@kontext-dev/js-sdk 1.0.0 → 1.1.0

package/dist/server/index.d.cts

@@ -1,7 +1,7 @@
-export { I as IntegrationCredential, a as IntegrationName, b as IntegrationResolvedCredentials, K as KnownIntegration, c as Kontext, d as KontextOptions, M as McpServerFactory, e as McpServerOrFactory, f as MiddlewareOptions } from '../kontext-CgIBANFo.cjs';
+export { I as IntegrationCredential, a as IntegrationName, b as IntegrationResolvedCredentials, K as KnownIntegration, c as Kontext, d as KontextOptions, M as McpServerFactory, e as McpServerOrFactory, f as MiddlewareOptions } from '../kontext-CBPuE-hq.cjs';
 export { K as KontextTokenVerifier } from '../verifier-CoJmYiw3.cjs';
 export { IntegrationConnectionRequiredError } from '../errors.cjs';
-export { T as TokenExchangeRequest, a as TokenExchangeResponse } from '../types-C6ep5fVw.cjs';
+export { T as TokenExchangeRequest, a as TokenExchangeResponse } from '../types-DicGI7ix.cjs';
 export { AuthInfo } from '@modelcontextprotocol/sdk/server/auth/types.js';
 export { OAuthTokenVerifier } from '@modelcontextprotocol/sdk/server/auth/provider.js';
 import 'express';

package/dist/server/index.d.ts

@@ -1,7 +1,7 @@
-export { I as IntegrationCredential, a as IntegrationName, b as IntegrationResolvedCredentials, K as KnownIntegration, c as Kontext, d as KontextOptions, M as McpServerFactory, e as McpServerOrFactory, f as MiddlewareOptions } from '../kontext-CgIBANFo.js';
+export { I as IntegrationCredential, a as IntegrationName, b as IntegrationResolvedCredentials, K as KnownIntegration, c as Kontext, d as KontextOptions, M as McpServerFactory, e as McpServerOrFactory, f as MiddlewareOptions } from '../kontext-CBPuE-hq.js';
 export { K as KontextTokenVerifier } from '../verifier-CoJmYiw3.js';
 export { IntegrationConnectionRequiredError } from '../errors.js';
-export { T as TokenExchangeRequest, a as TokenExchangeResponse } from '../types-C6ep5fVw.js';
+export { T as TokenExchangeRequest, a as TokenExchangeResponse } from '../types-DicGI7ix.js';
 export { AuthInfo } from '@modelcontextprotocol/sdk/server/auth/types.js';
 export { OAuthTokenVerifier } from '@modelcontextprotocol/sdk/server/auth/provider.js';
 import 'express';

package/dist/server/index.js

@@ -1,7 +1,7 @@
 import { createHash } from 'crypto';
 import { createRequire } from 'module';
 import { StreamableHTTPServerTransport } from '@modelcontextprotocol/sdk/server/streamableHttp.js';
-import { isInitializeRequest } from '@modelcontextprotocol/sdk/types.js';
+import { ErrorCode, isInitializeRequest } from '@modelcontextprotocol/sdk/types.js';
 import { mcpAuthMetadataRouter, getOAuthProtectedResourceMetadataUrl } from '@modelcontextprotocol/sdk/server/auth/router.js';
 import { requireBearerAuth } from '@modelcontextprotocol/sdk/server/auth/middleware/bearerAuth.js';
 import { InvalidTokenError } from '@modelcontextprotocol/sdk/server/auth/errors.js';
@@ -12,8 +12,7 @@ import { jwtVerify, errors, decodeProtectedHeader, createRemoteJWKSet } from 'jo
 // src/management/types.ts
 var TOKEN_EXCHANGE_GRANT_TYPE = "urn:ietf:params:oauth:grant-type:token-exchange";
 var TOKEN_TYPE_ACCESS_TOKEN = "urn:ietf:params:oauth:token-type:access_token";
-
-// src/errors.ts
+var TOKEN_TYPE_USER_ID = "urn:kontext:user-id";
 var KontextError = class extends Error {
   /** Brand field for type narrowing without instanceof */
   kontextError = true;
@@ -84,6 +83,17 @@ var IntegrationConnectionRequiredError = class extends KontextError {
     this.connectUrl = options?.connectUrl;
   }
 };
+({
+  [ErrorCode.ParseError]: { },
+  [ErrorCode.InvalidRequest]: { },
+  [ErrorCode.MethodNotFound]: { },
+  [ErrorCode.InvalidParams]: { },
+  [ErrorCode.InternalError]: {
+    },
+  [ErrorCode.RequestTimeout]: {
+    },
+  [ErrorCode.ConnectionClosed]: { }
+});
 
 // src/oauth/token-exchange.ts
 async function exchangeToken(config, subjectToken, resource, scope, subjectTokenType = TOKEN_TYPE_ACCESS_TOKEN) {
@@ -563,7 +573,7 @@ var Kontext = class _Kontext {
   oauthMetadata = null;
   metadataFetchedAt = 0;
   metadataPromise = null;
-  // Token exchange caching: keyed by `${integration}\0${subjectToken}`
+  // Token exchange caching: keyed by `${mode}\0${integration}\0${subjectToken}`
   credentialCache = /* @__PURE__ */ new Map();
   resolvedCredentialCache = /* @__PURE__ */ new Map();
   runtimeAuthCache = /* @__PURE__ */ new Map();
@@ -721,23 +731,28 @@ var Kontext = class _Kontext {
     router.delete(mcpPath, mcpHandler.delete);
     return router;
   }
-  // ===========================================================================
-  // require()
-  // ===========================================================================
-  /**
-   * Exchange a user's access token for an integration credential.
-   *
-   * @param integration - Integration name (e.g., "github")
-   * @param token - The user's Bearer token (from `authInfo.token`)
-   * @returns Integration credential with `accessToken` and `authorization` header
-   *
-   * @throws {IntegrationConnectionRequiredError} User hasn't connected this integration
-   * @throws {OAuthError} Token exchange failed
-   */
-  async require(integration, token) {
+  async require(integration, tokenOrOpts) {
+    let isUserIdMode = false;
+    let subjectToken = "";
+    if (typeof tokenOrOpts === "string") {
+      subjectToken = tokenOrOpts;
+    } else if (tokenOrOpts !== null && typeof tokenOrOpts === "object" && typeof tokenOrOpts.userId === "string") {
+      isUserIdMode = true;
+      subjectToken = tokenOrOpts.userId.trim();
+      if (!subjectToken) {
+        throw new TypeError(
+          "Kontext.require() expects a non-empty userId when called with { userId }."
+        );
+      }
+    } else {
+      throw new TypeError(
+        "Kontext.require() expects a token string or { userId: string }."
+      );
+    }
+    const subjectTokenType = isUserIdMode ? TOKEN_TYPE_USER_ID : void 0;
     const now = Date.now();
     this.evictExpiredCredentials(now);
-    const cacheKey = `${integration}\0${token}`;
+    const cacheKey = isUserIdMode ? `u\0${integration}\0${subjectToken}` : `t\0${integration}\0${subjectToken}`;
     const cached = this.credentialCache.get(cacheKey);
     if (cached && now < cached.expiresAt) {
       this.credentialCache.delete(cacheKey);
@@ -754,13 +769,25 @@ var Kontext = class _Kontext {
     };
     let response;
     try {
-      response = await exchangeToken(exchangeConfig, token, integration);
+      response = await exchangeToken(
+        exchangeConfig,
+        subjectToken,
+        integration,
+        void 0,
+        subjectTokenType
+      );
     } catch (err) {
       if (err instanceof OAuthError) {
         if (err.errorCode === "integration_required" || err.message.includes("not connected") || err.message.includes("expired") && err.message.includes("reconnect")) {
           const integrationId = err.meta.integrationId || integration;
+          if (isUserIdMode) {
+            throw new IntegrationConnectionRequiredError(integrationId, {
+              integrationName: err.meta.integrationName,
+              message: err.message
+            });
+          }
           const connectUrl = await this.fetchConnectUrl(
-            token,
+            subjectToken,
             integrationId,
             exchangeConfig
           );