@slashfi/agents-sdk 0.90.2 → 0.90.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/config-store.js +294 -54
- package/dist/cjs/config-store.js.map +1 -1
- package/dist/cjs/index.js.map +1 -1
- package/dist/cjs/mcp-client.js +77 -24
- package/dist/cjs/mcp-client.js.map +1 -1
- package/dist/config-store.d.ts +7 -0
- package/dist/config-store.d.ts.map +1 -1
- package/dist/config-store.js +294 -54
- package/dist/config-store.js.map +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js.map +1 -1
- package/dist/mcp-client.d.ts +5 -2
- package/dist/mcp-client.d.ts.map +1 -1
- package/dist/mcp-client.js +77 -24
- package/dist/mcp-client.js.map +1 -1
- package/package.json +1 -1
- package/src/config-store.test.ts +385 -0
- package/src/config-store.ts +408 -74
- package/src/index.ts +4 -1
- package/src/mcp-client.test.ts +80 -0
- package/src/mcp-client.ts +114 -31
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"config-store.d.ts","sourceRoot":"","sources":["../src/config-store.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAGH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,+BAA+B,CAAC;AAE7D,OAAO,KAAK,EACV,cAAc,EACd,WAAW,EACX,QAAQ,EACR,aAAa,EACb,WAAW,EAEZ,MAAM,oBAAoB,CAAC;AAE5B,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,oBAAoB,CAAC;AAClE,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAChD,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;
|
|
1
|
+
{"version":3,"file":"config-store.d.ts","sourceRoot":"","sources":["../src/config-store.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;GAiBG;AAGH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,+BAA+B,CAAC;AAE7D,OAAO,KAAK,EACV,cAAc,EACd,WAAW,EACX,QAAQ,EACR,aAAa,EACb,WAAW,EAEZ,MAAM,oBAAoB,CAAC;AAE5B,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,oBAAoB,CAAC;AAClE,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,kBAAkB,CAAC;AAChD,OAAO,KAAK,EAAE,MAAM,EAAE,MAAM,aAAa,CAAC;AAW1C,OAAO,KAAK,EACV,eAAe,EACf,cAAc,EACd,qBAAqB,EAEtB,MAAM,wBAAwB,CAAC;AAChC,OAAO,KAAK,EACV,sBAAsB,EACtB,4BAA4B,EAC5B,8BAA8B,EAC9B,8BAA8B,EAE9B,qBAAqB,EACtB,MAAM,YAAY,CAAC;AAUpB;;;;GAIG;AACH,MAAM,WAAW,wBAAwB;IACvC,IAAI,EAAE,MAAM,CAAC;IACb,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;;;;;;;;;;GAWG;AACH,MAAM,MAAM,yBAAyB,GAAG,OAAO,CAAC;AAEhD,MAAM,WAAW,0BAA0B;IACzC,gEAAgE;IAChE,IAAI,EAAE,MAAM,CAAC;IACb,4CAA4C;IAC5C,KAAK,EAAE,MAAM,CAAC;IACd,uDAAuD;IACvD,MAAM,EAAE,OAAO,CAAC;IAChB,mDAAmD;IACnD,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,uCAAuC;IACvC,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,sBAAsB;IACrC,QAAQ,EAAE,OAAO,CAAC;IAClB,SAAS,EAAE,OAAO,CAAC;IACnB,iEAAiE;IACjE,MAAM,CAAC,EAAE,yBAAyB,CAAC;IACnC;;;OAGG;IACH,KAAK,CAAC,EAAE,0BAA0B,EAAE,CAAC;IACrC;;;OAGG;IACH,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAED;;;;;;GAMG;AACH,MAAM,WAAW,kBAAkB;IACjC,qEAAqE;IACrE,GAAG,EAAE,MAAM,CAAC;IACZ,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,KAAK,CAAC,EAAE,wBAAwB,EAAE,CAAC;IACnC;;;;;;;OAOG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,sBAAsB,CAAC,CAAC;IACpD,4EAA4E;IAC5E,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;;;GAIG;AACH,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,kBAAkB,CAAC,CAAC;CAC1C;AAED;;GAEG;AACH,MAAM,WAAW,sBAAsB;IACrC;;;;;;;;;;;OAWG;IACH,gBAAgB,CAAC,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;CAC1C;AA0DD,wBAAgB,iBAAiB,CAC/B,KAAK,EAAE,QAAQ,EACf,UAAU,EAAE,kBAAkB,GAAG,SAAS,EAC1C,IAAI,CAAC,EAAE,sBAAsB,GAC5B,OAAO,GAAG,IAAI,CAiBhB;AAMD,wDAAwD;AACxD,MAAM,WAAW,yBAAyB;IACxC,eAAe;IACf,GAAG,EAAE,MAAM,CAAC;IACZ,qFAAqF;IACrF,KAAK,EAAE,MAAM,CAAC;IACd,qCAAqC;IACrC,KAAK,EAAE,QAAQ,CAAC;IAChB,wCAAwC;IACxC,QAAQ,EAAE,qBAAqB,GAAG,IAAI,CAAC;IACvC,mDAAmD;IACnD,aAAa,CAAC,EAAE,OAAO,iBAAiB,EAAE,mBAAmB,GAAG,IAAI,CAAC;CACtE;AAED;;;;GAIG;AACH,MAAM,MAAM,kBAAkB,GAAG,CAC/B,GAAG,EAAE,yBAAyB,KAC3B,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;AAE5B,MAAM,WAAW,UAAU;IACzB,0DAA0D;IAC1D,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,gDAAgD;IAChD,KAAK,CAAC,EAAE,MAAM,CAAC;IACf;;;;OAIG;IACH,sBAAsB,CAAC,EAAE,MAAM,GAAG,IAAI,CAAC;IACvC;;;OAGG;IACH,eAAe,CAAC,EAAE,OAAO,GAAG,UAAU,GAAG,IAAI,CAAC;IAC9C;;;;OAIG;IACH,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,0DAA0D;IAC1D,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,yEAAyE;IACzE,eAAe,CAAC,EAAE,MAAM,CAAC;IACzB;;;;OAIG;IACH,kBAAkB,CAAC,EAAE,kBAAkB,CAAC;IACxC;;;;;;;;OAQG;IACH,KAAK,CAAC,EAAE,OAAO,CAAC;IAChB;;;;;OAKG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,kBAAkB;IACjC,IAAI,EAAE,MAAM,CAAC;IACb,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,QAAQ,GAAG,OAAO,CAAC;IAC3B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,cAAc;IAC7B,GAAG,CACD,KAAK,EAAE,aAAa,GACnB,OAAO,CAAC;QAAE,eAAe,CAAC,EAAE,uBAAuB,CAAA;KAAE,CAAC,CAAC;IAC1D,MAAM,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAC5C,IAAI,IAAI,OAAO,CAAC,aAAa,EAAE,CAAC,CAAC;IACjC,GAAG,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC,CAAC;IACjD,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,aAAa,CAAC,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IACxE,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,EAAE,CAAC,CAAC;IAChE,OAAO,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,qBAAqB,CAAC,CAAC;IACtD,IAAI,CAAC,IAAI,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,EAAE,CAAC,CAAC;IACnD;;;;OAIG;IACH,IAAI,CACF,SAAS,EAAE,MAAM,EACjB,UAAU,EACN;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,QAAQ,CAAC,EAAE,MAAM,CAAA;KAAE,GACpC;QAAE,QAAQ,EAAE,MAAM,CAAC;QAAC,QAAQ,CAAC,EAAE,MAAM,CAAA;KAAE,GACvC;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,MAAM,CAAC,EAAE,MAAM,CAAA;KAAE,GACtC,OAAO,CAAC,OAAO,CAAC,CAAC;IAEpB;;;;;;;;;;;;OAYG;IACH,SAAS,CACP,SAAS,EAAE,MAAM,EACjB,IAAI,CAAC,EAAE;QACL,cAAc,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;QACvC,SAAS,CAAC,EAAE,MAAM,CAAC;QACnB,KAAK,CAAC,EAAE,OAAO,CAAC;KACjB,GACA,OAAO,CAAC;QAAE,QAAQ,EAAE,OAAO,CAAA;KAAE,CAAC,CAAC;CACnC;AAED,sDAAsD;AACtD,MAAM,WAAW,eAAe;IAC9B,QAAQ,EAAE,OAAO,CAAC;IAClB,uEAAuE;IACvE,SAAS,EAAE,OAAO,CAAC;IACnB,0CAA0C;IAC1C,OAAO,EAAE,OAAO,CAAC;IACjB,gDAAgD;IAChD,UAAU,EAAE,OAAO,CAAC;IACpB,gEAAgE;IAChE,MAAM,CAAC,EAAE,yBAAyB,CAAC;IACnC,sEAAsE;IACtE,KAAK,CAAC,EAAE,kBAAkB,EAAE,CAAC;IAC7B,wDAAwD;IACxD,QAAQ,CAAC,EAAE,OAAO,CAAC;CACpB;AAED,kEAAkE;AAClE,MAAM,WAAW,aAAa;IAC5B,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,qBAAqB,GAAG,IAAI,CAAC;IACvC,uEAAuE;IACvE,QAAQ,EAAE,OAAO,CAAC;IAClB,0BAA0B;IAC1B,MAAM,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;CACzC;AAED,MAAM,WAAW,WAAW;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,wDAAwD;AACxD,MAAM,WAAW,kBAAkB;IACjC,0CAA0C;IAC1C,IAAI,EAAE,MAAM,CAAC;IACb,0DAA0D;IAC1D,KAAK,EAAE,MAAM,CAAC;IACd,8DAA8D;IAC9D,MAAM,EAAE,OAAO,CAAC;IAChB,oDAAoD;IACpD,QAAQ,CAAC,EAAE,OAAO,CAAC;IACnB,uCAAuC;IACvC,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,eAAe;IAC9B,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,OAAO,CAAC;IAClB,gDAAgD;IAChD,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB;;;;OAIG;IACH,MAAM,CAAC,EAAE,kBAAkB,EAAE,CAAC;CAC/B;AAED,MAAM,MAAM,gBAAgB,GACxB,4BAA4B,GAC5B,sBAAsB,CAAC;AAC3B,MAAM,MAAM,qBAAqB,GAC7B,8BAA8B,GAC9B,sBAAsB,CAAC;AAC3B,MAAM,MAAM,gBAAgB,GACxB,8BAA8B,GAC9B,sBAAsB,CAAC;AAmB3B;;;;GAIG;AAEH,MAAM,MAAM,gBAAgB,GAAG,EAAE,CAAC;AAElC,8DAA8D;AAC9D,KAAK,SAAS,GAAG,MAAM,gBAAgB,CAAC;AACxC,KAAK,OAAO,CAAC,CAAC,SAAS,SAAS,IAAI,MAAM,gBAAgB,CAAC,CAAC,CAAC,GAAG,MAAM,CAAC;AACvE,KAAK,QAAQ,CACX,CAAC,SAAS,SAAS,EACnB,CAAC,SAAS,OAAO,CAAC,CAAC,CAAC,IAClB,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,SAAS;IAAE,MAAM,EAAE,MAAM,CAAC,CAAA;CAAE,GAClD,CAAC,GACD,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AAE5B,KAAK,YAAY,GAAG,MAAM,gBAAgB,SAAS,KAAK,GAEpD,CACE,IAAI,EAAE,MAAM,EACZ,IAAI,EAAE,MAAM,EACZ,MAAM,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAC7B,OAAO,CAAC,gBAAgB,CAAC,GAE9B,CAAC,CAAC,SAAS,SAAS,EAAE,CAAC,SAAS,OAAO,CAAC,CAAC,CAAC,EACxC,IAAI,EAAE,CAAC,EACP,IAAI,EAAE,CAAC,EACP,MAAM,EAAE,QAAQ,CAAC,CAAC,EAAE,CAAC,CAAC,KACnB,OAAO,CAAC,gBAAgB,CAAC,CAAC;AAEnC,MAAM,WAAW,SAAS;IACxB,GAAG,CAAC,KAAK,EAAE,WAAW,GAAG,OAAO,CAAC;QAAE,QAAQ,EAAE,qBAAqB,GAAG,IAAI,CAAA;KAAE,CAAC,CAAC;IAC7E,MAAM,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IACvC,IAAI,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC;IAC/B,GAAG,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,GAAG,IAAI,CAAC,CAAC;IAC/C,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,QAAQ,CAAC,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IACnE,OAAO,CACL,IAAI,EAAE,MAAM,EACZ,OAAO,CAAC,EAAE;QAAE,IAAI,CAAC,EAAE,OAAO,CAAA;KAAE,GAC3B,OAAO,CAAC,eAAe,GAAG,IAAI,CAAC,CAAC;IACnC,IAAI,EAAE,YAAY,CAAC;IACnB,SAAS,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,qBAAqB,CAAC,CAAC;IACxD,IAAI,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAAC;IAC9D,yDAAyD;IACzD,UAAU,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC;IACjD;;;;OAIG;IACH,IAAI,CACF,IAAI,EAAE,MAAM,EACZ,IAAI,CAAC,EAAE;QACL,4EAA4E;QAC5E,MAAM,CAAC,EAAE,MAAM,CAAC;QAChB;;;;WAIG;QACH,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACrC,oGAAoG;QACpG,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACvC,iFAAiF;QACjF,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;KACnB,GACA,OAAO,CAAC,eAAe,CAAC,CAAC;IAC5B;;;;OAIG;IACH,SAAS,CACP,IAAI,EAAE,MAAM,EACZ,IAAI,CAAC,EAAE;QACL,8DAA8D;QAC9D,cAAc,CAAC,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,IAAI,CAAC;QACvC,8CAA8C;QAC9C,SAAS,CAAC,EAAE,MAAM,CAAC;KACpB,GACA,OAAO,CAAC;QAAE,QAAQ,EAAE,OAAO,CAAA;KAAE,CAAC,CAAC;IAClC;;;;;;;OAOG;IACH,YAAY,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC;QAAE,WAAW,EAAE,MAAM,CAAA;KAAE,GAAG,IAAI,CAAC,CAAC;CACrE;AAED,MAAM,WAAW,GAAG;IAClB,QAAQ,EAAE,cAAc,CAAC;IACzB,GAAG,EAAE,SAAS,CAAC;IACf,UAAU,IAAI,OAAO,CAAC,cAAc,CAAC,CAAC;IACtC,WAAW,CAAC,MAAM,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACnD;;;;OAIG;IACH,cAAc,CAAC,MAAM,EAAE;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,GAAG,OAAO,CAAC;QAC/D,OAAO,EAAE,MAAM,CAAC;QAChB,QAAQ,EAAE,OAAO,CAAC;QAClB,YAAY,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;KACxC,CAAC,CAAC;CACJ;AAmLD,wBAAgB,SAAS,CAAC,EAAE,EAAE,OAAO,EAAE,OAAO,GAAE,UAAe,GAAG,GAAG,CA2uFpE"}
|
package/dist/config-store.js
CHANGED
|
@@ -443,6 +443,159 @@ export function createAdk(fs, options = {}) {
|
|
|
443
443
|
});
|
|
444
444
|
};
|
|
445
445
|
}
|
|
446
|
+
/**
|
|
447
|
+
* Call-time credential lookup: stored ref config first, then the host
|
|
448
|
+
* `resolveCredentials` callback. Does not persist resolved values.
|
|
449
|
+
*/
|
|
450
|
+
async function resolveCallCredential(ctx, field) {
|
|
451
|
+
const stored = await readRefSecret(ctx.name, field);
|
|
452
|
+
if (stored)
|
|
453
|
+
return stored;
|
|
454
|
+
return makeTryResolve(ctx)(field);
|
|
455
|
+
}
|
|
456
|
+
const CALL_BEARER_FIELDS = ["access_token", "api_key", "token"];
|
|
457
|
+
function isBearerAuthField(field) {
|
|
458
|
+
return CALL_BEARER_FIELDS.includes(field);
|
|
459
|
+
}
|
|
460
|
+
/** Legacy cache entries may omit `outbound`; these are never call-time creds. */
|
|
461
|
+
const LEGACY_CONNECT_ONLY_FIELDS = new Set([
|
|
462
|
+
"client_id",
|
|
463
|
+
"client_secret",
|
|
464
|
+
"refresh_token",
|
|
465
|
+
]);
|
|
466
|
+
function isCallOutboundAuthField(field, info) {
|
|
467
|
+
if (info.outbound === false)
|
|
468
|
+
return false;
|
|
469
|
+
if (info.outbound === true)
|
|
470
|
+
return true;
|
|
471
|
+
return !LEGACY_CONNECT_ONLY_FIELDS.has(field);
|
|
472
|
+
}
|
|
473
|
+
function readRegistryDeclaredAuthFields(security) {
|
|
474
|
+
if (!security || typeof security !== "object")
|
|
475
|
+
return undefined;
|
|
476
|
+
const raw = security.authFields;
|
|
477
|
+
if (!raw || typeof raw !== "object" || Array.isArray(raw))
|
|
478
|
+
return undefined;
|
|
479
|
+
const out = {};
|
|
480
|
+
for (const [field, meta] of Object.entries(raw)) {
|
|
481
|
+
if (!meta || typeof meta !== "object" || Array.isArray(meta))
|
|
482
|
+
continue;
|
|
483
|
+
const m = meta;
|
|
484
|
+
if (typeof m.required !== "boolean" || typeof m.automated !== "boolean") {
|
|
485
|
+
continue;
|
|
486
|
+
}
|
|
487
|
+
out[field] = { required: m.required, automated: m.automated };
|
|
488
|
+
if (typeof m.outbound === "boolean") {
|
|
489
|
+
out[field].outbound = m.outbound;
|
|
490
|
+
}
|
|
491
|
+
}
|
|
492
|
+
return Object.keys(out).length > 0 ? out : undefined;
|
|
493
|
+
}
|
|
494
|
+
async function mergeRegistryDeclaredAuthFields(fields, declared, canResolve, configKeys, refConfig) {
|
|
495
|
+
if (!declared)
|
|
496
|
+
return fields;
|
|
497
|
+
const next = {};
|
|
498
|
+
for (const [field, meta] of Object.entries(declared)) {
|
|
499
|
+
next[field] = {
|
|
500
|
+
required: meta.required,
|
|
501
|
+
automated: meta.automated,
|
|
502
|
+
present: configKeys.includes(field) || hasCredentialField(refConfig, field),
|
|
503
|
+
resolvable: await canResolve(field),
|
|
504
|
+
...(meta.format && { format: meta.format }),
|
|
505
|
+
...(meta.parts && { parts: meta.parts }),
|
|
506
|
+
...(meta.outbound === false && { outbound: false }),
|
|
507
|
+
};
|
|
508
|
+
}
|
|
509
|
+
return next;
|
|
510
|
+
}
|
|
511
|
+
function bearerFieldSatisfied(accessToken, refConfig, field) {
|
|
512
|
+
if (accessToken)
|
|
513
|
+
return true;
|
|
514
|
+
return hasCredentialField(refConfig, field);
|
|
515
|
+
}
|
|
516
|
+
function fallbackCallAuthFields() {
|
|
517
|
+
return {
|
|
518
|
+
access_token: { required: true, automated: true },
|
|
519
|
+
api_key: { required: false, automated: true },
|
|
520
|
+
token: { required: false, automated: true },
|
|
521
|
+
};
|
|
522
|
+
}
|
|
523
|
+
function headerFieldSatisfied(headers, field) {
|
|
524
|
+
const wanted = normalizeCredentialKey(field);
|
|
525
|
+
return Object.keys(headers).some((key) => normalizeCredentialKey(key) === wanted);
|
|
526
|
+
}
|
|
527
|
+
function resolveHeaderNameForField(field, refConfig) {
|
|
528
|
+
const wanted = normalizeCredentialKey(field);
|
|
529
|
+
const configHeaders = refConfig.headers;
|
|
530
|
+
if (configHeaders &&
|
|
531
|
+
typeof configHeaders === "object" &&
|
|
532
|
+
!Array.isArray(configHeaders)) {
|
|
533
|
+
for (const key of Object.keys(configHeaders)) {
|
|
534
|
+
if (normalizeCredentialKey(key) === wanted)
|
|
535
|
+
return key;
|
|
536
|
+
}
|
|
537
|
+
}
|
|
538
|
+
// x_api_key → X-API-KEY (registry codegen declares the canonical name;
|
|
539
|
+
// env-resolved keys use the normalized storage field name).
|
|
540
|
+
return field
|
|
541
|
+
.split("_")
|
|
542
|
+
.filter(Boolean)
|
|
543
|
+
.map((part) => part.toUpperCase())
|
|
544
|
+
.join("-");
|
|
545
|
+
}
|
|
546
|
+
/**
|
|
547
|
+
* Supplement call-time credentials from `resolveCredentials` when they
|
|
548
|
+
* are not already present in consumer-config. Stored values and config
|
|
549
|
+
* headers win — this only fills gaps. Walks cached `authFields` as the
|
|
550
|
+
* source of truth (registry-declared when auth-status has run).
|
|
551
|
+
*/
|
|
552
|
+
async function resolveAllCallCredentials(opts) {
|
|
553
|
+
if (!options.resolveCredentials) {
|
|
554
|
+
return {
|
|
555
|
+
accessToken: opts.accessToken,
|
|
556
|
+
resolvedHeaders: opts.resolvedHeaders,
|
|
557
|
+
};
|
|
558
|
+
}
|
|
559
|
+
let accessToken = opts.accessToken;
|
|
560
|
+
let resolvedHeaders = opts.resolvedHeaders;
|
|
561
|
+
const { ctx, refConfig } = opts;
|
|
562
|
+
const cache = await readRegistryCache();
|
|
563
|
+
const authFields = cache.refs[ctx.name]?.authFields ?? fallbackCallAuthFields();
|
|
564
|
+
for (const [field, info] of Object.entries(authFields)) {
|
|
565
|
+
if (!isCallOutboundAuthField(field, info))
|
|
566
|
+
continue;
|
|
567
|
+
if (!info.required && !info.automated)
|
|
568
|
+
continue;
|
|
569
|
+
if (isBearerAuthField(field)) {
|
|
570
|
+
if (bearerFieldSatisfied(accessToken, refConfig, field))
|
|
571
|
+
continue;
|
|
572
|
+
const value = await resolveCallCredential(ctx, field);
|
|
573
|
+
if (value)
|
|
574
|
+
accessToken = accessToken ?? value;
|
|
575
|
+
continue;
|
|
576
|
+
}
|
|
577
|
+
if (hasCredentialField(refConfig, field))
|
|
578
|
+
continue;
|
|
579
|
+
if (resolvedHeaders && headerFieldSatisfied(resolvedHeaders, field)) {
|
|
580
|
+
continue;
|
|
581
|
+
}
|
|
582
|
+
const value = await resolveCallCredential(ctx, field);
|
|
583
|
+
if (!value)
|
|
584
|
+
continue;
|
|
585
|
+
resolvedHeaders = resolvedHeaders ?? {};
|
|
586
|
+
if (!headerFieldSatisfied(resolvedHeaders, field)) {
|
|
587
|
+
resolvedHeaders[resolveHeaderNameForField(field, refConfig)] = value;
|
|
588
|
+
}
|
|
589
|
+
}
|
|
590
|
+
if (!accessToken) {
|
|
591
|
+
const username = await resolveCallCredential(ctx, "username");
|
|
592
|
+
const password = await resolveCallCredential(ctx, "password");
|
|
593
|
+
if (username && password) {
|
|
594
|
+
accessToken = btoa(`${username}:${password}`);
|
|
595
|
+
}
|
|
596
|
+
}
|
|
597
|
+
return { accessToken, resolvedHeaders };
|
|
598
|
+
}
|
|
446
599
|
/**
|
|
447
600
|
* Resolve OAuth client credentials (client_id + client_secret) for a
|
|
448
601
|
* ref. Walks: `resolveCredentials` callback → per-ref VCS storage.
|
|
@@ -634,6 +787,79 @@ export function createAdk(fs, options = {}) {
|
|
|
634
787
|
return null;
|
|
635
788
|
}
|
|
636
789
|
}
|
|
790
|
+
/**
|
|
791
|
+
* Resolve OAuth server metadata from a registry security scheme.
|
|
792
|
+
* Shared by `ref.auth` and `ref.refreshToken` so both paths discover
|
|
793
|
+
* token endpoints the same way — explicit manifest URLs, RFC 8414
|
|
794
|
+
* discovery via `discoveryUrl`, authorization-server discovery, and
|
|
795
|
+
* finally the MCP upstream URL for redirect-mode agents.
|
|
796
|
+
*/
|
|
797
|
+
async function resolveOAuthMetadataFromSecurity(security, opts) {
|
|
798
|
+
if (!security || security.type !== "oauth2")
|
|
799
|
+
return null;
|
|
800
|
+
const securityExt = security;
|
|
801
|
+
const authCodeFlow = securityExt.flows?.authorizationCode;
|
|
802
|
+
const explicitEndpoint = authCodeFlow?.refreshUrl ?? authCodeFlow?.tokenUrl;
|
|
803
|
+
if (explicitEndpoint) {
|
|
804
|
+
const flowScopes = authCodeFlow
|
|
805
|
+
?.scopes;
|
|
806
|
+
const authUrl = authCodeFlow?.authorizationUrl;
|
|
807
|
+
return {
|
|
808
|
+
issuer: authUrl
|
|
809
|
+
? new URL(authUrl).origin
|
|
810
|
+
: new URL(explicitEndpoint).origin,
|
|
811
|
+
authorization_endpoint: authUrl ?? explicitEndpoint,
|
|
812
|
+
token_endpoint: explicitEndpoint,
|
|
813
|
+
scopes_supported: flowScopes ? Object.keys(flowScopes) : undefined,
|
|
814
|
+
};
|
|
815
|
+
}
|
|
816
|
+
if (securityExt.discoveryUrl) {
|
|
817
|
+
const fromDiscovery = (await tryFetchOAuthMetadata(securityExt.discoveryUrl)) ??
|
|
818
|
+
(await discoverOAuthMetadata(securityExt.discoveryUrl));
|
|
819
|
+
if (fromDiscovery)
|
|
820
|
+
return fromDiscovery;
|
|
821
|
+
}
|
|
822
|
+
const authUrl = authCodeFlow?.authorizationUrl;
|
|
823
|
+
if (authUrl) {
|
|
824
|
+
let metadata = await tryFetchOAuthMetadata(authUrl);
|
|
825
|
+
if (!metadata) {
|
|
826
|
+
metadata = await discoverOAuthMetadata(new URL(authUrl).origin);
|
|
827
|
+
}
|
|
828
|
+
if (metadata)
|
|
829
|
+
return metadata;
|
|
830
|
+
}
|
|
831
|
+
const serverUrl = opts?.serverUrl;
|
|
832
|
+
if (serverUrl) {
|
|
833
|
+
let metadata = await discoverOAuthMetadata(serverUrl);
|
|
834
|
+
if (!metadata) {
|
|
835
|
+
metadata = await discoverOAuthMetadata(serverUrl.replace(/\/(mcp|sse)$/, ""));
|
|
836
|
+
}
|
|
837
|
+
if (metadata)
|
|
838
|
+
return metadata;
|
|
839
|
+
}
|
|
840
|
+
return null;
|
|
841
|
+
}
|
|
842
|
+
function resolveClientAuthMethod(security, metadata) {
|
|
843
|
+
const flowAuth = security.flows?.authorizationCode?.clientAuth;
|
|
844
|
+
if (flowAuth)
|
|
845
|
+
return flowAuth;
|
|
846
|
+
const supported = metadata?.token_endpoint_auth_methods_supported;
|
|
847
|
+
if (supported?.length === 1 && supported[0] === "client_secret_basic") {
|
|
848
|
+
return "client_secret_basic";
|
|
849
|
+
}
|
|
850
|
+
const tokenEndpoint = metadata?.token_endpoint;
|
|
851
|
+
if (tokenEndpoint) {
|
|
852
|
+
try {
|
|
853
|
+
if (new URL(tokenEndpoint).hostname === "api.x.com") {
|
|
854
|
+
return "client_secret_basic";
|
|
855
|
+
}
|
|
856
|
+
}
|
|
857
|
+
catch {
|
|
858
|
+
/* ignore malformed token endpoint */
|
|
859
|
+
}
|
|
860
|
+
}
|
|
861
|
+
return "client_secret_post";
|
|
862
|
+
}
|
|
637
863
|
/**
|
|
638
864
|
* Build a registryConsumer from the current config.
|
|
639
865
|
* Decrypts secret: values in registry headers/auth before connecting.
|
|
@@ -734,7 +960,8 @@ export function createAdk(fs, options = {}) {
|
|
|
734
960
|
if (!found)
|
|
735
961
|
return false;
|
|
736
962
|
for (const r of registries) {
|
|
737
|
-
if (typeof r !== "string" &&
|
|
963
|
+
if (typeof r !== "string" &&
|
|
964
|
+
(registryDisplayName(r) === nameOrUrl || registryUrl(r) === nameOrUrl)) {
|
|
738
965
|
await mutate(r);
|
|
739
966
|
}
|
|
740
967
|
}
|
|
@@ -1505,7 +1732,7 @@ export function createAdk(fs, options = {}) {
|
|
|
1505
1732
|
const entry = findRef(config.refs ?? [], name);
|
|
1506
1733
|
if (!entry)
|
|
1507
1734
|
throw new Error(`Ref "${name}" not found`);
|
|
1508
|
-
|
|
1735
|
+
let accessToken = (await readRefSecret(name, "access_token")) ??
|
|
1509
1736
|
(await readRefSecret(name, "api_key")) ??
|
|
1510
1737
|
(await readRefSecret(name, "token"));
|
|
1511
1738
|
// Resolve custom headers from config (e.g. { "X-API-Key": "secret:..." })
|
|
@@ -1552,6 +1779,16 @@ export function createAdk(fs, options = {}) {
|
|
|
1552
1779
|
}
|
|
1553
1780
|
}
|
|
1554
1781
|
}
|
|
1782
|
+
if (options.resolveCredentials) {
|
|
1783
|
+
const supplemented = await resolveAllCallCredentials({
|
|
1784
|
+
ctx: { name, entry, security: null },
|
|
1785
|
+
refConfig,
|
|
1786
|
+
accessToken,
|
|
1787
|
+
resolvedHeaders,
|
|
1788
|
+
});
|
|
1789
|
+
accessToken = supplemented.accessToken;
|
|
1790
|
+
resolvedHeaders = supplemented.resolvedHeaders;
|
|
1791
|
+
}
|
|
1555
1792
|
const doCall = async (token) => {
|
|
1556
1793
|
// Direct MCP only for redirect/proxy agents with an MCP upstream.
|
|
1557
1794
|
// API-mode agents must go through the registry (it does REST translation).
|
|
@@ -1663,7 +1900,7 @@ export function createAdk(fs, options = {}) {
|
|
|
1663
1900
|
async function canResolve(field, oauthMetadata) {
|
|
1664
1901
|
return (await tryResolveField(field, oauthMetadata)) !== null;
|
|
1665
1902
|
}
|
|
1666
|
-
|
|
1903
|
+
let fields = {};
|
|
1667
1904
|
if (security.type === "oauth2") {
|
|
1668
1905
|
const securityExt = security;
|
|
1669
1906
|
const hasRegistration = !!securityExt.dynamicRegistration;
|
|
@@ -1697,6 +1934,7 @@ export function createAdk(fs, options = {}) {
|
|
|
1697
1934
|
automated: hasRegistration,
|
|
1698
1935
|
present: configKeys.includes("client_id"),
|
|
1699
1936
|
resolvable: await canResolve("client_id", oauthMetadata),
|
|
1937
|
+
outbound: false,
|
|
1700
1938
|
};
|
|
1701
1939
|
if (needsSecret) {
|
|
1702
1940
|
fields.client_secret = {
|
|
@@ -1704,13 +1942,14 @@ export function createAdk(fs, options = {}) {
|
|
|
1704
1942
|
automated: hasRegistration,
|
|
1705
1943
|
present: configKeys.includes("client_secret"),
|
|
1706
1944
|
resolvable: await canResolve("client_secret", oauthMetadata),
|
|
1945
|
+
outbound: false,
|
|
1707
1946
|
};
|
|
1708
1947
|
}
|
|
1709
1948
|
fields.access_token = {
|
|
1710
1949
|
required: true,
|
|
1711
1950
|
automated: accessTokenAutomated,
|
|
1712
1951
|
present: configKeys.includes("access_token"),
|
|
1713
|
-
resolvable:
|
|
1952
|
+
resolvable: await canResolve("access_token"),
|
|
1714
1953
|
};
|
|
1715
1954
|
}
|
|
1716
1955
|
else if (security.type === "apiKey") {
|
|
@@ -1767,7 +2006,12 @@ export function createAdk(fs, options = {}) {
|
|
|
1767
2006
|
format: "basic",
|
|
1768
2007
|
parts: [
|
|
1769
2008
|
{ name: "username", label: "Username", secret: false },
|
|
1770
|
-
{
|
|
2009
|
+
{
|
|
2010
|
+
name: "password",
|
|
2011
|
+
label: "Password",
|
|
2012
|
+
secret: true,
|
|
2013
|
+
optional: true,
|
|
2014
|
+
},
|
|
1771
2015
|
],
|
|
1772
2016
|
}),
|
|
1773
2017
|
};
|
|
@@ -1788,7 +2032,8 @@ export function createAdk(fs, options = {}) {
|
|
|
1788
2032
|
resolvable: await canResolve("access_token"),
|
|
1789
2033
|
};
|
|
1790
2034
|
}
|
|
1791
|
-
|
|
2035
|
+
fields = await mergeRegistryDeclaredAuthFields(fields, readRegistryDeclaredAuthFields(security), canResolve, configKeys, (entry.config ?? {}));
|
|
2036
|
+
const complete = Object.values(fields).every((f) => !f.required || f.automated || f.present || f.resolvable);
|
|
1792
2037
|
// Persist the slim {required, automated} per-field shape into the
|
|
1793
2038
|
// registry cache so `isRefAuthComplete` can answer subsequent
|
|
1794
2039
|
// host-side "is this ref ready?" checks without re-fetching the
|
|
@@ -1802,6 +2047,7 @@ export function createAdk(fs, options = {}) {
|
|
|
1802
2047
|
automated: info.automated,
|
|
1803
2048
|
...(info.format && { format: info.format }),
|
|
1804
2049
|
...(info.parts && { parts: info.parts }),
|
|
2050
|
+
...(info.outbound === false && { outbound: false }),
|
|
1805
2051
|
};
|
|
1806
2052
|
}
|
|
1807
2053
|
await upsertRegistryCacheAuthFields(name, entry.ref, authFields);
|
|
@@ -1899,7 +2145,9 @@ export function createAdk(fs, options = {}) {
|
|
|
1899
2145
|
const isBasic = httpSec.scheme === "basic";
|
|
1900
2146
|
if (isBasic) {
|
|
1901
2147
|
const username = opts?.credentials?.["username"] ?? (await tryResolve("username"));
|
|
1902
|
-
const password = opts?.credentials?.["password"] ??
|
|
2148
|
+
const password = opts?.credentials?.["password"] ??
|
|
2149
|
+
(await tryResolve("password")) ??
|
|
2150
|
+
"";
|
|
1903
2151
|
const hasUsername = username !== undefined && username !== null && username !== "";
|
|
1904
2152
|
if (!hasUsername) {
|
|
1905
2153
|
return {
|
|
@@ -1948,21 +2196,9 @@ export function createAdk(fs, options = {}) {
|
|
|
1948
2196
|
};
|
|
1949
2197
|
}
|
|
1950
2198
|
const authUrl = authCodeFlow.authorizationUrl;
|
|
1951
|
-
|
|
1952
|
-
|
|
1953
|
-
|
|
1954
|
-
metadata = await discoverOAuthMetadata(origin);
|
|
1955
|
-
}
|
|
1956
|
-
// Fallback: construct metadata from the security scheme's explicit URLs
|
|
1957
|
-
if (!metadata && authCodeFlow.tokenUrl) {
|
|
1958
|
-
const flowScopes = authCodeFlow.scopes;
|
|
1959
|
-
metadata = {
|
|
1960
|
-
issuer: new URL(authUrl).origin,
|
|
1961
|
-
authorization_endpoint: authUrl,
|
|
1962
|
-
token_endpoint: authCodeFlow.tokenUrl,
|
|
1963
|
-
scopes_supported: flowScopes ? Object.keys(flowScopes) : undefined,
|
|
1964
|
-
};
|
|
1965
|
-
}
|
|
2199
|
+
const metadata = await resolveOAuthMetadataFromSecurity(security, {
|
|
2200
|
+
serverUrl: entry.url,
|
|
2201
|
+
});
|
|
1966
2202
|
if (!metadata) {
|
|
1967
2203
|
throw new Error(`Could not discover OAuth metadata from ${authUrl}`);
|
|
1968
2204
|
}
|
|
@@ -2050,11 +2286,13 @@ export function createAdk(fs, options = {}) {
|
|
|
2050
2286
|
extraParams: authorizationParams,
|
|
2051
2287
|
});
|
|
2052
2288
|
// Persist pending state so handleCallback works across processes
|
|
2289
|
+
const clientAuthMethod = resolveClientAuthMethod(security, metadata);
|
|
2053
2290
|
await storePendingOAuth(state, {
|
|
2054
2291
|
refName: name,
|
|
2055
2292
|
codeVerifier,
|
|
2056
2293
|
clientId,
|
|
2057
2294
|
clientSecret,
|
|
2295
|
+
clientAuthMethod,
|
|
2058
2296
|
tokenEndpoint: metadata.token_endpoint,
|
|
2059
2297
|
redirectUri,
|
|
2060
2298
|
createdAt: Date.now(),
|
|
@@ -2190,43 +2428,43 @@ export function createAdk(fs, options = {}) {
|
|
|
2190
2428
|
return null;
|
|
2191
2429
|
const status = await ref.authStatus(name);
|
|
2192
2430
|
const security = status.security;
|
|
2193
|
-
const
|
|
2194
|
-
|
|
2195
|
-
|
|
2196
|
-
const
|
|
2197
|
-
|
|
2198
|
-
if (!tokenUrl)
|
|
2431
|
+
const metadata = await resolveOAuthMetadataFromSecurity(security, {
|
|
2432
|
+
serverUrl: entry.url,
|
|
2433
|
+
});
|
|
2434
|
+
const tokenEndpoint = metadata?.token_endpoint;
|
|
2435
|
+
if (!tokenEndpoint)
|
|
2199
2436
|
return null;
|
|
2200
|
-
const oauthClient = await resolveOAuthClient({
|
|
2437
|
+
const oauthClient = await resolveOAuthClient({
|
|
2438
|
+
name,
|
|
2439
|
+
entry,
|
|
2440
|
+
security,
|
|
2441
|
+
metadata,
|
|
2442
|
+
});
|
|
2201
2443
|
if (!oauthClient)
|
|
2202
2444
|
return null;
|
|
2203
|
-
const
|
|
2204
|
-
|
|
2205
|
-
|
|
2206
|
-
|
|
2207
|
-
|
|
2208
|
-
|
|
2209
|
-
|
|
2210
|
-
|
|
2211
|
-
|
|
2445
|
+
const clientAuthMethod = resolveClientAuthMethod(security, metadata);
|
|
2446
|
+
const fetchFn = options.fetch ?? globalThis.fetch;
|
|
2447
|
+
let tokens;
|
|
2448
|
+
try {
|
|
2449
|
+
tokens = await refreshAccessToken(tokenEndpoint, {
|
|
2450
|
+
refreshToken,
|
|
2451
|
+
clientId: oauthClient.clientId,
|
|
2452
|
+
clientSecret: oauthClient.clientSecret,
|
|
2453
|
+
clientAuthMethod,
|
|
2454
|
+
}, fetchFn);
|
|
2212
2455
|
}
|
|
2213
|
-
|
|
2214
|
-
method: "POST",
|
|
2215
|
-
headers: { "Content-Type": "application/x-www-form-urlencoded" },
|
|
2216
|
-
body: body.toString(),
|
|
2217
|
-
});
|
|
2218
|
-
if (!res.ok)
|
|
2219
|
-
return null;
|
|
2220
|
-
const data = (await res.json());
|
|
2221
|
-
const newAccessToken = data.access_token;
|
|
2222
|
-
if (!newAccessToken)
|
|
2456
|
+
catch {
|
|
2223
2457
|
return null;
|
|
2224
|
-
// Store the new tokens
|
|
2225
|
-
await storeRefSecret(name, "access_token", newAccessToken);
|
|
2226
|
-
if (data.refresh_token && typeof data.refresh_token === "string") {
|
|
2227
|
-
await storeRefSecret(name, "refresh_token", data.refresh_token);
|
|
2228
2458
|
}
|
|
2229
|
-
|
|
2459
|
+
await storeRefSecret(name, "access_token", tokens.accessToken);
|
|
2460
|
+
if (tokens.refreshToken) {
|
|
2461
|
+
await storeRefSecret(name, "refresh_token", tokens.refreshToken);
|
|
2462
|
+
}
|
|
2463
|
+
if (tokens.expiresIn) {
|
|
2464
|
+
const expiresAt = new Date(Date.now() + tokens.expiresIn * 1000).toISOString();
|
|
2465
|
+
await storeRefSecret(name, "expires_at", expiresAt);
|
|
2466
|
+
}
|
|
2467
|
+
return { accessToken: tokens.accessToken };
|
|
2230
2468
|
},
|
|
2231
2469
|
};
|
|
2232
2470
|
// ==========================================
|
|
@@ -2237,13 +2475,15 @@ export function createAdk(fs, options = {}) {
|
|
|
2237
2475
|
if (!pending) {
|
|
2238
2476
|
throw new Error(`No pending OAuth flow for state "${params.state}".`);
|
|
2239
2477
|
}
|
|
2478
|
+
const fetchFn = options.fetch ?? globalThis.fetch;
|
|
2240
2479
|
const tokens = await exchangeCodeForTokens(pending.tokenEndpoint, {
|
|
2241
2480
|
code: params.code,
|
|
2242
2481
|
codeVerifier: pending.codeVerifier,
|
|
2243
2482
|
clientId: pending.clientId,
|
|
2244
2483
|
clientSecret: pending.clientSecret,
|
|
2245
2484
|
redirectUri: pending.redirectUri,
|
|
2246
|
-
|
|
2485
|
+
clientAuthMethod: pending.clientAuthMethod,
|
|
2486
|
+
}, fetchFn);
|
|
2247
2487
|
await storeRefSecret(pending.refName, "access_token", tokens.accessToken);
|
|
2248
2488
|
if (tokens.refreshToken) {
|
|
2249
2489
|
await storeRefSecret(pending.refName, "refresh_token", tokens.refreshToken);
|