@mondaydotcomorg/atp-server 0.24.0 → 0.24.1

package/dist/index.js

@@ -6179,7 +6179,7 @@ function isSwagger2(spec) {
   return "swagger" in spec;
 }
 async function loadOpenAPI(source, options = {}) {
-  const spec = await loadSpec(source);
+  const spec = await loadSpec(source, options.fetcher);
   const name = options.name || spec.info.title.toLowerCase().replace(/\s+/g, "-");
   let baseURL = options.baseURL;
   if (!baseURL) {
@@ -6223,11 +6223,14 @@ async function loadOpenAPI(source, options = {}) {
     auth
   };
 }
-async function loadSpec(source) {
+async function loadSpec(source, fetcher) {
   let content;
   let isYaml = false;
   if (source.startsWith("http://") || source.startsWith("https://")) {
-    const response = await fetch(source);
+    const fetchFn = fetcher || fetch;
+    const response = await fetchFn(source, {
+      method: "GET"
+    });
     if (!response.ok) {
       throw new Error(`Failed to load OpenAPI spec from ${source}: ${response.statusText}`);
     }
@@ -6459,7 +6462,8 @@ function convertOperation(path, method, operation, spec, baseURL, options, pathP
         if (transformed.headers) finalHeaders = transformed.headers;
         if (transformed.body !== void 0) finalBody = transformed.body;
       }
-      const response = await fetch(finalUrl, {
+      const fetchFn = options.fetcher || fetch;
+      const response = await fetchFn(finalUrl, {
         method: finalMethod,
         headers: finalHeaders,
         body: finalBody
@@ -6792,12 +6796,11 @@ var ClientSessionManager = class {
       this.jwtSecret = secret;
     }
   }
-  ensureClientJWT(token, clientId, ignoreExpiration = false) {
+  ensureClientJWT(token, clientId) {
     const decoded = jwt.verify(token, this.jwtSecret, {
       algorithms: [
         "HS256"
-      ],
-      ignoreExpiration
+      ]
     });
     if (decoded.clientId !== clientId || decoded.type !== "client") {
       return false;
@@ -6845,22 +6848,6 @@ var ClientSessionManager = class {
     }
   }
   /**
-  * Verify client token for refresh purposes - allows expired JWT tokens.
-  * This is used during token refresh when the JWT may have expired but
-  * the session still exists in cache.
-  */
-  async verifyClientForRefresh(clientId, token) {
-    try {
-      if (!this.ensureClientJWT(token, clientId, true)) {
-        return false;
-      }
-      const session = await this.cache.get(`session:${clientId}`);
-      return session !== null;
-    } catch {
-      return false;
-    }
-  }
-  /**
   * Get client session
   */
   async getSession(clientId) {
@@ -6900,36 +6887,6 @@ var ClientSessionManager = class {
     });
   }
   /**
-  * Refresh token for an existing client session.
-  * Returns new token credentials if session exists in cache.
-  * This works even if the session's expiresAt has passed - the refresh
-  * will update expiresAt to extend the session.
-  */
-  async refreshToken(clientId) {
-    const session = await this.cache.get(`session:${clientId}`);
-    if (!session) {
-      return null;
-    }
-    await this.cache.delete(`session:${clientId}`);
-    const newClientId = this.generateClientId();
-    const now = Date.now();
-    const newExpiresAt = now + this.tokenTTL;
-    const newTokenRotateAt = now + this.tokenRotation;
-    const updatedSession = {
-      ...session,
-      clientId,
-      expiresAt: newExpiresAt
-    };
-    await this.cache.set(`session:${newClientId}`, updatedSession);
-    const newToken = this.generateToken(newClientId);
-    return {
-      clientId: newClientId,
-      token: newToken,
-      expiresAt: newExpiresAt,
-      tokenRotateAt: newTokenRotateAt
-    };
-  }
-  /**
   * Get token TTL and rotation settings (useful for clients)
   */
   getTokenSettings() {
@@ -11415,8 +11372,6 @@ async function handleRoute(ctx, server) {
   } else if (ctx.path.startsWith("/api/resume/") && ctx.method === "POST") {
     const executionId = ctx.path.substring("/api/resume/".length);
     ctx.responseBody = await server.handleResume(ctx, executionId);
-  } else if (ctx.path === "/api/token/refresh" && ctx.method === "POST") {
-    ctx.responseBody = await server.handleTokenRefresh(ctx);
   } else {
     ctx.status = 404;
     ctx.responseBody = {
@@ -12154,32 +12109,6 @@ async function handleResume(ctx, executionId, executor, stateManager, serverConf
   return result;
 }
 __name(handleResume, "handleResume");
-async function handleTokenRefresh(ctx, sessionManager) {
-  const clientId = ctx.clientId || ctx.body?.clientId;
-  if (!clientId) {
-    ctx.throw(400, "Client ID is required for token refresh");
-  }
-  const authHeader = ctx.headers["authorization"];
-  if (!authHeader || !authHeader.startsWith("Bearer ")) {
-    ctx.throw(401, "Bearer token required for refresh");
-  }
-  const currentToken = authHeader.substring(7);
-  const isValid = await sessionManager.verifyClientForRefresh(clientId, currentToken);
-  if (!isValid) {
-    ctx.throw(401, "Invalid token or session expired");
-  }
-  const refreshResult = await sessionManager.refreshToken(clientId);
-  if (!refreshResult) {
-    ctx.throw(401, "Session not found or expired");
-  }
-  log.debug("Token refreshed", {
-    clientId,
-    newExpiresAt: refreshResult.expiresAt,
-    newRotateAt: refreshResult.tokenRotateAt
-  });
-  return refreshResult;
-}
-__name(handleTokenRefresh, "handleTokenRefresh");
 
 // src/handlers/definitions.handler.ts
 async function getDefinitions(apiGroups) {
@@ -21467,8 +21396,9 @@ async function loadGraphQL(source, options = {}) {
 __name(loadGraphQL, "loadGraphQL");
 async function loadSchema(source, options) {
   if (source.startsWith("http://") || source.startsWith("https://")) {
+    const fetchFn = options.fetcher || fetch;
     const headers = await resolveHeaders(options);
-    const response = await fetch(source, {
+    const response = await fetchFn(source, {
       method: "POST",
       headers: {
         "Content-Type": "application/json",
@@ -21479,7 +21409,8 @@ async function loadSchema(source, options) {
       })
     });
     if (!response.ok) {
-      const getResponse = await fetch(source, {
+      const getResponse = await fetchFn(source, {
+        method: "GET",
         headers
       });
       if (getResponse.ok) {
@@ -21550,7 +21481,8 @@ function convertFieldToFunction(type, fieldName, field, url, options) {
         context.metadata.graphql_variables = variables;
       }
       const headers = await resolveHeaders(options, paramsObj, context);
-      const response = await fetch(url, {
+      const fetchFn = options.fetcher || fetch;
+      const response = await fetchFn(url, {
         method: "POST",
         headers: {
           "Content-Type": "application/json",
@@ -21868,7 +21800,7 @@ var AgentToolProtocolServer = class {
     if (!this.cacheProvider) {
       this.cacheProvider = new MemoryCache({
         maxKeys: 1e3,
-        defaultTTL: 3600
+        defaultTTL: 24 * 3600
       });
       log.info("Cache provider configured (default)", {
         provider: "memory"
@@ -22241,10 +22173,6 @@ var AgentToolProtocolServer = class {
     }
     return await handleResume(ctx, executionId, this.executor, this.stateManager, this.config, this.sessionManager);
   }
-  async handleTokenRefresh(ctx) {
-    if (!this.sessionManager) ctx.throw(503, "Session manager not initialized");
-    return await handleTokenRefresh(ctx, this.sessionManager);
-  }
   /**
   * Update server components with new API groups (internal method)
   * @private