npm - @super_studio/ecforce-ai-agent-server - Versions diffs - 0.2.0-canary.5 → 1.0.0-canary.8 - Mend

@super_studio/ecforce-ai-agent-server 0.2.0-canary.5 → 1.0.0-canary.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (64) hide show

package/dist/_virtual/_@oxc-project_runtime@0.103.0/helpers/defineProperty.cjs +14 -0
package/dist/_virtual/_@oxc-project_runtime@0.103.0/helpers/defineProperty.mjs +14 -0
package/dist/_virtual/_@oxc-project_runtime@0.103.0/helpers/objectSpread2.cjs +27 -0
package/dist/_virtual/_@oxc-project_runtime@0.103.0/helpers/objectSpread2.mjs +27 -0
package/dist/_virtual/_@oxc-project_runtime@0.103.0/helpers/objectWithoutProperties.cjs +15 -0
package/dist/_virtual/_@oxc-project_runtime@0.103.0/helpers/objectWithoutProperties.mjs +15 -0
package/dist/_virtual/_@oxc-project_runtime@0.103.0/helpers/objectWithoutPropertiesLoose.cjs +14 -0
package/dist/_virtual/_@oxc-project_runtime@0.103.0/helpers/objectWithoutPropertiesLoose.mjs +13 -0
package/dist/_virtual/_@oxc-project_runtime@0.103.0/helpers/toPrimitive.cjs +16 -0
package/dist/_virtual/_@oxc-project_runtime@0.103.0/helpers/toPrimitive.mjs +16 -0
package/dist/_virtual/_@oxc-project_runtime@0.103.0/helpers/toPropertyKey.cjs +11 -0
package/dist/_virtual/_@oxc-project_runtime@0.103.0/helpers/toPropertyKey.mjs +11 -0
package/dist/_virtual/_@oxc-project_runtime@0.103.0/helpers/typeof.cjs +18 -0
package/dist/_virtual/_@oxc-project_runtime@0.103.0/helpers/typeof.mjs +12 -0
package/dist/index.cjs +7 -0
package/dist/index.d.cts +3 -0
package/dist/index.d.mts +3 -0
package/dist/index.mjs +3 -1056
package/dist/lib/constants.cjs +6 -0
package/dist/lib/constants.mjs +6 -0
package/dist/lib/constants.mjs.map +1 -0
package/dist/lib/jwt.cjs +64 -0
package/dist/lib/jwt.mjs +64 -0
package/dist/lib/jwt.mjs.map +1 -0
package/dist/mcp-auth.cjs +52 -0
package/dist/mcp-auth.d.cts +38 -0
package/dist/mcp-auth.d.cts.map +1 -0
package/dist/mcp-auth.d.mts +38 -0
package/dist/mcp-auth.d.mts.map +1 -0
package/dist/mcp-auth.mjs +44 -129
package/dist/mcp-auth.mjs.map +1 -0
package/dist/sdk/__generated__/index.cjs +524 -0
package/dist/sdk/__generated__/index.d.cts +1648 -0
package/dist/sdk/__generated__/index.d.cts.map +1 -0
package/dist/sdk/__generated__/index.d.mts +1648 -0
package/dist/sdk/__generated__/index.d.mts.map +1 -0
package/dist/sdk/__generated__/index.mjs +523 -0
package/dist/sdk/__generated__/index.mjs.map +1 -0
package/dist/sdk/index.cjs +21 -0
package/dist/sdk/index.d.cts +22 -0
package/dist/sdk/index.d.cts.map +1 -0
package/dist/sdk/index.d.mts +22 -0
package/dist/sdk/index.d.mts.map +1 -0
package/dist/sdk/index.mjs +22 -0
package/dist/sdk/index.mjs.map +1 -0
package/package.json +14 -20
package/dist/chunk-FWCSY2DS.mjs +0 -37
package/dist/chunk-ORMEWXMH.js +0 -37
package/dist/index.d.ts +0 -2
package/dist/index.d.ts.map +0 -1
package/dist/index.js +0 -1057
package/dist/lib/constants.d.ts +0 -2
package/dist/lib/constants.d.ts.map +0 -1
package/dist/lib/jwt.d.ts +0 -37
package/dist/lib/jwt.d.ts.map +0 -1
package/dist/mcp-auth.d.ts +0 -35
package/dist/mcp-auth.d.ts.map +0 -1
package/dist/mcp-auth.js +0 -136
package/dist/sdk/__generated__/index.d.ts +0 -1636
package/dist/sdk/__generated__/index.d.ts.map +0 -1
package/dist/sdk/generate.d.ts +0 -2
package/dist/sdk/generate.d.ts.map +0 -1
package/dist/sdk/index.d.ts +0 -19
package/dist/sdk/index.d.ts.map +0 -1

package/dist/lib/constants.cjs ADDED Viewed

@@ -0,0 +1,6 @@
+//#region src/lib/constants.ts
+const API_ENDPOINT = "http://localhost:4043";
+//#endregion
+exports.API_ENDPOINT = API_ENDPOINT;

package/dist/lib/constants.mjs ADDED Viewed

@@ -0,0 +1,6 @@
+//#region src/lib/constants.ts
+const API_ENDPOINT = "http://localhost:4043";
+//#endregion
+export { API_ENDPOINT };
+//# sourceMappingURL=constants.mjs.map

package/dist/lib/constants.mjs.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"constants.mjs","names":[],"sources":["../../src/lib/constants.ts"],"sourcesContent":["export const API_ENDPOINT = \"http://localhost:4043\";\n"],"mappings":";AAAA,MAAa,eAAe"}

package/dist/lib/jwt.cjs ADDED Viewed

@@ -0,0 +1,64 @@
+let _panva_hkdf = require("@panva/hkdf");
+let jose = require("jose");
+//#region src/lib/jwt.ts
+/**
+* このロジックは最新(@auth/core@0.37.2)のAuth.jsのjwt.tsからコピーされました。
+*/
+const DEFAULT_MAX_AGE = 720 * 60 * 60;
+const now = () => Date.now() / 1e3 | 0;
+const alg = "dir";
+const enc = "A256CBC-HS512";
+/** Issues a JWT. By default, the JWT is encrypted using "A256CBC-HS512". */
+async function encode(params) {
+	const { token = {}, secret, maxAge = DEFAULT_MAX_AGE, salt } = params;
+	const encryptionSecret = await getDerivedEncryptionKey(enc, (Array.isArray(secret) ? secret : [secret])[0], salt);
+	const thumbprint = await (0, jose.calculateJwkThumbprint)({
+		kty: "oct",
+		k: jose.base64url.encode(encryptionSecret)
+	}, `sha${encryptionSecret.byteLength << 3}`);
+	return await new jose.EncryptJWT(token).setProtectedHeader({
+		alg,
+		enc,
+		kid: thumbprint
+	}).setIssuedAt().setExpirationTime(now() + maxAge).setJti(crypto.randomUUID()).encrypt(encryptionSecret);
+}
+/** Decodes an Auth.js issued JWT. */
+async function decode(params) {
+	const { token, secret, salt } = params;
+	const secrets = Array.isArray(secret) ? secret : [secret];
+	if (!token) return null;
+	const { payload } = await (0, jose.jwtDecrypt)(token, async ({ kid, enc: enc$1 }) => {
+		for (const secret$1 of secrets) {
+			const encryptionSecret = await getDerivedEncryptionKey(enc$1, secret$1, salt);
+			if (kid === void 0) return encryptionSecret;
+			if (kid === await (0, jose.calculateJwkThumbprint)({
+				kty: "oct",
+				k: jose.base64url.encode(encryptionSecret)
+			}, `sha${encryptionSecret.byteLength << 3}`)) return encryptionSecret;
+		}
+		throw new Error("no matching decryption secret");
+	}, {
+		clockTolerance: 15,
+		keyManagementAlgorithms: [alg],
+		contentEncryptionAlgorithms: [enc, "A256GCM"]
+	});
+	return payload;
+}
+async function getDerivedEncryptionKey(enc$1, keyMaterial, salt) {
+	let length;
+	switch (enc$1) {
+		case "A256CBC-HS512":
+			length = 64;
+			break;
+		case "A256GCM":
+			length = 32;
+			break;
+		default: throw new Error("Unsupported JWT Content Encryption Algorithm");
+	}
+	return await (0, _panva_hkdf.hkdf)("sha256", keyMaterial, salt, `Auth.js Generated Encryption Key (${salt})`, length);
+}
+//#endregion
+exports.decode = decode;
+exports.encode = encode;

package/dist/lib/jwt.mjs ADDED Viewed

@@ -0,0 +1,64 @@
+import { hkdf } from "@panva/hkdf";
+import { EncryptJWT, base64url, calculateJwkThumbprint, jwtDecrypt } from "jose";
+//#region src/lib/jwt.ts
+/**
+* このロジックは最新(@auth/core@0.37.2)のAuth.jsのjwt.tsからコピーされました。
+*/
+const DEFAULT_MAX_AGE = 720 * 60 * 60;
+const now = () => Date.now() / 1e3 | 0;
+const alg = "dir";
+const enc = "A256CBC-HS512";
+/** Issues a JWT. By default, the JWT is encrypted using "A256CBC-HS512". */
+async function encode(params) {
+	const { token = {}, secret, maxAge = DEFAULT_MAX_AGE, salt } = params;
+	const encryptionSecret = await getDerivedEncryptionKey(enc, (Array.isArray(secret) ? secret : [secret])[0], salt);
+	const thumbprint = await calculateJwkThumbprint({
+		kty: "oct",
+		k: base64url.encode(encryptionSecret)
+	}, `sha${encryptionSecret.byteLength << 3}`);
+	return await new EncryptJWT(token).setProtectedHeader({
+		alg,
+		enc,
+		kid: thumbprint
+	}).setIssuedAt().setExpirationTime(now() + maxAge).setJti(crypto.randomUUID()).encrypt(encryptionSecret);
+}
+/** Decodes an Auth.js issued JWT. */
+async function decode(params) {
+	const { token, secret, salt } = params;
+	const secrets = Array.isArray(secret) ? secret : [secret];
+	if (!token) return null;
+	const { payload } = await jwtDecrypt(token, async ({ kid, enc: enc$1 }) => {
+		for (const secret$1 of secrets) {
+			const encryptionSecret = await getDerivedEncryptionKey(enc$1, secret$1, salt);
+			if (kid === void 0) return encryptionSecret;
+			if (kid === await calculateJwkThumbprint({
+				kty: "oct",
+				k: base64url.encode(encryptionSecret)
+			}, `sha${encryptionSecret.byteLength << 3}`)) return encryptionSecret;
+		}
+		throw new Error("no matching decryption secret");
+	}, {
+		clockTolerance: 15,
+		keyManagementAlgorithms: [alg],
+		contentEncryptionAlgorithms: [enc, "A256GCM"]
+	});
+	return payload;
+}
+async function getDerivedEncryptionKey(enc$1, keyMaterial, salt) {
+	let length;
+	switch (enc$1) {
+		case "A256CBC-HS512":
+			length = 64;
+			break;
+		case "A256GCM":
+			length = 32;
+			break;
+		default: throw new Error("Unsupported JWT Content Encryption Algorithm");
+	}
+	return await hkdf("sha256", keyMaterial, salt, `Auth.js Generated Encryption Key (${salt})`, length);
+}
+//#endregion
+export { decode, encode };
+//# sourceMappingURL=jwt.mjs.map

package/dist/lib/jwt.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"jwt.mjs","names":["secret","enc","length: number"],"sources":["../../src/lib/jwt.ts"],"sourcesContent":["/**\n * このロジックは最新(@auth/core@0.37.2)のAuth.jsのjwt.tsからコピーされました。\n */\n\nimport { hkdf } from \"@panva/hkdf\";\nimport {\n base64url,\n calculateJwkThumbprint,\n EncryptJWT,\n jwtDecrypt,\n} from \"jose\";\n\nconst DEFAULT_MAX_AGE = 30 * 24 * 60 * 60; // 30 days\n\nconst now = () => (Date.now() / 1000) | 0;\n\nconst alg = \"dir\";\nconst enc = \"A256CBC-HS512\";\ntype Digest = Parameters<typeof calculateJwkThumbprint>[1];\n\n/** Issues a JWT. By default, the JWT is encrypted using \"A256CBC-HS512\". */\nexport async function encode<Payload = object>(\n params: JWTEncodeParams<Payload>,\n) {\n const { token = {}, secret, maxAge = DEFAULT_MAX_AGE, salt } = params;\n const secrets = Array.isArray(secret) ? secret : [secret];\n const encryptionSecret = await getDerivedEncryptionKey(\n enc,\n secrets[0]!,\n salt,\n );\n\n const thumbprint = await calculateJwkThumbprint(\n { kty: \"oct\", k: base64url.encode(encryptionSecret) },\n `sha${encryptionSecret.byteLength << 3}` as Digest,\n );\n // @ts-expect-error `jose` allows any object as payload.\n return await new EncryptJWT(token)\n .setProtectedHeader({ alg, enc, kid: thumbprint })\n .setIssuedAt()\n .setExpirationTime(now() + maxAge)\n .setJti(crypto.randomUUID())\n .encrypt(encryptionSecret);\n}\n\n/** Decodes an Auth.js issued JWT. */\nexport async function decode<Payload = object>(\n params: JWTDecodeParams,\n): Promise<Payload | null> {\n const { token, secret, salt } = params;\n const secrets = Array.isArray(secret) ? secret : [secret];\n if (!token) {\n return null;\n }\n const { payload } = await jwtDecrypt(\n token,\n async ({ kid, enc }) => {\n for (const secret of secrets) {\n const encryptionSecret = await getDerivedEncryptionKey(\n enc,\n secret,\n salt,\n );\n if (kid === undefined) {\n return encryptionSecret;\n }\n\n const thumbprint = await calculateJwkThumbprint(\n { kty: \"oct\", k: base64url.encode(encryptionSecret) },\n `sha${encryptionSecret.byteLength << 3}` as Digest,\n );\n if (kid === thumbprint) {\n return encryptionSecret;\n }\n }\n\n throw new Error(\"no matching decryption secret\");\n },\n {\n clockTolerance: 15,\n keyManagementAlgorithms: [alg],\n contentEncryptionAlgorithms: [enc, \"A256GCM\"],\n },\n );\n return payload as Payload;\n}\n\nasync function getDerivedEncryptionKey(\n enc: string,\n keyMaterial: Parameters<typeof hkdf>[1],\n salt: Parameters<typeof hkdf>[2],\n) {\n let length: number;\n switch (enc) {\n case \"A256CBC-HS512\":\n length = 64;\n break;\n case \"A256GCM\":\n length = 32;\n break;\n default:\n throw new Error(\"Unsupported JWT Content Encryption Algorithm\");\n }\n return await hkdf(\n \"sha256\",\n keyMaterial,\n salt,\n `Auth.js Generated Encryption Key (${salt})`,\n length,\n );\n}\n\nexport interface JWTEncodeParams<Payload = object> {\n /**\n * The maximum age of the Auth.js issued JWT in seconds.\n *\n * @default 30 * 24 * 60 * 60 // 30 days\n */\n maxAge?: number;\n /** Used in combination with `secret`, to derive the encryption secret for JWTs. */\n salt: string;\n /** Used in combination with `salt`, to derive the encryption secret for JWTs. */\n secret: string | string[];\n /** The JWT payload. */\n token?: Payload;\n}\n\nexport interface JWTDecodeParams {\n /** Used in combination with `secret`, to derive the encryption secret for JWTs. */\n salt: string;\n /**\n * Used in combination with `salt`, to derive the encryption secret for JWTs.\n *\n * @note\n * You can also pass an array of secrets, in which case the first secret that successfully\n * decrypts the JWT will be used. This is useful for rotating secrets without invalidating existing sessions.\n * The newer secret should be added to the start of the array, which will be used for all new sessions.\n */\n secret: string | string[];\n /** The Auth.js issued JWT to be decoded */\n token?: string;\n}\n"],"mappings":";;;;;;;AAYA,MAAM,kBAAkB,MAAU,KAAK;AAEvC,MAAM,YAAa,KAAK,KAAK,GAAG,MAAQ;AAExC,MAAM,MAAM;AACZ,MAAM,MAAM;;AAIZ,eAAsB,OACpB,QACA;CACA,MAAM,EAAE,QAAQ,EAAE,EAAE,QAAQ,SAAS,iBAAiB,SAAS;CAE/D,MAAM,mBAAmB,MAAM,wBAC7B,MAFc,MAAM,QAAQ,OAAO,GAAG,SAAS,CAAC,OAAO,EAG/C,IACR,KACD;CAED,MAAM,aAAa,MAAM,uBACvB;EAAE,KAAK;EAAO,GAAG,UAAU,OAAO,iBAAiB;EAAE,EACrD,MAAM,iBAAiB,cAAc,IACtC;AAED,QAAO,MAAM,IAAI,WAAW,MAAM,CAC/B,mBAAmB;EAAE;EAAK;EAAK,KAAK;EAAY,CAAC,CACjD,aAAa,CACb,kBAAkB,KAAK,GAAG,OAAO,CACjC,OAAO,OAAO,YAAY,CAAC,CAC3B,QAAQ,iBAAiB;;;AAI9B,eAAsB,OACpB,QACyB;CACzB,MAAM,EAAE,OAAO,QAAQ,SAAS;CAChC,MAAM,UAAU,MAAM,QAAQ,OAAO,GAAG,SAAS,CAAC,OAAO;AACzD,KAAI,CAAC,MACH,QAAO;CAET,MAAM,EAAE,YAAY,MAAM,WACxB,OACA,OAAO,EAAE,KAAK,iBAAU;AACtB,OAAK,MAAMA,YAAU,SAAS;GAC5B,MAAM,mBAAmB,MAAM,wBAC7BC,OACAD,UACA,KACD;AACD,OAAI,QAAQ,OACV,QAAO;AAOT,OAAI,QAJe,MAAM,uBACvB;IAAE,KAAK;IAAO,GAAG,UAAU,OAAO,iBAAiB;IAAE,EACrD,MAAM,iBAAiB,cAAc,IACtC,CAEC,QAAO;;AAIX,QAAM,IAAI,MAAM,gCAAgC;IAElD;EACE,gBAAgB;EAChB,yBAAyB,CAAC,IAAI;EAC9B,6BAA6B,CAAC,KAAK,UAAU;EAC9C,CACF;AACD,QAAO;;AAGT,eAAe,wBACb,OACA,aACA,MACA;CACA,IAAIE;AACJ,SAAQD,OAAR;EACE,KAAK;AACH,YAAS;AACT;EACF,KAAK;AACH,YAAS;AACT;EACF,QACE,OAAM,IAAI,MAAM,+CAA+C;;AAEnE,QAAO,MAAM,KACX,UACA,aACA,MACA,qCAAqC,KAAK,IAC1C,OACD"}

package/dist/mcp-auth.cjs ADDED Viewed

@@ -0,0 +1,52 @@
+const require_jwt = require('./lib/jwt.cjs');
+//#region src/mcp-auth.ts
+const DEFAULT_MAX_AGE = 600;
+const DEFAULT_SALT = process.env.STAGE === "local" ? "dev" : process.env.STAGE;
+/**
+* Uses Auth.js JWT encoding/decoding.
+* @see https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/jwt.ts
+*/
+async function createMCPToken(payload, options) {
+	var _options$maxAge, _options$secret, _options$salt;
+	const maxAge = (_options$maxAge = options === null || options === void 0 ? void 0 : options.maxAge) !== null && _options$maxAge !== void 0 ? _options$maxAge : DEFAULT_MAX_AGE;
+	const secret = (_options$secret = options === null || options === void 0 ? void 0 : options.secret) !== null && _options$secret !== void 0 ? _options$secret : process.env.MCP_TOKEN_SECRET;
+	const salt = (_options$salt = options === null || options === void 0 ? void 0 : options.salt) !== null && _options$salt !== void 0 ? _options$salt : DEFAULT_SALT;
+	if (!secret || !salt) throw new Error("Secret or salt is not set");
+	return {
+		token: await require_jwt.encode({
+			token: payload,
+			secret,
+			salt,
+			maxAge
+		}),
+		expiresAt: new Date(Date.now() + maxAge * 1e3)
+	};
+}
+/**
+* Uses Auth.js JWT encoding/decoding.
+* @see https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/jwt.ts
+*/
+async function decodeMCPToken(token, options) {
+	var _options$secret2, _options$salt2;
+	const secret = (_options$secret2 = options === null || options === void 0 ? void 0 : options.secret) !== null && _options$secret2 !== void 0 ? _options$secret2 : process.env.MCP_TOKEN_SECRET;
+	const salt = (_options$salt2 = options === null || options === void 0 ? void 0 : options.salt) !== null && _options$salt2 !== void 0 ? _options$salt2 : DEFAULT_SALT;
+	if (!secret || !salt) throw new Error("Secret or salt is not set");
+	const decoded = await require_jwt.decode({
+		token,
+		secret,
+		salt
+	});
+	if (!decoded) throw new Error("Invalid token");
+	return decoded;
+}
+function getMcpToken(req) {
+	const mcpToken = req.headers.get("X-MCP-Token");
+	if (!mcpToken || typeof mcpToken !== "string") throw new Error("Unauthorized");
+	return mcpToken;
+}
+//#endregion
+exports.createMCPToken = createMCPToken;
+exports.decodeMCPToken = decodeMCPToken;
+exports.getMcpToken = getMcpToken;

package/dist/mcp-auth.d.cts ADDED Viewed

@@ -0,0 +1,38 @@
+//#region src/mcp-auth.d.ts
+/**
+ * 共通のMCPトークンのペイロード。
+ * すべてのapps(cdp, ma, bi)はこのトークンの形になります。
+ */
+type MCPTokenPayload = {
+  source: string;
+  user: {
+    id: string;
+    name: string;
+    email: string;
+    projectId: string;
+  };
+};
+/**
+ * Uses Auth.js JWT encoding/decoding.
+ * @see https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/jwt.ts
+ */
+declare function createMCPToken(payload: MCPTokenPayload, options?: {
+  secret?: string;
+  salt?: string;
+  maxAge?: number;
+}): Promise<{
+  token: string;
+  expiresAt: Date;
+}>;
+/**
+ * Uses Auth.js JWT encoding/decoding.
+ * @see https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/jwt.ts
+ */
+declare function decodeMCPToken(token: string, options?: {
+  secret?: string;
+  salt?: string;
+}): Promise<MCPTokenPayload>;
+declare function getMcpToken(req: Request): string;
+//#endregion
+export { MCPTokenPayload, createMCPToken, decodeMCPToken, getMcpToken };
+//# sourceMappingURL=mcp-auth.d.cts.map

package/dist/mcp-auth.d.cts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"mcp-auth.d.cts","names":[],"sources":["../src/mcp-auth.ts"],"sourcesContent":[],"mappings":";;AAMA;AAiBA;;KAjBY,eAAA;EAuBT,MAAA,EAAA,MAAA;EAAA,IAAA,EAAA;IAwBmB,EAAA,EAAA,MAAA;IAuBN,IAAA,EAAA,MAAW;;;;;;;;;iBArDL,cAAA,UACX;;;;IAKR;;;;;;;;iBAwBmB,cAAA;;;IAMnB,QAAQ;iBAiBK,WAAA,MAAiB"}

package/dist/mcp-auth.d.mts ADDED Viewed

@@ -0,0 +1,38 @@
+//#region src/mcp-auth.d.ts
+/**
+ * 共通のMCPトークンのペイロード。
+ * すべてのapps(cdp, ma, bi)はこのトークンの形になります。
+ */
+type MCPTokenPayload = {
+  source: string;
+  user: {
+    id: string;
+    name: string;
+    email: string;
+    projectId: string;
+  };
+};
+/**
+ * Uses Auth.js JWT encoding/decoding.
+ * @see https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/jwt.ts
+ */
+declare function createMCPToken(payload: MCPTokenPayload, options?: {
+  secret?: string;
+  salt?: string;
+  maxAge?: number;
+}): Promise<{
+  token: string;
+  expiresAt: Date;
+}>;
+/**
+ * Uses Auth.js JWT encoding/decoding.
+ * @see https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/jwt.ts
+ */
+declare function decodeMCPToken(token: string, options?: {
+  secret?: string;
+  salt?: string;
+}): Promise<MCPTokenPayload>;
+declare function getMcpToken(req: Request): string;
+//#endregion
+export { MCPTokenPayload, createMCPToken, decodeMCPToken, getMcpToken };
+//# sourceMappingURL=mcp-auth.d.mts.map

package/dist/mcp-auth.d.mts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"mcp-auth.d.mts","names":[],"sources":["../src/mcp-auth.ts"],"sourcesContent":[],"mappings":";;AAMA;AAiBA;;KAjBY,eAAA;EAuBT,MAAA,EAAA,MAAA;EAAA,IAAA,EAAA;IAwBmB,EAAA,EAAA,MAAA;IAuBN,IAAA,EAAA,MAAW;;;;;;;;;iBArDL,cAAA,UACX;;;;IAKR;;;;;;;;iBAwBmB,cAAA;;;IAMnB,QAAQ;iBAiBK,WAAA,MAAiB"}

package/dist/mcp-auth.mjs CHANGED Viewed

@@ -1,136 +1,51 @@
-import "./chunk-FWCSY2DS.mjs";
+import { decode, encode } from "./lib/jwt.mjs";
-// src/lib/jwt.ts
-import { hkdf } from "@panva/hkdf";
-import {
-  base64url,
-  calculateJwkThumbprint,
-  EncryptJWT,
-  jwtDecrypt
-} from "jose";
-var DEFAULT_MAX_AGE = 30 * 24 * 60 * 60;
-var now = () => Date.now() / 1e3 | 0;
-var alg = "dir";
-var enc = "A256CBC-HS512";
-async function encode(params) {
-  const { token = {}, secret, maxAge = DEFAULT_MAX_AGE, salt } = params;
-  const secrets = Array.isArray(secret) ? secret : [secret];
-  const encryptionSecret = await getDerivedEncryptionKey(
-    enc,
-    secrets[0],
-    salt
-  );
-  const thumbprint = await calculateJwkThumbprint(
-    { kty: "oct", k: base64url.encode(encryptionSecret) },
-    `sha${encryptionSecret.byteLength << 3}`
-  );
-  return await new EncryptJWT(token).setProtectedHeader({ alg, enc, kid: thumbprint }).setIssuedAt().setExpirationTime(now() + maxAge).setJti(crypto.randomUUID()).encrypt(encryptionSecret);
-}
-async function decode(params) {
-  const { token, secret, salt } = params;
-  const secrets = Array.isArray(secret) ? secret : [secret];
-  if (!token) {
-    return null;
-  }
-  const { payload } = await jwtDecrypt(
-    token,
-    async ({ kid, enc: enc2 }) => {
-      for (const secret2 of secrets) {
-        const encryptionSecret = await getDerivedEncryptionKey(
-          enc2,
-          secret2,
-          salt
-        );
-        if (kid === void 0) {
-          return encryptionSecret;
-        }
-        const thumbprint = await calculateJwkThumbprint(
-          { kty: "oct", k: base64url.encode(encryptionSecret) },
-          `sha${encryptionSecret.byteLength << 3}`
-        );
-        if (kid === thumbprint) {
-          return encryptionSecret;
-        }
-      }
-      throw new Error("no matching decryption secret");
-    },
-    {
-      clockTolerance: 15,
-      keyManagementAlgorithms: [alg],
-      contentEncryptionAlgorithms: [enc, "A256GCM"]
-    }
-  );
-  return payload;
-}
-async function getDerivedEncryptionKey(enc2, keyMaterial, salt) {
-  let length;
-  switch (enc2) {
-    case "A256CBC-HS512":
-      length = 64;
-      break;
-    case "A256GCM":
-      length = 32;
-      break;
-    default:
-      throw new Error("Unsupported JWT Content Encryption Algorithm");
-  }
-  return await hkdf(
-    "sha256",
-    keyMaterial,
-    salt,
-    `Auth.js Generated Encryption Key (${salt})`,
-    length
-  );
-}
-// src/mcp-auth.ts
-var DEFAULT_MAX_AGE2 = 60 * 10;
-var DEFAULT_SALT = process.env.STAGE === "local" ? "dev" : process.env.STAGE;
+//#region src/mcp-auth.ts
+const DEFAULT_MAX_AGE = 600;
+const DEFAULT_SALT = process.env.STAGE === "local" ? "dev" : process.env.STAGE;
+/**
+* Uses Auth.js JWT encoding/decoding.
+* @see https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/jwt.ts
+*/
 async function createMCPToken(payload, options) {
-  var _a, _b, _c;
-  const maxAge = (_a = options == null ? void 0 : options.maxAge) != null ? _a : DEFAULT_MAX_AGE2;
-  const secret = (_b = options == null ? void 0 : options.secret) != null ? _b : process.env.MCP_TOKEN_SECRET;
-  const salt = (_c = options == null ? void 0 : options.salt) != null ? _c : DEFAULT_SALT;
-  if (!secret || !salt) {
-    throw new Error("Secret or salt is not set");
-  }
-  const token = await encode({
-    token: payload,
-    secret,
-    salt,
-    maxAge
-  });
-  return {
-    token,
-    expiresAt: new Date(Date.now() + maxAge * 1e3)
-  };
+	var _options$maxAge, _options$secret, _options$salt;
+	const maxAge = (_options$maxAge = options === null || options === void 0 ? void 0 : options.maxAge) !== null && _options$maxAge !== void 0 ? _options$maxAge : DEFAULT_MAX_AGE;
+	const secret = (_options$secret = options === null || options === void 0 ? void 0 : options.secret) !== null && _options$secret !== void 0 ? _options$secret : process.env.MCP_TOKEN_SECRET;
+	const salt = (_options$salt = options === null || options === void 0 ? void 0 : options.salt) !== null && _options$salt !== void 0 ? _options$salt : DEFAULT_SALT;
+	if (!secret || !salt) throw new Error("Secret or salt is not set");
+	return {
+		token: await encode({
+			token: payload,
+			secret,
+			salt,
+			maxAge
+		}),
+		expiresAt: new Date(Date.now() + maxAge * 1e3)
+	};
 }
+/**
+* Uses Auth.js JWT encoding/decoding.
+* @see https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/jwt.ts
+*/
 async function decodeMCPToken(token, options) {
-  var _a, _b;
-  const secret = (_a = options == null ? void 0 : options.secret) != null ? _a : process.env.MCP_TOKEN_SECRET;
-  const salt = (_b = options == null ? void 0 : options.salt) != null ? _b : DEFAULT_SALT;
-  if (!secret || !salt) {
-    throw new Error("Secret or salt is not set");
-  }
-  const decoded = await decode({
-    token,
-    secret,
-    salt
-  });
-  if (!decoded) {
-    throw new Error("Invalid token");
-  }
-  return decoded;
+	var _options$secret2, _options$salt2;
+	const secret = (_options$secret2 = options === null || options === void 0 ? void 0 : options.secret) !== null && _options$secret2 !== void 0 ? _options$secret2 : process.env.MCP_TOKEN_SECRET;
+	const salt = (_options$salt2 = options === null || options === void 0 ? void 0 : options.salt) !== null && _options$salt2 !== void 0 ? _options$salt2 : DEFAULT_SALT;
+	if (!secret || !salt) throw new Error("Secret or salt is not set");
+	const decoded = await decode({
+		token,
+		secret,
+		salt
+	});
+	if (!decoded) throw new Error("Invalid token");
+	return decoded;
 }
 function getMcpToken(req) {
-  const mcpToken = req.headers.get("X-MCP-Token");
-  if (!mcpToken || typeof mcpToken !== "string") {
-    throw new Error("Unauthorized");
-  }
-  return mcpToken;
+	const mcpToken = req.headers.get("X-MCP-Token");
+	if (!mcpToken || typeof mcpToken !== "string") throw new Error("Unauthorized");
+	return mcpToken;
 }
-export {
-  createMCPToken,
-  decodeMCPToken,
-  getMcpToken
-};
+//#endregion
+export { createMCPToken, decodeMCPToken, getMcpToken };
+//# sourceMappingURL=mcp-auth.mjs.map

package/dist/mcp-auth.mjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"mcp-auth.mjs","names":[],"sources":["../src/mcp-auth.ts"],"sourcesContent":["import { decode, encode } from \"./lib/jwt\";\n\n/**\n * 共通のMCPトークンのペイロード。\n * すべてのapps(cdp, ma, bi)はこのトークンの形になります。\n */\nexport type MCPTokenPayload = {\n source: string;\n user: {\n id: string;\n name: string;\n email: string;\n projectId: string;\n };\n};\n\nconst DEFAULT_MAX_AGE = 60 * 10; // 10 minutes\nconst DEFAULT_SALT = process.env.STAGE === \"local\" ? \"dev\" : process.env.STAGE;\n\n/**\n * Uses Auth.js JWT encoding/decoding.\n * @see https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/jwt.ts\n */\nexport async function createMCPToken(\n payload: MCPTokenPayload,\n options?: {\n secret?: string;\n salt?: string;\n maxAge?: number;\n },\n) {\n const maxAge = options?.maxAge ?? DEFAULT_MAX_AGE;\n const secret = options?.secret ?? process.env.MCP_TOKEN_SECRET;\n const salt = options?.salt ?? DEFAULT_SALT;\n if (!secret || !salt) {\n throw new Error(\"Secret or salt is not set\");\n }\n const token = await encode<MCPTokenPayload>({\n token: payload,\n secret,\n salt,\n maxAge,\n });\n return {\n token,\n expiresAt: new Date(Date.now() + maxAge * 1000),\n };\n}\n\n/**\n * Uses Auth.js JWT encoding/decoding.\n * @see https://github.com/nextauthjs/next-auth/blob/main/packages/core/src/jwt.ts\n */\nexport async function decodeMCPToken(\n token: string,\n options?: {\n secret?: string;\n salt?: string;\n },\n): Promise<MCPTokenPayload> {\n const secret = options?.secret ?? process.env.MCP_TOKEN_SECRET;\n const salt = options?.salt ?? DEFAULT_SALT;\n if (!secret || !salt) {\n throw new Error(\"Secret or salt is not set\");\n }\n const decoded = await decode<MCPTokenPayload>({\n token,\n secret,\n salt,\n });\n if (!decoded) {\n throw new Error(\"Invalid token\");\n }\n return decoded;\n}\n\nexport function getMcpToken(req: Request) {\n const mcpToken = req.headers.get(\"X-MCP-Token\");\n if (!mcpToken || typeof mcpToken !== \"string\") {\n throw new Error(\"Unauthorized\");\n }\n return mcpToken;\n}\n"],"mappings":";;;AAgBA,MAAM,kBAAkB;AACxB,MAAM,eAAe,QAAQ,IAAI,UAAU,UAAU,QAAQ,QAAQ,IAAI;;;;;AAMzE,eAAsB,eACpB,SACA,SAKA;;CACA,MAAM,8EAAS,QAAS,mEAAU;CAClC,MAAM,8EAAS,QAAS,mEAAU,QAAQ,IAAI;CAC9C,MAAM,0EAAO,QAAS,6DAAQ;AAC9B,KAAI,CAAC,UAAU,CAAC,KACd,OAAM,IAAI,MAAM,4BAA4B;AAQ9C,QAAO;EACL,OAPY,MAAM,OAAwB;GAC1C,OAAO;GACP;GACA;GACA;GACD,CAAC;EAGA,WAAW,IAAI,KAAK,KAAK,KAAK,GAAG,SAAS,IAAK;EAChD;;;;;;AAOH,eAAsB,eACpB,OACA,SAI0B;;CAC1B,MAAM,+EAAS,QAAS,qEAAU,QAAQ,IAAI;CAC9C,MAAM,2EAAO,QAAS,+DAAQ;AAC9B,KAAI,CAAC,UAAU,CAAC,KACd,OAAM,IAAI,MAAM,4BAA4B;CAE9C,MAAM,UAAU,MAAM,OAAwB;EAC5C;EACA;EACA;EACD,CAAC;AACF,KAAI,CAAC,QACH,OAAM,IAAI,MAAM,gBAAgB;AAElC,QAAO;;AAGT,SAAgB,YAAY,KAAc;CACxC,MAAM,WAAW,IAAI,QAAQ,IAAI,cAAc;AAC/C,KAAI,CAAC,YAAY,OAAO,aAAa,SACnC,OAAM,IAAI,MAAM,eAAe;AAEjC,QAAO"}