npm - @sonoma-security/mcp-gateway - Versions diffs - 0.1.0 - Mend

@sonoma-security/mcp-gateway 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (42) hide show

package/README.md +82 -0
package/dist/auth/client.d.ts +35 -0
package/dist/auth/client.d.ts.map +1 -0
package/dist/auth/client.js +217 -0
package/dist/auth/client.js.map +1 -0
package/dist/auth/index.d.ts +7 -0
package/dist/auth/index.d.ts.map +1 -0
package/dist/auth/index.js +7 -0
package/dist/auth/index.js.map +1 -0
package/dist/auth/server.d.ts +26 -0
package/dist/auth/server.d.ts.map +1 -0
package/dist/auth/server.js +155 -0
package/dist/auth/server.js.map +1 -0
package/dist/auth/storage.d.ts +58 -0
package/dist/auth/storage.d.ts.map +1 -0
package/dist/auth/storage.js +181 -0
package/dist/auth/storage.js.map +1 -0
package/dist/cli.d.ts +11 -0
package/dist/cli.d.ts.map +1 -0
package/dist/cli.js +272 -0
package/dist/cli.js.map +1 -0
package/dist/config.d.ts +37 -0
package/dist/config.d.ts.map +1 -0
package/dist/config.js +134 -0
package/dist/config.js.map +1 -0
package/dist/gateway.d.ts +66 -0
package/dist/gateway.d.ts.map +1 -0
package/dist/gateway.js +346 -0
package/dist/gateway.js.map +1 -0
package/dist/index.d.ts +10 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +9 -0
package/dist/index.js.map +1 -0
package/dist/sonoma-client.d.ts +55 -0
package/dist/sonoma-client.d.ts.map +1 -0
package/dist/sonoma-client.js +144 -0
package/dist/sonoma-client.js.map +1 -0
package/dist/types.d.ts +47 -0
package/dist/types.d.ts.map +1 -0
package/dist/types.js +5 -0
package/dist/types.js.map +1 -0
package/package.json +43 -0

package/README.md ADDED Viewed

@@ -0,0 +1,82 @@
+# @sonoma/mcp-gateway
+Local MCP proxy for tool-level visibility. Intercepts stdio MCP servers, aggregates tools, forwards calls.
+## Usage
+```bash
+# With config file
+bun run src/cli.ts --config config.json
+# Auto-detect Claude Desktop config
+bun run src/cli.ts --auto --debug
+```
+## Config Format
+```json
+{
+  "servers": [
+    { "name": "fs", "command": "npx", "args": ["-y", "@anthropic-ai/mcp-server-filesystem", "/tmp"] }
+  ]
+}
+```
+Also accepts Claude Desktop `mcpServers` format.
+## Add to MCP Client
+**Cursor** (`~/.cursor/mcp.json`):
+```json
+{
+  "mcpServers": {
+    "sonoma": {
+      "command": "bun",
+      "args": ["run", "/path/to/packages/mcp-gateway/src/cli.ts", "--config", "/path/to/config.json"]
+    }
+  }
+}
+```
+**Claude Code**:
+```bash
+claude mcp add sonoma -- bun run /path/to/packages/mcp-gateway/src/cli.ts --config /path/to/config.json
+```
+## Development
+```bash
+# Run tests (vitest)
+bun run test
+# Watch mode
+bun run test -- --watch
+# Typecheck
+bun run typecheck
+```
+## Manual JSON-RPC Testing
+```bash
+cat << 'EOF' | bun run src/cli.ts --config tests/fixtures/echo-server.json
+{"jsonrpc":"2.0","method":"initialize","params":{"protocolVersion":"2024-11-05","capabilities":{},"clientInfo":{"name":"test","version":"1.0"}},"id":1}
+{"jsonrpc":"2.0","method":"tools/list","id":2}
+EOF
+```
+## Architecture
+```
+AI Client (stdio) → Gateway → [Upstream MCP Servers]
+                      ↓
+              Tools namespaced as serverName__toolName
+```
+## Status
+- [x] Core proxy (tools/list, tools/call forwarding)
+- [x] Config loader (native + Claude Desktop format)
+- [x] CLI
+- [ ] Telemetry reporter
+- [ ] Policy enforcement

package/dist/auth/client.d.ts ADDED Viewed

@@ -0,0 +1,35 @@
+/**
+ * Simple OAuth 2.0 client with Dynamic Client Registration (DCR)
+ *
+ * Flow:
+ * 1. Discover auth endpoints via /.well-known/oauth-authorization-server
+ * 2. Register client via DCR (if not already registered)
+ * 3. Authorization code flow with PKCE
+ * 4. Store tokens, auto-refresh when expired
+ */
+export interface AuthClientOptions {
+    sonomaEndpoint: string;
+    debug?: boolean;
+}
+/**
+ * Login via OAuth - opens browser, waits for callback
+ */
+export declare function login(options: AuthClientOptions): Promise<void>;
+/**
+ * Get valid access token - refreshes if expired
+ */
+export declare function getAccessToken(options: AuthClientOptions): Promise<string>;
+/**
+ * Logout - clear stored credentials
+ */
+export declare function logout(): void;
+/**
+ * Get auth status
+ */
+export declare function getAuthStatus(): {
+    loggedIn: boolean;
+    endpoint?: string;
+    expiresAt?: Date;
+    hasRefreshToken: boolean;
+};
+//# sourceMappingURL=client.d.ts.map

package/dist/auth/client.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../../src/auth/client.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAwBH,MAAM,WAAW,iBAAiB;IAChC,cAAc,EAAE,MAAM,CAAC;IACvB,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB;AA2HD;;GAEG;AACH,wBAAsB,KAAK,CAAC,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAAC,IAAI,CAAC,CAkErE;AAED;;GAEG;AACH,wBAAsB,cAAc,CAAC,OAAO,EAAE,iBAAiB,GAAG,OAAO,CAAC,MAAM,CAAC,CAiChF;AAED;;GAEG;AACH,wBAAgB,MAAM,IAAI,IAAI,CAG7B;AAED;;GAEG;AACH,wBAAgB,aAAa,IAAI;IAC/B,QAAQ,EAAE,OAAO,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,SAAS,CAAC,EAAE,IAAI,CAAC;IACjB,eAAe,EAAE,OAAO,CAAC;CAC1B,CASA"}

package/dist/auth/client.js ADDED Viewed

@@ -0,0 +1,217 @@
+/**
+ * Simple OAuth 2.0 client with Dynamic Client Registration (DCR)
+ *
+ * Flow:
+ * 1. Discover auth endpoints via /.well-known/oauth-authorization-server
+ * 2. Register client via DCR (if not already registered)
+ * 3. Authorization code flow with PKCE
+ * 4. Store tokens, auto-refresh when expired
+ */
+import { createHash, randomBytes } from "node:crypto";
+import { loadCredentials, saveCredentials, clearCredentials } from "./storage";
+import { startCallbackServer, getCallbackUrl } from "./server";
+const CALLBACK_PORT = 19842;
+const CLIENT_NAME = "Sonoma MCP Gateway";
+function log(debug, msg, ...args) {
+    if (debug)
+        console.error(`[auth] ${msg}`, ...args);
+}
+/** Discover OAuth endpoints */
+async function discoverAuthServer(sonomaUrl) {
+    const url = `${sonomaUrl}/.well-known/oauth-authorization-server`;
+    const res = await fetch(url);
+    if (!res.ok)
+        throw new Error(`Failed to discover auth server: ${res.status}`);
+    return res.json();
+}
+/** Generate PKCE code verifier and challenge */
+function generatePKCE() {
+    const verifier = randomBytes(32).toString("base64url");
+    const challenge = createHash("sha256").update(verifier).digest("base64url");
+    return { verifier, challenge };
+}
+/** Open URL in browser */
+async function openBrowser(url) {
+    const { exec } = await import("node:child_process");
+    const platform = process.platform;
+    if (platform === "darwin") {
+        exec(`open "${url}"`);
+    }
+    else if (platform === "win32") {
+        exec(`start "" "${url}"`);
+    }
+    else {
+        exec(`xdg-open "${url}"`);
+    }
+}
+/** Register client via DCR */
+async function registerClient(metadata, debug) {
+    if (!metadata.registration_endpoint) {
+        throw new Error("Auth server does not support Dynamic Client Registration");
+    }
+    log(debug, "Registering client via DCR...");
+    const res = await fetch(metadata.registration_endpoint, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({
+            client_name: CLIENT_NAME,
+            redirect_uris: [getCallbackUrl(CALLBACK_PORT)],
+            grant_types: ["authorization_code", "refresh_token"],
+            response_types: ["code"],
+            token_endpoint_auth_method: "none", // Public client (PKCE only)
+        }),
+    });
+    if (!res.ok) {
+        const error = await res.text();
+        throw new Error(`DCR failed: ${res.status} - ${error}`);
+    }
+    const data = await res.json();
+    log(debug, "Client registered:", data.client_id);
+    return {
+        clientId: data.client_id,
+        clientSecret: data.client_secret,
+    };
+}
+/** Exchange authorization code for tokens */
+async function exchangeCode(metadata, code, codeVerifier, clientId) {
+    const res = await fetch(metadata.token_endpoint, {
+        method: "POST",
+        headers: { "Content-Type": "application/x-www-form-urlencoded" },
+        body: new URLSearchParams({
+            grant_type: "authorization_code",
+            code,
+            redirect_uri: getCallbackUrl(CALLBACK_PORT),
+            client_id: clientId,
+            code_verifier: codeVerifier,
+        }),
+    });
+    if (!res.ok) {
+        const error = await res.text();
+        throw new Error(`Token exchange failed: ${res.status} - ${error}`);
+    }
+    return res.json();
+}
+/** Refresh access token */
+async function refreshTokens(metadata, refreshToken, clientId) {
+    const res = await fetch(metadata.token_endpoint, {
+        method: "POST",
+        headers: { "Content-Type": "application/x-www-form-urlencoded" },
+        body: new URLSearchParams({
+            grant_type: "refresh_token",
+            refresh_token: refreshToken,
+            client_id: clientId,
+        }),
+    });
+    if (!res.ok) {
+        const error = await res.text();
+        throw new Error(`Token refresh failed: ${res.status} - ${error}`);
+    }
+    return res.json();
+}
+/**
+ * Login via OAuth - opens browser, waits for callback
+ */
+export async function login(options) {
+    const { sonomaEndpoint, debug = false } = options;
+    log(debug, "Starting login flow...");
+    // 1. Discover auth endpoints
+    const metadata = await discoverAuthServer(sonomaEndpoint);
+    log(debug, "Auth server:", metadata.issuer);
+    // 2. Check if we have a registered client, or register one
+    let creds = loadCredentials();
+    if (!creds?.clientId || creds.sonomaEndpoint !== sonomaEndpoint) {
+        const client = await registerClient(metadata, debug);
+        creds = {
+            clientId: client.clientId,
+            clientSecret: client.clientSecret,
+            sonomaEndpoint,
+        };
+        saveCredentials(creds);
+    }
+    // 3. Generate PKCE
+    const pkce = generatePKCE();
+    // 4. Build authorization URL
+    const state = randomBytes(16).toString("hex");
+    const authUrl = new URL(metadata.authorization_endpoint);
+    authUrl.searchParams.set("response_type", "code");
+    authUrl.searchParams.set("client_id", creds.clientId);
+    authUrl.searchParams.set("redirect_uri", getCallbackUrl(CALLBACK_PORT));
+    authUrl.searchParams.set("code_challenge", pkce.challenge);
+    authUrl.searchParams.set("code_challenge_method", "S256");
+    authUrl.searchParams.set("state", state);
+    authUrl.searchParams.set("scope", "openid profile email");
+    // 5. Start callback server and open browser
+    console.error("\nOpening browser for authentication...");
+    console.error(`If browser doesn't open, visit:\n${authUrl.toString()}\n`);
+    const callbackPromise = startCallbackServer({ port: CALLBACK_PORT, debug });
+    await openBrowser(authUrl.toString());
+    // 6. Wait for callback
+    const result = await callbackPromise;
+    if (result.state !== state) {
+        throw new Error("State mismatch - possible CSRF attack");
+    }
+    log(debug, "Received authorization code");
+    // 7. Exchange code for tokens
+    const tokens = await exchangeCode(metadata, result.code, pkce.verifier, creds.clientId);
+    log(debug, "Got tokens, expires_in:", tokens.expires_in);
+    // 8. Save tokens
+    saveCredentials({
+        ...creds,
+        accessToken: tokens.access_token,
+        refreshToken: tokens.refresh_token,
+        tokenType: tokens.token_type,
+        scope: tokens.scope,
+        expiresAt: tokens.expires_in ? Date.now() + tokens.expires_in * 1000 : undefined,
+        lastRefreshed: Date.now(),
+    });
+    console.error("\nAuthentication successful!");
+}
+/**
+ * Get valid access token - refreshes if expired
+ */
+export async function getAccessToken(options) {
+    const { sonomaEndpoint, debug = false } = options;
+    const creds = loadCredentials();
+    if (!creds?.accessToken) {
+        throw new Error("Not logged in. Run: sonoma-gateway --login");
+    }
+    if (creds.sonomaEndpoint !== sonomaEndpoint) {
+        throw new Error(`Logged in to different endpoint: ${creds.sonomaEndpoint}`);
+    }
+    // Check if token needs refresh (5 min buffer)
+    const needsRefresh = creds.expiresAt && Date.now() + 300000 >= creds.expiresAt;
+    if (needsRefresh && creds.refreshToken && creds.clientId) {
+        log(debug, "Refreshing token...");
+        const metadata = await discoverAuthServer(sonomaEndpoint);
+        const tokens = await refreshTokens(metadata, creds.refreshToken, creds.clientId);
+        saveCredentials({
+            ...creds,
+            accessToken: tokens.access_token,
+            refreshToken: tokens.refresh_token || creds.refreshToken,
+            expiresAt: tokens.expires_in ? Date.now() + tokens.expires_in * 1000 : undefined,
+            lastRefreshed: Date.now(),
+        });
+        return tokens.access_token;
+    }
+    return creds.accessToken;
+}
+/**
+ * Logout - clear stored credentials
+ */
+export function logout() {
+    clearCredentials();
+    console.error("Logged out successfully");
+}
+/**
+ * Get auth status
+ */
+export function getAuthStatus() {
+    const creds = loadCredentials();
+    return {
+        loggedIn: !!creds?.accessToken,
+        endpoint: creds?.sonomaEndpoint,
+        expiresAt: creds?.expiresAt ? new Date(creds.expiresAt) : undefined,
+        hasRefreshToken: !!creds?.refreshToken,
+    };
+}
+//# sourceMappingURL=client.js.map

package/dist/auth/client.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"client.js","sourceRoot":"","sources":["../../src/auth/client.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AACtD,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,gBAAgB,EAAE,MAAM,WAAW,CAAC;AAC/E,OAAO,EAAE,mBAAmB,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC;AAE/D,MAAM,aAAa,GAAG,KAAK,CAAC;AAC5B,MAAM,WAAW,GAAG,oBAAoB,CAAC;AAsBzC,SAAS,GAAG,CAAC,KAAc,EAAE,GAAW,EAAE,GAAG,IAAe;IAC1D,IAAI,KAAK;QAAE,OAAO,CAAC,KAAK,CAAC,UAAU,GAAG,EAAE,EAAE,GAAG,IAAI,CAAC,CAAC;AACrD,CAAC;AAED,+BAA+B;AAC/B,KAAK,UAAU,kBAAkB,CAAC,SAAiB;IACjD,MAAM,GAAG,GAAG,GAAG,SAAS,yCAAyC,CAAC;IAClE,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,CAAC,CAAC;IAC7B,IAAI,CAAC,GAAG,CAAC,EAAE;QAAE,MAAM,IAAI,KAAK,CAAC,mCAAmC,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;IAC9E,OAAO,GAAG,CAAC,IAAI,EAAE,CAAC;AACpB,CAAC;AAED,gDAAgD;AAChD,SAAS,YAAY;IACnB,MAAM,QAAQ,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IACvD,MAAM,SAAS,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;IAC5E,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;AACjC,CAAC;AAED,0BAA0B;AAC1B,KAAK,UAAU,WAAW,CAAC,GAAW;IACpC,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,MAAM,CAAC,oBAAoB,CAAC,CAAC;IACpD,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IAElC,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC1B,IAAI,CAAC,SAAS,GAAG,GAAG,CAAC,CAAC;IACxB,CAAC;SAAM,IAAI,QAAQ,KAAK,OAAO,EAAE,CAAC;QAChC,IAAI,CAAC,aAAa,GAAG,GAAG,CAAC,CAAC;IAC5B,CAAC;SAAM,CAAC;QACN,IAAI,CAAC,aAAa,GAAG,GAAG,CAAC,CAAC;IAC5B,CAAC;AACH,CAAC;AAED,8BAA8B;AAC9B,KAAK,UAAU,cAAc,CAC3B,QAA4B,EAC5B,KAAc;IAEd,IAAI,CAAC,QAAQ,CAAC,qBAAqB,EAAE,CAAC;QACpC,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAC;IAC9E,CAAC;IAED,GAAG,CAAC,KAAK,EAAE,+BAA+B,CAAC,CAAC;IAE5C,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,QAAQ,CAAC,qBAAqB,EAAE;QACtD,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;QAC/C,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;YACnB,WAAW,EAAE,WAAW;YACxB,aAAa,EAAE,CAAC,cAAc,CAAC,aAAa,CAAC,CAAC;YAC9C,WAAW,EAAE,CAAC,oBAAoB,EAAE,eAAe,CAAC;YACpD,cAAc,EAAE,CAAC,MAAM,CAAC;YACxB,0BAA0B,EAAE,MAAM,EAAE,4BAA4B;SACjE,CAAC;KACH,CAAC,CAAC;IAEH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,KAAK,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QAC/B,MAAM,IAAI,KAAK,CAAC,eAAe,GAAG,CAAC,MAAM,MAAM,KAAK,EAAE,CAAC,CAAC;IAC1D,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;IAC9B,GAAG,CAAC,KAAK,EAAE,oBAAoB,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;IAEjD,OAAO;QACL,QAAQ,EAAE,IAAI,CAAC,SAAS;QACxB,YAAY,EAAE,IAAI,CAAC,aAAa;KACjC,CAAC;AACJ,CAAC;AAED,6CAA6C;AAC7C,KAAK,UAAU,YAAY,CACzB,QAA4B,EAC5B,IAAY,EACZ,YAAoB,EACpB,QAAgB;IAEhB,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,QAAQ,CAAC,cAAc,EAAE;QAC/C,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;QAChE,IAAI,EAAE,IAAI,eAAe,CAAC;YACxB,UAAU,EAAE,oBAAoB;YAChC,IAAI;YACJ,YAAY,EAAE,cAAc,CAAC,aAAa,CAAC;YAC3C,SAAS,EAAE,QAAQ;YACnB,aAAa,EAAE,YAAY;SAC5B,CAAC;KACH,CAAC,CAAC;IAEH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,KAAK,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QAC/B,MAAM,IAAI,KAAK,CAAC,0BAA0B,GAAG,CAAC,MAAM,MAAM,KAAK,EAAE,CAAC,CAAC;IACrE,CAAC;IAED,OAAO,GAAG,CAAC,IAAI,EAAE,CAAC;AACpB,CAAC;AAED,2BAA2B;AAC3B,KAAK,UAAU,aAAa,CAC1B,QAA4B,EAC5B,YAAoB,EACpB,QAAgB;IAEhB,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,QAAQ,CAAC,cAAc,EAAE;QAC/C,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;QAChE,IAAI,EAAE,IAAI,eAAe,CAAC;YACxB,UAAU,EAAE,eAAe;YAC3B,aAAa,EAAE,YAAY;YAC3B,SAAS,EAAE,QAAQ;SACpB,CAAC;KACH,CAAC,CAAC;IAEH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,KAAK,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QAC/B,MAAM,IAAI,KAAK,CAAC,yBAAyB,GAAG,CAAC,MAAM,MAAM,KAAK,EAAE,CAAC,CAAC;IACpE,CAAC;IAED,OAAO,GAAG,CAAC,IAAI,EAAE,CAAC;AACpB,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,KAAK,CAAC,OAA0B;IACpD,MAAM,EAAE,cAAc,EAAE,KAAK,GAAG,KAAK,EAAE,GAAG,OAAO,CAAC;IAElD,GAAG,CAAC,KAAK,EAAE,wBAAwB,CAAC,CAAC;IAErC,6BAA6B;IAC7B,MAAM,QAAQ,GAAG,MAAM,kBAAkB,CAAC,cAAc,CAAC,CAAC;IAC1D,GAAG,CAAC,KAAK,EAAE,cAAc,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC;IAE5C,2DAA2D;IAC3D,IAAI,KAAK,GAAG,eAAe,EAAE,CAAC;IAC9B,IAAI,CAAC,KAAK,EAAE,QAAQ,IAAI,KAAK,CAAC,cAAc,KAAK,cAAc,EAAE,CAAC;QAChE,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;QACrD,KAAK,GAAG;YACN,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,YAAY,EAAE,MAAM,CAAC,YAAY;YACjC,cAAc;SACf,CAAC;QACF,eAAe,CAAC,KAAK,CAAC,CAAC;IACzB,CAAC;IAED,mBAAmB;IACnB,MAAM,IAAI,GAAG,YAAY,EAAE,CAAC;IAE5B,6BAA6B;IAC7B,MAAM,KAAK,GAAG,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;IAC9C,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,sBAAsB,CAAC,CAAC;IACzD,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;IAClD,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,KAAK,CAAC,QAAS,CAAC,CAAC;IACvD,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,cAAc,CAAC,aAAa,CAAC,CAAC,CAAC;IACxE,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,gBAAgB,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;IAC3D,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,uBAAuB,EAAE,MAAM,CAAC,CAAC;IAC1D,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IACzC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,sBAAsB,CAAC,CAAC;IAE1D,4CAA4C;IAC5C,OAAO,CAAC,KAAK,CAAC,yCAAyC,CAAC,CAAC;IACzD,OAAO,CAAC,KAAK,CAAC,oCAAoC,OAAO,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;IAE1E,MAAM,eAAe,GAAG,mBAAmB,CAAC,EAAE,IAAI,EAAE,aAAa,EAAE,KAAK,EAAE,CAAC,CAAC;IAC5E,MAAM,WAAW,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC;IAEtC,uBAAuB;IACvB,MAAM,MAAM,GAAG,MAAM,eAAe,CAAC;IACrC,IAAI,MAAM,CAAC,KAAK,KAAK,KAAK,EAAE,CAAC;QAC3B,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;IAC3D,CAAC;IAED,GAAG,CAAC,KAAK,EAAE,6BAA6B,CAAC,CAAC;IAE1C,8BAA8B;IAC9B,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE,KAAK,CAAC,QAAS,CAAC,CAAC;IACzF,GAAG,CAAC,KAAK,EAAE,yBAAyB,EAAE,MAAM,CAAC,UAAU,CAAC,CAAC;IAEzD,iBAAiB;IACjB,eAAe,CAAC;QACd,GAAG,KAAK;QACR,WAAW,EAAE,MAAM,CAAC,YAAY;QAChC,YAAY,EAAE,MAAM,CAAC,aAAa;QAClC,SAAS,EAAE,MAAM,CAAC,UAAU;QAC5B,KAAK,EAAE,MAAM,CAAC,KAAK;QACnB,SAAS,EAAE,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,CAAC,SAAS;QAChF,aAAa,EAAE,IAAI,CAAC,GAAG,EAAE;KAC1B,CAAC,CAAC;IAEH,OAAO,CAAC,KAAK,CAAC,8BAA8B,CAAC,CAAC;AAChD,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,OAA0B;IAC7D,MAAM,EAAE,cAAc,EAAE,KAAK,GAAG,KAAK,EAAE,GAAG,OAAO,CAAC;IAElD,MAAM,KAAK,GAAG,eAAe,EAAE,CAAC;IAChC,IAAI,CAAC,KAAK,EAAE,WAAW,EAAE,CAAC;QACxB,MAAM,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC;IAChE,CAAC;IAED,IAAI,KAAK,CAAC,cAAc,KAAK,cAAc,EAAE,CAAC;QAC5C,MAAM,IAAI,KAAK,CAAC,oCAAoC,KAAK,CAAC,cAAc,EAAE,CAAC,CAAC;IAC9E,CAAC;IAED,8CAA8C;IAC9C,MAAM,YAAY,GAAG,KAAK,CAAC,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,IAAI,KAAK,CAAC,SAAS,CAAC;IAE/E,IAAI,YAAY,IAAI,KAAK,CAAC,YAAY,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC;QACzD,GAAG,CAAC,KAAK,EAAE,qBAAqB,CAAC,CAAC;QAElC,MAAM,QAAQ,GAAG,MAAM,kBAAkB,CAAC,cAAc,CAAC,CAAC;QAC1D,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,QAAQ,EAAE,KAAK,CAAC,YAAY,EAAE,KAAK,CAAC,QAAkB,CAAC,CAAC;QAE3F,eAAe,CAAC;YACd,GAAG,KAAK;YACR,WAAW,EAAE,MAAM,CAAC,YAAY;YAChC,YAAY,EAAE,MAAM,CAAC,aAAa,IAAI,KAAK,CAAC,YAAY;YACxD,SAAS,EAAE,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,CAAC,SAAS;YAChF,aAAa,EAAE,IAAI,CAAC,GAAG,EAAE;SAC1B,CAAC,CAAC;QAEH,OAAO,MAAM,CAAC,YAAY,CAAC;IAC7B,CAAC;IAED,OAAO,KAAK,CAAC,WAAW,CAAC;AAC3B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,MAAM;IACpB,gBAAgB,EAAE,CAAC;IACnB,OAAO,CAAC,KAAK,CAAC,yBAAyB,CAAC,CAAC;AAC3C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa;IAM3B,MAAM,KAAK,GAAG,eAAe,EAAE,CAAC;IAEhC,OAAO;QACL,QAAQ,EAAE,CAAC,CAAC,KAAK,EAAE,WAAW;QAC9B,QAAQ,EAAE,KAAK,EAAE,cAAc;QAC/B,SAAS,EAAE,KAAK,EAAE,SAAS,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,SAAS;QACnE,eAAe,EAAE,CAAC,CAAC,KAAK,EAAE,YAAY;KACvC,CAAC;AACJ,CAAC"}

package/dist/auth/index.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+/**
+ * Auth module exports
+ */
+export { login, logout, getAccessToken, getAuthStatus, type AuthClientOptions } from "./client";
+export { loadCredentials, saveCredentials, clearCredentials, getStoredDeviceId } from "./storage";
+export { startCallbackServer, getCallbackUrl } from "./server";
+//# sourceMappingURL=index.d.ts.map

package/dist/auth/index.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,cAAc,EAAE,aAAa,EAAE,KAAK,iBAAiB,EAAE,MAAM,UAAU,CAAC;AAChG,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC;AAClG,OAAO,EAAE,mBAAmB,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC"}

package/dist/auth/index.js ADDED Viewed

@@ -0,0 +1,7 @@
+/**
+ * Auth module exports
+ */
+export { login, logout, getAccessToken, getAuthStatus } from "./client";
+export { loadCredentials, saveCredentials, clearCredentials, getStoredDeviceId } from "./storage";
+export { startCallbackServer, getCallbackUrl } from "./server";
+//# sourceMappingURL=index.js.map

package/dist/auth/index.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,cAAc,EAAE,aAAa,EAA0B,MAAM,UAAU,CAAC;AAChG,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC;AAClG,OAAO,EAAE,mBAAmB,EAAE,cAAc,EAAE,MAAM,UAAU,CAAC"}

package/dist/auth/server.d.ts ADDED Viewed

@@ -0,0 +1,26 @@
+/**
+ * Local HTTP callback server for OAuth redirect
+ *
+ * Starts a temporary HTTP server to receive the OAuth authorization code
+ * from the browser redirect after user authentication.
+ */
+export interface CallbackResult {
+    code: string;
+    state?: string;
+}
+export interface CallbackServerOptions {
+    port?: number;
+    timeout?: number;
+    debug?: boolean;
+}
+/**
+ * Start a local HTTP server and wait for OAuth callback
+ *
+ * @returns Promise that resolves with the authorization code when received
+ */
+export declare function startCallbackServer(options?: CallbackServerOptions): Promise<CallbackResult>;
+/**
+ * Get the callback URL for OAuth configuration
+ */
+export declare function getCallbackUrl(port?: number): string;
+//# sourceMappingURL=server.d.ts.map

package/dist/auth/server.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/auth/server.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAOH,MAAM,WAAW,cAAc;IAC7B,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,WAAW,qBAAqB;IACpC,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,OAAO,CAAC;CACjB;AAED;;;;GAIG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,GAAE,qBAA0B,GAAG,OAAO,CAAC,cAAc,CAAC,CAsJhG;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,IAAI,SAAe,GAAG,MAAM,CAE1D"}

package/dist/auth/server.js ADDED Viewed

@@ -0,0 +1,155 @@
+/**
+ * Local HTTP callback server for OAuth redirect
+ *
+ * Starts a temporary HTTP server to receive the OAuth authorization code
+ * from the browser redirect after user authentication.
+ */
+import { createServer } from "node:http";
+const DEFAULT_PORT = 19842;
+const TIMEOUT_MS = 5 * 60 * 1000; // 5 minutes
+/**
+ * Start a local HTTP server and wait for OAuth callback
+ *
+ * @returns Promise that resolves with the authorization code when received
+ */
+export function startCallbackServer(options = {}) {
+    const port = options.port || DEFAULT_PORT;
+    const timeout = options.timeout || TIMEOUT_MS;
+    const debug = options.debug || false;
+    const log = (message, ...args) => {
+        if (debug) {
+            console.error(`[callback-server] ${message}`, ...args);
+        }
+    };
+    return new Promise((resolve, reject) => {
+        let server = null;
+        let timeoutId = null;
+        const cleanup = () => {
+            if (timeoutId) {
+                clearTimeout(timeoutId);
+                timeoutId = null;
+            }
+            if (server) {
+                server.close();
+                server = null;
+            }
+        };
+        // Set up timeout
+        timeoutId = setTimeout(() => {
+            cleanup();
+            reject(new Error("OAuth callback timeout - no response received within 5 minutes"));
+        }, timeout);
+        server = createServer((req, res) => {
+            log("Received request:", req.url);
+            // Only handle GET /callback
+            if (!req.url?.startsWith("/callback")) {
+                res.writeHead(404);
+                res.end("Not Found");
+                return;
+            }
+            const url = new URL(req.url, `http://localhost:${port}`);
+            const code = url.searchParams.get("code");
+            const state = url.searchParams.get("state");
+            const error = url.searchParams.get("error");
+            const errorDescription = url.searchParams.get("error_description");
+            // Handle OAuth error
+            if (error) {
+                log("OAuth error:", error, errorDescription);
+                res.writeHead(400, { "Content-Type": "text/html" });
+                res.end(`
+          <!DOCTYPE html>
+          <html>
+            <head>
+              <title>Authentication Failed</title>
+              <style>
+                body { font-family: system-ui, sans-serif; padding: 40px; max-width: 600px; margin: 0 auto; }
+                h1 { color: #dc2626; }
+                .error { background: #fef2f2; border: 1px solid #fecaca; padding: 16px; border-radius: 8px; }
+                code { background: #f3f4f6; padding: 2px 6px; border-radius: 4px; }
+              </style>
+            </head>
+            <body>
+              <h1>Authentication Failed</h1>
+              <div class="error">
+                <p><strong>Error:</strong> <code>${error}</code></p>
+                ${errorDescription ? `<p>${errorDescription}</p>` : ""}
+              </div>
+              <p>You can close this window and try again.</p>
+            </body>
+          </html>
+        `);
+                cleanup();
+                reject(new Error(`OAuth error: ${error}${errorDescription ? ` - ${errorDescription}` : ""}`));
+                return;
+            }
+            // Handle missing code
+            if (!code) {
+                log("Missing authorization code");
+                res.writeHead(400, { "Content-Type": "text/html" });
+                res.end(`
+          <!DOCTYPE html>
+          <html>
+            <head>
+              <title>Authentication Failed</title>
+              <style>
+                body { font-family: system-ui, sans-serif; padding: 40px; max-width: 600px; margin: 0 auto; }
+                h1 { color: #dc2626; }
+              </style>
+            </head>
+            <body>
+              <h1>Authentication Failed</h1>
+              <p>No authorization code received. Please try again.</p>
+            </body>
+          </html>
+        `);
+                cleanup();
+                reject(new Error("No authorization code received"));
+                return;
+            }
+            // Success!
+            log("Received authorization code");
+            res.writeHead(200, { "Content-Type": "text/html" });
+            res.end(`
+        <!DOCTYPE html>
+        <html>
+          <head>
+            <title>Authentication Successful</title>
+            <style>
+              body { font-family: system-ui, sans-serif; padding: 40px; max-width: 600px; margin: 0 auto; }
+              h1 { color: #16a34a; }
+              .success { background: #f0fdf4; border: 1px solid #bbf7d0; padding: 16px; border-radius: 8px; }
+            </style>
+          </head>
+          <body>
+            <h1>Authentication Successful</h1>
+            <div class="success">
+              <p>You have been authenticated with Sonoma MCP Gateway.</p>
+              <p>You can close this window and return to your terminal.</p>
+            </div>
+          </body>
+        </html>
+      `);
+            cleanup();
+            resolve({ code, state: state || undefined });
+        });
+        server.on("error", (err) => {
+            cleanup();
+            if (err.code === "EADDRINUSE") {
+                reject(new Error(`Port ${port} is already in use. Is another gateway login in progress?`));
+            }
+            else {
+                reject(err);
+            }
+        });
+        server.listen(port, "127.0.0.1", () => {
+            log(`Callback server listening on http://localhost:${port}/callback`);
+        });
+    });
+}
+/**
+ * Get the callback URL for OAuth configuration
+ */
+export function getCallbackUrl(port = DEFAULT_PORT) {
+    return `http://localhost:${port}/callback`;
+}
+//# sourceMappingURL=server.js.map

package/dist/auth/server.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"server.js","sourceRoot":"","sources":["../../src/auth/server.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,YAAY,EAA0D,MAAM,WAAW,CAAC;AAEjG,MAAM,YAAY,GAAG,KAAK,CAAC;AAC3B,MAAM,UAAU,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,YAAY;AAa9C;;;;GAIG;AACH,MAAM,UAAU,mBAAmB,CAAC,UAAiC,EAAE;IACrE,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,IAAI,YAAY,CAAC;IAC1C,MAAM,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,UAAU,CAAC;IAC9C,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,IAAI,KAAK,CAAC;IAErC,MAAM,GAAG,GAAG,CAAC,OAAe,EAAE,GAAG,IAAe,EAAE,EAAE;QAClD,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,CAAC,KAAK,CAAC,qBAAqB,OAAO,EAAE,EAAE,GAAG,IAAI,CAAC,CAAC;QACzD,CAAC;IACH,CAAC,CAAC;IAEF,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,IAAI,MAAM,GAAkB,IAAI,CAAC;QACjC,IAAI,SAAS,GAAyC,IAAI,CAAC;QAE3D,MAAM,OAAO,GAAG,GAAG,EAAE;YACnB,IAAI,SAAS,EAAE,CAAC;gBACd,YAAY,CAAC,SAAS,CAAC,CAAC;gBACxB,SAAS,GAAG,IAAI,CAAC;YACnB,CAAC;YACD,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM,CAAC,KAAK,EAAE,CAAC;gBACf,MAAM,GAAG,IAAI,CAAC;YAChB,CAAC;QACH,CAAC,CAAC;QAEF,iBAAiB;QACjB,SAAS,GAAG,UAAU,CAAC,GAAG,EAAE;YAC1B,OAAO,EAAE,CAAC;YACV,MAAM,CAAC,IAAI,KAAK,CAAC,gEAAgE,CAAC,CAAC,CAAC;QACtF,CAAC,EAAE,OAAO,CAAC,CAAC;QAEZ,MAAM,GAAG,YAAY,CAAC,CAAC,GAAoB,EAAE,GAAmB,EAAE,EAAE;YAClE,GAAG,CAAC,mBAAmB,EAAE,GAAG,CAAC,GAAG,CAAC,CAAC;YAElC,4BAA4B;YAC5B,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;gBACtC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;gBACnB,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;gBACrB,OAAO;YACT,CAAC;YAED,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,oBAAoB,IAAI,EAAE,CAAC,CAAC;YACzD,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;YAC1C,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YAC5C,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YAC5C,MAAM,gBAAgB,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;YAEnE,qBAAqB;YACrB,IAAI,KAAK,EAAE,CAAC;gBACV,GAAG,CAAC,cAAc,EAAE,KAAK,EAAE,gBAAgB,CAAC,CAAC;gBAE7C,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;gBACpD,GAAG,CAAC,GAAG,CAAC;;;;;;;;;;;;;;;mDAemC,KAAK;kBACtC,gBAAgB,CAAC,CAAC,CAAC,MAAM,gBAAgB,MAAM,CAAC,CAAC,CAAC,EAAE;;;;;SAK7D,CAAC,CAAC;gBAEH,OAAO,EAAE,CAAC;gBACV,MAAM,CAAC,IAAI,KAAK,CAAC,gBAAgB,KAAK,GAAG,gBAAgB,CAAC,CAAC,CAAC,MAAM,gBAAgB,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;gBAC9F,OAAO;YACT,CAAC;YAED,sBAAsB;YACtB,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,GAAG,CAAC,4BAA4B,CAAC,CAAC;gBAElC,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;gBACpD,GAAG,CAAC,GAAG,CAAC;;;;;;;;;;;;;;;SAeP,CAAC,CAAC;gBAEH,OAAO,EAAE,CAAC;gBACV,MAAM,CAAC,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC,CAAC;gBACpD,OAAO;YACT,CAAC;YAED,WAAW;YACX,GAAG,CAAC,6BAA6B,CAAC,CAAC;YAEnC,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;YACpD,GAAG,CAAC,GAAG,CAAC;;;;;;;;;;;;;;;;;;;OAmBP,CAAC,CAAC;YAEH,OAAO,EAAE,CAAC;YACV,OAAO,CAAC,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,IAAI,SAAS,EAAE,CAAC,CAAC;QAC/C,CAAC,CAAC,CAAC;QAEH,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAA0B,EAAE,EAAE;YAChD,OAAO,EAAE,CAAC;YACV,IAAI,GAAG,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBAC9B,MAAM,CAAC,IAAI,KAAK,CAAC,QAAQ,IAAI,2DAA2D,CAAC,CAAC,CAAC;YAC7F,CAAC;iBAAM,CAAC;gBACN,MAAM,CAAC,GAAG,CAAC,CAAC;YACd,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,WAAW,EAAE,GAAG,EAAE;YACpC,GAAG,CAAC,iDAAiD,IAAI,WAAW,CAAC,CAAC;QACxE,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,cAAc,CAAC,IAAI,GAAG,YAAY;IAChD,OAAO,oBAAoB,IAAI,WAAW,CAAC;AAC7C,CAAC"}

package/dist/auth/storage.d.ts ADDED Viewed

@@ -0,0 +1,58 @@
+/**
+ * Secure token storage for MCP Gateway OAuth credentials
+ *
+ * Stores tokens in ~/.sonoma/gateway-credentials.json with AES-256-GCM encryption.
+ * The encryption key is derived from a machine-specific identifier to prevent
+ * tokens from being copied between machines.
+ */
+import type { OAuthTokens, OAuthClientInformationMixed } from "@modelcontextprotocol/sdk/shared/auth.js";
+export interface StoredCredentials {
+    accessToken?: string;
+    refreshToken?: string;
+    expiresAt?: number;
+    tokenType?: string;
+    scope?: string;
+    clientId?: string;
+    clientSecret?: string;
+    clientSecretExpiresAt?: number;
+    codeVerifier?: string;
+    sonomaEndpoint?: string;
+    lastRefreshed?: number;
+}
+/**
+ * Load stored credentials from disk
+ */
+export declare function loadCredentials(): StoredCredentials | null;
+/**
+ * Save credentials to disk (encrypted)
+ */
+export declare function saveCredentials(credentials: StoredCredentials): void;
+/**
+ * Clear all stored credentials
+ */
+export declare function clearCredentials(): void;
+/**
+ * Convert stored credentials to MCP SDK OAuthTokens format
+ */
+export declare function toOAuthTokens(creds: StoredCredentials): OAuthTokens | undefined;
+/**
+ * Convert MCP SDK OAuthTokens to stored credentials format
+ */
+export declare function fromOAuthTokens(tokens: OAuthTokens, existing?: StoredCredentials): StoredCredentials;
+/**
+ * Convert stored credentials to MCP SDK client information format
+ */
+export declare function toClientInformation(creds: StoredCredentials): OAuthClientInformationMixed | undefined;
+/**
+ * Check if stored tokens are expired or about to expire
+ */
+export declare function isTokenExpired(creds: StoredCredentials, bufferMs?: number): boolean;
+/**
+ * Check if we have a valid refresh token
+ */
+export declare function hasRefreshToken(creds: StoredCredentials): boolean;
+/**
+ * Get device ID for telemetry
+ */
+export declare function getStoredDeviceId(): string;
+//# sourceMappingURL=storage.d.ts.map

package/dist/auth/storage.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"storage.d.ts","sourceRoot":"","sources":["../../src/auth/storage.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAMH,OAAO,KAAK,EAAE,WAAW,EAAE,2BAA2B,EAAE,MAAM,0CAA0C,CAAC;AAYzG,MAAM,WAAW,iBAAiB;IAEhC,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,KAAK,CAAC,EAAE,MAAM,CAAC;IAGf,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAG/B,YAAY,CAAC,EAAE,MAAM,CAAC;IAGtB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAgFD;;GAEG;AACH,wBAAgB,eAAe,IAAI,iBAAiB,GAAG,IAAI,CAc1D;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,WAAW,EAAE,iBAAiB,GAAG,IAAI,CAOpE;AAED;;GAEG;AACH,wBAAgB,gBAAgB,IAAI,IAAI,CAIvC;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,KAAK,EAAE,iBAAiB,GAAG,WAAW,GAAG,SAAS,CAY/E;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,MAAM,EAAE,WAAW,EAAE,QAAQ,CAAC,EAAE,iBAAiB,GAAG,iBAAiB,CAYpG;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,iBAAiB,GAAG,2BAA2B,GAAG,SAAS,CAUrG;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,KAAK,EAAE,iBAAiB,EAAE,QAAQ,SAAQ,GAAG,OAAO,CAMlF;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,iBAAiB,GAAG,OAAO,CAEjE;AAED;;GAEG;AACH,wBAAgB,iBAAiB,IAAI,MAAM,CAE1C"}