@kya-os/mcp-i-cloudflare 1.6.1 → 1.6.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (25) hide show
  1. package/dist/agent.d.ts.map +1 -1
  2. package/dist/agent.js.map +1 -1
  3. package/dist/app.d.ts.map +1 -1
  4. package/dist/app.js +76 -9
  5. package/dist/app.js.map +1 -1
  6. package/dist/runtime/oauth-handler.d.ts +12 -0
  7. package/dist/runtime/oauth-handler.d.ts.map +1 -1
  8. package/dist/runtime/oauth-handler.js +62 -1
  9. package/dist/runtime/oauth-handler.js.map +1 -1
  10. package/dist/services/consent.service.d.ts.map +1 -1
  11. package/dist/services/consent.service.js +15 -6
  12. package/dist/services/consent.service.js.map +1 -1
  13. package/package.json +3 -3
  14. package/dist/services/oauth-service.d.ts +0 -66
  15. package/dist/services/oauth-service.d.ts.map +0 -1
  16. package/dist/services/oauth-service.js +0 -223
  17. package/dist/services/oauth-service.js.map +0 -1
  18. package/dist/services/tool-context-builder.d.ts +0 -55
  19. package/dist/services/tool-context-builder.d.ts.map +0 -1
  20. package/dist/services/tool-context-builder.js +0 -124
  21. package/dist/services/tool-context-builder.js.map +0 -1
  22. package/dist/types/tool-context.d.ts +0 -35
  23. package/dist/types/tool-context.d.ts.map +0 -1
  24. package/dist/types/tool-context.js +0 -13
  25. package/dist/types/tool-context.js.map +0 -1
package/dist/services/oauth-service.js DELETED
@@ -1,223 +0,0 @@
1
- /**
2
- * OAuth Service
3
- *
4
- * Handles OAuth token exchange and refresh using PKCE (Proof Key for Code Exchange).
5
- * Supports both direct PKCE exchange with OAuth providers and proxy mode via AgentShield.
6
- *
7
- * @package @kya-os/mcp-i-cloudflare
8
- */
9
- /**
10
- * Service for OAuth token exchange and refresh
11
- */
12
- export class OAuthService {
13
- config;
14
- constructor(config) {
15
- this.config = {
16
- configService: config.configService,
17
- projectId: config.projectId,
18
- logger: config.logger || (() => { }),
19
- };
20
- }
21
- /**
22
- * Exchange authorization code for IDP tokens using PKCE
23
- *
24
- * For PKCE providers: Exchanges code directly with OAuth provider (no client secret)
25
- * For proxy mode: Exchanges code via AgentShield API
26
- *
27
- * @param provider - OAuth provider name (e.g., "github", "google")
28
- * @param code - Authorization code from OAuth callback
29
- * @param codeVerifier - PKCE code verifier (must match code_challenge from authorization)
30
- * @param redirectUri - Redirect URI used in authorization request
31
- * @returns IDP tokens (access_token, refresh_token, expires_at, etc.)
32
- */
33
- async exchangeToken(provider, code, codeVerifier, redirectUri) {
34
- // Fetch provider config
35
- const oauthConfig = await this.config.configService.getOAuthConfig(this.config.projectId);
36
- const providerConfig = oauthConfig.providers[provider];
37
- if (!providerConfig) {
38
- throw new Error(`Provider "${provider}" not configured for project "${this.config.projectId}"`);
39
- }
40
- // Check if provider supports PKCE
41
- if (!providerConfig.supportsPKCE) {
42
- throw new Error(`Provider "${provider}" does not support PKCE. Only PKCE providers are supported in Phase 1.`);
43
- }
44
- // For PKCE providers, exchange directly with OAuth provider
45
- if (providerConfig.supportsPKCE && !providerConfig.proxyMode) {
46
- return this.exchangeTokenPKCE(providerConfig, code, codeVerifier, redirectUri);
47
- }
48
- // For proxy mode, exchange via AgentShield
49
- if (providerConfig.proxyMode) {
50
- return this.exchangeTokenProxy(providerConfig, code, codeVerifier, redirectUri);
51
- }
52
- throw new Error(`Provider "${provider}" configuration is invalid: must support PKCE or use proxy mode`);
53
- }
54
- /**
55
- * Exchange token directly with OAuth provider using PKCE
56
- */
57
- async exchangeTokenPKCE(providerConfig, code, codeVerifier, redirectUri) {
58
- this.config.logger("[OAuthService] Exchanging token with PKCE", {
59
- provider: providerConfig.authorizationUrl,
60
- tokenUrl: providerConfig.tokenUrl,
61
- });
62
- const response = await fetch(providerConfig.tokenUrl, {
63
- method: "POST",
64
- headers: {
65
- "Content-Type": "application/x-www-form-urlencoded",
66
- Accept: "application/json",
67
- },
68
- body: new URLSearchParams({
69
- grant_type: "authorization_code",
70
- code,
71
- redirect_uri: redirectUri,
72
- client_id: providerConfig.clientId,
73
- code_verifier: codeVerifier,
74
- }),
75
- });
76
- if (!response.ok) {
77
- const errorText = await response.text().catch(() => "Unknown error");
78
- let errorData;
79
- try {
80
- errorData = JSON.parse(errorText);
81
- }
82
- catch {
83
- errorData = { error: errorText };
84
- }
85
- const errorMessage = errorData.error_description || errorData.error || errorText;
86
- this.config.logger("[OAuthService] Token exchange failed", {
87
- status: response.status,
88
- error: errorMessage,
89
- provider: providerConfig.tokenUrl,
90
- });
91
- throw new Error(`Token exchange failed: ${errorMessage} (${response.status})`);
92
- }
93
- const tokens = await response.json();
94
- // Validate required fields
95
- if (!tokens.access_token) {
96
- throw new Error("Token response missing access_token");
97
- }
98
- // Calculate expiration timestamp
99
- const expiresIn = tokens.expires_in || 3600; // Default 1 hour
100
- const expiresAt = Date.now() + expiresIn * 1000;
101
- const idpTokens = {
102
- access_token: tokens.access_token,
103
- refresh_token: tokens.refresh_token,
104
- expires_in: expiresIn,
105
- expires_at: expiresAt,
106
- token_type: tokens.token_type || "Bearer",
107
- scope: tokens.scope,
108
- };
109
- this.config.logger("[OAuthService] Token exchange successful", {
110
- provider: providerConfig.tokenUrl,
111
- expiresAt: new Date(expiresAt).toISOString(),
112
- hasRefreshToken: !!idpTokens.refresh_token,
113
- });
114
- return idpTokens;
115
- }
116
- /**
117
- * Exchange token via AgentShield proxy (for providers that require proxy mode)
118
- */
119
- async exchangeTokenProxy(providerConfig, code, codeVerifier, redirectUri) {
120
- // Get AgentShield API URL from config service
121
- const oauthConfig = await this.config.configService.getOAuthConfig(this.config.projectId);
122
- // Note: We need access to baseUrl and apiKey from configService
123
- // For now, this is a placeholder - will need to pass these through config
124
- throw new Error("Proxy mode token exchange not yet implemented. Use PKCE mode for Phase 1.");
125
- }
126
- /**
127
- * Refresh IDP access token using refresh token
128
- *
129
- * For PKCE providers: Refreshes directly with OAuth provider
130
- * For proxy mode: Refreshes via AgentShield API
131
- *
132
- * @param provider - OAuth provider name
133
- * @param refreshToken - Refresh token from previous token exchange
134
- * @returns New IDP tokens or null if refresh failed
135
- */
136
- async refreshToken(provider, refreshToken) {
137
- // Fetch provider config
138
- const oauthConfig = await this.config.configService.getOAuthConfig(this.config.projectId);
139
- const providerConfig = oauthConfig.providers[provider];
140
- if (!providerConfig) {
141
- this.config.logger("[OAuthService] Provider not found for refresh", {
142
- provider,
143
- });
144
- return null;
145
- }
146
- // For PKCE providers, refresh directly with OAuth provider
147
- if (providerConfig.supportsPKCE && !providerConfig.proxyMode) {
148
- return this.refreshTokenPKCE(providerConfig, refreshToken);
149
- }
150
- // For proxy mode, refresh via AgentShield
151
- if (providerConfig.proxyMode) {
152
- return this.refreshTokenProxy(providerConfig, refreshToken);
153
- }
154
- return null;
155
- }
156
- /**
157
- * Refresh token directly with OAuth provider using PKCE
158
- */
159
- async refreshTokenPKCE(providerConfig, refreshToken) {
160
- this.config.logger("[OAuthService] Refreshing token with PKCE", {
161
- provider: providerConfig.tokenUrl,
162
- });
163
- try {
164
- const response = await fetch(providerConfig.tokenUrl, {
165
- method: "POST",
166
- headers: {
167
- "Content-Type": "application/x-www-form-urlencoded",
168
- Accept: "application/json",
169
- },
170
- body: new URLSearchParams({
171
- grant_type: "refresh_token",
172
- refresh_token: refreshToken,
173
- client_id: providerConfig.clientId,
174
- }),
175
- });
176
- if (!response.ok) {
177
- this.config.logger("[OAuthService] Token refresh failed", {
178
- status: response.status,
179
- provider: providerConfig.tokenUrl,
180
- });
181
- return null;
182
- }
183
- const tokens = await response.json();
184
- if (!tokens.access_token) {
185
- this.config.logger("[OAuthService] Token refresh response missing access_token");
186
- return null;
187
- }
188
- // Calculate expiration timestamp
189
- const expiresIn = tokens.expires_in || 3600; // Default 1 hour
190
- const expiresAt = Date.now() + expiresIn * 1000;
191
- const idpTokens = {
192
- access_token: tokens.access_token,
193
- refresh_token: tokens.refresh_token || refreshToken, // Use new refresh token if provided, otherwise keep old one
194
- expires_in: expiresIn,
195
- expires_at: expiresAt,
196
- token_type: tokens.token_type || "Bearer",
197
- scope: tokens.scope,
198
- };
199
- this.config.logger("[OAuthService] Token refresh successful", {
200
- provider: providerConfig.tokenUrl,
201
- expiresAt: new Date(expiresAt).toISOString(),
202
- });
203
- return idpTokens;
204
- }
205
- catch (error) {
206
- this.config.logger("[OAuthService] Token refresh error", {
207
- error: error instanceof Error ? error.message : String(error),
208
- provider: providerConfig.tokenUrl,
209
- });
210
- return null;
211
- }
212
- }
213
- /**
214
- * Refresh token via AgentShield proxy
215
- */
216
- async refreshTokenProxy(providerConfig, refreshToken) {
217
- // Placeholder for proxy mode refresh
218
- // Will need access to AgentShield API URL and key
219
- this.config.logger("[OAuthService] Proxy mode refresh not yet implemented");
220
- return null;
221
- }
222
- }
223
- //# sourceMappingURL=oauth-service.js.map
package/dist/services/oauth-service.js.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"file":"oauth-service.js","sourceRoot":"","sources":["../../src/services/oauth-service.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAgBH;;GAEG;AACH,MAAM,OAAO,YAAY;IACf,MAAM,CAEZ;IAEF,YAAY,MAA0B;QACpC,IAAI,CAAC,MAAM,GAAG;YACZ,aAAa,EAAE,MAAM,CAAC,aAAa;YACnC,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,MAAM,EAAE,MAAM,CAAC,MAAM,IAAI,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC;SACpC,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,aAAa,CACjB,QAAgB,EAChB,IAAY,EACZ,YAAoB,EACpB,WAAmB;QAEnB,wBAAwB;QACxB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,cAAc,CAChE,IAAI,CAAC,MAAM,CAAC,SAAS,CACtB,CAAC;QACF,MAAM,cAAc,GAAG,WAAW,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QAEvD,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,MAAM,IAAI,KAAK,CAAC,aAAa,QAAQ,iCAAiC,IAAI,CAAC,MAAM,CAAC,SAAS,GAAG,CAAC,CAAC;QAClG,CAAC;QAED,kCAAkC;QAClC,IAAI,CAAC,cAAc,CAAC,YAAY,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CACb,aAAa,QAAQ,wEAAwE,CAC9F,CAAC;QACJ,CAAC;QAED,4DAA4D;QAC5D,IAAI,cAAc,CAAC,YAAY,IAAI,CAAC,cAAc,CAAC,SAAS,EAAE,CAAC;YAC7D,OAAO,IAAI,CAAC,iBAAiB,CAC3B,cAAc,EACd,IAAI,EACJ,YAAY,EACZ,WAAW,CACZ,CAAC;QACJ,CAAC;QAED,2CAA2C;QAC3C,IAAI,cAAc,CAAC,SAAS,EAAE,CAAC;YAC7B,OAAO,IAAI,CAAC,kBAAkB,CAC5B,cAAc,EACd,IAAI,EACJ,YAAY,EACZ,WAAW,CACZ,CAAC;QACJ,CAAC;QAED,MAAM,IAAI,KAAK,CACb,aAAa,QAAQ,iEAAiE,CACvF,CAAC;IACJ,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,iBAAiB,CAC7B,cAA6B,EAC7B,IAAY,EACZ,YAAoB,EACpB,WAAmB;QAEnB,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,2CAA2C,EAAE;YAC9D,QAAQ,EAAE,cAAc,CAAC,gBAAgB;YACzC,QAAQ,EAAE,cAAc,CAAC,QAAQ;SAClC,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,cAAc,CAAC,QAAQ,EAAE;YACpD,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,mCAAmC;gBACnD,MAAM,EAAE,kBAAkB;aAC3B;YACD,IAAI,EAAE,IAAI,eAAe,CAAC;gBACxB,UAAU,EAAE,oBAAoB;gBAChC,IAAI;gBACJ,YAAY,EAAE,WAAW;gBACzB,SAAS,EAAE,cAAc,CAAC,QAAQ;gBAClC,aAAa,EAAE,YAAY;aAC5B,CAAC;SACH,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,eAAe,CAAC,CAAC;YACrE,IAAI,SAAc,CAAC;YACnB,IAAI,CAAC;gBACH,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC;YACpC,CAAC;YAAC,MAAM,CAAC;gBACP,SAAS,GAAG,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC;YACnC,CAAC;YAED,MAAM,YAAY,GAChB,SAAS,CAAC,iBAAiB,IAAI,SAAS,CAAC,KAAK,IAAI,SAAS,CAAC;YAE9D,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,sCAAsC,EAAE;gBACzD,MAAM,EAAE,QAAQ,CAAC,MAAM;gBACvB,KAAK,EAAE,YAAY;gBACnB,QAAQ,EAAE,cAAc,CAAC,QAAQ;aAClC,CAAC,CAAC;YAEH,MAAM,IAAI,KAAK,CACb,0BAA0B,YAAY,KAAK,QAAQ,CAAC,MAAM,GAAG,CAC9D,CAAC;QACJ,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAErC,2BAA2B;QAC3B,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;QACzD,CAAC;QAED,iCAAiC;QACjC,MAAM,SAAS,GAAG,MAAM,CAAC,UAAU,IAAI,IAAI,CAAC,CAAC,iBAAiB;QAC9D,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,GAAG,IAAI,CAAC;QAEhD,MAAM,SAAS,GAAc;YAC3B,YAAY,EAAE,MAAM,CAAC,YAAY;YACjC,aAAa,EAAE,MAAM,CAAC,aAAa;YACnC,UAAU,EAAE,SAAS;YACrB,UAAU,EAAE,SAAS;YACrB,UAAU,EAAE,MAAM,CAAC,UAAU,IAAI,QAAQ;YACzC,KAAK,EAAE,MAAM,CAAC,KAAK;SACpB,CAAC;QAEF,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,0CAA0C,EAAE;YAC7D,QAAQ,EAAE,cAAc,CAAC,QAAQ;YACjC,SAAS,EAAE,IAAI,IAAI,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE;YAC5C,eAAe,EAAE,CAAC,CAAC,SAAS,CAAC,aAAa;SAC3C,CAAC,CAAC;QAEH,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,kBAAkB,CAC9B,cAA6B,EAC7B,IAAY,EACZ,YAAoB,EACpB,WAAmB;QAEnB,8CAA8C;QAC9C,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,cAAc,CAChE,IAAI,CAAC,MAAM,CAAC,SAAS,CACtB,CAAC;QACF,gEAAgE;QAChE,0EAA0E;QAC1E,MAAM,IAAI,KAAK,CACb,2EAA2E,CAC5E,CAAC;IACJ,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,CAAC,YAAY,CAChB,QAAgB,EAChB,YAAoB;QAEpB,wBAAwB;QACxB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,cAAc,CAChE,IAAI,CAAC,MAAM,CAAC,SAAS,CACtB,CAAC;QACF,MAAM,cAAc,GAAG,WAAW,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QAEvD,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,+CAA+C,EAAE;gBAClE,QAAQ;aACT,CAAC,CAAC;YACH,OAAO,IAAI,CAAC;QACd,CAAC;QAED,2DAA2D;QAC3D,IAAI,cAAc,CAAC,YAAY,IAAI,CAAC,cAAc,CAAC,SAAS,EAAE,CAAC;YAC7D,OAAO,IAAI,CAAC,gBAAgB,CAAC,cAAc,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC;QAED,0CAA0C;QAC1C,IAAI,cAAc,CAAC,SAAS,EAAE,CAAC;YAC7B,OAAO,IAAI,CAAC,iBAAiB,CAAC,cAAc,EAAE,YAAY,CAAC,CAAC;QAC9D,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,gBAAgB,CAC5B,cAA6B,EAC7B,YAAoB;QAEpB,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,2CAA2C,EAAE;YAC9D,QAAQ,EAAE,cAAc,CAAC,QAAQ;SAClC,CAAC,CAAC;QAEH,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,cAAc,CAAC,QAAQ,EAAE;gBACpD,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,cAAc,EAAE,mCAAmC;oBACnD,MAAM,EAAE,kBAAkB;iBAC3B;gBACD,IAAI,EAAE,IAAI,eAAe,CAAC;oBACxB,UAAU,EAAE,eAAe;oBAC3B,aAAa,EAAE,YAAY;oBAC3B,SAAS,EAAE,cAAc,CAAC,QAAQ;iBACnC,CAAC;aACH,CAAC,CAAC;YAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,qCAAqC,EAAE;oBACxD,MAAM,EAAE,QAAQ,CAAC,MAAM;oBACvB,QAAQ,EAAE,cAAc,CAAC,QAAQ;iBAClC,CAAC,CAAC;gBACH,OAAO,IAAI,CAAC;YACd,CAAC;YAED,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YAErC,IAAI,CAAC,MAAM,CAAC,YAAY,EAAE,CAAC;gBACzB,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,4DAA4D,CAAC,CAAC;gBACjF,OAAO,IAAI,CAAC;YACd,CAAC;YAED,iCAAiC;YACjC,MAAM,SAAS,GAAG,MAAM,CAAC,UAAU,IAAI,IAAI,CAAC,CAAC,iBAAiB;YAC9D,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,GAAG,IAAI,CAAC;YAEhD,MAAM,SAAS,GAAc;gBAC3B,YAAY,EAAE,MAAM,CAAC,YAAY;gBACjC,aAAa,EAAE,MAAM,CAAC,aAAa,IAAI,YAAY,EAAE,4DAA4D;gBACjH,UAAU,EAAE,SAAS;gBACrB,UAAU,EAAE,SAAS;gBACrB,UAAU,EAAE,MAAM,CAAC,UAAU,IAAI,QAAQ;gBACzC,KAAK,EAAE,MAAM,CAAC,KAAK;aACpB,CAAC;YAEF,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,yCAAyC,EAAE;gBAC5D,QAAQ,EAAE,cAAc,CAAC,QAAQ;gBACjC,SAAS,EAAE,IAAI,IAAI,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE;aAC7C,CAAC,CAAC;YAEH,OAAO,SAAS,CAAC;QACnB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,oCAAoC,EAAE;gBACvD,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;gBAC7D,QAAQ,EAAE,cAAc,CAAC,QAAQ;aAClC,CAAC,CAAC;YACH,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,iBAAiB,CAC7B,cAA6B,EAC7B,YAAoB;QAEpB,qCAAqC;QACrC,kDAAkD;QAClD,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,uDAAuD,CAAC,CAAC;QAC5E,OAAO,IAAI,CAAC;IACd,CAAC;CACF"}
package/dist/services/tool-context-builder.d.ts DELETED
@@ -1,55 +0,0 @@
1
- /**
2
- * Tool Context Builder
3
- *
4
- * Builds ToolExecutionContext for tool handlers by resolving IDP tokens
5
- * based on tool protection configuration and user identity.
6
- *
7
- * @package @kya-os/mcp-i-cloudflare
8
- */
9
- import type { ToolExecutionContext } from "../types/tool-context.js";
10
- import type { IdpTokenResolver } from "@kya-os/mcp-i-core";
11
- import type { ToolProtection } from "@kya-os/mcp-i-core/types/tool-protection";
12
- import type { OAuthConfigService } from "@kya-os/mcp-i-core";
13
- export interface ToolContextBuilderConfig {
14
- /** IDP token resolver for resolving tokens from User DID */
15
- tokenResolver: IdpTokenResolver;
16
- /** OAuth config service for fetching provider configurations */
17
- configService: OAuthConfigService;
18
- /** Project ID for fetching OAuth config */
19
- projectId: string;
20
- /** Optional logger callback for diagnostics */
21
- logger?: (message: string, data?: unknown) => void;
22
- }
23
- /**
24
- * Builder for tool execution context
25
- *
26
- * Resolves IDP tokens and builds context for tool handlers.
27
- * Phase 1: Uses configured provider as temporary fallback.
28
- * Phase 2+: Requires explicit oauthProvider on tool protection.
29
- */
30
- export declare class ToolContextBuilder {
31
- private config;
32
- constructor(config: ToolContextBuilderConfig);
33
- /**
34
- * Build tool execution context
35
- *
36
- * @param toolName - Name of the tool being executed
37
- * @param userDid - User DID (optional, required for OAuth)
38
- * @param sessionId - Session ID (optional)
39
- * @param delegationToken - Delegation token (optional)
40
- * @param toolProtection - Tool protection configuration (optional)
41
- * @returns Tool execution context or undefined if not needed
42
- */
43
- buildContext(toolName: string, userDid: string | undefined, sessionId: string | undefined, delegationToken: string | undefined, toolProtection: ToolProtection | null): Promise<ToolExecutionContext | undefined>;
44
- /**
45
- * Resolve OAuth provider for a tool
46
- *
47
- * Phase 1: Uses configured provider from OAuth config as temporary fallback
48
- * Phase 2+: Requires explicit oauthProvider on tool protection
49
- *
50
- * @param toolProtection - Tool protection configuration
51
- * @returns Provider name or null if not found
52
- */
53
- private resolveProvider;
54
- }
55
- //# sourceMappingURL=tool-context-builder.d.ts.map
package/dist/services/tool-context-builder.d.ts.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"file":"tool-context-builder.d.ts","sourceRoot":"","sources":["../../src/services/tool-context-builder.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,oBAAoB,EAAE,MAAM,0BAA0B,CAAC;AACrE,OAAO,KAAK,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AAC3D,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,0CAA0C,CAAC;AAE/E,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAE7D,MAAM,WAAW,wBAAwB;IACvC,4DAA4D;IAC5D,aAAa,EAAE,gBAAgB,CAAC;IAEhC,gEAAgE;IAChE,aAAa,EAAE,kBAAkB,CAAC;IAElC,2CAA2C;IAC3C,SAAS,EAAE,MAAM,CAAC;IAElB,+CAA+C;IAC/C,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,OAAO,KAAK,IAAI,CAAC;CACpD;AAED;;;;;;GAMG;AACH,qBAAa,kBAAkB;IAC7B,OAAO,CAAC,MAAM,CAEZ;gBAEU,MAAM,EAAE,wBAAwB;IAS5C;;;;;;;;;OASG;IACG,YAAY,CAChB,QAAQ,EAAE,MAAM,EAChB,OAAO,EAAE,MAAM,GAAG,SAAS,EAC3B,SAAS,EAAE,MAAM,GAAG,SAAS,EAC7B,eAAe,EAAE,MAAM,GAAG,SAAS,EACnC,cAAc,EAAE,cAAc,GAAG,IAAI,GACpC,OAAO,CAAC,oBAAoB,GAAG,SAAS,CAAC;IAyD5C;;;;;;;;OAQG;YACW,eAAe;CAyC9B"}
package/dist/services/tool-context-builder.js DELETED
@@ -1,124 +0,0 @@
1
- /**
2
- * Tool Context Builder
3
- *
4
- * Builds ToolExecutionContext for tool handlers by resolving IDP tokens
5
- * based on tool protection configuration and user identity.
6
- *
7
- * @package @kya-os/mcp-i-cloudflare
8
- */
9
- /**
10
- * Builder for tool execution context
11
- *
12
- * Resolves IDP tokens and builds context for tool handlers.
13
- * Phase 1: Uses configured provider as temporary fallback.
14
- * Phase 2+: Requires explicit oauthProvider on tool protection.
15
- */
16
- export class ToolContextBuilder {
17
- config;
18
- constructor(config) {
19
- this.config = {
20
- tokenResolver: config.tokenResolver,
21
- configService: config.configService,
22
- projectId: config.projectId,
23
- logger: config.logger || (() => { }),
24
- };
25
- }
26
- /**
27
- * Build tool execution context
28
- *
29
- * @param toolName - Name of the tool being executed
30
- * @param userDid - User DID (optional, required for OAuth)
31
- * @param sessionId - Session ID (optional)
32
- * @param delegationToken - Delegation token (optional)
33
- * @param toolProtection - Tool protection configuration (optional)
34
- * @returns Tool execution context or undefined if not needed
35
- */
36
- async buildContext(toolName, userDid, sessionId, delegationToken, toolProtection) {
37
- // Only build context if tool requires OAuth
38
- if (!toolProtection?.requiredScopes?.length || !userDid) {
39
- return undefined;
40
- }
41
- // Phase 1: Resolve provider from configured providers
42
- // Phase 1 uses configured provider as temporary fallback
43
- // Phase 2+ requires explicit oauthProvider on tool protection
44
- const provider = await this.resolveProvider(toolProtection);
45
- if (!provider) {
46
- this.config.logger("[ToolContextBuilder] Provider not resolved", {
47
- toolName,
48
- userDid: userDid.substring(0, 20) + "...",
49
- });
50
- return undefined;
51
- }
52
- // Resolve IDP token
53
- const idpToken = await this.config.tokenResolver.resolveTokenFromDid(userDid, provider, toolProtection.requiredScopes);
54
- if (!idpToken) {
55
- // Token not available - will trigger OAuth flow
56
- this.config.logger("[ToolContextBuilder] Token not available", {
57
- toolName,
58
- userDid: userDid.substring(0, 20) + "...",
59
- provider,
60
- scopes: toolProtection.requiredScopes,
61
- });
62
- return undefined;
63
- }
64
- // Build context with token
65
- const context = {
66
- idpToken,
67
- provider,
68
- scopes: toolProtection.requiredScopes,
69
- userDid,
70
- sessionId,
71
- delegationToken,
72
- };
73
- this.config.logger("[ToolContextBuilder] Context built successfully", {
74
- toolName,
75
- userDid: userDid.substring(0, 20) + "...",
76
- provider,
77
- hasToken: !!idpToken,
78
- });
79
- return context;
80
- }
81
- /**
82
- * Resolve OAuth provider for a tool
83
- *
84
- * Phase 1: Uses configured provider from OAuth config as temporary fallback
85
- * Phase 2+: Requires explicit oauthProvider on tool protection
86
- *
87
- * @param toolProtection - Tool protection configuration
88
- * @returns Provider name or null if not found
89
- */
90
- async resolveProvider(toolProtection) {
91
- // Phase 2+: Check for explicit oauthProvider (not yet implemented)
92
- // if (toolProtection.oauthProvider) {
93
- // return toolProtection.oauthProvider;
94
- // }
95
- // Phase 1: Use configured provider from OAuth config as temporary fallback
96
- // Get first configured provider (Phase 1 assumes single provider per project)
97
- try {
98
- const oauthConfig = await this.config.configService.getOAuthConfig(this.config.projectId);
99
- const providers = Object.keys(oauthConfig.providers);
100
- if (providers.length === 0) {
101
- this.config.logger("[ToolContextBuilder] No providers configured", {
102
- projectId: this.config.projectId,
103
- });
104
- return null;
105
- }
106
- // Phase 1: Use first configured provider as fallback
107
- // Phase 2+: This fallback will be removed, tools must specify oauthProvider
108
- const provider = providers[0];
109
- this.config.logger("[ToolContextBuilder] Provider resolved (Phase 1 fallback)", {
110
- provider,
111
- availableProviders: providers,
112
- });
113
- return provider;
114
- }
115
- catch (error) {
116
- this.config.logger("[ToolContextBuilder] Failed to fetch OAuth config", {
117
- error: error instanceof Error ? error.message : String(error),
118
- projectId: this.config.projectId,
119
- });
120
- return null;
121
- }
122
- }
123
- }
124
- //# sourceMappingURL=tool-context-builder.js.map
package/dist/services/tool-context-builder.js.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"file":"tool-context-builder.js","sourceRoot":"","sources":["../../src/services/tool-context-builder.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAsBH;;;;;;GAMG;AACH,MAAM,OAAO,kBAAkB;IACrB,MAAM,CAEZ;IAEF,YAAY,MAAgC;QAC1C,IAAI,CAAC,MAAM,GAAG;YACZ,aAAa,EAAE,MAAM,CAAC,aAAa;YACnC,aAAa,EAAE,MAAM,CAAC,aAAa;YACnC,SAAS,EAAE,MAAM,CAAC,SAAS;YAC3B,MAAM,EAAE,MAAM,CAAC,MAAM,IAAI,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC;SACpC,CAAC;IACJ,CAAC;IAED;;;;;;;;;OASG;IACH,KAAK,CAAC,YAAY,CAChB,QAAgB,EAChB,OAA2B,EAC3B,SAA6B,EAC7B,eAAmC,EACnC,cAAqC;QAErC,4CAA4C;QAC5C,IAAI,CAAC,cAAc,EAAE,cAAc,EAAE,MAAM,IAAI,CAAC,OAAO,EAAE,CAAC;YACxD,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,sDAAsD;QACtD,yDAAyD;QACzD,8DAA8D;QAC9D,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,cAAc,CAAC,CAAC;QAE5D,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,4CAA4C,EAAE;gBAC/D,QAAQ;gBACR,OAAO,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;aAC1C,CAAC,CAAC;YACH,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,oBAAoB;QACpB,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,mBAAmB,CAClE,OAAO,EACP,QAAQ,EACR,cAAc,CAAC,cAAc,CAC9B,CAAC;QAEF,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,gDAAgD;YAChD,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,0CAA0C,EAAE;gBAC7D,QAAQ;gBACR,OAAO,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;gBACzC,QAAQ;gBACR,MAAM,EAAE,cAAc,CAAC,cAAc;aACtC,CAAC,CAAC;YACH,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,2BAA2B;QAC3B,MAAM,OAAO,GAAyB;YACpC,QAAQ;YACR,QAAQ;YACR,MAAM,EAAE,cAAc,CAAC,cAAc;YACrC,OAAO;YACP,SAAS;YACT,eAAe;SAChB,CAAC;QAEF,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,iDAAiD,EAAE;YACpE,QAAQ;YACR,OAAO,EAAE,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK;YACzC,QAAQ;YACR,QAAQ,EAAE,CAAC,CAAC,QAAQ;SACrB,CAAC,CAAC;QAEH,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;;;;;;;OAQG;IACK,KAAK,CAAC,eAAe,CAC3B,cAA8B;QAE9B,mEAAmE;QACnE,sCAAsC;QACtC,yCAAyC;QACzC,IAAI;QAEJ,2EAA2E;QAC3E,8EAA8E;QAC9E,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,cAAc,CAChE,IAAI,CAAC,MAAM,CAAC,SAAS,CACtB,CAAC;YAEF,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;YACrD,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC3B,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,8CAA8C,EAAE;oBACjE,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS;iBACjC,CAAC,CAAC;gBACH,OAAO,IAAI,CAAC;YACd,CAAC;YAED,qDAAqD;YACrD,4EAA4E;YAC5E,MAAM,QAAQ,GAAG,SAAS,CAAC,CAAC,CAAC,CAAC;YAE9B,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,2DAA2D,EAAE;gBAC9E,QAAQ;gBACR,kBAAkB,EAAE,SAAS;aAC9B,CAAC,CAAC;YAEH,OAAO,QAAQ,CAAC;QAClB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,mDAAmD,EAAE;gBACtE,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;gBAC7D,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS;aACjC,CAAC,CAAC;YACH,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;CACF"}
package/dist/types/tool-context.d.ts DELETED
@@ -1,35 +0,0 @@
1
- /**
2
- * Tool Execution Context
3
- *
4
- * Execution context passed to tool handlers, enabling tools to access
5
- * IDP tokens for external API calls (GitHub, Google, etc.).
6
- *
7
- * All fields are optional for backward compatibility - tools that don't
8
- * require OAuth will receive undefined context.
9
- *
10
- * @package @kya-os/mcp-i-cloudflare
11
- */
12
- /**
13
- * Execution context passed to tool handlers
14
- *
15
- * Enables tools to access IDP tokens for external API calls.
16
- * Context is only provided when:
17
- * - Tool requires OAuth (has requiredScopes)
18
- * - User DID is available
19
- * - IDP token is successfully resolved
20
- */
21
- export interface ToolExecutionContext {
22
- /** IDP access token for external API calls (e.g., GitHub, Google) */
23
- idpToken?: string;
24
- /** OAuth provider name (e.g., "github", "google") */
25
- provider?: string;
26
- /** Scopes granted for this token */
27
- scopes?: string[];
28
- /** User DID associated with this token */
29
- userDid?: string;
30
- /** Session ID */
31
- sessionId?: string;
32
- /** Delegation token (MCP-I internal authorization) */
33
- delegationToken?: string;
34
- }
35
- //# sourceMappingURL=tool-context.d.ts.map
package/dist/types/tool-context.d.ts.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"file":"tool-context.d.ts","sourceRoot":"","sources":["../../src/types/tool-context.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH;;;;;;;;GAQG;AACH,MAAM,WAAW,oBAAoB;IACnC,qEAAqE;IACrE,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,qDAAqD;IACrD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAElB,oCAAoC;IACpC,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAElB,0CAA0C;IAC1C,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB,iBAAiB;IACjB,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB,sDAAsD;IACtD,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B"}
package/dist/types/tool-context.js DELETED
@@ -1,13 +0,0 @@
1
- /**
2
- * Tool Execution Context
3
- *
4
- * Execution context passed to tool handlers, enabling tools to access
5
- * IDP tokens for external API calls (GitHub, Google, etc.).
6
- *
7
- * All fields are optional for backward compatibility - tools that don't
8
- * require OAuth will receive undefined context.
9
- *
10
- * @package @kya-os/mcp-i-cloudflare
11
- */
12
- export {};
13
- //# sourceMappingURL=tool-context.js.map
package/dist/types/tool-context.js.map DELETED
@@ -1 +0,0 @@
1
- {"version":3,"file":"tool-context.js","sourceRoot":"","sources":["../../src/types/tool-context.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG"}