npm - @kya-os/mcp-i-cloudflare - Versions diffs - 1.6.1 → 1.6.2-canary.clientinfo.20251125192351 - Mend

@kya-os/mcp-i-cloudflare 1.6.1 → 1.6.2-canary.clientinfo.20251125192351

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (40) hide show

package/dist/adapter.d.ts +2 -1
package/dist/adapter.d.ts.map +1 -1
package/dist/adapter.js +14 -2
package/dist/adapter.js.map +1 -1
package/dist/agent.d.ts +6 -0
package/dist/agent.d.ts.map +1 -1
package/dist/agent.js +32 -0
package/dist/agent.js.map +1 -1
package/dist/app.d.ts.map +1 -1
package/dist/app.js +76 -9
package/dist/app.js.map +1 -1
package/dist/utils/client-info.d.ts +69 -0
package/dist/utils/client-info.d.ts.map +1 -0
package/dist/utils/client-info.js +178 -0
package/dist/utils/client-info.js.map +1 -0
package/dist/utils/error-formatter.d.ts +103 -0
package/dist/utils/error-formatter.d.ts.map +1 -0
package/dist/utils/error-formatter.js +245 -0
package/dist/utils/error-formatter.js.map +1 -0
package/dist/utils/initialize-context.d.ts +91 -0
package/dist/utils/initialize-context.d.ts.map +1 -0
package/dist/utils/initialize-context.js +169 -0
package/dist/utils/initialize-context.js.map +1 -0
package/dist/utils/oauth-identity.d.ts +58 -0
package/dist/utils/oauth-identity.d.ts.map +1 -0
package/dist/utils/oauth-identity.js +215 -0
package/dist/utils/oauth-identity.js.map +1 -0
package/package.json +1 -1
package/dist/services/oauth-service.d.ts +0 -66
package/dist/services/oauth-service.d.ts.map +0 -1
package/dist/services/oauth-service.js +0 -223
package/dist/services/oauth-service.js.map +0 -1
package/dist/services/tool-context-builder.d.ts +0 -55
package/dist/services/tool-context-builder.d.ts.map +0 -1
package/dist/services/tool-context-builder.js +0 -124
package/dist/services/tool-context-builder.js.map +0 -1
package/dist/types/tool-context.d.ts +0 -35
package/dist/types/tool-context.d.ts.map +0 -1
package/dist/types/tool-context.js +0 -13
package/dist/types/tool-context.js.map +0 -1

package/dist/utils/oauth-identity.js ADDED Viewed

@@ -0,0 +1,215 @@
+/**
+ * OAuth Identity Utilities
+ *
+ * Handles OAuth identity extraction and validation from HTTP requests.
+ * This module consolidates OAuth-related logic that was previously in the adapter.
+ */
+/**
+ * Extract OAuth identity from request cookies
+ *
+ * @param request - HTTP Request object
+ * @returns OAuthIdentity or null if not found/invalid
+ */
+export function extractOAuthIdentityFromRequest(request) {
+    try {
+        const cookieHeader = request.headers.get("Cookie");
+        if (!cookieHeader)
+            return null;
+        const cookies = cookieHeader.split("; ").map((c) => c.trim());
+        const oauthCookie = cookies.find((c) => c.startsWith("oauth_identity="));
+        if (!oauthCookie)
+            return null;
+        // Extract cookie value properly handling cases where value contains '='
+        // Find the first '=' which separates key from value, then take everything after it
+        const equalsIndex = oauthCookie.indexOf("=");
+        if (equalsIndex === -1)
+            return null;
+        const cookieValue = oauthCookie.substring(equalsIndex + 1);
+        const parsed = JSON.parse(decodeURIComponent(cookieValue));
+        // ✅ SECURITY: Validate OAuth identity format and content
+        const validationResult = validateOAuthIdentity(parsed);
+        if (!validationResult.valid) {
+            console.warn("[OAuth] ⚠️ OAuth identity validation failed:", validationResult.reason, { parsed });
+            return null;
+        }
+        return parsed;
+    }
+    catch (error) {
+        console.warn("[OAuth] Failed to extract OAuth identity from cookies:", error);
+    }
+    return null;
+}
+/**
+ * Validate OAuth identity format and content
+ *
+ * Ensures:
+ * - Provider is non-empty string (1-50 chars)
+ * - Subject is non-empty string (1-255 chars)
+ * - Provider matches expected format (alphanumeric, hyphens, underscores)
+ * - Subject matches expected format (non-empty, reasonable length)
+ *
+ * @param identity - Parsed OAuth identity object
+ * @returns Validation result
+ */
+export function validateOAuthIdentity(identity) {
+    // Check if identity is an object
+    if (!identity || typeof identity !== "object") {
+        return { valid: false, reason: "OAuth identity must be an object" };
+    }
+    const oauth = identity;
+    // Validate provider
+    if (!oauth.provider || typeof oauth.provider !== "string") {
+        return {
+            valid: false,
+            reason: "OAuth provider is required and must be a string",
+        };
+    }
+    const provider = oauth.provider.trim();
+    if (provider.length === 0) {
+        return { valid: false, reason: "OAuth provider cannot be empty" };
+    }
+    if (provider.length > 50) {
+        return {
+            valid: false,
+            reason: "OAuth provider must be 50 characters or less",
+        };
+    }
+    // Provider format: alphanumeric, hyphens, underscores, dots (e.g., "google", "microsoft", "github", "custom-provider")
+    const providerPattern = /^[a-zA-Z0-9._-]+$/;
+    if (!providerPattern.test(provider)) {
+        return {
+            valid: false,
+            reason: `OAuth provider must match pattern [a-zA-Z0-9._-]: "${provider}"`,
+        };
+    }
+    // Validate subject
+    if (!oauth.subject || typeof oauth.subject !== "string") {
+        return {
+            valid: false,
+            reason: "OAuth subject is required and must be a string",
+        };
+    }
+    const subject = oauth.subject.trim();
+    if (subject.length === 0) {
+        return { valid: false, reason: "OAuth subject cannot be empty" };
+    }
+    if (subject.length > 255) {
+        return {
+            valid: false,
+            reason: "OAuth subject must be 255 characters or less",
+        };
+    }
+    // Subject format: non-empty, reasonable characters (allows most Unicode, but prevents control chars)
+    // OAuth subjects can be numeric IDs, email-like strings, or other identifiers
+    const subjectPattern = /^[\S]+$/; // At least one non-whitespace character
+    if (!subjectPattern.test(subject)) {
+        return {
+            valid: false,
+            reason: `OAuth subject contains invalid characters: "${subject.substring(0, 20)}..."`,
+        };
+    }
+    // Validate optional email if present
+    if (oauth.email !== undefined) {
+        if (typeof oauth.email !== "string") {
+            return {
+                valid: false,
+                reason: "OAuth email must be a string if provided",
+            };
+        }
+        const email = oauth.email.trim();
+        if (email.length > 0) {
+            // Basic email format validation
+            const emailPattern = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
+            if (!emailPattern.test(email)) {
+                return {
+                    valid: false,
+                    reason: `OAuth email format invalid: "${email}"`,
+                };
+            }
+            if (email.length > 255) {
+                return {
+                    valid: false,
+                    reason: "OAuth email must be 255 characters or less",
+                };
+            }
+        }
+    }
+    // Validate optional name if present
+    if (oauth.name !== undefined) {
+        if (typeof oauth.name !== "string") {
+            return {
+                valid: false,
+                reason: "OAuth name must be a string if provided",
+            };
+        }
+        if (oauth.name.length > 255) {
+            return {
+                valid: false,
+                reason: "OAuth name must be 255 characters or less",
+            };
+        }
+    }
+    return { valid: true };
+}
+/**
+ * Lookup User DID from OAuth identity mapping
+ *
+ * @param oauthIdentity OAuth identity to lookup
+ * @param delegationStorage KV namespace for storage
+ * @returns User DID or null if not found
+ */
+export async function lookupUserDidFromOAuth(oauthIdentity, delegationStorage) {
+    if (!delegationStorage || !oauthIdentity?.provider || !oauthIdentity?.subject) {
+        return null;
+    }
+    try {
+        const { STORAGE_KEYS } = await import("../constants/storage-keys");
+        const oauthKey = STORAGE_KEYS.oauthIdentity(oauthIdentity.provider, oauthIdentity.subject);
+        const userDid = await delegationStorage.get(oauthKey, "text");
+        if (userDid) {
+            console.log("[OAuth] ✅ Retrieved persistent userDid from OAuth mapping:", {
+                provider: oauthIdentity.provider,
+                userDid: userDid.slice(0, 20) + "...",
+            });
+        }
+        return userDid;
+    }
+    catch (error) {
+        console.warn("[OAuth] Failed to lookup userDid from OAuth mapping:", error);
+        return null;
+    }
+}
+/**
+ * Create a redacted OAuth identity for storage (PII protection)
+ *
+ * @param oauthIdentity Original OAuth identity
+ * @returns Redacted identity safe for storage
+ */
+export function redactOAuthIdentityForStorage(oauthIdentity) {
+    if (!oauthIdentity) {
+        return undefined;
+    }
+    return {
+        provider: oauthIdentity.provider,
+        subjectHash: oauthIdentity.subject.substring(0, 8), // Redact full subject
+        // Don't store email, name, or full subject for PII protection
+    };
+}
+/**
+ * Test if an OAuth cookie value is valid
+ * Helper function for testing and debugging
+ *
+ * @param cookieValue Encoded cookie value
+ * @returns true if valid OAuth identity, false otherwise
+ */
+export function isValidOAuthCookie(cookieValue) {
+    try {
+        const parsed = JSON.parse(decodeURIComponent(cookieValue));
+        const result = validateOAuthIdentity(parsed);
+        return result.valid;
+    }
+    catch {
+        return false;
+    }
+}
+//# sourceMappingURL=oauth-identity.js.map

package/dist/utils/oauth-identity.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"oauth-identity.js","sourceRoot":"","sources":["../../src/utils/oauth-identity.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAYH;;;;;GAKG;AACH,MAAM,UAAU,+BAA+B,CAAC,OAAgB;IAC9D,IAAI,CAAC;QACH,MAAM,YAAY,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QACnD,IAAI,CAAC,YAAY;YAAE,OAAO,IAAI,CAAC;QAE/B,MAAM,OAAO,GAAG,YAAY,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC;QAC9D,MAAM,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,iBAAiB,CAAC,CAAC,CAAC;QACzE,IAAI,CAAC,WAAW;YAAE,OAAO,IAAI,CAAC;QAE9B,wEAAwE;QACxE,mFAAmF;QACnF,MAAM,WAAW,GAAG,WAAW,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAC7C,IAAI,WAAW,KAAK,CAAC,CAAC;YAAE,OAAO,IAAI,CAAC;QACpC,MAAM,WAAW,GAAG,WAAW,CAAC,SAAS,CAAC,WAAW,GAAG,CAAC,CAAC,CAAC;QAC3D,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAC,CAAC;QAE3D,yDAAyD;QACzD,MAAM,gBAAgB,GAAG,qBAAqB,CAAC,MAAM,CAAC,CAAC;QACvD,IAAI,CAAC,gBAAgB,CAAC,KAAK,EAAE,CAAC;YAC5B,OAAO,CAAC,IAAI,CACV,8CAA8C,EAC9C,gBAAgB,CAAC,MAAM,EACvB,EAAE,MAAM,EAAE,CACX,CAAC;YACF,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,MAAuB,CAAC;IACjC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,IAAI,CACV,wDAAwD,EACxD,KAAK,CACN,CAAC;IACJ,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,qBAAqB,CAAC,QAAiB;IACrD,iCAAiC;IACjC,IAAI,CAAC,QAAQ,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC9C,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,kCAAkC,EAAE,CAAC;IACtE,CAAC;IAED,MAAM,KAAK,GAAG,QAAmC,CAAC;IAElD,oBAAoB;IACpB,IAAI,CAAC,KAAK,CAAC,QAAQ,IAAI,OAAO,KAAK,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC1D,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,MAAM,EAAE,iDAAiD;SAC1D,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;IACvC,IAAI,QAAQ,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC1B,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,gCAAgC,EAAE,CAAC;IACpE,CAAC;IAED,IAAI,QAAQ,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QACzB,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,MAAM,EAAE,8CAA8C;SACvD,CAAC;IACJ,CAAC;IAED,uHAAuH;IACvH,MAAM,eAAe,GAAG,mBAAmB,CAAC;IAC5C,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC;QACpC,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,MAAM,EAAE,sDAAsD,QAAQ,GAAG;SAC1E,CAAC;IACJ,CAAC;IAED,mBAAmB;IACnB,IAAI,CAAC,KAAK,CAAC,OAAO,IAAI,OAAO,KAAK,CAAC,OAAO,KAAK,QAAQ,EAAE,CAAC;QACxD,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,MAAM,EAAE,gDAAgD;SACzD,CAAC;IACJ,CAAC;IAED,MAAM,OAAO,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;IACrC,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,+BAA+B,EAAE,CAAC;IACnE,CAAC;IAED,IAAI,OAAO,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;QACzB,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,MAAM,EAAE,8CAA8C;SACvD,CAAC;IACJ,CAAC;IAED,qGAAqG;IACrG,8EAA8E;IAC9E,MAAM,cAAc,GAAG,SAAS,CAAC,CAAC,wCAAwC;IAC1E,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;QAClC,OAAO;YACL,KAAK,EAAE,KAAK;YACZ,MAAM,EAAE,+CAA+C,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,MAAM;SACtF,CAAC;IACJ,CAAC;IAED,qCAAqC;IACrC,IAAI,KAAK,CAAC,KAAK,KAAK,SAAS,EAAE,CAAC;QAC9B,IAAI,OAAO,KAAK,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;YACpC,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,0CAA0C;aACnD,CAAC;QACJ,CAAC;QAED,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;QACjC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACrB,gCAAgC;YAChC,MAAM,YAAY,GAAG,4BAA4B,CAAC;YAClD,IAAI,CAAC,YAAY,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC9B,OAAO;oBACL,KAAK,EAAE,KAAK;oBACZ,MAAM,EAAE,gCAAgC,KAAK,GAAG;iBACjD,CAAC;YACJ,CAAC;YAED,IAAI,KAAK,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;gBACvB,OAAO;oBACL,KAAK,EAAE,KAAK;oBACZ,MAAM,EAAE,4CAA4C;iBACrD,CAAC;YACJ,CAAC;QACH,CAAC;IACH,CAAC;IAED,oCAAoC;IACpC,IAAI,KAAK,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;QAC7B,IAAI,OAAO,KAAK,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YACnC,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,yCAAyC;aAClD,CAAC;QACJ,CAAC;QAED,IAAI,KAAK,CAAC,IAAI,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;YAC5B,OAAO;gBACL,KAAK,EAAE,KAAK;gBACZ,MAAM,EAAE,2CAA2C;aACpD,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;AACzB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAC1C,aAA4B,EAC5B,iBAAsB;IAEtB,IAAI,CAAC,iBAAiB,IAAI,CAAC,aAAa,EAAE,QAAQ,IAAI,CAAC,aAAa,EAAE,OAAO,EAAE,CAAC;QAC9E,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC;QACH,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,MAAM,CAAC,2BAA2B,CAAC,CAAC;QACnE,MAAM,QAAQ,GAAG,YAAY,CAAC,aAAa,CACzC,aAAa,CAAC,QAAQ,EACtB,aAAa,CAAC,OAAO,CACtB,CAAC;QACF,MAAM,OAAO,GAAG,MAAM,iBAAiB,CAAC,GAAG,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAE9D,IAAI,OAAO,EAAE,CAAC;YACZ,OAAO,CAAC,GAAG,CACT,4DAA4D,EAC5D;gBACE,QAAQ,EAAE,aAAa,CAAC,QAAQ;gBAChC,OAAO,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;aACtC,CACF,CAAC;QACJ,CAAC;QAED,OAAO,OAAO,CAAC;IACjB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,IAAI,CACV,sDAAsD,EACtD,KAAK,CACN,CAAC;QACF,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,6BAA6B,CAAC,aAAmC;IAC/E,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,aAAa,CAAC,QAAQ;QAChC,WAAW,EAAE,aAAa,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,sBAAsB;QAC1E,8DAA8D;KAC/D,CAAC;AACJ,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,kBAAkB,CAAC,WAAmB;IACpD,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAC,CAAC;QAC3D,MAAM,MAAM,GAAG,qBAAqB,CAAC,MAAM,CAAC,CAAC;QAC7C,OAAO,MAAM,CAAC,KAAK,CAAC;IACtB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC"}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@kya-os/mcp-i-cloudflare",
-  "version": "1.6.1",
+  "version": "1.6.2-canary.clientinfo.20251125192351",
   "description": "Cloudflare Workers adapter for MCP-I framework",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package/dist/services/oauth-service.d.ts DELETED Viewed

@@ -1,66 +0,0 @@
-/**
- * OAuth Service
- *
- * Handles OAuth token exchange and refresh using PKCE (Proof Key for Code Exchange).
- * Supports both direct PKCE exchange with OAuth providers and proxy mode via AgentShield.
- *
- * @package @kya-os/mcp-i-cloudflare
- */
-import type { OAuthConfigService } from "@kya-os/mcp-i-core";
-import type { IdpTokens } from "@kya-os/contracts/config";
-export interface OAuthServiceConfig {
-    /** OAuth config service for fetching provider configurations */
-    configService: OAuthConfigService;
-    /** Project ID for fetching OAuth config */
-    projectId: string;
-    /** Optional logger callback for diagnostics */
-    logger?: (message: string, data?: unknown) => void;
-}
-/**
- * Service for OAuth token exchange and refresh
- */
-export declare class OAuthService {
-    private config;
-    constructor(config: OAuthServiceConfig);
-    /**
-     * Exchange authorization code for IDP tokens using PKCE
-     *
-     * For PKCE providers: Exchanges code directly with OAuth provider (no client secret)
-     * For proxy mode: Exchanges code via AgentShield API
-     *
-     * @param provider - OAuth provider name (e.g., "github", "google")
-     * @param code - Authorization code from OAuth callback
-     * @param codeVerifier - PKCE code verifier (must match code_challenge from authorization)
-     * @param redirectUri - Redirect URI used in authorization request
-     * @returns IDP tokens (access_token, refresh_token, expires_at, etc.)
-     */
-    exchangeToken(provider: string, code: string, codeVerifier: string, redirectUri: string): Promise<IdpTokens>;
-    /**
-     * Exchange token directly with OAuth provider using PKCE
-     */
-    private exchangeTokenPKCE;
-    /**
-     * Exchange token via AgentShield proxy (for providers that require proxy mode)
-     */
-    private exchangeTokenProxy;
-    /**
-     * Refresh IDP access token using refresh token
-     *
-     * For PKCE providers: Refreshes directly with OAuth provider
-     * For proxy mode: Refreshes via AgentShield API
-     *
-     * @param provider - OAuth provider name
-     * @param refreshToken - Refresh token from previous token exchange
-     * @returns New IDP tokens or null if refresh failed
-     */
-    refreshToken(provider: string, refreshToken: string): Promise<IdpTokens | null>;
-    /**
-     * Refresh token directly with OAuth provider using PKCE
-     */
-    private refreshTokenPKCE;
-    /**
-     * Refresh token via AgentShield proxy
-     */
-    private refreshTokenProxy;
-}
-//# sourceMappingURL=oauth-service.d.ts.map

package/dist/services/oauth-service.d.ts.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"oauth-service.d.ts","sourceRoot":"","sources":["../../src/services/oauth-service.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAC7D,OAAO,KAAK,EAAE,SAAS,EAAiB,MAAM,0BAA0B,CAAC;AAEzE,MAAM,WAAW,kBAAkB;IACjC,gEAAgE;IAChE,aAAa,EAAE,kBAAkB,CAAC;IAElC,2CAA2C;IAC3C,SAAS,EAAE,MAAM,CAAC;IAElB,+CAA+C;IAC/C,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,OAAO,KAAK,IAAI,CAAC;CACpD;AAED;;GAEG;AACH,qBAAa,YAAY;IACvB,OAAO,CAAC,MAAM,CAEZ;gBAEU,MAAM,EAAE,kBAAkB;IAQtC;;;;;;;;;;;OAWG;IACG,aAAa,CACjB,QAAQ,EAAE,MAAM,EAChB,IAAI,EAAE,MAAM,EACZ,YAAY,EAAE,MAAM,EACpB,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,SAAS,CAAC;IA2CrB;;OAEG;YACW,iBAAiB;IA8E/B;;OAEG;YACW,kBAAkB;IAiBhC;;;;;;;;;OASG;IACG,YAAY,CAChB,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC;IA2B5B;;OAEG;YACW,gBAAgB;IAiE9B;;OAEG;YACW,iBAAiB;CAShC"}

package/dist/services/oauth-service.js DELETED Viewed

@@ -1,223 +0,0 @@
-/**
- * OAuth Service
- *
- * Handles OAuth token exchange and refresh using PKCE (Proof Key for Code Exchange).
- * Supports both direct PKCE exchange with OAuth providers and proxy mode via AgentShield.
- *
- * @package @kya-os/mcp-i-cloudflare
- */
-/**
- * Service for OAuth token exchange and refresh
- */
-export class OAuthService {
-    config;
-    constructor(config) {
-        this.config = {
-            configService: config.configService,
-            projectId: config.projectId,
-            logger: config.logger || (() => { }),
-        };
-    }
-    /**
-     * Exchange authorization code for IDP tokens using PKCE
-     *
-     * For PKCE providers: Exchanges code directly with OAuth provider (no client secret)
-     * For proxy mode: Exchanges code via AgentShield API
-     *
-     * @param provider - OAuth provider name (e.g., "github", "google")
-     * @param code - Authorization code from OAuth callback
-     * @param codeVerifier - PKCE code verifier (must match code_challenge from authorization)
-     * @param redirectUri - Redirect URI used in authorization request
-     * @returns IDP tokens (access_token, refresh_token, expires_at, etc.)
-     */
-    async exchangeToken(provider, code, codeVerifier, redirectUri) {
-        // Fetch provider config
-        const oauthConfig = await this.config.configService.getOAuthConfig(this.config.projectId);
-        const providerConfig = oauthConfig.providers[provider];
-        if (!providerConfig) {
-            throw new Error(`Provider "${provider}" not configured for project "${this.config.projectId}"`);
-        }
-        // Check if provider supports PKCE
-        if (!providerConfig.supportsPKCE) {
-            throw new Error(`Provider "${provider}" does not support PKCE. Only PKCE providers are supported in Phase 1.`);
-        }
-        // For PKCE providers, exchange directly with OAuth provider
-        if (providerConfig.supportsPKCE && !providerConfig.proxyMode) {
-            return this.exchangeTokenPKCE(providerConfig, code, codeVerifier, redirectUri);
-        }
-        // For proxy mode, exchange via AgentShield
-        if (providerConfig.proxyMode) {
-            return this.exchangeTokenProxy(providerConfig, code, codeVerifier, redirectUri);
-        }
-        throw new Error(`Provider "${provider}" configuration is invalid: must support PKCE or use proxy mode`);
-    }
-    /**
-     * Exchange token directly with OAuth provider using PKCE
-     */
-    async exchangeTokenPKCE(providerConfig, code, codeVerifier, redirectUri) {
-        this.config.logger("[OAuthService] Exchanging token with PKCE", {
-            provider: providerConfig.authorizationUrl,
-            tokenUrl: providerConfig.tokenUrl,
-        });
-        const response = await fetch(providerConfig.tokenUrl, {
-            method: "POST",
-            headers: {
-                "Content-Type": "application/x-www-form-urlencoded",
-                Accept: "application/json",
-            },
-            body: new URLSearchParams({
-                grant_type: "authorization_code",
-                code,
-                redirect_uri: redirectUri,
-                client_id: providerConfig.clientId,
-                code_verifier: codeVerifier,
-            }),
-        });
-        if (!response.ok) {
-            const errorText = await response.text().catch(() => "Unknown error");
-            let errorData;
-            try {
-                errorData = JSON.parse(errorText);
-            }
-            catch {
-                errorData = { error: errorText };
-            }
-            const errorMessage = errorData.error_description || errorData.error || errorText;
-            this.config.logger("[OAuthService] Token exchange failed", {
-                status: response.status,
-                error: errorMessage,
-                provider: providerConfig.tokenUrl,
-            });
-            throw new Error(`Token exchange failed: ${errorMessage} (${response.status})`);
-        }
-        const tokens = await response.json();
-        // Validate required fields
-        if (!tokens.access_token) {
-            throw new Error("Token response missing access_token");
-        }
-        // Calculate expiration timestamp
-        const expiresIn = tokens.expires_in || 3600; // Default 1 hour
-        const expiresAt = Date.now() + expiresIn * 1000;
-        const idpTokens = {
-            access_token: tokens.access_token,
-            refresh_token: tokens.refresh_token,
-            expires_in: expiresIn,
-            expires_at: expiresAt,
-            token_type: tokens.token_type || "Bearer",
-            scope: tokens.scope,
-        };
-        this.config.logger("[OAuthService] Token exchange successful", {
-            provider: providerConfig.tokenUrl,
-            expiresAt: new Date(expiresAt).toISOString(),
-            hasRefreshToken: !!idpTokens.refresh_token,
-        });
-        return idpTokens;
-    }
-    /**
-     * Exchange token via AgentShield proxy (for providers that require proxy mode)
-     */
-    async exchangeTokenProxy(providerConfig, code, codeVerifier, redirectUri) {
-        // Get AgentShield API URL from config service
-        const oauthConfig = await this.config.configService.getOAuthConfig(this.config.projectId);
-        // Note: We need access to baseUrl and apiKey from configService
-        // For now, this is a placeholder - will need to pass these through config
-        throw new Error("Proxy mode token exchange not yet implemented. Use PKCE mode for Phase 1.");
-    }
-    /**
-     * Refresh IDP access token using refresh token
-     *
-     * For PKCE providers: Refreshes directly with OAuth provider
-     * For proxy mode: Refreshes via AgentShield API
-     *
-     * @param provider - OAuth provider name
-     * @param refreshToken - Refresh token from previous token exchange
-     * @returns New IDP tokens or null if refresh failed
-     */
-    async refreshToken(provider, refreshToken) {
-        // Fetch provider config
-        const oauthConfig = await this.config.configService.getOAuthConfig(this.config.projectId);
-        const providerConfig = oauthConfig.providers[provider];
-        if (!providerConfig) {
-            this.config.logger("[OAuthService] Provider not found for refresh", {
-                provider,
-            });
-            return null;
-        }
-        // For PKCE providers, refresh directly with OAuth provider
-        if (providerConfig.supportsPKCE && !providerConfig.proxyMode) {
-            return this.refreshTokenPKCE(providerConfig, refreshToken);
-        }
-        // For proxy mode, refresh via AgentShield
-        if (providerConfig.proxyMode) {
-            return this.refreshTokenProxy(providerConfig, refreshToken);
-        }
-        return null;
-    }
-    /**
-     * Refresh token directly with OAuth provider using PKCE
-     */
-    async refreshTokenPKCE(providerConfig, refreshToken) {
-        this.config.logger("[OAuthService] Refreshing token with PKCE", {
-            provider: providerConfig.tokenUrl,
-        });
-        try {
-            const response = await fetch(providerConfig.tokenUrl, {
-                method: "POST",
-                headers: {
-                    "Content-Type": "application/x-www-form-urlencoded",
-                    Accept: "application/json",
-                },
-                body: new URLSearchParams({
-                    grant_type: "refresh_token",
-                    refresh_token: refreshToken,
-                    client_id: providerConfig.clientId,
-                }),
-            });
-            if (!response.ok) {
-                this.config.logger("[OAuthService] Token refresh failed", {
-                    status: response.status,
-                    provider: providerConfig.tokenUrl,
-                });
-                return null;
-            }
-            const tokens = await response.json();
-            if (!tokens.access_token) {
-                this.config.logger("[OAuthService] Token refresh response missing access_token");
-                return null;
-            }
-            // Calculate expiration timestamp
-            const expiresIn = tokens.expires_in || 3600; // Default 1 hour
-            const expiresAt = Date.now() + expiresIn * 1000;
-            const idpTokens = {
-                access_token: tokens.access_token,
-                refresh_token: tokens.refresh_token || refreshToken, // Use new refresh token if provided, otherwise keep old one
-                expires_in: expiresIn,
-                expires_at: expiresAt,
-                token_type: tokens.token_type || "Bearer",
-                scope: tokens.scope,
-            };
-            this.config.logger("[OAuthService] Token refresh successful", {
-                provider: providerConfig.tokenUrl,
-                expiresAt: new Date(expiresAt).toISOString(),
-            });
-            return idpTokens;
-        }
-        catch (error) {
-            this.config.logger("[OAuthService] Token refresh error", {
-                error: error instanceof Error ? error.message : String(error),
-                provider: providerConfig.tokenUrl,
-            });
-            return null;
-        }
-    }
-    /**
-     * Refresh token via AgentShield proxy
-     */
-    async refreshTokenProxy(providerConfig, refreshToken) {
-        // Placeholder for proxy mode refresh
-        // Will need access to AgentShield API URL and key
-        this.config.logger("[OAuthService] Proxy mode refresh not yet implemented");
-        return null;
-    }
-}
-//# sourceMappingURL=oauth-service.js.map

package/dist/services/oauth-service.js.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"oauth-service.js","sourceRoot":"","sources":["../../src/services/oauth-service.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAgBH;;GAEG;AACH,MAAM,OAAO,YAAY;IACf,MAAM,CAEZ;IAEF,YAAY,MAA0B;QACpC,IAAI,CAAC,MAAM,GAAG;YACZ,aAAa,EAAE,MAAM,CAAC,aAAa;YACnC,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,MAAM,EAAE,MAAM,CAAC,MAAM,IAAI,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC;SACpC,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,aAAa,CACjB,QAAgB,EAChB,IAAY,EACZ,YAAoB,EACpB,WAAmB;QAEnB,wBAAwB;QACxB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,cAAc,CAChE,IAAI,CAAC,MAAM,CAAC,SAAS,CACtB,CAAC;QACF,MAAM,cAAc,GAAG,WAAW,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QAEvD,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CAAC,aAAa,QAAQ,iCAAiC,IAAI,CAAC,MAAM,CAAC,SAAS,GAAG,CAAC,CAAC;QAClG,CAAC;QAED,kCAAkC;QAClC,IAAI,CAAC,cAAc,CAAC,YAAY,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CACb,aAAa,QAAQ,wEAAwE,CAC9F,CAAC;QACJ,CAAC;QAED,4DAA4D;QAC5D,IAAI,cAAc,CAAC,YAAY,IAAI,CAAC,cAAc,CAAC,SAAS,EAAE,CAAC;YAC7D,OAAO,IAAI,CAAC,iBAAiB,CAC3B,cAAc,EACd,IAAI,EACJ,YAAY,EACZ,WAAW,CACZ,CAAC;QACJ,CAAC;QAED,2CAA2C;QAC3C,IAAI,cAAc,CAAC,SAAS,EAAE,CAAC;YAC7B,OAAO,IAAI,CAAC,kBAAkB,CAC5B,cAAc,EACd,IAAI,EACJ,YAAY,EACZ,WAAW,CACZ,CAAC;QACJ,CAAC;QAED,MAAM,IAAI,KAAK,CACb,aAAa,QAAQ,iEAAiE,CACvF,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,iBAAiB,CAC7B,cAA6B,EAC7B,IAAY,EACZ,YAAoB,EACpB,WAAmB;QAEnB,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,2CAA2C,EAAE;YAC9D,QAAQ,EAAE,cAAc,CAAC,gBAAgB;YACzC,QAAQ,EAAE,cAAc,CAAC,QAAQ;SAClC,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,cAAc,CAAC,QAAQ,EAAE;YACpD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,mCAAmC;gBACnD,MAAM,EAAE,kBAAkB;aAC3B;YACD,IAAI,EAAE,IAAI,eAAe,CAAC;gBACxB,UAAU,EAAE,oBAAoB;gBAChC,IAAI;gBACJ,YAAY,EAAE,WAAW;gBACzB,SAAS,EAAE,cAAc,CAAC,QAAQ;gBAClC,aAAa,EAAE,YAAY;aAC5B,CAAC;SACH,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,eAAe,CAAC,CAAC;YACrE,IAAI,SAAc,CAAC;YACnB,IAAI,CAAC;gBACH,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;YACpC,CAAC;YAAC,MAAM,CAAC;gBACP,SAAS,GAAG,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC;YACnC,CAAC;YAED,MAAM,YAAY,GAChB,SAAS,CAAC,iBAAiB,IAAI,SAAS,CAAC,KAAK,IAAI,SAAS,CAAC;YAE9D,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,sCAAsC,EAAE;gBACzD,MAAM,EAAE,QAAQ,CAAC,MAAM;gBACvB,KAAK,EAAE,YAAY;gBACnB,QAAQ,EAAE,cAAc,CAAC,QAAQ;aAClC,CAAC,CAAC;YAEH,MAAM,IAAI,KAAK,CACb,0BAA0B,YAAY,KAAK,QAAQ,CAAC,MAAM,GAAG,CAC9D,CAAC;QACJ,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAErC,2BAA2B;QAC3B,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;QACzD,CAAC;QAED,iCAAiC;QACjC,MAAM,SAAS,GAAG,MAAM,CAAC,UAAU,IAAI,IAAI,CAAC,CAAC,iBAAiB;QAC9D,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,GAAG,IAAI,CAAC;QAEhD,MAAM,SAAS,GAAc;YAC3B,YAAY,EAAE,MAAM,CAAC,YAAY;YACjC,aAAa,EAAE,MAAM,CAAC,aAAa;YACnC,UAAU,EAAE,SAAS;YACrB,UAAU,EAAE,SAAS;YACrB,UAAU,EAAE,MAAM,CAAC,UAAU,IAAI,QAAQ;YACzC,KAAK,EAAE,MAAM,CAAC,KAAK;SACpB,CAAC;QAEF,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,0CAA0C,EAAE;YAC7D,QAAQ,EAAE,cAAc,CAAC,QAAQ;YACjC,SAAS,EAAE,IAAI,IAAI,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE;YAC5C,eAAe,EAAE,CAAC,CAAC,SAAS,CAAC,aAAa;SAC3C,CAAC,CAAC;QAEH,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,kBAAkB,CAC9B,cAA6B,EAC7B,IAAY,EACZ,YAAoB,EACpB,WAAmB;QAEnB,8CAA8C;QAC9C,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,cAAc,CAChE,IAAI,CAAC,MAAM,CAAC,SAAS,CACtB,CAAC;QACF,gEAAgE;QAChE,0EAA0E;QAC1E,MAAM,IAAI,KAAK,CACb,2EAA2E,CAC5E,CAAC;IACJ,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,CAAC,YAAY,CAChB,QAAgB,EAChB,YAAoB;QAEpB,wBAAwB;QACxB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,cAAc,CAChE,IAAI,CAAC,MAAM,CAAC,SAAS,CACtB,CAAC;QACF,MAAM,cAAc,GAAG,WAAW,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QAEvD,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,+CAA+C,EAAE;gBAClE,QAAQ;aACT,CAAC,CAAC;YACH,OAAO,IAAI,CAAC;QACd,CAAC;QAED,2DAA2D;QAC3D,IAAI,cAAc,CAAC,YAAY,IAAI,CAAC,cAAc,CAAC,SAAS,EAAE,CAAC;YAC7D,OAAO,IAAI,CAAC,gBAAgB,CAAC,cAAc,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC;QAED,0CAA0C;QAC1C,IAAI,cAAc,CAAC,SAAS,EAAE,CAAC;YAC7B,OAAO,IAAI,CAAC,iBAAiB,CAAC,cAAc,EAAE,YAAY,CAAC,CAAC;QAC9D,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,gBAAgB,CAC5B,cAA6B,EAC7B,YAAoB;QAEpB,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,2CAA2C,EAAE;YAC9D,QAAQ,EAAE,cAAc,CAAC,QAAQ;SAClC,CAAC,CAAC;QAEH,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,cAAc,CAAC,QAAQ,EAAE;gBACpD,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,cAAc,EAAE,mCAAmC;oBACnD,MAAM,EAAE,kBAAkB;iBAC3B;gBACD,IAAI,EAAE,IAAI,eAAe,CAAC;oBACxB,UAAU,EAAE,eAAe;oBAC3B,aAAa,EAAE,YAAY;oBAC3B,SAAS,EAAE,cAAc,CAAC,QAAQ;iBACnC,CAAC;aACH,CAAC,CAAC;YAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,qCAAqC,EAAE;oBACxD,MAAM,EAAE,QAAQ,CAAC,MAAM;oBACvB,QAAQ,EAAE,cAAc,CAAC,QAAQ;iBAClC,CAAC,CAAC;gBACH,OAAO,IAAI,CAAC;YACd,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YAErC,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;gBACzB,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,4DAA4D,CAAC,CAAC;gBACjF,OAAO,IAAI,CAAC;YACd,CAAC;YAED,iCAAiC;YACjC,MAAM,SAAS,GAAG,MAAM,CAAC,UAAU,IAAI,IAAI,CAAC,CAAC,iBAAiB;YAC9D,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,GAAG,IAAI,CAAC;YAEhD,MAAM,SAAS,GAAc;gBAC3B,YAAY,EAAE,MAAM,CAAC,YAAY;gBACjC,aAAa,EAAE,MAAM,CAAC,aAAa,IAAI,YAAY,EAAE,4DAA4D;gBACjH,UAAU,EAAE,SAAS;gBACrB,UAAU,EAAE,SAAS;gBACrB,UAAU,EAAE,MAAM,CAAC,UAAU,IAAI,QAAQ;gBACzC,KAAK,EAAE,MAAM,CAAC,KAAK;aACpB,CAAC;YAEF,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,yCAAyC,EAAE;gBAC5D,QAAQ,EAAE,cAAc,CAAC,QAAQ;gBACjC,SAAS,EAAE,IAAI,IAAI,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE;aAC7C,CAAC,CAAC;YAEH,OAAO,SAAS,CAAC;QACnB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,oCAAoC,EAAE;gBACvD,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;gBAC7D,QAAQ,EAAE,cAAc,CAAC,QAAQ;aAClC,CAAC,CAAC;YACH,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,iBAAiB,CAC7B,cAA6B,EAC7B,YAAoB;QAEpB,qCAAqC;QACrC,kDAAkD;QAClD,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,uDAAuD,CAAC,CAAC;QAC5E,OAAO,IAAI,CAAC;IACd,CAAC;CACF"}

package/dist/services/tool-context-builder.d.ts DELETED Viewed

@@ -1,55 +0,0 @@
-/**
- * Tool Context Builder
- *
- * Builds ToolExecutionContext for tool handlers by resolving IDP tokens
- * based on tool protection configuration and user identity.
- *
- * @package @kya-os/mcp-i-cloudflare
- */
-import type { ToolExecutionContext } from "../types/tool-context.js";
-import type { IdpTokenResolver } from "@kya-os/mcp-i-core";
-import type { ToolProtection } from "@kya-os/mcp-i-core/types/tool-protection";
-import type { OAuthConfigService } from "@kya-os/mcp-i-core";
-export interface ToolContextBuilderConfig {
-    /** IDP token resolver for resolving tokens from User DID */
-    tokenResolver: IdpTokenResolver;
-    /** OAuth config service for fetching provider configurations */
-    configService: OAuthConfigService;
-    /** Project ID for fetching OAuth config */
-    projectId: string;
-    /** Optional logger callback for diagnostics */
-    logger?: (message: string, data?: unknown) => void;
-}
-/**
- * Builder for tool execution context
- *
- * Resolves IDP tokens and builds context for tool handlers.
- * Phase 1: Uses configured provider as temporary fallback.
- * Phase 2+: Requires explicit oauthProvider on tool protection.
- */
-export declare class ToolContextBuilder {
-    private config;
-    constructor(config: ToolContextBuilderConfig);
-    /**
-     * Build tool execution context
-     *
-     * @param toolName - Name of the tool being executed
-     * @param userDid - User DID (optional, required for OAuth)
-     * @param sessionId - Session ID (optional)
-     * @param delegationToken - Delegation token (optional)
-     * @param toolProtection - Tool protection configuration (optional)
-     * @returns Tool execution context or undefined if not needed
-     */
-    buildContext(toolName: string, userDid: string | undefined, sessionId: string | undefined, delegationToken: string | undefined, toolProtection: ToolProtection | null): Promise<ToolExecutionContext | undefined>;
-    /**
-     * Resolve OAuth provider for a tool
-     *
-     * Phase 1: Uses configured provider from OAuth config as temporary fallback
-     * Phase 2+: Requires explicit oauthProvider on tool protection
-     *
-     * @param toolProtection - Tool protection configuration
-     * @returns Provider name or null if not found
-     */
-    private resolveProvider;
-}
-//# sourceMappingURL=tool-context-builder.d.ts.map

package/dist/services/tool-context-builder.d.ts.map DELETED Viewed

@@ -1 +0,0 @@

- {"version":3,"file":"tool-context-builder.d.ts","sourceRoot":"","sources":["../../src/services/tool-context-builder.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AACrE,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAC3D,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,0CAA0C,CAAC;AAE/E,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAE7D,MAAM,WAAW,wBAAwB;IACvC,4DAA4D;IAC5D,aAAa,EAAE,gBAAgB,CAAC;IAEhC,gEAAgE;IAChE,aAAa,EAAE,kBAAkB,CAAC;IAElC,2CAA2C;IAC3C,SAAS,EAAE,MAAM,CAAC;IAElB,+CAA+C;IAC/C,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,OAAO,KAAK,IAAI,CAAC;CACpD;AAED;;;;;;GAMG;AACH,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,MAAM,CAEZ;gBAEU,MAAM,EAAE,wBAAwB;IAS5C;;;;;;;;;OASG;IACG,YAAY,CAChB,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,MAAM,GAAG,SAAS,EAC3B,SAAS,EAAE,MAAM,GAAG,SAAS,EAC7B,eAAe,EAAE,MAAM,GAAG,SAAS,EACnC,cAAc,EAAE,cAAc,GAAG,IAAI,GACpC,OAAO,CAAC,oBAAoB,GAAG,SAAS,CAAC;IAyD5C;;;;;;;;OAQG;YACW,eAAe;CAyC9B"}