
+     *   token: bearerToken,
+     *   payload: verifiedClaims,
+     *   providerId: 'auth0',
+     * });
+     *
+     * // Pass token through to downstream
+     * const token = await auth.getToken();
+     * ```
+     */
+    static fromVerifiedToken(ctx) {
+        const { token, payload, providerId, providerName, ...projections } = ctx;
+        // Extract user identity from payload
+        const user = {
+            sub: payload.sub,
+            name: payload.name,
+            email: payload.email,
+            picture: payload.picture,
+            anonymous: false,
+        };
+        // Parse scopes from payload
+        const scopes = TransparentAuthorization.parseScopes(payload.scope);
+        // Calculate expiration from JWT exp claim
+        const expiresAt = payload.exp ? payload.exp * 1000 : undefined;
+        // Generate authorization ID from token signature fingerprint
+        const id = TransparentAuthorization.generateAuthorizationId(token);
+        // Create provider snapshot for this authorization
+        const providerSnapshot = {
+            id: providerId,
+            exp: expiresAt,
+            payload: payload,
+            embedMode: 'plain', // transparent mode keeps token in memory
+            token, // the original token
+        };
+        return new TransparentAuthorization({
+            id,
+            isAnonymous: false,
+            user,
+            claims: payload,
+            expiresAt,
+            scopes,
+            token,
+            providerId,
+            providerName,
+            authorizedProviders: { [providerId]: providerSnapshot },
+            authorizedProviderIds: [providerId],
+            ...projections,
+        });
+    }
+    /**
+     * Get the original bearer token for pass-through
+     *
+     * In transparent mode, the same token is returned regardless of providerId
+     * since only one provider (the upstream) issued the token.
+     *
+     * @param _providerId - Ignored in transparent mode
+     * @returns The original bearer token
+     */
+    async getToken(_providerId) {
+        if (!this.token) {
+            throw new Error('TransparentAuthorization: Token not available');
+        }
+        return this.token;
+    }
+    /**
+     * Parse scope claim from JWT payload
+     */
+    static parseScopes(scope) {
+        if (!scope)
+            return [];
+        if (Array.isArray(scope))
+            return scope;
+        return scope.split(/\s+/).filter(Boolean);
+    }
+    /**
+     * Generate authorization ID from token signature
+     * Uses SHA-256 fingerprint of the token signature for uniqueness
+     */
+    static generateAuthorizationId(token) {
+        const parts = token.split('.');
+        const signature = parts[2] || token;
+        return (0, crypto_1.createHash)('sha256').update(signature).digest('hex').substring(0, 16);
+    }
+    /**
+     * Get the issuer from the token claims
+     */
+    get issuer() {
+        return this.claims?.['iss'];
+    }
+    /**
+     * Get the audience from the token claims
+     */
+    get audience() {
+        return this.claims?.['aud'];
+    }
+    /**
+     * Check if the token was issued for a specific audience
+     */
+    hasAudience(aud) {
+        const tokenAud = this.audience;
+        if (!tokenAud)
+            return false;
+        if (Array.isArray(tokenAud))
+            return tokenAud.includes(aud);
+        return tokenAud === aud;
+    }
+}
+exports.TransparentAuthorization = TransparentAuthorization;
+//# sourceMappingURL=transparent.authorization.js.map

package/src/auth/authorization/transparent.authorization.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"transparent.authorization.js","sourceRoot":"","sources":["../../../../src/auth/authorization/transparent.authorization.ts"],"names":[],"mappings":";AAAA,kDAAkD;;;AAElD,mCAAoC;AACpC,+DAA0D;AAmE1D;;;;;;;;GAQG;AACH,MAAa,wBAAyB,SAAQ,uCAAiB;IACpD,IAAI,GAAa,aAAa,CAAC;IAExC;;OAEG;IACM,UAAU,CAAS;IAE5B;;OAEG;IACM,YAAY,CAAU;IAE/B,YACE,GAGC;QAED,KAAK,CAAC,GAAG,CAAC,CAAC;QACX,IAAI,CAAC,UAAU,GAAG,GAAG,CAAC,UAAU,CAAC;QACjC,IAAI,CAAC,YAAY,GAAG,GAAG,CAAC,YAAY,CAAC;IACvC,CAAC;IAED;;;;;;;;;;;;;;;;;OAiBG;IACH,MAAM,CAAC,iBAAiB,CAAC,GAAsC;QAC7D,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,GAAG,WAAW,EAAE,GAAG,GAAG,CAAC;QAEzE,qCAAqC;QACrC,MAAM,IAAI,GAAa;YACrB,GAAG,EAAE,OAAO,CAAC,GAAG;YAChB,IAAI,EAAE,OAAO,CAAC,IAAI;YAClB,KAAK,EAAE,OAAO,CAAC,KAAK;YACpB,OAAO,EAAE,OAAO,CAAC,OAAO;YACxB,SAAS,EAAE,KAAK;SACjB,CAAC;QAEF,4BAA4B;QAC5B,MAAM,MAAM,GAAG,wBAAwB,CAAC,WAAW,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;QAEnE,0CAA0C;QAC1C,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;QAE/D,6DAA6D;QAC7D,MAAM,EAAE,GAAG,wBAAwB,CAAC,uBAAuB,CAAC,KAAK,CAAC,CAAC;QAEnE,kDAAkD;QAClD,MAAM,gBAAgB,GAAqB;YACzC,EAAE,EAAE,UAAU;YACd,GAAG,EAAE,SAAS;YACd,OAAO,EAAE,OAAkC;YAC3C,SAAS,EAAE,OAAO,EAAE,yCAAyC;YAC7D,KAAK,EAAE,qBAAqB;SAC7B,CAAC;QAEF,OAAO,IAAI,wBAAwB,CAAC;YAClC,EAAE;YACF,WAAW,EAAE,KAAK;YAClB,IAAI;YACJ,MAAM,EAAE,OAAkC;YAC1C,SAAS;YACT,MAAM;YACN,KAAK;YACL,UAAU;YACV,YAAY;YACZ,mBAAmB,EAAE,EAAE,CAAC,UAAU,CAAC,EAAE,gBAAgB,EAAE;YACvD,qBAAqB,EAAE,CAAC,UAAU,CAAC;YACnC,GAAG,WAAW;SACf,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;OAQG;IACH,KAAK,CAAC,QAAQ,CAAC,WAAoB;QACjC,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;YAChB,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;QACnE,CAAC;QACD,OAAO,IAAI,CAAC,KAAK,CAAC;IACpB,CAAC;IAED;;OAEG;IACK,MAAM,CAAC,WAAW,CAAC,KAAoC;QAC7D,IAAI,CAAC,KAAK;YAAE,OAAO,EAAE,CAAC;QACtB,IAAI,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC;YAAE,OAAO,KAAK,CAAC;QACvC,OAAO,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC5C,CAAC;IAED;;;OAGG;IACK,MAAM,CAAC,uBAAuB,CAAC,KAAa;QAClD,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/B,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC;QACpC,OAAO,IAAA,mBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAC/E,CAAC;IAED;;OAEG;IACH,IAAI,MAAM;QACR,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC,KAAK,CAAuB,CAAC;IACpD,CAAC;IAED;;OAEG;IACH,IAAI,QAAQ;QACV,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC,KAAK,CAAkC,CAAC;IAC/D,CAAC;IAED;;OAEG;IACH,WAAW,CAAC,GAAW;QACrB,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC;QAC/B,IAAI,CAAC,QAAQ;YAAE,OAAO,KAAK,CAAC;QAC5B,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC;YAAE,OAAO,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;QAC3D,OAAO,QAAQ,KAAK,GAAG,CAAC;IAC1B,CAAC;CACF;AAlJD,4DAkJC","sourcesContent":["// auth/authorization/transparent.authorization.ts\n\nimport { createHash } from 'crypto';\nimport { AuthorizationBase } from './authorization.class';\nimport { AuthorizationCreateCtx, AuthUser } from './authorization.types';\nimport { ProviderSnapshot } from '../session/session.types';\nimport { AuthMode } from '../../common';\n\n/**\n * Verified JWT payload from transparent auth provider\n */\nexport interface TransparentVerifiedPayload {\n /** Subject identifier */\n sub: string;\n /** Issuer */\n iss?: string;\n /** Audience */\n aud?: string | string[];\n /** Expiration (seconds since epoch) */\n exp?: number;\n /** Issued at (seconds since epoch) */\n iat?: number;\n /** Scopes (space-separated or array) */\n scope?: string | string[];\n /** Display name */\n name?: string;\n /** Email */\n email?: string;\n /** Picture URL */\n picture?: string;\n /** Additional claims */\n [key: string]: unknown;\n}\n\n/**\n * Context for creating a TransparentAuthorization\n */\nexport interface TransparentAuthorizationCreateCtx {\n /**\n * The original bearer token (passed through to downstream)\n */\n token: string;\n\n /**\n * Verified JWT payload from the upstream provider\n */\n payload: TransparentVerifiedPayload;\n\n /**\n * Provider ID for this authorization\n */\n providerId: string;\n\n /**\n * Provider name for display/logging\n */\n providerName?: string;\n\n /**\n * Precomputed authorization projections\n */\n authorizedTools?: AuthorizationCreateCtx['authorizedTools'];\n authorizedToolIds?: string[];\n authorizedPrompts?: AuthorizationCreateCtx['authorizedPrompts'];\n authorizedPromptIds?: string[];\n authorizedApps?: AuthorizationCreateCtx['authorizedApps'];\n authorizedAppIds?: string[];\n authorizedResources?: string[];\n}\n\n/**\n * TransparentAuthorization - Pass-through OAuth tokens\n *\n * In transparent mode:\n * - The client's token is forwarded directly to downstream services\n * - Token validation happens via the upstream provider's JWKS\n * - getToken() returns the original bearer token\n * - Ideal when the auth server is the source of truth\n */\nexport class TransparentAuthorization extends AuthorizationBase {\n readonly mode: AuthMode = 'transparent';\n\n /**\n * Provider ID that issued the token\n */\n readonly providerId: string;\n\n /**\n * Provider display name\n */\n readonly providerName?: string;\n\n private constructor(\n ctx: AuthorizationCreateCtx & {\n providerId: string;\n providerName?: string;\n },\n ) {\n super(ctx);\n this.providerId = ctx.providerId;\n this.providerName = ctx.providerName;\n }\n\n /**\n * Create a TransparentAuthorization from a verified JWT\n *\n * @param ctx - Creation context with token and verified payload\n * @returns A new TransparentAuthorization instance\n *\n * @example\n * ```typescript\n * const auth = TransparentAuthorization.fromVerifiedToken({\n * token: bearerToken,\n * payload: verifiedClaims,\n * providerId: 'auth0',\n * });\n *\n * // Pass token through to downstream\n * const token = await auth.getToken();\n * ```\n */\n static fromVerifiedToken(ctx: TransparentAuthorizationCreateCtx): TransparentAuthorization {\n const { token, payload, providerId, providerName, ...projections } = ctx;\n\n // Extract user identity from payload\n const user: AuthUser = {\n sub: payload.sub,\n name: payload.name,\n email: payload.email,\n picture: payload.picture,\n anonymous: false,\n };\n\n // Parse scopes from payload\n const scopes = TransparentAuthorization.parseScopes(payload.scope);\n\n // Calculate expiration from JWT exp claim\n const expiresAt = payload.exp ? payload.exp * 1000 : undefined;\n\n // Generate authorization ID from token signature fingerprint\n const id = TransparentAuthorization.generateAuthorizationId(token);\n\n // Create provider snapshot for this authorization\n const providerSnapshot: ProviderSnapshot = {\n id: providerId,\n exp: expiresAt,\n payload: payload as Record<string, unknown>,\n embedMode: 'plain', // transparent mode keeps token in memory\n token, // the original token\n };\n\n return new TransparentAuthorization({\n id,\n isAnonymous: false,\n user,\n claims: payload as Record<string, unknown>,\n expiresAt,\n scopes,\n token,\n providerId,\n providerName,\n authorizedProviders: { [providerId]: providerSnapshot },\n authorizedProviderIds: [providerId],\n ...projections,\n });\n }\n\n /**\n * Get the original bearer token for pass-through\n *\n * In transparent mode, the same token is returned regardless of providerId\n * since only one provider (the upstream) issued the token.\n *\n * @param _providerId - Ignored in transparent mode\n * @returns The original bearer token\n */\n async getToken(_providerId?: string): Promise<string> {\n if (!this.token) {\n throw new Error('TransparentAuthorization: Token not available');\n }\n return this.token;\n }\n\n /**\n * Parse scope claim from JWT payload\n */\n private static parseScopes(scope: string | string[] | undefined): string[] {\n if (!scope) return [];\n if (Array.isArray(scope)) return scope;\n return scope.split(/\\s+/).filter(Boolean);\n }\n\n /**\n * Generate authorization ID from token signature\n * Uses SHA-256 fingerprint of the token signature for uniqueness\n */\n private static generateAuthorizationId(token: string): string {\n const parts = token.split('.');\n const signature = parts[2] || token;\n return createHash('sha256').update(signature).digest('hex').substring(0, 16);\n }\n\n /**\n * Get the issuer from the token claims\n */\n get issuer(): string | undefined {\n return this.claims?.['iss'] as string | undefined;\n }\n\n /**\n * Get the audience from the token claims\n */\n get audience(): string | string[] | undefined {\n return this.claims?.['aud'] as string | string[] | undefined;\n }\n\n /**\n * Check if the token was issued for a specific audience\n */\n hasAudience(aud: string): boolean {\n const tokenAud = this.audience;\n if (!tokenAud) return false;\n if (Array.isArray(tokenAud)) return tokenAud.includes(aud);\n return tokenAud === aud;\n }\n}\n"]}

package/src/auth/consent/consent.types.d.ts ADDED Viewed

@@ -0,0 +1,111 @@
+/**
+ * Consent Flow Types and Schemas
+ *
+ * Defines types for the tool consent flow that allows users to select
+ * which MCP tools they want to expose to the LLM.
+ */
+import { z } from 'zod';
+import { consentConfigSchema } from '../../common';
+export { consentConfigSchema };
+/**
+ * Tool consent item schema - represents a tool available for consent
+ */
+export declare const consentToolItemSchema: z.ZodObject<{
+    id: z.ZodString;
+    name: z.ZodString;
+    description: z.ZodOptional<z.ZodString>;
+    appId: z.ZodString;
+    appName: z.ZodString;
+    defaultSelected: z.ZodDefault<z.ZodBoolean>;
+    requiredScopes: z.ZodOptional<z.ZodArray<z.ZodString>>;
+    category: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>;
+/**
+ * Consent selection schema - user's tool selection
+ */
+export declare const consentSelectionSchema: z.ZodObject<{
+    selectedTools: z.ZodArray<z.ZodString>;
+    allSelected: z.ZodBoolean;
+    consentedAt: z.ZodString;
+    consentVersion: z.ZodDefault<z.ZodString>;
+}, z.core.$strip>;
+/**
+ * Consent page state schema - stored in pending authorization
+ */
+export declare const consentStateSchema: z.ZodObject<{
+    enabled: z.ZodBoolean;
+    availableTools: z.ZodArray<z.ZodObject<{
+        id: z.ZodString;
+        name: z.ZodString;
+        description: z.ZodOptional<z.ZodString>;
+        appId: z.ZodString;
+        appName: z.ZodString;
+        defaultSelected: z.ZodDefault<z.ZodBoolean>;
+        requiredScopes: z.ZodOptional<z.ZodArray<z.ZodString>>;
+        category: z.ZodOptional<z.ZodString>;
+    }, z.core.$strip>>;
+    preselectedTools: z.ZodOptional<z.ZodArray<z.ZodString>>;
+    groupByApp: z.ZodDefault<z.ZodBoolean>;
+    customMessage: z.ZodOptional<z.ZodString>;
+}, z.core.$strip>;
+/**
+ * Auth provider item for federated login UI
+ */
+export declare const federatedProviderItemSchema: z.ZodObject<{
+    id: z.ZodString;
+    name: z.ZodString;
+    description: z.ZodOptional<z.ZodString>;
+    icon: z.ZodOptional<z.ZodString>;
+    type: z.ZodEnum<{
+        remote: "remote";
+        transparent: "transparent";
+        local: "local";
+    }>;
+    providerUrl: z.ZodOptional<z.ZodString>;
+    appIds: z.ZodArray<z.ZodString>;
+    appNames: z.ZodArray<z.ZodString>;
+    scopes: z.ZodArray<z.ZodString>;
+    isPrimary: z.ZodBoolean;
+    isOptional: z.ZodDefault<z.ZodBoolean>;
+}, z.core.$strip>;
+/**
+ * Federated login state schema
+ */
+export declare const federatedLoginStateSchema: z.ZodObject<{
+    providers: z.ZodArray<z.ZodObject<{
+        id: z.ZodString;
+        name: z.ZodString;
+        description: z.ZodOptional<z.ZodString>;
+        icon: z.ZodOptional<z.ZodString>;
+        type: z.ZodEnum<{
+            remote: "remote";
+            transparent: "transparent";
+            local: "local";
+        }>;
+        providerUrl: z.ZodOptional<z.ZodString>;
+        appIds: z.ZodArray<z.ZodString>;
+        appNames: z.ZodArray<z.ZodString>;
+        scopes: z.ZodArray<z.ZodString>;
+        isPrimary: z.ZodBoolean;
+        isOptional: z.ZodDefault<z.ZodBoolean>;
+    }, z.core.$strip>>;
+    primaryProviderId: z.ZodOptional<z.ZodString>;
+    allowSkip: z.ZodDefault<z.ZodBoolean>;
+    preselectedProviders: z.ZodOptional<z.ZodArray<z.ZodString>>;
+}, z.core.$strip>;
+/**
+ * Federated login selection schema
+ */
+export declare const federatedSelectionSchema: z.ZodObject<{
+    selectedProviders: z.ZodArray<z.ZodString>;
+    skippedProviders: z.ZodArray<z.ZodString>;
+    providerMetadata: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+}, z.core.$strip>;
+export type ConsentToolItem = z.infer<typeof consentToolItemSchema>;
+export type ConsentSelection = z.infer<typeof consentSelectionSchema>;
+export type ConsentState = z.infer<typeof consentStateSchema>;
+export type ConsentConfig = z.infer<typeof consentConfigSchema>;
+export type ConsentConfigInput = z.input<typeof consentConfigSchema>;
+export type FederatedProviderItem = z.infer<typeof federatedProviderItemSchema>;
+export type FederatedLoginState = z.infer<typeof federatedLoginStateSchema>;
+export type FederatedSelection = z.infer<typeof federatedSelectionSchema>;

package/src/auth/consent/consent.types.js ADDED Viewed

@@ -0,0 +1,119 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.federatedSelectionSchema = exports.federatedLoginStateSchema = exports.federatedProviderItemSchema = exports.consentStateSchema = exports.consentSelectionSchema = exports.consentToolItemSchema = exports.consentConfigSchema = void 0;
+/**
+ * Consent Flow Types and Schemas
+ *
+ * Defines types for the tool consent flow that allows users to select
+ * which MCP tools they want to expose to the LLM.
+ */
+const zod_1 = require("zod");
+const common_1 = require("../../common");
+Object.defineProperty(exports, "consentConfigSchema", { enumerable: true, get: function () { return common_1.consentConfigSchema; } });
+// ============================================
+// Consent Configuration Schemas
+// ============================================
+/**
+ * Tool consent item schema - represents a tool available for consent
+ */
+exports.consentToolItemSchema = zod_1.z.object({
+    /** Tool ID (e.g., 'slack:send_message') */
+    id: zod_1.z.string().min(1),
+    /** Tool name for display */
+    name: zod_1.z.string().min(1),
+    /** Tool description */
+    description: zod_1.z.string().optional(),
+    /** App ID this tool belongs to */
+    appId: zod_1.z.string().min(1),
+    /** App name for display */
+    appName: zod_1.z.string().min(1),
+    /** Whether the tool is selected by default */
+    defaultSelected: zod_1.z.boolean().default(true),
+    /** Whether this tool requires specific scopes */
+    requiredScopes: zod_1.z.array(zod_1.z.string()).optional(),
+    /** Category for grouping (e.g., 'read', 'write', 'admin') */
+    category: zod_1.z.string().optional(),
+});
+/**
+ * Consent selection schema - user's tool selection
+ */
+exports.consentSelectionSchema = zod_1.z.object({
+    /** Selected tool IDs */
+    selectedTools: zod_1.z.array(zod_1.z.string()),
+    /** Whether all tools were selected */
+    allSelected: zod_1.z.boolean(),
+    /** Timestamp when consent was given */
+    consentedAt: zod_1.z.string().datetime(),
+    /** Consent version for tracking changes */
+    consentVersion: zod_1.z.string().default('1.0'),
+});
+/**
+ * Consent page state schema - stored in pending authorization
+ */
+exports.consentStateSchema = zod_1.z.object({
+    /** Whether consent flow is enabled */
+    enabled: zod_1.z.boolean(),
+    /** Available tools for consent */
+    availableTools: zod_1.z.array(exports.consentToolItemSchema),
+    /** Pre-selected tools (from previous consent or defaults) */
+    preselectedTools: zod_1.z.array(zod_1.z.string()).optional(),
+    /** Whether to show all tools or group by app */
+    groupByApp: zod_1.z.boolean().default(true),
+    /** Custom consent message */
+    customMessage: zod_1.z.string().optional(),
+});
+// ============================================
+// Federated Login Schemas
+// ============================================
+/**
+ * Auth provider item for federated login UI
+ */
+exports.federatedProviderItemSchema = zod_1.z.object({
+    /** Provider ID (derived or explicit) */
+    id: zod_1.z.string().min(1),
+    /** Provider display name */
+    name: zod_1.z.string().min(1),
+    /** Provider description */
+    description: zod_1.z.string().optional(),
+    /** Provider icon URL or emoji */
+    icon: zod_1.z.string().optional(),
+    /** Provider type */
+    type: zod_1.z.enum(['local', 'remote', 'transparent']),
+    /** OAuth provider URL (for remote providers) */
+    providerUrl: zod_1.z.string().url().optional(),
+    /** Apps using this provider */
+    appIds: zod_1.z.array(zod_1.z.string()),
+    /** App names using this provider */
+    appNames: zod_1.z.array(zod_1.z.string()),
+    /** Scopes required by this provider */
+    scopes: zod_1.z.array(zod_1.z.string()),
+    /** Whether this is the primary/parent provider */
+    isPrimary: zod_1.z.boolean(),
+    /** Whether this provider is optional (can be skipped) */
+    isOptional: zod_1.z.boolean().default(false),
+});
+/**
+ * Federated login state schema
+ */
+exports.federatedLoginStateSchema = zod_1.z.object({
+    /** All available providers */
+    providers: zod_1.z.array(exports.federatedProviderItemSchema),
+    /** Primary provider ID (if any) */
+    primaryProviderId: zod_1.z.string().optional(),
+    /** Whether user can skip optional providers */
+    allowSkip: zod_1.z.boolean().default(true),
+    /** Pre-selected provider IDs (from previous session) */
+    preselectedProviders: zod_1.z.array(zod_1.z.string()).optional(),
+});
+/**
+ * Federated login selection schema
+ */
+exports.federatedSelectionSchema = zod_1.z.object({
+    /** Selected provider IDs */
+    selectedProviders: zod_1.z.array(zod_1.z.string()),
+    /** Skipped provider IDs */
+    skippedProviders: zod_1.z.array(zod_1.z.string()),
+    /** Provider-specific metadata */
+    providerMetadata: zod_1.z.record(zod_1.z.string(), zod_1.z.unknown()).optional(),
+});
+//# sourceMappingURL=consent.types.js.map

package/src/auth/consent/consent.types.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"consent.types.js","sourceRoot":"","sources":["../../../../src/auth/consent/consent.types.ts"],"names":[],"mappings":";;;AAAA;;;;;GAKG;AACH,6BAAwB;AACxB,yCAAmD;AAG1C,oGAHA,4BAAmB,OAGA;AAE5B,+CAA+C;AAC/C,gCAAgC;AAChC,+CAA+C;AAE/C;;GAEG;AACU,QAAA,qBAAqB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC5C,2CAA2C;IAC3C,EAAE,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACrB,4BAA4B;IAC5B,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACvB,uBAAuB;IACvB,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,kCAAkC;IAClC,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACxB,2BAA2B;IAC3B,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC1B,8CAA8C;IAC9C,eAAe,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAC1C,iDAAiD;IACjD,cAAc,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAC9C,6DAA6D;IAC7D,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAChC,CAAC,CAAC;AAEH;;GAEG;AACU,QAAA,sBAAsB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC7C,wBAAwB;IACxB,aAAa,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;IAClC,sCAAsC;IACtC,WAAW,EAAE,OAAC,CAAC,OAAO,EAAE;IACxB,uCAAuC;IACvC,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,2CAA2C;IAC3C,cAAc,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;CAC1C,CAAC,CAAC;AAEH;;GAEG;AACU,QAAA,kBAAkB,GAAG,OAAC,CAAC,MAAM,CAAC;IACzC,sCAAsC;IACtC,OAAO,EAAE,OAAC,CAAC,OAAO,EAAE;IACpB,kCAAkC;IAClC,cAAc,EAAE,OAAC,CAAC,KAAK,CAAC,6BAAqB,CAAC;IAC9C,6DAA6D;IAC7D,gBAAgB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAChD,gDAAgD;IAChD,UAAU,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IACrC,6BAA6B;IAC7B,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CACrC,CAAC,CAAC;AACH,+CAA+C;AAC/C,0BAA0B;AAC1B,+CAA+C;AAE/C;;GAEG;AACU,QAAA,2BAA2B,GAAG,OAAC,CAAC,MAAM,CAAC;IAClD,wCAAwC;IACxC,EAAE,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACrB,4BAA4B;IAC5B,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IACvB,2BAA2B;IAC3B,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,iCAAiC;IACjC,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC3B,oBAAoB;IACpB,IAAI,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,QAAQ,EAAE,aAAa,CAAC,CAAC;IAChD,gDAAgD;IAChD,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IACxC,+BAA+B;IAC/B,MAAM,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;IAC3B,oCAAoC;IACpC,QAAQ,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;IAC7B,uCAAuC;IACvC,MAAM,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;IAC3B,kDAAkD;IAClD,SAAS,EAAE,OAAC,CAAC,OAAO,EAAE;IACtB,yDAAyD;IACzD,UAAU,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;CACvC,CAAC,CAAC;AAEH;;GAEG;AACU,QAAA,yBAAyB,GAAG,OAAC,CAAC,MAAM,CAAC;IAChD,8BAA8B;IAC9B,SAAS,EAAE,OAAC,CAAC,KAAK,CAAC,mCAA2B,CAAC;IAC/C,mCAAmC;IACnC,iBAAiB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACxC,+CAA+C;IAC/C,SAAS,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IACpC,wDAAwD;IACxD,oBAAoB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;CACrD,CAAC,CAAC;AAEH;;GAEG;AACU,QAAA,wBAAwB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC/C,4BAA4B;IAC5B,iBAAiB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;IACtC,2BAA2B;IAC3B,gBAAgB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC;IACrC,iCAAiC;IACjC,gBAAgB,EAAE,OAAC,CAAC,MAAM,CAAC,OAAC,CAAC,MAAM,EAAE,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,CAAC,QAAQ,EAAE;CAC/D,CAAC,CAAC","sourcesContent":["/**\n * Consent Flow Types and Schemas\n *\n * Defines types for the tool consent flow that allows users to select\n * which MCP tools they want to expose to the LLM.\n */\nimport { z } from 'zod';\nimport { consentConfigSchema } from '../../common';\n\n// Re-export schema for tests\nexport { consentConfigSchema };\n\n// ============================================\n// Consent Configuration Schemas\n// ============================================\n\n/**\n * Tool consent item schema - represents a tool available for consent\n */\nexport const consentToolItemSchema = z.object({\n /** Tool ID (e.g., 'slack:send_message') */\n id: z.string().min(1),\n /** Tool name for display */\n name: z.string().min(1),\n /** Tool description */\n description: z.string().optional(),\n /** App ID this tool belongs to */\n appId: z.string().min(1),\n /** App name for display */\n appName: z.string().min(1),\n /** Whether the tool is selected by default */\n defaultSelected: z.boolean().default(true),\n /** Whether this tool requires specific scopes */\n requiredScopes: z.array(z.string()).optional(),\n /** Category for grouping (e.g., 'read', 'write', 'admin') */\n category: z.string().optional(),\n});\n\n/**\n * Consent selection schema - user's tool selection\n */\nexport const consentSelectionSchema = z.object({\n /** Selected tool IDs */\n selectedTools: z.array(z.string()),\n /** Whether all tools were selected */\n allSelected: z.boolean(),\n /** Timestamp when consent was given */\n consentedAt: z.string().datetime(),\n /** Consent version for tracking changes */\n consentVersion: z.string().default('1.0'),\n});\n\n/**\n * Consent page state schema - stored in pending authorization\n */\nexport const consentStateSchema = z.object({\n /** Whether consent flow is enabled */\n enabled: z.boolean(),\n /** Available tools for consent */\n availableTools: z.array(consentToolItemSchema),\n /** Pre-selected tools (from previous consent or defaults) */\n preselectedTools: z.array(z.string()).optional(),\n /** Whether to show all tools or group by app */\n groupByApp: z.boolean().default(true),\n /** Custom consent message */\n customMessage: z.string().optional(),\n});\n// ============================================\n// Federated Login Schemas\n// ============================================\n\n/**\n * Auth provider item for federated login UI\n */\nexport const federatedProviderItemSchema = z.object({\n /** Provider ID (derived or explicit) */\n id: z.string().min(1),\n /** Provider display name */\n name: z.string().min(1),\n /** Provider description */\n description: z.string().optional(),\n /** Provider icon URL or emoji */\n icon: z.string().optional(),\n /** Provider type */\n type: z.enum(['local', 'remote', 'transparent']),\n /** OAuth provider URL (for remote providers) */\n providerUrl: z.string().url().optional(),\n /** Apps using this provider */\n appIds: z.array(z.string()),\n /** App names using this provider */\n appNames: z.array(z.string()),\n /** Scopes required by this provider */\n scopes: z.array(z.string()),\n /** Whether this is the primary/parent provider */\n isPrimary: z.boolean(),\n /** Whether this provider is optional (can be skipped) */\n isOptional: z.boolean().default(false),\n});\n\n/**\n * Federated login state schema\n */\nexport const federatedLoginStateSchema = z.object({\n /** All available providers */\n providers: z.array(federatedProviderItemSchema),\n /** Primary provider ID (if any) */\n primaryProviderId: z.string().optional(),\n /** Whether user can skip optional providers */\n allowSkip: z.boolean().default(true),\n /** Pre-selected provider IDs (from previous session) */\n preselectedProviders: z.array(z.string()).optional(),\n});\n\n/**\n * Federated login selection schema\n */\nexport const federatedSelectionSchema = z.object({\n /** Selected provider IDs */\n selectedProviders: z.array(z.string()),\n /** Skipped provider IDs */\n skippedProviders: z.array(z.string()),\n /** Provider-specific metadata */\n providerMetadata: z.record(z.string(), z.unknown()).optional(),\n});\n\n// ============================================\n// Type Exports\n// ============================================\n\nexport type ConsentToolItem = z.infer<typeof consentToolItemSchema>;\nexport type ConsentSelection = z.infer<typeof consentSelectionSchema>;\nexport type ConsentState = z.infer<typeof consentStateSchema>;\nexport type ConsentConfig = z.infer<typeof consentConfigSchema>;\nexport type ConsentConfigInput = z.input<typeof consentConfigSchema>;\n\nexport type FederatedProviderItem = z.infer<typeof federatedProviderItemSchema>;\nexport type FederatedLoginState = z.infer<typeof federatedLoginStateSchema>;\nexport type FederatedSelection = z.infer<typeof federatedSelectionSchema>;\n"]}

package/src/auth/consent/index.d.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export { consentToolItemSchema, consentSelectionSchema, consentStateSchema, federatedProviderItemSchema, federatedLoginStateSchema, federatedSelectionSchema, ConsentToolItem, ConsentSelection, ConsentState, ConsentConfig, ConsentConfigInput, FederatedProviderItem, FederatedLoginState, FederatedSelection, } from './consent.types';

package/src/auth/consent/index.js ADDED Viewed

@@ -0,0 +1,13 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.federatedSelectionSchema = exports.federatedLoginStateSchema = exports.federatedProviderItemSchema = exports.consentStateSchema = exports.consentSelectionSchema = exports.consentToolItemSchema = void 0;
+// Consent Module Exports
+var consent_types_1 = require("./consent.types");
+// Schemas
+Object.defineProperty(exports, "consentToolItemSchema", { enumerable: true, get: function () { return consent_types_1.consentToolItemSchema; } });
+Object.defineProperty(exports, "consentSelectionSchema", { enumerable: true, get: function () { return consent_types_1.consentSelectionSchema; } });
+Object.defineProperty(exports, "consentStateSchema", { enumerable: true, get: function () { return consent_types_1.consentStateSchema; } });
+Object.defineProperty(exports, "federatedProviderItemSchema", { enumerable: true, get: function () { return consent_types_1.federatedProviderItemSchema; } });
+Object.defineProperty(exports, "federatedLoginStateSchema", { enumerable: true, get: function () { return consent_types_1.federatedLoginStateSchema; } });
+Object.defineProperty(exports, "federatedSelectionSchema", { enumerable: true, get: function () { return consent_types_1.federatedSelectionSchema; } });
+//# sourceMappingURL=index.js.map

package/src/auth/consent/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/auth/consent/index.ts"],"names":[],"mappings":";;;AAAA,yBAAyB;AACzB,iDAiByB;AAhBvB,UAAU;AACV,sHAAA,qBAAqB,OAAA;AACrB,uHAAA,sBAAsB,OAAA;AACtB,mHAAA,kBAAkB,OAAA;AAClB,4HAAA,2BAA2B,OAAA;AAC3B,0HAAA,yBAAyB,OAAA;AACzB,yHAAA,wBAAwB,OAAA","sourcesContent":["// Consent Module Exports\nexport {\n // Schemas\n consentToolItemSchema,\n consentSelectionSchema,\n consentStateSchema,\n federatedProviderItemSchema,\n federatedLoginStateSchema,\n federatedSelectionSchema,\n // Types\n ConsentToolItem,\n ConsentSelection,\n ConsentState,\n ConsentConfig,\n ConsentConfigInput,\n FederatedProviderItem,\n FederatedLoginState,\n FederatedSelection,\n} from './consent.types';\n"]}

package/src/auth/detection/auth-provider-detection.d.ts ADDED Viewed

@@ -0,0 +1,84 @@
+/**
+ * Auth Provider Detection
+ *
+ * Detects unique auth providers across nested apps and determines
+ * if orchestrated mode is required at the parent scope level.
+ *
+ * When multiple apps have different auth providers, the parent MUST
+ * use orchestrated mode to properly manage tokens for each provider.
+ */
+import { z } from 'zod';
+import { AuthOptions } from '../../common';
+/**
+ * Schema for a detected auth provider
+ */
+export declare const detectedAuthProviderSchema: z.ZodObject<{
+    id: z.ZodString;
+    providerUrl: z.ZodOptional<z.ZodString>;
+    mode: z.ZodEnum<{
+        public: "public";
+        transparent: "transparent";
+        orchestrated: "orchestrated";
+    }>;
+    appIds: z.ZodArray<z.ZodString>;
+    scopes: z.ZodArray<z.ZodString>;
+    isParentProvider: z.ZodBoolean;
+}, z.core.$strip>;
+/**
+ * Schema for auth provider detection result
+ */
+export declare const authProviderDetectionResultSchema: z.ZodObject<{
+    providers: z.ZodMap<z.ZodString, z.ZodObject<{
+        id: z.ZodString;
+        providerUrl: z.ZodOptional<z.ZodString>;
+        mode: z.ZodEnum<{
+            public: "public";
+            transparent: "transparent";
+            orchestrated: "orchestrated";
+        }>;
+        appIds: z.ZodArray<z.ZodString>;
+        scopes: z.ZodArray<z.ZodString>;
+        isParentProvider: z.ZodBoolean;
+    }, z.core.$strip>>;
+    requiresOrchestration: z.ZodBoolean;
+    parentProviderId: z.ZodOptional<z.ZodString>;
+    childProviderIds: z.ZodArray<z.ZodString>;
+    uniqueProviderCount: z.ZodNumber;
+    validationErrors: z.ZodArray<z.ZodString>;
+    warnings: z.ZodArray<z.ZodString>;
+}, z.core.$strip>;
+export type DetectedAuthProvider = z.infer<typeof detectedAuthProviderSchema>;
+export type AuthProviderDetectionResult = z.infer<typeof authProviderDetectionResultSchema>;
+/**
+ * App auth info for detection (minimal interface)
+ */
+export interface AppAuthInfo {
+    id: string;
+    name: string;
+    auth?: AuthOptions;
+}
+/**
+ * Derive a stable provider ID from auth options
+ */
+export declare function deriveProviderId(options: AuthOptions): string;
+/**
+ * Detect all unique auth providers across parent and apps
+ *
+ * @param parentAuth - Parent scope's auth options (may be undefined)
+ * @param apps - Array of app auth info
+ * @returns Detection result with providers, validation, and requirements
+ */
+export declare function detectAuthProviders(parentAuth: AuthOptions | undefined, apps: AppAuthInfo[]): AuthProviderDetectionResult;
+/**
+ * Check if a specific app requires orchestration
+ * (i.e., has a different provider than parent)
+ */
+export declare function appRequiresOrchestration(appAuth: AuthOptions | undefined, parentAuth: AuthOptions | undefined): boolean;
+/**
+ * Get all OAuth scopes needed for a provider across all apps
+ */
+export declare function getProviderScopes(detection: AuthProviderDetectionResult, providerId: string): string[];
+/**
+ * Get apps that use a specific provider
+ */
+export declare function getProviderApps(detection: AuthProviderDetectionResult, providerId: string): string[];