@frontmcp/sdk 0.6.1 → 0.6.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/{src/auth → auth}/instances/instance.local-primary-auth.d.ts +1 -1
- package/{src/auth → auth}/instances/instance.remote-primary-auth.d.ts +1 -1
- package/{src/common → common}/interfaces/internal/primary-auth-provider.interface.d.ts +1 -4
- package/{src/common → common}/metadata/front-mcp.metadata.d.ts +1074 -44
- package/common/types/options/auth/app-auth.schema.d.ts +275 -0
- package/common/types/options/auth/auth.interfaces.d.ts +461 -0
- package/common/types/options/auth/auth.schema.d.ts +284 -0
- package/common/types/options/auth/auth.utils.d.ts +32 -0
- package/common/types/options/auth/index.d.ts +16 -0
- package/common/types/options/auth/orchestrated.schema.d.ts +381 -0
- package/common/types/options/auth/public.schema.d.ts +42 -0
- package/common/types/options/auth/shared.schemas.d.ts +120 -0
- package/common/types/options/auth/transparent.schema.d.ts +56 -0
- package/common/types/options/auth/transport.deprecated.d.ts +63 -0
- package/{src/common → common}/types/options/index.d.ts +1 -1
- package/{src/common → common}/types/options/transport.options.d.ts +6 -1
- package/{src/common → common}/utils/decide-request-intent.utils.d.ts +6 -7
- package/esm/index.mjs +22664 -0
- package/esm/mcp-apps/index.mjs +723 -0
- package/esm/package.json +81 -0
- package/index.js +22957 -0
- package/logger/logger.tokens.d.ts +1 -0
- package/mcp-apps/index.js +799 -0
- package/package.json +26 -13
- package/README.md +0 -461
- package/src/adapter/adapter.instance.js +0 -70
- package/src/adapter/adapter.instance.js.map +0 -1
- package/src/adapter/adapter.regsitry.js +0 -54
- package/src/adapter/adapter.regsitry.js.map +0 -1
- package/src/adapter/adapter.utils.js +0 -83
- package/src/adapter/adapter.utils.js.map +0 -1
- package/src/app/app.registry.js +0 -66
- package/src/app/app.registry.js.map +0 -1
- package/src/app/app.utils.js +0 -58
- package/src/app/app.utils.js.map +0 -1
- package/src/app/instances/app.local.instance.js +0 -67
- package/src/app/instances/app.local.instance.js.map +0 -1
- package/src/app/instances/app.remote.instance.js +0 -36
- package/src/app/instances/app.remote.instance.js.map +0 -1
- package/src/app/instances/index.js +0 -6
- package/src/app/instances/index.js.map +0 -1
- package/src/auth/auth.registry.js +0 -219
- package/src/auth/auth.registry.js.map +0 -1
- package/src/auth/auth.utils.js +0 -84
- package/src/auth/auth.utils.js.map +0 -1
- package/src/auth/authorization/authorization.class.js +0 -217
- package/src/auth/authorization/authorization.class.js.map +0 -1
- package/src/auth/authorization/authorization.types.js +0 -79
- package/src/auth/authorization/authorization.types.js.map +0 -1
- package/src/auth/authorization/index.js +0 -19
- package/src/auth/authorization/index.js.map +0 -1
- package/src/auth/authorization/orchestrated.authorization.js +0 -306
- package/src/auth/authorization/orchestrated.authorization.js.map +0 -1
- package/src/auth/authorization/public.authorization.js +0 -132
- package/src/auth/authorization/public.authorization.js.map +0 -1
- package/src/auth/authorization/transparent.authorization.js +0 -147
- package/src/auth/authorization/transparent.authorization.js.map +0 -1
- package/src/auth/consent/consent.types.js +0 -119
- package/src/auth/consent/consent.types.js.map +0 -1
- package/src/auth/consent/index.js +0 -13
- package/src/auth/consent/index.js.map +0 -1
- package/src/auth/detection/auth-provider-detection.js +0 -230
- package/src/auth/detection/auth-provider-detection.js.map +0 -1
- package/src/auth/detection/index.js +0 -15
- package/src/auth/detection/index.js.map +0 -1
- package/src/auth/flows/auth.verify.flow.js +0 -379
- package/src/auth/flows/auth.verify.flow.js.map +0 -1
- package/src/auth/flows/oauth.authorize.flow.js +0 -822
- package/src/auth/flows/oauth.authorize.flow.js.map +0 -1
- package/src/auth/flows/oauth.callback.flow.js +0 -357
- package/src/auth/flows/oauth.callback.flow.js.map +0 -1
- package/src/auth/flows/oauth.register.flow.js +0 -201
- package/src/auth/flows/oauth.register.flow.js.map +0 -1
- package/src/auth/flows/oauth.token.flow.js +0 -319
- package/src/auth/flows/oauth.token.flow.js.map +0 -1
- package/src/auth/flows/session.verify.flow.js +0 -304
- package/src/auth/flows/session.verify.flow.js.map +0 -1
- package/src/auth/flows/well-known.jwks.flow.js +0 -89
- package/src/auth/flows/well-known.jwks.flow.js.map +0 -1
- package/src/auth/flows/well-known.oauth-authorization-server.flow.js +0 -122
- package/src/auth/flows/well-known.oauth-authorization-server.flow.js.map +0 -1
- package/src/auth/flows/well-known.prm.flow.js +0 -106
- package/src/auth/flows/well-known.prm.flow.js.map +0 -1
- package/src/auth/instances/instance.local-primary-auth.js +0 -308
- package/src/auth/instances/instance.local-primary-auth.js.map +0 -1
- package/src/auth/instances/instance.remote-primary-auth.js +0 -49
- package/src/auth/instances/instance.remote-primary-auth.js.map +0 -1
- package/src/auth/jwks/dev-key-persistence.js +0 -219
- package/src/auth/jwks/dev-key-persistence.js.map +0 -1
- package/src/auth/jwks/index.js +0 -7
- package/src/auth/jwks/index.js.map +0 -1
- package/src/auth/jwks/jwks.service.js +0 -303
- package/src/auth/jwks/jwks.service.js.map +0 -1
- package/src/auth/jwks/jwks.types.js +0 -3
- package/src/auth/jwks/jwks.types.js.map +0 -1
- package/src/auth/jwks/jwks.utils.js +0 -32
- package/src/auth/jwks/jwks.utils.js.map +0 -1
- package/src/auth/machine-id.js +0 -32
- package/src/auth/machine-id.js.map +0 -1
- package/src/auth/oauth/flows/oauth.authorize.flow.js +0 -33
- package/src/auth/oauth/flows/oauth.authorize.flow.js.map +0 -1
- package/src/auth/oauth/flows/oauth.device-authorization.flow.js +0 -48
- package/src/auth/oauth/flows/oauth.device-authorization.flow.js.map +0 -1
- package/src/auth/oauth/flows/oauth.introspect.flow.js +0 -28
- package/src/auth/oauth/flows/oauth.introspect.flow.js.map +0 -1
- package/src/auth/oauth/flows/oauth.par.flow.js +0 -29
- package/src/auth/oauth/flows/oauth.par.flow.js.map +0 -1
- package/src/auth/oauth/flows/oauth.revoke.flow.js +0 -27
- package/src/auth/oauth/flows/oauth.revoke.flow.js.map +0 -1
- package/src/auth/oauth/flows/oauth.token.flow.js +0 -59
- package/src/auth/oauth/flows/oauth.token.flow.js.map +0 -1
- package/src/auth/oauth/flows/oauth.userinfo.flow.js +0 -24
- package/src/auth/oauth/flows/oauth.userinfo.flow.js.map +0 -1
- package/src/auth/oauth/flows/oidc.logout.flow.js +0 -20
- package/src/auth/oauth/flows/oidc.logout.flow.js.map +0 -1
- package/src/auth/session/authorization-vault.js +0 -817
- package/src/auth/session/authorization-vault.js.map +0 -1
- package/src/auth/session/authorization.store.js +0 -323
- package/src/auth/session/authorization.store.js.map +0 -1
- package/src/auth/session/encrypted-authorization-vault.js +0 -493
- package/src/auth/session/encrypted-authorization-vault.js.map +0 -1
- package/src/auth/session/index.js +0 -18
- package/src/auth/session/index.js.map +0 -1
- package/src/auth/session/record/session.base.js +0 -125
- package/src/auth/session/record/session.base.js.map +0 -1
- package/src/auth/session/record/session.stateful.js +0 -55
- package/src/auth/session/record/session.stateful.js.map +0 -1
- package/src/auth/session/record/session.stateless.js +0 -32
- package/src/auth/session/record/session.stateless.js.map +0 -1
- package/src/auth/session/record/session.transparent.js +0 -22
- package/src/auth/session/record/session.transparent.js.map +0 -1
- package/src/auth/session/redis-session.store.js +0 -204
- package/src/auth/session/redis-session.store.js.map +0 -1
- package/src/auth/session/session.crypto.js +0 -47
- package/src/auth/session/session.crypto.js.map +0 -1
- package/src/auth/session/session.schema.js +0 -13
- package/src/auth/session/session.schema.js.map +0 -1
- package/src/auth/session/session.service.js +0 -105
- package/src/auth/session/session.service.js.map +0 -1
- package/src/auth/session/session.transport.js +0 -20
- package/src/auth/session/session.transport.js.map +0 -1
- package/src/auth/session/session.types.js +0 -4
- package/src/auth/session/session.types.js.map +0 -1
- package/src/auth/session/token.refresh.js +0 -63
- package/src/auth/session/token.refresh.js.map +0 -1
- package/src/auth/session/token.store.js +0 -53
- package/src/auth/session/token.store.js.map +0 -1
- package/src/auth/session/token.vault.js +0 -54
- package/src/auth/session/token.vault.js.map +0 -1
- package/src/auth/session/transport-session.manager.js +0 -298
- package/src/auth/session/transport-session.manager.js.map +0 -1
- package/src/auth/session/transport-session.types.js +0 -111
- package/src/auth/session/transport-session.types.js.map +0 -1
- package/src/auth/session/utils/auth-token.utils.js +0 -57
- package/src/auth/session/utils/auth-token.utils.js.map +0 -1
- package/src/auth/session/utils/session-id.utils.js +0 -217
- package/src/auth/session/utils/session-id.utils.js.map +0 -1
- package/src/auth/session/utils/tiny-ttl-cache.js +0 -26
- package/src/auth/session/utils/tiny-ttl-cache.js.map +0 -1
- package/src/auth/session/vault-encryption.js +0 -263
- package/src/auth/session/vault-encryption.js.map +0 -1
- package/src/auth/session/vercel-kv-session.store.js +0 -216
- package/src/auth/session/vercel-kv-session.store.js.map +0 -1
- package/src/auth/ui/base-layout.js +0 -279
- package/src/auth/ui/base-layout.js.map +0 -1
- package/src/auth/ui/index.js +0 -34
- package/src/auth/ui/index.js.map +0 -1
- package/src/auth/ui/templates.js +0 -426
- package/src/auth/ui/templates.js.map +0 -1
- package/src/auth/utils/audience.validator.js +0 -196
- package/src/auth/utils/audience.validator.js.map +0 -1
- package/src/auth/utils/index.js +0 -7
- package/src/auth/utils/index.js.map +0 -1
- package/src/auth/utils/www-authenticate.utils.js +0 -183
- package/src/auth/utils/www-authenticate.utils.js.map +0 -1
- package/src/common/common.schema.js +0 -35
- package/src/common/common.schema.js.map +0 -1
- package/src/common/constants.js +0 -13
- package/src/common/constants.js.map +0 -1
- package/src/common/decorators/adapter.decorator.js +0 -20
- package/src/common/decorators/adapter.decorator.js.map +0 -1
- package/src/common/decorators/app.decorator.js +0 -44
- package/src/common/decorators/app.decorator.js.map +0 -1
- package/src/common/decorators/auth-provider.decorator.js +0 -20
- package/src/common/decorators/auth-provider.decorator.js.map +0 -1
- package/src/common/decorators/decorator-utils.js +0 -195
- package/src/common/decorators/decorator-utils.js.map +0 -1
- package/src/common/decorators/flow.decorator.js +0 -19
- package/src/common/decorators/flow.decorator.js.map +0 -1
- package/src/common/decorators/front-mcp.decorator.js +0 -64
- package/src/common/decorators/front-mcp.decorator.js.map +0 -1
- package/src/common/decorators/hook.decorator.js +0 -178
- package/src/common/decorators/hook.decorator.js.map +0 -1
- package/src/common/decorators/index.js +0 -16
- package/src/common/decorators/index.js.map +0 -1
- package/src/common/decorators/logger.decorator.js +0 -20
- package/src/common/decorators/logger.decorator.js.map +0 -1
- package/src/common/decorators/plugin.decorator.js +0 -39
- package/src/common/decorators/plugin.decorator.js.map +0 -1
- package/src/common/decorators/prompt.decorator.js +0 -38
- package/src/common/decorators/prompt.decorator.js.map +0 -1
- package/src/common/decorators/provider.decorator.js +0 -20
- package/src/common/decorators/provider.decorator.js.map +0 -1
- package/src/common/decorators/resource.decorator.js +0 -94
- package/src/common/decorators/resource.decorator.js.map +0 -1
- package/src/common/decorators/tool.decorator.js +0 -45
- package/src/common/decorators/tool.decorator.js.map +0 -1
- package/src/common/dynamic/dynamic.adapter.js +0 -28
- package/src/common/dynamic/dynamic.adapter.js.map +0 -1
- package/src/common/dynamic/dynamic.plugin.js +0 -42
- package/src/common/dynamic/dynamic.plugin.js.map +0 -1
- package/src/common/dynamic/dynamic.utils.js +0 -27
- package/src/common/dynamic/dynamic.utils.js.map +0 -1
- package/src/common/dynamic/index.js +0 -6
- package/src/common/dynamic/index.js.map +0 -1
- package/src/common/entries/adapter.entry.js +0 -8
- package/src/common/entries/adapter.entry.js.map +0 -1
- package/src/common/entries/app.entry.js +0 -9
- package/src/common/entries/app.entry.js.map +0 -1
- package/src/common/entries/auth-provider.entry.js +0 -8
- package/src/common/entries/auth-provider.entry.js.map +0 -1
- package/src/common/entries/base.entry.js +0 -17
- package/src/common/entries/base.entry.js.map +0 -1
- package/src/common/entries/flow.entry.js +0 -21
- package/src/common/entries/flow.entry.js.map +0 -1
- package/src/common/entries/hook.entry.js +0 -20
- package/src/common/entries/hook.entry.js.map +0 -1
- package/src/common/entries/index.js +0 -17
- package/src/common/entries/index.js.map +0 -1
- package/src/common/entries/logger.entry.js +0 -8
- package/src/common/entries/logger.entry.js.map +0 -1
- package/src/common/entries/plugin.entry.js +0 -8
- package/src/common/entries/plugin.entry.js.map +0 -1
- package/src/common/entries/prompt.entry.js +0 -18
- package/src/common/entries/prompt.entry.js.map +0 -1
- package/src/common/entries/provider.entry.js +0 -8
- package/src/common/entries/provider.entry.js.map +0 -1
- package/src/common/entries/resource.entry.js +0 -35
- package/src/common/entries/resource.entry.js.map +0 -1
- package/src/common/entries/scope.entry.js +0 -14
- package/src/common/entries/scope.entry.js.map +0 -1
- package/src/common/entries/tool.entry.js +0 -31
- package/src/common/entries/tool.entry.js.map +0 -1
- package/src/common/flow/flow.utils.js +0 -96
- package/src/common/flow/flow.utils.js.map +0 -1
- package/src/common/index.js +0 -20
- package/src/common/index.js.map +0 -1
- package/src/common/interfaces/adapter.interface.js +0 -3
- package/src/common/interfaces/adapter.interface.js.map +0 -1
- package/src/common/interfaces/app.interface.js +0 -3
- package/src/common/interfaces/app.interface.js.map +0 -1
- package/src/common/interfaces/auth-hook.interface.js +0 -135
- package/src/common/interfaces/auth-hook.interface.js.map +0 -1
- package/src/common/interfaces/auth-provider.interface.js +0 -18
- package/src/common/interfaces/auth-provider.interface.js.map +0 -1
- package/src/common/interfaces/base.interface.js +0 -3
- package/src/common/interfaces/base.interface.js.map +0 -1
- package/src/common/interfaces/execution-context.interface.js +0 -166
- package/src/common/interfaces/execution-context.interface.js.map +0 -1
- package/src/common/interfaces/flow.interface.js +0 -95
- package/src/common/interfaces/flow.interface.js.map +0 -1
- package/src/common/interfaces/front-mcp.interface.js +0 -3
- package/src/common/interfaces/front-mcp.interface.js.map +0 -1
- package/src/common/interfaces/hook.interface.js +0 -3
- package/src/common/interfaces/hook.interface.js.map +0 -1
- package/src/common/interfaces/index.js +0 -21
- package/src/common/interfaces/index.js.map +0 -1
- package/src/common/interfaces/internal/flow.utils.js +0 -83
- package/src/common/interfaces/internal/flow.utils.js.map +0 -1
- package/src/common/interfaces/internal/index.js +0 -7
- package/src/common/interfaces/internal/index.js.map +0 -1
- package/src/common/interfaces/internal/primary-auth-provider.interface.js +0 -81
- package/src/common/interfaces/internal/primary-auth-provider.interface.js.map +0 -1
- package/src/common/interfaces/internal/registry.interface.js +0 -3
- package/src/common/interfaces/internal/registry.interface.js.map +0 -1
- package/src/common/interfaces/logger.interface.js +0 -10
- package/src/common/interfaces/logger.interface.js.map +0 -1
- package/src/common/interfaces/plugin.interface.js +0 -3
- package/src/common/interfaces/plugin.interface.js.map +0 -1
- package/src/common/interfaces/prompt.interface.js +0 -81
- package/src/common/interfaces/prompt.interface.js.map +0 -1
- package/src/common/interfaces/provider.interface.js +0 -18
- package/src/common/interfaces/provider.interface.js.map +0 -1
- package/src/common/interfaces/resource.interface.js +0 -56
- package/src/common/interfaces/resource.interface.js.map +0 -1
- package/src/common/interfaces/scope.interface.js +0 -3
- package/src/common/interfaces/scope.interface.js.map +0 -1
- package/src/common/interfaces/server.interface.js +0 -18
- package/src/common/interfaces/server.interface.js.map +0 -1
- package/src/common/interfaces/session-hook.interface.js +0 -140
- package/src/common/interfaces/session-hook.interface.js.map +0 -1
- package/src/common/interfaces/tool-hook.interface.js +0 -92
- package/src/common/interfaces/tool-hook.interface.js.map +0 -1
- package/src/common/interfaces/tool.interface.js +0 -117
- package/src/common/interfaces/tool.interface.js.map +0 -1
- package/src/common/metadata/adapter.metadata.js +0 -10
- package/src/common/metadata/adapter.metadata.js.map +0 -1
- package/src/common/metadata/app.metadata.js +0 -30
- package/src/common/metadata/app.metadata.js.map +0 -1
- package/src/common/metadata/auth-provider.metadata.js +0 -19
- package/src/common/metadata/auth-provider.metadata.js.map +0 -1
- package/src/common/metadata/flow.metadata.js +0 -15
- package/src/common/metadata/flow.metadata.js.map +0 -1
- package/src/common/metadata/front-mcp.metadata.js +0 -30
- package/src/common/metadata/front-mcp.metadata.js.map +0 -1
- package/src/common/metadata/hook.metadata.js +0 -3
- package/src/common/metadata/hook.metadata.js.map +0 -1
- package/src/common/metadata/index.js +0 -17
- package/src/common/metadata/index.js.map +0 -1
- package/src/common/metadata/logger.metadata.js +0 -10
- package/src/common/metadata/logger.metadata.js.map +0 -1
- package/src/common/metadata/plugin.metadata.js +0 -18
- package/src/common/metadata/plugin.metadata.js.map +0 -1
- package/src/common/metadata/prompt.metadata.js +0 -27
- package/src/common/metadata/prompt.metadata.js.map +0 -1
- package/src/common/metadata/provider.metadata.js +0 -36
- package/src/common/metadata/provider.metadata.js.map +0 -1
- package/src/common/metadata/resource.metadata.js +0 -31
- package/src/common/metadata/resource.metadata.js.map +0 -1
- package/src/common/metadata/tool-ui.metadata.js +0 -12
- package/src/common/metadata/tool-ui.metadata.js.map +0 -1
- package/src/common/metadata/tool.metadata.js +0 -55
- package/src/common/metadata/tool.metadata.js.map +0 -1
- package/src/common/migrate/auth-transport.migrate.js +0 -140
- package/src/common/migrate/auth-transport.migrate.js.map +0 -1
- package/src/common/migrate/index.js +0 -6
- package/src/common/migrate/index.js.map +0 -1
- package/src/common/providers/base-config.provider.js +0 -128
- package/src/common/providers/base-config.provider.js.map +0 -1
- package/src/common/records/adapter.record.js +0 -11
- package/src/common/records/adapter.record.js.map +0 -1
- package/src/common/records/app.record.js +0 -9
- package/src/common/records/app.record.js.map +0 -1
- package/src/common/records/auth-provider.record.js +0 -12
- package/src/common/records/auth-provider.record.js.map +0 -1
- package/src/common/records/flow.record.js +0 -8
- package/src/common/records/flow.record.js.map +0 -1
- package/src/common/records/hook.record.js +0 -8
- package/src/common/records/hook.record.js.map +0 -1
- package/src/common/records/index.js +0 -16
- package/src/common/records/index.js.map +0 -1
- package/src/common/records/logger.record.js +0 -8
- package/src/common/records/logger.record.js.map +0 -1
- package/src/common/records/plugin.record.js +0 -11
- package/src/common/records/plugin.record.js.map +0 -1
- package/src/common/records/prompt.record.js +0 -9
- package/src/common/records/prompt.record.js.map +0 -1
- package/src/common/records/provider.record.js +0 -14
- package/src/common/records/provider.record.js.map +0 -1
- package/src/common/records/resource.record.js +0 -20
- package/src/common/records/resource.record.js.map +0 -1
- package/src/common/records/scope.record.js +0 -9
- package/src/common/records/scope.record.js.map +0 -1
- package/src/common/records/tool.record.js +0 -9
- package/src/common/records/tool.record.js.map +0 -1
- package/src/common/schemas/annotated-class.schema.js +0 -109
- package/src/common/schemas/annotated-class.schema.js.map +0 -1
- package/src/common/schemas/http-input.schema.js +0 -13
- package/src/common/schemas/http-input.schema.js.map +0 -1
- package/src/common/schemas/http-output.schema.js +0 -321
- package/src/common/schemas/http-output.schema.js.map +0 -1
- package/src/common/schemas/index.js +0 -8
- package/src/common/schemas/index.js.map +0 -1
- package/src/common/schemas/session-header.schema.js +0 -42
- package/src/common/schemas/session-header.schema.js.map +0 -1
- package/src/common/tokens/adapter.tokens.js +0 -11
- package/src/common/tokens/adapter.tokens.js.map +0 -1
- package/src/common/tokens/app.tokens.js +0 -30
- package/src/common/tokens/app.tokens.js.map +0 -1
- package/src/common/tokens/auth-provider.tokens.js +0 -12
- package/src/common/tokens/auth-provider.tokens.js.map +0 -1
- package/src/common/tokens/base.tokens.js +0 -9
- package/src/common/tokens/base.tokens.js.map +0 -1
- package/src/common/tokens/flow-hook.tokens.js +0 -9
- package/src/common/tokens/flow-hook.tokens.js.map +0 -1
- package/src/common/tokens/flow.tokens.js +0 -16
- package/src/common/tokens/flow.tokens.js.map +0 -1
- package/src/common/tokens/front-mcp.tokens.js +0 -25
- package/src/common/tokens/front-mcp.tokens.js.map +0 -1
- package/src/common/tokens/index.js +0 -17
- package/src/common/tokens/index.js.map +0 -1
- package/src/common/tokens/logger.tokens.js +0 -11
- package/src/common/tokens/logger.tokens.js.map +0 -1
- package/src/common/tokens/plugin.tokens.js +0 -18
- package/src/common/tokens/plugin.tokens.js.map +0 -1
- package/src/common/tokens/prompt.tokens.js +0 -14
- package/src/common/tokens/prompt.tokens.js.map +0 -1
- package/src/common/tokens/provider.tokens.js +0 -12
- package/src/common/tokens/provider.tokens.js.map +0 -1
- package/src/common/tokens/resource.tokens.js +0 -28
- package/src/common/tokens/resource.tokens.js.map +0 -1
- package/src/common/tokens/server.tokens.js +0 -11
- package/src/common/tokens/server.tokens.js.map +0 -1
- package/src/common/tokens/tool.tokens.js +0 -21
- package/src/common/tokens/tool.tokens.js.map +0 -1
- package/src/common/types/auth/index.js +0 -6
- package/src/common/types/auth/index.js.map +0 -1
- package/src/common/types/auth/jwt.types.js +0 -36
- package/src/common/types/auth/jwt.types.js.map +0 -1
- package/src/common/types/auth/session.types.js +0 -53
- package/src/common/types/auth/session.types.js.map +0 -1
- package/src/common/types/common.types.js +0 -3
- package/src/common/types/common.types.js.map +0 -1
- package/src/common/types/index.js +0 -7
- package/src/common/types/index.js.map +0 -1
- package/src/common/types/options/auth.options.d.ts +0 -1266
- package/src/common/types/options/auth.options.js +0 -560
- package/src/common/types/options/auth.options.js.map +0 -1
- package/src/common/types/options/http.options.js +0 -10
- package/src/common/types/options/http.options.js.map +0 -1
- package/src/common/types/options/index.js +0 -11
- package/src/common/types/options/index.js.map +0 -1
- package/src/common/types/options/logging.options.js +0 -33
- package/src/common/types/options/logging.options.js.map +0 -1
- package/src/common/types/options/redis.options.js +0 -191
- package/src/common/types/options/redis.options.js.map +0 -1
- package/src/common/types/options/server-info.options.js +0 -13
- package/src/common/types/options/server-info.options.js.map +0 -1
- package/src/common/types/options/session.options.js +0 -32
- package/src/common/types/options/session.options.js.map +0 -1
- package/src/common/types/options/transport.options.js +0 -121
- package/src/common/types/options/transport.options.js.map +0 -1
- package/src/common/utils/decide-request-intent.utils.js +0 -391
- package/src/common/utils/decide-request-intent.utils.js.map +0 -1
- package/src/common/utils/global-config.utils.js +0 -44
- package/src/common/utils/global-config.utils.js.map +0 -1
- package/src/common/utils/index.js +0 -7
- package/src/common/utils/index.js.map +0 -1
- package/src/common/utils/path.utils.js +0 -66
- package/src/common/utils/path.utils.js.map +0 -1
- package/src/completion/flows/complete.flow.js +0 -199
- package/src/completion/flows/complete.flow.js.map +0 -1
- package/src/context/frontmcp-context-storage.js +0 -183
- package/src/context/frontmcp-context-storage.js.map +0 -1
- package/src/context/frontmcp-context.js +0 -360
- package/src/context/frontmcp-context.js.map +0 -1
- package/src/context/frontmcp-context.provider.js +0 -61
- package/src/context/frontmcp-context.provider.js.map +0 -1
- package/src/context/index.js +0 -64
- package/src/context/index.js.map +0 -1
- package/src/context/request-context-storage.js +0 -183
- package/src/context/request-context-storage.js.map +0 -1
- package/src/context/request-context.js +0 -209
- package/src/context/request-context.js.map +0 -1
- package/src/context/request-context.provider.js +0 -51
- package/src/context/request-context.provider.js.map +0 -1
- package/src/context/session-key.provider.js +0 -65
- package/src/context/session-key.provider.js.map +0 -1
- package/src/context/trace-context.js +0 -142
- package/src/context/trace-context.js.map +0 -1
- package/src/errors/authorization-required.error.js +0 -274
- package/src/errors/authorization-required.error.js.map +0 -1
- package/src/errors/error-handler.js +0 -107
- package/src/errors/error-handler.js.map +0 -1
- package/src/errors/index.js +0 -45
- package/src/errors/index.js.map +0 -1
- package/src/errors/mcp.error.js +0 -416
- package/src/errors/mcp.error.js.map +0 -1
- package/src/exceptions/mcp-exceptions/session-missing.exception.js +0 -11
- package/src/exceptions/mcp-exceptions/session-missing.exception.js.map +0 -1
- package/src/exceptions/mcp-exceptions/unsupported-client-version.exception.js +0 -15
- package/src/exceptions/mcp-exceptions/unsupported-client-version.exception.js.map +0 -1
- package/src/flows/flow.instance.js +0 -420
- package/src/flows/flow.instance.js.map +0 -1
- package/src/flows/flow.registry.js +0 -121
- package/src/flows/flow.registry.js.map +0 -1
- package/src/flows/flow.stages.js +0 -113
- package/src/flows/flow.stages.js.map +0 -1
- package/src/flows/flow.utils.js +0 -36
- package/src/flows/flow.utils.js.map +0 -1
- package/src/front-mcp/front-mcp.js +0 -63
- package/src/front-mcp/front-mcp.js.map +0 -1
- package/src/front-mcp/front-mcp.providers.js +0 -29
- package/src/front-mcp/front-mcp.providers.js.map +0 -1
- package/src/front-mcp/front-mcp.tokens.js +0 -5
- package/src/front-mcp/front-mcp.tokens.js.map +0 -1
- package/src/front-mcp/index.js +0 -8
- package/src/front-mcp/index.js.map +0 -1
- package/src/front-mcp/serverless-handler.js +0 -61
- package/src/front-mcp/serverless-handler.js.map +0 -1
- package/src/hooks/hook.instance.js +0 -26
- package/src/hooks/hook.instance.js.map +0 -1
- package/src/hooks/hook.registry.js +0 -152
- package/src/hooks/hook.registry.js.map +0 -1
- package/src/hooks/hooks.utils.js +0 -34
- package/src/hooks/hooks.utils.js.map +0 -1
- package/src/index.js +0 -37
- package/src/index.js.map +0 -1
- package/src/logger/instances/instance.console-logger.js +0 -75
- package/src/logger/instances/instance.console-logger.js.map +0 -1
- package/src/logger/instances/instance.logger.js +0 -77
- package/src/logger/instances/instance.logger.js.map +0 -1
- package/src/logger/logger.registry.js +0 -96
- package/src/logger/logger.registry.js.map +0 -1
- package/src/logger/logger.tokens.js +0 -3
- package/src/logger/logger.tokens.js.map +0 -1
- package/src/logger/logger.types.js +0 -8
- package/src/logger/logger.types.js.map +0 -1
- package/src/logger/logger.utils.js +0 -42
- package/src/logger/logger.utils.js.map +0 -1
- package/src/logging/flows/set-level.flow.js +0 -108
- package/src/logging/flows/set-level.flow.js.map +0 -1
- package/src/mcp-apps/csp.js +0 -267
- package/src/mcp-apps/csp.js.map +0 -1
- package/src/mcp-apps/index.js +0 -91
- package/src/mcp-apps/index.js.map +0 -1
- package/src/mcp-apps/schemas.js +0 -345
- package/src/mcp-apps/schemas.js.map +0 -1
- package/src/mcp-apps/template.js +0 -419
- package/src/mcp-apps/template.js.map +0 -1
- package/src/mcp-apps/types.js +0 -59
- package/src/mcp-apps/types.js.map +0 -1
- package/src/notification/index.js +0 -13
- package/src/notification/index.js.map +0 -1
- package/src/notification/notification.service.js +0 -731
- package/src/notification/notification.service.js.map +0 -1
- package/src/plugin/plugin.registry.js +0 -152
- package/src/plugin/plugin.registry.js.map +0 -1
- package/src/plugin/plugin.utils.js +0 -88
- package/src/plugin/plugin.utils.js.map +0 -1
- package/src/prompt/flows/get-prompt.flow.js +0 -214
- package/src/prompt/flows/get-prompt.flow.js.map +0 -1
- package/src/prompt/flows/prompts-list.flow.js +0 -176
- package/src/prompt/flows/prompts-list.flow.js.map +0 -1
- package/src/prompt/index.js +0 -17
- package/src/prompt/index.js.map +0 -1
- package/src/prompt/prompt.events.js +0 -25
- package/src/prompt/prompt.events.js.map +0 -1
- package/src/prompt/prompt.instance.js +0 -120
- package/src/prompt/prompt.instance.js.map +0 -1
- package/src/prompt/prompt.registry.js +0 -380
- package/src/prompt/prompt.registry.js.map +0 -1
- package/src/prompt/prompt.types.js +0 -11
- package/src/prompt/prompt.types.js.map +0 -1
- package/src/prompt/prompt.utils.js +0 -136
- package/src/prompt/prompt.utils.js.map +0 -1
- package/src/provider/provider.registry.js +0 -868
- package/src/provider/provider.registry.js.map +0 -1
- package/src/provider/provider.types.js +0 -3
- package/src/provider/provider.types.js.map +0 -1
- package/src/provider/provider.utils.js +0 -103
- package/src/provider/provider.utils.js.map +0 -1
- package/src/regsitry/index.js +0 -5
- package/src/regsitry/index.js.map +0 -1
- package/src/regsitry/registry.base.js +0 -32
- package/src/regsitry/registry.base.js.map +0 -1
- package/src/resource/flows/read-resource.flow.js +0 -270
- package/src/resource/flows/read-resource.flow.js.map +0 -1
- package/src/resource/flows/resource-templates-list.flow.js +0 -191
- package/src/resource/flows/resource-templates-list.flow.js.map +0 -1
- package/src/resource/flows/resources-list.flow.js +0 -196
- package/src/resource/flows/resources-list.flow.js.map +0 -1
- package/src/resource/flows/subscribe-resource.flow.js +0 -123
- package/src/resource/flows/subscribe-resource.flow.js.map +0 -1
- package/src/resource/flows/unsubscribe-resource.flow.js +0 -107
- package/src/resource/flows/unsubscribe-resource.flow.js.map +0 -1
- package/src/resource/index.js +0 -20
- package/src/resource/index.js.map +0 -1
- package/src/resource/resource.events.js +0 -17
- package/src/resource/resource.events.js.map +0 -1
- package/src/resource/resource.instance.js +0 -163
- package/src/resource/resource.instance.js.map +0 -1
- package/src/resource/resource.registry.js +0 -468
- package/src/resource/resource.registry.js.map +0 -1
- package/src/resource/resource.types.js +0 -11
- package/src/resource/resource.types.js.map +0 -1
- package/src/resource/resource.utils.js +0 -151
- package/src/resource/resource.utils.js.map +0 -1
- package/src/scope/flows/http.request.flow.js +0 -474
- package/src/scope/flows/http.request.flow.js.map +0 -1
- package/src/scope/index.js +0 -6
- package/src/scope/index.js.map +0 -1
- package/src/scope/scope.instance.js +0 -263
- package/src/scope/scope.instance.js.map +0 -1
- package/src/scope/scope.registry.js +0 -94
- package/src/scope/scope.registry.js.map +0 -1
- package/src/scope/scope.utils.js +0 -61
- package/src/scope/scope.utils.js.map +0 -1
- package/src/server/adapters/base.host.adapter.js +0 -8
- package/src/server/adapters/base.host.adapter.js.map +0 -1
- package/src/server/adapters/express.host.adapter.js +0 -70
- package/src/server/adapters/express.host.adapter.js.map +0 -1
- package/src/server/server.instance.js +0 -54
- package/src/server/server.instance.js.map +0 -1
- package/src/server/server.types.js +0 -3
- package/src/server/server.types.js.map +0 -1
- package/src/server/server.validation.js +0 -192
- package/src/server/server.validation.js.map +0 -1
- package/src/store/adapters/store.base.adapter.js +0 -16
- package/src/store/adapters/store.base.adapter.js.map +0 -1
- package/src/store/adapters/store.memory.adapter.js +0 -89
- package/src/store/adapters/store.memory.adapter.js.map +0 -1
- package/src/store/adapters/store.redis.adapter.js +0 -104
- package/src/store/adapters/store.redis.adapter.js.map +0 -1
- package/src/store/adapters/store.vercel-kv.adapter.js +0 -155
- package/src/store/adapters/store.vercel-kv.adapter.js.map +0 -1
- package/src/store/index.js +0 -14
- package/src/store/index.js.map +0 -1
- package/src/store/store.factory.js +0 -194
- package/src/store/store.factory.js.map +0 -1
- package/src/store/store.helpers.js +0 -67
- package/src/store/store.helpers.js.map +0 -1
- package/src/store/store.registry.js +0 -37
- package/src/store/store.registry.js.map +0 -1
- package/src/store/store.tokens.js +0 -7
- package/src/store/store.tokens.js.map +0 -1
- package/src/store/store.types.js +0 -11
- package/src/store/store.types.js.map +0 -1
- package/src/store/store.utils.js +0 -18
- package/src/store/store.utils.js.map +0 -1
- package/src/tool/flows/call-tool.flow.js +0 -616
- package/src/tool/flows/call-tool.flow.js.map +0 -1
- package/src/tool/flows/tools-list.flow.js +0 -328
- package/src/tool/flows/tools-list.flow.js.map +0 -1
- package/src/tool/tool.events.js +0 -16
- package/src/tool/tool.events.js.map +0 -1
- package/src/tool/tool.instance.js +0 -117
- package/src/tool/tool.instance.js.map +0 -1
- package/src/tool/tool.registry.js +0 -353
- package/src/tool/tool.registry.js.map +0 -1
- package/src/tool/tool.types.js +0 -10
- package/src/tool/tool.types.js.map +0 -1
- package/src/tool/tool.utils.js +0 -366
- package/src/tool/tool.utils.js.map +0 -1
- package/src/tool/ui/index.js +0 -63
- package/src/tool/ui/index.js.map +0 -1
- package/src/tool/ui/platform-adapters.js +0 -18
- package/src/tool/ui/platform-adapters.js.map +0 -1
- package/src/tool/ui/template-helpers.js +0 -95
- package/src/tool/ui/template-helpers.js.map +0 -1
- package/src/tool/ui/ui-resource-template.js +0 -64
- package/src/tool/ui/ui-resource-template.js.map +0 -1
- package/src/tool/ui/ui-resource.handler.js +0 -129
- package/src/tool/ui/ui-resource.handler.js.map +0 -1
- package/src/transport/adapters/transport.local.adapter.js +0 -148
- package/src/transport/adapters/transport.local.adapter.js.map +0 -1
- package/src/transport/adapters/transport.sse.adapter.js +0 -65
- package/src/transport/adapters/transport.sse.adapter.js.map +0 -1
- package/src/transport/adapters/transport.streamable-http.adapter.js +0 -112
- package/src/transport/adapters/transport.streamable-http.adapter.js.map +0 -1
- package/src/transport/flows/handle.sse.flow.js +0 -197
- package/src/transport/flows/handle.sse.flow.js.map +0 -1
- package/src/transport/flows/handle.stateless-http.flow.js +0 -102
- package/src/transport/flows/handle.stateless-http.flow.js.map +0 -1
- package/src/transport/flows/handle.streamable-http.flow.js +0 -315
- package/src/transport/flows/handle.streamable-http.flow.js.map +0 -1
- package/src/transport/legacy/legacy.sse.tranporter.js +0 -185
- package/src/transport/legacy/legacy.sse.tranporter.js.map +0 -1
- package/src/transport/mcp-handlers/Initialized-notification.hanlder.js +0 -14
- package/src/transport/mcp-handlers/Initialized-notification.hanlder.js.map +0 -1
- package/src/transport/mcp-handlers/call-tool-request.handler.js +0 -46
- package/src/transport/mcp-handlers/call-tool-request.handler.js.map +0 -1
- package/src/transport/mcp-handlers/complete-request.handler.js +0 -11
- package/src/transport/mcp-handlers/complete-request.handler.js.map +0 -1
- package/src/transport/mcp-handlers/get-prompt-request.handler.js +0 -11
- package/src/transport/mcp-handlers/get-prompt-request.handler.js.map +0 -1
- package/src/transport/mcp-handlers/index.js +0 -57
- package/src/transport/mcp-handlers/index.js.map +0 -1
- package/src/transport/mcp-handlers/initialize-request.handler.js +0 -109
- package/src/transport/mcp-handlers/initialize-request.handler.js.map +0 -1
- package/src/transport/mcp-handlers/list-prompts-request.handler.js +0 -11
- package/src/transport/mcp-handlers/list-prompts-request.handler.js.map +0 -1
- package/src/transport/mcp-handlers/list-resource-templates-request.handler.js +0 -12
- package/src/transport/mcp-handlers/list-resource-templates-request.handler.js.map +0 -1
- package/src/transport/mcp-handlers/list-resources-request.handler.js +0 -12
- package/src/transport/mcp-handlers/list-resources-request.handler.js.map +0 -1
- package/src/transport/mcp-handlers/list-tools-request.handler.js +0 -11
- package/src/transport/mcp-handlers/list-tools-request.handler.js.map +0 -1
- package/src/transport/mcp-handlers/logging-set-level-request.handler.js +0 -34
- package/src/transport/mcp-handlers/logging-set-level-request.handler.js.map +0 -1
- package/src/transport/mcp-handlers/mcp-handlers.types.js +0 -3
- package/src/transport/mcp-handlers/mcp-handlers.types.js.map +0 -1
- package/src/transport/mcp-handlers/read-resource-request.handler.js +0 -12
- package/src/transport/mcp-handlers/read-resource-request.handler.js.map +0 -1
- package/src/transport/mcp-handlers/roots-list-changed-notification.handler.js +0 -26
- package/src/transport/mcp-handlers/roots-list-changed-notification.handler.js.map +0 -1
- package/src/transport/mcp-handlers/subscribe-request.handler.js +0 -34
- package/src/transport/mcp-handlers/subscribe-request.handler.js.map +0 -1
- package/src/transport/mcp-handlers/unsubscribe-request.handler.js +0 -34
- package/src/transport/mcp-handlers/unsubscribe-request.handler.js.map +0 -1
- package/src/transport/transport.error.js +0 -25
- package/src/transport/transport.error.js.map +0 -1
- package/src/transport/transport.event-store.js +0 -36
- package/src/transport/transport.event-store.js.map +0 -1
- package/src/transport/transport.local.js +0 -71
- package/src/transport/transport.local.js.map +0 -1
- package/src/transport/transport.registry.js +0 -552
- package/src/transport/transport.registry.js.map +0 -1
- package/src/transport/transport.remote.js +0 -31
- package/src/transport/transport.remote.js.map +0 -1
- package/src/transport/transport.types.js +0 -3
- package/src/transport/transport.types.js.map +0 -1
- package/src/types/drinen-hooks.types.js +0 -3
- package/src/types/drinen-hooks.types.js.map +0 -1
- package/src/types/invoke.type.js +0 -34
- package/src/types/invoke.type.js.map +0 -1
- package/src/types/token.types.js +0 -3
- package/src/types/token.types.js.map +0 -1
- package/src/utils/content.utils.js +0 -194
- package/src/utils/content.utils.js.map +0 -1
- package/src/utils/index.js +0 -55
- package/src/utils/index.js.map +0 -1
- package/src/utils/lineage.utils.js +0 -82
- package/src/utils/lineage.utils.js.map +0 -1
- package/src/utils/metadata.utils.js +0 -26
- package/src/utils/metadata.utils.js.map +0 -1
- package/src/utils/naming.utils.js +0 -136
- package/src/utils/naming.utils.js.map +0 -1
- package/src/utils/server.utils.js +0 -59
- package/src/utils/server.utils.js.map +0 -1
- package/src/utils/string.utils.js +0 -10
- package/src/utils/string.utils.js.map +0 -1
- package/src/utils/token.utils.js +0 -65
- package/src/utils/token.utils.js.map +0 -1
- package/src/utils/types.utils.js +0 -3
- package/src/utils/types.utils.js.map +0 -1
- package/src/utils/uri-template.utils.js +0 -113
- package/src/utils/uri-template.utils.js.map +0 -1
- package/src/utils/uri-validation.utils.js +0 -76
- package/src/utils/uri-validation.utils.js.map +0 -1
- package/{src/adapter → adapter}/adapter.instance.d.ts +0 -0
- package/{src/adapter → adapter}/adapter.regsitry.d.ts +0 -0
- package/{src/adapter → adapter}/adapter.utils.d.ts +0 -0
- package/{src/app → app}/app.registry.d.ts +0 -0
- package/{src/app → app}/app.utils.d.ts +0 -0
- package/{src/app → app}/instances/app.local.instance.d.ts +0 -0
- package/{src/app → app}/instances/app.remote.instance.d.ts +0 -0
- package/{src/app → app}/instances/index.d.ts +0 -0
- package/{src/auth → auth}/auth.registry.d.ts +0 -0
- package/{src/auth → auth}/auth.utils.d.ts +0 -0
- package/{src/auth → auth}/authorization/authorization.class.d.ts +0 -0
- package/{src/auth → auth}/authorization/authorization.types.d.ts +0 -0
- package/{src/auth → auth}/authorization/index.d.ts +0 -0
- package/{src/auth → auth}/authorization/orchestrated.authorization.d.ts +0 -0
- package/{src/auth → auth}/authorization/public.authorization.d.ts +0 -0
- package/{src/auth → auth}/authorization/transparent.authorization.d.ts +0 -0
- package/{src/auth → auth}/consent/consent.types.d.ts +0 -0
- package/{src/auth → auth}/consent/index.d.ts +0 -0
- package/{src/auth → auth}/detection/auth-provider-detection.d.ts +0 -0
- package/{src/auth → auth}/detection/index.d.ts +0 -0
- package/{src/auth → auth}/flows/auth.verify.flow.d.ts +0 -0
- package/{src/auth → auth}/flows/oauth.authorize.flow.d.ts +0 -0
- package/{src/auth → auth}/flows/oauth.callback.flow.d.ts +0 -0
- package/{src/auth → auth}/flows/oauth.register.flow.d.ts +0 -0
- package/{src/auth → auth}/flows/oauth.token.flow.d.ts +0 -0
- package/{src/auth → auth}/flows/session.verify.flow.d.ts +0 -0
- package/{src/auth → auth}/flows/well-known.jwks.flow.d.ts +0 -0
- package/{src/auth → auth}/flows/well-known.oauth-authorization-server.flow.d.ts +0 -0
- package/{src/auth → auth}/flows/well-known.prm.flow.d.ts +0 -0
- package/{src/auth → auth}/jwks/dev-key-persistence.d.ts +0 -0
- package/{src/auth → auth}/jwks/index.d.ts +0 -0
- package/{src/auth → auth}/jwks/jwks.service.d.ts +0 -0
- package/{src/auth → auth}/jwks/jwks.types.d.ts +0 -0
- package/{src/auth → auth}/jwks/jwks.utils.d.ts +0 -0
- package/{src/auth → auth}/machine-id.d.ts +0 -0
- package/{src/auth → auth}/oauth/flows/oauth.authorize.flow.d.ts +0 -0
- package/{src/auth → auth}/oauth/flows/oauth.device-authorization.flow.d.ts +0 -0
- package/{src/auth → auth}/oauth/flows/oauth.introspect.flow.d.ts +0 -0
- package/{src/auth → auth}/oauth/flows/oauth.par.flow.d.ts +0 -0
- package/{src/auth → auth}/oauth/flows/oauth.revoke.flow.d.ts +0 -0
- package/{src/auth → auth}/oauth/flows/oauth.token.flow.d.ts +0 -0
- package/{src/auth → auth}/oauth/flows/oauth.userinfo.flow.d.ts +0 -0
- package/{src/auth → auth}/oauth/flows/oidc.logout.flow.d.ts +0 -0
- package/{src/auth → auth}/session/authorization-vault.d.ts +0 -0
- package/{src/auth → auth}/session/authorization.store.d.ts +0 -0
- package/{src/auth → auth}/session/encrypted-authorization-vault.d.ts +0 -0
- package/{src/auth → auth}/session/index.d.ts +0 -0
- package/{src/auth → auth}/session/record/session.base.d.ts +0 -0
- package/{src/auth → auth}/session/record/session.stateful.d.ts +0 -0
- package/{src/auth → auth}/session/record/session.stateless.d.ts +0 -0
- package/{src/auth → auth}/session/record/session.transparent.d.ts +0 -0
- package/{src/auth → auth}/session/redis-session.store.d.ts +0 -0
- package/{src/auth → auth}/session/session.crypto.d.ts +0 -0
- package/{src/auth → auth}/session/session.schema.d.ts +0 -0
- package/{src/auth → auth}/session/session.service.d.ts +0 -0
- package/{src/auth → auth}/session/session.transport.d.ts +0 -0
- package/{src/auth → auth}/session/session.types.d.ts +0 -0
- package/{src/auth → auth}/session/token.refresh.d.ts +0 -0
- package/{src/auth → auth}/session/token.store.d.ts +0 -0
- package/{src/auth → auth}/session/token.vault.d.ts +0 -0
- package/{src/auth → auth}/session/transport-session.manager.d.ts +0 -0
- package/{src/auth → auth}/session/transport-session.types.d.ts +0 -0
- package/{src/auth → auth}/session/utils/auth-token.utils.d.ts +0 -0
- package/{src/auth → auth}/session/utils/session-id.utils.d.ts +0 -0
- package/{src/auth → auth}/session/utils/tiny-ttl-cache.d.ts +0 -0
- package/{src/auth → auth}/session/vault-encryption.d.ts +0 -0
- package/{src/auth → auth}/session/vercel-kv-session.store.d.ts +0 -0
- package/{src/auth → auth}/ui/base-layout.d.ts +0 -0
- package/{src/auth → auth}/ui/index.d.ts +0 -0
- package/{src/auth → auth}/ui/templates.d.ts +0 -0
- package/{src/auth → auth}/utils/audience.validator.d.ts +0 -0
- package/{src/auth → auth}/utils/index.d.ts +0 -0
- package/{src/auth → auth}/utils/www-authenticate.utils.d.ts +0 -0
- package/{src/common → common}/common.schema.d.ts +0 -0
- package/{src/common → common}/constants.d.ts +0 -0
- package/{src/common → common}/decorators/adapter.decorator.d.ts +0 -0
- package/{src/common → common}/decorators/app.decorator.d.ts +0 -0
- package/{src/common → common}/decorators/auth-provider.decorator.d.ts +0 -0
- package/{src/common → common}/decorators/decorator-utils.d.ts +0 -0
- package/{src/common → common}/decorators/flow.decorator.d.ts +0 -0
- package/{src/common → common}/decorators/front-mcp.decorator.d.ts +0 -0
- package/{src/common → common}/decorators/hook.decorator.d.ts +0 -0
- package/{src/common → common}/decorators/index.d.ts +0 -0
- package/{src/common → common}/decorators/logger.decorator.d.ts +0 -0
- package/{src/common → common}/decorators/plugin.decorator.d.ts +0 -0
- package/{src/common → common}/decorators/prompt.decorator.d.ts +0 -0
- package/{src/common → common}/decorators/provider.decorator.d.ts +0 -0
- package/{src/common → common}/decorators/resource.decorator.d.ts +0 -0
- package/{src/common → common}/decorators/tool.decorator.d.ts +0 -0
- package/{src/common → common}/dynamic/dynamic.adapter.d.ts +0 -0
- package/{src/common → common}/dynamic/dynamic.plugin.d.ts +0 -0
- package/{src/common → common}/dynamic/dynamic.utils.d.ts +0 -0
- package/{src/common → common}/dynamic/index.d.ts +0 -0
- package/{src/common → common}/entries/adapter.entry.d.ts +0 -0
- package/{src/common → common}/entries/app.entry.d.ts +0 -0
- package/{src/common → common}/entries/auth-provider.entry.d.ts +0 -0
- package/{src/common → common}/entries/base.entry.d.ts +0 -0
- package/{src/common → common}/entries/flow.entry.d.ts +0 -0
- package/{src/common → common}/entries/hook.entry.d.ts +0 -0
- package/{src/common → common}/entries/index.d.ts +0 -0
- package/{src/common → common}/entries/logger.entry.d.ts +0 -0
- package/{src/common → common}/entries/plugin.entry.d.ts +0 -0
- package/{src/common → common}/entries/prompt.entry.d.ts +0 -0
- package/{src/common → common}/entries/provider.entry.d.ts +0 -0
- package/{src/common → common}/entries/resource.entry.d.ts +0 -0
- package/{src/common → common}/entries/scope.entry.d.ts +0 -0
- package/{src/common → common}/entries/tool.entry.d.ts +0 -0
- package/{src/common → common}/flow/flow.utils.d.ts +0 -0
- package/{src/common → common}/index.d.ts +0 -0
- package/{src/common → common}/interfaces/adapter.interface.d.ts +0 -0
- package/{src/common → common}/interfaces/app.interface.d.ts +0 -0
- package/{src/common → common}/interfaces/auth-hook.interface.d.ts +0 -0
- package/{src/common → common}/interfaces/auth-provider.interface.d.ts +0 -0
- package/{src/common → common}/interfaces/base.interface.d.ts +0 -0
- package/{src/common → common}/interfaces/execution-context.interface.d.ts +0 -0
- package/{src/common → common}/interfaces/flow.interface.d.ts +0 -0
- package/{src/common → common}/interfaces/front-mcp.interface.d.ts +0 -0
- package/{src/common → common}/interfaces/hook.interface.d.ts +0 -0
- package/{src/common → common}/interfaces/index.d.ts +0 -0
- package/{src/common → common}/interfaces/internal/flow.utils.d.ts +0 -0
- package/{src/common → common}/interfaces/internal/index.d.ts +0 -0
- package/{src/common → common}/interfaces/internal/registry.interface.d.ts +0 -0
- package/{src/common → common}/interfaces/logger.interface.d.ts +0 -0
- package/{src/common → common}/interfaces/plugin.interface.d.ts +0 -0
- package/{src/common → common}/interfaces/prompt.interface.d.ts +0 -0
- package/{src/common → common}/interfaces/provider.interface.d.ts +0 -0
- package/{src/common → common}/interfaces/resource.interface.d.ts +0 -0
- package/{src/common → common}/interfaces/scope.interface.d.ts +0 -0
- package/{src/common → common}/interfaces/server.interface.d.ts +0 -0
- package/{src/common → common}/interfaces/session-hook.interface.d.ts +0 -0
- package/{src/common → common}/interfaces/tool-hook.interface.d.ts +0 -0
- package/{src/common → common}/interfaces/tool.interface.d.ts +0 -0
- package/{src/common → common}/metadata/adapter.metadata.d.ts +0 -0
- package/{src/common → common}/metadata/app.metadata.d.ts +42 -42
- package/{src/common → common}/metadata/auth-provider.metadata.d.ts +0 -0
- package/{src/common → common}/metadata/flow.metadata.d.ts +0 -0
- package/{src/common → common}/metadata/hook.metadata.d.ts +0 -0
- package/{src/common → common}/metadata/index.d.ts +0 -0
- package/{src/common → common}/metadata/logger.metadata.d.ts +0 -0
- package/{src/common → common}/metadata/plugin.metadata.d.ts +0 -0
- package/{src/common → common}/metadata/prompt.metadata.d.ts +0 -0
- package/{src/common → common}/metadata/provider.metadata.d.ts +0 -0
- package/{src/common → common}/metadata/resource.metadata.d.ts +0 -0
- package/{src/common → common}/metadata/tool-ui.metadata.d.ts +0 -0
- package/{src/common → common}/metadata/tool.metadata.d.ts +0 -0
- package/{src/common → common}/migrate/auth-transport.migrate.d.ts +0 -0
- package/{src/common → common}/migrate/index.d.ts +0 -0
- package/{src/common → common}/providers/base-config.provider.d.ts +0 -0
- package/{src/common → common}/records/adapter.record.d.ts +0 -0
- package/{src/common → common}/records/app.record.d.ts +0 -0
- package/{src/common → common}/records/auth-provider.record.d.ts +0 -0
- package/{src/common → common}/records/flow.record.d.ts +0 -0
- package/{src/common → common}/records/hook.record.d.ts +0 -0
- package/{src/common → common}/records/index.d.ts +0 -0
- package/{src/common → common}/records/logger.record.d.ts +0 -0
- package/{src/common → common}/records/plugin.record.d.ts +0 -0
- package/{src/common → common}/records/prompt.record.d.ts +0 -0
- package/{src/common → common}/records/provider.record.d.ts +0 -0
- package/{src/common → common}/records/resource.record.d.ts +0 -0
- package/{src/common → common}/records/scope.record.d.ts +0 -0
- package/{src/common → common}/records/tool.record.d.ts +0 -0
- package/{src/common → common}/schemas/annotated-class.schema.d.ts +0 -0
- package/{src/common → common}/schemas/http-input.schema.d.ts +0 -0
- package/{src/common → common}/schemas/http-output.schema.d.ts +0 -0
- package/{src/common → common}/schemas/index.d.ts +0 -0
- package/{src/common → common}/schemas/session-header.schema.d.ts +0 -0
- package/{src/common → common}/tokens/adapter.tokens.d.ts +0 -0
- package/{src/common → common}/tokens/app.tokens.d.ts +0 -0
- package/{src/common → common}/tokens/auth-provider.tokens.d.ts +0 -0
- package/{src/common → common}/tokens/base.tokens.d.ts +0 -0
- package/{src/common → common}/tokens/flow-hook.tokens.d.ts +0 -0
- package/{src/common → common}/tokens/flow.tokens.d.ts +0 -0
- package/{src/common → common}/tokens/front-mcp.tokens.d.ts +0 -0
- package/{src/common → common}/tokens/index.d.ts +0 -0
- package/{src/common → common}/tokens/logger.tokens.d.ts +0 -0
- package/{src/common → common}/tokens/plugin.tokens.d.ts +0 -0
- package/{src/common → common}/tokens/prompt.tokens.d.ts +0 -0
- package/{src/common → common}/tokens/provider.tokens.d.ts +0 -0
- package/{src/common → common}/tokens/resource.tokens.d.ts +0 -0
- package/{src/common → common}/tokens/server.tokens.d.ts +0 -0
- package/{src/common → common}/tokens/tool.tokens.d.ts +0 -0
- package/{src/common → common}/types/auth/index.d.ts +0 -0
- package/{src/common → common}/types/auth/jwt.types.d.ts +0 -0
- package/{src/common → common}/types/auth/session.types.d.ts +0 -0
- package/{src/common → common}/types/common.types.d.ts +0 -0
- package/{src/common → common}/types/index.d.ts +0 -0
- package/{src/logger/logger.tokens.d.ts → common/types/options/auth/auth.typecheck.d.ts} +0 -0
- package/{src/common → common}/types/options/http.options.d.ts +0 -0
- package/{src/common → common}/types/options/logging.options.d.ts +0 -0
- package/{src/common → common}/types/options/redis.options.d.ts +0 -0
- package/{src/common → common}/types/options/server-info.options.d.ts +0 -0
- package/{src/common → common}/types/options/session.options.d.ts +0 -0
- package/{src/common → common}/utils/global-config.utils.d.ts +0 -0
- package/{src/common → common}/utils/index.d.ts +0 -0
- package/{src/common → common}/utils/path.utils.d.ts +0 -0
- package/{src/completion → completion}/flows/complete.flow.d.ts +0 -0
- package/{src/context → context}/frontmcp-context-storage.d.ts +0 -0
- package/{src/context → context}/frontmcp-context.d.ts +0 -0
- package/{src/context → context}/frontmcp-context.provider.d.ts +0 -0
- package/{src/context → context}/index.d.ts +0 -0
- package/{src/context → context}/request-context-storage.d.ts +0 -0
- package/{src/context → context}/request-context.d.ts +0 -0
- package/{src/context → context}/request-context.provider.d.ts +0 -0
- package/{src/context → context}/session-key.provider.d.ts +0 -0
- package/{src/context → context}/trace-context.d.ts +0 -0
- package/{src/errors → errors}/authorization-required.error.d.ts +0 -0
- package/{src/errors → errors}/error-handler.d.ts +0 -0
- package/{src/errors → errors}/index.d.ts +0 -0
- package/{src/errors → errors}/mcp.error.d.ts +0 -0
- package/{src/exceptions → exceptions}/mcp-exceptions/session-missing.exception.d.ts +0 -0
- package/{src/exceptions → exceptions}/mcp-exceptions/unsupported-client-version.exception.d.ts +0 -0
- package/{src/flows → flows}/flow.instance.d.ts +0 -0
- package/{src/flows → flows}/flow.registry.d.ts +0 -0
- package/{src/flows → flows}/flow.stages.d.ts +0 -0
- package/{src/flows → flows}/flow.utils.d.ts +0 -0
- package/{src/front-mcp → front-mcp}/front-mcp.d.ts +0 -0
- package/{src/front-mcp → front-mcp}/front-mcp.providers.d.ts +38 -38
- /package/{src/front-mcp → front-mcp}/front-mcp.tokens.d.ts +0 -0
- /package/{src/front-mcp → front-mcp}/index.d.ts +0 -0
- /package/{src/front-mcp → front-mcp}/serverless-handler.d.ts +0 -0
- /package/{src/hooks → hooks}/hook.instance.d.ts +0 -0
- /package/{src/hooks → hooks}/hook.registry.d.ts +0 -0
- /package/{src/hooks → hooks}/hooks.utils.d.ts +0 -0
- /package/{src/index.d.ts → index.d.ts} +0 -0
- /package/{src/logger → logger}/instances/instance.console-logger.d.ts +0 -0
- /package/{src/logger → logger}/instances/instance.logger.d.ts +0 -0
- /package/{src/logger → logger}/logger.registry.d.ts +0 -0
- /package/{src/logger → logger}/logger.types.d.ts +0 -0
- /package/{src/logger → logger}/logger.utils.d.ts +0 -0
- /package/{src/logging → logging}/flows/set-level.flow.d.ts +0 -0
- /package/{src/mcp-apps → mcp-apps}/csp.d.ts +0 -0
- /package/{src/mcp-apps → mcp-apps}/index.d.ts +0 -0
- /package/{src/mcp-apps → mcp-apps}/schemas.d.ts +0 -0
- /package/{src/mcp-apps → mcp-apps}/template.d.ts +0 -0
- /package/{src/mcp-apps → mcp-apps}/types.d.ts +0 -0
- /package/{src/notification → notification}/index.d.ts +0 -0
- /package/{src/notification → notification}/notification.service.d.ts +0 -0
- /package/{src/plugin → plugin}/plugin.registry.d.ts +0 -0
- /package/{src/plugin → plugin}/plugin.utils.d.ts +0 -0
- /package/{src/prompt → prompt}/flows/get-prompt.flow.d.ts +0 -0
- /package/{src/prompt → prompt}/flows/prompts-list.flow.d.ts +0 -0
- /package/{src/prompt → prompt}/index.d.ts +0 -0
- /package/{src/prompt → prompt}/prompt.events.d.ts +0 -0
- /package/{src/prompt → prompt}/prompt.instance.d.ts +0 -0
- /package/{src/prompt → prompt}/prompt.registry.d.ts +0 -0
- /package/{src/prompt → prompt}/prompt.types.d.ts +0 -0
- /package/{src/prompt → prompt}/prompt.utils.d.ts +0 -0
- /package/{src/provider → provider}/provider.registry.d.ts +0 -0
- /package/{src/provider → provider}/provider.types.d.ts +0 -0
- /package/{src/provider → provider}/provider.utils.d.ts +0 -0
- /package/{src/regsitry → regsitry}/index.d.ts +0 -0
- /package/{src/regsitry → regsitry}/registry.base.d.ts +0 -0
- /package/{src/resource → resource}/flows/read-resource.flow.d.ts +0 -0
- /package/{src/resource → resource}/flows/resource-templates-list.flow.d.ts +0 -0
- /package/{src/resource → resource}/flows/resources-list.flow.d.ts +0 -0
- /package/{src/resource → resource}/flows/subscribe-resource.flow.d.ts +0 -0
- /package/{src/resource → resource}/flows/unsubscribe-resource.flow.d.ts +0 -0
- /package/{src/resource → resource}/index.d.ts +0 -0
- /package/{src/resource → resource}/resource.events.d.ts +0 -0
- /package/{src/resource → resource}/resource.instance.d.ts +0 -0
- /package/{src/resource → resource}/resource.registry.d.ts +0 -0
- /package/{src/resource → resource}/resource.types.d.ts +0 -0
- /package/{src/resource → resource}/resource.utils.d.ts +0 -0
- /package/{src/scope → scope}/flows/http.request.flow.d.ts +0 -0
- /package/{src/scope → scope}/index.d.ts +0 -0
- /package/{src/scope → scope}/scope.instance.d.ts +0 -0
- /package/{src/scope → scope}/scope.registry.d.ts +0 -0
- /package/{src/scope → scope}/scope.utils.d.ts +0 -0
- /package/{src/server → server}/adapters/base.host.adapter.d.ts +0 -0
- /package/{src/server → server}/adapters/express.host.adapter.d.ts +0 -0
- /package/{src/server → server}/server.instance.d.ts +0 -0
- /package/{src/server → server}/server.types.d.ts +0 -0
- /package/{src/server → server}/server.validation.d.ts +0 -0
- /package/{src/store → store}/adapters/store.base.adapter.d.ts +0 -0
- /package/{src/store → store}/adapters/store.memory.adapter.d.ts +0 -0
- /package/{src/store → store}/adapters/store.redis.adapter.d.ts +0 -0
- /package/{src/store → store}/adapters/store.vercel-kv.adapter.d.ts +0 -0
- /package/{src/store → store}/index.d.ts +0 -0
- /package/{src/store → store}/store.factory.d.ts +0 -0
- /package/{src/store → store}/store.helpers.d.ts +0 -0
- /package/{src/store → store}/store.registry.d.ts +0 -0
- /package/{src/store → store}/store.tokens.d.ts +0 -0
- /package/{src/store → store}/store.types.d.ts +0 -0
- /package/{src/store → store}/store.utils.d.ts +0 -0
- /package/{src/tool → tool}/flows/call-tool.flow.d.ts +0 -0
- /package/{src/tool → tool}/flows/tools-list.flow.d.ts +0 -0
- /package/{src/tool → tool}/tool.events.d.ts +0 -0
- /package/{src/tool → tool}/tool.instance.d.ts +0 -0
- /package/{src/tool → tool}/tool.registry.d.ts +0 -0
- /package/{src/tool → tool}/tool.types.d.ts +0 -0
- /package/{src/tool → tool}/tool.utils.d.ts +0 -0
- /package/{src/tool → tool}/ui/index.d.ts +0 -0
- /package/{src/tool → tool}/ui/platform-adapters.d.ts +0 -0
- /package/{src/tool → tool}/ui/template-helpers.d.ts +0 -0
- /package/{src/tool → tool}/ui/ui-resource-template.d.ts +0 -0
- /package/{src/tool → tool}/ui/ui-resource.handler.d.ts +0 -0
- /package/{src/transport → transport}/adapters/transport.local.adapter.d.ts +0 -0
- /package/{src/transport → transport}/adapters/transport.sse.adapter.d.ts +0 -0
- /package/{src/transport → transport}/adapters/transport.streamable-http.adapter.d.ts +0 -0
- /package/{src/transport → transport}/flows/handle.sse.flow.d.ts +0 -0
- /package/{src/transport → transport}/flows/handle.stateless-http.flow.d.ts +0 -0
- /package/{src/transport → transport}/flows/handle.streamable-http.flow.d.ts +0 -0
- /package/{src/transport → transport}/legacy/legacy.sse.tranporter.d.ts +0 -0
- /package/{src/transport → transport}/mcp-handlers/Initialized-notification.hanlder.d.ts +0 -0
- /package/{src/transport → transport}/mcp-handlers/call-tool-request.handler.d.ts +0 -0
- /package/{src/transport → transport}/mcp-handlers/complete-request.handler.d.ts +0 -0
- /package/{src/transport → transport}/mcp-handlers/get-prompt-request.handler.d.ts +0 -0
- /package/{src/transport → transport}/mcp-handlers/index.d.ts +0 -0
- /package/{src/transport → transport}/mcp-handlers/initialize-request.handler.d.ts +0 -0
- /package/{src/transport → transport}/mcp-handlers/list-prompts-request.handler.d.ts +0 -0
- /package/{src/transport → transport}/mcp-handlers/list-resource-templates-request.handler.d.ts +0 -0
- /package/{src/transport → transport}/mcp-handlers/list-resources-request.handler.d.ts +0 -0
- /package/{src/transport → transport}/mcp-handlers/list-tools-request.handler.d.ts +0 -0
- /package/{src/transport → transport}/mcp-handlers/logging-set-level-request.handler.d.ts +0 -0
- /package/{src/transport → transport}/mcp-handlers/mcp-handlers.types.d.ts +0 -0
- /package/{src/transport → transport}/mcp-handlers/read-resource-request.handler.d.ts +0 -0
- /package/{src/transport → transport}/mcp-handlers/roots-list-changed-notification.handler.d.ts +0 -0
- /package/{src/transport → transport}/mcp-handlers/subscribe-request.handler.d.ts +0 -0
- /package/{src/transport → transport}/mcp-handlers/unsubscribe-request.handler.d.ts +0 -0
- /package/{src/transport → transport}/transport.error.d.ts +0 -0
- /package/{src/transport → transport}/transport.event-store.d.ts +0 -0
- /package/{src/transport → transport}/transport.local.d.ts +0 -0
- /package/{src/transport → transport}/transport.registry.d.ts +0 -0
- /package/{src/transport → transport}/transport.remote.d.ts +0 -0
- /package/{src/transport → transport}/transport.types.d.ts +0 -0
- /package/{src/types → types}/drinen-hooks.types.d.ts +0 -0
- /package/{src/types → types}/invoke.type.d.ts +0 -0
- /package/{src/types → types}/token.types.d.ts +0 -0
- /package/{src/utils → utils}/content.utils.d.ts +0 -0
- /package/{src/utils → utils}/index.d.ts +0 -0
- /package/{src/utils → utils}/lineage.utils.d.ts +0 -0
- /package/{src/utils → utils}/metadata.utils.d.ts +0 -0
- /package/{src/utils → utils}/naming.utils.d.ts +0 -0
- /package/{src/utils → utils}/server.utils.d.ts +0 -0
- /package/{src/utils → utils}/string.utils.d.ts +0 -0
- /package/{src/utils → utils}/token.utils.d.ts +0 -0
- /package/{src/utils → utils}/types.utils.d.ts +0 -0
- /package/{src/utils → utils}/uri-template.utils.d.ts +0 -0
- /package/{src/utils → utils}/uri-validation.utils.d.ts +0 -0
|
@@ -1,306 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
// auth/authorization/orchestrated.authorization.ts
|
|
3
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
4
|
-
exports.OrchestratedAuthorization = void 0;
|
|
5
|
-
const crypto_1 = require("crypto");
|
|
6
|
-
const authorization_class_1 = require("./authorization.class");
|
|
7
|
-
/**
|
|
8
|
-
* OrchestratedAuthorization - Local auth server with secure token storage
|
|
9
|
-
*
|
|
10
|
-
* In orchestrated mode:
|
|
11
|
-
* - The MCP server acts as an OAuth client to upstream providers
|
|
12
|
-
* - Provider tokens are encrypted and never exposed to the LLM
|
|
13
|
-
* - Supports token refresh and multi-provider scenarios
|
|
14
|
-
* - getToken() retrieves decrypted tokens from secure storage
|
|
15
|
-
* - Ideal for multi-tenant, federated auth, or high-security scenarios
|
|
16
|
-
*/
|
|
17
|
-
class OrchestratedAuthorization extends authorization_class_1.AuthorizationBase {
|
|
18
|
-
mode = 'orchestrated';
|
|
19
|
-
/**
|
|
20
|
-
* Primary provider ID (default for getToken)
|
|
21
|
-
*/
|
|
22
|
-
primaryProviderId;
|
|
23
|
-
/**
|
|
24
|
-
* Token store for secure token retrieval
|
|
25
|
-
*/
|
|
26
|
-
#tokenStore;
|
|
27
|
-
/**
|
|
28
|
-
* Token refresh callback
|
|
29
|
-
*/
|
|
30
|
-
#onTokenRefresh;
|
|
31
|
-
/**
|
|
32
|
-
* Provider states (encrypted tokens)
|
|
33
|
-
*/
|
|
34
|
-
#providerStates;
|
|
35
|
-
constructor(ctx) {
|
|
36
|
-
super(ctx);
|
|
37
|
-
this.primaryProviderId = ctx.primaryProviderId;
|
|
38
|
-
this.#tokenStore = ctx.tokenStore;
|
|
39
|
-
this.#onTokenRefresh = ctx.onTokenRefresh;
|
|
40
|
-
this.#providerStates = ctx.providerStates ?? new Map();
|
|
41
|
-
}
|
|
42
|
-
/**
|
|
43
|
-
* Create an OrchestratedAuthorization
|
|
44
|
-
*
|
|
45
|
-
* @param ctx - Creation context
|
|
46
|
-
* @returns A new OrchestratedAuthorization instance
|
|
47
|
-
*
|
|
48
|
-
* @example
|
|
49
|
-
* ```typescript
|
|
50
|
-
* const auth = OrchestratedAuthorization.create({
|
|
51
|
-
* token: localJwt,
|
|
52
|
-
* user: { sub: 'user123', name: 'John' },
|
|
53
|
-
* primaryProviderId: 'github',
|
|
54
|
-
* tokenStore: redisTokenStore,
|
|
55
|
-
* providers: {
|
|
56
|
-
* github: { id: 'github', secretRefId: 'vault:github:user123' },
|
|
57
|
-
* },
|
|
58
|
-
* });
|
|
59
|
-
*
|
|
60
|
-
* // Retrieve token securely (never exposed to LLM)
|
|
61
|
-
* const githubToken = await auth.getToken('github');
|
|
62
|
-
* ```
|
|
63
|
-
*/
|
|
64
|
-
static create(ctx) {
|
|
65
|
-
const { token, user, scopes = [], claims, expiresAt, primaryProviderId, tokenStore, onTokenRefresh, providers = {}, ...projections } = ctx;
|
|
66
|
-
// Generate authorization ID from token
|
|
67
|
-
const id = OrchestratedAuthorization.generateAuthorizationId(token);
|
|
68
|
-
// Build provider states map
|
|
69
|
-
const providerStates = new Map();
|
|
70
|
-
const authorizedProviders = {};
|
|
71
|
-
const authorizedProviderIds = [];
|
|
72
|
-
for (const [providerId, state] of Object.entries(providers)) {
|
|
73
|
-
providerStates.set(providerId, state);
|
|
74
|
-
authorizedProviderIds.push(providerId);
|
|
75
|
-
// Create snapshot without exposing tokens
|
|
76
|
-
authorizedProviders[providerId] = {
|
|
77
|
-
id: providerId,
|
|
78
|
-
exp: state.expiresAt,
|
|
79
|
-
embedMode: state.secretRefId ? 'ref' : 'store-only',
|
|
80
|
-
secretRefId: state.secretRefId,
|
|
81
|
-
refreshRefId: state.refreshRefId,
|
|
82
|
-
};
|
|
83
|
-
}
|
|
84
|
-
return new OrchestratedAuthorization({
|
|
85
|
-
id,
|
|
86
|
-
isAnonymous: false,
|
|
87
|
-
user,
|
|
88
|
-
claims,
|
|
89
|
-
expiresAt,
|
|
90
|
-
scopes,
|
|
91
|
-
token,
|
|
92
|
-
primaryProviderId,
|
|
93
|
-
tokenStore,
|
|
94
|
-
onTokenRefresh,
|
|
95
|
-
providerStates,
|
|
96
|
-
authorizedProviders,
|
|
97
|
-
authorizedProviderIds,
|
|
98
|
-
...projections,
|
|
99
|
-
});
|
|
100
|
-
}
|
|
101
|
-
/**
|
|
102
|
-
* Get access token for a provider
|
|
103
|
-
*
|
|
104
|
-
* Retrieves the decrypted token from the secure store.
|
|
105
|
-
* If the token is expired and refresh is available, attempts refresh.
|
|
106
|
-
*
|
|
107
|
-
* @param providerId - Provider ID (defaults to primaryProviderId)
|
|
108
|
-
* @returns The decrypted access token
|
|
109
|
-
* @throws If no token store or no token available
|
|
110
|
-
*/
|
|
111
|
-
async getToken(providerId) {
|
|
112
|
-
const targetProviderId = providerId ?? this.primaryProviderId;
|
|
113
|
-
if (!targetProviderId) {
|
|
114
|
-
throw new Error('OrchestratedAuthorization: No provider ID specified and no primary provider set');
|
|
115
|
-
}
|
|
116
|
-
if (!this.#tokenStore) {
|
|
117
|
-
throw new Error('OrchestratedAuthorization: Token store not configured. ' +
|
|
118
|
-
'Orchestrated mode requires a token store for secure token retrieval.');
|
|
119
|
-
}
|
|
120
|
-
// Check if token exists
|
|
121
|
-
const hasToken = await this.#tokenStore.hasTokens(this.id, targetProviderId);
|
|
122
|
-
if (!hasToken) {
|
|
123
|
-
throw new Error(`OrchestratedAuthorization: No tokens available for provider "${targetProviderId}"`);
|
|
124
|
-
}
|
|
125
|
-
// Get access token
|
|
126
|
-
const accessToken = await this.#tokenStore.getAccessToken(this.id, targetProviderId);
|
|
127
|
-
if (accessToken) {
|
|
128
|
-
// Check if token needs refresh
|
|
129
|
-
const providerState = this.#providerStates.get(targetProviderId);
|
|
130
|
-
if (providerState?.expiresAt && providerState.expiresAt < Date.now()) {
|
|
131
|
-
return this.refreshAndGetToken(targetProviderId);
|
|
132
|
-
}
|
|
133
|
-
return accessToken;
|
|
134
|
-
}
|
|
135
|
-
// Try to refresh if we have a refresh token
|
|
136
|
-
return this.refreshAndGetToken(targetProviderId);
|
|
137
|
-
}
|
|
138
|
-
/**
|
|
139
|
-
* Refresh token and return new access token
|
|
140
|
-
*/
|
|
141
|
-
async refreshAndGetToken(providerId) {
|
|
142
|
-
if (!this.#tokenStore || !this.#onTokenRefresh) {
|
|
143
|
-
throw new Error(`OrchestratedAuthorization: Token expired for provider "${providerId}" and refresh not available`);
|
|
144
|
-
}
|
|
145
|
-
const refreshToken = await this.#tokenStore.getRefreshToken(this.id, providerId);
|
|
146
|
-
if (!refreshToken) {
|
|
147
|
-
throw new Error(`OrchestratedAuthorization: No refresh token available for provider "${providerId}"`);
|
|
148
|
-
}
|
|
149
|
-
// Perform refresh
|
|
150
|
-
const result = await this.#onTokenRefresh(providerId, refreshToken);
|
|
151
|
-
// Store new tokens
|
|
152
|
-
await this.#tokenStore.storeTokens(this.id, providerId, {
|
|
153
|
-
accessToken: result.accessToken,
|
|
154
|
-
refreshToken: result.refreshToken,
|
|
155
|
-
expiresAt: result.expiresIn ? Date.now() + result.expiresIn * 1000 : undefined,
|
|
156
|
-
});
|
|
157
|
-
// Update provider state
|
|
158
|
-
const currentState = this.#providerStates.get(providerId);
|
|
159
|
-
if (currentState) {
|
|
160
|
-
currentState.expiresAt = result.expiresIn ? Date.now() + result.expiresIn * 1000 : undefined;
|
|
161
|
-
}
|
|
162
|
-
return result.accessToken;
|
|
163
|
-
}
|
|
164
|
-
/**
|
|
165
|
-
* Generate authorization ID from token
|
|
166
|
-
*/
|
|
167
|
-
static generateAuthorizationId(token) {
|
|
168
|
-
const parts = token.split('.');
|
|
169
|
-
const signature = parts[2] || token;
|
|
170
|
-
return (0, crypto_1.createHash)('sha256').update(signature).digest('hex').substring(0, 16);
|
|
171
|
-
}
|
|
172
|
-
/**
|
|
173
|
-
* Check if a provider has tokens stored
|
|
174
|
-
*/
|
|
175
|
-
hasProvider(providerId) {
|
|
176
|
-
return this.#providerStates.has(providerId);
|
|
177
|
-
}
|
|
178
|
-
/**
|
|
179
|
-
* Get all provider IDs with tokens
|
|
180
|
-
*/
|
|
181
|
-
getProviderIds() {
|
|
182
|
-
return Array.from(this.#providerStates.keys());
|
|
183
|
-
}
|
|
184
|
-
/**
|
|
185
|
-
* Add a new provider to this authorization
|
|
186
|
-
* Used when user authorizes additional providers after initial auth
|
|
187
|
-
*/
|
|
188
|
-
async addProvider(providerId, tokens) {
|
|
189
|
-
if (!this.#tokenStore) {
|
|
190
|
-
throw new Error('OrchestratedAuthorization: Token store required to add providers');
|
|
191
|
-
}
|
|
192
|
-
const expiresAt = tokens.expiresIn ? Date.now() + tokens.expiresIn * 1000 : undefined;
|
|
193
|
-
// Store tokens
|
|
194
|
-
await this.#tokenStore.storeTokens(this.id, providerId, {
|
|
195
|
-
accessToken: tokens.accessToken,
|
|
196
|
-
refreshToken: tokens.refreshToken,
|
|
197
|
-
expiresAt,
|
|
198
|
-
});
|
|
199
|
-
// Update internal state
|
|
200
|
-
this.#providerStates.set(providerId, {
|
|
201
|
-
id: providerId,
|
|
202
|
-
expiresAt,
|
|
203
|
-
secretRefId: `${this.id}:${providerId}`,
|
|
204
|
-
});
|
|
205
|
-
// Note: authorizedProviders/authorizedProviderIds are readonly
|
|
206
|
-
// The caller should create a new authorization if these need to be updated
|
|
207
|
-
}
|
|
208
|
-
// ============================================
|
|
209
|
-
// Progressive/Incremental Authorization
|
|
210
|
-
// ============================================
|
|
211
|
-
/**
|
|
212
|
-
* Mutable app authorization state for progressive auth.
|
|
213
|
-
* This allows expanding authorization without reissuing the session token.
|
|
214
|
-
*/
|
|
215
|
-
#mutableAuthorizedApps = new Map(Object.entries(this.authorizedApps ?? {}));
|
|
216
|
-
/**
|
|
217
|
-
* Add app authorization after initial auth (progressive authorization).
|
|
218
|
-
* Stores app tokens server-side and updates authorized apps without JWT reissue.
|
|
219
|
-
*
|
|
220
|
-
* @param appId - App ID to authorize
|
|
221
|
-
* @param toolIds - Tool IDs accessible through this app authorization
|
|
222
|
-
* @param tokens - OAuth tokens from the app's auth provider
|
|
223
|
-
*
|
|
224
|
-
* @example
|
|
225
|
-
* ```typescript
|
|
226
|
-
* // User clicks auth link for Slack app
|
|
227
|
-
* await auth.addAppAuthorization('slack', ['slack:send_message', 'slack:list_channels'], {
|
|
228
|
-
* accessToken: slackAccessToken,
|
|
229
|
-
* refreshToken: slackRefreshToken,
|
|
230
|
-
* expiresIn: 3600,
|
|
231
|
-
* });
|
|
232
|
-
*
|
|
233
|
-
* // Now slack tools will work without re-auth
|
|
234
|
-
* ```
|
|
235
|
-
*/
|
|
236
|
-
async addAppAuthorization(appId, toolIds, tokens) {
|
|
237
|
-
if (!this.#tokenStore) {
|
|
238
|
-
throw new Error('OrchestratedAuthorization: Token store required for progressive authorization');
|
|
239
|
-
}
|
|
240
|
-
// Use app ID as provider ID for app-specific token storage
|
|
241
|
-
const providerId = `app:${appId}`;
|
|
242
|
-
// Store tokens server-side (SECURITY: never expose in JWT)
|
|
243
|
-
await this.addProvider(providerId, tokens);
|
|
244
|
-
// Track app authorization in mutable state
|
|
245
|
-
this.#mutableAuthorizedApps.set(appId, { id: appId, toolIds });
|
|
246
|
-
}
|
|
247
|
-
/**
|
|
248
|
-
* Get access token for a specific app (for tool execution).
|
|
249
|
-
* Retrieves the app's OAuth token from server-side storage.
|
|
250
|
-
*
|
|
251
|
-
* @param appId - App ID to get token for
|
|
252
|
-
* @returns The decrypted access token, or null if not authorized
|
|
253
|
-
*/
|
|
254
|
-
async getAppToken(appId) {
|
|
255
|
-
if (!this.#mutableAuthorizedApps.has(appId)) {
|
|
256
|
-
return null;
|
|
257
|
-
}
|
|
258
|
-
const providerId = `app:${appId}`;
|
|
259
|
-
try {
|
|
260
|
-
return await this.getToken(providerId);
|
|
261
|
-
}
|
|
262
|
-
catch {
|
|
263
|
-
return null;
|
|
264
|
-
}
|
|
265
|
-
}
|
|
266
|
-
/**
|
|
267
|
-
* Check if an app is authorized (includes progressively authorized apps).
|
|
268
|
-
* Overrides base class to include mutable app authorization state.
|
|
269
|
-
*/
|
|
270
|
-
isAppAuthorized(appId) {
|
|
271
|
-
return this.#mutableAuthorizedApps.has(appId) || super.isAppAuthorized(appId);
|
|
272
|
-
}
|
|
273
|
-
/**
|
|
274
|
-
* Get all authorized app IDs (includes progressively authorized apps).
|
|
275
|
-
*/
|
|
276
|
-
getAllAuthorizedAppIds() {
|
|
277
|
-
const baseIds = new Set(this.authorizedAppIds ?? []);
|
|
278
|
-
for (const appId of this.#mutableAuthorizedApps.keys()) {
|
|
279
|
-
baseIds.add(appId);
|
|
280
|
-
}
|
|
281
|
-
return Array.from(baseIds);
|
|
282
|
-
}
|
|
283
|
-
/**
|
|
284
|
-
* Get tool IDs authorized through an app.
|
|
285
|
-
*/
|
|
286
|
-
getAppToolIds(appId) {
|
|
287
|
-
return this.#mutableAuthorizedApps.get(appId)?.toolIds ?? this.authorizedApps?.[appId]?.toolIds;
|
|
288
|
-
}
|
|
289
|
-
/**
|
|
290
|
-
* Remove a provider from this authorization
|
|
291
|
-
*/
|
|
292
|
-
async removeProvider(providerId) {
|
|
293
|
-
if (this.#tokenStore) {
|
|
294
|
-
await this.#tokenStore.deleteTokens(this.id, providerId);
|
|
295
|
-
}
|
|
296
|
-
this.#providerStates.delete(providerId);
|
|
297
|
-
}
|
|
298
|
-
/**
|
|
299
|
-
* Get the issuer (local orchestrator)
|
|
300
|
-
*/
|
|
301
|
-
get issuer() {
|
|
302
|
-
return this.claims?.['iss'];
|
|
303
|
-
}
|
|
304
|
-
}
|
|
305
|
-
exports.OrchestratedAuthorization = OrchestratedAuthorization;
|
|
306
|
-
//# sourceMappingURL=orchestrated.authorization.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"orchestrated.authorization.js","sourceRoot":"","sources":["../../../../src/auth/authorization/orchestrated.authorization.ts"],"names":[],"mappings":";AAAA,mDAAmD;;;AAEnD,mCAAoC;AACpC,+DAA0D;AAwI1D;;;;;;;;;GASG;AACH,MAAa,yBAA0B,SAAQ,uCAAiB;IACrD,IAAI,GAAa,cAAc,CAAC;IAEzC;;OAEG;IACM,iBAAiB,CAAU;IAEpC;;OAEG;IACM,WAAW,CAAc;IAElC;;OAEG;IACM,eAAe,CAAwB;IAEhD;;OAEG;IACM,eAAe,CAAyC;IAEjE,YACE,GAKC;QAED,KAAK,CAAC,GAAG,CAAC,CAAC;QACX,IAAI,CAAC,iBAAiB,GAAG,GAAG,CAAC,iBAAiB,CAAC;QAC/C,IAAI,CAAC,WAAW,GAAG,GAAG,CAAC,UAAU,CAAC;QAClC,IAAI,CAAC,eAAe,GAAG,GAAG,CAAC,cAAc,CAAC;QAC1C,IAAI,CAAC,eAAe,GAAG,GAAG,CAAC,cAAc,IAAI,IAAI,GAAG,EAAE,CAAC;IACzD,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;OAqBG;IACH,MAAM,CAAC,MAAM,CAAC,GAAuC;QACnD,MAAM,EACJ,KAAK,EACL,IAAI,EACJ,MAAM,GAAG,EAAE,EACX,MAAM,EACN,SAAS,EACT,iBAAiB,EACjB,UAAU,EACV,cAAc,EACd,SAAS,GAAG,EAAE,EACd,GAAG,WAAW,EACf,GAAG,GAAG,CAAC;QAER,uCAAuC;QACvC,MAAM,EAAE,GAAG,yBAAyB,CAAC,uBAAuB,CAAC,KAAK,CAAC,CAAC;QAEpE,4BAA4B;QAC5B,MAAM,cAAc,GAAG,IAAI,GAAG,EAAqC,CAAC;QACpE,MAAM,mBAAmB,GAAqC,EAAE,CAAC;QACjE,MAAM,qBAAqB,GAAa,EAAE,CAAC;QAE3C,KAAK,MAAM,CAAC,UAAU,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;YAC5D,cAAc,CAAC,GAAG,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;YACtC,qBAAqB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAEvC,0CAA0C;YAC1C,mBAAmB,CAAC,UAAU,CAAC,GAAG;gBAChC,EAAE,EAAE,UAAU;gBACd,GAAG,EAAE,KAAK,CAAC,SAAS;gBACpB,SAAS,EAAE,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,YAAY;gBACnD,WAAW,EAAE,KAAK,CAAC,WAAW;gBAC9B,YAAY,EAAE,KAAK,CAAC,YAAY;aACjC,CAAC;QACJ,CAAC;QAED,OAAO,IAAI,yBAAyB,CAAC;YACnC,EAAE;YACF,WAAW,EAAE,KAAK;YAClB,IAAI;YACJ,MAAM;YACN,SAAS;YACT,MAAM;YACN,KAAK;YACL,iBAAiB;YACjB,UAAU;YACV,cAAc;YACd,cAAc;YACd,mBAAmB;YACnB,qBAAqB;YACrB,GAAG,WAAW;SACf,CAAC,CAAC;IACL,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,CAAC,QAAQ,CAAC,UAAmB;QAChC,MAAM,gBAAgB,GAAG,UAAU,IAAI,IAAI,CAAC,iBAAiB,CAAC;QAE9D,IAAI,CAAC,gBAAgB,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CAAC,iFAAiF,CAAC,CAAC;QACrG,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CACb,yDAAyD;gBACvD,sEAAsE,CACzE,CAAC;QACJ,CAAC;QAED,wBAAwB;QACxB,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE,EAAE,gBAAgB,CAAC,CAAC;QAC7E,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,MAAM,IAAI,KAAK,CAAC,gEAAgE,gBAAgB,GAAG,CAAC,CAAC;QACvG,CAAC;QAED,mBAAmB;QACnB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,cAAc,CAAC,IAAI,CAAC,EAAE,EAAE,gBAAgB,CAAC,CAAC;QAErF,IAAI,WAAW,EAAE,CAAC;YAChB,+BAA+B;YAC/B,MAAM,aAAa,GAAG,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;YACjE,IAAI,aAAa,EAAE,SAAS,IAAI,aAAa,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;gBACrE,OAAO,IAAI,CAAC,kBAAkB,CAAC,gBAAgB,CAAC,CAAC;YACnD,CAAC;YACD,OAAO,WAAW,CAAC;QACrB,CAAC;QAED,4CAA4C;QAC5C,OAAO,IAAI,CAAC,kBAAkB,CAAC,gBAAgB,CAAC,CAAC;IACnD,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,kBAAkB,CAAC,UAAkB;QACjD,IAAI,CAAC,IAAI,CAAC,WAAW,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,CAAC;YAC/C,MAAM,IAAI,KAAK,CACb,0DAA0D,UAAU,6BAA6B,CAClG,CAAC;QACJ,CAAC;QAED,MAAM,YAAY,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,eAAe,CAAC,IAAI,CAAC,EAAE,EAAE,UAAU,CAAC,CAAC;QACjF,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,MAAM,IAAI,KAAK,CAAC,uEAAuE,UAAU,GAAG,CAAC,CAAC;QACxG,CAAC;QAED,kBAAkB;QAClB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,UAAU,EAAE,YAAY,CAAC,CAAC;QAEpE,mBAAmB;QACnB,MAAM,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,EAAE,UAAU,EAAE;YACtD,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,YAAY,EAAE,MAAM,CAAC,YAAY;YACjC,SAAS,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC,CAAC,SAAS;SAC/E,CAAC,CAAC;QAEH,wBAAwB;QACxB,MAAM,YAAY,GAAG,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAC1D,IAAI,YAAY,EAAE,CAAC;YACjB,YAAY,CAAC,SAAS,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;QAC/F,CAAC;QAED,OAAO,MAAM,CAAC,WAAW,CAAC;IAC5B,CAAC;IAED;;OAEG;IACK,MAAM,CAAC,uBAAuB,CAAC,KAAa;QAClD,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/B,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC;QACpC,OAAO,IAAA,mBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAC/E,CAAC;IAED;;OAEG;IACH,WAAW,CAAC,UAAkB;QAC5B,OAAO,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC9C,CAAC;IAED;;OAEG;IACH,cAAc;QACZ,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,IAAI,EAAE,CAAC,CAAC;IACjD,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,WAAW,CACf,UAAkB,EAClB,MAIC;QAED,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CAAC,kEAAkE,CAAC,CAAC;QACtF,CAAC;QAED,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;QAEtF,eAAe;QACf,MAAM,IAAI,CAAC,WAAW,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,EAAE,UAAU,EAAE;YACtD,WAAW,EAAE,MAAM,CAAC,WAAW;YAC/B,YAAY,EAAE,MAAM,CAAC,YAAY;YACjC,SAAS;SACV,CAAC,CAAC;QAEH,wBAAwB;QACxB,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,UAAU,EAAE;YACnC,EAAE,EAAE,UAAU;YACd,SAAS;YACT,WAAW,EAAE,GAAG,IAAI,CAAC,EAAE,IAAI,UAAU,EAAE;SACxC,CAAC,CAAC;QAEH,+DAA+D;QAC/D,2EAA2E;IAC7E,CAAC;IAED,+CAA+C;IAC/C,wCAAwC;IACxC,+CAA+C;IAE/C;;;OAGG;IACH,sBAAsB,GAAmD,IAAI,GAAG,CAC9E,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,cAAc,IAAI,EAAE,CAAC,CAC1C,CAAC;IAEF;;;;;;;;;;;;;;;;;;;OAmBG;IACH,KAAK,CAAC,mBAAmB,CACvB,KAAa,EACb,OAAiB,EACjB,MAIC;QAED,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CAAC,+EAA+E,CAAC,CAAC;QACnG,CAAC;QAED,2DAA2D;QAC3D,MAAM,UAAU,GAAG,OAAO,KAAK,EAAE,CAAC;QAElC,2DAA2D;QAC3D,MAAM,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;QAE3C,2CAA2C;QAC3C,IAAI,CAAC,sBAAsB,CAAC,GAAG,CAAC,KAAK,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;IACjE,CAAC;IAED;;;;;;OAMG;IACH,KAAK,CAAC,WAAW,CAAC,KAAa;QAC7B,IAAI,CAAC,IAAI,CAAC,sBAAsB,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;YAC5C,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,UAAU,GAAG,OAAO,KAAK,EAAE,CAAC;QAElC,IAAI,CAAC;YACH,OAAO,MAAM,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;QACzC,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED;;;OAGG;IACM,eAAe,CAAC,KAAa;QACpC,OAAO,IAAI,CAAC,sBAAsB,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;IAChF,CAAC;IAED;;OAEG;IACH,sBAAsB;QACpB,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,gBAAgB,IAAI,EAAE,CAAC,CAAC;QACrD,KAAK,MAAM,KAAK,IAAI,IAAI,CAAC,sBAAsB,CAAC,IAAI,EAAE,EAAE,CAAC;YACvD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACrB,CAAC;QACD,OAAO,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAC7B,CAAC;IAED;;OAEG;IACH,aAAa,CAAC,KAAa;QACzB,OAAO,IAAI,CAAC,sBAAsB,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,OAAO,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC,KAAK,CAAC,EAAE,OAAO,CAAC;IAClG,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc,CAAC,UAAkB;QACrC,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;YACrB,MAAM,IAAI,CAAC,WAAW,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,EAAE,UAAU,CAAC,CAAC;QAC3D,CAAC;QACD,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;IAC1C,CAAC;IAED;;OAEG;IACH,IAAI,MAAM;QACR,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC,KAAK,CAAuB,CAAC;IACpD,CAAC;CACF;AAnXD,8DAmXC","sourcesContent":["// auth/authorization/orchestrated.authorization.ts\n\nimport { createHash } from 'crypto';\nimport { AuthorizationBase } from './authorization.class';\nimport { AuthorizationCreateCtx, AuthUser } from './authorization.types';\nimport { ProviderSnapshot } from '../session/session.types';\nimport { EncryptedBlob } from '../session';\nimport { AuthMode } from '../../common';\n\n/**\n * Token store interface for orchestrated mode\n * Implementations can be memory-based, Redis, or custom stores\n */\nexport interface TokenStore {\n /**\n * Retrieve decrypted access token for a provider\n */\n getAccessToken(authorizationId: string, providerId: string): Promise<string | null>;\n\n /**\n * Retrieve decrypted refresh token for a provider\n */\n getRefreshToken(authorizationId: string, providerId: string): Promise<string | null>;\n\n /**\n * Store tokens for a provider (encrypted)\n */\n storeTokens(\n authorizationId: string,\n providerId: string,\n tokens: {\n accessToken: string;\n refreshToken?: string;\n expiresAt?: number;\n },\n ): Promise<void>;\n\n /**\n * Delete tokens for a provider\n */\n deleteTokens(authorizationId: string, providerId: string): Promise<void>;\n\n /**\n * Check if tokens exist for a provider\n */\n hasTokens(authorizationId: string, providerId: string): Promise<boolean>;\n}\n\n/**\n * Token refresh callback type\n */\nexport type TokenRefreshCallback = (\n providerId: string,\n refreshToken: string,\n) => Promise<{\n accessToken: string;\n refreshToken?: string;\n expiresIn?: number;\n}>;\n\n/**\n * Provider token state for orchestrated authorization\n */\nexport interface OrchestratedProviderState {\n /** Provider ID */\n id: string;\n /** Encrypted access token blob */\n accessTokenEnc?: EncryptedBlob;\n /** Encrypted refresh token blob */\n refreshTokenEnc?: EncryptedBlob;\n /** Token expiration (epoch ms) */\n expiresAt?: number;\n /** External reference ID (for vault/store) */\n secretRefId?: string;\n /** Refresh reference ID */\n refreshRefId?: string;\n}\n\n/**\n * Context for creating an OrchestratedAuthorization\n */\nexport interface OrchestratedAuthorizationCreateCtx {\n /**\n * The local JWT issued by the orchestrating server\n */\n token: string;\n\n /**\n * User identity from upstream provider\n */\n user: AuthUser;\n\n /**\n * Scopes granted to this authorization\n */\n scopes?: string[];\n\n /**\n * JWT claims\n */\n claims?: Record<string, unknown>;\n\n /**\n * Expiration (epoch ms)\n */\n expiresAt?: number;\n\n /**\n * Primary provider ID (default for getToken)\n */\n primaryProviderId?: string;\n\n /**\n * Token store for retrieving/storing provider tokens\n */\n tokenStore?: TokenStore;\n\n /**\n * Token refresh callback\n */\n onTokenRefresh?: TokenRefreshCallback;\n\n /**\n * Provider states (with encrypted tokens)\n */\n providers?: Record<string, OrchestratedProviderState>;\n\n /**\n * Precomputed authorization projections\n */\n authorizedTools?: AuthorizationCreateCtx['authorizedTools'];\n authorizedToolIds?: string[];\n authorizedPrompts?: AuthorizationCreateCtx['authorizedPrompts'];\n authorizedPromptIds?: string[];\n authorizedApps?: AuthorizationCreateCtx['authorizedApps'];\n authorizedAppIds?: string[];\n authorizedResources?: string[];\n}\n\n/**\n * OrchestratedAuthorization - Local auth server with secure token storage\n *\n * In orchestrated mode:\n * - The MCP server acts as an OAuth client to upstream providers\n * - Provider tokens are encrypted and never exposed to the LLM\n * - Supports token refresh and multi-provider scenarios\n * - getToken() retrieves decrypted tokens from secure storage\n * - Ideal for multi-tenant, federated auth, or high-security scenarios\n */\nexport class OrchestratedAuthorization extends AuthorizationBase {\n readonly mode: AuthMode = 'orchestrated';\n\n /**\n * Primary provider ID (default for getToken)\n */\n readonly primaryProviderId?: string;\n\n /**\n * Token store for secure token retrieval\n */\n readonly #tokenStore?: TokenStore;\n\n /**\n * Token refresh callback\n */\n readonly #onTokenRefresh?: TokenRefreshCallback;\n\n /**\n * Provider states (encrypted tokens)\n */\n readonly #providerStates: Map<string, OrchestratedProviderState>;\n\n private constructor(\n ctx: AuthorizationCreateCtx & {\n primaryProviderId?: string;\n tokenStore?: TokenStore;\n onTokenRefresh?: TokenRefreshCallback;\n providerStates?: Map<string, OrchestratedProviderState>;\n },\n ) {\n super(ctx);\n this.primaryProviderId = ctx.primaryProviderId;\n this.#tokenStore = ctx.tokenStore;\n this.#onTokenRefresh = ctx.onTokenRefresh;\n this.#providerStates = ctx.providerStates ?? new Map();\n }\n\n /**\n * Create an OrchestratedAuthorization\n *\n * @param ctx - Creation context\n * @returns A new OrchestratedAuthorization instance\n *\n * @example\n * ```typescript\n * const auth = OrchestratedAuthorization.create({\n * token: localJwt,\n * user: { sub: 'user123', name: 'John' },\n * primaryProviderId: 'github',\n * tokenStore: redisTokenStore,\n * providers: {\n * github: { id: 'github', secretRefId: 'vault:github:user123' },\n * },\n * });\n *\n * // Retrieve token securely (never exposed to LLM)\n * const githubToken = await auth.getToken('github');\n * ```\n */\n static create(ctx: OrchestratedAuthorizationCreateCtx): OrchestratedAuthorization {\n const {\n token,\n user,\n scopes = [],\n claims,\n expiresAt,\n primaryProviderId,\n tokenStore,\n onTokenRefresh,\n providers = {},\n ...projections\n } = ctx;\n\n // Generate authorization ID from token\n const id = OrchestratedAuthorization.generateAuthorizationId(token);\n\n // Build provider states map\n const providerStates = new Map<string, OrchestratedProviderState>();\n const authorizedProviders: Record<string, ProviderSnapshot> = {};\n const authorizedProviderIds: string[] = [];\n\n for (const [providerId, state] of Object.entries(providers)) {\n providerStates.set(providerId, state);\n authorizedProviderIds.push(providerId);\n\n // Create snapshot without exposing tokens\n authorizedProviders[providerId] = {\n id: providerId,\n exp: state.expiresAt,\n embedMode: state.secretRefId ? 'ref' : 'store-only',\n secretRefId: state.secretRefId,\n refreshRefId: state.refreshRefId,\n };\n }\n\n return new OrchestratedAuthorization({\n id,\n isAnonymous: false,\n user,\n claims,\n expiresAt,\n scopes,\n token,\n primaryProviderId,\n tokenStore,\n onTokenRefresh,\n providerStates,\n authorizedProviders,\n authorizedProviderIds,\n ...projections,\n });\n }\n\n /**\n * Get access token for a provider\n *\n * Retrieves the decrypted token from the secure store.\n * If the token is expired and refresh is available, attempts refresh.\n *\n * @param providerId - Provider ID (defaults to primaryProviderId)\n * @returns The decrypted access token\n * @throws If no token store or no token available\n */\n async getToken(providerId?: string): Promise<string> {\n const targetProviderId = providerId ?? this.primaryProviderId;\n\n if (!targetProviderId) {\n throw new Error('OrchestratedAuthorization: No provider ID specified and no primary provider set');\n }\n\n if (!this.#tokenStore) {\n throw new Error(\n 'OrchestratedAuthorization: Token store not configured. ' +\n 'Orchestrated mode requires a token store for secure token retrieval.',\n );\n }\n\n // Check if token exists\n const hasToken = await this.#tokenStore.hasTokens(this.id, targetProviderId);\n if (!hasToken) {\n throw new Error(`OrchestratedAuthorization: No tokens available for provider \"${targetProviderId}\"`);\n }\n\n // Get access token\n const accessToken = await this.#tokenStore.getAccessToken(this.id, targetProviderId);\n\n if (accessToken) {\n // Check if token needs refresh\n const providerState = this.#providerStates.get(targetProviderId);\n if (providerState?.expiresAt && providerState.expiresAt < Date.now()) {\n return this.refreshAndGetToken(targetProviderId);\n }\n return accessToken;\n }\n\n // Try to refresh if we have a refresh token\n return this.refreshAndGetToken(targetProviderId);\n }\n\n /**\n * Refresh token and return new access token\n */\n private async refreshAndGetToken(providerId: string): Promise<string> {\n if (!this.#tokenStore || !this.#onTokenRefresh) {\n throw new Error(\n `OrchestratedAuthorization: Token expired for provider \"${providerId}\" and refresh not available`,\n );\n }\n\n const refreshToken = await this.#tokenStore.getRefreshToken(this.id, providerId);\n if (!refreshToken) {\n throw new Error(`OrchestratedAuthorization: No refresh token available for provider \"${providerId}\"`);\n }\n\n // Perform refresh\n const result = await this.#onTokenRefresh(providerId, refreshToken);\n\n // Store new tokens\n await this.#tokenStore.storeTokens(this.id, providerId, {\n accessToken: result.accessToken,\n refreshToken: result.refreshToken,\n expiresAt: result.expiresIn ? Date.now() + result.expiresIn * 1000 : undefined,\n });\n\n // Update provider state\n const currentState = this.#providerStates.get(providerId);\n if (currentState) {\n currentState.expiresAt = result.expiresIn ? Date.now() + result.expiresIn * 1000 : undefined;\n }\n\n return result.accessToken;\n }\n\n /**\n * Generate authorization ID from token\n */\n private static generateAuthorizationId(token: string): string {\n const parts = token.split('.');\n const signature = parts[2] || token;\n return createHash('sha256').update(signature).digest('hex').substring(0, 16);\n }\n\n /**\n * Check if a provider has tokens stored\n */\n hasProvider(providerId: string): boolean {\n return this.#providerStates.has(providerId);\n }\n\n /**\n * Get all provider IDs with tokens\n */\n getProviderIds(): string[] {\n return Array.from(this.#providerStates.keys());\n }\n\n /**\n * Add a new provider to this authorization\n * Used when user authorizes additional providers after initial auth\n */\n async addProvider(\n providerId: string,\n tokens: {\n accessToken: string;\n refreshToken?: string;\n expiresIn?: number;\n },\n ): Promise<void> {\n if (!this.#tokenStore) {\n throw new Error('OrchestratedAuthorization: Token store required to add providers');\n }\n\n const expiresAt = tokens.expiresIn ? Date.now() + tokens.expiresIn * 1000 : undefined;\n\n // Store tokens\n await this.#tokenStore.storeTokens(this.id, providerId, {\n accessToken: tokens.accessToken,\n refreshToken: tokens.refreshToken,\n expiresAt,\n });\n\n // Update internal state\n this.#providerStates.set(providerId, {\n id: providerId,\n expiresAt,\n secretRefId: `${this.id}:${providerId}`,\n });\n\n // Note: authorizedProviders/authorizedProviderIds are readonly\n // The caller should create a new authorization if these need to be updated\n }\n\n // ============================================\n // Progressive/Incremental Authorization\n // ============================================\n\n /**\n * Mutable app authorization state for progressive auth.\n * This allows expanding authorization without reissuing the session token.\n */\n #mutableAuthorizedApps: Map<string, { id: string; toolIds: string[] }> = new Map(\n Object.entries(this.authorizedApps ?? {}),\n );\n\n /**\n * Add app authorization after initial auth (progressive authorization).\n * Stores app tokens server-side and updates authorized apps without JWT reissue.\n *\n * @param appId - App ID to authorize\n * @param toolIds - Tool IDs accessible through this app authorization\n * @param tokens - OAuth tokens from the app's auth provider\n *\n * @example\n * ```typescript\n * // User clicks auth link for Slack app\n * await auth.addAppAuthorization('slack', ['slack:send_message', 'slack:list_channels'], {\n * accessToken: slackAccessToken,\n * refreshToken: slackRefreshToken,\n * expiresIn: 3600,\n * });\n *\n * // Now slack tools will work without re-auth\n * ```\n */\n async addAppAuthorization(\n appId: string,\n toolIds: string[],\n tokens: {\n accessToken: string;\n refreshToken?: string;\n expiresIn?: number;\n },\n ): Promise<void> {\n if (!this.#tokenStore) {\n throw new Error('OrchestratedAuthorization: Token store required for progressive authorization');\n }\n\n // Use app ID as provider ID for app-specific token storage\n const providerId = `app:${appId}`;\n\n // Store tokens server-side (SECURITY: never expose in JWT)\n await this.addProvider(providerId, tokens);\n\n // Track app authorization in mutable state\n this.#mutableAuthorizedApps.set(appId, { id: appId, toolIds });\n }\n\n /**\n * Get access token for a specific app (for tool execution).\n * Retrieves the app's OAuth token from server-side storage.\n *\n * @param appId - App ID to get token for\n * @returns The decrypted access token, or null if not authorized\n */\n async getAppToken(appId: string): Promise<string | null> {\n if (!this.#mutableAuthorizedApps.has(appId)) {\n return null;\n }\n\n const providerId = `app:${appId}`;\n\n try {\n return await this.getToken(providerId);\n } catch {\n return null;\n }\n }\n\n /**\n * Check if an app is authorized (includes progressively authorized apps).\n * Overrides base class to include mutable app authorization state.\n */\n override isAppAuthorized(appId: string): boolean {\n return this.#mutableAuthorizedApps.has(appId) || super.isAppAuthorized(appId);\n }\n\n /**\n * Get all authorized app IDs (includes progressively authorized apps).\n */\n getAllAuthorizedAppIds(): string[] {\n const baseIds = new Set(this.authorizedAppIds ?? []);\n for (const appId of this.#mutableAuthorizedApps.keys()) {\n baseIds.add(appId);\n }\n return Array.from(baseIds);\n }\n\n /**\n * Get tool IDs authorized through an app.\n */\n getAppToolIds(appId: string): string[] | undefined {\n return this.#mutableAuthorizedApps.get(appId)?.toolIds ?? this.authorizedApps?.[appId]?.toolIds;\n }\n\n /**\n * Remove a provider from this authorization\n */\n async removeProvider(providerId: string): Promise<void> {\n if (this.#tokenStore) {\n await this.#tokenStore.deleteTokens(this.id, providerId);\n }\n this.#providerStates.delete(providerId);\n }\n\n /**\n * Get the issuer (local orchestrator)\n */\n get issuer(): string | undefined {\n return this.claims?.['iss'] as string | undefined;\n }\n}\n"]}
|
|
@@ -1,132 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
// auth/authorization/public.authorization.ts
|
|
3
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
4
|
-
exports.PublicAuthorization = void 0;
|
|
5
|
-
const crypto_1 = require("crypto");
|
|
6
|
-
const authorization_class_1 = require("./authorization.class");
|
|
7
|
-
/**
|
|
8
|
-
* PublicAuthorization - Authorization for public/anonymous access mode
|
|
9
|
-
*
|
|
10
|
-
* In public mode:
|
|
11
|
-
* - No authentication is required
|
|
12
|
-
* - Anonymous sessions are auto-generated
|
|
13
|
-
* - getToken() throws - anonymous users cannot access provider tokens
|
|
14
|
-
* - Ideal for development, docs, public wikis, and read-only resources
|
|
15
|
-
*/
|
|
16
|
-
class PublicAuthorization extends authorization_class_1.AuthorizationBase {
|
|
17
|
-
mode = 'public';
|
|
18
|
-
/**
|
|
19
|
-
* Issuer identifier for the anonymous authorization
|
|
20
|
-
*/
|
|
21
|
-
issuer;
|
|
22
|
-
constructor(ctx) {
|
|
23
|
-
super(ctx);
|
|
24
|
-
this.issuer = ctx.issuer;
|
|
25
|
-
}
|
|
26
|
-
/**
|
|
27
|
-
* Create a new PublicAuthorization for anonymous access
|
|
28
|
-
*
|
|
29
|
-
* @param ctx - Creation context with optional configuration
|
|
30
|
-
* @returns A new PublicAuthorization instance
|
|
31
|
-
*
|
|
32
|
-
* @example
|
|
33
|
-
* ```typescript
|
|
34
|
-
* const auth = PublicAuthorization.create({
|
|
35
|
-
* scopes: ['read', 'anonymous'],
|
|
36
|
-
* ttlMs: 3600000,
|
|
37
|
-
* allowedTools: ['search', 'get-docs'],
|
|
38
|
-
* });
|
|
39
|
-
* ```
|
|
40
|
-
*/
|
|
41
|
-
static create(ctx = {}) {
|
|
42
|
-
const { prefix = 'anon', scopes = ['anonymous'], ttlMs = 3600000, // 1 hour default
|
|
43
|
-
issuer, allowedTools = 'all', allowedPrompts = 'all', } = ctx;
|
|
44
|
-
// Generate anonymous user identity
|
|
45
|
-
const uuid = (0, crypto_1.randomUUID)();
|
|
46
|
-
const sub = `${prefix}:${uuid}`;
|
|
47
|
-
const user = {
|
|
48
|
-
sub,
|
|
49
|
-
name: 'Anonymous',
|
|
50
|
-
anonymous: true,
|
|
51
|
-
};
|
|
52
|
-
// Calculate expiration
|
|
53
|
-
const expiresAt = ttlMs ? Date.now() + ttlMs : undefined;
|
|
54
|
-
// Build authorized tools map
|
|
55
|
-
const authorizedTools = {};
|
|
56
|
-
const authorizedToolIds = [];
|
|
57
|
-
if (allowedTools !== 'all' && Array.isArray(allowedTools)) {
|
|
58
|
-
for (const toolId of allowedTools) {
|
|
59
|
-
authorizedTools[toolId] = {
|
|
60
|
-
executionPath: ['public', toolId],
|
|
61
|
-
};
|
|
62
|
-
authorizedToolIds.push(toolId);
|
|
63
|
-
}
|
|
64
|
-
}
|
|
65
|
-
// Build authorized prompts map
|
|
66
|
-
const authorizedPrompts = {};
|
|
67
|
-
const authorizedPromptIds = [];
|
|
68
|
-
if (allowedPrompts !== 'all' && Array.isArray(allowedPrompts)) {
|
|
69
|
-
for (const promptId of allowedPrompts) {
|
|
70
|
-
authorizedPrompts[promptId] = {
|
|
71
|
-
executionPath: ['public', promptId],
|
|
72
|
-
};
|
|
73
|
-
authorizedPromptIds.push(promptId);
|
|
74
|
-
}
|
|
75
|
-
}
|
|
76
|
-
return new PublicAuthorization({
|
|
77
|
-
id: sub,
|
|
78
|
-
isAnonymous: true,
|
|
79
|
-
user,
|
|
80
|
-
scopes,
|
|
81
|
-
expiresAt,
|
|
82
|
-
issuer,
|
|
83
|
-
authorizedTools: allowedTools === 'all' ? undefined : authorizedTools,
|
|
84
|
-
authorizedToolIds: allowedTools === 'all' ? undefined : authorizedToolIds,
|
|
85
|
-
authorizedPrompts: allowedPrompts === 'all' ? undefined : authorizedPrompts,
|
|
86
|
-
authorizedPromptIds: allowedPrompts === 'all' ? undefined : authorizedPromptIds,
|
|
87
|
-
});
|
|
88
|
-
}
|
|
89
|
-
/**
|
|
90
|
-
* Anonymous users cannot access provider tokens
|
|
91
|
-
*
|
|
92
|
-
* @throws Error always - anonymous users do not have provider tokens
|
|
93
|
-
*/
|
|
94
|
-
async getToken(_providerId) {
|
|
95
|
-
throw new Error('PublicAuthorization: Anonymous users cannot access provider tokens. ' +
|
|
96
|
-
'Use transparent or orchestrated mode for token access.');
|
|
97
|
-
}
|
|
98
|
-
/**
|
|
99
|
-
* Check if all tools are allowed (public access)
|
|
100
|
-
*/
|
|
101
|
-
get allowsAllTools() {
|
|
102
|
-
return this.authorizedToolIds.length === 0 && Object.keys(this.authorizedTools).length === 0;
|
|
103
|
-
}
|
|
104
|
-
/**
|
|
105
|
-
* Check if all prompts are allowed (public access)
|
|
106
|
-
*/
|
|
107
|
-
get allowsAllPrompts() {
|
|
108
|
-
return this.authorizedPromptIds.length === 0 && Object.keys(this.authorizedPrompts).length === 0;
|
|
109
|
-
}
|
|
110
|
-
/**
|
|
111
|
-
* Override canAccessTool to support 'all' mode
|
|
112
|
-
*/
|
|
113
|
-
canAccessTool(toolId) {
|
|
114
|
-
// If no specific tools defined, all are allowed
|
|
115
|
-
if (this.allowsAllTools) {
|
|
116
|
-
return true;
|
|
117
|
-
}
|
|
118
|
-
return super.canAccessTool(toolId);
|
|
119
|
-
}
|
|
120
|
-
/**
|
|
121
|
-
* Override canAccessPrompt to support 'all' mode
|
|
122
|
-
*/
|
|
123
|
-
canAccessPrompt(promptId) {
|
|
124
|
-
// If no specific prompts defined, all are allowed
|
|
125
|
-
if (this.allowsAllPrompts) {
|
|
126
|
-
return true;
|
|
127
|
-
}
|
|
128
|
-
return super.canAccessPrompt(promptId);
|
|
129
|
-
}
|
|
130
|
-
}
|
|
131
|
-
exports.PublicAuthorization = PublicAuthorization;
|
|
132
|
-
//# sourceMappingURL=public.authorization.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"public.authorization.js","sourceRoot":"","sources":["../../../../src/auth/authorization/public.authorization.ts"],"names":[],"mappings":";AAAA,6CAA6C;;;AAE7C,mCAAoC;AACpC,+DAA0D;AA4C1D;;;;;;;;GAQG;AACH,MAAa,mBAAoB,SAAQ,uCAAiB;IAC/C,IAAI,GAAa,QAAQ,CAAC;IAEnC;;OAEG;IACM,MAAM,CAAU;IAEzB,YAAoB,GAAiD;QACnE,KAAK,CAAC,GAAG,CAAC,CAAC;QACX,IAAI,CAAC,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC;IAC3B,CAAC;IAED;;;;;;;;;;;;;;OAcG;IACH,MAAM,CAAC,MAAM,CAAC,MAAoC,EAAE;QAClD,MAAM,EACJ,MAAM,GAAG,MAAM,EACf,MAAM,GAAG,CAAC,WAAW,CAAC,EACtB,KAAK,GAAG,OAAO,EAAE,iBAAiB;QAClC,MAAM,EACN,YAAY,GAAG,KAAK,EACpB,cAAc,GAAG,KAAK,GACvB,GAAG,GAAG,CAAC;QAER,mCAAmC;QACnC,MAAM,IAAI,GAAG,IAAA,mBAAU,GAAE,CAAC;QAC1B,MAAM,GAAG,GAAG,GAAG,MAAM,IAAI,IAAI,EAAE,CAAC;QAEhC,MAAM,IAAI,GAAa;YACrB,GAAG;YACH,IAAI,EAAE,WAAW;YACjB,SAAS,EAAE,IAAI;SAChB,CAAC;QAEF,uBAAuB;QACvB,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC;QAEzD,6BAA6B;QAC7B,MAAM,eAAe,GAA8C,EAAE,CAAC;QACtE,MAAM,iBAAiB,GAAa,EAAE,CAAC;QACvC,IAAI,YAAY,KAAK,KAAK,IAAI,KAAK,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,CAAC;YAC1D,KAAK,MAAM,MAAM,IAAI,YAAY,EAAE,CAAC;gBAClC,eAAe,CAAC,MAAM,CAAC,GAAG;oBACxB,aAAa,EAAE,CAAC,QAAQ,EAAE,MAAM,CAAC;iBAClC,CAAC;gBACF,iBAAiB,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACjC,CAAC;QACH,CAAC;QAED,+BAA+B;QAC/B,MAAM,iBAAiB,GAAgD,EAAE,CAAC;QAC1E,MAAM,mBAAmB,GAAa,EAAE,CAAC;QACzC,IAAI,cAAc,KAAK,KAAK,IAAI,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE,CAAC;YAC9D,KAAK,MAAM,QAAQ,IAAI,cAAc,EAAE,CAAC;gBACtC,iBAAiB,CAAC,QAAQ,CAAC,GAAG;oBAC5B,aAAa,EAAE,CAAC,QAAQ,EAAE,QAAQ,CAAC;iBACpC,CAAC;gBACF,mBAAmB,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACrC,CAAC;QACH,CAAC;QAED,OAAO,IAAI,mBAAmB,CAAC;YAC7B,EAAE,EAAE,GAAG;YACP,WAAW,EAAE,IAAI;YACjB,IAAI;YACJ,MAAM;YACN,SAAS;YACT,MAAM;YACN,eAAe,EAAE,YAAY,KAAK,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,eAAe;YACrE,iBAAiB,EAAE,YAAY,KAAK,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,iBAAiB;YACzE,iBAAiB,EAAE,cAAc,KAAK,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,iBAAiB;YAC3E,mBAAmB,EAAE,cAAc,KAAK,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,mBAAmB;SAChF,CAAC,CAAC;IACL,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,QAAQ,CAAC,WAAoB;QACjC,MAAM,IAAI,KAAK,CACb,sEAAsE;YACpE,wDAAwD,CAC3D,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,IAAI,cAAc;QAChB,OAAO,IAAI,CAAC,iBAAiB,CAAC,MAAM,KAAK,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC;IAC/F,CAAC;IAED;;OAEG;IACH,IAAI,gBAAgB;QAClB,OAAO,IAAI,CAAC,mBAAmB,CAAC,MAAM,KAAK,CAAC,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC;IACnG,CAAC;IAED;;OAEG;IACM,aAAa,CAAC,MAAc;QACnC,gDAAgD;QAChD,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACxB,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,KAAK,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;IACrC,CAAC;IAED;;OAEG;IACM,eAAe,CAAC,QAAgB;QACvC,kDAAkD;QAClD,IAAI,IAAI,CAAC,gBAAgB,EAAE,CAAC;YAC1B,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,KAAK,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;IACzC,CAAC;CACF;AAxID,kDAwIC","sourcesContent":["// auth/authorization/public.authorization.ts\n\nimport { randomUUID } from 'crypto';\nimport { AuthorizationBase } from './authorization.class';\nimport { AuthorizationCreateCtx, AuthUser } from './authorization.types';\nimport { AuthMode } from '../../common';\n\n/**\n * Context for creating a PublicAuthorization\n */\nexport interface PublicAuthorizationCreateCtx {\n /**\n * Anonymous user's identifier prefix\n * @default 'anon'\n */\n prefix?: string;\n\n /**\n * Anonymous scopes granted to the user\n * @default ['anonymous']\n */\n scopes?: string[];\n\n /**\n * Session TTL in milliseconds\n * @default 3600000 (1 hour)\n */\n ttlMs?: number;\n\n /**\n * Issuer identifier for the anonymous JWT\n */\n issuer?: string;\n\n /**\n * Allowed tools for anonymous access\n * If 'all', all tools are allowed\n */\n allowedTools?: 'all' | string[];\n\n /**\n * Allowed prompts for anonymous access\n * If 'all', all prompts are allowed\n */\n allowedPrompts?: 'all' | string[];\n}\n\n/**\n * PublicAuthorization - Authorization for public/anonymous access mode\n *\n * In public mode:\n * - No authentication is required\n * - Anonymous sessions are auto-generated\n * - getToken() throws - anonymous users cannot access provider tokens\n * - Ideal for development, docs, public wikis, and read-only resources\n */\nexport class PublicAuthorization extends AuthorizationBase {\n readonly mode: AuthMode = 'public';\n\n /**\n * Issuer identifier for the anonymous authorization\n */\n readonly issuer?: string;\n\n private constructor(ctx: AuthorizationCreateCtx & { issuer?: string }) {\n super(ctx);\n this.issuer = ctx.issuer;\n }\n\n /**\n * Create a new PublicAuthorization for anonymous access\n *\n * @param ctx - Creation context with optional configuration\n * @returns A new PublicAuthorization instance\n *\n * @example\n * ```typescript\n * const auth = PublicAuthorization.create({\n * scopes: ['read', 'anonymous'],\n * ttlMs: 3600000,\n * allowedTools: ['search', 'get-docs'],\n * });\n * ```\n */\n static create(ctx: PublicAuthorizationCreateCtx = {}): PublicAuthorization {\n const {\n prefix = 'anon',\n scopes = ['anonymous'],\n ttlMs = 3600000, // 1 hour default\n issuer,\n allowedTools = 'all',\n allowedPrompts = 'all',\n } = ctx;\n\n // Generate anonymous user identity\n const uuid = randomUUID();\n const sub = `${prefix}:${uuid}`;\n\n const user: AuthUser = {\n sub,\n name: 'Anonymous',\n anonymous: true,\n };\n\n // Calculate expiration\n const expiresAt = ttlMs ? Date.now() + ttlMs : undefined;\n\n // Build authorized tools map\n const authorizedTools: AuthorizationCreateCtx['authorizedTools'] = {};\n const authorizedToolIds: string[] = [];\n if (allowedTools !== 'all' && Array.isArray(allowedTools)) {\n for (const toolId of allowedTools) {\n authorizedTools[toolId] = {\n executionPath: ['public', toolId],\n };\n authorizedToolIds.push(toolId);\n }\n }\n\n // Build authorized prompts map\n const authorizedPrompts: AuthorizationCreateCtx['authorizedPrompts'] = {};\n const authorizedPromptIds: string[] = [];\n if (allowedPrompts !== 'all' && Array.isArray(allowedPrompts)) {\n for (const promptId of allowedPrompts) {\n authorizedPrompts[promptId] = {\n executionPath: ['public', promptId],\n };\n authorizedPromptIds.push(promptId);\n }\n }\n\n return new PublicAuthorization({\n id: sub,\n isAnonymous: true,\n user,\n scopes,\n expiresAt,\n issuer,\n authorizedTools: allowedTools === 'all' ? undefined : authorizedTools,\n authorizedToolIds: allowedTools === 'all' ? undefined : authorizedToolIds,\n authorizedPrompts: allowedPrompts === 'all' ? undefined : authorizedPrompts,\n authorizedPromptIds: allowedPrompts === 'all' ? undefined : authorizedPromptIds,\n });\n }\n\n /**\n * Anonymous users cannot access provider tokens\n *\n * @throws Error always - anonymous users do not have provider tokens\n */\n async getToken(_providerId?: string): Promise<string> {\n throw new Error(\n 'PublicAuthorization: Anonymous users cannot access provider tokens. ' +\n 'Use transparent or orchestrated mode for token access.',\n );\n }\n\n /**\n * Check if all tools are allowed (public access)\n */\n get allowsAllTools(): boolean {\n return this.authorizedToolIds.length === 0 && Object.keys(this.authorizedTools).length === 0;\n }\n\n /**\n * Check if all prompts are allowed (public access)\n */\n get allowsAllPrompts(): boolean {\n return this.authorizedPromptIds.length === 0 && Object.keys(this.authorizedPrompts).length === 0;\n }\n\n /**\n * Override canAccessTool to support 'all' mode\n */\n override canAccessTool(toolId: string): boolean {\n // If no specific tools defined, all are allowed\n if (this.allowsAllTools) {\n return true;\n }\n return super.canAccessTool(toolId);\n }\n\n /**\n * Override canAccessPrompt to support 'all' mode\n */\n override canAccessPrompt(promptId: string): boolean {\n // If no specific prompts defined, all are allowed\n if (this.allowsAllPrompts) {\n return true;\n }\n return super.canAccessPrompt(promptId);\n }\n}\n"]}
|
|
@@ -1,147 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
// auth/authorization/transparent.authorization.ts
|
|
3
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
4
|
-
exports.TransparentAuthorization = void 0;
|
|
5
|
-
const crypto_1 = require("crypto");
|
|
6
|
-
const authorization_class_1 = require("./authorization.class");
|
|
7
|
-
/**
|
|
8
|
-
* TransparentAuthorization - Pass-through OAuth tokens
|
|
9
|
-
*
|
|
10
|
-
* In transparent mode:
|
|
11
|
-
* - The client's token is forwarded directly to downstream services
|
|
12
|
-
* - Token validation happens via the upstream provider's JWKS
|
|
13
|
-
* - getToken() returns the original bearer token
|
|
14
|
-
* - Ideal when the auth server is the source of truth
|
|
15
|
-
*/
|
|
16
|
-
class TransparentAuthorization extends authorization_class_1.AuthorizationBase {
|
|
17
|
-
mode = 'transparent';
|
|
18
|
-
/**
|
|
19
|
-
* Provider ID that issued the token
|
|
20
|
-
*/
|
|
21
|
-
providerId;
|
|
22
|
-
/**
|
|
23
|
-
* Provider display name
|
|
24
|
-
*/
|
|
25
|
-
providerName;
|
|
26
|
-
constructor(ctx) {
|
|
27
|
-
super(ctx);
|
|
28
|
-
this.providerId = ctx.providerId;
|
|
29
|
-
this.providerName = ctx.providerName;
|
|
30
|
-
}
|
|
31
|
-
/**
|
|
32
|
-
* Create a TransparentAuthorization from a verified JWT
|
|
33
|
-
*
|
|
34
|
-
* @param ctx - Creation context with token and verified payload
|
|
35
|
-
* @returns A new TransparentAuthorization instance
|
|
36
|
-
*
|
|
37
|
-
* @example
|
|
38
|
-
* ```typescript
|
|
39
|
-
* const auth = TransparentAuthorization.fromVerifiedToken({
|
|
40
|
-
* token: bearerToken,
|
|
41
|
-
* payload: verifiedClaims,
|
|
42
|
-
* providerId: 'auth0',
|
|
43
|
-
* });
|
|
44
|
-
*
|
|
45
|
-
* // Pass token through to downstream
|
|
46
|
-
* const token = await auth.getToken();
|
|
47
|
-
* ```
|
|
48
|
-
*/
|
|
49
|
-
static fromVerifiedToken(ctx) {
|
|
50
|
-
const { token, payload, providerId, providerName, ...projections } = ctx;
|
|
51
|
-
// Extract user identity from payload
|
|
52
|
-
const user = {
|
|
53
|
-
sub: payload.sub,
|
|
54
|
-
name: payload.name,
|
|
55
|
-
email: payload.email,
|
|
56
|
-
picture: payload.picture,
|
|
57
|
-
anonymous: false,
|
|
58
|
-
};
|
|
59
|
-
// Parse scopes from payload
|
|
60
|
-
const scopes = TransparentAuthorization.parseScopes(payload.scope);
|
|
61
|
-
// Calculate expiration from JWT exp claim
|
|
62
|
-
const expiresAt = payload.exp ? payload.exp * 1000 : undefined;
|
|
63
|
-
// Generate authorization ID from token signature fingerprint
|
|
64
|
-
const id = TransparentAuthorization.generateAuthorizationId(token);
|
|
65
|
-
// Create provider snapshot for this authorization
|
|
66
|
-
const providerSnapshot = {
|
|
67
|
-
id: providerId,
|
|
68
|
-
exp: expiresAt,
|
|
69
|
-
payload: payload,
|
|
70
|
-
embedMode: 'plain', // transparent mode keeps token in memory
|
|
71
|
-
token, // the original token
|
|
72
|
-
};
|
|
73
|
-
return new TransparentAuthorization({
|
|
74
|
-
id,
|
|
75
|
-
isAnonymous: false,
|
|
76
|
-
user,
|
|
77
|
-
claims: payload,
|
|
78
|
-
expiresAt,
|
|
79
|
-
scopes,
|
|
80
|
-
token,
|
|
81
|
-
providerId,
|
|
82
|
-
providerName,
|
|
83
|
-
authorizedProviders: { [providerId]: providerSnapshot },
|
|
84
|
-
authorizedProviderIds: [providerId],
|
|
85
|
-
...projections,
|
|
86
|
-
});
|
|
87
|
-
}
|
|
88
|
-
/**
|
|
89
|
-
* Get the original bearer token for pass-through
|
|
90
|
-
*
|
|
91
|
-
* In transparent mode, the same token is returned regardless of providerId
|
|
92
|
-
* since only one provider (the upstream) issued the token.
|
|
93
|
-
*
|
|
94
|
-
* @param _providerId - Ignored in transparent mode
|
|
95
|
-
* @returns The original bearer token
|
|
96
|
-
*/
|
|
97
|
-
async getToken(_providerId) {
|
|
98
|
-
if (!this.token) {
|
|
99
|
-
throw new Error('TransparentAuthorization: Token not available');
|
|
100
|
-
}
|
|
101
|
-
return this.token;
|
|
102
|
-
}
|
|
103
|
-
/**
|
|
104
|
-
* Parse scope claim from JWT payload
|
|
105
|
-
*/
|
|
106
|
-
static parseScopes(scope) {
|
|
107
|
-
if (!scope)
|
|
108
|
-
return [];
|
|
109
|
-
if (Array.isArray(scope))
|
|
110
|
-
return scope;
|
|
111
|
-
return scope.split(/\s+/).filter(Boolean);
|
|
112
|
-
}
|
|
113
|
-
/**
|
|
114
|
-
* Generate authorization ID from token signature
|
|
115
|
-
* Uses SHA-256 fingerprint of the token signature for uniqueness
|
|
116
|
-
*/
|
|
117
|
-
static generateAuthorizationId(token) {
|
|
118
|
-
const parts = token.split('.');
|
|
119
|
-
const signature = parts[2] || token;
|
|
120
|
-
return (0, crypto_1.createHash)('sha256').update(signature).digest('hex').substring(0, 16);
|
|
121
|
-
}
|
|
122
|
-
/**
|
|
123
|
-
* Get the issuer from the token claims
|
|
124
|
-
*/
|
|
125
|
-
get issuer() {
|
|
126
|
-
return this.claims?.['iss'];
|
|
127
|
-
}
|
|
128
|
-
/**
|
|
129
|
-
* Get the audience from the token claims
|
|
130
|
-
*/
|
|
131
|
-
get audience() {
|
|
132
|
-
return this.claims?.['aud'];
|
|
133
|
-
}
|
|
134
|
-
/**
|
|
135
|
-
* Check if the token was issued for a specific audience
|
|
136
|
-
*/
|
|
137
|
-
hasAudience(aud) {
|
|
138
|
-
const tokenAud = this.audience;
|
|
139
|
-
if (!tokenAud)
|
|
140
|
-
return false;
|
|
141
|
-
if (Array.isArray(tokenAud))
|
|
142
|
-
return tokenAud.includes(aud);
|
|
143
|
-
return tokenAud === aud;
|
|
144
|
-
}
|
|
145
|
-
}
|
|
146
|
-
exports.TransparentAuthorization = TransparentAuthorization;
|
|
147
|
-
//# sourceMappingURL=transparent.authorization.js.map
|