@mastra/mcp 1.0.0-beta.8 → 1.0.0

package/README.md

@@ -381,37 +381,204 @@ Prompt notifications are delivered via SSE or compatible transports. Register ha
 
 ## Authentication
 
-### OAuth Token Refresh with AuthProvider
+### OAuth 2.0 Authentication (MCP Auth Spec)
+
+Mastra provides full support for the [MCP OAuth specification](https://modelcontextprotocol.io/specification/2025-06-18/basic/authorization), including:
+
+- **Server-side**: Protected Resource Metadata (RFC 9728), token validation middleware
+- **Client-side**: OAuth client provider implementation with PKCE, token storage, and automatic refresh
 
-For HTTP-based MCP servers that require OAuth authentication with automatic token refresh, you can use the `authProvider` option:
+#### Client-Side: Connecting to OAuth-Protected MCP Servers
+
+Use `MCPOAuthClientProvider` to connect to MCP servers that require OAuth authentication:
 
 ```typescript
-const httpClient = new MCPClient({
+import { MCPClient, MCPOAuthClientProvider } from '@mastra/mcp';
+
+// Create an OAuth provider for your client
+const oauthProvider = new MCPOAuthClientProvider({
+  redirectUrl: 'http://localhost:3000/oauth/callback',
+  clientMetadata: {
+    redirect_uris: ['http://localhost:3000/oauth/callback'],
+    client_name: 'My MCP Client',
+    grant_types: ['authorization_code', 'refresh_token'],
+    response_types: ['code'],
+  },
+  // Handle authorization redirects (for CLI apps, open browser; for web apps, redirect response)
+  onRedirectToAuthorization: url => {
+    console.log(`Please visit: ${url}`);
+    // Or: window.location.href = url.toString();
+  },
+});
+
+// Create client with OAuth provider
+const client = new MCPClient({
   servers: {
-    myOAuthClient: {
-      url: new URL('https://your-mcp-server.com/mcp'),
-      authProvider: {
-        tokens: async () => {
-          // Your token refresh logic here
-          const refreshedToken = await refreshAccessToken();
-          return {
-            token: refreshedToken,
-            type: 'Bearer',
-          };
-        },
-        // Additional OAuth provider methods as needed
-        redirectUrl: 'https://your-app.com/oauth/callback',
-        clientMetadata: {
-          /* ... */
-        },
-        // ... other OAuth provider properties
-      },
+    protectedServer: {
+      url: new URL('https://mcp.example.com/mcp'),
+      authProvider: oauthProvider,
+    },
+  },
+});
+
+await client.connect();
+```
+
+For testing or when you already have a valid token, use `createSimpleTokenProvider`:
+
+```typescript
+import { MCPClient, createSimpleTokenProvider } from '@mastra/mcp';
+
+const provider = createSimpleTokenProvider('your-access-token', {
+  redirectUrl: 'http://localhost:3000/callback',
+  clientMetadata: {
+    redirect_uris: ['http://localhost:3000/callback'],
+    client_name: 'Test Client',
+  },
+});
+
+const client = new MCPClient({
+  servers: {
+    testServer: {
+      url: new URL('https://mcp.example.com/mcp'),
+      authProvider: provider,
     },
   },
 });
 ```
 
-The `authProvider` is automatically passed to both Streamable HTTP and SSE transports.
+#### Server-Side: Protecting Your MCP Server with OAuth
+
+Use `createOAuthMiddleware` to protect your MCP server endpoints:
+
+```typescript
+import http from 'node:http';
+import { MCPServer, createOAuthMiddleware, createStaticTokenValidator } from '@mastra/mcp';
+
+// Create your MCP server
+const mcpServer = new MCPServer({
+  id: 'protected-mcp-server',
+  name: 'Protected MCP Server',
+  version: '1.0.0',
+  tools: {
+    /* your tools */
+  },
+});
+
+// Create OAuth middleware
+const oauthMiddleware = createOAuthMiddleware({
+  oauth: {
+    resource: 'https://mcp.example.com/mcp',
+    authorizationServers: ['https://auth.example.com'],
+    scopesSupported: ['mcp:read', 'mcp:write'],
+    resourceName: 'My Protected MCP Server',
+    // For production, use proper token validation (JWT, introspection, etc.)
+    validateToken: createStaticTokenValidator(['allowed-token-1', 'allowed-token-2']),
+  },
+  mcpPath: '/mcp',
+});
+
+// Create HTTP server with OAuth protection
+const httpServer = http.createServer(async (req, res) => {
+  const url = new URL(req.url || '', 'https://mcp.example.com');
+
+  // Apply OAuth middleware first
+  const result = await oauthMiddleware(req, res, url);
+  if (!result.proceed) return; // Middleware handled the response (401, metadata, etc.)
+
+  // Token is valid, proceed to MCP handler
+  await mcpServer.startHTTP({ url, httpPath: '/mcp', req, res });
+});
+
+httpServer.listen(3000);
+```
+
+The middleware automatically:
+
+- Serves Protected Resource Metadata at `/.well-known/oauth-protected-resource`
+- Returns `401 Unauthorized` with proper `WWW-Authenticate` headers when authentication is required
+- Validates bearer tokens using your provided validator
+
+#### Token Validation Options
+
+For production use, implement proper token validation:
+
+```typescript
+import { createOAuthMiddleware, createIntrospectionValidator } from '@mastra/mcp';
+
+// Option 1: Token introspection (RFC 7662)
+const middleware = createOAuthMiddleware({
+  oauth: {
+    resource: 'https://mcp.example.com/mcp',
+    authorizationServers: ['https://auth.example.com'],
+    validateToken: createIntrospectionValidator('https://auth.example.com/oauth/introspect', {
+      clientId: 'mcp-server',
+      clientSecret: 'secret',
+    }),
+  },
+});
+
+// Option 2: Custom validation (JWT, database lookup, etc.)
+const middlewareCustom = createOAuthMiddleware({
+  oauth: {
+    resource: 'https://mcp.example.com/mcp',
+    authorizationServers: ['https://auth.example.com'],
+    validateToken: async (token, resource) => {
+      // Your custom validation logic
+      const decoded = await verifyJWT(token);
+      if (!decoded) {
+        return { valid: false, error: 'invalid_token', errorDescription: 'Token verification failed' };
+      }
+      return {
+        valid: true,
+        scopes: decoded.scope?.split(' ') || [],
+        subject: decoded.sub,
+        expiresAt: decoded.exp,
+      };
+    },
+  },
+});
+```
+
+#### Custom OAuth Storage
+
+For persistent token storage across sessions, implement the `OAuthStorage` interface:
+
+```typescript
+import { MCPOAuthClientProvider, OAuthStorage } from '@mastra/mcp';
+
+// Example: Redis-based storage
+class RedisOAuthStorage implements OAuthStorage {
+  constructor(
+    private redis: RedisClient,
+    private prefix: string,
+  ) {}
+
+  async set(key: string, value: string): Promise<void> {
+    await this.redis.set(`${this.prefix}:${key}`, value);
+  }
+
+  async get(key: string): Promise<string | undefined> {
+    return (await this.redis.get(`${this.prefix}:${key}`)) ?? undefined;
+  }
+
+  async delete(key: string): Promise<void> {
+    await this.redis.del(`${this.prefix}:${key}`);
+  }
+}
+
+const provider = new MCPOAuthClientProvider({
+  redirectUrl: 'http://localhost:3000/callback',
+  clientMetadata: {
+    /* ... */
+  },
+  storage: new RedisOAuthStorage(redisClient, 'oauth:user123'),
+});
+```
+
+### OAuth Token Refresh with AuthProvider
+
+For simpler OAuth scenarios where you just need token refresh, you can pass an `authProvider` directly:
 
 ### Custom Fetch for Dynamic Authentication
 
@@ -613,6 +780,8 @@ The client includes comprehensive error handling:
 ## Related Links
 
 - [Model Context Protocol Specification](https://modelcontextprotocol.io/specification)
+- [MCP Authorization Specification](https://modelcontextprotocol.io/specification/2025-06-18/basic/authorization)
+- [RFC 9728 - OAuth 2.0 Protected Resource Metadata](https://www.rfc-editor.org/rfc/rfc9728.html)
 - [@modelcontextprotocol/sdk Documentation](https://github.com/modelcontextprotocol/typescript-sdk)
 - [Mastra Docs: Using MCP With Mastra](/docs/agents/mcp-guide)
 - [Mastra Docs: MastraMCPClient Reference](/reference/tools/client)

package/dist/__fixtures__/tools.d.ts

@@ -1,9 +1,12 @@
-import { z } from 'zod';
-export declare const weatherTool: import("@mastra/core/tools").Tool<z.ZodObject<{
-    location: z.ZodString;
-}, "strip", z.ZodTypeAny, {
+export declare const weatherTool: import("@mastra/core/tools").Tool<{
     location: string;
 }, {
+    temperature: number;
+    feelsLike: number;
+    humidity: number;
+    windSpeed: number;
+    windGust: number;
+    conditions: string;
     location: string;
-}>, undefined, any, any, import("@mastra/core/tools").ToolExecutionContext<any, any>, "get-weather">;
+}, unknown, unknown, import("@mastra/core/tools").ToolExecutionContext<unknown, unknown>, "get-weather">;
 //# sourceMappingURL=tools.d.ts.map

package/dist/__fixtures__/tools.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"tools.d.ts","sourceRoot":"","sources":["../../src/__fixtures__/tools.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAqBxB,eAAO,MAAM,WAAW;;;;;;oGAUtB,CAAC"}
+{"version":3,"file":"tools.d.ts","sourceRoot":"","sources":["../../src/__fixtures__/tools.ts"],"names":[],"mappings":"AAsBA,eAAO,MAAM,WAAW;;;;;;;;;;wGAUtB,CAAC"}

package/dist/client/index.d.ts

@@ -1,4 +1,5 @@
 export type { LoggingLevel, LogMessage, LogHandler, MastraMCPServerDefinition, ElicitationHandler, ProgressHandler, InternalMastraMCPClientOptions, } from './types.js';
 export * from './client.js';
 export * from './configuration.js';
+export * from './oauth-provider.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/client/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/client/index.ts"],"names":[],"mappings":"AAAA,YAAY,EACR,YAAY,EACZ,UAAU,EACV,UAAU,EACV,yBAAyB,EACzB,kBAAkB,EAClB,eAAe,EACf,8BAA8B,GACjC,MAAM,SAAS,CAAC;AACjB,cAAc,UAAU,CAAC;AACzB,cAAc,iBAAiB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/client/index.ts"],"names":[],"mappings":"AAAA,YAAY,EACR,YAAY,EACZ,UAAU,EACV,UAAU,EACV,yBAAyB,EACzB,kBAAkB,EAClB,eAAe,EACf,8BAA8B,GACjC,MAAM,SAAS,CAAC;AACjB,cAAc,UAAU,CAAC;AACzB,cAAc,iBAAiB,CAAC;AAChC,cAAc,kBAAkB,CAAC"}

package/dist/client/oauth-provider.d.ts

@@ -0,0 +1,230 @@
+/**
+ * OAuth Client Provider Implementation for MCP Client
+ *
+ * Provides a ready-to-use OAuthClientProvider implementation that can be used
+ * with Mastra's MCPClient for connecting to OAuth-protected MCP servers.
+ *
+ * @see https://modelcontextprotocol.io/specification/2025-06-18/basic/authorization
+ */
+import type { OAuthClientProvider, OAuthClientMetadata, OAuthClientInformation, OAuthClientInformationFull, OAuthTokens, AuthorizationServerMetadata } from '../shared/oauth-types.js';
+/**
+ * Storage interface for persisting OAuth data.
+ *
+ * Implement this interface to persist OAuth data across sessions.
+ * For simple in-memory usage, use InMemoryOAuthStorage.
+ */
+export interface OAuthStorage {
+    /**
+     * Store a value by key.
+     */
+    set(key: string, value: string): Promise<void> | void;
+    /**
+     * Retrieve a value by key.
+     */
+    get(key: string): Promise<string | undefined> | string | undefined;
+    /**
+     * Delete a value by key.
+     */
+    delete(key: string): Promise<void> | void;
+}
+/**
+ * Simple in-memory OAuth storage.
+ *
+ * Data is lost when the process exits. For production, implement
+ * OAuthStorage with a persistent store like Redis or a database.
+ */
+export declare class InMemoryOAuthStorage implements OAuthStorage {
+    private data;
+    set(key: string, value: string): void;
+    get(key: string): string | undefined;
+    delete(key: string): void;
+    clear(): void;
+}
+/**
+ * Options for creating a MCPOAuthClientProvider.
+ */
+export interface MCPOAuthClientProviderOptions {
+    /**
+     * The redirect URL for the OAuth callback.
+     * This should be a URL your application controls that can handle
+     * the authorization code callback.
+     *
+     * @example 'http://localhost:3000/oauth/callback'
+     */
+    redirectUrl: string | URL;
+    /**
+     * OAuth client metadata for registration.
+     * If the client is not pre-registered with the authorization server,
+     * this metadata will be used for dynamic client registration.
+     */
+    clientMetadata: OAuthClientMetadata;
+    /**
+     * Pre-registered client information.
+     * If provided, skips dynamic client registration.
+     */
+    clientInformation?: OAuthClientInformation;
+    /**
+     * Storage for persisting OAuth data (tokens, client info, etc.).
+     * Defaults to InMemoryOAuthStorage if not provided.
+     */
+    storage?: OAuthStorage;
+    /**
+     * Callback invoked when the user needs to be redirected to authorize.
+     *
+     * For CLI applications, you might open the URL in a browser.
+     * For web applications, you might redirect the response.
+     *
+     * @param url - The authorization URL to redirect to
+     */
+    onRedirectToAuthorization?: (url: URL) => void | Promise<void>;
+    /**
+     * Generate a random state parameter for OAuth requests.
+     * Defaults to using crypto.randomUUID.
+     */
+    stateGenerator?: () => string | Promise<string>;
+}
+/**
+ * Mastra's OAuth Client Provider implementation.
+ *
+ * This provider handles the OAuth 2.1 flow for connecting to OAuth-protected
+ * MCP servers, including:
+ * - Dynamic client registration (RFC 7591)
+ * - PKCE (Proof Key for Code Exchange)
+ * - Token storage and refresh
+ *
+ * @example
+ * ```typescript
+ * import { MCPClient, MCPOAuthClientProvider, InMemoryOAuthStorage } from '@mastra/mcp';
+ *
+ * // Create the OAuth provider
+ * const oauthProvider = new MCPOAuthClientProvider({
+ *   redirectUrl: 'http://localhost:3000/oauth/callback',
+ *   clientMetadata: {
+ *     redirect_uris: ['http://localhost:3000/oauth/callback'],
+ *     client_name: 'My MCP Client',
+ *     grant_types: ['authorization_code', 'refresh_token'],
+ *     response_types: ['code'],
+ *   },
+ *   onRedirectToAuthorization: (url) => {
+ *     // Open URL in browser for CLI, or redirect response for web
+ *     console.log(`Please visit: ${url}`);
+ *   },
+ * });
+ *
+ * // Create the MCP client with OAuth
+ * const client = new MCPClient({
+ *   servers: {
+ *     'protected-server': {
+ *       url: 'https://mcp.example.com/mcp',
+ *       authProvider: oauthProvider,
+ *     },
+ *   },
+ * });
+ *
+ * await client.connect();
+ * ```
+ */
+export declare class MCPOAuthClientProvider implements OAuthClientProvider {
+    private readonly _redirectUrl;
+    private readonly _clientMetadata;
+    private readonly storage;
+    private readonly onRedirect?;
+    private readonly generateState;
+    private _clientInfo?;
+    constructor(options: MCPOAuthClientProviderOptions);
+    /**
+     * The URL to redirect the user agent to after authorization.
+     */
+    get redirectUrl(): string | URL;
+    /**
+     * Metadata about this OAuth client.
+     */
+    get clientMetadata(): OAuthClientMetadata;
+    /**
+     * Returns a OAuth2 state parameter.
+     */
+    state(): Promise<string>;
+    /**
+     * Loads information about this OAuth client.
+     */
+    clientInformation(): Promise<OAuthClientInformation | undefined>;
+    /**
+     * Saves dynamically registered client information.
+     */
+    saveClientInformation(clientInformation: OAuthClientInformationFull): Promise<void>;
+    /**
+     * Loads existing OAuth tokens.
+     */
+    tokens(): Promise<OAuthTokens | undefined>;
+    /**
+     * Stores new OAuth tokens after successful authorization.
+     */
+    saveTokens(tokens: OAuthTokens): Promise<void>;
+    /**
+     * Invoked to redirect the user agent to the authorization URL.
+     */
+    redirectToAuthorization(authorizationUrl: URL): Promise<void>;
+    /**
+     * Saves a PKCE code verifier before redirecting to authorization.
+     */
+    saveCodeVerifier(codeVerifier: string): Promise<void>;
+    /**
+     * Loads the PKCE code verifier for validating authorization result.
+     */
+    codeVerifier(): Promise<string>;
+    /**
+     * Optional: Custom client authentication for token requests.
+     * Uses default behavior if not implemented.
+     */
+    addClientAuthentication?(_headers: Headers, _params: URLSearchParams, _url: string | URL, _metadata?: AuthorizationServerMetadata): Promise<void>;
+    /**
+     * Invalidate credentials when server indicates they're no longer valid.
+     */
+    invalidateCredentials(scope: 'all' | 'client' | 'tokens' | 'verifier'): Promise<void>;
+    /**
+     * Clear all stored OAuth data.
+     * Useful for logging out or resetting state.
+     */
+    clear(): Promise<void>;
+    /**
+     * Check if the provider has valid (non-expired) tokens.
+     */
+    hasValidTokens(): Promise<boolean>;
+}
+/**
+ * Creates a simple OAuth provider with pre-configured tokens.
+ *
+ * This is useful for testing scenarios where you already have a valid token.
+ * For production, use the full MCPOAuthClientProvider with proper OAuth flow.
+ *
+ * @param accessToken - A valid access token
+ * @param options - Additional configuration options
+ * @returns An OAuthClientProvider that returns the pre-configured token
+ *
+ * @example
+ * ```typescript
+ * const provider = createSimpleTokenProvider('my-access-token', {
+ *   redirectUrl: 'http://localhost:3000/callback',
+ *   clientMetadata: {
+ *     redirect_uris: ['http://localhost:3000/callback'],
+ *     client_name: 'Test Client',
+ *   },
+ * });
+ *
+ * const client = new MCPClient({
+ *   servers: {
+ *     test: { url: 'https://mcp.example.com', authProvider: provider }
+ *   },
+ * });
+ * ```
+ */
+export declare function createSimpleTokenProvider(accessToken: string, options: {
+    redirectUrl: string | URL;
+    clientMetadata: OAuthClientMetadata;
+    clientInformation?: OAuthClientInformation;
+    tokenType?: string;
+    refreshToken?: string;
+    expiresIn?: number;
+    scope?: string;
+}): OAuthClientProvider;
+//# sourceMappingURL=oauth-provider.d.ts.map

package/dist/client/oauth-provider.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-provider.d.ts","sourceRoot":"","sources":["../../src/client/oauth-provider.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EACV,mBAAmB,EACnB,mBAAmB,EACnB,sBAAsB,EACtB,0BAA0B,EAC1B,WAAW,EACX,2BAA2B,EAC5B,MAAM,0BAA0B,CAAC;AAElC;;;;;GAKG;AACH,MAAM,WAAW,YAAY;IAC3B;;OAEG;IACH,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;IAEtD;;OAEG;IACH,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC,GAAG,MAAM,GAAG,SAAS,CAAC;IAEnE;;OAEG;IACH,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;CAC3C;AAED;;;;;GAKG;AACH,qBAAa,oBAAqB,YAAW,YAAY;IACvD,OAAO,CAAC,IAAI,CAA6B;IAEzC,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI;IAIrC,GAAG,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS;IAIpC,MAAM,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI;IAIzB,KAAK,IAAI,IAAI;CAGd;AAED;;GAEG;AACH,MAAM,WAAW,6BAA6B;IAC5C;;;;;;OAMG;IACH,WAAW,EAAE,MAAM,GAAG,GAAG,CAAC;IAE1B;;;;OAIG;IACH,cAAc,EAAE,mBAAmB,CAAC;IAEpC;;;OAGG;IACH,iBAAiB,CAAC,EAAE,sBAAsB,CAAC;IAE3C;;;OAGG;IACH,OAAO,CAAC,EAAE,YAAY,CAAC;IAEvB;;;;;;;OAOG;IACH,yBAAyB,CAAC,EAAE,CAAC,GAAG,EAAE,GAAG,KAAK,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE/D;;;OAGG;IACH,cAAc,CAAC,EAAE,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;CACjD;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwCG;AACH,qBAAa,sBAAuB,YAAW,mBAAmB;IAChE,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAe;IAC5C,OAAO,CAAC,QAAQ,CAAC,eAAe,CAAsB;IACtD,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAe;IACvC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAqC;IACjE,OAAO,CAAC,QAAQ,CAAC,aAAa,CAAiC;IAE/D,OAAO,CAAC,WAAW,CAAC,CAAyB;gBAEjC,OAAO,EAAE,6BAA6B;IASlD;;OAEG;IACH,IAAI,WAAW,IAAI,MAAM,GAAG,GAAG,CAE9B;IAED;;OAEG;IACH,IAAI,cAAc,IAAI,mBAAmB,CAExC;IAED;;OAEG;IACG,KAAK,IAAI,OAAO,CAAC,MAAM,CAAC;IAI9B;;OAEG;IACG,iBAAiB,IAAI,OAAO,CAAC,sBAAsB,GAAG,SAAS,CAAC;IAmBtE;;OAEG;IACG,qBAAqB,CAAC,iBAAiB,EAAE,0BAA0B,GAAG,OAAO,CAAC,IAAI,CAAC;IAKzF;;OAEG;IACG,MAAM,IAAI,OAAO,CAAC,WAAW,GAAG,SAAS,CAAC;IAYhD;;OAEG;IACG,UAAU,CAAC,MAAM,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC;IAIpD;;OAEG;IACG,uBAAuB,CAAC,gBAAgB,EAAE,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC;IASnE;;OAEG;IACG,gBAAgB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAI3D;;OAEG;IACG,YAAY,IAAI,OAAO,CAAC,MAAM,CAAC;IAQrC;;;OAGG;IACG,uBAAuB,CAAC,CAC5B,QAAQ,EAAE,OAAO,EACjB,OAAO,EAAE,eAAe,EACxB,IAAI,EAAE,MAAM,GAAG,GAAG,EAClB,SAAS,CAAC,EAAE,2BAA2B,GACtC,OAAO,CAAC,IAAI,CAAC;IAIhB;;OAEG;IACG,qBAAqB,CACzB,KAAK,EAAE,KAAK,GAAG,QAAQ,GAAG,QAAQ,GAAG,UAAU,GAC9C,OAAO,CAAC,IAAI,CAAC;IAqBhB;;;OAGG;IACG,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAI5B;;OAEG;IACG,cAAc,IAAI,OAAO,CAAC,OAAO,CAAC;CAYzC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AACH,wBAAgB,yBAAyB,CACvC,WAAW,EAAE,MAAM,EACnB,OAAO,EAAE;IACP,WAAW,EAAE,MAAM,GAAG,GAAG,CAAC;IAC1B,cAAc,EAAE,mBAAmB,CAAC;IACpC,iBAAiB,CAAC,EAAE,sBAAsB,CAAC;IAC3C,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,GACA,mBAAmB,CAsBrB"}

package/dist/docs/README.md

@@ -30,4 +30,4 @@ docs/
 ## Version
 
 Package: @mastra/mcp
-Version: 1.0.0-beta.8
+Version: 1.0.0

package/dist/docs/SKILL.md

@@ -5,7 +5,7 @@ description: Documentation for @mastra/mcp. Includes links to type definitions a
 
 # @mastra/mcp Documentation
 
-> **Version**: 1.0.0-beta.8
+> **Version**: 1.0.0
 > **Package**: @mastra/mcp
 
 ## Quick Navigation
@@ -23,7 +23,19 @@ Each export maps to:
 
 ## Top Exports
 
-
+  - UnauthorizedError: dist/index.d.ts
+  - auth: dist/index.d.ts
+  - buildDiscoveryUrls: dist/index.d.ts
+  - discoverAuthorizationServerMetadata: dist/index.d.ts
+  - discoverOAuthMetadata: dist/index.d.ts
+  - discoverOAuthProtectedResourceMetadata: dist/index.d.ts
+  - exchangeAuthorization: dist/index.d.ts
+  - extractResourceMetadataUrl: dist/index.d.ts
+  - parseErrorResponse: dist/index.d.ts
+  - refreshAuthorization: dist/index.d.ts
+  - registerClient: dist/index.d.ts
+  - selectResourceURL: dist/index.d.ts
+  - startAuthorization: dist/index.d.ts
 
 See SOURCE_MAP.json for the complete list.
 

package/dist/docs/SOURCE_MAP.json

@@ -1,6 +1,59 @@
 {
-  "version": "1.0.0-beta.8",
+  "version": "1.0.0",
   "package": "@mastra/mcp",
-  "exports": {},
+  "exports": {
+    "UnauthorizedError": {
+      "types": "dist/index.d.ts",
+      "implementation": "dist/auth.js"
+    },
+    "auth": {
+      "types": "dist/index.d.ts",
+      "implementation": "dist/auth.js"
+    },
+    "buildDiscoveryUrls": {
+      "types": "dist/index.d.ts",
+      "implementation": "dist/auth.js"
+    },
+    "discoverAuthorizationServerMetadata": {
+      "types": "dist/index.d.ts",
+      "implementation": "dist/auth.js"
+    },
+    "discoverOAuthMetadata": {
+      "types": "dist/index.d.ts",
+      "implementation": "dist/auth.js"
+    },
+    "discoverOAuthProtectedResourceMetadata": {
+      "types": "dist/index.d.ts",
+      "implementation": "dist/auth.js"
+    },
+    "exchangeAuthorization": {
+      "types": "dist/index.d.ts",
+      "implementation": "dist/auth.js"
+    },
+    "extractResourceMetadataUrl": {
+      "types": "dist/index.d.ts",
+      "implementation": "dist/auth.js"
+    },
+    "parseErrorResponse": {
+      "types": "dist/index.d.ts",
+      "implementation": "dist/auth.js"
+    },
+    "refreshAuthorization": {
+      "types": "dist/index.d.ts",
+      "implementation": "dist/auth.js"
+    },
+    "registerClient": {
+      "types": "dist/index.d.ts",
+      "implementation": "dist/auth.js"
+    },
+    "selectResourceURL": {
+      "types": "dist/index.d.ts",
+      "implementation": "dist/auth.js"
+    },
+    "startAuthorization": {
+      "types": "dist/index.d.ts",
+      "implementation": "dist/auth.js"
+    }
+  },
   "modules": {}
 }