@frontmcp/sdk 0.7.2 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (630) hide show
  1. package/agent/adapters/adapter.factory.d.ts +27 -18
  2. package/agent/adapters/adapter.factory.d.ts.map +1 -1
  3. package/agent/agent.instance.d.ts +5 -0
  4. package/agent/agent.instance.d.ts.map +1 -1
  5. package/agent/agent.scope.d.ts +54 -72
  6. package/agent/agent.scope.d.ts.map +1 -1
  7. package/agent/flows/call-agent.flow.d.ts +1 -0
  8. package/agent/flows/call-agent.flow.d.ts.map +1 -1
  9. package/app/instances/app.local.instance.d.ts +3 -0
  10. package/app/instances/app.local.instance.d.ts.map +1 -1
  11. package/app/instances/app.remote.instance.d.ts +3 -0
  12. package/app/instances/app.remote.instance.d.ts.map +1 -1
  13. package/auth/auth.registry.d.ts.map +1 -1
  14. package/auth/authorization/authorization.types.d.ts +7 -180
  15. package/auth/authorization/authorization.types.d.ts.map +1 -1
  16. package/auth/authorization/index.d.ts +2 -0
  17. package/auth/authorization/index.d.ts.map +1 -1
  18. package/auth/authorization/orchestrated.accessor.d.ts +161 -0
  19. package/auth/authorization/orchestrated.accessor.d.ts.map +1 -0
  20. package/auth/authorization/orchestrated.authorization.d.ts +19 -4
  21. package/auth/authorization/orchestrated.authorization.d.ts.map +1 -1
  22. package/auth/authorization/orchestrated.context-extension.d.ts +108 -0
  23. package/auth/authorization/orchestrated.context-extension.d.ts.map +1 -0
  24. package/auth/cimd/index.d.ts +14 -0
  25. package/auth/cimd/index.d.ts.map +1 -0
  26. package/auth/flows/auth.verify.flow.d.ts.map +1 -1
  27. package/auth/flows/oauth.authorize.flow.d.ts +30 -3
  28. package/auth/flows/oauth.authorize.flow.d.ts.map +1 -1
  29. package/auth/flows/oauth.callback.flow.d.ts +11 -3
  30. package/auth/flows/oauth.callback.flow.d.ts.map +1 -1
  31. package/auth/flows/oauth.provider-callback.flow.d.ts +118 -0
  32. package/auth/flows/oauth.provider-callback.flow.d.ts.map +1 -0
  33. package/auth/flows/oauth.register.flow.d.ts +1 -1
  34. package/auth/flows/oauth.token.flow.d.ts +1 -1
  35. package/auth/flows/session.verify.flow.d.ts +8 -0
  36. package/auth/flows/session.verify.flow.d.ts.map +1 -1
  37. package/auth/flows/well-known.jwks.flow.d.ts +3 -3
  38. package/auth/flows/well-known.oauth-authorization-server.flow.d.ts +3 -2
  39. package/auth/flows/well-known.oauth-authorization-server.flow.d.ts.map +1 -1
  40. package/auth/flows/well-known.prm.flow.d.ts +1 -1
  41. package/auth/instances/instance.local-primary-auth.d.ts +88 -1
  42. package/auth/instances/instance.local-primary-auth.d.ts.map +1 -1
  43. package/auth/machine-id.d.ts +14 -0
  44. package/auth/machine-id.d.ts.map +1 -1
  45. package/auth/session/encrypted-authorization-vault.d.ts +2 -3
  46. package/auth/session/encrypted-authorization-vault.d.ts.map +1 -1
  47. package/auth/session/federated-auth.session.d.ts +252 -0
  48. package/auth/session/federated-auth.session.d.ts.map +1 -0
  49. package/auth/session/index.d.ts +6 -2
  50. package/auth/session/index.d.ts.map +1 -1
  51. package/auth/session/orchestrated-token.store.d.ts +155 -0
  52. package/auth/session/orchestrated-token.store.d.ts.map +1 -0
  53. package/auth/session/record/session.base.d.ts +7 -7
  54. package/auth/session/record/session.base.d.ts.map +1 -1
  55. package/auth/session/record/session.mcp.d.ts +11 -0
  56. package/auth/session/record/session.mcp.d.ts.map +1 -0
  57. package/auth/session/redis-session.store.d.ts +10 -5
  58. package/auth/session/redis-session.store.d.ts.map +1 -1
  59. package/auth/session/session-crypto.d.ts +6 -9
  60. package/auth/session/session-crypto.d.ts.map +1 -1
  61. package/{store/store.factory.d.ts → auth/session/session-store.factory.d.ts} +10 -36
  62. package/auth/session/session-store.factory.d.ts.map +1 -0
  63. package/auth/session/session.service.d.ts +4 -8
  64. package/auth/session/session.service.d.ts.map +1 -1
  65. package/auth/session/session.transport.d.ts +8 -2
  66. package/auth/session/session.transport.d.ts.map +1 -1
  67. package/auth/session/session.types.d.ts +5 -5
  68. package/auth/session/session.types.d.ts.map +1 -1
  69. package/auth/session/token.refresh.d.ts +1 -2
  70. package/auth/session/token.refresh.d.ts.map +1 -1
  71. package/auth/session/transport-session.manager.d.ts +7 -6
  72. package/auth/session/transport-session.manager.d.ts.map +1 -1
  73. package/auth/session/utils/session-id.utils.d.ts +18 -1
  74. package/auth/session/utils/session-id.utils.d.ts.map +1 -1
  75. package/auth/session/vercel-kv-session.store.d.ts +16 -16
  76. package/auth/session/vercel-kv-session.store.d.ts.map +1 -1
  77. package/auth/utils/authorization-id.utils.d.ts +12 -0
  78. package/auth/utils/authorization-id.utils.d.ts.map +1 -0
  79. package/auth/utils/index.d.ts +1 -2
  80. package/auth/utils/index.d.ts.map +1 -1
  81. package/auth/vault/auth-providers.accessor.d.ts +153 -0
  82. package/auth/vault/auth-providers.accessor.d.ts.map +1 -0
  83. package/auth/vault/auth-providers.accessor.impl.d.ts +52 -0
  84. package/auth/vault/auth-providers.accessor.impl.d.ts.map +1 -0
  85. package/auth/vault/auth-providers.context-extension.d.ts +68 -0
  86. package/auth/vault/auth-providers.context-extension.d.ts.map +1 -0
  87. package/auth/vault/auth-providers.providers.d.ts +40 -0
  88. package/auth/vault/auth-providers.providers.d.ts.map +1 -0
  89. package/auth/vault/auth-providers.registry.d.ts +110 -0
  90. package/auth/vault/auth-providers.registry.d.ts.map +1 -0
  91. package/auth/vault/auth-providers.vault.d.ts +93 -0
  92. package/auth/vault/auth-providers.vault.d.ts.map +1 -0
  93. package/auth/vault/credential-cache.d.ts +13 -0
  94. package/auth/vault/credential-cache.d.ts.map +1 -0
  95. package/auth/vault/credential-loaders/eager-loader.d.ts +46 -0
  96. package/auth/vault/credential-loaders/eager-loader.d.ts.map +1 -0
  97. package/auth/vault/credential-loaders/index.d.ts +7 -0
  98. package/auth/vault/credential-loaders/index.d.ts.map +1 -0
  99. package/auth/vault/credential-loaders/lazy-loader.d.ts +53 -0
  100. package/auth/vault/credential-loaders/lazy-loader.d.ts.map +1 -0
  101. package/auth/vault/index.d.ts +56 -0
  102. package/auth/vault/index.d.ts.map +1 -0
  103. package/builtin/config/config-resolver.d.ts +162 -0
  104. package/builtin/config/config-resolver.d.ts.map +1 -0
  105. package/builtin/config/config.plugin.d.ts +63 -0
  106. package/builtin/config/config.plugin.d.ts.map +1 -0
  107. package/builtin/config/config.symbols.d.ts +7 -0
  108. package/builtin/config/config.symbols.d.ts.map +1 -0
  109. package/builtin/config/config.types.d.ts +71 -0
  110. package/builtin/config/config.types.d.ts.map +1 -0
  111. package/builtin/config/index.d.ts +68 -0
  112. package/builtin/config/index.d.ts.map +1 -0
  113. package/builtin/config/providers/config-loader.d.ts +36 -0
  114. package/builtin/config/providers/config-loader.d.ts.map +1 -0
  115. package/builtin/config/providers/config.service.d.ts +108 -0
  116. package/builtin/config/providers/config.service.d.ts.map +1 -0
  117. package/builtin/config/providers/env-loader.d.ts +76 -0
  118. package/builtin/config/providers/env-loader.d.ts.map +1 -0
  119. package/builtin/index.d.ts +7 -0
  120. package/builtin/index.d.ts.map +1 -0
  121. package/common/decorators/front-mcp.decorator.d.ts.map +1 -1
  122. package/common/decorators/hook.decorator.d.ts +0 -10
  123. package/common/decorators/hook.decorator.d.ts.map +1 -1
  124. package/common/decorators/index.d.ts +1 -0
  125. package/common/decorators/index.d.ts.map +1 -1
  126. package/common/decorators/skill.decorator.d.ts +105 -0
  127. package/common/decorators/skill.decorator.d.ts.map +1 -0
  128. package/common/dynamic/dynamic.adapter.d.ts +14 -4
  129. package/common/dynamic/dynamic.adapter.d.ts.map +1 -1
  130. package/common/entries/app.entry.d.ts +2 -0
  131. package/common/entries/app.entry.d.ts.map +1 -1
  132. package/common/entries/index.d.ts +1 -0
  133. package/common/entries/index.d.ts.map +1 -1
  134. package/common/entries/prompt.entry.d.ts +0 -6
  135. package/common/entries/prompt.entry.d.ts.map +1 -1
  136. package/common/entries/resource.entry.d.ts +0 -6
  137. package/common/entries/resource.entry.d.ts.map +1 -1
  138. package/common/entries/scope.entry.d.ts +2 -0
  139. package/common/entries/scope.entry.d.ts.map +1 -1
  140. package/common/entries/skill.entry.d.ts +95 -0
  141. package/common/entries/skill.entry.d.ts.map +1 -0
  142. package/common/entries/tool.entry.d.ts +17 -9
  143. package/common/entries/tool.entry.d.ts.map +1 -1
  144. package/common/interfaces/agent.interface.d.ts +35 -6
  145. package/common/interfaces/agent.interface.d.ts.map +1 -1
  146. package/common/interfaces/execution-context.interface.d.ts +14 -0
  147. package/common/interfaces/execution-context.interface.d.ts.map +1 -1
  148. package/common/interfaces/index.d.ts +1 -0
  149. package/common/interfaces/index.d.ts.map +1 -1
  150. package/common/interfaces/internal/primary-auth-provider.interface.d.ts +1 -7
  151. package/common/interfaces/internal/primary-auth-provider.interface.d.ts.map +1 -1
  152. package/common/interfaces/internal/registry.interface.d.ts +4 -1
  153. package/common/interfaces/internal/registry.interface.d.ts.map +1 -1
  154. package/common/interfaces/skill.interface.d.ts +91 -0
  155. package/common/interfaces/skill.interface.d.ts.map +1 -0
  156. package/common/interfaces/tool.interface.d.ts +39 -0
  157. package/common/interfaces/tool.interface.d.ts.map +1 -1
  158. package/common/metadata/agent.metadata.d.ts +62 -2
  159. package/common/metadata/agent.metadata.d.ts.map +1 -1
  160. package/common/metadata/app.metadata.d.ts +168 -169
  161. package/common/metadata/app.metadata.d.ts.map +1 -1
  162. package/common/metadata/front-mcp.metadata.d.ts +2182 -721
  163. package/common/metadata/front-mcp.metadata.d.ts.map +1 -1
  164. package/common/metadata/index.d.ts +1 -0
  165. package/common/metadata/index.d.ts.map +1 -1
  166. package/common/metadata/plugin.metadata.d.ts +8 -1
  167. package/common/metadata/plugin.metadata.d.ts.map +1 -1
  168. package/common/metadata/skill.metadata.d.ts +366 -0
  169. package/common/metadata/skill.metadata.d.ts.map +1 -0
  170. package/common/metadata/tool.metadata.d.ts +71 -0
  171. package/common/metadata/tool.metadata.d.ts.map +1 -1
  172. package/common/records/index.d.ts +1 -0
  173. package/common/records/index.d.ts.map +1 -1
  174. package/common/records/skill.record.d.ts +55 -0
  175. package/common/records/skill.record.d.ts.map +1 -0
  176. package/common/schemas/annotated-class.schema.d.ts +1 -0
  177. package/common/schemas/annotated-class.schema.d.ts.map +1 -1
  178. package/common/schemas/http-output.schema.d.ts +24 -24
  179. package/common/tokens/app.tokens.d.ts.map +1 -1
  180. package/common/tokens/front-mcp.tokens.d.ts.map +1 -1
  181. package/common/tokens/index.d.ts +1 -0
  182. package/common/tokens/index.d.ts.map +1 -1
  183. package/common/tokens/plugin.tokens.d.ts +1 -0
  184. package/common/tokens/plugin.tokens.d.ts.map +1 -1
  185. package/common/tokens/skill.tokens.d.ts +18 -0
  186. package/common/tokens/skill.tokens.d.ts.map +1 -0
  187. package/common/tokens/tool.tokens.d.ts +2 -0
  188. package/common/tokens/tool.tokens.d.ts.map +1 -1
  189. package/common/types/auth/session.types.d.ts +21 -0
  190. package/common/types/auth/session.types.d.ts.map +1 -1
  191. package/common/types/options/auth/app-auth.schema.d.ts +80 -84
  192. package/common/types/options/auth/app-auth.schema.d.ts.map +1 -1
  193. package/common/types/options/auth/index.d.ts +6 -8
  194. package/common/types/options/auth/index.d.ts.map +1 -1
  195. package/common/types/options/auth/{auth.interfaces.d.ts → interfaces.d.ts} +17 -48
  196. package/common/types/options/auth/interfaces.d.ts.map +1 -0
  197. package/common/types/options/auth/orchestrated.schema.d.ts +160 -84
  198. package/common/types/options/auth/orchestrated.schema.d.ts.map +1 -1
  199. package/common/types/options/auth/public.schema.d.ts +0 -21
  200. package/common/types/options/auth/public.schema.d.ts.map +1 -1
  201. package/common/types/options/auth/{auth.schema.d.ts → schema.d.ts} +81 -85
  202. package/common/types/options/auth/schema.d.ts.map +1 -0
  203. package/common/types/options/auth/shared.schemas.d.ts +12 -0
  204. package/common/types/options/auth/shared.schemas.d.ts.map +1 -1
  205. package/common/types/options/auth/transparent.schema.d.ts +0 -21
  206. package/common/types/options/auth/transparent.schema.d.ts.map +1 -1
  207. package/common/types/options/auth/typecheck.d.ts +2 -0
  208. package/common/types/options/auth/typecheck.d.ts.map +1 -0
  209. package/common/types/options/auth/{auth.utils.d.ts → utils.d.ts} +2 -2
  210. package/common/types/options/auth/utils.d.ts.map +1 -0
  211. package/common/types/options/elicitation/index.d.ts +4 -0
  212. package/common/types/options/elicitation/index.d.ts.map +1 -0
  213. package/common/types/options/elicitation/interfaces.d.ts +80 -0
  214. package/common/types/options/elicitation/interfaces.d.ts.map +1 -0
  215. package/common/types/options/elicitation/schema.d.ts +75 -0
  216. package/common/types/options/elicitation/schema.d.ts.map +1 -0
  217. package/common/types/options/ext-apps/index.d.ts +3 -0
  218. package/common/types/options/ext-apps/index.d.ts.map +1 -0
  219. package/common/types/options/ext-apps/interfaces.d.ts +2 -0
  220. package/common/types/options/ext-apps/interfaces.d.ts.map +1 -0
  221. package/common/types/options/ext-apps/schema.d.ts +80 -0
  222. package/common/types/options/ext-apps/schema.d.ts.map +1 -0
  223. package/common/types/options/http/index.d.ts +4 -0
  224. package/common/types/options/http/index.d.ts.map +1 -0
  225. package/common/types/options/http/interfaces.d.ts +23 -0
  226. package/common/types/options/http/interfaces.d.ts.map +1 -0
  227. package/common/types/options/http/schema.d.ts +18 -0
  228. package/common/types/options/http/schema.d.ts.map +1 -0
  229. package/common/types/options/index.d.ts +10 -6
  230. package/common/types/options/index.d.ts.map +1 -1
  231. package/common/types/options/logging/index.d.ts +5 -0
  232. package/common/types/options/logging/index.d.ts.map +1 -0
  233. package/common/types/options/logging/interfaces.d.ts +41 -0
  234. package/common/types/options/logging/interfaces.d.ts.map +1 -0
  235. package/common/types/options/logging/schema.d.ts +24 -0
  236. package/common/types/options/logging/schema.d.ts.map +1 -0
  237. package/common/types/options/pagination/index.d.ts +4 -0
  238. package/common/types/options/pagination/index.d.ts.map +1 -0
  239. package/common/types/options/pagination/interfaces.d.ts +43 -0
  240. package/common/types/options/pagination/interfaces.d.ts.map +1 -0
  241. package/common/types/options/pagination/schema.d.ts +41 -0
  242. package/common/types/options/pagination/schema.d.ts.map +1 -0
  243. package/common/types/options/redis/index.d.ts +4 -0
  244. package/common/types/options/redis/index.d.ts.map +1 -0
  245. package/common/types/options/redis/interfaces.d.ts +81 -0
  246. package/common/types/options/redis/interfaces.d.ts.map +1 -0
  247. package/common/types/options/{redis.options.d.ts → redis/schema.d.ts} +2 -2
  248. package/common/types/options/redis/schema.d.ts.map +1 -0
  249. package/common/types/options/server-info/index.d.ts +4 -0
  250. package/common/types/options/server-info/index.d.ts.map +1 -0
  251. package/common/types/options/server-info/interfaces.d.ts +27 -0
  252. package/common/types/options/server-info/interfaces.d.ts.map +1 -0
  253. package/common/types/options/{server-info.options.d.ts → server-info/schema.d.ts} +13 -10
  254. package/common/types/options/server-info/schema.d.ts.map +1 -0
  255. package/common/types/options/session/index.d.ts +4 -0
  256. package/common/types/options/session/index.d.ts.map +1 -0
  257. package/common/types/options/session/interfaces.d.ts +66 -0
  258. package/common/types/options/session/interfaces.d.ts.map +1 -0
  259. package/common/types/options/session/schema.d.ts +79 -0
  260. package/common/types/options/session/schema.d.ts.map +1 -0
  261. package/common/types/options/skills-http/index.d.ts +4 -0
  262. package/common/types/options/skills-http/index.d.ts.map +1 -0
  263. package/common/types/options/skills-http/interfaces.d.ts +321 -0
  264. package/common/types/options/skills-http/interfaces.d.ts.map +1 -0
  265. package/common/types/options/skills-http/schema.d.ts +139 -0
  266. package/common/types/options/skills-http/schema.d.ts.map +1 -0
  267. package/common/types/options/transport/index.d.ts +4 -0
  268. package/common/types/options/transport/index.d.ts.map +1 -0
  269. package/common/types/options/transport/interfaces.d.ts +354 -0
  270. package/common/types/options/transport/interfaces.d.ts.map +1 -0
  271. package/common/types/options/transport/schema.d.ts +309 -0
  272. package/common/types/options/transport/schema.d.ts.map +1 -0
  273. package/common/types/options/transport/typecheck.d.ts +2 -0
  274. package/common/types/options/transport/typecheck.d.ts.map +1 -0
  275. package/common/utils/decide-request-intent.utils.d.ts +3 -3
  276. package/common/utils/decide-request-intent.utils.d.ts.map +1 -1
  277. package/context/context-extension.d.ts +1 -28
  278. package/context/context-extension.d.ts.map +1 -1
  279. package/context/frontmcp-context-storage.d.ts.map +1 -1
  280. package/context/frontmcp-context.d.ts +36 -39
  281. package/context/frontmcp-context.d.ts.map +1 -1
  282. package/context/frontmcp-context.provider.d.ts +3 -9
  283. package/context/frontmcp-context.provider.d.ts.map +1 -1
  284. package/context/index.d.ts +5 -20
  285. package/context/index.d.ts.map +1 -1
  286. package/context/metadata.utils.d.ts +24 -0
  287. package/context/metadata.utils.d.ts.map +1 -0
  288. package/direct/client.types.d.ts +447 -0
  289. package/direct/client.types.d.ts.map +1 -0
  290. package/direct/connect.d.ts +188 -0
  291. package/direct/connect.d.ts.map +1 -0
  292. package/direct/direct-client.d.ts +7 -0
  293. package/direct/direct-client.d.ts.map +1 -0
  294. package/direct/direct-server.d.ts +38 -0
  295. package/direct/direct-server.d.ts.map +1 -0
  296. package/direct/direct.types.d.ts +134 -0
  297. package/direct/direct.types.d.ts.map +1 -0
  298. package/direct/index.d.ts +15 -0
  299. package/direct/index.d.ts.map +1 -0
  300. package/direct/llm-platform.d.ts +94 -0
  301. package/direct/llm-platform.d.ts.map +1 -0
  302. package/elicitation/elicitation-fallback.schema.d.ts +32 -0
  303. package/elicitation/elicitation-fallback.schema.d.ts.map +1 -0
  304. package/elicitation/elicitation.types.d.ts +160 -0
  305. package/elicitation/elicitation.types.d.ts.map +1 -0
  306. package/elicitation/flows/elicitation-request.flow.d.ts +98 -0
  307. package/elicitation/flows/elicitation-request.flow.d.ts.map +1 -0
  308. package/elicitation/flows/elicitation-result.flow.d.ts +79 -0
  309. package/elicitation/flows/elicitation-result.flow.d.ts.map +1 -0
  310. package/elicitation/flows/index.d.ts +10 -0
  311. package/elicitation/flows/index.d.ts.map +1 -0
  312. package/elicitation/helpers/elicit.helper.d.ts +65 -0
  313. package/elicitation/helpers/elicit.helper.d.ts.map +1 -0
  314. package/elicitation/helpers/extend-output-schema.d.ts +31 -0
  315. package/elicitation/helpers/extend-output-schema.d.ts.map +1 -0
  316. package/elicitation/helpers/fallback.helper.d.ts +60 -0
  317. package/elicitation/helpers/fallback.helper.d.ts.map +1 -0
  318. package/elicitation/helpers/index.d.ts +12 -0
  319. package/elicitation/helpers/index.d.ts.map +1 -0
  320. package/elicitation/helpers/validate-elicitation-content.d.ts +52 -0
  321. package/elicitation/helpers/validate-elicitation-content.d.ts.map +1 -0
  322. package/elicitation/hooks/elicitation.hooks.d.ts +66 -0
  323. package/elicitation/hooks/elicitation.hooks.d.ts.map +1 -0
  324. package/elicitation/hooks/index.d.ts +9 -0
  325. package/elicitation/hooks/index.d.ts.map +1 -0
  326. package/elicitation/index.d.ts +18 -0
  327. package/elicitation/index.d.ts.map +1 -0
  328. package/elicitation/send-elicitation-result.tool.d.ts +18 -0
  329. package/elicitation/send-elicitation-result.tool.d.ts.map +1 -0
  330. package/elicitation/store/elicitation-encryption.d.ts +134 -0
  331. package/elicitation/store/elicitation-encryption.d.ts.map +1 -0
  332. package/elicitation/store/elicitation-store.factory.d.ts +197 -0
  333. package/elicitation/store/elicitation-store.factory.d.ts.map +1 -0
  334. package/elicitation/store/elicitation.store.d.ts +191 -0
  335. package/elicitation/store/elicitation.store.d.ts.map +1 -0
  336. package/elicitation/store/encrypted-elicitation.store.d.ts +121 -0
  337. package/elicitation/store/encrypted-elicitation.store.d.ts.map +1 -0
  338. package/elicitation/store/index.d.ts +14 -0
  339. package/elicitation/store/index.d.ts.map +1 -0
  340. package/elicitation/store/storage-elicitation.store.d.ts +118 -0
  341. package/elicitation/store/storage-elicitation.store.d.ts.map +1 -0
  342. package/errors/elicitation.error.d.ts +115 -0
  343. package/errors/elicitation.error.d.ts.map +1 -0
  344. package/errors/index.d.ts +1 -0
  345. package/errors/index.d.ts.map +1 -1
  346. package/esm/index.mjs +30824 -19537
  347. package/esm/package.json +13 -7
  348. package/ext-apps/ext-apps.handler.d.ts +177 -0
  349. package/ext-apps/ext-apps.handler.d.ts.map +1 -0
  350. package/ext-apps/ext-apps.types.d.ts +273 -0
  351. package/ext-apps/ext-apps.types.d.ts.map +1 -0
  352. package/ext-apps/index.d.ts +13 -0
  353. package/ext-apps/index.d.ts.map +1 -0
  354. package/flows/flow.instance.d.ts.map +1 -1
  355. package/front-mcp/front-mcp.d.ts +64 -2
  356. package/front-mcp/front-mcp.d.ts.map +1 -1
  357. package/front-mcp/front-mcp.providers.d.ts +604 -236
  358. package/front-mcp/front-mcp.providers.d.ts.map +1 -1
  359. package/index.d.ts +17 -0
  360. package/index.d.ts.map +1 -1
  361. package/index.js +31066 -19707
  362. package/notification/index.d.ts +1 -1
  363. package/notification/index.d.ts.map +1 -1
  364. package/notification/notification.service.d.ts +18 -0
  365. package/notification/notification.service.d.ts.map +1 -1
  366. package/package.json +13 -7
  367. package/plugin/plugin.registry.d.ts +2 -0
  368. package/plugin/plugin.registry.d.ts.map +1 -1
  369. package/provider/provider.registry.d.ts +8 -3
  370. package/provider/provider.registry.d.ts.map +1 -1
  371. package/scope/flows/http.request.flow.d.ts +4 -0
  372. package/scope/flows/http.request.flow.d.ts.map +1 -1
  373. package/scope/scope.instance.d.ts +74 -0
  374. package/scope/scope.instance.d.ts.map +1 -1
  375. package/server/server.instance.d.ts +3 -3
  376. package/server/server.instance.d.ts.map +1 -1
  377. package/skill/auth/index.d.ts +10 -0
  378. package/skill/auth/index.d.ts.map +1 -0
  379. package/skill/auth/skill-http-auth.d.ts +112 -0
  380. package/skill/auth/skill-http-auth.d.ts.map +1 -0
  381. package/skill/cache/index.d.ts +13 -0
  382. package/skill/cache/index.d.ts.map +1 -0
  383. package/skill/cache/skill-http-cache.d.ts +144 -0
  384. package/skill/cache/skill-http-cache.d.ts.map +1 -0
  385. package/skill/cache/skill-http-cache.factory.d.ts +83 -0
  386. package/skill/cache/skill-http-cache.factory.d.ts.map +1 -0
  387. package/skill/cache/skill-http-cache.holder.d.ts +35 -0
  388. package/skill/cache/skill-http-cache.holder.d.ts.map +1 -0
  389. package/skill/errors/index.d.ts +3 -0
  390. package/skill/errors/index.d.ts.map +1 -0
  391. package/skill/errors/skill-validation.error.d.ts +110 -0
  392. package/skill/errors/skill-validation.error.d.ts.map +1 -0
  393. package/skill/errors/tool-not-allowed.error.d.ts +66 -0
  394. package/skill/errors/tool-not-allowed.error.d.ts.map +1 -0
  395. package/skill/flows/http/index.d.ts +12 -0
  396. package/skill/flows/http/index.d.ts.map +1 -0
  397. package/skill/flows/http/llm-full-txt.flow.d.ts +70 -0
  398. package/skill/flows/http/llm-full-txt.flow.d.ts.map +1 -0
  399. package/skill/flows/http/llm-txt.flow.d.ts +77 -0
  400. package/skill/flows/http/llm-txt.flow.d.ts.map +1 -0
  401. package/skill/flows/http/skills-api.flow.d.ts +81 -0
  402. package/skill/flows/http/skills-api.flow.d.ts.map +1 -0
  403. package/skill/flows/index.d.ts +13 -0
  404. package/skill/flows/index.d.ts.map +1 -0
  405. package/skill/flows/load-skill.flow.d.ts +169 -0
  406. package/skill/flows/load-skill.flow.d.ts.map +1 -0
  407. package/skill/flows/search-skills.flow.d.ts +101 -0
  408. package/skill/flows/search-skills.flow.d.ts.map +1 -0
  409. package/skill/guards/index.d.ts +2 -0
  410. package/skill/guards/index.d.ts.map +1 -0
  411. package/skill/guards/tool-authorization.guard.d.ts +87 -0
  412. package/skill/guards/tool-authorization.guard.d.ts.map +1 -0
  413. package/skill/hooks/index.d.ts +2 -0
  414. package/skill/hooks/index.d.ts.map +1 -0
  415. package/skill/hooks/skill-tool.hook.d.ts +52 -0
  416. package/skill/hooks/skill-tool.hook.d.ts.map +1 -0
  417. package/skill/index.d.ts +74 -0
  418. package/skill/index.d.ts.map +1 -0
  419. package/skill/providers/external-skill.provider.d.ts +240 -0
  420. package/skill/providers/external-skill.provider.d.ts.map +1 -0
  421. package/skill/providers/index.d.ts +12 -0
  422. package/skill/providers/index.d.ts.map +1 -0
  423. package/skill/providers/memory-skill.provider.d.ts +97 -0
  424. package/skill/providers/memory-skill.provider.d.ts.map +1 -0
  425. package/skill/session/index.d.ts +4 -0
  426. package/skill/session/index.d.ts.map +1 -0
  427. package/skill/session/skill-session-store.interface.d.ts +79 -0
  428. package/skill/session/skill-session-store.interface.d.ts.map +1 -0
  429. package/skill/session/skill-session.manager.d.ts +137 -0
  430. package/skill/session/skill-session.manager.d.ts.map +1 -0
  431. package/skill/session/skill-session.types.d.ts +303 -0
  432. package/skill/session/skill-session.types.d.ts.map +1 -0
  433. package/skill/skill-http.utils.d.ts +107 -0
  434. package/skill/skill-http.utils.d.ts.map +1 -0
  435. package/skill/skill-mode.utils.d.ts +53 -0
  436. package/skill/skill-mode.utils.d.ts.map +1 -0
  437. package/skill/skill-scope.helper.d.ts +55 -0
  438. package/skill/skill-scope.helper.d.ts.map +1 -0
  439. package/skill/skill-storage.factory.d.ts +194 -0
  440. package/skill/skill-storage.factory.d.ts.map +1 -0
  441. package/skill/skill-storage.interface.d.ts +230 -0
  442. package/skill/skill-storage.interface.d.ts.map +1 -0
  443. package/skill/skill-validator.d.ts +63 -0
  444. package/skill/skill-validator.d.ts.map +1 -0
  445. package/skill/skill.events.d.ts +88 -0
  446. package/skill/skill.events.d.ts.map +1 -0
  447. package/skill/skill.instance.d.ts +92 -0
  448. package/skill/skill.instance.d.ts.map +1 -0
  449. package/skill/skill.registry.d.ts +309 -0
  450. package/skill/skill.registry.d.ts.map +1 -0
  451. package/skill/skill.utils.d.ts +90 -0
  452. package/skill/skill.utils.d.ts.map +1 -0
  453. package/skill/sync/index.d.ts +16 -0
  454. package/skill/sync/index.d.ts.map +1 -0
  455. package/skill/sync/memory-sync-state.store.d.ts +49 -0
  456. package/skill/sync/memory-sync-state.store.d.ts.map +1 -0
  457. package/skill/sync/skill-hash.d.ts +65 -0
  458. package/skill/sync/skill-hash.d.ts.map +1 -0
  459. package/skill/sync/sync-state.interface.d.ts +125 -0
  460. package/skill/sync/sync-state.interface.d.ts.map +1 -0
  461. package/skill/tools/index.d.ts +21 -0
  462. package/skill/tools/index.d.ts.map +1 -0
  463. package/skill/tools/load-skills.tool.d.ts +76 -0
  464. package/skill/tools/load-skills.tool.d.ts.map +1 -0
  465. package/skill/tools/search-skills.tool.d.ts +61 -0
  466. package/skill/tools/search-skills.tool.d.ts.map +1 -0
  467. package/tool/flows/call-tool.flow.d.ts +1 -0
  468. package/tool/flows/call-tool.flow.d.ts.map +1 -1
  469. package/tool/flows/tools-list.flow.d.ts +15 -0
  470. package/tool/flows/tools-list.flow.d.ts.map +1 -1
  471. package/tool/tool.instance.d.ts +8 -0
  472. package/tool/tool.instance.d.ts.map +1 -1
  473. package/tool/tool.registry.d.ts +11 -0
  474. package/tool/tool.registry.d.ts.map +1 -1
  475. package/tool/tool.utils.d.ts.map +1 -1
  476. package/tool/ui/template-helpers.d.ts +0 -5
  477. package/tool/ui/template-helpers.d.ts.map +1 -1
  478. package/transport/adapters/streamable-http-transport.d.ts.map +1 -1
  479. package/transport/adapters/transport.local.adapter.d.ts +54 -9
  480. package/transport/adapters/transport.local.adapter.d.ts.map +1 -1
  481. package/transport/adapters/transport.sse.adapter.d.ts +11 -2
  482. package/transport/adapters/transport.sse.adapter.d.ts.map +1 -1
  483. package/transport/adapters/transport.streamable-http.adapter.d.ts +21 -2
  484. package/transport/adapters/transport.streamable-http.adapter.d.ts.map +1 -1
  485. package/transport/event-stores/event-store.factory.d.ts +96 -0
  486. package/transport/event-stores/event-store.factory.d.ts.map +1 -0
  487. package/transport/event-stores/index.d.ts +47 -0
  488. package/transport/event-stores/index.d.ts.map +1 -0
  489. package/transport/event-stores/memory.event-store.d.ts +51 -0
  490. package/transport/event-stores/memory.event-store.d.ts.map +1 -0
  491. package/transport/event-stores/redis.event-store.d.ts +79 -0
  492. package/transport/event-stores/redis.event-store.d.ts.map +1 -0
  493. package/transport/flows/handle.sse.flow.d.ts.map +1 -1
  494. package/transport/flows/handle.streamable-http.flow.d.ts +3 -1
  495. package/transport/flows/handle.streamable-http.flow.d.ts.map +1 -1
  496. package/transport/in-memory-server.d.ts +85 -0
  497. package/transport/in-memory-server.d.ts.map +1 -0
  498. package/transport/index.d.ts +47 -0
  499. package/transport/index.d.ts.map +1 -1
  500. package/transport/mcp-handlers/complete-request.handler.d.ts +3 -84
  501. package/transport/mcp-handlers/complete-request.handler.d.ts.map +1 -1
  502. package/transport/mcp-handlers/get-prompt-request.handler.d.ts +3 -128
  503. package/transport/mcp-handlers/get-prompt-request.handler.d.ts.map +1 -1
  504. package/transport/mcp-handlers/index.d.ts +463 -490
  505. package/transport/mcp-handlers/index.d.ts.map +1 -1
  506. package/transport/mcp-handlers/initialize-request.handler.d.ts.map +1 -1
  507. package/transport/mcp-handlers/list-prompts-request.handler.d.ts +3 -70
  508. package/transport/mcp-handlers/list-prompts-request.handler.d.ts.map +1 -1
  509. package/transport/mcp-handlers/list-resource-templates-request.handler.d.ts +3 -72
  510. package/transport/mcp-handlers/list-resource-templates-request.handler.d.ts.map +1 -1
  511. package/transport/mcp-handlers/list-resources-request.handler.d.ts +3 -72
  512. package/transport/mcp-handlers/list-resources-request.handler.d.ts.map +1 -1
  513. package/transport/mcp-handlers/list-tools-request.handler.d.ts +3 -85
  514. package/transport/mcp-handlers/list-tools-request.handler.d.ts.map +1 -1
  515. package/transport/mcp-handlers/read-resource-request.handler.d.ts +3 -61
  516. package/transport/mcp-handlers/read-resource-request.handler.d.ts.map +1 -1
  517. package/transport/mcp-handlers/skills-list-request.handler.d.ts +9 -0
  518. package/transport/mcp-handlers/skills-list-request.handler.d.ts.map +1 -0
  519. package/transport/mcp-handlers/skills-load-request.handler.d.ts +9 -0
  520. package/transport/mcp-handlers/skills-load-request.handler.d.ts.map +1 -0
  521. package/transport/mcp-handlers/skills-mcp.types.d.ts +157 -0
  522. package/transport/mcp-handlers/skills-mcp.types.d.ts.map +1 -0
  523. package/transport/mcp-handlers/skills-search-request.handler.d.ts +9 -0
  524. package/transport/mcp-handlers/skills-search-request.handler.d.ts.map +1 -0
  525. package/transport/transport.registry.d.ts +9 -1
  526. package/transport/transport.registry.d.ts.map +1 -1
  527. package/transport/transport.types.d.ts +1 -8
  528. package/transport/transport.types.d.ts.map +1 -1
  529. package/auth/jwks/dev-key-persistence.d.ts +0 -64
  530. package/auth/jwks/dev-key-persistence.d.ts.map +0 -1
  531. package/auth/jwks/index.d.ts +0 -4
  532. package/auth/jwks/index.d.ts.map +0 -1
  533. package/auth/jwks/jwks.service.d.ts +0 -58
  534. package/auth/jwks/jwks.service.d.ts.map +0 -1
  535. package/auth/jwks/jwks.types.d.ts +0 -33
  536. package/auth/jwks/jwks.types.d.ts.map +0 -1
  537. package/auth/jwks/jwks.utils.d.ts +0 -5
  538. package/auth/jwks/jwks.utils.d.ts.map +0 -1
  539. package/auth/oauth/flows/oauth.authorize.flow.d.ts +0 -32
  540. package/auth/oauth/flows/oauth.authorize.flow.d.ts.map +0 -1
  541. package/auth/oauth/flows/oauth.device-authorization.flow.d.ts +0 -47
  542. package/auth/oauth/flows/oauth.device-authorization.flow.d.ts.map +0 -1
  543. package/auth/oauth/flows/oauth.introspect.flow.d.ts +0 -27
  544. package/auth/oauth/flows/oauth.introspect.flow.d.ts.map +0 -1
  545. package/auth/oauth/flows/oauth.par.flow.d.ts +0 -28
  546. package/auth/oauth/flows/oauth.par.flow.d.ts.map +0 -1
  547. package/auth/oauth/flows/oauth.revoke.flow.d.ts +0 -26
  548. package/auth/oauth/flows/oauth.revoke.flow.d.ts.map +0 -1
  549. package/auth/oauth/flows/oauth.token.flow.d.ts +0 -58
  550. package/auth/oauth/flows/oauth.token.flow.d.ts.map +0 -1
  551. package/auth/oauth/flows/oauth.userinfo.flow.d.ts +0 -23
  552. package/auth/oauth/flows/oauth.userinfo.flow.d.ts.map +0 -1
  553. package/auth/oauth/flows/oidc.logout.flow.d.ts +0 -19
  554. package/auth/oauth/flows/oidc.logout.flow.d.ts.map +0 -1
  555. package/auth/session/authorization-vault.d.ts +0 -612
  556. package/auth/session/authorization-vault.d.ts.map +0 -1
  557. package/auth/session/authorization.store.d.ts +0 -302
  558. package/auth/session/authorization.store.d.ts.map +0 -1
  559. package/auth/session/record/session.stateful.d.ts +0 -21
  560. package/auth/session/record/session.stateful.d.ts.map +0 -1
  561. package/auth/session/record/session.stateless.d.ts +0 -18
  562. package/auth/session/record/session.stateless.d.ts.map +0 -1
  563. package/auth/session/record/session.transparent.d.ts +0 -18
  564. package/auth/session/record/session.transparent.d.ts.map +0 -1
  565. package/auth/session/session.crypto.d.ts +0 -8
  566. package/auth/session/session.crypto.d.ts.map +0 -1
  567. package/auth/session/session.schema.d.ts +0 -6
  568. package/auth/session/session.schema.d.ts.map +0 -1
  569. package/auth/session/token.store.d.ts +0 -36
  570. package/auth/session/token.store.d.ts.map +0 -1
  571. package/auth/session/token.vault.d.ts +0 -27
  572. package/auth/session/token.vault.d.ts.map +0 -1
  573. package/auth/session/vault-encryption.d.ts +0 -190
  574. package/auth/session/vault-encryption.d.ts.map +0 -1
  575. package/auth/utils/audience.validator.d.ts +0 -130
  576. package/auth/utils/audience.validator.d.ts.map +0 -1
  577. package/auth/utils/www-authenticate.utils.d.ts +0 -98
  578. package/auth/utils/www-authenticate.utils.d.ts.map +0 -1
  579. package/common/migrate/auth-transport.migrate.d.ts +0 -63
  580. package/common/migrate/auth-transport.migrate.d.ts.map +0 -1
  581. package/common/migrate/index.d.ts +0 -2
  582. package/common/migrate/index.d.ts.map +0 -1
  583. package/common/types/options/auth/auth.interfaces.d.ts.map +0 -1
  584. package/common/types/options/auth/auth.schema.d.ts.map +0 -1
  585. package/common/types/options/auth/auth.typecheck.d.ts +0 -2
  586. package/common/types/options/auth/auth.typecheck.d.ts.map +0 -1
  587. package/common/types/options/auth/auth.utils.d.ts.map +0 -1
  588. package/common/types/options/auth/transport.deprecated.d.ts +0 -64
  589. package/common/types/options/auth/transport.deprecated.d.ts.map +0 -1
  590. package/common/types/options/http.options.d.ts +0 -15
  591. package/common/types/options/http.options.d.ts.map +0 -1
  592. package/common/types/options/logging.options.d.ts +0 -29
  593. package/common/types/options/logging.options.d.ts.map +0 -1
  594. package/common/types/options/redis.options.d.ts.map +0 -1
  595. package/common/types/options/server-info.options.d.ts.map +0 -1
  596. package/common/types/options/session.options.d.ts +0 -148
  597. package/common/types/options/session.options.d.ts.map +0 -1
  598. package/common/types/options/transport.options.d.ts +0 -178
  599. package/common/types/options/transport.options.d.ts.map +0 -1
  600. package/context/request-context-storage.d.ts +0 -90
  601. package/context/request-context-storage.d.ts.map +0 -1
  602. package/context/request-context.d.ts +0 -185
  603. package/context/request-context.d.ts.map +0 -1
  604. package/context/request-context.provider.d.ts +0 -38
  605. package/context/request-context.provider.d.ts.map +0 -1
  606. package/context/session-key.provider.d.ts +0 -46
  607. package/context/session-key.provider.d.ts.map +0 -1
  608. package/store/adapters/store.base.adapter.d.ts +0 -22
  609. package/store/adapters/store.base.adapter.d.ts.map +0 -1
  610. package/store/adapters/store.memory.adapter.d.ts +0 -27
  611. package/store/adapters/store.memory.adapter.d.ts.map +0 -1
  612. package/store/adapters/store.redis.adapter.d.ts +0 -34
  613. package/store/adapters/store.redis.adapter.d.ts.map +0 -1
  614. package/store/adapters/store.vercel-kv.adapter.d.ts +0 -87
  615. package/store/adapters/store.vercel-kv.adapter.d.ts.map +0 -1
  616. package/store/index.d.ts +0 -11
  617. package/store/index.d.ts.map +0 -1
  618. package/store/store.factory.d.ts.map +0 -1
  619. package/store/store.helpers.d.ts +0 -10
  620. package/store/store.helpers.d.ts.map +0 -1
  621. package/store/store.registry.d.ts +0 -14
  622. package/store/store.registry.d.ts.map +0 -1
  623. package/store/store.tokens.d.ts +0 -4
  624. package/store/store.tokens.d.ts.map +0 -1
  625. package/store/store.types.d.ts +0 -65
  626. package/store/store.types.d.ts.map +0 -1
  627. package/store/store.utils.d.ts +0 -9
  628. package/store/store.utils.d.ts.map +0 -1
  629. package/transport/transport.event-store.d.ts +0 -11
  630. package/transport/transport.event-store.d.ts.map +0 -1
package/auth/authorization/index.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/auth/authorization/index.ts"],"names":[],"mappings":"AAGA,cAAc,uBAAuB,CAAC;AAGtC,OAAO,EAAE,iBAAiB,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAGxE,OAAO,EAAE,mBAAmB,EAAE,4BAA4B,EAAE,MAAM,wBAAwB,CAAC;AAC3F,OAAO,EACL,wBAAwB,EACxB,iCAAiC,EACjC,0BAA0B,GAC3B,MAAM,6BAA6B,CAAC;AACrC,OAAO,EACL,yBAAyB,EACzB,kCAAkC,EAClC,yBAAyB,EACzB,UAAU,EACV,oBAAoB,GACrB,MAAM,8BAA8B,CAAC"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/auth/authorization/index.ts"],"names":[],"mappings":"AAGA,cAAc,uBAAuB,CAAC;AAGtC,OAAO,EAAE,iBAAiB,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAGxE,OAAO,EAAE,mBAAmB,EAAE,4BAA4B,EAAE,MAAM,wBAAwB,CAAC;AAC3F,OAAO,EACL,wBAAwB,EACxB,iCAAiC,EACjC,0BAA0B,GAC3B,MAAM,6BAA6B,CAAC;AACrC,OAAO,EACL,yBAAyB,EACzB,kCAAkC,EAClC,yBAAyB,EACzB,UAAU,EACV,oBAAoB,GACrB,MAAM,8BAA8B,CAAC;AAGtC,OAAO,EACL,wBAAwB,EACxB,+BAA+B,EAC/B,4BAA4B,EAC5B,0BAA0B,GAC3B,MAAM,yBAAyB,CAAC;AAGjC,OAAO,EAAE,gCAAgC,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,kCAAkC,CAAC"}
package/auth/authorization/orchestrated.accessor.d.ts ADDED
@@ -0,0 +1,161 @@
1
+ /**
2
+ * OrchestratedAuthAccessor - Interface for accessing orchestrated authorization
3
+ *
4
+ * This interface provides the runtime API for tools to access upstream provider
5
+ * tokens in orchestrated mode. It supports:
6
+ * - Token retrieval by provider ID
7
+ * - App token retrieval for progressive auth
8
+ * - Automatic token refresh
9
+ * - Authorization checks
10
+ */
11
+ import { Token } from '@frontmcp/di';
12
+ /**
13
+ * OrchestratedAuthAccessor - Runtime accessor for orchestrated authorization.
14
+ *
15
+ * Available in tool execution via `this.orchestration`:
16
+ * ```typescript
17
+ * @Tool({ name: 'my_tool' })
18
+ * class MyTool extends ToolContext {
19
+ * async execute(input: Input) {
20
+ * // Get upstream provider token
21
+ * const githubToken = await this.orchestration.getToken('github');
22
+ *
23
+ * // Check if provider is authorized
24
+ * const hasSlack = await this.orchestration.hasProvider('slack');
25
+ *
26
+ * // Get app-specific token (progressive auth)
27
+ * const jiraToken = await this.orchestration.getAppToken('jira');
28
+ * }
29
+ * }
30
+ * ```
31
+ */
32
+ export interface OrchestratedAuthAccessor {
33
+ /**
34
+ * Get access token for an upstream provider.
35
+ *
36
+ * @param providerId - Provider ID (e.g., 'github', 'slack')
37
+ * @returns Access token string
38
+ * @throws Error if provider not authorized or token unavailable
39
+ *
40
+ * @example
41
+ * ```typescript
42
+ * const token = await this.orchestration.getToken('github');
43
+ * const response = await fetch('https://api.github.com/user', {
44
+ * headers: { Authorization: `Bearer ${token}` },
45
+ * });
46
+ * ```
47
+ */
48
+ getToken(providerId?: string): Promise<string>;
49
+ /**
50
+ * Try to get access token, returning null if not available.
51
+ *
52
+ * @param providerId - Provider ID
53
+ * @returns Access token or null
54
+ */
55
+ tryGetToken(providerId?: string): Promise<string | null>;
56
+ /**
57
+ * Get access token for a specific app (progressive authorization).
58
+ *
59
+ * @param appId - App ID
60
+ * @returns Access token or null if app not authorized
61
+ */
62
+ getAppToken(appId: string): Promise<string | null>;
63
+ /**
64
+ * Check if a provider is authorized.
65
+ *
66
+ * @param providerId - Provider ID
67
+ * @returns true if provider has tokens stored
68
+ */
69
+ hasProvider(providerId: string): boolean;
70
+ /**
71
+ * Get all authorized provider IDs.
72
+ */
73
+ getProviderIds(): string[];
74
+ /**
75
+ * Check if an app is authorized.
76
+ *
77
+ * @param appId - App ID
78
+ * @returns true if app is authorized
79
+ */
80
+ isAppAuthorized(appId: string): boolean;
81
+ /**
82
+ * Get all authorized app IDs.
83
+ */
84
+ getAllAuthorizedAppIds(): string[];
85
+ /**
86
+ * Get tool IDs authorized through a specific app.
87
+ *
88
+ * @param appId - App ID
89
+ * @returns Tool IDs or undefined if app not authorized
90
+ */
91
+ getAppToolIds(appId: string): string[] | undefined;
92
+ /**
93
+ * Get the primary provider ID (default for getToken).
94
+ */
95
+ readonly primaryProviderId?: string;
96
+ /**
97
+ * Get the issuer (local orchestrator).
98
+ */
99
+ readonly issuer?: string;
100
+ /**
101
+ * Get authorization ID.
102
+ */
103
+ readonly authorizationId: string;
104
+ /**
105
+ * Check if user is authenticated (not anonymous).
106
+ */
107
+ readonly isAuthenticated: boolean;
108
+ }
109
+ /**
110
+ * DI Token for OrchestratedAuthAccessor
111
+ */
112
+ export declare const ORCHESTRATED_AUTH_ACCESSOR: Token<OrchestratedAuthAccessor>;
113
+ /**
114
+ * Null implementation for when orchestrated auth is not available.
115
+ */
116
+ export declare class NullOrchestratedAuthAccessor implements OrchestratedAuthAccessor {
117
+ readonly primaryProviderId: undefined;
118
+ readonly issuer: undefined;
119
+ readonly authorizationId = "null";
120
+ readonly isAuthenticated = false;
121
+ getToken(providerId?: string): Promise<string>;
122
+ tryGetToken(providerId?: string): Promise<string | null>;
123
+ getAppToken(appId: string): Promise<string | null>;
124
+ hasProvider(providerId: string): boolean;
125
+ getProviderIds(): string[];
126
+ isAppAuthorized(appId: string): boolean;
127
+ getAllAuthorizedAppIds(): string[];
128
+ getAppToolIds(appId: string): string[] | undefined;
129
+ }
130
+ /**
131
+ * Adapter that wraps OrchestratedAuthorization as OrchestratedAuthAccessor.
132
+ */
133
+ export declare class OrchestratedAuthAccessorAdapter implements OrchestratedAuthAccessor {
134
+ private readonly authorization;
135
+ constructor(authorization: {
136
+ readonly id: string;
137
+ readonly isAnonymous: boolean;
138
+ readonly primaryProviderId?: string;
139
+ readonly issuer?: string;
140
+ hasProvider(providerId: string): boolean;
141
+ getProviderIds(): string[];
142
+ getToken(providerId?: string): Promise<string>;
143
+ getAppToken(appId: string): Promise<string | null>;
144
+ isAppAuthorized(appId: string): boolean;
145
+ getAllAuthorizedAppIds(): string[];
146
+ getAppToolIds(appId: string): string[] | undefined;
147
+ });
148
+ get primaryProviderId(): string | undefined;
149
+ get issuer(): string | undefined;
150
+ get authorizationId(): string;
151
+ get isAuthenticated(): boolean;
152
+ getToken(providerId?: string): Promise<string>;
153
+ tryGetToken(providerId?: string): Promise<string | null>;
154
+ getAppToken(appId: string): Promise<string | null>;
155
+ hasProvider(providerId: string): boolean;
156
+ getProviderIds(): string[];
157
+ isAppAuthorized(appId: string): boolean;
158
+ getAllAuthorizedAppIds(): string[];
159
+ getAppToolIds(appId: string): string[] | undefined;
160
+ }
161
+ //# sourceMappingURL=orchestrated.accessor.d.ts.map
package/auth/authorization/orchestrated.accessor.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"orchestrated.accessor.d.ts","sourceRoot":"","sources":["../../../src/auth/authorization/orchestrated.accessor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,EAAE,KAAK,EAAE,MAAM,cAAc,CAAC;AAErC;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,WAAW,wBAAwB;IACvC;;;;;;;;;;;;;;OAcG;IACH,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAE/C;;;;;OAKG;IACH,WAAW,CAAC,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAEzD;;;;;OAKG;IACH,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAEnD;;;;;OAKG;IACH,WAAW,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC;IAEzC;;OAEG;IACH,cAAc,IAAI,MAAM,EAAE,CAAC;IAE3B;;;;;OAKG;IACH,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC;IAExC;;OAEG;IACH,sBAAsB,IAAI,MAAM,EAAE,CAAC;IAEnC;;;;;OAKG;IACH,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS,CAAC;IAEnD;;OAEG;IACH,QAAQ,CAAC,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAEpC;;OAEG;IACH,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;IAEzB;;OAEG;IACH,QAAQ,CAAC,eAAe,EAAE,MAAM,CAAC;IAEjC;;OAEG;IACH,QAAQ,CAAC,eAAe,EAAE,OAAO,CAAC;CACnC;AAED;;GAEG;AACH,eAAO,MAAM,0BAA0B,EAElC,KAAK,CAAC,wBAAwB,CAAC,CAAC;AAErC;;GAEG;AACH,qBAAa,4BAA6B,YAAW,wBAAwB;IAC3E,QAAQ,CAAC,iBAAiB,YAAa;IACvC,QAAQ,CAAC,MAAM,YAAa;IAC5B,QAAQ,CAAC,eAAe,UAAU;IAClC,QAAQ,CAAC,eAAe,SAAS;IAE3B,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAO9C,WAAW,CAAC,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAIxD,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAIxD,WAAW,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO;IAIxC,cAAc,IAAI,MAAM,EAAE;IAI1B,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO;IAIvC,sBAAsB,IAAI,MAAM,EAAE;IAIlC,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS;CAGnD;AAED;;GAEG;AACH,qBAAa,+BAAgC,YAAW,wBAAwB;IAE5E,OAAO,CAAC,QAAQ,CAAC,aAAa;gBAAb,aAAa,EAAE;QAC9B,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;QACpB,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAC;QAC9B,QAAQ,CAAC,iBAAiB,CAAC,EAAE,MAAM,CAAC;QACpC,QAAQ,CAAC,MAAM,CAAC,EAAE,MAAM,CAAC;QACzB,WAAW,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC;QACzC,cAAc,IAAI,MAAM,EAAE,CAAC;QAC3B,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;QAC/C,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;QACnD,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC;QACxC,sBAAsB,IAAI,MAAM,EAAE,CAAC;QACnC,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS,CAAC;KACpD;IAGH,IAAI,iBAAiB,IAAI,MAAM,GAAG,SAAS,CAE1C;IAED,IAAI,MAAM,IAAI,MAAM,GAAG,SAAS,CAE/B;IAED,IAAI,eAAe,IAAI,MAAM,CAE5B;IAED,IAAI,eAAe,IAAI,OAAO,CAE7B;IAEK,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAI9C,WAAW,CAAC,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAQxD,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAIxD,WAAW,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO;IAIxC,cAAc,IAAI,MAAM,EAAE;IAI1B,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO;IAIvC,sBAAsB,IAAI,MAAM,EAAE;IAIlC,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS;CAGnD"}
package/auth/authorization/orchestrated.authorization.d.ts CHANGED
@@ -31,6 +31,19 @@ export interface TokenStore {
31
31
  * Check if tokens exist for a provider
32
32
  */
33
33
  hasTokens(authorizationId: string, providerId: string): Promise<boolean>;
34
+ /**
35
+ * Get all provider IDs that have tokens stored for this authorization.
36
+ */
37
+ getProviderIds(authorizationId: string): Promise<string[]>;
38
+ /**
39
+ * Migrate tokens from one authorization ID to another.
40
+ * Used when tokens are stored with a pending ID during federated auth
41
+ * and need to be accessible under the real authorization ID.
42
+ *
43
+ * @param fromAuthId - Source authorization ID (e.g., "pending:abc123")
44
+ * @param toAuthId - Target authorization ID (e.g., "def456")
45
+ */
46
+ migrateTokens(fromAuthId: string, toAuthId: string): Promise<void>;
34
47
  }
35
48
  /**
36
49
  * Token refresh callback type
@@ -107,6 +120,12 @@ export interface OrchestratedAuthorizationCreateCtx {
107
120
  authorizedApps?: AuthorizationCreateCtx['authorizedApps'];
108
121
  authorizedAppIds?: string[];
109
122
  authorizedResources?: string[];
123
+ /**
124
+ * Provider IDs that the user has explicitly authorized during federated login.
125
+ * Populated from JWT claims (`federated.selectedProviders`) or token store.
126
+ * Controls which providers the authorization has access to for progressive auth.
127
+ */
128
+ authorizedProviderIds?: string[];
110
129
  }
111
130
  /**
112
131
  * OrchestratedAuthorization - Local auth server with secure token storage
@@ -164,10 +183,6 @@ export declare class OrchestratedAuthorization extends AuthorizationBase {
164
183
  * Refresh token and return new access token
165
184
  */
166
185
  private refreshAndGetToken;
167
- /**
168
- * Generate authorization ID from token
169
- */
170
- private static generateAuthorizationId;
171
186
  /**
172
187
  * Check if a provider has tokens stored
173
188
  */
package/auth/authorization/orchestrated.authorization.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"orchestrated.authorization.d.ts","sourceRoot":"","sources":["../../../src/auth/authorization/orchestrated.authorization.ts"],"names":[],"mappings":"AAGA,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,sBAAsB,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAC;AAEzE,OAAO,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAC3C,OAAO,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAC;AAExC;;;GAGG;AACH,MAAM,WAAW,UAAU;IACzB;;OAEG;IACH,cAAc,CAAC,eAAe,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAEpF;;OAEG;IACH,eAAe,CAAC,eAAe,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAErF;;OAEG;IACH,WAAW,CACT,eAAe,EAAE,MAAM,EACvB,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE;QACN,WAAW,EAAE,MAAM,CAAC;QACpB,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,SAAS,CAAC,EAAE,MAAM,CAAC;KACpB,GACA,OAAO,CAAC,IAAI,CAAC,CAAC;IAEjB;;OAEG;IACH,YAAY,CAAC,eAAe,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEzE;;OAEG;IACH,SAAS,CAAC,eAAe,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;CAC1E;AAED;;GAEG;AACH,MAAM,MAAM,oBAAoB,GAAG,CACjC,UAAU,EAAE,MAAM,EAClB,YAAY,EAAE,MAAM,KACjB,OAAO,CAAC;IACX,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC,CAAC;AAEH;;GAEG;AACH,MAAM,WAAW,yBAAyB;IACxC,kBAAkB;IAClB,EAAE,EAAE,MAAM,CAAC;IACX,kCAAkC;IAClC,cAAc,CAAC,EAAE,aAAa,CAAC;IAC/B,mCAAmC;IACnC,eAAe,CAAC,EAAE,aAAa,CAAC;IAChC,kCAAkC;IAClC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,8CAA8C;IAC9C,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,2BAA2B;IAC3B,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,kCAAkC;IACjD;;OAEG;IACH,KAAK,EAAE,MAAM,CAAC;IAEd;;OAEG;IACH,IAAI,EAAE,QAAQ,CAAC;IAEf;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAElB;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAEjC;;OAEG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;OAEG;IACH,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAE3B;;OAEG;IACH,UAAU,CAAC,EAAE,UAAU,CAAC;IAExB;;OAEG;IACH,cAAc,CAAC,EAAE,oBAAoB,CAAC;IAEtC;;OAEG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,yBAAyB,CAAC,CAAC;IAEtD;;OAEG;IACH,eAAe,CAAC,EAAE,sBAAsB,CAAC,iBAAiB,CAAC,CAAC;IAC5D,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC7B,iBAAiB,CAAC,EAAE,sBAAsB,CAAC,mBAAmB,CAAC,CAAC;IAChE,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC/B,cAAc,CAAC,EAAE,sBAAsB,CAAC,gBAAgB,CAAC,CAAC;IAC1D,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC5B,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;CAChC;AAED;;;;;;;;;GASG;AACH,qBAAa,yBAA0B,SAAQ,iBAAiB;;IAC9D,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAkB;IAEzC;;OAEG;IACH,QAAQ,CAAC,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAiBpC,OAAO;IAeP;;;;;;;;;;;;;;;;;;;;;OAqBG;IACH,MAAM,CAAC,MAAM,CAAC,GAAG,EAAE,kCAAkC,GAAG,yBAAyB;IAsDjF;;;;;;;;;OASG;IACG,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAoCpD;;OAEG;YACW,kBAAkB;IA+BhC;;OAEG;IACH,OAAO,CAAC,MAAM,CAAC,uBAAuB;IAMtC;;OAEG;IACH,WAAW,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO;IAIxC;;OAEG;IACH,cAAc,IAAI,MAAM,EAAE;IAI1B;;;OAGG;IACG,WAAW,CACf,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE;QACN,WAAW,EAAE,MAAM,CAAC;QACpB,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,SAAS,CAAC,EAAE,MAAM,CAAC;KACpB,GACA,OAAO,CAAC,IAAI,CAAC;IAqChB;;;;;;;;;;;;;;;;;;;OAmBG;IACG,mBAAmB,CACvB,KAAK,EAAE,MAAM,EACb,OAAO,EAAE,MAAM,EAAE,EACjB,MAAM,EAAE;QACN,WAAW,EAAE,MAAM,CAAC;QACpB,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,SAAS,CAAC,EAAE,MAAM,CAAC;KACpB,GACA,OAAO,CAAC,IAAI,CAAC;IAehB;;;;;;OAMG;IACG,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAcxD;;;OAGG;IACM,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO;IAIhD;;OAEG;IACH,sBAAsB,IAAI,MAAM,EAAE;IAQlC;;OAEG;IACH,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS;IAIlD;;OAEG;IACG,cAAc,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAOvD;;OAEG;IACH,IAAI,MAAM,IAAI,MAAM,GAAG,SAAS,CAE/B;CACF"}
1
+ {"version":3,"file":"orchestrated.authorization.d.ts","sourceRoot":"","sources":["../../../src/auth/authorization/orchestrated.authorization.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAC1D,OAAO,EAAE,sBAAsB,EAAE,QAAQ,EAAE,MAAM,uBAAuB,CAAC;AAEzE,OAAO,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAC3C,OAAO,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAC;AAGxC;;;GAGG;AACH,MAAM,WAAW,UAAU;IACzB;;OAEG;IACH,cAAc,CAAC,eAAe,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAEpF;;OAEG;IACH,eAAe,CAAC,eAAe,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;IAErF;;OAEG;IACH,WAAW,CACT,eAAe,EAAE,MAAM,EACvB,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE;QACN,WAAW,EAAE,MAAM,CAAC;QACpB,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,SAAS,CAAC,EAAE,MAAM,CAAC;KACpB,GACA,OAAO,CAAC,IAAI,CAAC,CAAC;IAEjB;;OAEG;IACH,YAAY,CAAC,eAAe,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEzE;;OAEG;IACH,SAAS,CAAC,eAAe,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAEzE;;OAEG;IACH,cAAc,CAAC,eAAe,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IAE3D;;;;;;;OAOG;IACH,aAAa,CAAC,UAAU,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACpE;AAED;;GAEG;AACH,MAAM,MAAM,oBAAoB,GAAG,CACjC,UAAU,EAAE,MAAM,EAClB,YAAY,EAAE,MAAM,KACjB,OAAO,CAAC;IACX,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB,CAAC,CAAC;AAEH;;GAEG;AACH,MAAM,WAAW,yBAAyB;IACxC,kBAAkB;IAClB,EAAE,EAAE,MAAM,CAAC;IACX,kCAAkC;IAClC,cAAc,CAAC,EAAE,aAAa,CAAC;IAC/B,mCAAmC;IACnC,eAAe,CAAC,EAAE,aAAa,CAAC;IAChC,kCAAkC;IAClC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,8CAA8C;IAC9C,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,2BAA2B;IAC3B,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;GAEG;AACH,MAAM,WAAW,kCAAkC;IACjD;;OAEG;IACH,KAAK,EAAE,MAAM,CAAC;IAEd;;OAEG;IACH,IAAI,EAAE,QAAQ,CAAC;IAEf;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAElB;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAEjC;;OAEG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;OAEG;IACH,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAE3B;;OAEG;IACH,UAAU,CAAC,EAAE,UAAU,CAAC;IAExB;;OAEG;IACH,cAAc,CAAC,EAAE,oBAAoB,CAAC;IAEtC;;OAEG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,yBAAyB,CAAC,CAAC;IAEtD;;OAEG;IACH,eAAe,CAAC,EAAE,sBAAsB,CAAC,iBAAiB,CAAC,CAAC;IAC5D,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC7B,iBAAiB,CAAC,EAAE,sBAAsB,CAAC,mBAAmB,CAAC,CAAC;IAChE,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC/B,cAAc,CAAC,EAAE,sBAAsB,CAAC,gBAAgB,CAAC,CAAC;IAC1D,gBAAgB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC5B,mBAAmB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC/B;;;;OAIG;IACH,qBAAqB,CAAC,EAAE,MAAM,EAAE,CAAC;CAClC;AAED;;;;;;;;;GASG;AACH,qBAAa,yBAA0B,SAAQ,iBAAiB;;IAC9D,QAAQ,CAAC,IAAI,EAAE,QAAQ,CAAkB;IAEzC;;OAEG;IACH,QAAQ,CAAC,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAiBpC,OAAO;IAeP;;;;;;;;;;;;;;;;;;;;;OAqBG;IACH,MAAM,CAAC,MAAM,CAAC,GAAG,EAAE,kCAAkC,GAAG,yBAAyB;IA2DjF;;;;;;;;;OASG;IACG,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAoCpD;;OAEG;YACW,kBAAkB;IA+BhC;;OAEG;IACH,WAAW,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO;IAIxC;;OAEG;IACH,cAAc,IAAI,MAAM,EAAE;IAI1B;;;OAGG;IACG,WAAW,CACf,UAAU,EAAE,MAAM,EAClB,MAAM,EAAE;QACN,WAAW,EAAE,MAAM,CAAC;QACpB,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,SAAS,CAAC,EAAE,MAAM,CAAC;KACpB,GACA,OAAO,CAAC,IAAI,CAAC;IAqChB;;;;;;;;;;;;;;;;;;;OAmBG;IACG,mBAAmB,CACvB,KAAK,EAAE,MAAM,EACb,OAAO,EAAE,MAAM,EAAE,EACjB,MAAM,EAAE;QACN,WAAW,EAAE,MAAM,CAAC;QACpB,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,SAAS,CAAC,EAAE,MAAM,CAAC;KACpB,GACA,OAAO,CAAC,IAAI,CAAC;IAehB;;;;;;OAMG;IACG,WAAW,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAcxD;;;OAGG;IACM,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO;IAIhD;;OAEG;IACH,sBAAsB,IAAI,MAAM,EAAE;IAQlC;;OAEG;IACH,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,EAAE,GAAG,SAAS;IAIlD;;OAEG;IACG,cAAc,CAAC,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAOvD;;OAEG;IACH,IAAI,MAAM,IAAI,MAAM,GAAG,SAAS,CAE/B;CACF"}
package/auth/authorization/orchestrated.context-extension.d.ts ADDED
@@ -0,0 +1,108 @@
1
+ /**
2
+ * Orchestrated Auth Context Extension
3
+ *
4
+ * Provides module augmentation and context extension configuration
5
+ * for adding `this.orchestration` to ExecutionContextBase.
6
+ *
7
+ * This extension allows tools to access upstream provider tokens
8
+ * in orchestrated authentication mode.
9
+ */
10
+ import type { ContextExtension } from '../../common/metadata/plugin.metadata';
11
+ import { OrchestratedAuthAccessor } from './orchestrated.accessor';
12
+ /**
13
+ * Module augmentation to add type safety for this.orchestration
14
+ */
15
+ declare module '../../common/interfaces/execution-context.interface' {
16
+ interface ExecutionContextBase {
17
+ /**
18
+ * Access orchestrated authorization for upstream provider tokens.
19
+ *
20
+ * Only available in orchestrated authentication mode when the user
21
+ * has completed multi-provider authentication.
22
+ *
23
+ * @example
24
+ * ```typescript
25
+ * @Tool({ name: 'github_repos' })
26
+ * class GitHubReposTool extends ToolContext {
27
+ * async execute(input: Input): Promise<Output> {
28
+ * // Get upstream GitHub token
29
+ * const token = await this.orchestration.getToken('github');
30
+ *
31
+ * // Use token to call GitHub API
32
+ * const response = await fetch('https://api.github.com/user/repos', {
33
+ * headers: { Authorization: `Bearer ${token}` },
34
+ * });
35
+ *
36
+ * return { repos: await response.json() };
37
+ * }
38
+ * }
39
+ * ```
40
+ *
41
+ * @example Multiple providers
42
+ * ```typescript
43
+ * @Tool({ name: 'sync_issues' })
44
+ * class SyncIssuesTool extends ToolContext {
45
+ * async execute(input: Input): Promise<Output> {
46
+ * // Check which providers are authorized
47
+ * if (this.orchestration.hasProvider('github') &&
48
+ * this.orchestration.hasProvider('jira')) {
49
+ * const githubToken = await this.orchestration.getToken('github');
50
+ * const jiraToken = await this.orchestration.getToken('jira');
51
+ *
52
+ * // Sync issues between GitHub and Jira
53
+ * }
54
+ * }
55
+ * }
56
+ * ```
57
+ *
58
+ * @example Progressive authorization
59
+ * ```typescript
60
+ * @Tool({ name: 'slack_send' })
61
+ * class SlackSendTool extends ToolContext {
62
+ * async execute(input: Input): Promise<Output> {
63
+ * // Check if Slack app is authorized
64
+ * if (!this.orchestration.isAppAuthorized('slack')) {
65
+ * // Trigger progressive auth
66
+ * throw new AuthorizationRequiredError('slack');
67
+ * }
68
+ *
69
+ * const token = await this.orchestration.getAppToken('slack');
70
+ * // Send message to Slack
71
+ * }
72
+ * }
73
+ * ```
74
+ */
75
+ readonly orchestration: OrchestratedAuthAccessor;
76
+ }
77
+ }
78
+ /**
79
+ * Context extension configuration for orchestration.
80
+ * Used to register the lazy getter on ExecutionContextBase.prototype.
81
+ *
82
+ * When the accessor is not available (not orchestrated mode, or
83
+ * user not authenticated), the property will throw an error with
84
+ * the specified errorMessage. Use getOrchestration() helper for
85
+ * graceful fallback to NullOrchestratedAuthAccessor.
86
+ */
87
+ export declare const orchestratedAuthContextExtension: ContextExtension;
88
+ /**
89
+ * Get OrchestratedAuthAccessor from context.
90
+ * Returns null accessor if not available (graceful degradation).
91
+ *
92
+ * @param ctx - Execution context
93
+ * @returns OrchestratedAuthAccessor (may be NullOrchestratedAuthAccessor)
94
+ */
95
+ export declare function getOrchestration(ctx: {
96
+ get: <T>(token: unknown) => T;
97
+ tryGet: <T>(token: unknown) => T | undefined;
98
+ }): OrchestratedAuthAccessor;
99
+ /**
100
+ * Check if orchestrated auth is available and user is authenticated.
101
+ *
102
+ * @param ctx - Execution context
103
+ * @returns true if orchestrated auth is available with authenticated user
104
+ */
105
+ export declare function hasOrchestration(ctx: {
106
+ tryGet: <T>(token: unknown) => T | undefined;
107
+ }): boolean;
108
+ //# sourceMappingURL=orchestrated.context-extension.d.ts.map
package/auth/authorization/orchestrated.context-extension.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"orchestrated.context-extension.d.ts","sourceRoot":"","sources":["../../../src/auth/authorization/orchestrated.context-extension.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,uCAAuC,CAAC;AAC9E,OAAO,EAEL,wBAAwB,EAEzB,MAAM,yBAAyB,CAAC;AAMjC;;GAEG;AACH,OAAO,QAAQ,qDAAqD,CAAC;IACnE,UAAU,oBAAoB;QAC5B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;WAyDG;QACH,QAAQ,CAAC,aAAa,EAAE,wBAAwB,CAAC;KAClD;CACF;AAMD;;;;;;;;GAQG;AACH,eAAO,MAAM,gCAAgC,EAAE,gBAM9C,CAAC;AAMF;;;;;;GAMG;AACH,wBAAgB,gBAAgB,CAAC,GAAG,EAAE;IACpC,GAAG,EAAE,CAAC,CAAC,EAAE,KAAK,EAAE,OAAO,KAAK,CAAC,CAAC;IAC9B,MAAM,EAAE,CAAC,CAAC,EAAE,KAAK,EAAE,OAAO,KAAK,CAAC,GAAG,SAAS,CAAC;CAC9C,GAAG,wBAAwB,CAG3B;AAED;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAAC,GAAG,EAAE;IAAE,MAAM,EAAE,CAAC,CAAC,EAAE,KAAK,EAAE,OAAO,KAAK,CAAC,GAAG,SAAS,CAAA;CAAE,GAAG,OAAO,CAG/F"}
package/auth/cimd/index.d.ts ADDED
@@ -0,0 +1,14 @@
1
+ /**
2
+ * CIMD (Client ID Metadata Documents) Module
3
+ *
4
+ * Re-exports from @frontmcp/auth for backward compatibility.
5
+ *
6
+ * @see https://datatracker.ietf.org/doc/html/draft-ietf-oauth-client-id-metadata-document-00
7
+ */
8
+ export { type CimdLogger, noopLogger, clientMetadataDocumentSchema, cimdCacheConfigSchema, cimdSecurityConfigSchema, cimdNetworkConfigSchema, cimdConfigSchema, type ClientMetadataDocument, type ClientMetadataDocumentInput, type CimdCacheConfig, type CimdSecurityConfig, type CimdNetworkConfig, type CimdConfig, type CimdConfigInput, type CimdResolutionResult, CimdError, InvalidClientIdUrlError, CimdFetchError, CimdValidationError, CimdClientIdMismatchError, CimdSecurityError, RedirectUriMismatchError, CimdResponseTooLargeError, CimdDisabledError, isCimdClientId, validateClientIdUrl, checkSsrfProtection, hasOnlyLocalhostRedirectUris, CimdCache, extractCacheHeaders, parseCacheHeaders, type CimdCacheEntry, type CacheableHeaders, CimdService, } from '@frontmcp/auth';
9
+ /**
10
+ * Provider token for dependency injection.
11
+ * This is SDK-specific and not included in @frontmcp/auth.
12
+ */
13
+ export declare const CimdServiceToken: unique symbol;
14
+ //# sourceMappingURL=index.d.ts.map
package/auth/cimd/index.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/auth/cimd/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAKH,OAAO,EAEL,KAAK,UAAU,EACf,UAAU,EAEV,4BAA4B,EAC5B,qBAAqB,EACrB,wBAAwB,EACxB,uBAAuB,EACvB,gBAAgB,EAChB,KAAK,sBAAsB,EAC3B,KAAK,2BAA2B,EAChC,KAAK,eAAe,EACpB,KAAK,kBAAkB,EACvB,KAAK,iBAAiB,EACtB,KAAK,UAAU,EACf,KAAK,eAAe,EACpB,KAAK,oBAAoB,EAEzB,SAAS,EACT,uBAAuB,EACvB,cAAc,EACd,mBAAmB,EACnB,yBAAyB,EACzB,iBAAiB,EACjB,wBAAwB,EACxB,yBAAyB,EACzB,iBAAiB,EAEjB,cAAc,EACd,mBAAmB,EACnB,mBAAmB,EACnB,4BAA4B,EAE5B,SAAS,EACT,mBAAmB,EACnB,iBAAiB,EACjB,KAAK,cAAc,EACnB,KAAK,gBAAgB,EAErB,WAAW,GACZ,MAAM,gBAAgB,CAAC;AAMxB;;;GAGG;AACH,eAAO,MAAM,gBAAgB,eAAwB,CAAC"}
package/auth/flows/auth.verify.flow.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"auth.verify.flow.d.ts","sourceRoot":"","sources":["../../../src/auth/flows/auth.verify.flow.ts"],"names":[],"mappings":"AAEA,OAAO,EAEL,QAAQ,EACR,cAAc,EAQf,MAAM,cAAc,CAAC;AACtB,OAAO,kBAAkB,CAAC;AAC1B,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAYxB,OAAO,EAIL,aAAa,EAEd,MAAM,kBAAkB,CAAC;AAI1B,QAAA,MAAM,WAAW;;iBAAyB,CAAC;AAG3C,QAAA,MAAM,WAAW;;;;;;;;;;;;;;;;;;;;iBAUf,CAAC;AAmBH,eAAO,MAAM,sBAAsB;;;;;;;;;;;;;;;;;;;;;;;;mBAAkD,CAAC;AAEtF,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAGtE,QAAA,MAAM,IAAI;;;CAU2B,CAAC;AAGtC,OAAO,CAAC,MAAM,CAAC;IACb,UAAU,WAAW;QACnB,aAAa,EAAE,cAAc,CAC3B,cAAc,EACd,OAAO,IAAI,EACX,OAAO,WAAW,EAClB,OAAO,sBAAsB,EAC7B,OAAO,WAAW,CACnB,CAAC;KACH;CACF;AAED,QAAA,MAAM,IAAI,EAAG,aAAsB,CAAC;AAGpC;;;;;;;;;GASG;AAQH,MAAM,CAAC,OAAO,OAAO,cAAe,SAAQ,QAAQ,CAAC,OAAO,IAAI,CAAC;IAC/D,OAAO,CAAC,MAAM,CAA6C;IAE3D;;OAEG;IAEG,UAAU;IA6BhB;;OAEG;IAEG,iBAAiB;IAcvB;;OAEG;IAIG,gBAAgB;IAqBtB;;;OAGG;IAQG,uBAAuB;IAsB7B;;OAEG;IAWG,0BAA0B;IAShC;;OAEG;IAIG,WAAW;IAwGjB;;OAEG;IAEG,kBAAkB;IA2DxB;;OAEG;IACH,OAAO,CAAC,QAAQ;IA0BhB;;OAEG;IACH,OAAO,CAAC,WAAW;CAMpB"}
1
+ {"version":3,"file":"auth.verify.flow.d.ts","sourceRoot":"","sources":["../../../src/auth/flows/auth.verify.flow.ts"],"names":[],"mappings":"AAEA,OAAO,EAEL,QAAQ,EACR,cAAc,EAQf,MAAM,cAAc,CAAC;AACtB,OAAO,kBAAkB,CAAC;AAC1B,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAexB,OAAO,EAKL,aAAa,EAGd,MAAM,kBAAkB,CAAC;AAK1B,QAAA,MAAM,WAAW;;iBAAyB,CAAC;AAG3C,QAAA,MAAM,WAAW;;;;;;;;;;;;;;;;;;;;iBAUf,CAAC;AAmBH,eAAO,MAAM,sBAAsB;;;;;;;;;;;;;;;;;;;;;;;;mBAAkD,CAAC;AAEtF,MAAM,MAAM,gBAAgB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,sBAAsB,CAAC,CAAC;AAGtE,QAAA,MAAM,IAAI;;;CAU2B,CAAC;AAGtC,OAAO,CAAC,MAAM,CAAC;IACb,UAAU,WAAW;QACnB,aAAa,EAAE,cAAc,CAC3B,cAAc,EACd,OAAO,IAAI,EACX,OAAO,WAAW,EAClB,OAAO,sBAAsB,EAC7B,OAAO,WAAW,CACnB,CAAC;KACH;CACF;AAED,QAAA,MAAM,IAAI,EAAG,aAAsB,CAAC;AAGpC;;;;;;;;;GASG;AAQH,MAAM,CAAC,OAAO,OAAO,cAAe,SAAQ,QAAQ,CAAC,OAAO,IAAI,CAAC;IAC/D,OAAO,CAAC,MAAM,CAA6C;IAE3D;;OAEG;IAEG,UAAU;IA6BhB;;OAEG;IAEG,iBAAiB;IAcvB;;OAEG;IAIG,gBAAgB;IAqBtB;;;OAGG;IAQG,uBAAuB;IAsB7B;;OAEG;IAWG,0BAA0B;IAShC;;OAEG;IAIG,WAAW;IAwGjB;;OAEG;IAEG,kBAAkB;IA8FxB;;OAEG;IACH,OAAO,CAAC,QAAQ;IA0BhB;;OAEG;IACH,OAAO,CAAC,WAAW;CAMpB"}
package/auth/flows/oauth.authorize.flow.d.ts CHANGED
@@ -69,6 +69,33 @@ declare const stateSchema: z.ZodObject<{
69
69
  existingSessionId: z.ZodOptional<z.ZodString>;
70
70
  requiresFederatedLogin: z.ZodDefault<z.ZodBoolean>;
71
71
  requiresConsent: z.ZodDefault<z.ZodBoolean>;
72
+ isCimdClient: z.ZodDefault<z.ZodBoolean>;
73
+ cimdMetadata: z.ZodOptional<z.ZodObject<{
74
+ client_id: z.ZodString;
75
+ client_name: z.ZodString;
76
+ redirect_uris: z.ZodArray<z.ZodString>;
77
+ token_endpoint_auth_method: z.ZodDefault<z.ZodEnum<{
78
+ none: "none";
79
+ client_secret_basic: "client_secret_basic";
80
+ client_secret_post: "client_secret_post";
81
+ private_key_jwt: "private_key_jwt";
82
+ }>>;
83
+ grant_types: z.ZodDefault<z.ZodArray<z.ZodString>>;
84
+ response_types: z.ZodDefault<z.ZodArray<z.ZodString>>;
85
+ client_uri: z.ZodOptional<z.ZodString>;
86
+ logo_uri: z.ZodOptional<z.ZodString>;
87
+ jwks_uri: z.ZodOptional<z.ZodString>;
88
+ jwks: z.ZodOptional<z.ZodObject<{
89
+ keys: z.ZodArray<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
90
+ }, z.core.$strip>>;
91
+ tos_uri: z.ZodOptional<z.ZodString>;
92
+ policy_uri: z.ZodOptional<z.ZodString>;
93
+ scope: z.ZodOptional<z.ZodString>;
94
+ contacts: z.ZodOptional<z.ZodArray<z.ZodString>>;
95
+ software_statement: z.ZodOptional<z.ZodString>;
96
+ software_id: z.ZodOptional<z.ZodString>;
97
+ software_version: z.ZodOptional<z.ZodString>;
98
+ }, z.core.$strip>>;
72
99
  }, z.core.$strip>;
73
100
  declare const outputSchema: z.ZodUnion<readonly [z.ZodObject<{
74
101
  kind: z.ZodLiteral<"redirect">;
@@ -83,8 +110,8 @@ declare const outputSchema: z.ZodUnion<readonly [z.ZodObject<{
83
110
  httpOnly: z.ZodDefault<z.ZodBoolean>;
84
111
  secure: z.ZodOptional<z.ZodBoolean>;
85
112
  sameSite: z.ZodOptional<z.ZodEnum<{
86
- lax: "lax";
87
113
  strict: "strict";
114
+ lax: "lax";
88
115
  none: "none";
89
116
  }>>;
90
117
  maxAge: z.ZodOptional<z.ZodNumber>;
@@ -104,8 +131,8 @@ declare const outputSchema: z.ZodUnion<readonly [z.ZodObject<{
104
131
  httpOnly: z.ZodDefault<z.ZodBoolean>;
105
132
  secure: z.ZodOptional<z.ZodBoolean>;
106
133
  sameSite: z.ZodOptional<z.ZodEnum<{
107
- lax: "lax";
108
134
  strict: "strict";
135
+ lax: "lax";
109
136
  none: "none";
110
137
  }>>;
111
138
  maxAge: z.ZodOptional<z.ZodNumber>;
@@ -123,8 +150,8 @@ declare const outputSchema: z.ZodUnion<readonly [z.ZodObject<{
123
150
  httpOnly: z.ZodDefault<z.ZodBoolean>;
124
151
  secure: z.ZodOptional<z.ZodBoolean>;
125
152
  sameSite: z.ZodOptional<z.ZodEnum<{
126
- lax: "lax";
127
153
  strict: "strict";
154
+ lax: "lax";
128
155
  none: "none";
129
156
  }>>;
130
157
  maxAge: z.ZodOptional<z.ZodNumber>;
package/auth/flows/oauth.authorize.flow.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"oauth.authorize.flow.d.ts","sourceRoot":"","sources":["../../../src/auth/flows/oauth.authorize.flow.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AACH;;;;;;GAMG;AACH,OAAO,EAEL,QAAQ,EAER,cAAc,EAQf,MAAM,cAAc,CAAC;AACtB,OAAO,EAAE,CAAC,EAAY,MAAM,KAAK,CAAC;AAsDlC;;GAEG;AACH,QAAA,MAAM,2BAA2B;;;;;;;;;iBAS/B,CAAC;AAEH;;GAEG;AACH,QAAA,MAAM,+BAA+B;;;iBAGnC,CAAC;AAEH,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,2BAA2B,CAAC,CAAC;AAChF,MAAM,MAAM,yBAAyB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,+BAA+B,CAAC,CAAC;AAMxF,QAAA,MAAM,WAAW;;;;iBAAkB,CAAC;AAEpC,QAAA,MAAM,WAAW;;;;;;;;;;;;;;;;;;;;;;;;iBAsBf,CAAC;AAEH,QAAA,MAAM,YAAY;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;mBAIhB,CAAC;AAEH,QAAA,MAAM,IAAI;;;;CAQ2B,CAAC;AAEtC,OAAO,CAAC,MAAM,CAAC;IACb,UAAU,WAAW;QACnB,iBAAiB,EAAE,cAAc,CAC/B,kBAAkB,EAClB,OAAO,IAAI,EACX,OAAO,WAAW,EAClB,OAAO,YAAY,EACnB,OAAO,WAAW,CACnB,CAAC;KACH;CACF;AAED,QAAA,MAAM,IAAI,EAAG,iBAA0B,CAAC;AAcxC,MAAM,CAAC,OAAO,OAAO,kBAAmB,SAAQ,QAAQ,CAAC,OAAO,IAAI,CAAC;IACnE,OAAO,CAAC,MAAM,CAAiD;IAGzD,UAAU;IAiEV,aAAa;IAoDb,iBAAiB;IAOjB,2BAA2B;IAmG3B,oBAAoB;IA6FpB,cAAc;IAIpB;;OAEG;IACH,OAAO,CAAC,eAAe;IAOvB;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAsBxB;;OAEG;IACH,OAAO,CAAC,eAAe;IAiBvB;;OAEG;IACH,OAAO,CAAC,yBAAyB;IAyBjC;;OAEG;IACH,OAAO,CAAC,wBAAwB;IA4BhC;;;OAGG;IACH,OAAO,CAAC,iBAAiB;IA+QzB;;OAEG;IACH,OAAO,CAAC,eAAe;CAyCxB"}
1
+ {"version":3,"file":"oauth.authorize.flow.d.ts","sourceRoot":"","sources":["../../../src/auth/flows/oauth.authorize.flow.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AACH;;;;;;GAMG;AACH,OAAO,EAEL,QAAQ,EAER,cAAc,EAQf,MAAM,cAAc,CAAC;AACtB,OAAO,EAAE,CAAC,EAAY,MAAM,KAAK,CAAC;AAuDlC;;GAEG;AACH,QAAA,MAAM,2BAA2B;;;;;;;;;iBAS/B,CAAC;AAEH;;GAEG;AACH,QAAA,MAAM,+BAA+B;;;iBAGnC,CAAC;AAEH,MAAM,MAAM,qBAAqB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,2BAA2B,CAAC,CAAC;AAChF,MAAM,MAAM,yBAAyB,GAAG,CAAC,CAAC,KAAK,CAAC,OAAO,+BAA+B,CAAC,CAAC;AAMxF,QAAA,MAAM,WAAW;;;;iBAAkB,CAAC;AAEpC,QAAA,MAAM,WAAW;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;iBAyBf,CAAC;AAEH,QAAA,MAAM,YAAY;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;mBAIhB,CAAC;AAEH,QAAA,MAAM,IAAI;;;;CAQ2B,CAAC;AAEtC,OAAO,CAAC,MAAM,CAAC;IACb,UAAU,WAAW;QACnB,iBAAiB,EAAE,cAAc,CAC/B,kBAAkB,EAClB,OAAO,IAAI,EACX,OAAO,WAAW,EAClB,OAAO,YAAY,EACnB,OAAO,WAAW,CACnB,CAAC;KACH;CACF;AAED,QAAA,MAAM,IAAI,EAAG,iBAA0B,CAAC;AAcxC,MAAM,CAAC,OAAO,OAAO,kBAAmB,SAAQ,QAAQ,CAAC,OAAO,IAAI,CAAC;IACnE,OAAO,CAAC,MAAM,CAAiD;IAGzD,UAAU;IAiEV,aAAa;IAmFb,iBAAiB;IAOjB,2BAA2B;IAmG3B,oBAAoB;IA0GpB,cAAc;IAIpB;;OAEG;IACH,OAAO,CAAC,eAAe;IAOvB;;OAEG;IACH,OAAO,CAAC,gBAAgB;IAsBxB;;OAEG;IACH,OAAO,CAAC,eAAe;IAmBvB;;OAEG;IACH,OAAO,CAAC,yBAAyB;IAyBjC;;OAEG;IACH,OAAO,CAAC,wBAAwB;IA4BhC;;;OAGG;IACH,OAAO,CAAC,iBAAiB;IAkRzB;;OAEG;IACH,OAAO,CAAC,eAAe;CAyCxB"}
package/auth/flows/oauth.callback.flow.d.ts CHANGED
@@ -53,8 +53,8 @@ declare const outputSchema: z.ZodUnion<readonly [z.ZodObject<{
53
53
  httpOnly: z.ZodDefault<z.ZodBoolean>;
54
54
  secure: z.ZodOptional<z.ZodBoolean>;
55
55
  sameSite: z.ZodOptional<z.ZodEnum<{
56
- lax: "lax";
57
56
  strict: "strict";
57
+ lax: "lax";
58
58
  none: "none";
59
59
  }>>;
60
60
  maxAge: z.ZodOptional<z.ZodNumber>;
@@ -72,8 +72,8 @@ declare const outputSchema: z.ZodUnion<readonly [z.ZodObject<{
72
72
  httpOnly: z.ZodDefault<z.ZodBoolean>;
73
73
  secure: z.ZodOptional<z.ZodBoolean>;
74
74
  sameSite: z.ZodOptional<z.ZodEnum<{
75
- lax: "lax";
76
75
  strict: "strict";
76
+ lax: "lax";
77
77
  none: "none";
78
78
  }>>;
79
79
  maxAge: z.ZodOptional<z.ZodNumber>;
@@ -84,7 +84,7 @@ declare const outputSchema: z.ZodUnion<readonly [z.ZodObject<{
84
84
  }, z.core.$strip>]>;
85
85
  declare const plan: {
86
86
  readonly pre: ["parseInput", "validatePendingAuth"];
87
- readonly execute: ["handleIncrementalAuth", "createAuthorizationCode", "redirectToClient"];
87
+ readonly execute: ["handleIncrementalAuth", "handleFederatedAuth", "createAuthorizationCode", "redirectToClient"];
88
88
  };
89
89
  declare global {
90
90
  interface ExtendFlows {
@@ -102,6 +102,14 @@ export default class OauthCallbackFlow extends FlowBase<typeof name> {
102
102
  * requiring full re-authentication
103
103
  */
104
104
  handleIncrementalAuth(): Promise<void>;
105
+ /**
106
+ * Handle federated authentication - start provider chain
107
+ * When user selects providers on federated login page, we need to:
108
+ * 1. Create a federated session to track progress
109
+ * 2. Start OAuth flow with the first selected provider
110
+ * 3. Chain through remaining providers
111
+ */
112
+ handleFederatedAuth(): Promise<void>;
105
113
  createAuthorizationCode(): Promise<void>;
106
114
  redirectToClient(): Promise<void>;
107
115
  /**
package/auth/flows/oauth.callback.flow.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"oauth.callback.flow.d.ts","sourceRoot":"","sources":["../../../src/auth/flows/oauth.callback.flow.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAEL,QAAQ,EAER,cAAc,EAMf,MAAM,cAAc,CAAC;AACtB,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAKxB,QAAA,MAAM,WAAW;;;;iBAAkB,CAAC;AAEpC,QAAA,MAAM,WAAW;;;;;;;;;;;;;;;;;;;;;;iBA4Bf,CAAC;AAEH,QAAA,MAAM,YAAY;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;mBAAgD,CAAC;AAEnE,QAAA,MAAM,IAAI;;;CAG2B,CAAC;AAEtC,OAAO,CAAC,MAAM,CAAC;IACb,UAAU,WAAW;QACnB,gBAAgB,EAAE,cAAc,CAC9B,iBAAiB,EACjB,OAAO,IAAI,EACX,OAAO,WAAW,EAClB,OAAO,YAAY,EACnB,OAAO,WAAW,CACnB,CAAC;KACH;CACF;AAED,QAAA,MAAM,IAAI,EAAG,gBAAyB,CAAC;AAcvC,MAAM,CAAC,OAAO,OAAO,iBAAkB,SAAQ,QAAQ,CAAC,OAAO,IAAI,CAAC;IAClE,OAAO,CAAC,MAAM,CAAgD;IAGxD,UAAU;IAsDV,mBAAmB;IA2EzB;;;;OAIG;IAEG,qBAAqB;IA0BrB,uBAAuB;IAmEvB,gBAAgB;IAqCtB;;;OAGG;IACH,OAAO,CAAC,eAAe;IAQvB;;OAEG;IACH,OAAO,CAAC,eAAe;CAqDxB"}
1
+ {"version":3,"file":"oauth.callback.flow.d.ts","sourceRoot":"","sources":["../../../src/auth/flows/oauth.callback.flow.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAEL,QAAQ,EAER,cAAc,EAMf,MAAM,cAAc,CAAC;AACtB,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAMxB,QAAA,MAAM,WAAW;;;;iBAAkB,CAAC;AAEpC,QAAA,MAAM,WAAW;;;;;;;;;;;;;;;;;;;;;;iBA4Bf,CAAC;AAEH,QAAA,MAAM,YAAY;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;mBAAgD,CAAC;AAEnE,QAAA,MAAM,IAAI;;;CAG2B,CAAC;AAEtC,OAAO,CAAC,MAAM,CAAC;IACb,UAAU,WAAW;QACnB,gBAAgB,EAAE,cAAc,CAC9B,iBAAiB,EACjB,OAAO,IAAI,EACX,OAAO,WAAW,EAClB,OAAO,YAAY,EACnB,OAAO,WAAW,CACnB,CAAC;KACH;CACF;AAED,QAAA,MAAM,IAAI,EAAG,gBAAyB,CAAC;AAcvC,MAAM,CAAC,OAAO,OAAO,iBAAkB,SAAQ,QAAQ,CAAC,OAAO,IAAI,CAAC;IAClE,OAAO,CAAC,MAAM,CAAgD;IAGxD,UAAU;IAsDV,mBAAmB;IAqHzB;;;;OAIG;IAEG,qBAAqB;IAyB3B;;;;;;OAMG;IAEG,mBAAmB;IAiInB,uBAAuB;IAmEvB,gBAAgB;IAqCtB;;;OAGG;IACH,OAAO,CAAC,eAAe;IAQvB;;OAEG;IACH,OAAO,CAAC,eAAe;CAqDxB"}
package/auth/flows/oauth.provider-callback.flow.d.ts ADDED
@@ -0,0 +1,118 @@
1
+ /**
2
+ * OAuth Provider Callback Endpoint — GET /oauth/provider/:providerId/callback
3
+ *
4
+ * Who calls: Browser after user completes OAuth with an upstream provider
5
+ *
6
+ * When: During multi-provider (federated) authentication flow
7
+ *
8
+ * Purpose: Exchange upstream provider's authorization code for tokens,
9
+ * store tokens securely, then redirect to next provider or complete auth
10
+ *
11
+ * Flow:
12
+ * 1. User selects providers on federated login page
13
+ * 2. System redirects to first provider's /authorize
14
+ * 3. User completes auth with provider
15
+ * 4. Provider redirects here with authorization code
16
+ * 5. We exchange code for tokens, store them
17
+ * 6. If more providers in queue, redirect to next
18
+ * 7. If all providers done, issue FrontMCP JWT
19
+ */
20
+ import { FlowBase, FlowRunOptions } from '../../common';
21
+ import { z } from 'zod';
22
+ declare const inputSchema: z.ZodObject<{
23
+ request: z.ZodObject<{}, z.core.$loose>;
24
+ response: z.ZodObject<{}, z.core.$loose>;
25
+ next: z.ZodOptional<z.ZodFunction<z.core.$ZodFunctionArgs, z.core.$ZodFunctionOut>>;
26
+ }, z.core.$strip>;
27
+ declare const stateSchema: z.ZodObject<{
28
+ providerId: z.ZodOptional<z.ZodString>;
29
+ code: z.ZodOptional<z.ZodString>;
30
+ error: z.ZodOptional<z.ZodString>;
31
+ errorDescription: z.ZodOptional<z.ZodString>;
32
+ providerState: z.ZodOptional<z.ZodString>;
33
+ federatedSessionId: z.ZodOptional<z.ZodString>;
34
+ federatedSession: z.ZodOptional<z.ZodUnknown>;
35
+ providerTokens: z.ZodOptional<z.ZodUnknown>;
36
+ providerUserInfo: z.ZodOptional<z.ZodUnknown>;
37
+ }, z.core.$strip>;
38
+ declare const outputSchema: z.ZodUnion<readonly [z.ZodObject<{
39
+ kind: z.ZodLiteral<"redirect">;
40
+ status: z.ZodDefault<z.ZodType<301 | 302 | 303 | 307 | 308, unknown, z.core.$ZodTypeInternals<301 | 302 | 303 | 307 | 308, unknown>>>;
41
+ location: z.ZodString;
42
+ headers: z.ZodOptional<z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodUnion<readonly [z.ZodString, z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>]>>>>;
43
+ cookies: z.ZodOptional<z.ZodDefault<z.ZodArray<z.ZodObject<{
44
+ name: z.ZodString;
45
+ value: z.ZodString;
46
+ path: z.ZodDefault<z.ZodString>;
47
+ domain: z.ZodOptional<z.ZodString>;
48
+ httpOnly: z.ZodDefault<z.ZodBoolean>;
49
+ secure: z.ZodOptional<z.ZodBoolean>;
50
+ sameSite: z.ZodOptional<z.ZodEnum<{
51
+ strict: "strict";
52
+ lax: "lax";
53
+ none: "none";
54
+ }>>;
55
+ maxAge: z.ZodOptional<z.ZodNumber>;
56
+ expires: z.ZodOptional<z.ZodDate>;
57
+ }, z.core.$strip>>>>;
58
+ }, z.core.$strip>, z.ZodObject<{
59
+ status: z.ZodNumber;
60
+ body: z.ZodString;
61
+ headers: z.ZodOptional<z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodUnion<readonly [z.ZodString, z.ZodUnion<readonly [z.ZodString, z.ZodArray<z.ZodString>]>]>>>>;
62
+ cookies: z.ZodOptional<z.ZodDefault<z.ZodArray<z.ZodObject<{
63
+ name: z.ZodString;
64
+ value: z.ZodString;
65
+ path: z.ZodDefault<z.ZodString>;
66
+ domain: z.ZodOptional<z.ZodString>;
67
+ httpOnly: z.ZodDefault<z.ZodBoolean>;
68
+ secure: z.ZodOptional<z.ZodBoolean>;
69
+ sameSite: z.ZodOptional<z.ZodEnum<{
70
+ strict: "strict";
71
+ lax: "lax";
72
+ none: "none";
73
+ }>>;
74
+ maxAge: z.ZodOptional<z.ZodNumber>;
75
+ expires: z.ZodOptional<z.ZodDate>;
76
+ }, z.core.$strip>>>>;
77
+ kind: z.ZodLiteral<"html">;
78
+ contentType: z.ZodDefault<z.ZodLiteral<"text/html; charset=utf-8">>;
79
+ }, z.core.$strip>]>;
80
+ declare const plan: {
81
+ readonly pre: ["parseInput", "loadFederatedSession", "validateProviderCallback"];
82
+ readonly execute: ["exchangeProviderCode", "storeProviderTokens", "handleNextProviderOrComplete"];
83
+ };
84
+ declare global {
85
+ interface ExtendFlows {
86
+ 'oauth:provider-callback': FlowRunOptions<OauthProviderCallbackFlow, typeof plan, typeof inputSchema, typeof outputSchema, typeof stateSchema>;
87
+ }
88
+ }
89
+ declare const name: "oauth:provider-callback";
90
+ export default class OauthProviderCallbackFlow extends FlowBase<typeof name> {
91
+ private logger;
92
+ /**
93
+ * Get LocalPrimaryAuth instance with type safety
94
+ * @throws Error if auth is not LocalPrimaryAuth
95
+ */
96
+ private getLocalAuth;
97
+ parseInput(): Promise<void>;
98
+ loadFederatedSession(): Promise<void>;
99
+ validateProviderCallback(): Promise<void>;
100
+ exchangeProviderCode(): Promise<void>;
101
+ storeProviderTokens(): Promise<void>;
102
+ handleNextProviderOrComplete(): Promise<void>;
103
+ /**
104
+ * Complete the federated auth flow and issue FrontMCP JWT
105
+ */
106
+ private completeFederatedAuth;
107
+ /**
108
+ * Generate a deterministic user sub from email
109
+ */
110
+ private generateUserSub;
111
+ /**
112
+ * Render an error page
113
+ */
114
+ private renderErrorPage;
115
+ private getStateValidation;
116
+ }
117
+ export {};
118
+ //# sourceMappingURL=oauth.provider-callback.flow.d.ts.map
package/auth/flows/oauth.provider-callback.flow.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"oauth.provider-callback.flow.d.ts","sourceRoot":"","sources":["../../../src/auth/flows/oauth.provider-callback.flow.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,EAEL,QAAQ,EAER,cAAc,EAOf,MAAM,cAAc,CAAC;AACtB,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAiBxB,QAAA,MAAM,WAAW;;;;iBAAkB,CAAC;AAEpC,QAAA,MAAM,WAAW;;;;;;;;;;iBAcf,CAAC;AAEH,QAAA,MAAM,YAAY;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;mBAAgD,CAAC;AAEnE,QAAA,MAAM,IAAI;;;CAG2B,CAAC;AAEtC,OAAO,CAAC,MAAM,CAAC;IACb,UAAU,WAAW;QACnB,yBAAyB,EAAE,cAAc,CACvC,yBAAyB,EACzB,OAAO,IAAI,EACX,OAAO,WAAW,EAClB,OAAO,YAAY,EACnB,OAAO,WAAW,CACnB,CAAC;KACH;CACF;AAED,QAAA,MAAM,IAAI,EAAG,yBAAkC,CAAC;AAchD,MAAM,CAAC,OAAO,OAAO,yBAA0B,SAAQ,QAAQ,CAAC,OAAO,IAAI,CAAC;IAC1E,OAAO,CAAC,MAAM,CAAwD;IAEtE;;;OAGG;IACH,OAAO,CAAC,YAAY;IASd,UAAU;IA0BV,oBAAoB;IAkEpB,wBAAwB;IAmDxB,oBAAoB;IA0EpB,mBAAmB;IAkDnB,4BAA4B;IAkElC;;OAEG;YACW,qBAAqB;IA8CnC;;OAEG;IACH,OAAO,CAAC,eAAe;IAQvB;;OAEG;IACH,OAAO,CAAC,eAAe;IAqDvB,OAAO,CAAC,kBAAkB;CAO3B"}
package/auth/flows/oauth.register.flow.d.ts CHANGED
@@ -56,8 +56,8 @@ declare const outputSchema: z.ZodObject<{
56
56
  httpOnly: z.ZodDefault<z.ZodBoolean>;
57
57
  secure: z.ZodOptional<z.ZodBoolean>;
58
58
  sameSite: z.ZodOptional<z.ZodEnum<{
59
- lax: "lax";
60
59
  strict: "strict";
60
+ lax: "lax";
61
61
  none: "none";
62
62
  }>>;
63
63
  maxAge: z.ZodOptional<z.ZodNumber>;
package/auth/flows/oauth.token.flow.d.ts CHANGED
@@ -108,8 +108,8 @@ declare const outputSchema: z.ZodObject<{
108
108
  httpOnly: z.ZodDefault<z.ZodBoolean>;
109
109
  secure: z.ZodOptional<z.ZodBoolean>;
110
110
  sameSite: z.ZodOptional<z.ZodEnum<{
111
- lax: "lax";
112
111
  strict: "strict";
112
+ lax: "lax";
113
113
  none: "none";
114
114
  }>>;
115
115
  maxAge: z.ZodOptional<z.ZodNumber>;