npm - @frontmcp/sdk - Versions diffs - 0.4.0 → 0.5.0 - Mend

@frontmcp/sdk 0.4.0 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (558) hide show

package/README.md +30 -18
package/package.json +20 -5
package/src/app/app.registry.d.ts +3 -2
package/src/app/app.registry.js +3 -1
package/src/app/app.registry.js.map +1 -1
package/src/app/instances/app.local.instance.js +2 -2
package/src/app/instances/app.local.instance.js.map +1 -1
package/src/auth/auth.registry.d.ts +34 -2
package/src/auth/auth.registry.js +162 -24
package/src/auth/auth.registry.js.map +1 -1
package/src/auth/auth.utils.js +8 -9
package/src/auth/auth.utils.js.map +1 -1
package/src/auth/authorization/authorization.class.d.ts +125 -0
package/src/auth/authorization/authorization.class.js +224 -0
package/src/auth/authorization/authorization.class.js.map +1 -0
package/src/auth/authorization/authorization.types.d.ts +300 -0
package/src/auth/authorization/authorization.types.js +79 -0
package/src/auth/authorization/authorization.types.js.map +1 -0
package/src/auth/authorization/index.d.ts +5 -0
package/src/auth/authorization/index.js +19 -0
package/src/auth/authorization/index.js.map +1 -0
package/src/auth/authorization/orchestrated.authorization.d.ts +242 -0
package/src/auth/authorization/orchestrated.authorization.js +306 -0
package/src/auth/authorization/orchestrated.authorization.js.map +1 -0
package/src/auth/authorization/public.authorization.d.ts +91 -0
package/src/auth/authorization/public.authorization.js +132 -0
package/src/auth/authorization/public.authorization.js.map +1 -0
package/src/auth/authorization/transparent.authorization.d.ts +130 -0
package/src/auth/authorization/transparent.authorization.js +147 -0
package/src/auth/authorization/transparent.authorization.js.map +1 -0
package/src/auth/consent/consent.types.d.ts +111 -0
package/src/auth/consent/consent.types.js +119 -0
package/src/auth/consent/consent.types.js.map +1 -0
package/src/auth/consent/index.d.ts +1 -0
package/src/auth/consent/index.js +13 -0
package/src/auth/consent/index.js.map +1 -0
package/src/auth/detection/auth-provider-detection.d.ts +84 -0
package/src/auth/detection/auth-provider-detection.js +230 -0
package/src/auth/detection/auth-provider-detection.js.map +1 -0
package/src/auth/detection/index.d.ts +1 -0
package/src/auth/detection/index.js +15 -0
package/src/auth/detection/index.js.map +1 -0
package/src/auth/flows/auth.verify.flow.d.ts +110 -0
package/src/auth/flows/auth.verify.flow.js +379 -0
package/src/auth/flows/auth.verify.flow.js.map +1 -0
package/src/auth/flows/oauth.authorize.flow.d.ts +118 -164
package/src/auth/flows/oauth.authorize.flow.js +701 -33
package/src/auth/flows/oauth.authorize.flow.js.map +1 -1
package/src/auth/flows/oauth.callback.flow.d.ts +117 -0
package/src/auth/flows/oauth.callback.flow.js +357 -0
package/src/auth/flows/oauth.callback.flow.js.map +1 -0
package/src/auth/flows/oauth.register.flow.d.ts +32 -125
package/src/auth/flows/oauth.token.flow.d.ts +52 -154
package/src/auth/flows/oauth.token.flow.js +193 -55
package/src/auth/flows/oauth.token.flow.js.map +1 -1
package/src/auth/flows/session.verify.flow.d.ts +66 -321
package/src/auth/flows/session.verify.flow.js +107 -18
package/src/auth/flows/session.verify.flow.js.map +1 -1
package/src/auth/flows/well-known.jwks.flow.d.ts +34 -205
package/src/auth/flows/well-known.jwks.flow.js +15 -8
package/src/auth/flows/well-known.jwks.flow.js.map +1 -1
package/src/auth/flows/well-known.oauth-authorization-server.flow.d.ts +48 -223
package/src/auth/flows/well-known.oauth-authorization-server.flow.js +2 -3
package/src/auth/flows/well-known.oauth-authorization-server.flow.js.map +1 -1
package/src/auth/flows/well-known.prm.flow.d.ts +19 -120
package/src/auth/flows/well-known.prm.flow.js +3 -4
package/src/auth/flows/well-known.prm.flow.js.map +1 -1
package/src/auth/instances/instance.local-primary-auth.d.ts +91 -4
package/src/auth/instances/instance.local-primary-auth.js +236 -6
package/src/auth/instances/instance.local-primary-auth.js.map +1 -1
package/src/auth/instances/instance.remote-primary-auth.d.ts +4 -3
package/src/auth/instances/instance.remote-primary-auth.js +2 -2
package/src/auth/instances/instance.remote-primary-auth.js.map +1 -1
package/src/auth/session/authorization-vault.d.ts +611 -0
package/src/auth/session/authorization-vault.js +817 -0
package/src/auth/session/authorization-vault.js.map +1 -0
package/src/auth/session/authorization.store.d.ts +301 -0
package/src/auth/session/authorization.store.js +323 -0
package/src/auth/session/authorization.store.js.map +1 -0
package/src/auth/session/encrypted-authorization-vault.d.ts +181 -0
package/src/auth/session/encrypted-authorization-vault.js +493 -0
package/src/auth/session/encrypted-authorization-vault.js.map +1 -0
package/src/auth/session/index.d.ts +4 -4
package/src/auth/session/index.js +11 -7
package/src/auth/session/index.js.map +1 -1
package/src/auth/session/session.schema.d.ts +1 -1
package/src/auth/session/session.service.d.ts +1 -1
package/src/auth/session/transport-session.manager.d.ts +101 -0
package/src/auth/session/transport-session.manager.js +300 -0
package/src/auth/session/transport-session.manager.js.map +1 -0
package/src/auth/session/transport-session.types.d.ts +457 -0
package/src/auth/session/transport-session.types.js +110 -0
package/src/auth/session/transport-session.types.js.map +1 -0
package/src/auth/session/utils/session-id.utils.d.ts +14 -2
package/src/auth/session/utils/session-id.utils.js +68 -19
package/src/auth/session/utils/session-id.utils.js.map +1 -1
package/src/auth/session/vault-encryption.d.ts +189 -0
package/src/auth/session/vault-encryption.js +263 -0
package/src/auth/session/vault-encryption.js.map +1 -0
package/src/auth/ui/base-layout.d.ts +188 -0
package/src/auth/ui/base-layout.js +292 -0
package/src/auth/ui/base-layout.js.map +1 -0
package/src/auth/ui/htmx-templates.d.ts +135 -0
package/src/auth/ui/htmx-templates.js +433 -0
package/src/auth/ui/htmx-templates.js.map +1 -0
package/src/auth/ui/index.d.ts +11 -0
package/src/auth/ui/index.js +35 -0
package/src/auth/ui/index.js.map +1 -0
package/src/auth/utils/audience.validator.d.ts +129 -0
package/src/auth/utils/audience.validator.js +196 -0
package/src/auth/utils/audience.validator.js.map +1 -0
package/src/auth/utils/index.d.ts +2 -0
package/src/auth/utils/index.js +7 -0
package/src/auth/utils/index.js.map +1 -0
package/src/auth/utils/www-authenticate.utils.d.ts +97 -0
package/src/auth/utils/www-authenticate.utils.js +183 -0
package/src/auth/utils/www-authenticate.utils.js.map +1 -0
package/src/common/common.schema.d.ts +2 -16
package/src/common/constants.d.ts +3 -0
package/src/common/constants.js +6 -1
package/src/common/constants.js.map +1 -1
package/src/common/decorators/decorator-utils.d.ts +131 -0
package/src/common/decorators/decorator-utils.js +195 -0
package/src/common/decorators/decorator-utils.js.map +1 -0
package/src/common/decorators/front-mcp.decorator.js +3 -2
package/src/common/decorators/front-mcp.decorator.js.map +1 -1
package/src/common/decorators/hook.decorator.d.ts +58 -2
package/src/common/decorators/hook.decorator.js +127 -17
package/src/common/decorators/hook.decorator.js.map +1 -1
package/src/common/decorators/plugin.decorator.d.ts +1 -1
package/src/common/decorators/plugin.decorator.js +11 -10
package/src/common/decorators/plugin.decorator.js.map +1 -1
package/src/common/decorators/resource.decorator.d.ts +32 -3
package/src/common/decorators/resource.decorator.js +46 -4
package/src/common/decorators/resource.decorator.js.map +1 -1
package/src/common/decorators/tool.decorator.d.ts +54 -5
package/src/common/decorators/tool.decorator.js.map +1 -1
package/src/common/dynamic/dynamic.plugin.d.ts +22 -11
package/src/common/dynamic/dynamic.plugin.js +7 -1
package/src/common/dynamic/dynamic.plugin.js.map +1 -1
package/src/common/entries/prompt.entry.d.ts +46 -2
package/src/common/entries/prompt.entry.js +10 -0
package/src/common/entries/prompt.entry.js.map +1 -1
package/src/common/entries/resource.entry.d.ts +69 -6
package/src/common/entries/resource.entry.js +27 -3
package/src/common/entries/resource.entry.js.map +1 -1
package/src/common/entries/scope.entry.d.ts +5 -1
package/src/common/entries/scope.entry.js +3 -3
package/src/common/entries/scope.entry.js.map +1 -1
package/src/common/flow/flow.utils.d.ts +56 -0
package/src/common/flow/flow.utils.js +96 -0
package/src/common/flow/flow.utils.js.map +1 -0
package/src/common/index.d.ts +2 -2
package/src/common/index.js +2 -2
package/src/common/index.js.map +1 -1
package/src/common/interfaces/execution-context.interface.d.ts +59 -0
package/src/common/interfaces/execution-context.interface.js +81 -0
package/src/common/interfaces/execution-context.interface.js.map +1 -0
package/src/common/interfaces/flow.interface.d.ts +1 -1
package/src/common/interfaces/flow.interface.js.map +1 -1
package/src/common/interfaces/index.d.ts +1 -0
package/src/common/interfaces/index.js +1 -0
package/src/common/interfaces/index.js.map +1 -1
package/src/common/interfaces/internal/primary-auth-provider.interface.d.ts +17 -2
package/src/common/interfaces/internal/primary-auth-provider.interface.js +52 -4
package/src/common/interfaces/internal/primary-auth-provider.interface.js.map +1 -1
package/src/common/interfaces/internal/registry.interface.d.ts +16 -2
package/src/common/interfaces/internal/registry.interface.js.map +1 -1
package/src/common/interfaces/plugin.interface.js.map +1 -1
package/src/common/interfaces/prompt.interface.d.ts +53 -4
package/src/common/interfaces/prompt.interface.js +78 -0
package/src/common/interfaces/prompt.interface.js.map +1 -1
package/src/common/interfaces/resource.interface.d.ts +47 -17
package/src/common/interfaces/resource.interface.js +53 -0
package/src/common/interfaces/resource.interface.js.map +1 -1
package/src/common/interfaces/tool.interface.d.ts +39 -22
package/src/common/interfaces/tool.interface.js +61 -34
package/src/common/interfaces/tool.interface.js.map +1 -1
package/src/common/metadata/adapter.metadata.d.ts +1 -9
package/src/common/metadata/app.metadata.d.ts +425 -730
package/src/common/metadata/auth-provider.metadata.d.ts +2 -12
package/src/common/metadata/flow.metadata.d.ts +10 -25
package/src/common/metadata/front-mcp.metadata.d.ts +602 -1023
package/src/common/metadata/front-mcp.metadata.js +6 -4
package/src/common/metadata/front-mcp.metadata.js.map +1 -1
package/src/common/metadata/hook.metadata.d.ts +1 -1
package/src/common/metadata/hook.metadata.js.map +1 -1
package/src/common/metadata/index.d.ts +1 -0
package/src/common/metadata/index.js +1 -0
package/src/common/metadata/index.js.map +1 -1
package/src/common/metadata/logger.metadata.d.ts +1 -9
package/src/common/metadata/plugin.metadata.d.ts +8 -30
package/src/common/metadata/prompt.metadata.d.ts +4 -161
package/src/common/metadata/provider.metadata.d.ts +2 -12
package/src/common/metadata/resource.metadata.d.ts +6 -98
package/src/common/metadata/resource.metadata.js +15 -6
package/src/common/metadata/resource.metadata.js.map +1 -1
package/src/common/metadata/tool-ui.metadata.d.ts +10 -0
package/src/common/metadata/tool-ui.metadata.js +12 -0
package/src/common/metadata/tool-ui.metadata.js.map +1 -0
package/src/common/metadata/tool.metadata.d.ts +78 -199
package/src/common/metadata/tool.metadata.js +11 -14
package/src/common/metadata/tool.metadata.js.map +1 -1
package/src/common/providers/base-config.provider.d.ts +84 -0
package/src/common/providers/base-config.provider.js +128 -0
package/src/common/providers/base-config.provider.js.map +1 -0
package/src/common/records/plugin.record.d.ts +5 -6
package/src/common/records/plugin.record.js.map +1 -1
package/src/common/records/prompt.record.js.map +1 -1
package/src/common/records/resource.record.d.ts +17 -1
package/src/common/records/resource.record.js +12 -6
package/src/common/records/resource.record.js.map +1 -1
package/src/common/records/tool.record.js.map +1 -1
package/src/common/schemas/annotated-class.schema.d.ts +9 -9
package/src/common/schemas/annotated-class.schema.js +92 -27
package/src/common/schemas/annotated-class.schema.js.map +1 -1
package/src/common/schemas/http-input.schema.d.ts +6 -30
package/src/common/schemas/http-output.schema.d.ts +326 -1630
package/src/common/schemas/http-output.schema.js +39 -1
package/src/common/schemas/http-output.schema.js.map +1 -1
package/src/common/tokens/front-mcp.tokens.js +4 -1
package/src/common/tokens/front-mcp.tokens.js.map +1 -1
package/src/common/tokens/resource.tokens.d.ts +2 -0
package/src/common/tokens/resource.tokens.js +4 -1
package/src/common/tokens/resource.tokens.js.map +1 -1
package/src/common/tokens/tool.tokens.d.ts +2 -0
package/src/common/tokens/tool.tokens.js +2 -0
package/src/common/tokens/tool.tokens.js.map +1 -1
package/src/common/types/auth/jwt.types.d.ts +5 -31
package/src/common/types/auth/session.types.d.ts +97 -192
package/src/common/types/auth/session.types.js +24 -11
package/src/common/types/auth/session.types.js.map +1 -1
package/src/common/types/options/auth.options.d.ts +1013 -490
package/src/common/types/options/auth.options.js +554 -36
package/src/common/types/options/auth.options.js.map +1 -1
package/src/common/types/options/http.options.d.ts +1 -9
package/src/common/types/options/logging.options.d.ts +7 -13
package/src/common/types/options/logging.options.js +4 -0
package/src/common/types/options/logging.options.js.map +1 -1
package/src/common/types/options/server-info.options.d.ts +3 -31
package/src/common/types/options/session.options.d.ts +90 -10
package/src/common/types/options/session.options.js +26 -3
package/src/common/types/options/session.options.js.map +1 -1
package/src/common/utils/decide-request-intent.utils.d.ts +8 -46
package/src/common/utils/decide-request-intent.utils.js +88 -23
package/src/common/utils/decide-request-intent.utils.js.map +1 -1
package/src/completion/flows/complete.flow.d.ts +74 -0
package/src/completion/flows/complete.flow.js +199 -0
package/src/completion/flows/complete.flow.js.map +1 -0
package/src/errors/authorization-required.error.d.ts +189 -0
package/src/errors/authorization-required.error.js +274 -0
package/src/errors/authorization-required.error.js.map +1 -0
package/src/errors/index.d.ts +2 -1
package/src/errors/index.js +17 -1
package/src/errors/index.js.map +1 -1
package/src/errors/mcp.error.d.ts +101 -1
package/src/errors/mcp.error.js +147 -2
package/src/errors/mcp.error.js.map +1 -1
package/src/flows/flow.instance.js +4 -3
package/src/flows/flow.instance.js.map +1 -1
package/src/flows/flow.registry.js.map +1 -1
package/src/flows/flow.stages.js +14 -11
package/src/flows/flow.stages.js.map +1 -1
package/src/front-mcp/front-mcp.providers.d.ts +464 -102
package/src/front-mcp/front-mcp.providers.js +3 -5
package/src/front-mcp/front-mcp.providers.js.map +1 -1
package/src/hooks/hook.instance.d.ts +1 -1
package/src/hooks/hook.instance.js +5 -2
package/src/hooks/hook.instance.js.map +1 -1
package/src/hooks/hook.registry.js +7 -5
package/src/hooks/hook.registry.js.map +1 -1
package/src/index.d.ts +28 -9
package/src/index.js +5 -1
package/src/index.js.map +1 -1
package/src/logger/instances/instance.logger.js +3 -2
package/src/logger/instances/instance.logger.js.map +1 -1
package/src/logger/logger.registry.js +7 -2
package/src/logger/logger.registry.js.map +1 -1
package/src/logging/flows/set-level.flow.d.ts +62 -0
package/src/logging/flows/set-level.flow.js +108 -0
package/src/logging/flows/set-level.flow.js.map +1 -0
package/src/mcp-apps/csp.d.ts +111 -0
package/src/mcp-apps/csp.js +267 -0
package/src/mcp-apps/csp.js.map +1 -0
package/src/mcp-apps/index.d.ts +23 -0
package/src/mcp-apps/index.js +91 -0
package/src/mcp-apps/index.js.map +1 -0
package/src/mcp-apps/schemas.d.ts +403 -0
package/src/mcp-apps/schemas.js +345 -0
package/src/mcp-apps/schemas.js.map +1 -0
package/src/mcp-apps/template.d.ts +94 -0
package/src/mcp-apps/template.js +419 -0
package/src/mcp-apps/template.js.map +1 -0
package/src/mcp-apps/types.d.ts +323 -0
package/src/mcp-apps/types.js +59 -0
package/src/mcp-apps/types.js.map +1 -0
package/src/notification/index.d.ts +1 -0
package/src/notification/index.js +13 -0
package/src/notification/index.js.map +1 -0
package/src/notification/notification.service.d.ts +378 -0
package/src/notification/notification.service.js +727 -0
package/src/notification/notification.service.js.map +1 -0
package/src/plugin/plugin.registry.js +12 -9
package/src/plugin/plugin.registry.js.map +1 -1
package/src/prompt/flows/get-prompt.flow.d.ts +153 -0
package/src/prompt/flows/get-prompt.flow.js +214 -0
package/src/prompt/flows/get-prompt.flow.js.map +1 -0
package/src/prompt/flows/prompts-list.flow.d.ts +67 -0
package/src/prompt/flows/prompts-list.flow.js +176 -0
package/src/prompt/flows/prompts-list.flow.js.map +1 -0
package/src/prompt/index.d.ts +7 -0
package/src/prompt/index.js +17 -0
package/src/prompt/index.js.map +1 -0
package/src/prompt/prompt.events.d.ts +17 -0
package/src/prompt/prompt.events.js +25 -0
package/src/prompt/prompt.events.js.map +1 -0
package/src/prompt/prompt.instance.d.ts +30 -0
package/src/prompt/prompt.instance.js +120 -0
package/src/prompt/prompt.instance.js.map +1 -0
package/src/prompt/prompt.registry.d.ts +79 -12
package/src/prompt/prompt.registry.js +360 -15
package/src/prompt/prompt.registry.js.map +1 -1
package/src/prompt/prompt.types.d.ts +26 -0
package/src/prompt/prompt.types.js +11 -0
package/src/prompt/prompt.types.js.map +1 -0
package/src/prompt/prompt.utils.d.ts +26 -0
package/src/prompt/prompt.utils.js +136 -0
package/src/prompt/prompt.utils.js.map +1 -0
package/src/provider/provider.registry.d.ts +12 -5
package/src/provider/provider.registry.js +30 -138
package/src/provider/provider.registry.js.map +1 -1
package/src/regsitry/registry.base.d.ts +1 -1
package/src/regsitry/registry.base.js.map +1 -1
package/src/resource/flows/read-resource.flow.d.ts +91 -0
package/src/resource/flows/read-resource.flow.js +270 -0
package/src/resource/flows/read-resource.flow.js.map +1 -0
package/src/resource/flows/resource-templates-list.flow.d.ts +64 -0
package/src/resource/flows/resource-templates-list.flow.js +191 -0
package/src/resource/flows/resource-templates-list.flow.js.map +1 -0
package/src/resource/flows/resources-list.flow.d.ts +64 -0
package/src/resource/flows/resources-list.flow.js +196 -0
package/src/resource/flows/resources-list.flow.js.map +1 -0
package/src/resource/flows/subscribe-resource.flow.d.ts +45 -0
package/src/resource/flows/subscribe-resource.flow.js +123 -0
package/src/resource/flows/subscribe-resource.flow.js.map +1 -0
package/src/resource/flows/unsubscribe-resource.flow.d.ts +44 -0
package/src/resource/flows/unsubscribe-resource.flow.js +107 -0
package/src/resource/flows/unsubscribe-resource.flow.js.map +1 -0
package/src/resource/index.d.ts +8 -0
package/src/resource/index.js +20 -0
package/src/resource/index.js.map +1 -0
package/src/resource/resource.events.d.ts +24 -0
package/src/resource/resource.events.js +17 -0
package/src/resource/resource.events.js.map +1 -0
package/src/resource/resource.instance.d.ts +35 -0
package/src/resource/resource.instance.js +163 -0
package/src/resource/resource.instance.js.map +1 -0
package/src/resource/resource.registry.d.ts +106 -12
package/src/resource/resource.registry.js +449 -13
package/src/resource/resource.registry.js.map +1 -1
package/src/resource/resource.types.d.ts +35 -0
package/src/resource/resource.types.js +11 -0
package/src/resource/resource.types.js.map +1 -0
package/src/resource/resource.utils.d.ts +30 -0
package/src/resource/resource.utils.js +151 -0
package/src/resource/resource.utils.js.map +1 -0
package/src/scope/flows/http.request.flow.d.ts +48 -330
package/src/scope/flows/http.request.flow.js +306 -78
package/src/scope/flows/http.request.flow.js.map +1 -1
package/src/scope/scope.instance.d.ts +12 -0
package/src/scope/scope.instance.js +145 -15
package/src/scope/scope.instance.js.map +1 -1
package/src/tool/flows/call-tool.flow.d.ts +64 -1110
package/src/tool/flows/call-tool.flow.js +303 -15
package/src/tool/flows/call-tool.flow.js.map +1 -1
package/src/tool/flows/tools-list.flow.d.ts +32 -473
package/src/tool/flows/tools-list.flow.js +111 -10
package/src/tool/flows/tools-list.flow.js.map +1 -1
package/src/tool/tool.events.d.ts +8 -1
package/src/tool/tool.events.js.map +1 -1
package/src/tool/tool.instance.d.ts +3 -1
package/src/tool/tool.instance.js +17 -3
package/src/tool/tool.instance.js.map +1 -1
package/src/tool/tool.registry.d.ts +7 -1
package/src/tool/tool.registry.js +26 -10
package/src/tool/tool.registry.js.map +1 -1
package/src/tool/tool.types.d.ts +4 -4
package/src/tool/tool.types.js.map +1 -1
package/src/tool/tool.utils.d.ts +3 -12
package/src/tool/tool.utils.js +39 -193
package/src/tool/tool.utils.js.map +1 -1
package/src/tool/ui/index.d.ts +22 -0
package/src/tool/ui/index.js +63 -0
package/src/tool/ui/index.js.map +1 -0
package/src/tool/ui/platform-adapters.d.ts +10 -0
package/src/tool/ui/platform-adapters.js +18 -0
package/src/tool/ui/platform-adapters.js.map +1 -0
package/src/tool/ui/template-helpers.d.ts +46 -0
package/src/tool/ui/template-helpers.js +112 -0
package/src/tool/ui/template-helpers.js.map +1 -0
package/src/tool/ui/ui-resource-template.d.ts +34 -0
package/src/tool/ui/ui-resource-template.js +64 -0
package/src/tool/ui/ui-resource-template.js.map +1 -0
package/src/tool/ui/ui-resource.handler.d.ts +74 -0
package/src/tool/ui/ui-resource.handler.js +129 -0
package/src/tool/ui/ui-resource.handler.js.map +1 -0
package/src/transport/adapters/transport.local.adapter.d.ts +2 -2
package/src/transport/adapters/transport.local.adapter.js +28 -7
package/src/transport/adapters/transport.local.adapter.js.map +1 -1
package/src/transport/adapters/transport.sse.adapter.d.ts +2 -2
package/src/transport/adapters/transport.sse.adapter.js +4 -3
package/src/transport/adapters/transport.sse.adapter.js.map +1 -1
package/src/transport/adapters/transport.streamable-http.adapter.d.ts +10 -3
package/src/transport/adapters/transport.streamable-http.adapter.js +54 -8
package/src/transport/adapters/transport.streamable-http.adapter.js.map +1 -1
package/src/transport/flows/handle.sse.flow.d.ts +29 -63
package/src/transport/flows/handle.sse.flow.js +78 -10
package/src/transport/flows/handle.sse.flow.js.map +1 -1
package/src/transport/flows/handle.stateless-http.flow.d.ts +29 -0
package/src/transport/flows/handle.stateless-http.flow.js +102 -0
package/src/transport/flows/handle.stateless-http.flow.js.map +1 -0
package/src/transport/flows/handle.streamable-http.flow.d.ts +32 -64
package/src/transport/flows/handle.streamable-http.flow.js +158 -26
package/src/transport/flows/handle.streamable-http.flow.js.map +1 -1
package/src/transport/legacy/legacy.sse.tranporter.d.ts +9 -0
package/src/transport/legacy/legacy.sse.tranporter.js +17 -2
package/src/transport/legacy/legacy.sse.tranporter.js.map +1 -1
package/src/transport/mcp-handlers/call-tool-request.handler.js +27 -1
package/src/transport/mcp-handlers/call-tool-request.handler.js.map +1 -1
package/src/transport/mcp-handlers/complete-request.handler.d.ts +69 -0
package/src/transport/mcp-handlers/complete-request.handler.js +11 -0
package/src/transport/mcp-handlers/complete-request.handler.js.map +1 -0
package/src/transport/mcp-handlers/get-prompt-request.handler.d.ts +87 -0
package/src/transport/mcp-handlers/get-prompt-request.handler.js +11 -0
package/src/transport/mcp-handlers/get-prompt-request.handler.js.map +1 -0
package/src/transport/mcp-handlers/index.d.ts +517 -208
package/src/transport/mcp-handlers/index.js +39 -2
package/src/transport/mcp-handlers/index.js.map +1 -1
package/src/transport/mcp-handlers/initialize-request.handler.d.ts +1 -1
package/src/transport/mcp-handlers/initialize-request.handler.js +73 -7
package/src/transport/mcp-handlers/initialize-request.handler.js.map +1 -1
package/src/transport/mcp-handlers/list-prompts-request.handler.d.ts +54 -0
package/src/transport/mcp-handlers/list-prompts-request.handler.js +11 -0
package/src/transport/mcp-handlers/list-prompts-request.handler.js.map +1 -0
package/src/transport/mcp-handlers/list-resource-templates-request.handler.d.ts +51 -0
package/src/transport/mcp-handlers/list-resource-templates-request.handler.js +12 -0
package/src/transport/mcp-handlers/list-resource-templates-request.handler.js.map +1 -0
package/src/transport/mcp-handlers/list-resources-request.handler.d.ts +51 -0
package/src/transport/mcp-handlers/list-resources-request.handler.js +12 -0
package/src/transport/mcp-handlers/list-resources-request.handler.js.map +1 -0
package/src/transport/mcp-handlers/list-tools-request.handler.d.ts +19 -146
package/src/transport/mcp-handlers/logging-set-level-request.handler.d.ts +46 -0
package/src/transport/mcp-handlers/logging-set-level-request.handler.js +34 -0
package/src/transport/mcp-handlers/logging-set-level-request.handler.js.map +1 -0
package/src/transport/mcp-handlers/mcp-handlers.types.d.ts +3 -7
package/src/transport/mcp-handlers/mcp-handlers.types.js.map +1 -1
package/src/transport/mcp-handlers/read-resource-request.handler.d.ts +46 -0
package/src/transport/mcp-handlers/read-resource-request.handler.js +12 -0
package/src/transport/mcp-handlers/read-resource-request.handler.js.map +1 -0
package/src/transport/mcp-handlers/roots-list-changed-notification.handler.d.ts +11 -0
package/src/transport/mcp-handlers/roots-list-changed-notification.handler.js +26 -0
package/src/transport/mcp-handlers/roots-list-changed-notification.handler.js.map +1 -0
package/src/transport/mcp-handlers/subscribe-request.handler.d.ts +37 -0
package/src/transport/mcp-handlers/subscribe-request.handler.js +34 -0
package/src/transport/mcp-handlers/subscribe-request.handler.js.map +1 -0
package/src/transport/mcp-handlers/unsubscribe-request.handler.d.ts +37 -0
package/src/transport/mcp-handlers/unsubscribe-request.handler.js +34 -0
package/src/transport/mcp-handlers/unsubscribe-request.handler.js.map +1 -0
package/src/transport/transport.local.js +7 -2
package/src/transport/transport.local.js.map +1 -1
package/src/transport/transport.registry.d.ts +30 -0
package/src/transport/transport.registry.js +84 -1
package/src/transport/transport.registry.js.map +1 -1
package/src/transport/transport.types.d.ts +3 -3
package/src/transport/transport.types.js.map +1 -1
package/src/utils/content.utils.d.ts +48 -0
package/src/utils/content.utils.js +194 -0
package/src/utils/content.utils.js.map +1 -0
package/src/utils/index.d.ts +8 -0
package/src/utils/index.js +55 -0
package/src/utils/index.js.map +1 -0
package/src/utils/lineage.utils.d.ts +40 -0
package/src/utils/lineage.utils.js +82 -0
package/src/utils/lineage.utils.js.map +1 -0
package/src/utils/naming.utils.d.ts +46 -0
package/src/utils/naming.utils.js +136 -0
package/src/utils/naming.utils.js.map +1 -0
package/src/utils/types.utils.d.ts +2 -2
package/src/utils/types.utils.js.map +1 -1
package/src/utils/uri-template.utils.d.ts +57 -0
package/src/utils/uri-template.utils.js +113 -0
package/src/utils/uri-template.utils.js.map +1 -0
package/src/utils/uri-validation.utils.d.ts +40 -0
package/src/utils/uri-validation.utils.js +76 -0
package/src/utils/uri-validation.utils.js.map +1 -0
package/src/__test-utils__/fixtures/hook.fixtures.d.ts +0 -46
package/src/__test-utils__/fixtures/hook.fixtures.js +0 -114
package/src/__test-utils__/fixtures/hook.fixtures.js.map +0 -1
package/src/__test-utils__/fixtures/index.d.ts +0 -7
package/src/__test-utils__/fixtures/index.js +0 -11
package/src/__test-utils__/fixtures/index.js.map +0 -1
package/src/__test-utils__/fixtures/plugin.fixtures.d.ts +0 -46
package/src/__test-utils__/fixtures/plugin.fixtures.js +0 -127
package/src/__test-utils__/fixtures/plugin.fixtures.js.map +0 -1
package/src/__test-utils__/fixtures/provider.fixtures.d.ts +0 -69
package/src/__test-utils__/fixtures/provider.fixtures.js +0 -131
package/src/__test-utils__/fixtures/provider.fixtures.js.map +0 -1
package/src/__test-utils__/fixtures/scope.fixtures.d.ts +0 -14
package/src/__test-utils__/fixtures/scope.fixtures.js +0 -59
package/src/__test-utils__/fixtures/scope.fixtures.js.map +0 -1
package/src/__test-utils__/fixtures/tool.fixtures.d.ts +0 -36
package/src/__test-utils__/fixtures/tool.fixtures.js +0 -91
package/src/__test-utils__/fixtures/tool.fixtures.js.map +0 -1
package/src/__test-utils__/helpers/assertion.helpers.d.ts +0 -45
package/src/__test-utils__/helpers/assertion.helpers.js +0 -153
package/src/__test-utils__/helpers/assertion.helpers.js.map +0 -1
package/src/__test-utils__/helpers/async.helpers.d.ts +0 -48
package/src/__test-utils__/helpers/async.helpers.js +0 -112
package/src/__test-utils__/helpers/async.helpers.js.map +0 -1
package/src/__test-utils__/helpers/index.d.ts +0 -6
package/src/__test-utils__/helpers/index.js +0 -10
package/src/__test-utils__/helpers/index.js.map +0 -1
package/src/__test-utils__/helpers/setup.helpers.d.ts +0 -54
package/src/__test-utils__/helpers/setup.helpers.js +0 -106
package/src/__test-utils__/helpers/setup.helpers.js.map +0 -1
package/src/__test-utils__/index.d.ts +0 -9
package/src/__test-utils__/index.js +0 -14
package/src/__test-utils__/index.js.map +0 -1
package/src/__test-utils__/mocks/flow-instance.mock.d.ts +0 -50
package/src/__test-utils__/mocks/flow-instance.mock.js +0 -72
package/src/__test-utils__/mocks/flow-instance.mock.js.map +0 -1
package/src/__test-utils__/mocks/hook-registry.mock.d.ts +0 -25
package/src/__test-utils__/mocks/hook-registry.mock.js +0 -65
package/src/__test-utils__/mocks/hook-registry.mock.js.map +0 -1
package/src/__test-utils__/mocks/index.d.ts +0 -8
package/src/__test-utils__/mocks/index.js +0 -12
package/src/__test-utils__/mocks/index.js.map +0 -1
package/src/__test-utils__/mocks/plugin-registry.mock.d.ts +0 -43
package/src/__test-utils__/mocks/plugin-registry.mock.js +0 -70
package/src/__test-utils__/mocks/plugin-registry.mock.js.map +0 -1
package/src/__test-utils__/mocks/provider-registry.mock.d.ts +0 -39
package/src/__test-utils__/mocks/provider-registry.mock.js +0 -72
package/src/__test-utils__/mocks/provider-registry.mock.js.map +0 -1
package/src/__test-utils__/mocks/tool-registry.mock.d.ts +0 -43
package/src/__test-utils__/mocks/tool-registry.mock.js +0 -79
package/src/__test-utils__/mocks/tool-registry.mock.js.map +0 -1
package/src/auth/path.utils.d.ts +0 -20
package/src/auth/path.utils.js +0 -71
package/src/auth/path.utils.js.map +0 -1
package/src/common/decorators-old/async-with.decorator.d.ts +0 -10
package/src/common/decorators-old/async-with.decorator.js +0 -24
package/src/common/decorators-old/async-with.decorator.js.map +0 -1
package/src/common/decorators-old/auth-hook.decorator.d.ts +0 -14
package/src/common/decorators-old/auth-hook.decorator.js +0 -27
package/src/common/decorators-old/auth-hook.decorator.js.map +0 -1
package/src/common/decorators-old/session-hook.decorator.d.ts +0 -14
package/src/common/decorators-old/session-hook.decorator.js +0 -27
package/src/common/decorators-old/session-hook.decorator.js.map +0 -1

package/src/auth/flows/oauth.authorize.flow.js CHANGED Viewed

@@ -8,7 +8,7 @@ const tslib_1 = require("tslib");
  *
  * When: Start of the flow.
  *
- * Purpose: Authenticate the user and obtain consent; returns an authorization code to the client’s redirect URI.
+ * Purpose: Authenticate the user and obtain consent; returns an authorization code to the client's redirect URI.
  *
  * Notes: Must support PKCE. Implicit/Hybrid are out in OAuth 2.1.
  */
@@ -21,6 +21,7 @@ const tslib_1 = require("tslib");
  */
 const common_1 = require("../../common");
 const zod_1 = require("zod");
+const ui_1 = require("../ui");
 /**
  * Quick checklist (security & correctness)
  * - PKCE (S256) required for public clients (and basically for all).
@@ -33,16 +34,81 @@ const zod_1 = require("zod");
  * - Publish discovery and JWKS, rotate keys safely.
  * - Decide JWT vs opaque access tokens; provide introspection if opaque.
  */
+// ============================================
+// OAuth 2.1 Authorization Request Schemas
+// ============================================
+/**
+ * RFC 7636 PKCE: code_challenge is base64url(sha256(code_verifier))
+ * Must be 43-128 characters of A-Za-z0-9-._~
+ */
+const pkceChallengeSchema = zod_1.z
+    .string()
+    .min(43, 'code_challenge must be at least 43 characters')
+    .max(128, 'code_challenge must be at most 128 characters')
+    .regex(/^[A-Za-z0-9_-]+$/, 'code_challenge must contain only A-Za-z0-9-_');
+/**
+ * OAuth 2.1 requires S256 only (plain is deprecated)
+ */
+const codeChallengeMethodSchema = zod_1.z.literal('S256', {
+    message: 'code_challenge_method must be "S256" (OAuth 2.1)',
+});
+/**
+ * OAuth 2.1 authorization code flow only
+ */
+const responseTypeSchema = zod_1.z.literal('code', {
+    message: 'response_type must be "code" (OAuth 2.1)',
+});
+/**
+ * Validated OAuth authorization request for orchestrated mode
+ */
+const oauthAuthorizeRequestSchema = zod_1.z.object({
+    response_type: responseTypeSchema,
+    client_id: zod_1.z.string().min(1, 'client_id is required'),
+    redirect_uri: zod_1.z.string().url('redirect_uri must be a valid URL'),
+    code_challenge: pkceChallengeSchema,
+    code_challenge_method: codeChallengeMethodSchema.optional().default('S256'),
+    scope: zod_1.z.string().optional(),
+    state: zod_1.z.string().optional(),
+    resource: zod_1.z.string().url().optional(),
+});
+/**
+ * Minimal request for anonymous/default provider mode
+ */
+const anonymousAuthorizeRequestSchema = zod_1.z.object({
+    redirect_uri: zod_1.z.string().url('redirect_uri is required'),
+    state: zod_1.z.string().optional(),
+});
+// ============================================
+// Flow Schemas
+// ============================================
 const inputSchema = common_1.httpInputSchema;
 const stateSchema = zod_1.z.object({
-    isDefaultAuthProvider: zod_1.z.boolean().describe("If FrontMcp initialized without auth options"),
-    isOrchestrated: zod_1.z.boolean().describe("If FrontMcp is orchestrated (local oauth proxy, remote oauth proxy)"),
+    isDefaultAuthProvider: zod_1.z.boolean().describe('If FrontMcp initialized without auth options'),
+    isOrchestrated: zod_1.z.boolean().describe('If FrontMcp is orchestrated (local oauth proxy, remote oauth proxy)'),
     allowAnonymous: zod_1.z.boolean().describe('Allow anonymous access, force orchestrated mode'),
-    redirectUri: zod_1.z.string().optional().describe('Oauth Redirect url')
+    // Validated OAuth request (after validation)
+    validatedRequest: oauthAuthorizeRequestSchema.optional(),
+    // Raw parameters for error handling
+    rawRedirectUri: zod_1.z.string().optional(),
+    rawState: zod_1.z.string().optional(),
+    // Validation errors
+    validationErrors: zod_1.z.array(zod_1.z.string()).optional(),
+    // Pending authorization ID (for login flow)
+    pendingAuthId: zod_1.z.string().optional(),
+    // Progressive/Incremental Authorization
+    isIncrementalAuth: zod_1.z.boolean().default(false).describe('Whether this is an incremental auth request'),
+    targetAppId: zod_1.z.string().optional().describe('Target app ID for incremental authorization'),
+    targetToolId: zod_1.z.string().optional().describe('Target tool ID that triggered the incremental auth'),
+    existingSessionId: zod_1.z.string().optional().describe('Existing session ID for incremental auth'),
+    // Federated Login (multi-provider)
+    requiresFederatedLogin: zod_1.z.boolean().default(false).describe('Whether this auth requires federated login UI'),
+    // Consent Flow
+    requiresConsent: zod_1.z.boolean().default(false).describe('Whether consent flow is enabled'),
 });
 const outputSchema = zod_1.z.union([
     common_1.HttpRedirectSchema, // for account/login or oauth/callback
     common_1.HttpTextSchema,
+    common_1.HttpHtmlSchema, // for login page
 ]);
 const plan = {
     pre: [
@@ -50,55 +116,657 @@ const plan = {
         'validateInput',
         'checkIfAuthorized', // used for direct code generation if refresh-token is provided
     ],
-    execute: [
-        'prepareAuthorizationRequest',
-        'buildAuthorizeOutput'
-    ],
-    post: [
-        'validateOutput',
-    ],
+    execute: ['prepareAuthorizationRequest', 'buildAuthorizeOutput'],
+    post: ['validateOutput'],
 };
 const name = 'oauth:authorize';
 const Stage = (0, common_1.StageHookOf)(name);
 let OauthAuthorizeFlow = class OauthAuthorizeFlow extends common_1.FlowBase {
+    logger = this.scope.logger.child('OauthAuthorizeFlow');
     async parseInput() {
         const { metadata } = this.scope;
         const { request } = this.rawInput;
-        const redirectUri = request.query['redirect_uri'];
-        if (!metadata.auth) {
-            this.state.set({
-                isOrchestrated: true,
-                allowAnonymous: true,
-                isDefaultAuthProvider: true,
-                redirectUri,
-            });
+        // Store raw params for error handling (redirect_uri and state needed for error responses)
+        const rawRedirectUri = request.query['redirect_uri'];
+        const rawState = request.query['state'];
+        // Progressive/Incremental Authorization Parameters
+        const targetAppId = request.query['app'];
+        const targetToolId = request.query['tool'];
+        const existingSessionId = request.query['session_id'];
+        const mode = request.query['mode'];
+        const isIncrementalAuth = mode === 'incremental' || !!targetAppId;
+        const isDefaultAuthProvider = !metadata.auth;
+        // Check if orchestrated mode with multiple providers (requires federated login)
+        // This is determined by checking if there are multiple apps with different auth providers
+        let requiresFederatedLogin = false;
+        if (metadata.auth && (0, common_1.isOrchestratedMode)(metadata.auth)) {
+            // Check if scope has apps with different auth providers
+            const apps = this.scope.apps.getApps();
+            const appsWithAuth = apps.filter((app) => app.metadata.auth);
+            requiresFederatedLogin = appsWithAuth.length > 0;
+        }
+        // Check if consent flow is enabled
+        let requiresConsent = false;
+        if (metadata.auth && (0, common_1.isOrchestratedMode)(metadata.auth)) {
+            const consentConfig = metadata.auth.consent;
+            requiresConsent = consentConfig?.enabled === true;
+        }
+        this.state.set({
+            isOrchestrated: true,
+            allowAnonymous: isDefaultAuthProvider,
+            isDefaultAuthProvider,
+            rawRedirectUri,
+            rawState,
+            // Progressive/Incremental Authorization
+            isIncrementalAuth,
+            targetAppId,
+            targetToolId,
+            existingSessionId,
+            // Federated Login
+            requiresFederatedLogin,
+            // Consent Flow
+            requiresConsent,
+        });
+        if (isIncrementalAuth) {
+            this.logger.info(`Incremental authorization requested for app: ${targetAppId}, tool: ${targetToolId}`);
+        }
+        if (requiresFederatedLogin) {
+            this.logger.info(`Federated login required: Multiple auth providers detected`);
         }
-        else {
-            this.next();
+        if (requiresConsent) {
+            this.logger.info(`Consent flow enabled: User will select tools to expose`);
         }
     }
     async validateInput() {
-        if (this.state.isDefaultAuthProvider) {
-            const redirectUri = `${this.state.required.redirectUri}?code=anonymous`;
-            this.respond(common_1.httpRespond.redirect(redirectUri));
+        const { isDefaultAuthProvider, rawRedirectUri, rawState } = this.state;
+        const { request } = this.rawInput;
+        // Handle default anonymous provider - minimal validation
+        if (isDefaultAuthProvider) {
+            const result = anonymousAuthorizeRequestSchema.safeParse({
+                redirect_uri: rawRedirectUri,
+                state: rawState,
+            });
+            if (!result.success) {
+                const errors = this.formatZodErrors(result.error);
+                this.logger.warn(`Anonymous authorization request validation failed: ${errors.join(', ')}`);
+                this.respond(common_1.httpRespond.html(this.renderErrorPage('invalid_request', errors.join('; ')), 400));
+                return;
+            }
+            // Redirect with anonymous code
+            const url = new URL(result.data.redirect_uri);
+            url.searchParams.set('code', 'anonymous');
+            if (result.data.state) {
+                url.searchParams.set('state', result.data.state);
+            }
+            this.respond(common_1.httpRespond.redirect(url.toString()));
+            return;
         }
-        /**
-         * check if redirect url valid
-         * check allowed origin
-         * check if valid authorize request (scope/challenge/state)
-         */
+        // Orchestrated mode - full OAuth 2.1 validation
+        const result = oauthAuthorizeRequestSchema.safeParse({
+            response_type: request.query['response_type'],
+            client_id: request.query['client_id'],
+            redirect_uri: rawRedirectUri,
+            code_challenge: request.query['code_challenge'],
+            code_challenge_method: request.query['code_challenge_method'] ?? 'S256',
+            scope: request.query['scope'],
+            state: rawState,
+            resource: request.query['resource'],
+        });
+        if (!result.success) {
+            const errors = this.formatZodErrors(result.error);
+            this.logger.warn(`Authorization request validation failed: ${errors.join(', ')}`);
+            this.respondWithError(errors, rawRedirectUri, rawState);
+            return;
+        }
+        // Store validated request
+        this.state.set('validatedRequest', result.data);
     }
     async checkIfAuthorized() {
-        // TBD
+        // TODO: Check if user is already authorized (has valid session cookie)
+        // If yes, skip login and directly generate authorization code
+        // For now, always proceed to login
     }
     async prepareAuthorizationRequest() {
-        // TBD
+        const { validatedRequest, isIncrementalAuth, targetAppId, targetToolId, existingSessionId, requiresFederatedLogin, requiresConsent, } = this.state;
+        const { metadata } = this.scope;
+        if (!validatedRequest) {
+            // Should not reach here if validation passed
+            return;
+        }
+        // Store pending authorization request
+        const auth = this.scope.auth;
+        if (!auth || !('authorizationStore' in auth)) {
+            this.respond(common_1.httpRespond.html(this.renderErrorPage('server_error', 'Authorization not configured'), 500));
+            return;
+        }
+        const localAuth = auth;
+        const store = localAuth.authorizationStore;
+        // Build federated login state if multiple providers
+        let federatedLogin;
+        if (requiresFederatedLogin) {
+            // Build provider IDs from apps with auth
+            const apps = this.scope.apps.getApps();
+            const providerIds = [];
+            // Add parent provider
+            if (metadata.auth && (0, common_1.isOrchestratedMode)(metadata.auth)) {
+                providerIds.push('__parent__');
+            }
+            // Add app-level providers
+            for (const app of apps) {
+                if (app.metadata.auth) {
+                    providerIds.push(app.metadata.id || app.metadata.name);
+                }
+            }
+            federatedLogin = {
+                providerIds,
+                selectedProviderIds: undefined,
+                skippedProviderIds: undefined,
+            };
+        }
+        // Build consent state if enabled
+        let consent;
+        if (requiresConsent) {
+            // Get all available tools from the scope
+            const tools = this.scope.tools.getTools();
+            const availableToolIds = tools.map((t) => t.metadata.id).filter((id) => id !== undefined);
+            consent = {
+                enabled: true,
+                availableToolIds,
+                selectedToolIds: undefined,
+                consentCompleted: false,
+            };
+        }
+        const pendingRecord = store.createPendingRecord({
+            clientId: validatedRequest.client_id,
+            redirectUri: validatedRequest.redirect_uri,
+            scopes: validatedRequest.scope ? validatedRequest.scope.split(' ') : [],
+            pkce: {
+                challenge: validatedRequest.code_challenge,
+                method: 'S256',
+            },
+            state: validatedRequest.state,
+            resource: validatedRequest.resource,
+            // Progressive/Incremental Authorization Fields
+            isIncremental: isIncrementalAuth,
+            targetAppId,
+            targetToolId,
+            existingSessionId,
+            // Federated Login State
+            federatedLogin,
+            // Consent State
+            consent,
+        });
+        await localAuth.authorizationStore.storePendingAuthorization(pendingRecord);
+        this.logger.info(`Pending authorization created: ${pendingRecord.id}${isIncrementalAuth ? ` (incremental for app: ${targetAppId})` : ''}${requiresFederatedLogin ? ' (federated)' : ''}${requiresConsent ? ' (consent enabled)' : ''}`);
+        this.state.set('pendingAuthId', pendingRecord.id);
     }
     async buildAuthorizeOutput() {
-        // TBD
+        const { pendingAuthId, validatedRequest, isIncrementalAuth, targetAppId, targetToolId, requiresFederatedLogin } = this.state;
+        if (!validatedRequest || !pendingAuthId) {
+            return;
+        }
+        // For incremental auth, render a single-app authorization page
+        if (isIncrementalAuth && targetAppId) {
+            const apps = this.scope.apps.getApps();
+            const app = apps.find((a) => a.metadata.id === targetAppId);
+            const appName = app?.metadata?.name || targetAppId;
+            const appDescription = app?.metadata?.description;
+            const incrementalAuthHtml = this.renderIncrementalAuthPage({
+                pendingAuthId,
+                appId: targetAppId,
+                appName,
+                appDescription,
+                toolId: targetToolId,
+                redirectUri: validatedRequest.redirect_uri,
+            });
+            this.respond(common_1.httpRespond.html(incrementalAuthHtml));
+            return;
+        }
+        // For federated login (multiple providers), render provider selection page
+        if (requiresFederatedLogin) {
+            const apps = this.scope.apps.getApps();
+            const providers = [];
+            // Add parent provider
+            const { metadata } = this.scope;
+            if (metadata.auth && (0, common_1.isOrchestratedMode)(metadata.auth)) {
+                providers.push({
+                    id: '__parent__',
+                    mode: metadata.auth.mode,
+                    appIds: ['__parent__'],
+                    scopes: [],
+                    isParentProvider: true,
+                });
+            }
+            // Add app-level providers
+            for (const app of apps) {
+                if (app.metadata.auth) {
+                    providers.push({
+                        id: app.metadata.id || app.metadata.name,
+                        providerUrl: app.metadata.auth.mode === 'transparent' ? app.metadata.auth.remote.provider : undefined,
+                        mode: app.metadata.auth.mode,
+                        appIds: [app.metadata.id || app.metadata.name],
+                        scopes: [],
+                        isParentProvider: false,
+                    });
+                }
+            }
+            const detection = {
+                providers: new Map(providers.map((p) => [p.id, p])),
+                requiresOrchestration: true,
+                parentProviderId: '__parent__',
+                childProviderIds: providers.filter((p) => !p.isParentProvider).map((p) => p.id),
+                uniqueProviderCount: providers.length,
+                validationErrors: [],
+                warnings: [],
+            };
+            const federatedLoginHtml = this.renderFederatedLoginPage({
+                pendingAuthId,
+                detection,
+                clientId: validatedRequest.client_id,
+                redirectUri: validatedRequest.redirect_uri,
+            });
+            this.respond(common_1.httpRespond.html(federatedLoginHtml));
+            return;
+        }
+        // Render a simple login page for full authorization
+        // In production, this would redirect to a proper login UI
+        const loginHtml = this.renderLoginPage({
+            pendingAuthId,
+            clientId: validatedRequest.client_id,
+            scope: validatedRequest.scope ?? '',
+            redirectUri: validatedRequest.redirect_uri,
+        });
+        this.respond(common_1.httpRespond.html(loginHtml));
     }
     async validateOutput() {
-        // TBD
+        // Output validation is handled by schema
+    }
+    /**
+     * Format Zod errors into human-readable strings
+     */
+    formatZodErrors(error) {
+        return error.issues.map((err) => {
+            const path = err.path.length > 0 ? `${err.path.join('.')}: ` : '';
+            return `${path}${err.message}`;
+        });
+    }
+    /**
+     * Respond with OAuth error - redirect if possible, otherwise show error page
+     */
+    respondWithError(errors, redirectUri, state) {
+        const errorDescription = errors.join('; ');
+        // Try to redirect with error if we have a valid redirect_uri
+        if (redirectUri) {
+            try {
+                const url = new URL(redirectUri);
+                url.searchParams.set('error', 'invalid_request');
+                url.searchParams.set('error_description', errorDescription);
+                if (state) {
+                    url.searchParams.set('state', state);
+                }
+                this.respond(common_1.httpRespond.redirect(url.toString()));
+                return;
+            }
+            catch {
+                // Invalid redirect_uri, fall through to error page
+            }
+        }
+        this.respond(common_1.httpRespond.html(this.renderErrorPage('invalid_request', errorDescription), 400));
+    }
+    /**
+     * Render a simple login page using HTMX templates
+     */
+    renderLoginPage(params) {
+        const { pendingAuthId, clientId, scope } = params;
+        const callbackPath = `${this.scope.fullPath}/oauth/callback`;
+        return (0, ui_1.buildLoginPage)({
+            clientName: clientId,
+            scope,
+            pendingAuthId,
+            callbackPath,
+        });
+    }
+    /**
+     * Render incremental authorization page for a single app using HTMX templates
+     */
+    renderIncrementalAuthPage(params) {
+        const { pendingAuthId, appId, appName, appDescription, toolId } = params;
+        const callbackPath = `${this.scope.fullPath}/oauth/callback`;
+        const app = {
+            appId,
+            appName,
+            description: appDescription,
+        };
+        return (0, ui_1.buildIncrementalAuthPage)({
+            app,
+            toolId: toolId || 'unknown tool',
+            sessionHint: pendingAuthId,
+            callbackPath,
+        });
+    }
+    /**
+     * Render federated login page for multiple auth providers using HTMX templates
+     */
+    renderFederatedLoginPage(params) {
+        const { pendingAuthId, detection, clientId } = params;
+        const callbackPath = `${this.scope.fullPath}/oauth/callback`;
+        // Convert detection providers to ProviderCard format
+        const providers = [...detection.providers.values()].map((provider) => ({
+            providerId: provider.id,
+            providerName: provider.id,
+            providerUrl: provider.providerUrl,
+            mode: provider.mode,
+            appIds: provider.appIds.filter((id) => id !== '__parent__'),
+            isPrimary: provider.isParentProvider,
+        }));
+        return (0, ui_1.buildFederatedLoginPage)({
+            providers,
+            clientName: clientId,
+            pendingAuthId,
+            csrfToken: '', // No CSRF needed for GET form
+            callbackPath,
+        });
+    }
+    /**
+     * Render consent page for tool selection
+     * This is a placeholder - in production, use Juris/Svelte for the UI
+     */
+    renderConsentPage(params) {
+        const { pendingAuthId, tools, userEmail, userName } = params;
+        const callbackPath = `${this.scope.fullPath}/oauth/consent`;
+        // Group tools by app
+        const toolsByApp = tools.reduce((acc, tool) => {
+            if (!acc[tool.appId]) {
+                acc[tool.appId] = { appName: tool.appName, tools: [] };
+            }
+            acc[tool.appId].tools.push(tool);
+            return acc;
+        }, {});
+        // Build tool cards HTML grouped by app
+        const appGroupsHtml = Object.entries(toolsByApp)
+            .map(([appId, { appName, tools: appTools }]) => {
+            const toolCardsHtml = appTools
+                .map((tool) => `
+        <label class="tool-card">
+          <input type="checkbox" name="tools" value="${(0, ui_1.escapeHtml)(tool.id)}" checked>
+          <div class="tool-content">
+            <div class="tool-name">${(0, ui_1.escapeHtml)(tool.name)}</div>
+            ${tool.description ? `<div class="tool-description">${(0, ui_1.escapeHtml)(tool.description)}</div>` : ''}
+          </div>
+        </label>
+      `)
+                .join('');
+            return `
+        <div class="app-group">
+          <div class="app-group-header">
+            <span class="app-group-icon">${(0, ui_1.escapeHtml)(appName.charAt(0).toUpperCase())}</span>
+            <span class="app-group-name">${(0, ui_1.escapeHtml)(appName)}</span>
+            <button type="button" class="toggle-app" data-app-id="${(0, ui_1.escapeHtml)(appId)}" onclick="toggleAppTools(this.dataset.appId)">Toggle All</button>
+          </div>
+          <div class="app-tools" data-app="${(0, ui_1.escapeHtml)(appId)}">
+            ${toolCardsHtml}
+          </div>
+        </div>
+      `;
+        })
+            .join('');
+        return `<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>Select Tools - FrontMCP</title>
+  <style>
+    * { box-sizing: border-box; margin: 0; padding: 0; }
+    body {
+      font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
+      background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
+      min-height: 100vh;
+      display: flex;
+      align-items: center;
+      justify-content: center;
+      padding: 20px;
+    }
+    .consent-container {
+      background: white;
+      padding: 40px;
+      border-radius: 12px;
+      box-shadow: 0 10px 40px rgba(0,0,0,0.2);
+      width: 100%;
+      max-width: 700px;
+      max-height: 90vh;
+      overflow-y: auto;
+    }
+    h1 { color: #333; margin-bottom: 10px; font-size: 24px; }
+    .subtitle { color: #666; margin-bottom: 20px; font-size: 14px; line-height: 1.5; }
+    .user-info {
+      background: #f8f9fa;
+      padding: 12px 16px;
+      border-radius: 8px;
+      margin-bottom: 24px;
+      font-size: 14px;
+    }
+    .user-info strong { color: #333; }
+    .select-controls {
+      display: flex;
+      gap: 16px;
+      margin-bottom: 16px;
+      align-items: center;
+    }
+    .select-controls label {
+      display: flex;
+      align-items: center;
+      gap: 8px;
+      font-size: 14px;
+      color: #666;
+      cursor: pointer;
+    }
+    .app-group {
+      background: #f8f9fa;
+      border-radius: 12px;
+      margin-bottom: 16px;
+      overflow: hidden;
+    }
+    .app-group-header {
+      display: flex;
+      align-items: center;
+      gap: 12px;
+      padding: 16px;
+      background: #e9ecef;
+    }
+    .app-group-icon {
+      width: 32px;
+      height: 32px;
+      background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
+      border-radius: 8px;
+      display: flex;
+      align-items: center;
+      justify-content: center;
+      color: white;
+      font-weight: 600;
+    }
+    .app-group-name { font-weight: 600; color: #333; flex: 1; }
+    .toggle-app {
+      padding: 6px 12px;
+      background: white;
+      border: 1px solid #ddd;
+      border-radius: 6px;
+      font-size: 12px;
+      cursor: pointer;
+    }
+    .toggle-app:hover { background: #f0f0f0; }
+    .app-tools { padding: 12px; }
+    .tool-card {
+      display: flex;
+      align-items: flex-start;
+      gap: 12px;
+      padding: 12px;
+      background: white;
+      border-radius: 8px;
+      margin-bottom: 8px;
+      cursor: pointer;
+      transition: all 0.2s;
+    }
+    .tool-card:hover { background: #f0f4ff; }
+    .tool-card:last-child { margin-bottom: 0; }
+    .tool-card input { margin-top: 2px; }
+    .tool-content { flex: 1; }
+    .tool-name { font-weight: 500; color: #333; font-size: 14px; }
+    .tool-description { font-size: 12px; color: #666; margin-top: 4px; }
+    .button-group { display: flex; gap: 12px; margin-top: 24px; }
+    button {
+      flex: 1;
+      padding: 14px;
+      border: none;
+      border-radius: 8px;
+      font-size: 16px;
+      font-weight: 600;
+      cursor: pointer;
+      transition: transform 0.2s, box-shadow 0.2s;
+    }
+    .btn-confirm {
+      background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
+      color: white;
+    }
+    .btn-confirm:hover { transform: translateY(-1px); box-shadow: 0 4px 12px rgba(102, 126, 234, 0.4); }
+    .btn-cancel {
+      background: #e5e7eb;
+      color: #374151;
+    }
+    .btn-cancel:hover { background: #d1d5db; }
+    .selection-summary {
+      background: #f0f9ff;
+      border: 1px solid #bae6fd;
+      border-radius: 8px;
+      padding: 12px 16px;
+      margin-top: 16px;
+      font-size: 13px;
+      color: #0369a1;
+    }
+  </style>
+</head>
+<body>
+  <div class="consent-container">
+    <h1>Select Tools to Enable</h1>
+    <p class="subtitle">
+      Choose which tools you want to make available to the AI assistant.
+      You can enable or disable tools at any time.
+    </p>
+    ${userEmail || userName
+            ? `
+    <div class="user-info">
+      Logged in as: <strong>${(0, ui_1.escapeHtml)(userName || userEmail || '')}</strong>
+    </div>
+    `
+            : ''}
+    <form action="${(0, ui_1.escapeHtml)(callbackPath)}" method="POST" id="consent-form">
+      <input type="hidden" name="pending_auth_id" value="${(0, ui_1.escapeHtml)(pendingAuthId)}">
+      <div class="select-controls">
+        <label>
+          <input type="checkbox" id="select-all" onchange="toggleAllTools(this)" checked>
+          Select all tools
+        </label>
+        <span style="color: #999; font-size: 12px;" id="selection-count">${tools.length} of ${tools.length} selected</span>
+      </div>
+      ${appGroupsHtml}
+      <div class="selection-summary" id="selection-summary">
+        Selected tools will be available to the AI assistant.
+      </div>
+      <div class="button-group">
+        <button type="button" class="btn-cancel" onclick="history.back()">Cancel</button>
+        <button type="submit" class="btn-confirm">Confirm Selection</button>
+      </div>
+    </form>
+  </div>
+  <script>
+    function toggleAllTools(checkbox) {
+      const checkboxes = document.querySelectorAll('input[name="tools"]');
+      checkboxes.forEach(cb => cb.checked = checkbox.checked);
+      updateCount();
+    }
+    function toggleAppTools(appId) {
+      const container = document.querySelector(\`.app-tools[data-app="\${appId}"]\`);
+      const checkboxes = container.querySelectorAll('input[name="tools"]');
+      const allChecked = [...checkboxes].every(cb => cb.checked);
+      checkboxes.forEach(cb => cb.checked = !allChecked);
+      updateSelectAll();
+      updateCount();
+    }
+    function updateSelectAll() {
+      const all = document.querySelectorAll('input[name="tools"]');
+      const checked = document.querySelectorAll('input[name="tools"]:checked');
+      document.getElementById('select-all').checked = all.length === checked.length;
+    }
+    function updateCount() {
+      const all = document.querySelectorAll('input[name="tools"]');
+      const checked = document.querySelectorAll('input[name="tools"]:checked');
+      document.getElementById('selection-count').textContent = \`\${checked.length} of \${all.length} selected\`;
+    }
+    // Add change listeners to all tool checkboxes
+    document.querySelectorAll('input[name="tools"]').forEach(cb => {
+      cb.addEventListener('change', () => {
+        updateSelectAll();
+        updateCount();
+      });
+    });
+  </script>
+</body>
+</html>`;
+    }
+    /**
+     * Render an error page
+     */
+    renderErrorPage(error, description) {
+        return `<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>Authorization Error</title>
+  <style>
+    body {
+      font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
+      background: #f5f5f5;
+      min-height: 100vh;
+      display: flex;
+      align-items: center;
+      justify-content: center;
+      padding: 20px;
+    }
+    .error-container {
+      background: white;
+      padding: 40px;
+      border-radius: 12px;
+      box-shadow: 0 4px 20px rgba(0,0,0,0.1);
+      max-width: 500px;
+      text-align: center;
+    }
+    .error-icon { font-size: 48px; margin-bottom: 20px; }
+    h1 { color: #e53e3e; margin-bottom: 10px; }
+    p { color: #666; line-height: 1.6; }
+    .error-code { font-family: monospace; background: #f5f5f5; padding: 4px 8px; border-radius: 4px; }
+  </style>
+</head>
+<body>
+  <div class="error-container">
+    <div class="error-icon">⚠️</div>
+    <h1>Authorization Error</h1>
+    <p><span class="error-code">${(0, ui_1.escapeHtml)(error)}</span></p>
+    <p>${(0, ui_1.escapeHtml)(description)}</p>
+  </div>
+</body>
+</html>`;
     }
 };
 tslib_1.__decorate([