@sentropic/h2a-cli 0.26.0 → 0.26.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/runtime/identity/bindings.d.ts +16 -3
- package/dist/runtime/identity/bindings.d.ts.map +1 -1
- package/dist/runtime/identity/bindings.js +17 -6
- package/dist/runtime/identity/bindings.js.map +1 -1
- package/dist/runtime/mcp-http/oauth/config.d.ts +3 -0
- package/dist/runtime/mcp-http/oauth/config.d.ts.map +1 -1
- package/dist/runtime/mcp-http/oauth/config.js +10 -0
- package/dist/runtime/mcp-http/oauth/config.js.map +1 -1
- package/dist/runtime/mcp-http/oauth/hono-oauth-router.d.ts.map +1 -1
- package/dist/runtime/mcp-http/oauth/hono-oauth-router.js +9 -0
- package/dist/runtime/mcp-http/oauth/hono-oauth-router.js.map +1 -1
- package/dist/runtime/mcp-http/serve.d.ts +1 -0
- package/dist/runtime/mcp-http/serve.d.ts.map +1 -1
- package/dist/runtime/mcp-http/serve.js +3 -0
- package/dist/runtime/mcp-http/serve.js.map +1 -1
- package/package.json +2 -2
|
@@ -2,8 +2,11 @@
|
|
|
2
2
|
* Identity binding registry + proof-of-possession (DEC-116, F1 — the
|
|
3
3
|
* load-bearing security fix).
|
|
4
4
|
*
|
|
5
|
-
* Reconnect de-collision binds
|
|
6
|
-
*
|
|
5
|
+
* Reconnect de-collision binds the perennial identity to its stability unit
|
|
6
|
+
* `(host, workspaceId)` — one identity per workspace per host, reused across
|
|
7
|
+
* every provider session and fan-out (`providerSessionId` is recorded as a hint
|
|
8
|
+
* but is NOT a match key; keying on it minted a fresh id per session, the
|
|
9
|
+
* proliferation this fix removes). **RECLAIM requires proof-of-possession**: the
|
|
7
10
|
* connector must sign a fresh nonce with the ed25519 key already bound to that
|
|
8
11
|
* identity (verified against the instance's active keys). The provider session
|
|
9
12
|
* id is a spoofable *routing hint* — never the authenticator. No valid
|
|
@@ -28,7 +31,17 @@ export interface IdentityBindingKey {
|
|
|
28
31
|
readonly workspaceId: string;
|
|
29
32
|
}
|
|
30
33
|
export declare function listBindings(root: string): H2AIdentityBinding[];
|
|
31
|
-
/**
|
|
34
|
+
/**
|
|
35
|
+
* The latest binding for the identity's stability unit `(host, workspaceId)`
|
|
36
|
+
* (append-only → last wins), or undefined.
|
|
37
|
+
*
|
|
38
|
+
* `providerSessionId` is intentionally NOT part of the match: it is an ephemeral
|
|
39
|
+
* routing hint (e.g. `CLAUDE_CODE_SESSION_ID`, fresh per conversation and per
|
|
40
|
+
* fan-out). Matching on it would mint a new perennial id for every session,
|
|
41
|
+
* which is exactly the per-session proliferation DEC-116 exists to prevent. The
|
|
42
|
+
* id is therefore perennial **per workspace per host**; reclaim across sessions
|
|
43
|
+
* is still gated by proof-of-possession in `reclaimOrMint`.
|
|
44
|
+
*/
|
|
32
45
|
export declare function findBinding(root: string, key: IdentityBindingKey): H2AIdentityBinding | undefined;
|
|
33
46
|
/**
|
|
34
47
|
* Verify a reclaim proof: `signature` over `nonce` must verify against ANY of
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"bindings.d.ts","sourceRoot":"","sources":["../../../src/runtime/identity/bindings.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"bindings.d.ts","sourceRoot":"","sources":["../../../src/runtime/identity/bindings.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAKH,OAAO,EAAmB,KAAK,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAIpE,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,iBAAiB,EAAE,MAAM,CAAC;IACnC,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,yFAAyF;IACzF,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,iFAAiF;IACjF,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,iBAAiB,EAAE,MAAM,CAAC;IACnC,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;CAC9B;AAYD,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,kBAAkB,EAAE,CAa/D;AAED;;;;;;;;;;GAUG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,kBAAkB,GAAG,kBAAkB,GAAG,SAAS,CAQjG;AAED;;;GAGG;AACH,wBAAgB,kBAAkB,CAChC,KAAK,EAAE,MAAM,EACb,SAAS,EAAE,YAAY,EACvB,UAAU,EAAE,SAAS,MAAM,EAAE,GAC5B,OAAO,CAST;AAED,MAAM,WAAW,iBAAiB;IAChC,iFAAiF;IACjF,WAAW,CAAC,OAAO,EAAE,kBAAkB,GAAG,OAAO,CAAC;IAClD,2EAA2E;IAC3E,IAAI,IAAI;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE,CAAC;IAChD,GAAG,IAAI,MAAM,CAAC;CACf;AAED,MAAM,WAAW,mBAAmB;IAClC,QAAQ,CAAC,MAAM,EAAE,SAAS,GAAG,MAAM,CAAC;IACpC,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;CAC5B;AAED;;;;;GAKG;AACH,wBAAgB,aAAa,CAC3B,IAAI,EAAE,MAAM,EACZ,GAAG,EAAE,kBAAkB,EACvB,IAAI,EAAE,iBAAiB,GACtB,mBAAmB,CAerB"}
|
|
@@ -2,8 +2,11 @@
|
|
|
2
2
|
* Identity binding registry + proof-of-possession (DEC-116, F1 — the
|
|
3
3
|
* load-bearing security fix).
|
|
4
4
|
*
|
|
5
|
-
* Reconnect de-collision binds
|
|
6
|
-
*
|
|
5
|
+
* Reconnect de-collision binds the perennial identity to its stability unit
|
|
6
|
+
* `(host, workspaceId)` — one identity per workspace per host, reused across
|
|
7
|
+
* every provider session and fan-out (`providerSessionId` is recorded as a hint
|
|
8
|
+
* but is NOT a match key; keying on it minted a fresh id per session, the
|
|
9
|
+
* proliferation this fix removes). **RECLAIM requires proof-of-possession**: the
|
|
7
10
|
* connector must sign a fresh nonce with the ed25519 key already bound to that
|
|
8
11
|
* identity (verified against the instance's active keys). The provider session
|
|
9
12
|
* id is a spoofable *routing hint* — never the authenticator. No valid
|
|
@@ -41,13 +44,21 @@ export function listBindings(root) {
|
|
|
41
44
|
}
|
|
42
45
|
return out;
|
|
43
46
|
}
|
|
44
|
-
/**
|
|
47
|
+
/**
|
|
48
|
+
* The latest binding for the identity's stability unit `(host, workspaceId)`
|
|
49
|
+
* (append-only → last wins), or undefined.
|
|
50
|
+
*
|
|
51
|
+
* `providerSessionId` is intentionally NOT part of the match: it is an ephemeral
|
|
52
|
+
* routing hint (e.g. `CLAUDE_CODE_SESSION_ID`, fresh per conversation and per
|
|
53
|
+
* fan-out). Matching on it would mint a new perennial id for every session,
|
|
54
|
+
* which is exactly the per-session proliferation DEC-116 exists to prevent. The
|
|
55
|
+
* id is therefore perennial **per workspace per host**; reclaim across sessions
|
|
56
|
+
* is still gated by proof-of-possession in `reclaimOrMint`.
|
|
57
|
+
*/
|
|
45
58
|
export function findBinding(root, key) {
|
|
46
59
|
let found;
|
|
47
60
|
for (const b of listBindings(root)) {
|
|
48
|
-
if (b.host === key.host &&
|
|
49
|
-
b.providerSessionId === key.providerSessionId &&
|
|
50
|
-
b.workspaceId === key.workspaceId) {
|
|
61
|
+
if (b.host === key.host && b.workspaceId === key.workspaceId) {
|
|
51
62
|
found = b;
|
|
52
63
|
}
|
|
53
64
|
}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"bindings.js","sourceRoot":"","sources":["../../../src/runtime/identity/bindings.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"bindings.js","sourceRoot":"","sources":["../../../src/runtime/identity/bindings.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAEH,OAAO,EAAE,cAAc,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAC9E,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAEjC,OAAO,EAAE,eAAe,EAAqB,MAAM,gBAAgB,CAAC;AAEpE,OAAO,EAAE,eAAe,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAmBxE,SAAS,WAAW,CAAC,IAAY;IAC/B,OAAO,IAAI,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;AACtD,CAAC;AACD,SAAS,YAAY,CAAC,IAAY;IAChC,OAAO,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,gBAAgB,CAAC,CAAC;AACnD,CAAC;AACD,SAAS,YAAY,CAAC,IAAY;IAChC,OAAO,IAAI,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,OAAO,CAAC,CAAC;AAC1C,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,IAAY;IACvC,MAAM,CAAC,GAAG,YAAY,CAAC,IAAI,CAAC,CAAC;IAC7B,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;QAAE,OAAO,EAAE,CAAC;IAC9B,MAAM,GAAG,GAAyB,EAAE,CAAC;IACrC,KAAK,MAAM,IAAI,IAAI,YAAY,CAAC,CAAC,EAAE,MAAM,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACvD,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE;YAAE,SAAS;QAC3B,IAAI,CAAC;YACH,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAuB,CAAC,CAAC;QACnD,CAAC;QAAC,MAAM,CAAC;YACP,iBAAiB;QACnB,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;;;;;;;;GAUG;AACH,MAAM,UAAU,WAAW,CAAC,IAAY,EAAE,GAAuB;IAC/D,IAAI,KAAqC,CAAC;IAC1C,KAAK,MAAM,CAAC,IAAI,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC;QACnC,IAAI,CAAC,CAAC,IAAI,KAAK,GAAG,CAAC,IAAI,IAAI,CAAC,CAAC,WAAW,KAAK,GAAG,CAAC,WAAW,EAAE,CAAC;YAC7D,KAAK,GAAG,CAAC,CAAC;QACZ,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,kBAAkB,CAChC,KAAa,EACb,SAAuB,EACvB,UAA6B;IAE7B,KAAK,MAAM,GAAG,IAAI,UAAU,EAAE,CAAC;QAC7B,IAAI,CAAC;YACH,IAAI,eAAe,CAAC,KAAK,EAAE,SAAS,EAAE,GAAG,CAAC;gBAAE,OAAO,IAAI,CAAC;QAC1D,CAAC;QAAC,MAAM,CAAC;YACP,0BAA0B;QAC5B,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAgBD;;;;;GAKG;AACH,MAAM,UAAU,aAAa,CAC3B,IAAY,EACZ,GAAuB,EACvB,IAAuB;IAEvB,SAAS,CAAC,WAAW,CAAC,IAAI,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAClD,OAAO,YAAY,CAAC,YAAY,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE;QAC3C,MAAM,QAAQ,GAAG,WAAW,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;QACxC,IAAI,QAAQ,IAAI,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,EAAE,CAAC;YAC3C,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,QAAQ,EAAE,QAAQ,CAAC,QAAQ,EAAE,SAAS,EAAE,QAAQ,CAAC,SAAS,EAAE,CAAC;QAC3F,CAAC;QACD,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC3B,cAAc,CACZ,YAAY,CAAC,IAAI,CAAC,EAClB,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,GAAG,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,SAAS,EAAE,MAAM,CAAC,SAAS,EAAE,EAAE,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,WAAW,EAAE,EAA+B,CAAC,IAAI,EAC9J,MAAM,CACP,CAAC;QACF,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,SAAS,EAAE,MAAM,CAAC,SAAS,EAAE,CAAC;IACpF,CAAC,CAAC,CAAC;AACL,CAAC"}
|
|
@@ -14,6 +14,7 @@ export interface H2AHostedOAuthEnv {
|
|
|
14
14
|
OAUTH_ACCESS_TOKEN_TTL_SECONDS: number;
|
|
15
15
|
OAUTH_REFRESH_TOKEN_TTL_SECONDS: number;
|
|
16
16
|
OAUTH_AUTH_CODE_TTL_SECONDS: number;
|
|
17
|
+
H2A_HOSTED_ENROLLMENT_ENABLED?: string;
|
|
17
18
|
NODE_ENV?: string;
|
|
18
19
|
}
|
|
19
20
|
export interface H2AHostedOAuthConfig {
|
|
@@ -22,6 +23,7 @@ export interface H2AHostedOAuthConfig {
|
|
|
22
23
|
resourceServerUrl: URL;
|
|
23
24
|
resourceMetadataUrl: string;
|
|
24
25
|
consentSecret: string;
|
|
26
|
+
enrollmentEnabled: boolean;
|
|
25
27
|
allowedRedirectUris: readonly string[];
|
|
26
28
|
accessTokenTtlSeconds: number;
|
|
27
29
|
refreshTokenTtlSeconds: number;
|
|
@@ -29,5 +31,6 @@ export interface H2AHostedOAuthConfig {
|
|
|
29
31
|
nodeEnv: string;
|
|
30
32
|
}
|
|
31
33
|
export declare function parseOAuthCsv(value: string): string[];
|
|
34
|
+
export declare function parseHostedEnrollmentEnabled(value: string | undefined): boolean;
|
|
32
35
|
export declare function oauthConfigFromEnv(env: H2AHostedOAuthEnv): H2AHostedOAuthConfig;
|
|
33
36
|
//# sourceMappingURL=config.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../../../src/runtime/mcp-http/oauth/config.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,eAAO,MAAM,sBAAsB,aAAa,CAAC;AAEjD,MAAM,WAAW,iBAAiB;IAChC,eAAe,EAAE,MAAM,CAAC;IACxB,gBAAgB,EAAE,MAAM,CAAC;IACzB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,2BAA2B,EAAE,MAAM,CAAC;IACpC,8BAA8B,EAAE,MAAM,CAAC;IACvC,+BAA+B,EAAE,MAAM,CAAC;IACxC,2BAA2B,EAAE,MAAM,CAAC;IACpC,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,oBAAoB;IACnC,SAAS,EAAE,GAAG,CAAC;IACf,aAAa,EAAE,GAAG,CAAC;IACnB,iBAAiB,EAAE,GAAG,CAAC;IACvB,mBAAmB,EAAE,MAAM,CAAC;IAC5B,aAAa,EAAE,MAAM,CAAC;IACtB,mBAAmB,EAAE,SAAS,MAAM,EAAE,CAAC;IACvC,qBAAqB,EAAE,MAAM,CAAC;IAC9B,sBAAsB,EAAE,MAAM,CAAC;IAC/B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,EAAE,CAKrD;AAED,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,iBAAiB,GAAG,oBAAoB,
|
|
1
|
+
{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../../../src/runtime/mcp-http/oauth/config.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,eAAO,MAAM,sBAAsB,aAAa,CAAC;AAEjD,MAAM,WAAW,iBAAiB;IAChC,eAAe,EAAE,MAAM,CAAC;IACxB,gBAAgB,EAAE,MAAM,CAAC;IACzB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,2BAA2B,EAAE,MAAM,CAAC;IACpC,8BAA8B,EAAE,MAAM,CAAC;IACvC,+BAA+B,EAAE,MAAM,CAAC;IACxC,2BAA2B,EAAE,MAAM,CAAC;IACpC,6BAA6B,CAAC,EAAE,MAAM,CAAC;IACvC,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,oBAAoB;IACnC,SAAS,EAAE,GAAG,CAAC;IACf,aAAa,EAAE,GAAG,CAAC;IACnB,iBAAiB,EAAE,GAAG,CAAC;IACvB,mBAAmB,EAAE,MAAM,CAAC;IAC5B,aAAa,EAAE,MAAM,CAAC;IACtB,iBAAiB,EAAE,OAAO,CAAC;IAC3B,mBAAmB,EAAE,SAAS,MAAM,EAAE,CAAC;IACvC,qBAAqB,EAAE,MAAM,CAAC;IAC9B,sBAAsB,EAAE,MAAM,CAAC;IAC/B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,EAAE,CAKrD;AAED,wBAAgB,4BAA4B,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,GAAG,OAAO,CAG/E;AAED,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,iBAAiB,GAAG,oBAAoB,CAoB/E"}
|
|
@@ -12,15 +12,25 @@ export function parseOAuthCsv(value) {
|
|
|
12
12
|
.map((item) => item.trim())
|
|
13
13
|
.filter((item) => item.length > 0);
|
|
14
14
|
}
|
|
15
|
+
export function parseHostedEnrollmentEnabled(value) {
|
|
16
|
+
if (value === undefined)
|
|
17
|
+
return false;
|
|
18
|
+
return ["1", "true", "yes", "on"].includes(value.trim().toLowerCase());
|
|
19
|
+
}
|
|
15
20
|
export function oauthConfigFromEnv(env) {
|
|
16
21
|
const publicBaseUrl = new URL(env.PUBLIC_BASE_URL);
|
|
17
22
|
const issuerUrl = new URL(env.OAUTH_ISSUER_URL);
|
|
23
|
+
const enrollmentEnabled = parseHostedEnrollmentEnabled(env.H2A_HOSTED_ENROLLMENT_ENABLED);
|
|
24
|
+
if (enrollmentEnabled && !env.OAUTH_CONSENT_SECRET) {
|
|
25
|
+
throw new Error("OAUTH_CONSENT_SECRET is required when H2A_HOSTED_ENROLLMENT_ENABLED=true");
|
|
26
|
+
}
|
|
18
27
|
return {
|
|
19
28
|
issuerUrl,
|
|
20
29
|
publicBaseUrl,
|
|
21
30
|
resourceServerUrl: new URL("/mcp", publicBaseUrl),
|
|
22
31
|
resourceMetadataUrl: new URL("/.well-known/oauth-protected-resource/mcp", publicBaseUrl).href,
|
|
23
32
|
consentSecret: env.OAUTH_CONSENT_SECRET ?? "local-dev-consent",
|
|
33
|
+
enrollmentEnabled,
|
|
24
34
|
allowedRedirectUris: parseOAuthCsv(env.OAUTH_ALLOWED_REDIRECT_URIS),
|
|
25
35
|
accessTokenTtlSeconds: env.OAUTH_ACCESS_TOKEN_TTL_SECONDS,
|
|
26
36
|
refreshTokenTtlSeconds: env.OAUTH_REFRESH_TOKEN_TTL_SECONDS,
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config.js","sourceRoot":"","sources":["../../../../src/runtime/mcp-http/oauth/config.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,MAAM,CAAC,MAAM,sBAAsB,GAAG,UAAU,CAAC;
|
|
1
|
+
{"version":3,"file":"config.js","sourceRoot":"","sources":["../../../../src/runtime/mcp-http/oauth/config.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,MAAM,CAAC,MAAM,sBAAsB,GAAG,UAAU,CAAC;AA4BjD,MAAM,UAAU,aAAa,CAAC,KAAa;IACzC,OAAO,KAAK;SACT,KAAK,CAAC,GAAG,CAAC;SACV,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;SAC1B,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;AACvC,CAAC;AAED,MAAM,UAAU,4BAA4B,CAAC,KAAyB;IACpE,IAAI,KAAK,KAAK,SAAS;QAAE,OAAO,KAAK,CAAC;IACtC,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC;AACzE,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,GAAsB;IACvD,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;IACnD,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;IAChD,MAAM,iBAAiB,GAAG,4BAA4B,CAAC,GAAG,CAAC,6BAA6B,CAAC,CAAC;IAC1F,IAAI,iBAAiB,IAAI,CAAC,GAAG,CAAC,oBAAoB,EAAE,CAAC;QACnD,MAAM,IAAI,KAAK,CAAC,0EAA0E,CAAC,CAAC;IAC9F,CAAC;IACD,OAAO;QACL,SAAS;QACT,aAAa;QACb,iBAAiB,EAAE,IAAI,GAAG,CAAC,MAAM,EAAE,aAAa,CAAC;QACjD,mBAAmB,EAAE,IAAI,GAAG,CAAC,2CAA2C,EAAE,aAAa,CAAC,CAAC,IAAI;QAC7F,aAAa,EAAE,GAAG,CAAC,oBAAoB,IAAI,mBAAmB;QAC9D,iBAAiB;QACjB,mBAAmB,EAAE,aAAa,CAAC,GAAG,CAAC,2BAA2B,CAAC;QACnE,qBAAqB,EAAE,GAAG,CAAC,8BAA8B;QACzD,sBAAsB,EAAE,GAAG,CAAC,+BAA+B;QAC3D,kBAAkB,EAAE,GAAG,CAAC,2BAA2B;QACnD,OAAO,EAAE,GAAG,CAAC,QAAQ,IAAI,aAAa;KACvC,CAAC;AACJ,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"hono-oauth-router.d.ts","sourceRoot":"","sources":["../../../../src/runtime/mcp-http/oauth/hono-oauth-router.ts"],"names":[],"mappings":"AAoBA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAE5B,OAAO,EAAyC,KAAK,oBAAoB,EAAE,MAAM,aAAa,CAAC;AAC/F,OAAO,KAAK,EAAE,yBAAyB,EAAE,MAAM,6BAA6B,CAAC;
|
|
1
|
+
{"version":3,"file":"hono-oauth-router.d.ts","sourceRoot":"","sources":["../../../../src/runtime/mcp-http/oauth/hono-oauth-router.ts"],"names":[],"mappings":"AAoBA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAE5B,OAAO,EAAyC,KAAK,oBAAoB,EAAE,MAAM,aAAa,CAAC;AAC/F,OAAO,KAAK,EAAE,yBAAyB,EAAE,MAAM,6BAA6B,CAAC;AAY7E,wBAAgB,gBAAgB,CAAC,QAAQ,EAAE,yBAAyB,EAAE,KAAK,EAAE,oBAAoB,GAAG,IAAI,CA2FvG"}
|
|
@@ -8,6 +8,12 @@ import { authenticateClient, clientRegistrationHandler, createOAuthMetadata, rev
|
|
|
8
8
|
import { OAuthError, ServerError } from "@modelcontextprotocol/sdk/server/auth/errors.js";
|
|
9
9
|
import { Hono } from "hono";
|
|
10
10
|
import { H2A_HOSTED_OAUTH_SCOPE as OAUTH_SCOPE } from "./config.js";
|
|
11
|
+
function enrollmentDisabled(c) {
|
|
12
|
+
return c.json({
|
|
13
|
+
error: "enrollment_disabled",
|
|
14
|
+
error_description: "Remote h2a enrollment is disabled by default; enable it explicitly after multi-tenant policy is configured."
|
|
15
|
+
}, 403);
|
|
16
|
+
}
|
|
11
17
|
export function buildOAuthRoutes(provider, oauth) {
|
|
12
18
|
const sdkProvider = provider;
|
|
13
19
|
const clientsStore = provider.clientsStore;
|
|
@@ -35,11 +41,14 @@ export function buildOAuthRoutes(provider, oauth) {
|
|
|
35
41
|
scopes_supported: [OAUTH_SCOPE],
|
|
36
42
|
resource_name: "h2a"
|
|
37
43
|
}));
|
|
44
|
+
router.post("/register", (c, next) => oauth.enrollmentEnabled ? next() : enrollmentDisabled(c));
|
|
38
45
|
router.post("/register", clientRegistrationHandler({ clientsStore }));
|
|
39
46
|
router.post("/token", authenticateClient({ clientsStore }), tokenHandler(sdkProvider));
|
|
40
47
|
router.post("/revoke", authenticateClient({ clientsStore }), revokeHandler(sdkProvider));
|
|
41
48
|
router.on(["GET", "POST"], "/authorize", async (c) => {
|
|
42
49
|
c.header("Cache-Control", "no-store");
|
|
50
|
+
if (!oauth.enrollmentEnabled)
|
|
51
|
+
return enrollmentDisabled(c);
|
|
43
52
|
const raw = c.req.method === "POST"
|
|
44
53
|
? (await c.req.parseBody())
|
|
45
54
|
: c.req.query();
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"hono-oauth-router.js","sourceRoot":"","sources":["../../../../src/runtime/mcp-http/oauth/hono-oauth-router.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,OAAO,EACL,kBAAkB,EAClB,yBAAyB,EACzB,mBAAmB,EACnB,aAAa,EACb,YAAY,EACZ,eAAe,EAChB,MAAM,gBAAgB,CAAC;AAExB,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,iDAAiD,CAAC;AAK1F,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAE5B,OAAO,EAAE,sBAAsB,IAAI,WAAW,EAA6B,MAAM,aAAa,CAAC;AAG/F,MAAM,UAAU,gBAAgB,CAAC,QAAmC,EAAE,KAA2B;IAC/F,MAAM,WAAW,GAAG,QAA0C,CAAC;IAC/D,MAAM,YAAY,GAAG,QAAQ,CAAC,YAAsD,CAAC;IACrF,MAAM,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;IAE1B,6EAA6E;IAC7E,oFAAoF;IACpF,MAAM,MAAM,GAAG,KAAK,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IAExD,MAAM,aAAa,GAAG,mBAAmB,CAAC;QACxC,QAAQ,EAAE,WAAW;QACrB,SAAS,EAAE,MAAM;QACjB,OAAO,EAAE,KAAK,CAAC,aAAa;QAC5B,eAAe,EAAE,CAAC,WAAW,CAAC;KAC/B,CAAC,CAAC;IAEH,MAAM,CAAC,KAAK,CACV,GAAG,EACH,eAAe,CAAC;QACd,aAAa;QACb,iBAAiB,EAAE,KAAK,CAAC,iBAAiB;QAC1C,eAAe,EAAE,CAAC,WAAW,CAAC;QAC9B,YAAY,EAAE,KAAK;KACpB,CAAC,CACH,CAAC;IAEF,kFAAkF;IAClF,MAAM,CAAC,GAAG,CAAC,uCAAuC,EAAE,CAAC,CAAC,EAAE,EAAE,CACxD,CAAC,CAAC,IAAI,CAAC;QACL,QAAQ,EAAE,KAAK,CAAC,iBAAiB,CAAC,IAAI;QACtC,qBAAqB,EAAE,CAAC,MAAM,CAAC;QAC/B,wBAAwB,EAAE,CAAC,QAAQ,CAAC;QACpC,gBAAgB,EAAE,CAAC,WAAW,CAAC;QAC/B,aAAa,EAAE,KAAK;KACrB,CAAC,CACH,CAAC;IAEF,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,yBAAyB,CAAC,EAAE,YAAY,EAAE,CAAC,CAAC,CAAC;IACtE,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,kBAAkB,CAAC,EAAE,YAAY,EAAE,CAAC,EAAE,YAAY,CAAC,WAAW,CAAC,CAAC,CAAC;IACvF,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,kBAAkB,CAAC,EAAE,YAAY,EAAE,CAAC,EAAE,aAAa,CAAC,WAAW,CAAC,CAAC,CAAC;IAEzF,MAAM,CAAC,EAAE,CAAC,CAAC,KAAK,EAAE,MAAM,CAAC,EAAE,YAAY,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACnD,CAAC,CAAC,MAAM,CAAC,eAAe,EAAE,UAAU,CAAC,CAAC;QACtC,MAAM,GAAG,GACP,CAAC,CAAC,GAAG,CAAC,MAAM,KAAK,MAAM;YACrB,CAAC,CAAE,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,SAAS,EAAE,CAA4B;YACvD,CAAC,CAAE,CAAC,CAAC,GAAG,CAAC,KAAK,EAA6B,CAAC;QAEhD,MAAM,QAAQ,GAAG,GAAG,CAAC,WAAW,CAAC,CAAC;QAClC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,EAAE,GAAG,CAAC,CAAC;QAC3F,CAAC;QACD,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,YAAY,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QAC/D,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,EAAE,GAAG,CAAC,CAAC;QAC1F,CAAC;QAED,MAAM,WAAW,GAAG,GAAG,CAAC,cAAc,CAAC,IAAI,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACzE,MAAM,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAC,CAAC;QAC9B,MAAM,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAC,CAAC;QAC9B,MAAM,WAAW,GAAG,GAAG,CAAC,UAAU,CAAC,CAAC;QACpC,MAAM,MAAM,GAAwB;YAClC,WAAW;YACX,aAAa,EAAE,GAAG,CAAC,gBAAgB,CAAC,IAAI,EAAE;YAC1C,GAAG,CAAC,QAAQ,KAAK,SAAS,IAAI,EAAE,MAAM,EAAE,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;YAC9D,GAAG,CAAC,QAAQ,KAAK,SAAS,IAAI,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC;YAClD,GAAG,CAAC,WAAW,KAAK,SAAS,IAAI,EAAE,QAAQ,EAAE,IAAI,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;SACrE,CAAC;QAEF,IAAI,CAAC;YACH,MAAM,aAAa,GAAG,GAAG,CAAC,gBAAgB,CAAC,CAAC;YAC5C,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,gBAAgB,CAAC,MAAM,EAAE,MAAM,EAAE;gBAC9D,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,MAAM;gBACpB,GAAG,CAAC,aAAa,KAAK,SAAS,IAAI,EAAE,aAAa,EAAE,CAAC;aACtD,CAAC,CAAC;YACH,IAAI,OAAO,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;gBAC/B,OAAO,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;YAC9C,CAAC;YACD,OAAO,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;QAC3C,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,GAAG,GAAG,CAAC,YAAY,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,WAAW,CAAC,uBAAuB,CAAC,CAAC;YACnF,OAAO,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,gBAAgB,EAAE,EAAE,GAAG,YAAY,WAAW,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QAChF,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAChB,CAAC"}
|
|
1
|
+
{"version":3,"file":"hono-oauth-router.js","sourceRoot":"","sources":["../../../../src/runtime/mcp-http/oauth/hono-oauth-router.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,OAAO,EACL,kBAAkB,EAClB,yBAAyB,EACzB,mBAAmB,EACnB,aAAa,EACb,YAAY,EACZ,eAAe,EAChB,MAAM,gBAAgB,CAAC;AAExB,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,iDAAiD,CAAC;AAK1F,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAE5B,OAAO,EAAE,sBAAsB,IAAI,WAAW,EAA6B,MAAM,aAAa,CAAC;AAG/F,SAAS,kBAAkB,CAAC,CAAwD;IAClF,OAAO,CAAC,CAAC,IAAI,CACX;QACE,KAAK,EAAE,qBAAqB;QAC5B,iBAAiB,EAAE,6GAA6G;KACjI,EACD,GAAG,CACJ,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,gBAAgB,CAAC,QAAmC,EAAE,KAA2B;IAC/F,MAAM,WAAW,GAAG,QAA0C,CAAC;IAC/D,MAAM,YAAY,GAAG,QAAQ,CAAC,YAAsD,CAAC;IACrF,MAAM,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;IAE1B,6EAA6E;IAC7E,oFAAoF;IACpF,MAAM,MAAM,GAAG,KAAK,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IAExD,MAAM,aAAa,GAAG,mBAAmB,CAAC;QACxC,QAAQ,EAAE,WAAW;QACrB,SAAS,EAAE,MAAM;QACjB,OAAO,EAAE,KAAK,CAAC,aAAa;QAC5B,eAAe,EAAE,CAAC,WAAW,CAAC;KAC/B,CAAC,CAAC;IAEH,MAAM,CAAC,KAAK,CACV,GAAG,EACH,eAAe,CAAC;QACd,aAAa;QACb,iBAAiB,EAAE,KAAK,CAAC,iBAAiB;QAC1C,eAAe,EAAE,CAAC,WAAW,CAAC;QAC9B,YAAY,EAAE,KAAK;KACpB,CAAC,CACH,CAAC;IAEF,kFAAkF;IAClF,MAAM,CAAC,GAAG,CAAC,uCAAuC,EAAE,CAAC,CAAC,EAAE,EAAE,CACxD,CAAC,CAAC,IAAI,CAAC;QACL,QAAQ,EAAE,KAAK,CAAC,iBAAiB,CAAC,IAAI;QACtC,qBAAqB,EAAE,CAAC,MAAM,CAAC;QAC/B,wBAAwB,EAAE,CAAC,QAAQ,CAAC;QACpC,gBAAgB,EAAE,CAAC,WAAW,CAAC;QAC/B,aAAa,EAAE,KAAK;KACrB,CAAC,CACH,CAAC;IAEF,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,EAAE,CACnC,KAAK,CAAC,iBAAiB,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,kBAAkB,CAAC,CAAC,CAAC,CACzD,CAAC;IACF,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,yBAAyB,CAAC,EAAE,YAAY,EAAE,CAAC,CAAC,CAAC;IACtE,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,kBAAkB,CAAC,EAAE,YAAY,EAAE,CAAC,EAAE,YAAY,CAAC,WAAW,CAAC,CAAC,CAAC;IACvF,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,kBAAkB,CAAC,EAAE,YAAY,EAAE,CAAC,EAAE,aAAa,CAAC,WAAW,CAAC,CAAC,CAAC;IAEzF,MAAM,CAAC,EAAE,CAAC,CAAC,KAAK,EAAE,MAAM,CAAC,EAAE,YAAY,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACnD,CAAC,CAAC,MAAM,CAAC,eAAe,EAAE,UAAU,CAAC,CAAC;QACtC,IAAI,CAAC,KAAK,CAAC,iBAAiB;YAAE,OAAO,kBAAkB,CAAC,CAAC,CAAC,CAAC;QAE3D,MAAM,GAAG,GACP,CAAC,CAAC,GAAG,CAAC,MAAM,KAAK,MAAM;YACrB,CAAC,CAAE,CAAC,MAAM,CAAC,CAAC,GAAG,CAAC,SAAS,EAAE,CAA4B;YACvD,CAAC,CAAE,CAAC,CAAC,GAAG,CAAC,KAAK,EAA6B,CAAC;QAEhD,MAAM,QAAQ,GAAG,GAAG,CAAC,WAAW,CAAC,CAAC;QAClC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,EAAE,GAAG,CAAC,CAAC;QAC3F,CAAC;QACD,MAAM,MAAM,GAAG,MAAM,QAAQ,CAAC,YAAY,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QAC/D,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,EAAE,GAAG,CAAC,CAAC;QAC1F,CAAC;QAED,MAAM,WAAW,GAAG,GAAG,CAAC,cAAc,CAAC,IAAI,MAAM,CAAC,aAAa,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACzE,MAAM,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAC,CAAC;QAC9B,MAAM,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAC,CAAC;QAC9B,MAAM,WAAW,GAAG,GAAG,CAAC,UAAU,CAAC,CAAC;QACpC,MAAM,MAAM,GAAwB;YAClC,WAAW;YACX,aAAa,EAAE,GAAG,CAAC,gBAAgB,CAAC,IAAI,EAAE;YAC1C,GAAG,CAAC,QAAQ,KAAK,SAAS,IAAI,EAAE,MAAM,EAAE,QAAQ,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;YAC9D,GAAG,CAAC,QAAQ,KAAK,SAAS,IAAI,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC;YAClD,GAAG,CAAC,WAAW,KAAK,SAAS,IAAI,EAAE,QAAQ,EAAE,IAAI,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;SACrE,CAAC;QAEF,IAAI,CAAC;YACH,MAAM,aAAa,GAAG,GAAG,CAAC,gBAAgB,CAAC,CAAC;YAC5C,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,gBAAgB,CAAC,MAAM,EAAE,MAAM,EAAE;gBAC9D,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,MAAM;gBACpB,GAAG,CAAC,aAAa,KAAK,SAAS,IAAI,EAAE,aAAa,EAAE,CAAC;aACtD,CAAC,CAAC;YACH,IAAI,OAAO,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;gBAC/B,OAAO,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,OAAO,CAAC,MAAM,CAAC,CAAC;YAC9C,CAAC;YACD,OAAO,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC;QAC3C,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,MAAM,GAAG,GAAG,CAAC,YAAY,UAAU,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,WAAW,CAAC,uBAAuB,CAAC,CAAC;YACnF,OAAO,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,gBAAgB,EAAE,EAAE,GAAG,YAAY,WAAW,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QAChF,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAChB,CAAC"}
|
|
@@ -8,6 +8,7 @@ export interface HostedEnv {
|
|
|
8
8
|
OAUTH_ACCESS_TOKEN_TTL_SECONDS?: string;
|
|
9
9
|
OAUTH_REFRESH_TOKEN_TTL_SECONDS?: string;
|
|
10
10
|
OAUTH_AUTH_CODE_TTL_SECONDS?: string;
|
|
11
|
+
H2A_HOSTED_ENROLLMENT_ENABLED?: string;
|
|
11
12
|
OAUTH_STORE_PATH?: string;
|
|
12
13
|
H2A_ROOT?: string;
|
|
13
14
|
PORT?: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"serve.d.ts","sourceRoot":"","sources":["../../../src/runtime/mcp-http/serve.ts"],"names":[],"mappings":"AASA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAElD,OAAO,EAAE,KAAK,oBAAoB,EAAsB,MAAM,mBAAmB,CAAC;AAIlF,MAAM,WAAW,SAAS;IACxB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,2BAA2B,CAAC,EAAE,MAAM,CAAC;IACrC,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,8BAA8B,CAAC,EAAE,MAAM,CAAC;IACxC,+BAA+B,CAAC,EAAE,MAAM,CAAC;IACzC,2BAA2B,CAAC,EAAE,MAAM,CAAC;IACrC,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAKD,MAAM,WAAW,YAAY;IAC3B,WAAW,EAAE,oBAAoB,CAAC;IAClC,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;CACd;AAED,yFAAyF;AACzF,wBAAgB,wBAAwB,CAAC,GAAG,EAAE,SAAS,GAAG,YAAY,
|
|
1
|
+
{"version":3,"file":"serve.d.ts","sourceRoot":"","sources":["../../../src/runtime/mcp-http/serve.ts"],"names":[],"mappings":"AASA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAElD,OAAO,EAAE,KAAK,oBAAoB,EAAsB,MAAM,mBAAmB,CAAC;AAIlF,MAAM,WAAW,SAAS;IACxB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,2BAA2B,CAAC,EAAE,MAAM,CAAC;IACrC,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,8BAA8B,CAAC,EAAE,MAAM,CAAC;IACxC,+BAA+B,CAAC,EAAE,MAAM,CAAC;IACzC,2BAA2B,CAAC,EAAE,MAAM,CAAC;IACrC,6BAA6B,CAAC,EAAE,MAAM,CAAC;IACvC,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAKD,MAAM,WAAW,YAAY;IAC3B,WAAW,EAAE,oBAAoB,CAAC;IAClC,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;CACd;AAED,yFAAyF;AACzF,wBAAgB,wBAAwB,CAAC,GAAG,EAAE,SAAS,GAAG,YAAY,CAuBrE;AAED,MAAM,WAAW,mBAAmB;IAClC,IAAI,EAAE,MAAM,CAAC;IACb,YAAY,EAAE,SAAS,CAAC;IACxB,IAAI,IAAI,IAAI,CAAC;CACd;AAED,wBAAsB,iBAAiB,CAAC,GAAG,GAAE,SAAuB,GAAG,OAAO,CAAC,mBAAmB,CAAC,CAelG"}
|
|
@@ -22,6 +22,9 @@ export function buildHostedConfigFromEnv(env) {
|
|
|
22
22
|
OAUTH_ISSUER_URL: env.OAUTH_ISSUER_URL ?? publicBaseUrl,
|
|
23
23
|
OAUTH_ALLOWED_REDIRECT_URIS: env.OAUTH_ALLOWED_REDIRECT_URIS ?? DEFAULT_CLAUDE_REDIRECTS,
|
|
24
24
|
...(env.OAUTH_CONSENT_SECRET !== undefined && { OAUTH_CONSENT_SECRET: env.OAUTH_CONSENT_SECRET }),
|
|
25
|
+
...(env.H2A_HOSTED_ENROLLMENT_ENABLED !== undefined && {
|
|
26
|
+
H2A_HOSTED_ENROLLMENT_ENABLED: env.H2A_HOSTED_ENROLLMENT_ENABLED
|
|
27
|
+
}),
|
|
25
28
|
OAUTH_ACCESS_TOKEN_TTL_SECONDS: Number(env.OAUTH_ACCESS_TOKEN_TTL_SECONDS ?? 3600),
|
|
26
29
|
OAUTH_REFRESH_TOKEN_TTL_SECONDS: Number(env.OAUTH_REFRESH_TOKEN_TTL_SECONDS ?? 1_209_600),
|
|
27
30
|
OAUTH_AUTH_CODE_TTL_SECONDS: Number(env.OAUTH_AUTH_CODE_TTL_SECONDS ?? 60),
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"serve.js","sourceRoot":"","sources":["../../../src/runtime/mcp-http/serve.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,KAAK,EAAE,MAAM,mBAAmB,CAAC;AAE1C,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAElD,OAAO,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAC3C,OAAO,EAA6B,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AAClF,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EAAE,yBAAyB,EAAE,MAAM,mCAAmC,CAAC;
|
|
1
|
+
{"version":3,"file":"serve.js","sourceRoot":"","sources":["../../../src/runtime/mcp-http/serve.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,KAAK,EAAE,MAAM,mBAAmB,CAAC;AAE1C,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAElD,OAAO,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAC3C,OAAO,EAA6B,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AAClF,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EAAE,yBAAyB,EAAE,MAAM,mCAAmC,CAAC;AAiB9E,MAAM,wBAAwB,GAC5B,kFAAkF,CAAC;AASrF,yFAAyF;AACzF,MAAM,UAAU,wBAAwB,CAAC,GAAc;IACrD,MAAM,aAAa,GAAG,GAAG,CAAC,eAAe,CAAC;IAC1C,IAAI,CAAC,aAAa;QAAE,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;IACnE,MAAM,IAAI,GAAG,GAAG,CAAC,QAAQ,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,MAAM,CAAC,CAAC;IACzD,MAAM,WAAW,GAAG,kBAAkB,CAAC;QACrC,eAAe,EAAE,aAAa;QAC9B,gBAAgB,EAAE,GAAG,CAAC,gBAAgB,IAAI,aAAa;QACvD,2BAA2B,EAAE,GAAG,CAAC,2BAA2B,IAAI,wBAAwB;QACxF,GAAG,CAAC,GAAG,CAAC,oBAAoB,KAAK,SAAS,IAAI,EAAE,oBAAoB,EAAE,GAAG,CAAC,oBAAoB,EAAE,CAAC;QACjG,GAAG,CAAC,GAAG,CAAC,6BAA6B,KAAK,SAAS,IAAI;YACrD,6BAA6B,EAAE,GAAG,CAAC,6BAA6B;SACjE,CAAC;QACF,8BAA8B,EAAE,MAAM,CAAC,GAAG,CAAC,8BAA8B,IAAI,IAAI,CAAC;QAClF,+BAA+B,EAAE,MAAM,CAAC,GAAG,CAAC,+BAA+B,IAAI,SAAS,CAAC;QACzF,2BAA2B,EAAE,MAAM,CAAC,GAAG,CAAC,2BAA2B,IAAI,EAAE,CAAC;QAC1E,QAAQ,EAAE,GAAG,CAAC,QAAQ,IAAI,YAAY;KACvC,CAAC,CAAC;IACH,OAAO;QACL,WAAW;QACX,SAAS,EAAE,GAAG,CAAC,gBAAgB,IAAI,IAAI,CAAC,IAAI,EAAE,oBAAoB,CAAC;QACnE,IAAI;QACJ,IAAI,EAAE,MAAM,CAAC,GAAG,CAAC,IAAI,IAAI,IAAI,CAAC;KAC/B,CAAC;AACJ,CAAC;AAQD,MAAM,CAAC,KAAK,UAAU,iBAAiB,CAAC,MAAiB,OAAO,CAAC,GAAG;IAClE,MAAM,GAAG,GAAG,wBAAwB,CAAC,GAAG,CAAC,CAAC;IAC1C,MAAM,KAAK,GAAG,IAAI,cAAc,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IAChD,MAAM,KAAK,CAAC,IAAI,EAAE,CAAC;IACnB,MAAM,aAAa,GAAG,IAAI,yBAAyB,CAAC,EAAE,KAAK,EAAE,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC;IACnF,MAAM,YAAY,GAAG,eAAe,CAAC,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;IACzD,MAAM,GAAG,GAAG,eAAe,CAAC,EAAE,aAAa,EAAE,WAAW,EAAE,GAAG,CAAC,WAAW,EAAE,YAAY,EAAE,CAAC,CAAC;IAC3F,MAAM,MAAM,GAAG,KAAK,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;IAC3D,OAAO;QACL,IAAI,EAAE,GAAG,CAAC,IAAI;QACd,YAAY;QACZ,IAAI,EAAE,GAAG,EAAE;YACR,MAAiC,CAAC,KAAK,EAAE,EAAE,CAAC;QAC/C,CAAC;KACF,CAAC;AACJ,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@sentropic/h2a-cli",
|
|
3
|
-
"version": "0.26.
|
|
3
|
+
"version": "0.26.3",
|
|
4
4
|
"description": "Unified CLI surface for h2a hosts and MCP-oriented coordination flows.",
|
|
5
5
|
"license": "MIT",
|
|
6
6
|
"type": "module",
|
|
@@ -43,7 +43,7 @@
|
|
|
43
43
|
"@hono/mcp": "^0.3.0",
|
|
44
44
|
"@hono/node-server": "^2.0.4",
|
|
45
45
|
"@modelcontextprotocol/sdk": "^1.29.0",
|
|
46
|
-
"@sentropic/h2a": "^0.26.
|
|
46
|
+
"@sentropic/h2a": "^0.26.3",
|
|
47
47
|
"hono": "^4.12.23"
|
|
48
48
|
},
|
|
49
49
|
"publishConfig": {
|