@frontmcp/sdk 0.5.1 → 0.6.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (265) hide show
  1. package/README.md +1 -0
  2. package/package.json +12 -16
  3. package/src/adapter/adapter.instance.js +5 -0
  4. package/src/adapter/adapter.instance.js.map +1 -1
  5. package/src/auth/authorization/authorization.class.d.ts +1 -4
  6. package/src/auth/authorization/authorization.class.js +6 -13
  7. package/src/auth/authorization/authorization.class.js.map +1 -1
  8. package/src/auth/flows/session.verify.flow.d.ts +1 -0
  9. package/src/auth/flows/session.verify.flow.js +11 -1
  10. package/src/auth/flows/session.verify.flow.js.map +1 -1
  11. package/src/auth/flows/well-known.jwks.flow.js +2 -2
  12. package/src/auth/flows/well-known.jwks.flow.js.map +1 -1
  13. package/src/auth/jwks/dev-key-persistence.d.ts +63 -0
  14. package/src/auth/jwks/dev-key-persistence.js +219 -0
  15. package/src/auth/jwks/dev-key-persistence.js.map +1 -0
  16. package/src/auth/jwks/index.d.ts +1 -0
  17. package/src/auth/jwks/index.js +1 -0
  18. package/src/auth/jwks/index.js.map +1 -1
  19. package/src/auth/jwks/jwks.service.d.ts +7 -4
  20. package/src/auth/jwks/jwks.service.js +81 -12
  21. package/src/auth/jwks/jwks.service.js.map +1 -1
  22. package/src/auth/jwks/jwks.types.d.ts +7 -0
  23. package/src/auth/jwks/jwks.types.js.map +1 -1
  24. package/src/auth/machine-id.d.ts +5 -0
  25. package/src/auth/machine-id.js +32 -0
  26. package/src/auth/machine-id.js.map +1 -0
  27. package/src/auth/session/index.d.ts +2 -0
  28. package/src/auth/session/index.js +5 -1
  29. package/src/auth/session/index.js.map +1 -1
  30. package/src/auth/session/record/session.base.js +5 -3
  31. package/src/auth/session/record/session.base.js.map +1 -1
  32. package/src/auth/session/record/session.stateless.d.ts +2 -2
  33. package/src/auth/session/record/session.stateless.js +5 -3
  34. package/src/auth/session/record/session.stateless.js.map +1 -1
  35. package/src/auth/session/redis-session.store.d.ts +64 -0
  36. package/src/auth/session/redis-session.store.js +204 -0
  37. package/src/auth/session/redis-session.store.js.map +1 -0
  38. package/src/auth/session/session.service.d.ts +0 -2
  39. package/src/auth/session/session.service.js +1 -7
  40. package/src/auth/session/session.service.js.map +1 -1
  41. package/src/auth/session/transport-session.manager.js +3 -5
  42. package/src/auth/session/transport-session.manager.js.map +1 -1
  43. package/src/auth/session/transport-session.types.d.ts +4 -0
  44. package/src/auth/session/transport-session.types.js +4 -3
  45. package/src/auth/session/transport-session.types.js.map +1 -1
  46. package/src/auth/session/utils/session-id.utils.d.ts +12 -1
  47. package/src/auth/session/utils/session-id.utils.js +48 -9
  48. package/src/auth/session/utils/session-id.utils.js.map +1 -1
  49. package/src/auth/session/vercel-kv-session.store.d.ts +96 -0
  50. package/src/auth/session/vercel-kv-session.store.js +216 -0
  51. package/src/auth/session/vercel-kv-session.store.js.map +1 -0
  52. package/src/auth/ui/base-layout.d.ts +0 -8
  53. package/src/auth/ui/base-layout.js +1 -14
  54. package/src/auth/ui/base-layout.js.map +1 -1
  55. package/src/auth/ui/index.d.ts +3 -4
  56. package/src/auth/ui/index.js +10 -11
  57. package/src/auth/ui/index.js.map +1 -1
  58. package/src/auth/ui/{htmx-templates.d.ts → templates.d.ts} +5 -6
  59. package/src/auth/ui/{htmx-templates.js → templates.js} +8 -15
  60. package/src/auth/ui/templates.js.map +1 -0
  61. package/src/common/decorators/decorator-utils.js.map +1 -1
  62. package/src/common/decorators/front-mcp.decorator.js +26 -3
  63. package/src/common/decorators/front-mcp.decorator.js.map +1 -1
  64. package/src/common/index.d.ts +0 -1
  65. package/src/common/index.js +0 -1
  66. package/src/common/index.js.map +1 -1
  67. package/src/common/interfaces/adapter.interface.d.ts +6 -0
  68. package/src/common/interfaces/adapter.interface.js.map +1 -1
  69. package/src/common/interfaces/execution-context.interface.d.ts +52 -3
  70. package/src/common/interfaces/execution-context.interface.js +88 -3
  71. package/src/common/interfaces/execution-context.interface.js.map +1 -1
  72. package/src/common/interfaces/flow.interface.d.ts +13 -0
  73. package/src/common/interfaces/flow.interface.js +24 -0
  74. package/src/common/interfaces/flow.interface.js.map +1 -1
  75. package/src/common/interfaces/server.interface.d.ts +9 -0
  76. package/src/common/interfaces/server.interface.js.map +1 -1
  77. package/src/common/metadata/app.metadata.d.ts +108 -0
  78. package/src/common/metadata/front-mcp.metadata.d.ts +1341 -2
  79. package/src/common/metadata/front-mcp.metadata.js +4 -1
  80. package/src/common/metadata/front-mcp.metadata.js.map +1 -1
  81. package/src/common/metadata/prompt.metadata.d.ts +4 -0
  82. package/src/common/metadata/provider.metadata.d.ts +14 -0
  83. package/src/common/metadata/provider.metadata.js +18 -2
  84. package/src/common/metadata/provider.metadata.js.map +1 -1
  85. package/src/common/metadata/resource.metadata.d.ts +8 -0
  86. package/src/common/metadata/tool-ui.metadata.d.ts +2 -2
  87. package/src/common/metadata/tool-ui.metadata.js +1 -1
  88. package/src/common/metadata/tool-ui.metadata.js.map +1 -1
  89. package/src/common/metadata/tool.metadata.d.ts +5 -1
  90. package/src/common/metadata/tool.metadata.js.map +1 -1
  91. package/src/common/migrate/auth-transport.migrate.d.ts +62 -0
  92. package/src/common/migrate/auth-transport.migrate.js +140 -0
  93. package/src/common/migrate/auth-transport.migrate.js.map +1 -0
  94. package/src/common/migrate/index.d.ts +1 -0
  95. package/src/common/migrate/index.js +6 -0
  96. package/src/common/migrate/index.js.map +1 -0
  97. package/src/common/schemas/http-output.schema.d.ts +24 -6
  98. package/src/common/schemas/index.d.ts +1 -0
  99. package/src/common/schemas/index.js +1 -0
  100. package/src/common/schemas/index.js.map +1 -1
  101. package/src/common/schemas/session-header.schema.d.ts +16 -0
  102. package/src/common/schemas/session-header.schema.js +42 -0
  103. package/src/common/schemas/session-header.schema.js.map +1 -0
  104. package/src/common/tokens/front-mcp.tokens.js +4 -1
  105. package/src/common/tokens/front-mcp.tokens.js.map +1 -1
  106. package/src/common/types/options/auth.options.d.ts +233 -3
  107. package/src/common/types/options/auth.options.js +29 -40
  108. package/src/common/types/options/auth.options.js.map +1 -1
  109. package/src/common/types/options/index.d.ts +2 -0
  110. package/src/common/types/options/index.js +2 -0
  111. package/src/common/types/options/index.js.map +1 -1
  112. package/src/common/types/options/redis.options.d.ts +190 -0
  113. package/src/common/types/options/redis.options.js +191 -0
  114. package/src/common/types/options/redis.options.js.map +1 -0
  115. package/src/common/types/options/server-info.options.d.ts +4 -0
  116. package/src/common/types/options/transport.options.d.ts +148 -0
  117. package/src/common/types/options/transport.options.js +121 -0
  118. package/src/common/types/options/transport.options.js.map +1 -0
  119. package/src/common/utils/global-config.utils.d.ts +36 -0
  120. package/src/common/utils/global-config.utils.js +44 -0
  121. package/src/common/utils/global-config.utils.js.map +1 -0
  122. package/src/common/utils/index.d.ts +1 -0
  123. package/src/common/utils/index.js +1 -0
  124. package/src/common/utils/index.js.map +1 -1
  125. package/src/completion/flows/complete.flow.d.ts +6 -8
  126. package/src/context/frontmcp-context-storage.d.ts +94 -0
  127. package/src/context/frontmcp-context-storage.js +183 -0
  128. package/src/context/frontmcp-context-storage.js.map +1 -0
  129. package/src/context/frontmcp-context.d.ts +269 -0
  130. package/src/context/frontmcp-context.js +360 -0
  131. package/src/context/frontmcp-context.js.map +1 -0
  132. package/src/context/frontmcp-context.provider.d.ts +43 -0
  133. package/src/context/frontmcp-context.provider.js +61 -0
  134. package/src/context/frontmcp-context.provider.js.map +1 -0
  135. package/src/context/index.d.ts +34 -0
  136. package/src/context/index.js +64 -0
  137. package/src/context/index.js.map +1 -0
  138. package/src/context/request-context-storage.d.ts +89 -0
  139. package/src/context/request-context-storage.js +183 -0
  140. package/src/context/request-context-storage.js.map +1 -0
  141. package/src/context/request-context.d.ts +184 -0
  142. package/src/context/request-context.js +209 -0
  143. package/src/context/request-context.js.map +1 -0
  144. package/src/context/request-context.provider.d.ts +37 -0
  145. package/src/context/request-context.provider.js +51 -0
  146. package/src/context/request-context.provider.js.map +1 -0
  147. package/src/context/session-key.provider.d.ts +45 -0
  148. package/src/context/session-key.provider.js +65 -0
  149. package/src/context/session-key.provider.js.map +1 -0
  150. package/src/context/trace-context.d.ts +43 -0
  151. package/src/context/trace-context.js +142 -0
  152. package/src/context/trace-context.js.map +1 -0
  153. package/src/errors/index.d.ts +1 -1
  154. package/src/errors/index.js +4 -1
  155. package/src/errors/index.js.map +1 -1
  156. package/src/errors/mcp.error.d.ts +16 -0
  157. package/src/errors/mcp.error.js +29 -1
  158. package/src/errors/mcp.error.js.map +1 -1
  159. package/src/flows/flow.instance.d.ts +16 -0
  160. package/src/flows/flow.instance.js +166 -80
  161. package/src/flows/flow.instance.js.map +1 -1
  162. package/src/flows/flow.registry.d.ts +5 -0
  163. package/src/flows/flow.registry.js +45 -3
  164. package/src/flows/flow.registry.js.map +1 -1
  165. package/src/front-mcp/front-mcp.d.ts +12 -0
  166. package/src/front-mcp/front-mcp.js +22 -3
  167. package/src/front-mcp/front-mcp.js.map +1 -1
  168. package/src/front-mcp/front-mcp.providers.d.ts +474 -1
  169. package/src/front-mcp/front-mcp.providers.js +2 -1
  170. package/src/front-mcp/front-mcp.providers.js.map +1 -1
  171. package/src/front-mcp/index.d.ts +1 -0
  172. package/src/front-mcp/index.js +3 -0
  173. package/src/front-mcp/index.js.map +1 -1
  174. package/src/front-mcp/serverless-handler.d.ts +28 -0
  175. package/src/front-mcp/serverless-handler.js +61 -0
  176. package/src/front-mcp/serverless-handler.js.map +1 -0
  177. package/src/hooks/hooks.utils.d.ts +1 -1
  178. package/src/hooks/hooks.utils.js +10 -3
  179. package/src/hooks/hooks.utils.js.map +1 -1
  180. package/src/index.d.ts +9 -5
  181. package/src/index.js +21 -1
  182. package/src/index.js.map +1 -1
  183. package/src/logger/instances/instance.logger.js +0 -1
  184. package/src/logger/instances/instance.logger.js.map +1 -1
  185. package/src/logging/flows/set-level.flow.d.ts +6 -8
  186. package/src/notification/notification.service.js +5 -1
  187. package/src/notification/notification.service.js.map +1 -1
  188. package/src/prompt/flows/get-prompt.flow.d.ts +14 -8
  189. package/src/prompt/flows/prompts-list.flow.d.ts +8 -7
  190. package/src/provider/provider.registry.d.ts +97 -5
  191. package/src/provider/provider.registry.js +306 -9
  192. package/src/provider/provider.registry.js.map +1 -1
  193. package/src/provider/provider.types.d.ts +21 -3
  194. package/src/provider/provider.types.js.map +1 -1
  195. package/src/resource/flows/read-resource.flow.d.ts +8 -9
  196. package/src/resource/flows/resource-templates-list.flow.d.ts +8 -7
  197. package/src/resource/flows/resources-list.flow.d.ts +8 -7
  198. package/src/resource/flows/subscribe-resource.flow.d.ts +6 -8
  199. package/src/resource/flows/unsubscribe-resource.flow.d.ts +6 -8
  200. package/src/scope/flows/http.request.flow.js +43 -7
  201. package/src/scope/flows/http.request.flow.js.map +1 -1
  202. package/src/scope/scope.instance.js +12 -5
  203. package/src/scope/scope.instance.js.map +1 -1
  204. package/src/server/adapters/base.host.adapter.d.ts +9 -0
  205. package/src/server/adapters/base.host.adapter.js.map +1 -1
  206. package/src/server/adapters/express.host.adapter.d.ts +12 -0
  207. package/src/server/adapters/express.host.adapter.js +21 -1
  208. package/src/server/adapters/express.host.adapter.js.map +1 -1
  209. package/src/server/server.instance.d.ts +3 -0
  210. package/src/server/server.instance.js +14 -7
  211. package/src/server/server.instance.js.map +1 -1
  212. package/src/store/adapters/store.vercel-kv.adapter.d.ts +86 -0
  213. package/src/store/adapters/store.vercel-kv.adapter.js +155 -0
  214. package/src/store/adapters/store.vercel-kv.adapter.js.map +1 -0
  215. package/src/store/index.d.ts +2 -0
  216. package/src/store/index.js +2 -0
  217. package/src/store/index.js.map +1 -1
  218. package/src/store/store.factory.d.ts +86 -0
  219. package/src/store/store.factory.js +194 -0
  220. package/src/store/store.factory.js.map +1 -0
  221. package/src/tool/flows/call-tool.flow.d.ts +38 -19
  222. package/src/tool/flows/call-tool.flow.js +240 -194
  223. package/src/tool/flows/call-tool.flow.js.map +1 -1
  224. package/src/tool/flows/tools-list.flow.d.ts +14 -17
  225. package/src/tool/flows/tools-list.flow.js +84 -33
  226. package/src/tool/flows/tools-list.flow.js.map +1 -1
  227. package/src/tool/tool.instance.d.ts +1 -4
  228. package/src/tool/ui/index.d.ts +4 -4
  229. package/src/tool/ui/index.js +4 -4
  230. package/src/tool/ui/index.js.map +1 -1
  231. package/src/tool/ui/platform-adapters.d.ts +2 -2
  232. package/src/tool/ui/platform-adapters.js +3 -3
  233. package/src/tool/ui/platform-adapters.js.map +1 -1
  234. package/src/tool/ui/template-helpers.d.ts +5 -7
  235. package/src/tool/ui/template-helpers.js +9 -26
  236. package/src/tool/ui/template-helpers.js.map +1 -1
  237. package/src/tool/ui/ui-resource.handler.d.ts +1 -1
  238. package/src/tool/ui/ui-resource.handler.js +5 -5
  239. package/src/tool/ui/ui-resource.handler.js.map +1 -1
  240. package/src/transport/adapters/transport.streamable-http.adapter.js +1 -0
  241. package/src/transport/adapters/transport.streamable-http.adapter.js.map +1 -1
  242. package/src/transport/flows/handle.sse.flow.js +9 -2
  243. package/src/transport/flows/handle.sse.flow.js.map +1 -1
  244. package/src/transport/flows/handle.streamable-http.flow.js +63 -6
  245. package/src/transport/flows/handle.streamable-http.flow.js.map +1 -1
  246. package/src/transport/mcp-handlers/complete-request.handler.d.ts +4 -15
  247. package/src/transport/mcp-handlers/get-prompt-request.handler.d.ts +5 -15
  248. package/src/transport/mcp-handlers/index.d.ts +67 -195
  249. package/src/transport/mcp-handlers/initialize-request.handler.js +12 -2
  250. package/src/transport/mcp-handlers/initialize-request.handler.js.map +1 -1
  251. package/src/transport/mcp-handlers/list-prompts-request.handler.d.ts +5 -15
  252. package/src/transport/mcp-handlers/list-resource-templates-request.handler.d.ts +5 -15
  253. package/src/transport/mcp-handlers/list-resources-request.handler.d.ts +5 -15
  254. package/src/transport/mcp-handlers/list-tools-request.handler.d.ts +5 -15
  255. package/src/transport/mcp-handlers/logging-set-level-request.handler.d.ts +3 -14
  256. package/src/transport/mcp-handlers/read-resource-request.handler.d.ts +4 -15
  257. package/src/transport/mcp-handlers/subscribe-request.handler.d.ts +3 -14
  258. package/src/transport/mcp-handlers/unsubscribe-request.handler.d.ts +3 -14
  259. package/src/transport/transport.registry.d.ts +72 -4
  260. package/src/transport/transport.registry.js +342 -11
  261. package/src/transport/transport.registry.js.map +1 -1
  262. package/src/auth/ui/htmx-templates.js.map +0 -1
  263. package/src/common/providers/session.provider.d.ts +0 -13
  264. package/src/common/providers/session.provider.js +0 -27
  265. package/src/common/providers/session.provider.js.map +0 -1
package/src/common/types/options/auth.options.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"auth.options.js","sourceRoot":"","sources":["../../../../../src/common/types/options/auth.options.ts"],"names":[],"mappings":";AAAA,uCAAuC;;;AAyuBvC,4CAEC;AAKD,oCAEC;AAKD,8CAEC;AAKD,gDAEC;AAKD,kDAEC;AAKD,oDAEC;AAKD,gDAKC;AAtxBD,6BAAwB;AACxB,kCAA6E;AAE7E,2FAA+F;AAE/F,+CAA+C;AAC/C,iBAAiB;AACjB,+CAA+C;AAE/C;;GAEG;AACU,QAAA,wBAAwB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC/C;;;OAGG;IACH,KAAK,EAAE,OAAC,CAAC,KAAK,CAAC,CAAC,OAAC,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC;IAEtE;;;OAGG;IACH,OAAO,EAAE,OAAC,CAAC,KAAK,CAAC,CAAC,OAAC,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC;IAExE;;;OAGG;IACH,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;CAClC,CAAC,CAAC;AAEH;;GAEG;AACU,QAAA,wBAAwB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC/C;;;OAGG;IACH,OAAO,EAAE,gBAAS,CAAC,EAAE,CAAC,OAAC,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC,QAAQ,EAAE;IAE1D;;;OAGG;IACH,IAAI,EAAE,0BAAmB,CAAC,QAAQ,EAAE;IAEpC;;;OAGG;IACH,MAAM,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAC9B,CAAC,CAAC;AAEH;;GAEG;AACU,QAAA,0BAA0B,GAAG,OAAC,CAAC,MAAM,CAAC;IACjD;;;OAGG;IACH,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE;IAE1B;;OAEG;IACH,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAE3B;;;OAGG;IACH,EAAE,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAEzB;;;OAGG;IACH,IAAI,EAAE,0BAAmB,CAAC,QAAQ,EAAE;IAEpC;;OAEG;IACH,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAEpC;;OAEG;IACH,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAE/B;;OAEG;IACH,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAEnC;;OAEG;IACH,MAAM,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAEtC;;;OAGG;IACH,UAAU,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;IAEtC;;OAEG;IACH,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAEzC;;OAEG;IACH,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAE1C;;OAEG;IACH,oBAAoB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAEjD;;OAEG;IACH,gBAAgB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;CAC9C,CAAC,CAAC;AAEH;;GAEG;AACU,QAAA,wBAAwB,GAAG,OAAC,CAAC,kBAAkB,CAAC,MAAM,EAAE;IACnE,OAAC,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,OAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;IACvC,OAAC,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,OAAC,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,MAAM,EAAE,2CAAiB,EAAE,CAAC;CAClE,CAAC,CAAC;AAEH;;GAEG;AACU,QAAA,wBAAwB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC/C;;;OAGG;IACH,OAAO,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAElC;;;OAGG;IACH,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;CACpC,CAAC,CAAC;AAEH;;GAEG;AACU,QAAA,wBAAwB,GAAG,OAAC,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,cAAc,CAAC,CAAC,CAAC;AAE9E;;;;;;;;GAQG;AACU,QAAA,mBAAmB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC1C;;;;OAIG;IACH,OAAO,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;IAEnC;;;OAGG;IACH,UAAU,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAErC;;;OAGG;IACH,gBAAgB,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAE3C;;;OAGG;IACH,cAAc,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAEzC;;;OAGG;IACH,gBAAgB,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAE3C;;OAEG;IACH,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAEpC;;;OAGG;IACH,eAAe,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAE1C;;;OAGG;IACH,aAAa,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAE7C;;OAEG;IACH,oBAAoB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;CACrD,CAAC,CAAC;AAEH;;;GAGG;AACU,QAAA,2BAA2B,GAAG,OAAC,CAAC,MAAM,CAAC;IAClD;;;;;OAKG;IACH,OAAO,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAElC;;;;;OAKG;IACH,kBAAkB,EAAE,gCAAwB,CAAC,OAAO,CAAC,WAAW,CAAC;IAEjE;;;OAGG;IACH,SAAS,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAEpC;;;OAGG;IACH,iBAAiB,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;CAC7C,CAAC,CAAC;AAEH,+CAA+C;AAC/C,mBAAmB;AACnB,4CAA4C;AAC5C,+CAA+C;AAE/C;;;GAGG;AACU,QAAA,qBAAqB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC5C;;;OAGG;IACH,eAAe,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;IAE3C;;;OAGG;IACH,iBAAiB,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAE5C;;;OAGG;IACH,oBAAoB,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAE/C;;;;;OAKG;IACH,mBAAmB,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;IAE/C;;;OAGG;IACH,kBAAkB,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;IAE9C;;;;OAIG;IACH,2BAA2B,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;CACvD,CAAC,CAAC;AAEH,+CAA+C;AAC/C,cAAc;AACd,+CAA+C;AAC/C,+CAA+C;AAElC,QAAA,uBAAuB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC9C,IAAI,EAAE,OAAC,CAAC,OAAO,CAAC,QAAQ,CAAC;IAEzB;;;OAGG;IACH,MAAM,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAE7B;;;OAGG;IACH,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAEpC;;;OAGG;IACH,eAAe,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,WAAW,CAAC,CAAC;IAE3D;;OAEG;IACH,YAAY,EAAE,gCAAwB,CAAC,QAAQ,EAAE;IAEjD;;;OAGG;IACH,IAAI,EAAE,0BAAmB,CAAC,QAAQ,EAAE;IAEpC;;;OAGG;IACH,OAAO,EAAE,gBAAS,CAAC,EAAE,CAAC,OAAC,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC,QAAQ,EAAE;IAE1D;;;OAGG;IACH,SAAS,EAAE,6BAAqB,CAAC,QAAQ,EAAE;CAC5C,CAAC,CAAC;AAEH,+CAA+C;AAC/C,mBAAmB;AACnB,iDAAiD;AACjD,+CAA+C;AAElC,QAAA,4BAA4B,GAAG,OAAC,CAAC,MAAM,CAAC;IACnD,IAAI,EAAE,OAAC,CAAC,OAAO,CAAC,aAAa,CAAC;IAE9B;;OAEG;IACH,MAAM,EAAE,kCAA0B;IAElC;;;OAGG;IACH,gBAAgB,EAAE,OAAC,CAAC,KAAK,CAAC,CAAC,OAAC,CAAC,MAAM,EAAE,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAEvE;;;;OAIG;IACH,cAAc,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;IAE/C;;;OAGG;IACH,cAAc,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;IAE1C;;;OAGG;IACH,eAAe,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,WAAW,CAAC,CAAC;IAE3D;;OAEG;IACH,YAAY,EAAE,gCAAwB,CAAC,QAAQ,EAAE;IAEjD;;;OAGG;IACH,SAAS,EAAE,6BAAqB,CAAC,QAAQ,EAAE;CAC5C,CAAC,CAAC;AAEH,+CAA+C;AAC/C,oBAAoB;AACpB,+DAA+D;AAC/D,+CAA+C;AAE/C;;GAEG;AACU,QAAA,uBAAuB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC9C,IAAI,EAAE,OAAC,CAAC,OAAO,CAAC,cAAc,CAAC;IAC/B,IAAI,EAAE,OAAC,CAAC,OAAO,CAAC,OAAO,CAAC;IAExB;;OAEG;IACH,KAAK,EAAE,gCAAwB,CAAC,QAAQ,EAAE;IAE1C;;;OAGG;IACH,YAAY,EAAE,gCAAwB,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;IAElE;;;;;OAKG;IACH,WAAW,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC;IAElE;;;;;OAKG;IACH,kBAAkB,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;IAE9C;;;OAGG;IACH,eAAe,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,WAAW,CAAC,CAAC;IAE3D;;OAEG;IACH,YAAY,EAAE,gCAAwB,CAAC,QAAQ,EAAE;IAEjD;;;;OAIG;IACH,OAAO,EAAE,2BAAmB,CAAC,QAAQ,EAAE;IAEvC;;OAEG;IACH,OAAO,EAAE,gCAAwB,CAAC,QAAQ,EAAE;IAE5C;;OAEG;IACH,gBAAgB,EAAE,OAAC,CAAC,KAAK,CAAC,CAAC,OAAC,CAAC,MAAM,EAAE,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAEvE;;;;OAIG;IACH,eAAe,EAAE,mCAA2B,CAAC,QAAQ,EAAE;IAEvD;;;OAGG;IACH,SAAS,EAAE,6BAAqB,CAAC,QAAQ,EAAE;CAC5C,CAAC,CAAC;AAEH;;GAEG;AACU,QAAA,wBAAwB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC/C,IAAI,EAAE,OAAC,CAAC,OAAO,CAAC,cAAc,CAAC;IAC/B,IAAI,EAAE,OAAC,CAAC,OAAO,CAAC,QAAQ,CAAC;IAEzB;;OAEG;IACH,MAAM,EAAE,kCAA0B;IAElC;;OAEG;IACH,KAAK,EAAE,gCAAwB,CAAC,QAAQ,EAAE;IAE1C;;;OAGG;IACH,YAAY,EAAE,gCAAwB,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;IAElE;;;;;OAKG;IACH,WAAW,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC;IAElE;;;;;OAKG;IACH,kBAAkB,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;IAE9C;;;OAGG;IACH,eAAe,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,WAAW,CAAC,CAAC;IAE3D;;OAEG;IACH,YAAY,EAAE,gCAAwB,CAAC,QAAQ,EAAE;IAEjD;;;;OAIG;IACH,OAAO,EAAE,2BAAmB,CAAC,QAAQ,EAAE;IAEvC;;OAEG;IACH,OAAO,EAAE,gCAAwB,CAAC,QAAQ,EAAE;IAE5C;;OAEG;IACH,gBAAgB,EAAE,OAAC,CAAC,KAAK,CAAC,CAAC,OAAC,CAAC,MAAM,EAAE,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAEvE;;;;OAIG;IACH,eAAe,EAAE,mCAA2B,CAAC,QAAQ,EAAE;IAEvD;;;OAGG;IACH,SAAS,EAAE,6BAAqB,CAAC,QAAQ,EAAE;CAC5C,CAAC,CAAC;AAEH,+BAA+B;AAClB,QAAA,6BAA6B,GAAG,OAAC,CAAC,kBAAkB,CAAC,MAAM,EAAE;IACxE,+BAAuB;IACvB,gCAAwB;CACzB,CAAC,CAAC;AAEH,+CAA+C;AAC/C,uBAAuB;AACvB,+CAA+C;AAE/C;;;;GAIG;AACU,QAAA,iBAAiB,GAAG,OAAC,CAAC,KAAK,CAAC;IACvC,+BAAuB;IACvB,oCAA4B;IAC5B,+BAAuB;IACvB,gCAAwB;CACzB,CAAC,CAAC;AAoIH,MAAM,sBAAsB,GAAG;IAC7B,UAAU,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAClC,iBAAiB,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CACF,CAAC;AAE7B,QAAA,oBAAoB,GAAG,OAAC,CAAC,KAAK,CAAC;IAC1C,+BAAuB,CAAC,MAAM,CAAC,sBAAsB,CAAC;IACtD,oCAA4B,CAAC,MAAM,CAAC,sBAAsB,CAAC;IAC3D,+BAAuB,CAAC,MAAM,CAAC,sBAAsB,CAAC;IACtD,gCAAwB,CAAC,MAAM,CAAC,sBAAsB,CAAC;CACxD,CAAC,CAAC;AAKH,+CAA+C;AAC/C,mBAAmB;AACnB,+CAA+C;AAE/C;;GAEG;AACH,SAAgB,gBAAgB,CAAC,KAAuB;IACtD,OAAO,yBAAiB,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;AACxC,CAAC;AAED;;GAEG;AACH,SAAgB,YAAY,CAAC,OAAuC;IAClE,OAAO,OAAO,CAAC,IAAI,KAAK,QAAQ,CAAC;AACnC,CAAC;AAED;;GAEG;AACH,SAAgB,iBAAiB,CAAC,OAAuC;IACvE,OAAO,OAAO,CAAC,IAAI,KAAK,aAAa,CAAC;AACxC,CAAC;AAED;;GAEG;AACH,SAAgB,kBAAkB,CAAC,OAAuC;IACxE,OAAO,OAAO,CAAC,IAAI,KAAK,cAAc,CAAC;AACzC,CAAC;AAED;;GAEG;AACH,SAAgB,mBAAmB,CAAC,OAAgC;IAClE,OAAO,OAAO,CAAC,IAAI,KAAK,OAAO,CAAC;AAClC,CAAC;AAED;;GAEG;AACH,SAAgB,oBAAoB,CAAC,OAAgC;IACnE,OAAO,OAAO,CAAC,IAAI,KAAK,QAAQ,CAAC;AACnC,CAAC;AAED;;GAEG;AACH,SAAgB,kBAAkB,CAAC,OAAoB;IACrD,IAAI,OAAO,CAAC,IAAI,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC3C,IAAI,OAAO,CAAC,IAAI,KAAK,aAAa;QAAE,OAAO,OAAO,CAAC,cAAc,CAAC;IAClE,IAAI,OAAO,CAAC,IAAI,KAAK,cAAc;QAAE,OAAO,OAAO,CAAC,kBAAkB,CAAC;IACvE,OAAO,KAAK,CAAC;AACf,CAAC","sourcesContent":["// common/types/options/auth.options.ts\n\nimport { z } from 'zod';\nimport { JSONWebKeySet, jsonWebKeySetSchema, JWK, jwkSchema } from '../auth';\nimport { RawZodShape } from '../common.types';\nimport { RedisConfig, redisConfigSchema } from '../../../auth/session/transport-session.types';\n\n// ============================================\n// SHARED SCHEMAS\n// ============================================\n\n/**\n * Public access configuration for tools/prompts\n */\nexport const publicAccessConfigSchema = z.object({\n /**\n * Allow all tools or explicit whitelist\n * @default 'all'\n */\n tools: z.union([z.literal('all'), z.array(z.string())]).default('all'),\n\n /**\n * Allow all prompts or explicit whitelist\n * @default 'all'\n */\n prompts: z.union([z.literal('all'), z.array(z.string())]).default('all'),\n\n /**\n * Rate limit per IP per minute\n * @default 60\n */\n rateLimit: z.number().default(60),\n});\n\n/**\n * Local signing configuration (for orchestrated local type)\n */\nexport const localSigningConfigSchema = z.object({\n /**\n * Private key for signing orchestrated tokens\n * @default auto-generated\n */\n signKey: jwkSchema.or(z.instanceof(Uint8Array)).optional(),\n\n /**\n * JWKS for token verification\n * @default auto-generated\n */\n jwks: jsonWebKeySetSchema.optional(),\n\n /**\n * Issuer identifier for orchestrated tokens\n * @default auto-derived from server URL\n */\n issuer: z.string().optional(),\n});\n\n/**\n * Remote OAuth provider configuration (for orchestrated remote and transparent)\n */\nexport const remoteProviderConfigSchema = z.object({\n /**\n * OAuth provider base URL\n * @example 'https://auth.example.com'\n */\n provider: z.string().url(),\n\n /**\n * Provider display name\n */\n name: z.string().optional(),\n\n /**\n * Unique identifier for this provider\n * @default derived from provider URL\n */\n id: z.string().optional(),\n\n /**\n * Inline JWKS for offline token verification\n * Falls back to fetching from provider's /.well-known/jwks.json\n */\n jwks: jsonWebKeySetSchema.optional(),\n\n /**\n * Custom JWKS URI if not at standard path\n */\n jwksUri: z.string().url().optional(),\n\n /**\n * Client ID for this MCP server (for orchestrated mode)\n */\n clientId: z.string().optional(),\n\n /**\n * Client secret (for confidential clients in orchestrated mode)\n */\n clientSecret: z.string().optional(),\n\n /**\n * Scopes to request from the upstream provider\n */\n scopes: z.array(z.string()).optional(),\n\n /**\n * Enable Dynamic Client Registration (DCR)\n * @default false\n */\n dcrEnabled: z.boolean().default(false),\n\n /**\n * Authorization endpoint override\n */\n authEndpoint: z.string().url().optional(),\n\n /**\n * Token endpoint override\n */\n tokenEndpoint: z.string().url().optional(),\n\n /**\n * Registration endpoint override (for DCR)\n */\n registrationEndpoint: z.string().url().optional(),\n\n /**\n * User info endpoint override\n */\n userInfoEndpoint: z.string().url().optional(),\n});\n\n/**\n * Token storage configuration for orchestrated mode\n */\nexport const tokenStorageConfigSchema = z.discriminatedUnion('type', [\n z.object({ type: z.literal('memory') }),\n z.object({ type: z.literal('redis'), config: redisConfigSchema }),\n]);\n\n/**\n * Token refresh configuration\n */\nexport const tokenRefreshConfigSchema = z.object({\n /**\n * Enable automatic token refresh\n * @default true\n */\n enabled: z.boolean().default(true),\n\n /**\n * Refresh token before expiry by this many seconds\n * @default 60\n */\n skewSeconds: z.number().default(60),\n});\n\n/**\n * Behavior when a tool from a skipped (not yet authorized) app is called\n */\nexport const skippedAppBehaviorSchema = z.enum(['anonymous', 'require-auth']);\n\n/**\n * Consent configuration for tool selection\n * Allows users to choose which MCP tools to expose to the LLM\n *\n * Note: This schema is the canonical definition. It is duplicated in\n * auth/consent/consent.types.ts for domain-specific use. Both schemas\n * MUST be kept in sync. The duplication exists to avoid circular\n * dependencies between common/ and auth/ modules.\n */\nexport const consentConfigSchema = z.object({\n /**\n * Enable consent flow for tool selection\n * When enabled, users can choose which tools to expose to the LLM\n * @default false\n */\n enabled: z.boolean().default(false),\n\n /**\n * Group tools by app in the consent UI\n * @default true\n */\n groupByApp: z.boolean().default(true),\n\n /**\n * Show tool descriptions in consent UI\n * @default true\n */\n showDescriptions: z.boolean().default(true),\n\n /**\n * Allow selecting all tools at once\n * @default true\n */\n allowSelectAll: z.boolean().default(true),\n\n /**\n * Require at least one tool to be selected\n * @default true\n */\n requireSelection: z.boolean().default(true),\n\n /**\n * Custom message to display on consent page\n */\n customMessage: z.string().optional(),\n\n /**\n * Remember consent for future sessions\n * @default true\n */\n rememberConsent: z.boolean().default(true),\n\n /**\n * Tools to exclude from consent (always available)\n * Useful for essential tools that should always be accessible\n */\n excludedTools: z.array(z.string()).optional(),\n\n /**\n * Tools to always include in consent (pre-selected)\n */\n defaultSelectedTools: z.array(z.string()).optional(),\n});\n\n/**\n * Progressive/Incremental authorization configuration\n * Allows users to authorize apps one at a time after initial auth\n */\nexport const incrementalAuthConfigSchema = z.object({\n /**\n * Enable incremental (progressive) authorization\n * When enabled, users can skip app authorizations during initial auth\n * and authorize individual apps later when needed\n * @default true\n */\n enabled: z.boolean().default(true),\n\n /**\n * Behavior when a tool from a skipped app is called\n * - 'anonymous': If app supports anonymous access, use it; otherwise require auth\n * - 'require-auth': Always require authorization (return auth_url)\n * @default 'anonymous'\n */\n skippedAppBehavior: skippedAppBehaviorSchema.default('anonymous'),\n\n /**\n * Allow users to skip app authorization during initial auth flow\n * @default true\n */\n allowSkip: z.boolean().default(true),\n\n /**\n * Show all apps in a single authorization page (vs step-by-step)\n * @default true\n */\n showAllAppsAtOnce: z.boolean().default(true),\n});\n\n// ============================================\n// TRANSPORT CONFIG\n// Protocol enablement and behavior settings\n// ============================================\n\n/**\n * Transport protocol configuration\n * Controls which transport protocols are enabled and their behavior\n */\nexport const transportConfigSchema = z.object({\n /**\n * Enable legacy SSE transport (old HTTP+SSE protocol)\n * @default false\n */\n enableLegacySSE: z.boolean().default(false),\n\n /**\n * Enable SSE listener for server-initiated messages (GET /mcp with Accept: text/event-stream)\n * @default true\n */\n enableSseListener: z.boolean().default(true),\n\n /**\n * Enable streamable HTTP transport (POST with SSE response)\n * @default true\n */\n enableStreamableHttp: z.boolean().default(true),\n\n /**\n * Enable stateless HTTP mode (requests without session ID)\n * When enabled, allows requests without prior initialize\n * Uses shared singleton transport for anonymous, per-token singleton for authenticated\n * @default false\n */\n enableStatelessHttp: z.boolean().default(false),\n\n /**\n * Enable stateful HTTP transport (JSON-only responses)\n * @default false\n */\n enableStatefulHttp: z.boolean().default(false),\n\n /**\n * Require session ID for streamable HTTP (non-stateless mode)\n * When false, streamable HTTP requests don't require prior initialize\n * @default true\n */\n requireSessionForStreamable: z.boolean().default(true),\n});\n\n// ============================================\n// PUBLIC MODE\n// No authentication required, anonymous access\n// ============================================\n\nexport const publicAuthOptionsSchema = z.object({\n mode: z.literal('public'),\n\n /**\n * Issuer identifier for anonymous JWTs\n * @default auto-derived from server URL\n */\n issuer: z.string().optional(),\n\n /**\n * Anonymous session TTL in seconds\n * @default 3600 (1 hour)\n */\n sessionTtl: z.number().default(3600),\n\n /**\n * Scopes granted to anonymous sessions\n * @default ['anonymous']\n */\n anonymousScopes: z.array(z.string()).default(['anonymous']),\n\n /**\n * Tool/prompt access configuration for anonymous users\n */\n publicAccess: publicAccessConfigSchema.optional(),\n\n /**\n * JWKS for token verification\n * @default auto-generated\n */\n jwks: jsonWebKeySetSchema.optional(),\n\n /**\n * Private key for signing anonymous tokens\n * @default auto-generated\n */\n signKey: jwkSchema.or(z.instanceof(Uint8Array)).optional(),\n\n /**\n * Transport protocol configuration\n * Controls which transports are enabled and their behavior\n */\n transport: transportConfigSchema.optional(),\n});\n\n// ============================================\n// TRANSPARENT MODE\n// Pass-through OAuth tokens from remote provider\n// ============================================\n\nexport const transparentAuthOptionsSchema = z.object({\n mode: z.literal('transparent'),\n\n /**\n * Remote OAuth provider configuration (required)\n */\n remote: remoteProviderConfigSchema,\n\n /**\n * Expected token audience\n * If not set, defaults to the resource URL\n */\n expectedAudience: z.union([z.string(), z.array(z.string())]).optional(),\n\n /**\n * Required scopes for access\n * Empty array means any valid token is accepted\n * @default []\n */\n requiredScopes: z.array(z.string()).default([]),\n\n /**\n * Allow anonymous fallback when no token is provided\n * @default false\n */\n allowAnonymous: z.boolean().default(false),\n\n /**\n * Scopes granted to anonymous sessions (when allowAnonymous=true)\n * @default ['anonymous']\n */\n anonymousScopes: z.array(z.string()).default(['anonymous']),\n\n /**\n * Public access config for anonymous users (when allowAnonymous=true)\n */\n publicAccess: publicAccessConfigSchema.optional(),\n\n /**\n * Transport protocol configuration\n * Controls which transports are enabled and their behavior\n */\n transport: transportConfigSchema.optional(),\n});\n\n// ============================================\n// ORCHESTRATED MODE\n// Local auth server that can proxy to remote or be fully local\n// ============================================\n\n/**\n * Orchestrated mode with local authentication only\n */\nexport const orchestratedLocalSchema = z.object({\n mode: z.literal('orchestrated'),\n type: z.literal('local'),\n\n /**\n * Local signing configuration\n */\n local: localSigningConfigSchema.optional(),\n\n /**\n * Token storage configuration\n * @default { type: 'memory' }\n */\n tokenStorage: tokenStorageConfigSchema.default({ type: 'memory' }),\n\n /**\n * Session storage mode\n * - 'stateful': Store sessions in Redis/memory, JWT contains only reference\n * - 'stateless': All state encrypted in JWT\n * @default 'stateful'\n */\n sessionMode: z.enum(['stateful', 'stateless']).default('stateful'),\n\n /**\n * Allow default public access for unauthenticated requests\n * When true: all tools are public by default, only tools marked with scopes require auth\n * When false: all tools require authentication by default\n * @default false\n */\n allowDefaultPublic: z.boolean().default(false),\n\n /**\n * Scopes granted to anonymous sessions (when allowDefaultPublic=true)\n * @default ['anonymous']\n */\n anonymousScopes: z.array(z.string()).default(['anonymous']),\n\n /**\n * Public access config (when allowDefaultPublic=true)\n */\n publicAccess: publicAccessConfigSchema.optional(),\n\n /**\n * Consent flow configuration for tool selection\n * Allows users to choose which MCP tools to expose to the LLM\n * @default { enabled: false }\n */\n consent: consentConfigSchema.optional(),\n\n /**\n * Token refresh settings\n */\n refresh: tokenRefreshConfigSchema.optional(),\n\n /**\n * Expected token audience for validation\n */\n expectedAudience: z.union([z.string(), z.array(z.string())]).optional(),\n\n /**\n * Incremental (progressive) authorization configuration\n * Allows users to skip app authorizations initially and authorize later\n * @default { enabled: true, skippedAppBehavior: 'anonymous' }\n */\n incrementalAuth: incrementalAuthConfigSchema.optional(),\n\n /**\n * Transport protocol configuration\n * Controls which transports are enabled and their behavior\n */\n transport: transportConfigSchema.optional(),\n});\n\n/**\n * Orchestrated mode with remote OAuth provider\n */\nexport const orchestratedRemoteSchema = z.object({\n mode: z.literal('orchestrated'),\n type: z.literal('remote'),\n\n /**\n * Remote OAuth provider configuration (required for remote type)\n */\n remote: remoteProviderConfigSchema,\n\n /**\n * Local signing configuration (for issuing local tokens after upstream auth)\n */\n local: localSigningConfigSchema.optional(),\n\n /**\n * Token storage configuration\n * @default { type: 'memory' }\n */\n tokenStorage: tokenStorageConfigSchema.default({ type: 'memory' }),\n\n /**\n * Session storage mode\n * - 'stateful': Store sessions in Redis/memory, JWT contains only reference\n * - 'stateless': All state encrypted in JWT\n * @default 'stateful'\n */\n sessionMode: z.enum(['stateful', 'stateless']).default('stateful'),\n\n /**\n * Allow default public access for unauthenticated requests\n * When true: all tools are public by default, only tools marked with scopes require auth\n * When false: all tools require authentication by default\n * @default false\n */\n allowDefaultPublic: z.boolean().default(false),\n\n /**\n * Scopes granted to anonymous sessions (when allowDefaultPublic=true)\n * @default ['anonymous']\n */\n anonymousScopes: z.array(z.string()).default(['anonymous']),\n\n /**\n * Public access config (when allowDefaultPublic=true)\n */\n publicAccess: publicAccessConfigSchema.optional(),\n\n /**\n * Consent flow configuration for tool selection\n * Allows users to choose which MCP tools to expose to the LLM\n * @default { enabled: false }\n */\n consent: consentConfigSchema.optional(),\n\n /**\n * Token refresh settings\n */\n refresh: tokenRefreshConfigSchema.optional(),\n\n /**\n * Expected token audience for validation\n */\n expectedAudience: z.union([z.string(), z.array(z.string())]).optional(),\n\n /**\n * Incremental (progressive) authorization configuration\n * Allows users to skip app authorizations initially and authorize later\n * @default { enabled: true, skippedAppBehavior: 'anonymous' }\n */\n incrementalAuth: incrementalAuthConfigSchema.optional(),\n\n /**\n * Transport protocol configuration\n * Controls which transports are enabled and their behavior\n */\n transport: transportConfigSchema.optional(),\n});\n\n// Combined orchestrated schema\nexport const orchestratedAuthOptionsSchema = z.discriminatedUnion('type', [\n orchestratedLocalSchema,\n orchestratedRemoteSchema,\n]);\n\n// ============================================\n// UNIFIED AUTH OPTIONS\n// ============================================\n\n/**\n * Main auth options schema - discriminated by 'mode'\n *\n * Uses z.union because we have nested discriminators (orchestrated has 'type')\n */\nexport const authOptionsSchema = z.union([\n publicAuthOptionsSchema,\n transparentAuthOptionsSchema,\n orchestratedLocalSchema,\n orchestratedRemoteSchema,\n]);\n\n// ============================================\n// TYPE EXPORTS\n// ============================================\n\n/**\n * Public access configuration\n */\nexport type PublicAccessConfig = z.infer<typeof publicAccessConfigSchema>;\nexport type PublicAccessConfigInput = z.input<typeof publicAccessConfigSchema>;\n\n/**\n * Local signing configuration\n */\nexport type LocalSigningConfig = z.infer<typeof localSigningConfigSchema>;\nexport type LocalSigningConfigInput = z.input<typeof localSigningConfigSchema>;\n\n/**\n * Remote provider configuration\n */\nexport type RemoteProviderConfig = z.infer<typeof remoteProviderConfigSchema>;\nexport type RemoteProviderConfigInput = z.input<typeof remoteProviderConfigSchema>;\n\n/**\n * Token storage configuration\n */\nexport type TokenStorageConfig = z.infer<typeof tokenStorageConfigSchema>;\nexport type TokenStorageConfigInput = z.input<typeof tokenStorageConfigSchema>;\n\n/**\n * Token refresh configuration\n */\nexport type TokenRefreshConfig = z.infer<typeof tokenRefreshConfigSchema>;\nexport type TokenRefreshConfigInput = z.input<typeof tokenRefreshConfigSchema>;\n\n/**\n * Incremental (progressive) authorization configuration\n */\nexport type IncrementalAuthConfig = z.infer<typeof incrementalAuthConfigSchema>;\nexport type IncrementalAuthConfigInput = z.input<typeof incrementalAuthConfigSchema>;\n\n/**\n * Skipped app behavior type\n */\nexport type SkippedAppBehavior = z.infer<typeof skippedAppBehaviorSchema>;\n\n/**\n * Consent configuration for tool selection\n */\nexport type ConsentConfig = z.infer<typeof consentConfigSchema>;\nexport type ConsentConfigInput = z.input<typeof consentConfigSchema>;\n\n/**\n * Transport protocol configuration\n */\nexport type TransportConfig = z.infer<typeof transportConfigSchema>;\nexport type TransportConfigInput = z.input<typeof transportConfigSchema>;\n\n/**\n * Public mode options (output type with defaults applied)\n */\nexport type PublicAuthOptions = z.infer<typeof publicAuthOptionsSchema>;\nexport type PublicAuthOptionsInput = z.input<typeof publicAuthOptionsSchema>;\n\n/**\n * Transparent mode options (output type with defaults applied)\n */\nexport type TransparentAuthOptions = z.infer<typeof transparentAuthOptionsSchema>;\nexport type TransparentAuthOptionsInput = z.input<typeof transparentAuthOptionsSchema>;\n\n/**\n * Orchestrated local mode options\n */\nexport type OrchestratedLocalOptions = z.infer<typeof orchestratedLocalSchema>;\nexport type OrchestratedLocalOptionsInput = z.input<typeof orchestratedLocalSchema>;\n\n/**\n * Orchestrated remote mode options\n */\nexport type OrchestratedRemoteOptions = z.infer<typeof orchestratedRemoteSchema>;\nexport type OrchestratedRemoteOptionsInput = z.input<typeof orchestratedRemoteSchema>;\n\n/**\n * Orchestrated mode options (union of local and remote)\n */\nexport type OrchestratedAuthOptions = z.infer<typeof orchestratedAuthOptionsSchema>;\nexport type OrchestratedAuthOptionsInput = z.input<typeof orchestratedAuthOptionsSchema>;\n\n/**\n * Auth options (output type with defaults applied)\n * Use this type when working with parsed/validated options\n */\nexport type AuthOptions = z.infer<typeof authOptionsSchema>;\n\n/**\n * Auth options input (input type for user configuration)\n * Use this type for the @frontmcp configuration\n */\nexport type AuthOptionsInput = z.input<typeof authOptionsSchema>;\n\n/**\n * Authentication mode\n */\nexport type AuthMode = 'public' | 'transparent' | 'orchestrated';\n\n/**\n * Orchestrated type (local or remote)\n */\nexport type OrchestratedType = 'local' | 'remote';\n\n// ============================================\n// APP-LEVEL AUTH OPTIONS (with standalone)\n// ============================================\n\ntype StandaloneOption = {\n /**\n * If the provider is standalone, it will register an OAuth service provider\n * on app's entry path. If not standalone, it will be registered as a child\n * provider under the root provider.\n * @default false\n */\n standalone?: boolean;\n\n /**\n * If the provider should be excluded from the parent provider's discovery.\n * Used for standalone providers.\n * @default false\n */\n excludeFromParent?: boolean;\n};\n\nconst standaloneOptionSchema = {\n standalone: z.boolean().optional(),\n excludeFromParent: z.boolean().optional(),\n} satisfies RawZodShape<StandaloneOption>;\n\nexport const appAuthOptionsSchema = z.union([\n publicAuthOptionsSchema.extend(standaloneOptionSchema),\n transparentAuthOptionsSchema.extend(standaloneOptionSchema),\n orchestratedLocalSchema.extend(standaloneOptionSchema),\n orchestratedRemoteSchema.extend(standaloneOptionSchema),\n]);\n\nexport type AppAuthOptions = z.infer<typeof appAuthOptionsSchema>;\nexport type AppAuthOptionsInput = z.input<typeof appAuthOptionsSchema>;\n\n// ============================================\n// HELPER FUNCTIONS\n// ============================================\n\n/**\n * Parse and validate auth options with defaults\n */\nexport function parseAuthOptions(input: AuthOptionsInput): AuthOptions {\n return authOptionsSchema.parse(input);\n}\n\n/**\n * Check if options are public mode\n */\nexport function isPublicMode(options: AuthOptions | AuthOptionsInput): options is PublicAuthOptions {\n return options.mode === 'public';\n}\n\n/**\n * Check if options are transparent mode\n */\nexport function isTransparentMode(options: AuthOptions | AuthOptionsInput): options is TransparentAuthOptions {\n return options.mode === 'transparent';\n}\n\n/**\n * Check if options are orchestrated mode\n */\nexport function isOrchestratedMode(options: AuthOptions | AuthOptionsInput): options is OrchestratedAuthOptions {\n return options.mode === 'orchestrated';\n}\n\n/**\n * Check if orchestrated options are local type\n */\nexport function isOrchestratedLocal(options: OrchestratedAuthOptions): options is OrchestratedLocalOptions {\n return options.type === 'local';\n}\n\n/**\n * Check if orchestrated options are remote type\n */\nexport function isOrchestratedRemote(options: OrchestratedAuthOptions): options is OrchestratedRemoteOptions {\n return options.type === 'remote';\n}\n\n/**\n * Check if options allow public/anonymous access\n */\nexport function allowsPublicAccess(options: AuthOptions): boolean {\n if (options.mode === 'public') return true;\n if (options.mode === 'transparent') return options.allowAnonymous;\n if (options.mode === 'orchestrated') return options.allowDefaultPublic;\n return false;\n}\n"]}
1
+ {"version":3,"file":"auth.options.js","sourceRoot":"","sources":["../../../../../src/common/types/options/auth.options.ts"],"names":[],"mappings":";AAAA,uCAAuC;;;AAyuBvC,4CAEC;AAKD,oCAEC;AAKD,8CAEC;AAKD,gDAEC;AAKD,kDAEC;AAKD,oDAEC;AAKD,gDAKC;AAtxBD,6BAAwB;AACxB,kCAA6E;AAE7E,2FAA+F;AAE/F,+CAA+C;AAC/C,iBAAiB;AACjB,+CAA+C;AAE/C;;GAEG;AACU,QAAA,wBAAwB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC/C;;;OAGG;IACH,KAAK,EAAE,OAAC,CAAC,KAAK,CAAC,CAAC,OAAC,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC;IAEtE;;;OAGG;IACH,OAAO,EAAE,OAAC,CAAC,KAAK,CAAC,CAAC,OAAC,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC;IAExE;;;OAGG;IACH,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;CAClC,CAAC,CAAC;AAEH;;GAEG;AACU,QAAA,wBAAwB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC/C;;;OAGG;IACH,OAAO,EAAE,gBAAS,CAAC,EAAE,CAAC,OAAC,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC,QAAQ,EAAE;IAE1D;;;OAGG;IACH,IAAI,EAAE,0BAAmB,CAAC,QAAQ,EAAE;IAEpC;;;OAGG;IACH,MAAM,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAC9B,CAAC,CAAC;AAEH;;GAEG;AACU,QAAA,0BAA0B,GAAG,OAAC,CAAC,MAAM,CAAC;IACjD;;;OAGG;IACH,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE;IAE1B;;OAEG;IACH,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAE3B;;;OAGG;IACH,EAAE,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAEzB;;;OAGG;IACH,IAAI,EAAE,0BAAmB,CAAC,QAAQ,EAAE;IAEpC;;OAEG;IACH,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAEpC;;OAEG;IACH,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAE/B;;OAEG;IACH,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAEnC;;OAEG;IACH,MAAM,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAEtC;;;OAGG;IACH,UAAU,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;IAEtC;;OAEG;IACH,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAEzC;;OAEG;IACH,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAE1C;;OAEG;IACH,oBAAoB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAEjD;;OAEG;IACH,gBAAgB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;CAC9C,CAAC,CAAC;AAEH;;GAEG;AACU,QAAA,wBAAwB,GAAG,OAAC,CAAC,kBAAkB,CAAC,MAAM,EAAE;IACnE,OAAC,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,OAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;IACvC,OAAC,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,OAAC,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,MAAM,EAAE,2CAAiB,EAAE,CAAC;CAClE,CAAC,CAAC;AAEH;;GAEG;AACU,QAAA,wBAAwB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC/C;;;OAGG;IACH,OAAO,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAElC;;;OAGG;IACH,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC;CACpC,CAAC,CAAC;AAEH;;GAEG;AACU,QAAA,wBAAwB,GAAG,OAAC,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,cAAc,CAAC,CAAC,CAAC;AAE9E;;;;;;;;GAQG;AACU,QAAA,mBAAmB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC1C;;;;OAIG;IACH,OAAO,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;IAEnC;;;OAGG;IACH,UAAU,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAErC;;;OAGG;IACH,gBAAgB,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAE3C;;;OAGG;IACH,cAAc,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAEzC;;;OAGG;IACH,gBAAgB,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAE3C;;OAEG;IACH,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAEpC;;;OAGG;IACH,eAAe,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAE1C;;;OAGG;IACH,aAAa,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAE7C;;OAEG;IACH,oBAAoB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;CACrD,CAAC,CAAC;AAEH;;;GAGG;AACU,QAAA,2BAA2B,GAAG,OAAC,CAAC,MAAM,CAAC;IAClD;;;;;OAKG;IACH,OAAO,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAElC;;;;;OAKG;IACH,kBAAkB,EAAE,gCAAwB,CAAC,OAAO,CAAC,WAAW,CAAC;IAEjE;;;OAGG;IACH,SAAS,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAEpC;;;OAGG;IACH,iBAAiB,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;CAC7C,CAAC,CAAC;AAEH,+CAA+C;AAC/C,gCAAgC;AAChC,sEAAsE;AACtE,0CAA0C;AAC1C,sBAAsB;AACtB,+CAA+C;AAE/C;;GAEG;AACU,QAAA,+BAA+B,GAAG,OAAC;KAC7C,MAAM,CAAC;IACN,OAAO,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;IACnC,KAAK,EAAE,2CAAiB,CAAC,QAAQ,EAAE;IACnC,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC;CAC3D,CAAC;KACD,MAAM,CACL,CAAC,IAAI,EAAE,EAAE;IACP,IAAI,IAAI,CAAC,OAAO,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;QAChC,OAAO,KAAK,CAAC;IACf,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC,EACD;IACE,OAAO,EAAE,sEAAsE;IAC/E,IAAI,EAAE,CAAC,OAAO,CAAC;CAChB,CACF,CAAC;AAEJ;;GAEG;AACU,QAAA,qBAAqB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC5C,eAAe,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;IAC3C,iBAAiB,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAC5C,oBAAoB,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAC/C,mBAAmB,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;IAC/C,kBAAkB,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;IAC9C,2BAA2B,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IACtD,UAAU,EAAE,OAAC,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,uCAA+B,CAAC,CAAC,QAAQ,EAAE;CACrE,CAAC,CAAC;AAEH,+CAA+C;AAC/C,cAAc;AACd,+CAA+C;AAC/C,+CAA+C;AAElC,QAAA,uBAAuB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC9C,IAAI,EAAE,OAAC,CAAC,OAAO,CAAC,QAAQ,CAAC;IAEzB;;;OAGG;IACH,MAAM,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAE7B;;;OAGG;IACH,UAAU,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAEpC;;;OAGG;IACH,eAAe,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,WAAW,CAAC,CAAC;IAE3D;;OAEG;IACH,YAAY,EAAE,gCAAwB,CAAC,QAAQ,EAAE;IAEjD;;;OAGG;IACH,IAAI,EAAE,0BAAmB,CAAC,QAAQ,EAAE;IAEpC;;;OAGG;IACH,OAAO,EAAE,gBAAS,CAAC,EAAE,CAAC,OAAC,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC,QAAQ,EAAE;IAE1D;;OAEG;IACH,SAAS,EAAE,6BAAqB,CAAC,QAAQ,EAAE;CAC5C,CAAC,CAAC;AAEH,+CAA+C;AAC/C,mBAAmB;AACnB,iDAAiD;AACjD,+CAA+C;AAElC,QAAA,4BAA4B,GAAG,OAAC,CAAC,MAAM,CAAC;IACnD,IAAI,EAAE,OAAC,CAAC,OAAO,CAAC,aAAa,CAAC;IAE9B;;OAEG;IACH,MAAM,EAAE,kCAA0B;IAElC;;;OAGG;IACH,gBAAgB,EAAE,OAAC,CAAC,KAAK,CAAC,CAAC,OAAC,CAAC,MAAM,EAAE,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAEvE;;;;OAIG;IACH,cAAc,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC;IAE/C;;;OAGG;IACH,cAAc,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;IAE1C;;;OAGG;IACH,eAAe,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,WAAW,CAAC,CAAC;IAE3D;;OAEG;IACH,YAAY,EAAE,gCAAwB,CAAC,QAAQ,EAAE;IAEjD;;OAEG;IACH,SAAS,EAAE,6BAAqB,CAAC,QAAQ,EAAE;CAC5C,CAAC,CAAC;AAEH,+CAA+C;AAC/C,oBAAoB;AACpB,+DAA+D;AAC/D,+CAA+C;AAE/C;;GAEG;AACU,QAAA,uBAAuB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC9C,IAAI,EAAE,OAAC,CAAC,OAAO,CAAC,cAAc,CAAC;IAC/B,IAAI,EAAE,OAAC,CAAC,OAAO,CAAC,OAAO,CAAC;IAExB;;OAEG;IACH,KAAK,EAAE,gCAAwB,CAAC,QAAQ,EAAE;IAE1C;;;OAGG;IACH,YAAY,EAAE,gCAAwB,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;IAElE;;;;;OAKG;IACH,WAAW,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC;IAElE;;;;;OAKG;IACH,kBAAkB,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;IAE9C;;;OAGG;IACH,eAAe,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,WAAW,CAAC,CAAC;IAE3D;;OAEG;IACH,YAAY,EAAE,gCAAwB,CAAC,QAAQ,EAAE;IAEjD;;;;OAIG;IACH,OAAO,EAAE,2BAAmB,CAAC,QAAQ,EAAE;IAEvC;;OAEG;IACH,OAAO,EAAE,gCAAwB,CAAC,QAAQ,EAAE;IAE5C;;OAEG;IACH,gBAAgB,EAAE,OAAC,CAAC,KAAK,CAAC,CAAC,OAAC,CAAC,MAAM,EAAE,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAEvE;;;;OAIG;IACH,eAAe,EAAE,mCAA2B,CAAC,QAAQ,EAAE;IAEvD;;OAEG;IACH,SAAS,EAAE,6BAAqB,CAAC,QAAQ,EAAE;CAC5C,CAAC,CAAC;AAEH;;GAEG;AACU,QAAA,wBAAwB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC/C,IAAI,EAAE,OAAC,CAAC,OAAO,CAAC,cAAc,CAAC;IAC/B,IAAI,EAAE,OAAC,CAAC,OAAO,CAAC,QAAQ,CAAC;IAEzB;;OAEG;IACH,MAAM,EAAE,kCAA0B;IAElC;;OAEG;IACH,KAAK,EAAE,gCAAwB,CAAC,QAAQ,EAAE;IAE1C;;;OAGG;IACH,YAAY,EAAE,gCAAwB,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;IAElE;;;;;OAKG;IACH,WAAW,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC;IAElE;;;;;OAKG;IACH,kBAAkB,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;IAE9C;;;OAGG;IACH,eAAe,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,WAAW,CAAC,CAAC;IAE3D;;OAEG;IACH,YAAY,EAAE,gCAAwB,CAAC,QAAQ,EAAE;IAEjD;;;;OAIG;IACH,OAAO,EAAE,2BAAmB,CAAC,QAAQ,EAAE;IAEvC;;OAEG;IACH,OAAO,EAAE,gCAAwB,CAAC,QAAQ,EAAE;IAE5C;;OAEG;IACH,gBAAgB,EAAE,OAAC,CAAC,KAAK,CAAC,CAAC,OAAC,CAAC,MAAM,EAAE,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;IAEvE;;;;OAIG;IACH,eAAe,EAAE,mCAA2B,CAAC,QAAQ,EAAE;IAEvD;;OAEG;IACH,SAAS,EAAE,6BAAqB,CAAC,QAAQ,EAAE;CAC5C,CAAC,CAAC;AAEH,+BAA+B;AAClB,QAAA,6BAA6B,GAAG,OAAC,CAAC,kBAAkB,CAAC,MAAM,EAAE;IACxE,+BAAuB;IACvB,gCAAwB;CACzB,CAAC,CAAC;AAEH,+CAA+C;AAC/C,uBAAuB;AACvB,+CAA+C;AAE/C;;;;GAIG;AACU,QAAA,iBAAiB,GAAG,OAAC,CAAC,KAAK,CAAC;IACvC,+BAAuB;IACvB,oCAA4B;IAC5B,+BAAuB;IACvB,gCAAwB;CACzB,CAAC,CAAC;AAgJH,MAAM,sBAAsB,GAAG;IAC7B,UAAU,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;IAClC,iBAAiB,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;CACF,CAAC;AAE7B,QAAA,oBAAoB,GAAG,OAAC,CAAC,KAAK,CAAC;IAC1C,+BAAuB,CAAC,MAAM,CAAC,sBAAsB,CAAC;IACtD,oCAA4B,CAAC,MAAM,CAAC,sBAAsB,CAAC;IAC3D,+BAAuB,CAAC,MAAM,CAAC,sBAAsB,CAAC;IACtD,gCAAwB,CAAC,MAAM,CAAC,sBAAsB,CAAC;CACxD,CAAC,CAAC;AAKH,+CAA+C;AAC/C,mBAAmB;AACnB,+CAA+C;AAE/C;;GAEG;AACH,SAAgB,gBAAgB,CAAC,KAAuB;IACtD,OAAO,yBAAiB,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;AACxC,CAAC;AAED;;GAEG;AACH,SAAgB,YAAY,CAAC,OAAuC;IAClE,OAAO,OAAO,CAAC,IAAI,KAAK,QAAQ,CAAC;AACnC,CAAC;AAED;;GAEG;AACH,SAAgB,iBAAiB,CAAC,OAAuC;IACvE,OAAO,OAAO,CAAC,IAAI,KAAK,aAAa,CAAC;AACxC,CAAC;AAED;;GAEG;AACH,SAAgB,kBAAkB,CAAC,OAAuC;IACxE,OAAO,OAAO,CAAC,IAAI,KAAK,cAAc,CAAC;AACzC,CAAC;AAED;;GAEG;AACH,SAAgB,mBAAmB,CAAC,OAAgC;IAClE,OAAO,OAAO,CAAC,IAAI,KAAK,OAAO,CAAC;AAClC,CAAC;AAED;;GAEG;AACH,SAAgB,oBAAoB,CAAC,OAAgC;IACnE,OAAO,OAAO,CAAC,IAAI,KAAK,QAAQ,CAAC;AACnC,CAAC;AAED;;GAEG;AACH,SAAgB,kBAAkB,CAAC,OAAoB;IACrD,IAAI,OAAO,CAAC,IAAI,KAAK,QAAQ;QAAE,OAAO,IAAI,CAAC;IAC3C,IAAI,OAAO,CAAC,IAAI,KAAK,aAAa;QAAE,OAAO,OAAO,CAAC,cAAc,CAAC;IAClE,IAAI,OAAO,CAAC,IAAI,KAAK,cAAc;QAAE,OAAO,OAAO,CAAC,kBAAkB,CAAC;IACvE,OAAO,KAAK,CAAC;AACf,CAAC","sourcesContent":["// common/types/options/auth.options.ts\n\nimport { z } from 'zod';\nimport { JSONWebKeySet, jsonWebKeySetSchema, JWK, jwkSchema } from '../auth';\nimport { RawZodShape } from '../common.types';\nimport { RedisConfig, redisConfigSchema } from '../../../auth/session/transport-session.types';\n\n// ============================================\n// SHARED SCHEMAS\n// ============================================\n\n/**\n * Public access configuration for tools/prompts\n */\nexport const publicAccessConfigSchema = z.object({\n /**\n * Allow all tools or explicit whitelist\n * @default 'all'\n */\n tools: z.union([z.literal('all'), z.array(z.string())]).default('all'),\n\n /**\n * Allow all prompts or explicit whitelist\n * @default 'all'\n */\n prompts: z.union([z.literal('all'), z.array(z.string())]).default('all'),\n\n /**\n * Rate limit per IP per minute\n * @default 60\n */\n rateLimit: z.number().default(60),\n});\n\n/**\n * Local signing configuration (for orchestrated local type)\n */\nexport const localSigningConfigSchema = z.object({\n /**\n * Private key for signing orchestrated tokens\n * @default auto-generated\n */\n signKey: jwkSchema.or(z.instanceof(Uint8Array)).optional(),\n\n /**\n * JWKS for token verification\n * @default auto-generated\n */\n jwks: jsonWebKeySetSchema.optional(),\n\n /**\n * Issuer identifier for orchestrated tokens\n * @default auto-derived from server URL\n */\n issuer: z.string().optional(),\n});\n\n/**\n * Remote OAuth provider configuration (for orchestrated remote and transparent)\n */\nexport const remoteProviderConfigSchema = z.object({\n /**\n * OAuth provider base URL\n * @example 'https://auth.example.com'\n */\n provider: z.string().url(),\n\n /**\n * Provider display name\n */\n name: z.string().optional(),\n\n /**\n * Unique identifier for this provider\n * @default derived from provider URL\n */\n id: z.string().optional(),\n\n /**\n * Inline JWKS for offline token verification\n * Falls back to fetching from provider's /.well-known/jwks.json\n */\n jwks: jsonWebKeySetSchema.optional(),\n\n /**\n * Custom JWKS URI if not at standard path\n */\n jwksUri: z.string().url().optional(),\n\n /**\n * Client ID for this MCP server (for orchestrated mode)\n */\n clientId: z.string().optional(),\n\n /**\n * Client secret (for confidential clients in orchestrated mode)\n */\n clientSecret: z.string().optional(),\n\n /**\n * Scopes to request from the upstream provider\n */\n scopes: z.array(z.string()).optional(),\n\n /**\n * Enable Dynamic Client Registration (DCR)\n * @default false\n */\n dcrEnabled: z.boolean().default(false),\n\n /**\n * Authorization endpoint override\n */\n authEndpoint: z.string().url().optional(),\n\n /**\n * Token endpoint override\n */\n tokenEndpoint: z.string().url().optional(),\n\n /**\n * Registration endpoint override (for DCR)\n */\n registrationEndpoint: z.string().url().optional(),\n\n /**\n * User info endpoint override\n */\n userInfoEndpoint: z.string().url().optional(),\n});\n\n/**\n * Token storage configuration for orchestrated mode\n */\nexport const tokenStorageConfigSchema = z.discriminatedUnion('type', [\n z.object({ type: z.literal('memory') }),\n z.object({ type: z.literal('redis'), config: redisConfigSchema }),\n]);\n\n/**\n * Token refresh configuration\n */\nexport const tokenRefreshConfigSchema = z.object({\n /**\n * Enable automatic token refresh\n * @default true\n */\n enabled: z.boolean().default(true),\n\n /**\n * Refresh token before expiry by this many seconds\n * @default 60\n */\n skewSeconds: z.number().default(60),\n});\n\n/**\n * Behavior when a tool from a skipped (not yet authorized) app is called\n */\nexport const skippedAppBehaviorSchema = z.enum(['anonymous', 'require-auth']);\n\n/**\n * Consent configuration for tool selection\n * Allows users to choose which MCP tools to expose to the LLM\n *\n * Note: This schema is the canonical definition. It is duplicated in\n * auth/consent/consent.types.ts for domain-specific use. Both schemas\n * MUST be kept in sync. The duplication exists to avoid circular\n * dependencies between common/ and auth/ modules.\n */\nexport const consentConfigSchema = z.object({\n /**\n * Enable consent flow for tool selection\n * When enabled, users can choose which tools to expose to the LLM\n * @default false\n */\n enabled: z.boolean().default(false),\n\n /**\n * Group tools by app in the consent UI\n * @default true\n */\n groupByApp: z.boolean().default(true),\n\n /**\n * Show tool descriptions in consent UI\n * @default true\n */\n showDescriptions: z.boolean().default(true),\n\n /**\n * Allow selecting all tools at once\n * @default true\n */\n allowSelectAll: z.boolean().default(true),\n\n /**\n * Require at least one tool to be selected\n * @default true\n */\n requireSelection: z.boolean().default(true),\n\n /**\n * Custom message to display on consent page\n */\n customMessage: z.string().optional(),\n\n /**\n * Remember consent for future sessions\n * @default true\n */\n rememberConsent: z.boolean().default(true),\n\n /**\n * Tools to exclude from consent (always available)\n * Useful for essential tools that should always be accessible\n */\n excludedTools: z.array(z.string()).optional(),\n\n /**\n * Tools to always include in consent (pre-selected)\n */\n defaultSelectedTools: z.array(z.string()).optional(),\n});\n\n/**\n * Progressive/Incremental authorization configuration\n * Allows users to authorize apps one at a time after initial auth\n */\nexport const incrementalAuthConfigSchema = z.object({\n /**\n * Enable incremental (progressive) authorization\n * When enabled, users can skip app authorizations during initial auth\n * and authorize individual apps later when needed\n * @default true\n */\n enabled: z.boolean().default(true),\n\n /**\n * Behavior when a tool from a skipped app is called\n * - 'anonymous': If app supports anonymous access, use it; otherwise require auth\n * - 'require-auth': Always require authorization (return auth_url)\n * @default 'anonymous'\n */\n skippedAppBehavior: skippedAppBehaviorSchema.default('anonymous'),\n\n /**\n * Allow users to skip app authorization during initial auth flow\n * @default true\n */\n allowSkip: z.boolean().default(true),\n\n /**\n * Show all apps in a single authorization page (vs step-by-step)\n * @default true\n */\n showAllAppsAtOnce: z.boolean().default(true),\n});\n\n// ============================================\n// TRANSPORT CONFIG (DEPRECATED)\n// These schemas are kept for backward compatibility during migration.\n// Use top-level transport config instead.\n// DELETE after v1.0.0\n// ============================================\n\n/**\n * @deprecated Use top-level transport config instead. This will be removed in v1.0.0.\n */\nexport const transportRecreationConfigSchema = z\n .object({\n enabled: z.boolean().default(false),\n redis: redisConfigSchema.optional(),\n defaultTtlMs: z.number().int().positive().default(3600000),\n })\n .refine(\n (data) => {\n if (data.enabled && !data.redis) {\n return false;\n }\n return true;\n },\n {\n message: 'Redis configuration is required when transport recreation is enabled',\n path: ['redis'],\n },\n );\n\n/**\n * @deprecated Use top-level transport config instead. This will be removed in v1.0.0.\n */\nexport const transportConfigSchema = z.object({\n enableLegacySSE: z.boolean().default(false),\n enableSseListener: z.boolean().default(true),\n enableStreamableHttp: z.boolean().default(true),\n enableStatelessHttp: z.boolean().default(false),\n enableStatefulHttp: z.boolean().default(false),\n requireSessionForStreamable: z.boolean().default(true),\n recreation: z.lazy(() => transportRecreationConfigSchema).optional(),\n});\n\n// ============================================\n// PUBLIC MODE\n// No authentication required, anonymous access\n// ============================================\n\nexport const publicAuthOptionsSchema = z.object({\n mode: z.literal('public'),\n\n /**\n * Issuer identifier for anonymous JWTs\n * @default auto-derived from server URL\n */\n issuer: z.string().optional(),\n\n /**\n * Anonymous session TTL in seconds\n * @default 3600 (1 hour)\n */\n sessionTtl: z.number().default(3600),\n\n /**\n * Scopes granted to anonymous sessions\n * @default ['anonymous']\n */\n anonymousScopes: z.array(z.string()).default(['anonymous']),\n\n /**\n * Tool/prompt access configuration for anonymous users\n */\n publicAccess: publicAccessConfigSchema.optional(),\n\n /**\n * JWKS for token verification\n * @default auto-generated\n */\n jwks: jsonWebKeySetSchema.optional(),\n\n /**\n * Private key for signing anonymous tokens\n * @default auto-generated\n */\n signKey: jwkSchema.or(z.instanceof(Uint8Array)).optional(),\n\n /**\n * @deprecated Use top-level transport config instead. Kept for backward compatibility.\n */\n transport: transportConfigSchema.optional(),\n});\n\n// ============================================\n// TRANSPARENT MODE\n// Pass-through OAuth tokens from remote provider\n// ============================================\n\nexport const transparentAuthOptionsSchema = z.object({\n mode: z.literal('transparent'),\n\n /**\n * Remote OAuth provider configuration (required)\n */\n remote: remoteProviderConfigSchema,\n\n /**\n * Expected token audience\n * If not set, defaults to the resource URL\n */\n expectedAudience: z.union([z.string(), z.array(z.string())]).optional(),\n\n /**\n * Required scopes for access\n * Empty array means any valid token is accepted\n * @default []\n */\n requiredScopes: z.array(z.string()).default([]),\n\n /**\n * Allow anonymous fallback when no token is provided\n * @default false\n */\n allowAnonymous: z.boolean().default(false),\n\n /**\n * Scopes granted to anonymous sessions (when allowAnonymous=true)\n * @default ['anonymous']\n */\n anonymousScopes: z.array(z.string()).default(['anonymous']),\n\n /**\n * Public access config for anonymous users (when allowAnonymous=true)\n */\n publicAccess: publicAccessConfigSchema.optional(),\n\n /**\n * @deprecated Use top-level transport config instead. Kept for backward compatibility.\n */\n transport: transportConfigSchema.optional(),\n});\n\n// ============================================\n// ORCHESTRATED MODE\n// Local auth server that can proxy to remote or be fully local\n// ============================================\n\n/**\n * Orchestrated mode with local authentication only\n */\nexport const orchestratedLocalSchema = z.object({\n mode: z.literal('orchestrated'),\n type: z.literal('local'),\n\n /**\n * Local signing configuration\n */\n local: localSigningConfigSchema.optional(),\n\n /**\n * Token storage configuration\n * @default { type: 'memory' }\n */\n tokenStorage: tokenStorageConfigSchema.default({ type: 'memory' }),\n\n /**\n * Session storage mode\n * - 'stateful': Store sessions in Redis/memory, JWT contains only reference\n * - 'stateless': All state encrypted in JWT\n * @default 'stateful'\n */\n sessionMode: z.enum(['stateful', 'stateless']).default('stateful'),\n\n /**\n * Allow default public access for unauthenticated requests\n * When true: all tools are public by default, only tools marked with scopes require auth\n * When false: all tools require authentication by default\n * @default false\n */\n allowDefaultPublic: z.boolean().default(false),\n\n /**\n * Scopes granted to anonymous sessions (when allowDefaultPublic=true)\n * @default ['anonymous']\n */\n anonymousScopes: z.array(z.string()).default(['anonymous']),\n\n /**\n * Public access config (when allowDefaultPublic=true)\n */\n publicAccess: publicAccessConfigSchema.optional(),\n\n /**\n * Consent flow configuration for tool selection\n * Allows users to choose which MCP tools to expose to the LLM\n * @default { enabled: false }\n */\n consent: consentConfigSchema.optional(),\n\n /**\n * Token refresh settings\n */\n refresh: tokenRefreshConfigSchema.optional(),\n\n /**\n * Expected token audience for validation\n */\n expectedAudience: z.union([z.string(), z.array(z.string())]).optional(),\n\n /**\n * Incremental (progressive) authorization configuration\n * Allows users to skip app authorizations initially and authorize later\n * @default { enabled: true, skippedAppBehavior: 'anonymous' }\n */\n incrementalAuth: incrementalAuthConfigSchema.optional(),\n\n /**\n * @deprecated Use top-level transport config instead. Kept for backward compatibility.\n */\n transport: transportConfigSchema.optional(),\n});\n\n/**\n * Orchestrated mode with remote OAuth provider\n */\nexport const orchestratedRemoteSchema = z.object({\n mode: z.literal('orchestrated'),\n type: z.literal('remote'),\n\n /**\n * Remote OAuth provider configuration (required for remote type)\n */\n remote: remoteProviderConfigSchema,\n\n /**\n * Local signing configuration (for issuing local tokens after upstream auth)\n */\n local: localSigningConfigSchema.optional(),\n\n /**\n * Token storage configuration\n * @default { type: 'memory' }\n */\n tokenStorage: tokenStorageConfigSchema.default({ type: 'memory' }),\n\n /**\n * Session storage mode\n * - 'stateful': Store sessions in Redis/memory, JWT contains only reference\n * - 'stateless': All state encrypted in JWT\n * @default 'stateful'\n */\n sessionMode: z.enum(['stateful', 'stateless']).default('stateful'),\n\n /**\n * Allow default public access for unauthenticated requests\n * When true: all tools are public by default, only tools marked with scopes require auth\n * When false: all tools require authentication by default\n * @default false\n */\n allowDefaultPublic: z.boolean().default(false),\n\n /**\n * Scopes granted to anonymous sessions (when allowDefaultPublic=true)\n * @default ['anonymous']\n */\n anonymousScopes: z.array(z.string()).default(['anonymous']),\n\n /**\n * Public access config (when allowDefaultPublic=true)\n */\n publicAccess: publicAccessConfigSchema.optional(),\n\n /**\n * Consent flow configuration for tool selection\n * Allows users to choose which MCP tools to expose to the LLM\n * @default { enabled: false }\n */\n consent: consentConfigSchema.optional(),\n\n /**\n * Token refresh settings\n */\n refresh: tokenRefreshConfigSchema.optional(),\n\n /**\n * Expected token audience for validation\n */\n expectedAudience: z.union([z.string(), z.array(z.string())]).optional(),\n\n /**\n * Incremental (progressive) authorization configuration\n * Allows users to skip app authorizations initially and authorize later\n * @default { enabled: true, skippedAppBehavior: 'anonymous' }\n */\n incrementalAuth: incrementalAuthConfigSchema.optional(),\n\n /**\n * @deprecated Use top-level transport config instead. Kept for backward compatibility.\n */\n transport: transportConfigSchema.optional(),\n});\n\n// Combined orchestrated schema\nexport const orchestratedAuthOptionsSchema = z.discriminatedUnion('type', [\n orchestratedLocalSchema,\n orchestratedRemoteSchema,\n]);\n\n// ============================================\n// UNIFIED AUTH OPTIONS\n// ============================================\n\n/**\n * Main auth options schema - discriminated by 'mode'\n *\n * Uses z.union because we have nested discriminators (orchestrated has 'type')\n */\nexport const authOptionsSchema = z.union([\n publicAuthOptionsSchema,\n transparentAuthOptionsSchema,\n orchestratedLocalSchema,\n orchestratedRemoteSchema,\n]);\n\n// ============================================\n// TYPE EXPORTS\n// ============================================\n\n/**\n * Public access configuration\n */\nexport type PublicAccessConfig = z.infer<typeof publicAccessConfigSchema>;\nexport type PublicAccessConfigInput = z.input<typeof publicAccessConfigSchema>;\n\n/**\n * Local signing configuration\n */\nexport type LocalSigningConfig = z.infer<typeof localSigningConfigSchema>;\nexport type LocalSigningConfigInput = z.input<typeof localSigningConfigSchema>;\n\n/**\n * Remote provider configuration\n */\nexport type RemoteProviderConfig = z.infer<typeof remoteProviderConfigSchema>;\nexport type RemoteProviderConfigInput = z.input<typeof remoteProviderConfigSchema>;\n\n/**\n * Token storage configuration\n */\nexport type TokenStorageConfig = z.infer<typeof tokenStorageConfigSchema>;\nexport type TokenStorageConfigInput = z.input<typeof tokenStorageConfigSchema>;\n\n/**\n * Token refresh configuration\n */\nexport type TokenRefreshConfig = z.infer<typeof tokenRefreshConfigSchema>;\nexport type TokenRefreshConfigInput = z.input<typeof tokenRefreshConfigSchema>;\n\n/**\n * Incremental (progressive) authorization configuration\n */\nexport type IncrementalAuthConfig = z.infer<typeof incrementalAuthConfigSchema>;\nexport type IncrementalAuthConfigInput = z.input<typeof incrementalAuthConfigSchema>;\n\n/**\n * Skipped app behavior type\n */\nexport type SkippedAppBehavior = z.infer<typeof skippedAppBehaviorSchema>;\n\n/**\n * Consent configuration for tool selection\n */\nexport type ConsentConfig = z.infer<typeof consentConfigSchema>;\nexport type ConsentConfigInput = z.input<typeof consentConfigSchema>;\n\n/**\n * @deprecated Use TransportOptions from transport.options.ts instead\n */\nexport type TransportConfig = z.infer<typeof transportConfigSchema>;\n/**\n * @deprecated Use TransportOptionsInput from transport.options.ts instead\n */\nexport type TransportConfigInput = z.input<typeof transportConfigSchema>;\n\n/**\n * @deprecated Use TransportPersistenceConfig from transport.options.ts instead\n */\nexport type TransportRecreationConfig = z.infer<typeof transportRecreationConfigSchema>;\n/**\n * @deprecated Use TransportPersistenceConfigInput from transport.options.ts instead\n */\nexport type TransportRecreationConfigInput = z.input<typeof transportRecreationConfigSchema>;\n\n/**\n * Public mode options (output type with defaults applied)\n */\nexport type PublicAuthOptions = z.infer<typeof publicAuthOptionsSchema>;\nexport type PublicAuthOptionsInput = z.input<typeof publicAuthOptionsSchema>;\n\n/**\n * Transparent mode options (output type with defaults applied)\n */\nexport type TransparentAuthOptions = z.infer<typeof transparentAuthOptionsSchema>;\nexport type TransparentAuthOptionsInput = z.input<typeof transparentAuthOptionsSchema>;\n\n/**\n * Orchestrated local mode options\n */\nexport type OrchestratedLocalOptions = z.infer<typeof orchestratedLocalSchema>;\nexport type OrchestratedLocalOptionsInput = z.input<typeof orchestratedLocalSchema>;\n\n/**\n * Orchestrated remote mode options\n */\nexport type OrchestratedRemoteOptions = z.infer<typeof orchestratedRemoteSchema>;\nexport type OrchestratedRemoteOptionsInput = z.input<typeof orchestratedRemoteSchema>;\n\n/**\n * Orchestrated mode options (union of local and remote)\n */\nexport type OrchestratedAuthOptions = z.infer<typeof orchestratedAuthOptionsSchema>;\nexport type OrchestratedAuthOptionsInput = z.input<typeof orchestratedAuthOptionsSchema>;\n\n/**\n * Auth options (output type with defaults applied)\n * Use this type when working with parsed/validated options\n */\nexport type AuthOptions = z.infer<typeof authOptionsSchema>;\n\n/**\n * Auth options input (input type for user configuration)\n * Use this type for the @frontmcp configuration\n */\nexport type AuthOptionsInput = z.input<typeof authOptionsSchema>;\n\n/**\n * Authentication mode\n */\nexport type AuthMode = 'public' | 'transparent' | 'orchestrated';\n\n/**\n * Orchestrated type (local or remote)\n */\nexport type OrchestratedType = 'local' | 'remote';\n\n// ============================================\n// APP-LEVEL AUTH OPTIONS (with standalone)\n// ============================================\n\ntype StandaloneOption = {\n /**\n * If the provider is standalone, it will register an OAuth service provider\n * on app's entry path. If not standalone, it will be registered as a child\n * provider under the root provider.\n * @default false\n */\n standalone?: boolean;\n\n /**\n * If the provider should be excluded from the parent provider's discovery.\n * Used for standalone providers.\n * @default false\n */\n excludeFromParent?: boolean;\n};\n\nconst standaloneOptionSchema = {\n standalone: z.boolean().optional(),\n excludeFromParent: z.boolean().optional(),\n} satisfies RawZodShape<StandaloneOption>;\n\nexport const appAuthOptionsSchema = z.union([\n publicAuthOptionsSchema.extend(standaloneOptionSchema),\n transparentAuthOptionsSchema.extend(standaloneOptionSchema),\n orchestratedLocalSchema.extend(standaloneOptionSchema),\n orchestratedRemoteSchema.extend(standaloneOptionSchema),\n]);\n\nexport type AppAuthOptions = z.infer<typeof appAuthOptionsSchema>;\nexport type AppAuthOptionsInput = z.input<typeof appAuthOptionsSchema>;\n\n// ============================================\n// HELPER FUNCTIONS\n// ============================================\n\n/**\n * Parse and validate auth options with defaults\n */\nexport function parseAuthOptions(input: AuthOptionsInput): AuthOptions {\n return authOptionsSchema.parse(input);\n}\n\n/**\n * Check if options are public mode\n */\nexport function isPublicMode(options: AuthOptions | AuthOptionsInput): options is PublicAuthOptions {\n return options.mode === 'public';\n}\n\n/**\n * Check if options are transparent mode\n */\nexport function isTransparentMode(options: AuthOptions | AuthOptionsInput): options is TransparentAuthOptions {\n return options.mode === 'transparent';\n}\n\n/**\n * Check if options are orchestrated mode\n */\nexport function isOrchestratedMode(options: AuthOptions | AuthOptionsInput): options is OrchestratedAuthOptions {\n return options.mode === 'orchestrated';\n}\n\n/**\n * Check if orchestrated options are local type\n */\nexport function isOrchestratedLocal(options: OrchestratedAuthOptions): options is OrchestratedLocalOptions {\n return options.type === 'local';\n}\n\n/**\n * Check if orchestrated options are remote type\n */\nexport function isOrchestratedRemote(options: OrchestratedAuthOptions): options is OrchestratedRemoteOptions {\n return options.type === 'remote';\n}\n\n/**\n * Check if options allow public/anonymous access\n */\nexport function allowsPublicAccess(options: AuthOptions): boolean {\n if (options.mode === 'public') return true;\n if (options.mode === 'transparent') return options.allowAnonymous;\n if (options.mode === 'orchestrated') return options.allowDefaultPublic;\n return false;\n}\n"]}
package/src/common/types/options/index.d.ts CHANGED
@@ -3,3 +3,5 @@ export * from './session.options';
3
3
  export * from './http.options';
4
4
  export * from './auth.options';
5
5
  export * from './logging.options';
6
+ export * from './redis.options';
7
+ export * from './transport.options';
package/src/common/types/options/index.js CHANGED
@@ -6,4 +6,6 @@ tslib_1.__exportStar(require("./session.options"), exports);
6
6
  tslib_1.__exportStar(require("./http.options"), exports);
7
7
  tslib_1.__exportStar(require("./auth.options"), exports);
8
8
  tslib_1.__exportStar(require("./logging.options"), exports);
9
+ tslib_1.__exportStar(require("./redis.options"), exports);
10
+ tslib_1.__exportStar(require("./transport.options"), exports);
9
11
  //# sourceMappingURL=index.js.map
package/src/common/types/options/index.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../src/common/types/options/index.ts"],"names":[],"mappings":";;;AAAA,gEAAsC;AACtC,4DAAkC;AAClC,yDAA+B;AAC/B,yDAA+B;AAC/B,4DAAkC","sourcesContent":["export * from './server-info.options';\nexport * from './session.options';\nexport * from './http.options';\nexport * from './auth.options';\nexport * from './logging.options';\n\n\n\n\n\n"]}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../src/common/types/options/index.ts"],"names":[],"mappings":";;;AAAA,gEAAsC;AACtC,4DAAkC;AAClC,yDAA+B;AAC/B,yDAA+B;AAC/B,4DAAkC;AAClC,0DAAgC;AAChC,8DAAoC","sourcesContent":["export * from './server-info.options';\nexport * from './session.options';\nexport * from './http.options';\nexport * from './auth.options';\nexport * from './logging.options';\nexport * from './redis.options';\nexport * from './transport.options';\n"]}
package/src/common/types/options/redis.options.d.ts ADDED
@@ -0,0 +1,190 @@
1
+ import { z } from 'zod';
2
+ /**
3
+ * Supported storage providers
4
+ */
5
+ export declare const storageProviderSchema: z.ZodEnum<{
6
+ redis: "redis";
7
+ "vercel-kv": "vercel-kv";
8
+ }>;
9
+ export type StorageProvider = z.infer<typeof storageProviderSchema>;
10
+ /**
11
+ * Full Redis provider configuration
12
+ */
13
+ export declare const redisProviderSchema: z.ZodObject<{
14
+ provider: z.ZodLiteral<"redis">;
15
+ host: z.ZodString;
16
+ port: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
17
+ password: z.ZodOptional<z.ZodString>;
18
+ db: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
19
+ tls: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
20
+ keyPrefix: z.ZodDefault<z.ZodOptional<z.ZodString>>;
21
+ defaultTtlMs: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
22
+ }, z.core.$strip>;
23
+ export type RedisProviderOptions = z.infer<typeof redisProviderSchema>;
24
+ /**
25
+ * Vercel KV provider configuration
26
+ * Uses environment variables by default (KV_REST_API_URL, KV_REST_API_TOKEN)
27
+ */
28
+ export declare const vercelKvProviderSchema: z.ZodObject<{
29
+ provider: z.ZodLiteral<"vercel-kv">;
30
+ url: z.ZodOptional<z.ZodString>;
31
+ token: z.ZodOptional<z.ZodString>;
32
+ keyPrefix: z.ZodDefault<z.ZodOptional<z.ZodString>>;
33
+ defaultTtlMs: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
34
+ }, z.core.$strip>;
35
+ export type VercelKvProviderOptions = z.infer<typeof vercelKvProviderSchema>;
36
+ /**
37
+ * Shared storage configuration
38
+ * Supports both Redis and Vercel KV providers.
39
+ *
40
+ * @example Redis (explicit provider)
41
+ * ```typescript
42
+ * {
43
+ * provider: 'redis',
44
+ * host: 'localhost',
45
+ * port: 6379,
46
+ * }
47
+ * ```
48
+ *
49
+ * @example Redis (legacy format - backwards compatible)
50
+ * ```typescript
51
+ * {
52
+ * host: 'localhost',
53
+ * port: 6379,
54
+ * }
55
+ * ```
56
+ *
57
+ * @example Vercel KV (uses env vars by default)
58
+ * ```typescript
59
+ * {
60
+ * provider: 'vercel-kv',
61
+ * }
62
+ * ```
63
+ *
64
+ * @example Vercel KV (explicit config)
65
+ * ```typescript
66
+ * {
67
+ * provider: 'vercel-kv',
68
+ * url: 'https://my-kv.vercel-storage.com',
69
+ * token: 'my-token',
70
+ * }
71
+ * ```
72
+ */
73
+ export declare const redisOptionsSchema: z.ZodUnion<readonly [z.ZodObject<{
74
+ provider: z.ZodLiteral<"redis">;
75
+ host: z.ZodString;
76
+ port: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
77
+ password: z.ZodOptional<z.ZodString>;
78
+ db: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
79
+ tls: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
80
+ keyPrefix: z.ZodDefault<z.ZodOptional<z.ZodString>>;
81
+ defaultTtlMs: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
82
+ }, z.core.$strip>, z.ZodObject<{
83
+ provider: z.ZodLiteral<"vercel-kv">;
84
+ url: z.ZodOptional<z.ZodString>;
85
+ token: z.ZodOptional<z.ZodString>;
86
+ keyPrefix: z.ZodDefault<z.ZodOptional<z.ZodString>>;
87
+ defaultTtlMs: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
88
+ }, z.core.$strip>, z.ZodPipe<z.ZodObject<{
89
+ host: z.ZodString;
90
+ port: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
91
+ password: z.ZodOptional<z.ZodString>;
92
+ db: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
93
+ tls: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
94
+ keyPrefix: z.ZodDefault<z.ZodOptional<z.ZodString>>;
95
+ defaultTtlMs: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
96
+ }, z.core.$strip>, z.ZodTransform<{
97
+ provider: "redis";
98
+ host: string;
99
+ port: number;
100
+ db: number;
101
+ tls: boolean;
102
+ keyPrefix: string;
103
+ defaultTtlMs: number;
104
+ password?: string | undefined;
105
+ }, {
106
+ host: string;
107
+ port: number;
108
+ db: number;
109
+ tls: boolean;
110
+ keyPrefix: string;
111
+ defaultTtlMs: number;
112
+ password?: string | undefined;
113
+ }>>]>;
114
+ /**
115
+ * Storage configuration type (with defaults applied)
116
+ */
117
+ export type RedisOptions = z.infer<typeof redisOptionsSchema>;
118
+ /**
119
+ * Storage configuration input type (for user configuration)
120
+ */
121
+ export type RedisOptionsInput = z.input<typeof redisOptionsSchema>;
122
+ /**
123
+ * Pub/Sub configuration (requires Redis, not compatible with Vercel KV)
124
+ *
125
+ * Use this when you need pub/sub features like resource subscriptions
126
+ * but want to use Vercel KV for sessions/cache.
127
+ *
128
+ * @example Hybrid config
129
+ * ```typescript
130
+ * {
131
+ * redis: { provider: 'vercel-kv' }, // sessions/cache
132
+ * pubsub: { host: 'localhost' }, // pub/sub
133
+ * }
134
+ * ```
135
+ */
136
+ export declare const pubsubOptionsSchema: z.ZodUnion<readonly [z.ZodObject<{
137
+ provider: z.ZodLiteral<"redis">;
138
+ host: z.ZodString;
139
+ port: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
140
+ password: z.ZodOptional<z.ZodString>;
141
+ db: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
142
+ tls: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
143
+ keyPrefix: z.ZodDefault<z.ZodOptional<z.ZodString>>;
144
+ defaultTtlMs: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
145
+ }, z.core.$strip>, z.ZodPipe<z.ZodObject<{
146
+ host: z.ZodString;
147
+ port: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
148
+ password: z.ZodOptional<z.ZodString>;
149
+ db: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
150
+ tls: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
151
+ keyPrefix: z.ZodDefault<z.ZodOptional<z.ZodString>>;
152
+ defaultTtlMs: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
153
+ }, z.core.$strip>, z.ZodTransform<{
154
+ provider: "redis";
155
+ host: string;
156
+ port: number;
157
+ db: number;
158
+ tls: boolean;
159
+ keyPrefix: string;
160
+ defaultTtlMs: number;
161
+ password?: string | undefined;
162
+ }, {
163
+ host: string;
164
+ port: number;
165
+ db: number;
166
+ tls: boolean;
167
+ keyPrefix: string;
168
+ defaultTtlMs: number;
169
+ password?: string | undefined;
170
+ }>>]>;
171
+ /**
172
+ * Pub/Sub configuration type (Redis-only)
173
+ */
174
+ export type PubsubOptions = z.infer<typeof pubsubOptionsSchema>;
175
+ /**
176
+ * Pub/Sub configuration input type
177
+ */
178
+ export type PubsubOptionsInput = z.input<typeof pubsubOptionsSchema>;
179
+ /**
180
+ * Check if options are for Redis provider
181
+ */
182
+ export declare function isRedisProvider(options: RedisOptions): options is RedisProviderOptions;
183
+ /**
184
+ * Check if options are for Vercel KV provider
185
+ */
186
+ export declare function isVercelKvProvider(options: RedisOptions): options is VercelKvProviderOptions;
187
+ /**
188
+ * Check if pub/sub options are valid Redis config
189
+ */
190
+ export declare function isPubsubConfigured(options: PubsubOptions): options is RedisProviderOptions;
package/src/common/types/options/redis.options.js ADDED
@@ -0,0 +1,191 @@
1
+ "use strict";
2
+ // common/types/options/redis.options.ts
3
+ Object.defineProperty(exports, "__esModule", { value: true });
4
+ exports.pubsubOptionsSchema = exports.redisOptionsSchema = exports.vercelKvProviderSchema = exports.redisProviderSchema = exports.storageProviderSchema = void 0;
5
+ exports.isRedisProvider = isRedisProvider;
6
+ exports.isVercelKvProvider = isVercelKvProvider;
7
+ exports.isPubsubConfigured = isPubsubConfigured;
8
+ const zod_1 = require("zod");
9
+ // ============================================
10
+ // Storage Provider Types
11
+ // ============================================
12
+ /**
13
+ * Supported storage providers
14
+ */
15
+ exports.storageProviderSchema = zod_1.z.enum(['redis', 'vercel-kv']);
16
+ // ============================================
17
+ // Common Options (shared between providers)
18
+ // ============================================
19
+ const commonOptionsSchema = zod_1.z.object({
20
+ /**
21
+ * Key prefix for all keys
22
+ * @default 'mcp:'
23
+ */
24
+ keyPrefix: zod_1.z.string().optional().default('mcp:'),
25
+ /**
26
+ * Default TTL in milliseconds for stored data
27
+ * @default 3600000 (1 hour)
28
+ */
29
+ defaultTtlMs: zod_1.z.number().int().positive().optional().default(3600000),
30
+ });
31
+ // ============================================
32
+ // Redis Provider Configuration
33
+ // ============================================
34
+ /**
35
+ * Redis-specific connection options
36
+ */
37
+ const redisConnectionSchema = zod_1.z.object({
38
+ /**
39
+ * Redis host
40
+ */
41
+ host: zod_1.z.string().trim().min(1),
42
+ /**
43
+ * Redis port
44
+ * @default 6379
45
+ */
46
+ port: zod_1.z.number().int().positive().max(65535).optional().default(6379),
47
+ /**
48
+ * Redis password (optional)
49
+ */
50
+ password: zod_1.z.string().optional(),
51
+ /**
52
+ * Redis database number
53
+ * @default 0
54
+ */
55
+ db: zod_1.z.number().int().nonnegative().optional().default(0),
56
+ /**
57
+ * Enable TLS connection
58
+ * @default false
59
+ */
60
+ tls: zod_1.z.boolean().optional().default(false),
61
+ });
62
+ /**
63
+ * Full Redis provider configuration
64
+ */
65
+ exports.redisProviderSchema = zod_1.z
66
+ .object({
67
+ /**
68
+ * Storage provider type
69
+ * @default 'redis'
70
+ */
71
+ provider: zod_1.z.literal('redis'),
72
+ })
73
+ .merge(redisConnectionSchema)
74
+ .merge(commonOptionsSchema);
75
+ // ============================================
76
+ // Vercel KV Provider Configuration
77
+ // ============================================
78
+ /**
79
+ * Vercel KV provider configuration
80
+ * Uses environment variables by default (KV_REST_API_URL, KV_REST_API_TOKEN)
81
+ */
82
+ exports.vercelKvProviderSchema = zod_1.z
83
+ .object({
84
+ /**
85
+ * Storage provider type
86
+ */
87
+ provider: zod_1.z.literal('vercel-kv'),
88
+ /**
89
+ * KV REST API URL
90
+ * @default process.env.KV_REST_API_URL
91
+ */
92
+ url: zod_1.z.string().url().optional(),
93
+ /**
94
+ * KV REST API Token
95
+ * @default process.env.KV_REST_API_TOKEN
96
+ */
97
+ token: zod_1.z.string().optional(),
98
+ })
99
+ .merge(commonOptionsSchema);
100
+ // ============================================
101
+ // Legacy Redis Schema (backwards compatibility)
102
+ // ============================================
103
+ /**
104
+ * Legacy Redis configuration without provider field
105
+ * Automatically transforms to redis provider
106
+ */
107
+ const legacyRedisSchema = redisConnectionSchema.merge(commonOptionsSchema).transform((val) => ({
108
+ ...val,
109
+ provider: 'redis',
110
+ }));
111
+ // ============================================
112
+ // Combined Redis Options Schema
113
+ // ============================================
114
+ /**
115
+ * Shared storage configuration
116
+ * Supports both Redis and Vercel KV providers.
117
+ *
118
+ * @example Redis (explicit provider)
119
+ * ```typescript
120
+ * {
121
+ * provider: 'redis',
122
+ * host: 'localhost',
123
+ * port: 6379,
124
+ * }
125
+ * ```
126
+ *
127
+ * @example Redis (legacy format - backwards compatible)
128
+ * ```typescript
129
+ * {
130
+ * host: 'localhost',
131
+ * port: 6379,
132
+ * }
133
+ * ```
134
+ *
135
+ * @example Vercel KV (uses env vars by default)
136
+ * ```typescript
137
+ * {
138
+ * provider: 'vercel-kv',
139
+ * }
140
+ * ```
141
+ *
142
+ * @example Vercel KV (explicit config)
143
+ * ```typescript
144
+ * {
145
+ * provider: 'vercel-kv',
146
+ * url: 'https://my-kv.vercel-storage.com',
147
+ * token: 'my-token',
148
+ * }
149
+ * ```
150
+ */
151
+ exports.redisOptionsSchema = zod_1.z.union([exports.redisProviderSchema, exports.vercelKvProviderSchema, legacyRedisSchema]);
152
+ // ============================================
153
+ // Pub/Sub Options Schema (Redis-only)
154
+ // ============================================
155
+ /**
156
+ * Pub/Sub configuration (requires Redis, not compatible with Vercel KV)
157
+ *
158
+ * Use this when you need pub/sub features like resource subscriptions
159
+ * but want to use Vercel KV for sessions/cache.
160
+ *
161
+ * @example Hybrid config
162
+ * ```typescript
163
+ * {
164
+ * redis: { provider: 'vercel-kv' }, // sessions/cache
165
+ * pubsub: { host: 'localhost' }, // pub/sub
166
+ * }
167
+ * ```
168
+ */
169
+ exports.pubsubOptionsSchema = zod_1.z.union([exports.redisProviderSchema, legacyRedisSchema]);
170
+ // ============================================
171
+ // Type Guards
172
+ // ============================================
173
+ /**
174
+ * Check if options are for Redis provider
175
+ */
176
+ function isRedisProvider(options) {
177
+ return options.provider === 'redis';
178
+ }
179
+ /**
180
+ * Check if options are for Vercel KV provider
181
+ */
182
+ function isVercelKvProvider(options) {
183
+ return options.provider === 'vercel-kv';
184
+ }
185
+ /**
186
+ * Check if pub/sub options are valid Redis config
187
+ */
188
+ function isPubsubConfigured(options) {
189
+ return options.provider === 'redis';
190
+ }
191
+ //# sourceMappingURL=redis.options.js.map
package/src/common/types/options/redis.options.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"redis.options.js","sourceRoot":"","sources":["../../../../../src/common/types/options/redis.options.ts"],"names":[],"mappings":";AAAA,wCAAwC;;;AA2NxC,0CAEC;AAKD,gDAEC;AAKD,gDAEC;AAzOD,6BAAwB;AAExB,+CAA+C;AAC/C,yBAAyB;AACzB,+CAA+C;AAE/C;;GAEG;AACU,QAAA,qBAAqB,GAAG,OAAC,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,WAAW,CAAC,CAAC,CAAC;AAGpE,+CAA+C;AAC/C,4CAA4C;AAC5C,+CAA+C;AAE/C,MAAM,mBAAmB,GAAG,OAAC,CAAC,MAAM,CAAC;IACnC;;;OAGG;IACH,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC;IAEhD;;;OAGG;IACH,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC;CACtE,CAAC,CAAC;AAEH,+CAA+C;AAC/C,+BAA+B;AAC/B,+CAA+C;AAE/C;;GAEG;AACH,MAAM,qBAAqB,GAAG,OAAC,CAAC,MAAM,CAAC;IACrC;;OAEG;IACH,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAE9B;;;OAGG;IACH,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IAErE;;OAEG;IACH,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAE/B;;;OAGG;IACH,EAAE,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,WAAW,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC;IAExD;;;OAGG;IACH,GAAG,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;CAC3C,CAAC,CAAC;AAEH;;GAEG;AACU,QAAA,mBAAmB,GAAG,OAAC;KACjC,MAAM,CAAC;IACN;;;OAGG;IACH,QAAQ,EAAE,OAAC,CAAC,OAAO,CAAC,OAAO,CAAC;CAC7B,CAAC;KACD,KAAK,CAAC,qBAAqB,CAAC;KAC5B,KAAK,CAAC,mBAAmB,CAAC,CAAC;AAI9B,+CAA+C;AAC/C,mCAAmC;AACnC,+CAA+C;AAE/C;;;GAGG;AACU,QAAA,sBAAsB,GAAG,OAAC;KACpC,MAAM,CAAC;IACN;;OAEG;IACH,QAAQ,EAAE,OAAC,CAAC,OAAO,CAAC,WAAW,CAAC;IAEhC;;;OAGG;IACH,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;IAEhC;;;OAGG;IACH,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAC7B,CAAC;KACD,KAAK,CAAC,mBAAmB,CAAC,CAAC;AAI9B,+CAA+C;AAC/C,gDAAgD;AAChD,+CAA+C;AAE/C;;;GAGG;AACH,MAAM,iBAAiB,GAAG,qBAAqB,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC,SAAS,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;IAC7F,GAAG,GAAG;IACN,QAAQ,EAAE,OAAgB;CAC3B,CAAC,CAAC,CAAC;AAEJ,+CAA+C;AAC/C,gCAAgC;AAChC,+CAA+C;AAE/C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAoCG;AACU,QAAA,kBAAkB,GAAG,OAAC,CAAC,KAAK,CAAC,CAAC,2BAAmB,EAAE,8BAAsB,EAAE,iBAAiB,CAAC,CAAC,CAAC;AAY5G,+CAA+C;AAC/C,sCAAsC;AACtC,+CAA+C;AAE/C;;;;;;;;;;;;;GAaG;AACU,QAAA,mBAAmB,GAAG,OAAC,CAAC,KAAK,CAAC,CAAC,2BAAmB,EAAE,iBAAiB,CAAC,CAAC,CAAC;AAYrF,+CAA+C;AAC/C,cAAc;AACd,+CAA+C;AAE/C;;GAEG;AACH,SAAgB,eAAe,CAAC,OAAqB;IACnD,OAAO,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC;AACtC,CAAC;AAED;;GAEG;AACH,SAAgB,kBAAkB,CAAC,OAAqB;IACtD,OAAO,OAAO,CAAC,QAAQ,KAAK,WAAW,CAAC;AAC1C,CAAC;AAED;;GAEG;AACH,SAAgB,kBAAkB,CAAC,OAAsB;IACvD,OAAO,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC;AACtC,CAAC","sourcesContent":["// common/types/options/redis.options.ts\n\nimport { z } from 'zod';\n\n// ============================================\n// Storage Provider Types\n// ============================================\n\n/**\n * Supported storage providers\n */\nexport const storageProviderSchema = z.enum(['redis', 'vercel-kv']);\nexport type StorageProvider = z.infer<typeof storageProviderSchema>;\n\n// ============================================\n// Common Options (shared between providers)\n// ============================================\n\nconst commonOptionsSchema = z.object({\n /**\n * Key prefix for all keys\n * @default 'mcp:'\n */\n keyPrefix: z.string().optional().default('mcp:'),\n\n /**\n * Default TTL in milliseconds for stored data\n * @default 3600000 (1 hour)\n */\n defaultTtlMs: z.number().int().positive().optional().default(3600000),\n});\n\n// ============================================\n// Redis Provider Configuration\n// ============================================\n\n/**\n * Redis-specific connection options\n */\nconst redisConnectionSchema = z.object({\n /**\n * Redis host\n */\n host: z.string().trim().min(1),\n\n /**\n * Redis port\n * @default 6379\n */\n port: z.number().int().positive().max(65535).optional().default(6379),\n\n /**\n * Redis password (optional)\n */\n password: z.string().optional(),\n\n /**\n * Redis database number\n * @default 0\n */\n db: z.number().int().nonnegative().optional().default(0),\n\n /**\n * Enable TLS connection\n * @default false\n */\n tls: z.boolean().optional().default(false),\n});\n\n/**\n * Full Redis provider configuration\n */\nexport const redisProviderSchema = z\n .object({\n /**\n * Storage provider type\n * @default 'redis'\n */\n provider: z.literal('redis'),\n })\n .merge(redisConnectionSchema)\n .merge(commonOptionsSchema);\n\nexport type RedisProviderOptions = z.infer<typeof redisProviderSchema>;\n\n// ============================================\n// Vercel KV Provider Configuration\n// ============================================\n\n/**\n * Vercel KV provider configuration\n * Uses environment variables by default (KV_REST_API_URL, KV_REST_API_TOKEN)\n */\nexport const vercelKvProviderSchema = z\n .object({\n /**\n * Storage provider type\n */\n provider: z.literal('vercel-kv'),\n\n /**\n * KV REST API URL\n * @default process.env.KV_REST_API_URL\n */\n url: z.string().url().optional(),\n\n /**\n * KV REST API Token\n * @default process.env.KV_REST_API_TOKEN\n */\n token: z.string().optional(),\n })\n .merge(commonOptionsSchema);\n\nexport type VercelKvProviderOptions = z.infer<typeof vercelKvProviderSchema>;\n\n// ============================================\n// Legacy Redis Schema (backwards compatibility)\n// ============================================\n\n/**\n * Legacy Redis configuration without provider field\n * Automatically transforms to redis provider\n */\nconst legacyRedisSchema = redisConnectionSchema.merge(commonOptionsSchema).transform((val) => ({\n ...val,\n provider: 'redis' as const,\n}));\n\n// ============================================\n// Combined Redis Options Schema\n// ============================================\n\n/**\n * Shared storage configuration\n * Supports both Redis and Vercel KV providers.\n *\n * @example Redis (explicit provider)\n * ```typescript\n * {\n * provider: 'redis',\n * host: 'localhost',\n * port: 6379,\n * }\n * ```\n *\n * @example Redis (legacy format - backwards compatible)\n * ```typescript\n * {\n * host: 'localhost',\n * port: 6379,\n * }\n * ```\n *\n * @example Vercel KV (uses env vars by default)\n * ```typescript\n * {\n * provider: 'vercel-kv',\n * }\n * ```\n *\n * @example Vercel KV (explicit config)\n * ```typescript\n * {\n * provider: 'vercel-kv',\n * url: 'https://my-kv.vercel-storage.com',\n * token: 'my-token',\n * }\n * ```\n */\nexport const redisOptionsSchema = z.union([redisProviderSchema, vercelKvProviderSchema, legacyRedisSchema]);\n\n/**\n * Storage configuration type (with defaults applied)\n */\nexport type RedisOptions = z.infer<typeof redisOptionsSchema>;\n\n/**\n * Storage configuration input type (for user configuration)\n */\nexport type RedisOptionsInput = z.input<typeof redisOptionsSchema>;\n\n// ============================================\n// Pub/Sub Options Schema (Redis-only)\n// ============================================\n\n/**\n * Pub/Sub configuration (requires Redis, not compatible with Vercel KV)\n *\n * Use this when you need pub/sub features like resource subscriptions\n * but want to use Vercel KV for sessions/cache.\n *\n * @example Hybrid config\n * ```typescript\n * {\n * redis: { provider: 'vercel-kv' }, // sessions/cache\n * pubsub: { host: 'localhost' }, // pub/sub\n * }\n * ```\n */\nexport const pubsubOptionsSchema = z.union([redisProviderSchema, legacyRedisSchema]);\n\n/**\n * Pub/Sub configuration type (Redis-only)\n */\nexport type PubsubOptions = z.infer<typeof pubsubOptionsSchema>;\n\n/**\n * Pub/Sub configuration input type\n */\nexport type PubsubOptionsInput = z.input<typeof pubsubOptionsSchema>;\n\n// ============================================\n// Type Guards\n// ============================================\n\n/**\n * Check if options are for Redis provider\n */\nexport function isRedisProvider(options: RedisOptions): options is RedisProviderOptions {\n return options.provider === 'redis';\n}\n\n/**\n * Check if options are for Vercel KV provider\n */\nexport function isVercelKvProvider(options: RedisOptions): options is VercelKvProviderOptions {\n return options.provider === 'vercel-kv';\n}\n\n/**\n * Check if pub/sub options are valid Redis config\n */\nexport function isPubsubConfigured(options: PubsubOptions): options is RedisProviderOptions {\n return options.provider === 'redis';\n}\n"]}
package/src/common/types/options/server-info.options.d.ts CHANGED
@@ -16,5 +16,9 @@ export declare const serverInfoOptionsSchema: z.ZodObject<{
16
16
  src: z.ZodString;
17
17
  mimeType: z.ZodOptional<z.ZodString>;
18
18
  sizes: z.ZodOptional<z.ZodArray<z.ZodString>>;
19
+ theme: z.ZodOptional<z.ZodEnum<{
20
+ light: "light";
21
+ dark: "dark";
22
+ }>>;
19
23
  }, z.core.$strip>>>;
20
24
  }, z.core.$strip>;