@frontmcp/sdk 0.6.0 → 0.6.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/{src/auth → auth}/instances/instance.local-primary-auth.d.ts +1 -1
- package/{src/auth → auth}/instances/instance.remote-primary-auth.d.ts +1 -1
- package/{src/auth → auth}/session/index.d.ts +1 -0
- package/auth/session/vercel-kv-session.store.d.ts +96 -0
- package/{src/common → common}/interfaces/internal/primary-auth-provider.interface.d.ts +1 -4
- package/{src/common → common}/metadata/front-mcp.metadata.d.ts +1779 -67
- package/{src/common → common}/metadata/prompt.metadata.d.ts +4 -0
- package/{src/common → common}/metadata/resource.metadata.d.ts +8 -0
- package/{src/common → common}/metadata/tool-ui.metadata.d.ts +2 -2
- package/{src/common → common}/metadata/tool.metadata.d.ts +4 -0
- package/{src/common → common}/schemas/http-output.schema.d.ts +24 -6
- package/common/types/options/auth/app-auth.schema.d.ts +275 -0
- package/common/types/options/auth/auth.interfaces.d.ts +461 -0
- package/common/types/options/auth/auth.schema.d.ts +284 -0
- package/common/types/options/auth/auth.utils.d.ts +32 -0
- package/common/types/options/auth/index.d.ts +16 -0
- package/common/types/options/auth/orchestrated.schema.d.ts +381 -0
- package/common/types/options/auth/public.schema.d.ts +42 -0
- package/common/types/options/auth/shared.schemas.d.ts +120 -0
- package/common/types/options/auth/transparent.schema.d.ts +56 -0
- package/common/types/options/auth/transport.deprecated.d.ts +63 -0
- package/{src/common → common}/types/options/index.d.ts +1 -1
- package/common/types/options/redis.options.d.ts +190 -0
- package/{src/common → common}/types/options/server-info.options.d.ts +4 -0
- package/{src/common → common}/types/options/transport.options.d.ts +74 -5
- package/{src/common → common}/utils/decide-request-intent.utils.d.ts +6 -7
- package/common/utils/global-config.utils.d.ts +36 -0
- package/{src/common → common}/utils/index.d.ts +1 -0
- package/{src/completion → completion}/flows/complete.flow.d.ts +6 -8
- package/{src/errors → errors}/index.d.ts +1 -1
- package/{src/errors → errors}/mcp.error.d.ts +9 -0
- package/esm/index.mjs +22664 -0
- package/esm/mcp-apps/index.mjs +723 -0
- package/esm/package.json +81 -0
- package/{src/front-mcp → front-mcp}/front-mcp.providers.d.ts +246 -38
- package/front-mcp/index.d.ts +2 -0
- package/{src/index.d.ts → index.d.ts} +1 -1
- package/index.js +22957 -0
- package/logger/logger.tokens.d.ts +1 -0
- package/{src/logging → logging}/flows/set-level.flow.d.ts +6 -8
- package/mcp-apps/index.js +799 -0
- package/package.json +37 -17
- package/{src/prompt → prompt}/flows/get-prompt.flow.d.ts +14 -8
- package/{src/prompt → prompt}/flows/prompts-list.flow.d.ts +8 -7
- package/{src/resource → resource}/flows/read-resource.flow.d.ts +8 -9
- package/{src/resource → resource}/flows/resource-templates-list.flow.d.ts +8 -7
- package/{src/resource → resource}/flows/resources-list.flow.d.ts +8 -7
- package/{src/resource → resource}/flows/subscribe-resource.flow.d.ts +6 -8
- package/{src/resource → resource}/flows/unsubscribe-resource.flow.d.ts +6 -8
- package/store/adapters/store.vercel-kv.adapter.d.ts +86 -0
- package/{src/store → store}/index.d.ts +2 -0
- package/store/store.factory.d.ts +86 -0
- package/{src/tool → tool}/flows/call-tool.flow.d.ts +18 -9
- package/{src/tool → tool}/flows/tools-list.flow.d.ts +9 -8
- package/{src/tool → tool}/ui/index.d.ts +4 -4
- package/{src/tool → tool}/ui/platform-adapters.d.ts +2 -2
- package/{src/tool → tool}/ui/template-helpers.d.ts +5 -7
- package/{src/tool → tool}/ui/ui-resource.handler.d.ts +1 -1
- package/{src/transport → transport}/mcp-handlers/complete-request.handler.d.ts +4 -15
- package/{src/transport → transport}/mcp-handlers/get-prompt-request.handler.d.ts +5 -15
- package/{src/transport → transport}/mcp-handlers/index.d.ts +67 -195
- package/{src/transport → transport}/mcp-handlers/list-prompts-request.handler.d.ts +5 -15
- package/{src/transport → transport}/mcp-handlers/list-resource-templates-request.handler.d.ts +5 -15
- package/{src/transport → transport}/mcp-handlers/list-resources-request.handler.d.ts +5 -15
- package/{src/transport → transport}/mcp-handlers/list-tools-request.handler.d.ts +5 -15
- package/{src/transport → transport}/mcp-handlers/logging-set-level-request.handler.d.ts +3 -14
- package/{src/transport → transport}/mcp-handlers/read-resource-request.handler.d.ts +4 -15
- package/{src/transport → transport}/mcp-handlers/subscribe-request.handler.d.ts +3 -14
- package/{src/transport → transport}/mcp-handlers/unsubscribe-request.handler.d.ts +3 -14
- package/{src/transport → transport}/transport.registry.d.ts +5 -1
- package/README.md +0 -460
- package/src/adapter/adapter.instance.js +0 -70
- package/src/adapter/adapter.instance.js.map +0 -1
- package/src/adapter/adapter.regsitry.js +0 -54
- package/src/adapter/adapter.regsitry.js.map +0 -1
- package/src/adapter/adapter.utils.js +0 -83
- package/src/adapter/adapter.utils.js.map +0 -1
- package/src/app/app.registry.js +0 -66
- package/src/app/app.registry.js.map +0 -1
- package/src/app/app.utils.js +0 -58
- package/src/app/app.utils.js.map +0 -1
- package/src/app/instances/app.local.instance.js +0 -67
- package/src/app/instances/app.local.instance.js.map +0 -1
- package/src/app/instances/app.remote.instance.js +0 -36
- package/src/app/instances/app.remote.instance.js.map +0 -1
- package/src/app/instances/index.js +0 -6
- package/src/app/instances/index.js.map +0 -1
- package/src/auth/auth.registry.js +0 -219
- package/src/auth/auth.registry.js.map +0 -1
- package/src/auth/auth.utils.js +0 -84
- package/src/auth/auth.utils.js.map +0 -1
- package/src/auth/authorization/authorization.class.js +0 -217
- package/src/auth/authorization/authorization.class.js.map +0 -1
- package/src/auth/authorization/authorization.types.js +0 -79
- package/src/auth/authorization/authorization.types.js.map +0 -1
- package/src/auth/authorization/index.js +0 -19
- package/src/auth/authorization/index.js.map +0 -1
- package/src/auth/authorization/orchestrated.authorization.js +0 -306
- package/src/auth/authorization/orchestrated.authorization.js.map +0 -1
- package/src/auth/authorization/public.authorization.js +0 -132
- package/src/auth/authorization/public.authorization.js.map +0 -1
- package/src/auth/authorization/transparent.authorization.js +0 -147
- package/src/auth/authorization/transparent.authorization.js.map +0 -1
- package/src/auth/consent/consent.types.js +0 -119
- package/src/auth/consent/consent.types.js.map +0 -1
- package/src/auth/consent/index.js +0 -13
- package/src/auth/consent/index.js.map +0 -1
- package/src/auth/detection/auth-provider-detection.js +0 -230
- package/src/auth/detection/auth-provider-detection.js.map +0 -1
- package/src/auth/detection/index.js +0 -15
- package/src/auth/detection/index.js.map +0 -1
- package/src/auth/flows/auth.verify.flow.js +0 -379
- package/src/auth/flows/auth.verify.flow.js.map +0 -1
- package/src/auth/flows/oauth.authorize.flow.js +0 -822
- package/src/auth/flows/oauth.authorize.flow.js.map +0 -1
- package/src/auth/flows/oauth.callback.flow.js +0 -357
- package/src/auth/flows/oauth.callback.flow.js.map +0 -1
- package/src/auth/flows/oauth.register.flow.js +0 -201
- package/src/auth/flows/oauth.register.flow.js.map +0 -1
- package/src/auth/flows/oauth.token.flow.js +0 -319
- package/src/auth/flows/oauth.token.flow.js.map +0 -1
- package/src/auth/flows/session.verify.flow.js +0 -304
- package/src/auth/flows/session.verify.flow.js.map +0 -1
- package/src/auth/flows/well-known.jwks.flow.js +0 -89
- package/src/auth/flows/well-known.jwks.flow.js.map +0 -1
- package/src/auth/flows/well-known.oauth-authorization-server.flow.js +0 -122
- package/src/auth/flows/well-known.oauth-authorization-server.flow.js.map +0 -1
- package/src/auth/flows/well-known.prm.flow.js +0 -106
- package/src/auth/flows/well-known.prm.flow.js.map +0 -1
- package/src/auth/instances/instance.local-primary-auth.js +0 -308
- package/src/auth/instances/instance.local-primary-auth.js.map +0 -1
- package/src/auth/instances/instance.remote-primary-auth.js +0 -49
- package/src/auth/instances/instance.remote-primary-auth.js.map +0 -1
- package/src/auth/jwks/dev-key-persistence.js +0 -219
- package/src/auth/jwks/dev-key-persistence.js.map +0 -1
- package/src/auth/jwks/index.js +0 -7
- package/src/auth/jwks/index.js.map +0 -1
- package/src/auth/jwks/jwks.service.js +0 -303
- package/src/auth/jwks/jwks.service.js.map +0 -1
- package/src/auth/jwks/jwks.types.js +0 -3
- package/src/auth/jwks/jwks.types.js.map +0 -1
- package/src/auth/jwks/jwks.utils.js +0 -32
- package/src/auth/jwks/jwks.utils.js.map +0 -1
- package/src/auth/machine-id.js +0 -32
- package/src/auth/machine-id.js.map +0 -1
- package/src/auth/oauth/flows/oauth.authorize.flow.js +0 -33
- package/src/auth/oauth/flows/oauth.authorize.flow.js.map +0 -1
- package/src/auth/oauth/flows/oauth.device-authorization.flow.js +0 -48
- package/src/auth/oauth/flows/oauth.device-authorization.flow.js.map +0 -1
- package/src/auth/oauth/flows/oauth.introspect.flow.js +0 -28
- package/src/auth/oauth/flows/oauth.introspect.flow.js.map +0 -1
- package/src/auth/oauth/flows/oauth.par.flow.js +0 -29
- package/src/auth/oauth/flows/oauth.par.flow.js.map +0 -1
- package/src/auth/oauth/flows/oauth.revoke.flow.js +0 -27
- package/src/auth/oauth/flows/oauth.revoke.flow.js.map +0 -1
- package/src/auth/oauth/flows/oauth.token.flow.js +0 -59
- package/src/auth/oauth/flows/oauth.token.flow.js.map +0 -1
- package/src/auth/oauth/flows/oauth.userinfo.flow.js +0 -24
- package/src/auth/oauth/flows/oauth.userinfo.flow.js.map +0 -1
- package/src/auth/oauth/flows/oidc.logout.flow.js +0 -20
- package/src/auth/oauth/flows/oidc.logout.flow.js.map +0 -1
- package/src/auth/session/authorization-vault.js +0 -817
- package/src/auth/session/authorization-vault.js.map +0 -1
- package/src/auth/session/authorization.store.js +0 -323
- package/src/auth/session/authorization.store.js.map +0 -1
- package/src/auth/session/encrypted-authorization-vault.js +0 -493
- package/src/auth/session/encrypted-authorization-vault.js.map +0 -1
- package/src/auth/session/index.js +0 -16
- package/src/auth/session/index.js.map +0 -1
- package/src/auth/session/record/session.base.js +0 -125
- package/src/auth/session/record/session.base.js.map +0 -1
- package/src/auth/session/record/session.stateful.js +0 -55
- package/src/auth/session/record/session.stateful.js.map +0 -1
- package/src/auth/session/record/session.stateless.js +0 -32
- package/src/auth/session/record/session.stateless.js.map +0 -1
- package/src/auth/session/record/session.transparent.js +0 -22
- package/src/auth/session/record/session.transparent.js.map +0 -1
- package/src/auth/session/redis-session.store.js +0 -204
- package/src/auth/session/redis-session.store.js.map +0 -1
- package/src/auth/session/session.crypto.js +0 -47
- package/src/auth/session/session.crypto.js.map +0 -1
- package/src/auth/session/session.schema.js +0 -13
- package/src/auth/session/session.schema.js.map +0 -1
- package/src/auth/session/session.service.js +0 -105
- package/src/auth/session/session.service.js.map +0 -1
- package/src/auth/session/session.transport.js +0 -20
- package/src/auth/session/session.transport.js.map +0 -1
- package/src/auth/session/session.types.js +0 -4
- package/src/auth/session/session.types.js.map +0 -1
- package/src/auth/session/token.refresh.js +0 -63
- package/src/auth/session/token.refresh.js.map +0 -1
- package/src/auth/session/token.store.js +0 -53
- package/src/auth/session/token.store.js.map +0 -1
- package/src/auth/session/token.vault.js +0 -54
- package/src/auth/session/token.vault.js.map +0 -1
- package/src/auth/session/transport-session.manager.js +0 -298
- package/src/auth/session/transport-session.manager.js.map +0 -1
- package/src/auth/session/transport-session.types.js +0 -111
- package/src/auth/session/transport-session.types.js.map +0 -1
- package/src/auth/session/utils/auth-token.utils.js +0 -57
- package/src/auth/session/utils/auth-token.utils.js.map +0 -1
- package/src/auth/session/utils/session-id.utils.js +0 -217
- package/src/auth/session/utils/session-id.utils.js.map +0 -1
- package/src/auth/session/utils/tiny-ttl-cache.js +0 -26
- package/src/auth/session/utils/tiny-ttl-cache.js.map +0 -1
- package/src/auth/session/vault-encryption.js +0 -263
- package/src/auth/session/vault-encryption.js.map +0 -1
- package/src/auth/ui/base-layout.js +0 -279
- package/src/auth/ui/base-layout.js.map +0 -1
- package/src/auth/ui/index.js +0 -34
- package/src/auth/ui/index.js.map +0 -1
- package/src/auth/ui/templates.js +0 -426
- package/src/auth/ui/templates.js.map +0 -1
- package/src/auth/utils/audience.validator.js +0 -196
- package/src/auth/utils/audience.validator.js.map +0 -1
- package/src/auth/utils/index.js +0 -7
- package/src/auth/utils/index.js.map +0 -1
- package/src/auth/utils/www-authenticate.utils.js +0 -183
- package/src/auth/utils/www-authenticate.utils.js.map +0 -1
- package/src/common/common.schema.js +0 -35
- package/src/common/common.schema.js.map +0 -1
- package/src/common/constants.js +0 -13
- package/src/common/constants.js.map +0 -1
- package/src/common/decorators/adapter.decorator.js +0 -20
- package/src/common/decorators/adapter.decorator.js.map +0 -1
- package/src/common/decorators/app.decorator.js +0 -44
- package/src/common/decorators/app.decorator.js.map +0 -1
- package/src/common/decorators/auth-provider.decorator.js +0 -20
- package/src/common/decorators/auth-provider.decorator.js.map +0 -1
- package/src/common/decorators/decorator-utils.js +0 -195
- package/src/common/decorators/decorator-utils.js.map +0 -1
- package/src/common/decorators/flow.decorator.js +0 -19
- package/src/common/decorators/flow.decorator.js.map +0 -1
- package/src/common/decorators/front-mcp.decorator.js +0 -67
- package/src/common/decorators/front-mcp.decorator.js.map +0 -1
- package/src/common/decorators/hook.decorator.js +0 -178
- package/src/common/decorators/hook.decorator.js.map +0 -1
- package/src/common/decorators/index.js +0 -16
- package/src/common/decorators/index.js.map +0 -1
- package/src/common/decorators/logger.decorator.js +0 -20
- package/src/common/decorators/logger.decorator.js.map +0 -1
- package/src/common/decorators/plugin.decorator.js +0 -39
- package/src/common/decorators/plugin.decorator.js.map +0 -1
- package/src/common/decorators/prompt.decorator.js +0 -38
- package/src/common/decorators/prompt.decorator.js.map +0 -1
- package/src/common/decorators/provider.decorator.js +0 -20
- package/src/common/decorators/provider.decorator.js.map +0 -1
- package/src/common/decorators/resource.decorator.js +0 -94
- package/src/common/decorators/resource.decorator.js.map +0 -1
- package/src/common/decorators/tool.decorator.js +0 -45
- package/src/common/decorators/tool.decorator.js.map +0 -1
- package/src/common/dynamic/dynamic.adapter.js +0 -28
- package/src/common/dynamic/dynamic.adapter.js.map +0 -1
- package/src/common/dynamic/dynamic.plugin.js +0 -42
- package/src/common/dynamic/dynamic.plugin.js.map +0 -1
- package/src/common/dynamic/dynamic.utils.js +0 -27
- package/src/common/dynamic/dynamic.utils.js.map +0 -1
- package/src/common/dynamic/index.js +0 -6
- package/src/common/dynamic/index.js.map +0 -1
- package/src/common/entries/adapter.entry.js +0 -8
- package/src/common/entries/adapter.entry.js.map +0 -1
- package/src/common/entries/app.entry.js +0 -9
- package/src/common/entries/app.entry.js.map +0 -1
- package/src/common/entries/auth-provider.entry.js +0 -8
- package/src/common/entries/auth-provider.entry.js.map +0 -1
- package/src/common/entries/base.entry.js +0 -17
- package/src/common/entries/base.entry.js.map +0 -1
- package/src/common/entries/flow.entry.js +0 -21
- package/src/common/entries/flow.entry.js.map +0 -1
- package/src/common/entries/hook.entry.js +0 -20
- package/src/common/entries/hook.entry.js.map +0 -1
- package/src/common/entries/index.js +0 -17
- package/src/common/entries/index.js.map +0 -1
- package/src/common/entries/logger.entry.js +0 -8
- package/src/common/entries/logger.entry.js.map +0 -1
- package/src/common/entries/plugin.entry.js +0 -8
- package/src/common/entries/plugin.entry.js.map +0 -1
- package/src/common/entries/prompt.entry.js +0 -18
- package/src/common/entries/prompt.entry.js.map +0 -1
- package/src/common/entries/provider.entry.js +0 -8
- package/src/common/entries/provider.entry.js.map +0 -1
- package/src/common/entries/resource.entry.js +0 -35
- package/src/common/entries/resource.entry.js.map +0 -1
- package/src/common/entries/scope.entry.js +0 -14
- package/src/common/entries/scope.entry.js.map +0 -1
- package/src/common/entries/tool.entry.js +0 -31
- package/src/common/entries/tool.entry.js.map +0 -1
- package/src/common/flow/flow.utils.js +0 -96
- package/src/common/flow/flow.utils.js.map +0 -1
- package/src/common/index.js +0 -20
- package/src/common/index.js.map +0 -1
- package/src/common/interfaces/adapter.interface.js +0 -3
- package/src/common/interfaces/adapter.interface.js.map +0 -1
- package/src/common/interfaces/app.interface.js +0 -3
- package/src/common/interfaces/app.interface.js.map +0 -1
- package/src/common/interfaces/auth-hook.interface.js +0 -135
- package/src/common/interfaces/auth-hook.interface.js.map +0 -1
- package/src/common/interfaces/auth-provider.interface.js +0 -18
- package/src/common/interfaces/auth-provider.interface.js.map +0 -1
- package/src/common/interfaces/base.interface.js +0 -3
- package/src/common/interfaces/base.interface.js.map +0 -1
- package/src/common/interfaces/execution-context.interface.js +0 -166
- package/src/common/interfaces/execution-context.interface.js.map +0 -1
- package/src/common/interfaces/flow.interface.js +0 -95
- package/src/common/interfaces/flow.interface.js.map +0 -1
- package/src/common/interfaces/front-mcp.interface.js +0 -3
- package/src/common/interfaces/front-mcp.interface.js.map +0 -1
- package/src/common/interfaces/hook.interface.js +0 -3
- package/src/common/interfaces/hook.interface.js.map +0 -1
- package/src/common/interfaces/index.js +0 -21
- package/src/common/interfaces/index.js.map +0 -1
- package/src/common/interfaces/internal/flow.utils.js +0 -83
- package/src/common/interfaces/internal/flow.utils.js.map +0 -1
- package/src/common/interfaces/internal/index.js +0 -7
- package/src/common/interfaces/internal/index.js.map +0 -1
- package/src/common/interfaces/internal/primary-auth-provider.interface.js +0 -81
- package/src/common/interfaces/internal/primary-auth-provider.interface.js.map +0 -1
- package/src/common/interfaces/internal/registry.interface.js +0 -3
- package/src/common/interfaces/internal/registry.interface.js.map +0 -1
- package/src/common/interfaces/logger.interface.js +0 -10
- package/src/common/interfaces/logger.interface.js.map +0 -1
- package/src/common/interfaces/plugin.interface.js +0 -3
- package/src/common/interfaces/plugin.interface.js.map +0 -1
- package/src/common/interfaces/prompt.interface.js +0 -81
- package/src/common/interfaces/prompt.interface.js.map +0 -1
- package/src/common/interfaces/provider.interface.js +0 -18
- package/src/common/interfaces/provider.interface.js.map +0 -1
- package/src/common/interfaces/resource.interface.js +0 -56
- package/src/common/interfaces/resource.interface.js.map +0 -1
- package/src/common/interfaces/scope.interface.js +0 -3
- package/src/common/interfaces/scope.interface.js.map +0 -1
- package/src/common/interfaces/server.interface.js +0 -18
- package/src/common/interfaces/server.interface.js.map +0 -1
- package/src/common/interfaces/session-hook.interface.js +0 -140
- package/src/common/interfaces/session-hook.interface.js.map +0 -1
- package/src/common/interfaces/tool-hook.interface.js +0 -92
- package/src/common/interfaces/tool-hook.interface.js.map +0 -1
- package/src/common/interfaces/tool.interface.js +0 -117
- package/src/common/interfaces/tool.interface.js.map +0 -1
- package/src/common/metadata/adapter.metadata.js +0 -10
- package/src/common/metadata/adapter.metadata.js.map +0 -1
- package/src/common/metadata/app.metadata.js +0 -30
- package/src/common/metadata/app.metadata.js.map +0 -1
- package/src/common/metadata/auth-provider.metadata.js +0 -19
- package/src/common/metadata/auth-provider.metadata.js.map +0 -1
- package/src/common/metadata/flow.metadata.js +0 -15
- package/src/common/metadata/flow.metadata.js.map +0 -1
- package/src/common/metadata/front-mcp.metadata.js +0 -29
- package/src/common/metadata/front-mcp.metadata.js.map +0 -1
- package/src/common/metadata/hook.metadata.js +0 -3
- package/src/common/metadata/hook.metadata.js.map +0 -1
- package/src/common/metadata/index.js +0 -17
- package/src/common/metadata/index.js.map +0 -1
- package/src/common/metadata/logger.metadata.js +0 -10
- package/src/common/metadata/logger.metadata.js.map +0 -1
- package/src/common/metadata/plugin.metadata.js +0 -18
- package/src/common/metadata/plugin.metadata.js.map +0 -1
- package/src/common/metadata/prompt.metadata.js +0 -27
- package/src/common/metadata/prompt.metadata.js.map +0 -1
- package/src/common/metadata/provider.metadata.js +0 -36
- package/src/common/metadata/provider.metadata.js.map +0 -1
- package/src/common/metadata/resource.metadata.js +0 -31
- package/src/common/metadata/resource.metadata.js.map +0 -1
- package/src/common/metadata/tool-ui.metadata.js +0 -12
- package/src/common/metadata/tool-ui.metadata.js.map +0 -1
- package/src/common/metadata/tool.metadata.js +0 -55
- package/src/common/metadata/tool.metadata.js.map +0 -1
- package/src/common/migrate/auth-transport.migrate.js +0 -140
- package/src/common/migrate/auth-transport.migrate.js.map +0 -1
- package/src/common/migrate/index.js +0 -6
- package/src/common/migrate/index.js.map +0 -1
- package/src/common/providers/base-config.provider.js +0 -128
- package/src/common/providers/base-config.provider.js.map +0 -1
- package/src/common/records/adapter.record.js +0 -11
- package/src/common/records/adapter.record.js.map +0 -1
- package/src/common/records/app.record.js +0 -9
- package/src/common/records/app.record.js.map +0 -1
- package/src/common/records/auth-provider.record.js +0 -12
- package/src/common/records/auth-provider.record.js.map +0 -1
- package/src/common/records/flow.record.js +0 -8
- package/src/common/records/flow.record.js.map +0 -1
- package/src/common/records/hook.record.js +0 -8
- package/src/common/records/hook.record.js.map +0 -1
- package/src/common/records/index.js +0 -16
- package/src/common/records/index.js.map +0 -1
- package/src/common/records/logger.record.js +0 -8
- package/src/common/records/logger.record.js.map +0 -1
- package/src/common/records/plugin.record.js +0 -11
- package/src/common/records/plugin.record.js.map +0 -1
- package/src/common/records/prompt.record.js +0 -9
- package/src/common/records/prompt.record.js.map +0 -1
- package/src/common/records/provider.record.js +0 -14
- package/src/common/records/provider.record.js.map +0 -1
- package/src/common/records/resource.record.js +0 -20
- package/src/common/records/resource.record.js.map +0 -1
- package/src/common/records/scope.record.js +0 -9
- package/src/common/records/scope.record.js.map +0 -1
- package/src/common/records/tool.record.js +0 -9
- package/src/common/records/tool.record.js.map +0 -1
- package/src/common/schemas/annotated-class.schema.js +0 -109
- package/src/common/schemas/annotated-class.schema.js.map +0 -1
- package/src/common/schemas/http-input.schema.js +0 -13
- package/src/common/schemas/http-input.schema.js.map +0 -1
- package/src/common/schemas/http-output.schema.js +0 -321
- package/src/common/schemas/http-output.schema.js.map +0 -1
- package/src/common/schemas/index.js +0 -8
- package/src/common/schemas/index.js.map +0 -1
- package/src/common/schemas/session-header.schema.js +0 -42
- package/src/common/schemas/session-header.schema.js.map +0 -1
- package/src/common/tokens/adapter.tokens.js +0 -11
- package/src/common/tokens/adapter.tokens.js.map +0 -1
- package/src/common/tokens/app.tokens.js +0 -30
- package/src/common/tokens/app.tokens.js.map +0 -1
- package/src/common/tokens/auth-provider.tokens.js +0 -12
- package/src/common/tokens/auth-provider.tokens.js.map +0 -1
- package/src/common/tokens/base.tokens.js +0 -9
- package/src/common/tokens/base.tokens.js.map +0 -1
- package/src/common/tokens/flow-hook.tokens.js +0 -9
- package/src/common/tokens/flow-hook.tokens.js.map +0 -1
- package/src/common/tokens/flow.tokens.js +0 -16
- package/src/common/tokens/flow.tokens.js.map +0 -1
- package/src/common/tokens/front-mcp.tokens.js +0 -24
- package/src/common/tokens/front-mcp.tokens.js.map +0 -1
- package/src/common/tokens/index.js +0 -17
- package/src/common/tokens/index.js.map +0 -1
- package/src/common/tokens/logger.tokens.js +0 -11
- package/src/common/tokens/logger.tokens.js.map +0 -1
- package/src/common/tokens/plugin.tokens.js +0 -18
- package/src/common/tokens/plugin.tokens.js.map +0 -1
- package/src/common/tokens/prompt.tokens.js +0 -14
- package/src/common/tokens/prompt.tokens.js.map +0 -1
- package/src/common/tokens/provider.tokens.js +0 -12
- package/src/common/tokens/provider.tokens.js.map +0 -1
- package/src/common/tokens/resource.tokens.js +0 -28
- package/src/common/tokens/resource.tokens.js.map +0 -1
- package/src/common/tokens/server.tokens.js +0 -11
- package/src/common/tokens/server.tokens.js.map +0 -1
- package/src/common/tokens/tool.tokens.js +0 -21
- package/src/common/tokens/tool.tokens.js.map +0 -1
- package/src/common/types/auth/index.js +0 -6
- package/src/common/types/auth/index.js.map +0 -1
- package/src/common/types/auth/jwt.types.js +0 -36
- package/src/common/types/auth/jwt.types.js.map +0 -1
- package/src/common/types/auth/session.types.js +0 -53
- package/src/common/types/auth/session.types.js.map +0 -1
- package/src/common/types/common.types.js +0 -3
- package/src/common/types/common.types.js.map +0 -1
- package/src/common/types/index.js +0 -7
- package/src/common/types/index.js.map +0 -1
- package/src/common/types/options/auth.options.d.ts +0 -1266
- package/src/common/types/options/auth.options.js +0 -560
- package/src/common/types/options/auth.options.js.map +0 -1
- package/src/common/types/options/http.options.js +0 -10
- package/src/common/types/options/http.options.js.map +0 -1
- package/src/common/types/options/index.js +0 -11
- package/src/common/types/options/index.js.map +0 -1
- package/src/common/types/options/logging.options.js +0 -33
- package/src/common/types/options/logging.options.js.map +0 -1
- package/src/common/types/options/redis.options.d.ts +0 -22
- package/src/common/types/options/redis.options.js +0 -45
- package/src/common/types/options/redis.options.js.map +0 -1
- package/src/common/types/options/server-info.options.js +0 -13
- package/src/common/types/options/server-info.options.js.map +0 -1
- package/src/common/types/options/session.options.js +0 -32
- package/src/common/types/options/session.options.js.map +0 -1
- package/src/common/types/options/transport.options.js +0 -121
- package/src/common/types/options/transport.options.js.map +0 -1
- package/src/common/utils/decide-request-intent.utils.js +0 -391
- package/src/common/utils/decide-request-intent.utils.js.map +0 -1
- package/src/common/utils/index.js +0 -6
- package/src/common/utils/index.js.map +0 -1
- package/src/common/utils/path.utils.js +0 -66
- package/src/common/utils/path.utils.js.map +0 -1
- package/src/completion/flows/complete.flow.js +0 -199
- package/src/completion/flows/complete.flow.js.map +0 -1
- package/src/context/frontmcp-context-storage.js +0 -183
- package/src/context/frontmcp-context-storage.js.map +0 -1
- package/src/context/frontmcp-context.js +0 -360
- package/src/context/frontmcp-context.js.map +0 -1
- package/src/context/frontmcp-context.provider.js +0 -61
- package/src/context/frontmcp-context.provider.js.map +0 -1
- package/src/context/index.js +0 -64
- package/src/context/index.js.map +0 -1
- package/src/context/request-context-storage.js +0 -183
- package/src/context/request-context-storage.js.map +0 -1
- package/src/context/request-context.js +0 -209
- package/src/context/request-context.js.map +0 -1
- package/src/context/request-context.provider.js +0 -51
- package/src/context/request-context.provider.js.map +0 -1
- package/src/context/session-key.provider.js +0 -65
- package/src/context/session-key.provider.js.map +0 -1
- package/src/context/trace-context.js +0 -142
- package/src/context/trace-context.js.map +0 -1
- package/src/errors/authorization-required.error.js +0 -274
- package/src/errors/authorization-required.error.js.map +0 -1
- package/src/errors/error-handler.js +0 -107
- package/src/errors/error-handler.js.map +0 -1
- package/src/errors/index.js +0 -44
- package/src/errors/index.js.map +0 -1
- package/src/errors/mcp.error.js +0 -398
- package/src/errors/mcp.error.js.map +0 -1
- package/src/exceptions/mcp-exceptions/session-missing.exception.js +0 -11
- package/src/exceptions/mcp-exceptions/session-missing.exception.js.map +0 -1
- package/src/exceptions/mcp-exceptions/unsupported-client-version.exception.js +0 -15
- package/src/exceptions/mcp-exceptions/unsupported-client-version.exception.js.map +0 -1
- package/src/flows/flow.instance.js +0 -420
- package/src/flows/flow.instance.js.map +0 -1
- package/src/flows/flow.registry.js +0 -121
- package/src/flows/flow.registry.js.map +0 -1
- package/src/flows/flow.stages.js +0 -113
- package/src/flows/flow.stages.js.map +0 -1
- package/src/flows/flow.utils.js +0 -36
- package/src/flows/flow.utils.js.map +0 -1
- package/src/front-mcp/front-mcp.js +0 -63
- package/src/front-mcp/front-mcp.js.map +0 -1
- package/src/front-mcp/front-mcp.providers.js +0 -29
- package/src/front-mcp/front-mcp.providers.js.map +0 -1
- package/src/front-mcp/front-mcp.tokens.js +0 -5
- package/src/front-mcp/front-mcp.tokens.js.map +0 -1
- package/src/front-mcp/index.d.ts +0 -1
- package/src/front-mcp/index.js +0 -5
- package/src/front-mcp/index.js.map +0 -1
- package/src/front-mcp/serverless-handler.js +0 -61
- package/src/front-mcp/serverless-handler.js.map +0 -1
- package/src/hooks/hook.instance.js +0 -26
- package/src/hooks/hook.instance.js.map +0 -1
- package/src/hooks/hook.registry.js +0 -152
- package/src/hooks/hook.registry.js.map +0 -1
- package/src/hooks/hooks.utils.js +0 -34
- package/src/hooks/hooks.utils.js.map +0 -1
- package/src/index.js +0 -36
- package/src/index.js.map +0 -1
- package/src/logger/instances/instance.console-logger.js +0 -75
- package/src/logger/instances/instance.console-logger.js.map +0 -1
- package/src/logger/instances/instance.logger.js +0 -77
- package/src/logger/instances/instance.logger.js.map +0 -1
- package/src/logger/logger.registry.js +0 -96
- package/src/logger/logger.registry.js.map +0 -1
- package/src/logger/logger.tokens.js +0 -3
- package/src/logger/logger.tokens.js.map +0 -1
- package/src/logger/logger.types.js +0 -8
- package/src/logger/logger.types.js.map +0 -1
- package/src/logger/logger.utils.js +0 -42
- package/src/logger/logger.utils.js.map +0 -1
- package/src/logging/flows/set-level.flow.js +0 -108
- package/src/logging/flows/set-level.flow.js.map +0 -1
- package/src/mcp-apps/csp.js +0 -267
- package/src/mcp-apps/csp.js.map +0 -1
- package/src/mcp-apps/index.js +0 -91
- package/src/mcp-apps/index.js.map +0 -1
- package/src/mcp-apps/schemas.js +0 -345
- package/src/mcp-apps/schemas.js.map +0 -1
- package/src/mcp-apps/template.js +0 -419
- package/src/mcp-apps/template.js.map +0 -1
- package/src/mcp-apps/types.js +0 -59
- package/src/mcp-apps/types.js.map +0 -1
- package/src/notification/index.js +0 -13
- package/src/notification/index.js.map +0 -1
- package/src/notification/notification.service.js +0 -731
- package/src/notification/notification.service.js.map +0 -1
- package/src/plugin/plugin.registry.js +0 -152
- package/src/plugin/plugin.registry.js.map +0 -1
- package/src/plugin/plugin.utils.js +0 -88
- package/src/plugin/plugin.utils.js.map +0 -1
- package/src/prompt/flows/get-prompt.flow.js +0 -214
- package/src/prompt/flows/get-prompt.flow.js.map +0 -1
- package/src/prompt/flows/prompts-list.flow.js +0 -176
- package/src/prompt/flows/prompts-list.flow.js.map +0 -1
- package/src/prompt/index.js +0 -17
- package/src/prompt/index.js.map +0 -1
- package/src/prompt/prompt.events.js +0 -25
- package/src/prompt/prompt.events.js.map +0 -1
- package/src/prompt/prompt.instance.js +0 -120
- package/src/prompt/prompt.instance.js.map +0 -1
- package/src/prompt/prompt.registry.js +0 -380
- package/src/prompt/prompt.registry.js.map +0 -1
- package/src/prompt/prompt.types.js +0 -11
- package/src/prompt/prompt.types.js.map +0 -1
- package/src/prompt/prompt.utils.js +0 -136
- package/src/prompt/prompt.utils.js.map +0 -1
- package/src/provider/provider.registry.js +0 -868
- package/src/provider/provider.registry.js.map +0 -1
- package/src/provider/provider.types.js +0 -3
- package/src/provider/provider.types.js.map +0 -1
- package/src/provider/provider.utils.js +0 -103
- package/src/provider/provider.utils.js.map +0 -1
- package/src/regsitry/index.js +0 -5
- package/src/regsitry/index.js.map +0 -1
- package/src/regsitry/registry.base.js +0 -32
- package/src/regsitry/registry.base.js.map +0 -1
- package/src/resource/flows/read-resource.flow.js +0 -270
- package/src/resource/flows/read-resource.flow.js.map +0 -1
- package/src/resource/flows/resource-templates-list.flow.js +0 -191
- package/src/resource/flows/resource-templates-list.flow.js.map +0 -1
- package/src/resource/flows/resources-list.flow.js +0 -196
- package/src/resource/flows/resources-list.flow.js.map +0 -1
- package/src/resource/flows/subscribe-resource.flow.js +0 -123
- package/src/resource/flows/subscribe-resource.flow.js.map +0 -1
- package/src/resource/flows/unsubscribe-resource.flow.js +0 -107
- package/src/resource/flows/unsubscribe-resource.flow.js.map +0 -1
- package/src/resource/index.js +0 -20
- package/src/resource/index.js.map +0 -1
- package/src/resource/resource.events.js +0 -17
- package/src/resource/resource.events.js.map +0 -1
- package/src/resource/resource.instance.js +0 -163
- package/src/resource/resource.instance.js.map +0 -1
- package/src/resource/resource.registry.js +0 -468
- package/src/resource/resource.registry.js.map +0 -1
- package/src/resource/resource.types.js +0 -11
- package/src/resource/resource.types.js.map +0 -1
- package/src/resource/resource.utils.js +0 -151
- package/src/resource/resource.utils.js.map +0 -1
- package/src/scope/flows/http.request.flow.js +0 -474
- package/src/scope/flows/http.request.flow.js.map +0 -1
- package/src/scope/index.js +0 -6
- package/src/scope/index.js.map +0 -1
- package/src/scope/scope.instance.js +0 -263
- package/src/scope/scope.instance.js.map +0 -1
- package/src/scope/scope.registry.js +0 -94
- package/src/scope/scope.registry.js.map +0 -1
- package/src/scope/scope.utils.js +0 -61
- package/src/scope/scope.utils.js.map +0 -1
- package/src/server/adapters/base.host.adapter.js +0 -8
- package/src/server/adapters/base.host.adapter.js.map +0 -1
- package/src/server/adapters/express.host.adapter.js +0 -70
- package/src/server/adapters/express.host.adapter.js.map +0 -1
- package/src/server/server.instance.js +0 -54
- package/src/server/server.instance.js.map +0 -1
- package/src/server/server.types.js +0 -3
- package/src/server/server.types.js.map +0 -1
- package/src/server/server.validation.js +0 -192
- package/src/server/server.validation.js.map +0 -1
- package/src/store/adapters/store.base.adapter.js +0 -16
- package/src/store/adapters/store.base.adapter.js.map +0 -1
- package/src/store/adapters/store.memory.adapter.js +0 -89
- package/src/store/adapters/store.memory.adapter.js.map +0 -1
- package/src/store/adapters/store.redis.adapter.js +0 -104
- package/src/store/adapters/store.redis.adapter.js.map +0 -1
- package/src/store/index.js +0 -12
- package/src/store/index.js.map +0 -1
- package/src/store/store.helpers.js +0 -67
- package/src/store/store.helpers.js.map +0 -1
- package/src/store/store.registry.js +0 -37
- package/src/store/store.registry.js.map +0 -1
- package/src/store/store.tokens.js +0 -7
- package/src/store/store.tokens.js.map +0 -1
- package/src/store/store.types.js +0 -11
- package/src/store/store.types.js.map +0 -1
- package/src/store/store.utils.js +0 -18
- package/src/store/store.utils.js.map +0 -1
- package/src/tool/flows/call-tool.flow.js +0 -616
- package/src/tool/flows/call-tool.flow.js.map +0 -1
- package/src/tool/flows/tools-list.flow.js +0 -328
- package/src/tool/flows/tools-list.flow.js.map +0 -1
- package/src/tool/tool.events.js +0 -16
- package/src/tool/tool.events.js.map +0 -1
- package/src/tool/tool.instance.js +0 -117
- package/src/tool/tool.instance.js.map +0 -1
- package/src/tool/tool.registry.js +0 -353
- package/src/tool/tool.registry.js.map +0 -1
- package/src/tool/tool.types.js +0 -10
- package/src/tool/tool.types.js.map +0 -1
- package/src/tool/tool.utils.js +0 -366
- package/src/tool/tool.utils.js.map +0 -1
- package/src/tool/ui/index.js +0 -63
- package/src/tool/ui/index.js.map +0 -1
- package/src/tool/ui/platform-adapters.js +0 -18
- package/src/tool/ui/platform-adapters.js.map +0 -1
- package/src/tool/ui/template-helpers.js +0 -112
- package/src/tool/ui/template-helpers.js.map +0 -1
- package/src/tool/ui/ui-resource-template.js +0 -64
- package/src/tool/ui/ui-resource-template.js.map +0 -1
- package/src/tool/ui/ui-resource.handler.js +0 -129
- package/src/tool/ui/ui-resource.handler.js.map +0 -1
- package/src/transport/adapters/transport.local.adapter.js +0 -148
- package/src/transport/adapters/transport.local.adapter.js.map +0 -1
- package/src/transport/adapters/transport.sse.adapter.js +0 -65
- package/src/transport/adapters/transport.sse.adapter.js.map +0 -1
- package/src/transport/adapters/transport.streamable-http.adapter.js +0 -112
- package/src/transport/adapters/transport.streamable-http.adapter.js.map +0 -1
- package/src/transport/flows/handle.sse.flow.js +0 -197
- package/src/transport/flows/handle.sse.flow.js.map +0 -1
- package/src/transport/flows/handle.stateless-http.flow.js +0 -102
- package/src/transport/flows/handle.stateless-http.flow.js.map +0 -1
- package/src/transport/flows/handle.streamable-http.flow.js +0 -315
- package/src/transport/flows/handle.streamable-http.flow.js.map +0 -1
- package/src/transport/legacy/legacy.sse.tranporter.js +0 -185
- package/src/transport/legacy/legacy.sse.tranporter.js.map +0 -1
- package/src/transport/mcp-handlers/Initialized-notification.hanlder.js +0 -14
- package/src/transport/mcp-handlers/Initialized-notification.hanlder.js.map +0 -1
- package/src/transport/mcp-handlers/call-tool-request.handler.js +0 -46
- package/src/transport/mcp-handlers/call-tool-request.handler.js.map +0 -1
- package/src/transport/mcp-handlers/complete-request.handler.js +0 -11
- package/src/transport/mcp-handlers/complete-request.handler.js.map +0 -1
- package/src/transport/mcp-handlers/get-prompt-request.handler.js +0 -11
- package/src/transport/mcp-handlers/get-prompt-request.handler.js.map +0 -1
- package/src/transport/mcp-handlers/index.js +0 -57
- package/src/transport/mcp-handlers/index.js.map +0 -1
- package/src/transport/mcp-handlers/initialize-request.handler.js +0 -109
- package/src/transport/mcp-handlers/initialize-request.handler.js.map +0 -1
- package/src/transport/mcp-handlers/list-prompts-request.handler.js +0 -11
- package/src/transport/mcp-handlers/list-prompts-request.handler.js.map +0 -1
- package/src/transport/mcp-handlers/list-resource-templates-request.handler.js +0 -12
- package/src/transport/mcp-handlers/list-resource-templates-request.handler.js.map +0 -1
- package/src/transport/mcp-handlers/list-resources-request.handler.js +0 -12
- package/src/transport/mcp-handlers/list-resources-request.handler.js.map +0 -1
- package/src/transport/mcp-handlers/list-tools-request.handler.js +0 -11
- package/src/transport/mcp-handlers/list-tools-request.handler.js.map +0 -1
- package/src/transport/mcp-handlers/logging-set-level-request.handler.js +0 -34
- package/src/transport/mcp-handlers/logging-set-level-request.handler.js.map +0 -1
- package/src/transport/mcp-handlers/mcp-handlers.types.js +0 -3
- package/src/transport/mcp-handlers/mcp-handlers.types.js.map +0 -1
- package/src/transport/mcp-handlers/read-resource-request.handler.js +0 -12
- package/src/transport/mcp-handlers/read-resource-request.handler.js.map +0 -1
- package/src/transport/mcp-handlers/roots-list-changed-notification.handler.js +0 -26
- package/src/transport/mcp-handlers/roots-list-changed-notification.handler.js.map +0 -1
- package/src/transport/mcp-handlers/subscribe-request.handler.js +0 -34
- package/src/transport/mcp-handlers/subscribe-request.handler.js.map +0 -1
- package/src/transport/mcp-handlers/unsubscribe-request.handler.js +0 -34
- package/src/transport/mcp-handlers/unsubscribe-request.handler.js.map +0 -1
- package/src/transport/transport.error.js +0 -25
- package/src/transport/transport.error.js.map +0 -1
- package/src/transport/transport.event-store.js +0 -36
- package/src/transport/transport.event-store.js.map +0 -1
- package/src/transport/transport.local.js +0 -71
- package/src/transport/transport.local.js.map +0 -1
- package/src/transport/transport.registry.js +0 -523
- package/src/transport/transport.registry.js.map +0 -1
- package/src/transport/transport.remote.js +0 -31
- package/src/transport/transport.remote.js.map +0 -1
- package/src/transport/transport.types.js +0 -3
- package/src/transport/transport.types.js.map +0 -1
- package/src/types/drinen-hooks.types.js +0 -3
- package/src/types/drinen-hooks.types.js.map +0 -1
- package/src/types/invoke.type.js +0 -34
- package/src/types/invoke.type.js.map +0 -1
- package/src/types/token.types.js +0 -3
- package/src/types/token.types.js.map +0 -1
- package/src/utils/content.utils.js +0 -194
- package/src/utils/content.utils.js.map +0 -1
- package/src/utils/index.js +0 -55
- package/src/utils/index.js.map +0 -1
- package/src/utils/lineage.utils.js +0 -82
- package/src/utils/lineage.utils.js.map +0 -1
- package/src/utils/metadata.utils.js +0 -26
- package/src/utils/metadata.utils.js.map +0 -1
- package/src/utils/naming.utils.js +0 -136
- package/src/utils/naming.utils.js.map +0 -1
- package/src/utils/server.utils.js +0 -59
- package/src/utils/server.utils.js.map +0 -1
- package/src/utils/string.utils.js +0 -10
- package/src/utils/string.utils.js.map +0 -1
- package/src/utils/token.utils.js +0 -65
- package/src/utils/token.utils.js.map +0 -1
- package/src/utils/types.utils.js +0 -3
- package/src/utils/types.utils.js.map +0 -1
- package/src/utils/uri-template.utils.js +0 -113
- package/src/utils/uri-template.utils.js.map +0 -1
- package/src/utils/uri-validation.utils.js +0 -76
- package/src/utils/uri-validation.utils.js.map +0 -1
- package/{src/adapter → adapter}/adapter.instance.d.ts +0 -0
- package/{src/adapter → adapter}/adapter.regsitry.d.ts +0 -0
- package/{src/adapter → adapter}/adapter.utils.d.ts +0 -0
- package/{src/app → app}/app.registry.d.ts +0 -0
- package/{src/app → app}/app.utils.d.ts +0 -0
- package/{src/app → app}/instances/app.local.instance.d.ts +0 -0
- package/{src/app → app}/instances/app.remote.instance.d.ts +0 -0
- package/{src/app → app}/instances/index.d.ts +0 -0
- package/{src/auth → auth}/auth.registry.d.ts +0 -0
- package/{src/auth → auth}/auth.utils.d.ts +0 -0
- package/{src/auth → auth}/authorization/authorization.class.d.ts +0 -0
- package/{src/auth → auth}/authorization/authorization.types.d.ts +0 -0
- package/{src/auth → auth}/authorization/index.d.ts +0 -0
- package/{src/auth → auth}/authorization/orchestrated.authorization.d.ts +0 -0
- package/{src/auth → auth}/authorization/public.authorization.d.ts +0 -0
- package/{src/auth → auth}/authorization/transparent.authorization.d.ts +0 -0
- package/{src/auth → auth}/consent/consent.types.d.ts +0 -0
- package/{src/auth → auth}/consent/index.d.ts +0 -0
- package/{src/auth → auth}/detection/auth-provider-detection.d.ts +0 -0
- package/{src/auth → auth}/detection/index.d.ts +0 -0
- package/{src/auth → auth}/flows/auth.verify.flow.d.ts +0 -0
- package/{src/auth → auth}/flows/oauth.authorize.flow.d.ts +0 -0
- package/{src/auth → auth}/flows/oauth.callback.flow.d.ts +0 -0
- package/{src/auth → auth}/flows/oauth.register.flow.d.ts +0 -0
- package/{src/auth → auth}/flows/oauth.token.flow.d.ts +0 -0
- package/{src/auth → auth}/flows/session.verify.flow.d.ts +0 -0
- package/{src/auth → auth}/flows/well-known.jwks.flow.d.ts +0 -0
- package/{src/auth → auth}/flows/well-known.oauth-authorization-server.flow.d.ts +0 -0
- package/{src/auth → auth}/flows/well-known.prm.flow.d.ts +0 -0
- package/{src/auth → auth}/jwks/dev-key-persistence.d.ts +0 -0
- package/{src/auth → auth}/jwks/index.d.ts +0 -0
- package/{src/auth → auth}/jwks/jwks.service.d.ts +0 -0
- package/{src/auth → auth}/jwks/jwks.types.d.ts +0 -0
- package/{src/auth → auth}/jwks/jwks.utils.d.ts +0 -0
- package/{src/auth → auth}/machine-id.d.ts +0 -0
- package/{src/auth → auth}/oauth/flows/oauth.authorize.flow.d.ts +0 -0
- package/{src/auth → auth}/oauth/flows/oauth.device-authorization.flow.d.ts +0 -0
- package/{src/auth → auth}/oauth/flows/oauth.introspect.flow.d.ts +0 -0
- package/{src/auth → auth}/oauth/flows/oauth.par.flow.d.ts +0 -0
- package/{src/auth → auth}/oauth/flows/oauth.revoke.flow.d.ts +0 -0
- package/{src/auth → auth}/oauth/flows/oauth.token.flow.d.ts +0 -0
- package/{src/auth → auth}/oauth/flows/oauth.userinfo.flow.d.ts +0 -0
- package/{src/auth → auth}/oauth/flows/oidc.logout.flow.d.ts +0 -0
- package/{src/auth → auth}/session/authorization-vault.d.ts +0 -0
- package/{src/auth → auth}/session/authorization.store.d.ts +0 -0
- package/{src/auth → auth}/session/encrypted-authorization-vault.d.ts +0 -0
- package/{src/auth → auth}/session/record/session.base.d.ts +0 -0
- package/{src/auth → auth}/session/record/session.stateful.d.ts +0 -0
- package/{src/auth → auth}/session/record/session.stateless.d.ts +0 -0
- package/{src/auth → auth}/session/record/session.transparent.d.ts +0 -0
- package/{src/auth → auth}/session/redis-session.store.d.ts +0 -0
- package/{src/auth → auth}/session/session.crypto.d.ts +0 -0
- package/{src/auth → auth}/session/session.schema.d.ts +0 -0
- package/{src/auth → auth}/session/session.service.d.ts +0 -0
- package/{src/auth → auth}/session/session.transport.d.ts +0 -0
- package/{src/auth → auth}/session/session.types.d.ts +0 -0
- package/{src/auth → auth}/session/token.refresh.d.ts +0 -0
- package/{src/auth → auth}/session/token.store.d.ts +0 -0
- package/{src/auth → auth}/session/token.vault.d.ts +0 -0
- package/{src/auth → auth}/session/transport-session.manager.d.ts +0 -0
- package/{src/auth → auth}/session/transport-session.types.d.ts +0 -0
- package/{src/auth → auth}/session/utils/auth-token.utils.d.ts +0 -0
- package/{src/auth → auth}/session/utils/session-id.utils.d.ts +0 -0
- package/{src/auth → auth}/session/utils/tiny-ttl-cache.d.ts +0 -0
- package/{src/auth → auth}/session/vault-encryption.d.ts +0 -0
- package/{src/auth → auth}/ui/base-layout.d.ts +0 -0
- package/{src/auth → auth}/ui/index.d.ts +0 -0
- package/{src/auth → auth}/ui/templates.d.ts +0 -0
- package/{src/auth → auth}/utils/audience.validator.d.ts +0 -0
- package/{src/auth → auth}/utils/index.d.ts +0 -0
- package/{src/auth → auth}/utils/www-authenticate.utils.d.ts +0 -0
- package/{src/common → common}/common.schema.d.ts +0 -0
- package/{src/common → common}/constants.d.ts +0 -0
- package/{src/common → common}/decorators/adapter.decorator.d.ts +0 -0
- package/{src/common → common}/decorators/app.decorator.d.ts +0 -0
- package/{src/common → common}/decorators/auth-provider.decorator.d.ts +0 -0
- package/{src/common → common}/decorators/decorator-utils.d.ts +0 -0
- package/{src/common → common}/decorators/flow.decorator.d.ts +0 -0
- package/{src/common → common}/decorators/front-mcp.decorator.d.ts +0 -0
- package/{src/common → common}/decorators/hook.decorator.d.ts +0 -0
- package/{src/common → common}/decorators/index.d.ts +0 -0
- package/{src/common → common}/decorators/logger.decorator.d.ts +0 -0
- package/{src/common → common}/decorators/plugin.decorator.d.ts +0 -0
- package/{src/common → common}/decorators/prompt.decorator.d.ts +0 -0
- package/{src/common → common}/decorators/provider.decorator.d.ts +0 -0
- package/{src/common → common}/decorators/resource.decorator.d.ts +0 -0
- package/{src/common → common}/decorators/tool.decorator.d.ts +0 -0
- package/{src/common → common}/dynamic/dynamic.adapter.d.ts +0 -0
- package/{src/common → common}/dynamic/dynamic.plugin.d.ts +0 -0
- package/{src/common → common}/dynamic/dynamic.utils.d.ts +0 -0
- package/{src/common → common}/dynamic/index.d.ts +0 -0
- package/{src/common → common}/entries/adapter.entry.d.ts +0 -0
- package/{src/common → common}/entries/app.entry.d.ts +0 -0
- package/{src/common → common}/entries/auth-provider.entry.d.ts +0 -0
- package/{src/common → common}/entries/base.entry.d.ts +0 -0
- package/{src/common → common}/entries/flow.entry.d.ts +0 -0
- package/{src/common → common}/entries/hook.entry.d.ts +0 -0
- package/{src/common → common}/entries/index.d.ts +0 -0
- package/{src/common → common}/entries/logger.entry.d.ts +0 -0
- package/{src/common → common}/entries/plugin.entry.d.ts +0 -0
- package/{src/common → common}/entries/prompt.entry.d.ts +0 -0
- package/{src/common → common}/entries/provider.entry.d.ts +0 -0
- package/{src/common → common}/entries/resource.entry.d.ts +0 -0
- package/{src/common → common}/entries/scope.entry.d.ts +0 -0
- package/{src/common → common}/entries/tool.entry.d.ts +0 -0
- package/{src/common → common}/flow/flow.utils.d.ts +0 -0
- package/{src/common → common}/index.d.ts +0 -0
- package/{src/common → common}/interfaces/adapter.interface.d.ts +0 -0
- package/{src/common → common}/interfaces/app.interface.d.ts +0 -0
- package/{src/common → common}/interfaces/auth-hook.interface.d.ts +0 -0
- package/{src/common → common}/interfaces/auth-provider.interface.d.ts +0 -0
- package/{src/common → common}/interfaces/base.interface.d.ts +0 -0
- package/{src/common → common}/interfaces/execution-context.interface.d.ts +0 -0
- package/{src/common → common}/interfaces/flow.interface.d.ts +0 -0
- package/{src/common → common}/interfaces/front-mcp.interface.d.ts +0 -0
- package/{src/common → common}/interfaces/hook.interface.d.ts +0 -0
- package/{src/common → common}/interfaces/index.d.ts +0 -0
- package/{src/common → common}/interfaces/internal/flow.utils.d.ts +0 -0
- package/{src/common → common}/interfaces/internal/index.d.ts +0 -0
- package/{src/common → common}/interfaces/internal/registry.interface.d.ts +0 -0
- package/{src/common → common}/interfaces/logger.interface.d.ts +0 -0
- package/{src/common → common}/interfaces/plugin.interface.d.ts +0 -0
- package/{src/common → common}/interfaces/prompt.interface.d.ts +0 -0
- package/{src/common → common}/interfaces/provider.interface.d.ts +0 -0
- package/{src/common → common}/interfaces/resource.interface.d.ts +0 -0
- package/{src/common → common}/interfaces/scope.interface.d.ts +0 -0
- package/{src/common → common}/interfaces/server.interface.d.ts +0 -0
- package/{src/common → common}/interfaces/session-hook.interface.d.ts +0 -0
- package/{src/common → common}/interfaces/tool-hook.interface.d.ts +0 -0
- package/{src/common → common}/interfaces/tool.interface.d.ts +0 -0
- package/{src/common → common}/metadata/adapter.metadata.d.ts +0 -0
- package/{src/common → common}/metadata/app.metadata.d.ts +42 -42
- /package/{src/common → common}/metadata/auth-provider.metadata.d.ts +0 -0
- /package/{src/common → common}/metadata/flow.metadata.d.ts +0 -0
- /package/{src/common → common}/metadata/hook.metadata.d.ts +0 -0
- /package/{src/common → common}/metadata/index.d.ts +0 -0
- /package/{src/common → common}/metadata/logger.metadata.d.ts +0 -0
- /package/{src/common → common}/metadata/plugin.metadata.d.ts +0 -0
- /package/{src/common → common}/metadata/provider.metadata.d.ts +0 -0
- /package/{src/common → common}/migrate/auth-transport.migrate.d.ts +0 -0
- /package/{src/common → common}/migrate/index.d.ts +0 -0
- /package/{src/common → common}/providers/base-config.provider.d.ts +0 -0
- /package/{src/common → common}/records/adapter.record.d.ts +0 -0
- /package/{src/common → common}/records/app.record.d.ts +0 -0
- /package/{src/common → common}/records/auth-provider.record.d.ts +0 -0
- /package/{src/common → common}/records/flow.record.d.ts +0 -0
- /package/{src/common → common}/records/hook.record.d.ts +0 -0
- /package/{src/common → common}/records/index.d.ts +0 -0
- /package/{src/common → common}/records/logger.record.d.ts +0 -0
- /package/{src/common → common}/records/plugin.record.d.ts +0 -0
- /package/{src/common → common}/records/prompt.record.d.ts +0 -0
- /package/{src/common → common}/records/provider.record.d.ts +0 -0
- /package/{src/common → common}/records/resource.record.d.ts +0 -0
- /package/{src/common → common}/records/scope.record.d.ts +0 -0
- /package/{src/common → common}/records/tool.record.d.ts +0 -0
- /package/{src/common → common}/schemas/annotated-class.schema.d.ts +0 -0
- /package/{src/common → common}/schemas/http-input.schema.d.ts +0 -0
- /package/{src/common → common}/schemas/index.d.ts +0 -0
- /package/{src/common → common}/schemas/session-header.schema.d.ts +0 -0
- /package/{src/common → common}/tokens/adapter.tokens.d.ts +0 -0
- /package/{src/common → common}/tokens/app.tokens.d.ts +0 -0
- /package/{src/common → common}/tokens/auth-provider.tokens.d.ts +0 -0
- /package/{src/common → common}/tokens/base.tokens.d.ts +0 -0
- /package/{src/common → common}/tokens/flow-hook.tokens.d.ts +0 -0
- /package/{src/common → common}/tokens/flow.tokens.d.ts +0 -0
- /package/{src/common → common}/tokens/front-mcp.tokens.d.ts +0 -0
- /package/{src/common → common}/tokens/index.d.ts +0 -0
- /package/{src/common → common}/tokens/logger.tokens.d.ts +0 -0
- /package/{src/common → common}/tokens/plugin.tokens.d.ts +0 -0
- /package/{src/common → common}/tokens/prompt.tokens.d.ts +0 -0
- /package/{src/common → common}/tokens/provider.tokens.d.ts +0 -0
- /package/{src/common → common}/tokens/resource.tokens.d.ts +0 -0
- /package/{src/common → common}/tokens/server.tokens.d.ts +0 -0
- /package/{src/common → common}/tokens/tool.tokens.d.ts +0 -0
- /package/{src/common → common}/types/auth/index.d.ts +0 -0
- /package/{src/common → common}/types/auth/jwt.types.d.ts +0 -0
- /package/{src/common → common}/types/auth/session.types.d.ts +0 -0
- /package/{src/common → common}/types/common.types.d.ts +0 -0
- /package/{src/common → common}/types/index.d.ts +0 -0
- /package/{src/logger/logger.tokens.d.ts → common/types/options/auth/auth.typecheck.d.ts} +0 -0
- /package/{src/common → common}/types/options/http.options.d.ts +0 -0
- /package/{src/common → common}/types/options/logging.options.d.ts +0 -0
- /package/{src/common → common}/types/options/session.options.d.ts +0 -0
- /package/{src/common → common}/utils/path.utils.d.ts +0 -0
- /package/{src/context → context}/frontmcp-context-storage.d.ts +0 -0
- /package/{src/context → context}/frontmcp-context.d.ts +0 -0
- /package/{src/context → context}/frontmcp-context.provider.d.ts +0 -0
- /package/{src/context → context}/index.d.ts +0 -0
- /package/{src/context → context}/request-context-storage.d.ts +0 -0
- /package/{src/context → context}/request-context.d.ts +0 -0
- /package/{src/context → context}/request-context.provider.d.ts +0 -0
- /package/{src/context → context}/session-key.provider.d.ts +0 -0
- /package/{src/context → context}/trace-context.d.ts +0 -0
- /package/{src/errors → errors}/authorization-required.error.d.ts +0 -0
- /package/{src/errors → errors}/error-handler.d.ts +0 -0
- /package/{src/exceptions → exceptions}/mcp-exceptions/session-missing.exception.d.ts +0 -0
- /package/{src/exceptions → exceptions}/mcp-exceptions/unsupported-client-version.exception.d.ts +0 -0
- /package/{src/flows → flows}/flow.instance.d.ts +0 -0
- /package/{src/flows → flows}/flow.registry.d.ts +0 -0
- /package/{src/flows → flows}/flow.stages.d.ts +0 -0
- /package/{src/flows → flows}/flow.utils.d.ts +0 -0
- /package/{src/front-mcp → front-mcp}/front-mcp.d.ts +0 -0
- /package/{src/front-mcp → front-mcp}/front-mcp.tokens.d.ts +0 -0
- /package/{src/front-mcp → front-mcp}/serverless-handler.d.ts +0 -0
- /package/{src/hooks → hooks}/hook.instance.d.ts +0 -0
- /package/{src/hooks → hooks}/hook.registry.d.ts +0 -0
- /package/{src/hooks → hooks}/hooks.utils.d.ts +0 -0
- /package/{src/logger → logger}/instances/instance.console-logger.d.ts +0 -0
- /package/{src/logger → logger}/instances/instance.logger.d.ts +0 -0
- /package/{src/logger → logger}/logger.registry.d.ts +0 -0
- /package/{src/logger → logger}/logger.types.d.ts +0 -0
- /package/{src/logger → logger}/logger.utils.d.ts +0 -0
- /package/{src/mcp-apps → mcp-apps}/csp.d.ts +0 -0
- /package/{src/mcp-apps → mcp-apps}/index.d.ts +0 -0
- /package/{src/mcp-apps → mcp-apps}/schemas.d.ts +0 -0
- /package/{src/mcp-apps → mcp-apps}/template.d.ts +0 -0
- /package/{src/mcp-apps → mcp-apps}/types.d.ts +0 -0
- /package/{src/notification → notification}/index.d.ts +0 -0
- /package/{src/notification → notification}/notification.service.d.ts +0 -0
- /package/{src/plugin → plugin}/plugin.registry.d.ts +0 -0
- /package/{src/plugin → plugin}/plugin.utils.d.ts +0 -0
- /package/{src/prompt → prompt}/index.d.ts +0 -0
- /package/{src/prompt → prompt}/prompt.events.d.ts +0 -0
- /package/{src/prompt → prompt}/prompt.instance.d.ts +0 -0
- /package/{src/prompt → prompt}/prompt.registry.d.ts +0 -0
- /package/{src/prompt → prompt}/prompt.types.d.ts +0 -0
- /package/{src/prompt → prompt}/prompt.utils.d.ts +0 -0
- /package/{src/provider → provider}/provider.registry.d.ts +0 -0
- /package/{src/provider → provider}/provider.types.d.ts +0 -0
- /package/{src/provider → provider}/provider.utils.d.ts +0 -0
- /package/{src/regsitry → regsitry}/index.d.ts +0 -0
- /package/{src/regsitry → regsitry}/registry.base.d.ts +0 -0
- /package/{src/resource → resource}/index.d.ts +0 -0
- /package/{src/resource → resource}/resource.events.d.ts +0 -0
- /package/{src/resource → resource}/resource.instance.d.ts +0 -0
- /package/{src/resource → resource}/resource.registry.d.ts +0 -0
- /package/{src/resource → resource}/resource.types.d.ts +0 -0
- /package/{src/resource → resource}/resource.utils.d.ts +0 -0
- /package/{src/scope → scope}/flows/http.request.flow.d.ts +0 -0
- /package/{src/scope → scope}/index.d.ts +0 -0
- /package/{src/scope → scope}/scope.instance.d.ts +0 -0
- /package/{src/scope → scope}/scope.registry.d.ts +0 -0
- /package/{src/scope → scope}/scope.utils.d.ts +0 -0
- /package/{src/server → server}/adapters/base.host.adapter.d.ts +0 -0
- /package/{src/server → server}/adapters/express.host.adapter.d.ts +0 -0
- /package/{src/server → server}/server.instance.d.ts +0 -0
- /package/{src/server → server}/server.types.d.ts +0 -0
- /package/{src/server → server}/server.validation.d.ts +0 -0
- /package/{src/store → store}/adapters/store.base.adapter.d.ts +0 -0
- /package/{src/store → store}/adapters/store.memory.adapter.d.ts +0 -0
- /package/{src/store → store}/adapters/store.redis.adapter.d.ts +0 -0
- /package/{src/store → store}/store.helpers.d.ts +0 -0
- /package/{src/store → store}/store.registry.d.ts +0 -0
- /package/{src/store → store}/store.tokens.d.ts +0 -0
- /package/{src/store → store}/store.types.d.ts +0 -0
- /package/{src/store → store}/store.utils.d.ts +0 -0
- /package/{src/tool → tool}/tool.events.d.ts +0 -0
- /package/{src/tool → tool}/tool.instance.d.ts +0 -0
- /package/{src/tool → tool}/tool.registry.d.ts +0 -0
- /package/{src/tool → tool}/tool.types.d.ts +0 -0
- /package/{src/tool → tool}/tool.utils.d.ts +0 -0
- /package/{src/tool → tool}/ui/ui-resource-template.d.ts +0 -0
- /package/{src/transport → transport}/adapters/transport.local.adapter.d.ts +0 -0
- /package/{src/transport → transport}/adapters/transport.sse.adapter.d.ts +0 -0
- /package/{src/transport → transport}/adapters/transport.streamable-http.adapter.d.ts +0 -0
- /package/{src/transport → transport}/flows/handle.sse.flow.d.ts +0 -0
- /package/{src/transport → transport}/flows/handle.stateless-http.flow.d.ts +0 -0
- /package/{src/transport → transport}/flows/handle.streamable-http.flow.d.ts +0 -0
- /package/{src/transport → transport}/legacy/legacy.sse.tranporter.d.ts +0 -0
- /package/{src/transport → transport}/mcp-handlers/Initialized-notification.hanlder.d.ts +0 -0
- /package/{src/transport → transport}/mcp-handlers/call-tool-request.handler.d.ts +0 -0
- /package/{src/transport → transport}/mcp-handlers/initialize-request.handler.d.ts +0 -0
- /package/{src/transport → transport}/mcp-handlers/mcp-handlers.types.d.ts +0 -0
- /package/{src/transport → transport}/mcp-handlers/roots-list-changed-notification.handler.d.ts +0 -0
- /package/{src/transport → transport}/transport.error.d.ts +0 -0
- /package/{src/transport → transport}/transport.event-store.d.ts +0 -0
- /package/{src/transport → transport}/transport.local.d.ts +0 -0
- /package/{src/transport → transport}/transport.remote.d.ts +0 -0
- /package/{src/transport → transport}/transport.types.d.ts +0 -0
- /package/{src/types → types}/drinen-hooks.types.d.ts +0 -0
- /package/{src/types → types}/invoke.type.d.ts +0 -0
- /package/{src/types → types}/token.types.d.ts +0 -0
- /package/{src/utils → utils}/content.utils.d.ts +0 -0
- /package/{src/utils → utils}/index.d.ts +0 -0
- /package/{src/utils → utils}/lineage.utils.d.ts +0 -0
- /package/{src/utils → utils}/metadata.utils.d.ts +0 -0
- /package/{src/utils → utils}/naming.utils.d.ts +0 -0
- /package/{src/utils → utils}/server.utils.d.ts +0 -0
- /package/{src/utils → utils}/string.utils.d.ts +0 -0
- /package/{src/utils → utils}/token.utils.d.ts +0 -0
- /package/{src/utils → utils}/types.utils.d.ts +0 -0
- /package/{src/utils → utils}/uri-template.utils.d.ts +0 -0
- /package/{src/utils → utils}/uri-validation.utils.d.ts +0 -0
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"oauth.authorize.flow.js","sourceRoot":"","sources":["../../../../src/auth/flows/oauth.authorize.flow.ts"],"names":[],"mappings":";;;AAAA;;;;;;;;;;GAUG;AACH;;;;;;GAMG;AACH,yCAYsB;AACtB,6BAAkC;AAIlC,8BAOe;AAEf;;;;;;;;;;;GAWG;AAEH,+CAA+C;AAC/C,0CAA0C;AAC1C,+CAA+C;AAE/C;;;GAGG;AACH,MAAM,mBAAmB,GAAG,OAAC;KAC1B,MAAM,EAAE;KACR,GAAG,CAAC,EAAE,EAAE,+CAA+C,CAAC;KACxD,GAAG,CAAC,GAAG,EAAE,+CAA+C,CAAC;KACzD,KAAK,CAAC,kBAAkB,EAAE,8CAA8C,CAAC,CAAC;AAE7E;;GAEG;AACH,MAAM,yBAAyB,GAAG,OAAC,CAAC,OAAO,CAAC,MAAM,EAAE;IAClD,OAAO,EAAE,kDAAkD;CAC5D,CAAC,CAAC;AAEH;;GAEG;AACH,MAAM,kBAAkB,GAAG,OAAC,CAAC,OAAO,CAAC,MAAM,EAAE;IAC3C,OAAO,EAAE,0CAA0C;CACpD,CAAC,CAAC;AAEH;;GAEG;AACH,MAAM,2BAA2B,GAAG,OAAC,CAAC,MAAM,CAAC;IAC3C,aAAa,EAAE,kBAAkB;IACjC,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,EAAE,uBAAuB,CAAC;IACrD,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,kCAAkC,CAAC;IAChE,cAAc,EAAE,mBAAmB;IACnC,qBAAqB,EAAE,yBAAyB,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC;IAC3E,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;CACtC,CAAC,CAAC;AAEH;;GAEG;AACH,MAAM,+BAA+B,GAAG,OAAC,CAAC,MAAM,CAAC;IAC/C,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,0BAA0B,CAAC;IACxD,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAC7B,CAAC,CAAC;AAKH,+CAA+C;AAC/C,eAAe;AACf,+CAA+C;AAE/C,MAAM,WAAW,GAAG,wBAAe,CAAC;AAEpC,MAAM,WAAW,GAAG,OAAC,CAAC,MAAM,CAAC;IAC3B,qBAAqB,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,CAAC,8CAA8C,CAAC;IAC3F,cAAc,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,CAAC,qEAAqE,CAAC;IAC3G,cAAc,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,CAAC,iDAAiD,CAAC;IACvF,6CAA6C;IAC7C,gBAAgB,EAAE,2BAA2B,CAAC,QAAQ,EAAE;IACxD,oCAAoC;IACpC,cAAc,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACrC,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC/B,oBAAoB;IACpB,gBAAgB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAChD,4CAA4C;IAC5C,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACpC,wCAAwC;IACxC,iBAAiB,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,6CAA6C,CAAC;IACrG,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,6CAA6C,CAAC;IAC1F,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,oDAAoD,CAAC;IAClG,iBAAiB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,0CAA0C,CAAC;IAC7F,mCAAmC;IACnC,sBAAsB,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,+CAA+C,CAAC;IAC5G,eAAe;IACf,eAAe,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,iCAAiC,CAAC;CACxF,CAAC,CAAC;AAEH,MAAM,YAAY,GAAG,OAAC,CAAC,KAAK,CAAC;IAC3B,2BAAkB,EAAE,sCAAsC;IAC1D,uBAAc;IACd,uBAAc,EAAE,iBAAiB;CAClC,CAAC,CAAC;AAEH,MAAM,IAAI,GAAG;IACX,GAAG,EAAE;QACH,YAAY;QACZ,eAAe;QACf,mBAAmB,EAAE,+DAA+D;KACrF;IACD,OAAO,EAAE,CAAC,6BAA6B,EAAE,sBAAsB,CAAC;IAChE,IAAI,EAAE,CAAC,gBAAgB,CAAC;CACW,CAAC;AActC,MAAM,IAAI,GAAG,iBAA0B,CAAC;AACxC,MAAM,KAAK,GAAG,IAAA,oBAAW,EAAC,IAAI,CAAC,CAAC;AAajB,IAAM,kBAAkB,GAAxB,MAAM,kBAAmB,SAAQ,iBAAqB;IAC3D,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;IAGzD,AAAN,KAAK,CAAC,UAAU;QACd,MAAM,EAAE,QAAQ,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC;QAChC,MAAM,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC;QAElC,0FAA0F;QAC1F,MAAM,cAAc,GAAG,OAAO,CAAC,KAAK,CAAC,cAAc,CAAuB,CAAC;QAC3E,MAAM,QAAQ,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,CAAuB,CAAC;QAE9D,mDAAmD;QACnD,MAAM,WAAW,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,CAAuB,CAAC;QAC/D,MAAM,YAAY,GAAG,OAAO,CAAC,KAAK,CAAC,MAAM,CAAuB,CAAC;QACjE,MAAM,iBAAiB,GAAG,OAAO,CAAC,KAAK,CAAC,YAAY,CAAuB,CAAC;QAC5E,MAAM,IAAI,GAAG,OAAO,CAAC,KAAK,CAAC,MAAM,CAAuB,CAAC;QACzD,MAAM,iBAAiB,GAAG,IAAI,KAAK,aAAa,IAAI,CAAC,CAAC,WAAW,CAAC;QAElE,MAAM,qBAAqB,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC;QAE7C,gFAAgF;QAChF,0FAA0F;QAC1F,IAAI,sBAAsB,GAAG,KAAK,CAAC;QACnC,IAAI,QAAQ,CAAC,IAAI,IAAI,IAAA,2BAAkB,EAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YACvD,wDAAwD;YACxD,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YACvC,MAAM,YAAY,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YAC7D,sBAAsB,GAAG,YAAY,CAAC,MAAM,GAAG,CAAC,CAAC;QACnD,CAAC;QAED,mCAAmC;QACnC,IAAI,eAAe,GAAG,KAAK,CAAC;QAC5B,IAAI,QAAQ,CAAC,IAAI,IAAI,IAAA,2BAAkB,EAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;YACvD,MAAM,aAAa,GAAG,QAAQ,CAAC,IAAI,CAAC,OAAO,CAAC;YAC5C,eAAe,GAAG,aAAa,EAAE,OAAO,KAAK,IAAI,CAAC;QACpD,CAAC;QAED,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC;YACb,cAAc,EAAE,IAAI;YACpB,cAAc,EAAE,qBAAqB;YACrC,qBAAqB;YACrB,cAAc;YACd,QAAQ;YACR,wCAAwC;YACxC,iBAAiB;YACjB,WAAW;YACX,YAAY;YACZ,iBAAiB;YACjB,kBAAkB;YAClB,sBAAsB;YACtB,eAAe;YACf,eAAe;SAChB,CAAC,CAAC;QAEH,IAAI,iBAAiB,EAAE,CAAC;YACtB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,gDAAgD,WAAW,WAAW,YAAY,EAAE,CAAC,CAAC;QACzG,CAAC;QAED,IAAI,sBAAsB,EAAE,CAAC;YAC3B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,4DAA4D,CAAC,CAAC;QACjF,CAAC;QAED,IAAI,eAAe,EAAE,CAAC;YACpB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,wDAAwD,CAAC,CAAC;QAC7E,CAAC;IACH,CAAC;IAGK,AAAN,KAAK,CAAC,aAAa;QACjB,MAAM,EAAE,qBAAqB,EAAE,cAAc,EAAE,QAAQ,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC;QACvE,MAAM,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC;QAElC,yDAAyD;QACzD,IAAI,qBAAqB,EAAE,CAAC;YAC1B,MAAM,MAAM,GAAG,+BAA+B,CAAC,SAAS,CAAC;gBACvD,YAAY,EAAE,cAAc;gBAC5B,KAAK,EAAE,QAAQ;aAChB,CAAC,CAAC;YAEH,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;gBACpB,MAAM,MAAM,GAAG,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;gBAClD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,sDAAsD,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;gBAC5F,IAAI,CAAC,OAAO,CAAC,oBAAW,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,iBAAiB,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;gBAChG,OAAO;YACT,CAAC;YAED,+BAA+B;YAC/B,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YAC9C,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;YAC1C,IAAI,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;gBACtB,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACnD,CAAC;YACD,IAAI,CAAC,OAAO,CAAC,oBAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;YACnD,OAAO;QACT,CAAC;QAED,gDAAgD;QAChD,MAAM,MAAM,GAAG,2BAA2B,CAAC,SAAS,CAAC;YACnD,aAAa,EAAE,OAAO,CAAC,KAAK,CAAC,eAAe,CAAC;YAC7C,SAAS,EAAE,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC;YACrC,YAAY,EAAE,cAAc;YAC5B,cAAc,EAAE,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC;YAC/C,qBAAqB,EAAE,OAAO,CAAC,KAAK,CAAC,uBAAuB,CAAC,IAAI,MAAM;YACvE,KAAK,EAAE,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC;YAC7B,KAAK,EAAE,QAAQ;YACf,QAAQ,EAAE,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC;SACpC,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,MAAM,MAAM,GAAG,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAClD,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,4CAA4C,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAClF,IAAI,CAAC,gBAAgB,CAAC,MAAM,EAAE,cAAc,EAAE,QAAQ,CAAC,CAAC;YACxD,OAAO;QACT,CAAC;QAED,0BAA0B;QAC1B,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,kBAAkB,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC;IAClD,CAAC;IAGK,AAAN,KAAK,CAAC,iBAAiB;QACrB,uEAAuE;QACvE,8DAA8D;QAC9D,mCAAmC;IACrC,CAAC;IAGK,AAAN,KAAK,CAAC,2BAA2B;QAC/B,MAAM,EACJ,gBAAgB,EAChB,iBAAiB,EACjB,WAAW,EACX,YAAY,EACZ,iBAAiB,EACjB,sBAAsB,EACtB,eAAe,GAChB,GAAG,IAAI,CAAC,KAAK,CAAC;QACf,MAAM,EAAE,QAAQ,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC;QAEhC,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACtB,6CAA6C;YAC7C,OAAO;QACT,CAAC;QAED,sCAAsC;QACtC,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC;QAC7B,IAAI,CAAC,IAAI,IAAI,CAAC,CAAC,oBAAoB,IAAI,IAAI,CAAC,EAAE,CAAC;YAC7C,IAAI,CAAC,OAAO,CAAC,oBAAW,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,cAAc,EAAE,8BAA8B,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;YAC1G,OAAO;QACT,CAAC;QACD,MAAM,SAAS,GAAG,IAAwB,CAAC;QAC3C,MAAM,KAAK,GAAG,SAAS,CAAC,kBAAgD,CAAC;QAEzE,oDAAoD;QACpD,IAAI,cAAqD,CAAC;QAC1D,IAAI,sBAAsB,EAAE,CAAC;YAC3B,yCAAyC;YACzC,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YACvC,MAAM,WAAW,GAAa,EAAE,CAAC;YAEjC,sBAAsB;YACtB,IAAI,QAAQ,CAAC,IAAI,IAAI,IAAA,2BAAkB,EAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvD,WAAW,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YACjC,CAAC;YAED,0BAA0B;YAC1B,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;gBACvB,IAAI,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;oBACtB,WAAW,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,IAAI,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;gBACzD,CAAC;YACH,CAAC;YAED,cAAc,GAAG;gBACf,WAAW;gBACX,mBAAmB,EAAE,SAAS;gBAC9B,kBAAkB,EAAE,SAAS;aAC9B,CAAC;QACJ,CAAC;QAED,iCAAiC;QACjC,IAAI,OAAuC,CAAC;QAC5C,IAAI,eAAe,EAAE,CAAC;YACpB,yCAAyC;YACzC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC;YAC1C,MAAM,gBAAgB,GAAG,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,EAAE,EAAgB,EAAE,CAAC,EAAE,KAAK,SAAS,CAAC,CAAC;YAExG,OAAO,GAAG;gBACR,OAAO,EAAE,IAAI;gBACb,gBAAgB;gBAChB,eAAe,EAAE,SAAS;gBAC1B,gBAAgB,EAAE,KAAK;aACxB,CAAC;QACJ,CAAC;QAED,MAAM,aAAa,GAAG,KAAK,CAAC,mBAAmB,CAAC;YAC9C,QAAQ,EAAE,gBAAgB,CAAC,SAAS;YACpC,WAAW,EAAE,gBAAgB,CAAC,YAAY;YAC1C,MAAM,EAAE,gBAAgB,CAAC,KAAK,CAAC,CAAC,CAAC,gBAAgB,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE;YACvE,IAAI,EAAE;gBACJ,SAAS,EAAE,gBAAgB,CAAC,cAAc;gBAC1C,MAAM,EAAE,MAAM;aACf;YACD,KAAK,EAAE,gBAAgB,CAAC,KAAK;YAC7B,QAAQ,EAAE,gBAAgB,CAAC,QAAQ;YACnC,+CAA+C;YAC/C,aAAa,EAAE,iBAAiB;YAChC,WAAW;YACX,YAAY;YACZ,iBAAiB;YACjB,wBAAwB;YACxB,cAAc;YACd,gBAAgB;YAChB,OAAO;SACR,CAAC,CAAC;QAEH,MAAM,SAAS,CAAC,kBAAkB,CAAC,yBAAyB,CAAC,aAAa,CAAC,CAAC;QAC5E,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,kCAAkC,aAAa,CAAC,EAAE,GAChD,iBAAiB,CAAC,CAAC,CAAC,0BAA0B,WAAW,GAAG,CAAC,CAAC,CAAC,EACjE,GAAG,sBAAsB,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,EAAE,GAAG,eAAe,CAAC,CAAC,CAAC,oBAAoB,CAAC,CAAC,CAAC,EAAE,EAAE,CAChG,CAAC;QAEF,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,eAAe,EAAE,aAAa,CAAC,EAAE,CAAC,CAAC;IACpD,CAAC;IAGK,AAAN,KAAK,CAAC,oBAAoB;QACxB,MAAM,EAAE,aAAa,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,WAAW,EAAE,YAAY,EAAE,sBAAsB,EAAE,GAC7G,IAAI,CAAC,KAAK,CAAC;QAEb,IAAI,CAAC,gBAAgB,IAAI,CAAC,aAAa,EAAE,CAAC;YACxC,OAAO;QACT,CAAC;QAED,+DAA+D;QAC/D,IAAI,iBAAiB,IAAI,WAAW,EAAE,CAAC;YACrC,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YACvC,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,KAAK,WAAW,CAAC,CAAC;YAC5D,MAAM,OAAO,GAAG,GAAG,EAAE,QAAQ,EAAE,IAAI,IAAI,WAAW,CAAC;YACnD,MAAM,cAAc,GAAG,GAAG,EAAE,QAAQ,EAAE,WAAW,CAAC;YAElD,MAAM,mBAAmB,GAAG,IAAI,CAAC,yBAAyB,CAAC;gBACzD,aAAa;gBACb,KAAK,EAAE,WAAW;gBAClB,OAAO;gBACP,cAAc;gBACd,MAAM,EAAE,YAAY;gBACpB,WAAW,EAAE,gBAAgB,CAAC,YAAY;aAC3C,CAAC,CAAC;YAEH,IAAI,CAAC,OAAO,CAAC,oBAAW,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,CAAC;YACpD,OAAO;QACT,CAAC;QAED,2EAA2E;QAC3E,IAAI,sBAAsB,EAAE,CAAC;YAC3B,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YACvC,MAAM,SAAS,GAA2B,EAAE,CAAC;YAE7C,sBAAsB;YACtB,MAAM,EAAE,QAAQ,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC;YAChC,IAAI,QAAQ,CAAC,IAAI,IAAI,IAAA,2BAAkB,EAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;gBACvD,SAAS,CAAC,IAAI,CAAC;oBACb,EAAE,EAAE,YAAY;oBAChB,IAAI,EAAE,QAAQ,CAAC,IAAI,CAAC,IAAI;oBACxB,MAAM,EAAE,CAAC,YAAY,CAAC;oBACtB,MAAM,EAAE,EAAE;oBACV,gBAAgB,EAAE,IAAI;iBACvB,CAAC,CAAC;YACL,CAAC;YAED,0BAA0B;YAC1B,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;gBACvB,IAAI,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;oBACtB,SAAS,CAAC,IAAI,CAAC;wBACb,EAAE,EAAE,GAAG,CAAC,QAAQ,CAAC,EAAE,IAAI,GAAG,CAAC,QAAQ,CAAC,IAAI;wBACxC,WAAW,EAAE,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI,KAAK,aAAa,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,SAAS;wBACrG,IAAI,EAAE,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,IAAI;wBAC5B,MAAM,EAAE,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,IAAI,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC;wBAC9C,MAAM,EAAE,EAAE;wBACV,gBAAgB,EAAE,KAAK;qBACxB,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YAED,MAAM,SAAS,GAAgC;gBAC7C,SAAS,EAAE,IAAI,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC;gBACnD,qBAAqB,EAAE,IAAI;gBAC3B,gBAAgB,EAAE,YAAY;gBAC9B,gBAAgB,EAAE,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;gBAC/E,mBAAmB,EAAE,SAAS,CAAC,MAAM;gBACrC,gBAAgB,EAAE,EAAE;gBACpB,QAAQ,EAAE,EAAE;aACb,CAAC;YAEF,MAAM,kBAAkB,GAAG,IAAI,CAAC,wBAAwB,CAAC;gBACvD,aAAa;gBACb,SAAS;gBACT,QAAQ,EAAE,gBAAgB,CAAC,SAAS;gBACpC,WAAW,EAAE,gBAAgB,CAAC,YAAY;aAC3C,CAAC,CAAC;YAEH,IAAI,CAAC,OAAO,CAAC,oBAAW,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC;YACnD,OAAO;QACT,CAAC;QAED,oDAAoD;QACpD,0DAA0D;QAC1D,MAAM,SAAS,GAAG,IAAI,CAAC,eAAe,CAAC;YACrC,aAAa;YACb,QAAQ,EAAE,gBAAgB,CAAC,SAAS;YACpC,KAAK,EAAE,gBAAgB,CAAC,KAAK,IAAI,EAAE;YACnC,WAAW,EAAE,gBAAgB,CAAC,YAAY;SAC3C,CAAC,CAAC;QAEH,IAAI,CAAC,OAAO,CAAC,oBAAW,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC;IAC5C,CAAC;IAGK,AAAN,KAAK,CAAC,cAAc;QAClB,yCAAyC;IAC3C,CAAC;IAED;;OAEG;IACK,eAAe,CAAC,KAAe;QACrC,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;YAC9B,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;YAClE,OAAO,GAAG,IAAI,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC;QACjC,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACK,gBAAgB,CAAC,MAAgB,EAAE,WAAoB,EAAE,KAAc;QAC7E,MAAM,gBAAgB,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAE3C,6DAA6D;QAC7D,IAAI,WAAW,EAAE,CAAC;YAChB,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC;gBACjC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,iBAAiB,CAAC,CAAC;gBACjD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,mBAAmB,EAAE,gBAAgB,CAAC,CAAC;gBAC5D,IAAI,KAAK,EAAE,CAAC;oBACV,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;gBACvC,CAAC;gBACD,IAAI,CAAC,OAAO,CAAC,oBAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;gBACnD,OAAO;YACT,CAAC;YAAC,MAAM,CAAC;gBACP,mDAAmD;YACrD,CAAC;QACH,CAAC;QAED,IAAI,CAAC,OAAO,CAAC,oBAAW,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,iBAAiB,EAAE,gBAAgB,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;IACjG,CAAC;IAED;;OAEG;IACK,eAAe,CAAC,MAKvB;QACC,MAAM,EAAE,aAAa,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,MAAM,CAAC;QAClD,MAAM,YAAY,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,iBAAiB,CAAC;QAE7D,OAAO,IAAA,mBAAc,EAAC;YACpB,UAAU,EAAE,QAAQ;YACpB,KAAK;YACL,aAAa;YACb,YAAY;SACb,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACK,yBAAyB,CAAC,MAOjC;QACC,MAAM,EAAE,aAAa,EAAE,KAAK,EAAE,OAAO,EAAE,cAAc,EAAE,MAAM,EAAE,GAAG,MAAM,CAAC;QACzE,MAAM,YAAY,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,iBAAiB,CAAC;QAE7D,MAAM,GAAG,GAAgB;YACvB,KAAK;YACL,OAAO;YACP,WAAW,EAAE,cAAc;SAC5B,CAAC;QAEF,OAAO,IAAA,6BAAwB,EAAC;YAC9B,GAAG;YACH,MAAM,EAAE,MAAM,IAAI,cAAc;YAChC,WAAW,EAAE,aAAa;YAC1B,YAAY;SACb,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACK,wBAAwB,CAAC,MAKhC;QACC,MAAM,EAAE,aAAa,EAAE,SAAS,EAAE,QAAQ,EAAE,GAAG,MAAM,CAAC;QACtD,MAAM,YAAY,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,iBAAiB,CAAC;QAE7D,qDAAqD;QACrD,MAAM,SAAS,GAAmB,CAAC,GAAG,SAAS,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;YACrF,UAAU,EAAE,QAAQ,CAAC,EAAE;YACvB,YAAY,EAAE,QAAQ,CAAC,EAAE;YACzB,WAAW,EAAE,QAAQ,CAAC,WAAW;YACjC,IAAI,EAAE,QAAQ,CAAC,IAAI;YACnB,MAAM,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,KAAK,YAAY,CAAC;YAC3D,SAAS,EAAE,QAAQ,CAAC,gBAAgB;SACrC,CAAC,CAAC,CAAC;QAEJ,OAAO,IAAA,4BAAuB,EAAC;YAC7B,SAAS;YACT,UAAU,EAAE,QAAQ;YACpB,aAAa;YACb,SAAS,EAAE,EAAE,EAAE,8BAA8B;YAC7C,YAAY;SACb,CAAC,CAAC;IACL,CAAC;IAED;;;OAGG;IACK,iBAAiB,CAAC,MAKzB;QACC,MAAM,EAAE,aAAa,EAAE,KAAK,EAAE,SAAS,EAAE,QAAQ,EAAE,GAAG,MAAM,CAAC;QAC7D,MAAM,YAAY,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,gBAAgB,CAAC;QAE5D,qBAAqB;QACrB,MAAM,UAAU,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE;YAC5C,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;gBACrB,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC;YACzD,CAAC;YACD,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACjC,OAAO,GAAG,CAAC;QACb,CAAC,EAAE,EAA8D,CAAC,CAAC;QAEnE,uCAAuC;QACvC,MAAM,aAAa,GAAG,MAAM,CAAC,OAAO,CAAC,UAAU,CAAC;aAC7C,GAAG,CAAC,CAAC,CAAC,KAAK,EAAE,EAAE,OAAO,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,EAAE,EAAE;YAC7C,MAAM,aAAa,GAAG,QAAQ;iBAC3B,GAAG,CACF,CAAC,IAAI,EAAE,EAAE,CAAC;;uDAEiC,IAAA,eAAU,EAAC,IAAI,CAAC,EAAE,CAAC;;qCAErC,IAAA,eAAU,EAAC,IAAI,CAAC,IAAI,CAAC;cAC5C,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,iCAAiC,IAAA,eAAU,EAAC,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE;;;OAGpG,CACI;iBACA,IAAI,CAAC,EAAE,CAAC,CAAC;YAEZ,OAAO;;;2CAG4B,IAAA,eAAU,EAAC,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;2CAC3C,IAAA,eAAU,EAAC,OAAO,CAAC;oEACM,IAAA,eAAU,EAChE,KAAK,CACN;;6CAEgC,IAAA,eAAU,EAAC,KAAK,CAAC;cAChD,aAAa;;;OAGpB,CAAC;QACF,CAAC,CAAC;aACD,IAAI,CAAC,EAAE,CAAC,CAAC;QAEZ,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;MAgJL,SAAS,IAAI,QAAQ;YACnB,CAAC,CAAC;;8BAEoB,IAAA,eAAU,EAAC,QAAQ,IAAI,SAAS,IAAI,EAAE,CAAC;;KAEhE;YACG,CAAC,CAAC,EACN;;oBAEgB,IAAA,eAAU,EAAC,YAAY,CAAC;2DACe,IAAA,eAAU,EAAC,aAAa,CAAC;;;;;;;2EAOT,KAAK,CAAC,MAAM,OACjF,KAAK,CAAC,MACR;;;QAGI,aAAa;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;QAkDb,CAAC;IACP,CAAC;IAED;;OAEG;IACK,eAAe,CAAC,KAAa,EAAE,WAAmB;QACxD,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;kCAkCuB,IAAA,eAAU,EAAC,KAAK,CAAC;SAC1C,IAAA,eAAU,EAAC,WAAW,CAAC;;;QAGxB,CAAC;IACP,CAAC;CACF,CAAA;AAjvBO;IADL,KAAK,CAAC,YAAY,CAAC;;;;oDA+DnB;AAGK;IADL,KAAK,CAAC,eAAe,CAAC;;;;uDAkDtB;AAGK;IADL,KAAK,CAAC,mBAAmB,CAAC;;;;2DAK1B;AAGK;IADL,KAAK,CAAC,6BAA6B,CAAC;;;;qEAiGpC;AAGK;IADL,KAAK,CAAC,sBAAsB,CAAC;;;;8DA2F7B;AAGK;IADL,KAAK,CAAC,gBAAgB,CAAC;;;;wDAGvB;AAlUkB,kBAAkB;IAXtC,IAAA,aAAI,EAAC;QACJ,IAAI;QACJ,IAAI;QACJ,WAAW;QACX,YAAY;QACZ,MAAM,EAAE,QAAQ;QAChB,UAAU,EAAE;YACV,MAAM,EAAE,KAAK;YACb,IAAI,EAAE,kBAAkB;SACzB;KACF,CAAC;GACmB,kBAAkB,CAqvBtC;kBArvBoB,kBAAkB","sourcesContent":["/**\n * Authorization Endpoint — GET /oauth/authorize\n *\n * Who calls: Browser via the Client (RP).\n *\n * When: Start of the flow.\n *\n * Purpose: Authenticate the user and obtain consent; returns an authorization code to the client's redirect URI.\n *\n * Notes: Must support PKCE. Implicit/Hybrid are out in OAuth 2.1.\n */\n/**\n * Typical parameter shapes\n *\n * /oauth/authorize (GET)\n *\n * response_type=code, client_id, redirect_uri, scope, state, code_challenge, code_challenge_method=S256, (optionally request_uri from PAR)\n */\nimport {\n Flow,\n FlowBase,\n FlowPlan,\n FlowRunOptions,\n httpInputSchema,\n HttpRedirectSchema,\n httpRespond,\n HttpHtmlSchema,\n HttpTextSchema,\n StageHookOf,\n isOrchestratedMode,\n} from '../../common';\nimport { z, ZodError } from 'zod';\nimport { LocalPrimaryAuth } from '../instances/instance.local-primary-auth';\nimport { InMemoryAuthorizationStore, FederatedLoginStateRecord, ConsentStateRecord } from '../session';\nimport { AuthProviderDetectionResult, DetectedAuthProvider } from '../detection';\nimport {\n buildLoginPage,\n buildIncrementalAuthPage,\n buildFederatedLoginPage,\n escapeHtml,\n type AppAuthCard,\n type ProviderCard,\n} from '../ui';\n\n/**\n * Quick checklist (security & correctness)\n * - PKCE (S256) required for public clients (and basically for all).\n * - Use authorization code grant only (no implicit/hybrid).\n * - Rotate refresh tokens and bind them to client + user + scopes.\n * - Prefer private_key_jwt or mTLS for confidential clients.\n * - PAR + JAR recommended for higher security.\n * - Consider DPoP (proof-of-possession) to reduce token replay.\n * - Keep codes very short-lived (e.g., ≤60 s) and single-use.\n * - Publish discovery and JWKS, rotate keys safely.\n * - Decide JWT vs opaque access tokens; provide introspection if opaque.\n */\n\n// ============================================\n// OAuth 2.1 Authorization Request Schemas\n// ============================================\n\n/**\n * RFC 7636 PKCE: code_challenge is base64url(sha256(code_verifier))\n * Must be 43-128 characters of A-Za-z0-9-._~\n */\nconst pkceChallengeSchema = z\n .string()\n .min(43, 'code_challenge must be at least 43 characters')\n .max(128, 'code_challenge must be at most 128 characters')\n .regex(/^[A-Za-z0-9_-]+$/, 'code_challenge must contain only A-Za-z0-9-_');\n\n/**\n * OAuth 2.1 requires S256 only (plain is deprecated)\n */\nconst codeChallengeMethodSchema = z.literal('S256', {\n message: 'code_challenge_method must be \"S256\" (OAuth 2.1)',\n});\n\n/**\n * OAuth 2.1 authorization code flow only\n */\nconst responseTypeSchema = z.literal('code', {\n message: 'response_type must be \"code\" (OAuth 2.1)',\n});\n\n/**\n * Validated OAuth authorization request for orchestrated mode\n */\nconst oauthAuthorizeRequestSchema = z.object({\n response_type: responseTypeSchema,\n client_id: z.string().min(1, 'client_id is required'),\n redirect_uri: z.string().url('redirect_uri must be a valid URL'),\n code_challenge: pkceChallengeSchema,\n code_challenge_method: codeChallengeMethodSchema.optional().default('S256'),\n scope: z.string().optional(),\n state: z.string().optional(),\n resource: z.string().url().optional(),\n});\n\n/**\n * Minimal request for anonymous/default provider mode\n */\nconst anonymousAuthorizeRequestSchema = z.object({\n redirect_uri: z.string().url('redirect_uri is required'),\n state: z.string().optional(),\n});\n\nexport type OAuthAuthorizeRequest = z.infer<typeof oauthAuthorizeRequestSchema>;\nexport type AnonymousAuthorizeRequest = z.infer<typeof anonymousAuthorizeRequestSchema>;\n\n// ============================================\n// Flow Schemas\n// ============================================\n\nconst inputSchema = httpInputSchema;\n\nconst stateSchema = z.object({\n isDefaultAuthProvider: z.boolean().describe('If FrontMcp initialized without auth options'),\n isOrchestrated: z.boolean().describe('If FrontMcp is orchestrated (local oauth proxy, remote oauth proxy)'),\n allowAnonymous: z.boolean().describe('Allow anonymous access, force orchestrated mode'),\n // Validated OAuth request (after validation)\n validatedRequest: oauthAuthorizeRequestSchema.optional(),\n // Raw parameters for error handling\n rawRedirectUri: z.string().optional(),\n rawState: z.string().optional(),\n // Validation errors\n validationErrors: z.array(z.string()).optional(),\n // Pending authorization ID (for login flow)\n pendingAuthId: z.string().optional(),\n // Progressive/Incremental Authorization\n isIncrementalAuth: z.boolean().default(false).describe('Whether this is an incremental auth request'),\n targetAppId: z.string().optional().describe('Target app ID for incremental authorization'),\n targetToolId: z.string().optional().describe('Target tool ID that triggered the incremental auth'),\n existingSessionId: z.string().optional().describe('Existing session ID for incremental auth'),\n // Federated Login (multi-provider)\n requiresFederatedLogin: z.boolean().default(false).describe('Whether this auth requires federated login UI'),\n // Consent Flow\n requiresConsent: z.boolean().default(false).describe('Whether consent flow is enabled'),\n});\n\nconst outputSchema = z.union([\n HttpRedirectSchema, // for account/login or oauth/callback\n HttpTextSchema,\n HttpHtmlSchema, // for login page\n]);\n\nconst plan = {\n pre: [\n 'parseInput',\n 'validateInput',\n 'checkIfAuthorized', // used for direct code generation if refresh-token is provided\n ],\n execute: ['prepareAuthorizationRequest', 'buildAuthorizeOutput'],\n post: ['validateOutput'],\n} as const satisfies FlowPlan<string>;\n\ndeclare global {\n interface ExtendFlows {\n 'oauth:authorize': FlowRunOptions<\n OauthAuthorizeFlow,\n typeof plan,\n typeof inputSchema,\n typeof outputSchema,\n typeof stateSchema\n >;\n }\n}\n\nconst name = 'oauth:authorize' as const;\nconst Stage = StageHookOf(name);\n\n@Flow({\n name,\n plan,\n inputSchema,\n outputSchema,\n access: 'public',\n middleware: {\n method: 'GET',\n path: '/oauth/authorize',\n },\n})\nexport default class OauthAuthorizeFlow extends FlowBase<typeof name> {\n private logger = this.scope.logger.child('OauthAuthorizeFlow');\n\n @Stage('parseInput')\n async parseInput() {\n const { metadata } = this.scope;\n const { request } = this.rawInput;\n\n // Store raw params for error handling (redirect_uri and state needed for error responses)\n const rawRedirectUri = request.query['redirect_uri'] as string | undefined;\n const rawState = request.query['state'] as string | undefined;\n\n // Progressive/Incremental Authorization Parameters\n const targetAppId = request.query['app'] as string | undefined;\n const targetToolId = request.query['tool'] as string | undefined;\n const existingSessionId = request.query['session_id'] as string | undefined;\n const mode = request.query['mode'] as string | undefined;\n const isIncrementalAuth = mode === 'incremental' || !!targetAppId;\n\n const isDefaultAuthProvider = !metadata.auth;\n\n // Check if orchestrated mode with multiple providers (requires federated login)\n // This is determined by checking if there are multiple apps with different auth providers\n let requiresFederatedLogin = false;\n if (metadata.auth && isOrchestratedMode(metadata.auth)) {\n // Check if scope has apps with different auth providers\n const apps = this.scope.apps.getApps();\n const appsWithAuth = apps.filter((app) => app.metadata.auth);\n requiresFederatedLogin = appsWithAuth.length > 0;\n }\n\n // Check if consent flow is enabled\n let requiresConsent = false;\n if (metadata.auth && isOrchestratedMode(metadata.auth)) {\n const consentConfig = metadata.auth.consent;\n requiresConsent = consentConfig?.enabled === true;\n }\n\n this.state.set({\n isOrchestrated: true,\n allowAnonymous: isDefaultAuthProvider,\n isDefaultAuthProvider,\n rawRedirectUri,\n rawState,\n // Progressive/Incremental Authorization\n isIncrementalAuth,\n targetAppId,\n targetToolId,\n existingSessionId,\n // Federated Login\n requiresFederatedLogin,\n // Consent Flow\n requiresConsent,\n });\n\n if (isIncrementalAuth) {\n this.logger.info(`Incremental authorization requested for app: ${targetAppId}, tool: ${targetToolId}`);\n }\n\n if (requiresFederatedLogin) {\n this.logger.info(`Federated login required: Multiple auth providers detected`);\n }\n\n if (requiresConsent) {\n this.logger.info(`Consent flow enabled: User will select tools to expose`);\n }\n }\n\n @Stage('validateInput')\n async validateInput() {\n const { isDefaultAuthProvider, rawRedirectUri, rawState } = this.state;\n const { request } = this.rawInput;\n\n // Handle default anonymous provider - minimal validation\n if (isDefaultAuthProvider) {\n const result = anonymousAuthorizeRequestSchema.safeParse({\n redirect_uri: rawRedirectUri,\n state: rawState,\n });\n\n if (!result.success) {\n const errors = this.formatZodErrors(result.error);\n this.logger.warn(`Anonymous authorization request validation failed: ${errors.join(', ')}`);\n this.respond(httpRespond.html(this.renderErrorPage('invalid_request', errors.join('; ')), 400));\n return;\n }\n\n // Redirect with anonymous code\n const url = new URL(result.data.redirect_uri);\n url.searchParams.set('code', 'anonymous');\n if (result.data.state) {\n url.searchParams.set('state', result.data.state);\n }\n this.respond(httpRespond.redirect(url.toString()));\n return;\n }\n\n // Orchestrated mode - full OAuth 2.1 validation\n const result = oauthAuthorizeRequestSchema.safeParse({\n response_type: request.query['response_type'],\n client_id: request.query['client_id'],\n redirect_uri: rawRedirectUri,\n code_challenge: request.query['code_challenge'],\n code_challenge_method: request.query['code_challenge_method'] ?? 'S256',\n scope: request.query['scope'],\n state: rawState,\n resource: request.query['resource'],\n });\n\n if (!result.success) {\n const errors = this.formatZodErrors(result.error);\n this.logger.warn(`Authorization request validation failed: ${errors.join(', ')}`);\n this.respondWithError(errors, rawRedirectUri, rawState);\n return;\n }\n\n // Store validated request\n this.state.set('validatedRequest', result.data);\n }\n\n @Stage('checkIfAuthorized')\n async checkIfAuthorized() {\n // TODO: Check if user is already authorized (has valid session cookie)\n // If yes, skip login and directly generate authorization code\n // For now, always proceed to login\n }\n\n @Stage('prepareAuthorizationRequest')\n async prepareAuthorizationRequest() {\n const {\n validatedRequest,\n isIncrementalAuth,\n targetAppId,\n targetToolId,\n existingSessionId,\n requiresFederatedLogin,\n requiresConsent,\n } = this.state;\n const { metadata } = this.scope;\n\n if (!validatedRequest) {\n // Should not reach here if validation passed\n return;\n }\n\n // Store pending authorization request\n const auth = this.scope.auth;\n if (!auth || !('authorizationStore' in auth)) {\n this.respond(httpRespond.html(this.renderErrorPage('server_error', 'Authorization not configured'), 500));\n return;\n }\n const localAuth = auth as LocalPrimaryAuth;\n const store = localAuth.authorizationStore as InMemoryAuthorizationStore;\n\n // Build federated login state if multiple providers\n let federatedLogin: FederatedLoginStateRecord | undefined;\n if (requiresFederatedLogin) {\n // Build provider IDs from apps with auth\n const apps = this.scope.apps.getApps();\n const providerIds: string[] = [];\n\n // Add parent provider\n if (metadata.auth && isOrchestratedMode(metadata.auth)) {\n providerIds.push('__parent__');\n }\n\n // Add app-level providers\n for (const app of apps) {\n if (app.metadata.auth) {\n providerIds.push(app.metadata.id || app.metadata.name);\n }\n }\n\n federatedLogin = {\n providerIds,\n selectedProviderIds: undefined,\n skippedProviderIds: undefined,\n };\n }\n\n // Build consent state if enabled\n let consent: ConsentStateRecord | undefined;\n if (requiresConsent) {\n // Get all available tools from the scope\n const tools = this.scope.tools.getTools();\n const availableToolIds = tools.map((t) => t.metadata.id).filter((id): id is string => id !== undefined);\n\n consent = {\n enabled: true,\n availableToolIds,\n selectedToolIds: undefined,\n consentCompleted: false,\n };\n }\n\n const pendingRecord = store.createPendingRecord({\n clientId: validatedRequest.client_id,\n redirectUri: validatedRequest.redirect_uri,\n scopes: validatedRequest.scope ? validatedRequest.scope.split(' ') : [],\n pkce: {\n challenge: validatedRequest.code_challenge,\n method: 'S256',\n },\n state: validatedRequest.state,\n resource: validatedRequest.resource,\n // Progressive/Incremental Authorization Fields\n isIncremental: isIncrementalAuth,\n targetAppId,\n targetToolId,\n existingSessionId,\n // Federated Login State\n federatedLogin,\n // Consent State\n consent,\n });\n\n await localAuth.authorizationStore.storePendingAuthorization(pendingRecord);\n this.logger.info(\n `Pending authorization created: ${pendingRecord.id}${\n isIncrementalAuth ? ` (incremental for app: ${targetAppId})` : ''\n }${requiresFederatedLogin ? ' (federated)' : ''}${requiresConsent ? ' (consent enabled)' : ''}`,\n );\n\n this.state.set('pendingAuthId', pendingRecord.id);\n }\n\n @Stage('buildAuthorizeOutput')\n async buildAuthorizeOutput() {\n const { pendingAuthId, validatedRequest, isIncrementalAuth, targetAppId, targetToolId, requiresFederatedLogin } =\n this.state;\n\n if (!validatedRequest || !pendingAuthId) {\n return;\n }\n\n // For incremental auth, render a single-app authorization page\n if (isIncrementalAuth && targetAppId) {\n const apps = this.scope.apps.getApps();\n const app = apps.find((a) => a.metadata.id === targetAppId);\n const appName = app?.metadata?.name || targetAppId;\n const appDescription = app?.metadata?.description;\n\n const incrementalAuthHtml = this.renderIncrementalAuthPage({\n pendingAuthId,\n appId: targetAppId,\n appName,\n appDescription,\n toolId: targetToolId,\n redirectUri: validatedRequest.redirect_uri,\n });\n\n this.respond(httpRespond.html(incrementalAuthHtml));\n return;\n }\n\n // For federated login (multiple providers), render provider selection page\n if (requiresFederatedLogin) {\n const apps = this.scope.apps.getApps();\n const providers: DetectedAuthProvider[] = [];\n\n // Add parent provider\n const { metadata } = this.scope;\n if (metadata.auth && isOrchestratedMode(metadata.auth)) {\n providers.push({\n id: '__parent__',\n mode: metadata.auth.mode,\n appIds: ['__parent__'],\n scopes: [],\n isParentProvider: true,\n });\n }\n\n // Add app-level providers\n for (const app of apps) {\n if (app.metadata.auth) {\n providers.push({\n id: app.metadata.id || app.metadata.name,\n providerUrl: app.metadata.auth.mode === 'transparent' ? app.metadata.auth.remote.provider : undefined,\n mode: app.metadata.auth.mode,\n appIds: [app.metadata.id || app.metadata.name],\n scopes: [],\n isParentProvider: false,\n });\n }\n }\n\n const detection: AuthProviderDetectionResult = {\n providers: new Map(providers.map((p) => [p.id, p])),\n requiresOrchestration: true,\n parentProviderId: '__parent__',\n childProviderIds: providers.filter((p) => !p.isParentProvider).map((p) => p.id),\n uniqueProviderCount: providers.length,\n validationErrors: [],\n warnings: [],\n };\n\n const federatedLoginHtml = this.renderFederatedLoginPage({\n pendingAuthId,\n detection,\n clientId: validatedRequest.client_id,\n redirectUri: validatedRequest.redirect_uri,\n });\n\n this.respond(httpRespond.html(federatedLoginHtml));\n return;\n }\n\n // Render a simple login page for full authorization\n // In production, this would redirect to a proper login UI\n const loginHtml = this.renderLoginPage({\n pendingAuthId,\n clientId: validatedRequest.client_id,\n scope: validatedRequest.scope ?? '',\n redirectUri: validatedRequest.redirect_uri,\n });\n\n this.respond(httpRespond.html(loginHtml));\n }\n\n @Stage('validateOutput')\n async validateOutput() {\n // Output validation is handled by schema\n }\n\n /**\n * Format Zod errors into human-readable strings\n */\n private formatZodErrors(error: ZodError): string[] {\n return error.issues.map((err) => {\n const path = err.path.length > 0 ? `${err.path.join('.')}: ` : '';\n return `${path}${err.message}`;\n });\n }\n\n /**\n * Respond with OAuth error - redirect if possible, otherwise show error page\n */\n private respondWithError(errors: string[], redirectUri?: string, state?: string): void {\n const errorDescription = errors.join('; ');\n\n // Try to redirect with error if we have a valid redirect_uri\n if (redirectUri) {\n try {\n const url = new URL(redirectUri);\n url.searchParams.set('error', 'invalid_request');\n url.searchParams.set('error_description', errorDescription);\n if (state) {\n url.searchParams.set('state', state);\n }\n this.respond(httpRespond.redirect(url.toString()));\n return;\n } catch {\n // Invalid redirect_uri, fall through to error page\n }\n }\n\n this.respond(httpRespond.html(this.renderErrorPage('invalid_request', errorDescription), 400));\n }\n\n /**\n * Render a simple login page using HTMX templates\n */\n private renderLoginPage(params: {\n pendingAuthId: string;\n clientId: string;\n scope: string;\n redirectUri: string;\n }): string {\n const { pendingAuthId, clientId, scope } = params;\n const callbackPath = `${this.scope.fullPath}/oauth/callback`;\n\n return buildLoginPage({\n clientName: clientId,\n scope,\n pendingAuthId,\n callbackPath,\n });\n }\n\n /**\n * Render incremental authorization page for a single app using HTMX templates\n */\n private renderIncrementalAuthPage(params: {\n pendingAuthId: string;\n appId: string;\n appName: string;\n appDescription?: string;\n toolId?: string;\n redirectUri: string;\n }): string {\n const { pendingAuthId, appId, appName, appDescription, toolId } = params;\n const callbackPath = `${this.scope.fullPath}/oauth/callback`;\n\n const app: AppAuthCard = {\n appId,\n appName,\n description: appDescription,\n };\n\n return buildIncrementalAuthPage({\n app,\n toolId: toolId || 'unknown tool',\n sessionHint: pendingAuthId,\n callbackPath,\n });\n }\n\n /**\n * Render federated login page for multiple auth providers using HTMX templates\n */\n private renderFederatedLoginPage(params: {\n pendingAuthId: string;\n detection: AuthProviderDetectionResult;\n clientId: string;\n redirectUri: string;\n }): string {\n const { pendingAuthId, detection, clientId } = params;\n const callbackPath = `${this.scope.fullPath}/oauth/callback`;\n\n // Convert detection providers to ProviderCard format\n const providers: ProviderCard[] = [...detection.providers.values()].map((provider) => ({\n providerId: provider.id,\n providerName: provider.id,\n providerUrl: provider.providerUrl,\n mode: provider.mode,\n appIds: provider.appIds.filter((id) => id !== '__parent__'),\n isPrimary: provider.isParentProvider,\n }));\n\n return buildFederatedLoginPage({\n providers,\n clientName: clientId,\n pendingAuthId,\n csrfToken: '', // No CSRF needed for GET form\n callbackPath,\n });\n }\n\n /**\n * Render consent page for tool selection\n * This is a placeholder - in production, use Juris/Svelte for the UI\n */\n private renderConsentPage(params: {\n pendingAuthId: string;\n tools: Array<{ id: string; name: string; description?: string; appId: string; appName: string }>;\n userEmail?: string;\n userName?: string;\n }): string {\n const { pendingAuthId, tools, userEmail, userName } = params;\n const callbackPath = `${this.scope.fullPath}/oauth/consent`;\n\n // Group tools by app\n const toolsByApp = tools.reduce((acc, tool) => {\n if (!acc[tool.appId]) {\n acc[tool.appId] = { appName: tool.appName, tools: [] };\n }\n acc[tool.appId].tools.push(tool);\n return acc;\n }, {} as Record<string, { appName: string; tools: typeof tools }>);\n\n // Build tool cards HTML grouped by app\n const appGroupsHtml = Object.entries(toolsByApp)\n .map(([appId, { appName, tools: appTools }]) => {\n const toolCardsHtml = appTools\n .map(\n (tool) => `\n <label class=\"tool-card\">\n <input type=\"checkbox\" name=\"tools\" value=\"${escapeHtml(tool.id)}\" checked>\n <div class=\"tool-content\">\n <div class=\"tool-name\">${escapeHtml(tool.name)}</div>\n ${tool.description ? `<div class=\"tool-description\">${escapeHtml(tool.description)}</div>` : ''}\n </div>\n </label>\n `,\n )\n .join('');\n\n return `\n <div class=\"app-group\">\n <div class=\"app-group-header\">\n <span class=\"app-group-icon\">${escapeHtml(appName.charAt(0).toUpperCase())}</span>\n <span class=\"app-group-name\">${escapeHtml(appName)}</span>\n <button type=\"button\" class=\"toggle-app\" data-app-id=\"${escapeHtml(\n appId,\n )}\" onclick=\"toggleAppTools(this.dataset.appId)\">Toggle All</button>\n </div>\n <div class=\"app-tools\" data-app=\"${escapeHtml(appId)}\">\n ${toolCardsHtml}\n </div>\n </div>\n `;\n })\n .join('');\n\n return `<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n <meta charset=\"UTF-8\">\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\n <title>Select Tools - FrontMCP</title>\n <style>\n * { box-sizing: border-box; margin: 0; padding: 0; }\n body {\n font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;\n background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);\n min-height: 100vh;\n display: flex;\n align-items: center;\n justify-content: center;\n padding: 20px;\n }\n .consent-container {\n background: white;\n padding: 40px;\n border-radius: 12px;\n box-shadow: 0 10px 40px rgba(0,0,0,0.2);\n width: 100%;\n max-width: 700px;\n max-height: 90vh;\n overflow-y: auto;\n }\n h1 { color: #333; margin-bottom: 10px; font-size: 24px; }\n .subtitle { color: #666; margin-bottom: 20px; font-size: 14px; line-height: 1.5; }\n .user-info {\n background: #f8f9fa;\n padding: 12px 16px;\n border-radius: 8px;\n margin-bottom: 24px;\n font-size: 14px;\n }\n .user-info strong { color: #333; }\n .select-controls {\n display: flex;\n gap: 16px;\n margin-bottom: 16px;\n align-items: center;\n }\n .select-controls label {\n display: flex;\n align-items: center;\n gap: 8px;\n font-size: 14px;\n color: #666;\n cursor: pointer;\n }\n .app-group {\n background: #f8f9fa;\n border-radius: 12px;\n margin-bottom: 16px;\n overflow: hidden;\n }\n .app-group-header {\n display: flex;\n align-items: center;\n gap: 12px;\n padding: 16px;\n background: #e9ecef;\n }\n .app-group-icon {\n width: 32px;\n height: 32px;\n background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);\n border-radius: 8px;\n display: flex;\n align-items: center;\n justify-content: center;\n color: white;\n font-weight: 600;\n }\n .app-group-name { font-weight: 600; color: #333; flex: 1; }\n .toggle-app {\n padding: 6px 12px;\n background: white;\n border: 1px solid #ddd;\n border-radius: 6px;\n font-size: 12px;\n cursor: pointer;\n }\n .toggle-app:hover { background: #f0f0f0; }\n .app-tools { padding: 12px; }\n .tool-card {\n display: flex;\n align-items: flex-start;\n gap: 12px;\n padding: 12px;\n background: white;\n border-radius: 8px;\n margin-bottom: 8px;\n cursor: pointer;\n transition: all 0.2s;\n }\n .tool-card:hover { background: #f0f4ff; }\n .tool-card:last-child { margin-bottom: 0; }\n .tool-card input { margin-top: 2px; }\n .tool-content { flex: 1; }\n .tool-name { font-weight: 500; color: #333; font-size: 14px; }\n .tool-description { font-size: 12px; color: #666; margin-top: 4px; }\n .button-group { display: flex; gap: 12px; margin-top: 24px; }\n button {\n flex: 1;\n padding: 14px;\n border: none;\n border-radius: 8px;\n font-size: 16px;\n font-weight: 600;\n cursor: pointer;\n transition: transform 0.2s, box-shadow 0.2s;\n }\n .btn-confirm {\n background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);\n color: white;\n }\n .btn-confirm:hover { transform: translateY(-1px); box-shadow: 0 4px 12px rgba(102, 126, 234, 0.4); }\n .btn-cancel {\n background: #e5e7eb;\n color: #374151;\n }\n .btn-cancel:hover { background: #d1d5db; }\n .selection-summary {\n background: #f0f9ff;\n border: 1px solid #bae6fd;\n border-radius: 8px;\n padding: 12px 16px;\n margin-top: 16px;\n font-size: 13px;\n color: #0369a1;\n }\n </style>\n</head>\n<body>\n <div class=\"consent-container\">\n <h1>Select Tools to Enable</h1>\n <p class=\"subtitle\">\n Choose which tools you want to make available to the AI assistant.\n You can enable or disable tools at any time.\n </p>\n\n ${\n userEmail || userName\n ? `\n <div class=\"user-info\">\n Logged in as: <strong>${escapeHtml(userName || userEmail || '')}</strong>\n </div>\n `\n : ''\n }\n\n <form action=\"${escapeHtml(callbackPath)}\" method=\"POST\" id=\"consent-form\">\n <input type=\"hidden\" name=\"pending_auth_id\" value=\"${escapeHtml(pendingAuthId)}\">\n\n <div class=\"select-controls\">\n <label>\n <input type=\"checkbox\" id=\"select-all\" onchange=\"toggleAllTools(this)\" checked>\n Select all tools\n </label>\n <span style=\"color: #999; font-size: 12px;\" id=\"selection-count\">${tools.length} of ${\n tools.length\n } selected</span>\n </div>\n\n ${appGroupsHtml}\n\n <div class=\"selection-summary\" id=\"selection-summary\">\n Selected tools will be available to the AI assistant.\n </div>\n\n <div class=\"button-group\">\n <button type=\"button\" class=\"btn-cancel\" onclick=\"history.back()\">Cancel</button>\n <button type=\"submit\" class=\"btn-confirm\">Confirm Selection</button>\n </div>\n </form>\n </div>\n\n <script>\n function toggleAllTools(checkbox) {\n const checkboxes = document.querySelectorAll('input[name=\"tools\"]');\n checkboxes.forEach(cb => cb.checked = checkbox.checked);\n updateCount();\n }\n\n function toggleAppTools(appId) {\n const container = document.querySelector(\\`.app-tools[data-app=\"\\${appId}\"]\\`);\n const checkboxes = container.querySelectorAll('input[name=\"tools\"]');\n const allChecked = [...checkboxes].every(cb => cb.checked);\n checkboxes.forEach(cb => cb.checked = !allChecked);\n updateSelectAll();\n updateCount();\n }\n\n function updateSelectAll() {\n const all = document.querySelectorAll('input[name=\"tools\"]');\n const checked = document.querySelectorAll('input[name=\"tools\"]:checked');\n document.getElementById('select-all').checked = all.length === checked.length;\n }\n\n function updateCount() {\n const all = document.querySelectorAll('input[name=\"tools\"]');\n const checked = document.querySelectorAll('input[name=\"tools\"]:checked');\n document.getElementById('selection-count').textContent = \\`\\${checked.length} of \\${all.length} selected\\`;\n }\n\n // Add change listeners to all tool checkboxes\n document.querySelectorAll('input[name=\"tools\"]').forEach(cb => {\n cb.addEventListener('change', () => {\n updateSelectAll();\n updateCount();\n });\n });\n </script>\n</body>\n</html>`;\n }\n\n /**\n * Render an error page\n */\n private renderErrorPage(error: string, description: string): string {\n return `<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n <meta charset=\"UTF-8\">\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\n <title>Authorization Error</title>\n <style>\n body {\n font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;\n background: #f5f5f5;\n min-height: 100vh;\n display: flex;\n align-items: center;\n justify-content: center;\n padding: 20px;\n }\n .error-container {\n background: white;\n padding: 40px;\n border-radius: 12px;\n box-shadow: 0 4px 20px rgba(0,0,0,0.1);\n max-width: 500px;\n text-align: center;\n }\n .error-icon { font-size: 48px; margin-bottom: 20px; }\n h1 { color: #e53e3e; margin-bottom: 10px; }\n p { color: #666; line-height: 1.6; }\n .error-code { font-family: monospace; background: #f5f5f5; padding: 4px 8px; border-radius: 4px; }\n </style>\n</head>\n<body>\n <div class=\"error-container\">\n <div class=\"error-icon\">⚠️</div>\n <h1>Authorization Error</h1>\n <p><span class=\"error-code\">${escapeHtml(error)}</span></p>\n <p>${escapeHtml(description)}</p>\n </div>\n</body>\n</html>`;\n }\n}\n"]}
|
|
@@ -1,357 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
/**
|
|
3
|
-
* OAuth Callback Endpoint — GET /oauth/callback
|
|
4
|
-
*
|
|
5
|
-
* Who calls: Browser after user completes login form
|
|
6
|
-
*
|
|
7
|
-
* When: After the user submits the login form from /oauth/authorize
|
|
8
|
-
*
|
|
9
|
-
* Purpose: Creates an authorization code and redirects back to the client's redirect_uri
|
|
10
|
-
*
|
|
11
|
-
* Notes: This is a simple "demo" login callback. In production, this would integrate
|
|
12
|
-
* with a real identity provider or user database.
|
|
13
|
-
*/
|
|
14
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
15
|
-
const tslib_1 = require("tslib");
|
|
16
|
-
const common_1 = require("../../common");
|
|
17
|
-
const zod_1 = require("zod");
|
|
18
|
-
const crypto_1 = require("crypto");
|
|
19
|
-
const ui_1 = require("../ui");
|
|
20
|
-
const inputSchema = common_1.httpInputSchema;
|
|
21
|
-
const stateSchema = zod_1.z.object({
|
|
22
|
-
// From query params
|
|
23
|
-
pendingAuthId: zod_1.z.string().optional(),
|
|
24
|
-
email: zod_1.z.string().optional(),
|
|
25
|
-
name: zod_1.z.string().optional(),
|
|
26
|
-
// From pending authorization record
|
|
27
|
-
clientId: zod_1.z.string().optional(),
|
|
28
|
-
redirectUri: zod_1.z.string().optional(),
|
|
29
|
-
scopes: zod_1.z.array(zod_1.z.string()).optional(),
|
|
30
|
-
codeChallenge: zod_1.z.string().optional(),
|
|
31
|
-
originalState: zod_1.z.string().optional(),
|
|
32
|
-
resource: zod_1.z.string().optional(),
|
|
33
|
-
// Generated
|
|
34
|
-
authorizationCode: zod_1.z.string().optional(),
|
|
35
|
-
userSub: zod_1.z.string().optional(),
|
|
36
|
-
// Progressive/Incremental Authorization
|
|
37
|
-
isIncremental: zod_1.z.boolean().default(false),
|
|
38
|
-
targetAppId: zod_1.z.string().optional(),
|
|
39
|
-
targetToolId: zod_1.z.string().optional(),
|
|
40
|
-
existingSessionId: zod_1.z.string().optional(),
|
|
41
|
-
existingAuthorizationId: zod_1.z.string().optional(),
|
|
42
|
-
// Federated Login
|
|
43
|
-
isFederated: zod_1.z.boolean().default(false),
|
|
44
|
-
selectedProviders: zod_1.z.array(zod_1.z.string()).optional(),
|
|
45
|
-
skippedProviders: zod_1.z.array(zod_1.z.string()).optional(),
|
|
46
|
-
// Consent
|
|
47
|
-
consentEnabled: zod_1.z.boolean().default(false),
|
|
48
|
-
selectedTools: zod_1.z.array(zod_1.z.string()).optional(),
|
|
49
|
-
});
|
|
50
|
-
const outputSchema = zod_1.z.union([common_1.HttpRedirectSchema, common_1.HttpHtmlSchema]);
|
|
51
|
-
const plan = {
|
|
52
|
-
pre: ['parseInput', 'validatePendingAuth'],
|
|
53
|
-
execute: ['handleIncrementalAuth', 'createAuthorizationCode', 'redirectToClient'],
|
|
54
|
-
};
|
|
55
|
-
const name = 'oauth:callback';
|
|
56
|
-
const Stage = (0, common_1.StageHookOf)(name);
|
|
57
|
-
let OauthCallbackFlow = class OauthCallbackFlow extends common_1.FlowBase {
|
|
58
|
-
logger = this.scope.logger.child('OauthCallbackFlow');
|
|
59
|
-
async parseInput() {
|
|
60
|
-
const { request } = this.rawInput;
|
|
61
|
-
// Extract login form data from query params
|
|
62
|
-
const pendingAuthId = request.query['pending_auth_id'];
|
|
63
|
-
const email = request.query['email'];
|
|
64
|
-
const name = request.query['name'];
|
|
65
|
-
// Progressive/Incremental Authorization Parameters
|
|
66
|
-
const isIncremental = request.query['incremental'] === 'true';
|
|
67
|
-
const targetAppId = request.query['app_id'];
|
|
68
|
-
// Federated Login Parameters
|
|
69
|
-
const isFederated = request.query['federated'] === 'true';
|
|
70
|
-
// providers can be array (multiple checkboxes) or string (single)
|
|
71
|
-
const providersParam = request.query['providers'];
|
|
72
|
-
let selectedProviders;
|
|
73
|
-
if (providersParam) {
|
|
74
|
-
selectedProviders = Array.isArray(providersParam) ? providersParam : [providersParam];
|
|
75
|
-
}
|
|
76
|
-
// Consent Parameters (from POST body or query)
|
|
77
|
-
// Note: For consent, we might use POST, but GET is also supported
|
|
78
|
-
const toolsParam = request.query['tools'];
|
|
79
|
-
let selectedTools;
|
|
80
|
-
if (toolsParam) {
|
|
81
|
-
selectedTools = Array.isArray(toolsParam) ? toolsParam : [toolsParam];
|
|
82
|
-
}
|
|
83
|
-
this.state.set({
|
|
84
|
-
pendingAuthId,
|
|
85
|
-
email,
|
|
86
|
-
name,
|
|
87
|
-
isIncremental,
|
|
88
|
-
targetAppId,
|
|
89
|
-
isFederated,
|
|
90
|
-
selectedProviders,
|
|
91
|
-
selectedTools,
|
|
92
|
-
});
|
|
93
|
-
if (isIncremental) {
|
|
94
|
-
this.logger.info(`Incremental auth callback for app: ${targetAppId}`);
|
|
95
|
-
}
|
|
96
|
-
if (isFederated) {
|
|
97
|
-
this.logger.info(`Federated login callback with ${selectedProviders?.length || 0} selected providers`);
|
|
98
|
-
}
|
|
99
|
-
if (selectedTools && selectedTools.length > 0) {
|
|
100
|
-
this.logger.info(`Consent callback with ${selectedTools.length} selected tools`);
|
|
101
|
-
}
|
|
102
|
-
}
|
|
103
|
-
async validatePendingAuth() {
|
|
104
|
-
const { pendingAuthId, email, isIncremental, isFederated, selectedProviders, selectedTools } = this.state;
|
|
105
|
-
if (!pendingAuthId) {
|
|
106
|
-
this.logger.warn('Missing pending_auth_id in callback');
|
|
107
|
-
this.respond(common_1.httpRespond.html(this.renderErrorPage('invalid_request', 'Missing pending_auth_id parameter'), 400));
|
|
108
|
-
return;
|
|
109
|
-
}
|
|
110
|
-
// For incremental auth, email is not required (user already authenticated)
|
|
111
|
-
if (!isIncremental && !email) {
|
|
112
|
-
this.logger.warn('Missing email in callback');
|
|
113
|
-
this.respond(common_1.httpRespond.html(this.renderErrorPage('invalid_request', 'Email is required'), 400));
|
|
114
|
-
return;
|
|
115
|
-
}
|
|
116
|
-
// Retrieve the pending authorization
|
|
117
|
-
const localAuth = this.scope.auth;
|
|
118
|
-
const pendingAuth = await localAuth.authorizationStore.getPendingAuthorization(pendingAuthId);
|
|
119
|
-
if (!pendingAuth) {
|
|
120
|
-
this.logger.warn(`Pending authorization not found or expired: ${pendingAuthId}`);
|
|
121
|
-
this.respond(common_1.httpRespond.html(this.renderErrorPage('invalid_request', 'Authorization request has expired. Please try again.'), 400));
|
|
122
|
-
return;
|
|
123
|
-
}
|
|
124
|
-
// Generate a user sub from email (in production, this would come from a user database)
|
|
125
|
-
// For incremental auth, we might need to use existing session's user sub
|
|
126
|
-
const userSub = email ? this.generateUserSub(email) : undefined;
|
|
127
|
-
// Calculate skipped providers from federated login
|
|
128
|
-
let skippedProviders;
|
|
129
|
-
if (isFederated && pendingAuth.federatedLogin) {
|
|
130
|
-
const allProviders = pendingAuth.federatedLogin.providerIds;
|
|
131
|
-
const selected = selectedProviders || [];
|
|
132
|
-
skippedProviders = allProviders.filter((id) => !selected.includes(id));
|
|
133
|
-
}
|
|
134
|
-
// Get consent state
|
|
135
|
-
const consentEnabled = pendingAuth.consent?.enabled ?? false;
|
|
136
|
-
// If consent was enabled and user submitted selection, use it; otherwise use all available
|
|
137
|
-
const finalSelectedTools = consentEnabled && selectedTools ? selectedTools : pendingAuth.consent?.availableToolIds;
|
|
138
|
-
this.state.set({
|
|
139
|
-
clientId: pendingAuth.clientId,
|
|
140
|
-
redirectUri: pendingAuth.redirectUri,
|
|
141
|
-
scopes: pendingAuth.scopes,
|
|
142
|
-
codeChallenge: pendingAuth.pkce.challenge,
|
|
143
|
-
originalState: pendingAuth.state,
|
|
144
|
-
resource: pendingAuth.resource,
|
|
145
|
-
userSub,
|
|
146
|
-
// Progressive/Incremental Authorization from pending record
|
|
147
|
-
isIncremental: pendingAuth.isIncremental || isIncremental,
|
|
148
|
-
targetAppId: pendingAuth.targetAppId || this.state.targetAppId,
|
|
149
|
-
targetToolId: pendingAuth.targetToolId,
|
|
150
|
-
existingSessionId: pendingAuth.existingSessionId,
|
|
151
|
-
existingAuthorizationId: pendingAuth.existingAuthorizationId,
|
|
152
|
-
// Federated Login
|
|
153
|
-
isFederated: isFederated || !!pendingAuth.federatedLogin,
|
|
154
|
-
selectedProviders: selectedProviders,
|
|
155
|
-
skippedProviders: skippedProviders,
|
|
156
|
-
// Consent
|
|
157
|
-
consentEnabled,
|
|
158
|
-
selectedTools: finalSelectedTools,
|
|
159
|
-
});
|
|
160
|
-
// Clean up the pending authorization
|
|
161
|
-
await localAuth.authorizationStore.deletePendingAuthorization(pendingAuthId);
|
|
162
|
-
}
|
|
163
|
-
/**
|
|
164
|
-
* Handle incremental authorization - expand existing session's token vault
|
|
165
|
-
* For incremental auth, we add the app to the existing authorization without
|
|
166
|
-
* requiring full re-authentication
|
|
167
|
-
*/
|
|
168
|
-
async handleIncrementalAuth() {
|
|
169
|
-
const { isIncremental, targetAppId, existingAuthorizationId, redirectUri } = this.state;
|
|
170
|
-
// Skip if not incremental auth
|
|
171
|
-
if (!isIncremental || !targetAppId) {
|
|
172
|
-
return;
|
|
173
|
-
}
|
|
174
|
-
this.logger.info(`Processing incremental authorization for app: ${targetAppId}`);
|
|
175
|
-
// For incremental auth, we need to:
|
|
176
|
-
// 1. Validate the existing session (if provided)
|
|
177
|
-
// 2. Generate a special incremental auth code that includes the app ID
|
|
178
|
-
// 3. The token endpoint will then expand the authorization
|
|
179
|
-
// For now, we pass the incremental auth info through the authorization code
|
|
180
|
-
// The token exchange will handle expanding the authorization
|
|
181
|
-
// Store incremental auth metadata for the token exchange
|
|
182
|
-
// This will be encoded in the authorization code or stored separately
|
|
183
|
-
this.logger.info(`Incremental auth prepared for app: ${targetAppId}, existing auth: ${existingAuthorizationId || 'none'}`);
|
|
184
|
-
}
|
|
185
|
-
async createAuthorizationCode() {
|
|
186
|
-
const { clientId, redirectUri, scopes, codeChallenge, originalState, resource, email, name, userSub,
|
|
187
|
-
// Consent and Federated Login
|
|
188
|
-
consentEnabled, selectedTools, isFederated, selectedProviders, skippedProviders, } = this.state.required;
|
|
189
|
-
// Validate required fields before creating authorization code
|
|
190
|
-
if (!clientId || !redirectUri || !codeChallenge || !userSub) {
|
|
191
|
-
const missingFields = [
|
|
192
|
-
!clientId && 'clientId',
|
|
193
|
-
!redirectUri && 'redirectUri',
|
|
194
|
-
!codeChallenge && 'codeChallenge',
|
|
195
|
-
!userSub && 'userSub',
|
|
196
|
-
].filter(Boolean);
|
|
197
|
-
this.logger.error(`Missing required fields for authorization code: ${missingFields.join(', ')}`);
|
|
198
|
-
this.respond(common_1.httpRespond.html(this.renderErrorPage('server_error', 'Authorization request is incomplete. Please try again.'), 500));
|
|
199
|
-
return;
|
|
200
|
-
}
|
|
201
|
-
const localAuth = this.scope.auth;
|
|
202
|
-
// Create the authorization code with consent/federated data
|
|
203
|
-
const code = await localAuth.createAuthorizationCode({
|
|
204
|
-
clientId,
|
|
205
|
-
redirectUri,
|
|
206
|
-
scopes: scopes ?? [],
|
|
207
|
-
codeChallenge,
|
|
208
|
-
userSub,
|
|
209
|
-
userEmail: email,
|
|
210
|
-
userName: name,
|
|
211
|
-
state: originalState,
|
|
212
|
-
resource,
|
|
213
|
-
// Consent and Federated Login Data
|
|
214
|
-
selectedToolIds: selectedTools,
|
|
215
|
-
selectedProviderIds: selectedProviders,
|
|
216
|
-
skippedProviderIds: skippedProviders,
|
|
217
|
-
consentEnabled: consentEnabled,
|
|
218
|
-
federatedLoginUsed: isFederated,
|
|
219
|
-
});
|
|
220
|
-
this.logger.info(`Authorization code created for user: ${userSub}${consentEnabled ? ` with ${selectedTools?.length || 0} selected tools` : ''}${isFederated ? ` (federated with ${selectedProviders?.length || 0} providers)` : ''}`);
|
|
221
|
-
this.state.set('authorizationCode', code);
|
|
222
|
-
}
|
|
223
|
-
async redirectToClient() {
|
|
224
|
-
const { redirectUri, authorizationCode, originalState, isIncremental, targetAppId } = this.state.required;
|
|
225
|
-
// Validate required fields for redirect
|
|
226
|
-
if (!redirectUri || !authorizationCode) {
|
|
227
|
-
this.logger.error('Missing redirectUri or authorizationCode for redirect');
|
|
228
|
-
this.respond(common_1.httpRespond.html(this.renderErrorPage('server_error', 'Failed to complete authorization. Please try again.'), 500));
|
|
229
|
-
return;
|
|
230
|
-
}
|
|
231
|
-
// Build the redirect URL with the authorization code
|
|
232
|
-
const url = new URL(redirectUri);
|
|
233
|
-
url.searchParams.set('code', authorizationCode);
|
|
234
|
-
if (originalState) {
|
|
235
|
-
url.searchParams.set('state', originalState);
|
|
236
|
-
}
|
|
237
|
-
// For incremental auth, include the app ID in the redirect
|
|
238
|
-
// This allows the client to know which app was just authorized
|
|
239
|
-
if (isIncremental && targetAppId) {
|
|
240
|
-
url.searchParams.set('incremental', 'true');
|
|
241
|
-
url.searchParams.set('app_id', targetAppId);
|
|
242
|
-
}
|
|
243
|
-
this.logger.info(`Redirecting to client: ${url.origin}${url.pathname}${isIncremental ? ` (incremental for app: ${targetAppId})` : ''}`);
|
|
244
|
-
this.respond(common_1.httpRespond.redirect(url.toString()));
|
|
245
|
-
}
|
|
246
|
-
/**
|
|
247
|
-
* Generate a stable user sub from email
|
|
248
|
-
* In production, this would be the user's ID from the database
|
|
249
|
-
*/
|
|
250
|
-
generateUserSub(email) {
|
|
251
|
-
// Create a deterministic UUID from the email for demo purposes
|
|
252
|
-
// In production, this would be the actual user ID
|
|
253
|
-
const hash = (0, crypto_1.createHash)('sha256').update(email.toLowerCase()).digest('hex');
|
|
254
|
-
// Format as UUID
|
|
255
|
-
return `${hash.slice(0, 8)}-${hash.slice(8, 12)}-${hash.slice(12, 16)}-${hash.slice(16, 20)}-${hash.slice(20, 32)}`;
|
|
256
|
-
}
|
|
257
|
-
/**
|
|
258
|
-
* Render an error page
|
|
259
|
-
*/
|
|
260
|
-
renderErrorPage(error, description) {
|
|
261
|
-
// Escape user-provided content to prevent XSS attacks
|
|
262
|
-
const safeError = (0, ui_1.escapeHtml)(error);
|
|
263
|
-
const safeDescription = (0, ui_1.escapeHtml)(description);
|
|
264
|
-
return `<!DOCTYPE html>
|
|
265
|
-
<html lang="en">
|
|
266
|
-
<head>
|
|
267
|
-
<meta charset="UTF-8">
|
|
268
|
-
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
|
269
|
-
<title>Authorization Error</title>
|
|
270
|
-
<style>
|
|
271
|
-
body {
|
|
272
|
-
font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
|
|
273
|
-
background: #f5f5f5;
|
|
274
|
-
min-height: 100vh;
|
|
275
|
-
display: flex;
|
|
276
|
-
align-items: center;
|
|
277
|
-
justify-content: center;
|
|
278
|
-
padding: 20px;
|
|
279
|
-
}
|
|
280
|
-
.error-container {
|
|
281
|
-
background: white;
|
|
282
|
-
padding: 40px;
|
|
283
|
-
border-radius: 12px;
|
|
284
|
-
box-shadow: 0 4px 20px rgba(0,0,0,0.1);
|
|
285
|
-
max-width: 500px;
|
|
286
|
-
text-align: center;
|
|
287
|
-
}
|
|
288
|
-
.error-icon { font-size: 48px; margin-bottom: 20px; }
|
|
289
|
-
h1 { color: #e53e3e; margin-bottom: 10px; }
|
|
290
|
-
p { color: #666; line-height: 1.6; }
|
|
291
|
-
.error-code { font-family: monospace; background: #f5f5f5; padding: 4px 8px; border-radius: 4px; }
|
|
292
|
-
.retry-link {
|
|
293
|
-
display: inline-block;
|
|
294
|
-
margin-top: 20px;
|
|
295
|
-
color: #667eea;
|
|
296
|
-
text-decoration: none;
|
|
297
|
-
}
|
|
298
|
-
.retry-link:hover { text-decoration: underline; }
|
|
299
|
-
</style>
|
|
300
|
-
</head>
|
|
301
|
-
<body>
|
|
302
|
-
<div class="error-container">
|
|
303
|
-
<div class="error-icon">⚠️</div>
|
|
304
|
-
<h1>Authorization Error</h1>
|
|
305
|
-
<p><span class="error-code">${safeError}</span></p>
|
|
306
|
-
<p>${safeDescription}</p>
|
|
307
|
-
<a href="javascript:history.back()" class="retry-link">← Go Back</a>
|
|
308
|
-
</div>
|
|
309
|
-
</body>
|
|
310
|
-
</html>`;
|
|
311
|
-
}
|
|
312
|
-
};
|
|
313
|
-
tslib_1.__decorate([
|
|
314
|
-
Stage('parseInput'),
|
|
315
|
-
tslib_1.__metadata("design:type", Function),
|
|
316
|
-
tslib_1.__metadata("design:paramtypes", []),
|
|
317
|
-
tslib_1.__metadata("design:returntype", Promise)
|
|
318
|
-
], OauthCallbackFlow.prototype, "parseInput", null);
|
|
319
|
-
tslib_1.__decorate([
|
|
320
|
-
Stage('validatePendingAuth'),
|
|
321
|
-
tslib_1.__metadata("design:type", Function),
|
|
322
|
-
tslib_1.__metadata("design:paramtypes", []),
|
|
323
|
-
tslib_1.__metadata("design:returntype", Promise)
|
|
324
|
-
], OauthCallbackFlow.prototype, "validatePendingAuth", null);
|
|
325
|
-
tslib_1.__decorate([
|
|
326
|
-
Stage('handleIncrementalAuth'),
|
|
327
|
-
tslib_1.__metadata("design:type", Function),
|
|
328
|
-
tslib_1.__metadata("design:paramtypes", []),
|
|
329
|
-
tslib_1.__metadata("design:returntype", Promise)
|
|
330
|
-
], OauthCallbackFlow.prototype, "handleIncrementalAuth", null);
|
|
331
|
-
tslib_1.__decorate([
|
|
332
|
-
Stage('createAuthorizationCode'),
|
|
333
|
-
tslib_1.__metadata("design:type", Function),
|
|
334
|
-
tslib_1.__metadata("design:paramtypes", []),
|
|
335
|
-
tslib_1.__metadata("design:returntype", Promise)
|
|
336
|
-
], OauthCallbackFlow.prototype, "createAuthorizationCode", null);
|
|
337
|
-
tslib_1.__decorate([
|
|
338
|
-
Stage('redirectToClient'),
|
|
339
|
-
tslib_1.__metadata("design:type", Function),
|
|
340
|
-
tslib_1.__metadata("design:paramtypes", []),
|
|
341
|
-
tslib_1.__metadata("design:returntype", Promise)
|
|
342
|
-
], OauthCallbackFlow.prototype, "redirectToClient", null);
|
|
343
|
-
OauthCallbackFlow = tslib_1.__decorate([
|
|
344
|
-
(0, common_1.Flow)({
|
|
345
|
-
name,
|
|
346
|
-
plan,
|
|
347
|
-
inputSchema,
|
|
348
|
-
outputSchema,
|
|
349
|
-
access: 'public',
|
|
350
|
-
middleware: {
|
|
351
|
-
method: 'GET',
|
|
352
|
-
path: '/oauth/callback',
|
|
353
|
-
},
|
|
354
|
-
})
|
|
355
|
-
], OauthCallbackFlow);
|
|
356
|
-
exports.default = OauthCallbackFlow;
|
|
357
|
-
//# sourceMappingURL=oauth.callback.flow.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"oauth.callback.flow.js","sourceRoot":"","sources":["../../../../src/auth/flows/oauth.callback.flow.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;;GAWG;;;AAEH,yCAUsB;AACtB,6BAAwB;AAExB,mCAAgD;AAChD,8BAAmC;AAEnC,MAAM,WAAW,GAAG,wBAAe,CAAC;AAEpC,MAAM,WAAW,GAAG,OAAC,CAAC,MAAM,CAAC;IAC3B,oBAAoB;IACpB,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACpC,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC3B,oCAAoC;IACpC,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC/B,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,MAAM,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACtC,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACpC,aAAa,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACpC,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC/B,YAAY;IACZ,iBAAiB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACxC,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC9B,wCAAwC;IACxC,aAAa,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;IACzC,WAAW,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAClC,YAAY,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACnC,iBAAiB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACxC,uBAAuB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC9C,kBAAkB;IAClB,WAAW,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;IACvC,iBAAiB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IACjD,gBAAgB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;IAChD,UAAU;IACV,cAAc,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAC;IAC1C,aAAa,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,QAAQ,EAAE;CAC9C,CAAC,CAAC;AAEH,MAAM,YAAY,GAAG,OAAC,CAAC,KAAK,CAAC,CAAC,2BAAkB,EAAE,uBAAc,CAAC,CAAC,CAAC;AAEnE,MAAM,IAAI,GAAG;IACX,GAAG,EAAE,CAAC,YAAY,EAAE,qBAAqB,CAAC;IAC1C,OAAO,EAAE,CAAC,uBAAuB,EAAE,yBAAyB,EAAE,kBAAkB,CAAC;CAC9C,CAAC;AActC,MAAM,IAAI,GAAG,gBAAyB,CAAC;AACvC,MAAM,KAAK,GAAG,IAAA,oBAAW,EAAC,IAAI,CAAC,CAAC;AAajB,IAAM,iBAAiB,GAAvB,MAAM,iBAAkB,SAAQ,iBAAqB;IAC1D,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC;IAGxD,AAAN,KAAK,CAAC,UAAU;QACd,MAAM,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC;QAElC,4CAA4C;QAC5C,MAAM,aAAa,GAAG,OAAO,CAAC,KAAK,CAAC,iBAAiB,CAAuB,CAAC;QAC7E,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,CAAuB,CAAC;QAC3D,MAAM,IAAI,GAAG,OAAO,CAAC,KAAK,CAAC,MAAM,CAAuB,CAAC;QAEzD,mDAAmD;QACnD,MAAM,aAAa,GAAG,OAAO,CAAC,KAAK,CAAC,aAAa,CAAC,KAAK,MAAM,CAAC;QAC9D,MAAM,WAAW,GAAG,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAuB,CAAC;QAElE,6BAA6B;QAC7B,MAAM,WAAW,GAAG,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,KAAK,MAAM,CAAC;QAC1D,kEAAkE;QAClE,MAAM,cAAc,GAAG,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QAClD,IAAI,iBAAuC,CAAC;QAC5C,IAAI,cAAc,EAAE,CAAC;YACnB,iBAAiB,GAAG,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC;QACxF,CAAC;QAED,+CAA+C;QAC/C,kEAAkE;QAClE,MAAM,UAAU,GAAG,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAC1C,IAAI,aAAmC,CAAC;QACxC,IAAI,UAAU,EAAE,CAAC;YACf,aAAa,GAAG,KAAK,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC;QACxE,CAAC;QAED,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC;YACb,aAAa;YACb,KAAK;YACL,IAAI;YACJ,aAAa;YACb,WAAW;YACX,WAAW;YACX,iBAAiB;YACjB,aAAa;SACd,CAAC,CAAC;QAEH,IAAI,aAAa,EAAE,CAAC;YAClB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,sCAAsC,WAAW,EAAE,CAAC,CAAC;QACxE,CAAC;QAED,IAAI,WAAW,EAAE,CAAC;YAChB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,iCAAiC,iBAAiB,EAAE,MAAM,IAAI,CAAC,qBAAqB,CAAC,CAAC;QACzG,CAAC;QAED,IAAI,aAAa,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC9C,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,yBAAyB,aAAa,CAAC,MAAM,iBAAiB,CAAC,CAAC;QACnF,CAAC;IACH,CAAC;IAGK,AAAN,KAAK,CAAC,mBAAmB;QACvB,MAAM,EAAE,aAAa,EAAE,KAAK,EAAE,aAAa,EAAE,WAAW,EAAE,iBAAiB,EAAE,aAAa,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC;QAE1G,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;YACxD,IAAI,CAAC,OAAO,CAAC,oBAAW,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,iBAAiB,EAAE,mCAAmC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;YAClH,OAAO;QACT,CAAC;QAED,2EAA2E;QAC3E,IAAI,CAAC,aAAa,IAAI,CAAC,KAAK,EAAE,CAAC;YAC7B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;YAC9C,IAAI,CAAC,OAAO,CAAC,oBAAW,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,iBAAiB,EAAE,mBAAmB,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC;YAClG,OAAO;QACT,CAAC;QAED,qCAAqC;QACrC,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,IAAwB,CAAC;QACtD,MAAM,WAAW,GAAG,MAAM,SAAS,CAAC,kBAAkB,CAAC,uBAAuB,CAAC,aAAa,CAAC,CAAC;QAE9F,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,+CAA+C,aAAa,EAAE,CAAC,CAAC;YACjF,IAAI,CAAC,OAAO,CACV,oBAAW,CAAC,IAAI,CACd,IAAI,CAAC,eAAe,CAAC,iBAAiB,EAAE,sDAAsD,CAAC,EAC/F,GAAG,CACJ,CACF,CAAC;YACF,OAAO;QACT,CAAC;QAED,uFAAuF;QACvF,yEAAyE;QACzE,MAAM,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QAEhE,mDAAmD;QACnD,IAAI,gBAAsC,CAAC;QAC3C,IAAI,WAAW,IAAI,WAAW,CAAC,cAAc,EAAE,CAAC;YAC9C,MAAM,YAAY,GAAG,WAAW,CAAC,cAAc,CAAC,WAAW,CAAC;YAC5D,MAAM,QAAQ,GAAG,iBAAiB,IAAI,EAAE,CAAC;YACzC,gBAAgB,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;QACzE,CAAC;QAED,oBAAoB;QACpB,MAAM,cAAc,GAAG,WAAW,CAAC,OAAO,EAAE,OAAO,IAAI,KAAK,CAAC;QAC7D,2FAA2F;QAC3F,MAAM,kBAAkB,GAAG,cAAc,IAAI,aAAa,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,WAAW,CAAC,OAAO,EAAE,gBAAgB,CAAC;QAEnH,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC;YACb,QAAQ,EAAE,WAAW,CAAC,QAAQ;YAC9B,WAAW,EAAE,WAAW,CAAC,WAAW;YACpC,MAAM,EAAE,WAAW,CAAC,MAAM;YAC1B,aAAa,EAAE,WAAW,CAAC,IAAI,CAAC,SAAS;YACzC,aAAa,EAAE,WAAW,CAAC,KAAK;YAChC,QAAQ,EAAE,WAAW,CAAC,QAAQ;YAC9B,OAAO;YACP,4DAA4D;YAC5D,aAAa,EAAE,WAAW,CAAC,aAAa,IAAI,aAAa;YACzD,WAAW,EAAE,WAAW,CAAC,WAAW,IAAI,IAAI,CAAC,KAAK,CAAC,WAAW;YAC9D,YAAY,EAAE,WAAW,CAAC,YAAY;YACtC,iBAAiB,EAAE,WAAW,CAAC,iBAAiB;YAChD,uBAAuB,EAAE,WAAW,CAAC,uBAAuB;YAC5D,kBAAkB;YAClB,WAAW,EAAE,WAAW,IAAI,CAAC,CAAC,WAAW,CAAC,cAAc;YACxD,iBAAiB,EAAE,iBAAiB;YACpC,gBAAgB,EAAE,gBAAgB;YAClC,UAAU;YACV,cAAc;YACd,aAAa,EAAE,kBAAkB;SAClC,CAAC,CAAC;QAEH,qCAAqC;QACrC,MAAM,SAAS,CAAC,kBAAkB,CAAC,0BAA0B,CAAC,aAAa,CAAC,CAAC;IAC/E,CAAC;IAED;;;;OAIG;IAEG,AAAN,KAAK,CAAC,qBAAqB;QACzB,MAAM,EAAE,aAAa,EAAE,WAAW,EAAE,uBAAuB,EAAE,WAAW,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC;QAExF,+BAA+B;QAC/B,IAAI,CAAC,aAAa,IAAI,CAAC,WAAW,EAAE,CAAC;YACnC,OAAO;QACT,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,iDAAiD,WAAW,EAAE,CAAC,CAAC;QAEjF,oCAAoC;QACpC,iDAAiD;QACjD,uEAAuE;QACvE,2DAA2D;QAE3D,4EAA4E;QAC5E,6DAA6D;QAE7D,yDAAyD;QACzD,sEAAsE;QACtE,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,sCAAsC,WAAW,oBAAoB,uBAAuB,IAAI,MAAM,EAAE,CACzG,CAAC;IACJ,CAAC;IAGK,AAAN,KAAK,CAAC,uBAAuB;QAC3B,MAAM,EACJ,QAAQ,EACR,WAAW,EACX,MAAM,EACN,aAAa,EACb,aAAa,EACb,QAAQ,EACR,KAAK,EACL,IAAI,EACJ,OAAO;QACP,8BAA8B;QAC9B,cAAc,EACd,aAAa,EACb,WAAW,EACX,iBAAiB,EACjB,gBAAgB,GACjB,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC;QAExB,8DAA8D;QAC9D,IAAI,CAAC,QAAQ,IAAI,CAAC,WAAW,IAAI,CAAC,aAAa,IAAI,CAAC,OAAO,EAAE,CAAC;YAC5D,MAAM,aAAa,GAAG;gBACpB,CAAC,QAAQ,IAAI,UAAU;gBACvB,CAAC,WAAW,IAAI,aAAa;gBAC7B,CAAC,aAAa,IAAI,eAAe;gBACjC,CAAC,OAAO,IAAI,SAAS;aACtB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;YAClB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,mDAAmD,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACjG,IAAI,CAAC,OAAO,CACV,oBAAW,CAAC,IAAI,CACd,IAAI,CAAC,eAAe,CAAC,cAAc,EAAE,wDAAwD,CAAC,EAC9F,GAAG,CACJ,CACF,CAAC;YACF,OAAO;QACT,CAAC;QAED,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,IAAwB,CAAC;QAEtD,4DAA4D;QAC5D,MAAM,IAAI,GAAG,MAAM,SAAS,CAAC,uBAAuB,CAAC;YACnD,QAAQ;YACR,WAAW;YACX,MAAM,EAAE,MAAM,IAAI,EAAE;YACpB,aAAa;YACb,OAAO;YACP,SAAS,EAAE,KAAK;YAChB,QAAQ,EAAE,IAAI;YACd,KAAK,EAAE,aAAa;YACpB,QAAQ;YACR,mCAAmC;YACnC,eAAe,EAAE,aAAa;YAC9B,mBAAmB,EAAE,iBAAiB;YACtC,kBAAkB,EAAE,gBAAgB;YACpC,cAAc,EAAE,cAAc;YAC9B,kBAAkB,EAAE,WAAW;SAChC,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,wCAAwC,OAAO,GAC7C,cAAc,CAAC,CAAC,CAAC,SAAS,aAAa,EAAE,MAAM,IAAI,CAAC,iBAAiB,CAAC,CAAC,CAAC,EAC1E,GAAG,WAAW,CAAC,CAAC,CAAC,oBAAoB,iBAAiB,EAAE,MAAM,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,EAAE,EAAE,CACxF,CAAC;QACF,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,mBAAmB,EAAE,IAAI,CAAC,CAAC;IAC5C,CAAC;IAGK,AAAN,KAAK,CAAC,gBAAgB;QACpB,MAAM,EAAE,WAAW,EAAE,iBAAiB,EAAE,aAAa,EAAE,aAAa,EAAE,WAAW,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC;QAE1G,wCAAwC;QACxC,IAAI,CAAC,WAAW,IAAI,CAAC,iBAAiB,EAAE,CAAC;YACvC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,uDAAuD,CAAC,CAAC;YAC3E,IAAI,CAAC,OAAO,CACV,oBAAW,CAAC,IAAI,CACd,IAAI,CAAC,eAAe,CAAC,cAAc,EAAE,qDAAqD,CAAC,EAC3F,GAAG,CACJ,CACF,CAAC;YACF,OAAO;QACT,CAAC;QAED,qDAAqD;QACrD,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC;QACjC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,iBAAiB,CAAC,CAAC;QAChD,IAAI,aAAa,EAAE,CAAC;YAClB,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC/C,CAAC;QAED,2DAA2D;QAC3D,+DAA+D;QAC/D,IAAI,aAAa,IAAI,WAAW,EAAE,CAAC;YACjC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC;YAC5C,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;QAC9C,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,0BAA0B,GAAG,CAAC,MAAM,GAAG,GAAG,CAAC,QAAQ,GACjD,aAAa,CAAC,CAAC,CAAC,0BAA0B,WAAW,GAAG,CAAC,CAAC,CAAC,EAC7D,EAAE,CACH,CAAC;QACF,IAAI,CAAC,OAAO,CAAC,oBAAW,CAAC,QAAQ,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;IACrD,CAAC;IAED;;;OAGG;IACK,eAAe,CAAC,KAAa;QACnC,+DAA+D;QAC/D,kDAAkD;QAClD,MAAM,IAAI,GAAG,IAAA,mBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAC5E,iBAAiB;QACjB,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC;IACtH,CAAC;IAED;;OAEG;IACK,eAAe,CAAC,KAAa,EAAE,WAAmB;QACxD,sDAAsD;QACtD,MAAM,SAAS,GAAG,IAAA,eAAU,EAAC,KAAK,CAAC,CAAC;QACpC,MAAM,eAAe,GAAG,IAAA,eAAU,EAAC,WAAW,CAAC,CAAC;QAEhD,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;kCAyCuB,SAAS;SAClC,eAAe;;;;QAIhB,CAAC;IACP,CAAC;CACF,CAAA;AA7UO;IADL,KAAK,CAAC,YAAY,CAAC;;;;mDAoDnB;AAGK;IADL,KAAK,CAAC,qBAAqB,CAAC;;;;4DA0E5B;AAQK;IADL,KAAK,CAAC,uBAAuB,CAAC;;;;8DAwB9B;AAGK;IADL,KAAK,CAAC,yBAAyB,CAAC;;;;gEAiEhC;AAGK;IADL,KAAK,CAAC,kBAAkB,CAAC;;;;yDAoCzB;AA3QkB,iBAAiB;IAXrC,IAAA,aAAI,EAAC;QACJ,IAAI;QACJ,IAAI;QACJ,WAAW;QACX,YAAY;QACZ,MAAM,EAAE,QAAQ;QAChB,UAAU,EAAE;YACV,MAAM,EAAE,KAAK;YACb,IAAI,EAAE,iBAAiB;SACxB;KACF,CAAC;GACmB,iBAAiB,CAiVrC;kBAjVoB,iBAAiB","sourcesContent":["/**\n * OAuth Callback Endpoint — GET /oauth/callback\n *\n * Who calls: Browser after user completes login form\n *\n * When: After the user submits the login form from /oauth/authorize\n *\n * Purpose: Creates an authorization code and redirects back to the client's redirect_uri\n *\n * Notes: This is a simple \"demo\" login callback. In production, this would integrate\n * with a real identity provider or user database.\n */\n\nimport {\n Flow,\n FlowBase,\n FlowPlan,\n FlowRunOptions,\n httpInputSchema,\n HttpRedirectSchema,\n httpRespond,\n HttpHtmlSchema,\n StageHookOf,\n} from '../../common';\nimport { z } from 'zod';\nimport { LocalPrimaryAuth } from '../instances/instance.local-primary-auth';\nimport { randomUUID, createHash } from 'crypto';\nimport { escapeHtml } from '../ui';\n\nconst inputSchema = httpInputSchema;\n\nconst stateSchema = z.object({\n // From query params\n pendingAuthId: z.string().optional(),\n email: z.string().optional(),\n name: z.string().optional(),\n // From pending authorization record\n clientId: z.string().optional(),\n redirectUri: z.string().optional(),\n scopes: z.array(z.string()).optional(),\n codeChallenge: z.string().optional(),\n originalState: z.string().optional(),\n resource: z.string().optional(),\n // Generated\n authorizationCode: z.string().optional(),\n userSub: z.string().optional(),\n // Progressive/Incremental Authorization\n isIncremental: z.boolean().default(false),\n targetAppId: z.string().optional(),\n targetToolId: z.string().optional(),\n existingSessionId: z.string().optional(),\n existingAuthorizationId: z.string().optional(),\n // Federated Login\n isFederated: z.boolean().default(false),\n selectedProviders: z.array(z.string()).optional(),\n skippedProviders: z.array(z.string()).optional(),\n // Consent\n consentEnabled: z.boolean().default(false),\n selectedTools: z.array(z.string()).optional(),\n});\n\nconst outputSchema = z.union([HttpRedirectSchema, HttpHtmlSchema]);\n\nconst plan = {\n pre: ['parseInput', 'validatePendingAuth'],\n execute: ['handleIncrementalAuth', 'createAuthorizationCode', 'redirectToClient'],\n} as const satisfies FlowPlan<string>;\n\ndeclare global {\n interface ExtendFlows {\n 'oauth:callback': FlowRunOptions<\n OauthCallbackFlow,\n typeof plan,\n typeof inputSchema,\n typeof outputSchema,\n typeof stateSchema\n >;\n }\n}\n\nconst name = 'oauth:callback' as const;\nconst Stage = StageHookOf(name);\n\n@Flow({\n name,\n plan,\n inputSchema,\n outputSchema,\n access: 'public',\n middleware: {\n method: 'GET',\n path: '/oauth/callback',\n },\n})\nexport default class OauthCallbackFlow extends FlowBase<typeof name> {\n private logger = this.scope.logger.child('OauthCallbackFlow');\n\n @Stage('parseInput')\n async parseInput() {\n const { request } = this.rawInput;\n\n // Extract login form data from query params\n const pendingAuthId = request.query['pending_auth_id'] as string | undefined;\n const email = request.query['email'] as string | undefined;\n const name = request.query['name'] as string | undefined;\n\n // Progressive/Incremental Authorization Parameters\n const isIncremental = request.query['incremental'] === 'true';\n const targetAppId = request.query['app_id'] as string | undefined;\n\n // Federated Login Parameters\n const isFederated = request.query['federated'] === 'true';\n // providers can be array (multiple checkboxes) or string (single)\n const providersParam = request.query['providers'];\n let selectedProviders: string[] | undefined;\n if (providersParam) {\n selectedProviders = Array.isArray(providersParam) ? providersParam : [providersParam];\n }\n\n // Consent Parameters (from POST body or query)\n // Note: For consent, we might use POST, but GET is also supported\n const toolsParam = request.query['tools'];\n let selectedTools: string[] | undefined;\n if (toolsParam) {\n selectedTools = Array.isArray(toolsParam) ? toolsParam : [toolsParam];\n }\n\n this.state.set({\n pendingAuthId,\n email,\n name,\n isIncremental,\n targetAppId,\n isFederated,\n selectedProviders,\n selectedTools,\n });\n\n if (isIncremental) {\n this.logger.info(`Incremental auth callback for app: ${targetAppId}`);\n }\n\n if (isFederated) {\n this.logger.info(`Federated login callback with ${selectedProviders?.length || 0} selected providers`);\n }\n\n if (selectedTools && selectedTools.length > 0) {\n this.logger.info(`Consent callback with ${selectedTools.length} selected tools`);\n }\n }\n\n @Stage('validatePendingAuth')\n async validatePendingAuth() {\n const { pendingAuthId, email, isIncremental, isFederated, selectedProviders, selectedTools } = this.state;\n\n if (!pendingAuthId) {\n this.logger.warn('Missing pending_auth_id in callback');\n this.respond(httpRespond.html(this.renderErrorPage('invalid_request', 'Missing pending_auth_id parameter'), 400));\n return;\n }\n\n // For incremental auth, email is not required (user already authenticated)\n if (!isIncremental && !email) {\n this.logger.warn('Missing email in callback');\n this.respond(httpRespond.html(this.renderErrorPage('invalid_request', 'Email is required'), 400));\n return;\n }\n\n // Retrieve the pending authorization\n const localAuth = this.scope.auth as LocalPrimaryAuth;\n const pendingAuth = await localAuth.authorizationStore.getPendingAuthorization(pendingAuthId);\n\n if (!pendingAuth) {\n this.logger.warn(`Pending authorization not found or expired: ${pendingAuthId}`);\n this.respond(\n httpRespond.html(\n this.renderErrorPage('invalid_request', 'Authorization request has expired. Please try again.'),\n 400,\n ),\n );\n return;\n }\n\n // Generate a user sub from email (in production, this would come from a user database)\n // For incremental auth, we might need to use existing session's user sub\n const userSub = email ? this.generateUserSub(email) : undefined;\n\n // Calculate skipped providers from federated login\n let skippedProviders: string[] | undefined;\n if (isFederated && pendingAuth.federatedLogin) {\n const allProviders = pendingAuth.federatedLogin.providerIds;\n const selected = selectedProviders || [];\n skippedProviders = allProviders.filter((id) => !selected.includes(id));\n }\n\n // Get consent state\n const consentEnabled = pendingAuth.consent?.enabled ?? false;\n // If consent was enabled and user submitted selection, use it; otherwise use all available\n const finalSelectedTools = consentEnabled && selectedTools ? selectedTools : pendingAuth.consent?.availableToolIds;\n\n this.state.set({\n clientId: pendingAuth.clientId,\n redirectUri: pendingAuth.redirectUri,\n scopes: pendingAuth.scopes,\n codeChallenge: pendingAuth.pkce.challenge,\n originalState: pendingAuth.state,\n resource: pendingAuth.resource,\n userSub,\n // Progressive/Incremental Authorization from pending record\n isIncremental: pendingAuth.isIncremental || isIncremental,\n targetAppId: pendingAuth.targetAppId || this.state.targetAppId,\n targetToolId: pendingAuth.targetToolId,\n existingSessionId: pendingAuth.existingSessionId,\n existingAuthorizationId: pendingAuth.existingAuthorizationId,\n // Federated Login\n isFederated: isFederated || !!pendingAuth.federatedLogin,\n selectedProviders: selectedProviders,\n skippedProviders: skippedProviders,\n // Consent\n consentEnabled,\n selectedTools: finalSelectedTools,\n });\n\n // Clean up the pending authorization\n await localAuth.authorizationStore.deletePendingAuthorization(pendingAuthId);\n }\n\n /**\n * Handle incremental authorization - expand existing session's token vault\n * For incremental auth, we add the app to the existing authorization without\n * requiring full re-authentication\n */\n @Stage('handleIncrementalAuth')\n async handleIncrementalAuth() {\n const { isIncremental, targetAppId, existingAuthorizationId, redirectUri } = this.state;\n\n // Skip if not incremental auth\n if (!isIncremental || !targetAppId) {\n return;\n }\n\n this.logger.info(`Processing incremental authorization for app: ${targetAppId}`);\n\n // For incremental auth, we need to:\n // 1. Validate the existing session (if provided)\n // 2. Generate a special incremental auth code that includes the app ID\n // 3. The token endpoint will then expand the authorization\n\n // For now, we pass the incremental auth info through the authorization code\n // The token exchange will handle expanding the authorization\n\n // Store incremental auth metadata for the token exchange\n // This will be encoded in the authorization code or stored separately\n this.logger.info(\n `Incremental auth prepared for app: ${targetAppId}, existing auth: ${existingAuthorizationId || 'none'}`,\n );\n }\n\n @Stage('createAuthorizationCode')\n async createAuthorizationCode() {\n const {\n clientId,\n redirectUri,\n scopes,\n codeChallenge,\n originalState,\n resource,\n email,\n name,\n userSub,\n // Consent and Federated Login\n consentEnabled,\n selectedTools,\n isFederated,\n selectedProviders,\n skippedProviders,\n } = this.state.required;\n\n // Validate required fields before creating authorization code\n if (!clientId || !redirectUri || !codeChallenge || !userSub) {\n const missingFields = [\n !clientId && 'clientId',\n !redirectUri && 'redirectUri',\n !codeChallenge && 'codeChallenge',\n !userSub && 'userSub',\n ].filter(Boolean);\n this.logger.error(`Missing required fields for authorization code: ${missingFields.join(', ')}`);\n this.respond(\n httpRespond.html(\n this.renderErrorPage('server_error', 'Authorization request is incomplete. Please try again.'),\n 500,\n ),\n );\n return;\n }\n\n const localAuth = this.scope.auth as LocalPrimaryAuth;\n\n // Create the authorization code with consent/federated data\n const code = await localAuth.createAuthorizationCode({\n clientId,\n redirectUri,\n scopes: scopes ?? [],\n codeChallenge,\n userSub,\n userEmail: email,\n userName: name,\n state: originalState,\n resource,\n // Consent and Federated Login Data\n selectedToolIds: selectedTools,\n selectedProviderIds: selectedProviders,\n skippedProviderIds: skippedProviders,\n consentEnabled: consentEnabled,\n federatedLoginUsed: isFederated,\n });\n\n this.logger.info(\n `Authorization code created for user: ${userSub}${\n consentEnabled ? ` with ${selectedTools?.length || 0} selected tools` : ''\n }${isFederated ? ` (federated with ${selectedProviders?.length || 0} providers)` : ''}`,\n );\n this.state.set('authorizationCode', code);\n }\n\n @Stage('redirectToClient')\n async redirectToClient() {\n const { redirectUri, authorizationCode, originalState, isIncremental, targetAppId } = this.state.required;\n\n // Validate required fields for redirect\n if (!redirectUri || !authorizationCode) {\n this.logger.error('Missing redirectUri or authorizationCode for redirect');\n this.respond(\n httpRespond.html(\n this.renderErrorPage('server_error', 'Failed to complete authorization. Please try again.'),\n 500,\n ),\n );\n return;\n }\n\n // Build the redirect URL with the authorization code\n const url = new URL(redirectUri);\n url.searchParams.set('code', authorizationCode);\n if (originalState) {\n url.searchParams.set('state', originalState);\n }\n\n // For incremental auth, include the app ID in the redirect\n // This allows the client to know which app was just authorized\n if (isIncremental && targetAppId) {\n url.searchParams.set('incremental', 'true');\n url.searchParams.set('app_id', targetAppId);\n }\n\n this.logger.info(\n `Redirecting to client: ${url.origin}${url.pathname}${\n isIncremental ? ` (incremental for app: ${targetAppId})` : ''\n }`,\n );\n this.respond(httpRespond.redirect(url.toString()));\n }\n\n /**\n * Generate a stable user sub from email\n * In production, this would be the user's ID from the database\n */\n private generateUserSub(email: string): string {\n // Create a deterministic UUID from the email for demo purposes\n // In production, this would be the actual user ID\n const hash = createHash('sha256').update(email.toLowerCase()).digest('hex');\n // Format as UUID\n return `${hash.slice(0, 8)}-${hash.slice(8, 12)}-${hash.slice(12, 16)}-${hash.slice(16, 20)}-${hash.slice(20, 32)}`;\n }\n\n /**\n * Render an error page\n */\n private renderErrorPage(error: string, description: string): string {\n // Escape user-provided content to prevent XSS attacks\n const safeError = escapeHtml(error);\n const safeDescription = escapeHtml(description);\n\n return `<!DOCTYPE html>\n<html lang=\"en\">\n<head>\n <meta charset=\"UTF-8\">\n <meta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\n <title>Authorization Error</title>\n <style>\n body {\n font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;\n background: #f5f5f5;\n min-height: 100vh;\n display: flex;\n align-items: center;\n justify-content: center;\n padding: 20px;\n }\n .error-container {\n background: white;\n padding: 40px;\n border-radius: 12px;\n box-shadow: 0 4px 20px rgba(0,0,0,0.1);\n max-width: 500px;\n text-align: center;\n }\n .error-icon { font-size: 48px; margin-bottom: 20px; }\n h1 { color: #e53e3e; margin-bottom: 10px; }\n p { color: #666; line-height: 1.6; }\n .error-code { font-family: monospace; background: #f5f5f5; padding: 4px 8px; border-radius: 4px; }\n .retry-link {\n display: inline-block;\n margin-top: 20px;\n color: #667eea;\n text-decoration: none;\n }\n .retry-link:hover { text-decoration: underline; }\n </style>\n</head>\n<body>\n <div class=\"error-container\">\n <div class=\"error-icon\">⚠️</div>\n <h1>Authorization Error</h1>\n <p><span class=\"error-code\">${safeError}</span></p>\n <p>${safeDescription}</p>\n <a href=\"javascript:history.back()\" class=\"retry-link\">← Go Back</a>\n </div>\n</body>\n</html>`;\n }\n}\n"]}
|