@kya-os/mcp-i-core 1.4.17 → 1.4.18
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/runtime/base.d.ts +13 -0
- package/dist/runtime/base.js +36 -7
- package/package.json +1 -1
package/dist/runtime/base.d.ts
CHANGED
|
@@ -79,6 +79,19 @@ export declare class MCPIRuntimeBase {
|
|
|
79
79
|
* Get session by ID
|
|
80
80
|
*/
|
|
81
81
|
getSession(sessionId: string): any | undefined;
|
|
82
|
+
/**
|
|
83
|
+
* Extract the correct provider for consent URL from tool protection config
|
|
84
|
+
*
|
|
85
|
+
* For password auth tools, the provider is in authorization.provider.
|
|
86
|
+
* For OAuth auth tools, the provider is in oauthProvider (legacy) or authorization.provider.
|
|
87
|
+
*
|
|
88
|
+
* Note: Not all authorization types have a provider field (e.g., 'none', 'mdl', 'webauthn').
|
|
89
|
+
* Only 'oauth', 'oauth2', 'password', and 'idv' types have provider.
|
|
90
|
+
*
|
|
91
|
+
* @param protection - Tool protection configuration
|
|
92
|
+
* @returns Provider name to use in consent URL, or undefined
|
|
93
|
+
*/
|
|
94
|
+
private getConsentProvider;
|
|
82
95
|
/**
|
|
83
96
|
* Process tool call with automatic proof generation
|
|
84
97
|
* Returns clean result only - proof is stored for out-of-band retrieval
|
package/dist/runtime/base.js
CHANGED
|
@@ -233,6 +233,35 @@ class MCPIRuntimeBase {
|
|
|
233
233
|
getSession(sessionId) {
|
|
234
234
|
return this.sessions.get(sessionId);
|
|
235
235
|
}
|
|
236
|
+
/**
|
|
237
|
+
* Extract the correct provider for consent URL from tool protection config
|
|
238
|
+
*
|
|
239
|
+
* For password auth tools, the provider is in authorization.provider.
|
|
240
|
+
* For OAuth auth tools, the provider is in oauthProvider (legacy) or authorization.provider.
|
|
241
|
+
*
|
|
242
|
+
* Note: Not all authorization types have a provider field (e.g., 'none', 'mdl', 'webauthn').
|
|
243
|
+
* Only 'oauth', 'oauth2', 'password', and 'idv' types have provider.
|
|
244
|
+
*
|
|
245
|
+
* @param protection - Tool protection configuration
|
|
246
|
+
* @returns Provider name to use in consent URL, or undefined
|
|
247
|
+
*/
|
|
248
|
+
getConsentProvider(protection) {
|
|
249
|
+
// Check authorization field - only some types have provider
|
|
250
|
+
if (protection.authorization) {
|
|
251
|
+
const auth = protection.authorization;
|
|
252
|
+
// Types with provider: oauth, oauth2, password, idv
|
|
253
|
+
if (auth.type === "oauth" ||
|
|
254
|
+
auth.type === "oauth2" ||
|
|
255
|
+
auth.type === "password" ||
|
|
256
|
+
auth.type === "idv") {
|
|
257
|
+
return auth.provider;
|
|
258
|
+
}
|
|
259
|
+
// Other types don't have provider (none, mdl, verifiable_credential, webauthn, siwe)
|
|
260
|
+
// Fall through to legacy oauthProvider
|
|
261
|
+
}
|
|
262
|
+
// Fall back to legacy oauthProvider (deprecated)
|
|
263
|
+
return protection.oauthProvider;
|
|
264
|
+
}
|
|
236
265
|
/**
|
|
237
266
|
* Process tool call with automatic proof generation
|
|
238
267
|
* Returns clean result only - proof is stored for out-of-band retrieval
|
|
@@ -274,7 +303,7 @@ class MCPIRuntimeBase {
|
|
|
274
303
|
// Note: projectId is not available in base class - subclasses should override buildConsentUrl
|
|
275
304
|
// Pass oauthProvider to ensure correct auth method is selected (e.g., "credentials" vs "github")
|
|
276
305
|
const consentUrl = this.buildConsentUrl(toolName, protection.requiredScopes, session, resumeToken, undefined, // projectId - handled by subclass override
|
|
277
|
-
protection
|
|
306
|
+
this.getConsentProvider(protection) // Provider from tool config (supports both password and oauth auth)
|
|
278
307
|
);
|
|
279
308
|
// Create error with intercepted call context and pre-generated resume token
|
|
280
309
|
const error = new tool_protection_js_1.DelegationRequiredError(toolName, protection.requiredScopes, consentUrl, interceptedCall, resumeToken);
|
|
@@ -384,7 +413,7 @@ class MCPIRuntimeBase {
|
|
|
384
413
|
};
|
|
385
414
|
const resumeToken = this.generateResumeToken(interceptedCall);
|
|
386
415
|
const consentUrl = this.buildConsentUrl(toolName, protection.requiredScopes, session, resumeToken, undefined, // projectId - handled by subclass override
|
|
387
|
-
protection
|
|
416
|
+
this.getConsentProvider(protection) // Provider from tool config (supports both password and oauth auth)
|
|
388
417
|
);
|
|
389
418
|
this.interceptedCalls.set(resumeToken, interceptedCall);
|
|
390
419
|
this.cleanupExpiredInterceptedCalls();
|
|
@@ -434,7 +463,7 @@ class MCPIRuntimeBase {
|
|
|
434
463
|
};
|
|
435
464
|
const resumeToken = this.generateResumeToken(interceptedCall);
|
|
436
465
|
const consentUrl = this.buildConsentUrl(toolName, protection.requiredScopes, session, resumeToken, undefined, // projectId - handled by subclass override
|
|
437
|
-
protection
|
|
466
|
+
this.getConsentProvider(protection) // Provider from tool config (supports both password and oauth auth)
|
|
438
467
|
);
|
|
439
468
|
this.interceptedCalls.set(resumeToken, interceptedCall);
|
|
440
469
|
this.cleanupExpiredInterceptedCalls();
|
|
@@ -497,7 +526,7 @@ class MCPIRuntimeBase {
|
|
|
497
526
|
expiresAt: this.clock.calculateExpiry(1800),
|
|
498
527
|
};
|
|
499
528
|
const resumeToken = this.generateResumeToken(interceptedCall);
|
|
500
|
-
const consentUrl = this.buildConsentUrl(toolName, protection.requiredScopes, session, resumeToken, undefined, protection
|
|
529
|
+
const consentUrl = this.buildConsentUrl(toolName, protection.requiredScopes, session, resumeToken, undefined, this.getConsentProvider(protection));
|
|
501
530
|
this.interceptedCalls.set(resumeToken, interceptedCall);
|
|
502
531
|
this.cleanupExpiredInterceptedCalls();
|
|
503
532
|
throw new tool_protection_js_1.DelegationRequiredError(toolName, protection.requiredScopes, consentUrl, interceptedCall, resumeToken);
|
|
@@ -523,7 +552,7 @@ class MCPIRuntimeBase {
|
|
|
523
552
|
expiresAt: this.clock.calculateExpiry(1800),
|
|
524
553
|
};
|
|
525
554
|
const resumeToken = this.generateResumeToken(interceptedCall);
|
|
526
|
-
const consentUrl = this.buildConsentUrl(toolName, protection.requiredScopes, session, resumeToken, undefined, protection
|
|
555
|
+
const consentUrl = this.buildConsentUrl(toolName, protection.requiredScopes, session, resumeToken, undefined, this.getConsentProvider(protection));
|
|
527
556
|
this.interceptedCalls.set(resumeToken, interceptedCall);
|
|
528
557
|
this.cleanupExpiredInterceptedCalls();
|
|
529
558
|
throw new tool_protection_js_1.DelegationRequiredError(toolName, protection.requiredScopes, consentUrl, interceptedCall, resumeToken);
|
|
@@ -578,7 +607,7 @@ class MCPIRuntimeBase {
|
|
|
578
607
|
};
|
|
579
608
|
const resumeToken = this.generateResumeToken(interceptedCall);
|
|
580
609
|
const consentUrl = this.buildConsentUrl(toolName, protection.requiredScopes, session, resumeToken, undefined, // projectId - handled by subclass override
|
|
581
|
-
protection
|
|
610
|
+
this.getConsentProvider(protection) // Provider from tool config (supports both password and oauth auth)
|
|
582
611
|
);
|
|
583
612
|
this.interceptedCalls.set(resumeToken, interceptedCall);
|
|
584
613
|
this.cleanupExpiredInterceptedCalls();
|
|
@@ -603,7 +632,7 @@ class MCPIRuntimeBase {
|
|
|
603
632
|
};
|
|
604
633
|
const resumeToken = this.generateResumeToken(interceptedCall);
|
|
605
634
|
const consentUrl = this.buildConsentUrl(toolName, protection.requiredScopes, session, resumeToken, undefined, // projectId - handled by subclass override
|
|
606
|
-
protection
|
|
635
|
+
this.getConsentProvider(protection) // Provider from tool config (supports both password and oauth auth)
|
|
607
636
|
);
|
|
608
637
|
this.interceptedCalls.set(resumeToken, interceptedCall);
|
|
609
638
|
this.cleanupExpiredInterceptedCalls();
|