@lobu/gateway 2.8.0

package/dist/auth/mcp/proxy.js

@@ -0,0 +1,783 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.McpProxy = void 0;
+const promises_1 = __importDefault(require("node:dns/promises"));
+const core_1 = require("@lobu/core");
+const hono_1 = require("hono");
+const approval_policy_1 = require("../../permissions/approval-policy");
+const device_auth_1 = require("../../routes/internal/device-auth");
+const logger = (0, core_1.createLogger)("mcp-proxy");
+const MAX_BODY_SIZE = 1024 * 1024; // 1MB
+/**
+ * Check whether a resolved IP address belongs to a reserved/internal range.
+ */
+function isReservedIp(ip) {
+    // IPv6 loopback
+    if (ip === "::1")
+        return true;
+    // IPv6 unique local (fc00::/7)
+    if (/^f[cd]/i.test(ip))
+        return true;
+    // IPv4
+    const parts = ip.split(".").map(Number);
+    if (parts.length === 4) {
+        const [a, b] = parts;
+        // 127.0.0.0/8
+        if (a === 127)
+            return true;
+        // 10.0.0.0/8
+        if (a === 10)
+            return true;
+        // 172.16.0.0/12
+        if (a === 172 && b >= 16 && b <= 31)
+            return true;
+        // 192.168.0.0/16
+        if (a === 192 && b === 168)
+            return true;
+        // 169.254.0.0/16 (link-local)
+        if (a === 169 && b === 254)
+            return true;
+    }
+    return false;
+}
+/**
+ * Resolve a URL's hostname and check whether it points to an internal/reserved network.
+ */
+async function isInternalUrl(url) {
+    try {
+        const parsed = new URL(url);
+        const hostname = parsed.hostname;
+        // Check if hostname is already an IP literal
+        if (isReservedIp(hostname))
+            return true;
+        // Resolve hostname to IP addresses
+        const addresses = await promises_1.default.resolve4(hostname).catch(() => []);
+        const addresses6 = await promises_1.default.resolve6(hostname).catch(() => []);
+        for (const addr of [...addresses, ...addresses6]) {
+            if (isReservedIp(addr))
+                return true;
+        }
+        return false;
+    }
+    catch (_a) {
+        // If URL parsing fails, block it
+        return true;
+    }
+}
+function authenticateRequest(c) {
+    const sessionToken = extractSessionToken(c);
+    if (!sessionToken)
+        return null;
+    const tokenData = (0, core_1.verifyWorkerToken)(sessionToken);
+    if (!tokenData)
+        return null;
+    return { tokenData, token: sessionToken };
+}
+function extractSessionToken(c) {
+    const authHeader = c.req.header("authorization");
+    if (authHeader === null || authHeader === void 0 ? void 0 : authHeader.startsWith("Bearer ")) {
+        return authHeader.substring(7);
+    }
+    const tokenFromQuery = c.req.query("workerToken");
+    if (typeof tokenFromQuery === "string") {
+        return tokenFromQuery;
+    }
+    return null;
+}
+class McpProxy {
+    constructor(configService, queue, toolCache, grantStore) {
+        this.configService = configService;
+        this.grantStore = grantStore;
+        this.SESSION_TTL_SECONDS = 30 * 60; // 30 minutes
+        this.redisClient = queue.getRedisClient();
+        this.toolCache = toolCache;
+        this.app = new hono_1.Hono();
+        this.setupRoutes();
+        logger.debug("MCP proxy initialized");
+    }
+    getApp() {
+        return this.app;
+    }
+    /**
+     * Check if this request is an MCP proxy request (has X-Mcp-Id header)
+     * Used by gateway to determine if root path requests should be handled by MCP proxy
+     */
+    isMcpRequest(c) {
+        return !!c.req.header("x-mcp-id");
+    }
+    /**
+     * Fetch tools and instructions for a specific MCP server.
+     * Performs MCP initialize handshake first to capture server instructions,
+     * then fetches tool list.
+     */
+    async fetchToolsForMcp(mcpId, agentId, tokenData) {
+        var _a, _b, _c;
+        if (this.toolCache) {
+            const cached = await this.toolCache.getServerInfo(mcpId, agentId);
+            if (cached)
+                return cached;
+        }
+        const httpServer = await this.configService.getHttpServer(mcpId, agentId);
+        if (!httpServer) {
+            return { tools: [] };
+        }
+        const userId = tokenData === null || tokenData === void 0 ? void 0 : tokenData.userId;
+        try {
+            // Clear any stale session before fresh tool discovery
+            const sessionKey = `mcp:session:${agentId}:${mcpId}`;
+            await this.redisClient.del(sessionKey).catch(() => {
+                /* noop */
+            });
+            // Step 1: Send initialize to capture server instructions
+            let instructions;
+            try {
+                const initBody = JSON.stringify({
+                    jsonrpc: "2.0",
+                    method: "initialize",
+                    params: {
+                        protocolVersion: "2024-11-05",
+                        capabilities: {},
+                        clientInfo: { name: "lobu-gateway", version: "1.0.0" },
+                    },
+                    id: 0,
+                });
+                const initResponse = await this.sendUpstreamRequest(httpServer, agentId, mcpId, "POST", initBody, userId);
+                const initData = (await initResponse.json());
+                if ((_a = initData === null || initData === void 0 ? void 0 : initData.result) === null || _a === void 0 ? void 0 : _a.instructions) {
+                    instructions = initData.result.instructions;
+                    logger.info("Captured MCP server instructions", {
+                        mcpId,
+                        length: instructions.length,
+                    });
+                }
+                // Step 2: Send initialized notification (required by MCP spec)
+                const notifyBody = JSON.stringify({
+                    jsonrpc: "2.0",
+                    method: "notifications/initialized",
+                });
+                await this.sendUpstreamRequest(httpServer, agentId, mcpId, "POST", notifyBody, userId).catch(() => {
+                    /* noop */
+                });
+            }
+            catch (initError) {
+                logger.warn("MCP initialize failed (continuing with tools/list)", {
+                    mcpId,
+                    error: initError instanceof Error ? initError.message : String(initError),
+                });
+            }
+            // Step 3: Fetch tools list
+            const jsonRpcBody = JSON.stringify({
+                jsonrpc: "2.0",
+                method: "tools/list",
+                params: {},
+                id: 1,
+            });
+            const response = await this.sendUpstreamRequest(httpServer, agentId, mcpId, "POST", jsonRpcBody, userId);
+            const data = (await response.json());
+            const tools = ((_b = data === null || data === void 0 ? void 0 : data.result) === null || _b === void 0 ? void 0 : _b.tools) || [];
+            const serverInfo = { tools, instructions };
+            if (this.toolCache && tools.length > 0) {
+                await this.toolCache.setServerInfo(mcpId, serverInfo, agentId);
+            }
+            return serverInfo;
+        }
+        catch (error) {
+            logger.warn("Failed to fetch tools for MCP, retrying once", {
+                mcpId,
+                error: error instanceof Error ? error.message : String(error),
+            });
+            // Retry once after a short delay (upstream may still be starting)
+            await new Promise((r) => setTimeout(r, 2000));
+            try {
+                const retryBody = JSON.stringify({
+                    jsonrpc: "2.0",
+                    method: "tools/list",
+                    params: {},
+                    id: 1,
+                });
+                const retryResponse = await this.sendUpstreamRequest(httpServer, agentId, mcpId, "POST", retryBody, userId);
+                const retryData = (await retryResponse.json());
+                const retryTools = ((_c = retryData === null || retryData === void 0 ? void 0 : retryData.result) === null || _c === void 0 ? void 0 : _c.tools) || [];
+                if (retryTools.length > 0) {
+                    const serverInfo = { tools: retryTools };
+                    if (this.toolCache) {
+                        await this.toolCache.setServerInfo(mcpId, serverInfo, agentId);
+                    }
+                    logger.info("Retry succeeded for MCP tool fetch", {
+                        mcpId,
+                        toolCount: retryTools.length,
+                    });
+                    return serverInfo;
+                }
+            }
+            catch (retryError) {
+                logger.error("Retry also failed for MCP tool fetch", {
+                    mcpId,
+                    error: retryError instanceof Error
+                        ? retryError.message
+                        : String(retryError),
+                });
+            }
+            return { tools: [] };
+        }
+    }
+    setupRoutes() {
+        // REST API endpoints for curl-based tool access (registered BEFORE catch-all)
+        this.app.get("/tools", (c) => this.handleListAllTools(c));
+        this.app.get("/:mcpId/tools", (c) => this.handleListTools(c));
+        this.app.post("/:mcpId/tools/:toolName", (c) => this.handleCallTool(c));
+        // Legacy endpoints (if needed for other MCP transports)
+        this.app.all("/register", (c) => this.handleProxyRequest(c));
+        this.app.all("/message", (c) => this.handleProxyRequest(c));
+        // Path-based routes (for SSE or other transports)
+        this.app.all("/:mcpId", (c) => this.handleProxyRequest(c));
+        this.app.all("/:mcpId/*", (c) => this.handleProxyRequest(c));
+    }
+    async handleListTools(c) {
+        var _a;
+        const mcpId = c.req.param("mcpId");
+        if (!mcpId)
+            return c.json({ error: "Missing MCP server id" }, 400);
+        const auth = authenticateRequest(c);
+        if (!auth)
+            return c.json({ error: "Invalid authentication token" }, 401);
+        const agentId = auth.tokenData.agentId || auth.tokenData.userId;
+        const requesterUserId = auth.tokenData.userId;
+        if (!agentId || !requesterUserId) {
+            return c.json({ error: "Invalid authentication token" }, 401);
+        }
+        const httpServer = await this.configService.getHttpServer(mcpId, agentId);
+        if (!httpServer) {
+            return c.json({ error: `MCP server '${mcpId}' not found` }, 404);
+        }
+        // Check cache
+        if (this.toolCache) {
+            const cached = await this.toolCache.get(mcpId, agentId);
+            if (cached)
+                return c.json({ tools: cached });
+        }
+        try {
+            const jsonRpcBody = JSON.stringify({
+                jsonrpc: "2.0",
+                method: "tools/list",
+                params: {},
+                id: 1,
+            });
+            const response = await this.sendUpstreamRequest(httpServer, agentId, mcpId, "POST", jsonRpcBody, requesterUserId);
+            const data = (await response.json());
+            if (data === null || data === void 0 ? void 0 : data.error) {
+                logger.error("Upstream returned JSON-RPC error", {
+                    mcpId,
+                    error: data.error,
+                });
+                return c.json({ error: data.error.message || "Upstream error" }, 502);
+            }
+            const tools = ((_a = data === null || data === void 0 ? void 0 : data.result) === null || _a === void 0 ? void 0 : _a.tools) || [];
+            // Cache result
+            if (this.toolCache && tools.length > 0) {
+                await this.toolCache.set(mcpId, tools, agentId);
+            }
+            return c.json({ tools });
+        }
+        catch (error) {
+            logger.error("Failed to list tools", { mcpId, error });
+            return c.json({
+                error: `Failed to connect to MCP '${mcpId}': ${error instanceof Error ? error.message : "Unknown error"}`,
+            }, 502);
+        }
+    }
+    async handleCallTool(c) {
+        const mcpId = c.req.param("mcpId");
+        const toolName = c.req.param("toolName");
+        if (!mcpId || !toolName) {
+            return c.json({ error: "Missing MCP server id or tool name" }, 400);
+        }
+        const auth = authenticateRequest(c);
+        if (!auth)
+            return c.json({ error: "Invalid authentication token" }, 401);
+        const agentId = auth.tokenData.agentId || auth.tokenData.userId;
+        const requesterUserId = auth.tokenData.userId;
+        if (!agentId || !requesterUserId) {
+            return c.json({ error: "Invalid authentication token" }, 401);
+        }
+        const httpServer = await this.configService.getHttpServer(mcpId, agentId);
+        if (!httpServer) {
+            return c.json({ error: `MCP server '${mcpId}' not found` }, 404);
+        }
+        // Check tool approval based on annotations and grants.
+        if (this.grantStore) {
+            const { found, annotations } = await this.getToolAnnotations(mcpId, toolName, agentId, auth.tokenData);
+            if (found && (0, approval_policy_1.requiresToolApproval)(annotations)) {
+                const pattern = `/mcp/${mcpId}/tools/${toolName}`;
+                const hasGrant = await this.grantStore.hasGrant(agentId, pattern);
+                if (!hasGrant) {
+                    logger.info("Tool call blocked: requires approval", {
+                        agentId,
+                        mcpId,
+                        toolName,
+                        pattern,
+                    });
+                    return c.json({
+                        content: [
+                            {
+                                type: "text",
+                                text: `Tool call requires approval. Request access approval in chat for: ${mcpId} → ${toolName}`,
+                            },
+                        ],
+                        isError: true,
+                    }, 403);
+                }
+            }
+        }
+        let toolArguments = {};
+        try {
+            const body = await c.req.text();
+            if (body) {
+                if (body.length > MAX_BODY_SIZE) {
+                    return c.json({ error: "Request body too large" }, 413);
+                }
+                toolArguments = JSON.parse(body);
+            }
+        }
+        catch (_a) {
+            return c.json({ error: "Invalid JSON body" }, 400);
+        }
+        try {
+            const jsonRpcBody = JSON.stringify({
+                jsonrpc: "2.0",
+                method: "tools/call",
+                params: { name: toolName, arguments: toolArguments },
+                id: 1,
+            });
+            let response = await this.sendUpstreamRequest(httpServer, agentId, mcpId, "POST", jsonRpcBody, requesterUserId);
+            let data = (await response.json());
+            // Re-initialize session and retry on "Server not initialized"
+            if ((data === null || data === void 0 ? void 0 : data.error) && /not initialized/i.test(data.error.message || "")) {
+                logger.info("MCP session expired, re-initializing before retry", {
+                    mcpId,
+                    toolName,
+                });
+                await this.reinitializeSession(httpServer, agentId, mcpId, requesterUserId);
+                response = await this.sendUpstreamRequest(httpServer, agentId, mcpId, "POST", jsonRpcBody, requesterUserId);
+                data = (await response.json());
+            }
+            if (data === null || data === void 0 ? void 0 : data.error) {
+                const errorMsg = data.error.message ||
+                    (typeof data.error === "string" ? data.error : "Upstream error");
+                logger.error("Upstream returned JSON-RPC error on tool call", {
+                    mcpId,
+                    toolName,
+                    error: data.error,
+                });
+                // Detect auth errors — auto-start device-code auth flow
+                if (/unauthorized|unauthenticated|forbidden/i.test(errorMsg)) {
+                    const autoAuthResult = await this.tryAutoDeviceAuth(mcpId, agentId, requesterUserId);
+                    if (autoAuthResult) {
+                        return c.json({
+                            content: [
+                                {
+                                    type: "text",
+                                    text: autoAuthResult,
+                                },
+                            ],
+                            isError: true,
+                        }, 200);
+                    }
+                    return c.json({
+                        content: [
+                            {
+                                type: "text",
+                                text: `Authentication required for ${mcpId}. Call owletto_login to authenticate.`,
+                            },
+                        ],
+                        isError: true,
+                    }, 200);
+                }
+                return c.json({
+                    content: [],
+                    isError: true,
+                    error: errorMsg,
+                }, 502);
+            }
+            const result = (data === null || data === void 0 ? void 0 : data.result) || {};
+            return c.json({
+                content: result.content || [],
+                isError: result.isError || false,
+            });
+        }
+        catch (error) {
+            logger.error("Failed to call tool", { mcpId, toolName, error });
+            return c.json({
+                content: [],
+                isError: true,
+                error: `Failed to connect to MCP '${mcpId}': ${error instanceof Error ? error.message : "Unknown error"}`,
+            }, 502);
+        }
+    }
+    async handleListAllTools(c) {
+        const auth = authenticateRequest(c);
+        if (!auth)
+            return c.json({ error: "Invalid authentication token" }, 401);
+        const agentId = auth.tokenData.agentId || auth.tokenData.userId;
+        const allHttpServers = await this.configService.getAllHttpServers(agentId);
+        const allMcpIds = Array.from(allHttpServers.keys());
+        const mcpServers = {};
+        // Fetch tools in parallel, tolerate failures
+        const results = await Promise.allSettled(allMcpIds.map(async (mcpId) => {
+            const { tools } = await this.fetchToolsForMcp(mcpId, agentId, auth.tokenData);
+            return { mcpId, tools };
+        }));
+        for (const result of results) {
+            if (result.status === "fulfilled" && result.value.tools.length > 0) {
+                mcpServers[result.value.mcpId] = { tools: result.value.tools };
+            }
+        }
+        return c.json({ mcpServers });
+    }
+    async handleProxyRequest(c) {
+        const mcpId = c.req.param("mcpId") || c.req.header("x-mcp-id");
+        const sessionToken = extractSessionToken(c);
+        logger.info("Handling MCP proxy request", {
+            method: c.req.method,
+            path: c.req.path,
+            mcpId,
+            hasSessionToken: !!sessionToken,
+        });
+        if (!mcpId) {
+            return this.sendJsonRpcError(c, -32600, "Missing MCP ID");
+        }
+        if (!sessionToken) {
+            return this.sendJsonRpcError(c, -32600, "Missing authentication token");
+        }
+        const tokenData = (0, core_1.verifyWorkerToken)(sessionToken);
+        if (!tokenData) {
+            return this.sendJsonRpcError(c, -32600, "Invalid authentication token");
+        }
+        const agentId = tokenData.agentId || tokenData.userId;
+        const httpServer = await this.configService.getHttpServer(mcpId, agentId);
+        if (!httpServer) {
+            return this.sendJsonRpcError(c, -32601, `MCP server '${mcpId}' not found`);
+        }
+        try {
+            return await this.forwardRequest(c, httpServer, agentId, mcpId, tokenData.userId);
+        }
+        catch (error) {
+            logger.error("Failed to proxy MCP request", { error, mcpId });
+            return this.sendJsonRpcError(c, -32603, `Failed to connect to MCP '${mcpId}': ${error instanceof Error ? error.message : "Unknown error"}`);
+        }
+    }
+    async getToolAnnotations(mcpId, toolName, agentId, tokenData) {
+        let tools = null;
+        if (this.toolCache) {
+            tools = await this.toolCache.get(mcpId, agentId);
+        }
+        if (!tools) {
+            const result = await this.fetchToolsForMcp(mcpId, agentId, tokenData);
+            tools = result.tools;
+        }
+        if (tools.length === 0) {
+            return { found: false };
+        }
+        const tool = tools.find((t) => t.name === toolName);
+        return { found: true, annotations: tool === null || tool === void 0 ? void 0 : tool.annotations };
+    }
+    buildUpstreamHeaders(sessionId, configHeaders, credentialToken) {
+        const headers = {
+            "Content-Type": "application/json",
+            Accept: "application/json",
+        };
+        // Merge custom headers from server config (e.g. static auth tokens)
+        if (configHeaders) {
+            for (const [key, value] of Object.entries(configHeaders)) {
+                headers[key] = value;
+            }
+        }
+        // Per-user credential takes precedence over config headers for Authorization
+        if (credentialToken) {
+            headers.Authorization = `Bearer ${credentialToken}`;
+        }
+        if (sessionId) {
+            headers["Mcp-Session-Id"] = sessionId;
+        }
+        return headers;
+    }
+    async resolveCredentialToken(agentId, userId, mcpId) {
+        var _a;
+        const credential = await (0, device_auth_1.getStoredCredential)(this.redisClient, agentId, userId, mcpId);
+        if (!credential) {
+            // No stored credential — check if there's a pending device-auth to complete
+            return (0, device_auth_1.tryCompletePendingDeviceAuth)(this.redisClient, agentId, userId, mcpId);
+        }
+        // Check if token is still valid (5 minute buffer)
+        if (credential.expiresAt > Date.now() + 5 * 60 * 1000) {
+            return credential.accessToken;
+        }
+        // Token expired or expiring soon — refresh
+        const refreshed = await (0, device_auth_1.refreshCredential)(this.redisClient, agentId, userId, mcpId, credential);
+        return (_a = refreshed === null || refreshed === void 0 ? void 0 : refreshed.accessToken) !== null && _a !== void 0 ? _a : null;
+    }
+    async sendUpstreamRequest(httpServer, agentId, mcpId, method, body, userId) {
+        const sessionKey = `mcp:session:${agentId}:${mcpId}`;
+        const sessionId = await this.getSession(sessionKey);
+        // Look up per-user credential for this MCP
+        let credentialToken;
+        if (userId) {
+            const token = await this.resolveCredentialToken(agentId, userId, mcpId);
+            if (token)
+                credentialToken = token;
+        }
+        // SSRF protection: block requests to internal networks
+        if (await isInternalUrl(httpServer.upstreamUrl)) {
+            logger.warn("Blocked SSRF attempt to internal URL", {
+                url: httpServer.upstreamUrl,
+                mcpId,
+                agentId,
+            });
+            return new Response(JSON.stringify({
+                jsonrpc: "2.0",
+                id: null,
+                error: {
+                    code: -32600,
+                    message: "Upstream URL resolves to a blocked internal network",
+                },
+            }), { status: 403, headers: { "Content-Type": "application/json" } });
+        }
+        const headers = this.buildUpstreamHeaders(sessionId, httpServer.headers, credentialToken);
+        const response = await fetch(httpServer.upstreamUrl, {
+            method,
+            headers,
+            body: body || undefined,
+        });
+        // Track session
+        const newSessionId = response.headers.get("Mcp-Session-Id");
+        if (newSessionId) {
+            await this.setSession(sessionKey, newSessionId);
+        }
+        return response;
+    }
+    async forwardRequest(c, httpServer, agentId, mcpId, userId) {
+        // SSRF protection: block requests to internal networks
+        if (await isInternalUrl(httpServer.upstreamUrl)) {
+            logger.warn("Blocked SSRF attempt to internal URL", {
+                url: httpServer.upstreamUrl,
+                mcpId,
+                agentId,
+            });
+            return this.sendJsonRpcError(c, -32600, "Upstream URL resolves to a blocked internal network");
+        }
+        const sessionKey = `mcp:session:${agentId}:${mcpId}`;
+        let sessionId = await this.getSession(sessionKey);
+        const bodyText = await this.getRequestBodyAsText(c);
+        // Body size validation
+        if (bodyText.length > MAX_BODY_SIZE) {
+            logger.warn("Request body too large", {
+                mcpId,
+                agentId,
+                size: bodyText.length,
+            });
+            return new Response("Request body too large", { status: 413 });
+        }
+        // If no active session exists, re-initialize before forwarding
+        if (!sessionId && c.req.method === "POST") {
+            try {
+                await this.reinitializeSession(httpServer, agentId, mcpId, userId);
+                sessionId = await this.getSession(sessionKey);
+            }
+            catch (error) {
+                logger.warn("Pre-emptive MCP re-initialization failed", {
+                    mcpId,
+                    error: error instanceof Error ? error.message : String(error),
+                });
+            }
+        }
+        logger.info("Proxying MCP request", {
+            mcpId,
+            agentId,
+            method: c.req.method,
+            hasSession: !!sessionId,
+            bodyLength: bodyText.length,
+        });
+        // Look up per-user credential for this MCP
+        let credentialToken;
+        if (userId) {
+            const token = await this.resolveCredentialToken(agentId, userId, mcpId);
+            if (token)
+                credentialToken = token;
+        }
+        const headers = this.buildUpstreamHeaders(sessionId, httpServer.headers, credentialToken);
+        const response = await fetch(httpServer.upstreamUrl, {
+            method: c.req.method,
+            headers,
+            body: bodyText || undefined,
+        });
+        const newSessionId = response.headers.get("Mcp-Session-Id");
+        if (newSessionId) {
+            await this.setSession(sessionKey, newSessionId);
+            logger.debug("Stored MCP session ID", {
+                mcpId,
+                agentId,
+                sessionId: newSessionId,
+            });
+        }
+        const responseHeaders = new Headers();
+        const contentType = response.headers.get("content-type");
+        if (contentType) {
+            responseHeaders.set("Content-Type", contentType);
+        }
+        if (newSessionId) {
+            responseHeaders.set("Mcp-Session-Id", newSessionId);
+        }
+        return new Response(response.body, {
+            status: response.status,
+            headers: responseHeaders,
+        });
+    }
+    async getRequestBodyAsText(c) {
+        if (c.req.method === "GET" || c.req.method === "HEAD") {
+            return "";
+        }
+        try {
+            return await c.req.text();
+        }
+        catch (_a) {
+            return "";
+        }
+    }
+    /**
+     * Re-initialize an MCP session by sending initialize + notifications/initialized.
+     * Called when upstream returns "Server not initialized" (stale session).
+     */
+    async reinitializeSession(httpServer, agentId, mcpId, userId) {
+        // Clear stale session
+        const sessionKey = `mcp:session:${agentId}:${mcpId}`;
+        await this.redisClient.del(sessionKey).catch(() => {
+            /* noop */
+        });
+        // Send initialize
+        const initBody = JSON.stringify({
+            jsonrpc: "2.0",
+            method: "initialize",
+            params: {
+                protocolVersion: "2024-11-05",
+                capabilities: {},
+                clientInfo: { name: "lobu-gateway", version: "1.0.0" },
+            },
+            id: 0,
+        });
+        const initResponse = await this.sendUpstreamRequest(httpServer, agentId, mcpId, "POST", initBody, userId);
+        await initResponse.json(); // consume response
+        // Send notifications/initialized
+        const notifyBody = JSON.stringify({
+            jsonrpc: "2.0",
+            method: "notifications/initialized",
+        });
+        await this.sendUpstreamRequest(httpServer, agentId, mcpId, "POST", notifyBody, userId).catch(() => {
+            /* noop */
+        });
+        logger.info("Re-initialized MCP session", { mcpId, agentId });
+    }
+    /**
+     * Auto-start device-code auth when an MCP upstream returns an auth error.
+     * Returns a user-facing message with the verification URL, or null on failure.
+     */
+    async tryAutoDeviceAuth(mcpId, agentId, userId) {
+        try {
+            const { startDeviceAuth } = await Promise.resolve().then(() => __importStar(require("../../routes/internal/device-auth")));
+            // Check if a device auth flow is already pending (avoid duplicate starts)
+            const pendingKey = `device-auth:${agentId}:${userId}:${mcpId}`;
+            const pending = await this.redisClient.get(pendingKey);
+            if (pending) {
+                // Return the existing pending flow's info instead of starting a new one
+                return JSON.stringify({
+                    status: "login_required",
+                    message: "Authentication is required. A login flow is already in progress. STOP calling tools and tell the user to complete login in their browser. Do NOT retry this tool call.",
+                    note: "Do NOT call any owletto tools until the user completes login.",
+                });
+            }
+            const result = await startDeviceAuth(this.redisClient, this.configService, mcpId, agentId, userId);
+            if (!result)
+                return null;
+            const url = result.verificationUriComplete || result.verificationUri;
+            return JSON.stringify({
+                status: "login_required",
+                message: "Authentication is required. STOP calling tools and show the user this login link and code. Do NOT retry this tool call — wait for the user to complete login first.",
+                verification_url: url,
+                user_code: result.userCode,
+                expires_in_seconds: result.expiresIn,
+            });
+        }
+        catch (error) {
+            logger.warn("Auto device-auth failed", {
+                mcpId,
+                error: error instanceof Error ? error.message : String(error),
+            });
+            return null;
+        }
+    }
+    async getSession(key) {
+        try {
+            const sessionId = await this.redisClient.get(key);
+            if (sessionId) {
+                await this.redisClient.expire(key, this.SESSION_TTL_SECONDS);
+            }
+            return sessionId;
+        }
+        catch (error) {
+            logger.error("Failed to get MCP session from Redis", { key, error });
+            return null;
+        }
+    }
+    async setSession(key, sessionId) {
+        try {
+            await this.redisClient.set(key, sessionId, "EX", this.SESSION_TTL_SECONDS);
+        }
+        catch (error) {
+            logger.error("Failed to store MCP session in Redis", { key, error });
+        }
+    }
+    sendJsonRpcError(c, code, message, id = null) {
+        return c.json({
+            jsonrpc: "2.0",
+            id,
+            error: { code, message },
+        }, 200);
+    }
+}
+exports.McpProxy = McpProxy;
+//# sourceMappingURL=proxy.js.map