@kya-os/mcp-i-core 1.3.0 → 1.3.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.turbo/turbo-build.log +1 -1
- package/.turbo/turbo-test$colon$coverage.log +2579 -2669
- package/.turbo/turbo-test.log +1251 -1245
- package/coverage/coverage-final.json +4 -4
- package/dist/services/oauth-config.service.d.ts.map +1 -1
- package/dist/services/oauth-config.service.js +5 -3
- package/dist/services/oauth-config.service.js.map +1 -1
- package/dist/services/oauth-provider-registry.d.ts +11 -0
- package/dist/services/oauth-provider-registry.d.ts.map +1 -1
- package/dist/services/oauth-provider-registry.js +16 -0
- package/dist/services/oauth-provider-registry.js.map +1 -1
- package/dist/services/provider-resolver.d.ts +1 -1
- package/dist/services/provider-resolver.d.ts.map +1 -1
- package/dist/services/provider-resolver.js +14 -13
- package/dist/services/provider-resolver.js.map +1 -1
- package/dist/services/tool-protection.service.d.ts +13 -10
- package/dist/services/tool-protection.service.d.ts.map +1 -1
- package/dist/services/tool-protection.service.js +24 -113
- package/dist/services/tool-protection.service.js.map +1 -1
- package/package.json +2 -2
- package/src/__tests__/regression/phase2-regression.test.ts +8 -6
- package/src/__tests__/services/cache-no-warming.test.ts +177 -0
- package/src/__tests__/services/provider-resolver-edge-cases.test.ts +168 -64
- package/src/services/__tests__/provider-resolution.integration.test.ts +9 -5
- package/src/services/__tests__/provider-resolver.test.ts +22 -26
- package/src/services/oauth-config.service.ts +6 -3
- package/src/services/oauth-provider-registry.ts +18 -0
- package/src/services/provider-resolver.ts +15 -13
- package/src/services/tool-protection.service.ts +25 -136
- package/src/cache/oauth-config-cache.js +0 -71
- package/src/providers/base.js +0 -38
- package/src/services/oauth-config.service.js +0 -113
- package/src/services/oauth-provider-registry.js +0 -73
- package/src/services/provider-resolver.js +0 -106
|
@@ -1,73 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* OAuth Provider Registry
|
|
3
|
-
*
|
|
4
|
-
* Manages OAuth provider configurations loaded from AgentShield API.
|
|
5
|
-
* Provides efficient lookup and caching of provider configurations.
|
|
6
|
-
*
|
|
7
|
-
* @package @kya-os/mcp-i-core
|
|
8
|
-
*/
|
|
9
|
-
/**
|
|
10
|
-
* Registry for OAuth providers
|
|
11
|
-
*
|
|
12
|
-
* Wraps OAuthConfigService to provide a simple lookup interface
|
|
13
|
-
* for provider configurations.
|
|
14
|
-
*/
|
|
15
|
-
export class OAuthProviderRegistry {
|
|
16
|
-
configService;
|
|
17
|
-
providers = new Map();
|
|
18
|
-
constructor(configService) {
|
|
19
|
-
this.configService = configService;
|
|
20
|
-
}
|
|
21
|
-
/**
|
|
22
|
-
* Load providers from AgentShield API
|
|
23
|
-
*
|
|
24
|
-
* Fetches OAuth configuration and caches providers in memory.
|
|
25
|
-
* Clears existing providers before loading new ones.
|
|
26
|
-
*
|
|
27
|
-
* @param projectId - Project ID to load providers for
|
|
28
|
-
*/
|
|
29
|
-
async loadFromAgentShield(projectId) {
|
|
30
|
-
const config = await this.configService.getOAuthConfig(projectId);
|
|
31
|
-
// Clear existing providers
|
|
32
|
-
this.providers.clear();
|
|
33
|
-
// Register all providers from config
|
|
34
|
-
for (const [name, providerConfig] of Object.entries(config.providers)) {
|
|
35
|
-
this.providers.set(name, providerConfig);
|
|
36
|
-
}
|
|
37
|
-
}
|
|
38
|
-
/**
|
|
39
|
-
* Get provider by name
|
|
40
|
-
*
|
|
41
|
-
* @param name - Provider name (e.g., "github", "google")
|
|
42
|
-
* @returns Provider configuration or null if not found
|
|
43
|
-
*/
|
|
44
|
-
getProvider(name) {
|
|
45
|
-
return this.providers.get(name) || null;
|
|
46
|
-
}
|
|
47
|
-
/**
|
|
48
|
-
* Get all providers
|
|
49
|
-
*
|
|
50
|
-
* @returns Array of all registered provider configurations
|
|
51
|
-
*/
|
|
52
|
-
getAllProviders() {
|
|
53
|
-
return Array.from(this.providers.values());
|
|
54
|
-
}
|
|
55
|
-
/**
|
|
56
|
-
* Check if provider exists
|
|
57
|
-
*
|
|
58
|
-
* @param name - Provider name to check
|
|
59
|
-
* @returns True if provider is registered, false otherwise
|
|
60
|
-
*/
|
|
61
|
-
hasProvider(name) {
|
|
62
|
-
return this.providers.has(name);
|
|
63
|
-
}
|
|
64
|
-
/**
|
|
65
|
-
* Get all provider names
|
|
66
|
-
*
|
|
67
|
-
* @returns Array of provider names
|
|
68
|
-
*/
|
|
69
|
-
getProviderNames() {
|
|
70
|
-
return Array.from(this.providers.keys());
|
|
71
|
-
}
|
|
72
|
-
}
|
|
73
|
-
//# sourceMappingURL=oauth-provider-registry.js.map
|
|
@@ -1,106 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Provider Resolver
|
|
3
|
-
*
|
|
4
|
-
* Resolves OAuth provider for tools using priority-based resolution strategy.
|
|
5
|
-
* Supports Phase 2+ tool-specific providers with backward compatibility for Phase 1.
|
|
6
|
-
*
|
|
7
|
-
* @package @kya-os/mcp-i-core
|
|
8
|
-
*/
|
|
9
|
-
/**
|
|
10
|
-
* Resolves OAuth provider for tools with priority-based fallback strategy
|
|
11
|
-
*
|
|
12
|
-
* Priority order:
|
|
13
|
-
* 1. Tool-specific oauthProvider field (Phase 2+ preferred)
|
|
14
|
-
* 2. Scope prefix inference (fallback)
|
|
15
|
-
* 3. First configured provider (Phase 1 compatibility fallback)
|
|
16
|
-
* 4. Error if no provider can be resolved
|
|
17
|
-
*/
|
|
18
|
-
export class ProviderResolver {
|
|
19
|
-
registry;
|
|
20
|
-
configService;
|
|
21
|
-
constructor(registry, configService) {
|
|
22
|
-
this.registry = registry;
|
|
23
|
-
this.configService = configService;
|
|
24
|
-
}
|
|
25
|
-
/**
|
|
26
|
-
* Resolve OAuth provider for a tool
|
|
27
|
-
*
|
|
28
|
-
* @param toolProtection - Tool protection configuration
|
|
29
|
-
* @param projectId - Project ID for fetching provider config
|
|
30
|
-
* @returns Provider name (never null - throws if cannot resolve)
|
|
31
|
-
* @throws Error if provider cannot be resolved
|
|
32
|
-
*/
|
|
33
|
-
async resolveProvider(toolProtection, projectId) {
|
|
34
|
-
// Priority 1: Tool-specific provider (Phase 2+ preferred)
|
|
35
|
-
if (toolProtection.oauthProvider) {
|
|
36
|
-
if (!this.registry.hasProvider(toolProtection.oauthProvider)) {
|
|
37
|
-
throw new Error(`Provider "${toolProtection.oauthProvider}" not configured for project "${projectId}". ` +
|
|
38
|
-
`Add provider in project settings.`);
|
|
39
|
-
}
|
|
40
|
-
return toolProtection.oauthProvider;
|
|
41
|
-
}
|
|
42
|
-
// Priority 2: Scope prefix inference (fallback)
|
|
43
|
-
const inferredProvider = this.inferProviderFromScopes(toolProtection.requiredScopes || []);
|
|
44
|
-
if (inferredProvider && this.registry.hasProvider(inferredProvider)) {
|
|
45
|
-
console.log(`[ProviderResolver] Inferred provider "${inferredProvider}" from scopes`);
|
|
46
|
-
return inferredProvider;
|
|
47
|
-
}
|
|
48
|
-
// Priority 3: First configured provider (Phase 1 compatibility fallback)
|
|
49
|
-
// Ensure registry is loaded
|
|
50
|
-
await this.registry.loadFromAgentShield(projectId);
|
|
51
|
-
const providers = this.registry.getAllProviders();
|
|
52
|
-
if (providers.length > 0) {
|
|
53
|
-
// Log deprecation warning for Phase 1 tools
|
|
54
|
-
const firstProviderName = this.registry.getProviderNames()[0];
|
|
55
|
-
console.warn(`[ProviderResolver] Tool does not specify oauthProvider. ` +
|
|
56
|
-
`Using first configured provider "${firstProviderName}" as fallback. ` +
|
|
57
|
-
`This is deprecated - configure oauthProvider in AgentShield dashboard for Phase 2+.`);
|
|
58
|
-
return firstProviderName;
|
|
59
|
-
}
|
|
60
|
-
// Priority 4: Error if no provider can be resolved
|
|
61
|
-
throw new Error(`Tool requires OAuth but no provider could be resolved. ` +
|
|
62
|
-
`Either specify oauthProvider in tool protection config, or configure at least one provider for project "${projectId}".`);
|
|
63
|
-
}
|
|
64
|
-
/**
|
|
65
|
-
* Infer provider from scope prefixes
|
|
66
|
-
*
|
|
67
|
-
* Used as Priority 2 fallback when oauthProvider is not specified.
|
|
68
|
-
* Examples:
|
|
69
|
-
* - github:repo:read → github
|
|
70
|
-
* - gmail:read → google
|
|
71
|
-
* - microsoft:calendar:read → microsoft
|
|
72
|
-
*
|
|
73
|
-
* @param scopes - Required scopes for the tool
|
|
74
|
-
* @returns Provider name if uniquely inferred, null otherwise
|
|
75
|
-
*/
|
|
76
|
-
inferProviderFromScopes(scopes) {
|
|
77
|
-
if (!scopes || scopes.length === 0) {
|
|
78
|
-
return null;
|
|
79
|
-
}
|
|
80
|
-
// Extract first part of scope (before first colon)
|
|
81
|
-
const scopePrefixes = scopes.map((scope) => {
|
|
82
|
-
const parts = scope.split(":");
|
|
83
|
-
return parts[0].toLowerCase();
|
|
84
|
-
});
|
|
85
|
-
// Provider mapping
|
|
86
|
-
const providerMap = {
|
|
87
|
-
github: "github",
|
|
88
|
-
google: "google",
|
|
89
|
-
gmail: "google", // gmail:read → google
|
|
90
|
-
calendar: "google", // calendar:read → google (if ambiguous, use project default)
|
|
91
|
-
microsoft: "microsoft",
|
|
92
|
-
outlook: "microsoft",
|
|
93
|
-
slack: "slack",
|
|
94
|
-
auth0: "auth0",
|
|
95
|
-
okta: "okta",
|
|
96
|
-
};
|
|
97
|
-
// Find unique provider
|
|
98
|
-
const providers = new Set(scopePrefixes.map((prefix) => providerMap[prefix]).filter(Boolean));
|
|
99
|
-
if (providers.size === 1) {
|
|
100
|
-
return Array.from(providers)[0];
|
|
101
|
-
}
|
|
102
|
-
// Ambiguous or no prefix → return null (use project-level provider)
|
|
103
|
-
return null;
|
|
104
|
-
}
|
|
105
|
-
}
|
|
106
|
-
//# sourceMappingURL=provider-resolver.js.map
|