@super_studio/ecforce-ai-agent-server 0.2.0-canary.4 → 1.0.0-canary.7

package/dist/mcp-auth.cjs

@@ -0,0 +1,52 @@
+const require_jwt = require('./lib/jwt.cjs');
+
+//#region src/mcp-auth.ts
+const DEFAULT_MAX_AGE = 600;
+const DEFAULT_SALT = process.env.STAGE === "local" ? "dev" : process.env.STAGE;
+/**
+* Uses Auth.js JWT encoding/decoding.
+* @see https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/jwt.ts
+*/
+async function createMCPToken(payload, options) {
+	var _options$maxAge, _options$secret, _options$salt;
+	const maxAge = (_options$maxAge = options === null || options === void 0 ? void 0 : options.maxAge) !== null && _options$maxAge !== void 0 ? _options$maxAge : DEFAULT_MAX_AGE;
+	const secret = (_options$secret = options === null || options === void 0 ? void 0 : options.secret) !== null && _options$secret !== void 0 ? _options$secret : process.env.MCP_TOKEN_SECRET;
+	const salt = (_options$salt = options === null || options === void 0 ? void 0 : options.salt) !== null && _options$salt !== void 0 ? _options$salt : DEFAULT_SALT;
+	if (!secret || !salt) throw new Error("Secret or salt is not set");
+	return {
+		token: await require_jwt.encode({
+			token: payload,
+			secret,
+			salt,
+			maxAge
+		}),
+		expiresAt: new Date(Date.now() + maxAge * 1e3)
+	};
+}
+/**
+* Uses Auth.js JWT encoding/decoding.
+* @see https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/jwt.ts
+*/
+async function decodeMCPToken(token, options) {
+	var _options$secret2, _options$salt2;
+	const secret = (_options$secret2 = options === null || options === void 0 ? void 0 : options.secret) !== null && _options$secret2 !== void 0 ? _options$secret2 : process.env.MCP_TOKEN_SECRET;
+	const salt = (_options$salt2 = options === null || options === void 0 ? void 0 : options.salt) !== null && _options$salt2 !== void 0 ? _options$salt2 : DEFAULT_SALT;
+	if (!secret || !salt) throw new Error("Secret or salt is not set");
+	const decoded = await require_jwt.decode({
+		token,
+		secret,
+		salt
+	});
+	if (!decoded) throw new Error("Invalid token");
+	return decoded;
+}
+function getMcpToken(req) {
+	const mcpToken = req.headers.get("X-MCP-Token");
+	if (!mcpToken || typeof mcpToken !== "string") throw new Error("Unauthorized");
+	return mcpToken;
+}
+
+//#endregion
+exports.createMCPToken = createMCPToken;
+exports.decodeMCPToken = decodeMCPToken;
+exports.getMcpToken = getMcpToken;

package/dist/mcp-auth.d.cts

@@ -0,0 +1,38 @@
+//#region src/mcp-auth.d.ts
+/**
+ * 共通のMCPトークンのペイロード。
+ * すべてのapps(cdp, ma, bi)はこのトークンの形になります。
+ */
+type MCPTokenPayload = {
+  source: string;
+  user: {
+    id: string;
+    name: string;
+    email: string;
+    projectId: string;
+  };
+};
+/**
+ * Uses Auth.js JWT encoding/decoding.
+ * @see https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/jwt.ts
+ */
+declare function createMCPToken(payload: MCPTokenPayload, options?: {
+  secret?: string;
+  salt?: string;
+  maxAge?: number;
+}): Promise<{
+  token: string;
+  expiresAt: Date;
+}>;
+/**
+ * Uses Auth.js JWT encoding/decoding.
+ * @see https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/jwt.ts
+ */
+declare function decodeMCPToken(token: string, options?: {
+  secret?: string;
+  salt?: string;
+}): Promise<MCPTokenPayload>;
+declare function getMcpToken(req: Request): string;
+//#endregion
+export { MCPTokenPayload, createMCPToken, decodeMCPToken, getMcpToken };
+//# sourceMappingURL=mcp-auth.d.cts.map

package/dist/mcp-auth.d.cts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcp-auth.d.cts","names":[],"sources":["../src/mcp-auth.ts"],"sourcesContent":[],"mappings":";;AAMA;AAiBA;;KAjBY,eAAA;EAuBT,MAAA,EAAA,MAAA;EAAA,IAAA,EAAA;IAwBmB,EAAA,EAAA,MAAA;IAuBN,IAAA,EAAA,MAAW;;;;;;;;;iBArDL,cAAA,UACX;;;;IAKR;;;;;;;;iBAwBmB,cAAA;;;IAMnB,QAAQ;iBAiBK,WAAA,MAAiB"}

package/dist/mcp-auth.d.mts

@@ -0,0 +1,38 @@
+//#region src/mcp-auth.d.ts
+/**
+ * 共通のMCPトークンのペイロード。
+ * すべてのapps(cdp, ma, bi)はこのトークンの形になります。
+ */
+type MCPTokenPayload = {
+  source: string;
+  user: {
+    id: string;
+    name: string;
+    email: string;
+    projectId: string;
+  };
+};
+/**
+ * Uses Auth.js JWT encoding/decoding.
+ * @see https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/jwt.ts
+ */
+declare function createMCPToken(payload: MCPTokenPayload, options?: {
+  secret?: string;
+  salt?: string;
+  maxAge?: number;
+}): Promise<{
+  token: string;
+  expiresAt: Date;
+}>;
+/**
+ * Uses Auth.js JWT encoding/decoding.
+ * @see https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/jwt.ts
+ */
+declare function decodeMCPToken(token: string, options?: {
+  secret?: string;
+  salt?: string;
+}): Promise<MCPTokenPayload>;
+declare function getMcpToken(req: Request): string;
+//#endregion
+export { MCPTokenPayload, createMCPToken, decodeMCPToken, getMcpToken };
+//# sourceMappingURL=mcp-auth.d.mts.map

package/dist/mcp-auth.d.mts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcp-auth.d.mts","names":[],"sources":["../src/mcp-auth.ts"],"sourcesContent":[],"mappings":";;AAMA;AAiBA;;KAjBY,eAAA;EAuBT,MAAA,EAAA,MAAA;EAAA,IAAA,EAAA;IAwBmB,EAAA,EAAA,MAAA;IAuBN,IAAA,EAAA,MAAW;;;;;;;;;iBArDL,cAAA,UACX;;;;IAKR;;;;;;;;iBAwBmB,cAAA;;;IAMnB,QAAQ;iBAiBK,WAAA,MAAiB"}

package/dist/mcp-auth.mjs

@@ -1,136 +1,51 @@
-import "./chunk-FWCSY2DS.mjs";
+import { decode, encode } from "./lib/jwt.mjs";
 
-// src/lib/jwt.ts
-import { hkdf } from "@panva/hkdf";
-import {
-  base64url,
-  calculateJwkThumbprint,
-  EncryptJWT,
-  jwtDecrypt
-} from "jose";
-var DEFAULT_MAX_AGE = 30 * 24 * 60 * 60;
-var now = () => Date.now() / 1e3 | 0;
-var alg = "dir";
-var enc = "A256CBC-HS512";
-async function encode(params) {
-  const { token = {}, secret, maxAge = DEFAULT_MAX_AGE, salt } = params;
-  const secrets = Array.isArray(secret) ? secret : [secret];
-  const encryptionSecret = await getDerivedEncryptionKey(
-    enc,
-    secrets[0],
-    salt
-  );
-  const thumbprint = await calculateJwkThumbprint(
-    { kty: "oct", k: base64url.encode(encryptionSecret) },
-    `sha${encryptionSecret.byteLength << 3}`
-  );
-  return await new EncryptJWT(token).setProtectedHeader({ alg, enc, kid: thumbprint }).setIssuedAt().setExpirationTime(now() + maxAge).setJti(crypto.randomUUID()).encrypt(encryptionSecret);
-}
-async function decode(params) {
-  const { token, secret, salt } = params;
-  const secrets = Array.isArray(secret) ? secret : [secret];
-  if (!token) {
-    return null;
-  }
-  const { payload } = await jwtDecrypt(
-    token,
-    async ({ kid, enc: enc2 }) => {
-      for (const secret2 of secrets) {
-        const encryptionSecret = await getDerivedEncryptionKey(
-          enc2,
-          secret2,
-          salt
-        );
-        if (kid === void 0) {
-          return encryptionSecret;
-        }
-        const thumbprint = await calculateJwkThumbprint(
-          { kty: "oct", k: base64url.encode(encryptionSecret) },
-          `sha${encryptionSecret.byteLength << 3}`
-        );
-        if (kid === thumbprint) {
-          return encryptionSecret;
-        }
-      }
-      throw new Error("no matching decryption secret");
-    },
-    {
-      clockTolerance: 15,
-      keyManagementAlgorithms: [alg],
-      contentEncryptionAlgorithms: [enc, "A256GCM"]
-    }
-  );
-  return payload;
-}
-async function getDerivedEncryptionKey(enc2, keyMaterial, salt) {
-  let length;
-  switch (enc2) {
-    case "A256CBC-HS512":
-      length = 64;
-      break;
-    case "A256GCM":
-      length = 32;
-      break;
-    default:
-      throw new Error("Unsupported JWT Content Encryption Algorithm");
-  }
-  return await hkdf(
-    "sha256",
-    keyMaterial,
-    salt,
-    `Auth.js Generated Encryption Key (${salt})`,
-    length
-  );
-}
-
-// src/mcp-auth.ts
-var DEFAULT_MAX_AGE2 = 60 * 10;
-var DEFAULT_SALT = process.env.STAGE === "local" ? "dev" : process.env.STAGE;
+//#region src/mcp-auth.ts
+const DEFAULT_MAX_AGE = 600;
+const DEFAULT_SALT = process.env.STAGE === "local" ? "dev" : process.env.STAGE;
+/**
+* Uses Auth.js JWT encoding/decoding.
+* @see https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/jwt.ts
+*/
 async function createMCPToken(payload, options) {
-  var _a, _b, _c;
-  const maxAge = (_a = options == null ? void 0 : options.maxAge) != null ? _a : DEFAULT_MAX_AGE2;
-  const secret = (_b = options == null ? void 0 : options.secret) != null ? _b : process.env.MCP_TOKEN_SECRET;
-  const salt = (_c = options == null ? void 0 : options.salt) != null ? _c : DEFAULT_SALT;
-  if (!secret || !salt) {
-    throw new Error("Secret or salt is not set");
-  }
-  const token = await encode({
-    token: payload,
-    secret,
-    salt,
-    maxAge
-  });
-  return {
-    token,
-    expiresAt: new Date(Date.now() + maxAge * 1e3)
-  };
+	var _options$maxAge, _options$secret, _options$salt;
+	const maxAge = (_options$maxAge = options === null || options === void 0 ? void 0 : options.maxAge) !== null && _options$maxAge !== void 0 ? _options$maxAge : DEFAULT_MAX_AGE;
+	const secret = (_options$secret = options === null || options === void 0 ? void 0 : options.secret) !== null && _options$secret !== void 0 ? _options$secret : process.env.MCP_TOKEN_SECRET;
+	const salt = (_options$salt = options === null || options === void 0 ? void 0 : options.salt) !== null && _options$salt !== void 0 ? _options$salt : DEFAULT_SALT;
+	if (!secret || !salt) throw new Error("Secret or salt is not set");
+	return {
+		token: await encode({
+			token: payload,
+			secret,
+			salt,
+			maxAge
+		}),
+		expiresAt: new Date(Date.now() + maxAge * 1e3)
+	};
 }
+/**
+* Uses Auth.js JWT encoding/decoding.
+* @see https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/jwt.ts
+*/
 async function decodeMCPToken(token, options) {
-  var _a, _b;
-  const secret = (_a = options == null ? void 0 : options.secret) != null ? _a : process.env.MCP_TOKEN_SECRET;
-  const salt = (_b = options == null ? void 0 : options.salt) != null ? _b : DEFAULT_SALT;
-  if (!secret || !salt) {
-    throw new Error("Secret or salt is not set");
-  }
-  const decoded = await decode({
-    token,
-    secret,
-    salt
-  });
-  if (!decoded) {
-    throw new Error("Invalid token");
-  }
-  return decoded;
+	var _options$secret2, _options$salt2;
+	const secret = (_options$secret2 = options === null || options === void 0 ? void 0 : options.secret) !== null && _options$secret2 !== void 0 ? _options$secret2 : process.env.MCP_TOKEN_SECRET;
+	const salt = (_options$salt2 = options === null || options === void 0 ? void 0 : options.salt) !== null && _options$salt2 !== void 0 ? _options$salt2 : DEFAULT_SALT;
+	if (!secret || !salt) throw new Error("Secret or salt is not set");
+	const decoded = await decode({
+		token,
+		secret,
+		salt
+	});
+	if (!decoded) throw new Error("Invalid token");
+	return decoded;
 }
 function getMcpToken(req) {
-  const mcpToken = req.headers.get("X-MCP-Token");
-  if (!mcpToken || typeof mcpToken !== "string") {
-    throw new Error("Unauthorized");
-  }
-  return mcpToken;
+	const mcpToken = req.headers.get("X-MCP-Token");
+	if (!mcpToken || typeof mcpToken !== "string") throw new Error("Unauthorized");
+	return mcpToken;
 }
-export {
-  createMCPToken,
-  decodeMCPToken,
-  getMcpToken
-};
+
+//#endregion
+export { createMCPToken, decodeMCPToken, getMcpToken };
+//# sourceMappingURL=mcp-auth.mjs.map

package/dist/mcp-auth.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcp-auth.mjs","names":[],"sources":["../src/mcp-auth.ts"],"sourcesContent":["import { decode, encode } from \"./lib/jwt\";\n\n/**\n * 共通のMCPトークンのペイロード。\n * すべてのapps(cdp, ma, bi)はこのトークンの形になります。\n */\nexport type MCPTokenPayload = {\n  source: string;\n  user: {\n    id: string;\n    name: string;\n    email: string;\n    projectId: string;\n  };\n};\n\nconst DEFAULT_MAX_AGE = 60 * 10; // 10 minutes\nconst DEFAULT_SALT = process.env.STAGE === \"local\" ? \"dev\" : process.env.STAGE;\n\n/**\n * Uses Auth.js JWT encoding/decoding.\n * @see https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/jwt.ts\n */\nexport async function createMCPToken(\n  payload: MCPTokenPayload,\n  options?: {\n    secret?: string;\n    salt?: string;\n    maxAge?: number;\n  },\n) {\n  const maxAge = options?.maxAge ?? DEFAULT_MAX_AGE;\n  const secret = options?.secret ?? process.env.MCP_TOKEN_SECRET;\n  const salt = options?.salt ?? DEFAULT_SALT;\n  if (!secret || !salt) {\n    throw new Error(\"Secret or salt is not set\");\n  }\n  const token = await encode<MCPTokenPayload>({\n    token: payload,\n    secret,\n    salt,\n    maxAge,\n  });\n  return {\n    token,\n    expiresAt: new Date(Date.now() + maxAge * 1000),\n  };\n}\n\n/**\n * Uses Auth.js JWT encoding/decoding.\n * @see https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/jwt.ts\n */\nexport async function decodeMCPToken(\n  token: string,\n  options?: {\n    secret?: string;\n    salt?: string;\n  },\n): Promise<MCPTokenPayload> {\n  const secret = options?.secret ?? process.env.MCP_TOKEN_SECRET;\n  const salt = options?.salt ?? DEFAULT_SALT;\n  if (!secret || !salt) {\n    throw new Error(\"Secret or salt is not set\");\n  }\n  const decoded = await decode<MCPTokenPayload>({\n    token,\n    secret,\n    salt,\n  });\n  if (!decoded) {\n    throw new Error(\"Invalid token\");\n  }\n  return decoded;\n}\n\nexport function getMcpToken(req: Request) {\n  const mcpToken = req.headers.get(\"X-MCP-Token\");\n  if (!mcpToken || typeof mcpToken !== \"string\") {\n    throw new Error(\"Unauthorized\");\n  }\n  return mcpToken;\n}\n"],"mappings":";;;AAgBA,MAAM,kBAAkB;AACxB,MAAM,eAAe,QAAQ,IAAI,UAAU,UAAU,QAAQ,QAAQ,IAAI;;;;;AAMzE,eAAsB,eACpB,SACA,SAKA;;CACA,MAAM,8EAAS,QAAS,mEAAU;CAClC,MAAM,8EAAS,QAAS,mEAAU,QAAQ,IAAI;CAC9C,MAAM,0EAAO,QAAS,6DAAQ;AAC9B,KAAI,CAAC,UAAU,CAAC,KACd,OAAM,IAAI,MAAM,4BAA4B;AAQ9C,QAAO;EACL,OAPY,MAAM,OAAwB;GAC1C,OAAO;GACP;GACA;GACA;GACD,CAAC;EAGA,WAAW,IAAI,KAAK,KAAK,KAAK,GAAG,SAAS,IAAK;EAChD;;;;;;AAOH,eAAsB,eACpB,OACA,SAI0B;;CAC1B,MAAM,+EAAS,QAAS,qEAAU,QAAQ,IAAI;CAC9C,MAAM,2EAAO,QAAS,+DAAQ;AAC9B,KAAI,CAAC,UAAU,CAAC,KACd,OAAM,IAAI,MAAM,4BAA4B;CAE9C,MAAM,UAAU,MAAM,OAAwB;EAC5C;EACA;EACA;EACD,CAAC;AACF,KAAI,CAAC,QACH,OAAM,IAAI,MAAM,gBAAgB;AAElC,QAAO;;AAGT,SAAgB,YAAY,KAAc;CACxC,MAAM,WAAW,IAAI,QAAQ,IAAI,cAAc;AAC/C,KAAI,CAAC,YAAY,OAAO,aAAa,SACnC,OAAM,IAAI,MAAM,eAAe;AAEjC,QAAO"}