@kya-os/mcp-i-cloudflare 1.6.1 → 1.6.2-canary.clientinfo.1764125403

package/dist/services/oauth-service.d.ts

@@ -1,66 +0,0 @@
-/**
- * OAuth Service
- *
- * Handles OAuth token exchange and refresh using PKCE (Proof Key for Code Exchange).
- * Supports both direct PKCE exchange with OAuth providers and proxy mode via AgentShield.
- *
- * @package @kya-os/mcp-i-cloudflare
- */
-import type { OAuthConfigService } from "@kya-os/mcp-i-core";
-import type { IdpTokens } from "@kya-os/contracts/config";
-export interface OAuthServiceConfig {
-    /** OAuth config service for fetching provider configurations */
-    configService: OAuthConfigService;
-    /** Project ID for fetching OAuth config */
-    projectId: string;
-    /** Optional logger callback for diagnostics */
-    logger?: (message: string, data?: unknown) => void;
-}
-/**
- * Service for OAuth token exchange and refresh
- */
-export declare class OAuthService {
-    private config;
-    constructor(config: OAuthServiceConfig);
-    /**
-     * Exchange authorization code for IDP tokens using PKCE
-     *
-     * For PKCE providers: Exchanges code directly with OAuth provider (no client secret)
-     * For proxy mode: Exchanges code via AgentShield API
-     *
-     * @param provider - OAuth provider name (e.g., "github", "google")
-     * @param code - Authorization code from OAuth callback
-     * @param codeVerifier - PKCE code verifier (must match code_challenge from authorization)
-     * @param redirectUri - Redirect URI used in authorization request
-     * @returns IDP tokens (access_token, refresh_token, expires_at, etc.)
-     */
-    exchangeToken(provider: string, code: string, codeVerifier: string, redirectUri: string): Promise<IdpTokens>;
-    /**
-     * Exchange token directly with OAuth provider using PKCE
-     */
-    private exchangeTokenPKCE;
-    /**
-     * Exchange token via AgentShield proxy (for providers that require proxy mode)
-     */
-    private exchangeTokenProxy;
-    /**
-     * Refresh IDP access token using refresh token
-     *
-     * For PKCE providers: Refreshes directly with OAuth provider
-     * For proxy mode: Refreshes via AgentShield API
-     *
-     * @param provider - OAuth provider name
-     * @param refreshToken - Refresh token from previous token exchange
-     * @returns New IDP tokens or null if refresh failed
-     */
-    refreshToken(provider: string, refreshToken: string): Promise<IdpTokens | null>;
-    /**
-     * Refresh token directly with OAuth provider using PKCE
-     */
-    private refreshTokenPKCE;
-    /**
-     * Refresh token via AgentShield proxy
-     */
-    private refreshTokenProxy;
-}
-//# sourceMappingURL=oauth-service.d.ts.map

package/dist/services/oauth-service.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"oauth-service.d.ts","sourceRoot":"","sources":["../../src/services/oauth-service.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAC7D,OAAO,KAAK,EAAE,SAAS,EAAiB,MAAM,0BAA0B,CAAC;AAEzE,MAAM,WAAW,kBAAkB;IACjC,gEAAgE;IAChE,aAAa,EAAE,kBAAkB,CAAC;IAElC,2CAA2C;IAC3C,SAAS,EAAE,MAAM,CAAC;IAElB,+CAA+C;IAC/C,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,OAAO,KAAK,IAAI,CAAC;CACpD;AAED;;GAEG;AACH,qBAAa,YAAY;IACvB,OAAO,CAAC,MAAM,CAEZ;gBAEU,MAAM,EAAE,kBAAkB;IAQtC;;;;;;;;;;;OAWG;IACG,aAAa,CACjB,QAAQ,EAAE,MAAM,EAChB,IAAI,EAAE,MAAM,EACZ,YAAY,EAAE,MAAM,EACpB,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,SAAS,CAAC;IA2CrB;;OAEG;YACW,iBAAiB;IA8E/B;;OAEG;YACW,kBAAkB;IAiBhC;;;;;;;;;OASG;IACG,YAAY,CAChB,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC;IA2B5B;;OAEG;YACW,gBAAgB;IAiE9B;;OAEG;YACW,iBAAiB;CAShC"}

package/dist/services/oauth-service.js

@@ -1,223 +0,0 @@
-/**
- * OAuth Service
- *
- * Handles OAuth token exchange and refresh using PKCE (Proof Key for Code Exchange).
- * Supports both direct PKCE exchange with OAuth providers and proxy mode via AgentShield.
- *
- * @package @kya-os/mcp-i-cloudflare
- */
-/**
- * Service for OAuth token exchange and refresh
- */
-export class OAuthService {
-    config;
-    constructor(config) {
-        this.config = {
-            configService: config.configService,
-            projectId: config.projectId,
-            logger: config.logger || (() => { }),
-        };
-    }
-    /**
-     * Exchange authorization code for IDP tokens using PKCE
-     *
-     * For PKCE providers: Exchanges code directly with OAuth provider (no client secret)
-     * For proxy mode: Exchanges code via AgentShield API
-     *
-     * @param provider - OAuth provider name (e.g., "github", "google")
-     * @param code - Authorization code from OAuth callback
-     * @param codeVerifier - PKCE code verifier (must match code_challenge from authorization)
-     * @param redirectUri - Redirect URI used in authorization request
-     * @returns IDP tokens (access_token, refresh_token, expires_at, etc.)
-     */
-    async exchangeToken(provider, code, codeVerifier, redirectUri) {
-        // Fetch provider config
-        const oauthConfig = await this.config.configService.getOAuthConfig(this.config.projectId);
-        const providerConfig = oauthConfig.providers[provider];
-        if (!providerConfig) {
-            throw new Error(`Provider "${provider}" not configured for project "${this.config.projectId}"`);
-        }
-        // Check if provider supports PKCE
-        if (!providerConfig.supportsPKCE) {
-            throw new Error(`Provider "${provider}" does not support PKCE. Only PKCE providers are supported in Phase 1.`);
-        }
-        // For PKCE providers, exchange directly with OAuth provider
-        if (providerConfig.supportsPKCE && !providerConfig.proxyMode) {
-            return this.exchangeTokenPKCE(providerConfig, code, codeVerifier, redirectUri);
-        }
-        // For proxy mode, exchange via AgentShield
-        if (providerConfig.proxyMode) {
-            return this.exchangeTokenProxy(providerConfig, code, codeVerifier, redirectUri);
-        }
-        throw new Error(`Provider "${provider}" configuration is invalid: must support PKCE or use proxy mode`);
-    }
-    /**
-     * Exchange token directly with OAuth provider using PKCE
-     */
-    async exchangeTokenPKCE(providerConfig, code, codeVerifier, redirectUri) {
-        this.config.logger("[OAuthService] Exchanging token with PKCE", {
-            provider: providerConfig.authorizationUrl,
-            tokenUrl: providerConfig.tokenUrl,
-        });
-        const response = await fetch(providerConfig.tokenUrl, {
-            method: "POST",
-            headers: {
-                "Content-Type": "application/x-www-form-urlencoded",
-                Accept: "application/json",
-            },
-            body: new URLSearchParams({
-                grant_type: "authorization_code",
-                code,
-                redirect_uri: redirectUri,
-                client_id: providerConfig.clientId,
-                code_verifier: codeVerifier,
-            }),
-        });
-        if (!response.ok) {
-            const errorText = await response.text().catch(() => "Unknown error");
-            let errorData;
-            try {
-                errorData = JSON.parse(errorText);
-            }
-            catch {
-                errorData = { error: errorText };
-            }
-            const errorMessage = errorData.error_description || errorData.error || errorText;
-            this.config.logger("[OAuthService] Token exchange failed", {
-                status: response.status,
-                error: errorMessage,
-                provider: providerConfig.tokenUrl,
-            });
-            throw new Error(`Token exchange failed: ${errorMessage} (${response.status})`);
-        }
-        const tokens = await response.json();
-        // Validate required fields
-        if (!tokens.access_token) {
-            throw new Error("Token response missing access_token");
-        }
-        // Calculate expiration timestamp
-        const expiresIn = tokens.expires_in || 3600; // Default 1 hour
-        const expiresAt = Date.now() + expiresIn * 1000;
-        const idpTokens = {
-            access_token: tokens.access_token,
-            refresh_token: tokens.refresh_token,
-            expires_in: expiresIn,
-            expires_at: expiresAt,
-            token_type: tokens.token_type || "Bearer",
-            scope: tokens.scope,
-        };
-        this.config.logger("[OAuthService] Token exchange successful", {
-            provider: providerConfig.tokenUrl,
-            expiresAt: new Date(expiresAt).toISOString(),
-            hasRefreshToken: !!idpTokens.refresh_token,
-        });
-        return idpTokens;
-    }
-    /**
-     * Exchange token via AgentShield proxy (for providers that require proxy mode)
-     */
-    async exchangeTokenProxy(providerConfig, code, codeVerifier, redirectUri) {
-        // Get AgentShield API URL from config service
-        const oauthConfig = await this.config.configService.getOAuthConfig(this.config.projectId);
-        // Note: We need access to baseUrl and apiKey from configService
-        // For now, this is a placeholder - will need to pass these through config
-        throw new Error("Proxy mode token exchange not yet implemented. Use PKCE mode for Phase 1.");
-    }
-    /**
-     * Refresh IDP access token using refresh token
-     *
-     * For PKCE providers: Refreshes directly with OAuth provider
-     * For proxy mode: Refreshes via AgentShield API
-     *
-     * @param provider - OAuth provider name
-     * @param refreshToken - Refresh token from previous token exchange
-     * @returns New IDP tokens or null if refresh failed
-     */
-    async refreshToken(provider, refreshToken) {
-        // Fetch provider config
-        const oauthConfig = await this.config.configService.getOAuthConfig(this.config.projectId);
-        const providerConfig = oauthConfig.providers[provider];
-        if (!providerConfig) {
-            this.config.logger("[OAuthService] Provider not found for refresh", {
-                provider,
-            });
-            return null;
-        }
-        // For PKCE providers, refresh directly with OAuth provider
-        if (providerConfig.supportsPKCE && !providerConfig.proxyMode) {
-            return this.refreshTokenPKCE(providerConfig, refreshToken);
-        }
-        // For proxy mode, refresh via AgentShield
-        if (providerConfig.proxyMode) {
-            return this.refreshTokenProxy(providerConfig, refreshToken);
-        }
-        return null;
-    }
-    /**
-     * Refresh token directly with OAuth provider using PKCE
-     */
-    async refreshTokenPKCE(providerConfig, refreshToken) {
-        this.config.logger("[OAuthService] Refreshing token with PKCE", {
-            provider: providerConfig.tokenUrl,
-        });
-        try {
-            const response = await fetch(providerConfig.tokenUrl, {
-                method: "POST",
-                headers: {
-                    "Content-Type": "application/x-www-form-urlencoded",
-                    Accept: "application/json",
-                },
-                body: new URLSearchParams({
-                    grant_type: "refresh_token",
-                    refresh_token: refreshToken,
-                    client_id: providerConfig.clientId,
-                }),
-            });
-            if (!response.ok) {
-                this.config.logger("[OAuthService] Token refresh failed", {
-                    status: response.status,
-                    provider: providerConfig.tokenUrl,
-                });
-                return null;
-            }
-            const tokens = await response.json();
-            if (!tokens.access_token) {
-                this.config.logger("[OAuthService] Token refresh response missing access_token");
-                return null;
-            }
-            // Calculate expiration timestamp
-            const expiresIn = tokens.expires_in || 3600; // Default 1 hour
-            const expiresAt = Date.now() + expiresIn * 1000;
-            const idpTokens = {
-                access_token: tokens.access_token,
-                refresh_token: tokens.refresh_token || refreshToken, // Use new refresh token if provided, otherwise keep old one
-                expires_in: expiresIn,
-                expires_at: expiresAt,
-                token_type: tokens.token_type || "Bearer",
-                scope: tokens.scope,
-            };
-            this.config.logger("[OAuthService] Token refresh successful", {
-                provider: providerConfig.tokenUrl,
-                expiresAt: new Date(expiresAt).toISOString(),
-            });
-            return idpTokens;
-        }
-        catch (error) {
-            this.config.logger("[OAuthService] Token refresh error", {
-                error: error instanceof Error ? error.message : String(error),
-                provider: providerConfig.tokenUrl,
-            });
-            return null;
-        }
-    }
-    /**
-     * Refresh token via AgentShield proxy
-     */
-    async refreshTokenProxy(providerConfig, refreshToken) {
-        // Placeholder for proxy mode refresh
-        // Will need access to AgentShield API URL and key
-        this.config.logger("[OAuthService] Proxy mode refresh not yet implemented");
-        return null;
-    }
-}
-//# sourceMappingURL=oauth-service.js.map

package/dist/services/oauth-service.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"oauth-service.js","sourceRoot":"","sources":["../../src/services/oauth-service.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAgBH;;GAEG;AACH,MAAM,OAAO,YAAY;IACf,MAAM,CAEZ;IAEF,YAAY,MAA0B;QACpC,IAAI,CAAC,MAAM,GAAG;YACZ,aAAa,EAAE,MAAM,CAAC,aAAa;YACnC,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,MAAM,EAAE,MAAM,CAAC,MAAM,IAAI,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC;SACpC,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,aAAa,CACjB,QAAgB,EAChB,IAAY,EACZ,YAAoB,EACpB,WAAmB;QAEnB,wBAAwB;QACxB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,cAAc,CAChE,IAAI,CAAC,MAAM,CAAC,SAAS,CACtB,CAAC;QACF,MAAM,cAAc,GAAG,WAAW,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QAEvD,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CAAC,aAAa,QAAQ,iCAAiC,IAAI,CAAC,MAAM,CAAC,SAAS,GAAG,CAAC,CAAC;QAClG,CAAC;QAED,kCAAkC;QAClC,IAAI,CAAC,cAAc,CAAC,YAAY,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CACb,aAAa,QAAQ,wEAAwE,CAC9F,CAAC;QACJ,CAAC;QAED,4DAA4D;QAC5D,IAAI,cAAc,CAAC,YAAY,IAAI,CAAC,cAAc,CAAC,SAAS,EAAE,CAAC;YAC7D,OAAO,IAAI,CAAC,iBAAiB,CAC3B,cAAc,EACd,IAAI,EACJ,YAAY,EACZ,WAAW,CACZ,CAAC;QACJ,CAAC;QAED,2CAA2C;QAC3C,IAAI,cAAc,CAAC,SAAS,EAAE,CAAC;YAC7B,OAAO,IAAI,CAAC,kBAAkB,CAC5B,cAAc,EACd,IAAI,EACJ,YAAY,EACZ,WAAW,CACZ,CAAC;QACJ,CAAC;QAED,MAAM,IAAI,KAAK,CACb,aAAa,QAAQ,iEAAiE,CACvF,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,iBAAiB,CAC7B,cAA6B,EAC7B,IAAY,EACZ,YAAoB,EACpB,WAAmB;QAEnB,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,2CAA2C,EAAE;YAC9D,QAAQ,EAAE,cAAc,CAAC,gBAAgB;YACzC,QAAQ,EAAE,cAAc,CAAC,QAAQ;SAClC,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,cAAc,CAAC,QAAQ,EAAE;YACpD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,mCAAmC;gBACnD,MAAM,EAAE,kBAAkB;aAC3B;YACD,IAAI,EAAE,IAAI,eAAe,CAAC;gBACxB,UAAU,EAAE,oBAAoB;gBAChC,IAAI;gBACJ,YAAY,EAAE,WAAW;gBACzB,SAAS,EAAE,cAAc,CAAC,QAAQ;gBAClC,aAAa,EAAE,YAAY;aAC5B,CAAC;SACH,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,eAAe,CAAC,CAAC;YACrE,IAAI,SAAc,CAAC;YACnB,IAAI,CAAC;gBACH,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;YACpC,CAAC;YAAC,MAAM,CAAC;gBACP,SAAS,GAAG,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC;YACnC,CAAC;YAED,MAAM,YAAY,GAChB,SAAS,CAAC,iBAAiB,IAAI,SAAS,CAAC,KAAK,IAAI,SAAS,CAAC;YAE9D,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,sCAAsC,EAAE;gBACzD,MAAM,EAAE,QAAQ,CAAC,MAAM;gBACvB,KAAK,EAAE,YAAY;gBACnB,QAAQ,EAAE,cAAc,CAAC,QAAQ;aAClC,CAAC,CAAC;YAEH,MAAM,IAAI,KAAK,CACb,0BAA0B,YAAY,KAAK,QAAQ,CAAC,MAAM,GAAG,CAC9D,CAAC;QACJ,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAErC,2BAA2B;QAC3B,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;QACzD,CAAC;QAED,iCAAiC;QACjC,MAAM,SAAS,GAAG,MAAM,CAAC,UAAU,IAAI,IAAI,CAAC,CAAC,iBAAiB;QAC9D,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,GAAG,IAAI,CAAC;QAEhD,MAAM,SAAS,GAAc;YAC3B,YAAY,EAAE,MAAM,CAAC,YAAY;YACjC,aAAa,EAAE,MAAM,CAAC,aAAa;YACnC,UAAU,EAAE,SAAS;YACrB,UAAU,EAAE,SAAS;YACrB,UAAU,EAAE,MAAM,CAAC,UAAU,IAAI,QAAQ;YACzC,KAAK,EAAE,MAAM,CAAC,KAAK;SACpB,CAAC;QAEF,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,0CAA0C,EAAE;YAC7D,QAAQ,EAAE,cAAc,CAAC,QAAQ;YACjC,SAAS,EAAE,IAAI,IAAI,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE;YAC5C,eAAe,EAAE,CAAC,CAAC,SAAS,CAAC,aAAa;SAC3C,CAAC,CAAC;QAEH,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,kBAAkB,CAC9B,cAA6B,EAC7B,IAAY,EACZ,YAAoB,EACpB,WAAmB;QAEnB,8CAA8C;QAC9C,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,cAAc,CAChE,IAAI,CAAC,MAAM,CAAC,SAAS,CACtB,CAAC;QACF,gEAAgE;QAChE,0EAA0E;QAC1E,MAAM,IAAI,KAAK,CACb,2EAA2E,CAC5E,CAAC;IACJ,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,CAAC,YAAY,CAChB,QAAgB,EAChB,YAAoB;QAEpB,wBAAwB;QACxB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,cAAc,CAChE,IAAI,CAAC,MAAM,CAAC,SAAS,CACtB,CAAC;QACF,MAAM,cAAc,GAAG,WAAW,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QAEvD,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,+CAA+C,EAAE;gBAClE,QAAQ;aACT,CAAC,CAAC;YACH,OAAO,IAAI,CAAC;QACd,CAAC;QAED,2DAA2D;QAC3D,IAAI,cAAc,CAAC,YAAY,IAAI,CAAC,cAAc,CAAC,SAAS,EAAE,CAAC;YAC7D,OAAO,IAAI,CAAC,gBAAgB,CAAC,cAAc,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC;QAED,0CAA0C;QAC1C,IAAI,cAAc,CAAC,SAAS,EAAE,CAAC;YAC7B,OAAO,IAAI,CAAC,iBAAiB,CAAC,cAAc,EAAE,YAAY,CAAC,CAAC;QAC9D,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,gBAAgB,CAC5B,cAA6B,EAC7B,YAAoB;QAEpB,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,2CAA2C,EAAE;YAC9D,QAAQ,EAAE,cAAc,CAAC,QAAQ;SAClC,CAAC,CAAC;QAEH,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,cAAc,CAAC,QAAQ,EAAE;gBACpD,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,cAAc,EAAE,mCAAmC;oBACnD,MAAM,EAAE,kBAAkB;iBAC3B;gBACD,IAAI,EAAE,IAAI,eAAe,CAAC;oBACxB,UAAU,EAAE,eAAe;oBAC3B,aAAa,EAAE,YAAY;oBAC3B,SAAS,EAAE,cAAc,CAAC,QAAQ;iBACnC,CAAC;aACH,CAAC,CAAC;YAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,qCAAqC,EAAE;oBACxD,MAAM,EAAE,QAAQ,CAAC,MAAM;oBACvB,QAAQ,EAAE,cAAc,CAAC,QAAQ;iBAClC,CAAC,CAAC;gBACH,OAAO,IAAI,CAAC;YACd,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YAErC,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;gBACzB,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,4DAA4D,CAAC,CAAC;gBACjF,OAAO,IAAI,CAAC;YACd,CAAC;YAED,iCAAiC;YACjC,MAAM,SAAS,GAAG,MAAM,CAAC,UAAU,IAAI,IAAI,CAAC,CAAC,iBAAiB;YAC9D,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,GAAG,IAAI,CAAC;YAEhD,MAAM,SAAS,GAAc;gBAC3B,YAAY,EAAE,MAAM,CAAC,YAAY;gBACjC,aAAa,EAAE,MAAM,CAAC,aAAa,IAAI,YAAY,EAAE,4DAA4D;gBACjH,UAAU,EAAE,SAAS;gBACrB,UAAU,EAAE,SAAS;gBACrB,UAAU,EAAE,MAAM,CAAC,UAAU,IAAI,QAAQ;gBACzC,KAAK,EAAE,MAAM,CAAC,KAAK;aACpB,CAAC;YAEF,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,yCAAyC,EAAE;gBAC5D,QAAQ,EAAE,cAAc,CAAC,QAAQ;gBACjC,SAAS,EAAE,IAAI,IAAI,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE;aAC7C,CAAC,CAAC;YAEH,OAAO,SAAS,CAAC;QACnB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,oCAAoC,EAAE;gBACvD,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;gBAC7D,QAAQ,EAAE,cAAc,CAAC,QAAQ;aAClC,CAAC,CAAC;YACH,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,iBAAiB,CAC7B,cAA6B,EAC7B,YAAoB;QAEpB,qCAAqC;QACrC,kDAAkD;QAClD,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,uDAAuD,CAAC,CAAC;QAC5E,OAAO,IAAI,CAAC;IACd,CAAC;CACF"}

package/dist/services/tool-context-builder.d.ts

@@ -1,55 +0,0 @@
-/**
- * Tool Context Builder
- *
- * Builds ToolExecutionContext for tool handlers by resolving IDP tokens
- * based on tool protection configuration and user identity.
- *
- * @package @kya-os/mcp-i-cloudflare
- */
-import type { ToolExecutionContext } from "../types/tool-context.js";
-import type { IdpTokenResolver } from "@kya-os/mcp-i-core";
-import type { ToolProtection } from "@kya-os/mcp-i-core/types/tool-protection";
-import type { OAuthConfigService } from "@kya-os/mcp-i-core";
-export interface ToolContextBuilderConfig {
-    /** IDP token resolver for resolving tokens from User DID */
-    tokenResolver: IdpTokenResolver;
-    /** OAuth config service for fetching provider configurations */
-    configService: OAuthConfigService;
-    /** Project ID for fetching OAuth config */
-    projectId: string;
-    /** Optional logger callback for diagnostics */
-    logger?: (message: string, data?: unknown) => void;
-}
-/**
- * Builder for tool execution context
- *
- * Resolves IDP tokens and builds context for tool handlers.
- * Phase 1: Uses configured provider as temporary fallback.
- * Phase 2+: Requires explicit oauthProvider on tool protection.
- */
-export declare class ToolContextBuilder {
-    private config;
-    constructor(config: ToolContextBuilderConfig);
-    /**
-     * Build tool execution context
-     *
-     * @param toolName - Name of the tool being executed
-     * @param userDid - User DID (optional, required for OAuth)
-     * @param sessionId - Session ID (optional)
-     * @param delegationToken - Delegation token (optional)
-     * @param toolProtection - Tool protection configuration (optional)
-     * @returns Tool execution context or undefined if not needed
-     */
-    buildContext(toolName: string, userDid: string | undefined, sessionId: string | undefined, delegationToken: string | undefined, toolProtection: ToolProtection | null): Promise<ToolExecutionContext | undefined>;
-    /**
-     * Resolve OAuth provider for a tool
-     *
-     * Phase 1: Uses configured provider from OAuth config as temporary fallback
-     * Phase 2+: Requires explicit oauthProvider on tool protection
-     *
-     * @param toolProtection - Tool protection configuration
-     * @returns Provider name or null if not found
-     */
-    private resolveProvider;
-}
-//# sourceMappingURL=tool-context-builder.d.ts.map

package/dist/services/tool-context-builder.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"tool-context-builder.d.ts","sourceRoot":"","sources":["../../src/services/tool-context-builder.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AACrE,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAC3D,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,0CAA0C,CAAC;AAE/E,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAE7D,MAAM,WAAW,wBAAwB;IACvC,4DAA4D;IAC5D,aAAa,EAAE,gBAAgB,CAAC;IAEhC,gEAAgE;IAChE,aAAa,EAAE,kBAAkB,CAAC;IAElC,2CAA2C;IAC3C,SAAS,EAAE,MAAM,CAAC;IAElB,+CAA+C;IAC/C,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,OAAO,KAAK,IAAI,CAAC;CACpD;AAED;;;;;;GAMG;AACH,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,MAAM,CAEZ;gBAEU,MAAM,EAAE,wBAAwB;IAS5C;;;;;;;;;OASG;IACG,YAAY,CAChB,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,MAAM,GAAG,SAAS,EAC3B,SAAS,EAAE,MAAM,GAAG,SAAS,EAC7B,eAAe,EAAE,MAAM,GAAG,SAAS,EACnC,cAAc,EAAE,cAAc,GAAG,IAAI,GACpC,OAAO,CAAC,oBAAoB,GAAG,SAAS,CAAC;IAyD5C;;;;;;;;OAQG;YACW,eAAe;CAyC9B"}

package/dist/services/tool-context-builder.js

@@ -1,124 +0,0 @@
-/**
- * Tool Context Builder
- *
- * Builds ToolExecutionContext for tool handlers by resolving IDP tokens
- * based on tool protection configuration and user identity.
- *
- * @package @kya-os/mcp-i-cloudflare
- */
-/**
- * Builder for tool execution context
- *
- * Resolves IDP tokens and builds context for tool handlers.
- * Phase 1: Uses configured provider as temporary fallback.
- * Phase 2+: Requires explicit oauthProvider on tool protection.
- */
-export class ToolContextBuilder {
-    config;
-    constructor(config) {
-        this.config = {
-            tokenResolver: config.tokenResolver,
-            configService: config.configService,
-            projectId: config.projectId,
-            logger: config.logger || (() => { }),
-        };
-    }
-    /**
-     * Build tool execution context
-     *
-     * @param toolName - Name of the tool being executed
-     * @param userDid - User DID (optional, required for OAuth)
-     * @param sessionId - Session ID (optional)
-     * @param delegationToken - Delegation token (optional)
-     * @param toolProtection - Tool protection configuration (optional)
-     * @returns Tool execution context or undefined if not needed
-     */
-    async buildContext(toolName, userDid, sessionId, delegationToken, toolProtection) {
-        // Only build context if tool requires OAuth
-        if (!toolProtection?.requiredScopes?.length || !userDid) {
-            return undefined;
-        }
-        // Phase 1: Resolve provider from configured providers
-        // Phase 1 uses configured provider as temporary fallback
-        // Phase 2+ requires explicit oauthProvider on tool protection
-        const provider = await this.resolveProvider(toolProtection);
-        if (!provider) {
-            this.config.logger("[ToolContextBuilder] Provider not resolved", {
-                toolName,
-                userDid: userDid.substring(0, 20) + "...",
-            });
-            return undefined;
-        }
-        // Resolve IDP token
-        const idpToken = await this.config.tokenResolver.resolveTokenFromDid(userDid, provider, toolProtection.requiredScopes);
-        if (!idpToken) {
-            // Token not available - will trigger OAuth flow
-            this.config.logger("[ToolContextBuilder] Token not available", {
-                toolName,
-                userDid: userDid.substring(0, 20) + "...",
-                provider,
-                scopes: toolProtection.requiredScopes,
-            });
-            return undefined;
-        }
-        // Build context with token
-        const context = {
-            idpToken,
-            provider,
-            scopes: toolProtection.requiredScopes,
-            userDid,
-            sessionId,
-            delegationToken,
-        };
-        this.config.logger("[ToolContextBuilder] Context built successfully", {
-            toolName,
-            userDid: userDid.substring(0, 20) + "...",
-            provider,
-            hasToken: !!idpToken,
-        });
-        return context;
-    }
-    /**
-     * Resolve OAuth provider for a tool
-     *
-     * Phase 1: Uses configured provider from OAuth config as temporary fallback
-     * Phase 2+: Requires explicit oauthProvider on tool protection
-     *
-     * @param toolProtection - Tool protection configuration
-     * @returns Provider name or null if not found
-     */
-    async resolveProvider(toolProtection) {
-        // Phase 2+: Check for explicit oauthProvider (not yet implemented)
-        // if (toolProtection.oauthProvider) {
-        //   return toolProtection.oauthProvider;
-        // }
-        // Phase 1: Use configured provider from OAuth config as temporary fallback
-        // Get first configured provider (Phase 1 assumes single provider per project)
-        try {
-            const oauthConfig = await this.config.configService.getOAuthConfig(this.config.projectId);
-            const providers = Object.keys(oauthConfig.providers);
-            if (providers.length === 0) {
-                this.config.logger("[ToolContextBuilder] No providers configured", {
-                    projectId: this.config.projectId,
-                });
-                return null;
-            }
-            // Phase 1: Use first configured provider as fallback
-            // Phase 2+: This fallback will be removed, tools must specify oauthProvider
-            const provider = providers[0];
-            this.config.logger("[ToolContextBuilder] Provider resolved (Phase 1 fallback)", {
-                provider,
-                availableProviders: providers,
-            });
-            return provider;
-        }
-        catch (error) {
-            this.config.logger("[ToolContextBuilder] Failed to fetch OAuth config", {
-                error: error instanceof Error ? error.message : String(error),
-                projectId: this.config.projectId,
-            });
-            return null;
-        }
-    }
-}
-//# sourceMappingURL=tool-context-builder.js.map

package/dist/services/tool-context-builder.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"tool-context-builder.js","sourceRoot":"","sources":["../../src/services/tool-context-builder.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAsBH;;;;;;GAMG;AACH,MAAM,OAAO,kBAAkB;IACrB,MAAM,CAEZ;IAEF,YAAY,MAAgC;QAC1C,IAAI,CAAC,MAAM,GAAG;YACZ,aAAa,EAAE,MAAM,CAAC,aAAa;YACnC,aAAa,EAAE,MAAM,CAAC,aAAa;YACnC,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,MAAM,EAAE,MAAM,CAAC,MAAM,IAAI,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC;SACpC,CAAC;IACJ,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,CAAC,YAAY,CAChB,QAAgB,EAChB,OAA2B,EAC3B,SAA6B,EAC7B,eAAmC,EACnC,cAAqC;QAErC,4CAA4C;QAC5C,IAAI,CAAC,cAAc,EAAE,cAAc,EAAE,MAAM,IAAI,CAAC,OAAO,EAAE,CAAC;YACxD,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,sDAAsD;QACtD,yDAAyD;QACzD,8DAA8D;QAC9D,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,cAAc,CAAC,CAAC;QAE5D,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,4CAA4C,EAAE;gBAC/D,QAAQ;gBACR,OAAO,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;aAC1C,CAAC,CAAC;YACH,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,oBAAoB;QACpB,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,mBAAmB,CAClE,OAAO,EACP,QAAQ,EACR,cAAc,CAAC,cAAc,CAC9B,CAAC;QAEF,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,gDAAgD;YAChD,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,0CAA0C,EAAE;gBAC7D,QAAQ;gBACR,OAAO,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;gBACzC,QAAQ;gBACR,MAAM,EAAE,cAAc,CAAC,cAAc;aACtC,CAAC,CAAC;YACH,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,2BAA2B;QAC3B,MAAM,OAAO,GAAyB;YACpC,QAAQ;YACR,QAAQ;YACR,MAAM,EAAE,cAAc,CAAC,cAAc;YACrC,OAAO;YACP,SAAS;YACT,eAAe;SAChB,CAAC;QAEF,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,iDAAiD,EAAE;YACpE,QAAQ;YACR,OAAO,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;YACzC,QAAQ;YACR,QAAQ,EAAE,CAAC,CAAC,QAAQ;SACrB,CAAC,CAAC;QAEH,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;;;;;;;OAQG;IACK,KAAK,CAAC,eAAe,CAC3B,cAA8B;QAE9B,mEAAmE;QACnE,sCAAsC;QACtC,yCAAyC;QACzC,IAAI;QAEJ,2EAA2E;QAC3E,8EAA8E;QAC9E,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,cAAc,CAChE,IAAI,CAAC,MAAM,CAAC,SAAS,CACtB,CAAC;YAEF,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;YACrD,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC3B,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,8CAA8C,EAAE;oBACjE,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS;iBACjC,CAAC,CAAC;gBACH,OAAO,IAAI,CAAC;YACd,CAAC;YAED,qDAAqD;YACrD,4EAA4E;YAC5E,MAAM,QAAQ,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;YAE9B,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,2DAA2D,EAAE;gBAC9E,QAAQ;gBACR,kBAAkB,EAAE,SAAS;aAC9B,CAAC,CAAC;YAEH,OAAO,QAAQ,CAAC;QAClB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,mDAAmD,EAAE;gBACtE,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;gBAC7D,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS;aACjC,CAAC,CAAC;YACH,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;CACF"}

package/dist/types/tool-context.d.ts

@@ -1,35 +0,0 @@
-/**
- * Tool Execution Context
- *
- * Execution context passed to tool handlers, enabling tools to access
- * IDP tokens for external API calls (GitHub, Google, etc.).
- *
- * All fields are optional for backward compatibility - tools that don't
- * require OAuth will receive undefined context.
- *
- * @package @kya-os/mcp-i-cloudflare
- */
-/**
- * Execution context passed to tool handlers
- *
- * Enables tools to access IDP tokens for external API calls.
- * Context is only provided when:
- * - Tool requires OAuth (has requiredScopes)
- * - User DID is available
- * - IDP token is successfully resolved
- */
-export interface ToolExecutionContext {
-    /** IDP access token for external API calls (e.g., GitHub, Google) */
-    idpToken?: string;
-    /** OAuth provider name (e.g., "github", "google") */
-    provider?: string;
-    /** Scopes granted for this token */
-    scopes?: string[];
-    /** User DID associated with this token */
-    userDid?: string;
-    /** Session ID */
-    sessionId?: string;
-    /** Delegation token (MCP-I internal authorization) */
-    delegationToken?: string;
-}
-//# sourceMappingURL=tool-context.d.ts.map

package/dist/types/tool-context.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"tool-context.d.ts","sourceRoot":"","sources":["../../src/types/tool-context.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH;;;;;;;;GAQG;AACH,MAAM,WAAW,oBAAoB;IACnC,qEAAqE;IACrE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,qDAAqD;IACrD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,oCAAoC;IACpC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAElB,0CAA0C;IAC1C,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB,iBAAiB;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB,sDAAsD;IACtD,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B"}

package/dist/types/tool-context.js

@@ -1,13 +0,0 @@
-/**
- * Tool Execution Context
- *
- * Execution context passed to tool handlers, enabling tools to access
- * IDP tokens for external API calls (GitHub, Google, etc.).
- *
- * All fields are optional for backward compatibility - tools that don't
- * require OAuth will receive undefined context.
- *
- * @package @kya-os/mcp-i-cloudflare
- */
-export {};
-//# sourceMappingURL=tool-context.js.map

package/dist/types/tool-context.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"tool-context.js","sourceRoot":"","sources":["../../src/types/tool-context.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG"}