@keystrokehq/cli 1.0.30 → 1.0.31

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -4566,7 +4566,7 @@ const tableRegistry$1 = {
4566
4566
  buildPgSchema$1(tableRegistry$1);
4567
4567
  buildSqliteSchema$1(tableRegistry$1);
4568
4568
  //#endregion
4569
- //#region ../../packages/platform-database/dist/auth-verifications-D-no86bc.mjs
4569
+ //#region ../../packages/platform-database/dist/mcp-oauth-SRTcHMWZ.mjs
4570
4570
  const users = pgTable("users", {
4571
4571
  id: text("id").primaryKey(),
4572
4572
  name: text("name").notNull(),
@@ -4691,6 +4691,95 @@ const authVerificationsSqlite = sqliteTable("verification", {
4691
4691
  createdAt: integer$1("created_at", { mode: "timestamp_ms" }).notNull(),
4692
4692
  updatedAt: integer$1("updated_at", { mode: "timestamp_ms" }).notNull()
4693
4693
  }, (table) => [index$1("verification_identifier_idx").on(table.identifier)]);
4694
+ /**
4695
+ * Tables backing keystroke as an OAuth 2.1 Authorization Server for the
4696
+ * Universal MCP server: dynamically-registered MCP/AI clients, their issued
4697
+ * access/refresh tokens, and consent records.
4698
+ *
4699
+ * NOT to be confused with `oauth_apps` / `oauth_connections`, which model the
4700
+ * inverse — keystroke as an OAuth *client* storing our users' connections to
4701
+ * third-party providers. These `mcp_oauth_*` tables are the provider side.
4702
+ *
4703
+ * Wired to Better Auth via the Drizzle adapter (`authSchemaFor`). Better Auth
4704
+ * addresses these by its fixed model names (`oauthApplication`,
4705
+ * `oauthAccessToken`, `oauthConsent`) and by field name (the JS property keys
4706
+ * below); the physical table/column names are ours to choose.
4707
+ *
4708
+ * Note: access/refresh tokens are stored as opaque plaintext bearer strings
4709
+ * (the Better Auth mcp plugin looks them up directly and cannot hash them),
4710
+ * consistent with how the `sessions` table stores session tokens. They are
4711
+ * short-lived; rely on DB access controls + at-rest encryption.
4712
+ */
4713
+ const mcpOauthClient = pgTable("mcp_oauth_client", {
4714
+ id: text("id").primaryKey(),
4715
+ name: text("name").notNull(),
4716
+ icon: text("icon"),
4717
+ metadata: text("metadata"),
4718
+ clientId: text("client_id").notNull().unique(),
4719
+ clientSecret: text("client_secret"),
4720
+ redirectUrls: text("redirect_urls").notNull(),
4721
+ type: text("type").notNull(),
4722
+ disabled: boolean("disabled").notNull().default(false),
4723
+ userId: text("user_id").references(() => users.id, { onDelete: "cascade" }),
4724
+ createdAt: timestamp("created_at", { withTimezone: true }).notNull(),
4725
+ updatedAt: timestamp("updated_at", { withTimezone: true }).notNull()
4726
+ }, (table) => [index("mcp_oauth_client_user_id_idx").on(table.userId)]);
4727
+ const mcpOauthClientSqlite = sqliteTable("mcp_oauth_client", {
4728
+ id: text$1("id").primaryKey(),
4729
+ name: text$1("name").notNull(),
4730
+ icon: text$1("icon"),
4731
+ metadata: text$1("metadata"),
4732
+ clientId: text$1("client_id").notNull().unique(),
4733
+ clientSecret: text$1("client_secret"),
4734
+ redirectUrls: text$1("redirect_urls").notNull(),
4735
+ type: text$1("type").notNull(),
4736
+ disabled: integer$1("disabled", { mode: "boolean" }).notNull().default(false),
4737
+ userId: text$1("user_id").references(() => usersSqlite.id, { onDelete: "cascade" }),
4738
+ createdAt: integer$1("created_at", { mode: "timestamp_ms" }).notNull(),
4739
+ updatedAt: integer$1("updated_at", { mode: "timestamp_ms" }).notNull()
4740
+ }, (table) => [index$1("mcp_oauth_client_user_id_idx").on(table.userId)]);
4741
+ const mcpOauthAccessToken = pgTable("mcp_oauth_access_token", {
4742
+ id: text("id").primaryKey(),
4743
+ accessToken: text("access_token").notNull().unique(),
4744
+ refreshToken: text("refresh_token").unique(),
4745
+ accessTokenExpiresAt: timestamp("access_token_expires_at", { withTimezone: true }),
4746
+ refreshTokenExpiresAt: timestamp("refresh_token_expires_at", { withTimezone: true }),
4747
+ clientId: text("client_id").notNull(),
4748
+ userId: text("user_id").references(() => users.id, { onDelete: "cascade" }),
4749
+ scopes: text("scopes"),
4750
+ createdAt: timestamp("created_at", { withTimezone: true }).notNull(),
4751
+ updatedAt: timestamp("updated_at", { withTimezone: true }).notNull()
4752
+ }, (table) => [index("mcp_oauth_access_token_client_id_idx").on(table.clientId), index("mcp_oauth_access_token_user_id_idx").on(table.userId)]);
4753
+ const mcpOauthAccessTokenSqlite = sqliteTable("mcp_oauth_access_token", {
4754
+ id: text$1("id").primaryKey(),
4755
+ accessToken: text$1("access_token").notNull().unique(),
4756
+ refreshToken: text$1("refresh_token").unique(),
4757
+ accessTokenExpiresAt: integer$1("access_token_expires_at", { mode: "timestamp_ms" }),
4758
+ refreshTokenExpiresAt: integer$1("refresh_token_expires_at", { mode: "timestamp_ms" }),
4759
+ clientId: text$1("client_id").notNull(),
4760
+ userId: text$1("user_id").references(() => usersSqlite.id, { onDelete: "cascade" }),
4761
+ scopes: text$1("scopes"),
4762
+ createdAt: integer$1("created_at", { mode: "timestamp_ms" }).notNull(),
4763
+ updatedAt: integer$1("updated_at", { mode: "timestamp_ms" }).notNull()
4764
+ }, (table) => [index$1("mcp_oauth_access_token_client_id_idx").on(table.clientId), index$1("mcp_oauth_access_token_user_id_idx").on(table.userId)]);
4765
+ const mcpOauthConsent = pgTable("mcp_oauth_consent", {
4766
+ id: text("id").primaryKey(),
4767
+ clientId: text("client_id").notNull(),
4768
+ userId: text("user_id").notNull().references(() => users.id, { onDelete: "cascade" }),
4769
+ scopes: text("scopes"),
4770
+ consentGiven: boolean("consent_given").notNull().default(false),
4771
+ createdAt: timestamp("created_at", { withTimezone: true }).notNull(),
4772
+ updatedAt: timestamp("updated_at", { withTimezone: true }).notNull()
4773
+ }, (table) => [index("mcp_oauth_consent_client_id_idx").on(table.clientId), index("mcp_oauth_consent_user_id_idx").on(table.userId)]);
4774
+ const mcpOauthConsentSqlite = sqliteTable("mcp_oauth_consent", {
4775
+ id: text$1("id").primaryKey(),
4776
+ clientId: text$1("client_id").notNull(),
4777
+ userId: text$1("user_id").notNull().references(() => usersSqlite.id, { onDelete: "cascade" }),
4778
+ scopes: text$1("scopes"),
4779
+ consentGiven: integer$1("consent_given", { mode: "boolean" }).notNull().default(false),
4780
+ createdAt: integer$1("created_at", { mode: "timestamp_ms" }).notNull(),
4781
+ updatedAt: integer$1("updated_at", { mode: "timestamp_ms" }).notNull()
4782
+ }, (table) => [index$1("mcp_oauth_consent_client_id_idx").on(table.clientId), index$1("mcp_oauth_consent_user_id_idx").on(table.userId)]);
4694
4783
  createRequire(import.meta.url);
4695
4784
  function buildPgSchema(registry) {
4696
4785
  return Object.fromEntries(Object.entries(registry).map(([name, { pg }]) => [name, pg]));
@@ -5120,6 +5209,18 @@ const tableRegistry = {
5120
5209
  pg: oauthConnections,
5121
5210
  sqlite: oauthConnectionsSqlite
5122
5211
  },
5212
+ mcpOauthClient: {
5213
+ pg: mcpOauthClient,
5214
+ sqlite: mcpOauthClientSqlite
5215
+ },
5216
+ mcpOauthAccessToken: {
5217
+ pg: mcpOauthAccessToken,
5218
+ sqlite: mcpOauthAccessTokenSqlite
5219
+ },
5220
+ mcpOauthConsent: {
5221
+ pg: mcpOauthConsent,
5222
+ sqlite: mcpOauthConsentSqlite
5223
+ },
5123
5224
  secretValues: {
5124
5225
  pg: secretValues,
5125
5226
  sqlite: secretValuesSqlite
@@ -12549,4 +12650,4 @@ async function emitStoredRouteManifestForProject(projectRoot) {
12549
12650
  //#endregion
12550
12651
  export { discoverEntries as A, validateImportedTriggerAttachment as C, webhookRouteFromEndpoint as D, webhookMatchSchemaForBindings as E, walkTypeScriptFiles as F, entryIdFromFile as M, readKeystrokeIgnoreDirective as N, workflowRouteFromKey as O, shouldSkipKeystrokeModuleFile as P, toStoredRouteManifest as S, webhookManifestAttachmentSchemasFromBindings as T, importWorkflowDefinition as _, buildWebhookBindingsByRoute as a, schemaToJson as b, countAgentCredentials as c, discoverTriggerAttachments as d, discoverWorkflowEntries as f, importTriggerAttachments as g, importAgentDefinition as h, buildStoredRouteManifestFromContext as i, discoverModuleFileEntries as j, packAssetDirs as k, discoverAgentEntries as l, emitStoredRouteManifestForProject as m, agentRouteFromKey as n, collectAgentAppSlugs as o, discoverWorkflows as p, buildStoredRouteManifestForProject as r, collectAgentToolSlugs as s, agentManifestEntry as t, discoverSkillManifestEntries as u, persistStoredRouteManifest as v, validateImportedWorkflowDefinition as w, serializeRouteManifest as x, pollGroupId as y };
12551
12652
 
12552
- //# sourceMappingURL=dist-B-_WEYqH.mjs.map
12653
+ //# sourceMappingURL=dist-BIWbmT4y.mjs.map