@toolsdk.ai/registry 1.0.132 → 1.0.133

package/dist/domains/oauth/oauth-schema.d.ts

@@ -0,0 +1,257 @@
+/**
+ * OAuth Schema Definitions
+ *
+ * Zod schemas for OAuth API request/response validation
+ */
+import { z } from "@hono/zod-openapi";
+export declare const OAuthPrepareRequestSchema: z.ZodObject<{
+    packageName: z.ZodString;
+    callbackBaseUrl: z.ZodString;
+    mcpServerUrl: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    packageName: string;
+    callbackBaseUrl: string;
+    mcpServerUrl?: string | undefined;
+}, {
+    packageName: string;
+    callbackBaseUrl: string;
+    mcpServerUrl?: string | undefined;
+}>;
+export declare const OAuthRefreshRequestSchema: z.ZodObject<{
+    mcpServerUrl: z.ZodString;
+    refreshToken: z.ZodString;
+    clientId: z.ZodString;
+    clientSecret: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    mcpServerUrl: string;
+    refreshToken: string;
+    clientId: string;
+    clientSecret?: string | undefined;
+}, {
+    mcpServerUrl: string;
+    refreshToken: string;
+    clientId: string;
+    clientSecret?: string | undefined;
+}>;
+export declare const OAuthPrepareDataSchema: z.ZodObject<{
+    authUrl: z.ZodString;
+    sessionId: z.ZodString;
+    mcpServerUrl: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    sessionId: string;
+    mcpServerUrl: string;
+    authUrl: string;
+}, {
+    sessionId: string;
+    mcpServerUrl: string;
+    authUrl: string;
+}>;
+export declare const OAuthPrepareResponseSchema: z.ZodObject<{
+    success: z.ZodBoolean;
+    code: z.ZodNumber;
+    message: z.ZodString;
+} & {
+    data: z.ZodOptional<z.ZodObject<{
+        authUrl: z.ZodString;
+        sessionId: z.ZodString;
+        mcpServerUrl: z.ZodString;
+    }, "strip", z.ZodTypeAny, {
+        sessionId: string;
+        mcpServerUrl: string;
+        authUrl: string;
+    }, {
+        sessionId: string;
+        mcpServerUrl: string;
+        authUrl: string;
+    }>>;
+}, "strip", z.ZodTypeAny, {
+    success: boolean;
+    code: number;
+    message: string;
+    data?: {
+        sessionId: string;
+        mcpServerUrl: string;
+        authUrl: string;
+    } | undefined;
+}, {
+    success: boolean;
+    code: number;
+    message: string;
+    data?: {
+        sessionId: string;
+        mcpServerUrl: string;
+        authUrl: string;
+    } | undefined;
+}>;
+export declare const TokenResponseSchema: z.ZodObject<{
+    access_token: z.ZodString;
+    token_type: z.ZodString;
+    expires_in: z.ZodOptional<z.ZodNumber>;
+    refresh_token: z.ZodOptional<z.ZodString>;
+    scope: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    access_token: string;
+    token_type: string;
+    scope?: string | undefined;
+    refresh_token?: string | undefined;
+    expires_in?: number | undefined;
+}, {
+    access_token: string;
+    token_type: string;
+    scope?: string | undefined;
+    refresh_token?: string | undefined;
+    expires_in?: number | undefined;
+}>;
+export declare const OAuthRefreshResponseSchema: z.ZodObject<{
+    success: z.ZodBoolean;
+    code: z.ZodNumber;
+    message: z.ZodString;
+} & {
+    data: z.ZodOptional<z.ZodObject<{
+        access_token: z.ZodString;
+        token_type: z.ZodString;
+        expires_in: z.ZodOptional<z.ZodNumber>;
+        refresh_token: z.ZodOptional<z.ZodString>;
+        scope: z.ZodOptional<z.ZodString>;
+    }, "strip", z.ZodTypeAny, {
+        access_token: string;
+        token_type: string;
+        scope?: string | undefined;
+        refresh_token?: string | undefined;
+        expires_in?: number | undefined;
+    }, {
+        access_token: string;
+        token_type: string;
+        scope?: string | undefined;
+        refresh_token?: string | undefined;
+        expires_in?: number | undefined;
+    }>>;
+}, "strip", z.ZodTypeAny, {
+    success: boolean;
+    code: number;
+    message: string;
+    data?: {
+        access_token: string;
+        token_type: string;
+        scope?: string | undefined;
+        refresh_token?: string | undefined;
+        expires_in?: number | undefined;
+    } | undefined;
+}, {
+    success: boolean;
+    code: number;
+    message: string;
+    data?: {
+        access_token: string;
+        token_type: string;
+        scope?: string | undefined;
+        refresh_token?: string | undefined;
+        expires_in?: number | undefined;
+    } | undefined;
+}>;
+export declare const ClientInfoSchema: z.ZodObject<{
+    client_id: z.ZodString;
+    client_secret: z.ZodOptional<z.ZodString>;
+    client_secret_expires_at: z.ZodOptional<z.ZodNumber>;
+    client_id_issued_at: z.ZodOptional<z.ZodNumber>;
+}, "strip", z.ZodTypeAny, {
+    client_id: string;
+    client_secret?: string | undefined;
+    client_secret_expires_at?: number | undefined;
+    client_id_issued_at?: number | undefined;
+}, {
+    client_id: string;
+    client_secret?: string | undefined;
+    client_secret_expires_at?: number | undefined;
+    client_id_issued_at?: number | undefined;
+}>;
+export declare const OAuthCallbackDataSchema: z.ZodObject<{
+    sessionId: z.ZodString;
+    tokens: z.ZodObject<{
+        access_token: z.ZodString;
+        token_type: z.ZodString;
+        expires_in: z.ZodOptional<z.ZodNumber>;
+        refresh_token: z.ZodOptional<z.ZodString>;
+        scope: z.ZodOptional<z.ZodString>;
+    }, "strip", z.ZodTypeAny, {
+        access_token: string;
+        token_type: string;
+        scope?: string | undefined;
+        refresh_token?: string | undefined;
+        expires_in?: number | undefined;
+    }, {
+        access_token: string;
+        token_type: string;
+        scope?: string | undefined;
+        refresh_token?: string | undefined;
+        expires_in?: number | undefined;
+    }>;
+    clientInfo: z.ZodObject<{
+        client_id: z.ZodString;
+        client_secret: z.ZodOptional<z.ZodString>;
+        client_secret_expires_at: z.ZodOptional<z.ZodNumber>;
+        client_id_issued_at: z.ZodOptional<z.ZodNumber>;
+    }, "strip", z.ZodTypeAny, {
+        client_id: string;
+        client_secret?: string | undefined;
+        client_secret_expires_at?: number | undefined;
+        client_id_issued_at?: number | undefined;
+    }, {
+        client_id: string;
+        client_secret?: string | undefined;
+        client_secret_expires_at?: number | undefined;
+        client_id_issued_at?: number | undefined;
+    }>;
+    mcpServerUrl: z.ZodString;
+    packageName: z.ZodString;
+}, "strip", z.ZodTypeAny, {
+    packageName: string;
+    sessionId: string;
+    mcpServerUrl: string;
+    tokens: {
+        access_token: string;
+        token_type: string;
+        scope?: string | undefined;
+        refresh_token?: string | undefined;
+        expires_in?: number | undefined;
+    };
+    clientInfo: {
+        client_id: string;
+        client_secret?: string | undefined;
+        client_secret_expires_at?: number | undefined;
+        client_id_issued_at?: number | undefined;
+    };
+}, {
+    packageName: string;
+    sessionId: string;
+    mcpServerUrl: string;
+    tokens: {
+        access_token: string;
+        token_type: string;
+        scope?: string | undefined;
+        refresh_token?: string | undefined;
+        expires_in?: number | undefined;
+    };
+    clientInfo: {
+        client_id: string;
+        client_secret?: string | undefined;
+        client_secret_expires_at?: number | undefined;
+        client_id_issued_at?: number | undefined;
+    };
+}>;
+export declare const OAuthCallbackQuerySchema: z.ZodObject<{
+    code: z.ZodOptional<z.ZodString>;
+    state: z.ZodOptional<z.ZodString>;
+    error: z.ZodOptional<z.ZodString>;
+    error_description: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    code?: string | undefined;
+    error?: string | undefined;
+    state?: string | undefined;
+    error_description?: string | undefined;
+}, {
+    code?: string | undefined;
+    error?: string | undefined;
+    state?: string | undefined;
+    error_description?: string | undefined;
+}>;

package/dist/domains/oauth/oauth-schema.js

@@ -0,0 +1,119 @@
+/**
+ * OAuth Schema Definitions
+ *
+ * Zod schemas for OAuth API request/response validation
+ */
+import { z } from "@hono/zod-openapi";
+import { BaseResponseSchema } from "../../shared/schemas/common-schema";
+// ============ Request Schemas ============
+export const OAuthPrepareRequestSchema = z
+    .object({
+    packageName: z.string().min(1).openapi({
+        example: "github-mcp",
+        description: "MCP package name (used as identifier, can be any string if mcpServerUrl is provided)",
+    }),
+    callbackBaseUrl: z.string().url().openapi({
+        example: "https://toolsdk.ai/api/internal/mcp-oauth/complete",
+        description: "URL where Registry will POST the OAuth result (tokens + clientInfo)",
+    }),
+    mcpServerUrl: z.string().url().optional().openapi({
+        example: "http://localhost:3001/mcp",
+        description: "Optional: MCP Server URL. If provided, this URL will be used instead of looking up from package config.",
+    }),
+})
+    .openapi("OAuthPrepareRequest");
+export const OAuthRefreshRequestSchema = z
+    .object({
+    mcpServerUrl: z.string().url().openapi({
+        example: "http://localhost:3001/mcp",
+        description: "MCP Server URL",
+    }),
+    refreshToken: z.string().min(1).openapi({
+        description: "Refresh token from previous authorization",
+    }),
+    clientId: z.string().min(1).openapi({
+        description: "OAuth client ID",
+    }),
+    clientSecret: z.string().optional().openapi({
+        description: "OAuth client secret (if applicable)",
+    }),
+})
+    .openapi("OAuthRefreshRequest");
+// ============ Response Schemas ============
+export const OAuthPrepareDataSchema = z
+    .object({
+    authUrl: z.string().url().openapi({
+        description: "Authorization URL to open in browser/popup",
+    }),
+    sessionId: z.string().openapi({
+        description: "Session ID for tracking this OAuth flow",
+    }),
+    mcpServerUrl: z.string().url().openapi({
+        description: "MCP Server URL",
+    }),
+})
+    .openapi("OAuthPrepareData");
+export const OAuthPrepareResponseSchema = BaseResponseSchema.extend({
+    data: OAuthPrepareDataSchema.optional(),
+}).openapi("OAuthPrepareResponse");
+export const TokenResponseSchema = z
+    .object({
+    access_token: z.string(),
+    token_type: z.string(),
+    expires_in: z.number().optional(),
+    refresh_token: z.string().optional(),
+    scope: z.string().optional(),
+})
+    .openapi("TokenResponse");
+export const OAuthRefreshResponseSchema = BaseResponseSchema.extend({
+    data: TokenResponseSchema.optional(),
+}).openapi("OAuthRefreshResponse");
+// ============ Callback Data Schema ============
+export const ClientInfoSchema = z
+    .object({
+    client_id: z.string(),
+    client_secret: z.string().optional(),
+    client_secret_expires_at: z.number().optional(),
+    client_id_issued_at: z.number().optional(),
+})
+    .openapi("ClientInfo");
+export const OAuthCallbackDataSchema = z
+    .object({
+    sessionId: z.string(),
+    tokens: TokenResponseSchema,
+    clientInfo: ClientInfoSchema,
+    mcpServerUrl: z.string().url(),
+    packageName: z.string(),
+})
+    .openapi("OAuthCallbackData");
+// ============ Query Schemas ============
+export const OAuthCallbackQuerySchema = z.object({
+    code: z
+        .string()
+        .optional()
+        .openapi({
+        param: { name: "code", in: "query" },
+        description: "Authorization code from OAuth server",
+    }),
+    state: z
+        .string()
+        .optional()
+        .openapi({
+        param: { name: "state", in: "query" },
+        description: "State parameter for CSRF protection",
+    }),
+    error: z
+        .string()
+        .optional()
+        .openapi({
+        param: { name: "error", in: "query" },
+        description: "OAuth error code",
+    }),
+    error_description: z
+        .string()
+        .optional()
+        .openapi({
+        param: { name: "error_description", in: "query" },
+        description: "OAuth error description",
+    }),
+});

package/dist/domains/oauth/oauth-session.d.ts

@@ -0,0 +1,54 @@
+/**
+ * OAuth Session Storage
+ *
+ * In-memory session storage for OAuth flow.
+ * Sessions expire after 10 minutes and are deleted after successful completion.
+ */
+import type { OAuthSession } from "./oauth-types";
+export declare class OAuthSessionStore {
+    private sessions;
+    private stateToSessionId;
+    private cleanupTimer;
+    constructor();
+    /**
+     * Start periodic cleanup of expired sessions
+     */
+    private startCleanup;
+    /**
+     * Stop cleanup timer (for testing)
+     */
+    stopCleanup(): void;
+    /**
+     * Remove expired sessions
+     */
+    private cleanupExpiredSessions;
+    /**
+     * Create a new session
+     */
+    set(session: OAuthSession): void;
+    /**
+     * Get session by sessionId
+     */
+    get(sessionId: string): OAuthSession | undefined;
+    /**
+     * Get session by state parameter
+     */
+    getByState(state: string): OAuthSession | undefined;
+    /**
+     * Delete session
+     */
+    delete(sessionId: string): boolean;
+    /**
+     * Check if session exists
+     */
+    has(sessionId: string): boolean;
+    /**
+     * Get number of active sessions
+     */
+    size(): number;
+    /**
+     * Clear all sessions (for testing)
+     */
+    clear(): void;
+}
+export declare const oauthSessionStore: OAuthSessionStore;

package/dist/domains/oauth/oauth-session.js

@@ -0,0 +1,116 @@
+/**
+ * OAuth Session Storage
+ *
+ * In-memory session storage for OAuth flow.
+ * Sessions expire after 10 minutes and are deleted after successful completion.
+ */
+// Session expiration time: 10 minutes
+const SESSION_TTL_MS = 10 * 60 * 1000;
+// Cleanup interval: 1 minute
+const CLEANUP_INTERVAL_MS = 60 * 1000;
+export class OAuthSessionStore {
+    constructor() {
+        this.sessions = new Map();
+        this.stateToSessionId = new Map();
+        this.cleanupTimer = null;
+        this.startCleanup();
+    }
+    /**
+     * Start periodic cleanup of expired sessions
+     */
+    startCleanup() {
+        if (this.cleanupTimer)
+            return;
+        this.cleanupTimer = setInterval(() => {
+            this.cleanupExpiredSessions();
+        }, CLEANUP_INTERVAL_MS);
+        // Unref to allow process to exit
+        this.cleanupTimer.unref();
+    }
+    /**
+     * Stop cleanup timer (for testing)
+     */
+    stopCleanup() {
+        if (this.cleanupTimer) {
+            clearInterval(this.cleanupTimer);
+            this.cleanupTimer = null;
+        }
+    }
+    /**
+     * Remove expired sessions
+     */
+    cleanupExpiredSessions() {
+        const now = Date.now();
+        for (const [sessionId, session] of this.sessions.entries()) {
+            if (now - session.createdAt > SESSION_TTL_MS) {
+                this.delete(sessionId);
+                console.log(`[OAuth] Session ${sessionId} expired and cleaned up`);
+            }
+        }
+    }
+    /**
+     * Create a new session
+     */
+    set(session) {
+        this.sessions.set(session.sessionId, session);
+        this.stateToSessionId.set(session.state, session.sessionId);
+        console.log(`[OAuth] Session ${session.sessionId} created for package ${session.packageName}`);
+    }
+    /**
+     * Get session by sessionId
+     */
+    get(sessionId) {
+        const session = this.sessions.get(sessionId);
+        if (!session)
+            return undefined;
+        // Check if expired
+        if (Date.now() - session.createdAt > SESSION_TTL_MS) {
+            this.delete(sessionId);
+            return undefined;
+        }
+        return session;
+    }
+    /**
+     * Get session by state parameter
+     */
+    getByState(state) {
+        const sessionId = this.stateToSessionId.get(state);
+        if (!sessionId)
+            return undefined;
+        return this.get(sessionId);
+    }
+    /**
+     * Delete session
+     */
+    delete(sessionId) {
+        const session = this.sessions.get(sessionId);
+        if (session) {
+            this.stateToSessionId.delete(session.state);
+            this.sessions.delete(sessionId);
+            console.log(`[OAuth] Session ${sessionId} deleted`);
+            return true;
+        }
+        return false;
+    }
+    /**
+     * Check if session exists
+     */
+    has(sessionId) {
+        return this.sessions.has(sessionId);
+    }
+    /**
+     * Get number of active sessions
+     */
+    size() {
+        return this.sessions.size;
+    }
+    /**
+     * Clear all sessions (for testing)
+     */
+    clear() {
+        this.sessions.clear();
+        this.stateToSessionId.clear();
+    }
+}
+// Singleton instance
+export const oauthSessionStore = new OAuthSessionStore();

package/dist/domains/oauth/oauth-types.d.ts

@@ -0,0 +1,148 @@
+/**
+ * OAuth Types for MCP Registry
+ *
+ * Based on MCP OAuth Specification:
+ * - OAuth 2.1 with PKCE
+ * - Dynamic Client Registration (RFC 7591)
+ * - Protected Resource Metadata (RFC 9728)
+ */
+/**
+ * OAuth Authorization Server Metadata
+ * Follows RFC 8414 - OAuth 2.0 Authorization Server Metadata
+ */
+export interface OAuthMetadata {
+    issuer: string;
+    authorization_endpoint: string;
+    token_endpoint: string;
+    registration_endpoint?: string;
+    revocation_endpoint?: string;
+    introspection_endpoint?: string;
+    jwks_uri?: string;
+    scopes_supported?: string[];
+    response_types_supported?: string[];
+    grant_types_supported?: string[];
+    token_endpoint_auth_methods_supported?: string[];
+    code_challenge_methods_supported?: string[];
+}
+/**
+ * Protected Resource Metadata
+ * Follows RFC 9728 - OAuth 2.0 Protected Resource Metadata
+ */
+export interface ProtectedResourceMetadata {
+    resource: string;
+    authorization_servers: string[];
+    scopes_supported?: string[];
+}
+/**
+ * Client Information from Dynamic Client Registration
+ * Follows RFC 7591 - OAuth 2.0 Dynamic Client Registration
+ */
+export interface ClientInfo {
+    client_id: string;
+    client_secret?: string;
+    client_secret_expires_at?: number;
+    client_id_issued_at?: number;
+    redirect_uris?: string[];
+    token_endpoint_auth_method?: string;
+    grant_types?: string[];
+    response_types?: string[];
+}
+/**
+ * Client Registration Request
+ */
+export interface ClientRegistrationRequest {
+    redirect_uris: string[];
+    client_name?: string;
+    client_uri?: string;
+    logo_uri?: string;
+    token_endpoint_auth_method?: string;
+    grant_types?: string[];
+    response_types?: string[];
+    scope?: string;
+}
+/**
+ * OAuth Token Response
+ */
+export interface TokenResponse {
+    access_token: string;
+    token_type: string;
+    expires_in?: number;
+    refresh_token?: string;
+    scope?: string;
+}
+/**
+ * PKCE Parameters
+ */
+export interface PKCEParams {
+    codeVerifier: string;
+    codeChallenge: string;
+    codeChallengeMethod: "S256";
+}
+/**
+ * OAuth Session stored in memory
+ * Contains all necessary data for completing the OAuth flow
+ */
+export interface OAuthSession {
+    sessionId: string;
+    state: string;
+    codeVerifier: string;
+    codeChallenge: string;
+    clientInfo: ClientInfo;
+    callbackBaseUrl: string;
+    mcpServerUrl: string;
+    packageName: string;
+    oauthMetadata: OAuthMetadata;
+    createdAt: number;
+}
+/**
+ * Request to prepare OAuth flow
+ */
+export interface OAuthPrepareRequest {
+    packageName: string;
+    callbackBaseUrl: string;
+    /** Optional: directly specify MCP Server URL instead of using package config */
+    mcpServerUrl?: string;
+}
+/**
+ * Response from prepare OAuth endpoint
+ */
+export interface OAuthPrepareResponse {
+    authUrl: string;
+    sessionId: string;
+    mcpServerUrl: string;
+}
+/**
+ * Callback data sent to callbackBaseUrl after successful authorization
+ */
+export interface OAuthCallbackData {
+    sessionId: string;
+    tokens: TokenResponse;
+    clientInfo: ClientInfo;
+    mcpServerUrl: string;
+    packageName: string;
+}
+/**
+ * Request to refresh token
+ */
+export interface OAuthRefreshRequest {
+    mcpServerUrl: string;
+    refreshToken: string;
+    clientId: string;
+    clientSecret?: string;
+}
+/**
+ * OAuth Error response
+ */
+export interface OAuthError {
+    error: string;
+    error_description?: string;
+}
+/**
+ * MCP Package with OAuth support info
+ */
+export interface MCPPackageOAuthInfo {
+    packageName: string;
+    mcpServerUrl: string;
+    supportsOAuth: boolean;
+    oauthMetadata?: OAuthMetadata;
+}

package/dist/domains/oauth/oauth-types.js

@@ -0,0 +1,9 @@
+/**
+ * OAuth Types for MCP Registry
+ *
+ * Based on MCP OAuth Specification:
+ * - OAuth 2.1 with PKCE
+ * - Dynamic Client Registration (RFC 7591)
+ * - Protected Resource Metadata (RFC 9728)
+ */
+export {};