@sidecar-ai/cli 0.1.0-alpha.5 → 0.1.0-alpha.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +83 -8
- package/dist/index.js.map +1 -1
- package/package.json +5 -5
package/dist/index.js
CHANGED
|
@@ -3963,6 +3963,11 @@ function createSidecarHttpHandler(options) {
|
|
|
3963
3963
|
const streamHub = createSseHub();
|
|
3964
3964
|
const mcp = createSidecarMcpServer(options);
|
|
3965
3965
|
return async (request, response) => {
|
|
3966
|
+
const pathname = request.url?.split("?")[0];
|
|
3967
|
+
const requestLog = createHttpRequestLog(request, pathname);
|
|
3968
|
+
response.once("finish", () => {
|
|
3969
|
+
logHttpRequest(requestLog, response.statusCode);
|
|
3970
|
+
});
|
|
3966
3971
|
if (isRejectedOrigin(request, options.allowedOrigins)) {
|
|
3967
3972
|
response.writeHead(403, { "content-type": "application/json" });
|
|
3968
3973
|
response.end(JSON.stringify({ error: "forbidden_origin" }));
|
|
@@ -3974,16 +3979,17 @@ function createSidecarHttpHandler(options) {
|
|
|
3974
3979
|
response.end(proxyResult.body ?? "");
|
|
3975
3980
|
return;
|
|
3976
3981
|
}
|
|
3977
|
-
const pathname = request.url?.split("?")[0];
|
|
3978
3982
|
if (options.auth && request.method === "GET" && isProtectedResourceMetadataPath(pathname, endpoint)) {
|
|
3979
3983
|
response.writeHead(200, { "content-type": "application/json" });
|
|
3980
3984
|
response.end(JSON.stringify(options.auth.metadata()));
|
|
3981
3985
|
return;
|
|
3982
3986
|
}
|
|
3987
|
+
if (options.auth && request.method === "GET" && pathname === "/.well-known/oauth-authorization-server") {
|
|
3988
|
+
await proxyAuthorizationServerMetadata(options.auth, response);
|
|
3989
|
+
return;
|
|
3990
|
+
}
|
|
3983
3991
|
if (request.method === "GET" && pathname === endpoint) {
|
|
3984
3992
|
try {
|
|
3985
|
-
validateProtocolVersion(request);
|
|
3986
|
-
validateGetHeaders(request);
|
|
3987
3993
|
const fetchRequest = toFetchRequest(request, options.publicUrl ?? options.auth?.resource);
|
|
3988
3994
|
if (options.auth) {
|
|
3989
3995
|
const authSession = await authorizeHttpRequest(options.auth, fetchRequest, response);
|
|
@@ -3991,6 +3997,8 @@ function createSidecarHttpHandler(options) {
|
|
|
3991
3997
|
return;
|
|
3992
3998
|
}
|
|
3993
3999
|
}
|
|
4000
|
+
validateProtocolVersion(request);
|
|
4001
|
+
validateGetHeaders(request);
|
|
3994
4002
|
streamHub.open(response);
|
|
3995
4003
|
} catch (error) {
|
|
3996
4004
|
const status = error instanceof JsonRpcHttpError ? error.status : 400;
|
|
@@ -4019,6 +4027,11 @@ function createSidecarHttpHandler(options) {
|
|
|
4019
4027
|
return;
|
|
4020
4028
|
}
|
|
4021
4029
|
try {
|
|
4030
|
+
const fetchRequest = toFetchRequest(request, options.publicUrl ?? options.auth?.resource);
|
|
4031
|
+
const authSession = options.auth ? await authorizeHttpRequest(options.auth, fetchRequest, response) : void 0;
|
|
4032
|
+
if (options.auth && authSession === AUTH_RESPONSE_SENT) {
|
|
4033
|
+
return;
|
|
4034
|
+
}
|
|
4022
4035
|
validateProtocolVersion(request);
|
|
4023
4036
|
validatePostHeaders(request);
|
|
4024
4037
|
const body = await readJson(request, maxBodyBytes);
|
|
@@ -4031,11 +4044,6 @@ function createSidecarHttpHandler(options) {
|
|
|
4031
4044
|
return;
|
|
4032
4045
|
}
|
|
4033
4046
|
const rpcRequest = assertJsonRpcRequest(body);
|
|
4034
|
-
const fetchRequest = toFetchRequest(request, options.publicUrl ?? options.auth?.resource);
|
|
4035
|
-
const authSession = options.auth ? await authorizeHttpRequest(options.auth, fetchRequest, response) : void 0;
|
|
4036
|
-
if (options.auth && authSession === AUTH_RESPONSE_SENT) {
|
|
4037
|
-
return;
|
|
4038
|
-
}
|
|
4039
4047
|
if (rpcRequest.id !== void 0 && hasProgressToken(rpcRequest)) {
|
|
4040
4048
|
const stream = createSseStream(response, { supportsRequestProgress: true });
|
|
4041
4049
|
const payload2 = await mcp.handle(rpcRequest, {
|
|
@@ -4127,6 +4135,73 @@ function escapeRegExp(value) {
|
|
|
4127
4135
|
function isProtectedResourceMetadataPath(pathname, endpoint) {
|
|
4128
4136
|
return pathname === "/.well-known/oauth-protected-resource" || pathname === `/.well-known/oauth-protected-resource${endpoint}`;
|
|
4129
4137
|
}
|
|
4138
|
+
function createHttpRequestLog(request, pathname) {
|
|
4139
|
+
return {
|
|
4140
|
+
method: request.method,
|
|
4141
|
+
path: pathname,
|
|
4142
|
+
host: truncateHeader(singleHeader(request.headers.host)),
|
|
4143
|
+
accept: truncateHeader(singleHeader(request.headers.accept)),
|
|
4144
|
+
contentType: truncateHeader(singleHeader(request.headers["content-type"])),
|
|
4145
|
+
contentLength: truncateHeader(singleHeader(request.headers["content-length"])),
|
|
4146
|
+
mcpProtocolVersion: truncateHeader(singleHeader(request.headers["mcp-protocol-version"])),
|
|
4147
|
+
origin: truncateHeader(singleHeader(request.headers.origin)),
|
|
4148
|
+
userAgent: truncateHeader(singleHeader(request.headers["user-agent"])),
|
|
4149
|
+
authorization: request.headers.authorization ? "present" : "absent",
|
|
4150
|
+
cookie: request.headers.cookie ? "present" : "absent"
|
|
4151
|
+
};
|
|
4152
|
+
}
|
|
4153
|
+
function logHttpRequest(metadata, status) {
|
|
4154
|
+
const debug = process.env.SIDECAR_DEBUG === "1" || process.env.SIDECAR_LOG_LEVEL === "debug";
|
|
4155
|
+
if (!debug && status < 400) {
|
|
4156
|
+
return;
|
|
4157
|
+
}
|
|
4158
|
+
const message = JSON.stringify({
|
|
4159
|
+
event: "sidecar.mcp.http",
|
|
4160
|
+
status,
|
|
4161
|
+
...stripUndefined4(metadata)
|
|
4162
|
+
});
|
|
4163
|
+
if (status >= 500) {
|
|
4164
|
+
console.error(message);
|
|
4165
|
+
} else if (status >= 400) {
|
|
4166
|
+
console.warn(message);
|
|
4167
|
+
} else {
|
|
4168
|
+
console.info(message);
|
|
4169
|
+
}
|
|
4170
|
+
}
|
|
4171
|
+
function singleHeader(value) {
|
|
4172
|
+
return Array.isArray(value) ? value.join(", ") : value;
|
|
4173
|
+
}
|
|
4174
|
+
function truncateHeader(value) {
|
|
4175
|
+
if (!value) {
|
|
4176
|
+
return void 0;
|
|
4177
|
+
}
|
|
4178
|
+
return value.length > 240 ? `${value.slice(0, 237)}...` : value;
|
|
4179
|
+
}
|
|
4180
|
+
async function proxyAuthorizationServerMetadata(auth, response) {
|
|
4181
|
+
const [authorizationServer] = auth.authorizationServers;
|
|
4182
|
+
if (!authorizationServer) {
|
|
4183
|
+
response.writeHead(404, { "content-type": "application/json" });
|
|
4184
|
+
response.end(JSON.stringify({ error: "authorization_server_not_configured" }));
|
|
4185
|
+
return;
|
|
4186
|
+
}
|
|
4187
|
+
try {
|
|
4188
|
+
const url = new URL("/.well-known/oauth-authorization-server", authorizationServer);
|
|
4189
|
+
const upstream = await fetch(url, { headers: { accept: "application/json" } });
|
|
4190
|
+
const body = await upstream.text();
|
|
4191
|
+
response.writeHead(upstream.ok ? 200 : 502, {
|
|
4192
|
+
"content-type": upstream.headers.get("content-type") ?? "application/json"
|
|
4193
|
+
});
|
|
4194
|
+
response.end(body);
|
|
4195
|
+
} catch (error) {
|
|
4196
|
+
console.warn(JSON.stringify({
|
|
4197
|
+
event: "sidecar.mcp.authorization_metadata_proxy_failed",
|
|
4198
|
+
authorizationServer,
|
|
4199
|
+
message: error instanceof Error ? error.message : "Unknown error"
|
|
4200
|
+
}));
|
|
4201
|
+
response.writeHead(502, { "content-type": "application/json" });
|
|
4202
|
+
response.end(JSON.stringify({ error: "authorization_metadata_unavailable" }));
|
|
4203
|
+
}
|
|
4204
|
+
}
|
|
4130
4205
|
var JsonRpcError = class extends Error {
|
|
4131
4206
|
constructor(code, message, data) {
|
|
4132
4207
|
super(message);
|