npm - @juspay/neurolink - Versions diffs - 9.31.2 → 9.32.0 - Mend

@juspay/neurolink 9.31.2 → 9.32.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (161) hide show

package/CHANGELOG.md +6 -0
package/dist/auth/AuthProviderFactory.d.ts +71 -0
package/dist/auth/AuthProviderFactory.js +111 -0
package/dist/auth/AuthProviderRegistry.d.ts +33 -0
package/dist/auth/AuthProviderRegistry.js +190 -0
package/dist/auth/RequestContext.d.ts +23 -0
package/dist/auth/RequestContext.js +78 -0
package/dist/auth/authContext.d.ts +198 -0
package/dist/auth/authContext.js +314 -0
package/dist/auth/errors.d.ts +63 -0
package/dist/auth/errors.js +39 -0
package/dist/auth/index.d.ts +20 -8
package/dist/auth/index.js +35 -7
package/dist/auth/middleware/AuthMiddleware.d.ts +181 -0
package/dist/auth/middleware/AuthMiddleware.js +519 -0
package/dist/auth/middleware/rateLimitByUser.d.ts +282 -0
package/dist/auth/middleware/rateLimitByUser.js +554 -0
package/dist/auth/providers/BaseAuthProvider.d.ts +259 -0
package/dist/auth/providers/BaseAuthProvider.js +723 -0
package/dist/auth/providers/CognitoProvider.d.ts +61 -0
package/dist/auth/providers/CognitoProvider.js +304 -0
package/dist/auth/providers/KeycloakProvider.d.ts +61 -0
package/dist/auth/providers/KeycloakProvider.js +393 -0
package/dist/auth/providers/auth0.d.ts +59 -0
package/dist/auth/providers/auth0.js +274 -0
package/dist/auth/providers/betterAuth.d.ts +51 -0
package/dist/auth/providers/betterAuth.js +182 -0
package/dist/auth/providers/clerk.d.ts +65 -0
package/dist/auth/providers/clerk.js +317 -0
package/dist/auth/providers/custom.d.ts +64 -0
package/dist/auth/providers/custom.js +112 -0
package/dist/auth/providers/firebase.d.ts +63 -0
package/dist/auth/providers/firebase.js +226 -0
package/dist/auth/providers/jwt.d.ts +68 -0
package/dist/auth/providers/jwt.js +212 -0
package/dist/auth/providers/oauth2.d.ts +73 -0
package/dist/auth/providers/oauth2.js +303 -0
package/dist/auth/providers/supabase.d.ts +63 -0
package/dist/auth/providers/supabase.js +259 -0
package/dist/auth/providers/workos.d.ts +61 -0
package/dist/auth/providers/workos.js +284 -0
package/dist/auth/serverBridge.d.ts +14 -0
package/dist/auth/serverBridge.js +25 -0
package/dist/auth/sessionManager.d.ts +142 -0
package/dist/auth/sessionManager.js +437 -0
package/dist/cli/commands/authProviders.d.ts +43 -0
package/dist/cli/commands/authProviders.js +399 -0
package/dist/cli/factories/authCommandFactory.d.ts +23 -5
package/dist/cli/factories/authCommandFactory.js +108 -5
package/dist/cli/parser.js +1 -1
package/dist/client/auth/AuthProviderFactory.js +111 -0
package/dist/client/auth/AuthProviderRegistry.js +190 -0
package/dist/client/auth/RequestContext.js +78 -0
package/dist/client/auth/accountPool.js +178 -0
package/dist/client/auth/authContext.js +314 -0
package/dist/client/auth/errors.js +39 -0
package/dist/client/auth/index.js +61 -0
package/dist/client/auth/middleware/AuthMiddleware.js +519 -0
package/dist/client/auth/middleware/rateLimitByUser.js +554 -0
package/dist/client/auth/providers/BaseAuthProvider.js +723 -0
package/dist/client/auth/providers/CognitoProvider.js +304 -0
package/dist/client/auth/providers/KeycloakProvider.js +393 -0
package/dist/client/auth/providers/auth0.js +274 -0
package/dist/client/auth/providers/betterAuth.js +182 -0
package/dist/client/auth/providers/clerk.js +317 -0
package/dist/client/auth/providers/custom.js +112 -0
package/dist/client/auth/providers/firebase.js +226 -0
package/dist/client/auth/providers/jwt.js +212 -0
package/dist/client/auth/providers/oauth2.js +303 -0
package/dist/client/auth/providers/supabase.js +259 -0
package/dist/client/auth/providers/workos.js +284 -0
package/dist/client/auth/serverBridge.js +25 -0
package/dist/client/auth/sessionManager.js +437 -0
package/dist/client/core/infrastructure/baseRegistry.js +5 -1
package/dist/client/index.js +25 -0
package/dist/client/mcp/toolRegistry.js +11 -1
package/dist/client/neurolink.js +218 -0
package/dist/client/rag/ChunkerRegistry.js +2 -2
package/dist/client/rag/metadata/MetadataExtractorRegistry.js +2 -2
package/dist/client/rag/reranker/RerankerRegistry.js +2 -2
package/dist/client/server/routes/agentRoutes.js +20 -2
package/dist/client/types/authTypes.js +2 -1
package/dist/core/infrastructure/baseRegistry.d.ts +3 -1
package/dist/core/infrastructure/baseRegistry.js +5 -1
package/dist/index.d.ts +1 -0
package/dist/index.js +25 -0
package/dist/lib/auth/AuthProviderFactory.d.ts +71 -0
package/dist/lib/auth/AuthProviderFactory.js +112 -0
package/dist/lib/auth/AuthProviderRegistry.d.ts +33 -0
package/dist/lib/auth/AuthProviderRegistry.js +191 -0
package/dist/lib/auth/RequestContext.d.ts +23 -0
package/dist/lib/auth/RequestContext.js +79 -0
package/dist/lib/auth/authContext.d.ts +198 -0
package/dist/lib/auth/authContext.js +315 -0
package/dist/lib/auth/errors.d.ts +63 -0
package/dist/lib/auth/errors.js +40 -0
package/dist/lib/auth/index.d.ts +20 -8
package/dist/lib/auth/index.js +35 -7
package/dist/lib/auth/middleware/AuthMiddleware.d.ts +181 -0
package/dist/lib/auth/middleware/AuthMiddleware.js +520 -0
package/dist/lib/auth/middleware/rateLimitByUser.d.ts +282 -0
package/dist/lib/auth/middleware/rateLimitByUser.js +555 -0
package/dist/lib/auth/providers/BaseAuthProvider.d.ts +259 -0
package/dist/lib/auth/providers/BaseAuthProvider.js +724 -0
package/dist/lib/auth/providers/CognitoProvider.d.ts +61 -0
package/dist/lib/auth/providers/CognitoProvider.js +305 -0
package/dist/lib/auth/providers/KeycloakProvider.d.ts +61 -0
package/dist/lib/auth/providers/KeycloakProvider.js +394 -0
package/dist/lib/auth/providers/auth0.d.ts +59 -0
package/dist/lib/auth/providers/auth0.js +275 -0
package/dist/lib/auth/providers/betterAuth.d.ts +51 -0
package/dist/lib/auth/providers/betterAuth.js +183 -0
package/dist/lib/auth/providers/clerk.d.ts +65 -0
package/dist/lib/auth/providers/clerk.js +318 -0
package/dist/lib/auth/providers/custom.d.ts +64 -0
package/dist/lib/auth/providers/custom.js +113 -0
package/dist/lib/auth/providers/firebase.d.ts +63 -0
package/dist/lib/auth/providers/firebase.js +227 -0
package/dist/lib/auth/providers/jwt.d.ts +68 -0
package/dist/lib/auth/providers/jwt.js +213 -0
package/dist/lib/auth/providers/oauth2.d.ts +73 -0
package/dist/lib/auth/providers/oauth2.js +304 -0
package/dist/lib/auth/providers/supabase.d.ts +63 -0
package/dist/lib/auth/providers/supabase.js +260 -0
package/dist/lib/auth/providers/workos.d.ts +61 -0
package/dist/lib/auth/providers/workos.js +285 -0
package/dist/lib/auth/serverBridge.d.ts +14 -0
package/dist/lib/auth/serverBridge.js +26 -0
package/dist/lib/auth/sessionManager.d.ts +142 -0
package/dist/lib/auth/sessionManager.js +438 -0
package/dist/lib/core/infrastructure/baseRegistry.d.ts +3 -1
package/dist/lib/core/infrastructure/baseRegistry.js +5 -1
package/dist/lib/index.d.ts +1 -0
package/dist/lib/index.js +25 -0
package/dist/lib/mcp/toolRegistry.js +11 -1
package/dist/lib/neurolink.d.ts +42 -1
package/dist/lib/neurolink.js +218 -0
package/dist/lib/rag/ChunkerRegistry.js +2 -2
package/dist/lib/rag/metadata/MetadataExtractorRegistry.js +2 -2
package/dist/lib/rag/reranker/RerankerRegistry.js +2 -2
package/dist/lib/server/routes/agentRoutes.js +20 -2
package/dist/lib/types/authTypes.d.ts +937 -1
package/dist/lib/types/authTypes.js +2 -1
package/dist/lib/types/configTypes.d.ts +46 -0
package/dist/lib/types/generateTypes.d.ts +6 -0
package/dist/lib/types/index.d.ts +1 -0
package/dist/lib/types/streamTypes.d.ts +6 -0
package/dist/mcp/toolRegistry.js +11 -1
package/dist/neurolink.d.ts +42 -1
package/dist/neurolink.js +218 -0
package/dist/rag/ChunkerRegistry.js +2 -2
package/dist/rag/metadata/MetadataExtractorRegistry.js +2 -2
package/dist/rag/reranker/RerankerRegistry.js +2 -2
package/dist/server/routes/agentRoutes.js +20 -2
package/dist/types/authTypes.d.ts +937 -1
package/dist/types/authTypes.js +2 -1
package/dist/types/configTypes.d.ts +46 -0
package/dist/types/generateTypes.d.ts +6 -0
package/dist/types/index.d.ts +1 -0
package/dist/types/streamTypes.d.ts +6 -0
package/package.json +2 -1

package/dist/cli/commands/authProviders.js ADDED Viewed

@@ -0,0 +1,399 @@
+// src/cli/commands/authProviders.ts
+/**
+ * Multi-provider authentication CLI handlers.
+ *
+ * Provides commands for listing, validating, and health-checking
+ * authentication providers (Auth0, Clerk, Firebase, Supabase, etc.).
+ */
+import chalk from "chalk";
+import { AuthProviderFactory } from "../../lib/auth/AuthProviderFactory.js";
+import { logger } from "../../lib/utils/logger.js";
+/**
+ * Provider information for display
+ */
+const PROVIDER_INFO = {
+    auth0: {
+        name: "Auth0",
+        description: "Enterprise identity platform with JWT and session support",
+        requiredConfig: ["domain", "clientId"],
+        website: "https://auth0.com",
+    },
+    clerk: {
+        name: "Clerk",
+        description: "Modern authentication with session-based and JWT support",
+        requiredConfig: ["publishableKey", "secretKey"],
+        website: "https://clerk.com",
+    },
+    supabase: {
+        name: "Supabase Auth",
+        description: "Open-source Firebase alternative with JWT authentication",
+        requiredConfig: ["url", "anonKey"],
+        website: "https://supabase.com",
+    },
+    firebase: {
+        name: "Firebase Auth",
+        description: "Google's authentication service with multiple providers",
+        requiredConfig: ["projectId"],
+        website: "https://firebase.google.com",
+    },
+    workos: {
+        name: "WorkOS",
+        description: "Enterprise-ready authentication with SSO support",
+        requiredConfig: ["apiKey", "clientId"],
+        website: "https://workos.com",
+    },
+    "better-auth": {
+        name: "Better Auth",
+        description: "Self-hosted authentication solution",
+        requiredConfig: ["secret", "baseUrl"],
+        website: "https://github.com/better-auth/better-auth",
+    },
+    custom: {
+        name: "Custom",
+        description: "Custom authentication adapter for any provider",
+        requiredConfig: ["validateToken"],
+        website: "",
+    },
+    oauth2: {
+        name: "OAuth2",
+        description: "Generic OAuth2 authentication with configurable endpoints",
+        requiredConfig: [
+            "clientId",
+            "clientSecret",
+            "authorizationUrl",
+            "tokenUrl",
+        ],
+        website: "https://oauth.net/2/",
+    },
+    cognito: {
+        name: "AWS Cognito",
+        description: "AWS Cognito user pools with JWT authentication",
+        requiredConfig: ["userPoolId", "clientId", "region"],
+        website: "https://aws.amazon.com/cognito/",
+    },
+    keycloak: {
+        name: "Keycloak",
+        description: "Open-source identity and access management",
+        requiredConfig: ["realm", "serverUrl", "clientId"],
+        website: "https://www.keycloak.org/",
+    },
+    jwt: {
+        name: "JWT",
+        description: "Generic JWT token validation with configurable secret/keys",
+        requiredConfig: ["secret"],
+        website: "https://jwt.io/",
+    },
+};
+/**
+ * Handle 'auth providers' command
+ */
+export async function handleProvidersCommand(argv) {
+    const providers = Object.entries(PROVIDER_INFO).filter(([key]) => key !== "custom");
+    if (argv.format === "json") {
+        const output = providers.map(([type, info]) => ({
+            type,
+            ...info,
+        }));
+        logger.always(JSON.stringify(output, null, 2));
+        return;
+    }
+    if (argv.format === "table") {
+        logger.always(chalk.bold("\nAvailable Authentication Providers\n"));
+        logger.always(chalk.gray("+-----------------+--------------------------------------------------+"));
+        logger.always(chalk.gray("| ") +
+            chalk.bold("Provider".padEnd(15)) +
+            chalk.gray(" | ") +
+            chalk.bold("Description".padEnd(48)) +
+            chalk.gray(" |"));
+        logger.always(chalk.gray("+-----------------+--------------------------------------------------+"));
+        for (const [type, info] of providers) {
+            logger.always(chalk.gray("| ") +
+                chalk.cyan(type.padEnd(15)) +
+                chalk.gray(" | ") +
+                info.description.substring(0, 48).padEnd(48) +
+                chalk.gray(" |"));
+        }
+        logger.always(chalk.gray("+-----------------+--------------------------------------------------+"));
+        return;
+    }
+    // Text format (default)
+    logger.always(chalk.bold("\nAvailable Authentication Providers\n"));
+    for (const [type, info] of providers) {
+        logger.always(chalk.cyan.bold(`  ${info.name} (${type})`));
+        logger.always(chalk.gray(`    ${info.description}`));
+        logger.always(chalk.gray(`    Required config: ${info.requiredConfig.join(", ")}`));
+        if (info.website) {
+            logger.always(chalk.gray(`    Website: ${info.website}`));
+        }
+        logger.always("");
+    }
+    logger.always(chalk.gray("Use 'neurolink auth validate <token> --provider <type>' to validate a token"));
+    logger.always(chalk.gray("Use 'neurolink auth health --provider <type>' to check provider health\n"));
+}
+/**
+ * Handle 'auth validate' command
+ */
+export async function handleValidateCommand(argv) {
+    try {
+        const providerConfig = buildProviderConfig(argv);
+        if (!providerConfig) {
+            logger.error(chalk.red(`\nError: Missing required configuration for ${argv.provider} provider.\n`));
+            logger.always(chalk.gray(`Required: ${PROVIDER_INFO[argv.provider].requiredConfig.join(", ")}`));
+            logger.always(chalk.gray("\nProvide via CLI options or environment variables (e.g., AUTH0_DOMAIN)"));
+            process.exit(1);
+        }
+        const provider = await AuthProviderFactory.createProvider(argv.provider, providerConfig);
+        const result = await provider.authenticateToken(argv.token);
+        if (argv.format === "json") {
+            logger.always(JSON.stringify(result, null, 2));
+            return;
+        }
+        logger.always("");
+        if (result.valid) {
+            logger.always(chalk.green.bold("Token is VALID"));
+            logger.always("");
+            if (result.user) {
+                logger.always(chalk.bold("User Information:"));
+                logger.always(chalk.gray(`  ID:       ${result.user.id}`));
+                if (result.user.email) {
+                    logger.always(chalk.gray(`  Email:    ${result.user.email}`));
+                }
+                if (result.user.name) {
+                    logger.always(chalk.gray(`  Name:     ${result.user.name}`));
+                }
+                if (result.user.roles.length > 0) {
+                    logger.always(chalk.gray(`  Roles:    ${result.user.roles.join(", ")}`));
+                }
+                if (result.user.permissions.length > 0) {
+                    logger.always(chalk.gray(`  Permissions: ${result.user.permissions.join(", ")}`));
+                }
+            }
+            if (result.expiresAt) {
+                logger.always("");
+                logger.always(chalk.gray(`Expires: ${result.expiresAt.toISOString()}`));
+            }
+            if (result.tokenType) {
+                logger.always(chalk.gray(`Token Type: ${result.tokenType}`));
+            }
+        }
+        else {
+            logger.always(chalk.red.bold("Token is INVALID"));
+            if (result.error) {
+                logger.always(chalk.red(`\nError: ${result.error}`));
+            }
+            process.exit(1);
+        }
+        logger.always("");
+    }
+    catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        logger.error("Token validation failed:", error);
+        if (argv.format === "json") {
+            logger.always(JSON.stringify({ valid: false, error: message }, null, 2));
+        }
+        else {
+            logger.error(chalk.red(`\nValidation Error: ${message}\n`));
+        }
+        process.exit(1);
+    }
+}
+/**
+ * Handle 'auth health' command
+ */
+export async function handleHealthCommand(argv) {
+    try {
+        const providerConfig = buildProviderConfig(argv);
+        if (!providerConfig) {
+            logger.error(chalk.red(`\nError: Missing required configuration for ${argv.provider} provider.\n`));
+            logger.always(chalk.gray(`Required: ${PROVIDER_INFO[argv.provider].requiredConfig.join(", ")}`));
+            logger.always(chalk.gray("\nProvide via CLI options or environment variables (e.g., AUTH0_DOMAIN)"));
+            process.exit(1);
+        }
+        const provider = await AuthProviderFactory.createProvider(argv.provider, providerConfig);
+        const health = await provider.healthCheck?.();
+        if (!health) {
+            logger.error(chalk.red(`\nProvider ${argv.provider} does not support health checks.\n`));
+            process.exit(1);
+        }
+        if (argv.format === "json") {
+            logger.always(JSON.stringify(health, null, 2));
+            return;
+        }
+        logger.always("");
+        logger.always(chalk.bold(`Auth Provider Health: ${argv.provider}`));
+        logger.always("");
+        const statusIcon = health.healthy ? chalk.green("OK") : chalk.red("FAIL");
+        logger.always(`  Overall Status:     ${statusIcon}`);
+        logger.always(`  Provider Connected: ${health.providerConnected ? chalk.green("Yes") : chalk.red("No")}`);
+        logger.always(`  Session Storage:    ${health.sessionStorageHealthy ? chalk.green("Healthy") : chalk.red("Unhealthy")}`);
+        if (health.lastSuccessfulAuth) {
+            logger.always(chalk.gray(`  Last Auth:          ${health.lastSuccessfulAuth.toISOString()}`));
+        }
+        if (health.error) {
+            logger.always(chalk.red(`\n  Error: ${health.error}`));
+        }
+        logger.always("");
+        if (!health.healthy) {
+            process.exit(1);
+        }
+    }
+    catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        logger.error("Health check failed:", error);
+        if (argv.format === "json") {
+            logger.always(JSON.stringify({ healthy: false, error: message }, null, 2));
+        }
+        else {
+            logger.error(chalk.red(`\nHealth Check Error: ${message}\n`));
+        }
+        process.exit(1);
+    }
+}
+/**
+ * Build provider configuration from CLI args and environment variables
+ */
+function buildProviderConfig(argv) {
+    switch (argv.provider) {
+        case "auth0": {
+            const domain = argv.domain || process.env.AUTH0_DOMAIN;
+            const clientId = argv.clientId || process.env.AUTH0_CLIENT_ID;
+            if (!domain || !clientId) {
+                return null;
+            }
+            return {
+                type: argv.provider,
+                domain,
+                clientId,
+                audience: process.env.AUTH0_AUDIENCE,
+            };
+        }
+        case "clerk": {
+            const secretKey = argv.secretKey || process.env.CLERK_SECRET_KEY;
+            const publishableKey = process.env.CLERK_PUBLISHABLE_KEY || "";
+            if (!secretKey) {
+                return null;
+            }
+            return {
+                type: argv.provider,
+                publishableKey,
+                secretKey,
+            };
+        }
+        case "supabase": {
+            const url = argv.url || process.env.SUPABASE_URL;
+            const anonKey = argv.anonKey || process.env.SUPABASE_ANON_KEY;
+            if (!url || !anonKey) {
+                return null;
+            }
+            return {
+                type: argv.provider,
+                url,
+                anonKey,
+                jwtSecret: process.env.SUPABASE_JWT_SECRET,
+            };
+        }
+        case "firebase": {
+            const projectId = process.env.FIREBASE_PROJECT_ID;
+            if (!projectId) {
+                return null;
+            }
+            return {
+                type: argv.provider,
+                projectId,
+                apiKey: process.env.FIREBASE_API_KEY,
+            };
+        }
+        case "workos": {
+            const apiKey = argv.apiKey || process.env.WORKOS_API_KEY;
+            const clientId = argv.clientId || process.env.WORKOS_CLIENT_ID;
+            if (!apiKey || !clientId) {
+                return null;
+            }
+            return {
+                type: argv.provider,
+                apiKey,
+                clientId,
+            };
+        }
+        case "better-auth": {
+            const secret = argv.secret || process.env.BETTER_AUTH_SECRET;
+            const baseUrl = argv.url || process.env.BETTER_AUTH_BASE_URL;
+            if (!secret || !baseUrl) {
+                return null;
+            }
+            return {
+                type: argv.provider,
+                secret,
+                baseUrl,
+            };
+        }
+        case "oauth2": {
+            const clientId = argv.clientId || process.env.OAUTH2_CLIENT_ID;
+            const clientSecret = process.env.OAUTH2_CLIENT_SECRET;
+            const authorizationUrl = process.env.OAUTH2_AUTHORIZATION_URL;
+            const tokenUrl = process.env.OAUTH2_TOKEN_URL;
+            if (!clientId || !authorizationUrl || !tokenUrl) {
+                return null;
+            }
+            return {
+                type: argv.provider,
+                clientId,
+                clientSecret,
+                authorizationUrl,
+                tokenUrl,
+                userInfoUrl: process.env.OAUTH2_USERINFO_URL,
+                jwksUrl: process.env.OAUTH2_JWKS_URL,
+            };
+        }
+        case "cognito": {
+            const userPoolId = process.env.COGNITO_USER_POOL_ID;
+            const clientId = argv.clientId || process.env.COGNITO_CLIENT_ID;
+            const region = process.env.COGNITO_REGION || process.env.AWS_REGION;
+            if (!userPoolId || !clientId || !region) {
+                return null;
+            }
+            return {
+                type: argv.provider,
+                userPoolId,
+                clientId,
+                region,
+            };
+        }
+        case "keycloak": {
+            const realm = process.env.KEYCLOAK_REALM;
+            const serverUrl = argv.url || process.env.KEYCLOAK_SERVER_URL;
+            const clientId = argv.clientId || process.env.KEYCLOAK_CLIENT_ID;
+            if (!realm || !serverUrl || !clientId) {
+                return null;
+            }
+            return {
+                type: argv.provider,
+                realm,
+                serverUrl,
+                clientId,
+            };
+        }
+        case "jwt": {
+            const secret = argv.secret || process.env.JWT_SECRET;
+            const publicKey = process.env.JWT_PUBLIC_KEY;
+            if (!secret && !publicKey) {
+                return null;
+            }
+            return {
+                type: argv.provider,
+                secret,
+                publicKey,
+                issuer: process.env.JWT_ISSUER,
+                audience: process.env.JWT_AUDIENCE,
+            };
+        }
+        case "custom": {
+            // Custom provider requires a validateToken function which can't be
+            // provided via CLI flags. Return null to show guidance message.
+            return null;
+        }
+        default:
+            return null;
+    }
+}
+//# sourceMappingURL=authProviders.js.map

package/dist/cli/factories/authCommandFactory.d.ts CHANGED Viewed

@@ -2,20 +2,22 @@
  * Auth Command Factory for NeuroLink
  *
  * Creates the unified authentication command with subcommands for AI providers.
- * Follows the MCP command pattern with subcommands: login, logout, status, refresh.
- *
- * Supported providers:
- * - Anthropic (API key + OAuth for Claude subscription plans)
+ * Subcommands:
+ * - login, logout, status, refresh: Anthropic OAuth (API key + OAuth)
+ * - providers, validate, health: Multi-provider auth management
  */
 import type { CommandModule } from "yargs";
 /**
  * Auth Command Factory
  *
  * Creates the main auth command with subcommands:
- * - login: Authenticate with a provider
+ * - login: Authenticate with a provider (Anthropic OAuth)
  * - logout: Clear stored credentials
  * - status: Show authentication status
  * - refresh: Manually refresh OAuth tokens
+ * - providers: List available auth providers
+ * - validate: Validate a token against a provider
+ * - health: Check auth provider health
  */
 export declare class AuthCommandFactory {
     /**
@@ -54,4 +56,20 @@ export declare class AuthCommandFactory {
      * Build options for enable subcommand
      */
     private static buildEnableOptions;
+    /**
+     * Auth provider choices for multi-provider commands
+     */
+    private static readonly AUTH_PROVIDER_CHOICES;
+    /**
+     * Build common provider options for validate/health commands
+     */
+    private static buildProviderOptions;
+    /**
+     * Build options for validate subcommand
+     */
+    private static buildValidateOptions;
+    /**
+     * Build options for health subcommand
+     */
+    private static buildHealthOptions;
 }

package/dist/cli/factories/authCommandFactory.js CHANGED Viewed

@@ -2,10 +2,9 @@
  * Auth Command Factory for NeuroLink
  *
  * Creates the unified authentication command with subcommands for AI providers.
- * Follows the MCP command pattern with subcommands: login, logout, status, refresh.
- *
- * Supported providers:
- * - Anthropic (API key + OAuth for Claude subscription plans)
+ * Subcommands:
+ * - login, logout, status, refresh: Anthropic OAuth (API key + OAuth)
+ * - providers, validate, health: Multi-provider auth management
  */
 /**
  * Supported providers for authentication
@@ -15,10 +14,13 @@ const SUPPORTED_PROVIDERS = ["anthropic"];
  * Auth Command Factory
  *
  * Creates the main auth command with subcommands:
- * - login: Authenticate with a provider
+ * - login: Authenticate with a provider (Anthropic OAuth)
  * - logout: Clear stored credentials
  * - status: Show authentication status
  * - refresh: Manually refresh OAuth tokens
+ * - providers: List available auth providers
+ * - validate: Validate a token against a provider
+ * - health: Check auth provider health
  */
 export class AuthCommandFactory {
     /**
@@ -61,6 +63,24 @@ export class AuthCommandFactory {
                     .command("enable <account>", "Re-enable a previously disabled account", (yargs) => this.buildEnableOptions(yargs), async (argv) => {
                     const { handleEnable } = await import("../commands/auth.js");
                     await handleEnable(argv);
+                })
+                    .command("providers", "List available authentication providers", (yargs) => yargs.option("format", {
+                    type: "string",
+                    choices: ["text", "json", "table"],
+                    default: "text",
+                    description: "Output format",
+                    alias: "f",
+                }), async (argv) => {
+                    const { handleProvidersCommand } = await import("../commands/authProviders.js");
+                    await handleProvidersCommand(argv);
+                })
+                    .command("validate <token>", "Validate an authentication token", (yargs) => this.buildValidateOptions(yargs), async (argv) => {
+                    const { handleValidateCommand } = await import("../commands/authProviders.js");
+                    await handleValidateCommand(argv);
+                })
+                    .command("health", "Check authentication provider health", (yargs) => this.buildHealthOptions(yargs), async (argv) => {
+                    const { handleHealthCommand } = await import("../commands/authProviders.js");
+                    await handleHealthCommand(argv);
                 })
                     .option("format", {
                     choices: ["text", "json"],
@@ -237,5 +257,88 @@ export class AuthCommandFactory {
         })
             .example("$0 auth enable anthropic:1-VjRIq", "Re-enable a disabled account");
     }
+    /**
+     * Auth provider choices for multi-provider commands
+     */
+    static AUTH_PROVIDER_CHOICES = [
+        "auth0",
+        "clerk",
+        "supabase",
+        "firebase",
+        "workos",
+        "better-auth",
+        "jwt",
+        "oauth2",
+        "cognito",
+        "keycloak",
+    ];
+    /**
+     * Build common provider options for validate/health commands
+     */
+    static buildProviderOptions(yargs) {
+        return yargs
+            .option("provider", {
+            type: "string",
+            choices: this.AUTH_PROVIDER_CHOICES,
+            default: "auth0",
+            description: "Authentication provider type",
+            alias: "p",
+        })
+            .option("domain", {
+            type: "string",
+            description: "Auth0 domain (for auth0 provider)",
+        })
+            .option("clientId", {
+            type: "string",
+            description: "Client ID (for auth0 provider)",
+            alias: "client-id",
+        })
+            .option("secretKey", {
+            type: "string",
+            description: "Secret key (for clerk provider)",
+            alias: "secret-key",
+        })
+            .option("url", {
+            type: "string",
+            description: "Provider URL (for supabase, better-auth)",
+        })
+            .option("anonKey", {
+            type: "string",
+            description: "Anon key (for supabase provider)",
+            alias: "anon-key",
+        })
+            .option("apiKey", {
+            type: "string",
+            description: "API key (for workos provider)",
+            alias: "api-key",
+        })
+            .option("secret", {
+            type: "string",
+            description: "Secret (for better-auth, jwt providers). Can also be set via BETTER_AUTH_SECRET or JWT_SECRET env vars.",
+        })
+            .option("format", {
+            type: "string",
+            choices: ["text", "json"],
+            default: "text",
+            description: "Output format",
+            alias: "f",
+        });
+    }
+    /**
+     * Build options for validate subcommand
+     */
+    static buildValidateOptions(yargs) {
+        return this.buildProviderOptions(yargs.positional("token", {
+            type: "string",
+            description: "The token to validate (JWT or session token)",
+            demandOption: true,
+        }));
+    }
+    /**
+     * Build options for health subcommand
+     */
+    static buildHealthOptions(yargs) {
+        return this.buildProviderOptions(yargs);
+    }
 }
 //# sourceMappingURL=authCommandFactory.js.map

package/dist/cli/parser.js CHANGED Viewed

@@ -7,13 +7,13 @@ import { globalSession } from "../lib/session/globalSessionState.js";
 import { handleError } from "./errorHandler.js";
 import { logger } from "../lib/utils/logger.js";
 import { SetupCommandFactory } from "./factories/setupCommandFactory.js";
+import { AuthCommandFactory } from "./factories/authCommandFactory.js";
 import { ServerCommandFactory } from "./commands/server.js";
 import { ServeCommandFactory } from "./commands/serve.js";
 import { ragCommand } from "./commands/rag.js";
 import { ObservabilityCommandFactory } from "./commands/observability.js";
 import { TelemetryCommandFactory } from "./commands/telemetry.js";
 import { proxyStartCommand, proxyStatusCommand, proxySetupCommand, proxyGuardCommand, proxyInstallCommand, proxyUninstallCommand, } from "./commands/proxy.js";
-import { AuthCommandFactory } from "./factories/authCommandFactory.js";
 // Enhanced CLI with Professional UX
 export function initializeCliParser() {
     return (yargs(hideBin(process.argv))