@mastra/mcp 1.0.0-beta.8 → 1.0.0

package/dist/server/index.d.ts

@@ -1,3 +1,4 @@
 export * from './server.js';
 export * from './types.js';
+export * from './oauth-middleware.js';
 //# sourceMappingURL=index.d.ts.map

package/dist/server/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/server/index.ts"],"names":[],"mappings":"AAAA,cAAc,UAAU,CAAC;AACzB,cAAc,SAAS,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/server/index.ts"],"names":[],"mappings":"AAAA,cAAc,UAAU,CAAC;AACzB,cAAc,SAAS,CAAC;AACxB,cAAc,oBAAoB,CAAC"}

package/dist/server/oauth-middleware.d.ts

@@ -0,0 +1,142 @@
+/**
+ * OAuth Middleware for MCP Server
+ *
+ * Implements OAuth 2.0 Protected Resource support per RFC 9728 for MCP servers.
+ * This allows MCP servers to require OAuth authentication from clients.
+ *
+ * @see https://modelcontextprotocol.io/specification/2025-06-18/basic/authorization
+ * @see https://www.rfc-editor.org/rfc/rfc9728.html
+ */
+import type * as http from 'node:http';
+import type { MCPServerOAuthConfig, TokenValidationResult } from '../shared/oauth-types.js';
+/**
+ * Simple logger interface for OAuth middleware.
+ */
+interface OAuthMiddlewareLogger {
+    debug?: (message: string, ...args: unknown[]) => void;
+}
+/**
+ * Options for the OAuth middleware.
+ */
+export interface OAuthMiddlewareOptions {
+    /**
+     * OAuth configuration for the MCP server.
+     */
+    oauth: MCPServerOAuthConfig;
+    /**
+     * Path where the MCP endpoint is served.
+     * @default '/mcp'
+     */
+    mcpPath?: string;
+    /**
+     * Logger instance for debugging.
+     */
+    logger?: OAuthMiddlewareLogger;
+}
+/**
+ * Result of the middleware check.
+ */
+export interface OAuthMiddlewareResult {
+    /**
+     * Whether the request should proceed.
+     */
+    proceed: boolean;
+    /**
+     * If false, the response has already been sent.
+     */
+    handled: boolean;
+    /**
+     * Token validation result if authentication was attempted.
+     */
+    tokenValidation?: TokenValidationResult;
+}
+/**
+ * Creates an OAuth middleware function for protecting MCP server endpoints.
+ *
+ * This middleware:
+ * 1. Serves Protected Resource Metadata at `/.well-known/oauth-protected-resource`
+ * 2. Validates bearer tokens on protected endpoints
+ * 3. Returns proper 401 responses with WWW-Authenticate headers
+ *
+ * @param options - Middleware configuration
+ * @returns Middleware function that returns whether request should proceed
+ *
+ * @example
+ * ```typescript
+ * import http from 'node:http';
+ * import { MCPServer, createOAuthMiddleware } from '@mastra/mcp';
+ *
+ * const server = new MCPServer({ name: 'Protected Server', version: '1.0.0', tools: {} });
+ *
+ * const oauthMiddleware = createOAuthMiddleware({
+ *   oauth: {
+ *     resource: 'https://mcp.example.com/mcp',
+ *     authorizationServers: ['https://auth.example.com'],
+ *     validateToken: async (token, resource) => {
+ *       // Your token validation logic here
+ *       return { valid: true, scopes: ['mcp:read', 'mcp:write'] };
+ *     },
+ *   },
+ * });
+ *
+ * const httpServer = http.createServer(async (req, res) => {
+ *   const url = new URL(req.url || '', 'http://localhost:3000');
+ *
+ *   // Apply OAuth middleware first
+ *   const result = await oauthMiddleware(req, res, url);
+ *   if (!result.proceed) return; // Middleware handled the response
+ *
+ *   // Continue to MCP handler
+ *   await server.startHTTP({ url, httpPath: '/mcp', req, res });
+ * });
+ *
+ * httpServer.listen(3000);
+ * ```
+ */
+export declare function createOAuthMiddleware(options: OAuthMiddlewareOptions): (req: http.IncomingMessage, res: http.ServerResponse, url: URL) => Promise<OAuthMiddlewareResult>;
+/**
+ * Helper to create a simple token validator that checks against a list of valid tokens.
+ *
+ * Useful for testing and development. For production, use a proper JWT validator
+ * or call your authorization server's introspection endpoint.
+ *
+ * @param validTokens - Array of valid token strings
+ * @returns Token validation function
+ *
+ * @example
+ * ```typescript
+ * const validateToken = createStaticTokenValidator(['secret-token-1', 'secret-token-2']);
+ *
+ * const middleware = createOAuthMiddleware({
+ *   oauth: {
+ *     resource: 'https://mcp.example.com/mcp',
+ *     authorizationServers: ['https://auth.example.com'],
+ *     validateToken,
+ *   },
+ * });
+ * ```
+ */
+export declare function createStaticTokenValidator(validTokens: string[]): MCPServerOAuthConfig['validateToken'];
+/**
+ * Creates a token validator that calls an introspection endpoint.
+ *
+ * Per RFC 7662, the introspection endpoint returns token metadata.
+ *
+ * @param introspectionEndpoint - URL of the token introspection endpoint
+ * @param clientCredentials - Optional client credentials for authenticated introspection
+ * @returns Token validation function
+ *
+ * @example
+ * ```typescript
+ * const validateToken = createIntrospectionValidator(
+ *   'https://auth.example.com/oauth/introspect',
+ *   { clientId: 'mcp-server', clientSecret: 'secret' }
+ * );
+ * ```
+ */
+export declare function createIntrospectionValidator(introspectionEndpoint: string, clientCredentials?: {
+    clientId: string;
+    clientSecret: string;
+}): MCPServerOAuthConfig['validateToken'];
+export {};
+//# sourceMappingURL=oauth-middleware.d.ts.map

package/dist/server/oauth-middleware.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-middleware.d.ts","sourceRoot":"","sources":["../../src/server/oauth-middleware.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,KAAK,KAAK,IAAI,MAAM,WAAW,CAAC;AAEvC,OAAO,KAAK,EAAE,oBAAoB,EAAE,qBAAqB,EAAE,MAAM,0BAA0B,CAAC;AAO5F;;GAEG;AACH,UAAU,qBAAqB;IAC7B,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,OAAO,EAAE,KAAK,IAAI,CAAC;CACvD;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC;;OAEG;IACH,KAAK,EAAE,oBAAoB,CAAC;IAE5B;;;OAGG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB;;OAEG;IACH,MAAM,CAAC,EAAE,qBAAqB,CAAC;CAChC;AAED;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC;;OAEG;IACH,OAAO,EAAE,OAAO,CAAC;IAEjB;;OAEG;IACH,OAAO,EAAE,OAAO,CAAC;IAEjB;;OAEG;IACH,eAAe,CAAC,EAAE,qBAAqB,CAAC;CACzC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA0CG;AACH,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,sBAAsB,IASjE,KAAK,IAAI,CAAC,eAAe,EACzB,KAAK,IAAI,CAAC,cAAc,EACxB,KAAK,GAAG,KACP,OAAO,CAAC,qBAAqB,CAAC,CA4FlC;AAED;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,wBAAgB,0BAA0B,CAAC,WAAW,EAAE,MAAM,EAAE,GAAG,oBAAoB,CAAC,eAAe,CAAC,CAYvG;AAqBD;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,4BAA4B,CAC1C,qBAAqB,EAAE,MAAM,EAC7B,iBAAiB,CAAC,EAAE;IAAE,QAAQ,EAAE,MAAM,CAAC;IAAC,YAAY,EAAE,MAAM,CAAA;CAAE,GAC7D,oBAAoB,CAAC,eAAe,CAAC,CAgFvC"}

package/dist/server/server.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/server/server.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,KAAK,IAAI,MAAM,WAAW,CAAC;AACvC,OAAO,KAAK,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAE5D,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACjD,OAAO,KAAK,EACV,eAAe,EACf,UAAU,EACV,gBAAgB,EAChB,uBAAuB,EACvB,mBAAmB,EACpB,MAAM,kBAAkB,CAAC;AAG1B,OAAO,KAAK,EAAE,gBAAgB,EAAE,WAAW,EAA+B,MAAM,oBAAoB,CAAC;AAErG,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,wBAAwB,CAAC;AACvD,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AACnE,OAAO,EAAE,kBAAkB,EAAE,MAAM,yCAAyC,CAAC;AAC7E,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AAEjF,OAAO,KAAK,EAAE,oCAAoC,EAAE,MAAM,oDAAoD,CAAC;AA0B/G,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAEtD,OAAO,EAAE,YAAY,EAAE,MAAM,+BAA+B,CAAC;AAE7D,OAAO,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AACtD,OAAO,EAAE,qBAAqB,EAAE,MAAM,mBAAmB,CAAC;AAC1D,OAAO,KAAK,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,MAAM,SAAS,CAAC;AACxF;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,qBAAa,SAAU,SAAQ,aAAa;IAC1C,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,cAAc,CAAC,CAAuB;IAC9C,OAAO,CAAC,YAAY,CAAC,CAAqB;IAC1C,OAAO,CAAC,iBAAiB,CAA4B;IACrD,OAAO,CAAC,wBAAwB,CAAyD;IAEzF,OAAO,CAAC,mBAAmB,CAAkC;IAE7D,OAAO,CAAC,gBAAgB,CAAC,CAAa;IACtC,OAAO,CAAC,wBAAwB,CAAC,CAAqB;IACtD,OAAO,CAAC,eAAe,CAAC,CAAqB;IAC7C,OAAO,CAAC,cAAc,CAAC,CAAW;IAClC,OAAO,CAAC,aAAa,CAAC,CAAmB;IACzC,OAAO,CAAC,aAAa,CAA0B;IAC/C,OAAO,CAAC,mBAAmB,CAA2B;IAEtD;;;;;;;;;;;OAWG;IACH,SAAgB,SAAS,EAAE,qBAAqB,CAAC;IAEjD;;;;;;;;OAQG;IACH,SAAgB,OAAO,EAAE,mBAAmB,CAAC;IAE7C;;;;;;;;;;;;;;;;;OAiBG;IACH,SAAgB,WAAW,EAAE,kBAAkB,CAAC;IAEhD;;;;;;OAMG;IACI,iBAAiB,IAAI,oBAAoB,GAAG,SAAS;IAI5D;;;;;;OAMG;IACI,eAAe,IAAI,kBAAkB,GAAG,SAAS;IAIxD;;;;;;;OAOG;IACI,mBAAmB,CAAC,SAAS,EAAE,MAAM,GAAG,YAAY,GAAG,SAAS;IAIvE;;;;;;OAMG;IACI,SAAS,IAAI,MAAM;IAI1B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA8CG;gBACS,IAAI,EAAE,eAAe,GAAG;QAAE,SAAS,CAAC,EAAE,kBAAkB,CAAC;QAAC,OAAO,CAAC,EAAE,gBAAgB,CAAA;KAAE;IAkElG;;;;;;;;OAQG;YACW,wBAAwB;IAetC;;;;;;;;;;;;;OAaG;YACW,YAAY;IA8B1B;;;OAGG;IACH,OAAO,CAAC,oBAAoB;IAgC5B;;;OAGG;IACH,OAAO,CAAC,wBAAwB;IAiLhC;;OAEG;IACH,OAAO,CAAC,gCAAgC;IAiHxC;;OAEG;IACH,OAAO,CAAC,8BAA8B;IAkFtC,OAAO,CAAC,oBAAoB;IAqF5B,OAAO,CAAC,uBAAuB;IA4F/B;;;;;;;OAOG;IACH,YAAY,CACV,KAAK,EAAE,UAAU,EACjB,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,EACpC,eAAe,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,GACzC,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAAC;IAoEnC;;;;;;;;;;;;;;;;;;OAkBG;IACU,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAsBxC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAiCG;IACU,QAAQ,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,WAAW,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE,mBAAmB,GAAG,OAAO,CAAC,IAAI,CAAC;IA4ClG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAgCG;IACU,YAAY,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,WAAW,EAAE,OAAO,EAAE,EAAE,uBAAuB;IAgDzF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA6DG;IACU,SAAS,CAAC,EACrB,GAAG,EACH,QAAQ,EACR,GAAG,EACH,GAAG,EACH,OAAO,GACR,EAAE;QACD,GAAG,EAAE,GAAG,CAAC;QACT,QAAQ,EAAE,MAAM,CAAC;QACjB,GAAG,EAAE,IAAI,CAAC,eAAe,CAAC;QAC1B,GAAG,EAAE,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAC/C,OAAO,CAAC,EAAE,OAAO,CAAC,oCAAoC,CAAC,GAAG;YAAE,UAAU,CAAC,EAAE,OAAO,CAAA;SAAE,CAAC;KACpF;IAuKD;;;;;;;;;;;;OAYG;YACW,uBAAuB;IA+DrC;;;;;;;;;;;;;;;;;;;;OAoBG;IACU,UAAU,CAAC,EACtB,WAAW,EACX,GAAG,GACJ,EAAE;QACD,WAAW,EAAE,MAAM,CAAC;QACpB,GAAG,EAAE,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;KAChD;IAgCD;;;;;;;;;;;;;;;;;;;;OAoBG;IACU,cAAc,CAAC,EAAE,WAAW,EAAE,MAAM,EAAE,EAAE;QAAE,WAAW,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,eAAe,CAAA;KAAE;IA6CrG;;;;;;;;;;;;;;;;OAgBG;IACG,KAAK;IA+CX;;;;;;;;;;;;;;OAcG;IACI,aAAa,IAAI,UAAU;IAclC;;;;;;;;;;;;;;OAcG;IACI,eAAe,IAAI,gBAAgB;IAS1C;;;;;;;;;;;;;;;;OAgBG;IACI,eAAe,IAAI;QACxB,KAAK,EAAE,KAAK,CAAC;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,WAAW,CAAC,EAAE,MAAM,CAAC;YAAC,WAAW,EAAE,GAAG,CAAC;YAAC,YAAY,CAAC,EAAE,GAAG,CAAC;YAAC,QAAQ,CAAC,EAAE,WAAW,CAAA;SAAE,CAAC,CAAC;KACpH;IAcD;;;;;;;;;;;;;;;;;OAiBG;IACI,WAAW,CAChB,MAAM,EAAE,MAAM,GACb;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,WAAW,CAAC,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,GAAG,CAAC;QAAC,YAAY,CAAC,EAAE,GAAG,CAAC;QAAC,QAAQ,CAAC,EAAE,WAAW,CAAA;KAAE,GAAG,SAAS;IAgBnH;;;;;;;;;;;;;;;;;;;;;OAqBG;IACU,WAAW,CACtB,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,GAAG,EACT,gBAAgB,CAAC,EAAE;QAAE,QAAQ,CAAC,EAAE,GAAG,EAAE,CAAC;QAAC,UAAU,CAAC,EAAE,MAAM,CAAA;KAAE,GAC3D,OAAO,CAAC,GAAG,CAAC;CAiFhB"}
+{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/server/server.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,KAAK,IAAI,MAAM,WAAW,CAAC;AACvC,OAAO,KAAK,EAAE,UAAU,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAE5D,OAAO,EAAE,aAAa,EAAE,MAAM,kBAAkB,CAAC;AACjD,OAAO,KAAK,EACV,eAAe,EACf,UAAU,EACV,gBAAgB,EAChB,uBAAuB,EACvB,mBAAmB,EACpB,MAAM,kBAAkB,CAAC;AAG1B,OAAO,KAAK,EAAE,gBAAgB,EAAE,WAAW,EAA+B,MAAM,oBAAoB,CAAC;AAErG,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,wBAAwB,CAAC;AACvD,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AACnE,OAAO,EAAE,kBAAkB,EAAE,MAAM,yCAAyC,CAAC;AAC7E,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AAEjF,OAAO,KAAK,EAAE,oCAAoC,EAAE,MAAM,oDAAoD,CAAC;AA0B/G,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAEtD,OAAO,EAAE,YAAY,EAAE,MAAM,+BAA+B,CAAC;AAE7D,OAAO,EAAE,mBAAmB,EAAE,MAAM,iBAAiB,CAAC;AACtD,OAAO,EAAE,qBAAqB,EAAE,MAAM,mBAAmB,CAAC;AAC1D,OAAO,KAAK,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,kBAAkB,EAAE,MAAM,SAAS,CAAC;AACxF;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,qBAAa,SAAU,SAAQ,aAAa;IAC1C,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,cAAc,CAAC,CAAuB;IAC9C,OAAO,CAAC,YAAY,CAAC,CAAqB;IAC1C,OAAO,CAAC,iBAAiB,CAA4B;IACrD,OAAO,CAAC,wBAAwB,CAAyD;IAEzF,OAAO,CAAC,mBAAmB,CAAkC;IAE7D,OAAO,CAAC,gBAAgB,CAAC,CAAa;IACtC,OAAO,CAAC,wBAAwB,CAAC,CAAqB;IACtD,OAAO,CAAC,eAAe,CAAC,CAAqB;IAC7C,OAAO,CAAC,cAAc,CAAC,CAAW;IAClC,OAAO,CAAC,aAAa,CAAC,CAAmB;IACzC,OAAO,CAAC,aAAa,CAA0B;IAC/C,OAAO,CAAC,mBAAmB,CAA2B;IAEtD;;;;;;;;;;;OAWG;IACH,SAAgB,SAAS,EAAE,qBAAqB,CAAC;IAEjD;;;;;;;;OAQG;IACH,SAAgB,OAAO,EAAE,mBAAmB,CAAC;IAE7C;;;;;;;;;;;;;;;;;OAiBG;IACH,SAAgB,WAAW,EAAE,kBAAkB,CAAC;IAEhD;;;;;;OAMG;IACI,iBAAiB,IAAI,oBAAoB,GAAG,SAAS;IAI5D;;;;;;OAMG;IACI,eAAe,IAAI,kBAAkB,GAAG,SAAS;IAIxD;;;;;;;OAOG;IACI,mBAAmB,CAAC,SAAS,EAAE,MAAM,GAAG,YAAY,GAAG,SAAS;IAIvE;;;;;;OAMG;IACI,SAAS,IAAI,MAAM;IAI1B;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA8CG;gBACS,IAAI,EAAE,eAAe,GAAG;QAAE,SAAS,CAAC,EAAE,kBAAkB,CAAC;QAAC,OAAO,CAAC,EAAE,gBAAgB,CAAA;KAAE;IAkElG;;;;;;;;OAQG;YACW,wBAAwB;IAetC;;;;;;;;;;;;;OAaG;YACW,YAAY;IA8B1B;;;OAGG;IACH,OAAO,CAAC,oBAAoB;IAgC5B;;;OAGG;IACH,OAAO,CAAC,wBAAwB;IAyLhC;;OAEG;IACH,OAAO,CAAC,gCAAgC;IAiHxC;;OAEG;IACH,OAAO,CAAC,8BAA8B;IAkFtC,OAAO,CAAC,oBAAoB;IAqF5B,OAAO,CAAC,uBAAuB;IA4F/B;;;;;;;OAOG;IACH,YAAY,CACV,KAAK,EAAE,UAAU,EACjB,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,EACpC,eAAe,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,GACzC,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAAC;IAoEnC;;;;;;;;;;;;;;;;;;OAkBG;IACU,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAsBxC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAiCG;IACU,QAAQ,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,WAAW,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE,mBAAmB,GAAG,OAAO,CAAC,IAAI,CAAC;IA4ClG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAgCG;IACU,YAAY,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,WAAW,EAAE,OAAO,EAAE,EAAE,uBAAuB;IAgDzF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA6DG;IACU,SAAS,CAAC,EACrB,GAAG,EACH,QAAQ,EACR,GAAG,EACH,GAAG,EACH,OAAO,GACR,EAAE;QACD,GAAG,EAAE,GAAG,CAAC;QACT,QAAQ,EAAE,MAAM,CAAC;QACjB,GAAG,EAAE,IAAI,CAAC,eAAe,CAAC;QAC1B,GAAG,EAAE,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAC/C,OAAO,CAAC,EAAE,OAAO,CAAC,oCAAoC,CAAC,GAAG;YAAE,UAAU,CAAC,EAAE,OAAO,CAAA;SAAE,CAAC;KACpF;IAuKD;;;;;;;;;;;;OAYG;YACW,uBAAuB;IA+DrC;;;;;;;;;;;;;;;;;;;;OAoBG;IACU,UAAU,CAAC,EACtB,WAAW,EACX,GAAG,GACJ,EAAE;QACD,WAAW,EAAE,MAAM,CAAC;QACpB,GAAG,EAAE,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;KAChD;IAgCD;;;;;;;;;;;;;;;;;;;;OAoBG;IACU,cAAc,CAAC,EAAE,WAAW,EAAE,MAAM,EAAE,EAAE;QAAE,WAAW,EAAE,MAAM,CAAC;QAAC,MAAM,EAAE,eAAe,CAAA;KAAE;IA6CrG;;;;;;;;;;;;;;;;OAgBG;IACG,KAAK;IA+CX;;;;;;;;;;;;;;OAcG;IACI,aAAa,IAAI,UAAU;IAclC;;;;;;;;;;;;;;OAcG;IACI,eAAe,IAAI,gBAAgB;IAS1C;;;;;;;;;;;;;;;;OAgBG;IACI,eAAe,IAAI;QACxB,KAAK,EAAE,KAAK,CAAC;YAAE,IAAI,EAAE,MAAM,CAAC;YAAC,WAAW,CAAC,EAAE,MAAM,CAAC;YAAC,WAAW,EAAE,GAAG,CAAC;YAAC,YAAY,CAAC,EAAE,GAAG,CAAC;YAAC,QAAQ,CAAC,EAAE,WAAW,CAAA;SAAE,CAAC,CAAC;KACpH;IAcD;;;;;;;;;;;;;;;;;OAiBG;IACI,WAAW,CAChB,MAAM,EAAE,MAAM,GACb;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,WAAW,CAAC,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,GAAG,CAAC;QAAC,YAAY,CAAC,EAAE,GAAG,CAAC;QAAC,QAAQ,CAAC,EAAE,WAAW,CAAA;KAAE,GAAG,SAAS;IAgBnH;;;;;;;;;;;;;;;;;;;;;OAqBG;IACU,WAAW,CACtB,MAAM,EAAE,MAAM,EACd,IAAI,EAAE,GAAG,EACT,gBAAgB,CAAC,EAAE;QAAE,QAAQ,CAAC,EAAE,GAAG,EAAE,CAAC;QAAC,UAAU,CAAC,EAAE,MAAM,CAAA;KAAE,GAC3D,OAAO,CAAC,GAAG,CAAC;CAiFhB"}

package/dist/shared/index.d.ts

@@ -0,0 +1,2 @@
+export * from './oauth-types.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/shared/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/shared/index.ts"],"names":[],"mappings":"AAAA,cAAc,eAAe,CAAC"}

package/dist/shared/oauth-types.d.ts

@@ -0,0 +1,137 @@
+/**
+ * OAuth Types for MCP Authentication
+ *
+ * Re-exports and extends OAuth types from the MCP SDK for use in Mastra's
+ * MCP client and server implementations.
+ *
+ * @see https://modelcontextprotocol.io/specification/2025-06-18/basic/authorization
+ */
+import type { OAuthProtectedResourceMetadata as SDKOAuthProtectedResourceMetadata } from '@modelcontextprotocol/sdk/shared/auth.js';
+export type { OAuthMetadata, OAuthTokens, OAuthErrorResponse, OAuthClientMetadata, OAuthClientInformation, OAuthClientInformationFull, OAuthClientRegistrationError, OAuthTokenRevocationRequest, OAuthProtectedResourceMetadata, AuthorizationServerMetadata, } from '@modelcontextprotocol/sdk/shared/auth.js';
+export { auth, discoverOAuthProtectedResourceMetadata, discoverOAuthMetadata, discoverAuthorizationServerMetadata, startAuthorization, exchangeAuthorization, refreshAuthorization, registerClient, extractResourceMetadataUrl, selectResourceURL, parseErrorResponse, UnauthorizedError, buildDiscoveryUrls, } from '@modelcontextprotocol/sdk/client/auth.js';
+export type { OAuthClientProvider, AuthResult } from '@modelcontextprotocol/sdk/client/auth.js';
+/**
+ * Configuration for OAuth-protected MCP server.
+ *
+ * Used to configure Protected Resource Metadata (RFC 9728) and
+ * token validation for MCP servers that require OAuth authentication.
+ */
+export interface MCPServerOAuthConfig {
+    /**
+     * The resource identifier URI for this MCP server.
+     * This MUST be the canonical URL of the MCP server.
+     *
+     * @example 'https://mcp.example.com/mcp'
+     */
+    resource: string;
+    /**
+     * URLs of authorization servers that can issue tokens for this resource.
+     * At least one authorization server should be specified.
+     *
+     * @example ['https://auth.example.com']
+     */
+    authorizationServers: string[];
+    /**
+     * Scopes supported by this MCP server.
+     *
+     * @default ['mcp:read', 'mcp:write']
+     */
+    scopesSupported?: string[];
+    /**
+     * Human-readable name of this resource server.
+     */
+    resourceName?: string;
+    /**
+     * URL to documentation about this resource server.
+     */
+    resourceDocumentation?: string;
+    /**
+     * Custom function to validate access tokens.
+     *
+     * If not provided, tokens are accepted without validation
+     * (useful for testing but NOT recommended for production).
+     *
+     * @param token - The bearer token from the Authorization header
+     * @param resource - The resource URI this server represents
+     * @returns Promise resolving to validation result
+     */
+    validateToken?: (token: string, resource: string) => Promise<TokenValidationResult>;
+}
+/**
+ * Result of token validation.
+ */
+export interface TokenValidationResult {
+    /**
+     * Whether the token is valid.
+     */
+    valid: boolean;
+    /**
+     * If invalid, the reason for rejection.
+     */
+    error?: string;
+    /**
+     * If invalid, a more detailed error description.
+     */
+    errorDescription?: string;
+    /**
+     * The scopes granted by this token.
+     */
+    scopes?: string[];
+    /**
+     * The subject (user) identifier from the token.
+     */
+    subject?: string;
+    /**
+     * When the token expires (Unix timestamp).
+     */
+    expiresAt?: number;
+    /**
+     * Additional claims from the token.
+     */
+    claims?: Record<string, unknown>;
+}
+/**
+ * Options for OAuth-related HTTP responses.
+ */
+export interface OAuthResponseOptions {
+    /**
+     * URL to the Protected Resource Metadata endpoint.
+     */
+    resourceMetadataUrl?: string;
+    /**
+     * Additional WWW-Authenticate parameters.
+     */
+    additionalParams?: Record<string, string>;
+}
+/**
+ * Generates a WWW-Authenticate header value for OAuth 401 responses.
+ *
+ * @param options - Options for generating the header
+ * @returns The WWW-Authenticate header value
+ *
+ * @example
+ * ```typescript
+ * const header = generateWWWAuthenticateHeader({
+ *   resourceMetadataUrl: 'https://mcp.example.com/.well-known/oauth-protected-resource',
+ * });
+ * // Returns: 'Bearer resource_metadata="https://mcp.example.com/.well-known/oauth-protected-resource"'
+ * ```
+ */
+export declare function generateWWWAuthenticateHeader(options?: OAuthResponseOptions): string;
+/**
+ * Generates Protected Resource Metadata (RFC 9728) JSON response.
+ *
+ * @param config - OAuth configuration for the MCP server
+ * @returns The Protected Resource Metadata object
+ *
+ * @see https://www.rfc-editor.org/rfc/rfc9728.html
+ */
+export declare function generateProtectedResourceMetadata(config: MCPServerOAuthConfig): SDKOAuthProtectedResourceMetadata;
+/**
+ * Extracts the bearer token from an Authorization header.
+ *
+ * @param authHeader - The Authorization header value
+ * @returns The bearer token, or undefined if not present
+ */
+export declare function extractBearerToken(authHeader: string | null | undefined): string | undefined;
+//# sourceMappingURL=oauth-types.d.ts.map

package/dist/shared/oauth-types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-types.d.ts","sourceRoot":"","sources":["../../src/shared/oauth-types.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,KAAK,EAAE,8BAA8B,IAAI,iCAAiC,EAAE,MAAM,0CAA0C,CAAC;AAGpI,YAAY,EACV,aAAa,EACb,WAAW,EACX,kBAAkB,EAClB,mBAAmB,EACnB,sBAAsB,EACtB,0BAA0B,EAC1B,4BAA4B,EAC5B,2BAA2B,EAC3B,8BAA8B,EAC9B,2BAA2B,GAC5B,MAAM,0CAA0C,CAAC;AAGlD,OAAO,EACL,IAAI,EACJ,sCAAsC,EACtC,qBAAqB,EACrB,mCAAmC,EACnC,kBAAkB,EAClB,qBAAqB,EACrB,oBAAoB,EACpB,cAAc,EACd,0BAA0B,EAC1B,iBAAiB,EACjB,kBAAkB,EAClB,iBAAiB,EACjB,kBAAkB,GACnB,MAAM,0CAA0C,CAAC;AAGlD,YAAY,EAAE,mBAAmB,EAAE,UAAU,EAAE,MAAM,0CAA0C,CAAC;AAEhG;;;;;GAKG;AACH,MAAM,WAAW,oBAAoB;IACnC;;;;;OAKG;IACH,QAAQ,EAAE,MAAM,CAAC;IAEjB;;;;;OAKG;IACH,oBAAoB,EAAE,MAAM,EAAE,CAAC;IAE/B;;;;OAIG;IACH,eAAe,CAAC,EAAE,MAAM,EAAE,CAAC;IAE3B;;OAEG;IACH,YAAY,CAAC,EAAE,MAAM,CAAC;IAEtB;;OAEG;IACH,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAE/B;;;;;;;;;OASG;IACH,aAAa,CAAC,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,KAAK,OAAO,CAAC,qBAAqB,CAAC,CAAC;CACrF;AAED;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACpC;;OAEG;IACH,KAAK,EAAE,OAAO,CAAC;IAEf;;OAEG;IACH,KAAK,CAAC,EAAE,MAAM,CAAC;IAEf;;OAEG;IACH,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAE1B;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;IAElB;;OAEG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB;;OAEG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;OAEG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAClC;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC;;OAEG;IACH,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAE7B;;OAEG;IACH,gBAAgB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAC3C;AASD;;;;;;;;;;;;;GAaG;AACH,wBAAgB,6BAA6B,CAAC,OAAO,GAAE,oBAAyB,GAAG,MAAM,CAkBxF;AAED;;;;;;;GAOG;AACH,wBAAgB,iCAAiC,CAAC,MAAM,EAAE,oBAAoB,GAAG,iCAAiC,CAWjH;AAED;;;;;GAKG;AACH,wBAAgB,kBAAkB,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAAG,MAAM,GAAG,SAAS,CAU5F"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mastra/mcp",
-  "version": "1.0.0-beta.8",
+  "version": "1.0.0",
   "description": "",
   "type": "module",
   "main": "dist/index.js",
@@ -30,7 +30,7 @@
     "@modelcontextprotocol/sdk": "^1.17.5",
     "exit-hook": "^5.0.1",
     "fast-deep-equal": "^3.1.3",
-    "uuid": "^11.1.0",
+    "uuid": "^13.0.0",
     "zod-from-json-schema": "^0.5.0",
     "zod-from-json-schema-v3": "npm:zod-from-json-schema@^0.0.5"
   },
@@ -54,9 +54,9 @@
     "vitest": "4.0.16",
     "zod": "^3.25.76",
     "zod-to-json-schema": "^3.24.6",
-    "@internal/types-builder": "0.0.28",
-    "@mastra/core": "1.0.0-beta.20",
-    "@internal/lint": "0.0.53"
+    "@internal/lint": "0.0.54",
+    "@mastra/core": "1.0.0",
+    "@internal/types-builder": "0.0.29"
   },
   "homepage": "https://mastra.ai",
   "repository": {