npm - @lobu/gateway - Versions diffs - 3.0.9 → 3.0.13 - Mend

@lobu/gateway 3.0.9 → 3.0.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (212) hide show

package/dist/api/platform.d.ts.map +1 -1
package/dist/api/platform.js +7 -26
package/dist/api/platform.js.map +1 -1
package/dist/auth/mcp/proxy.d.ts +14 -0
package/dist/auth/mcp/proxy.d.ts.map +1 -1
package/dist/auth/mcp/proxy.js +149 -13
package/dist/auth/mcp/proxy.js.map +1 -1
package/dist/cli/gateway.d.ts.map +1 -1
package/dist/cli/gateway.js +29 -0
package/dist/cli/gateway.js.map +1 -1
package/dist/connections/chat-instance-manager.d.ts.map +1 -1
package/dist/connections/chat-instance-manager.js +2 -1
package/dist/connections/chat-instance-manager.js.map +1 -1
package/dist/connections/interaction-bridge.d.ts +9 -2
package/dist/connections/interaction-bridge.d.ts.map +1 -1
package/dist/connections/interaction-bridge.js +121 -261
package/dist/connections/interaction-bridge.js.map +1 -1
package/dist/gateway/index.js +1 -1
package/dist/gateway/index.js.map +1 -1
package/dist/interactions.d.ts +9 -43
package/dist/interactions.d.ts.map +1 -1
package/dist/interactions.js +10 -52
package/dist/interactions.js.map +1 -1
package/dist/routes/public/agent.d.ts +4 -0
package/dist/routes/public/agent.d.ts.map +1 -1
package/dist/routes/public/agent.js +21 -0
package/dist/routes/public/agent.js.map +1 -1
package/dist/services/core-services.d.ts.map +1 -1
package/dist/services/core-services.js +4 -0
package/dist/services/core-services.js.map +1 -1
package/package.json +9 -9
package/src/__tests__/agent-config-routes.test.ts +0 -254
package/src/__tests__/agent-history-routes.test.ts +0 -72
package/src/__tests__/agent-routes.test.ts +0 -68
package/src/__tests__/agent-schedules-routes.test.ts +0 -59
package/src/__tests__/agent-settings-store.test.ts +0 -323
package/src/__tests__/bedrock-model-catalog.test.ts +0 -40
package/src/__tests__/bedrock-openai-service.test.ts +0 -157
package/src/__tests__/bedrock-provider-module.test.ts +0 -56
package/src/__tests__/chat-instance-manager-slack.test.ts +0 -204
package/src/__tests__/chat-response-bridge.test.ts +0 -131
package/src/__tests__/config-memory-plugins.test.ts +0 -92
package/src/__tests__/config-request-store.test.ts +0 -127
package/src/__tests__/connection-routes.test.ts +0 -144
package/src/__tests__/core-services-store-selection.test.ts +0 -92
package/src/__tests__/docker-deployment.test.ts +0 -1211
package/src/__tests__/embedded-deployment.test.ts +0 -342
package/src/__tests__/grant-store.test.ts +0 -148
package/src/__tests__/http-proxy.test.ts +0 -281
package/src/__tests__/instruction-service.test.ts +0 -37
package/src/__tests__/link-buttons.test.ts +0 -112
package/src/__tests__/lobu.test.ts +0 -32
package/src/__tests__/mcp-config-service.test.ts +0 -347
package/src/__tests__/mcp-proxy.test.ts +0 -694
package/src/__tests__/message-handler-bridge.test.ts +0 -17
package/src/__tests__/model-selection.test.ts +0 -172
package/src/__tests__/oauth-templates.test.ts +0 -39
package/src/__tests__/platform-adapter-slack-send.test.ts +0 -114
package/src/__tests__/platform-helpers-model-resolution.test.ts +0 -253
package/src/__tests__/provider-inheritance.test.ts +0 -212
package/src/__tests__/routes/cli-auth.test.ts +0 -337
package/src/__tests__/routes/interactions.test.ts +0 -121
package/src/__tests__/secret-proxy.test.ts +0 -85
package/src/__tests__/session-manager.test.ts +0 -572
package/src/__tests__/setup.ts +0 -133
package/src/__tests__/skill-and-mcp-registry.test.ts +0 -203
package/src/__tests__/slack-routes.test.ts +0 -161
package/src/__tests__/system-config-resolver.test.ts +0 -75
package/src/__tests__/system-message-limiter.test.ts +0 -89
package/src/__tests__/system-skills-service.test.ts +0 -362
package/src/__tests__/transcription-service.test.ts +0 -222
package/src/__tests__/utils/rate-limiter.test.ts +0 -102
package/src/__tests__/worker-connection-manager.test.ts +0 -497
package/src/__tests__/worker-job-router.test.ts +0 -722
package/src/api/index.ts +0 -1
package/src/api/platform.ts +0 -292
package/src/api/response-renderer.ts +0 -157
package/src/auth/agent-metadata-store.ts +0 -168
package/src/auth/api-auth-middleware.ts +0 -69
package/src/auth/api-key-provider-module.ts +0 -213
package/src/auth/base-provider-module.ts +0 -201
package/src/auth/bedrock/provider-module.ts +0 -110
package/src/auth/chatgpt/chatgpt-oauth-module.ts +0 -185
package/src/auth/chatgpt/device-code-client.ts +0 -218
package/src/auth/chatgpt/index.ts +0 -1
package/src/auth/claude/oauth-module.ts +0 -280
package/src/auth/cli/token-service.ts +0 -249
package/src/auth/external/client.ts +0 -560
package/src/auth/external/device-code-client.ts +0 -235
package/src/auth/mcp/config-service.ts +0 -420
package/src/auth/mcp/proxy.ts +0 -1086
package/src/auth/mcp/string-substitution.ts +0 -17
package/src/auth/mcp/tool-cache.ts +0 -90
package/src/auth/oauth/base-client.ts +0 -267
package/src/auth/oauth/client.ts +0 -153
package/src/auth/oauth/credentials.ts +0 -7
package/src/auth/oauth/providers.ts +0 -69
package/src/auth/oauth/state-store.ts +0 -150
package/src/auth/oauth-templates.ts +0 -179
package/src/auth/provider-catalog.ts +0 -220
package/src/auth/provider-model-options.ts +0 -41
package/src/auth/settings/agent-settings-store.ts +0 -565
package/src/auth/settings/auth-profiles-manager.ts +0 -216
package/src/auth/settings/index.ts +0 -12
package/src/auth/settings/model-preference-store.ts +0 -52
package/src/auth/settings/model-selection.ts +0 -135
package/src/auth/settings/resolved-settings-view.ts +0 -298
package/src/auth/settings/template-utils.ts +0 -44
package/src/auth/settings/token-service.ts +0 -88
package/src/auth/system-env-store.ts +0 -98
package/src/auth/user-agents-store.ts +0 -68
package/src/channels/binding-service.ts +0 -214
package/src/channels/index.ts +0 -4
package/src/cli/gateway.ts +0 -1312
package/src/cli/index.ts +0 -74
package/src/commands/built-in-commands.ts +0 -80
package/src/commands/command-dispatcher.ts +0 -94
package/src/commands/command-reply-adapters.ts +0 -27
package/src/config/file-loader.ts +0 -618
package/src/config/index.ts +0 -588
package/src/config/network-allowlist.ts +0 -71
package/src/connections/chat-instance-manager.ts +0 -1284
package/src/connections/chat-response-bridge.ts +0 -618
package/src/connections/index.ts +0 -7
package/src/connections/interaction-bridge.ts +0 -831
package/src/connections/message-handler-bridge.ts +0 -440
package/src/connections/platform-auth-methods.ts +0 -15
package/src/connections/types.ts +0 -84
package/src/gateway/connection-manager.ts +0 -291
package/src/gateway/index.ts +0 -698
package/src/gateway/job-router.ts +0 -201
package/src/gateway-main.ts +0 -200
package/src/index.ts +0 -41
package/src/infrastructure/queue/index.ts +0 -12
package/src/infrastructure/queue/queue-producer.ts +0 -148
package/src/infrastructure/queue/redis-queue.ts +0 -361
package/src/infrastructure/queue/types.ts +0 -133
package/src/infrastructure/redis/system-message-limiter.ts +0 -94
package/src/interactions/config-request-store.ts +0 -198
package/src/interactions.ts +0 -363
package/src/lobu.ts +0 -311
package/src/metrics/prometheus.ts +0 -159
package/src/modules/module-system.ts +0 -179
package/src/orchestration/base-deployment-manager.ts +0 -900
package/src/orchestration/deployment-utils.ts +0 -98
package/src/orchestration/impl/docker-deployment.ts +0 -620
package/src/orchestration/impl/embedded-deployment.ts +0 -268
package/src/orchestration/impl/index.ts +0 -8
package/src/orchestration/impl/k8s/deployment.ts +0 -1061
package/src/orchestration/impl/k8s/helpers.ts +0 -610
package/src/orchestration/impl/k8s/index.ts +0 -1
package/src/orchestration/index.ts +0 -333
package/src/orchestration/message-consumer.ts +0 -584
package/src/orchestration/scheduled-wakeup.ts +0 -704
package/src/permissions/approval-policy.ts +0 -36
package/src/permissions/grant-store.ts +0 -219
package/src/platform/file-handler.ts +0 -66
package/src/platform/link-buttons.ts +0 -57
package/src/platform/renderer-utils.ts +0 -44
package/src/platform/response-renderer.ts +0 -84
package/src/platform/unified-thread-consumer.ts +0 -194
package/src/platform.ts +0 -318
package/src/proxy/http-proxy.ts +0 -752
package/src/proxy/proxy-manager.ts +0 -81
package/src/proxy/secret-proxy.ts +0 -402
package/src/proxy/token-refresh-job.ts +0 -143
package/src/routes/internal/audio.ts +0 -141
package/src/routes/internal/device-auth.ts +0 -652
package/src/routes/internal/files.ts +0 -226
package/src/routes/internal/history.ts +0 -69
package/src/routes/internal/images.ts +0 -127
package/src/routes/internal/interactions.ts +0 -84
package/src/routes/internal/middleware.ts +0 -23
package/src/routes/internal/schedule.ts +0 -226
package/src/routes/internal/types.ts +0 -22
package/src/routes/openapi-auto.ts +0 -239
package/src/routes/public/agent-access.ts +0 -23
package/src/routes/public/agent-config.ts +0 -675
package/src/routes/public/agent-history.ts +0 -422
package/src/routes/public/agent-schedules.ts +0 -296
package/src/routes/public/agent.ts +0 -1086
package/src/routes/public/agents.ts +0 -373
package/src/routes/public/channels.ts +0 -191
package/src/routes/public/cli-auth.ts +0 -896
package/src/routes/public/connections.ts +0 -574
package/src/routes/public/landing.ts +0 -16
package/src/routes/public/oauth.ts +0 -147
package/src/routes/public/settings-auth.ts +0 -104
package/src/routes/public/slack.ts +0 -173
package/src/routes/shared/agent-ownership.ts +0 -101
package/src/routes/shared/token-verifier.ts +0 -34
package/src/services/bedrock-model-catalog.ts +0 -217
package/src/services/bedrock-openai-service.ts +0 -658
package/src/services/core-services.ts +0 -1072
package/src/services/image-generation-service.ts +0 -257
package/src/services/instruction-service.ts +0 -318
package/src/services/mcp-registry.ts +0 -94
package/src/services/platform-helpers.ts +0 -287
package/src/services/session-manager.ts +0 -262
package/src/services/settings-resolver.ts +0 -74
package/src/services/system-config-resolver.ts +0 -89
package/src/services/system-skills-service.ts +0 -229
package/src/services/transcription-service.ts +0 -684
package/src/session.ts +0 -110
package/src/spaces/index.ts +0 -1
package/src/spaces/space-resolver.ts +0 -17
package/src/stores/in-memory-agent-store.ts +0 -403
package/src/stores/redis-agent-store.ts +0 -279
package/src/utils/public-url.ts +0 -44
package/src/utils/rate-limiter.ts +0 -94
package/tsconfig.json +0 -33
package/tsconfig.tsbuildinfo +0 -1

package/src/auth/external/device-code-client.ts DELETED Viewed

@@ -1,235 +0,0 @@
-import { BaseOAuth2Client } from "../oauth/base-client";
-import type { OAuthCredentials } from "../oauth/credentials";
-export const DEVICE_CODE_GRANT_TYPE =
-  "urn:ietf:params:oauth:grant-type:device_code";
-export interface DeviceCodeClientConfig {
-  clientId: string;
-  clientSecret?: string;
-  tokenUrl: string;
-  deviceAuthorizationUrl: string;
-  scope: string;
-  /** RFC 8707 resource indicator included in token requests. */
-  resource?: string;
-  tokenEndpointAuthMethod?:
-    | "none"
-    | "client_secret_post"
-    | "client_secret_basic";
-}
-export interface DeviceAuthorizationStartResult {
-  deviceAuthId: string;
-  userCode: string;
-  verificationUri: string;
-  verificationUriComplete?: string;
-  interval: number;
-  expiresIn: number;
-}
-export type DeviceAuthorizationPollResult =
-  | {
-      status: "pending";
-      interval?: number;
-    }
-  | {
-      status: "complete";
-      credentials: OAuthCredentials;
-    }
-  | {
-      status: "error";
-      error: string;
-      errorCode?: string;
-    };
-interface DeviceAuthorizationResponse {
-  device_code: string;
-  user_code: string;
-  verification_uri: string;
-  verification_uri_complete?: string;
-  expires_in: number;
-  interval?: number;
-}
-interface DeviceTokenSuccessResponse {
-  access_token: string;
-  refresh_token?: string;
-  token_type?: string;
-  expires_in?: number;
-  scope?: string;
-}
-interface DeviceTokenErrorResponse {
-  error: string;
-  error_description?: string;
-}
-export class GenericDeviceCodeClient extends BaseOAuth2Client {
-  constructor(private readonly config: DeviceCodeClientConfig) {
-    super("external-device-code-client");
-  }
-  async requestDeviceCode(): Promise<DeviceAuthorizationStartResult> {
-    const params: Record<string, string> = {
-      client_id: this.config.clientId,
-      scope: this.config.scope,
-    };
-    if (this.config.resource) {
-      params.resource = this.config.resource;
-    }
-    const { headers, body } = this.buildAuthenticatedFormBody(params);
-    const response = await fetch(this.config.deviceAuthorizationUrl, {
-      method: "POST",
-      headers,
-      body: body.toString(),
-    });
-    const data = await this.parseJsonResponse<
-      DeviceAuthorizationResponse | DeviceTokenErrorResponse
-    >(response);
-    if (!response.ok || "error" in data) {
-      throw new Error(
-        this.formatOAuthError("Device authorization failed", data)
-      );
-    }
-    return {
-      deviceAuthId: data.device_code,
-      userCode: data.user_code,
-      verificationUri: data.verification_uri,
-      verificationUriComplete: data.verification_uri_complete,
-      interval: Math.max(data.interval ?? 5, 1),
-      expiresIn: data.expires_in,
-    };
-  }
-  async pollForToken(
-    deviceAuthId: string,
-    intervalSeconds?: number
-  ): Promise<DeviceAuthorizationPollResult> {
-    const params: Record<string, string> = {
-      grant_type: DEVICE_CODE_GRANT_TYPE,
-      device_code: deviceAuthId,
-      client_id: this.config.clientId,
-    };
-    if (this.config.resource) {
-      params.resource = this.config.resource;
-    }
-    const { headers, body } = this.buildAuthenticatedFormBody(params);
-    const response = await fetch(this.config.tokenUrl, {
-      method: "POST",
-      headers,
-      body: body.toString(),
-    });
-    const data = await this.parseJsonResponse<
-      DeviceTokenSuccessResponse | DeviceTokenErrorResponse
-    >(response);
-    if (!response.ok || "error" in data) {
-      if ("error" in data) {
-        if (data.error === "authorization_pending") {
-          return { status: "pending", interval: intervalSeconds };
-        }
-        if (data.error === "slow_down") {
-          return {
-            status: "pending",
-            interval: Math.max((intervalSeconds ?? 5) + 5, 1),
-          };
-        }
-        if (data.error === "expired_token" || data.error === "access_denied") {
-          return {
-            status: "error",
-            error: data.error_description || data.error,
-            errorCode: data.error,
-          };
-        }
-      }
-      throw new Error(
-        this.formatOAuthError("Device token polling failed", data)
-      );
-    }
-    const credentials = this.buildCredentials(data);
-    return {
-      status: "complete",
-      credentials,
-    };
-  }
-  private buildCredentials(
-    tokenData: DeviceTokenSuccessResponse
-  ): OAuthCredentials {
-    return {
-      accessToken: tokenData.access_token,
-      refreshToken: tokenData.refresh_token,
-      tokenType: tokenData.token_type || "Bearer",
-      expiresAt:
-        this.calculateExpiresAt(tokenData.expires_in) ?? Date.now() + 3_600_000,
-      scopes: this.parseScopes(tokenData.scope),
-    };
-  }
-  private buildAuthenticatedFormBody(params: Record<string, string>): {
-    headers: Record<string, string>;
-    body: URLSearchParams;
-  } {
-    const body = new URLSearchParams(params);
-    const headers: Record<string, string> = {
-      Accept: "application/json",
-      "Content-Type": "application/x-www-form-urlencoded",
-    };
-    const authMethod = this.config.tokenEndpointAuthMethod || "none";
-    if (authMethod === "client_secret_basic") {
-      headers.Authorization = `Basic ${Buffer.from(
-        `${this.config.clientId}:${this.config.clientSecret || ""}`
-      ).toString("base64")}`;
-    } else if (
-      authMethod === "client_secret_post" &&
-      this.config.clientSecret
-    ) {
-      body.set("client_secret", this.config.clientSecret);
-    }
-    return { headers, body };
-  }
-  private async parseJsonResponse<T>(response: Response): Promise<T> {
-    const contentType = response.headers.get("content-type") || "";
-    if (contentType.includes("application/json")) {
-      return (await response.json()) as T;
-    }
-    const text = await response.text();
-    try {
-      return JSON.parse(text) as T;
-    } catch {
-      return { error: text || response.statusText } as T;
-    }
-  }
-  private formatOAuthError(prefix: string, data: unknown): string {
-    if (data && typeof data === "object" && "error" in data) {
-      const record = data as {
-        error?: unknown;
-        error_description?: unknown;
-      };
-      const error =
-        typeof record.error === "string" ? record.error : "unknown_error";
-      const description =
-        typeof record.error_description === "string"
-          ? record.error_description
-          : undefined;
-      return description
-        ? `${prefix}: ${error} - ${description}`
-        : `${prefix}: ${error}`;
-    }
-    return prefix;
-  }
-}

package/src/auth/mcp/config-service.ts DELETED Viewed

@@ -1,420 +0,0 @@
-import {
-  type McpOAuthConfig,
-  createLogger,
-  verifyWorkerToken,
-} from "@lobu/core";
-import type { SystemConfigResolver } from "../../services/system-config-resolver";
-import type { AgentSettingsStore } from "../settings/agent-settings-store";
-const logger = createLogger("mcp-config-service");
-interface McpInput {
-  type: "promptString";
-  id: string;
-  description: string;
-}
-export interface HttpMcpServerConfig {
-  id: string;
-  upstreamUrl: string;
-  oauth?: McpOAuthConfig;
-  inputs?: McpInput[];
-  headers?: Record<string, string>;
-}
-interface WorkerMcpConfig {
-  mcpServers: Record<string, any>;
-}
-interface McpStatus {
-  id: string;
-  name: string;
-  requiresAuth: boolean;
-  requiresInput: boolean;
-}
-interface LoadedConfig {
-  rawServers: Record<string, any>;
-  httpServers: Map<string, HttpMcpServerConfig>;
-}
-interface McpConfigServiceOptions {
-  agentSettingsStore?: AgentSettingsStore;
-  configResolver?: SystemConfigResolver;
-}
-export class McpConfigService {
-  private cache?: LoadedConfig;
-  private agentSettingsStore?: AgentSettingsStore;
-  private configResolver?: SystemConfigResolver;
-  constructor(options: McpConfigServiceOptions = {}) {
-    this.agentSettingsStore = options.agentSettingsStore;
-    this.configResolver = options.configResolver;
-    logger.debug(`McpConfigService initialized`);
-  }
-  /**
-   * Register additional global MCP servers (e.g. from system skills).
-   */
-  registerGlobalServers(servers: Record<string, any>): void {
-    if (!this.cache) {
-      this.cache = {
-        rawServers: {},
-        httpServers: new Map(),
-      };
-    }
-    const normalized = normalizeConfig({ mcpServers: servers });
-    for (const [id, raw] of Object.entries(normalized.rawServers)) {
-      if (this.cache.rawServers[id]) continue;
-      this.cache.rawServers[id] = raw;
-    }
-    for (const [id, http] of normalized.httpServers) {
-      if (this.cache.httpServers.has(id)) continue;
-      this.cache.httpServers.set(id, http);
-    }
-    logger.info(
-      `Registered ${Object.keys(servers).length} global MCP(s) from system skills: ${Object.keys(servers).join(", ")}`
-    );
-  }
-  /**
-   * Return MCP config tailored for a worker request.
-   */
-  async getWorkerConfig(options: {
-    baseUrl: string;
-    workerToken: string;
-    deploymentName?: string;
-  }): Promise<WorkerMcpConfig> {
-    const { baseUrl, workerToken } = options;
-    const config = await this.loadConfig();
-    const workerConfig: WorkerMcpConfig = { mcpServers: {} };
-    const tokenData = verifyWorkerToken(workerToken);
-    if (!tokenData) {
-      logger.warn("Failed to verify worker token");
-      return workerConfig;
-    }
-    const { userId, agentId } = tokenData;
-    const effectiveAgentId = agentId || userId;
-    logger.info(`Building MCP config for user ${userId}`);
-    // Process global MCPs
-    for (const [id, serverConfig] of Object.entries(config.rawServers)) {
-      const cloned = cloneConfig(serverConfig);
-      const httpServer = config.httpServers.get(id);
-      if (httpServer) {
-        logger.info(`Configuring global MCP ${id}: baseUrl=${baseUrl}`);
-        cloned.url = baseUrl;
-        cloned.type = "sse";
-        cloned.headers = mergeHeaders(cloned.headers, workerToken, id);
-        logger.info(
-          `Including global MCP ${id} with URL=${cloned.url} and X-Mcp-Id header`
-        );
-      }
-      workerConfig.mcpServers[id] = cloned;
-    }
-    // Merge per-agent MCPs from live agent settings
-    const agentSettingsMcpServers =
-      (await this.getAgentMcpServers(effectiveAgentId)) || {};
-    for (const [id, serverConfig] of Object.entries(agentSettingsMcpServers)) {
-      if (workerConfig.mcpServers[id]) {
-        logger.warn(
-          `Per-agent MCP ${id} skipped - global MCP with same ID exists`
-        );
-        continue;
-      }
-      const cloned = cloneConfig(serverConfig);
-      if (cloned.enabled === false) {
-        logger.debug(`Skipping disabled per-agent MCP ${id}`);
-        continue;
-      }
-      if (cloned.url) {
-        logger.info(`Configuring per-agent HTTP MCP ${id}: baseUrl=${baseUrl}`);
-        cloned.originalUrl = cloned.url;
-        cloned.url = baseUrl;
-        cloned.type = "sse";
-        cloned.headers = mergeHeaders(cloned.headers, workerToken, id);
-        cloned.perAgent = true;
-        logger.info(`Including per-agent HTTP MCP ${id}`);
-      } else if (cloned.command) {
-        logger.info(`Including per-agent stdio MCP ${id}: ${cloned.command}`);
-      }
-      workerConfig.mcpServers[id] = cloned;
-    }
-    if (Object.keys(agentSettingsMcpServers).length > 0) {
-      logger.info(
-        `Merged ${Object.keys(agentSettingsMcpServers).length} per-agent MCPs from settings for agent ${effectiveAgentId}`
-      );
-    }
-    logger.info(
-      `Returning worker config with ${Object.keys(workerConfig.mcpServers).length} MCPs for user ${userId}:`,
-      {
-        mcpIds: Object.keys(workerConfig.mcpServers),
-        configs: Object.entries(workerConfig.mcpServers).map(([id, cfg]) => ({
-          id,
-          type: cfg.type,
-          hasUrl: !!cfg.url,
-          hasCommand: !!cfg.command,
-          perAgent: cfg.perAgent || false,
-        })),
-      }
-    );
-    return workerConfig;
-  }
-  /**
-   * Get status of all MCPs for a specific agent
-   */
-  async getMcpStatus(agentId: string): Promise<McpStatus[]> {
-    const httpServers = await this.getAllHttpServers(agentId);
-    const statuses: McpStatus[] = [];
-    for (const [id, httpServer] of httpServers) {
-      const requiresAuth = !!httpServer.oauth;
-      const requiresInput = !!(
-        httpServer.inputs && httpServer.inputs.length > 0
-      );
-      statuses.push({
-        id,
-        name: id,
-        requiresAuth,
-        requiresInput,
-      });
-    }
-    return statuses;
-  }
-  /**
-   * Get HTTP proxy metadata for a specific MCP server.
-   */
-  async getHttpServer(
-    id: string,
-    agentId?: string
-  ): Promise<HttpMcpServerConfig | undefined> {
-    const httpServers = await this.getAllHttpServers(agentId);
-    return httpServers.get(id);
-  }
-  /**
-   * Get all HTTP proxy metadata for all MCP servers.
-   */
-  async getAllHttpServers(
-    agentId?: string
-  ): Promise<Map<string, HttpMcpServerConfig>> {
-    const config = await this.loadConfig();
-    const merged = new Map(config.httpServers);
-    if (agentId) {
-      const agentMcpServers = await this.getAgentMcpServers(agentId);
-      for (const [id, serverConfig] of Object.entries(agentMcpServers)) {
-        if (merged.has(id)) continue;
-        const httpServer = toHttpServerConfig(id, serverConfig);
-        if (httpServer) {
-          merged.set(id, httpServer);
-        }
-      }
-    }
-    return merged;
-  }
-  /**
-   * Return global MCP server configs in settings-compatible format.
-   */
-  async getGlobalMcpServers(): Promise<
-    Record<string, { url?: string; type?: "sse" | "stdio" }>
-  > {
-    const config = await this.loadConfig();
-    const result: Record<string, { url?: string; type?: "sse" | "stdio" }> = {};
-    for (const [id, raw] of Object.entries(config.rawServers)) {
-      const type = raw.type === "stdio" ? ("stdio" as const) : ("sse" as const);
-      result[id] = { url: raw.url, type };
-    }
-    return result;
-  }
-  private async getAgentMcpServers(
-    agentId: string
-  ): Promise<Record<string, any>> {
-    if (!this.agentSettingsStore) {
-      return {};
-    }
-    try {
-      const settings = await this.agentSettingsStore.getSettings(agentId);
-      return settings?.mcpServers || {};
-    } catch (error) {
-      logger.warn(`Failed to load per-agent MCP settings for ${agentId}`, {
-        error,
-      });
-      return {};
-    }
-  }
-  private async loadConfig(): Promise<LoadedConfig> {
-    if (!this.cache) {
-      let globalMcpServers: Record<string, any> = {};
-      if (this.configResolver) {
-        globalMcpServers = await this.configResolver.getGlobalMcpServers();
-      }
-      const normalized = normalizeConfig({ mcpServers: globalMcpServers });
-      this.cache = normalized;
-    }
-    return this.cache;
-  }
-}
-/**
- * Parse and validate an oauth config from raw MCP server config.
- * Handles backward compat: migrates top-level `resource` into `oauth.resource`,
- * and treats `loginUrl` presence as `oauth: {}` (requiresAuth flag).
- */
-function parseOAuthConfig(raw: any): McpOAuthConfig | undefined {
-  const hasLoginUrl = typeof raw.loginUrl === "string";
-  const hasOAuth = raw.oauth && typeof raw.oauth === "object";
-  if (!hasOAuth && !hasLoginUrl && typeof raw.resource !== "string") {
-    return undefined;
-  }
-  const config: McpOAuthConfig = {};
-  if (hasOAuth) {
-    const obj = raw.oauth;
-    if (typeof obj.authUrl === "string") config.authUrl = obj.authUrl;
-    if (typeof obj.tokenUrl === "string") config.tokenUrl = obj.tokenUrl;
-    if (typeof obj.clientId === "string") config.clientId = obj.clientId;
-    if (typeof obj.clientSecret === "string")
-      config.clientSecret = obj.clientSecret;
-    if (Array.isArray(obj.scopes))
-      config.scopes = obj.scopes.filter((s: unknown) => typeof s === "string");
-    if (typeof obj.deviceAuthorizationUrl === "string")
-      config.deviceAuthorizationUrl = obj.deviceAuthorizationUrl;
-    if (typeof obj.registrationUrl === "string")
-      config.registrationUrl = obj.registrationUrl;
-    if (typeof obj.resource === "string") config.resource = obj.resource;
-  }
-  // Migrate top-level resource into oauth.resource (backward compat)
-  if (typeof raw.resource === "string" && !config.resource) {
-    config.resource = raw.resource;
-  }
-  return config;
-}
-function normalizeConfig(config: { mcpServers: Record<string, any> }) {
-  const rawServers: Record<string, any> = {};
-  const httpServers = new Map<string, HttpMcpServerConfig>();
-  for (const [id, serverConfig] of Object.entries(config.mcpServers)) {
-    if (!serverConfig || typeof serverConfig !== "object") {
-      continue;
-    }
-    const cloned = cloneConfig(serverConfig);
-    rawServers[id] = cloned;
-    if (typeof cloned.url === "string" && isHttpUrl(cloned.url)) {
-      httpServers.set(id, {
-        id,
-        upstreamUrl: cloned.url,
-        oauth: parseOAuthConfig(cloned),
-        inputs: Array.isArray(cloned.inputs)
-          ? cloned.inputs.filter(
-              (input: any) =>
-                input &&
-                typeof input === "object" &&
-                input.type === "promptString"
-            )
-          : undefined,
-        headers:
-          cloned.headers && typeof cloned.headers === "object"
-            ? cloned.headers
-            : undefined,
-      });
-    }
-  }
-  return { rawServers, httpServers };
-}
-function toHttpServerConfig(
-  id: string,
-  serverConfig: any
-): HttpMcpServerConfig | null {
-  if (!serverConfig || typeof serverConfig !== "object") {
-    return null;
-  }
-  if (serverConfig.enabled === false) {
-    return null;
-  }
-  const cloned = cloneConfig(serverConfig);
-  if (typeof cloned.url !== "string" || !isHttpUrl(cloned.url)) {
-    return null;
-  }
-  return {
-    id,
-    upstreamUrl: cloned.url,
-    oauth: parseOAuthConfig(cloned),
-    inputs: Array.isArray(cloned.inputs)
-      ? cloned.inputs.filter(
-          (input: any) =>
-            input && typeof input === "object" && input.type === "promptString"
-        )
-      : undefined,
-    headers:
-      cloned.headers && typeof cloned.headers === "object"
-        ? cloned.headers
-        : undefined,
-  };
-}
-function cloneConfig(config: any) {
-  return JSON.parse(JSON.stringify(config));
-}
-function isHttpUrl(candidate: string): boolean {
-  return candidate.startsWith("http://") || candidate.startsWith("https://");
-}
-function mergeHeaders(
-  existingHeaders: unknown,
-  workerToken: string,
-  mcpId: string
-): Record<string, string> {
-  const normalized: Record<string, string> = {};
-  if (existingHeaders && typeof existingHeaders === "object") {
-    for (const [key, value] of Object.entries(existingHeaders as any)) {
-      if (typeof value === "string") {
-        normalized[key] = value;
-      } else if (value != null) {
-        normalized[key] = String(value);
-      }
-    }
-  }
-  normalized.Authorization = `Bearer ${workerToken}`;
-  normalized["X-Mcp-Id"] = mcpId;
-  return normalized;
-}