@sidecar-ai/cli 0.1.0-alpha.5 → 0.1.0-alpha.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/index.js CHANGED
@@ -3963,6 +3963,11 @@ function createSidecarHttpHandler(options) {
3963
3963
  const streamHub = createSseHub();
3964
3964
  const mcp = createSidecarMcpServer(options);
3965
3965
  return async (request, response) => {
3966
+ const pathname = request.url?.split("?")[0];
3967
+ const requestLog = createHttpRequestLog(request, pathname);
3968
+ response.once("finish", () => {
3969
+ logHttpRequest(requestLog, response.statusCode);
3970
+ });
3966
3971
  if (isRejectedOrigin(request, options.allowedOrigins)) {
3967
3972
  response.writeHead(403, { "content-type": "application/json" });
3968
3973
  response.end(JSON.stringify({ error: "forbidden_origin" }));
@@ -3974,16 +3979,17 @@ function createSidecarHttpHandler(options) {
3974
3979
  response.end(proxyResult.body ?? "");
3975
3980
  return;
3976
3981
  }
3977
- const pathname = request.url?.split("?")[0];
3978
3982
  if (options.auth && request.method === "GET" && isProtectedResourceMetadataPath(pathname, endpoint)) {
3979
3983
  response.writeHead(200, { "content-type": "application/json" });
3980
3984
  response.end(JSON.stringify(options.auth.metadata()));
3981
3985
  return;
3982
3986
  }
3987
+ if (options.auth && request.method === "GET" && pathname === "/.well-known/oauth-authorization-server") {
3988
+ await proxyAuthorizationServerMetadata(options.auth, response);
3989
+ return;
3990
+ }
3983
3991
  if (request.method === "GET" && pathname === endpoint) {
3984
3992
  try {
3985
- validateProtocolVersion(request);
3986
- validateGetHeaders(request);
3987
3993
  const fetchRequest = toFetchRequest(request, options.publicUrl ?? options.auth?.resource);
3988
3994
  if (options.auth) {
3989
3995
  const authSession = await authorizeHttpRequest(options.auth, fetchRequest, response);
@@ -3991,6 +3997,8 @@ function createSidecarHttpHandler(options) {
3991
3997
  return;
3992
3998
  }
3993
3999
  }
4000
+ validateProtocolVersion(request);
4001
+ validateGetHeaders(request);
3994
4002
  streamHub.open(response);
3995
4003
  } catch (error) {
3996
4004
  const status = error instanceof JsonRpcHttpError ? error.status : 400;
@@ -4019,6 +4027,11 @@ function createSidecarHttpHandler(options) {
4019
4027
  return;
4020
4028
  }
4021
4029
  try {
4030
+ const fetchRequest = toFetchRequest(request, options.publicUrl ?? options.auth?.resource);
4031
+ const authSession = options.auth ? await authorizeHttpRequest(options.auth, fetchRequest, response) : void 0;
4032
+ if (options.auth && authSession === AUTH_RESPONSE_SENT) {
4033
+ return;
4034
+ }
4022
4035
  validateProtocolVersion(request);
4023
4036
  validatePostHeaders(request);
4024
4037
  const body = await readJson(request, maxBodyBytes);
@@ -4031,11 +4044,6 @@ function createSidecarHttpHandler(options) {
4031
4044
  return;
4032
4045
  }
4033
4046
  const rpcRequest = assertJsonRpcRequest(body);
4034
- const fetchRequest = toFetchRequest(request, options.publicUrl ?? options.auth?.resource);
4035
- const authSession = options.auth ? await authorizeHttpRequest(options.auth, fetchRequest, response) : void 0;
4036
- if (options.auth && authSession === AUTH_RESPONSE_SENT) {
4037
- return;
4038
- }
4039
4047
  if (rpcRequest.id !== void 0 && hasProgressToken(rpcRequest)) {
4040
4048
  const stream = createSseStream(response, { supportsRequestProgress: true });
4041
4049
  const payload2 = await mcp.handle(rpcRequest, {
@@ -4127,6 +4135,73 @@ function escapeRegExp(value) {
4127
4135
  function isProtectedResourceMetadataPath(pathname, endpoint) {
4128
4136
  return pathname === "/.well-known/oauth-protected-resource" || pathname === `/.well-known/oauth-protected-resource${endpoint}`;
4129
4137
  }
4138
+ function createHttpRequestLog(request, pathname) {
4139
+ return {
4140
+ method: request.method,
4141
+ path: pathname,
4142
+ host: truncateHeader(singleHeader(request.headers.host)),
4143
+ accept: truncateHeader(singleHeader(request.headers.accept)),
4144
+ contentType: truncateHeader(singleHeader(request.headers["content-type"])),
4145
+ contentLength: truncateHeader(singleHeader(request.headers["content-length"])),
4146
+ mcpProtocolVersion: truncateHeader(singleHeader(request.headers["mcp-protocol-version"])),
4147
+ origin: truncateHeader(singleHeader(request.headers.origin)),
4148
+ userAgent: truncateHeader(singleHeader(request.headers["user-agent"])),
4149
+ authorization: request.headers.authorization ? "present" : "absent",
4150
+ cookie: request.headers.cookie ? "present" : "absent"
4151
+ };
4152
+ }
4153
+ function logHttpRequest(metadata, status) {
4154
+ const debug = process.env.SIDECAR_DEBUG === "1" || process.env.SIDECAR_LOG_LEVEL === "debug";
4155
+ if (!debug && status < 400) {
4156
+ return;
4157
+ }
4158
+ const message = JSON.stringify({
4159
+ event: "sidecar.mcp.http",
4160
+ status,
4161
+ ...stripUndefined4(metadata)
4162
+ });
4163
+ if (status >= 500) {
4164
+ console.error(message);
4165
+ } else if (status >= 400) {
4166
+ console.warn(message);
4167
+ } else {
4168
+ console.info(message);
4169
+ }
4170
+ }
4171
+ function singleHeader(value) {
4172
+ return Array.isArray(value) ? value.join(", ") : value;
4173
+ }
4174
+ function truncateHeader(value) {
4175
+ if (!value) {
4176
+ return void 0;
4177
+ }
4178
+ return value.length > 240 ? `${value.slice(0, 237)}...` : value;
4179
+ }
4180
+ async function proxyAuthorizationServerMetadata(auth, response) {
4181
+ const [authorizationServer] = auth.authorizationServers;
4182
+ if (!authorizationServer) {
4183
+ response.writeHead(404, { "content-type": "application/json" });
4184
+ response.end(JSON.stringify({ error: "authorization_server_not_configured" }));
4185
+ return;
4186
+ }
4187
+ try {
4188
+ const url = new URL("/.well-known/oauth-authorization-server", authorizationServer);
4189
+ const upstream = await fetch(url, { headers: { accept: "application/json" } });
4190
+ const body = await upstream.text();
4191
+ response.writeHead(upstream.ok ? 200 : 502, {
4192
+ "content-type": upstream.headers.get("content-type") ?? "application/json"
4193
+ });
4194
+ response.end(body);
4195
+ } catch (error) {
4196
+ console.warn(JSON.stringify({
4197
+ event: "sidecar.mcp.authorization_metadata_proxy_failed",
4198
+ authorizationServer,
4199
+ message: error instanceof Error ? error.message : "Unknown error"
4200
+ }));
4201
+ response.writeHead(502, { "content-type": "application/json" });
4202
+ response.end(JSON.stringify({ error: "authorization_metadata_unavailable" }));
4203
+ }
4204
+ }
4130
4205
  var JsonRpcError = class extends Error {
4131
4206
  constructor(code, message, data) {
4132
4207
  super(message);