@frontmcp/sdk 0.6.0 → 0.6.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (1053) hide show
  1. package/{src/auth → auth}/instances/instance.local-primary-auth.d.ts +1 -1
  2. package/{src/auth → auth}/instances/instance.remote-primary-auth.d.ts +1 -1
  3. package/{src/auth → auth}/session/index.d.ts +1 -0
  4. package/auth/session/vercel-kv-session.store.d.ts +96 -0
  5. package/{src/common → common}/interfaces/internal/primary-auth-provider.interface.d.ts +1 -4
  6. package/{src/common → common}/metadata/front-mcp.metadata.d.ts +1779 -67
  7. package/{src/common → common}/metadata/prompt.metadata.d.ts +4 -0
  8. package/{src/common → common}/metadata/resource.metadata.d.ts +8 -0
  9. package/{src/common → common}/metadata/tool-ui.metadata.d.ts +2 -2
  10. package/{src/common → common}/metadata/tool.metadata.d.ts +4 -0
  11. package/{src/common → common}/schemas/http-output.schema.d.ts +24 -6
  12. package/common/types/options/auth/app-auth.schema.d.ts +275 -0
  13. package/common/types/options/auth/auth.interfaces.d.ts +461 -0
  14. package/common/types/options/auth/auth.schema.d.ts +284 -0
  15. package/common/types/options/auth/auth.utils.d.ts +32 -0
  16. package/common/types/options/auth/index.d.ts +16 -0
  17. package/common/types/options/auth/orchestrated.schema.d.ts +381 -0
  18. package/common/types/options/auth/public.schema.d.ts +42 -0
  19. package/common/types/options/auth/shared.schemas.d.ts +120 -0
  20. package/common/types/options/auth/transparent.schema.d.ts +56 -0
  21. package/common/types/options/auth/transport.deprecated.d.ts +63 -0
  22. package/{src/common → common}/types/options/index.d.ts +1 -1
  23. package/common/types/options/redis.options.d.ts +190 -0
  24. package/{src/common → common}/types/options/server-info.options.d.ts +4 -0
  25. package/{src/common → common}/types/options/transport.options.d.ts +74 -5
  26. package/{src/common → common}/utils/decide-request-intent.utils.d.ts +6 -7
  27. package/common/utils/global-config.utils.d.ts +36 -0
  28. package/{src/common → common}/utils/index.d.ts +1 -0
  29. package/{src/completion → completion}/flows/complete.flow.d.ts +6 -8
  30. package/{src/errors → errors}/index.d.ts +1 -1
  31. package/{src/errors → errors}/mcp.error.d.ts +9 -0
  32. package/esm/index.mjs +22664 -0
  33. package/esm/mcp-apps/index.mjs +723 -0
  34. package/esm/package.json +81 -0
  35. package/{src/front-mcp → front-mcp}/front-mcp.providers.d.ts +246 -38
  36. package/front-mcp/index.d.ts +2 -0
  37. package/{src/index.d.ts → index.d.ts} +1 -1
  38. package/index.js +22957 -0
  39. package/logger/logger.tokens.d.ts +1 -0
  40. package/{src/logging → logging}/flows/set-level.flow.d.ts +6 -8
  41. package/mcp-apps/index.js +799 -0
  42. package/package.json +37 -17
  43. package/{src/prompt → prompt}/flows/get-prompt.flow.d.ts +14 -8
  44. package/{src/prompt → prompt}/flows/prompts-list.flow.d.ts +8 -7
  45. package/{src/resource → resource}/flows/read-resource.flow.d.ts +8 -9
  46. package/{src/resource → resource}/flows/resource-templates-list.flow.d.ts +8 -7
  47. package/{src/resource → resource}/flows/resources-list.flow.d.ts +8 -7
  48. package/{src/resource → resource}/flows/subscribe-resource.flow.d.ts +6 -8
  49. package/{src/resource → resource}/flows/unsubscribe-resource.flow.d.ts +6 -8
  50. package/store/adapters/store.vercel-kv.adapter.d.ts +86 -0
  51. package/{src/store → store}/index.d.ts +2 -0
  52. package/store/store.factory.d.ts +86 -0
  53. package/{src/tool → tool}/flows/call-tool.flow.d.ts +18 -9
  54. package/{src/tool → tool}/flows/tools-list.flow.d.ts +9 -8
  55. package/{src/tool → tool}/ui/index.d.ts +4 -4
  56. package/{src/tool → tool}/ui/platform-adapters.d.ts +2 -2
  57. package/{src/tool → tool}/ui/template-helpers.d.ts +5 -7
  58. package/{src/tool → tool}/ui/ui-resource.handler.d.ts +1 -1
  59. package/{src/transport → transport}/mcp-handlers/complete-request.handler.d.ts +4 -15
  60. package/{src/transport → transport}/mcp-handlers/get-prompt-request.handler.d.ts +5 -15
  61. package/{src/transport → transport}/mcp-handlers/index.d.ts +67 -195
  62. package/{src/transport → transport}/mcp-handlers/list-prompts-request.handler.d.ts +5 -15
  63. package/{src/transport → transport}/mcp-handlers/list-resource-templates-request.handler.d.ts +5 -15
  64. package/{src/transport → transport}/mcp-handlers/list-resources-request.handler.d.ts +5 -15
  65. package/{src/transport → transport}/mcp-handlers/list-tools-request.handler.d.ts +5 -15
  66. package/{src/transport → transport}/mcp-handlers/logging-set-level-request.handler.d.ts +3 -14
  67. package/{src/transport → transport}/mcp-handlers/read-resource-request.handler.d.ts +4 -15
  68. package/{src/transport → transport}/mcp-handlers/subscribe-request.handler.d.ts +3 -14
  69. package/{src/transport → transport}/mcp-handlers/unsubscribe-request.handler.d.ts +3 -14
  70. package/{src/transport → transport}/transport.registry.d.ts +5 -1
  71. package/README.md +0 -460
  72. package/src/adapter/adapter.instance.js +0 -70
  73. package/src/adapter/adapter.instance.js.map +0 -1
  74. package/src/adapter/adapter.regsitry.js +0 -54
  75. package/src/adapter/adapter.regsitry.js.map +0 -1
  76. package/src/adapter/adapter.utils.js +0 -83
  77. package/src/adapter/adapter.utils.js.map +0 -1
  78. package/src/app/app.registry.js +0 -66
  79. package/src/app/app.registry.js.map +0 -1
  80. package/src/app/app.utils.js +0 -58
  81. package/src/app/app.utils.js.map +0 -1
  82. package/src/app/instances/app.local.instance.js +0 -67
  83. package/src/app/instances/app.local.instance.js.map +0 -1
  84. package/src/app/instances/app.remote.instance.js +0 -36
  85. package/src/app/instances/app.remote.instance.js.map +0 -1
  86. package/src/app/instances/index.js +0 -6
  87. package/src/app/instances/index.js.map +0 -1
  88. package/src/auth/auth.registry.js +0 -219
  89. package/src/auth/auth.registry.js.map +0 -1
  90. package/src/auth/auth.utils.js +0 -84
  91. package/src/auth/auth.utils.js.map +0 -1
  92. package/src/auth/authorization/authorization.class.js +0 -217
  93. package/src/auth/authorization/authorization.class.js.map +0 -1
  94. package/src/auth/authorization/authorization.types.js +0 -79
  95. package/src/auth/authorization/authorization.types.js.map +0 -1
  96. package/src/auth/authorization/index.js +0 -19
  97. package/src/auth/authorization/index.js.map +0 -1
  98. package/src/auth/authorization/orchestrated.authorization.js +0 -306
  99. package/src/auth/authorization/orchestrated.authorization.js.map +0 -1
  100. package/src/auth/authorization/public.authorization.js +0 -132
  101. package/src/auth/authorization/public.authorization.js.map +0 -1
  102. package/src/auth/authorization/transparent.authorization.js +0 -147
  103. package/src/auth/authorization/transparent.authorization.js.map +0 -1
  104. package/src/auth/consent/consent.types.js +0 -119
  105. package/src/auth/consent/consent.types.js.map +0 -1
  106. package/src/auth/consent/index.js +0 -13
  107. package/src/auth/consent/index.js.map +0 -1
  108. package/src/auth/detection/auth-provider-detection.js +0 -230
  109. package/src/auth/detection/auth-provider-detection.js.map +0 -1
  110. package/src/auth/detection/index.js +0 -15
  111. package/src/auth/detection/index.js.map +0 -1
  112. package/src/auth/flows/auth.verify.flow.js +0 -379
  113. package/src/auth/flows/auth.verify.flow.js.map +0 -1
  114. package/src/auth/flows/oauth.authorize.flow.js +0 -822
  115. package/src/auth/flows/oauth.authorize.flow.js.map +0 -1
  116. package/src/auth/flows/oauth.callback.flow.js +0 -357
  117. package/src/auth/flows/oauth.callback.flow.js.map +0 -1
  118. package/src/auth/flows/oauth.register.flow.js +0 -201
  119. package/src/auth/flows/oauth.register.flow.js.map +0 -1
  120. package/src/auth/flows/oauth.token.flow.js +0 -319
  121. package/src/auth/flows/oauth.token.flow.js.map +0 -1
  122. package/src/auth/flows/session.verify.flow.js +0 -304
  123. package/src/auth/flows/session.verify.flow.js.map +0 -1
  124. package/src/auth/flows/well-known.jwks.flow.js +0 -89
  125. package/src/auth/flows/well-known.jwks.flow.js.map +0 -1
  126. package/src/auth/flows/well-known.oauth-authorization-server.flow.js +0 -122
  127. package/src/auth/flows/well-known.oauth-authorization-server.flow.js.map +0 -1
  128. package/src/auth/flows/well-known.prm.flow.js +0 -106
  129. package/src/auth/flows/well-known.prm.flow.js.map +0 -1
  130. package/src/auth/instances/instance.local-primary-auth.js +0 -308
  131. package/src/auth/instances/instance.local-primary-auth.js.map +0 -1
  132. package/src/auth/instances/instance.remote-primary-auth.js +0 -49
  133. package/src/auth/instances/instance.remote-primary-auth.js.map +0 -1
  134. package/src/auth/jwks/dev-key-persistence.js +0 -219
  135. package/src/auth/jwks/dev-key-persistence.js.map +0 -1
  136. package/src/auth/jwks/index.js +0 -7
  137. package/src/auth/jwks/index.js.map +0 -1
  138. package/src/auth/jwks/jwks.service.js +0 -303
  139. package/src/auth/jwks/jwks.service.js.map +0 -1
  140. package/src/auth/jwks/jwks.types.js +0 -3
  141. package/src/auth/jwks/jwks.types.js.map +0 -1
  142. package/src/auth/jwks/jwks.utils.js +0 -32
  143. package/src/auth/jwks/jwks.utils.js.map +0 -1
  144. package/src/auth/machine-id.js +0 -32
  145. package/src/auth/machine-id.js.map +0 -1
  146. package/src/auth/oauth/flows/oauth.authorize.flow.js +0 -33
  147. package/src/auth/oauth/flows/oauth.authorize.flow.js.map +0 -1
  148. package/src/auth/oauth/flows/oauth.device-authorization.flow.js +0 -48
  149. package/src/auth/oauth/flows/oauth.device-authorization.flow.js.map +0 -1
  150. package/src/auth/oauth/flows/oauth.introspect.flow.js +0 -28
  151. package/src/auth/oauth/flows/oauth.introspect.flow.js.map +0 -1
  152. package/src/auth/oauth/flows/oauth.par.flow.js +0 -29
  153. package/src/auth/oauth/flows/oauth.par.flow.js.map +0 -1
  154. package/src/auth/oauth/flows/oauth.revoke.flow.js +0 -27
  155. package/src/auth/oauth/flows/oauth.revoke.flow.js.map +0 -1
  156. package/src/auth/oauth/flows/oauth.token.flow.js +0 -59
  157. package/src/auth/oauth/flows/oauth.token.flow.js.map +0 -1
  158. package/src/auth/oauth/flows/oauth.userinfo.flow.js +0 -24
  159. package/src/auth/oauth/flows/oauth.userinfo.flow.js.map +0 -1
  160. package/src/auth/oauth/flows/oidc.logout.flow.js +0 -20
  161. package/src/auth/oauth/flows/oidc.logout.flow.js.map +0 -1
  162. package/src/auth/session/authorization-vault.js +0 -817
  163. package/src/auth/session/authorization-vault.js.map +0 -1
  164. package/src/auth/session/authorization.store.js +0 -323
  165. package/src/auth/session/authorization.store.js.map +0 -1
  166. package/src/auth/session/encrypted-authorization-vault.js +0 -493
  167. package/src/auth/session/encrypted-authorization-vault.js.map +0 -1
  168. package/src/auth/session/index.js +0 -16
  169. package/src/auth/session/index.js.map +0 -1
  170. package/src/auth/session/record/session.base.js +0 -125
  171. package/src/auth/session/record/session.base.js.map +0 -1
  172. package/src/auth/session/record/session.stateful.js +0 -55
  173. package/src/auth/session/record/session.stateful.js.map +0 -1
  174. package/src/auth/session/record/session.stateless.js +0 -32
  175. package/src/auth/session/record/session.stateless.js.map +0 -1
  176. package/src/auth/session/record/session.transparent.js +0 -22
  177. package/src/auth/session/record/session.transparent.js.map +0 -1
  178. package/src/auth/session/redis-session.store.js +0 -204
  179. package/src/auth/session/redis-session.store.js.map +0 -1
  180. package/src/auth/session/session.crypto.js +0 -47
  181. package/src/auth/session/session.crypto.js.map +0 -1
  182. package/src/auth/session/session.schema.js +0 -13
  183. package/src/auth/session/session.schema.js.map +0 -1
  184. package/src/auth/session/session.service.js +0 -105
  185. package/src/auth/session/session.service.js.map +0 -1
  186. package/src/auth/session/session.transport.js +0 -20
  187. package/src/auth/session/session.transport.js.map +0 -1
  188. package/src/auth/session/session.types.js +0 -4
  189. package/src/auth/session/session.types.js.map +0 -1
  190. package/src/auth/session/token.refresh.js +0 -63
  191. package/src/auth/session/token.refresh.js.map +0 -1
  192. package/src/auth/session/token.store.js +0 -53
  193. package/src/auth/session/token.store.js.map +0 -1
  194. package/src/auth/session/token.vault.js +0 -54
  195. package/src/auth/session/token.vault.js.map +0 -1
  196. package/src/auth/session/transport-session.manager.js +0 -298
  197. package/src/auth/session/transport-session.manager.js.map +0 -1
  198. package/src/auth/session/transport-session.types.js +0 -111
  199. package/src/auth/session/transport-session.types.js.map +0 -1
  200. package/src/auth/session/utils/auth-token.utils.js +0 -57
  201. package/src/auth/session/utils/auth-token.utils.js.map +0 -1
  202. package/src/auth/session/utils/session-id.utils.js +0 -217
  203. package/src/auth/session/utils/session-id.utils.js.map +0 -1
  204. package/src/auth/session/utils/tiny-ttl-cache.js +0 -26
  205. package/src/auth/session/utils/tiny-ttl-cache.js.map +0 -1
  206. package/src/auth/session/vault-encryption.js +0 -263
  207. package/src/auth/session/vault-encryption.js.map +0 -1
  208. package/src/auth/ui/base-layout.js +0 -279
  209. package/src/auth/ui/base-layout.js.map +0 -1
  210. package/src/auth/ui/index.js +0 -34
  211. package/src/auth/ui/index.js.map +0 -1
  212. package/src/auth/ui/templates.js +0 -426
  213. package/src/auth/ui/templates.js.map +0 -1
  214. package/src/auth/utils/audience.validator.js +0 -196
  215. package/src/auth/utils/audience.validator.js.map +0 -1
  216. package/src/auth/utils/index.js +0 -7
  217. package/src/auth/utils/index.js.map +0 -1
  218. package/src/auth/utils/www-authenticate.utils.js +0 -183
  219. package/src/auth/utils/www-authenticate.utils.js.map +0 -1
  220. package/src/common/common.schema.js +0 -35
  221. package/src/common/common.schema.js.map +0 -1
  222. package/src/common/constants.js +0 -13
  223. package/src/common/constants.js.map +0 -1
  224. package/src/common/decorators/adapter.decorator.js +0 -20
  225. package/src/common/decorators/adapter.decorator.js.map +0 -1
  226. package/src/common/decorators/app.decorator.js +0 -44
  227. package/src/common/decorators/app.decorator.js.map +0 -1
  228. package/src/common/decorators/auth-provider.decorator.js +0 -20
  229. package/src/common/decorators/auth-provider.decorator.js.map +0 -1
  230. package/src/common/decorators/decorator-utils.js +0 -195
  231. package/src/common/decorators/decorator-utils.js.map +0 -1
  232. package/src/common/decorators/flow.decorator.js +0 -19
  233. package/src/common/decorators/flow.decorator.js.map +0 -1
  234. package/src/common/decorators/front-mcp.decorator.js +0 -67
  235. package/src/common/decorators/front-mcp.decorator.js.map +0 -1
  236. package/src/common/decorators/hook.decorator.js +0 -178
  237. package/src/common/decorators/hook.decorator.js.map +0 -1
  238. package/src/common/decorators/index.js +0 -16
  239. package/src/common/decorators/index.js.map +0 -1
  240. package/src/common/decorators/logger.decorator.js +0 -20
  241. package/src/common/decorators/logger.decorator.js.map +0 -1
  242. package/src/common/decorators/plugin.decorator.js +0 -39
  243. package/src/common/decorators/plugin.decorator.js.map +0 -1
  244. package/src/common/decorators/prompt.decorator.js +0 -38
  245. package/src/common/decorators/prompt.decorator.js.map +0 -1
  246. package/src/common/decorators/provider.decorator.js +0 -20
  247. package/src/common/decorators/provider.decorator.js.map +0 -1
  248. package/src/common/decorators/resource.decorator.js +0 -94
  249. package/src/common/decorators/resource.decorator.js.map +0 -1
  250. package/src/common/decorators/tool.decorator.js +0 -45
  251. package/src/common/decorators/tool.decorator.js.map +0 -1
  252. package/src/common/dynamic/dynamic.adapter.js +0 -28
  253. package/src/common/dynamic/dynamic.adapter.js.map +0 -1
  254. package/src/common/dynamic/dynamic.plugin.js +0 -42
  255. package/src/common/dynamic/dynamic.plugin.js.map +0 -1
  256. package/src/common/dynamic/dynamic.utils.js +0 -27
  257. package/src/common/dynamic/dynamic.utils.js.map +0 -1
  258. package/src/common/dynamic/index.js +0 -6
  259. package/src/common/dynamic/index.js.map +0 -1
  260. package/src/common/entries/adapter.entry.js +0 -8
  261. package/src/common/entries/adapter.entry.js.map +0 -1
  262. package/src/common/entries/app.entry.js +0 -9
  263. package/src/common/entries/app.entry.js.map +0 -1
  264. package/src/common/entries/auth-provider.entry.js +0 -8
  265. package/src/common/entries/auth-provider.entry.js.map +0 -1
  266. package/src/common/entries/base.entry.js +0 -17
  267. package/src/common/entries/base.entry.js.map +0 -1
  268. package/src/common/entries/flow.entry.js +0 -21
  269. package/src/common/entries/flow.entry.js.map +0 -1
  270. package/src/common/entries/hook.entry.js +0 -20
  271. package/src/common/entries/hook.entry.js.map +0 -1
  272. package/src/common/entries/index.js +0 -17
  273. package/src/common/entries/index.js.map +0 -1
  274. package/src/common/entries/logger.entry.js +0 -8
  275. package/src/common/entries/logger.entry.js.map +0 -1
  276. package/src/common/entries/plugin.entry.js +0 -8
  277. package/src/common/entries/plugin.entry.js.map +0 -1
  278. package/src/common/entries/prompt.entry.js +0 -18
  279. package/src/common/entries/prompt.entry.js.map +0 -1
  280. package/src/common/entries/provider.entry.js +0 -8
  281. package/src/common/entries/provider.entry.js.map +0 -1
  282. package/src/common/entries/resource.entry.js +0 -35
  283. package/src/common/entries/resource.entry.js.map +0 -1
  284. package/src/common/entries/scope.entry.js +0 -14
  285. package/src/common/entries/scope.entry.js.map +0 -1
  286. package/src/common/entries/tool.entry.js +0 -31
  287. package/src/common/entries/tool.entry.js.map +0 -1
  288. package/src/common/flow/flow.utils.js +0 -96
  289. package/src/common/flow/flow.utils.js.map +0 -1
  290. package/src/common/index.js +0 -20
  291. package/src/common/index.js.map +0 -1
  292. package/src/common/interfaces/adapter.interface.js +0 -3
  293. package/src/common/interfaces/adapter.interface.js.map +0 -1
  294. package/src/common/interfaces/app.interface.js +0 -3
  295. package/src/common/interfaces/app.interface.js.map +0 -1
  296. package/src/common/interfaces/auth-hook.interface.js +0 -135
  297. package/src/common/interfaces/auth-hook.interface.js.map +0 -1
  298. package/src/common/interfaces/auth-provider.interface.js +0 -18
  299. package/src/common/interfaces/auth-provider.interface.js.map +0 -1
  300. package/src/common/interfaces/base.interface.js +0 -3
  301. package/src/common/interfaces/base.interface.js.map +0 -1
  302. package/src/common/interfaces/execution-context.interface.js +0 -166
  303. package/src/common/interfaces/execution-context.interface.js.map +0 -1
  304. package/src/common/interfaces/flow.interface.js +0 -95
  305. package/src/common/interfaces/flow.interface.js.map +0 -1
  306. package/src/common/interfaces/front-mcp.interface.js +0 -3
  307. package/src/common/interfaces/front-mcp.interface.js.map +0 -1
  308. package/src/common/interfaces/hook.interface.js +0 -3
  309. package/src/common/interfaces/hook.interface.js.map +0 -1
  310. package/src/common/interfaces/index.js +0 -21
  311. package/src/common/interfaces/index.js.map +0 -1
  312. package/src/common/interfaces/internal/flow.utils.js +0 -83
  313. package/src/common/interfaces/internal/flow.utils.js.map +0 -1
  314. package/src/common/interfaces/internal/index.js +0 -7
  315. package/src/common/interfaces/internal/index.js.map +0 -1
  316. package/src/common/interfaces/internal/primary-auth-provider.interface.js +0 -81
  317. package/src/common/interfaces/internal/primary-auth-provider.interface.js.map +0 -1
  318. package/src/common/interfaces/internal/registry.interface.js +0 -3
  319. package/src/common/interfaces/internal/registry.interface.js.map +0 -1
  320. package/src/common/interfaces/logger.interface.js +0 -10
  321. package/src/common/interfaces/logger.interface.js.map +0 -1
  322. package/src/common/interfaces/plugin.interface.js +0 -3
  323. package/src/common/interfaces/plugin.interface.js.map +0 -1
  324. package/src/common/interfaces/prompt.interface.js +0 -81
  325. package/src/common/interfaces/prompt.interface.js.map +0 -1
  326. package/src/common/interfaces/provider.interface.js +0 -18
  327. package/src/common/interfaces/provider.interface.js.map +0 -1
  328. package/src/common/interfaces/resource.interface.js +0 -56
  329. package/src/common/interfaces/resource.interface.js.map +0 -1
  330. package/src/common/interfaces/scope.interface.js +0 -3
  331. package/src/common/interfaces/scope.interface.js.map +0 -1
  332. package/src/common/interfaces/server.interface.js +0 -18
  333. package/src/common/interfaces/server.interface.js.map +0 -1
  334. package/src/common/interfaces/session-hook.interface.js +0 -140
  335. package/src/common/interfaces/session-hook.interface.js.map +0 -1
  336. package/src/common/interfaces/tool-hook.interface.js +0 -92
  337. package/src/common/interfaces/tool-hook.interface.js.map +0 -1
  338. package/src/common/interfaces/tool.interface.js +0 -117
  339. package/src/common/interfaces/tool.interface.js.map +0 -1
  340. package/src/common/metadata/adapter.metadata.js +0 -10
  341. package/src/common/metadata/adapter.metadata.js.map +0 -1
  342. package/src/common/metadata/app.metadata.js +0 -30
  343. package/src/common/metadata/app.metadata.js.map +0 -1
  344. package/src/common/metadata/auth-provider.metadata.js +0 -19
  345. package/src/common/metadata/auth-provider.metadata.js.map +0 -1
  346. package/src/common/metadata/flow.metadata.js +0 -15
  347. package/src/common/metadata/flow.metadata.js.map +0 -1
  348. package/src/common/metadata/front-mcp.metadata.js +0 -29
  349. package/src/common/metadata/front-mcp.metadata.js.map +0 -1
  350. package/src/common/metadata/hook.metadata.js +0 -3
  351. package/src/common/metadata/hook.metadata.js.map +0 -1
  352. package/src/common/metadata/index.js +0 -17
  353. package/src/common/metadata/index.js.map +0 -1
  354. package/src/common/metadata/logger.metadata.js +0 -10
  355. package/src/common/metadata/logger.metadata.js.map +0 -1
  356. package/src/common/metadata/plugin.metadata.js +0 -18
  357. package/src/common/metadata/plugin.metadata.js.map +0 -1
  358. package/src/common/metadata/prompt.metadata.js +0 -27
  359. package/src/common/metadata/prompt.metadata.js.map +0 -1
  360. package/src/common/metadata/provider.metadata.js +0 -36
  361. package/src/common/metadata/provider.metadata.js.map +0 -1
  362. package/src/common/metadata/resource.metadata.js +0 -31
  363. package/src/common/metadata/resource.metadata.js.map +0 -1
  364. package/src/common/metadata/tool-ui.metadata.js +0 -12
  365. package/src/common/metadata/tool-ui.metadata.js.map +0 -1
  366. package/src/common/metadata/tool.metadata.js +0 -55
  367. package/src/common/metadata/tool.metadata.js.map +0 -1
  368. package/src/common/migrate/auth-transport.migrate.js +0 -140
  369. package/src/common/migrate/auth-transport.migrate.js.map +0 -1
  370. package/src/common/migrate/index.js +0 -6
  371. package/src/common/migrate/index.js.map +0 -1
  372. package/src/common/providers/base-config.provider.js +0 -128
  373. package/src/common/providers/base-config.provider.js.map +0 -1
  374. package/src/common/records/adapter.record.js +0 -11
  375. package/src/common/records/adapter.record.js.map +0 -1
  376. package/src/common/records/app.record.js +0 -9
  377. package/src/common/records/app.record.js.map +0 -1
  378. package/src/common/records/auth-provider.record.js +0 -12
  379. package/src/common/records/auth-provider.record.js.map +0 -1
  380. package/src/common/records/flow.record.js +0 -8
  381. package/src/common/records/flow.record.js.map +0 -1
  382. package/src/common/records/hook.record.js +0 -8
  383. package/src/common/records/hook.record.js.map +0 -1
  384. package/src/common/records/index.js +0 -16
  385. package/src/common/records/index.js.map +0 -1
  386. package/src/common/records/logger.record.js +0 -8
  387. package/src/common/records/logger.record.js.map +0 -1
  388. package/src/common/records/plugin.record.js +0 -11
  389. package/src/common/records/plugin.record.js.map +0 -1
  390. package/src/common/records/prompt.record.js +0 -9
  391. package/src/common/records/prompt.record.js.map +0 -1
  392. package/src/common/records/provider.record.js +0 -14
  393. package/src/common/records/provider.record.js.map +0 -1
  394. package/src/common/records/resource.record.js +0 -20
  395. package/src/common/records/resource.record.js.map +0 -1
  396. package/src/common/records/scope.record.js +0 -9
  397. package/src/common/records/scope.record.js.map +0 -1
  398. package/src/common/records/tool.record.js +0 -9
  399. package/src/common/records/tool.record.js.map +0 -1
  400. package/src/common/schemas/annotated-class.schema.js +0 -109
  401. package/src/common/schemas/annotated-class.schema.js.map +0 -1
  402. package/src/common/schemas/http-input.schema.js +0 -13
  403. package/src/common/schemas/http-input.schema.js.map +0 -1
  404. package/src/common/schemas/http-output.schema.js +0 -321
  405. package/src/common/schemas/http-output.schema.js.map +0 -1
  406. package/src/common/schemas/index.js +0 -8
  407. package/src/common/schemas/index.js.map +0 -1
  408. package/src/common/schemas/session-header.schema.js +0 -42
  409. package/src/common/schemas/session-header.schema.js.map +0 -1
  410. package/src/common/tokens/adapter.tokens.js +0 -11
  411. package/src/common/tokens/adapter.tokens.js.map +0 -1
  412. package/src/common/tokens/app.tokens.js +0 -30
  413. package/src/common/tokens/app.tokens.js.map +0 -1
  414. package/src/common/tokens/auth-provider.tokens.js +0 -12
  415. package/src/common/tokens/auth-provider.tokens.js.map +0 -1
  416. package/src/common/tokens/base.tokens.js +0 -9
  417. package/src/common/tokens/base.tokens.js.map +0 -1
  418. package/src/common/tokens/flow-hook.tokens.js +0 -9
  419. package/src/common/tokens/flow-hook.tokens.js.map +0 -1
  420. package/src/common/tokens/flow.tokens.js +0 -16
  421. package/src/common/tokens/flow.tokens.js.map +0 -1
  422. package/src/common/tokens/front-mcp.tokens.js +0 -24
  423. package/src/common/tokens/front-mcp.tokens.js.map +0 -1
  424. package/src/common/tokens/index.js +0 -17
  425. package/src/common/tokens/index.js.map +0 -1
  426. package/src/common/tokens/logger.tokens.js +0 -11
  427. package/src/common/tokens/logger.tokens.js.map +0 -1
  428. package/src/common/tokens/plugin.tokens.js +0 -18
  429. package/src/common/tokens/plugin.tokens.js.map +0 -1
  430. package/src/common/tokens/prompt.tokens.js +0 -14
  431. package/src/common/tokens/prompt.tokens.js.map +0 -1
  432. package/src/common/tokens/provider.tokens.js +0 -12
  433. package/src/common/tokens/provider.tokens.js.map +0 -1
  434. package/src/common/tokens/resource.tokens.js +0 -28
  435. package/src/common/tokens/resource.tokens.js.map +0 -1
  436. package/src/common/tokens/server.tokens.js +0 -11
  437. package/src/common/tokens/server.tokens.js.map +0 -1
  438. package/src/common/tokens/tool.tokens.js +0 -21
  439. package/src/common/tokens/tool.tokens.js.map +0 -1
  440. package/src/common/types/auth/index.js +0 -6
  441. package/src/common/types/auth/index.js.map +0 -1
  442. package/src/common/types/auth/jwt.types.js +0 -36
  443. package/src/common/types/auth/jwt.types.js.map +0 -1
  444. package/src/common/types/auth/session.types.js +0 -53
  445. package/src/common/types/auth/session.types.js.map +0 -1
  446. package/src/common/types/common.types.js +0 -3
  447. package/src/common/types/common.types.js.map +0 -1
  448. package/src/common/types/index.js +0 -7
  449. package/src/common/types/index.js.map +0 -1
  450. package/src/common/types/options/auth.options.d.ts +0 -1266
  451. package/src/common/types/options/auth.options.js +0 -560
  452. package/src/common/types/options/auth.options.js.map +0 -1
  453. package/src/common/types/options/http.options.js +0 -10
  454. package/src/common/types/options/http.options.js.map +0 -1
  455. package/src/common/types/options/index.js +0 -11
  456. package/src/common/types/options/index.js.map +0 -1
  457. package/src/common/types/options/logging.options.js +0 -33
  458. package/src/common/types/options/logging.options.js.map +0 -1
  459. package/src/common/types/options/redis.options.d.ts +0 -22
  460. package/src/common/types/options/redis.options.js +0 -45
  461. package/src/common/types/options/redis.options.js.map +0 -1
  462. package/src/common/types/options/server-info.options.js +0 -13
  463. package/src/common/types/options/server-info.options.js.map +0 -1
  464. package/src/common/types/options/session.options.js +0 -32
  465. package/src/common/types/options/session.options.js.map +0 -1
  466. package/src/common/types/options/transport.options.js +0 -121
  467. package/src/common/types/options/transport.options.js.map +0 -1
  468. package/src/common/utils/decide-request-intent.utils.js +0 -391
  469. package/src/common/utils/decide-request-intent.utils.js.map +0 -1
  470. package/src/common/utils/index.js +0 -6
  471. package/src/common/utils/index.js.map +0 -1
  472. package/src/common/utils/path.utils.js +0 -66
  473. package/src/common/utils/path.utils.js.map +0 -1
  474. package/src/completion/flows/complete.flow.js +0 -199
  475. package/src/completion/flows/complete.flow.js.map +0 -1
  476. package/src/context/frontmcp-context-storage.js +0 -183
  477. package/src/context/frontmcp-context-storage.js.map +0 -1
  478. package/src/context/frontmcp-context.js +0 -360
  479. package/src/context/frontmcp-context.js.map +0 -1
  480. package/src/context/frontmcp-context.provider.js +0 -61
  481. package/src/context/frontmcp-context.provider.js.map +0 -1
  482. package/src/context/index.js +0 -64
  483. package/src/context/index.js.map +0 -1
  484. package/src/context/request-context-storage.js +0 -183
  485. package/src/context/request-context-storage.js.map +0 -1
  486. package/src/context/request-context.js +0 -209
  487. package/src/context/request-context.js.map +0 -1
  488. package/src/context/request-context.provider.js +0 -51
  489. package/src/context/request-context.provider.js.map +0 -1
  490. package/src/context/session-key.provider.js +0 -65
  491. package/src/context/session-key.provider.js.map +0 -1
  492. package/src/context/trace-context.js +0 -142
  493. package/src/context/trace-context.js.map +0 -1
  494. package/src/errors/authorization-required.error.js +0 -274
  495. package/src/errors/authorization-required.error.js.map +0 -1
  496. package/src/errors/error-handler.js +0 -107
  497. package/src/errors/error-handler.js.map +0 -1
  498. package/src/errors/index.js +0 -44
  499. package/src/errors/index.js.map +0 -1
  500. package/src/errors/mcp.error.js +0 -398
  501. package/src/errors/mcp.error.js.map +0 -1
  502. package/src/exceptions/mcp-exceptions/session-missing.exception.js +0 -11
  503. package/src/exceptions/mcp-exceptions/session-missing.exception.js.map +0 -1
  504. package/src/exceptions/mcp-exceptions/unsupported-client-version.exception.js +0 -15
  505. package/src/exceptions/mcp-exceptions/unsupported-client-version.exception.js.map +0 -1
  506. package/src/flows/flow.instance.js +0 -420
  507. package/src/flows/flow.instance.js.map +0 -1
  508. package/src/flows/flow.registry.js +0 -121
  509. package/src/flows/flow.registry.js.map +0 -1
  510. package/src/flows/flow.stages.js +0 -113
  511. package/src/flows/flow.stages.js.map +0 -1
  512. package/src/flows/flow.utils.js +0 -36
  513. package/src/flows/flow.utils.js.map +0 -1
  514. package/src/front-mcp/front-mcp.js +0 -63
  515. package/src/front-mcp/front-mcp.js.map +0 -1
  516. package/src/front-mcp/front-mcp.providers.js +0 -29
  517. package/src/front-mcp/front-mcp.providers.js.map +0 -1
  518. package/src/front-mcp/front-mcp.tokens.js +0 -5
  519. package/src/front-mcp/front-mcp.tokens.js.map +0 -1
  520. package/src/front-mcp/index.d.ts +0 -1
  521. package/src/front-mcp/index.js +0 -5
  522. package/src/front-mcp/index.js.map +0 -1
  523. package/src/front-mcp/serverless-handler.js +0 -61
  524. package/src/front-mcp/serverless-handler.js.map +0 -1
  525. package/src/hooks/hook.instance.js +0 -26
  526. package/src/hooks/hook.instance.js.map +0 -1
  527. package/src/hooks/hook.registry.js +0 -152
  528. package/src/hooks/hook.registry.js.map +0 -1
  529. package/src/hooks/hooks.utils.js +0 -34
  530. package/src/hooks/hooks.utils.js.map +0 -1
  531. package/src/index.js +0 -36
  532. package/src/index.js.map +0 -1
  533. package/src/logger/instances/instance.console-logger.js +0 -75
  534. package/src/logger/instances/instance.console-logger.js.map +0 -1
  535. package/src/logger/instances/instance.logger.js +0 -77
  536. package/src/logger/instances/instance.logger.js.map +0 -1
  537. package/src/logger/logger.registry.js +0 -96
  538. package/src/logger/logger.registry.js.map +0 -1
  539. package/src/logger/logger.tokens.js +0 -3
  540. package/src/logger/logger.tokens.js.map +0 -1
  541. package/src/logger/logger.types.js +0 -8
  542. package/src/logger/logger.types.js.map +0 -1
  543. package/src/logger/logger.utils.js +0 -42
  544. package/src/logger/logger.utils.js.map +0 -1
  545. package/src/logging/flows/set-level.flow.js +0 -108
  546. package/src/logging/flows/set-level.flow.js.map +0 -1
  547. package/src/mcp-apps/csp.js +0 -267
  548. package/src/mcp-apps/csp.js.map +0 -1
  549. package/src/mcp-apps/index.js +0 -91
  550. package/src/mcp-apps/index.js.map +0 -1
  551. package/src/mcp-apps/schemas.js +0 -345
  552. package/src/mcp-apps/schemas.js.map +0 -1
  553. package/src/mcp-apps/template.js +0 -419
  554. package/src/mcp-apps/template.js.map +0 -1
  555. package/src/mcp-apps/types.js +0 -59
  556. package/src/mcp-apps/types.js.map +0 -1
  557. package/src/notification/index.js +0 -13
  558. package/src/notification/index.js.map +0 -1
  559. package/src/notification/notification.service.js +0 -731
  560. package/src/notification/notification.service.js.map +0 -1
  561. package/src/plugin/plugin.registry.js +0 -152
  562. package/src/plugin/plugin.registry.js.map +0 -1
  563. package/src/plugin/plugin.utils.js +0 -88
  564. package/src/plugin/plugin.utils.js.map +0 -1
  565. package/src/prompt/flows/get-prompt.flow.js +0 -214
  566. package/src/prompt/flows/get-prompt.flow.js.map +0 -1
  567. package/src/prompt/flows/prompts-list.flow.js +0 -176
  568. package/src/prompt/flows/prompts-list.flow.js.map +0 -1
  569. package/src/prompt/index.js +0 -17
  570. package/src/prompt/index.js.map +0 -1
  571. package/src/prompt/prompt.events.js +0 -25
  572. package/src/prompt/prompt.events.js.map +0 -1
  573. package/src/prompt/prompt.instance.js +0 -120
  574. package/src/prompt/prompt.instance.js.map +0 -1
  575. package/src/prompt/prompt.registry.js +0 -380
  576. package/src/prompt/prompt.registry.js.map +0 -1
  577. package/src/prompt/prompt.types.js +0 -11
  578. package/src/prompt/prompt.types.js.map +0 -1
  579. package/src/prompt/prompt.utils.js +0 -136
  580. package/src/prompt/prompt.utils.js.map +0 -1
  581. package/src/provider/provider.registry.js +0 -868
  582. package/src/provider/provider.registry.js.map +0 -1
  583. package/src/provider/provider.types.js +0 -3
  584. package/src/provider/provider.types.js.map +0 -1
  585. package/src/provider/provider.utils.js +0 -103
  586. package/src/provider/provider.utils.js.map +0 -1
  587. package/src/regsitry/index.js +0 -5
  588. package/src/regsitry/index.js.map +0 -1
  589. package/src/regsitry/registry.base.js +0 -32
  590. package/src/regsitry/registry.base.js.map +0 -1
  591. package/src/resource/flows/read-resource.flow.js +0 -270
  592. package/src/resource/flows/read-resource.flow.js.map +0 -1
  593. package/src/resource/flows/resource-templates-list.flow.js +0 -191
  594. package/src/resource/flows/resource-templates-list.flow.js.map +0 -1
  595. package/src/resource/flows/resources-list.flow.js +0 -196
  596. package/src/resource/flows/resources-list.flow.js.map +0 -1
  597. package/src/resource/flows/subscribe-resource.flow.js +0 -123
  598. package/src/resource/flows/subscribe-resource.flow.js.map +0 -1
  599. package/src/resource/flows/unsubscribe-resource.flow.js +0 -107
  600. package/src/resource/flows/unsubscribe-resource.flow.js.map +0 -1
  601. package/src/resource/index.js +0 -20
  602. package/src/resource/index.js.map +0 -1
  603. package/src/resource/resource.events.js +0 -17
  604. package/src/resource/resource.events.js.map +0 -1
  605. package/src/resource/resource.instance.js +0 -163
  606. package/src/resource/resource.instance.js.map +0 -1
  607. package/src/resource/resource.registry.js +0 -468
  608. package/src/resource/resource.registry.js.map +0 -1
  609. package/src/resource/resource.types.js +0 -11
  610. package/src/resource/resource.types.js.map +0 -1
  611. package/src/resource/resource.utils.js +0 -151
  612. package/src/resource/resource.utils.js.map +0 -1
  613. package/src/scope/flows/http.request.flow.js +0 -474
  614. package/src/scope/flows/http.request.flow.js.map +0 -1
  615. package/src/scope/index.js +0 -6
  616. package/src/scope/index.js.map +0 -1
  617. package/src/scope/scope.instance.js +0 -263
  618. package/src/scope/scope.instance.js.map +0 -1
  619. package/src/scope/scope.registry.js +0 -94
  620. package/src/scope/scope.registry.js.map +0 -1
  621. package/src/scope/scope.utils.js +0 -61
  622. package/src/scope/scope.utils.js.map +0 -1
  623. package/src/server/adapters/base.host.adapter.js +0 -8
  624. package/src/server/adapters/base.host.adapter.js.map +0 -1
  625. package/src/server/adapters/express.host.adapter.js +0 -70
  626. package/src/server/adapters/express.host.adapter.js.map +0 -1
  627. package/src/server/server.instance.js +0 -54
  628. package/src/server/server.instance.js.map +0 -1
  629. package/src/server/server.types.js +0 -3
  630. package/src/server/server.types.js.map +0 -1
  631. package/src/server/server.validation.js +0 -192
  632. package/src/server/server.validation.js.map +0 -1
  633. package/src/store/adapters/store.base.adapter.js +0 -16
  634. package/src/store/adapters/store.base.adapter.js.map +0 -1
  635. package/src/store/adapters/store.memory.adapter.js +0 -89
  636. package/src/store/adapters/store.memory.adapter.js.map +0 -1
  637. package/src/store/adapters/store.redis.adapter.js +0 -104
  638. package/src/store/adapters/store.redis.adapter.js.map +0 -1
  639. package/src/store/index.js +0 -12
  640. package/src/store/index.js.map +0 -1
  641. package/src/store/store.helpers.js +0 -67
  642. package/src/store/store.helpers.js.map +0 -1
  643. package/src/store/store.registry.js +0 -37
  644. package/src/store/store.registry.js.map +0 -1
  645. package/src/store/store.tokens.js +0 -7
  646. package/src/store/store.tokens.js.map +0 -1
  647. package/src/store/store.types.js +0 -11
  648. package/src/store/store.types.js.map +0 -1
  649. package/src/store/store.utils.js +0 -18
  650. package/src/store/store.utils.js.map +0 -1
  651. package/src/tool/flows/call-tool.flow.js +0 -616
  652. package/src/tool/flows/call-tool.flow.js.map +0 -1
  653. package/src/tool/flows/tools-list.flow.js +0 -328
  654. package/src/tool/flows/tools-list.flow.js.map +0 -1
  655. package/src/tool/tool.events.js +0 -16
  656. package/src/tool/tool.events.js.map +0 -1
  657. package/src/tool/tool.instance.js +0 -117
  658. package/src/tool/tool.instance.js.map +0 -1
  659. package/src/tool/tool.registry.js +0 -353
  660. package/src/tool/tool.registry.js.map +0 -1
  661. package/src/tool/tool.types.js +0 -10
  662. package/src/tool/tool.types.js.map +0 -1
  663. package/src/tool/tool.utils.js +0 -366
  664. package/src/tool/tool.utils.js.map +0 -1
  665. package/src/tool/ui/index.js +0 -63
  666. package/src/tool/ui/index.js.map +0 -1
  667. package/src/tool/ui/platform-adapters.js +0 -18
  668. package/src/tool/ui/platform-adapters.js.map +0 -1
  669. package/src/tool/ui/template-helpers.js +0 -112
  670. package/src/tool/ui/template-helpers.js.map +0 -1
  671. package/src/tool/ui/ui-resource-template.js +0 -64
  672. package/src/tool/ui/ui-resource-template.js.map +0 -1
  673. package/src/tool/ui/ui-resource.handler.js +0 -129
  674. package/src/tool/ui/ui-resource.handler.js.map +0 -1
  675. package/src/transport/adapters/transport.local.adapter.js +0 -148
  676. package/src/transport/adapters/transport.local.adapter.js.map +0 -1
  677. package/src/transport/adapters/transport.sse.adapter.js +0 -65
  678. package/src/transport/adapters/transport.sse.adapter.js.map +0 -1
  679. package/src/transport/adapters/transport.streamable-http.adapter.js +0 -112
  680. package/src/transport/adapters/transport.streamable-http.adapter.js.map +0 -1
  681. package/src/transport/flows/handle.sse.flow.js +0 -197
  682. package/src/transport/flows/handle.sse.flow.js.map +0 -1
  683. package/src/transport/flows/handle.stateless-http.flow.js +0 -102
  684. package/src/transport/flows/handle.stateless-http.flow.js.map +0 -1
  685. package/src/transport/flows/handle.streamable-http.flow.js +0 -315
  686. package/src/transport/flows/handle.streamable-http.flow.js.map +0 -1
  687. package/src/transport/legacy/legacy.sse.tranporter.js +0 -185
  688. package/src/transport/legacy/legacy.sse.tranporter.js.map +0 -1
  689. package/src/transport/mcp-handlers/Initialized-notification.hanlder.js +0 -14
  690. package/src/transport/mcp-handlers/Initialized-notification.hanlder.js.map +0 -1
  691. package/src/transport/mcp-handlers/call-tool-request.handler.js +0 -46
  692. package/src/transport/mcp-handlers/call-tool-request.handler.js.map +0 -1
  693. package/src/transport/mcp-handlers/complete-request.handler.js +0 -11
  694. package/src/transport/mcp-handlers/complete-request.handler.js.map +0 -1
  695. package/src/transport/mcp-handlers/get-prompt-request.handler.js +0 -11
  696. package/src/transport/mcp-handlers/get-prompt-request.handler.js.map +0 -1
  697. package/src/transport/mcp-handlers/index.js +0 -57
  698. package/src/transport/mcp-handlers/index.js.map +0 -1
  699. package/src/transport/mcp-handlers/initialize-request.handler.js +0 -109
  700. package/src/transport/mcp-handlers/initialize-request.handler.js.map +0 -1
  701. package/src/transport/mcp-handlers/list-prompts-request.handler.js +0 -11
  702. package/src/transport/mcp-handlers/list-prompts-request.handler.js.map +0 -1
  703. package/src/transport/mcp-handlers/list-resource-templates-request.handler.js +0 -12
  704. package/src/transport/mcp-handlers/list-resource-templates-request.handler.js.map +0 -1
  705. package/src/transport/mcp-handlers/list-resources-request.handler.js +0 -12
  706. package/src/transport/mcp-handlers/list-resources-request.handler.js.map +0 -1
  707. package/src/transport/mcp-handlers/list-tools-request.handler.js +0 -11
  708. package/src/transport/mcp-handlers/list-tools-request.handler.js.map +0 -1
  709. package/src/transport/mcp-handlers/logging-set-level-request.handler.js +0 -34
  710. package/src/transport/mcp-handlers/logging-set-level-request.handler.js.map +0 -1
  711. package/src/transport/mcp-handlers/mcp-handlers.types.js +0 -3
  712. package/src/transport/mcp-handlers/mcp-handlers.types.js.map +0 -1
  713. package/src/transport/mcp-handlers/read-resource-request.handler.js +0 -12
  714. package/src/transport/mcp-handlers/read-resource-request.handler.js.map +0 -1
  715. package/src/transport/mcp-handlers/roots-list-changed-notification.handler.js +0 -26
  716. package/src/transport/mcp-handlers/roots-list-changed-notification.handler.js.map +0 -1
  717. package/src/transport/mcp-handlers/subscribe-request.handler.js +0 -34
  718. package/src/transport/mcp-handlers/subscribe-request.handler.js.map +0 -1
  719. package/src/transport/mcp-handlers/unsubscribe-request.handler.js +0 -34
  720. package/src/transport/mcp-handlers/unsubscribe-request.handler.js.map +0 -1
  721. package/src/transport/transport.error.js +0 -25
  722. package/src/transport/transport.error.js.map +0 -1
  723. package/src/transport/transport.event-store.js +0 -36
  724. package/src/transport/transport.event-store.js.map +0 -1
  725. package/src/transport/transport.local.js +0 -71
  726. package/src/transport/transport.local.js.map +0 -1
  727. package/src/transport/transport.registry.js +0 -523
  728. package/src/transport/transport.registry.js.map +0 -1
  729. package/src/transport/transport.remote.js +0 -31
  730. package/src/transport/transport.remote.js.map +0 -1
  731. package/src/transport/transport.types.js +0 -3
  732. package/src/transport/transport.types.js.map +0 -1
  733. package/src/types/drinen-hooks.types.js +0 -3
  734. package/src/types/drinen-hooks.types.js.map +0 -1
  735. package/src/types/invoke.type.js +0 -34
  736. package/src/types/invoke.type.js.map +0 -1
  737. package/src/types/token.types.js +0 -3
  738. package/src/types/token.types.js.map +0 -1
  739. package/src/utils/content.utils.js +0 -194
  740. package/src/utils/content.utils.js.map +0 -1
  741. package/src/utils/index.js +0 -55
  742. package/src/utils/index.js.map +0 -1
  743. package/src/utils/lineage.utils.js +0 -82
  744. package/src/utils/lineage.utils.js.map +0 -1
  745. package/src/utils/metadata.utils.js +0 -26
  746. package/src/utils/metadata.utils.js.map +0 -1
  747. package/src/utils/naming.utils.js +0 -136
  748. package/src/utils/naming.utils.js.map +0 -1
  749. package/src/utils/server.utils.js +0 -59
  750. package/src/utils/server.utils.js.map +0 -1
  751. package/src/utils/string.utils.js +0 -10
  752. package/src/utils/string.utils.js.map +0 -1
  753. package/src/utils/token.utils.js +0 -65
  754. package/src/utils/token.utils.js.map +0 -1
  755. package/src/utils/types.utils.js +0 -3
  756. package/src/utils/types.utils.js.map +0 -1
  757. package/src/utils/uri-template.utils.js +0 -113
  758. package/src/utils/uri-template.utils.js.map +0 -1
  759. package/src/utils/uri-validation.utils.js +0 -76
  760. package/src/utils/uri-validation.utils.js.map +0 -1
  761. package/{src/adapter → adapter}/adapter.instance.d.ts +0 -0
  762. package/{src/adapter → adapter}/adapter.regsitry.d.ts +0 -0
  763. package/{src/adapter → adapter}/adapter.utils.d.ts +0 -0
  764. package/{src/app → app}/app.registry.d.ts +0 -0
  765. package/{src/app → app}/app.utils.d.ts +0 -0
  766. package/{src/app → app}/instances/app.local.instance.d.ts +0 -0
  767. package/{src/app → app}/instances/app.remote.instance.d.ts +0 -0
  768. package/{src/app → app}/instances/index.d.ts +0 -0
  769. package/{src/auth → auth}/auth.registry.d.ts +0 -0
  770. package/{src/auth → auth}/auth.utils.d.ts +0 -0
  771. package/{src/auth → auth}/authorization/authorization.class.d.ts +0 -0
  772. package/{src/auth → auth}/authorization/authorization.types.d.ts +0 -0
  773. package/{src/auth → auth}/authorization/index.d.ts +0 -0
  774. package/{src/auth → auth}/authorization/orchestrated.authorization.d.ts +0 -0
  775. package/{src/auth → auth}/authorization/public.authorization.d.ts +0 -0
  776. package/{src/auth → auth}/authorization/transparent.authorization.d.ts +0 -0
  777. package/{src/auth → auth}/consent/consent.types.d.ts +0 -0
  778. package/{src/auth → auth}/consent/index.d.ts +0 -0
  779. package/{src/auth → auth}/detection/auth-provider-detection.d.ts +0 -0
  780. package/{src/auth → auth}/detection/index.d.ts +0 -0
  781. package/{src/auth → auth}/flows/auth.verify.flow.d.ts +0 -0
  782. package/{src/auth → auth}/flows/oauth.authorize.flow.d.ts +0 -0
  783. package/{src/auth → auth}/flows/oauth.callback.flow.d.ts +0 -0
  784. package/{src/auth → auth}/flows/oauth.register.flow.d.ts +0 -0
  785. package/{src/auth → auth}/flows/oauth.token.flow.d.ts +0 -0
  786. package/{src/auth → auth}/flows/session.verify.flow.d.ts +0 -0
  787. package/{src/auth → auth}/flows/well-known.jwks.flow.d.ts +0 -0
  788. package/{src/auth → auth}/flows/well-known.oauth-authorization-server.flow.d.ts +0 -0
  789. package/{src/auth → auth}/flows/well-known.prm.flow.d.ts +0 -0
  790. package/{src/auth → auth}/jwks/dev-key-persistence.d.ts +0 -0
  791. package/{src/auth → auth}/jwks/index.d.ts +0 -0
  792. package/{src/auth → auth}/jwks/jwks.service.d.ts +0 -0
  793. package/{src/auth → auth}/jwks/jwks.types.d.ts +0 -0
  794. package/{src/auth → auth}/jwks/jwks.utils.d.ts +0 -0
  795. package/{src/auth → auth}/machine-id.d.ts +0 -0
  796. package/{src/auth → auth}/oauth/flows/oauth.authorize.flow.d.ts +0 -0
  797. package/{src/auth → auth}/oauth/flows/oauth.device-authorization.flow.d.ts +0 -0
  798. package/{src/auth → auth}/oauth/flows/oauth.introspect.flow.d.ts +0 -0
  799. package/{src/auth → auth}/oauth/flows/oauth.par.flow.d.ts +0 -0
  800. package/{src/auth → auth}/oauth/flows/oauth.revoke.flow.d.ts +0 -0
  801. package/{src/auth → auth}/oauth/flows/oauth.token.flow.d.ts +0 -0
  802. package/{src/auth → auth}/oauth/flows/oauth.userinfo.flow.d.ts +0 -0
  803. package/{src/auth → auth}/oauth/flows/oidc.logout.flow.d.ts +0 -0
  804. package/{src/auth → auth}/session/authorization-vault.d.ts +0 -0
  805. package/{src/auth → auth}/session/authorization.store.d.ts +0 -0
  806. package/{src/auth → auth}/session/encrypted-authorization-vault.d.ts +0 -0
  807. package/{src/auth → auth}/session/record/session.base.d.ts +0 -0
  808. package/{src/auth → auth}/session/record/session.stateful.d.ts +0 -0
  809. package/{src/auth → auth}/session/record/session.stateless.d.ts +0 -0
  810. package/{src/auth → auth}/session/record/session.transparent.d.ts +0 -0
  811. package/{src/auth → auth}/session/redis-session.store.d.ts +0 -0
  812. package/{src/auth → auth}/session/session.crypto.d.ts +0 -0
  813. package/{src/auth → auth}/session/session.schema.d.ts +0 -0
  814. package/{src/auth → auth}/session/session.service.d.ts +0 -0
  815. package/{src/auth → auth}/session/session.transport.d.ts +0 -0
  816. package/{src/auth → auth}/session/session.types.d.ts +0 -0
  817. package/{src/auth → auth}/session/token.refresh.d.ts +0 -0
  818. package/{src/auth → auth}/session/token.store.d.ts +0 -0
  819. package/{src/auth → auth}/session/token.vault.d.ts +0 -0
  820. package/{src/auth → auth}/session/transport-session.manager.d.ts +0 -0
  821. package/{src/auth → auth}/session/transport-session.types.d.ts +0 -0
  822. package/{src/auth → auth}/session/utils/auth-token.utils.d.ts +0 -0
  823. package/{src/auth → auth}/session/utils/session-id.utils.d.ts +0 -0
  824. package/{src/auth → auth}/session/utils/tiny-ttl-cache.d.ts +0 -0
  825. package/{src/auth → auth}/session/vault-encryption.d.ts +0 -0
  826. package/{src/auth → auth}/ui/base-layout.d.ts +0 -0
  827. package/{src/auth → auth}/ui/index.d.ts +0 -0
  828. package/{src/auth → auth}/ui/templates.d.ts +0 -0
  829. package/{src/auth → auth}/utils/audience.validator.d.ts +0 -0
  830. package/{src/auth → auth}/utils/index.d.ts +0 -0
  831. package/{src/auth → auth}/utils/www-authenticate.utils.d.ts +0 -0
  832. package/{src/common → common}/common.schema.d.ts +0 -0
  833. package/{src/common → common}/constants.d.ts +0 -0
  834. package/{src/common → common}/decorators/adapter.decorator.d.ts +0 -0
  835. package/{src/common → common}/decorators/app.decorator.d.ts +0 -0
  836. package/{src/common → common}/decorators/auth-provider.decorator.d.ts +0 -0
  837. package/{src/common → common}/decorators/decorator-utils.d.ts +0 -0
  838. package/{src/common → common}/decorators/flow.decorator.d.ts +0 -0
  839. package/{src/common → common}/decorators/front-mcp.decorator.d.ts +0 -0
  840. package/{src/common → common}/decorators/hook.decorator.d.ts +0 -0
  841. package/{src/common → common}/decorators/index.d.ts +0 -0
  842. package/{src/common → common}/decorators/logger.decorator.d.ts +0 -0
  843. package/{src/common → common}/decorators/plugin.decorator.d.ts +0 -0
  844. package/{src/common → common}/decorators/prompt.decorator.d.ts +0 -0
  845. package/{src/common → common}/decorators/provider.decorator.d.ts +0 -0
  846. package/{src/common → common}/decorators/resource.decorator.d.ts +0 -0
  847. package/{src/common → common}/decorators/tool.decorator.d.ts +0 -0
  848. package/{src/common → common}/dynamic/dynamic.adapter.d.ts +0 -0
  849. package/{src/common → common}/dynamic/dynamic.plugin.d.ts +0 -0
  850. package/{src/common → common}/dynamic/dynamic.utils.d.ts +0 -0
  851. package/{src/common → common}/dynamic/index.d.ts +0 -0
  852. package/{src/common → common}/entries/adapter.entry.d.ts +0 -0
  853. package/{src/common → common}/entries/app.entry.d.ts +0 -0
  854. package/{src/common → common}/entries/auth-provider.entry.d.ts +0 -0
  855. package/{src/common → common}/entries/base.entry.d.ts +0 -0
  856. package/{src/common → common}/entries/flow.entry.d.ts +0 -0
  857. package/{src/common → common}/entries/hook.entry.d.ts +0 -0
  858. package/{src/common → common}/entries/index.d.ts +0 -0
  859. package/{src/common → common}/entries/logger.entry.d.ts +0 -0
  860. package/{src/common → common}/entries/plugin.entry.d.ts +0 -0
  861. package/{src/common → common}/entries/prompt.entry.d.ts +0 -0
  862. package/{src/common → common}/entries/provider.entry.d.ts +0 -0
  863. package/{src/common → common}/entries/resource.entry.d.ts +0 -0
  864. package/{src/common → common}/entries/scope.entry.d.ts +0 -0
  865. package/{src/common → common}/entries/tool.entry.d.ts +0 -0
  866. package/{src/common → common}/flow/flow.utils.d.ts +0 -0
  867. package/{src/common → common}/index.d.ts +0 -0
  868. package/{src/common → common}/interfaces/adapter.interface.d.ts +0 -0
  869. package/{src/common → common}/interfaces/app.interface.d.ts +0 -0
  870. package/{src/common → common}/interfaces/auth-hook.interface.d.ts +0 -0
  871. package/{src/common → common}/interfaces/auth-provider.interface.d.ts +0 -0
  872. package/{src/common → common}/interfaces/base.interface.d.ts +0 -0
  873. package/{src/common → common}/interfaces/execution-context.interface.d.ts +0 -0
  874. package/{src/common → common}/interfaces/flow.interface.d.ts +0 -0
  875. package/{src/common → common}/interfaces/front-mcp.interface.d.ts +0 -0
  876. package/{src/common → common}/interfaces/hook.interface.d.ts +0 -0
  877. package/{src/common → common}/interfaces/index.d.ts +0 -0
  878. package/{src/common → common}/interfaces/internal/flow.utils.d.ts +0 -0
  879. package/{src/common → common}/interfaces/internal/index.d.ts +0 -0
  880. package/{src/common → common}/interfaces/internal/registry.interface.d.ts +0 -0
  881. package/{src/common → common}/interfaces/logger.interface.d.ts +0 -0
  882. package/{src/common → common}/interfaces/plugin.interface.d.ts +0 -0
  883. package/{src/common → common}/interfaces/prompt.interface.d.ts +0 -0
  884. package/{src/common → common}/interfaces/provider.interface.d.ts +0 -0
  885. package/{src/common → common}/interfaces/resource.interface.d.ts +0 -0
  886. package/{src/common → common}/interfaces/scope.interface.d.ts +0 -0
  887. package/{src/common → common}/interfaces/server.interface.d.ts +0 -0
  888. package/{src/common → common}/interfaces/session-hook.interface.d.ts +0 -0
  889. package/{src/common → common}/interfaces/tool-hook.interface.d.ts +0 -0
  890. package/{src/common → common}/interfaces/tool.interface.d.ts +0 -0
  891. package/{src/common → common}/metadata/adapter.metadata.d.ts +0 -0
  892. package/{src/common → common}/metadata/app.metadata.d.ts +42 -42
  893. /package/{src/common → common}/metadata/auth-provider.metadata.d.ts +0 -0
  894. /package/{src/common → common}/metadata/flow.metadata.d.ts +0 -0
  895. /package/{src/common → common}/metadata/hook.metadata.d.ts +0 -0
  896. /package/{src/common → common}/metadata/index.d.ts +0 -0
  897. /package/{src/common → common}/metadata/logger.metadata.d.ts +0 -0
  898. /package/{src/common → common}/metadata/plugin.metadata.d.ts +0 -0
  899. /package/{src/common → common}/metadata/provider.metadata.d.ts +0 -0
  900. /package/{src/common → common}/migrate/auth-transport.migrate.d.ts +0 -0
  901. /package/{src/common → common}/migrate/index.d.ts +0 -0
  902. /package/{src/common → common}/providers/base-config.provider.d.ts +0 -0
  903. /package/{src/common → common}/records/adapter.record.d.ts +0 -0
  904. /package/{src/common → common}/records/app.record.d.ts +0 -0
  905. /package/{src/common → common}/records/auth-provider.record.d.ts +0 -0
  906. /package/{src/common → common}/records/flow.record.d.ts +0 -0
  907. /package/{src/common → common}/records/hook.record.d.ts +0 -0
  908. /package/{src/common → common}/records/index.d.ts +0 -0
  909. /package/{src/common → common}/records/logger.record.d.ts +0 -0
  910. /package/{src/common → common}/records/plugin.record.d.ts +0 -0
  911. /package/{src/common → common}/records/prompt.record.d.ts +0 -0
  912. /package/{src/common → common}/records/provider.record.d.ts +0 -0
  913. /package/{src/common → common}/records/resource.record.d.ts +0 -0
  914. /package/{src/common → common}/records/scope.record.d.ts +0 -0
  915. /package/{src/common → common}/records/tool.record.d.ts +0 -0
  916. /package/{src/common → common}/schemas/annotated-class.schema.d.ts +0 -0
  917. /package/{src/common → common}/schemas/http-input.schema.d.ts +0 -0
  918. /package/{src/common → common}/schemas/index.d.ts +0 -0
  919. /package/{src/common → common}/schemas/session-header.schema.d.ts +0 -0
  920. /package/{src/common → common}/tokens/adapter.tokens.d.ts +0 -0
  921. /package/{src/common → common}/tokens/app.tokens.d.ts +0 -0
  922. /package/{src/common → common}/tokens/auth-provider.tokens.d.ts +0 -0
  923. /package/{src/common → common}/tokens/base.tokens.d.ts +0 -0
  924. /package/{src/common → common}/tokens/flow-hook.tokens.d.ts +0 -0
  925. /package/{src/common → common}/tokens/flow.tokens.d.ts +0 -0
  926. /package/{src/common → common}/tokens/front-mcp.tokens.d.ts +0 -0
  927. /package/{src/common → common}/tokens/index.d.ts +0 -0
  928. /package/{src/common → common}/tokens/logger.tokens.d.ts +0 -0
  929. /package/{src/common → common}/tokens/plugin.tokens.d.ts +0 -0
  930. /package/{src/common → common}/tokens/prompt.tokens.d.ts +0 -0
  931. /package/{src/common → common}/tokens/provider.tokens.d.ts +0 -0
  932. /package/{src/common → common}/tokens/resource.tokens.d.ts +0 -0
  933. /package/{src/common → common}/tokens/server.tokens.d.ts +0 -0
  934. /package/{src/common → common}/tokens/tool.tokens.d.ts +0 -0
  935. /package/{src/common → common}/types/auth/index.d.ts +0 -0
  936. /package/{src/common → common}/types/auth/jwt.types.d.ts +0 -0
  937. /package/{src/common → common}/types/auth/session.types.d.ts +0 -0
  938. /package/{src/common → common}/types/common.types.d.ts +0 -0
  939. /package/{src/common → common}/types/index.d.ts +0 -0
  940. /package/{src/logger/logger.tokens.d.ts → common/types/options/auth/auth.typecheck.d.ts} +0 -0
  941. /package/{src/common → common}/types/options/http.options.d.ts +0 -0
  942. /package/{src/common → common}/types/options/logging.options.d.ts +0 -0
  943. /package/{src/common → common}/types/options/session.options.d.ts +0 -0
  944. /package/{src/common → common}/utils/path.utils.d.ts +0 -0
  945. /package/{src/context → context}/frontmcp-context-storage.d.ts +0 -0
  946. /package/{src/context → context}/frontmcp-context.d.ts +0 -0
  947. /package/{src/context → context}/frontmcp-context.provider.d.ts +0 -0
  948. /package/{src/context → context}/index.d.ts +0 -0
  949. /package/{src/context → context}/request-context-storage.d.ts +0 -0
  950. /package/{src/context → context}/request-context.d.ts +0 -0
  951. /package/{src/context → context}/request-context.provider.d.ts +0 -0
  952. /package/{src/context → context}/session-key.provider.d.ts +0 -0
  953. /package/{src/context → context}/trace-context.d.ts +0 -0
  954. /package/{src/errors → errors}/authorization-required.error.d.ts +0 -0
  955. /package/{src/errors → errors}/error-handler.d.ts +0 -0
  956. /package/{src/exceptions → exceptions}/mcp-exceptions/session-missing.exception.d.ts +0 -0
  957. /package/{src/exceptions → exceptions}/mcp-exceptions/unsupported-client-version.exception.d.ts +0 -0
  958. /package/{src/flows → flows}/flow.instance.d.ts +0 -0
  959. /package/{src/flows → flows}/flow.registry.d.ts +0 -0
  960. /package/{src/flows → flows}/flow.stages.d.ts +0 -0
  961. /package/{src/flows → flows}/flow.utils.d.ts +0 -0
  962. /package/{src/front-mcp → front-mcp}/front-mcp.d.ts +0 -0
  963. /package/{src/front-mcp → front-mcp}/front-mcp.tokens.d.ts +0 -0
  964. /package/{src/front-mcp → front-mcp}/serverless-handler.d.ts +0 -0
  965. /package/{src/hooks → hooks}/hook.instance.d.ts +0 -0
  966. /package/{src/hooks → hooks}/hook.registry.d.ts +0 -0
  967. /package/{src/hooks → hooks}/hooks.utils.d.ts +0 -0
  968. /package/{src/logger → logger}/instances/instance.console-logger.d.ts +0 -0
  969. /package/{src/logger → logger}/instances/instance.logger.d.ts +0 -0
  970. /package/{src/logger → logger}/logger.registry.d.ts +0 -0
  971. /package/{src/logger → logger}/logger.types.d.ts +0 -0
  972. /package/{src/logger → logger}/logger.utils.d.ts +0 -0
  973. /package/{src/mcp-apps → mcp-apps}/csp.d.ts +0 -0
  974. /package/{src/mcp-apps → mcp-apps}/index.d.ts +0 -0
  975. /package/{src/mcp-apps → mcp-apps}/schemas.d.ts +0 -0
  976. /package/{src/mcp-apps → mcp-apps}/template.d.ts +0 -0
  977. /package/{src/mcp-apps → mcp-apps}/types.d.ts +0 -0
  978. /package/{src/notification → notification}/index.d.ts +0 -0
  979. /package/{src/notification → notification}/notification.service.d.ts +0 -0
  980. /package/{src/plugin → plugin}/plugin.registry.d.ts +0 -0
  981. /package/{src/plugin → plugin}/plugin.utils.d.ts +0 -0
  982. /package/{src/prompt → prompt}/index.d.ts +0 -0
  983. /package/{src/prompt → prompt}/prompt.events.d.ts +0 -0
  984. /package/{src/prompt → prompt}/prompt.instance.d.ts +0 -0
  985. /package/{src/prompt → prompt}/prompt.registry.d.ts +0 -0
  986. /package/{src/prompt → prompt}/prompt.types.d.ts +0 -0
  987. /package/{src/prompt → prompt}/prompt.utils.d.ts +0 -0
  988. /package/{src/provider → provider}/provider.registry.d.ts +0 -0
  989. /package/{src/provider → provider}/provider.types.d.ts +0 -0
  990. /package/{src/provider → provider}/provider.utils.d.ts +0 -0
  991. /package/{src/regsitry → regsitry}/index.d.ts +0 -0
  992. /package/{src/regsitry → regsitry}/registry.base.d.ts +0 -0
  993. /package/{src/resource → resource}/index.d.ts +0 -0
  994. /package/{src/resource → resource}/resource.events.d.ts +0 -0
  995. /package/{src/resource → resource}/resource.instance.d.ts +0 -0
  996. /package/{src/resource → resource}/resource.registry.d.ts +0 -0
  997. /package/{src/resource → resource}/resource.types.d.ts +0 -0
  998. /package/{src/resource → resource}/resource.utils.d.ts +0 -0
  999. /package/{src/scope → scope}/flows/http.request.flow.d.ts +0 -0
  1000. /package/{src/scope → scope}/index.d.ts +0 -0
  1001. /package/{src/scope → scope}/scope.instance.d.ts +0 -0
  1002. /package/{src/scope → scope}/scope.registry.d.ts +0 -0
  1003. /package/{src/scope → scope}/scope.utils.d.ts +0 -0
  1004. /package/{src/server → server}/adapters/base.host.adapter.d.ts +0 -0
  1005. /package/{src/server → server}/adapters/express.host.adapter.d.ts +0 -0
  1006. /package/{src/server → server}/server.instance.d.ts +0 -0
  1007. /package/{src/server → server}/server.types.d.ts +0 -0
  1008. /package/{src/server → server}/server.validation.d.ts +0 -0
  1009. /package/{src/store → store}/adapters/store.base.adapter.d.ts +0 -0
  1010. /package/{src/store → store}/adapters/store.memory.adapter.d.ts +0 -0
  1011. /package/{src/store → store}/adapters/store.redis.adapter.d.ts +0 -0
  1012. /package/{src/store → store}/store.helpers.d.ts +0 -0
  1013. /package/{src/store → store}/store.registry.d.ts +0 -0
  1014. /package/{src/store → store}/store.tokens.d.ts +0 -0
  1015. /package/{src/store → store}/store.types.d.ts +0 -0
  1016. /package/{src/store → store}/store.utils.d.ts +0 -0
  1017. /package/{src/tool → tool}/tool.events.d.ts +0 -0
  1018. /package/{src/tool → tool}/tool.instance.d.ts +0 -0
  1019. /package/{src/tool → tool}/tool.registry.d.ts +0 -0
  1020. /package/{src/tool → tool}/tool.types.d.ts +0 -0
  1021. /package/{src/tool → tool}/tool.utils.d.ts +0 -0
  1022. /package/{src/tool → tool}/ui/ui-resource-template.d.ts +0 -0
  1023. /package/{src/transport → transport}/adapters/transport.local.adapter.d.ts +0 -0
  1024. /package/{src/transport → transport}/adapters/transport.sse.adapter.d.ts +0 -0
  1025. /package/{src/transport → transport}/adapters/transport.streamable-http.adapter.d.ts +0 -0
  1026. /package/{src/transport → transport}/flows/handle.sse.flow.d.ts +0 -0
  1027. /package/{src/transport → transport}/flows/handle.stateless-http.flow.d.ts +0 -0
  1028. /package/{src/transport → transport}/flows/handle.streamable-http.flow.d.ts +0 -0
  1029. /package/{src/transport → transport}/legacy/legacy.sse.tranporter.d.ts +0 -0
  1030. /package/{src/transport → transport}/mcp-handlers/Initialized-notification.hanlder.d.ts +0 -0
  1031. /package/{src/transport → transport}/mcp-handlers/call-tool-request.handler.d.ts +0 -0
  1032. /package/{src/transport → transport}/mcp-handlers/initialize-request.handler.d.ts +0 -0
  1033. /package/{src/transport → transport}/mcp-handlers/mcp-handlers.types.d.ts +0 -0
  1034. /package/{src/transport → transport}/mcp-handlers/roots-list-changed-notification.handler.d.ts +0 -0
  1035. /package/{src/transport → transport}/transport.error.d.ts +0 -0
  1036. /package/{src/transport → transport}/transport.event-store.d.ts +0 -0
  1037. /package/{src/transport → transport}/transport.local.d.ts +0 -0
  1038. /package/{src/transport → transport}/transport.remote.d.ts +0 -0
  1039. /package/{src/transport → transport}/transport.types.d.ts +0 -0
  1040. /package/{src/types → types}/drinen-hooks.types.d.ts +0 -0
  1041. /package/{src/types → types}/invoke.type.d.ts +0 -0
  1042. /package/{src/types → types}/token.types.d.ts +0 -0
  1043. /package/{src/utils → utils}/content.utils.d.ts +0 -0
  1044. /package/{src/utils → utils}/index.d.ts +0 -0
  1045. /package/{src/utils → utils}/lineage.utils.d.ts +0 -0
  1046. /package/{src/utils → utils}/metadata.utils.d.ts +0 -0
  1047. /package/{src/utils → utils}/naming.utils.d.ts +0 -0
  1048. /package/{src/utils → utils}/server.utils.d.ts +0 -0
  1049. /package/{src/utils → utils}/string.utils.d.ts +0 -0
  1050. /package/{src/utils → utils}/token.utils.d.ts +0 -0
  1051. /package/{src/utils → utils}/types.utils.d.ts +0 -0
  1052. /package/{src/utils → utils}/uri-template.utils.d.ts +0 -0
  1053. /package/{src/utils → utils}/uri-validation.utils.d.ts +0 -0
package/src/auth/flows/session.verify.flow.js DELETED
@@ -1,304 +0,0 @@
1
- "use strict";
2
- Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.sessionVerifyOutputSchema = void 0;
4
- const tslib_1 = require("tslib");
5
- // auth/flows/session.verify.flow.ts
6
- const common_1 = require("../../common");
7
- require("reflect-metadata");
8
- const zod_1 = require("zod");
9
- const auth_token_utils_1 = require("../session/utils/auth-token.utils");
10
- const jwks_1 = require("../jwks");
11
- const session_id_utils_1 = require("../session/utils/session-id.utils");
12
- const authorization_1 = require("../authorization");
13
- const notification_service_1 = require("../../notification/notification.service");
14
- const inputSchema = common_1.httpRequestInputSchema;
15
- const stateSchema = zod_1.z.object({
16
- baseUrl: zod_1.z.string().min(1),
17
- authorizationHeader: zod_1.z.string().optional(),
18
- token: zod_1.z.string().optional(),
19
- sessionIdHeader: zod_1.z.string().optional(), // 'mcp-session-id'
20
- sessionProtocol: zod_1.z.string().optional(), // 'sse/http/streamable-http'
21
- userAgent: zod_1.z.string().optional(), // User-Agent header for platform detection
22
- prmMetadataPath: zod_1.z.string().optional(),
23
- prmMetadataHeader: zod_1.z.string().optional(),
24
- jwtPayload: zod_1.z.object({}).passthrough().optional(),
25
- user: common_1.userClaimSchema.optional(),
26
- session: common_1.sessionIdSchema.optional(),
27
- });
28
- const UnauthorizedSchema = zod_1.z
29
- .object({
30
- kind: zod_1.z.literal('unauthorized'),
31
- prmMetadataHeader: zod_1.z.string().describe('Path to protected resource metadata'),
32
- })
33
- .describe("401 Unauthorized with 'WWW-Authenticate' header for requesting authentication");
34
- const AuthorizedSchema = zod_1.z
35
- .object({
36
- kind: zod_1.z.literal('authorized'),
37
- authorization: common_1.authorizationSchema.describe('Session information if session id is present'),
38
- })
39
- .describe('Authorized session information');
40
- exports.sessionVerifyOutputSchema = zod_1.z.union([UnauthorizedSchema, AuthorizedSchema]);
41
- const plan = {
42
- pre: ['parseInput', 'handlePublicMode', 'requireAuthorizationHeader', 'verifyIfJwt'],
43
- execute: ['deriveUser', 'parseSessionHeader', 'buildAuthorizedOutput'],
44
- };
45
- const name = 'session:verify';
46
- const Stage = (0, common_1.StageHookOf)(name);
47
- let SessionVerifyFlow = class SessionVerifyFlow extends common_1.FlowBase {
48
- async parseInput() {
49
- const { request } = this.rawInput;
50
- const entryPath = (0, common_1.normalizeEntryPrefix)(this.scope.entryPath);
51
- const routeBase = (0, common_1.normalizeScopeBase)(this.scope.routeBase);
52
- const baseUrl = (0, common_1.getRequestBaseUrl)(request, entryPath);
53
- const authorizationHeader = request.headers?.['authorization'] ?? undefined;
54
- const httpTransportHeader = request.headers?.['http-transport'];
55
- const sessionIdRawHeader = request.headers?.['mcp-session-id'];
56
- const sessionIdQuery = request.query['sessionId'];
57
- const sessionIdHeader = sessionIdRawHeader ?? sessionIdQuery ?? undefined;
58
- // Use sessionIdRawHeader (not sessionIdHeader) to distinguish header vs query param
59
- // sessionIdHeader is the merged value, but we need to know the source for protocol selection
60
- const sessionProtocol = httpTransportHeader
61
- ? 'http'
62
- : sessionIdRawHeader
63
- ? 'streamable-http'
64
- : sessionIdQuery
65
- ? 'sse'
66
- : undefined;
67
- const token = (0, auth_token_utils_1.extractBearerToken)(authorizationHeader);
68
- const userAgent = request.headers?.['user-agent'] ?? undefined;
69
- const prmMetadataPath = `/.well-known/oauth-protected-resource${entryPath}${routeBase}`;
70
- const prmMetadataHeader = `Bearer resource_metadata="${baseUrl}${prmMetadataPath}"`;
71
- this.state.set({
72
- baseUrl,
73
- authorizationHeader,
74
- token,
75
- sessionIdHeader,
76
- sessionProtocol,
77
- userAgent,
78
- prmMetadataPath,
79
- prmMetadataHeader,
80
- });
81
- }
82
- /**
83
- * Handle public mode - allow anonymous access without requiring authorization
84
- * In public mode, we create an anonymous authorization with a stateful session
85
- * but NO token. This allows public docs/CI to work without Authorization header.
86
- *
87
- * CRITICAL: When client sends mcp-session-id header, we MUST use that exact ID
88
- * for transport registry lookup. Creating a new session ID would cause mismatch.
89
- */
90
- async handlePublicMode() {
91
- const authOptions = this.scope.auth?.options;
92
- // Skip if not public mode or if authorization header is present (authenticated public)
93
- if (!authOptions || !(0, common_1.isPublicMode)(authOptions)) {
94
- return;
95
- }
96
- // If token is present, let the normal verification flow handle it
97
- if (this.state.token) {
98
- return;
99
- }
100
- const sessionIdHeader = this.state.sessionIdHeader;
101
- const machineId = (0, authorization_1.getMachineId)();
102
- // CRITICAL: If client sent session ID, ALWAYS use it for transport lookup.
103
- // The transport registry uses this ID as the key. Creating a different ID
104
- // would cause "session not initialized" error.
105
- if (sessionIdHeader) {
106
- // Try to decrypt/validate for payload extraction (optional - for nodeId validation)
107
- const existingPayload = (0, session_id_utils_1.decryptPublicSession)(sessionIdHeader);
108
- // Determine user based on whether we could extract payload
109
- const user = existingPayload
110
- ? { sub: `anon:${existingPayload.iat * 1000}`, iss: 'public', name: 'Anonymous' }
111
- : { sub: `anon:${crypto.randomUUID()}`, iss: 'public', name: 'Anonymous' };
112
- // ALWAYS use client's session ID, regardless of validation result.
113
- // If payload is valid and nodeId matches, include payload for protocol detection.
114
- // If validation failed, transport layer will handle the error appropriately.
115
- const finalPayload = existingPayload && existingPayload.nodeId === machineId ? existingPayload : undefined;
116
- this.respond({
117
- kind: 'authorized',
118
- authorization: {
119
- token: '',
120
- user,
121
- session: {
122
- id: sessionIdHeader, // ← CRITICAL: Always use client's session ID
123
- payload: finalPayload,
124
- },
125
- },
126
- });
127
- return;
128
- }
129
- // No session header → create new session (initialize request)
130
- // For new sessions, don't pre-determine protocol. Let transport handler detect it.
131
- const now = Date.now();
132
- const user = { sub: `anon:${crypto.randomUUID()}`, iss: 'public', name: 'Anonymous' };
133
- const uuid = crypto.randomUUID();
134
- // Detect platform from User-Agent header for UI rendering support
135
- const platformDetectionConfig = this.scope.metadata.transport?.platformDetection;
136
- const platformType = (0, notification_service_1.detectPlatformFromUserAgent)(this.state.userAgent, platformDetectionConfig);
137
- // Create a valid session payload matching the SessionIdPayload schema
138
- // Include platformType if detected (non-unknown) for Tool UI support
139
- const payload = {
140
- uuid,
141
- nodeId: machineId,
142
- authSig: 'public',
143
- iat: Math.floor(now / 1000),
144
- isPublic: true,
145
- ...(platformType !== 'unknown' && { platformType }),
146
- };
147
- const sessionId = (0, session_id_utils_1.encryptJson)(payload);
148
- this.respond({
149
- kind: 'authorized',
150
- authorization: {
151
- token: '',
152
- user,
153
- session: { id: sessionId, payload },
154
- },
155
- });
156
- }
157
- async requireAuthorizationOrChallenge() {
158
- this.respond({
159
- kind: 'unauthorized',
160
- prmMetadataHeader: this.state.required.prmMetadataHeader,
161
- });
162
- }
163
- /**
164
- * If Authorization is a JWT:
165
- * - Attempt verification against any known / cached public keys we have (gateway/local)
166
- * - If verification fails → 401
167
- * - If verification ok → capture payload
168
- * If NOT a JWT:
169
- * - we do NOT attempt verification, just pass the raw token through
170
- */
171
- async verifyIfJwt() {
172
- const jwks = this.get(jwks_1.JwksService); // TODO: fix providers
173
- const token = this.state.required.token;
174
- if (!(0, auth_token_utils_1.isJwt)(token)) {
175
- // Non-JWT tokens are not supported - require JWT for verification
176
- this.respond({
177
- kind: 'unauthorized',
178
- prmMetadataHeader: this.state.required.prmMetadataHeader,
179
- });
180
- return;
181
- }
182
- // Best-effort verification using locally known keys (gateway/local provider cache).
183
- // Add defensive null check for this.scope.auth (consistent with line 130)
184
- const auth = this.scope.auth;
185
- if (!auth) {
186
- this.respond({
187
- kind: 'unauthorized',
188
- prmMetadataHeader: this.state.required.prmMetadataHeader,
189
- });
190
- return;
191
- }
192
- let verify;
193
- const authOptions = auth.options;
194
- // Transparent mode uses remote provider's keys, all other modes use local keys
195
- if ((0, common_1.isTransparentMode)(authOptions)) {
196
- const primary = authOptions;
197
- const issuer = auth.issuer;
198
- const providerRefs = [
199
- {
200
- id: primary.remote.id ?? 'default',
201
- issuerUrl: issuer,
202
- jwks: primary.remote.jwks,
203
- jwksUri: primary.remote.jwksUri,
204
- },
205
- ];
206
- verify = jwks.verifyTransparentToken(token, providerRefs);
207
- }
208
- else {
209
- // Public or orchestrated mode - verify against local gateway keys
210
- verify = jwks.verifyGatewayToken(token, this.state.required.baseUrl);
211
- }
212
- const result = await verify;
213
- if (result.ok) {
214
- this.state.set({ jwtPayload: result.payload });
215
- return;
216
- }
217
- this.respond({
218
- kind: 'unauthorized',
219
- prmMetadataHeader: this.state.required.prmMetadataHeader,
220
- });
221
- }
222
- async deriveUser() {
223
- this.state.set('user', (0, auth_token_utils_1.deriveTypedUser)(this.state.required.jwtPayload ?? {}));
224
- }
225
- /**
226
- * Parse the session header (mcp-session-id)
227
- * - If session id is present, validate it
228
- * - If valid, capture the session info
229
- * - If NOT valid, ignore (no session)
230
- */
231
- async parseSessionHeader() {
232
- const { sessionIdHeader, required: { token }, } = this.state;
233
- const session = (0, session_id_utils_1.parseSessionHeader)(sessionIdHeader, token);
234
- if (session) {
235
- this.state.set('session', session);
236
- }
237
- }
238
- async buildAuthorizedOutput() {
239
- const { required: { token, user }, session, } = this.state;
240
- this.respond({
241
- kind: 'authorized',
242
- authorization: {
243
- token,
244
- user,
245
- session,
246
- },
247
- });
248
- }
249
- };
250
- tslib_1.__decorate([
251
- Stage('parseInput'),
252
- tslib_1.__metadata("design:type", Function),
253
- tslib_1.__metadata("design:paramtypes", []),
254
- tslib_1.__metadata("design:returntype", Promise)
255
- ], SessionVerifyFlow.prototype, "parseInput", null);
256
- tslib_1.__decorate([
257
- Stage('handlePublicMode'),
258
- tslib_1.__metadata("design:type", Function),
259
- tslib_1.__metadata("design:paramtypes", []),
260
- tslib_1.__metadata("design:returntype", Promise)
261
- ], SessionVerifyFlow.prototype, "handlePublicMode", null);
262
- tslib_1.__decorate([
263
- Stage('requireAuthorizationHeader', {
264
- filter: ({ state }) => !state.authorizationHeader,
265
- }),
266
- tslib_1.__metadata("design:type", Function),
267
- tslib_1.__metadata("design:paramtypes", []),
268
- tslib_1.__metadata("design:returntype", Promise)
269
- ], SessionVerifyFlow.prototype, "requireAuthorizationOrChallenge", null);
270
- tslib_1.__decorate([
271
- Stage('verifyIfJwt'),
272
- tslib_1.__metadata("design:type", Function),
273
- tslib_1.__metadata("design:paramtypes", []),
274
- tslib_1.__metadata("design:returntype", Promise)
275
- ], SessionVerifyFlow.prototype, "verifyIfJwt", null);
276
- tslib_1.__decorate([
277
- Stage('deriveUser'),
278
- tslib_1.__metadata("design:type", Function),
279
- tslib_1.__metadata("design:paramtypes", []),
280
- tslib_1.__metadata("design:returntype", Promise)
281
- ], SessionVerifyFlow.prototype, "deriveUser", null);
282
- tslib_1.__decorate([
283
- Stage('parseSessionHeader'),
284
- tslib_1.__metadata("design:type", Function),
285
- tslib_1.__metadata("design:paramtypes", []),
286
- tslib_1.__metadata("design:returntype", Promise)
287
- ], SessionVerifyFlow.prototype, "parseSessionHeader", null);
288
- tslib_1.__decorate([
289
- Stage('buildAuthorizedOutput'),
290
- tslib_1.__metadata("design:type", Function),
291
- tslib_1.__metadata("design:paramtypes", []),
292
- tslib_1.__metadata("design:returntype", Promise)
293
- ], SessionVerifyFlow.prototype, "buildAuthorizedOutput", null);
294
- SessionVerifyFlow = tslib_1.__decorate([
295
- (0, common_1.Flow)({
296
- name,
297
- plan,
298
- inputSchema,
299
- outputSchema: exports.sessionVerifyOutputSchema,
300
- access: 'authorized',
301
- })
302
- ], SessionVerifyFlow);
303
- exports.default = SessionVerifyFlow;
304
- //# sourceMappingURL=session.verify.flow.js.map
package/src/auth/flows/session.verify.flow.js.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"file":"session.verify.flow.js","sourceRoot":"","sources":["../../../../src/auth/flows/session.verify.flow.ts"],"names":[],"mappings":";;;;AAAA,oCAAoC;AACpC,yCAiBsB;AACtB,4BAA0B;AAC1B,6BAAwB;AACxB,wEAA+F;AAC/F,kCAAuE;AACvE,wEAA0G;AAC1G,oDAAgD;AAChD,kFAAsF;AAEtF,MAAM,WAAW,GAAG,+BAAsB,CAAC;AAE3C,MAAM,WAAW,GAAG,OAAC,CAAC,MAAM,CAAC;IAC3B,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;IAC1B,mBAAmB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC1C,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IAC5B,eAAe,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,EAAE,mBAAmB;IAC3D,eAAe,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,EAAE,6BAA6B;IACrE,SAAS,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE,EAAE,2CAA2C;IAC7E,eAAe,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACtC,iBAAiB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;IACxC,UAAU,EAAE,OAAC,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC,QAAQ,EAAE;IACjD,IAAI,EAAE,wBAAe,CAAC,QAAQ,EAAE;IAChC,OAAO,EAAE,wBAAe,CAAC,QAAQ,EAAE;CACpC,CAAC,CAAC;AAEH,MAAM,kBAAkB,GAAG,OAAC;KACzB,MAAM,CAAC;IACN,IAAI,EAAE,OAAC,CAAC,OAAO,CAAC,cAAc,CAAC;IAC/B,iBAAiB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,qCAAqC,CAAC;CAC9E,CAAC;KACD,QAAQ,CAAC,+EAA+E,CAAC,CAAC;AAE7F,MAAM,gBAAgB,GAAG,OAAC;KACvB,MAAM,CAAC;IACN,IAAI,EAAE,OAAC,CAAC,OAAO,CAAC,YAAY,CAAC;IAC7B,aAAa,EAAE,4BAAmB,CAAC,QAAQ,CAAC,8CAA8C,CAAC;CAC5F,CAAC;KACD,QAAQ,CAAC,gCAAgC,CAAC,CAAC;AAEjC,QAAA,yBAAyB,GAAG,OAAC,CAAC,KAAK,CAAC,CAAC,kBAAkB,EAAE,gBAAgB,CAAC,CAAC,CAAC;AAEzF,MAAM,IAAI,GAAG;IACX,GAAG,EAAE,CAAC,YAAY,EAAE,kBAAkB,EAAE,4BAA4B,EAAE,aAAa,CAAC;IACpF,OAAO,EAAE,CAAC,YAAY,EAAE,oBAAoB,EAAE,uBAAuB,CAAC;CACnC,CAAC;AActC,MAAM,IAAI,GAAG,gBAAyB,CAAC;AACvC,MAAM,KAAK,GAAG,IAAA,oBAAW,EAAC,IAAI,CAAC,CAAC;AASjB,IAAM,iBAAiB,GAAvB,MAAM,iBAAkB,SAAQ,iBAAqB;IAE5D,AAAN,KAAK,CAAC,UAAU;QACd,MAAM,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC;QAClC,MAAM,SAAS,GAAG,IAAA,6BAAoB,EAAC,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QAC7D,MAAM,SAAS,GAAG,IAAA,2BAAkB,EAAC,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QAC3D,MAAM,OAAO,GAAG,IAAA,0BAAiB,EAAC,OAAO,EAAE,SAAS,CAAC,CAAC;QAEtD,MAAM,mBAAmB,GAAI,OAAO,CAAC,OAAO,EAAE,CAAC,eAAe,CAAwB,IAAI,SAAS,CAAC;QACpG,MAAM,mBAAmB,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC,gBAAgB,CAAuB,CAAC;QACtF,MAAM,kBAAkB,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC,gBAAgB,CAAuB,CAAC;QACrF,MAAM,cAAc,GAAG,OAAO,CAAC,KAAK,CAAC,WAAW,CAAuB,CAAC;QAExE,MAAM,eAAe,GAAG,kBAAkB,IAAI,cAAc,IAAI,SAAS,CAAC;QAC1E,oFAAoF;QACpF,6FAA6F;QAC7F,MAAM,eAAe,GAAG,mBAAmB;YACzC,CAAC,CAAC,MAAM;YACR,CAAC,CAAC,kBAAkB;gBACpB,CAAC,CAAC,iBAAiB;gBACnB,CAAC,CAAC,cAAc;oBAChB,CAAC,CAAC,KAAK;oBACP,CAAC,CAAC,SAAS,CAAC;QAEd,MAAM,KAAK,GAAG,IAAA,qCAAkB,EAAC,mBAAmB,CAAC,CAAC;QACtD,MAAM,SAAS,GAAI,OAAO,CAAC,OAAO,EAAE,CAAC,YAAY,CAAwB,IAAI,SAAS,CAAC;QAEvF,MAAM,eAAe,GAAG,wCAAwC,SAAS,GAAG,SAAS,EAAE,CAAC;QACxF,MAAM,iBAAiB,GAAG,6BAA6B,OAAO,GAAG,eAAe,GAAG,CAAC;QAEpF,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC;YACb,OAAO;YACP,mBAAmB;YACnB,KAAK;YACL,eAAe;YACf,eAAe;YACf,SAAS;YACT,eAAe;YACf,iBAAiB;SAClB,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;OAOG;IAEG,AAAN,KAAK,CAAC,gBAAgB;QACpB,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,OAAO,CAAC;QAE7C,uFAAuF;QACvF,IAAI,CAAC,WAAW,IAAI,CAAC,IAAA,qBAAY,EAAC,WAAW,CAAC,EAAE,CAAC;YAC/C,OAAO;QACT,CAAC;QAED,kEAAkE;QAClE,IAAI,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;YACrB,OAAO;QACT,CAAC;QAED,MAAM,eAAe,GAAG,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC;QACnD,MAAM,SAAS,GAAG,IAAA,4BAAY,GAAE,CAAC;QAEjC,2EAA2E;QAC3E,0EAA0E;QAC1E,+CAA+C;QAC/C,IAAI,eAAe,EAAE,CAAC;YACpB,oFAAoF;YACpF,MAAM,eAAe,GAAG,IAAA,uCAAoB,EAAC,eAAe,CAAC,CAAC;YAE9D,2DAA2D;YAC3D,MAAM,IAAI,GAAG,eAAe;gBAC1B,CAAC,CAAC,EAAE,GAAG,EAAE,QAAQ,eAAe,CAAC,GAAG,GAAG,IAAI,EAAE,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,WAAW,EAAE;gBACjF,CAAC,CAAC,EAAE,GAAG,EAAE,QAAQ,MAAM,CAAC,UAAU,EAAE,EAAE,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC;YAE7E,mEAAmE;YACnE,kFAAkF;YAClF,6EAA6E;YAC7E,MAAM,YAAY,GAAG,eAAe,IAAI,eAAe,CAAC,MAAM,KAAK,SAAS,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,SAAS,CAAC;YAE3G,IAAI,CAAC,OAAO,CAAC;gBACX,IAAI,EAAE,YAAY;gBAClB,aAAa,EAAE;oBACb,KAAK,EAAE,EAAE;oBACT,IAAI;oBACJ,OAAO,EAAE;wBACP,EAAE,EAAE,eAAe,EAAE,6CAA6C;wBAClE,OAAO,EAAE,YAAY;qBACtB;iBACF;aACF,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,8DAA8D;QAC9D,mFAAmF;QACnF,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,IAAI,GAAG,EAAE,GAAG,EAAE,QAAQ,MAAM,CAAC,UAAU,EAAE,EAAE,EAAE,GAAG,EAAE,QAAQ,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC;QACtF,MAAM,IAAI,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QAEjC,kEAAkE;QAClE,MAAM,uBAAuB,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,SAAS,EAAE,iBAAiB,CAAC;QACjF,MAAM,YAAY,GAAG,IAAA,kDAA2B,EAAC,IAAI,CAAC,KAAK,CAAC,SAAS,EAAE,uBAAuB,CAAC,CAAC;QAEhG,sEAAsE;QACtE,qEAAqE;QACrE,MAAM,OAAO,GAAG;YACd,IAAI;YACJ,MAAM,EAAE,SAAS;YACjB,OAAO,EAAE,QAAQ;YACjB,GAAG,EAAE,IAAI,CAAC,KAAK,CAAC,GAAG,GAAG,IAAI,CAAC;YAC3B,QAAQ,EAAE,IAAI;YACd,GAAG,CAAC,YAAY,KAAK,SAAS,IAAI,EAAE,YAAY,EAAE,CAAC;SACpD,CAAC;QAEF,MAAM,SAAS,GAAG,IAAA,8BAAW,EAAC,OAAO,CAAC,CAAC;QAEvC,IAAI,CAAC,OAAO,CAAC;YACX,IAAI,EAAE,YAAY;YAClB,aAAa,EAAE;gBACb,KAAK,EAAE,EAAE;gBACT,IAAI;gBACJ,OAAO,EAAE,EAAE,EAAE,EAAE,SAAS,EAAE,OAAO,EAAE;aACpC;SACF,CAAC,CAAC;IACL,CAAC;IAKK,AAAN,KAAK,CAAC,+BAA+B;QACnC,IAAI,CAAC,OAAO,CAAC;YACX,IAAI,EAAE,cAAc;YACpB,iBAAiB,EAAE,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,iBAAiB;SACzD,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;OAOG;IAEG,AAAN,KAAK,CAAC,WAAW;QACf,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,kBAAW,CAAC,CAAC,CAAC,sBAAsB;QAC1D,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,KAAK,CAAC;QAExC,IAAI,CAAC,IAAA,wBAAK,EAAC,KAAK,CAAC,EAAE,CAAC;YAClB,kEAAkE;YAClE,IAAI,CAAC,OAAO,CAAC;gBACX,IAAI,EAAE,cAAc;gBACpB,iBAAiB,EAAE,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,iBAAiB;aACzD,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,oFAAoF;QACpF,0EAA0E;QAC1E,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC;QAC7B,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,IAAI,CAAC,OAAO,CAAC;gBACX,IAAI,EAAE,cAAc;gBACpB,iBAAiB,EAAE,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,iBAAiB;aACzD,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,IAAI,MAA6B,CAAC;QAClC,MAAM,WAAW,GAAG,IAAI,CAAC,OAAO,CAAC;QAEjC,+EAA+E;QAC/E,IAAI,IAAA,0BAAiB,EAAC,WAAW,CAAC,EAAE,CAAC;YACnC,MAAM,OAAO,GAAG,WAAqC,CAAC;YACtD,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC;YAC3B,MAAM,YAAY,GAAwB;gBACxC;oBACE,EAAE,EAAE,OAAO,CAAC,MAAM,CAAC,EAAE,IAAI,SAAS;oBAClC,SAAS,EAAE,MAAM;oBACjB,IAAI,EAAE,OAAO,CAAC,MAAM,CAAC,IAAI;oBACzB,OAAO,EAAE,OAAO,CAAC,MAAM,CAAC,OAAO;iBAChC;aACF,CAAC;YACF,MAAM,GAAG,IAAI,CAAC,sBAAsB,CAAC,KAAK,EAAE,YAAY,CAAC,CAAC;QAC5D,CAAC;aAAM,CAAC;YACN,kEAAkE;YAClE,MAAM,GAAG,IAAI,CAAC,kBAAkB,CAAC,KAAK,EAAE,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QACvE,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC;QAE5B,IAAI,MAAM,CAAC,EAAE,EAAE,CAAC;YACd,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,UAAU,EAAE,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC;YAC/C,OAAO;QACT,CAAC;QACD,IAAI,CAAC,OAAO,CAAC;YACX,IAAI,EAAE,cAAc;YACpB,iBAAiB,EAAE,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,iBAAiB;SACzD,CAAC,CAAC;IACL,CAAC;IAGK,AAAN,KAAK,CAAC,UAAU;QACd,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,EAAE,IAAA,kCAAe,EAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,UAAU,IAAI,EAAE,CAAC,CAAC,CAAC;IAChF,CAAC;IAED;;;;;OAKG;IAEG,AAAN,KAAK,CAAC,kBAAkB;QACtB,MAAM,EACJ,eAAe,EACf,QAAQ,EAAE,EAAE,KAAK,EAAE,GACpB,GAAG,IAAI,CAAC,KAAK,CAAC;QAEf,MAAM,OAAO,GAAG,IAAA,qCAAkB,EAAC,eAAe,EAAE,KAAK,CAAC,CAAC;QAC3D,IAAI,OAAO,EAAE,CAAC;YACZ,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QACrC,CAAC;IACH,CAAC;IAGK,AAAN,KAAK,CAAC,qBAAqB;QACzB,MAAM,EACJ,QAAQ,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,EACzB,OAAO,GACR,GAAG,IAAI,CAAC,KAAK,CAAC;QAEf,IAAI,CAAC,OAAO,CAAC;YACX,IAAI,EAAE,YAAY;YAClB,aAAa,EAAE;gBACb,KAAK;gBACL,IAAI;gBACJ,OAAO;aACR;SACF,CAAC,CAAC;IACL,CAAC;CACF,CAAA;AArPO;IADL,KAAK,CAAC,YAAY,CAAC;;;;mDAuCnB;AAWK;IADL,KAAK,CAAC,kBAAkB,CAAC;;;;yDA+EzB;AAKK;IAHL,KAAK,CAAC,4BAA4B,EAAE;QACnC,MAAM,EAAE,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,CAAC,KAAK,CAAC,mBAAmB;KAClD,CAAC;;;;wEAMD;AAWK;IADL,KAAK,CAAC,aAAa,CAAC;;;;oDAwDpB;AAGK;IADL,KAAK,CAAC,YAAY,CAAC;;;;mDAGnB;AASK;IADL,KAAK,CAAC,oBAAoB,CAAC;;;;2DAW3B;AAGK;IADL,KAAK,CAAC,uBAAuB,CAAC;;;;8DAe9B;AAtPkB,iBAAiB;IAPrC,IAAA,aAAI,EAAC;QACJ,IAAI;QACJ,IAAI;QACJ,WAAW;QACX,YAAY,EAAE,iCAAyB;QACvC,MAAM,EAAE,YAAY;KACrB,CAAC;GACmB,iBAAiB,CAuPrC;kBAvPoB,iBAAiB","sourcesContent":["// auth/flows/session.verify.flow.ts\nimport {\n authorizationSchema,\n Flow,\n FlowBase,\n FlowRunOptions,\n StageHookOf,\n userClaimSchema,\n sessionIdSchema,\n httpRequestInputSchema,\n FlowPlan,\n AuthOptions,\n isTransparentMode,\n isPublicMode,\n TransparentAuthOptions,\n getRequestBaseUrl,\n normalizeEntryPrefix,\n normalizeScopeBase,\n} from '../../common';\nimport 'reflect-metadata';\nimport { z } from 'zod';\nimport { deriveTypedUser, extractBearerToken, isJwt } from '../session/utils/auth-token.utils';\nimport { JwksService, ProviderVerifyRef, VerifyResult } from '../jwks';\nimport { parseSessionHeader, encryptJson, decryptPublicSession } from '../session/utils/session-id.utils';\nimport { getMachineId } from '../authorization';\nimport { detectPlatformFromUserAgent } from '../../notification/notification.service';\n\nconst inputSchema = httpRequestInputSchema;\n\nconst stateSchema = z.object({\n baseUrl: z.string().min(1),\n authorizationHeader: z.string().optional(),\n token: z.string().optional(),\n sessionIdHeader: z.string().optional(), // 'mcp-session-id'\n sessionProtocol: z.string().optional(), // 'sse/http/streamable-http'\n userAgent: z.string().optional(), // User-Agent header for platform detection\n prmMetadataPath: z.string().optional(),\n prmMetadataHeader: z.string().optional(),\n jwtPayload: z.object({}).passthrough().optional(),\n user: userClaimSchema.optional(),\n session: sessionIdSchema.optional(),\n});\n\nconst UnauthorizedSchema = z\n .object({\n kind: z.literal('unauthorized'),\n prmMetadataHeader: z.string().describe('Path to protected resource metadata'),\n })\n .describe(\"401 Unauthorized with 'WWW-Authenticate' header for requesting authentication\");\n\nconst AuthorizedSchema = z\n .object({\n kind: z.literal('authorized'),\n authorization: authorizationSchema.describe('Session information if session id is present'),\n })\n .describe('Authorized session information');\n\nexport const sessionVerifyOutputSchema = z.union([UnauthorizedSchema, AuthorizedSchema]);\n\nconst plan = {\n pre: ['parseInput', 'handlePublicMode', 'requireAuthorizationHeader', 'verifyIfJwt'],\n execute: ['deriveUser', 'parseSessionHeader', 'buildAuthorizedOutput'],\n} as const satisfies FlowPlan<string>;\n\ndeclare global {\n interface ExtendFlows {\n 'session:verify': FlowRunOptions<\n SessionVerifyFlow,\n typeof plan,\n typeof inputSchema,\n typeof sessionVerifyOutputSchema,\n typeof stateSchema\n >;\n }\n}\n\nconst name = 'session:verify' as const;\nconst Stage = StageHookOf(name);\n\n@Flow({\n name,\n plan,\n inputSchema,\n outputSchema: sessionVerifyOutputSchema,\n access: 'authorized',\n})\nexport default class SessionVerifyFlow extends FlowBase<typeof name> {\n @Stage('parseInput')\n async parseInput() {\n const { request } = this.rawInput;\n const entryPath = normalizeEntryPrefix(this.scope.entryPath);\n const routeBase = normalizeScopeBase(this.scope.routeBase);\n const baseUrl = getRequestBaseUrl(request, entryPath);\n\n const authorizationHeader = (request.headers?.['authorization'] as string | undefined) ?? undefined;\n const httpTransportHeader = request.headers?.['http-transport'] as string | undefined;\n const sessionIdRawHeader = request.headers?.['mcp-session-id'] as string | undefined;\n const sessionIdQuery = request.query['sessionId'] as string | undefined;\n\n const sessionIdHeader = sessionIdRawHeader ?? sessionIdQuery ?? undefined;\n // Use sessionIdRawHeader (not sessionIdHeader) to distinguish header vs query param\n // sessionIdHeader is the merged value, but we need to know the source for protocol selection\n const sessionProtocol = httpTransportHeader\n ? 'http'\n : sessionIdRawHeader\n ? 'streamable-http'\n : sessionIdQuery\n ? 'sse'\n : undefined;\n\n const token = extractBearerToken(authorizationHeader);\n const userAgent = (request.headers?.['user-agent'] as string | undefined) ?? undefined;\n\n const prmMetadataPath = `/.well-known/oauth-protected-resource${entryPath}${routeBase}`;\n const prmMetadataHeader = `Bearer resource_metadata=\"${baseUrl}${prmMetadataPath}\"`;\n\n this.state.set({\n baseUrl,\n authorizationHeader,\n token,\n sessionIdHeader,\n sessionProtocol,\n userAgent,\n prmMetadataPath,\n prmMetadataHeader,\n });\n }\n\n /**\n * Handle public mode - allow anonymous access without requiring authorization\n * In public mode, we create an anonymous authorization with a stateful session\n * but NO token. This allows public docs/CI to work without Authorization header.\n *\n * CRITICAL: When client sends mcp-session-id header, we MUST use that exact ID\n * for transport registry lookup. Creating a new session ID would cause mismatch.\n */\n @Stage('handlePublicMode')\n async handlePublicMode() {\n const authOptions = this.scope.auth?.options;\n\n // Skip if not public mode or if authorization header is present (authenticated public)\n if (!authOptions || !isPublicMode(authOptions)) {\n return;\n }\n\n // If token is present, let the normal verification flow handle it\n if (this.state.token) {\n return;\n }\n\n const sessionIdHeader = this.state.sessionIdHeader;\n const machineId = getMachineId();\n\n // CRITICAL: If client sent session ID, ALWAYS use it for transport lookup.\n // The transport registry uses this ID as the key. Creating a different ID\n // would cause \"session not initialized\" error.\n if (sessionIdHeader) {\n // Try to decrypt/validate for payload extraction (optional - for nodeId validation)\n const existingPayload = decryptPublicSession(sessionIdHeader);\n\n // Determine user based on whether we could extract payload\n const user = existingPayload\n ? { sub: `anon:${existingPayload.iat * 1000}`, iss: 'public', name: 'Anonymous' }\n : { sub: `anon:${crypto.randomUUID()}`, iss: 'public', name: 'Anonymous' };\n\n // ALWAYS use client's session ID, regardless of validation result.\n // If payload is valid and nodeId matches, include payload for protocol detection.\n // If validation failed, transport layer will handle the error appropriately.\n const finalPayload = existingPayload && existingPayload.nodeId === machineId ? existingPayload : undefined;\n\n this.respond({\n kind: 'authorized',\n authorization: {\n token: '',\n user,\n session: {\n id: sessionIdHeader, // ← CRITICAL: Always use client's session ID\n payload: finalPayload,\n },\n },\n });\n return;\n }\n\n // No session header → create new session (initialize request)\n // For new sessions, don't pre-determine protocol. Let transport handler detect it.\n const now = Date.now();\n const user = { sub: `anon:${crypto.randomUUID()}`, iss: 'public', name: 'Anonymous' };\n const uuid = crypto.randomUUID();\n\n // Detect platform from User-Agent header for UI rendering support\n const platformDetectionConfig = this.scope.metadata.transport?.platformDetection;\n const platformType = detectPlatformFromUserAgent(this.state.userAgent, platformDetectionConfig);\n\n // Create a valid session payload matching the SessionIdPayload schema\n // Include platformType if detected (non-unknown) for Tool UI support\n const payload = {\n uuid,\n nodeId: machineId,\n authSig: 'public',\n iat: Math.floor(now / 1000),\n isPublic: true,\n ...(platformType !== 'unknown' && { platformType }),\n };\n\n const sessionId = encryptJson(payload);\n\n this.respond({\n kind: 'authorized',\n authorization: {\n token: '',\n user,\n session: { id: sessionId, payload },\n },\n });\n }\n\n @Stage('requireAuthorizationHeader', {\n filter: ({ state }) => !state.authorizationHeader,\n })\n async requireAuthorizationOrChallenge() {\n this.respond({\n kind: 'unauthorized',\n prmMetadataHeader: this.state.required.prmMetadataHeader,\n });\n }\n\n /**\n * If Authorization is a JWT:\n * - Attempt verification against any known / cached public keys we have (gateway/local)\n * - If verification fails → 401\n * - If verification ok → capture payload\n * If NOT a JWT:\n * - we do NOT attempt verification, just pass the raw token through\n */\n @Stage('verifyIfJwt')\n async verifyIfJwt() {\n const jwks = this.get(JwksService); // TODO: fix providers\n const token = this.state.required.token;\n\n if (!isJwt(token)) {\n // Non-JWT tokens are not supported - require JWT for verification\n this.respond({\n kind: 'unauthorized',\n prmMetadataHeader: this.state.required.prmMetadataHeader,\n });\n return;\n }\n\n // Best-effort verification using locally known keys (gateway/local provider cache).\n // Add defensive null check for this.scope.auth (consistent with line 130)\n const auth = this.scope.auth;\n if (!auth) {\n this.respond({\n kind: 'unauthorized',\n prmMetadataHeader: this.state.required.prmMetadataHeader,\n });\n return;\n }\n\n let verify: Promise<VerifyResult>;\n const authOptions = auth.options;\n\n // Transparent mode uses remote provider's keys, all other modes use local keys\n if (isTransparentMode(authOptions)) {\n const primary = authOptions as TransparentAuthOptions;\n const issuer = auth.issuer;\n const providerRefs: ProviderVerifyRef[] = [\n {\n id: primary.remote.id ?? 'default',\n issuerUrl: issuer,\n jwks: primary.remote.jwks,\n jwksUri: primary.remote.jwksUri,\n },\n ];\n verify = jwks.verifyTransparentToken(token, providerRefs);\n } else {\n // Public or orchestrated mode - verify against local gateway keys\n verify = jwks.verifyGatewayToken(token, this.state.required.baseUrl);\n }\n\n const result = await verify;\n\n if (result.ok) {\n this.state.set({ jwtPayload: result.payload });\n return;\n }\n this.respond({\n kind: 'unauthorized',\n prmMetadataHeader: this.state.required.prmMetadataHeader,\n });\n }\n\n @Stage('deriveUser')\n async deriveUser() {\n this.state.set('user', deriveTypedUser(this.state.required.jwtPayload ?? {}));\n }\n\n /**\n * Parse the session header (mcp-session-id)\n * - If session id is present, validate it\n * - If valid, capture the session info\n * - If NOT valid, ignore (no session)\n */\n @Stage('parseSessionHeader')\n async parseSessionHeader() {\n const {\n sessionIdHeader,\n required: { token },\n } = this.state;\n\n const session = parseSessionHeader(sessionIdHeader, token);\n if (session) {\n this.state.set('session', session);\n }\n }\n\n @Stage('buildAuthorizedOutput')\n async buildAuthorizedOutput() {\n const {\n required: { token, user },\n session,\n } = this.state;\n\n this.respond({\n kind: 'authorized',\n authorization: {\n token,\n user,\n session,\n },\n });\n }\n}\n"]}
package/src/auth/flows/well-known.jwks.flow.js DELETED
@@ -1,89 +0,0 @@
1
- "use strict";
2
- Object.defineProperty(exports, "__esModule", { value: true });
3
- const tslib_1 = require("tslib");
4
- // auth/flows/well-known.jwks.flow.ts
5
- const common_1 = require("../../common");
6
- require("reflect-metadata");
7
- const zod_1 = require("zod");
8
- const jwks_1 = require("../jwks");
9
- const inputSchema = common_1.httpInputSchema;
10
- const stateSchema = zod_1.z.object({
11
- isOrchestrated: zod_1.z.boolean(),
12
- });
13
- const outputSchema = zod_1.z.union([common_1.HttpJsonSchema, common_1.HttpTextSchema, common_1.HttpRedirectSchema]);
14
- const plan = {
15
- pre: ['parseInput', 'validateInput'],
16
- execute: ['collectData'],
17
- };
18
- const name = 'well-known.jwks';
19
- const Stage = (0, common_1.StageHookOf)(name);
20
- let WellKnownJwksFlow = class WellKnownJwksFlow extends common_1.FlowBase {
21
- static canActivate(request, scope) {
22
- return (0, common_1.makeWellKnownPaths)('jwks.json', scope.entryPath, scope.routeBase).has(request.path);
23
- }
24
- async parseInput() {
25
- this.state.set({
26
- isOrchestrated: false, // scope.orchestrated, TODO: fix
27
- });
28
- }
29
- async collectData() {
30
- const { isOrchestrated } = this.state.required;
31
- const jwksSvc = this.get(jwks_1.JwksService);
32
- // Orchestrated gateway → serve own JWKS
33
- if (isOrchestrated) {
34
- const keysDoc = await jwksSvc.getPublicJwks();
35
- if (!keysDoc?.keys || !Array.isArray(keysDoc.keys)) {
36
- throw new Error('orchestrator jwks not available');
37
- }
38
- this.respond(common_1.httpRespond.json(keysDoc));
39
- return;
40
- }
41
- const options = this.scope.auth.options;
42
- if (options && (0, common_1.isTransparentMode)(options)) {
43
- // Transparent mode - use remote provider's JWKS
44
- if (options.remote.jwks && options.remote.jwks.keys.length) {
45
- this.respond(common_1.httpRespond.json(options.remote.jwks));
46
- }
47
- else {
48
- const location = options.remote.jwksUri ?? `${options.remote.provider}/.well-known/jwks.json`;
49
- this.respond(common_1.httpRespond.redirect(location));
50
- }
51
- }
52
- else {
53
- // Public or orchestrated mode - serve local JWKS
54
- const keysDoc = await jwksSvc.getPublicJwks();
55
- if (keysDoc?.keys && Array.isArray(keysDoc.keys)) {
56
- this.respond(common_1.httpRespond.json(keysDoc));
57
- }
58
- else {
59
- this.respond(common_1.httpRespond.notFound());
60
- }
61
- }
62
- }
63
- };
64
- tslib_1.__decorate([
65
- Stage('parseInput'),
66
- tslib_1.__metadata("design:type", Function),
67
- tslib_1.__metadata("design:paramtypes", []),
68
- tslib_1.__metadata("design:returntype", Promise)
69
- ], WellKnownJwksFlow.prototype, "parseInput", null);
70
- tslib_1.__decorate([
71
- Stage('collectData'),
72
- tslib_1.__metadata("design:type", Function),
73
- tslib_1.__metadata("design:paramtypes", []),
74
- tslib_1.__metadata("design:returntype", Promise)
75
- ], WellKnownJwksFlow.prototype, "collectData", null);
76
- WellKnownJwksFlow = tslib_1.__decorate([
77
- (0, common_1.Flow)({
78
- name,
79
- plan,
80
- inputSchema,
81
- outputSchema,
82
- access: 'public',
83
- middleware: {
84
- method: 'GET',
85
- },
86
- })
87
- ], WellKnownJwksFlow);
88
- exports.default = WellKnownJwksFlow;
89
- //# sourceMappingURL=well-known.jwks.flow.js.map
package/src/auth/flows/well-known.jwks.flow.js.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"file":"well-known.jwks.flow.js","sourceRoot":"","sources":["../../../../src/auth/flows/well-known.jwks.flow.ts"],"names":[],"mappings":";;;AAAA,qCAAqC;AACrC,yCAesB;AACtB,4BAA0B;AAC1B,6BAAwB;AACxB,kCAAsC;AAEtC,MAAM,WAAW,GAAG,wBAAe,CAAC;AAEpC,MAAM,WAAW,GAAG,OAAC,CAAC,MAAM,CAAC;IAC3B,cAAc,EAAE,OAAC,CAAC,OAAO,EAAE;CAC5B,CAAC,CAAC;AAEH,MAAM,YAAY,GAAG,OAAC,CAAC,KAAK,CAAC,CAAC,uBAAc,EAAE,uBAAc,EAAE,2BAAkB,CAAC,CAAC,CAAC;AAEnF,MAAM,IAAI,GAAG;IACX,GAAG,EAAE,CAAC,YAAY,EAAE,eAAe,CAAC;IACpC,OAAO,EAAE,CAAC,aAAa,CAAC;CACW,CAAC;AActC,MAAM,IAAI,GAAG,iBAA0B,CAAC;AACxC,MAAM,KAAK,GAAG,IAAA,oBAAW,EAAC,IAAI,CAAC,CAAC;AAYjB,IAAM,iBAAiB,GAAvB,MAAM,iBAAkB,SAAQ,iBAAqB;IAClE,MAAM,CAAC,WAAW,CAAC,OAAsB,EAAE,KAAiB;QAC1D,OAAO,IAAA,2BAAkB,EAAC,WAAW,EAAE,KAAK,CAAC,SAAS,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAC7F,CAAC;IAGK,AAAN,KAAK,CAAC,UAAU;QACd,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC;YACb,cAAc,EAAE,KAAK,EAAE,gCAAgC;SACxD,CAAC,CAAC;IACL,CAAC;IAGK,AAAN,KAAK,CAAC,WAAW;QACf,MAAM,EAAE,cAAc,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC;QAC/C,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,CAAC,kBAAW,CAAC,CAAC;QAEtC,wCAAwC;QACxC,IAAI,cAAc,EAAE,CAAC;YACnB,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,aAAa,EAAE,CAAC;YAC9C,IAAI,CAAC,OAAO,EAAE,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;gBACnD,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;YACrD,CAAC;YACD,IAAI,CAAC,OAAO,CAAC,oBAAW,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;YACxC,OAAO;QACT,CAAC;QAED,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC;QACxC,IAAI,OAAO,IAAI,IAAA,0BAAiB,EAAC,OAAO,CAAC,EAAE,CAAC;YAC1C,gDAAgD;YAChD,IAAI,OAAO,CAAC,MAAM,CAAC,IAAI,IAAI,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;gBAC3D,IAAI,CAAC,OAAO,CAAC,oBAAW,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC;YACtD,CAAC;iBAAM,CAAC;gBACN,MAAM,QAAQ,GAAG,OAAO,CAAC,MAAM,CAAC,OAAO,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,QAAQ,wBAAwB,CAAC;gBAC9F,IAAI,CAAC,OAAO,CAAC,oBAAW,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;YAC/C,CAAC;QACH,CAAC;aAAM,CAAC;YACN,iDAAiD;YACjD,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,aAAa,EAAE,CAAC;YAC9C,IAAI,OAAO,EAAE,IAAI,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;gBACjD,IAAI,CAAC,OAAO,CAAC,oBAAW,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC;YAC1C,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,OAAO,CAAC,oBAAW,CAAC,QAAQ,EAAE,CAAC,CAAC;YACvC,CAAC;QACH,CAAC;IACH,CAAC;CACF,CAAA;AAxCO;IADL,KAAK,CAAC,YAAY,CAAC;;;;mDAKnB;AAGK;IADL,KAAK,CAAC,aAAa,CAAC;;;;oDAiCpB;AA7CkB,iBAAiB;IAVrC,IAAA,aAAI,EAAC;QACJ,IAAI;QACJ,IAAI;QACJ,WAAW;QACX,YAAY;QACZ,MAAM,EAAE,QAAQ;QAChB,UAAU,EAAE;YACV,MAAM,EAAE,KAAK;SACd;KACF,CAAC;GACmB,iBAAiB,CA8CrC;kBA9CoB,iBAAiB","sourcesContent":["// auth/flows/well-known.jwks.flow.ts\nimport {\n Flow,\n FlowBase,\n FlowPlan,\n FlowRunOptions,\n httpInputSchema,\n HttpJsonSchema,\n HttpRedirectSchema,\n httpRespond,\n HttpTextSchema,\n ScopeEntry,\n ServerRequest,\n StageHookOf,\n isTransparentMode,\n makeWellKnownPaths,\n} from '../../common';\nimport 'reflect-metadata';\nimport { z } from 'zod';\nimport { JwksService } from '../jwks';\n\nconst inputSchema = httpInputSchema;\n\nconst stateSchema = z.object({\n isOrchestrated: z.boolean(),\n});\n\nconst outputSchema = z.union([HttpJsonSchema, HttpTextSchema, HttpRedirectSchema]);\n\nconst plan = {\n pre: ['parseInput', 'validateInput'],\n execute: ['collectData'],\n} as const satisfies FlowPlan<string>;\n\ndeclare global {\n interface ExtendFlows {\n 'well-known.jwks': FlowRunOptions<\n WellKnownJwksFlow,\n typeof plan,\n typeof inputSchema,\n typeof outputSchema,\n typeof stateSchema\n >;\n }\n}\n\nconst name = 'well-known.jwks' as const;\nconst Stage = StageHookOf(name);\n\n@Flow({\n name,\n plan,\n inputSchema,\n outputSchema,\n access: 'public',\n middleware: {\n method: 'GET',\n },\n})\nexport default class WellKnownJwksFlow extends FlowBase<typeof name> {\n static canActivate(request: ServerRequest, scope: ScopeEntry) {\n return makeWellKnownPaths('jwks.json', scope.entryPath, scope.routeBase).has(request.path);\n }\n\n @Stage('parseInput')\n async parseInput() {\n this.state.set({\n isOrchestrated: false, // scope.orchestrated, TODO: fix\n });\n }\n\n @Stage('collectData')\n async collectData() {\n const { isOrchestrated } = this.state.required;\n const jwksSvc = this.get(JwksService);\n\n // Orchestrated gateway → serve own JWKS\n if (isOrchestrated) {\n const keysDoc = await jwksSvc.getPublicJwks();\n if (!keysDoc?.keys || !Array.isArray(keysDoc.keys)) {\n throw new Error('orchestrator jwks not available');\n }\n this.respond(httpRespond.json(keysDoc));\n return;\n }\n\n const options = this.scope.auth.options;\n if (options && isTransparentMode(options)) {\n // Transparent mode - use remote provider's JWKS\n if (options.remote.jwks && options.remote.jwks.keys.length) {\n this.respond(httpRespond.json(options.remote.jwks));\n } else {\n const location = options.remote.jwksUri ?? `${options.remote.provider}/.well-known/jwks.json`;\n this.respond(httpRespond.redirect(location));\n }\n } else {\n // Public or orchestrated mode - serve local JWKS\n const keysDoc = await jwksSvc.getPublicJwks();\n if (keysDoc?.keys && Array.isArray(keysDoc.keys)) {\n this.respond(httpRespond.json(keysDoc));\n } else {\n this.respond(httpRespond.notFound());\n }\n }\n }\n}\n"]}
package/src/auth/flows/well-known.oauth-authorization-server.flow.js DELETED
@@ -1,122 +0,0 @@
1
- "use strict";
2
- Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.wellKnownAsStateSchema = exports.outputSchema = void 0;
4
- const tslib_1 = require("tslib");
5
- // auth/flows/well-known.oauth-authorization-server.flow.ts
6
- require("reflect-metadata");
7
- const zod_1 = require("zod");
8
- const common_1 = require("../../common");
9
- const inputSchema = common_1.httpInputSchema;
10
- // ===== Result =====
11
- const AuthServerMetadataSchema = zod_1.z.object({
12
- kind: zod_1.z.literal('json'),
13
- status: zod_1.z.literal(200),
14
- contentType: zod_1.z.literal('application/json; charset=utf-8'),
15
- body: zod_1.z
16
- .object({
17
- issuer: zod_1.z.string().min(1),
18
- authorization_endpoint: zod_1.z.string().min(1),
19
- token_endpoint: zod_1.z.string().min(1),
20
- userinfo_endpoint: zod_1.z.string().min(1).optional(),
21
- jwks_uri: zod_1.z.string().min(1),
22
- registration_endpoint: zod_1.z.string().min(1).optional(),
23
- token_endpoint_auth_methods_supported: zod_1.z
24
- .array(zod_1.z.enum(['client_secret_basic', 'client_secret_post', 'private_key_jwt']))
25
- .optional(),
26
- response_types_supported: zod_1.z.array(zod_1.z.enum(['code'])).default(['code']),
27
- grant_types_supported: zod_1.z
28
- .array(zod_1.z.enum(['authorization_code', 'refresh_token']))
29
- .default(['authorization_code', 'refresh_token']),
30
- scopes_supported: zod_1.z.array(zod_1.z.string()).default(['openid', 'profile', 'email']),
31
- code_challenge_methods_supported: zod_1.z.array(zod_1.z.enum(['S256'])).default(['S256']),
32
- })
33
- .passthrough(),
34
- });
35
- exports.outputSchema = zod_1.z.union([AuthServerMetadataSchema, common_1.HttpRedirectSchema, common_1.HttpTextSchema]);
36
- exports.wellKnownAsStateSchema = zod_1.z.object({
37
- baseUrl: zod_1.z.string().min(1), // baseUrl + entryPrefix (unsuffixed)
38
- scopesSupported: zod_1.z.array(zod_1.z.string()).default(['openid', 'profile', 'email']),
39
- tokenEndpointAuthMethods: zod_1.z
40
- .array(zod_1.z.enum(['client_secret_basic', 'client_secret_post', 'private_key_jwt']))
41
- .default(['client_secret_basic', 'client_secret_post']),
42
- dcrEnabled: zod_1.z.boolean().default(true),
43
- isOrchestrated: zod_1.z.boolean(),
44
- });
45
- const wellKnownAsPlan = {
46
- pre: ['parseInput'],
47
- execute: ['collectData'],
48
- };
49
- const name = 'well-known.oauth-authorization-server';
50
- const Stage = (0, common_1.StageHookOf)(name);
51
- let WellKnownAsFlow = class WellKnownAsFlow extends common_1.FlowBase {
52
- static canActivate(request, scope) {
53
- return (0, common_1.makeWellKnownPaths)('oauth-authorization-server', scope.entryPath, scope.routeBase).has(request.path);
54
- }
55
- async parseInput() {
56
- const { request } = this.rawInput;
57
- if (!request)
58
- throw new Error('Request is undefined');
59
- const baseUrl = (0, common_1.getRequestBaseUrl)(request, this.scope.entryPath);
60
- this.state.set(exports.wellKnownAsStateSchema.parse({
61
- baseUrl,
62
- scopesSupported: [],
63
- tokenEndpointAuthMethods: [],
64
- dcrEnabled: false, //scope.oauth.dcrEnabled,
65
- isOrchestrated: !this.scope.metadata.auth, // scope.orchestrated,
66
- }));
67
- }
68
- async collectData() {
69
- const { baseUrl, scopesSupported, tokenEndpointAuthMethods, dcrEnabled, isOrchestrated } = this.state.required;
70
- // Orchestrated => gateway is the AS
71
- if (isOrchestrated) {
72
- const baseIssuer = `${baseUrl}`;
73
- this.respond({
74
- kind: 'json',
75
- contentType: 'application/json; charset=utf-8',
76
- status: 200,
77
- body: {
78
- issuer: baseIssuer,
79
- authorization_endpoint: `${baseIssuer}/oauth/authorize`,
80
- token_endpoint: `${baseIssuer}/oauth/token`,
81
- userinfo_endpoint: `${baseIssuer}/oauth/userinfo`,
82
- jwks_uri: `${baseIssuer}/.well-known/jwks.json`,
83
- registration_endpoint: `${baseIssuer}/oauth/register`,
84
- token_endpoint_auth_methods_supported: tokenEndpointAuthMethods,
85
- response_types_supported: ['code'],
86
- grant_types_supported: ['authorization_code', 'refresh_token'],
87
- scopes_supported: scopesSupported,
88
- code_challenge_methods_supported: ['S256'],
89
- },
90
- });
91
- return;
92
- }
93
- const primary = this.scope.auth;
94
- this.respond(common_1.httpRespond.redirect(`${primary.issuer}/.well-known/oauth-authorization-server`));
95
- }
96
- };
97
- tslib_1.__decorate([
98
- Stage('parseInput'),
99
- tslib_1.__metadata("design:type", Function),
100
- tslib_1.__metadata("design:paramtypes", []),
101
- tslib_1.__metadata("design:returntype", Promise)
102
- ], WellKnownAsFlow.prototype, "parseInput", null);
103
- tslib_1.__decorate([
104
- Stage('collectData'),
105
- tslib_1.__metadata("design:type", Function),
106
- tslib_1.__metadata("design:paramtypes", []),
107
- tslib_1.__metadata("design:returntype", Promise)
108
- ], WellKnownAsFlow.prototype, "collectData", null);
109
- WellKnownAsFlow = tslib_1.__decorate([
110
- (0, common_1.Flow)({
111
- name,
112
- plan: wellKnownAsPlan,
113
- inputSchema,
114
- outputSchema: exports.outputSchema,
115
- access: 'public',
116
- middleware: {
117
- method: 'GET',
118
- },
119
- })
120
- ], WellKnownAsFlow);
121
- exports.default = WellKnownAsFlow;
122
- //# sourceMappingURL=well-known.oauth-authorization-server.flow.js.map
package/src/auth/flows/well-known.oauth-authorization-server.flow.js.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"file":"well-known.oauth-authorization-server.flow.js","sourceRoot":"","sources":["../../../../src/auth/flows/well-known.oauth-authorization-server.flow.ts"],"names":[],"mappings":";;;;AAAA,2DAA2D;AAC3D,4BAA0B;AAC1B,6BAAwB;AACxB,yCAcsB;AAEtB,MAAM,WAAW,GAAG,wBAAe,CAAC;AAEpC,qBAAqB;AACrB,MAAM,wBAAwB,GAAG,OAAC,CAAC,MAAM,CAAC;IACxC,IAAI,EAAE,OAAC,CAAC,OAAO,CAAC,MAAM,CAAC;IACvB,MAAM,EAAE,OAAC,CAAC,OAAO,CAAC,GAAG,CAAC;IACtB,WAAW,EAAE,OAAC,CAAC,OAAO,CAAC,iCAAiC,CAAC;IACzD,IAAI,EAAE,OAAC;SACJ,MAAM,CAAC;QACN,MAAM,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;QACzB,sBAAsB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;QACzC,cAAc,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;QACjC,iBAAiB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;QAC/C,QAAQ,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;QAC3B,qBAAqB,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE;QACnD,qCAAqC,EAAE,OAAC;aACrC,KAAK,CAAC,OAAC,CAAC,IAAI,CAAC,CAAC,qBAAqB,EAAE,oBAAoB,EAAE,iBAAiB,CAAC,CAAC,CAAC;aAC/E,QAAQ,EAAE;QACb,wBAAwB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,CAAC;QACrE,qBAAqB,EAAE,OAAC;aACrB,KAAK,CAAC,OAAC,CAAC,IAAI,CAAC,CAAC,oBAAoB,EAAE,eAAe,CAAC,CAAC,CAAC;aACtD,OAAO,CAAC,CAAC,oBAAoB,EAAE,eAAe,CAAC,CAAC;QACnD,gBAAgB,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;QAC7E,gCAAgC,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,CAAC;KAC9E,CAAC;SACD,WAAW,EAAE;CACjB,CAAC,CAAC;AAEU,QAAA,YAAY,GAAG,OAAC,CAAC,KAAK,CAAC,CAAC,wBAAwB,EAAE,2BAAkB,EAAE,uBAAc,CAAC,CAAC,CAAC;AAEvF,QAAA,sBAAsB,GAAG,OAAC,CAAC,MAAM,CAAC;IAC7C,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,qCAAqC;IACjE,eAAe,EAAE,OAAC,CAAC,KAAK,CAAC,OAAC,CAAC,MAAM,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,SAAS,EAAE,OAAO,CAAC,CAAC;IAC5E,wBAAwB,EAAE,OAAC;SACxB,KAAK,CAAC,OAAC,CAAC,IAAI,CAAC,CAAC,qBAAqB,EAAE,oBAAoB,EAAE,iBAAiB,CAAC,CAAC,CAAC;SAC/E,OAAO,CAAC,CAAC,qBAAqB,EAAE,oBAAoB,CAAC,CAAC;IACzD,UAAU,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IACrC,cAAc,EAAE,OAAC,CAAC,OAAO,EAAE;CAC5B,CAAC,CAAC;AAEH,MAAM,eAAe,GAAG;IACtB,GAAG,EAAE,CAAC,YAAY,CAAC;IACnB,OAAO,EAAE,CAAC,aAAa,CAAC;CACW,CAAC;AAiBtC,MAAM,IAAI,GAAG,uCAAgD,CAAC;AAC9D,MAAM,KAAK,GAAG,IAAA,oBAAW,EAAC,IAAI,CAAC,CAAC;AAYjB,IAAM,eAAe,GAArB,MAAM,eAAgB,SAAQ,iBAAqB;IAChE,MAAM,CAAC,WAAW,CAAC,OAAsB,EAAE,KAAiB;QAC1D,OAAO,IAAA,2BAAkB,EAAC,4BAA4B,EAAE,KAAK,CAAC,SAAS,EAAE,KAAK,CAAC,SAAS,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAC9G,CAAC;IAGK,AAAN,KAAK,CAAC,UAAU;QACd,MAAM,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC;QAClC,IAAI,CAAC,OAAO;YAAE,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;QAEtD,MAAM,OAAO,GAAG,IAAA,0BAAiB,EAAC,OAAO,EAAE,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QACjE,IAAI,CAAC,KAAK,CAAC,GAAG,CACZ,8BAAsB,CAAC,KAAK,CAAC;YAC3B,OAAO;YACP,eAAe,EAAE,EAAE;YACnB,wBAAwB,EAAE,EAAE;YAC5B,UAAU,EAAE,KAAK,EAAE,yBAAyB;YAC5C,cAAc,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,EAAE,sBAAsB;SAClE,CAAC,CACH,CAAC;IACJ,CAAC;IAGK,AAAN,KAAK,CAAC,WAAW;QACf,MAAM,EAAE,OAAO,EAAE,eAAe,EAAE,wBAAwB,EAAE,UAAU,EAAE,cAAc,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC;QAC/G,oCAAoC;QACpC,IAAI,cAAc,EAAE,CAAC;YACnB,MAAM,UAAU,GAAG,GAAG,OAAO,EAAE,CAAC;YAChC,IAAI,CAAC,OAAO,CAAC;gBACX,IAAI,EAAE,MAAM;gBACZ,WAAW,EAAE,iCAAiC;gBAC9C,MAAM,EAAE,GAAG;gBACX,IAAI,EAAE;oBACJ,MAAM,EAAE,UAAU;oBAClB,sBAAsB,EAAE,GAAG,UAAU,kBAAkB;oBACvD,cAAc,EAAE,GAAG,UAAU,cAAc;oBAC3C,iBAAiB,EAAE,GAAG,UAAU,iBAAiB;oBACjD,QAAQ,EAAE,GAAG,UAAU,wBAAwB;oBAC/C,qBAAqB,EAAE,GAAG,UAAU,iBAAiB;oBACrD,qCAAqC,EAAE,wBAAwB;oBAC/D,wBAAwB,EAAE,CAAC,MAAM,CAAC;oBAClC,qBAAqB,EAAE,CAAC,oBAAoB,EAAE,eAAe,CAAC;oBAC9D,gBAAgB,EAAE,eAAe;oBACjC,gCAAgC,EAAE,CAAC,MAAM,CAAC;iBAC3C;aACF,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QACD,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC;QAChC,IAAI,CAAC,OAAO,CAAC,oBAAW,CAAC,QAAQ,CAAC,GAAG,OAAO,CAAC,MAAM,yCAAyC,CAAC,CAAC,CAAC;IACjG,CAAC;CACF,CAAA;AA7CO;IADL,KAAK,CAAC,YAAY,CAAC;;;;iDAenB;AAGK;IADL,KAAK,CAAC,aAAa,CAAC;;;;kDA4BpB;AAlDkB,eAAe;IAVnC,IAAA,aAAI,EAAC;QACJ,IAAI;QACJ,IAAI,EAAE,eAAe;QACrB,WAAW;QACX,YAAY,EAAZ,oBAAY;QACZ,MAAM,EAAE,QAAQ;QAChB,UAAU,EAAE;YACV,MAAM,EAAE,KAAK;SACd;KACF,CAAC;GACmB,eAAe,CAmDnC;kBAnDoB,eAAe","sourcesContent":["// auth/flows/well-known.oauth-authorization-server.flow.ts\nimport 'reflect-metadata';\nimport { z } from 'zod';\nimport {\n HttpRedirectSchema,\n httpRespond,\n HttpTextSchema,\n Flow,\n FlowBase,\n FlowRunOptions,\n ScopeEntry,\n ServerRequest,\n StageHookOf,\n httpInputSchema,\n FlowPlan,\n getRequestBaseUrl,\n makeWellKnownPaths,\n} from '../../common';\n\nconst inputSchema = httpInputSchema;\n\n// ===== Result =====\nconst AuthServerMetadataSchema = z.object({\n kind: z.literal('json'),\n status: z.literal(200),\n contentType: z.literal('application/json; charset=utf-8'),\n body: z\n .object({\n issuer: z.string().min(1),\n authorization_endpoint: z.string().min(1),\n token_endpoint: z.string().min(1),\n userinfo_endpoint: z.string().min(1).optional(),\n jwks_uri: z.string().min(1),\n registration_endpoint: z.string().min(1).optional(),\n token_endpoint_auth_methods_supported: z\n .array(z.enum(['client_secret_basic', 'client_secret_post', 'private_key_jwt']))\n .optional(),\n response_types_supported: z.array(z.enum(['code'])).default(['code']),\n grant_types_supported: z\n .array(z.enum(['authorization_code', 'refresh_token']))\n .default(['authorization_code', 'refresh_token']),\n scopes_supported: z.array(z.string()).default(['openid', 'profile', 'email']),\n code_challenge_methods_supported: z.array(z.enum(['S256'])).default(['S256']),\n })\n .passthrough(),\n});\n\nexport const outputSchema = z.union([AuthServerMetadataSchema, HttpRedirectSchema, HttpTextSchema]);\n\nexport const wellKnownAsStateSchema = z.object({\n baseUrl: z.string().min(1), // baseUrl + entryPrefix (unsuffixed)\n scopesSupported: z.array(z.string()).default(['openid', 'profile', 'email']),\n tokenEndpointAuthMethods: z\n .array(z.enum(['client_secret_basic', 'client_secret_post', 'private_key_jwt']))\n .default(['client_secret_basic', 'client_secret_post']),\n dcrEnabled: z.boolean().default(true),\n isOrchestrated: z.boolean(),\n});\n\nconst wellKnownAsPlan = {\n pre: ['parseInput'],\n execute: ['collectData'],\n} as const satisfies FlowPlan<string>;\n\ntype WellKnownAsPlan = typeof wellKnownAsPlan;\ntype WellKnownAsFlowOptions = FlowRunOptions<\n WellKnownAsFlow,\n WellKnownAsPlan,\n typeof inputSchema,\n typeof outputSchema,\n typeof wellKnownAsStateSchema\n>;\n\ndeclare global {\n interface ExtendFlows {\n 'well-known.oauth-authorization-server': WellKnownAsFlowOptions;\n }\n}\n\nconst name = 'well-known.oauth-authorization-server' as const;\nconst Stage = StageHookOf(name);\n\n@Flow({\n name,\n plan: wellKnownAsPlan,\n inputSchema,\n outputSchema,\n access: 'public',\n middleware: {\n method: 'GET',\n },\n})\nexport default class WellKnownAsFlow extends FlowBase<typeof name> {\n static canActivate(request: ServerRequest, scope: ScopeEntry) {\n return makeWellKnownPaths('oauth-authorization-server', scope.entryPath, scope.routeBase).has(request.path);\n }\n\n @Stage('parseInput')\n async parseInput() {\n const { request } = this.rawInput;\n if (!request) throw new Error('Request is undefined');\n\n const baseUrl = getRequestBaseUrl(request, this.scope.entryPath);\n this.state.set(\n wellKnownAsStateSchema.parse({\n baseUrl,\n scopesSupported: [],\n tokenEndpointAuthMethods: [],\n dcrEnabled: false, //scope.oauth.dcrEnabled,\n isOrchestrated: !this.scope.metadata.auth, // scope.orchestrated,\n }),\n );\n }\n\n @Stage('collectData')\n async collectData() {\n const { baseUrl, scopesSupported, tokenEndpointAuthMethods, dcrEnabled, isOrchestrated } = this.state.required;\n // Orchestrated => gateway is the AS\n if (isOrchestrated) {\n const baseIssuer = `${baseUrl}`;\n this.respond({\n kind: 'json',\n contentType: 'application/json; charset=utf-8',\n status: 200,\n body: {\n issuer: baseIssuer,\n authorization_endpoint: `${baseIssuer}/oauth/authorize`,\n token_endpoint: `${baseIssuer}/oauth/token`,\n userinfo_endpoint: `${baseIssuer}/oauth/userinfo`,\n jwks_uri: `${baseIssuer}/.well-known/jwks.json`,\n registration_endpoint: `${baseIssuer}/oauth/register`,\n token_endpoint_auth_methods_supported: tokenEndpointAuthMethods,\n response_types_supported: ['code'],\n grant_types_supported: ['authorization_code', 'refresh_token'],\n scopes_supported: scopesSupported,\n code_challenge_methods_supported: ['S256'],\n },\n });\n return;\n }\n const primary = this.scope.auth;\n this.respond(httpRespond.redirect(`${primary.issuer}/.well-known/oauth-authorization-server`));\n }\n}\n"]}