@platf/bridge 0.0.2

package/dist/index.js

@@ -0,0 +1,117 @@
+#!/usr/bin/env node
+import yargs from 'yargs';
+import { hideBin } from 'yargs/helpers';
+import { getLogger } from './lib/getLogger.js';
+import { parseCorsOrigin } from './lib/cors.js';
+import { parseHeaders } from './lib/headers.js';
+import { startStatelessBridge } from './gateways/statelessBridge.js';
+import { startStatefulBridge } from './gateways/statefulBridge.js';
+const argv = await yargs(hideBin(process.argv))
+    .scriptName('platf-bridge')
+    .usage('$0 — Stdio-to-Streamable HTTP bridge for MCP servers')
+    .option('stdio', {
+    type: 'string',
+    demandOption: true,
+    describe: 'Shell command that speaks MCP over stdio (stdin/stdout)',
+})
+    .option('port', {
+    type: 'number',
+    default: 8000,
+    describe: 'HTTP port to listen on',
+})
+    .option('path', {
+    type: 'string',
+    default: '/mcp',
+    describe: 'HTTP path for the Streamable HTTP endpoint',
+})
+    .option('stateful', {
+    type: 'boolean',
+    default: false,
+    describe: 'Enable stateful mode (session-based, persistent child process per session)',
+})
+    .option('sessionTimeout', {
+    type: 'number',
+    describe: 'Session inactivity timeout in milliseconds (stateful mode only)',
+})
+    .option('protocolVersion', {
+    type: 'string',
+    default: '2025-03-26',
+    describe: 'MCP protocol version for auto-initialization (stateless mode)',
+})
+    .option('logLevel', {
+    type: 'string',
+    choices: ['none', 'info', 'debug'],
+    default: 'info',
+    describe: 'Log verbosity',
+})
+    .option('cors', {
+    type: 'array',
+    describe: 'CORS origins to allow (omit for no CORS, pass * for all)',
+})
+    .option('healthEndpoint', {
+    type: 'array',
+    string: true,
+    default: [],
+    describe: 'Path(s) that return 200 "ok" for health checks',
+})
+    .option('header', {
+    type: 'array',
+    default: [],
+    describe: 'Additional response headers in "Key: Value" format',
+})
+    .option('authIssuer', {
+    type: 'string',
+    describe: 'OAuth issuer URL (e.g. https://auth.platf.ai). Enables auth when set.',
+})
+    .option('authClientId', {
+    type: 'string',
+    describe: 'OAuth client_id for this bridge instance (pre-registered with auth issuer)',
+})
+    .strict()
+    .help()
+    .parse();
+const logger = getLogger(argv.logLevel);
+const corsOrigin = parseCorsOrigin(argv.cors);
+const headers = parseHeaders(argv.header, logger);
+// Build auth config (only when --authIssuer is provided)
+let auth = null;
+if (argv.authIssuer) {
+    if (!argv.authClientId) {
+        console.error('Error: --authClientId is required when --authIssuer is set');
+        process.exit(1);
+    }
+    auth = { issuer: argv.authIssuer.replace(/\/$/, ''), clientId: argv.authClientId };
+    logger.info(`  Auth: enabled (issuer=${auth.issuer}, clientId=${auth.clientId})`);
+}
+else {
+    logger.info('  Auth: disabled');
+}
+logger.info('platf-bridge starting...');
+logger.info(`  Mode: ${argv.stateful ? 'stateful' : 'stateless'}`);
+if (argv.stateful) {
+    await startStatefulBridge({
+        stdioCmd: argv.stdio,
+        port: argv.port,
+        path: argv.path,
+        logger,
+        corsOrigin,
+        healthEndpoints: argv.healthEndpoint,
+        headers,
+        sessionTimeout: argv.sessionTimeout ?? null,
+        auth,
+    });
+}
+else {
+    await startStatelessBridge({
+        stdioCmd: argv.stdio,
+        port: argv.port,
+        path: argv.path,
+        logger,
+        corsOrigin,
+        healthEndpoints: argv.healthEndpoint,
+        headers,
+        protocolVersion: argv.protocolVersion,
+        auth,
+    });
+}
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA,OAAO,KAAK,MAAM,OAAO,CAAA;AACzB,OAAO,EAAE,OAAO,EAAE,MAAM,eAAe,CAAA;AACvC,OAAO,EAAE,SAAS,EAAiB,MAAM,oBAAoB,CAAA;AAC7D,OAAO,EAAE,eAAe,EAAE,MAAM,eAAe,CAAA;AAC/C,OAAO,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAA;AAC/C,OAAO,EAAE,oBAAoB,EAAE,MAAM,+BAA+B,CAAA;AACpE,OAAO,EAAE,mBAAmB,EAAE,MAAM,8BAA8B,CAAA;AAGlE,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;KAC5C,UAAU,CAAC,cAAc,CAAC;KAC1B,KAAK,CAAC,sDAAsD,CAAC;KAC7D,MAAM,CAAC,OAAO,EAAE;IACf,IAAI,EAAE,QAAQ;IACd,YAAY,EAAE,IAAI;IAClB,QAAQ,EAAE,yDAAyD;CACpE,CAAC;KACD,MAAM,CAAC,MAAM,EAAE;IACd,IAAI,EAAE,QAAQ;IACd,OAAO,EAAE,IAAI;IACb,QAAQ,EAAE,wBAAwB;CACnC,CAAC;KACD,MAAM,CAAC,MAAM,EAAE;IACd,IAAI,EAAE,QAAQ;IACd,OAAO,EAAE,MAAM;IACf,QAAQ,EAAE,4CAA4C;CACvD,CAAC;KACD,MAAM,CAAC,UAAU,EAAE;IAClB,IAAI,EAAE,SAAS;IACf,OAAO,EAAE,KAAK;IACd,QAAQ,EAAE,4EAA4E;CACvF,CAAC;KACD,MAAM,CAAC,gBAAgB,EAAE;IACxB,IAAI,EAAE,QAAQ;IACd,QAAQ,EAAE,iEAAiE;CAC5E,CAAC;KACD,MAAM,CAAC,iBAAiB,EAAE;IACzB,IAAI,EAAE,QAAQ;IACd,OAAO,EAAE,YAAY;IACrB,QAAQ,EAAE,+DAA+D;CAC1E,CAAC;KACD,MAAM,CAAC,UAAU,EAAE;IAClB,IAAI,EAAE,QAAQ;IACd,OAAO,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,OAAO,CAAU;IAC3C,OAAO,EAAE,MAAM;IACf,QAAQ,EAAE,eAAe;CAC1B,CAAC;KACD,MAAM,CAAC,MAAM,EAAE;IACd,IAAI,EAAE,OAAO;IACb,QAAQ,EAAE,0DAA0D;CACrE,CAAC;KACD,MAAM,CAAC,gBAAgB,EAAE;IACxB,IAAI,EAAE,OAAO;IACb,MAAM,EAAE,IAAI;IACZ,OAAO,EAAE,EAAc;IACvB,QAAQ,EAAE,gDAAgD;CAC3D,CAAC;KACD,MAAM,CAAC,QAAQ,EAAE;IAChB,IAAI,EAAE,OAAO;IACb,OAAO,EAAE,EAAyB;IAClC,QAAQ,EAAE,oDAAoD;CAC/D,CAAC;KACD,MAAM,CAAC,YAAY,EAAE;IACpB,IAAI,EAAE,QAAQ;IACd,QAAQ,EAAE,uEAAuE;CAClF,CAAC;KACD,MAAM,CAAC,cAAc,EAAE;IACtB,IAAI,EAAE,QAAQ;IACd,QAAQ,EAAE,4EAA4E;CACvF,CAAC;KACD,MAAM,EAAE;KACR,IAAI,EAAE;KACN,KAAK,EAAE,CAAA;AAEV,MAAM,MAAM,GAAG,SAAS,CAAC,IAAI,CAAC,QAAoB,CAAC,CAAA;AACnD,MAAM,UAAU,GAAG,eAAe,CAAC,IAAI,CAAC,IAAuC,CAAC,CAAA;AAChF,MAAM,OAAO,GAAG,YAAY,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;AAEjD,yDAAyD;AACzD,IAAI,IAAI,GAAsB,IAAI,CAAA;AAClC,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;IACpB,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;QACvB,OAAO,CAAC,KAAK,CAAC,4DAA4D,CAAC,CAAA;QAC3E,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IACjB,CAAC;IACD,IAAI,GAAG,EAAE,MAAM,EAAE,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,EAAE,QAAQ,EAAE,IAAI,CAAC,YAAY,EAAE,CAAA;IAClF,MAAM,CAAC,IAAI,CAAC,2BAA2B,IAAI,CAAC,MAAM,cAAc,IAAI,CAAC,QAAQ,GAAG,CAAC,CAAA;AACnF,CAAC;KAAM,CAAC;IACN,MAAM,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAA;AACjC,CAAC;AAED,MAAM,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAA;AACvC,MAAM,CAAC,IAAI,CAAC,WAAW,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAA;AAElE,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;IAClB,MAAM,mBAAmB,CAAC;QACxB,QAAQ,EAAE,IAAI,CAAC,KAAK;QACpB,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,MAAM;QACN,UAAU;QACV,eAAe,EAAE,IAAI,CAAC,cAAc;QACpC,OAAO;QACP,cAAc,EAAE,IAAI,CAAC,cAAc,IAAI,IAAI;QAC3C,IAAI;KACL,CAAC,CAAA;AACJ,CAAC;KAAM,CAAC;IACN,MAAM,oBAAoB,CAAC;QACzB,QAAQ,EAAE,IAAI,CAAC,KAAK;QACpB,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,MAAM;QACN,UAAU;QACV,eAAe,EAAE,IAAI,CAAC,cAAc;QACpC,OAAO;QACP,eAAe,EAAE,IAAI,CAAC,eAAe;QACrC,IAAI;KACL,CAAC,CAAA;AACJ,CAAC"}

package/dist/lib/authMiddleware.d.ts

@@ -0,0 +1,12 @@
+/**
+ * OAuth 2.0 JWT auth middleware for the bridge.
+ *
+ * - Fetches JWKS from `{issuer}/jwks` using jose's createRemoteJWKSet (auto-caches).
+ * - Validates Bearer token: signature, `iss`, `exp`.
+ * - On failure returns 401 with RFC 9728–compliant `WWW-Authenticate` header
+ *   pointing at the OAuth Protected Resource Metadata document.
+ */
+import type { RequestHandler } from 'express';
+import type { AuthConfig, Logger } from '../types.js';
+/** Build a reusable auth middleware for the given auth config */
+export declare function createAuthMiddleware(auth: AuthConfig, logger: Logger): RequestHandler;

package/dist/lib/authMiddleware.js

@@ -0,0 +1,41 @@
+/**
+ * OAuth 2.0 JWT auth middleware for the bridge.
+ *
+ * - Fetches JWKS from `{issuer}/jwks` using jose's createRemoteJWKSet (auto-caches).
+ * - Validates Bearer token: signature, `iss`, `exp`.
+ * - On failure returns 401 with RFC 9728–compliant `WWW-Authenticate` header
+ *   pointing at the OAuth Protected Resource Metadata document.
+ */
+import { createRemoteJWKSet, jwtVerify } from 'jose';
+/** Build a reusable auth middleware for the given auth config */
+export function createAuthMiddleware(auth, logger) {
+    const jwksUri = new URL('/jwks', auth.issuer);
+    const JWKS = createRemoteJWKSet(jwksUri);
+    return async (req, res, next) => {
+        const authHeader = req.headers.authorization;
+        if (!authHeader || !authHeader.startsWith('Bearer ')) {
+            return unauthorized(req, res, auth, 'missing or malformed Authorization header');
+        }
+        const token = authHeader.slice(7);
+        try {
+            const { payload } = await jwtVerify(token, JWKS, {
+                issuer: auth.issuer,
+            });
+            req.tokenPayload = payload;
+            next();
+        }
+        catch (err) {
+            logger.error('[auth] JWT verification failed:', err.message ?? err);
+            return unauthorized(req, res, auth, 'invalid_token');
+        }
+    };
+}
+function unauthorized(req, res, auth, error) {
+    // RFC 9728: include resource_metadata URI in WWW-Authenticate
+    const scheme = req.protocol;
+    const host = req.get('host');
+    const resourceMetadataUri = `${scheme}://${host}/.well-known/oauth-protected-resource`;
+    res.setHeader('WWW-Authenticate', `Bearer realm="mcp", error="${error}", resource_metadata="${resourceMetadataUri}"`);
+    res.status(401).json({ error: 'unauthorized', message: error });
+}
+//# sourceMappingURL=authMiddleware.js.map

package/dist/lib/authMiddleware.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"authMiddleware.js","sourceRoot":"","sources":["../../src/lib/authMiddleware.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,kBAAkB,EAAE,SAAS,EAAE,MAAM,MAAM,CAAA;AAIpD,iEAAiE;AACjE,MAAM,UAAU,oBAAoB,CAAC,IAAgB,EAAE,MAAc;IACnE,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,CAAA;IAC7C,MAAM,IAAI,GAAG,kBAAkB,CAAC,OAAO,CAAC,CAAA;IAExC,OAAO,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QAC9B,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,CAAA;QAC5C,IAAI,CAAC,UAAU,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;YACrD,OAAO,YAAY,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,2CAA2C,CAAC,CAAA;QAClF,CAAC;QAED,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;QAEjC,IAAI,CAAC;YACH,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,SAAS,CAAC,KAAK,EAAE,IAAI,EAAE;gBAC/C,MAAM,EAAE,IAAI,CAAC,MAAM;aACpB,CAAC,CAGD;YAAC,GAAW,CAAC,YAAY,GAAG,OAAO,CAAA;YACpC,IAAI,EAAE,CAAA;QACR,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,MAAM,CAAC,KAAK,CAAC,iCAAiC,EAAE,GAAG,CAAC,OAAO,IAAI,GAAG,CAAC,CAAA;YACnE,OAAO,YAAY,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,eAAe,CAAC,CAAA;QACtD,CAAC;IACH,CAAC,CAAA;AACH,CAAC;AAED,SAAS,YAAY,CACnB,GAA8B,EAC9B,GAA+B,EAC/B,IAAgB,EAChB,KAAa;IAEb,8DAA8D;IAC9D,MAAM,MAAM,GAAG,GAAG,CAAC,QAAQ,CAAA;IAC3B,MAAM,IAAI,GAAG,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;IAC5B,MAAM,mBAAmB,GAAG,GAAG,MAAM,MAAM,IAAI,uCAAuC,CAAA;IAEtF,GAAG,CAAC,SAAS,CACX,kBAAkB,EAClB,8BAA8B,KAAK,yBAAyB,mBAAmB,GAAG,CACnF,CAAA;IACD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAA;AACjE,CAAC"}

package/dist/lib/cors.d.ts

@@ -0,0 +1,3 @@
+import type { CorsOptions } from 'cors';
+export declare function parseCorsOrigin(corsValues: (string | number)[] | undefined): CorsOptions['origin'] | false;
+export declare function serializeCorsOrigin(corsOrigin: CorsOptions['origin']): string;

package/dist/lib/cors.js

@@ -0,0 +1,29 @@
+export function parseCorsOrigin(corsValues) {
+    if (!corsValues)
+        return false;
+    if (corsValues.length === 0)
+        return '*';
+    const origins = corsValues.map((item) => `${item}`);
+    if (origins.includes('*'))
+        return '*';
+    return origins.map((origin) => {
+        if (/^\/.*\/$/.test(origin)) {
+            const pattern = origin.slice(1, -1);
+            try {
+                return new RegExp(pattern);
+            }
+            catch {
+                return origin;
+            }
+        }
+        return origin;
+    });
+}
+export function serializeCorsOrigin(corsOrigin) {
+    return JSON.stringify(corsOrigin, (_key, value) => {
+        if (value instanceof RegExp)
+            return value.toString();
+        return value;
+    });
+}
+//# sourceMappingURL=cors.js.map

package/dist/lib/cors.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cors.js","sourceRoot":"","sources":["../../src/lib/cors.ts"],"names":[],"mappings":"AAEA,MAAM,UAAU,eAAe,CAC7B,UAA2C;IAE3C,IAAI,CAAC,UAAU;QAAE,OAAO,KAAK,CAAA;IAC7B,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,GAAG,CAAA;IAEvC,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,GAAG,IAAI,EAAE,CAAC,CAAA;IACnD,IAAI,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC;QAAE,OAAO,GAAG,CAAA;IAErC,OAAO,OAAO,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,EAAE;QAC5B,IAAI,UAAU,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;YAC5B,MAAM,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAA;YACnC,IAAI,CAAC;gBACH,OAAO,IAAI,MAAM,CAAC,OAAO,CAAC,CAAA;YAC5B,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,MAAM,CAAA;YACf,CAAC;QACH,CAAC;QACD,OAAO,MAAM,CAAA;IACf,CAAC,CAAC,CAAA;AACJ,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,UAAiC;IACnE,OAAO,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;QAChD,IAAI,KAAK,YAAY,MAAM;YAAE,OAAO,KAAK,CAAC,QAAQ,EAAE,CAAA;QACpD,OAAO,KAAK,CAAA;IACd,CAAC,CAAC,CAAA;AACJ,CAAC"}

package/dist/lib/discoveryRoutes.d.ts

@@ -0,0 +1,14 @@
+/**
+ * OAuth 2.0 discovery endpoints for the bridge.
+ *
+ * When auth is enabled these routes expose:
+ *  - GET  /.well-known/oauth-protected-resource[/*]  (RFC 9728)
+ *  - GET  /.well-known/oauth-authorization-server[/*] (RFC 8414 — proxied from issuer)
+ *  - POST /oauth/register                             (Pseudo-DCR — RFC 7591)
+ *
+ * These endpoints are unauthenticated — they must be accessible to
+ * any client performing OAuth discovery before obtaining a token.
+ */
+import { Router } from 'express';
+import type { AuthConfig, Logger } from '../types.js';
+export declare function createDiscoveryRouter(auth: AuthConfig, logger: Logger): Router;

package/dist/lib/discoveryRoutes.js

@@ -0,0 +1,86 @@
+/**
+ * OAuth 2.0 discovery endpoints for the bridge.
+ *
+ * When auth is enabled these routes expose:
+ *  - GET  /.well-known/oauth-protected-resource[/*]  (RFC 9728)
+ *  - GET  /.well-known/oauth-authorization-server[/*] (RFC 8414 — proxied from issuer)
+ *  - POST /oauth/register                             (Pseudo-DCR — RFC 7591)
+ *
+ * These endpoints are unauthenticated — they must be accessible to
+ * any client performing OAuth discovery before obtaining a token.
+ */
+import { Router } from 'express';
+export function createDiscoveryRouter(auth, logger) {
+    const router = Router();
+    /**
+     * RFC 9728 — OAuth Protected Resource Metadata
+     *
+     * Tells the client:
+     *  - which authorization server protects this resource
+     *  - which scopes are available
+     *  - where to find the authorization server metadata
+     *
+     * Handles both root and path-suffixed variants (e.g. /.well-known/oauth-protected-resource/mcp)
+     * as required by the MCP SDK for path-based resource discovery.
+     */
+    router.get('/.well-known/oauth-protected-resource*', (req, res) => {
+        const scheme = req.protocol;
+        const host = req.get('host');
+        const resourceMetadata = {
+            resource: `${scheme}://${host}/`,
+            authorization_servers: [auth.issuer],
+            scopes_supported: ['openid', 'profile', 'email'],
+            bearer_methods_supported: ['header'],
+        };
+        res.json(resourceMetadata);
+    });
+    /**
+     * RFC 8414 — Authorization Server Metadata (proxied)
+     *
+     * We proxy the issuer's .well-known/oauth-authorization-server document
+     * and patch `registration_endpoint` to point to our local pseudo-DCR.
+     *
+     * Handles both root and path-suffixed variants.
+     */
+    router.get('/.well-known/oauth-authorization-server*', async (req, res) => {
+        try {
+            const metadataUrl = `${auth.issuer}/.well-known/oauth-authorization-server`;
+            const upstream = await fetch(metadataUrl);
+            if (!upstream.ok) {
+                logger.error(`[discovery] Failed to fetch AS metadata: ${upstream.status}`);
+                return res.status(502).json({ error: 'upstream_error' });
+            }
+            const metadata = (await upstream.json());
+            // Patch registration_endpoint to point to our pseudo-DCR
+            const scheme = req.protocol;
+            const host = req.get('host');
+            metadata.registration_endpoint = `${scheme}://${host}/oauth/register`;
+            res.json(metadata);
+        }
+        catch (err) {
+            logger.error('[discovery] Error proxying AS metadata:', err.message ?? err);
+            res.status(502).json({ error: 'upstream_error' });
+        }
+    });
+    /**
+     * Pseudo–Dynamic Client Registration (RFC 7591)
+     *
+     * Always returns the same pre-registered client_id — no new client
+     * is actually created.  This lets standards-based OAuth clients
+     * (e.g., VS Code Copilot) discover the correct client_id through
+     * the normal DCR flow without requiring out-of-band configuration.
+     */
+    router.post('/oauth/register', (_req, res) => {
+        res.status(201).json({
+            client_id: auth.clientId,
+            client_name: 'platf-bridge',
+            // No client_secret — public client using PKCE
+            token_endpoint_auth_method: 'none',
+            grant_types: ['authorization_code'],
+            response_types: ['code'],
+            redirect_uris: [], // Client provides its own redirect_uri
+        });
+    });
+    return router;
+}
+//# sourceMappingURL=discoveryRoutes.js.map

package/dist/lib/discoveryRoutes.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"discoveryRoutes.js","sourceRoot":"","sources":["../../src/lib/discoveryRoutes.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,MAAM,EAA+B,MAAM,SAAS,CAAA;AAG7D,MAAM,UAAU,qBAAqB,CAAC,IAAgB,EAAE,MAAc;IACpE,MAAM,MAAM,GAAG,MAAM,EAAE,CAAA;IAEvB;;;;;;;;;;OAUG;IACH,MAAM,CAAC,GAAG,CAAC,wCAAwC,EAAE,CAAC,GAAY,EAAE,GAAa,EAAE,EAAE;QACnF,MAAM,MAAM,GAAG,GAAG,CAAC,QAAQ,CAAA;QAC3B,MAAM,IAAI,GAAG,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;QAC5B,MAAM,gBAAgB,GAAG;YACvB,QAAQ,EAAE,GAAG,MAAM,MAAM,IAAI,GAAG;YAChC,qBAAqB,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC;YACpC,gBAAgB,EAAE,CAAC,QAAQ,EAAE,SAAS,EAAE,OAAO,CAAC;YAChD,wBAAwB,EAAE,CAAC,QAAQ,CAAC;SACrC,CAAA;QACD,GAAG,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAA;IAC5B,CAAC,CAAC,CAAA;IAEF;;;;;;;OAOG;IACH,MAAM,CAAC,GAAG,CAAC,0CAA0C,EAAE,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;QAC3F,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,GAAG,IAAI,CAAC,MAAM,yCAAyC,CAAA;YAC3E,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,WAAW,CAAC,CAAA;YAEzC,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,MAAM,CAAC,KAAK,CAAC,4CAA4C,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAA;gBAC3E,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC,CAAA;YAC1D,CAAC;YAED,MAAM,QAAQ,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAA4B,CAAA;YAEnE,yDAAyD;YACzD,MAAM,MAAM,GAAG,GAAG,CAAC,QAAQ,CAAA;YAC3B,MAAM,IAAI,GAAG,GAAG,CAAC,GAAG,CAAC,MAAM,CAAC,CAAA;YAC5B,QAAQ,CAAC,qBAAqB,GAAG,GAAG,MAAM,MAAM,IAAI,iBAAiB,CAAA;YAErE,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAA;QACpB,CAAC;QAAC,OAAO,GAAQ,EAAE,CAAC;YAClB,MAAM,CAAC,KAAK,CAAC,yCAAyC,EAAE,GAAG,CAAC,OAAO,IAAI,GAAG,CAAC,CAAA;YAC3E,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC,CAAA;QACnD,CAAC;IACH,CAAC,CAAC,CAAA;IAEF;;;;;;;OAOG;IACH,MAAM,CAAC,IAAI,CAAC,iBAAiB,EAAE,CAAC,IAAa,EAAE,GAAa,EAAE,EAAE;QAC9D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YACnB,SAAS,EAAE,IAAI,CAAC,QAAQ;YACxB,WAAW,EAAE,cAAc;YAC3B,8CAA8C;YAC9C,0BAA0B,EAAE,MAAM;YAClC,WAAW,EAAE,CAAC,oBAAoB,CAAC;YACnC,cAAc,EAAE,CAAC,MAAM,CAAC;YACxB,aAAa,EAAE,EAAE,EAAE,uCAAuC;SAC3D,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;IAEF,OAAO,MAAM,CAAA;AACf,CAAC"}

package/dist/lib/getLogger.d.ts

@@ -0,0 +1,3 @@
+import type { Logger } from '../types.js';
+export type LogLevel = 'none' | 'info' | 'debug';
+export declare function getLogger(logLevel: LogLevel): Logger;

package/dist/lib/getLogger.js

@@ -0,0 +1,34 @@
+import util from 'node:util';
+const defaultFormatArgs = (args) => args;
+const log = ({ formatArgs = defaultFormatArgs } = {}) => (...args) => console.log('[platf-bridge]', ...formatArgs(args));
+const logStderr = ({ formatArgs = defaultFormatArgs } = {}) => (...args) => console.error('[platf-bridge]', ...formatArgs(args));
+const noneLogger = {
+    info: () => { },
+    error: () => { },
+};
+const infoLogger = {
+    info: log(),
+    error: logStderr(),
+};
+const debugFormatArgs = (args) => args.map((arg) => {
+    if (typeof arg === 'object') {
+        return util.inspect(arg, {
+            depth: null,
+            colors: process.stderr.isTTY,
+            compact: false,
+        });
+    }
+    return arg;
+});
+const debugLogger = {
+    info: log({ formatArgs: debugFormatArgs }),
+    error: logStderr({ formatArgs: debugFormatArgs }),
+};
+export function getLogger(logLevel) {
+    if (logLevel === 'none')
+        return noneLogger;
+    if (logLevel === 'debug')
+        return debugLogger;
+    return infoLogger;
+}
+//# sourceMappingURL=getLogger.js.map

package/dist/lib/getLogger.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"getLogger.js","sourceRoot":"","sources":["../../src/lib/getLogger.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,WAAW,CAAA;AAG5B,MAAM,iBAAiB,GAAG,CAAC,IAAe,EAAE,EAAE,CAAC,IAAI,CAAA;AAEnD,MAAM,GAAG,GACP,CAAC,EAAE,UAAU,GAAG,iBAAiB,KAAgD,EAAE,EAAE,EAAE,CACvF,CAAC,GAAG,IAAe,EAAE,EAAE,CACrB,OAAO,CAAC,GAAG,CAAC,gBAAgB,EAAE,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAA;AAEtD,MAAM,SAAS,GACb,CAAC,EAAE,UAAU,GAAG,iBAAiB,KAAgD,EAAE,EAAE,EAAE,CACvF,CAAC,GAAG,IAAe,EAAE,EAAE,CACrB,OAAO,CAAC,KAAK,CAAC,gBAAgB,EAAE,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAA;AAExD,MAAM,UAAU,GAAW;IACzB,IAAI,EAAE,GAAG,EAAE,GAAE,CAAC;IACd,KAAK,EAAE,GAAG,EAAE,GAAE,CAAC;CAChB,CAAA;AAED,MAAM,UAAU,GAAW;IACzB,IAAI,EAAE,GAAG,EAAE;IACX,KAAK,EAAE,SAAS,EAAE;CACnB,CAAA;AAED,MAAM,eAAe,GAAG,CAAC,IAAe,EAAE,EAAE,CAC1C,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;IACf,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC5B,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE;YACvB,KAAK,EAAE,IAAI;YACX,MAAM,EAAE,OAAO,CAAC,MAAM,CAAC,KAAK;YAC5B,OAAO,EAAE,KAAK;SACf,CAAC,CAAA;IACJ,CAAC;IACD,OAAO,GAAG,CAAA;AACZ,CAAC,CAAC,CAAA;AAEJ,MAAM,WAAW,GAAW;IAC1B,IAAI,EAAE,GAAG,CAAC,EAAE,UAAU,EAAE,eAAe,EAAE,CAAC;IAC1C,KAAK,EAAE,SAAS,CAAC,EAAE,UAAU,EAAE,eAAe,EAAE,CAAC;CAClD,CAAA;AAID,MAAM,UAAU,SAAS,CAAC,QAAkB;IAC1C,IAAI,QAAQ,KAAK,MAAM;QAAE,OAAO,UAAU,CAAA;IAC1C,IAAI,QAAQ,KAAK,OAAO;QAAE,OAAO,WAAW,CAAA;IAC5C,OAAO,UAAU,CAAA;AACnB,CAAC"}

package/dist/lib/headers.d.ts

@@ -0,0 +1,2 @@
+import type { Logger } from '../types.js';
+export declare function parseHeaders(rawHeaders: (string | number)[], logger: Logger): Record<string, string>;

package/dist/lib/headers.js

@@ -0,0 +1,19 @@
+export function parseHeaders(rawHeaders, logger) {
+    return rawHeaders.reduce((acc, rawHeader) => {
+        const header = `${rawHeader}`;
+        const colonIndex = header.indexOf(':');
+        if (colonIndex === -1) {
+            logger.error(`Invalid header format: ${header}, ignoring`);
+            return acc;
+        }
+        const key = header.slice(0, colonIndex).trim();
+        const value = header.slice(colonIndex + 1).trim();
+        if (!key || !value) {
+            logger.error(`Invalid header format: ${header}, ignoring`);
+            return acc;
+        }
+        acc[key] = value;
+        return acc;
+    }, {});
+}
+//# sourceMappingURL=headers.js.map

package/dist/lib/headers.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"headers.js","sourceRoot":"","sources":["../../src/lib/headers.ts"],"names":[],"mappings":"AAEA,MAAM,UAAU,YAAY,CAC1B,UAA+B,EAC/B,MAAc;IAEd,OAAO,UAAU,CAAC,MAAM,CAAyB,CAAC,GAAG,EAAE,SAAS,EAAE,EAAE;QAClE,MAAM,MAAM,GAAG,GAAG,SAAS,EAAE,CAAA;QAC7B,MAAM,UAAU,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;QACtC,IAAI,UAAU,KAAK,CAAC,CAAC,EAAE,CAAC;YACtB,MAAM,CAAC,KAAK,CAAC,0BAA0B,MAAM,YAAY,CAAC,CAAA;YAC1D,OAAO,GAAG,CAAA;QACZ,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,UAAU,CAAC,CAAC,IAAI,EAAE,CAAA;QAC9C,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC,IAAI,EAAE,CAAA;QAEjD,IAAI,CAAC,GAAG,IAAI,CAAC,KAAK,EAAE,CAAC;YACnB,MAAM,CAAC,KAAK,CAAC,0BAA0B,MAAM,YAAY,CAAC,CAAA;YAC1D,OAAO,GAAG,CAAA;QACZ,CAAC;QAED,GAAG,CAAC,GAAG,CAAC,GAAG,KAAK,CAAA;QAChB,OAAO,GAAG,CAAA;IACZ,CAAC,EAAE,EAAE,CAAC,CAAA;AACR,CAAC"}

package/dist/lib/onSignals.d.ts

@@ -0,0 +1,6 @@
+import type { Logger } from '../types.js';
+export interface OnSignalsOptions {
+    logger: Logger;
+    cleanup?: () => void;
+}
+export declare function onSignals({ logger, cleanup }: OnSignalsOptions): void;

package/dist/lib/onSignals.js

@@ -0,0 +1,16 @@
+export function onSignals({ logger, cleanup }) {
+    const handleSignal = (signal) => {
+        logger.info(`Caught ${signal}. Exiting...`);
+        cleanup?.();
+        process.exit(0);
+    };
+    process.on('SIGINT', () => handleSignal('SIGINT'));
+    process.on('SIGTERM', () => handleSignal('SIGTERM'));
+    process.on('SIGHUP', () => handleSignal('SIGHUP'));
+    process.stdin.on('close', () => {
+        logger.info('stdin closed. Exiting...');
+        cleanup?.();
+        process.exit(0);
+    });
+}
+//# sourceMappingURL=onSignals.js.map

package/dist/lib/onSignals.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"onSignals.js","sourceRoot":"","sources":["../../src/lib/onSignals.ts"],"names":[],"mappings":"AAOA,MAAM,UAAU,SAAS,CAAC,EAAE,MAAM,EAAE,OAAO,EAAoB;IAC7D,MAAM,YAAY,GAAG,CAAC,MAAc,EAAE,EAAE;QACtC,MAAM,CAAC,IAAI,CAAC,UAAU,MAAM,cAAc,CAAC,CAAA;QAC3C,OAAO,EAAE,EAAE,CAAA;QACX,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IACjB,CAAC,CAAA;IAED,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAA;IAClD,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC,CAAA;IACpD,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAA;IAElD,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;QAC7B,MAAM,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAA;QACvC,OAAO,EAAE,EAAE,CAAA;QACX,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAA;IACjB,CAAC,CAAC,CAAA;AACJ,CAAC"}

package/dist/lib/sessionAccessCounter.d.ts

@@ -0,0 +1,11 @@
+import type { Logger } from '../types.js';
+export declare class SessionAccessCounter {
+    private readonly timeoutMs;
+    private readonly cleanup;
+    private readonly logger;
+    private sessions;
+    constructor(timeoutMs: number, cleanup: (sessionId: string) => unknown, logger: Logger);
+    inc(sessionId: string, reason: string): void;
+    dec(sessionId: string, reason: string): void;
+    clear(sessionId: string, runCleanup: boolean, reason: string): void;
+}

package/dist/lib/sessionAccessCounter.js

@@ -0,0 +1,72 @@
+export class SessionAccessCounter {
+    timeoutMs;
+    cleanup;
+    logger;
+    sessions = new Map();
+    constructor(timeoutMs, cleanup, logger) {
+        this.timeoutMs = timeoutMs;
+        this.cleanup = cleanup;
+        this.logger = logger;
+    }
+    inc(sessionId, reason) {
+        this.logger.info(`SessionAccessCounter.inc() ${sessionId}, caused by ${reason}`);
+        const session = this.sessions.get(sessionId);
+        if (!session) {
+            this.logger.info(`Session access count 0 -> 1 for ${sessionId} (new session)`);
+            this.sessions.set(sessionId, { accessCount: 1 });
+            return;
+        }
+        if ('timeout' in session) {
+            this.logger.info(`Session access count 0 -> 1, clearing cleanup timeout for ${sessionId}`);
+            clearTimeout(session.timeout);
+            this.sessions.set(sessionId, { accessCount: 1 });
+        }
+        else {
+            this.logger.info(`Session access count ${session.accessCount} -> ${session.accessCount + 1} for ${sessionId}`);
+            session.accessCount++;
+        }
+    }
+    dec(sessionId, reason) {
+        this.logger.info(`SessionAccessCounter.dec() ${sessionId}, caused by ${reason}`);
+        const session = this.sessions.get(sessionId);
+        if (!session) {
+            this.logger.error(`Called dec() on non-existent session ${sessionId}, ignoring`);
+            return;
+        }
+        if ('timeout' in session) {
+            this.logger.error(`Called dec() on session ${sessionId} that is already pending cleanup, ignoring`);
+            return;
+        }
+        if (session.accessCount <= 0) {
+            throw new Error(`Invalid access count ${session.accessCount} for session ${sessionId}`);
+        }
+        session.accessCount--;
+        this.logger.info(`Session access count ${session.accessCount + 1} -> ${session.accessCount} for ${sessionId}`);
+        if (session.accessCount === 0) {
+            this.logger.info(`Session access count reached 0, setting cleanup timeout for ${sessionId}`);
+            this.sessions.set(sessionId, {
+                timeout: setTimeout(() => {
+                    this.logger.info(`Session ${sessionId} timed out, cleaning up`);
+                    this.sessions.delete(sessionId);
+                    this.cleanup(sessionId);
+                }, this.timeoutMs),
+            });
+        }
+    }
+    clear(sessionId, runCleanup, reason) {
+        this.logger.info(`SessionAccessCounter.clear() ${sessionId}, caused by ${reason}`);
+        const session = this.sessions.get(sessionId);
+        if (!session) {
+            this.logger.info(`Attempted to clear non-existent session ${sessionId}`);
+            return;
+        }
+        if ('timeout' in session) {
+            clearTimeout(session.timeout);
+        }
+        this.sessions.delete(sessionId);
+        if (runCleanup) {
+            this.cleanup(sessionId);
+        }
+    }
+}
+//# sourceMappingURL=sessionAccessCounter.js.map

package/dist/lib/sessionAccessCounter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sessionAccessCounter.js","sourceRoot":"","sources":["../../src/lib/sessionAccessCounter.ts"],"names":[],"mappings":"AAEA,MAAM,OAAO,oBAAoB;IAOZ;IACA;IACA;IARX,QAAQ,GAAG,IAAI,GAAG,EAGvB,CAAA;IAEH,YACmB,SAAiB,EACjB,OAAuC,EACvC,MAAc;QAFd,cAAS,GAAT,SAAS,CAAQ;QACjB,YAAO,GAAP,OAAO,CAAgC;QACvC,WAAM,GAAN,MAAM,CAAQ;IAC9B,CAAC;IAEJ,GAAG,CAAC,SAAiB,EAAE,MAAc;QACnC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,8BAA8B,SAAS,eAAe,MAAM,EAAE,CAAC,CAAA;QAEhF,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAA;QAE5C,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,mCAAmC,SAAS,gBAAgB,CAAC,CAAA;YAC9E,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,EAAE,EAAE,WAAW,EAAE,CAAC,EAAE,CAAC,CAAA;YAChD,OAAM;QACR,CAAC;QAED,IAAI,SAAS,IAAI,OAAO,EAAE,CAAC;YACzB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,6DAA6D,SAAS,EAAE,CAAC,CAAA;YAC1F,YAAY,CAAC,OAAO,CAAC,OAAO,CAAC,CAAA;YAC7B,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,EAAE,EAAE,WAAW,EAAE,CAAC,EAAE,CAAC,CAAA;QAClD,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,wBAAwB,OAAO,CAAC,WAAW,OAAO,OAAO,CAAC,WAAW,GAAG,CAAC,QAAQ,SAAS,EAAE,CAC7F,CAAA;YACD,OAAO,CAAC,WAAW,EAAE,CAAA;QACvB,CAAC;IACH,CAAC;IAED,GAAG,CAAC,SAAiB,EAAE,MAAc;QACnC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,8BAA8B,SAAS,eAAe,MAAM,EAAE,CAAC,CAAA;QAEhF,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAA;QAE5C,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,wCAAwC,SAAS,YAAY,CAAC,CAAA;YAChF,OAAM;QACR,CAAC;QAED,IAAI,SAAS,IAAI,OAAO,EAAE,CAAC;YACzB,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,2BAA2B,SAAS,4CAA4C,CACjF,CAAA;YACD,OAAM;QACR,CAAC;QAED,IAAI,OAAO,CAAC,WAAW,IAAI,CAAC,EAAE,CAAC;YAC7B,MAAM,IAAI,KAAK,CAAC,wBAAwB,OAAO,CAAC,WAAW,gBAAgB,SAAS,EAAE,CAAC,CAAA;QACzF,CAAC;QAED,OAAO,CAAC,WAAW,EAAE,CAAA;QACrB,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,wBAAwB,OAAO,CAAC,WAAW,GAAG,CAAC,OAAO,OAAO,CAAC,WAAW,QAAQ,SAAS,EAAE,CAC7F,CAAA;QAED,IAAI,OAAO,CAAC,WAAW,KAAK,CAAC,EAAE,CAAC;YAC9B,IAAI,CAAC,MAAM,CAAC,IAAI,CACd,+DAA+D,SAAS,EAAE,CAC3E,CAAA;YAED,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,EAAE;gBAC3B,OAAO,EAAE,UAAU,CAAC,GAAG,EAAE;oBACvB,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,WAAW,SAAS,yBAAyB,CAAC,CAAA;oBAC/D,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;oBAC/B,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAA;gBACzB,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC;aACnB,CAAC,CAAA;QACJ,CAAC;IACH,CAAC;IAED,KAAK,CAAC,SAAiB,EAAE,UAAmB,EAAE,MAAc;QAC1D,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,gCAAgC,SAAS,eAAe,MAAM,EAAE,CAAC,CAAA;QAElF,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAA;QAC5C,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,2CAA2C,SAAS,EAAE,CAAC,CAAA;YACxE,OAAM;QACR,CAAC;QAED,IAAI,SAAS,IAAI,OAAO,EAAE,CAAC;YACzB,YAAY,CAAC,OAAO,CAAC,OAAO,CAAC,CAAA;QAC/B,CAAC;QAED,IAAI,CAAC,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;QAE/B,IAAI,UAAU,EAAE,CAAC;YACf,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAA;QACzB,CAAC;IACH,CAAC;CACF"}

package/dist/types.d.ts

@@ -0,0 +1,11 @@
+export interface Logger {
+    info: (...args: unknown[]) => void;
+    error: (...args: unknown[]) => void;
+}
+/** OAuth auth config passed when --authIssuer is set */
+export interface AuthConfig {
+    /** OAuth issuer URL (e.g. https://auth.platf.ai) */
+    issuer: string;
+    /** OAuth client_id for this bridge instance */
+    clientId: string;
+}

package/dist/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":""}

package/package.json

@@ -0,0 +1,41 @@
+{
+  "name": "@platf/bridge",
+  "version": "0.0.2",
+  "description": "Stdio-to-Streamable HTTP bridge for MCP servers — Platf AI Hub",
+  "module": "src/index.ts",
+  "main": "dist/index.js",
+  "type": "module",
+  "bin": "dist/index.js",
+  "files": [
+    "dist",
+    "src",
+    "README.md"
+  ],
+  "scripts": {
+    "start": "bun run src/index.ts",
+    "dev": "bun run --watch src/index.ts",
+    "build": "tsc -p tsconfig.build.json",
+    "prepublishOnly": "tsc -p tsconfig.build.json",
+    "typecheck": "bunx tsc --noEmit"
+  },
+  "dependencies": {
+    "@modelcontextprotocol/sdk": "^1.18.2",
+    "cors": "^2.8.5",
+    "express": "^4.21.2",
+    "jose": "^6.1.3",
+    "yargs": "^17.7.2"
+  },
+  "devDependencies": {
+    "@types/bun": "latest",
+    "@types/cors": "^2.8.17",
+    "@types/express": "^5.0.3",
+    "@types/yargs": "^17.0.33"
+  },
+  "peerDependencies": {
+    "typescript": "^5"
+  },
+  "engines": {
+    "node": ">=18",
+    "bun": ">=1"
+  }
+}