@mcp-z/mcp-drive 1.0.0

package/dist/cjs/setup/oauth-google.d.cts

@@ -0,0 +1,64 @@
+import { type AuthEmailProvider } from '@mcp-z/oauth';
+import type { CachedToken } from '@mcp-z/oauth-google';
+import { DcrOAuthProvider, LoopbackOAuthProvider, ServiceAccountProvider } from '@mcp-z/oauth-google';
+import type { Logger, PromptModule, ToolModule } from '@mcp-z/server';
+import type { Router } from 'express';
+import type { Keyv } from 'keyv';
+import type { ServerConfig } from '../types.js';
+/**
+ * Drive OAuth runtime dependencies
+ */
+export interface OAuthRuntimeDeps {
+    logger: Logger;
+    tokenStore: Keyv<CachedToken>;
+    dcrStore?: Keyv<unknown>;
+}
+/**
+ * Auth middleware wrapper with withToolAuth/withResourceAuth/withPromptAuth methods
+ * Uses structural constraints to avoid contravariance issues with handler types.
+ */
+export interface AuthMiddleware {
+    withToolAuth<T extends {
+        name: string;
+        config: unknown;
+        handler: unknown;
+    }>(module: T): T;
+    withResourceAuth<T extends {
+        name: string;
+        template?: unknown;
+        config?: unknown;
+        handler: unknown;
+    }>(module: T): T;
+    withPromptAuth<T extends {
+        name: string;
+        config: unknown;
+        handler: unknown;
+    }>(module: T): T;
+}
+/**
+ * Result of OAuth adapter creation
+ */
+export interface OAuthAdapters {
+    primary: LoopbackOAuthProvider | ServiceAccountProvider | DcrOAuthProvider;
+    middleware: AuthMiddleware;
+    authAdapter: AuthEmailProvider;
+    accountTools: ToolModule[];
+    accountPrompts: PromptModule[];
+    dcrRouter?: Router;
+}
+/**
+ * Create Drive OAuth adapters based on transport configuration
+ *
+ * Returns primary adapter (loopback or service account), pre-configured middleware,
+ * auth email provider, and pre-selected account tools based on auth mode.
+ *
+ * Primary adapter selection is based on auth mode:
+ * - 'loopback-oauth': LoopbackOAuthProvider (interactive OAuth with token storage)
+ * - 'service-account': ServiceAccountProvider (JWT-based authentication)
+ *
+ * @param config - Server configuration (transport + auth settings)
+ * @param deps - Runtime dependencies (logger, tokenStore, etc.)
+ * @returns OAuth adapters with pre-configured middleware and account tools
+ * @throws Error if service account mode but no key file provided
+ */
+export declare function createOAuthAdapters(config: ServerConfig, deps: OAuthRuntimeDeps, baseUrl?: string): Promise<OAuthAdapters>;

package/dist/cjs/setup/oauth-google.d.ts

@@ -0,0 +1,64 @@
+import { type AuthEmailProvider } from '@mcp-z/oauth';
+import type { CachedToken } from '@mcp-z/oauth-google';
+import { DcrOAuthProvider, LoopbackOAuthProvider, ServiceAccountProvider } from '@mcp-z/oauth-google';
+import type { Logger, PromptModule, ToolModule } from '@mcp-z/server';
+import type { Router } from 'express';
+import type { Keyv } from 'keyv';
+import type { ServerConfig } from '../types.js';
+/**
+ * Drive OAuth runtime dependencies
+ */
+export interface OAuthRuntimeDeps {
+    logger: Logger;
+    tokenStore: Keyv<CachedToken>;
+    dcrStore?: Keyv<unknown>;
+}
+/**
+ * Auth middleware wrapper with withToolAuth/withResourceAuth/withPromptAuth methods
+ * Uses structural constraints to avoid contravariance issues with handler types.
+ */
+export interface AuthMiddleware {
+    withToolAuth<T extends {
+        name: string;
+        config: unknown;
+        handler: unknown;
+    }>(module: T): T;
+    withResourceAuth<T extends {
+        name: string;
+        template?: unknown;
+        config?: unknown;
+        handler: unknown;
+    }>(module: T): T;
+    withPromptAuth<T extends {
+        name: string;
+        config: unknown;
+        handler: unknown;
+    }>(module: T): T;
+}
+/**
+ * Result of OAuth adapter creation
+ */
+export interface OAuthAdapters {
+    primary: LoopbackOAuthProvider | ServiceAccountProvider | DcrOAuthProvider;
+    middleware: AuthMiddleware;
+    authAdapter: AuthEmailProvider;
+    accountTools: ToolModule[];
+    accountPrompts: PromptModule[];
+    dcrRouter?: Router;
+}
+/**
+ * Create Drive OAuth adapters based on transport configuration
+ *
+ * Returns primary adapter (loopback or service account), pre-configured middleware,
+ * auth email provider, and pre-selected account tools based on auth mode.
+ *
+ * Primary adapter selection is based on auth mode:
+ * - 'loopback-oauth': LoopbackOAuthProvider (interactive OAuth with token storage)
+ * - 'service-account': ServiceAccountProvider (JWT-based authentication)
+ *
+ * @param config - Server configuration (transport + auth settings)
+ * @param deps - Runtime dependencies (logger, tokenStore, etc.)
+ * @returns OAuth adapters with pre-configured middleware and account tools
+ * @throws Error if service account mode but no key file provided
+ */
+export declare function createOAuthAdapters(config: ServerConfig, deps: OAuthRuntimeDeps, baseUrl?: string): Promise<OAuthAdapters>;

package/dist/cjs/setup/oauth-google.js

@@ -0,0 +1,347 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", {
+    value: true
+});
+Object.defineProperty(exports, "createOAuthAdapters", {
+    enumerable: true,
+    get: function() {
+        return createOAuthAdapters;
+    }
+});
+var _oauth = require("@mcp-z/oauth");
+var _oauthgoogle = require("@mcp-z/oauth-google");
+var _constantsts = require("../constants.js");
+function asyncGeneratorStep(gen, resolve, reject, _next, _throw, key, arg) {
+    try {
+        var info = gen[key](arg);
+        var value = info.value;
+    } catch (error) {
+        reject(error);
+        return;
+    }
+    if (info.done) {
+        resolve(value);
+    } else {
+        Promise.resolve(value).then(_next, _throw);
+    }
+}
+function _async_to_generator(fn) {
+    return function() {
+        var self = this, args = arguments;
+        return new Promise(function(resolve, reject) {
+            var gen = fn.apply(self, args);
+            function _next(value) {
+                asyncGeneratorStep(gen, resolve, reject, _next, _throw, "next", value);
+            }
+            function _throw(err) {
+                asyncGeneratorStep(gen, resolve, reject, _next, _throw, "throw", err);
+            }
+            _next(undefined);
+        });
+    };
+}
+function _define_property(obj, key, value) {
+    if (key in obj) {
+        Object.defineProperty(obj, key, {
+            value: value,
+            enumerable: true,
+            configurable: true,
+            writable: true
+        });
+    } else {
+        obj[key] = value;
+    }
+    return obj;
+}
+function _object_spread(target) {
+    for(var i = 1; i < arguments.length; i++){
+        var source = arguments[i] != null ? arguments[i] : {};
+        var ownKeys = Object.keys(source);
+        if (typeof Object.getOwnPropertySymbols === "function") {
+            ownKeys = ownKeys.concat(Object.getOwnPropertySymbols(source).filter(function(sym) {
+                return Object.getOwnPropertyDescriptor(source, sym).enumerable;
+            }));
+        }
+        ownKeys.forEach(function(key) {
+            _define_property(target, key, source[key]);
+        });
+    }
+    return target;
+}
+function ownKeys(object, enumerableOnly) {
+    var keys = Object.keys(object);
+    if (Object.getOwnPropertySymbols) {
+        var symbols = Object.getOwnPropertySymbols(object);
+        if (enumerableOnly) {
+            symbols = symbols.filter(function(sym) {
+                return Object.getOwnPropertyDescriptor(object, sym).enumerable;
+            });
+        }
+        keys.push.apply(keys, symbols);
+    }
+    return keys;
+}
+function _object_spread_props(target, source) {
+    source = source != null ? source : {};
+    if (Object.getOwnPropertyDescriptors) {
+        Object.defineProperties(target, Object.getOwnPropertyDescriptors(source));
+    } else {
+        ownKeys(Object(source)).forEach(function(key) {
+            Object.defineProperty(target, key, Object.getOwnPropertyDescriptor(source, key));
+        });
+    }
+    return target;
+}
+function _ts_generator(thisArg, body) {
+    var f, y, t, _ = {
+        label: 0,
+        sent: function() {
+            if (t[0] & 1) throw t[1];
+            return t[1];
+        },
+        trys: [],
+        ops: []
+    }, g = Object.create((typeof Iterator === "function" ? Iterator : Object).prototype), d = Object.defineProperty;
+    return d(g, "next", {
+        value: verb(0)
+    }), d(g, "throw", {
+        value: verb(1)
+    }), d(g, "return", {
+        value: verb(2)
+    }), typeof Symbol === "function" && d(g, Symbol.iterator, {
+        value: function() {
+            return this;
+        }
+    }), g;
+    function verb(n) {
+        return function(v) {
+            return step([
+                n,
+                v
+            ]);
+        };
+    }
+    function step(op) {
+        if (f) throw new TypeError("Generator is already executing.");
+        while(g && (g = 0, op[0] && (_ = 0)), _)try {
+            if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
+            if (y = 0, t) op = [
+                op[0] & 2,
+                t.value
+            ];
+            switch(op[0]){
+                case 0:
+                case 1:
+                    t = op;
+                    break;
+                case 4:
+                    _.label++;
+                    return {
+                        value: op[1],
+                        done: false
+                    };
+                case 5:
+                    _.label++;
+                    y = op[1];
+                    op = [
+                        0
+                    ];
+                    continue;
+                case 7:
+                    op = _.ops.pop();
+                    _.trys.pop();
+                    continue;
+                default:
+                    if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) {
+                        _ = 0;
+                        continue;
+                    }
+                    if (op[0] === 3 && (!t || op[1] > t[0] && op[1] < t[3])) {
+                        _.label = op[1];
+                        break;
+                    }
+                    if (op[0] === 6 && _.label < t[1]) {
+                        _.label = t[1];
+                        t = op;
+                        break;
+                    }
+                    if (t && _.label < t[2]) {
+                        _.label = t[2];
+                        _.ops.push(op);
+                        break;
+                    }
+                    if (t[2]) _.ops.pop();
+                    _.trys.pop();
+                    continue;
+            }
+            op = body.call(thisArg, _);
+        } catch (e) {
+            op = [
+                6,
+                e
+            ];
+            y = 0;
+        } finally{
+            f = t = 0;
+        }
+        if (op[0] & 5) throw op[1];
+        return {
+            value: op[0] ? op[1] : void 0,
+            done: true
+        };
+    }
+}
+function createOAuthAdapters(config, deps, baseUrl) {
+    return _async_to_generator(function() {
+        var logger, tokenStore, dcrStore, resolvedBaseUrl, oauthStaticConfig, primary, dcrRouter, middleware, authAdapter, accountTools, accountPrompts, authAdapter1, middleware1, accountTools1, accountPrompts1, result;
+        return _ts_generator(this, function(_state) {
+            logger = deps.logger, tokenStore = deps.tokenStore, dcrStore = deps.dcrStore;
+            resolvedBaseUrl = baseUrl !== null && baseUrl !== void 0 ? baseUrl : config.baseUrl;
+            oauthStaticConfig = _object_spread({
+                service: config.name,
+                clientId: config.clientId,
+                clientSecret: config.clientSecret,
+                scope: _constantsts.GOOGLE_SCOPE,
+                auth: config.auth,
+                headless: config.headless,
+                redirectUri: config.transport.type === 'stdio' ? undefined : config.redirectUri
+            }, config.serviceAccountKeyFile && {
+                serviceAccountKeyFile: config.serviceAccountKeyFile
+            }, resolvedBaseUrl && {
+                baseUrl: resolvedBaseUrl
+            });
+            // DCR mode - Dynamic Client Registration with HTTP-only support
+            if (oauthStaticConfig.auth === 'dcr') {
+                logger.debug('Creating DCR provider', {
+                    service: oauthStaticConfig.service
+                });
+                // DCR requires dcrStore and baseUrl
+                if (!dcrStore) {
+                    throw new Error('DCR mode requires dcrStore to be configured');
+                }
+                if (!oauthStaticConfig.baseUrl) {
+                    throw new Error('DCR mode requires baseUrl to be configured');
+                }
+                // Create DcrOAuthProvider (stateless provider that receives tokens from verification context)
+                primary = new _oauthgoogle.DcrOAuthProvider(_object_spread_props(_object_spread({
+                    clientId: oauthStaticConfig.clientId
+                }, oauthStaticConfig.clientSecret && {
+                    clientSecret: oauthStaticConfig.clientSecret
+                }), {
+                    scope: oauthStaticConfig.scope,
+                    verifyEndpoint: "".concat(oauthStaticConfig.baseUrl, "/oauth/verify"),
+                    logger: logger
+                }));
+                // Create DCR OAuth router with authorization server endpoints
+                dcrRouter = (0, _oauthgoogle.createDcrRouter)({
+                    store: dcrStore,
+                    issuerUrl: oauthStaticConfig.baseUrl,
+                    baseUrl: oauthStaticConfig.baseUrl,
+                    scopesSupported: oauthStaticConfig.scope.split(' '),
+                    clientConfig: _object_spread({
+                        clientId: oauthStaticConfig.clientId
+                    }, oauthStaticConfig.clientSecret && {
+                        clientSecret: oauthStaticConfig.clientSecret
+                    })
+                });
+                // DCR uses bearer token authentication with middleware validation
+                middleware = primary.authMiddleware();
+                // Create auth email provider (stateless)
+                authAdapter = {
+                    getUserEmail: function() {
+                        throw new Error('DCR mode does not support getUserEmail - tokens are provided via bearer auth');
+                    }
+                };
+                // No account management tools for DCR
+                accountTools = [];
+                accountPrompts = [];
+                return [
+                    2,
+                    {
+                        primary: primary,
+                        middleware: middleware,
+                        authAdapter: authAdapter,
+                        accountTools: accountTools,
+                        accountPrompts: accountPrompts,
+                        dcrRouter: dcrRouter
+                    }
+                ];
+            }
+            if (config.auth === 'service-account') {
+                // Service account mode - JWT-based authentication
+                if (!oauthStaticConfig.serviceAccountKeyFile) {
+                    throw new Error('Service account key file is required when auth mode is "service-account". ' + 'Set GOOGLE_SERVICE_ACCOUNT_KEY_FILE environment variable or use --service-account-key-file flag.');
+                }
+                logger.debug('Creating service account provider', {
+                    service: oauthStaticConfig.service
+                });
+                primary = new _oauthgoogle.ServiceAccountProvider({
+                    keyFilePath: oauthStaticConfig.serviceAccountKeyFile,
+                    scopes: oauthStaticConfig.scope.split(' '),
+                    logger: logger
+                });
+            } else {
+                // Loopback mode - interactive OAuth with token storage
+                logger.debug('Creating loopback OAuth provider', {
+                    service: oauthStaticConfig.service
+                });
+                primary = new _oauthgoogle.LoopbackOAuthProvider(_object_spread({
+                    service: oauthStaticConfig.service,
+                    clientId: oauthStaticConfig.clientId,
+                    clientSecret: oauthStaticConfig.clientSecret,
+                    scope: oauthStaticConfig.scope,
+                    headless: oauthStaticConfig.headless,
+                    logger: logger,
+                    tokenStore: tokenStore
+                }, oauthStaticConfig.redirectUri !== undefined && {
+                    redirectUri: oauthStaticConfig.redirectUri
+                }));
+            }
+            // Create auth email provider (used by account management tools)
+            authAdapter1 = _object_spread({
+                getUserEmail: function(accountId) {
+                    return primary.getUserEmail(accountId);
+                }
+            }, 'authenticateNewAccount' in primary && primary.authenticateNewAccount ? {
+                authenticateNewAccount: function() {
+                    var _primary_authenticateNewAccount;
+                    return (_primary_authenticateNewAccount = primary.authenticateNewAccount) === null || _primary_authenticateNewAccount === void 0 ? void 0 : _primary_authenticateNewAccount.call(primary);
+                }
+            } : {});
+            if (oauthStaticConfig.auth === 'service-account') {
+                // Service account mode - no account management tools needed (single identity)
+                middleware1 = primary.authMiddleware();
+                accountTools1 = [];
+                accountPrompts1 = [];
+                logger.debug('Service account mode - no account tools', {
+                    service: oauthStaticConfig.service
+                });
+            } else {
+                // Loopback OAuth - multi-account mode
+                middleware1 = primary.authMiddleware();
+                result = _oauth.AccountServer.createLoopback({
+                    service: oauthStaticConfig.service,
+                    store: tokenStore,
+                    logger: logger,
+                    auth: authAdapter1
+                });
+                accountTools1 = result.tools;
+                accountPrompts1 = result.prompts;
+                logger.debug('Loopback OAuth (multi-account mode)', {
+                    service: oauthStaticConfig.service
+                });
+            }
+            return [
+                2,
+                {
+                    primary: primary,
+                    middleware: middleware1,
+                    authAdapter: authAdapter1,
+                    accountTools: accountTools1,
+                    accountPrompts: accountPrompts1
+                }
+            ];
+        });
+    })();
+}
+/* CJS INTEROP */ if (exports.__esModule && exports.default) { try { Object.defineProperty(exports.default, '__esModule', { value: true }); for (var key in exports) { exports.default[key] = exports[key]; } } catch (_) {}; module.exports = exports.default; }

package/dist/cjs/setup/oauth-google.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["/Users/kevin/Dev/Projects/ai/mcp-z/servers/mcp-drive/src/setup/oauth-google.ts"],"sourcesContent":["import { AccountServer, type AuthEmailProvider } from '@mcp-z/oauth';\nimport type { CachedToken } from '@mcp-z/oauth-google';\nimport { createDcrRouter, DcrOAuthProvider, LoopbackOAuthProvider, ServiceAccountProvider } from '@mcp-z/oauth-google';\nimport type { Logger, PromptModule, ToolModule } from '@mcp-z/server';\nimport type { Router } from 'express';\nimport type { Keyv } from 'keyv';\nimport { GOOGLE_SCOPE } from '../constants.ts';\nimport type { ServerConfig } from '../types.js';\n\n/**\n * Drive OAuth runtime dependencies\n */\nexport interface OAuthRuntimeDeps {\n  logger: Logger;\n  tokenStore: Keyv<CachedToken>;\n  dcrStore?: Keyv<unknown>;\n}\n\n/**\n * Auth middleware wrapper with withToolAuth/withResourceAuth/withPromptAuth methods\n * Uses structural constraints to avoid contravariance issues with handler types.\n */\nexport interface AuthMiddleware {\n  withToolAuth<T extends { name: string; config: unknown; handler: unknown }>(module: T): T;\n  withResourceAuth<T extends { name: string; template?: unknown; config?: unknown; handler: unknown }>(module: T): T;\n  withPromptAuth<T extends { name: string; config: unknown; handler: unknown }>(module: T): T;\n}\n\n/**\n * Result of OAuth adapter creation\n */\nexport interface OAuthAdapters {\n  primary: LoopbackOAuthProvider | ServiceAccountProvider | DcrOAuthProvider;\n  middleware: AuthMiddleware;\n  authAdapter: AuthEmailProvider;\n  accountTools: ToolModule[];\n  accountPrompts: PromptModule[];\n  dcrRouter?: Router;\n}\n\n/**\n * Create Drive OAuth adapters based on transport configuration\n *\n * Returns primary adapter (loopback or service account), pre-configured middleware,\n * auth email provider, and pre-selected account tools based on auth mode.\n *\n * Primary adapter selection is based on auth mode:\n * - 'loopback-oauth': LoopbackOAuthProvider (interactive OAuth with token storage)\n * - 'service-account': ServiceAccountProvider (JWT-based authentication)\n *\n * @param config - Server configuration (transport + auth settings)\n * @param deps - Runtime dependencies (logger, tokenStore, etc.)\n * @returns OAuth adapters with pre-configured middleware and account tools\n * @throws Error if service account mode but no key file provided\n */\nexport async function createOAuthAdapters(config: ServerConfig, deps: OAuthRuntimeDeps, baseUrl?: string): Promise<OAuthAdapters> {\n  const { logger, tokenStore, dcrStore } = deps;\n  const resolvedBaseUrl = baseUrl ?? config.baseUrl;\n  const oauthStaticConfig = {\n    service: config.name,\n    clientId: config.clientId,\n    clientSecret: config.clientSecret,\n    scope: GOOGLE_SCOPE,\n    auth: config.auth,\n    headless: config.headless,\n    redirectUri: config.transport.type === 'stdio' ? undefined : config.redirectUri,\n    ...(config.serviceAccountKeyFile && { serviceAccountKeyFile: config.serviceAccountKeyFile }),\n    ...(resolvedBaseUrl && { baseUrl: resolvedBaseUrl }),\n  };\n\n  // Create primary adapter based on auth mode\n  let primary: LoopbackOAuthProvider | ServiceAccountProvider | DcrOAuthProvider;\n\n  // DCR mode - Dynamic Client Registration with HTTP-only support\n  if (oauthStaticConfig.auth === 'dcr') {\n    logger.debug('Creating DCR provider', { service: oauthStaticConfig.service });\n\n    // DCR requires dcrStore and baseUrl\n    if (!dcrStore) {\n      throw new Error('DCR mode requires dcrStore to be configured');\n    }\n    if (!oauthStaticConfig.baseUrl) {\n      throw new Error('DCR mode requires baseUrl to be configured');\n    }\n\n    // Create DcrOAuthProvider (stateless provider that receives tokens from verification context)\n    primary = new DcrOAuthProvider({\n      clientId: oauthStaticConfig.clientId,\n      ...(oauthStaticConfig.clientSecret && { clientSecret: oauthStaticConfig.clientSecret }),\n      scope: oauthStaticConfig.scope,\n      verifyEndpoint: `${oauthStaticConfig.baseUrl}/oauth/verify`,\n      logger,\n    });\n\n    // Create DCR OAuth router with authorization server endpoints\n    const dcrRouter = createDcrRouter({\n      store: dcrStore,\n      issuerUrl: oauthStaticConfig.baseUrl,\n      baseUrl: oauthStaticConfig.baseUrl,\n      scopesSupported: oauthStaticConfig.scope.split(' '),\n      clientConfig: {\n        clientId: oauthStaticConfig.clientId,\n        ...(oauthStaticConfig.clientSecret && { clientSecret: oauthStaticConfig.clientSecret }),\n      },\n    });\n\n    // DCR uses bearer token authentication with middleware validation\n    const middleware = primary.authMiddleware();\n\n    // Create auth email provider (stateless)\n    const authAdapter: AuthEmailProvider = {\n      getUserEmail: () => {\n        throw new Error('DCR mode does not support getUserEmail - tokens are provided via bearer auth');\n      },\n    };\n\n    // No account management tools for DCR\n    const accountTools: ToolModule[] = [];\n    const accountPrompts: PromptModule[] = [];\n\n    return { primary, middleware: middleware as unknown as AuthMiddleware, authAdapter, accountTools, accountPrompts, dcrRouter };\n  }\n\n  if (config.auth === 'service-account') {\n    // Service account mode - JWT-based authentication\n    if (!oauthStaticConfig.serviceAccountKeyFile) {\n      throw new Error('Service account key file is required when auth mode is \"service-account\". ' + 'Set GOOGLE_SERVICE_ACCOUNT_KEY_FILE environment variable or use --service-account-key-file flag.');\n    }\n\n    logger.debug('Creating service account provider', { service: oauthStaticConfig.service });\n    primary = new ServiceAccountProvider({\n      keyFilePath: oauthStaticConfig.serviceAccountKeyFile,\n      scopes: oauthStaticConfig.scope.split(' '),\n      logger,\n    });\n  } else {\n    // Loopback mode - interactive OAuth with token storage\n    logger.debug('Creating loopback OAuth provider', { service: oauthStaticConfig.service });\n    primary = new LoopbackOAuthProvider({\n      service: oauthStaticConfig.service,\n      clientId: oauthStaticConfig.clientId,\n      clientSecret: oauthStaticConfig.clientSecret,\n      scope: oauthStaticConfig.scope,\n      headless: oauthStaticConfig.headless,\n      logger,\n      tokenStore,\n      ...(oauthStaticConfig.redirectUri !== undefined && {\n        redirectUri: oauthStaticConfig.redirectUri,\n      }),\n    });\n  }\n\n  // Create auth email provider (used by account management tools)\n  const authAdapter: AuthEmailProvider = {\n    getUserEmail: (accountId) => primary.getUserEmail(accountId),\n    ...('authenticateNewAccount' in primary && primary.authenticateNewAccount\n      ? {\n          authenticateNewAccount: () => primary.authenticateNewAccount?.(),\n        }\n      : {}),\n  };\n\n  // Select middleware AND account tools based on auth mode\n  let middleware: ReturnType<LoopbackOAuthProvider['authMiddleware']>;\n  let accountTools: ToolModule[];\n  let accountPrompts: PromptModule[];\n\n  if (oauthStaticConfig.auth === 'service-account') {\n    // Service account mode - no account management tools needed (single identity)\n    middleware = primary.authMiddleware();\n    accountTools = [];\n    accountPrompts = [];\n    logger.debug('Service account mode - no account tools', { service: oauthStaticConfig.service });\n  } else {\n    // Loopback OAuth - multi-account mode\n    middleware = primary.authMiddleware();\n\n    const result = AccountServer.createLoopback({\n      service: oauthStaticConfig.service,\n      store: tokenStore,\n      logger,\n      auth: authAdapter,\n    });\n    accountTools = result.tools as ToolModule[];\n    accountPrompts = result.prompts as PromptModule[];\n    logger.debug('Loopback OAuth (multi-account mode)', { service: oauthStaticConfig.service });\n  }\n\n  return { primary, middleware: middleware as unknown as AuthMiddleware, authAdapter, accountTools, accountPrompts };\n}\n"],"names":["createOAuthAdapters","config","deps","baseUrl","logger","tokenStore","dcrStore","resolvedBaseUrl","oauthStaticConfig","primary","dcrRouter","middleware","authAdapter","accountTools","accountPrompts","result","service","name","clientId","clientSecret","scope","GOOGLE_SCOPE","auth","headless","redirectUri","transport","type","undefined","serviceAccountKeyFile","debug","Error","DcrOAuthProvider","verifyEndpoint","createDcrRouter","store","issuerUrl","scopesSupported","split","clientConfig","authMiddleware","getUserEmail","ServiceAccountProvider","keyFilePath","scopes","LoopbackOAuthProvider","accountId","authenticateNewAccount","AccountServer","createLoopback","tools","prompts"],"mappings":";;;;+BAuDsBA;;;eAAAA;;;qBAvDgC;2BAE2C;2BAIpE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAiDtB,SAAeA,oBAAoBC,MAAoB,EAAEC,IAAsB,EAAEC,OAAgB;;YAC9FC,QAAQC,YAAYC,UACtBC,iBACAC,mBAaFC,SAwBIC,WAYAC,YAGAC,aAOAC,cACAC,gBAmCFF,cAUFD,aACAE,eACAC,iBAYIC;;YAzHAX,SAAiCF,KAAjCE,QAAQC,aAAyBH,KAAzBG,YAAYC,WAAaJ,KAAbI;YACtBC,kBAAkBJ,oBAAAA,qBAAAA,UAAWF,OAAOE,OAAO;YAC3CK,oBAAoB;gBACxBQ,SAASf,OAAOgB,IAAI;gBACpBC,UAAUjB,OAAOiB,QAAQ;gBACzBC,cAAclB,OAAOkB,YAAY;gBACjCC,OAAOC,yBAAY;gBACnBC,MAAMrB,OAAOqB,IAAI;gBACjBC,UAAUtB,OAAOsB,QAAQ;gBACzBC,aAAavB,OAAOwB,SAAS,CAACC,IAAI,KAAK,UAAUC,YAAY1B,OAAOuB,WAAW;eAC3EvB,OAAO2B,qBAAqB,IAAI;gBAAEA,uBAAuB3B,OAAO2B,qBAAqB;YAAC,GACtFrB,mBAAmB;gBAAEJ,SAASI;YAAgB;YAMpD,gEAAgE;YAChE,IAAIC,kBAAkBc,IAAI,KAAK,OAAO;gBACpClB,OAAOyB,KAAK,CAAC,yBAAyB;oBAAEb,SAASR,kBAAkBQ,OAAO;gBAAC;gBAE3E,oCAAoC;gBACpC,IAAI,CAACV,UAAU;oBACb,MAAM,IAAIwB,MAAM;gBAClB;gBACA,IAAI,CAACtB,kBAAkBL,OAAO,EAAE;oBAC9B,MAAM,IAAI2B,MAAM;gBAClB;gBAEA,8FAA8F;gBAC9FrB,UAAU,IAAIsB,6BAAgB,CAAC;oBAC7Bb,UAAUV,kBAAkBU,QAAQ;mBAChCV,kBAAkBW,YAAY,IAAI;oBAAEA,cAAcX,kBAAkBW,YAAY;gBAAC;oBACrFC,OAAOZ,kBAAkBY,KAAK;oBAC9BY,gBAAgB,AAAC,GAA4B,OAA1BxB,kBAAkBL,OAAO,EAAC;oBAC7CC,QAAAA;;gBAGF,8DAA8D;gBACxDM,YAAYuB,IAAAA,4BAAe,EAAC;oBAChCC,OAAO5B;oBACP6B,WAAW3B,kBAAkBL,OAAO;oBACpCA,SAASK,kBAAkBL,OAAO;oBAClCiC,iBAAiB5B,kBAAkBY,KAAK,CAACiB,KAAK,CAAC;oBAC/CC,cAAc;wBACZpB,UAAUV,kBAAkBU,QAAQ;uBAChCV,kBAAkBW,YAAY,IAAI;wBAAEA,cAAcX,kBAAkBW,YAAY;oBAAC;gBAEzF;gBAEA,kEAAkE;gBAC5DR,aAAaF,QAAQ8B,cAAc;gBAEzC,yCAAyC;gBACnC3B,cAAiC;oBACrC4B,cAAc;wBACZ,MAAM,IAAIV,MAAM;oBAClB;gBACF;gBAEA,sCAAsC;gBAChCjB;gBACAC;gBAEN;;oBAAO;wBAAEL,SAAAA;wBAASE,YAAYA;wBAAyCC,aAAAA;wBAAaC,cAAAA;wBAAcC,gBAAAA;wBAAgBJ,WAAAA;oBAAU;;YAC9H;YAEA,IAAIT,OAAOqB,IAAI,KAAK,mBAAmB;gBACrC,kDAAkD;gBAClD,IAAI,CAACd,kBAAkBoB,qBAAqB,EAAE;oBAC5C,MAAM,IAAIE,MAAM,+EAA+E;gBACjG;gBAEA1B,OAAOyB,KAAK,CAAC,qCAAqC;oBAAEb,SAASR,kBAAkBQ,OAAO;gBAAC;gBACvFP,UAAU,IAAIgC,mCAAsB,CAAC;oBACnCC,aAAalC,kBAAkBoB,qBAAqB;oBACpDe,QAAQnC,kBAAkBY,KAAK,CAACiB,KAAK,CAAC;oBACtCjC,QAAAA;gBACF;YACF,OAAO;gBACL,uDAAuD;gBACvDA,OAAOyB,KAAK,CAAC,oCAAoC;oBAAEb,SAASR,kBAAkBQ,OAAO;gBAAC;gBACtFP,UAAU,IAAImC,kCAAqB,CAAC;oBAClC5B,SAASR,kBAAkBQ,OAAO;oBAClCE,UAAUV,kBAAkBU,QAAQ;oBACpCC,cAAcX,kBAAkBW,YAAY;oBAC5CC,OAAOZ,kBAAkBY,KAAK;oBAC9BG,UAAUf,kBAAkBe,QAAQ;oBACpCnB,QAAAA;oBACAC,YAAAA;mBACIG,kBAAkBgB,WAAW,KAAKG,aAAa;oBACjDH,aAAahB,kBAAkBgB,WAAW;gBAC5C;YAEJ;YAEA,gEAAgE;YAC1DZ,eAAiC;gBACrC4B,cAAc,SAACK;2BAAcpC,QAAQ+B,YAAY,CAACK;;eAC9C,4BAA4BpC,WAAWA,QAAQqC,sBAAsB,GACrE;gBACEA,wBAAwB;wBAAMrC;4BAAAA,kCAAAA,QAAQqC,sBAAsB,cAA9BrC,sDAAAA,qCAAAA;;YAChC,IACA,CAAC;YAQP,IAAID,kBAAkBc,IAAI,KAAK,mBAAmB;gBAChD,8EAA8E;gBAC9EX,cAAaF,QAAQ8B,cAAc;gBACnC1B;gBACAC;gBACAV,OAAOyB,KAAK,CAAC,2CAA2C;oBAAEb,SAASR,kBAAkBQ,OAAO;gBAAC;YAC/F,OAAO;gBACL,sCAAsC;gBACtCL,cAAaF,QAAQ8B,cAAc;gBAE7BxB,SAASgC,oBAAa,CAACC,cAAc,CAAC;oBAC1ChC,SAASR,kBAAkBQ,OAAO;oBAClCkB,OAAO7B;oBACPD,QAAAA;oBACAkB,MAAMV;gBACR;gBACAC,gBAAeE,OAAOkC,KAAK;gBAC3BnC,kBAAiBC,OAAOmC,OAAO;gBAC/B9C,OAAOyB,KAAK,CAAC,uCAAuC;oBAAEb,SAASR,kBAAkBQ,OAAO;gBAAC;YAC3F;YAEA;;gBAAO;oBAAEP,SAAAA;oBAASE,YAAYA;oBAAyCC,aAAAA;oBAAaC,cAAAA;oBAAcC,gBAAAA;gBAAe;;;IACnH"}

package/dist/cjs/setup/runtime.d.cts

@@ -0,0 +1,10 @@
+import type { CachedToken } from '@mcp-z/oauth-google';
+import type { Logger, MiddlewareLayer } from '@mcp-z/server';
+import type { CommonRuntime, RuntimeOverrides, ServerConfig } from '../types.js';
+import { type AuthMiddleware } from './oauth-google.js';
+export declare function createLogger(config: ServerConfig): Logger;
+export declare function createTokenStore(baseDir: string): Promise<import("keyv").Keyv<CachedToken>>;
+export declare function createDcrStore(baseDir: string, required: boolean): Promise<import("keyv").Keyv<unknown>>;
+export declare function createAuthLayer(authMiddleware: AuthMiddleware): MiddlewareLayer;
+export declare function createLoggingLayer(logger: Logger): MiddlewareLayer;
+export declare function createDefaultRuntime(config: ServerConfig, overrides?: RuntimeOverrides): Promise<CommonRuntime>;

package/dist/cjs/setup/runtime.d.ts

@@ -0,0 +1,10 @@
+import type { CachedToken } from '@mcp-z/oauth-google';
+import type { Logger, MiddlewareLayer } from '@mcp-z/server';
+import type { CommonRuntime, RuntimeOverrides, ServerConfig } from '../types.js';
+import { type AuthMiddleware } from './oauth-google.js';
+export declare function createLogger(config: ServerConfig): Logger;
+export declare function createTokenStore(baseDir: string): Promise<import("keyv").Keyv<CachedToken>>;
+export declare function createDcrStore(baseDir: string, required: boolean): Promise<import("keyv").Keyv<unknown>>;
+export declare function createAuthLayer(authMiddleware: AuthMiddleware): MiddlewareLayer;
+export declare function createLoggingLayer(logger: Logger): MiddlewareLayer;
+export declare function createDefaultRuntime(config: ServerConfig, overrides?: RuntimeOverrides): Promise<CommonRuntime>;