@inkeep/agents-core 0.22.12 → 0.23.1

package/dist/{signoz-queries-Bqpkx5sK.d.cts → auth-detection-BO8bSpe4.d.cts}

@@ -1,3 +1,5 @@
+import { LoggerOptions, TransportSingleOptions, Logger } from 'pino';
+
 declare const DELEGATION_FROM_SUB_AGENT_ID = "delegation.from_sub_agent_id";
 declare const DELEGATION_TO_SUB_AGENT_ID = "delegation.to_sub_agent_id";
 declare const DELEGATION_ID = "delegation.id";
@@ -276,4 +278,159 @@ declare const QUERY_DEFAULTS: {
     readonly EMPTY_GROUP_BY: readonly [];
 };
 
-export { AI_OPERATIONS as A, DELEGATION_FROM_SUB_AGENT_ID as D, FIELD_TYPES as F, OPERATORS as O, PANEL_TYPES as P, QUERY_FIELD_CONFIGS as Q, REDUCE_OPERATIONS as R, SPAN_NAMES as S, TRANSFER_FROM_SUB_AGENT_ID as T, UNKNOWN_VALUE as U, DELEGATION_TO_SUB_AGENT_ID as a, DELEGATION_ID as b, TRANSFER_TO_SUB_AGENT_ID as c, SPAN_KEYS as d, ACTIVITY_TYPES as e, ACTIVITY_STATUS as f, AGENT_IDS as g, ACTIVITY_NAMES as h, AI_TOOL_TYPES as i, DATA_TYPES as j, QUERY_EXPRESSIONS as k, ORDER_DIRECTIONS as l, QUERY_TYPES as m, DATA_SOURCES as n, AGGREGATE_OPERATORS as o, QUERY_DEFAULTS as p };
+/**
+ * Configuration options for PinoLogger
+ */
+interface PinoLoggerConfig {
+    /** Pino logger options */
+    options?: LoggerOptions;
+    /** Pino transport configuration */
+    transportConfigs?: TransportSingleOptions[];
+}
+/**
+ * Pino logger implementation with transport customization support
+ */
+declare class PinoLogger {
+    private name;
+    private transportConfigs;
+    private pinoInstance;
+    private options;
+    constructor(name: string, config?: PinoLoggerConfig);
+    /**
+     * Recreate the pino instance with current transports
+     */
+    private recreateInstance;
+    /**
+     * Add a new transport to the logger
+     */
+    addTransport(transportConfig: TransportSingleOptions): void;
+    /**
+     * Remove a transport by index
+     */
+    removeTransport(index: number): void;
+    /**
+     * Get current transports
+     */
+    getTransports(): TransportSingleOptions[];
+    /**
+     * Update logger options
+     */
+    updateOptions(options: Partial<LoggerOptions>): void;
+    /**
+     * Get the underlying pino instance for advanced usage
+     */
+    getPinoInstance(): Logger;
+    error(data: any, message: string): void;
+    warn(data: any, message: string): void;
+    info(data: any, message: string): void;
+    debug(data: any, message: string): void;
+}
+/**
+ * Logger factory configuration
+ */
+interface LoggerFactoryConfig {
+    defaultLogger?: PinoLogger;
+    loggerFactory?: (name: string) => PinoLogger;
+    /** Configuration for creating PinoLogger instances when using createPinoLoggerFactory */
+    pinoConfig?: PinoLoggerConfig;
+}
+/**
+ * Global logger factory singleton
+ */
+declare class LoggerFactory {
+    private config;
+    private loggers;
+    /**
+     * Configure the logger factory
+     */
+    configure(config: LoggerFactoryConfig): void;
+    /**
+     * Get or create a logger instance
+     */
+    getLogger(name: string): PinoLogger;
+    /**
+     * Reset factory to default state
+     */
+    reset(): void;
+}
+declare const loggerFactory: LoggerFactory;
+/**
+ * Convenience function to get a logger
+ */
+declare function getLogger(name: string): PinoLogger;
+
+/**
+ * Centralized authentication detection utilities for MCP tools
+ * Uses proper MCP OAuth specification (RFC 9728 + RFC 8414) for discovery
+ */
+
+/**
+ * OAuth configuration interface
+ */
+interface OAuthConfig {
+    authorizationUrl: string;
+    tokenUrl: string;
+    registrationUrl?: string;
+    supportsDynamicRegistration: boolean;
+    scopes?: string;
+}
+/**
+ * MCP OAuth flow initiation result
+ */
+interface McpOAuthFlowResult {
+    authorizationUrl: string;
+    codeVerifier: string;
+    state: string;
+    clientInformation: any;
+    scopes?: string;
+    metadata: any;
+    resourceUrl?: string;
+}
+/**
+ * MCP OAuth token exchange result
+ */
+interface McpTokenExchangeResult {
+    access_token: string;
+    refresh_token?: string;
+    expires_at?: Date;
+    token_type: string;
+    scope?: string;
+}
+/**
+ * Initiate MCP OAuth flow using the official MCP SDK
+ */
+declare function initiateMcpOAuthFlow({ mcpServerUrl, redirectUri, state, clientName, clientUri, logoUri, defaultClientId, logger, }: {
+    mcpServerUrl: string;
+    redirectUri: string;
+    state: string;
+    clientName?: string;
+    clientUri?: string;
+    logoUri?: string;
+    defaultClientId?: string;
+    logger?: PinoLogger;
+}): Promise<McpOAuthFlowResult>;
+/**
+ * Exchange authorization code for tokens using MCP SDK
+ */
+declare function exchangeMcpAuthorizationCode({ mcpServerUrl, metadata, clientInformation, authorizationCode, codeVerifier, redirectUri, resourceUrl, logger, }: {
+    mcpServerUrl: string;
+    metadata: any;
+    clientInformation: any;
+    authorizationCode: string;
+    codeVerifier: string;
+    redirectUri: string;
+    resourceUrl?: string;
+    logger?: PinoLogger;
+}): Promise<McpTokenExchangeResult>;
+/**
+ * Detect if MCP OAuth authentication is specifically required for a tool
+ * Uses proper MCP OAuth specification discovery methods
+ */
+declare const detectAuthenticationRequired: ({ serverUrl, toolId, error, logger, }: {
+    serverUrl: string;
+    toolId: string;
+    error?: Error;
+    logger?: PinoLogger;
+}) => Promise<boolean>;
+
+export { AI_OPERATIONS as A, DELEGATION_FROM_SUB_AGENT_ID as D, FIELD_TYPES as F, type LoggerFactoryConfig as L, type McpOAuthFlowResult as M, OPERATORS as O, PANEL_TYPES as P, QUERY_FIELD_CONFIGS as Q, REDUCE_OPERATIONS as R, SPAN_NAMES as S, TRANSFER_FROM_SUB_AGENT_ID as T, UNKNOWN_VALUE as U, DELEGATION_TO_SUB_AGENT_ID as a, DELEGATION_ID as b, TRANSFER_TO_SUB_AGENT_ID as c, detectAuthenticationRequired as d, SPAN_KEYS as e, ACTIVITY_TYPES as f, ACTIVITY_STATUS as g, AGENT_IDS as h, ACTIVITY_NAMES as i, AI_TOOL_TYPES as j, DATA_TYPES as k, QUERY_EXPRESSIONS as l, ORDER_DIRECTIONS as m, QUERY_TYPES as n, DATA_SOURCES as o, AGGREGATE_OPERATORS as p, QUERY_DEFAULTS as q, PinoLogger as r, getLogger as s, type OAuthConfig as t, type McpTokenExchangeResult as u, initiateMcpOAuthFlow as v, exchangeMcpAuthorizationCode as w, type PinoLoggerConfig as x, loggerFactory as y };

package/dist/{signoz-queries-Bqpkx5sK.d.ts → auth-detection-BO8bSpe4.d.ts}

@@ -1,3 +1,5 @@
+import { LoggerOptions, TransportSingleOptions, Logger } from 'pino';
+
 declare const DELEGATION_FROM_SUB_AGENT_ID = "delegation.from_sub_agent_id";
 declare const DELEGATION_TO_SUB_AGENT_ID = "delegation.to_sub_agent_id";
 declare const DELEGATION_ID = "delegation.id";
@@ -276,4 +278,159 @@ declare const QUERY_DEFAULTS: {
     readonly EMPTY_GROUP_BY: readonly [];
 };
 
-export { AI_OPERATIONS as A, DELEGATION_FROM_SUB_AGENT_ID as D, FIELD_TYPES as F, OPERATORS as O, PANEL_TYPES as P, QUERY_FIELD_CONFIGS as Q, REDUCE_OPERATIONS as R, SPAN_NAMES as S, TRANSFER_FROM_SUB_AGENT_ID as T, UNKNOWN_VALUE as U, DELEGATION_TO_SUB_AGENT_ID as a, DELEGATION_ID as b, TRANSFER_TO_SUB_AGENT_ID as c, SPAN_KEYS as d, ACTIVITY_TYPES as e, ACTIVITY_STATUS as f, AGENT_IDS as g, ACTIVITY_NAMES as h, AI_TOOL_TYPES as i, DATA_TYPES as j, QUERY_EXPRESSIONS as k, ORDER_DIRECTIONS as l, QUERY_TYPES as m, DATA_SOURCES as n, AGGREGATE_OPERATORS as o, QUERY_DEFAULTS as p };
+/**
+ * Configuration options for PinoLogger
+ */
+interface PinoLoggerConfig {
+    /** Pino logger options */
+    options?: LoggerOptions;
+    /** Pino transport configuration */
+    transportConfigs?: TransportSingleOptions[];
+}
+/**
+ * Pino logger implementation with transport customization support
+ */
+declare class PinoLogger {
+    private name;
+    private transportConfigs;
+    private pinoInstance;
+    private options;
+    constructor(name: string, config?: PinoLoggerConfig);
+    /**
+     * Recreate the pino instance with current transports
+     */
+    private recreateInstance;
+    /**
+     * Add a new transport to the logger
+     */
+    addTransport(transportConfig: TransportSingleOptions): void;
+    /**
+     * Remove a transport by index
+     */
+    removeTransport(index: number): void;
+    /**
+     * Get current transports
+     */
+    getTransports(): TransportSingleOptions[];
+    /**
+     * Update logger options
+     */
+    updateOptions(options: Partial<LoggerOptions>): void;
+    /**
+     * Get the underlying pino instance for advanced usage
+     */
+    getPinoInstance(): Logger;
+    error(data: any, message: string): void;
+    warn(data: any, message: string): void;
+    info(data: any, message: string): void;
+    debug(data: any, message: string): void;
+}
+/**
+ * Logger factory configuration
+ */
+interface LoggerFactoryConfig {
+    defaultLogger?: PinoLogger;
+    loggerFactory?: (name: string) => PinoLogger;
+    /** Configuration for creating PinoLogger instances when using createPinoLoggerFactory */
+    pinoConfig?: PinoLoggerConfig;
+}
+/**
+ * Global logger factory singleton
+ */
+declare class LoggerFactory {
+    private config;
+    private loggers;
+    /**
+     * Configure the logger factory
+     */
+    configure(config: LoggerFactoryConfig): void;
+    /**
+     * Get or create a logger instance
+     */
+    getLogger(name: string): PinoLogger;
+    /**
+     * Reset factory to default state
+     */
+    reset(): void;
+}
+declare const loggerFactory: LoggerFactory;
+/**
+ * Convenience function to get a logger
+ */
+declare function getLogger(name: string): PinoLogger;
+
+/**
+ * Centralized authentication detection utilities for MCP tools
+ * Uses proper MCP OAuth specification (RFC 9728 + RFC 8414) for discovery
+ */
+
+/**
+ * OAuth configuration interface
+ */
+interface OAuthConfig {
+    authorizationUrl: string;
+    tokenUrl: string;
+    registrationUrl?: string;
+    supportsDynamicRegistration: boolean;
+    scopes?: string;
+}
+/**
+ * MCP OAuth flow initiation result
+ */
+interface McpOAuthFlowResult {
+    authorizationUrl: string;
+    codeVerifier: string;
+    state: string;
+    clientInformation: any;
+    scopes?: string;
+    metadata: any;
+    resourceUrl?: string;
+}
+/**
+ * MCP OAuth token exchange result
+ */
+interface McpTokenExchangeResult {
+    access_token: string;
+    refresh_token?: string;
+    expires_at?: Date;
+    token_type: string;
+    scope?: string;
+}
+/**
+ * Initiate MCP OAuth flow using the official MCP SDK
+ */
+declare function initiateMcpOAuthFlow({ mcpServerUrl, redirectUri, state, clientName, clientUri, logoUri, defaultClientId, logger, }: {
+    mcpServerUrl: string;
+    redirectUri: string;
+    state: string;
+    clientName?: string;
+    clientUri?: string;
+    logoUri?: string;
+    defaultClientId?: string;
+    logger?: PinoLogger;
+}): Promise<McpOAuthFlowResult>;
+/**
+ * Exchange authorization code for tokens using MCP SDK
+ */
+declare function exchangeMcpAuthorizationCode({ mcpServerUrl, metadata, clientInformation, authorizationCode, codeVerifier, redirectUri, resourceUrl, logger, }: {
+    mcpServerUrl: string;
+    metadata: any;
+    clientInformation: any;
+    authorizationCode: string;
+    codeVerifier: string;
+    redirectUri: string;
+    resourceUrl?: string;
+    logger?: PinoLogger;
+}): Promise<McpTokenExchangeResult>;
+/**
+ * Detect if MCP OAuth authentication is specifically required for a tool
+ * Uses proper MCP OAuth specification discovery methods
+ */
+declare const detectAuthenticationRequired: ({ serverUrl, toolId, error, logger, }: {
+    serverUrl: string;
+    toolId: string;
+    error?: Error;
+    logger?: PinoLogger;
+}) => Promise<boolean>;
+
+export { AI_OPERATIONS as A, DELEGATION_FROM_SUB_AGENT_ID as D, FIELD_TYPES as F, type LoggerFactoryConfig as L, type McpOAuthFlowResult as M, OPERATORS as O, PANEL_TYPES as P, QUERY_FIELD_CONFIGS as Q, REDUCE_OPERATIONS as R, SPAN_NAMES as S, TRANSFER_FROM_SUB_AGENT_ID as T, UNKNOWN_VALUE as U, DELEGATION_TO_SUB_AGENT_ID as a, DELEGATION_ID as b, TRANSFER_TO_SUB_AGENT_ID as c, detectAuthenticationRequired as d, SPAN_KEYS as e, ACTIVITY_TYPES as f, ACTIVITY_STATUS as g, AGENT_IDS as h, ACTIVITY_NAMES as i, AI_TOOL_TYPES as j, DATA_TYPES as k, QUERY_EXPRESSIONS as l, ORDER_DIRECTIONS as m, QUERY_TYPES as n, DATA_SOURCES as o, AGGREGATE_OPERATORS as p, QUERY_DEFAULTS as q, PinoLogger as r, getLogger as s, type OAuthConfig as t, type McpTokenExchangeResult as u, initiateMcpOAuthFlow as v, exchangeMcpAuthorizationCode as w, type PinoLoggerConfig as x, loggerFactory as y };

package/dist/{chunk-QFIITHNT.js → chunk-5GAUAB2P.js}

@@ -1,3 +1,5 @@
+import { registerClient, startAuthorization, exchangeAuthorization, discoverOAuthProtectedResourceMetadata, discoverAuthorizationServerMetadata } from '@modelcontextprotocol/sdk/client/auth.js';
+
 // src/constants/otel-attributes.ts
 var DELEGATION_FROM_SUB_AGENT_ID = "delegation.from_sub_agent_id";
 var DELEGATION_TO_SUB_AGENT_ID = "delegation.to_sub_agent_id";
@@ -279,5 +281,166 @@ var QUERY_DEFAULTS = {
   LIMIT_1000: 1e3,
   EMPTY_GROUP_BY: []
 };
+function discoverScopes(resourceMetadata, metadata) {
+  const resourceScopes = resourceMetadata?.scopes_supported;
+  const oauthScopes = metadata?.scopes_supported;
+  const scopes = (resourceScopes?.length ? resourceScopes : oauthScopes) || [];
+  return scopes.length > 0 ? scopes.join(" ") : void 0;
+}
+async function discoverMcpMetadata(mcpServerUrl, logger) {
+  try {
+    let resourceMetadata = null;
+    let authServerUrl = new URL(mcpServerUrl);
+    try {
+      resourceMetadata = await discoverOAuthProtectedResourceMetadata(mcpServerUrl);
+      if (resourceMetadata?.authorization_servers?.length && resourceMetadata.authorization_servers[0]) {
+        authServerUrl = new URL(resourceMetadata.authorization_servers[0]);
+      }
+    } catch {
+    }
+    const metadata = await discoverAuthorizationServerMetadata(authServerUrl);
+    if (!metadata) {
+      throw new Error("Failed to discover OAuth authorization server metadata");
+    }
+    logger?.debug(
+      {
+        tokenEndpoint: metadata.token_endpoint,
+        authEndpoint: metadata.authorization_endpoint
+      },
+      "MCP metadata discovery successful"
+    );
+    const discoveredScopes = discoverScopes(resourceMetadata ?? void 0, metadata);
+    return {
+      success: true,
+      metadata,
+      ...resourceMetadata && { resourceMetadata },
+      ...discoveredScopes && { scopes: discoveredScopes }
+    };
+  } catch (err) {
+    const errorMessage = err instanceof Error ? err.message : String(err);
+    logger?.debug({ error: errorMessage }, "MCP metadata discovery failed");
+    return { success: false, error: errorMessage };
+  }
+}
+async function initiateMcpOAuthFlow({
+  mcpServerUrl,
+  redirectUri,
+  state,
+  clientName = "Inkeep Agent Framework",
+  clientUri = "https://inkeep.com",
+  logoUri,
+  defaultClientId = "mcp-client",
+  logger
+}) {
+  const discoveryResult = await discoverMcpMetadata(mcpServerUrl, logger);
+  if (!discoveryResult.success || !discoveryResult.metadata) {
+    throw new Error(`OAuth not supported by this server: ${discoveryResult.error}`);
+  }
+  const { metadata, resourceMetadata, scopes: discoveredScopes } = discoveryResult;
+  const clientMetadata = {
+    redirect_uris: [redirectUri],
+    token_endpoint_auth_method: "none",
+    // PKCE - no client secret
+    grant_types: ["authorization_code", "refresh_token"],
+    response_types: ["code"],
+    client_name: clientName,
+    client_uri: clientUri,
+    ...logoUri && { logo_uri: logoUri }
+  };
+  let clientInformation;
+  if (metadata.registration_endpoint) {
+    clientInformation = await registerClient(mcpServerUrl, {
+      metadata,
+      clientMetadata
+    });
+  } else {
+    clientInformation = {
+      client_id: defaultClientId,
+      ...clientMetadata
+    };
+  }
+  const resource = resourceMetadata?.resource ? new URL(resourceMetadata.resource) : void 0;
+  const authResult = await startAuthorization(mcpServerUrl, {
+    metadata,
+    clientInformation,
+    redirectUrl: redirectUri,
+    state,
+    scope: discoveredScopes || "",
+    ...resource && { resource }
+  });
+  logger?.debug(
+    {
+      authorizationUrl: authResult.authorizationUrl.href,
+      scopes: discoveredScopes,
+      clientId: clientInformation.client_id
+    },
+    "MCP OAuth flow initiated successfully"
+  );
+  return {
+    authorizationUrl: authResult.authorizationUrl.href,
+    codeVerifier: authResult.codeVerifier,
+    state,
+    clientInformation,
+    metadata,
+    resourceUrl: resource?.href || void 0,
+    ...discoveredScopes && { scopes: discoveredScopes }
+  };
+}
+async function exchangeMcpAuthorizationCode({
+  mcpServerUrl,
+  metadata,
+  clientInformation,
+  authorizationCode,
+  codeVerifier,
+  redirectUri,
+  resourceUrl,
+  logger
+}) {
+  const resource = resourceUrl ? new URL(resourceUrl) : void 0;
+  const tokens = await exchangeAuthorization(mcpServerUrl, {
+    metadata,
+    clientInformation,
+    authorizationCode,
+    codeVerifier,
+    redirectUri,
+    ...resource && { resource }
+  });
+  logger?.debug(
+    {
+      tokenType: tokens.token_type,
+      hasRefreshToken: !!tokens.refresh_token,
+      expiresIn: tokens.expires_in
+    },
+    "MCP token exchange successful"
+  );
+  return {
+    access_token: tokens.access_token,
+    refresh_token: tokens.refresh_token,
+    expires_at: tokens.expires_in ? new Date(Date.now() + tokens.expires_in * 1e3) : void 0,
+    token_type: tokens.token_type || "Bearer",
+    scope: tokens.scope
+  };
+}
+var detectAuthenticationRequired = async ({
+  serverUrl,
+  toolId,
+  error,
+  logger
+}) => {
+  try {
+    const discoveryResult = await discoverMcpMetadata(serverUrl, logger);
+    if (discoveryResult.success && discoveryResult.metadata) {
+      logger?.info({ toolId, serverUrl }, "MCP OAuth support confirmed via metadata discovery");
+      return true;
+    }
+  } catch (discoveryError) {
+    logger?.debug({ toolId, discoveryError }, "MCP OAuth metadata discovery failed");
+  }
+  logger?.debug(
+    { toolId, error: error?.message },
+    "No MCP OAuth authentication requirement detected"
+  );
+  return false;
+};
 
-export { ACTIVITY_NAMES, ACTIVITY_STATUS, ACTIVITY_TYPES, AGENT_IDS, AGGREGATE_OPERATORS, AI_OPERATIONS, AI_TOOL_TYPES, DATA_SOURCES, DATA_TYPES, DELEGATION_FROM_SUB_AGENT_ID, DELEGATION_ID, DELEGATION_TO_SUB_AGENT_ID, FIELD_TYPES, OPERATORS, ORDER_DIRECTIONS, PANEL_TYPES, QUERY_DEFAULTS, QUERY_EXPRESSIONS, QUERY_FIELD_CONFIGS, QUERY_TYPES, REDUCE_OPERATIONS, SPAN_KEYS, SPAN_NAMES, TRANSFER_FROM_SUB_AGENT_ID, TRANSFER_TO_SUB_AGENT_ID, UNKNOWN_VALUE };
+export { ACTIVITY_NAMES, ACTIVITY_STATUS, ACTIVITY_TYPES, AGENT_IDS, AGGREGATE_OPERATORS, AI_OPERATIONS, AI_TOOL_TYPES, DATA_SOURCES, DATA_TYPES, DELEGATION_FROM_SUB_AGENT_ID, DELEGATION_ID, DELEGATION_TO_SUB_AGENT_ID, FIELD_TYPES, OPERATORS, ORDER_DIRECTIONS, PANEL_TYPES, QUERY_DEFAULTS, QUERY_EXPRESSIONS, QUERY_FIELD_CONFIGS, QUERY_TYPES, REDUCE_OPERATIONS, SPAN_KEYS, SPAN_NAMES, TRANSFER_FROM_SUB_AGENT_ID, TRANSFER_TO_SUB_AGENT_ID, UNKNOWN_VALUE, detectAuthenticationRequired, exchangeMcpAuthorizationCode, initiateMcpOAuthFlow };

package/dist/{chunk-NLZO4BB6.js → chunk-AN3YZP42.js}

@@ -1,4 +1,4 @@
-import { AgentWithinContextOfProjectSchema, resourceIdSchema, MAX_ID_LENGTH } from './chunk-4SE2FOJY.js';
+import { AgentWithinContextOfProjectSchema, resourceIdSchema, MAX_ID_LENGTH } from './chunk-HN77JIDP.js';
 import { z } from 'zod';
 
 // src/validation/agentFull.ts

package/dist/{chunk-4SE2FOJY.js → chunk-HN77JIDP.js}

@@ -389,7 +389,8 @@ var McpToolSchema = ToolInsertSchema.extend({
   status: ToolStatusSchema.default("unknown"),
   version: z.string().optional(),
   createdAt: z.date(),
-  updatedAt: z.date()
+  updatedAt: z.date(),
+  expiresAt: z.date().optional()
 });
 var MCPToolConfigSchema = McpToolSchema.omit({
   config: true,

package/dist/client-exports.cjs

@@ -6,6 +6,7 @@ var drizzleZod = require('drizzle-zod');
 var drizzleOrm = require('drizzle-orm');
 var sqliteCore = require('drizzle-orm/sqlite-core');
 var Ajv = require('ajv');
+var auth_js = require('@modelcontextprotocol/sdk/client/auth.js');
 
 function _interopDefault (e) { return e && e.__esModule ? e : { default: e }; }
 
@@ -1251,7 +1252,8 @@ var McpToolSchema = ToolInsertSchema.extend({
   status: ToolStatusSchema.default("unknown"),
   version: zodOpenapi.z.string().optional(),
   createdAt: zodOpenapi.z.date(),
-  updatedAt: zodOpenapi.z.date()
+  updatedAt: zodOpenapi.z.date(),
+  expiresAt: zodOpenapi.z.date().optional()
 });
 McpToolSchema.omit({
   config: true,
@@ -1997,6 +1999,68 @@ var QUERY_DEFAULTS = {
   LIMIT_1000: 1e3,
   EMPTY_GROUP_BY: []
 };
+function discoverScopes(resourceMetadata, metadata) {
+  const resourceScopes = resourceMetadata?.scopes_supported;
+  const oauthScopes = metadata?.scopes_supported;
+  const scopes = (resourceScopes?.length ? resourceScopes : oauthScopes) || [];
+  return scopes.length > 0 ? scopes.join(" ") : void 0;
+}
+async function discoverMcpMetadata(mcpServerUrl, logger) {
+  try {
+    let resourceMetadata = null;
+    let authServerUrl = new URL(mcpServerUrl);
+    try {
+      resourceMetadata = await auth_js.discoverOAuthProtectedResourceMetadata(mcpServerUrl);
+      if (resourceMetadata?.authorization_servers?.length && resourceMetadata.authorization_servers[0]) {
+        authServerUrl = new URL(resourceMetadata.authorization_servers[0]);
+      }
+    } catch {
+    }
+    const metadata = await auth_js.discoverAuthorizationServerMetadata(authServerUrl);
+    if (!metadata) {
+      throw new Error("Failed to discover OAuth authorization server metadata");
+    }
+    logger?.debug(
+      {
+        tokenEndpoint: metadata.token_endpoint,
+        authEndpoint: metadata.authorization_endpoint
+      },
+      "MCP metadata discovery successful"
+    );
+    const discoveredScopes = discoverScopes(resourceMetadata ?? void 0, metadata);
+    return {
+      success: true,
+      metadata,
+      ...resourceMetadata && { resourceMetadata },
+      ...discoveredScopes && { scopes: discoveredScopes }
+    };
+  } catch (err) {
+    const errorMessage = err instanceof Error ? err.message : String(err);
+    logger?.debug({ error: errorMessage }, "MCP metadata discovery failed");
+    return { success: false, error: errorMessage };
+  }
+}
+var detectAuthenticationRequired = async ({
+  serverUrl,
+  toolId,
+  error,
+  logger
+}) => {
+  try {
+    const discoveryResult = await discoverMcpMetadata(serverUrl, logger);
+    if (discoveryResult.success && discoveryResult.metadata) {
+      logger?.info({ toolId, serverUrl }, "MCP OAuth support confirmed via metadata discovery");
+      return true;
+    }
+  } catch (discoveryError) {
+    logger?.debug({ toolId, discoveryError }, "MCP OAuth metadata discovery failed");
+  }
+  logger?.debug(
+    { toolId, error: error?.message },
+    "No MCP OAuth authentication requirement detected"
+  );
+  return false;
+};
 
 // src/client-exports.ts
 var TenantParamsSchema2 = zod.z.object({
@@ -2221,6 +2285,7 @@ exports.TenantProjectParamsSchema = TenantProjectParamsSchema2;
 exports.ToolApiInsertSchema = ToolApiInsertSchema2;
 exports.UNKNOWN_VALUE = UNKNOWN_VALUE;
 exports.URL_SAFE_ID_PATTERN = URL_SAFE_ID_PATTERN2;
+exports.detectAuthenticationRequired = detectAuthenticationRequired;
 exports.generateIdFromName = generateIdFromName;
 exports.resourceIdSchema = resourceIdSchema2;
 exports.validatePropsAsJsonSchema = validatePropsAsJsonSchema;

package/dist/client-exports.d.cts

@@ -1,8 +1,9 @@
-export { h as ACTIVITY_NAMES, f as ACTIVITY_STATUS, e as ACTIVITY_TYPES, g as AGENT_IDS, o as AGGREGATE_OPERATORS, A as AI_OPERATIONS, i as AI_TOOL_TYPES, n as DATA_SOURCES, j as DATA_TYPES, D as DELEGATION_FROM_SUB_AGENT_ID, b as DELEGATION_ID, a as DELEGATION_TO_SUB_AGENT_ID, F as FIELD_TYPES, O as OPERATORS, l as ORDER_DIRECTIONS, P as PANEL_TYPES, p as QUERY_DEFAULTS, k as QUERY_EXPRESSIONS, Q as QUERY_FIELD_CONFIGS, m as QUERY_TYPES, R as REDUCE_OPERATIONS, d as SPAN_KEYS, S as SPAN_NAMES, T as TRANSFER_FROM_SUB_AGENT_ID, c as TRANSFER_TO_SUB_AGENT_ID, U as UNKNOWN_VALUE } from './signoz-queries-Bqpkx5sK.cjs';
+export { i as ACTIVITY_NAMES, g as ACTIVITY_STATUS, f as ACTIVITY_TYPES, h as AGENT_IDS, p as AGGREGATE_OPERATORS, A as AI_OPERATIONS, j as AI_TOOL_TYPES, o as DATA_SOURCES, k as DATA_TYPES, D as DELEGATION_FROM_SUB_AGENT_ID, b as DELEGATION_ID, a as DELEGATION_TO_SUB_AGENT_ID, F as FIELD_TYPES, O as OPERATORS, m as ORDER_DIRECTIONS, P as PANEL_TYPES, q as QUERY_DEFAULTS, l as QUERY_EXPRESSIONS, Q as QUERY_FIELD_CONFIGS, n as QUERY_TYPES, R as REDUCE_OPERATIONS, e as SPAN_KEYS, S as SPAN_NAMES, T as TRANSFER_FROM_SUB_AGENT_ID, c as TRANSFER_TO_SUB_AGENT_ID, U as UNKNOWN_VALUE, d as detectAuthenticationRequired } from './auth-detection-BO8bSpe4.cjs';
 import { z } from 'zod';
-import { C as ConversationHistoryConfig, F as FunctionApiInsertSchema, A as ApiKeyApiUpdateSchema, a as FullAgentAgentInsertSchema } from './utility-usOTNbMG.cjs';
-export { e as AgentStopWhen, b as AgentStopWhenSchema, h as CredentialStoreType, j as FunctionApiSelectSchema, k as FunctionApiUpdateSchema, i as MCPTransportType, g as ModelSettings, M as ModelSettingsSchema, d as StopWhen, S as StopWhenSchema, f as SubAgentStopWhen, c as SubAgentStopWhenSchema } from './utility-usOTNbMG.cjs';
+import { C as ConversationHistoryConfig, F as FunctionApiInsertSchema, A as ApiKeyApiUpdateSchema, a as FullAgentAgentInsertSchema } from './utility-mGrlR4Ta.cjs';
+export { e as AgentStopWhen, b as AgentStopWhenSchema, h as CredentialStoreType, j as FunctionApiSelectSchema, k as FunctionApiUpdateSchema, i as MCPTransportType, g as ModelSettings, M as ModelSettingsSchema, d as StopWhen, S as StopWhenSchema, f as SubAgentStopWhen, c as SubAgentStopWhenSchema } from './utility-mGrlR4Ta.cjs';
 export { v as validatePropsAsJsonSchema } from './props-validation-BMR1qNiy.cjs';
+import 'pino';
 import 'drizzle-zod';
 import 'drizzle-orm/sqlite-core';
 import '@hono/zod-openapi';

package/dist/client-exports.d.ts

@@ -1,8 +1,9 @@
-export { h as ACTIVITY_NAMES, f as ACTIVITY_STATUS, e as ACTIVITY_TYPES, g as AGENT_IDS, o as AGGREGATE_OPERATORS, A as AI_OPERATIONS, i as AI_TOOL_TYPES, n as DATA_SOURCES, j as DATA_TYPES, D as DELEGATION_FROM_SUB_AGENT_ID, b as DELEGATION_ID, a as DELEGATION_TO_SUB_AGENT_ID, F as FIELD_TYPES, O as OPERATORS, l as ORDER_DIRECTIONS, P as PANEL_TYPES, p as QUERY_DEFAULTS, k as QUERY_EXPRESSIONS, Q as QUERY_FIELD_CONFIGS, m as QUERY_TYPES, R as REDUCE_OPERATIONS, d as SPAN_KEYS, S as SPAN_NAMES, T as TRANSFER_FROM_SUB_AGENT_ID, c as TRANSFER_TO_SUB_AGENT_ID, U as UNKNOWN_VALUE } from './signoz-queries-Bqpkx5sK.js';
+export { i as ACTIVITY_NAMES, g as ACTIVITY_STATUS, f as ACTIVITY_TYPES, h as AGENT_IDS, p as AGGREGATE_OPERATORS, A as AI_OPERATIONS, j as AI_TOOL_TYPES, o as DATA_SOURCES, k as DATA_TYPES, D as DELEGATION_FROM_SUB_AGENT_ID, b as DELEGATION_ID, a as DELEGATION_TO_SUB_AGENT_ID, F as FIELD_TYPES, O as OPERATORS, m as ORDER_DIRECTIONS, P as PANEL_TYPES, q as QUERY_DEFAULTS, l as QUERY_EXPRESSIONS, Q as QUERY_FIELD_CONFIGS, n as QUERY_TYPES, R as REDUCE_OPERATIONS, e as SPAN_KEYS, S as SPAN_NAMES, T as TRANSFER_FROM_SUB_AGENT_ID, c as TRANSFER_TO_SUB_AGENT_ID, U as UNKNOWN_VALUE, d as detectAuthenticationRequired } from './auth-detection-BO8bSpe4.js';
 import { z } from 'zod';
-import { C as ConversationHistoryConfig, F as FunctionApiInsertSchema, A as ApiKeyApiUpdateSchema, a as FullAgentAgentInsertSchema } from './utility-usOTNbMG.js';
-export { e as AgentStopWhen, b as AgentStopWhenSchema, h as CredentialStoreType, j as FunctionApiSelectSchema, k as FunctionApiUpdateSchema, i as MCPTransportType, g as ModelSettings, M as ModelSettingsSchema, d as StopWhen, S as StopWhenSchema, f as SubAgentStopWhen, c as SubAgentStopWhenSchema } from './utility-usOTNbMG.js';
+import { C as ConversationHistoryConfig, F as FunctionApiInsertSchema, A as ApiKeyApiUpdateSchema, a as FullAgentAgentInsertSchema } from './utility-mGrlR4Ta.js';
+export { e as AgentStopWhen, b as AgentStopWhenSchema, h as CredentialStoreType, j as FunctionApiSelectSchema, k as FunctionApiUpdateSchema, i as MCPTransportType, g as ModelSettings, M as ModelSettingsSchema, d as StopWhen, S as StopWhenSchema, f as SubAgentStopWhen, c as SubAgentStopWhenSchema } from './utility-mGrlR4Ta.js';
 export { v as validatePropsAsJsonSchema } from './props-validation-BMR1qNiy.js';
+import 'pino';
 import 'drizzle-zod';
 import 'drizzle-orm/sqlite-core';
 import '@hono/zod-openapi';

package/dist/client-exports.js

@@ -1,6 +1,6 @@
-export { ACTIVITY_NAMES, ACTIVITY_STATUS, ACTIVITY_TYPES, AGENT_IDS, AGGREGATE_OPERATORS, AI_OPERATIONS, AI_TOOL_TYPES, DATA_SOURCES, DATA_TYPES, DELEGATION_FROM_SUB_AGENT_ID, DELEGATION_ID, DELEGATION_TO_SUB_AGENT_ID, FIELD_TYPES, OPERATORS, ORDER_DIRECTIONS, PANEL_TYPES, QUERY_DEFAULTS, QUERY_EXPRESSIONS, QUERY_FIELD_CONFIGS, QUERY_TYPES, REDUCE_OPERATIONS, SPAN_KEYS, SPAN_NAMES, TRANSFER_FROM_SUB_AGENT_ID, TRANSFER_TO_SUB_AGENT_ID, UNKNOWN_VALUE } from './chunk-QFIITHNT.js';
-import { ModelSettingsSchema, FullAgentAgentInsertSchema, ArtifactComponentApiInsertSchema } from './chunk-4SE2FOJY.js';
-export { AgentStopWhenSchema, FunctionApiInsertSchema, FunctionApiSelectSchema, FunctionApiUpdateSchema, ModelSettingsSchema, StopWhenSchema, SubAgentStopWhenSchema, validatePropsAsJsonSchema } from './chunk-4SE2FOJY.js';
+export { ACTIVITY_NAMES, ACTIVITY_STATUS, ACTIVITY_TYPES, AGENT_IDS, AGGREGATE_OPERATORS, AI_OPERATIONS, AI_TOOL_TYPES, DATA_SOURCES, DATA_TYPES, DELEGATION_FROM_SUB_AGENT_ID, DELEGATION_ID, DELEGATION_TO_SUB_AGENT_ID, FIELD_TYPES, OPERATORS, ORDER_DIRECTIONS, PANEL_TYPES, QUERY_DEFAULTS, QUERY_EXPRESSIONS, QUERY_FIELD_CONFIGS, QUERY_TYPES, REDUCE_OPERATIONS, SPAN_KEYS, SPAN_NAMES, TRANSFER_FROM_SUB_AGENT_ID, TRANSFER_TO_SUB_AGENT_ID, UNKNOWN_VALUE, detectAuthenticationRequired } from './chunk-5GAUAB2P.js';
+import { ModelSettingsSchema, FullAgentAgentInsertSchema, ArtifactComponentApiInsertSchema } from './chunk-HN77JIDP.js';
+export { AgentStopWhenSchema, FunctionApiInsertSchema, FunctionApiSelectSchema, FunctionApiUpdateSchema, ModelSettingsSchema, StopWhenSchema, SubAgentStopWhenSchema, validatePropsAsJsonSchema } from './chunk-HN77JIDP.js';
 import { CredentialStoreType } from './chunk-YFHT5M2R.js';
 export { CredentialStoreType, MCPTransportType } from './chunk-YFHT5M2R.js';
 import { z } from 'zod';

package/dist/db/schema.d.cts

@@ -1,7 +1,7 @@
 import 'drizzle-orm';
 import 'drizzle-orm/sqlite-core';
-import '../utility-usOTNbMG.cjs';
-export { E as agentRelations, H as agentToolRelationsRelations, a as agents, w as apiKeys, G as apiKeysRelations, j as artifactComponents, M as artifactComponentsRelations, b as contextCache, C as contextCacheRelations, c as contextConfigs, B as contextConfigsRelations, r as conversations, K as conversationsRelations, x as credentialReferences, I as credentialReferencesRelations, h as dataComponents, O as dataComponentsRelations, f as externalAgents, F as externalAgentsRelations, m as functionTools, T as functionToolsRelations, n as functions, R as functionsRelations, v as ledgerArtifacts, Q as ledgerArtifactsRelations, u as messages, L as messagesRelations, p as projects, z as projectsRelations, k as subAgentArtifactComponents, N as subAgentArtifactComponentsRelations, i as subAgentDataComponents, P as subAgentDataComponentsRelations, q as subAgentFunctionToolRelations, U as subAgentFunctionToolRelationsRelations, e as subAgentRelations, S as subAgentRelationsRelations, o as subAgentToolRelations, d as subAgents, D as subAgentsRelations, g as taskRelations, A as taskRelationsRelations, t as tasks, y as tasksRelations, l as tools, J as toolsRelations } from '../schema-HuJ7Qh0C.cjs';
+import '../utility-mGrlR4Ta.cjs';
+export { E as agentRelations, H as agentToolRelationsRelations, a as agents, w as apiKeys, G as apiKeysRelations, j as artifactComponents, M as artifactComponentsRelations, b as contextCache, C as contextCacheRelations, c as contextConfigs, B as contextConfigsRelations, r as conversations, K as conversationsRelations, x as credentialReferences, I as credentialReferencesRelations, h as dataComponents, O as dataComponentsRelations, f as externalAgents, F as externalAgentsRelations, m as functionTools, T as functionToolsRelations, n as functions, R as functionsRelations, v as ledgerArtifacts, Q as ledgerArtifactsRelations, u as messages, L as messagesRelations, p as projects, z as projectsRelations, k as subAgentArtifactComponents, N as subAgentArtifactComponentsRelations, i as subAgentDataComponents, P as subAgentDataComponentsRelations, q as subAgentFunctionToolRelations, U as subAgentFunctionToolRelationsRelations, e as subAgentRelations, S as subAgentRelationsRelations, o as subAgentToolRelations, d as subAgents, D as subAgentsRelations, g as taskRelations, A as taskRelationsRelations, t as tasks, y as tasksRelations, l as tools, J as toolsRelations } from '../schema-B8NMPwEM.cjs';
 import 'zod';
 import 'drizzle-zod';
 import '@hono/zod-openapi';