@prmichaelsen/mcp-auth 0.1.0

package/dist/server/mcp-server.js

@@ -0,0 +1,269 @@
+import { Server } from "@modelcontextprotocol/sdk/server/index.js";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import {
+  ListToolsRequestSchema,
+  CallToolRequestSchema
+} from "@modelcontextprotocol/sdk/types.js";
+import { AuthenticatedTool } from "./tool.js";
+import { ConfigurationError, TransportError } from "../utils/errors.js";
+import { createLogger } from "../utils/logger.js";
+import { validateResourceType } from "../utils/validation.js";
+class AuthenticatedMCPServer {
+  config;
+  mcpServer;
+  logger;
+  tools;
+  isRunning = false;
+  constructor(config) {
+    this.validateConfig(config);
+    this.config = this.normalizeConfig(config);
+    this.logger = createLogger(this.config.middleware.logging);
+    this.tools = /* @__PURE__ */ new Map();
+    this.mcpServer = new Server(
+      {
+        name: this.config.name,
+        version: this.config.version
+      },
+      {
+        capabilities: {
+          tools: {}
+        }
+      }
+    );
+    this.registerMCPHandlers();
+    this.logger.info("AuthenticatedMCPServer created", {
+      name: this.config.name,
+      version: this.config.version,
+      resourceType: this.config.resourceType,
+      transport: this.config.transport.type
+    });
+  }
+  /**
+   * Validate server configuration
+   */
+  validateConfig(config) {
+    if (!config.authProvider) {
+      throw new ConfigurationError("authProvider is required");
+    }
+    if (!config.tokenResolver) {
+      throw new ConfigurationError("tokenResolver is required");
+    }
+    if (!config.resourceType) {
+      throw new ConfigurationError("resourceType is required");
+    }
+    if (!config.transport) {
+      throw new ConfigurationError("transport is required");
+    }
+    validateResourceType(config.resourceType);
+  }
+  /**
+   * Normalize configuration with defaults
+   */
+  normalizeConfig(config) {
+    return {
+      name: config.name ?? "mcp-server",
+      version: config.version ?? "1.0.0",
+      authProvider: config.authProvider,
+      tokenResolver: config.tokenResolver,
+      resourceType: config.resourceType,
+      transport: config.transport,
+      middleware: {
+        rateLimit: config.middleware?.rateLimit,
+        logging: config.middleware?.logging ?? { enabled: true, level: "info" }
+      },
+      requestTimeoutMs: config.requestTimeoutMs ?? 3e4,
+      enableTracing: config.enableTracing ?? false,
+      errorHandler: config.errorHandler
+    };
+  }
+  /**
+   * Register MCP protocol handlers
+   */
+  registerMCPHandlers() {
+    this.mcpServer.setRequestHandler(ListToolsRequestSchema, async () => {
+      const tools = Array.from(this.tools.values()).map((tool) => ({
+        name: tool.name,
+        description: tool.description,
+        inputSchema: tool.inputSchema
+      }));
+      this.logger.debug("Listing tools", { count: tools.length });
+      return { tools };
+    });
+    this.mcpServer.setRequestHandler(CallToolRequestSchema, async (request) => {
+      const { name, arguments: args } = request.params;
+      this.logger.info("Tool called", { toolName: name });
+      const tool = this.tools.get(name);
+      if (!tool) {
+        throw new Error(`Unknown tool: ${name}`);
+      }
+      const context = {
+        transport: this.config.transport.type,
+        timestamp: /* @__PURE__ */ new Date(),
+        metadata: { toolName: name }
+      };
+      const result = await tool.handler(
+        args,
+        context,
+        this.config.authProvider,
+        this.config.tokenResolver,
+        this.config.resourceType
+      );
+      return {
+        content: [
+          {
+            type: "text",
+            text: typeof result === "string" ? result : JSON.stringify(result, null, 2)
+          }
+        ]
+      };
+    });
+  }
+  /**
+   * Register a tool with authentication
+   * 
+   * @param name - Tool name
+   * @param handler - Authenticated tool handler
+   * 
+   * @example
+   * ```typescript
+   * server.registerTool('get_data', withAuth(async (args, accessToken, userId) => {
+   *   return getData(args, accessToken);
+   * }));
+   * ```
+   */
+  registerTool(name, handler, options) {
+    if (this.tools.has(name)) {
+      throw new ConfigurationError(`Tool '${name}' is already registered`);
+    }
+    this.tools.set(name, {
+      name,
+      description: options?.description,
+      inputSchema: options?.inputSchema,
+      handler
+    });
+    this.logger.debug("Tool registered", { name });
+  }
+  /**
+   * Register a Tool class instance
+   * 
+   * @param tool - Tool or AuthenticatedTool instance
+   * 
+   * @example
+   * ```typescript
+   * server.registerToolClass(new AuthenticatedTool(new GetProfileTool()));
+   * ```
+   */
+  registerToolClass(tool) {
+    const authenticatedTool = tool instanceof AuthenticatedTool ? tool : new AuthenticatedTool(tool);
+    const handler = async (args, context, authProvider, tokenResolver, resourceType) => {
+      return authenticatedTool.execute(args, context, authProvider, tokenResolver, resourceType);
+    };
+    this.registerTool(authenticatedTool.name, handler, {
+      description: authenticatedTool.description,
+      inputSchema: authenticatedTool.inputSchema
+    });
+  }
+  /**
+   * Register multiple tools at once
+   * 
+   * @param tools - Array of Tool or AuthenticatedTool instances
+   * 
+   * @example
+   * ```typescript
+   * server.registerTools([
+   *   new AuthenticatedTool(new GetProfileTool()),
+   *   new AuthenticatedTool(new GetMediaTool())
+   * ]);
+   * ```
+   */
+  registerTools(tools) {
+    for (const tool of tools) {
+      this.registerToolClass(tool);
+    }
+  }
+  /**
+   * Start the server
+   */
+  async start() {
+    if (this.isRunning) {
+      throw new ConfigurationError("Server is already running");
+    }
+    this.logger.info("Starting authenticated MCP server");
+    if (this.config.authProvider.initialize) {
+      await this.config.authProvider.initialize();
+      this.logger.debug("Auth provider initialized");
+    }
+    if (this.config.tokenResolver.initialize) {
+      await this.config.tokenResolver.initialize();
+      this.logger.debug("Token resolver initialized");
+    }
+    switch (this.config.transport.type) {
+      case "stdio":
+        await this.startStdioTransport();
+        break;
+      case "sse":
+      case "http":
+        throw new TransportError(
+          "SSE/HTTP transports not yet implemented for tool-level auth. Use server wrapping pattern for remote transports."
+        );
+      default:
+        throw new TransportError(`Unsupported transport: ${this.config.transport.type}`);
+    }
+    this.isRunning = true;
+    this.logger.info("Server started successfully", {
+      name: this.config.name,
+      transport: this.config.transport.type,
+      toolCount: this.tools.size
+    });
+  }
+  /**
+   * Stop the server
+   */
+  async stop() {
+    if (!this.isRunning) {
+      return;
+    }
+    this.logger.info("Stopping server");
+    await this.mcpServer.close();
+    if (this.config.authProvider.cleanup) {
+      await this.config.authProvider.cleanup();
+    }
+    if (this.config.tokenResolver.cleanup) {
+      await this.config.tokenResolver.cleanup();
+    }
+    this.isRunning = false;
+    this.logger.info("Server stopped");
+  }
+  /**
+   * Start stdio transport
+   */
+  async startStdioTransport() {
+    this.logger.info("Starting stdio transport");
+    const transport = new StdioServerTransport();
+    await this.mcpServer.connect(transport);
+    this.logger.info("Stdio transport connected");
+  }
+  /**
+   * Get server statistics
+   */
+  getStats() {
+    return {
+      name: this.config.name,
+      version: this.config.version,
+      resourceType: this.config.resourceType,
+      transport: this.config.transport.type,
+      toolCount: this.tools.size,
+      isRunning: this.isRunning
+    };
+  }
+  /**
+   * Get list of registered tool names
+   */
+  getToolNames() {
+    return Array.from(this.tools.keys());
+  }
+}
+export {
+  AuthenticatedMCPServer
+};
+//# sourceMappingURL=mcp-server.js.map

package/dist/server/mcp-server.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../src/server/mcp-server.ts"],
+  "sourcesContent": ["/**\n * Authenticated MCP Server implementation\n * \n * MCP server with integrated authentication for tool-level auth pattern.\n */\n\nimport { Server } from '@modelcontextprotocol/sdk/server/index.js';\nimport { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';\nimport {\n  ListToolsRequestSchema,\n  CallToolRequestSchema,\n  type CallToolRequest\n} from '@modelcontextprotocol/sdk/types.js';\nimport type { ServerConfig, NormalizedServerConfig } from './config.js';\nimport type { RequestContext, ToolHandler } from '../types.js';\nimport type { AuthenticatedToolHandler } from './decorators.js';\nimport { AuthenticatedTool, type Tool } from './tool.js';\nimport { ConfigurationError, TransportError } from '../utils/errors.js';\nimport { createLogger, type Logger } from '../utils/logger.js';\nimport { validateResourceType } from '../utils/validation.js';\n\n/**\n * Tool registration entry\n */\ninterface ToolRegistration {\n  name: string;\n  description?: string;\n  inputSchema?: object;\n  handler: AuthenticatedToolHandler;\n}\n\n/**\n * Authenticated MCP Server\n * \n * MCP server with integrated authentication support.\n * Use this for building new MCP servers with tool-level authentication.\n * \n * @example\n * ```typescript\n * const server = new AuthenticatedMCPServer({\n *   name: 'my-server',\n *   authProvider: new EnvAuthProvider(),\n *   tokenResolver: new SimpleTokenResolver({ tokenEnvVar: 'API_TOKEN' }),\n *   resourceType: 'myapi',\n *   transport: { type: 'stdio' }\n * });\n * \n * server.registerTool('get_data', withAuth(async (args, accessToken, userId) => {\n *   const client = new APIClient(accessToken);\n *   return client.getData(args);\n * }));\n * \n * await server.start();\n * ```\n */\nexport class AuthenticatedMCPServer {\n  private config: NormalizedServerConfig;\n  private mcpServer: Server;\n  private logger: Logger;\n  private tools: Map<string, ToolRegistration>;\n  private isRunning: boolean = false;\n  \n  constructor(config: ServerConfig) {\n    // Validate configuration\n    this.validateConfig(config);\n    \n    // Normalize configuration\n    this.config = this.normalizeConfig(config);\n    \n    // Initialize logger\n    this.logger = createLogger(this.config.middleware.logging);\n    \n    // Initialize tools map\n    this.tools = new Map();\n    \n    // Create MCP server\n    this.mcpServer = new Server(\n      {\n        name: this.config.name,\n        version: this.config.version\n      },\n      {\n        capabilities: {\n          tools: {}\n        }\n      }\n    );\n    \n    // Register MCP handlers\n    this.registerMCPHandlers();\n    \n    this.logger.info('AuthenticatedMCPServer created', {\n      name: this.config.name,\n      version: this.config.version,\n      resourceType: this.config.resourceType,\n      transport: this.config.transport.type\n    });\n  }\n  \n  /**\n   * Validate server configuration\n   */\n  private validateConfig(config: ServerConfig): void {\n    if (!config.authProvider) {\n      throw new ConfigurationError('authProvider is required');\n    }\n    if (!config.tokenResolver) {\n      throw new ConfigurationError('tokenResolver is required');\n    }\n    if (!config.resourceType) {\n      throw new ConfigurationError('resourceType is required');\n    }\n    if (!config.transport) {\n      throw new ConfigurationError('transport is required');\n    }\n    \n    validateResourceType(config.resourceType);\n  }\n  \n  /**\n   * Normalize configuration with defaults\n   */\n  private normalizeConfig(config: ServerConfig): NormalizedServerConfig {\n    return {\n      name: config.name ?? 'mcp-server',\n      version: config.version ?? '1.0.0',\n      authProvider: config.authProvider,\n      tokenResolver: config.tokenResolver,\n      resourceType: config.resourceType,\n      transport: config.transport,\n      middleware: {\n        rateLimit: config.middleware?.rateLimit,\n        logging: config.middleware?.logging ?? { enabled: true, level: 'info' }\n      },\n      requestTimeoutMs: config.requestTimeoutMs ?? 30000,\n      enableTracing: config.enableTracing ?? false,\n      errorHandler: config.errorHandler\n    };\n  }\n  \n  /**\n   * Register MCP protocol handlers\n   */\n  private registerMCPHandlers(): void {\n    // List tools handler\n    this.mcpServer.setRequestHandler(ListToolsRequestSchema, async () => {\n      const tools = Array.from(this.tools.values()).map(tool => ({\n        name: tool.name,\n        description: tool.description,\n        inputSchema: tool.inputSchema\n      }));\n      \n      this.logger.debug('Listing tools', { count: tools.length });\n      \n      return { tools };\n    });\n    \n    // Call tool handler\n    this.mcpServer.setRequestHandler(CallToolRequestSchema, async (request: CallToolRequest) => {\n      const { name, arguments: args } = request.params;\n      \n      this.logger.info('Tool called', { toolName: name });\n      \n      const tool = this.tools.get(name);\n      \n      if (!tool) {\n        throw new Error(`Unknown tool: ${name}`);\n      }\n      \n      // Create request context\n      // Note: For stdio, we don't have headers, so context is minimal\n      const context: RequestContext = {\n        transport: this.config.transport.type,\n        timestamp: new Date(),\n        metadata: { toolName: name }\n      };\n      \n      // Execute tool with authentication\n      const result = await tool.handler(\n        args,\n        context,\n        this.config.authProvider,\n        this.config.tokenResolver,\n        this.config.resourceType\n      );\n      \n      // Return MCP-formatted response\n      return {\n        content: [\n          {\n            type: 'text',\n            text: typeof result === 'string' ? result : JSON.stringify(result, null, 2)\n          }\n        ]\n      };\n    });\n  }\n  \n  /**\n   * Register a tool with authentication\n   * \n   * @param name - Tool name\n   * @param handler - Authenticated tool handler\n   * \n   * @example\n   * ```typescript\n   * server.registerTool('get_data', withAuth(async (args, accessToken, userId) => {\n   *   return getData(args, accessToken);\n   * }));\n   * ```\n   */\n  registerTool<TArgs = any, TResult = any>(\n    name: string,\n    handler: AuthenticatedToolHandler<TArgs, TResult>,\n    options?: {\n      description?: string;\n      inputSchema?: object;\n    }\n  ): void {\n    if (this.tools.has(name)) {\n      throw new ConfigurationError(`Tool '${name}' is already registered`);\n    }\n    \n    this.tools.set(name, {\n      name,\n      description: options?.description,\n      inputSchema: options?.inputSchema,\n      handler\n    });\n    \n    this.logger.debug('Tool registered', { name });\n  }\n  \n  /**\n   * Register a Tool class instance\n   * \n   * @param tool - Tool or AuthenticatedTool instance\n   * \n   * @example\n   * ```typescript\n   * server.registerToolClass(new AuthenticatedTool(new GetProfileTool()));\n   * ```\n   */\n  registerToolClass(tool: Tool | AuthenticatedTool): void {\n    const authenticatedTool = tool instanceof AuthenticatedTool \n      ? tool \n      : new AuthenticatedTool(tool);\n    \n    const handler: AuthenticatedToolHandler = async (args, context, authProvider, tokenResolver, resourceType) => {\n      return authenticatedTool.execute(args, context, authProvider, tokenResolver, resourceType);\n    };\n    \n    this.registerTool(authenticatedTool.name, handler, {\n      description: authenticatedTool.description,\n      inputSchema: authenticatedTool.inputSchema\n    });\n  }\n  \n  /**\n   * Register multiple tools at once\n   * \n   * @param tools - Array of Tool or AuthenticatedTool instances\n   * \n   * @example\n   * ```typescript\n   * server.registerTools([\n   *   new AuthenticatedTool(new GetProfileTool()),\n   *   new AuthenticatedTool(new GetMediaTool())\n   * ]);\n   * ```\n   */\n  registerTools(tools: Array<Tool | AuthenticatedTool>): void {\n    for (const tool of tools) {\n      this.registerToolClass(tool);\n    }\n  }\n  \n  /**\n   * Start the server\n   */\n  async start(): Promise<void> {\n    if (this.isRunning) {\n      throw new ConfigurationError('Server is already running');\n    }\n    \n    this.logger.info('Starting authenticated MCP server');\n    \n    // Initialize auth provider\n    if (this.config.authProvider.initialize) {\n      await this.config.authProvider.initialize();\n      this.logger.debug('Auth provider initialized');\n    }\n    \n    // Initialize token resolver\n    if (this.config.tokenResolver.initialize) {\n      await this.config.tokenResolver.initialize();\n      this.logger.debug('Token resolver initialized');\n    }\n    \n    // Start transport\n    switch (this.config.transport.type) {\n      case 'stdio':\n        await this.startStdioTransport();\n        break;\n      case 'sse':\n      case 'http':\n        throw new TransportError(\n          'SSE/HTTP transports not yet implemented for tool-level auth. ' +\n          'Use server wrapping pattern for remote transports.'\n        );\n      default:\n        throw new TransportError(`Unsupported transport: ${this.config.transport.type}`);\n    }\n    \n    this.isRunning = true;\n    \n    this.logger.info('Server started successfully', {\n      name: this.config.name,\n      transport: this.config.transport.type,\n      toolCount: this.tools.size\n    });\n  }\n  \n  /**\n   * Stop the server\n   */\n  async stop(): Promise<void> {\n    if (!this.isRunning) {\n      return;\n    }\n    \n    this.logger.info('Stopping server');\n    \n    // Close MCP server\n    await this.mcpServer.close();\n    \n    // Cleanup auth provider\n    if (this.config.authProvider.cleanup) {\n      await this.config.authProvider.cleanup();\n    }\n    \n    // Cleanup token resolver\n    if (this.config.tokenResolver.cleanup) {\n      await this.config.tokenResolver.cleanup();\n    }\n    \n    this.isRunning = false;\n    \n    this.logger.info('Server stopped');\n  }\n  \n  /**\n   * Start stdio transport\n   */\n  private async startStdioTransport(): Promise<void> {\n    this.logger.info('Starting stdio transport');\n    \n    const transport = new StdioServerTransport();\n    await this.mcpServer.connect(transport);\n    \n    this.logger.info('Stdio transport connected');\n  }\n  \n  /**\n   * Get server statistics\n   */\n  getStats(): {\n    name: string;\n    version: string;\n    resourceType: string;\n    transport: string;\n    toolCount: number;\n    isRunning: boolean;\n  } {\n    return {\n      name: this.config.name,\n      version: this.config.version,\n      resourceType: this.config.resourceType,\n      transport: this.config.transport.type,\n      toolCount: this.tools.size,\n      isRunning: this.isRunning\n    };\n  }\n  \n  /**\n   * Get list of registered tool names\n   */\n  getToolNames(): string[] {\n    return Array.from(this.tools.keys());\n  }\n}\n"],
+  "mappings": "AAMA,SAAS,cAAc;AACvB,SAAS,4BAA4B;AACrC;AAAA,EACE;AAAA,EACA;AAAA,OAEK;AAIP,SAAS,yBAAoC;AAC7C,SAAS,oBAAoB,sBAAsB;AACnD,SAAS,oBAAiC;AAC1C,SAAS,4BAA4B;AAoC9B,MAAM,uBAAuB;AAAA,EAC1B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA,YAAqB;AAAA,EAE7B,YAAY,QAAsB;AAEhC,SAAK,eAAe,MAAM;AAG1B,SAAK,SAAS,KAAK,gBAAgB,MAAM;AAGzC,SAAK,SAAS,aAAa,KAAK,OAAO,WAAW,OAAO;AAGzD,SAAK,QAAQ,oBAAI,IAAI;AAGrB,SAAK,YAAY,IAAI;AAAA,MACnB;AAAA,QACE,MAAM,KAAK,OAAO;AAAA,QAClB,SAAS,KAAK,OAAO;AAAA,MACvB;AAAA,MACA;AAAA,QACE,cAAc;AAAA,UACZ,OAAO,CAAC;AAAA,QACV;AAAA,MACF;AAAA,IACF;AAGA,SAAK,oBAAoB;AAEzB,SAAK,OAAO,KAAK,kCAAkC;AAAA,MACjD,MAAM,KAAK,OAAO;AAAA,MAClB,SAAS,KAAK,OAAO;AAAA,MACrB,cAAc,KAAK,OAAO;AAAA,MAC1B,WAAW,KAAK,OAAO,UAAU;AAAA,IACnC,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKQ,eAAe,QAA4B;AACjD,QAAI,CAAC,OAAO,cAAc;AACxB,YAAM,IAAI,mBAAmB,0BAA0B;AAAA,IACzD;AACA,QAAI,CAAC,OAAO,eAAe;AACzB,YAAM,IAAI,mBAAmB,2BAA2B;AAAA,IAC1D;AACA,QAAI,CAAC,OAAO,cAAc;AACxB,YAAM,IAAI,mBAAmB,0BAA0B;AAAA,IACzD;AACA,QAAI,CAAC,OAAO,WAAW;AACrB,YAAM,IAAI,mBAAmB,uBAAuB;AAAA,IACtD;AAEA,yBAAqB,OAAO,YAAY;AAAA,EAC1C;AAAA;AAAA;AAAA;AAAA,EAKQ,gBAAgB,QAA8C;AACpE,WAAO;AAAA,MACL,MAAM,OAAO,QAAQ;AAAA,MACrB,SAAS,OAAO,WAAW;AAAA,MAC3B,cAAc,OAAO;AAAA,MACrB,eAAe,OAAO;AAAA,MACtB,cAAc,OAAO;AAAA,MACrB,WAAW,OAAO;AAAA,MAClB,YAAY;AAAA,QACV,WAAW,OAAO,YAAY;AAAA,QAC9B,SAAS,OAAO,YAAY,WAAW,EAAE,SAAS,MAAM,OAAO,OAAO;AAAA,MACxE;AAAA,MACA,kBAAkB,OAAO,oBAAoB;AAAA,MAC7C,eAAe,OAAO,iBAAiB;AAAA,MACvC,cAAc,OAAO;AAAA,IACvB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKQ,sBAA4B;AAElC,SAAK,UAAU,kBAAkB,wBAAwB,YAAY;AACnE,YAAM,QAAQ,MAAM,KAAK,KAAK,MAAM,OAAO,CAAC,EAAE,IAAI,WAAS;AAAA,QACzD,MAAM,KAAK;AAAA,QACX,aAAa,KAAK;AAAA,QAClB,aAAa,KAAK;AAAA,MACpB,EAAE;AAEF,WAAK,OAAO,MAAM,iBAAiB,EAAE,OAAO,MAAM,OAAO,CAAC;AAE1D,aAAO,EAAE,MAAM;AAAA,IACjB,CAAC;AAGD,SAAK,UAAU,kBAAkB,uBAAuB,OAAO,YAA6B;AAC1F,YAAM,EAAE,MAAM,WAAW,KAAK,IAAI,QAAQ;AAE1C,WAAK,OAAO,KAAK,eAAe,EAAE,UAAU,KAAK,CAAC;AAElD,YAAM,OAAO,KAAK,MAAM,IAAI,IAAI;AAEhC,UAAI,CAAC,MAAM;AACT,cAAM,IAAI,MAAM,iBAAiB,IAAI,EAAE;AAAA,MACzC;AAIA,YAAM,UAA0B;AAAA,QAC9B,WAAW,KAAK,OAAO,UAAU;AAAA,QACjC,WAAW,oBAAI,KAAK;AAAA,QACpB,UAAU,EAAE,UAAU,KAAK;AAAA,MAC7B;AAGA,YAAM,SAAS,MAAM,KAAK;AAAA,QACxB;AAAA,QACA;AAAA,QACA,KAAK,OAAO;AAAA,QACZ,KAAK,OAAO;AAAA,QACZ,KAAK,OAAO;AAAA,MACd;AAGA,aAAO;AAAA,QACL,SAAS;AAAA,UACP;AAAA,YACE,MAAM;AAAA,YACN,MAAM,OAAO,WAAW,WAAW,SAAS,KAAK,UAAU,QAAQ,MAAM,CAAC;AAAA,UAC5E;AAAA,QACF;AAAA,MACF;AAAA,IACF,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAeA,aACE,MACA,SACA,SAIM;AACN,QAAI,KAAK,MAAM,IAAI,IAAI,GAAG;AACxB,YAAM,IAAI,mBAAmB,SAAS,IAAI,yBAAyB;AAAA,IACrE;AAEA,SAAK,MAAM,IAAI,MAAM;AAAA,MACnB;AAAA,MACA,aAAa,SAAS;AAAA,MACtB,aAAa,SAAS;AAAA,MACtB;AAAA,IACF,CAAC;AAED,SAAK,OAAO,MAAM,mBAAmB,EAAE,KAAK,CAAC;AAAA,EAC/C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYA,kBAAkB,MAAsC;AACtD,UAAM,oBAAoB,gBAAgB,oBACtC,OACA,IAAI,kBAAkB,IAAI;AAE9B,UAAM,UAAoC,OAAO,MAAM,SAAS,cAAc,eAAe,iBAAiB;AAC5G,aAAO,kBAAkB,QAAQ,MAAM,SAAS,cAAc,eAAe,YAAY;AAAA,IAC3F;AAEA,SAAK,aAAa,kBAAkB,MAAM,SAAS;AAAA,MACjD,aAAa,kBAAkB;AAAA,MAC/B,aAAa,kBAAkB;AAAA,IACjC,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAeA,cAAc,OAA8C;AAC1D,eAAW,QAAQ,OAAO;AACxB,WAAK,kBAAkB,IAAI;AAAA,IAC7B;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,QAAuB;AAC3B,QAAI,KAAK,WAAW;AAClB,YAAM,IAAI,mBAAmB,2BAA2B;AAAA,IAC1D;AAEA,SAAK,OAAO,KAAK,mCAAmC;AAGpD,QAAI,KAAK,OAAO,aAAa,YAAY;AACvC,YAAM,KAAK,OAAO,aAAa,WAAW;AAC1C,WAAK,OAAO,MAAM,2BAA2B;AAAA,IAC/C;AAGA,QAAI,KAAK,OAAO,cAAc,YAAY;AACxC,YAAM,KAAK,OAAO,cAAc,WAAW;AAC3C,WAAK,OAAO,MAAM,4BAA4B;AAAA,IAChD;AAGA,YAAQ,KAAK,OAAO,UAAU,MAAM;AAAA,MAClC,KAAK;AACH,cAAM,KAAK,oBAAoB;AAC/B;AAAA,MACF,KAAK;AAAA,MACL,KAAK;AACH,cAAM,IAAI;AAAA,UACR;AAAA,QAEF;AAAA,MACF;AACE,cAAM,IAAI,eAAe,0BAA0B,KAAK,OAAO,UAAU,IAAI,EAAE;AAAA,IACnF;AAEA,SAAK,YAAY;AAEjB,SAAK,OAAO,KAAK,+BAA+B;AAAA,MAC9C,MAAM,KAAK,OAAO;AAAA,MAClB,WAAW,KAAK,OAAO,UAAU;AAAA,MACjC,WAAW,KAAK,MAAM;AAAA,IACxB,CAAC;AAAA,EACH;AAAA;AAAA;AAAA;AAAA,EAKA,MAAM,OAAsB;AAC1B,QAAI,CAAC,KAAK,WAAW;AACnB;AAAA,IACF;AAEA,SAAK,OAAO,KAAK,iBAAiB;AAGlC,UAAM,KAAK,UAAU,MAAM;AAG3B,QAAI,KAAK,OAAO,aAAa,SAAS;AACpC,YAAM,KAAK,OAAO,aAAa,QAAQ;AAAA,IACzC;AAGA,QAAI,KAAK,OAAO,cAAc,SAAS;AACrC,YAAM,KAAK,OAAO,cAAc,QAAQ;AAAA,IAC1C;AAEA,SAAK,YAAY;AAEjB,SAAK,OAAO,KAAK,gBAAgB;AAAA,EACnC;AAAA;AAAA;AAAA;AAAA,EAKA,MAAc,sBAAqC;AACjD,SAAK,OAAO,KAAK,0BAA0B;AAE3C,UAAM,YAAY,IAAI,qBAAqB;AAC3C,UAAM,KAAK,UAAU,QAAQ,SAAS;AAEtC,SAAK,OAAO,KAAK,2BAA2B;AAAA,EAC9C;AAAA;AAAA;AAAA;AAAA,EAKA,WAOE;AACA,WAAO;AAAA,MACL,MAAM,KAAK,OAAO;AAAA,MAClB,SAAS,KAAK,OAAO;AAAA,MACrB,cAAc,KAAK,OAAO;AAAA,MAC1B,WAAW,KAAK,OAAO,UAAU;AAAA,MACjC,WAAW,KAAK,MAAM;AAAA,MACtB,WAAW,KAAK;AAAA,IAClB;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,eAAyB;AACvB,WAAO,MAAM,KAAK,KAAK,MAAM,KAAK,CAAC;AAAA,EACrC;AACF;",
+  "names": []
+}

package/dist/server/tool.js

@@ -0,0 +1,66 @@
+import { AuthenticationError, TokenResolutionError } from "../utils/errors.js";
+import { validateUserId, validateAccessToken } from "../utils/validation.js";
+class AuthenticatedTool {
+  constructor(tool, options) {
+    this.tool = tool;
+    this.options = options;
+  }
+  /**
+   * Get tool name
+   */
+  get name() {
+    return this.tool.name;
+  }
+  /**
+   * Get tool description
+   */
+  get description() {
+    return this.tool.description;
+  }
+  /**
+   * Get tool input schema
+   */
+  get inputSchema() {
+    return this.tool.inputSchema;
+  }
+  /**
+   * Execute tool with authentication
+   * 
+   * @param args - Tool arguments
+   * @param context - Request context
+   * @param authProvider - Authentication provider
+   * @param tokenResolver - Token resolver
+   * @param resourceType - Resource type
+   * @returns Tool result
+   */
+  async execute(args, context, authProvider, tokenResolver, resourceType) {
+    const requiresAuth = this.options?.requiresAuth ?? true;
+    if (!requiresAuth) {
+      return this.tool.execute(args, "", "");
+    }
+    const authResult = await authProvider.authenticate(context);
+    if (!authResult.authenticated || !authResult.userId) {
+      throw new AuthenticationError(
+        authResult.error || "Authentication failed",
+        { tool: this.tool.name }
+      );
+    }
+    const userId = validateUserId(authResult.userId);
+    const accessToken = await tokenResolver.resolveToken(userId, resourceType);
+    if (!accessToken) {
+      throw new TokenResolutionError(userId, resourceType, {
+        tool: this.tool.name
+      });
+    }
+    validateAccessToken(accessToken);
+    return this.tool.execute(args, accessToken, userId);
+  }
+}
+function createAuthenticatedTool(tool, options) {
+  return new AuthenticatedTool(tool, options);
+}
+export {
+  AuthenticatedTool,
+  createAuthenticatedTool
+};
+//# sourceMappingURL=tool.js.map

package/dist/server/tool.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../src/server/tool.ts"],
+  "sourcesContent": ["/**\n * Tool interface and wrapper for tool-level authentication\n * \n * Provides class-based tool definitions with authentication support.\n */\n\nimport type { RequestContext } from '../types.js';\nimport type { AuthProvider, ResourceTokenResolver } from '../auth/types.js';\nimport { AuthenticationError, TokenResolutionError } from '../utils/errors.js';\nimport { validateUserId, validateAccessToken } from '../utils/validation.js';\n\n/**\n * Tool interface for class-based tools\n * \n * Implement this interface to create structured, reusable tools.\n * \n * @example\n * ```typescript\n * class GetProfileTool implements Tool {\n *   name = 'get_profile';\n *   description = 'Get user profile';\n *   \n *   inputSchema = {\n *     type: 'object',\n *     properties: {\n *       userId: { type: 'string' }\n *     }\n *   };\n *   \n *   async execute(args: { userId: string }, accessToken: string, userId: string) {\n *     const client = new APIClient(accessToken);\n *     return client.getProfile(args.userId);\n *   }\n * }\n * ```\n */\nexport interface Tool<TArgs = any, TResult = any> {\n  /**\n   * Tool name (must be unique within server)\n   */\n  name: string;\n  \n  /**\n   * Tool description for clients\n   */\n  description?: string;\n  \n  /**\n   * JSON Schema for tool input validation\n   */\n  inputSchema?: object;\n  \n  /**\n   * Execute the tool with authenticated context\n   * \n   * @param args - Tool arguments\n   * @param accessToken - Resource-specific access token\n   * @param userId - Authenticated user ID\n   * @returns Tool result\n   */\n  execute(args: TArgs, accessToken: string, userId: string): Promise<TResult>;\n}\n\n/**\n * Authenticated tool wrapper\n * \n * Wraps a Tool implementation with automatic authentication.\n * Handles auth provider and token resolver calls before executing the tool.\n * \n * @example\n * ```typescript\n * const tool = new AuthenticatedTool(new GetProfileTool());\n * server.registerTool(tool);\n * ```\n */\nexport class AuthenticatedTool<TArgs = any, TResult = any> {\n  constructor(\n    private tool: Tool<TArgs, TResult>,\n    private options?: {\n      /**\n       * Whether authentication is required\n       * @default true\n       */\n      requiresAuth?: boolean;\n    }\n  ) {}\n  \n  /**\n   * Get tool name\n   */\n  get name(): string {\n    return this.tool.name;\n  }\n  \n  /**\n   * Get tool description\n   */\n  get description(): string | undefined {\n    return this.tool.description;\n  }\n  \n  /**\n   * Get tool input schema\n   */\n  get inputSchema(): object | undefined {\n    return this.tool.inputSchema;\n  }\n  \n  /**\n   * Execute tool with authentication\n   * \n   * @param args - Tool arguments\n   * @param context - Request context\n   * @param authProvider - Authentication provider\n   * @param tokenResolver - Token resolver\n   * @param resourceType - Resource type\n   * @returns Tool result\n   */\n  async execute(\n    args: TArgs,\n    context: RequestContext,\n    authProvider: AuthProvider,\n    tokenResolver: ResourceTokenResolver,\n    resourceType: string\n  ): Promise<TResult> {\n    // Check if auth is required\n    const requiresAuth = this.options?.requiresAuth ?? true;\n    \n    if (!requiresAuth) {\n      // Execute without auth (use empty values)\n      return this.tool.execute(args, '', '');\n    }\n    \n    // 1. Authenticate request\n    const authResult = await authProvider.authenticate(context);\n    \n    if (!authResult.authenticated || !authResult.userId) {\n      throw new AuthenticationError(\n        authResult.error || 'Authentication failed',\n        { tool: this.tool.name }\n      );\n    }\n    \n    const userId = validateUserId(authResult.userId);\n    \n    // 2. Resolve resource token\n    const accessToken = await tokenResolver.resolveToken(userId, resourceType);\n    \n    if (!accessToken) {\n      throw new TokenResolutionError(userId, resourceType, {\n        tool: this.tool.name\n      });\n    }\n    \n    validateAccessToken(accessToken);\n    \n    // 3. Execute tool\n    return this.tool.execute(args, accessToken, userId);\n  }\n}\n\n/**\n * Create an authenticated tool from a Tool implementation\n * \n * Helper function for creating authenticated tools.\n * \n * @param tool - Tool implementation\n * @param options - Authentication options\n * @returns Authenticated tool wrapper\n * \n * @example\n * ```typescript\n * const tool = createAuthenticatedTool(new GetProfileTool());\n * server.registerTool(tool);\n * ```\n */\nexport function createAuthenticatedTool<TArgs = any, TResult = any>(\n  tool: Tool<TArgs, TResult>,\n  options?: { requiresAuth?: boolean }\n): AuthenticatedTool<TArgs, TResult> {\n  return new AuthenticatedTool(tool, options);\n}\n"],
+  "mappings": "AAQA,SAAS,qBAAqB,4BAA4B;AAC1D,SAAS,gBAAgB,2BAA2B;AAkE7C,MAAM,kBAA8C;AAAA,EACzD,YACU,MACA,SAOR;AARQ;AACA;AAAA,EAOP;AAAA;AAAA;AAAA;AAAA,EAKH,IAAI,OAAe;AACjB,WAAO,KAAK,KAAK;AAAA,EACnB;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,cAAkC;AACpC,WAAO,KAAK,KAAK;AAAA,EACnB;AAAA;AAAA;AAAA;AAAA,EAKA,IAAI,cAAkC;AACpC,WAAO,KAAK,KAAK;AAAA,EACnB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAYA,MAAM,QACJ,MACA,SACA,cACA,eACA,cACkB;AAElB,UAAM,eAAe,KAAK,SAAS,gBAAgB;AAEnD,QAAI,CAAC,cAAc;AAEjB,aAAO,KAAK,KAAK,QAAQ,MAAM,IAAI,EAAE;AAAA,IACvC;AAGA,UAAM,aAAa,MAAM,aAAa,aAAa,OAAO;AAE1D,QAAI,CAAC,WAAW,iBAAiB,CAAC,WAAW,QAAQ;AACnD,YAAM,IAAI;AAAA,QACR,WAAW,SAAS;AAAA,QACpB,EAAE,MAAM,KAAK,KAAK,KAAK;AAAA,MACzB;AAAA,IACF;AAEA,UAAM,SAAS,eAAe,WAAW,MAAM;AAG/C,UAAM,cAAc,MAAM,cAAc,aAAa,QAAQ,YAAY;AAEzE,QAAI,CAAC,aAAa;AAChB,YAAM,IAAI,qBAAqB,QAAQ,cAAc;AAAA,QACnD,MAAM,KAAK,KAAK;AAAA,MAClB,CAAC;AAAA,IACH;AAEA,wBAAoB,WAAW;AAG/B,WAAO,KAAK,KAAK,QAAQ,MAAM,aAAa,MAAM;AAAA,EACpD;AACF;AAiBO,SAAS,wBACd,MACA,SACmC;AACnC,SAAO,IAAI,kBAAkB,MAAM,OAAO;AAC5C;",
+  "names": []
+}

package/dist/types.js

@@ -0,0 +1 @@
+//# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": [],
+  "sourcesContent": [],
+  "mappings": "",
+  "names": []
+}

package/dist/utils/errors.js

@@ -0,0 +1,143 @@
+class MCPAuthError extends Error {
+  /**
+   * Error code for programmatic handling
+   */
+  code;
+  /**
+   * HTTP status code (for HTTP/SSE transports)
+   */
+  statusCode;
+  /**
+   * Additional error details
+   */
+  details;
+  constructor(message, code = "MCP_AUTH_ERROR", statusCode = 500, details) {
+    super(message);
+    this.name = this.constructor.name;
+    this.code = code;
+    this.statusCode = statusCode;
+    this.details = details;
+    if (typeof Error.captureStackTrace === "function") {
+      Error.captureStackTrace(this, this.constructor);
+    }
+  }
+  /**
+   * Convert error to JSON for logging/transmission
+   */
+  toJSON() {
+    return {
+      name: this.name,
+      message: this.message,
+      code: this.code,
+      statusCode: this.statusCode,
+      details: this.details,
+      stack: this.stack
+    };
+  }
+}
+class AuthenticationError extends MCPAuthError {
+  constructor(message = "Authentication failed", details) {
+    super(message, "AUTHENTICATION_FAILED", 401, details);
+  }
+}
+class TokenResolutionError extends MCPAuthError {
+  constructor(userId, resourceType, details) {
+    super(
+      `Failed to resolve ${resourceType} token for user ${userId}`,
+      "TOKEN_RESOLUTION_FAILED",
+      401,
+      { userId, resourceType, ...details }
+    );
+  }
+}
+class InvalidTokenError extends MCPAuthError {
+  constructor(message = "Invalid or expired token", details) {
+    super(message, "INVALID_TOKEN", 401, details);
+  }
+}
+class MissingCredentialsError extends MCPAuthError {
+  constructor(message = "Missing authentication credentials", details) {
+    super(message, "MISSING_CREDENTIALS", 401, details);
+  }
+}
+class ConfigurationError extends MCPAuthError {
+  constructor(message, details) {
+    super(message, "CONFIGURATION_ERROR", 500, details);
+  }
+}
+class RateLimitError extends MCPAuthError {
+  constructor(message = "Rate limit exceeded", retryAfter, details) {
+    super(
+      message,
+      "RATE_LIMIT_EXCEEDED",
+      429,
+      { retryAfter, ...details }
+    );
+  }
+}
+class ServerPoolError extends MCPAuthError {
+  constructor(message, details) {
+    super(message, "SERVER_POOL_ERROR", 500, details);
+  }
+}
+class TransportError extends MCPAuthError {
+  constructor(message, details) {
+    super(message, "TRANSPORT_ERROR", 500, details);
+  }
+}
+class ValidationError extends MCPAuthError {
+  constructor(message, details) {
+    super(message, "VALIDATION_ERROR", 400, details);
+  }
+}
+function isMCPAuthError(error) {
+  return error instanceof MCPAuthError;
+}
+function isAuthenticationError(error) {
+  return error instanceof AuthenticationError;
+}
+function isTokenResolutionError(error) {
+  return error instanceof TokenResolutionError;
+}
+function isRateLimitError(error) {
+  return error instanceof RateLimitError;
+}
+function formatErrorForClient(error) {
+  if (isMCPAuthError(error)) {
+    return {
+      error: error.message,
+      code: error.code,
+      statusCode: error.statusCode
+    };
+  }
+  if (error instanceof Error) {
+    return {
+      error: error.message,
+      code: "INTERNAL_ERROR",
+      statusCode: 500
+    };
+  }
+  return {
+    error: "An unknown error occurred",
+    code: "UNKNOWN_ERROR",
+    statusCode: 500
+  };
+}
+export {
+  AuthenticationError,
+  ConfigurationError,
+  InvalidTokenError,
+  MCPAuthError,
+  MissingCredentialsError,
+  RateLimitError,
+  ServerPoolError,
+  TokenResolutionError,
+  TransportError,
+  ValidationError,
+  formatErrorForClient,
+  isAuthenticationError,
+  isMCPAuthError,
+  isRateLimitError,
+  isTokenResolutionError
+};
+//# sourceMappingURL=errors.js.map

package/dist/utils/errors.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../src/utils/errors.ts"],
+  "sourcesContent": ["/**\n * Custom error classes for @prmichaelsen/mcp-auth\n * \n * Provides specific error types for different failure scenarios.\n */\n\n/**\n * Base error class for all mcp-auth errors\n */\nexport class MCPAuthError extends Error {\n  /**\n   * Error code for programmatic handling\n   */\n  public readonly code: string;\n  \n  /**\n   * HTTP status code (for HTTP/SSE transports)\n   */\n  public readonly statusCode: number;\n  \n  /**\n   * Additional error details\n   */\n  public readonly details?: Record<string, unknown>;\n  \n  constructor(\n    message: string,\n    code: string = 'MCP_AUTH_ERROR',\n    statusCode: number = 500,\n    details?: Record<string, unknown>\n  ) {\n    super(message);\n    this.name = this.constructor.name;\n    this.code = code;\n    this.statusCode = statusCode;\n    this.details = details;\n    \n    // Maintains proper stack trace for where error was thrown (V8 only)\n    if (typeof (Error as any).captureStackTrace === 'function') {\n      (Error as any).captureStackTrace(this, this.constructor);\n    }\n  }\n  \n  /**\n   * Convert error to JSON for logging/transmission\n   */\n  toJSON(): Record<string, unknown> {\n    return {\n      name: this.name,\n      message: this.message,\n      code: this.code,\n      statusCode: this.statusCode,\n      details: this.details,\n      stack: this.stack\n    };\n  }\n}\n\n/**\n * Authentication failed error\n * Thrown when request authentication fails\n */\nexport class AuthenticationError extends MCPAuthError {\n  constructor(message: string = 'Authentication failed', details?: Record<string, unknown>) {\n    super(message, 'AUTHENTICATION_FAILED', 401, details);\n  }\n}\n\n/**\n * Token resolution failed error\n * Thrown when resource token cannot be resolved for a user\n */\nexport class TokenResolutionError extends MCPAuthError {\n  constructor(\n    userId: string,\n    resourceType: string,\n    details?: Record<string, unknown>\n  ) {\n    super(\n      `Failed to resolve ${resourceType} token for user ${userId}`,\n      'TOKEN_RESOLUTION_FAILED',\n      401,\n      { userId, resourceType, ...details }\n    );\n  }\n}\n\n/**\n * Invalid token error\n * Thrown when a token is invalid or expired\n */\nexport class InvalidTokenError extends MCPAuthError {\n  constructor(message: string = 'Invalid or expired token', details?: Record<string, unknown>) {\n    super(message, 'INVALID_TOKEN', 401, details);\n  }\n}\n\n/**\n * Missing credentials error\n * Thrown when required authentication credentials are missing\n */\nexport class MissingCredentialsError extends MCPAuthError {\n  constructor(message: string = 'Missing authentication credentials', details?: Record<string, unknown>) {\n    super(message, 'MISSING_CREDENTIALS', 401, details);\n  }\n}\n\n/**\n * Configuration error\n * Thrown when the server or provider is misconfigured\n */\nexport class ConfigurationError extends MCPAuthError {\n  constructor(message: string, details?: Record<string, unknown>) {\n    super(message, 'CONFIGURATION_ERROR', 500, details);\n  }\n}\n\n/**\n * Rate limit exceeded error\n * Thrown when rate limit is exceeded\n */\nexport class RateLimitError extends MCPAuthError {\n  constructor(\n    message: string = 'Rate limit exceeded',\n    retryAfter?: number,\n    details?: Record<string, unknown>\n  ) {\n    super(\n      message,\n      'RATE_LIMIT_EXCEEDED',\n      429,\n      { retryAfter, ...details }\n    );\n  }\n}\n\n/**\n * Server pooling error\n * Thrown when server pool operations fail\n */\nexport class ServerPoolError extends MCPAuthError {\n  constructor(message: string, details?: Record<string, unknown>) {\n    super(message, 'SERVER_POOL_ERROR', 500, details);\n  }\n}\n\n/**\n * Transport error\n * Thrown when transport-related operations fail\n */\nexport class TransportError extends MCPAuthError {\n  constructor(message: string, details?: Record<string, unknown>) {\n    super(message, 'TRANSPORT_ERROR', 500, details);\n  }\n}\n\n/**\n * Validation error\n * Thrown when input validation fails\n */\nexport class ValidationError extends MCPAuthError {\n  constructor(message: string, details?: Record<string, unknown>) {\n    super(message, 'VALIDATION_ERROR', 400, details);\n  }\n}\n\n/**\n * Type guard to check if an error is an MCPAuthError\n */\nexport function isMCPAuthError(error: unknown): error is MCPAuthError {\n  return error instanceof MCPAuthError;\n}\n\n/**\n * Type guard to check if an error is an authentication error\n */\nexport function isAuthenticationError(error: unknown): error is AuthenticationError {\n  return error instanceof AuthenticationError;\n}\n\n/**\n * Type guard to check if an error is a token resolution error\n */\nexport function isTokenResolutionError(error: unknown): error is TokenResolutionError {\n  return error instanceof TokenResolutionError;\n}\n\n/**\n * Type guard to check if an error is a rate limit error\n */\nexport function isRateLimitError(error: unknown): error is RateLimitError {\n  return error instanceof RateLimitError;\n}\n\n/**\n * Format error for client response\n * Sanitizes sensitive information from error details\n */\nexport function formatErrorForClient(error: unknown): {\n  error: string;\n  code: string;\n  statusCode: number;\n} {\n  if (isMCPAuthError(error)) {\n    return {\n      error: error.message,\n      code: error.code,\n      statusCode: error.statusCode\n    };\n  }\n  \n  if (error instanceof Error) {\n    return {\n      error: error.message,\n      code: 'INTERNAL_ERROR',\n      statusCode: 500\n    };\n  }\n  \n  return {\n    error: 'An unknown error occurred',\n    code: 'UNKNOWN_ERROR',\n    statusCode: 500\n  };\n}\n"],
+  "mappings": "AASO,MAAM,qBAAqB,MAAM;AAAA;AAAA;AAAA;AAAA,EAItB;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA;AAAA;AAAA;AAAA,EAKA;AAAA,EAEhB,YACE,SACA,OAAe,kBACf,aAAqB,KACrB,SACA;AACA,UAAM,OAAO;AACb,SAAK,OAAO,KAAK,YAAY;AAC7B,SAAK,OAAO;AACZ,SAAK,aAAa;AAClB,SAAK,UAAU;AAGf,QAAI,OAAQ,MAAc,sBAAsB,YAAY;AAC1D,MAAC,MAAc,kBAAkB,MAAM,KAAK,WAAW;AAAA,IACzD;AAAA,EACF;AAAA;AAAA;AAAA;AAAA,EAKA,SAAkC;AAChC,WAAO;AAAA,MACL,MAAM,KAAK;AAAA,MACX,SAAS,KAAK;AAAA,MACd,MAAM,KAAK;AAAA,MACX,YAAY,KAAK;AAAA,MACjB,SAAS,KAAK;AAAA,MACd,OAAO,KAAK;AAAA,IACd;AAAA,EACF;AACF;AAMO,MAAM,4BAA4B,aAAa;AAAA,EACpD,YAAY,UAAkB,yBAAyB,SAAmC;AACxF,UAAM,SAAS,yBAAyB,KAAK,OAAO;AAAA,EACtD;AACF;AAMO,MAAM,6BAA6B,aAAa;AAAA,EACrD,YACE,QACA,cACA,SACA;AACA;AAAA,MACE,qBAAqB,YAAY,mBAAmB,MAAM;AAAA,MAC1D;AAAA,MACA;AAAA,MACA,EAAE,QAAQ,cAAc,GAAG,QAAQ;AAAA,IACrC;AAAA,EACF;AACF;AAMO,MAAM,0BAA0B,aAAa;AAAA,EAClD,YAAY,UAAkB,4BAA4B,SAAmC;AAC3F,UAAM,SAAS,iBAAiB,KAAK,OAAO;AAAA,EAC9C;AACF;AAMO,MAAM,gCAAgC,aAAa;AAAA,EACxD,YAAY,UAAkB,sCAAsC,SAAmC;AACrG,UAAM,SAAS,uBAAuB,KAAK,OAAO;AAAA,EACpD;AACF;AAMO,MAAM,2BAA2B,aAAa;AAAA,EACnD,YAAY,SAAiB,SAAmC;AAC9D,UAAM,SAAS,uBAAuB,KAAK,OAAO;AAAA,EACpD;AACF;AAMO,MAAM,uBAAuB,aAAa;AAAA,EAC/C,YACE,UAAkB,uBAClB,YACA,SACA;AACA;AAAA,MACE;AAAA,MACA;AAAA,MACA;AAAA,MACA,EAAE,YAAY,GAAG,QAAQ;AAAA,IAC3B;AAAA,EACF;AACF;AAMO,MAAM,wBAAwB,aAAa;AAAA,EAChD,YAAY,SAAiB,SAAmC;AAC9D,UAAM,SAAS,qBAAqB,KAAK,OAAO;AAAA,EAClD;AACF;AAMO,MAAM,uBAAuB,aAAa;AAAA,EAC/C,YAAY,SAAiB,SAAmC;AAC9D,UAAM,SAAS,mBAAmB,KAAK,OAAO;AAAA,EAChD;AACF;AAMO,MAAM,wBAAwB,aAAa;AAAA,EAChD,YAAY,SAAiB,SAAmC;AAC9D,UAAM,SAAS,oBAAoB,KAAK,OAAO;AAAA,EACjD;AACF;AAKO,SAAS,eAAe,OAAuC;AACpE,SAAO,iBAAiB;AAC1B;AAKO,SAAS,sBAAsB,OAA8C;AAClF,SAAO,iBAAiB;AAC1B;AAKO,SAAS,uBAAuB,OAA+C;AACpF,SAAO,iBAAiB;AAC1B;AAKO,SAAS,iBAAiB,OAAyC;AACxE,SAAO,iBAAiB;AAC1B;AAMO,SAAS,qBAAqB,OAInC;AACA,MAAI,eAAe,KAAK,GAAG;AACzB,WAAO;AAAA,MACL,OAAO,MAAM;AAAA,MACb,MAAM,MAAM;AAAA,MACZ,YAAY,MAAM;AAAA,IACpB;AAAA,EACF;AAEA,MAAI,iBAAiB,OAAO;AAC1B,WAAO;AAAA,MACL,OAAO,MAAM;AAAA,MACb,MAAM;AAAA,MACN,YAAY;AAAA,IACd;AAAA,EACF;AAEA,SAAO;AAAA,IACL,OAAO;AAAA,IACP,MAAM;AAAA,IACN,YAAY;AAAA,EACd;AACF;",
+  "names": []
+}

package/dist/utils/index.js

@@ -0,0 +1,81 @@
+import {
+  MCPAuthError,
+  AuthenticationError,
+  TokenResolutionError,
+  InvalidTokenError,
+  MissingCredentialsError,
+  ConfigurationError,
+  RateLimitError,
+  ServerPoolError,
+  TransportError,
+  ValidationError,
+  isMCPAuthError,
+  isAuthenticationError,
+  isTokenResolutionError,
+  isRateLimitError,
+  formatErrorForClient
+} from "./errors.js";
+import {
+  Logger,
+  LogLevel,
+  defaultLogger,
+  createLogger,
+  sanitizeForLogging
+} from "./logger.js";
+import {
+  validateNonEmptyString,
+  validateUrl,
+  validatePositiveNumber,
+  validatePort,
+  validateEnum,
+  validateObject,
+  validateFunction,
+  validateRequiredFields,
+  validateTransportConfig,
+  validateRateLimitConfig,
+  validateLoggingConfig,
+  validatePoolingConfig,
+  sanitizeString,
+  validateUserId,
+  validateResourceType,
+  validateAccessToken
+} from "./validation.js";
+export {
+  AuthenticationError,
+  ConfigurationError,
+  InvalidTokenError,
+  LogLevel,
+  Logger,
+  MCPAuthError,
+  MissingCredentialsError,
+  RateLimitError,
+  ServerPoolError,
+  TokenResolutionError,
+  TransportError,
+  ValidationError,
+  createLogger,
+  defaultLogger,
+  formatErrorForClient,
+  isAuthenticationError,
+  isMCPAuthError,
+  isRateLimitError,
+  isTokenResolutionError,
+  sanitizeForLogging,
+  sanitizeString,
+  validateAccessToken,
+  validateEnum,
+  validateFunction,
+  validateLoggingConfig,
+  validateNonEmptyString,
+  validateObject,
+  validatePoolingConfig,
+  validatePort,
+  validatePositiveNumber,
+  validateRateLimitConfig,
+  validateRequiredFields,
+  validateResourceType,
+  validateTransportConfig,
+  validateUrl,
+  validateUserId
+};
+//# sourceMappingURL=index.js.map

package/dist/utils/index.js.map

@@ -0,0 +1,7 @@
+{
+  "version": 3,
+  "sources": ["../../src/utils/index.ts"],
+  "sourcesContent": ["/**\n * Utilities module exports\n */\n\n// Errors\nexport {\n  MCPAuthError,\n  AuthenticationError,\n  TokenResolutionError,\n  InvalidTokenError,\n  MissingCredentialsError,\n  ConfigurationError,\n  RateLimitError,\n  ServerPoolError,\n  TransportError,\n  ValidationError,\n  isMCPAuthError,\n  isAuthenticationError,\n  isTokenResolutionError,\n  isRateLimitError,\n  formatErrorForClient\n} from './errors.js';\n\n// Logger\nexport {\n  Logger,\n  LogLevel,\n  defaultLogger,\n  createLogger,\n  sanitizeForLogging,\n  type LogEntry\n} from './logger.js';\n\n// Validation\nexport {\n  validateNonEmptyString,\n  validateUrl,\n  validatePositiveNumber,\n  validatePort,\n  validateEnum,\n  validateObject,\n  validateFunction,\n  validateRequiredFields,\n  validateTransportConfig,\n  validateRateLimitConfig,\n  validateLoggingConfig,\n  validatePoolingConfig,\n  sanitizeString,\n  validateUserId,\n  validateResourceType,\n  validateAccessToken\n} from './validation.js';\n"],
+  "mappings": "AAKA;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;AAGP;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OAEK;AAGP;AAAA,EACE;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,OACK;",
+  "names": []
+}