npm - @kadoa/mcp - Versions diffs - 0.3.6-rc.4 → 0.3.6-rc.5 - Mend

@kadoa/mcp 0.3.6-rc.4 → 0.3.6-rc.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/index.js +166 -62
package/package.json +3 -2

package/dist/index.js CHANGED Viewed

@@ -54028,8 +54028,27 @@ async function setActiveTeamAndRefresh(jwt2, refreshToken, teamId) {
 }
 class KadoaOAuthProvider {
+  store;
+  constructor(store) {
+    this.store = store;
+  }
   get clientsStore() {
-    return kadoaClientsStore;
+    const store = this.store;
+    return {
+      async getClient(clientId) {
+        return store.get("clients", clientId);
+      },
+      async registerClient(client) {
+        const clientId = randomToken(16);
+        const full = {
+          ...client,
+          client_id: clientId,
+          client_id_issued_at: Math.floor(Date.now() / 1000)
+        };
+        await store.set("clients", clientId, full, 2592000);
+        return full;
+      }
+    };
   }
   async authorize(client, params, res) {
     const supabaseUrl = process.env.SUPABASE_URL;
@@ -54039,16 +54058,16 @@ class KadoaOAuthProvider {
     }
     const state = randomToken();
     const { verifier, challenge } = generatePKCE();
-    pendingAuths.set(state, {
+    await this.store.set("pending_auths", state, {
       client,
       params,
       supabaseCodeVerifier: verifier
-    });
+    }, 600);
     res.type("html").send(renderLoginPage(state));
   }
   async handleGoogleLogin(req, res) {
     const { state } = req.body;
-    const pending = pendingAuths.get(state);
+    const pending = await this.store.get("pending_auths", state);
     if (!pending) {
       res.status(400).send("Unknown or expired state parameter");
       return;
@@ -54073,7 +54092,7 @@ class KadoaOAuthProvider {
       res.status(400).send("Missing required fields");
       return;
     }
-    const pending = pendingAuths.get(state);
+    const pending = await this.store.get("pending_auths", state);
     if (!pending) {
       res.status(400).type("html").send(renderLoginPage(state, "Session expired — please try again"));
       return;
@@ -54099,7 +54118,7 @@ class KadoaOAuthProvider {
         return;
       }
       const data = await tokenRes.json();
-      pendingAuths.delete(state);
+      await this.store.del("pending_auths", state);
       await this.completeAuthWithTokens(pending, res, data.access_token, data.refresh_token);
     } catch (error48) {
       console.error("Email/password login error:", error48);
@@ -54112,7 +54131,7 @@ class KadoaOAuthProvider {
       res.status(400).send("Missing required fields");
       return;
     }
-    const pending = pendingAuths.get(state);
+    const pending = await this.store.get("pending_auths", state);
     if (!pending) {
       res.status(400).type("html").send(renderLoginPage(state, "Session expired — please try again"));
       return;
@@ -54160,7 +54179,7 @@ class KadoaOAuthProvider {
     const teams = await fetchUserTeams(supabaseJwt);
     if (teams.length === 1) {
       const refreshed = await setActiveTeamAndRefresh(supabaseJwt, supabaseRefreshToken, teams[0].id);
-      this.completeAuthFlow(pending, res, {
+      await this.completeAuthFlow(pending, res, {
         jwt: refreshed.jwt,
         refreshToken: refreshed.refreshToken,
         teamId: teams[0].id
@@ -54168,27 +54187,27 @@ class KadoaOAuthProvider {
       return;
     }
     const selectionToken = randomToken();
-    pendingTeamSelections.set(selectionToken, {
+    await this.store.set("pending_team_selections", selectionToken, {
       supabaseJwt,
       supabaseRefreshToken,
       teams,
       pending,
       expiresAt: Date.now() + TEAM_SELECTION_TTL
-    });
+    }, 600);
     res.type("html").send(renderTeamSelectionPage(teams, selectionToken));
   }
   async challengeForAuthorizationCode(_client, authorizationCode) {
-    const entry = authCodes.get(authorizationCode);
+    const entry = await this.store.get("auth_codes", authorizationCode);
     if (!entry)
       throw new Error("Unknown authorization code");
     return entry.codeChallenge;
   }
   async exchangeAuthorizationCode(_client, authorizationCode, _codeVerifier, redirectUri) {
-    const entry = authCodes.get(authorizationCode);
+    const entry = await this.store.get("auth_codes", authorizationCode);
     if (!entry)
       throw new Error("Unknown authorization code");
     if (entry.expiresAt < Date.now()) {
-      authCodes.delete(authorizationCode);
+      await this.store.del("auth_codes", authorizationCode);
       throw new Error("Authorization code expired");
     }
     if (redirectUri && redirectUri !== entry.redirectUri) {
@@ -54197,22 +54216,23 @@ class KadoaOAuthProvider {
     const accessToken = randomToken();
     const refreshToken = randomToken();
     const expiresAt = Date.now() + ACCESS_TOKEN_TTL * 1000;
-    accessTokens.set(accessToken, {
+    await this.store.set("access_tokens", accessToken, {
       supabaseJwt: entry.supabaseJwt,
       supabaseRefreshToken: entry.supabaseRefreshToken,
       teamId: entry.teamId,
       clientId: entry.clientId,
       expiresAt
-    });
-    refreshTokens.set(refreshToken, {
+    }, ACCESS_TOKEN_TTL);
+    await this.store.set("refresh_tokens", refreshToken, {
       supabaseJwt: entry.supabaseJwt,
       supabaseRefreshToken: entry.supabaseRefreshToken,
       teamId: entry.teamId,
       clientId: entry.clientId
-    });
-    authCodes.delete(authorizationCode);
+    }, 2592000);
+    await this.store.del("auth_codes", authorizationCode);
     const claims = jwtClaims(entry.supabaseJwt);
-    console.log(`[AUTH] LOGIN: tokens issued (email=${claims.email}, team=${entry.teamId}, token=${accessToken.slice(0, 12)}..., ttl=${ACCESS_TOKEN_TTL}s, active_sessions=${accessTokens.size})`);
+    const sessionCount = await this.store.size("access_tokens");
+    console.log(`[AUTH] LOGIN: tokens issued (email=${claims.email}, team=${entry.teamId}, token=${accessToken.slice(0, 12)}..., ttl=${ACCESS_TOKEN_TTL}s, active_sessions=${sessionCount})`);
     return {
       access_token: accessToken,
       token_type: "bearer",
@@ -54221,12 +54241,13 @@ class KadoaOAuthProvider {
     };
   }
   async exchangeRefreshToken(_client, refreshToken) {
-    const entry = refreshTokens.get(refreshToken);
+    const entry = await this.store.get("refresh_tokens", refreshToken);
     if (!entry) {
-      console.error(`[AUTH] REFRESH_FAIL: unknown refresh token (token=${refreshToken.slice(0, 12)}..., active_sessions=${refreshTokens.size})`);
+      const sessionCount = await this.store.size("refresh_tokens");
+      console.error(`[AUTH] REFRESH_FAIL: unknown refresh token (token=${refreshToken.slice(0, 12)}..., active_sessions=${sessionCount})`);
       throw new InvalidTokenError("Unknown or expired refresh token");
     }
-    refreshTokens.delete(refreshToken);
+    await this.store.del("refresh_tokens", refreshToken);
     let { supabaseJwt, supabaseRefreshToken } = entry;
     try {
       const supabaseUrl = process.env.SUPABASE_URL;
@@ -54258,19 +54279,19 @@ class KadoaOAuthProvider {
     const newAccessToken = randomToken();
     const newRefreshToken = randomToken();
     const expiresAt = Date.now() + ACCESS_TOKEN_TTL * 1000;
-    accessTokens.set(newAccessToken, {
+    await this.store.set("access_tokens", newAccessToken, {
       supabaseJwt,
       supabaseRefreshToken,
       teamId: entry.teamId,
       clientId: entry.clientId,
       expiresAt
-    });
-    refreshTokens.set(newRefreshToken, {
+    }, ACCESS_TOKEN_TTL);
+    await this.store.set("refresh_tokens", newRefreshToken, {
       supabaseJwt,
       supabaseRefreshToken,
       teamId: entry.teamId,
       clientId: entry.clientId
-    });
+    }, 2592000);
     return {
       access_token: newAccessToken,
       token_type: "bearer",
@@ -54288,16 +54309,17 @@ class KadoaOAuthProvider {
         extra: { apiKey: token }
       };
     }
-    const entry = accessTokens.get(token);
+    const entry = await this.store.get("access_tokens", token);
     if (!entry) {
-      console.error(`[AUTH] VERIFY_FAIL: unknown token (token=${token.slice(0, 12)}..., active_sessions=${accessTokens.size})`);
+      const sessionCount = await this.store.size("access_tokens");
+      console.error(`[AUTH] VERIFY_FAIL: unknown token (token=${token.slice(0, 12)}..., active_sessions=${sessionCount})`);
       throw new InvalidTokenError("Unknown or expired access token");
     }
     if (entry.expiresAt < Date.now()) {
       const expiredAgo = Math.round((Date.now() - entry.expiresAt) / 1000);
       const claims = jwtClaims(entry.supabaseJwt);
       console.error(`[AUTH] VERIFY_FAIL: token expired ${expiredAgo}s ago (email=${claims.email}, team=${entry.teamId}, token=${token.slice(0, 12)}...)`);
-      accessTokens.delete(token);
+      await this.store.del("access_tokens", token);
       throw new InvalidTokenError("Access token expired");
     }
     return {
@@ -54318,12 +54340,12 @@ class KadoaOAuthProvider {
       res.status(400).send("Missing code or mcp_state parameter");
       return;
     }
-    const pending = pendingAuths.get(state);
+    const pending = await this.store.get("pending_auths", state);
     if (!pending) {
       res.status(400).send("Unknown or expired state parameter");
       return;
     }
-    pendingAuths.delete(state);
+    await this.store.del("pending_auths", state);
     try {
       const supabaseTokens = await exchangeSupabaseCode(code, pending.supabaseCodeVerifier);
       await this.completeAuthWithTokens(pending, res, supabaseTokens.accessToken, supabaseTokens.refreshToken);
@@ -54344,13 +54366,13 @@ class KadoaOAuthProvider {
       res.status(400).send("Missing token or teamId");
       return;
     }
-    const entry = pendingTeamSelections.get(token);
+    const entry = await this.store.get("pending_team_selections", token);
     if (!entry) {
       res.status(400).send("Unknown or expired team selection token");
       return;
     }
     if (entry.expiresAt < Date.now()) {
-      pendingTeamSelections.delete(token);
+      await this.store.del("pending_team_selections", token);
       res.status(400).send("Team selection expired — please log in again");
       return;
     }
@@ -54358,10 +54380,10 @@ class KadoaOAuthProvider {
       res.status(403).send("Invalid team selection");
       return;
     }
-    pendingTeamSelections.delete(token);
+    await this.store.del("pending_team_selections", token);
     try {
       const refreshed = await setActiveTeamAndRefresh(entry.supabaseJwt, entry.supabaseRefreshToken, teamId);
-      this.completeAuthFlow(entry.pending, res, {
+      await this.completeAuthFlow(entry.pending, res, {
         jwt: refreshed.jwt,
         refreshToken: refreshed.refreshToken,
         teamId
@@ -54377,9 +54399,9 @@ class KadoaOAuthProvider {
       res.redirect(redirectUrl.toString());
     }
   }
-  completeAuthFlow(pending, res, credentials) {
+  async completeAuthFlow(pending, res, credentials) {
     const mcpCode = randomToken();
-    authCodes.set(mcpCode, {
+    await this.store.set("auth_codes", mcpCode, {
       supabaseJwt: credentials.jwt,
       supabaseRefreshToken: credentials.refreshToken,
       teamId: credentials.teamId,
@@ -54387,7 +54409,7 @@ class KadoaOAuthProvider {
       clientId: pending.client.client_id,
       redirectUri: pending.params.redirectUri,
       expiresAt: Date.now() + 10 * 60 * 1000
-    });
+    }, 600);
     const redirectUrl = new URL(pending.params.redirectUri);
     redirectUrl.searchParams.set("code", mcpCode);
     if (pending.params.state) {
@@ -54815,34 +54837,109 @@ function renderLoginPage(state, error48) {
 function escapeHtml(str) {
   return str.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&#39;");
 }
-var clients, pendingAuths, pendingTeamSelections, authCodes, accessTokens, refreshTokens, TEAM_SELECTION_TTL, ACCESS_TOKEN_TTL, kadoaClientsStore;
+var TEAM_SELECTION_TTL, ACCESS_TOKEN_TTL;
 var init_auth2 = __esm(() => {
   init_errors4();
-  clients = new Map;
-  pendingAuths = new Map;
-  pendingTeamSelections = new Map;
-  authCodes = new Map;
-  accessTokens = new Map;
-  refreshTokens = new Map;
   TEAM_SELECTION_TTL = 10 * 60 * 1000;
   ACCESS_TOKEN_TTL = 7 * 24 * 3600;
-  kadoaClientsStore = {
-    getClient(clientId) {
-      return clients.get(clientId);
-    },
-    registerClient(client) {
-      const clientId = randomToken(16);
-      const full = {
-        ...client,
-        client_id: clientId,
-        client_id_issued_at: Math.floor(Date.now() / 1000)
-      };
-      clients.set(clientId, full);
-      return full;
-    }
-  };
 });
+// src/redis-store.ts
+import Redis from "ioredis";
+class RedisTokenStore {
+  redis = null;
+  fallback = new Map;
+  constructor(redisHost) {
+    const host = redisHost ?? process.env.REDIS_HOST;
+    if (host) {
+      const port = Number(process.env.REDIS_PORT) || 6379;
+      console.error(`[Redis] Connecting to ${host}:${port}...`);
+      this.redis = new Redis({
+        host,
+        port,
+        maxRetriesPerRequest: 3,
+        lazyConnect: true
+      });
+      this.redis.on("ready", () => {
+        console.error(`[Redis] Connected to ${host}:${port}`);
+      });
+      this.redis.on("error", (err) => {
+        console.error("[Redis] Error:", err.message);
+      });
+      this.redis.connect().catch((err) => {
+        console.error("[Redis] Connection failed, falling back to in-memory:", err.message);
+        this.redis?.disconnect();
+        this.redis = null;
+      });
+    } else {
+      console.error("[Redis] No REDIS_HOST set, using in-memory token store");
+    }
+  }
+  get useRedis() {
+    return this.redis?.status === "ready";
+  }
+  isConnected() {
+    return this.useRedis;
+  }
+  async get(namespace, key) {
+    const fullKey = `${KEY_PREFIX}:${namespace}:${key}`;
+    const raw = this.useRedis ? await this.redis.get(fullKey) : this.fallback.get(fullKey);
+    if (!raw)
+      return;
+    return JSON.parse(raw);
+  }
+  async set(namespace, key, value, ttlSeconds) {
+    const fullKey = `${KEY_PREFIX}:${namespace}:${key}`;
+    const json2 = JSON.stringify(value);
+    if (this.useRedis) {
+      if (ttlSeconds) {
+        await this.redis.set(fullKey, json2, "EX", ttlSeconds);
+      } else {
+        await this.redis.set(fullKey, json2);
+      }
+    } else {
+      this.fallback.set(fullKey, json2);
+    }
+  }
+  async size(namespace) {
+    const pattern = `${KEY_PREFIX}:${namespace}:*`;
+    if (this.useRedis) {
+      let count2 = 0;
+      let cursor = "0";
+      do {
+        const [next, keys] = await this.redis.scan(cursor, "MATCH", pattern, "COUNT", 100);
+        cursor = next;
+        count2 += keys.length;
+      } while (cursor !== "0");
+      return count2;
+    }
+    let count = 0;
+    for (const key of this.fallback.keys()) {
+      if (key.startsWith(`${KEY_PREFIX}:${namespace}:`))
+        count++;
+    }
+    return count;
+  }
+  async del(namespace, key) {
+    const fullKey = `${KEY_PREFIX}:${namespace}:${key}`;
+    if (this.useRedis) {
+      await this.redis.del(fullKey);
+    } else {
+      this.fallback.delete(fullKey);
+    }
+  }
+  async disconnect() {
+    if (this.redis) {
+      console.error("[Redis] Disconnecting...");
+      await this.redis.quit();
+      this.redis = null;
+    }
+  }
+}
+var KEY_PREFIX = "kadoa-mcp";
+var init_redis_store = () => {};
 // src/http.ts
 var exports_http = {};
 __export(exports_http, {
@@ -54883,7 +54980,8 @@ async function startHttpServer() {
   const app = createMcpExpressApp({ host: "0.0.0.0" });
   app.set("trust proxy", 1);
   const sessions = {};
-  const provider = new KadoaOAuthProvider;
+  const store = new RedisTokenStore;
+  const provider = new KadoaOAuthProvider(store);
   const serverUrl = process.env.MCP_SERVER_URL || `http://localhost:${port}`;
   app.use(mcpAuthRouter({
     provider,
@@ -54907,7 +55005,11 @@ async function startHttpServer() {
     provider.handleTeamSelection(req, res);
   });
   app.get("/health", (_req, res) => {
-    res.json({ status: "ok", sessions: Object.keys(sessions).length });
+    res.json({
+      status: "ok",
+      sessions: Object.keys(sessions).length,
+      redis: store.isConnected() ? "connected" : "fallback"
+    });
   });
   const bearerAuth = requireBearerAuth({ verifier: provider });
   app.post("/mcp", bearerAuth, async (req, res) => {
@@ -55015,6 +55117,7 @@ async function startHttpServer() {
       await sessions[sid].transport.close();
       delete sessions[sid];
     }
+    await store.disconnect();
     httpServer.close();
     process.exit(0);
   };
@@ -55029,6 +55132,7 @@ var init_http2 = __esm(async () => {
   init_bearerAuth();
   init_types2();
   init_auth2();
+  init_redis_store();
   await init_src();
 });

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@kadoa/mcp",
-  "version": "0.3.6-rc.4",
+  "version": "0.3.6-rc.5",
   "description": "Kadoa MCP Server — manage workflows from Claude Desktop, Cursor, and other MCP clients",
   "type": "module",
   "main": "dist/index.js",
@@ -19,7 +19,7 @@
     "lint:fix": "bunx biome check --write",
     "dev": "bun src/index.ts",
     "dev:http": "MCP_HTTP=1 bun src/index.ts",
-    "build": "bun build src/index.ts --outdir=dist --target=node --external express && node -e \"const f='dist/index.js';require('fs').writeFileSync(f,require('fs').readFileSync(f,'utf8').replace('#!/usr/bin/env bun','#!/usr/bin/env node'))\"",
+    "build": "bun build src/index.ts --outdir=dist --target=node --external express --external ioredis && node -e \"const f='dist/index.js';require('fs').writeFileSync(f,require('fs').readFileSync(f,'utf8').replace('#!/usr/bin/env bun','#!/usr/bin/env node'))\"",
     "check-types": "tsc --noEmit",
     "test": "BUN_TEST=1 bun test",
     "test:unit": "BUN_TEST=1 bun test tests/unit --timeout=120000",
@@ -31,6 +31,7 @@
     "@kadoa/node-sdk": "^0.23.0",
     "@modelcontextprotocol/sdk": "^1.26.0",
     "express": "^5.2.1",
+    "ioredis": "^5.6.1",
     "zod": "^4.3.6"
   },
   "devDependencies": {