@sentropic/h2a-cli 0.32.0 → 0.38.1

package/dist/runtime/mcp-http/app.d.ts

@@ -1,5 +1,6 @@
 import { Hono } from "hono";
 import type { McpServer } from "../mcp/server.js";
+import type { BrokerLogin } from "./oauth/broker-login.js";
 import { type H2AHostedOAuthConfig } from "./oauth/config.js";
 import type { SingleTenantOAuthProvider } from "./oauth/single-tenant-provider.js";
 export interface HostedAppDeps {
@@ -7,6 +8,12 @@ export interface HostedAppDeps {
     oauthConfig: H2AHostedOAuthConfig;
     /** The in-process h2a MCP dispatch (createMcpServer) — its read-only tools are exposed. */
     h2aMcpServer: McpServer;
+    /**
+     * EVO-12 P2 (mode 3): when `oauthConfig.brokerMode`, the broker login (built
+     * from `oauthConfig.upstream`). Its /authorize delegates the user login to
+     * 39-auth instead of the consent secret. Omit for single-tenant.
+     */
+    brokerLogin?: BrokerLogin;
 }
 export declare function createHostedApp(deps: HostedAppDeps): Hono;
 //# sourceMappingURL=app.d.ts.map

package/dist/runtime/mcp-http/app.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"app.d.ts","sourceRoot":"","sources":["../../../src/runtime/mcp-http/app.ts"],"names":[],"mappings":"AAQA,OAAO,EAAgB,IAAI,EAAE,MAAM,MAAM,CAAC;AAE1C,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAElD,OAAO,EAA0B,KAAK,oBAAoB,EAAE,MAAM,mBAAmB,CAAC;AAEtF,OAAO,KAAK,EAAE,yBAAyB,EAAE,MAAM,mCAAmC,CAAC;AAEnF,MAAM,WAAW,aAAa;IAC5B,aAAa,EAAE,yBAAyB,CAAC;IACzC,WAAW,EAAE,oBAAoB,CAAC;IAClC,2FAA2F;IAC3F,YAAY,EAAE,SAAS,CAAC;CACzB;AAMD,wBAAgB,eAAe,CAAC,IAAI,EAAE,aAAa,GAAG,IAAI,CAyDzD"}
+{"version":3,"file":"app.d.ts","sourceRoot":"","sources":["../../../src/runtime/mcp-http/app.ts"],"names":[],"mappings":"AAQA,OAAO,EAAgB,IAAI,EAAE,MAAM,MAAM,CAAC;AAE1C,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAElD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AAE3D,OAAO,EAA0B,KAAK,oBAAoB,EAAE,MAAM,mBAAmB,CAAC;AAEtF,OAAO,KAAK,EAAE,yBAAyB,EAAE,MAAM,mCAAmC,CAAC;AAEnF,MAAM,WAAW,aAAa;IAC5B,aAAa,EAAE,yBAAyB,CAAC;IACzC,WAAW,EAAE,oBAAoB,CAAC;IAClC,2FAA2F;IAC3F,YAAY,EAAE,SAAS,CAAC;IACxB;;;;OAIG;IACH,WAAW,CAAC,EAAE,WAAW,CAAC;CAC3B;AAMD,wBAAgB,eAAe,CAAC,IAAI,EAAE,aAAa,GAAG,IAAI,CAsFzD"}

package/dist/runtime/mcp-http/app.js

@@ -8,6 +8,7 @@ import { StreamableHTTPTransport } from "@hono/mcp";
 import { bearerAuth } from "@hono/mcp/auth";
 import { Hono } from "hono";
 import { buildHostedMcpServer } from "./hosted-mcp-server.js";
+import { buildBrokerRoutes } from "./oauth/broker-routes.js";
 import { H2A_HOSTED_OAUTH_SCOPE } from "./oauth/config.js";
 import { buildOAuthRoutes } from "./oauth/hono-oauth-router.js";
 export function createHostedApp(deps) {
@@ -15,6 +16,33 @@ export function createHostedApp(deps) {
     const wwwAuthenticateHeader = `Bearer error="Unauthorized", error_description="Unauthorized", resource_metadata="${deps.oauthConfig.resourceMetadataUrl}"`;
     app.get("/healthz", (c) => c.json({ ok: true }));
     app.get("/readyz", (c) => c.json({ ok: true }));
+    // EVO-12 P2 (mode 3): in broker mode, the broker's /authorize + /oidc/callback
+    // are registered FIRST (Hono first-match wins) so /authorize delegates to
+    // 39-auth; /token, /register, well-known still fall through to buildOAuthRoutes.
+    if (deps.oauthConfig.brokerMode && deps.brokerLogin) {
+        app.route("/", buildBrokerRoutes({
+            brokerLogin: deps.brokerLogin,
+            issueClaudeaiCode: async (claudeai, _ctx) => {
+                const client = await deps.oauthProvider.clientsStore.getClient(claudeai.client_id);
+                if (!client)
+                    throw new Error("unknown client_id");
+                const code = await deps.oauthProvider.issueAuthorizationCode(client, {
+                    redirectUri: claudeai.redirect_uri,
+                    codeChallenge: claudeai.code_challenge ?? "",
+                    scopes: [H2A_HOSTED_OAUTH_SCOPE],
+                    ...(claudeai.state ? { state: claudeai.state } : {})
+                });
+                const redirect = new URL(claudeai.redirect_uri);
+                redirect.searchParams.set("code", code);
+                if (claudeai.state)
+                    redirect.searchParams.set("state", claudeai.state);
+                return redirect.href;
+                // NOTE: per-user-root /mcp serving (binding _ctx.sub/root through the
+                // token → serving that tenant's root) is the seed-gated finale — needs
+                // provider token metadata + a live 39-auth client to validate.
+            }
+        }));
+    }
     // OAuth AS + protected-resource metadata (unauthenticated) at the root.
     app.route("/", buildOAuthRoutes(deps.oauthProvider, deps.oauthConfig));
     // Bearer gate for /mcp: valid access token AND the read-only scope.

package/dist/runtime/mcp-http/app.js.map

@@ -1 +1 @@
-{"version":3,"file":"app.js","sourceRoot":"","sources":["../../../src/runtime/mcp-http/app.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,uBAAuB,EAAE,MAAM,WAAW,CAAC;AACpD,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAC5C,OAAO,EAAgB,IAAI,EAAE,MAAM,MAAM,CAAC;AAG1C,OAAO,EAAE,oBAAoB,EAAE,MAAM,wBAAwB,CAAC;AAC9D,OAAO,EAAE,sBAAsB,EAA6B,MAAM,mBAAmB,CAAC;AACtF,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAchE,MAAM,UAAU,eAAe,CAAC,IAAmB;IACjD,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IACvB,MAAM,qBAAqB,GAAG,qFAAqF,IAAI,CAAC,WAAW,CAAC,mBAAmB,GAAG,CAAC;IAE3J,GAAG,CAAC,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IACjD,GAAG,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IAEhD,wEAAwE;IACxE,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,gBAAgB,CAAC,IAAI,CAAC,aAAa,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC;IAEvE,oEAAoE;IACpE,MAAM,WAAW,GAAG,UAAU,CAAC;QAC7B,WAAW,EAAE,KAAK,EAAE,KAAa,EAAoB,EAAE;YACrD,IAAI,CAAC;gBACH,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC;gBAC/D,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,sBAAsB,CAAC,CAAC;YACtD,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QACD,sBAAsB,EAAE,EAAE,qBAAqB,EAAE,GAAG,EAAE,CAAC,qBAAqB,EAAE;QAC9E,2BAA2B,EAAE,EAAE,qBAAqB,EAAE,GAAG,EAAE,CAAC,qBAAqB,EAAE;KACpF,CAAC,CAAC;IAEH,MAAM,QAAQ,GAAG,IAAI,GAAG,EAA0B,CAAC;IAEnD,MAAM,UAAU,GAAG,KAAK,EAAE,CAAU,EAAE,EAAE;QACtC,MAAM,kBAAkB,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;QAC1D,IAAI,OAAO,GAAG,kBAAkB,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QAEhF,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,IAAI,OAAmC,CAAC;YACxC,MAAM,SAAS,GAAG,IAAI,uBAAuB,CAAC;gBAC5C,kBAAkB,EAAE,IAAI;gBACxB,kBAAkB,EAAE,GAAG,EAAE,CAAC,UAAU,EAAE;gBACtC,oBAAoB,EAAE,CAAC,SAAS,EAAE,EAAE;oBAClC,IAAI,OAAO;wBAAE,QAAQ,CAAC,GAAG,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;gBAChD,CAAC;gBACD,eAAe,EAAE,CAAC,SAAS,EAAE,EAAE;oBAC7B,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;gBAC7B,CAAC;aACF,CAAC,CAAC;YACH,OAAO,GAAG,EAAE,SAAS,EAAE,CAAC;YACxB,qEAAqE;YACrE,MAAM,MAAM,GAAG,oBAAoB,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YACvD,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YAChC,OAAO,GAAG,OAAO,CAAC;QACpB,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;QACrD,OAAO,GAAG,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IAClC,CAAC,CAAC;IAEF,mFAAmF;IACnF,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,WAAW,EAAE,UAAU,CAAC,CAAC;IAEzC,OAAO,GAAG,CAAC;AACb,CAAC"}
+{"version":3,"file":"app.js","sourceRoot":"","sources":["../../../src/runtime/mcp-http/app.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,uBAAuB,EAAE,MAAM,WAAW,CAAC;AACpD,OAAO,EAAE,UAAU,EAAE,MAAM,gBAAgB,CAAC;AAC5C,OAAO,EAAgB,IAAI,EAAE,MAAM,MAAM,CAAC;AAG1C,OAAO,EAAE,oBAAoB,EAAE,MAAM,wBAAwB,CAAC;AAE9D,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAC7D,OAAO,EAAE,sBAAsB,EAA6B,MAAM,mBAAmB,CAAC;AACtF,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAoBhE,MAAM,UAAU,eAAe,CAAC,IAAmB;IACjD,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IACvB,MAAM,qBAAqB,GAAG,qFAAqF,IAAI,CAAC,WAAW,CAAC,mBAAmB,GAAG,CAAC;IAE3J,GAAG,CAAC,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IACjD,GAAG,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IAEhD,+EAA+E;IAC/E,0EAA0E;IAC1E,iFAAiF;IACjF,IAAI,IAAI,CAAC,WAAW,CAAC,UAAU,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;QACpD,GAAG,CAAC,KAAK,CACP,GAAG,EACH,iBAAiB,CAAC;YAChB,WAAW,EAAE,IAAI,CAAC,WAAW;YAC7B,iBAAiB,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE;gBAC1C,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,YAAY,CAAC,SAAS,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;gBACnF,IAAI,CAAC,MAAM;oBAAE,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC,CAAC;gBAClD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,sBAAsB,CAAC,MAAM,EAAE;oBACnE,WAAW,EAAE,QAAQ,CAAC,YAAY;oBAClC,aAAa,EAAE,QAAQ,CAAC,cAAc,IAAI,EAAE;oBAC5C,MAAM,EAAE,CAAC,sBAAsB,CAAC;oBAChC,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,KAAK,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;iBACrD,CAAC,CAAC;gBACH,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;gBAChD,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;gBACxC,IAAI,QAAQ,CAAC,KAAK;oBAAE,QAAQ,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,QAAQ,CAAC,KAAK,CAAC,CAAC;gBACvE,OAAO,QAAQ,CAAC,IAAI,CAAC;gBACrB,sEAAsE;gBACtE,uEAAuE;gBACvE,+DAA+D;YACjE,CAAC;SACF,CAAC,CACH,CAAC;IACJ,CAAC;IAED,wEAAwE;IACxE,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE,gBAAgB,CAAC,IAAI,CAAC,aAAa,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC;IAEvE,oEAAoE;IACpE,MAAM,WAAW,GAAG,UAAU,CAAC;QAC7B,WAAW,EAAE,KAAK,EAAE,KAAa,EAAoB,EAAE;YACrD,IAAI,CAAC;gBACH,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC;gBAC/D,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,sBAAsB,CAAC,CAAC;YACtD,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,KAAK,CAAC;YACf,CAAC;QACH,CAAC;QACD,sBAAsB,EAAE,EAAE,qBAAqB,EAAE,GAAG,EAAE,CAAC,qBAAqB,EAAE;QAC9E,2BAA2B,EAAE,EAAE,qBAAqB,EAAE,GAAG,EAAE,CAAC,qBAAqB,EAAE;KACpF,CAAC,CAAC;IAEH,MAAM,QAAQ,GAAG,IAAI,GAAG,EAA0B,CAAC;IAEnD,MAAM,UAAU,GAAG,KAAK,EAAE,CAAU,EAAE,EAAE;QACtC,MAAM,kBAAkB,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;QAC1D,IAAI,OAAO,GAAG,kBAAkB,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QAEhF,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,IAAI,OAAmC,CAAC;YACxC,MAAM,SAAS,GAAG,IAAI,uBAAuB,CAAC;gBAC5C,kBAAkB,EAAE,IAAI;gBACxB,kBAAkB,EAAE,GAAG,EAAE,CAAC,UAAU,EAAE;gBACtC,oBAAoB,EAAE,CAAC,SAAS,EAAE,EAAE;oBAClC,IAAI,OAAO;wBAAE,QAAQ,CAAC,GAAG,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;gBAChD,CAAC;gBACD,eAAe,EAAE,CAAC,SAAS,EAAE,EAAE;oBAC7B,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;gBAC7B,CAAC;aACF,CAAC,CAAC;YACH,OAAO,GAAG,EAAE,SAAS,EAAE,CAAC;YACxB,qEAAqE;YACrE,MAAM,MAAM,GAAG,oBAAoB,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;YACvD,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YAChC,OAAO,GAAG,OAAO,CAAC;QACpB,CAAC;QAED,MAAM,GAAG,GAAG,MAAM,OAAO,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC;QACrD,OAAO,GAAG,IAAI,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IAClC,CAAC,CAAC;IAEF,mFAAmF;IACnF,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,WAAW,EAAE,UAAU,CAAC,CAAC;IAEzC,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/runtime/mcp-http/index.d.ts

@@ -10,5 +10,9 @@ export { startHostedServer, buildHostedConfigFromEnv, type HostedEnv, type Hoste
 export { FileOAuthStore } from "./oauth/file-store.js";
 export { SingleTenantOAuthProvider } from "./oauth/single-tenant-provider.js";
 export { buildOAuthRoutes } from "./oauth/hono-oauth-router.js";
+export { buildUpstreamAuthorizeUrl, exchangeUpstreamCode, type H2AUpstreamOidcConfig, type UpstreamFetch, type UpstreamLogin } from "./oauth/oidc-rp.js";
+export { rootForSub } from "./oauth/tenancy.js";
+export { createBrokerLogin, type BrokerLogin, type BrokerLoginDeps, type BrokerStart, type BrokerComplete } from "./oauth/broker-login.js";
+export { buildBrokerRoutes, type BrokerRoutesDeps } from "./oauth/broker-routes.js";
 export { oauthConfigFromEnv, H2A_HOSTED_OAUTH_SCOPE, type H2AHostedOAuthConfig, type H2AHostedOAuthEnv } from "./oauth/config.js";
 //# sourceMappingURL=index.d.ts.map

package/dist/runtime/mcp-http/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/runtime/mcp-http/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,EACL,yBAAyB,EACzB,yBAAyB,EACzB,oBAAoB,EACpB,mBAAmB,EACpB,MAAM,yBAAyB,CAAC;AACjC,OAAO,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAC;AAClF,OAAO,EAAE,eAAe,EAAE,KAAK,aAAa,EAAE,MAAM,UAAU,CAAC;AAC/D,OAAO,EACL,iBAAiB,EACjB,wBAAwB,EACxB,KAAK,SAAS,EACd,KAAK,YAAY,EACjB,KAAK,mBAAmB,EACzB,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EAAE,yBAAyB,EAAE,MAAM,mCAAmC,CAAC;AAC9E,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAChE,OAAO,EACL,kBAAkB,EAClB,sBAAsB,EACtB,KAAK,oBAAoB,EACzB,KAAK,iBAAiB,EACvB,MAAM,mBAAmB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/runtime/mcp-http/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,EACL,yBAAyB,EACzB,yBAAyB,EACzB,oBAAoB,EACpB,mBAAmB,EACpB,MAAM,yBAAyB,CAAC;AACjC,OAAO,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAC;AAClF,OAAO,EAAE,eAAe,EAAE,KAAK,aAAa,EAAE,MAAM,UAAU,CAAC;AAC/D,OAAO,EACL,iBAAiB,EACjB,wBAAwB,EACxB,KAAK,SAAS,EACd,KAAK,YAAY,EACjB,KAAK,mBAAmB,EACzB,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EAAE,yBAAyB,EAAE,MAAM,mCAAmC,CAAC;AAC9E,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAChE,OAAO,EACL,yBAAyB,EACzB,oBAAoB,EACpB,KAAK,qBAAqB,EAC1B,KAAK,aAAa,EAClB,KAAK,aAAa,EACnB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAChD,OAAO,EACL,iBAAiB,EACjB,KAAK,WAAW,EAChB,KAAK,eAAe,EACpB,KAAK,WAAW,EAChB,KAAK,cAAc,EACpB,MAAM,yBAAyB,CAAC;AACjC,OAAO,EAAE,iBAAiB,EAAE,KAAK,gBAAgB,EAAE,MAAM,0BAA0B,CAAC;AACpF,OAAO,EACL,kBAAkB,EAClB,sBAAsB,EACtB,KAAK,oBAAoB,EACzB,KAAK,iBAAiB,EACvB,MAAM,mBAAmB,CAAC"}

package/dist/runtime/mcp-http/index.js

@@ -10,5 +10,9 @@ export { startHostedServer, buildHostedConfigFromEnv } from "./serve.js";
 export { FileOAuthStore } from "./oauth/file-store.js";
 export { SingleTenantOAuthProvider } from "./oauth/single-tenant-provider.js";
 export { buildOAuthRoutes } from "./oauth/hono-oauth-router.js";
+export { buildUpstreamAuthorizeUrl, exchangeUpstreamCode } from "./oauth/oidc-rp.js";
+export { rootForSub } from "./oauth/tenancy.js";
+export { createBrokerLogin } from "./oauth/broker-login.js";
+export { buildBrokerRoutes } from "./oauth/broker-routes.js";
 export { oauthConfigFromEnv, H2A_HOSTED_OAUTH_SCOPE } from "./oauth/config.js";
 //# sourceMappingURL=index.js.map

package/dist/runtime/mcp-http/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/runtime/mcp-http/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,EACL,yBAAyB,EACzB,yBAAyB,EACzB,oBAAoB,EACpB,mBAAmB,EACpB,MAAM,yBAAyB,CAAC;AACjC,OAAO,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAC;AAClF,OAAO,EAAE,eAAe,EAAsB,MAAM,UAAU,CAAC;AAC/D,OAAO,EACL,iBAAiB,EACjB,wBAAwB,EAIzB,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EAAE,yBAAyB,EAAE,MAAM,mCAAmC,CAAC;AAC9E,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAChE,OAAO,EACL,kBAAkB,EAClB,sBAAsB,EAGvB,MAAM,mBAAmB,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/runtime/mcp-http/index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,OAAO,EACL,yBAAyB,EACzB,yBAAyB,EACzB,oBAAoB,EACpB,mBAAmB,EACpB,MAAM,yBAAyB,CAAC;AACjC,OAAO,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAC;AAClF,OAAO,EAAE,eAAe,EAAsB,MAAM,UAAU,CAAC;AAC/D,OAAO,EACL,iBAAiB,EACjB,wBAAwB,EAIzB,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EAAE,yBAAyB,EAAE,MAAM,mCAAmC,CAAC;AAC9E,OAAO,EAAE,gBAAgB,EAAE,MAAM,8BAA8B,CAAC;AAChE,OAAO,EACL,yBAAyB,EACzB,oBAAoB,EAIrB,MAAM,oBAAoB,CAAC;AAC5B,OAAO,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAChD,OAAO,EACL,iBAAiB,EAKlB,MAAM,yBAAyB,CAAC;AACjC,OAAO,EAAE,iBAAiB,EAAyB,MAAM,0BAA0B,CAAC;AACpF,OAAO,EACL,kBAAkB,EAClB,sBAAsB,EAGvB,MAAM,mBAAmB,CAAC"}

package/dist/runtime/mcp-http/oauth/broker-login.d.ts

@@ -0,0 +1,50 @@
+/**
+ * EVO-12 P2 (mode 3) — broker-login state machine. The stateful heart of the
+ * gateway: on claude.ai's /authorize, `start()` stores the claude.ai request +
+ * a fresh upstream PKCE/state and returns the 39-auth /authorize URL to redirect
+ * to; on the /oidc/callback, `complete()` looks the pending entry up by state,
+ * exchanges the code at 39-auth for the user's `sub`, and resolves that user's
+ * per-tenant root. The hono routes are thin wrappers over this.
+ *
+ * Deps injected (exchange / pkce / randomState / clock) → unit-testable against
+ * a mock IdP, no network. Pending entries are single-use + time-boxed.
+ */
+import { type H2AUpstreamOidcConfig, type UpstreamLogin } from "./oidc-rp.js";
+export interface BrokerLoginDeps {
+    readonly config: H2AUpstreamOidcConfig;
+    /** Bound `exchangeUpstreamCode(config, {code, codeVerifier}, fetch)`. */
+    readonly exchange: (code: string, codeVerifier: string) => Promise<UpstreamLogin>;
+    /** Base h2a root; the per-user root is `rootForSub(baseRoot, sub)`. */
+    readonly baseRoot: string;
+    /** Fresh opaque state per login (e.g. `randomToken()`). */
+    readonly randomState: () => string;
+    /** Fresh PKCE pair for the upstream leg. */
+    readonly pkce: () => {
+        verifier: string;
+        challenge: string;
+    };
+    readonly now?: () => number;
+    /** Pending-login TTL (ms). Default 10 min. */
+    readonly maxAgeMs?: number;
+}
+export interface BrokerStart {
+    /** 39-auth /authorize URL to redirect the user to. */
+    readonly redirectUrl: string;
+    /** The upstream state (also the pending-entry key). */
+    readonly state: string;
+}
+export interface BrokerComplete {
+    /** The original claude.ai /authorize request, opaque to the broker — to resume issuing the claude.ai code. */
+    readonly claudeai: unknown;
+    /** The authenticated 39-auth user. */
+    readonly sub: string;
+    /** That user's per-tenant h2a root. */
+    readonly root: string;
+}
+export interface BrokerLogin {
+    start(claudeaiParams: unknown): BrokerStart;
+    complete(state: string, code: string): Promise<BrokerComplete>;
+    pendingCount(): number;
+}
+export declare function createBrokerLogin(deps: BrokerLoginDeps): BrokerLogin;
+//# sourceMappingURL=broker-login.d.ts.map

package/dist/runtime/mcp-http/oauth/broker-login.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"broker-login.d.ts","sourceRoot":"","sources":["../../../../src/runtime/mcp-http/oauth/broker-login.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AACH,OAAO,EAA6B,KAAK,qBAAqB,EAAE,KAAK,aAAa,EAAE,MAAM,cAAc,CAAC;AAGzG,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,MAAM,EAAE,qBAAqB,CAAC;IACvC,yEAAyE;IACzE,QAAQ,CAAC,QAAQ,EAAE,CAAC,IAAI,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,KAAK,OAAO,CAAC,aAAa,CAAC,CAAC;IAClF,uEAAuE;IACvE,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,2DAA2D;IAC3D,QAAQ,CAAC,WAAW,EAAE,MAAM,MAAM,CAAC;IACnC,4CAA4C;IAC5C,QAAQ,CAAC,IAAI,EAAE,MAAM;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE,CAAC;IAC7D,QAAQ,CAAC,GAAG,CAAC,EAAE,MAAM,MAAM,CAAC;IAC5B,8CAA8C;IAC9C,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;CAC5B;AAED,MAAM,WAAW,WAAW;IAC1B,sDAAsD;IACtD,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,uDAAuD;IACvD,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,WAAW,cAAc;IAC7B,8GAA8G;IAC9G,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC;IAC3B,sCAAsC;IACtC,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,uCAAuC;IACvC,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,WAAW;IAC1B,KAAK,CAAC,cAAc,EAAE,OAAO,GAAG,WAAW,CAAC;IAC5C,QAAQ,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC,CAAC;IAC/D,YAAY,IAAI,MAAM,CAAC;CACxB;AAED,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,eAAe,GAAG,WAAW,CAwBpE"}

package/dist/runtime/mcp-http/oauth/broker-login.js

@@ -0,0 +1,41 @@
+/**
+ * EVO-12 P2 (mode 3) — broker-login state machine. The stateful heart of the
+ * gateway: on claude.ai's /authorize, `start()` stores the claude.ai request +
+ * a fresh upstream PKCE/state and returns the 39-auth /authorize URL to redirect
+ * to; on the /oidc/callback, `complete()` looks the pending entry up by state,
+ * exchanges the code at 39-auth for the user's `sub`, and resolves that user's
+ * per-tenant root. The hono routes are thin wrappers over this.
+ *
+ * Deps injected (exchange / pkce / randomState / clock) → unit-testable against
+ * a mock IdP, no network. Pending entries are single-use + time-boxed.
+ */
+import { buildUpstreamAuthorizeUrl } from "./oidc-rp.js";
+import { rootForSub } from "./tenancy.js";
+export function createBrokerLogin(deps) {
+    const now = deps.now ?? Date.now;
+    const maxAgeMs = deps.maxAgeMs ?? 600_000;
+    const pending = new Map();
+    return {
+        start(claudeaiParams) {
+            const { verifier, challenge } = deps.pkce();
+            const state = deps.randomState();
+            pending.set(state, { verifier, claudeai: claudeaiParams, at: now() });
+            return {
+                redirectUrl: buildUpstreamAuthorizeUrl(deps.config, { state, codeChallenge: challenge }),
+                state
+            };
+        },
+        async complete(state, code) {
+            const entry = pending.get(state);
+            if (!entry)
+                throw new Error("broker: unknown state");
+            pending.delete(state); // single-use
+            if (now() - entry.at > maxAgeMs)
+                throw new Error("broker: state expired");
+            const login = await deps.exchange(code, entry.verifier);
+            return { claudeai: entry.claudeai, sub: login.sub, root: rootForSub(deps.baseRoot, login.sub) };
+        },
+        pendingCount: () => pending.size
+    };
+}
+//# sourceMappingURL=broker-login.js.map

package/dist/runtime/mcp-http/oauth/broker-login.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"broker-login.js","sourceRoot":"","sources":["../../../../src/runtime/mcp-http/oauth/broker-login.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AACH,OAAO,EAAE,yBAAyB,EAAkD,MAAM,cAAc,CAAC;AACzG,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAuC1C,MAAM,UAAU,iBAAiB,CAAC,IAAqB;IACrD,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC;IACjC,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,IAAI,OAAO,CAAC;IAC1C,MAAM,OAAO,GAAG,IAAI,GAAG,EAA+D,CAAC;IACvF,OAAO;QACL,KAAK,CAAC,cAAc;YAClB,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;YAC5C,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC;YACjC,OAAO,CAAC,GAAG,CAAC,KAAK,EAAE,EAAE,QAAQ,EAAE,QAAQ,EAAE,cAAc,EAAE,EAAE,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;YACtE,OAAO;gBACL,WAAW,EAAE,yBAAyB,CAAC,IAAI,CAAC,MAAM,EAAE,EAAE,KAAK,EAAE,aAAa,EAAE,SAAS,EAAE,CAAC;gBACxF,KAAK;aACN,CAAC;QACJ,CAAC;QACD,KAAK,CAAC,QAAQ,CAAC,KAAK,EAAE,IAAI;YACxB,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;YACjC,IAAI,CAAC,KAAK;gBAAE,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;YACrD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,aAAa;YACpC,IAAI,GAAG,EAAE,GAAG,KAAK,CAAC,EAAE,GAAG,QAAQ;gBAAE,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;YAC1E,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,KAAK,CAAC,QAAQ,CAAC,CAAC;YACxD,OAAO,EAAE,QAAQ,EAAE,KAAK,CAAC,QAAQ,EAAE,GAAG,EAAE,KAAK,CAAC,GAAG,EAAE,IAAI,EAAE,UAAU,CAAC,IAAI,CAAC,QAAQ,EAAE,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;QAClG,CAAC;QACD,YAAY,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI;KACjC,CAAC;AACJ,CAAC"}

package/dist/runtime/mcp-http/oauth/broker-routes.d.ts

@@ -0,0 +1,29 @@
+/**
+ * EVO-12 P2 (mode 3) — hono routes for the broker login. Thin wrapper over
+ * `createBrokerLogin`: `/authorize` starts a login (302 → 39-auth) instead of
+ * the single-tenant consent form; `/oidc/callback` completes it (exchange →
+ * sub → per-user root) and hands off to the provider to issue the claude.ai
+ * authorization code, then 302s back to claude.ai.
+ *
+ * `issueClaudeaiCode` is injected (the SingleTenantOAuthProvider's code issuance,
+ * bound to the resolved user/root) → routes are testable via `app.request` with
+ * a mock IdP, no provider/network.
+ */
+import { Hono } from "hono";
+import type { BrokerLogin } from "./broker-login.js";
+export interface BrokerRoutesDeps {
+    readonly brokerLogin: BrokerLogin;
+    /**
+     * Issue the claude.ai authorization code for the original request, bound to
+     * the authenticated user/root, and return the claude.ai redirect URL
+     * (`<redirect_uri>?code=…&state=…`).
+     */
+    readonly issueClaudeaiCode: (claudeai: Record<string, string>, ctx: {
+        sub: string;
+        root: string;
+    }) => string | Promise<string>;
+    /** Callback path registered at 39-auth. Default `/oidc/callback`. */
+    readonly callbackPath?: string;
+}
+export declare function buildBrokerRoutes(deps: BrokerRoutesDeps): Hono;
+//# sourceMappingURL=broker-routes.d.ts.map

package/dist/runtime/mcp-http/oauth/broker-routes.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"broker-routes.d.ts","sourceRoot":"","sources":["../../../../src/runtime/mcp-http/oauth/broker-routes.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AACH,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAE5B,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAErD,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,WAAW,EAAE,WAAW,CAAC;IAClC;;;;OAIG;IACH,QAAQ,CAAC,iBAAiB,EAAE,CAC1B,QAAQ,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,EAChC,GAAG,EAAE;QAAE,GAAG,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAA;KAAE,KAC/B,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAC9B,qEAAqE;IACrE,QAAQ,CAAC,YAAY,CAAC,EAAE,MAAM,CAAC;CAChC;AAED,wBAAgB,iBAAiB,CAAC,IAAI,EAAE,gBAAgB,GAAG,IAAI,CAkC9D"}

package/dist/runtime/mcp-http/oauth/broker-routes.js

@@ -0,0 +1,46 @@
+/**
+ * EVO-12 P2 (mode 3) — hono routes for the broker login. Thin wrapper over
+ * `createBrokerLogin`: `/authorize` starts a login (302 → 39-auth) instead of
+ * the single-tenant consent form; `/oidc/callback` completes it (exchange →
+ * sub → per-user root) and hands off to the provider to issue the claude.ai
+ * authorization code, then 302s back to claude.ai.
+ *
+ * `issueClaudeaiCode` is injected (the SingleTenantOAuthProvider's code issuance,
+ * bound to the resolved user/root) → routes are testable via `app.request` with
+ * a mock IdP, no provider/network.
+ */
+import { Hono } from "hono";
+export function buildBrokerRoutes(deps) {
+    const router = new Hono();
+    const callbackPath = deps.callbackPath ?? "/oidc/callback";
+    // claude.ai lands here (DCR+PKCE already done against our self-AS); we redirect
+    // the human to 39-auth to actually log in.
+    router.get("/authorize", (c) => {
+        c.header("Cache-Control", "no-store");
+        const claudeai = c.req.query();
+        const { redirectUrl } = deps.brokerLogin.start(claudeai);
+        return c.redirect(redirectUrl, 302);
+    });
+    // 39-auth redirects back here with code+state; we exchange, resolve the user's
+    // root, issue the claude.ai code, and bounce back to claude.ai.
+    router.get(callbackPath, async (c) => {
+        const code = c.req.query("code");
+        const state = c.req.query("state");
+        if (!code || !state) {
+            return c.json({ error: "invalid_request", error_description: "missing code/state" }, 400);
+        }
+        try {
+            const done = await deps.brokerLogin.complete(state, code);
+            const redirectUrl = await deps.issueClaudeaiCode(done.claudeai, {
+                sub: done.sub,
+                root: done.root
+            });
+            return c.redirect(redirectUrl, 302);
+        }
+        catch (err) {
+            return c.json({ error: "access_denied", error_description: err.message }, 400);
+        }
+    });
+    return router;
+}
+//# sourceMappingURL=broker-routes.js.map

package/dist/runtime/mcp-http/oauth/broker-routes.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"broker-routes.js","sourceRoot":"","sources":["../../../../src/runtime/mcp-http/oauth/broker-routes.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AACH,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAmB5B,MAAM,UAAU,iBAAiB,CAAC,IAAsB;IACtD,MAAM,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;IAC1B,MAAM,YAAY,GAAG,IAAI,CAAC,YAAY,IAAI,gBAAgB,CAAC;IAE3D,gFAAgF;IAChF,2CAA2C;IAC3C,MAAM,CAAC,GAAG,CAAC,YAAY,EAAE,CAAC,CAAC,EAAE,EAAE;QAC7B,CAAC,CAAC,MAAM,CAAC,eAAe,EAAE,UAAU,CAAC,CAAC;QACtC,MAAM,QAAQ,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,EAA4B,CAAC;QACzD,MAAM,EAAE,WAAW,EAAE,GAAG,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;QACzD,OAAO,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC;IACtC,CAAC,CAAC,CAAC;IAEH,+EAA+E;IAC/E,gEAAgE;IAChE,MAAM,CAAC,GAAG,CAAC,YAAY,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACnC,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACjC,MAAM,KAAK,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACnC,IAAI,CAAC,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACpB,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,oBAAoB,EAAE,EAAE,GAAG,CAAC,CAAC;QAC5F,CAAC;QACD,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,QAAQ,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC;YAC1D,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,QAAkC,EAAE;gBACxF,GAAG,EAAE,IAAI,CAAC,GAAG;gBACb,IAAI,EAAE,IAAI,CAAC,IAAI;aAChB,CAAC,CAAC;YACH,OAAO,CAAC,CAAC,QAAQ,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC;QACtC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,eAAe,EAAE,iBAAiB,EAAG,GAAa,CAAC,OAAO,EAAE,EAAE,GAAG,CAAC,CAAC;QAC5F,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/runtime/mcp-http/oauth/config.d.ts

@@ -5,6 +5,7 @@
  * Scope is read-only (`h2a:read`) — the hosted surface exposes only read tools
  * (DEC-116 key custody; see ../readonly-allowlist).
  */
+import type { H2AUpstreamOidcConfig } from "./oidc-rp.js";
 export declare const H2A_HOSTED_OAUTH_SCOPE = "h2a:read";
 export interface H2AHostedOAuthEnv {
     PUBLIC_BASE_URL: string;
@@ -16,6 +17,14 @@ export interface H2AHostedOAuthEnv {
     OAUTH_AUTH_CODE_TTL_SECONDS: number;
     H2A_HOSTED_ENROLLMENT_ENABLED?: string;
     NODE_ENV?: string;
+    H2A_BROKER_MODE?: string;
+    H2A_UPSTREAM_ISSUER?: string;
+    H2A_UPSTREAM_AUTHORIZE_URL?: string;
+    H2A_UPSTREAM_TOKEN_URL?: string;
+    H2A_UPSTREAM_CLIENT_ID?: string;
+    H2A_UPSTREAM_CLIENT_SECRET?: string;
+    H2A_UPSTREAM_REDIRECT_URI?: string;
+    H2A_UPSTREAM_SCOPES?: string;
 }
 export interface H2AHostedOAuthConfig {
     issuerUrl: URL;
@@ -29,6 +38,10 @@ export interface H2AHostedOAuthConfig {
     refreshTokenTtlSeconds: number;
     authCodeTtlSeconds: number;
     nodeEnv: string;
+    /** EVO-12 P2: broker mode (delegate login to 39-auth). */
+    brokerMode: boolean;
+    /** The seeded 39-auth RP config — present iff broker mode. */
+    upstream?: H2AUpstreamOidcConfig;
 }
 export declare function parseOAuthCsv(value: string): string[];
 export declare function parseHostedEnrollmentEnabled(value: string | undefined): boolean;

package/dist/runtime/mcp-http/oauth/config.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../../../src/runtime/mcp-http/oauth/config.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,eAAO,MAAM,sBAAsB,aAAa,CAAC;AAEjD,MAAM,WAAW,iBAAiB;IAChC,eAAe,EAAE,MAAM,CAAC;IACxB,gBAAgB,EAAE,MAAM,CAAC;IACzB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,2BAA2B,EAAE,MAAM,CAAC;IACpC,8BAA8B,EAAE,MAAM,CAAC;IACvC,+BAA+B,EAAE,MAAM,CAAC;IACxC,2BAA2B,EAAE,MAAM,CAAC;IACpC,6BAA6B,CAAC,EAAE,MAAM,CAAC;IACvC,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,oBAAoB;IACnC,SAAS,EAAE,GAAG,CAAC;IACf,aAAa,EAAE,GAAG,CAAC;IACnB,iBAAiB,EAAE,GAAG,CAAC;IACvB,mBAAmB,EAAE,MAAM,CAAC;IAC5B,aAAa,EAAE,MAAM,CAAC;IACtB,iBAAiB,EAAE,OAAO,CAAC;IAC3B,mBAAmB,EAAE,SAAS,MAAM,EAAE,CAAC;IACvC,qBAAqB,EAAE,MAAM,CAAC;IAC9B,sBAAsB,EAAE,MAAM,CAAC;IAC/B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,EAAE,CAKrD;AAED,wBAAgB,4BAA4B,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,GAAG,OAAO,CAG/E;AAED,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,iBAAiB,GAAG,oBAAoB,CAoB/E"}
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../../../src/runtime/mcp-http/oauth/config.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,cAAc,CAAC;AAE1D,eAAO,MAAM,sBAAsB,aAAa,CAAC;AAEjD,MAAM,WAAW,iBAAiB;IAChC,eAAe,EAAE,MAAM,CAAC;IACxB,gBAAgB,EAAE,MAAM,CAAC;IACzB,oBAAoB,CAAC,EAAE,MAAM,CAAC;IAC9B,2BAA2B,EAAE,MAAM,CAAC;IACpC,8BAA8B,EAAE,MAAM,CAAC;IACvC,+BAA+B,EAAE,MAAM,CAAC;IACxC,2BAA2B,EAAE,MAAM,CAAC;IACpC,6BAA6B,CAAC,EAAE,MAAM,CAAC;IACvC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAIlB,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAC7B,0BAA0B,CAAC,EAAE,MAAM,CAAC;IACpC,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,sBAAsB,CAAC,EAAE,MAAM,CAAC;IAChC,0BAA0B,CAAC,EAAE,MAAM,CAAC;IACpC,yBAAyB,CAAC,EAAE,MAAM,CAAC;IACnC,mBAAmB,CAAC,EAAE,MAAM,CAAC;CAC9B;AAED,MAAM,WAAW,oBAAoB;IACnC,SAAS,EAAE,GAAG,CAAC;IACf,aAAa,EAAE,GAAG,CAAC;IACnB,iBAAiB,EAAE,GAAG,CAAC;IACvB,mBAAmB,EAAE,MAAM,CAAC;IAC5B,aAAa,EAAE,MAAM,CAAC;IACtB,iBAAiB,EAAE,OAAO,CAAC;IAC3B,mBAAmB,EAAE,SAAS,MAAM,EAAE,CAAC;IACvC,qBAAqB,EAAE,MAAM,CAAC;IAC9B,sBAAsB,EAAE,MAAM,CAAC;IAC/B,kBAAkB,EAAE,MAAM,CAAC;IAC3B,OAAO,EAAE,MAAM,CAAC;IAChB,0DAA0D;IAC1D,UAAU,EAAE,OAAO,CAAC;IACpB,8DAA8D;IAC9D,QAAQ,CAAC,EAAE,qBAAqB,CAAC;CAClC;AAED,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,EAAE,CAKrD;AAED,wBAAgB,4BAA4B,CAAC,KAAK,EAAE,MAAM,GAAG,SAAS,GAAG,OAAO,CAG/E;AAED,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,iBAAiB,GAAG,oBAAoB,CAwB/E"}

package/dist/runtime/mcp-http/oauth/config.js

@@ -24,6 +24,8 @@ export function oauthConfigFromEnv(env) {
     if (enrollmentEnabled && !env.OAUTH_CONSENT_SECRET) {
         throw new Error("OAUTH_CONSENT_SECRET is required when H2A_HOSTED_ENROLLMENT_ENABLED=true");
     }
+    const brokerMode = env.H2A_BROKER_MODE === "true";
+    const upstream = brokerMode ? upstreamFromEnv(env) : undefined;
     return {
         issuerUrl,
         publicBaseUrl,
@@ -35,7 +37,33 @@ export function oauthConfigFromEnv(env) {
         accessTokenTtlSeconds: env.OAUTH_ACCESS_TOKEN_TTL_SECONDS,
         refreshTokenTtlSeconds: env.OAUTH_REFRESH_TOKEN_TTL_SECONDS,
         authCodeTtlSeconds: env.OAUTH_AUTH_CODE_TTL_SECONDS,
-        nodeEnv: env.NODE_ENV ?? "development"
+        nodeEnv: env.NODE_ENV ?? "development",
+        brokerMode,
+        ...(upstream ? { upstream } : {})
+    };
+}
+/** Parse the seeded 39-auth RP config from env; throws if a field is missing. */
+function upstreamFromEnv(env) {
+    const required = {
+        issuer: env.H2A_UPSTREAM_ISSUER,
+        authorizeUrl: env.H2A_UPSTREAM_AUTHORIZE_URL,
+        tokenUrl: env.H2A_UPSTREAM_TOKEN_URL,
+        clientId: env.H2A_UPSTREAM_CLIENT_ID,
+        clientSecret: env.H2A_UPSTREAM_CLIENT_SECRET,
+        redirectUri: env.H2A_UPSTREAM_REDIRECT_URI
+    };
+    for (const [key, value] of Object.entries(required)) {
+        if (!value)
+            throw new Error(`H2A_BROKER_MODE=true requires H2A_UPSTREAM_* (missing ${key})`);
+    }
+    return {
+        issuer: required.issuer,
+        authorizeUrl: required.authorizeUrl,
+        tokenUrl: required.tokenUrl,
+        clientId: required.clientId,
+        clientSecret: required.clientSecret,
+        redirectUri: required.redirectUri,
+        scopes: env.H2A_UPSTREAM_SCOPES ? parseOAuthCsv(env.H2A_UPSTREAM_SCOPES) : ["openid", "profile", "email"]
     };
 }
 //# sourceMappingURL=config.js.map

package/dist/runtime/mcp-http/oauth/config.js.map

@@ -1 +1 @@
-{"version":3,"file":"config.js","sourceRoot":"","sources":["../../../../src/runtime/mcp-http/oauth/config.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,MAAM,CAAC,MAAM,sBAAsB,GAAG,UAAU,CAAC;AA4BjD,MAAM,UAAU,aAAa,CAAC,KAAa;IACzC,OAAO,KAAK;SACT,KAAK,CAAC,GAAG,CAAC;SACV,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;SAC1B,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;AACvC,CAAC;AAED,MAAM,UAAU,4BAA4B,CAAC,KAAyB;IACpE,IAAI,KAAK,KAAK,SAAS;QAAE,OAAO,KAAK,CAAC;IACtC,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC;AACzE,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,GAAsB;IACvD,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;IACnD,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;IAChD,MAAM,iBAAiB,GAAG,4BAA4B,CAAC,GAAG,CAAC,6BAA6B,CAAC,CAAC;IAC1F,IAAI,iBAAiB,IAAI,CAAC,GAAG,CAAC,oBAAoB,EAAE,CAAC;QACnD,MAAM,IAAI,KAAK,CAAC,0EAA0E,CAAC,CAAC;IAC9F,CAAC;IACD,OAAO;QACL,SAAS;QACT,aAAa;QACb,iBAAiB,EAAE,IAAI,GAAG,CAAC,MAAM,EAAE,aAAa,CAAC;QACjD,mBAAmB,EAAE,IAAI,GAAG,CAAC,2CAA2C,EAAE,aAAa,CAAC,CAAC,IAAI;QAC7F,aAAa,EAAE,GAAG,CAAC,oBAAoB,IAAI,mBAAmB;QAC9D,iBAAiB;QACjB,mBAAmB,EAAE,aAAa,CAAC,GAAG,CAAC,2BAA2B,CAAC;QACnE,qBAAqB,EAAE,GAAG,CAAC,8BAA8B;QACzD,sBAAsB,EAAE,GAAG,CAAC,+BAA+B;QAC3D,kBAAkB,EAAE,GAAG,CAAC,2BAA2B;QACnD,OAAO,EAAE,GAAG,CAAC,QAAQ,IAAI,aAAa;KACvC,CAAC;AACJ,CAAC"}
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../../../../src/runtime/mcp-http/oauth/config.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAIH,MAAM,CAAC,MAAM,sBAAsB,GAAG,UAAU,CAAC;AA2CjD,MAAM,UAAU,aAAa,CAAC,KAAa;IACzC,OAAO,KAAK;SACT,KAAK,CAAC,GAAG,CAAC;SACV,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;SAC1B,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;AACvC,CAAC;AAED,MAAM,UAAU,4BAA4B,CAAC,KAAyB;IACpE,IAAI,KAAK,KAAK,SAAS;QAAE,OAAO,KAAK,CAAC;IACtC,OAAO,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC;AACzE,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,GAAsB;IACvD,MAAM,aAAa,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;IACnD,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;IAChD,MAAM,iBAAiB,GAAG,4BAA4B,CAAC,GAAG,CAAC,6BAA6B,CAAC,CAAC;IAC1F,IAAI,iBAAiB,IAAI,CAAC,GAAG,CAAC,oBAAoB,EAAE,CAAC;QACnD,MAAM,IAAI,KAAK,CAAC,0EAA0E,CAAC,CAAC;IAC9F,CAAC;IACD,MAAM,UAAU,GAAG,GAAG,CAAC,eAAe,KAAK,MAAM,CAAC;IAClD,MAAM,QAAQ,GAAG,UAAU,CAAC,CAAC,CAAC,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAC/D,OAAO;QACL,SAAS;QACT,aAAa;QACb,iBAAiB,EAAE,IAAI,GAAG,CAAC,MAAM,EAAE,aAAa,CAAC;QACjD,mBAAmB,EAAE,IAAI,GAAG,CAAC,2CAA2C,EAAE,aAAa,CAAC,CAAC,IAAI;QAC7F,aAAa,EAAE,GAAG,CAAC,oBAAoB,IAAI,mBAAmB;QAC9D,iBAAiB;QACjB,mBAAmB,EAAE,aAAa,CAAC,GAAG,CAAC,2BAA2B,CAAC;QACnE,qBAAqB,EAAE,GAAG,CAAC,8BAA8B;QACzD,sBAAsB,EAAE,GAAG,CAAC,+BAA+B;QAC3D,kBAAkB,EAAE,GAAG,CAAC,2BAA2B;QACnD,OAAO,EAAE,GAAG,CAAC,QAAQ,IAAI,aAAa;QACtC,UAAU;QACV,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KAClC,CAAC;AACJ,CAAC;AAED,iFAAiF;AACjF,SAAS,eAAe,CAAC,GAAsB;IAC7C,MAAM,QAAQ,GAAG;QACf,MAAM,EAAE,GAAG,CAAC,mBAAmB;QAC/B,YAAY,EAAE,GAAG,CAAC,0BAA0B;QAC5C,QAAQ,EAAE,GAAG,CAAC,sBAAsB;QACpC,QAAQ,EAAE,GAAG,CAAC,sBAAsB;QACpC,YAAY,EAAE,GAAG,CAAC,0BAA0B;QAC5C,WAAW,EAAE,GAAG,CAAC,yBAAyB;KAC3C,CAAC;IACF,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QACpD,IAAI,CAAC,KAAK;YAAE,MAAM,IAAI,KAAK,CAAC,yDAAyD,GAAG,GAAG,CAAC,CAAC;IAC/F,CAAC;IACD,OAAO;QACL,MAAM,EAAE,QAAQ,CAAC,MAAgB;QACjC,YAAY,EAAE,QAAQ,CAAC,YAAsB;QAC7C,QAAQ,EAAE,QAAQ,CAAC,QAAkB;QACrC,QAAQ,EAAE,QAAQ,CAAC,QAAkB;QACrC,YAAY,EAAE,QAAQ,CAAC,YAAsB;QAC7C,WAAW,EAAE,QAAQ,CAAC,WAAqB;QAC3C,MAAM,EAAE,GAAG,CAAC,mBAAmB,CAAC,CAAC,CAAC,aAAa,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,SAAS,EAAE,OAAO,CAAC;KAC1G,CAAC;AACJ,CAAC"}

package/dist/runtime/mcp-http/oauth/oidc-rp.d.ts

@@ -0,0 +1,56 @@
+/**
+ * EVO-12 P2 (mode 3, gateway broker) — upstream OIDC Relying Party for 39-auth.
+ *
+ * The hosted shim keeps the DCR + token surface claude.ai needs (self-AS), but
+ * delegates the USER login to 39-auth (the sentropic OIDC IdP, live at
+ * `…/api/v1/auth/oauth/authorize`): redirect to its `/authorize`, then exchange
+ * the code at `/token` and read the authenticated `sub`. The `sub` is what the
+ * gateway maps to a per-user h2a root (multi-tenant).
+ *
+ * Pure + fetch-injected → unit-testable against a mock IdP. The real client
+ * (client_id/secret) is seeded operator-side in 39-auth (no DCR there); that
+ * seed is the live-integration point, not a code dependency.
+ */
+export interface H2AUpstreamOidcConfig {
+    /** 39-auth issuer (informational / id_token `iss` check later). */
+    readonly issuer: string;
+    /** 39-auth authorization endpoint (e.g. …/api/v1/auth/oauth/authorize). */
+    readonly authorizeUrl: string;
+    /** 39-auth token endpoint (e.g. …/api/v1/auth/oauth/token). */
+    readonly tokenUrl: string;
+    /** This gateway's seeded client id at 39-auth. */
+    readonly clientId: string;
+    /** This gateway's client secret (k8s Secret). */
+    readonly clientSecret: string;
+    /** The gateway's callback URL registered at 39-auth. */
+    readonly redirectUri: string;
+    /** Scopes to request (openid required for `sub`). */
+    readonly scopes: readonly string[];
+}
+/** Minimal fetch shape (injected for tests; global fetch satisfies it). */
+export type UpstreamFetch = (url: string, init: {
+    method: string;
+    headers: Record<string, string>;
+    body: string;
+}) => Promise<{
+    ok: boolean;
+    status: number;
+    json: () => Promise<unknown>;
+}>;
+export interface UpstreamLogin {
+    /** The authenticated user — the gateway's per-tenant key. */
+    readonly sub: string;
+    readonly idToken: string;
+    readonly accessToken?: string;
+}
+/** Build the 39-auth `/authorize` URL to redirect the user to (authorization_code + PKCE). */
+export declare function buildUpstreamAuthorizeUrl(config: H2AUpstreamOidcConfig, params: {
+    state: string;
+    codeChallenge: string;
+}): string;
+/** Exchange an authorization_code (+ PKCE verifier) at 39-auth for the user's `sub`. */
+export declare function exchangeUpstreamCode(config: H2AUpstreamOidcConfig, params: {
+    code: string;
+    codeVerifier: string;
+}, fetchImpl: UpstreamFetch): Promise<UpstreamLogin>;
+//# sourceMappingURL=oidc-rp.d.ts.map

package/dist/runtime/mcp-http/oauth/oidc-rp.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oidc-rp.d.ts","sourceRoot":"","sources":["../../../../src/runtime/mcp-http/oauth/oidc-rp.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AACH,MAAM,WAAW,qBAAqB;IACpC,mEAAmE;IACnE,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,2EAA2E;IAC3E,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,+DAA+D;IAC/D,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,kDAAkD;IAClD,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,iDAAiD;IACjD,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,wDAAwD;IACxD,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,qDAAqD;IACrD,QAAQ,CAAC,MAAM,EAAE,SAAS,MAAM,EAAE,CAAC;CACpC;AAED,2EAA2E;AAC3E,MAAM,MAAM,aAAa,GAAG,CAC1B,GAAG,EAAE,MAAM,EACX,IAAI,EAAE;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,KACpE,OAAO,CAAC;IAAE,EAAE,EAAE,OAAO,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,OAAO,CAAC,OAAO,CAAC,CAAA;CAAE,CAAC,CAAC;AAE5E,MAAM,WAAW,aAAa;IAC5B,6DAA6D;IAC7D,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;CAC/B;AAED,8FAA8F;AAC9F,wBAAgB,yBAAyB,CACvC,MAAM,EAAE,qBAAqB,EAC7B,MAAM,EAAE;IAAE,KAAK,EAAE,MAAM,CAAC;IAAC,aAAa,EAAE,MAAM,CAAA;CAAE,GAC/C,MAAM,CAUR;AAqBD,wFAAwF;AACxF,wBAAsB,oBAAoB,CACxC,MAAM,EAAE,qBAAqB,EAC7B,MAAM,EAAE;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,YAAY,EAAE,MAAM,CAAA;CAAE,EAC9C,SAAS,EAAE,aAAa,GACvB,OAAO,CAAC,aAAa,CAAC,CA0BxB"}

package/dist/runtime/mcp-http/oauth/oidc-rp.js

@@ -0,0 +1,63 @@
+/** Build the 39-auth `/authorize` URL to redirect the user to (authorization_code + PKCE). */
+export function buildUpstreamAuthorizeUrl(config, params) {
+    const url = new URL(config.authorizeUrl);
+    url.searchParams.set("response_type", "code");
+    url.searchParams.set("client_id", config.clientId);
+    url.searchParams.set("redirect_uri", config.redirectUri);
+    url.searchParams.set("scope", config.scopes.join(" "));
+    url.searchParams.set("state", params.state);
+    url.searchParams.set("code_challenge", params.codeChallenge);
+    url.searchParams.set("code_challenge_method", "S256");
+    return url.href;
+}
+/** Read `sub` from an id_token payload. The token came from our authenticated
+ * server-to-server exchange with 39-auth (TLS + client_secret), so the payload
+ * is trusted here; verifying the EdDSA signature against 39-auth JWKS is the
+ * hardening step (needs JWKS publicly reachable). */
+function subFromIdToken(idToken) {
+    const parts = idToken.split(".");
+    if (parts.length < 2)
+        throw new Error("malformed id_token");
+    let payload;
+    try {
+        payload = JSON.parse(Buffer.from(parts[1], "base64url").toString("utf8"));
+    }
+    catch {
+        throw new Error("unparseable id_token payload");
+    }
+    if (typeof payload.sub !== "string" || payload.sub.length === 0) {
+        throw new Error("id_token has no sub");
+    }
+    return payload.sub;
+}
+/** Exchange an authorization_code (+ PKCE verifier) at 39-auth for the user's `sub`. */
+export async function exchangeUpstreamCode(config, params, fetchImpl) {
+    const body = new URLSearchParams({
+        grant_type: "authorization_code",
+        code: params.code,
+        redirect_uri: config.redirectUri,
+        client_id: config.clientId,
+        code_verifier: params.codeVerifier
+    }).toString();
+    const basic = Buffer.from(`${config.clientId}:${config.clientSecret}`).toString("base64");
+    const res = await fetchImpl(config.tokenUrl, {
+        method: "POST",
+        headers: {
+            "content-type": "application/x-www-form-urlencoded",
+            accept: "application/json",
+            authorization: `Basic ${basic}`
+        },
+        body
+    });
+    if (!res.ok)
+        throw new Error(`upstream token exchange failed: HTTP ${res.status}`);
+    const tok = (await res.json());
+    if (typeof tok.id_token !== "string")
+        throw new Error("upstream token response missing id_token");
+    return {
+        sub: subFromIdToken(tok.id_token),
+        idToken: tok.id_token,
+        ...(typeof tok.access_token === "string" ? { accessToken: tok.access_token } : {})
+    };
+}
+//# sourceMappingURL=oidc-rp.js.map

package/dist/runtime/mcp-http/oauth/oidc-rp.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oidc-rp.js","sourceRoot":"","sources":["../../../../src/runtime/mcp-http/oauth/oidc-rp.ts"],"names":[],"mappings":"AA2CA,8FAA8F;AAC9F,MAAM,UAAU,yBAAyB,CACvC,MAA6B,EAC7B,MAAgD;IAEhD,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;IACzC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;IAC9C,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,MAAM,CAAC,QAAQ,CAAC,CAAC;IACnD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,MAAM,CAAC,WAAW,CAAC,CAAC;IACzD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IACvD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;IAC5C,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,gBAAgB,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC;IAC7D,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,uBAAuB,EAAE,MAAM,CAAC,CAAC;IACtD,OAAO,GAAG,CAAC,IAAI,CAAC;AAClB,CAAC;AAED;;;qDAGqD;AACrD,SAAS,cAAc,CAAC,OAAe;IACrC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACjC,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;IAC5D,IAAI,OAA0B,CAAC;IAC/B,IAAI,CAAC;QACH,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAsB,CAAC;IACjG,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;IAClD,CAAC;IACD,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,IAAI,OAAO,CAAC,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAChE,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;IACzC,CAAC;IACD,OAAO,OAAO,CAAC,GAAG,CAAC;AACrB,CAAC;AAED,wFAAwF;AACxF,MAAM,CAAC,KAAK,UAAU,oBAAoB,CACxC,MAA6B,EAC7B,MAA8C,EAC9C,SAAwB;IAExB,MAAM,IAAI,GAAG,IAAI,eAAe,CAAC;QAC/B,UAAU,EAAE,oBAAoB;QAChC,IAAI,EAAE,MAAM,CAAC,IAAI;QACjB,YAAY,EAAE,MAAM,CAAC,WAAW;QAChC,SAAS,EAAE,MAAM,CAAC,QAAQ;QAC1B,aAAa,EAAE,MAAM,CAAC,YAAY;KACnC,CAAC,CAAC,QAAQ,EAAE,CAAC;IACd,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,QAAQ,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC1F,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,MAAM,CAAC,QAAQ,EAAE;QAC3C,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,mCAAmC;YACnD,MAAM,EAAE,kBAAkB;YAC1B,aAAa,EAAE,SAAS,KAAK,EAAE;SAChC;QACD,IAAI;KACL,CAAC,CAAC;IACH,IAAI,CAAC,GAAG,CAAC,EAAE;QAAE,MAAM,IAAI,KAAK,CAAC,wCAAwC,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;IACnF,MAAM,GAAG,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAAmD,CAAC;IACjF,IAAI,OAAO,GAAG,CAAC,QAAQ,KAAK,QAAQ;QAAE,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC;IAClG,OAAO;QACL,GAAG,EAAE,cAAc,CAAC,GAAG,CAAC,QAAQ,CAAC;QACjC,OAAO,EAAE,GAAG,CAAC,QAAQ;QACrB,GAAG,CAAC,OAAO,GAAG,CAAC,YAAY,KAAK,QAAQ,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,GAAG,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KACnF,CAAC;AACJ,CAAC"}

package/dist/runtime/mcp-http/oauth/tenancy.d.ts

@@ -0,0 +1,3 @@
+/** Per-tenant h2a root for an authenticated `sub`. */
+export declare function rootForSub(baseRoot: string, sub: string): string;
+//# sourceMappingURL=tenancy.d.ts.map

package/dist/runtime/mcp-http/oauth/tenancy.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"tenancy.d.ts","sourceRoot":"","sources":["../../../../src/runtime/mcp-http/oauth/tenancy.ts"],"names":[],"mappings":"AAYA,sDAAsD;AACtD,wBAAgB,UAAU,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,MAAM,CAKhE"}

package/dist/runtime/mcp-http/oauth/tenancy.js

@@ -0,0 +1,18 @@
+/**
+ * EVO-12 P2 (mode 3, multi-tenant) — map an authenticated 39-auth `sub` to that
+ * user's own h2a root, under `<baseRoot>/tenants/<safe(sub)>`. The gateway picks
+ * the per-user root after the broker login (so the read-only surface + mirror
+ * ingester scope to one user); the single-tenant mode keeps using `baseRoot`.
+ *
+ * Pure. `safePathSegment` neutralizes path-traversal / unsafe chars in `sub`.
+ */
+import { join } from "node:path";
+import { safePathSegment } from "../../local-files/index.js";
+/** Per-tenant h2a root for an authenticated `sub`. */
+export function rootForSub(baseRoot, sub) {
+    if (typeof sub !== "string" || sub.length === 0) {
+        throw new Error("rootForSub: empty sub");
+    }
+    return join(baseRoot, "tenants", safePathSegment(sub));
+}
+//# sourceMappingURL=tenancy.js.map

package/dist/runtime/mcp-http/oauth/tenancy.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tenancy.js","sourceRoot":"","sources":["../../../../src/runtime/mcp-http/oauth/tenancy.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AACH,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AAEjC,OAAO,EAAE,eAAe,EAAE,MAAM,4BAA4B,CAAC;AAE7D,sDAAsD;AACtD,MAAM,UAAU,UAAU,CAAC,QAAgB,EAAE,GAAW;IACtD,IAAI,OAAO,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAChD,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;IAC3C,CAAC;IACD,OAAO,IAAI,CAAC,QAAQ,EAAE,SAAS,EAAE,eAAe,CAAC,GAAG,CAAC,CAAC,CAAC;AACzD,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@sentropic/h2a-cli",
-  "version": "0.32.0",
+  "version": "0.38.1",
   "description": "Unified CLI surface for h2a hosts and MCP-oriented coordination flows.",
   "license": "MIT",
   "type": "module",
@@ -43,7 +43,7 @@
     "@hono/mcp": "^0.3.0",
     "@hono/node-server": "^2.0.4",
     "@modelcontextprotocol/sdk": "^1.29.0",
-    "@sentropic/h2a": "^0.32.0",
+    "@sentropic/h2a": "^0.38.1",
     "hono": "^4.12.23"
   },
   "publishConfig": {