@inkeep/agents-core 0.0.0-dev-20250910233133 → 0.0.0-dev-20250910233441

package/dist/utils/auth-detection.js

@@ -1,148 +0,0 @@
-/**
- * Centralized authentication detection utilities for MCP tools
- */
-/**
- * Helper function to construct well-known OAuth endpoint URLs
- */
-const getWellKnownUrls = (baseUrl) => [
-    `${baseUrl}/.well-known/oauth-authorization-server`,
-    `${baseUrl}/.well-known/openid-configuration`,
-];
-/**
- * Helper function to validate OAuth metadata for PKCE support
- */
-const validateOAuthMetadata = (metadata) => {
-    return metadata.code_challenge_methods_supported?.includes('S256');
-};
-/**
- * Helper function to construct OAuthConfig from metadata
- */
-const buildOAuthConfig = (metadata) => ({
-    authorizationUrl: metadata.authorization_endpoint,
-    tokenUrl: metadata.token_endpoint,
-    registrationUrl: metadata.registration_endpoint,
-    supportsDynamicRegistration: !!metadata.registration_endpoint,
-});
-/**
- * Helper function to try OAuth discovery at well-known endpoints
- */
-const tryWellKnownEndpoints = async (baseUrl, logger) => {
-    const wellKnownUrls = getWellKnownUrls(baseUrl);
-    for (const wellKnownUrl of wellKnownUrls) {
-        try {
-            const response = await fetch(wellKnownUrl);
-            if (response.ok) {
-                const metadata = await response.json();
-                if (validateOAuthMetadata(metadata)) {
-                    logger?.debug({ baseUrl, wellKnownUrl }, 'OAuth 2.1/PKCE support detected');
-                    return buildOAuthConfig(metadata);
-                }
-            }
-        }
-        catch (error) {
-            logger?.debug({ wellKnownUrl, error }, 'OAuth endpoint check failed');
-        }
-    }
-    return null;
-};
-/**
- * Check if a server supports OAuth 2.1/PKCE endpoints (simple boolean)
- */
-const checkForOAuthEndpoints = async (serverUrl, logger) => {
-    const config = await discoverOAuthEndpoints(serverUrl, logger);
-    return config !== null;
-};
-/**
- * Full OAuth endpoint discovery with complete configuration
- */
-export const discoverOAuthEndpoints = async (serverUrl, logger) => {
-    try {
-        // 1. Try direct 401 response first
-        const response = await fetch(serverUrl, {
-            method: 'POST',
-            headers: { 'Content-Type': 'application/json' },
-            body: JSON.stringify({}),
-        });
-        if (response.status === 401) {
-            const wwwAuth = response.headers.get('WWW-Authenticate');
-            if (wwwAuth) {
-                // Parse Protected Resource Metadata URL from WWW-Authenticate header
-                const metadataMatch = wwwAuth.match(/as_uri="([^"]+)"/);
-                if (metadataMatch) {
-                    const metadataResponse = await fetch(metadataMatch[1]);
-                    if (metadataResponse.ok) {
-                        const metadata = (await metadataResponse.json());
-                        if (metadata.authorization_servers?.length > 0) {
-                            return await tryWellKnownEndpoints(metadata.authorization_servers[0], logger);
-                        }
-                    }
-                }
-            }
-        }
-    }
-    catch (_error) {
-        // Continue to well-known endpoints
-    }
-    // 2. Try well-known endpoints
-    const url = new URL(serverUrl);
-    const baseUrl = `${url.protocol}//${url.host}`;
-    return await tryWellKnownEndpoints(baseUrl, logger);
-};
-/**
- * Detect if OAuth 2.1/PKCE authentication is specifically required for a tool
- */
-export const detectAuthenticationRequired = async (tool, error, logger) => {
-    const serverUrl = tool.config.mcp.server.url;
-    // 1. First, try OAuth 2.1/PKCE endpoint discovery (most reliable for our use case)
-    let hasOAuthEndpoints = false;
-    try {
-        hasOAuthEndpoints = await checkForOAuthEndpoints(serverUrl);
-        if (hasOAuthEndpoints) {
-            logger?.info({ toolId: tool.id, serverUrl }, 'OAuth 2.1/PKCE support confirmed via endpoint discovery');
-            return true; // Server supports OAuth 2.1/PKCE, prioritize this
-        }
-    }
-    catch (discoveryError) {
-        logger?.debug({ toolId: tool.id, discoveryError }, 'OAuth endpoint discovery failed');
-    }
-    // 2. Check for 401 with OAuth-specific WWW-Authenticate header
-    try {
-        const response = await fetch(serverUrl, {
-            method: 'POST',
-            headers: { 'Content-Type': 'application/json' },
-            body: JSON.stringify({
-                jsonrpc: '2.0',
-                method: 'initialize',
-                id: 1,
-                params: { protocolVersion: '2024-11-05', capabilities: {} },
-            }),
-        });
-        // Check for 401 with OAuth-specific WWW-Authenticate header
-        if (response.status === 401) {
-            const wwwAuth = response.headers.get('WWW-Authenticate');
-            // Only return true for OAuth-specific auth schemes (not Basic, API Key, etc.)
-            if (wwwAuth &&
-                (wwwAuth.toLowerCase().includes('bearer') ||
-                    wwwAuth.toLowerCase().includes('oauth') ||
-                    wwwAuth.toLowerCase().includes('authorization_uri'))) {
-                logger?.info({ toolId: tool.id, wwwAuth }, 'OAuth authentication detected via WWW-Authenticate header');
-                return true;
-            }
-        }
-    }
-    catch (fetchError) {
-        logger?.debug({ toolId: tool.id, fetchError }, 'Direct fetch authentication check failed');
-    }
-    // 3. Check if 401 error message AND OAuth endpoints exist together
-    if (error.message.includes('401') || error.message.toLowerCase().includes('unauthorized')) {
-        if (hasOAuthEndpoints) {
-            logger?.info({ toolId: tool.id, error: error.message }, 'OAuth required: 401 error + OAuth endpoints detected');
-            return true; // Only return true if BOTH 401 AND OAuth endpoints exist
-        }
-    }
-    // If none of the OAuth-specific checks pass, return false
-    // (This means we won't trigger OAuth flow for Basic Auth, API keys, etc.)
-    logger?.debug({ toolId: tool.id, error: error.message }, 'No OAuth authentication requirement detected');
-    return false;
-};
-//# sourceMappingURL=auth-detection.js.map

package/dist/utils/auth-detection.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"auth-detection.js","sourceRoot":"","sources":["../../src/utils/auth-detection.ts"],"names":[],"mappings":"AAAA;;GAEG;AAeH;;GAEG;AACH,MAAM,gBAAgB,GAAG,CAAC,OAAe,EAAY,EAAE,CAAC;IACtD,GAAG,OAAO,yCAAyC;IACnD,GAAG,OAAO,mCAAmC;CAC9C,CAAC;AAEF;;GAEG;AACH,MAAM,qBAAqB,GAAG,CAAC,QAAa,EAAW,EAAE;IACvD,OAAO,QAAQ,CAAC,gCAAgC,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;AACrE,CAAC,CAAC;AAEF;;GAEG;AACH,MAAM,gBAAgB,GAAG,CAAC,QAAa,EAAe,EAAE,CAAC,CAAC;IACxD,gBAAgB,EAAE,QAAQ,CAAC,sBAAsB;IACjD,QAAQ,EAAE,QAAQ,CAAC,cAAc;IACjC,eAAe,EAAE,QAAQ,CAAC,qBAAqB;IAC/C,2BAA2B,EAAE,CAAC,CAAC,QAAQ,CAAC,qBAAqB;CAC9D,CAAC,CAAC;AAEH;;GAEG;AACH,MAAM,qBAAqB,GAAG,KAAK,EACjC,OAAe,EACf,MAAe,EACc,EAAE;IAC/B,MAAM,aAAa,GAAG,gBAAgB,CAAC,OAAO,CAAC,CAAC;IAEhD,KAAK,MAAM,YAAY,IAAI,aAAa,EAAE,CAAC;QACzC,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,YAAY,CAAC,CAAC;YAC3C,IAAI,QAAQ,CAAC,EAAE,EAAE,CAAC;gBAChB,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;gBACvC,IAAI,qBAAqB,CAAC,QAAQ,CAAC,EAAE,CAAC;oBACpC,MAAM,EAAE,KAAK,CAAC,EAAE,OAAO,EAAE,YAAY,EAAE,EAAE,iCAAiC,CAAC,CAAC;oBAC5E,OAAO,gBAAgB,CAAC,QAAQ,CAAC,CAAC;gBACpC,CAAC;YACH,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,EAAE,KAAK,CAAC,EAAE,YAAY,EAAE,KAAK,EAAE,EAAE,6BAA6B,CAAC,CAAC;QACxE,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC,CAAC;AAEF;;GAEG;AACH,MAAM,sBAAsB,GAAG,KAAK,EAAE,SAAiB,EAAE,MAAe,EAAoB,EAAE;IAC5F,MAAM,MAAM,GAAG,MAAM,sBAAsB,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;IAC/D,OAAO,MAAM,KAAK,IAAI,CAAC;AACzB,CAAC,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAAG,KAAK,EACzC,SAAiB,EACjB,MAAe,EACc,EAAE;IAC/B,IAAI,CAAC;QACH,mCAAmC;QACnC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,SAAS,EAAE;YACtC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC;SACzB,CAAC,CAAC;QAEH,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC5B,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;YACzD,IAAI,OAAO,EAAE,CAAC;gBACZ,qEAAqE;gBACrE,MAAM,aAAa,GAAG,OAAO,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;gBACxD,IAAI,aAAa,EAAE,CAAC;oBAClB,MAAM,gBAAgB,GAAG,MAAM,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC;oBACvD,IAAI,gBAAgB,CAAC,EAAE,EAAE,CAAC;wBACxB,MAAM,QAAQ,GAAG,CAAC,MAAM,gBAAgB,CAAC,IAAI,EAAE,CAAQ,CAAC;wBACxD,IAAI,QAAQ,CAAC,qBAAqB,EAAE,MAAM,GAAG,CAAC,EAAE,CAAC;4BAC/C,OAAO,MAAM,qBAAqB,CAAC,QAAQ,CAAC,qBAAqB,CAAC,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC;wBAChF,CAAC;oBACH,CAAC;gBACH,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,MAAM,EAAE,CAAC;QAChB,mCAAmC;IACrC,CAAC;IAED,8BAA8B;IAC9B,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC;IAC/B,MAAM,OAAO,GAAG,GAAG,GAAG,CAAC,QAAQ,KAAK,GAAG,CAAC,IAAI,EAAE,CAAC;IAE/C,OAAO,MAAM,qBAAqB,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;AACtD,CAAC,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,4BAA4B,GAAG,KAAK,EAC/C,IAAa,EACb,KAAY,EACZ,MAAe,EACG,EAAE;IACpB,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC;IAE7C,mFAAmF;IACnF,IAAI,iBAAiB,GAAG,KAAK,CAAC;IAC9B,IAAI,CAAC;QACH,iBAAiB,GAAG,MAAM,sBAAsB,CAAC,SAAS,CAAC,CAAC;QAC5D,IAAI,iBAAiB,EAAE,CAAC;YACtB,MAAM,EAAE,IAAI,CACV,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,SAAS,EAAE,EAC9B,yDAAyD,CAC1D,CAAC;YACF,OAAO,IAAI,CAAC,CAAC,kDAAkD;QACjE,CAAC;IACH,CAAC;IAAC,OAAO,cAAc,EAAE,CAAC;QACxB,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,cAAc,EAAE,EAAE,iCAAiC,CAAC,CAAC;IACxF,CAAC;IAED,+DAA+D;IAC/D,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,SAAS,EAAE;YACtC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;YAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,OAAO,EAAE,KAAK;gBACd,MAAM,EAAE,YAAY;gBACpB,EAAE,EAAE,CAAC;gBACL,MAAM,EAAE,EAAE,eAAe,EAAE,YAAY,EAAE,YAAY,EAAE,EAAE,EAAE;aAC5D,CAAC;SACH,CAAC,CAAC;QAEH,4DAA4D;QAC5D,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC5B,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;YACzD,8EAA8E;YAC9E,IACE,OAAO;gBACP,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC;oBACvC,OAAO,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,OAAO,CAAC;oBACvC,OAAO,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,mBAAmB,CAAC,CAAC,EACtD,CAAC;gBACD,MAAM,EAAE,IAAI,CACV,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,OAAO,EAAE,EAC5B,2DAA2D,CAC5D,CAAC;gBACF,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,UAAU,EAAE,CAAC;QACpB,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,UAAU,EAAE,EAAE,0CAA0C,CAAC,CAAC;IAC7F,CAAC;IAED,mEAAmE;IACnE,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,KAAK,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,cAAc,CAAC,EAAE,CAAC;QAC1F,IAAI,iBAAiB,EAAE,CAAC;YACtB,MAAM,EAAE,IAAI,CACV,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,KAAK,EAAE,KAAK,CAAC,OAAO,EAAE,EACzC,sDAAsD,CACvD,CAAC;YACF,OAAO,IAAI,CAAC,CAAC,yDAAyD;QACxE,CAAC;IACH,CAAC;IAED,0DAA0D;IAC1D,0EAA0E;IAC1E,MAAM,EAAE,KAAK,CACX,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,KAAK,EAAE,KAAK,CAAC,OAAO,EAAE,EACzC,8CAA8C,CAC/C,CAAC;IACF,OAAO,KAAK,CAAC;AACf,CAAC,CAAC"}

package/dist/utils/credential-store-utils.d.ts

@@ -1,11 +0,0 @@
-/**
- * Get a lookup key for a credential store from retrieval params
- * @param retrievalParams - The retrieval params for the credential store
- * @param credentialStoreType - The type of credential store
- * @returns A lookup key for the credential store, used to call <CredentialStore>.get()
- */
-export declare function getCredentialStoreLookupKeyFromRetrievalParams({ retrievalParams, credentialStoreType, }: {
-    retrievalParams: Record<string, unknown>;
-    credentialStoreType: string;
-}): string | null;
-//# sourceMappingURL=credential-store-utils.d.ts.map

package/dist/utils/credential-store-utils.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"credential-store-utils.d.ts","sourceRoot":"","sources":["../../src/utils/credential-store-utils.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,wBAAgB,8CAA8C,CAAC,EAC7D,eAAe,EACf,mBAAmB,GACpB,EAAE;IACD,eAAe,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACzC,mBAAmB,EAAE,MAAM,CAAC;CAC7B,GAAG,MAAM,GAAG,IAAI,CAahB"}

package/dist/utils/credential-store-utils.js

@@ -1,19 +0,0 @@
-/**
- * Get a lookup key for a credential store from retrieval params
- * @param retrievalParams - The retrieval params for the credential store
- * @param credentialStoreType - The type of credential store
- * @returns A lookup key for the credential store, used to call <CredentialStore>.get()
- */
-export function getCredentialStoreLookupKeyFromRetrievalParams({ retrievalParams, credentialStoreType, }) {
-    if (retrievalParams.key) {
-        return retrievalParams.key;
-    }
-    if (credentialStoreType === 'nango') {
-        return JSON.stringify({
-            connectionId: retrievalParams.connectionId,
-            providerConfigKey: retrievalParams.providerConfigKey,
-        });
-    }
-    return null;
-}
-//# sourceMappingURL=credential-store-utils.js.map

package/dist/utils/credential-store-utils.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"credential-store-utils.js","sourceRoot":"","sources":["../../src/utils/credential-store-utils.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,MAAM,UAAU,8CAA8C,CAAC,EAC7D,eAAe,EACf,mBAAmB,GAIpB;IACC,IAAI,eAAe,CAAC,GAAG,EAAE,CAAC;QACxB,OAAO,eAAe,CAAC,GAAa,CAAC;IACvC,CAAC;IAED,IAAI,mBAAmB,KAAK,OAAO,EAAE,CAAC;QACpC,OAAO,IAAI,CAAC,SAAS,CAAC;YACpB,YAAY,EAAE,eAAe,CAAC,YAAY;YAC1C,iBAAiB,EAAE,eAAe,CAAC,iBAAiB;SACrD,CAAC,CAAC;IACL,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC"}