@toolsdk.ai/registry 1.0.132 → 1.0.134

package/dist/domains/oauth/oauth-utils.d.ts

@@ -0,0 +1,99 @@
+/**
+ * OAuth Utility Functions
+ *
+ * Implements:
+ * - PKCE (RFC 7636) with S256 method
+ * - Protected Resource Metadata Discovery (RFC 9728)
+ * - Authorization Server Metadata Discovery (RFC 8414)
+ * - Dynamic Client Registration (RFC 7591)
+ * - Token Exchange
+ */
+import type { ClientInfo, ClientRegistrationRequest, OAuthMetadata, PKCEParams, ProtectedResourceMetadata, TokenResponse } from "./oauth-types";
+/**
+ * Generate PKCE parameters with S256 method
+ * Per MCP spec: MUST use S256 when technically capable
+ */
+export declare function generatePKCE(): PKCEParams;
+/**
+ * Generate a cryptographically secure state parameter
+ */
+export declare function generateState(): string;
+/**
+ * Generate a session ID
+ */
+export declare function generateSessionId(): string;
+/**
+ * Parse WWW-Authenticate header to extract resource_metadata URL
+ * Example: Bearer realm="mcp", resource_metadata="http://.../.well-known/oauth-protected-resource"
+ */
+export declare function parseWWWAuthenticate(header: string): {
+    realm?: string;
+    resourceMetadataUrl?: string;
+    scope?: string;
+};
+/**
+ * Discover Protected Resource Metadata from an MCP server
+ * Per RFC 9728 and MCP spec
+ */
+export declare function discoverProtectedResourceMetadata(mcpServerUrl: string): Promise<ProtectedResourceMetadata>;
+/**
+ * Discover Authorization Server Metadata
+ * Per RFC 8414 and OpenID Connect Discovery 1.0
+ */
+export declare function discoverAuthServerMetadata(authServerUrl: string): Promise<OAuthMetadata>;
+/**
+ * Verify that the authorization server supports PKCE with S256
+ * Per MCP spec: MUST refuse to proceed if PKCE not supported
+ *
+ * Note: Many servers don't advertise code_challenge_methods_supported but still support PKCE.
+ * We return { supported: boolean, advertised: boolean } to allow callers to decide.
+ */
+export declare function verifyPKCESupport(metadata: OAuthMetadata): {
+    supported: boolean;
+    advertised: boolean;
+};
+/**
+ * Register client using Dynamic Client Registration
+ * Per RFC 7591
+ */
+export declare function registerClient(registrationEndpoint: string, request: ClientRegistrationRequest): Promise<ClientInfo>;
+/**
+ * Build authorization URL with all required parameters
+ */
+export declare function buildAuthorizationUrl(params: {
+    authorizationEndpoint: string;
+    clientId: string;
+    redirectUri: string;
+    state: string;
+    codeChallenge: string;
+    codeChallengeMethod: string;
+    scope?: string;
+    resource?: string;
+}): string;
+/**
+ * Exchange authorization code for tokens
+ */
+export declare function exchangeCodeForTokens(params: {
+    tokenEndpoint: string;
+    code: string;
+    redirectUri: string;
+    clientId: string;
+    clientSecret?: string;
+    codeVerifier: string;
+    resource?: string;
+}): Promise<TokenResponse>;
+/**
+ * Refresh access token using refresh token
+ */
+export declare function refreshAccessToken(params: {
+    tokenEndpoint: string;
+    refreshToken: string;
+    clientId: string;
+    clientSecret?: string;
+    resource?: string;
+}): Promise<TokenResponse>;
+/**
+ * Get canonical resource URI for an MCP server
+ * Per RFC 8707 - Resource Indicators
+ */
+export declare function getCanonicalResourceUri(mcpServerUrl: string): string;

package/dist/domains/oauth/oauth-utils.js

@@ -0,0 +1,267 @@
+/**
+ * OAuth Utility Functions
+ *
+ * Implements:
+ * - PKCE (RFC 7636) with S256 method
+ * - Protected Resource Metadata Discovery (RFC 9728)
+ * - Authorization Server Metadata Discovery (RFC 8414)
+ * - Dynamic Client Registration (RFC 7591)
+ * - Token Exchange
+ */
+import { createHash, randomBytes, randomUUID } from "node:crypto";
+/**
+ * Generate PKCE parameters with S256 method
+ * Per MCP spec: MUST use S256 when technically capable
+ */
+export function generatePKCE() {
+    // Generate a random 32-byte code verifier (base64url encoded = 43 chars)
+    const codeVerifier = randomBytes(32).toString("base64url");
+    // Create S256 code challenge: BASE64URL(SHA256(code_verifier))
+    const hash = createHash("sha256").update(codeVerifier).digest();
+    const codeChallenge = hash.toString("base64url");
+    return {
+        codeVerifier,
+        codeChallenge,
+        codeChallengeMethod: "S256",
+    };
+}
+/**
+ * Generate a cryptographically secure state parameter
+ */
+export function generateState() {
+    return randomUUID();
+}
+/**
+ * Generate a session ID
+ */
+export function generateSessionId() {
+    return randomUUID();
+}
+/**
+ * Parse WWW-Authenticate header to extract resource_metadata URL
+ * Example: Bearer realm="mcp", resource_metadata="http://.../.well-known/oauth-protected-resource"
+ */
+export function parseWWWAuthenticate(header) {
+    const result = {};
+    // Extract realm
+    const realmMatch = header.match(/realm="([^"]+)"/);
+    if (realmMatch) {
+        result.realm = realmMatch[1];
+    }
+    // Extract resource_metadata
+    const metadataMatch = header.match(/resource_metadata="([^"]+)"/);
+    if (metadataMatch) {
+        result.resourceMetadataUrl = metadataMatch[1];
+    }
+    // Extract scope
+    const scopeMatch = header.match(/scope="([^"]+)"/);
+    if (scopeMatch) {
+        result.scope = scopeMatch[1];
+    }
+    return result;
+}
+/**
+ * Discover Protected Resource Metadata from an MCP server
+ * Per RFC 9728 and MCP spec
+ */
+export async function discoverProtectedResourceMetadata(mcpServerUrl) {
+    const serverUrl = new URL(mcpServerUrl);
+    // First, try to get 401 with WWW-Authenticate header
+    const probeResponse = await fetch(mcpServerUrl, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({}),
+    });
+    if (probeResponse.status === 401) {
+        const authHeader = probeResponse.headers.get("www-authenticate");
+        if (authHeader) {
+            const parsed = parseWWWAuthenticate(authHeader);
+            if (parsed.resourceMetadataUrl) {
+                const metadataResponse = await fetch(parsed.resourceMetadataUrl);
+                if (metadataResponse.ok) {
+                    return (await metadataResponse.json());
+                }
+            }
+        }
+    }
+    // Fallback: try well-known URIs
+    // Try path-specific first, then root
+    const wellKnownPaths = [
+        `${serverUrl.origin}/.well-known/oauth-protected-resource${serverUrl.pathname}`,
+        `${serverUrl.origin}/.well-known/oauth-protected-resource`,
+    ];
+    for (const path of wellKnownPaths) {
+        try {
+            const response = await fetch(path);
+            if (response.ok) {
+                return (await response.json());
+            }
+        }
+        catch (_a) {
+            // Continue to next path
+        }
+    }
+    throw new Error(`Could not discover protected resource metadata for ${mcpServerUrl}`);
+}
+/**
+ * Discover Authorization Server Metadata
+ * Per RFC 8414 and OpenID Connect Discovery 1.0
+ */
+export async function discoverAuthServerMetadata(authServerUrl) {
+    const serverUrl = new URL(authServerUrl);
+    const hasPath = serverUrl.pathname && serverUrl.pathname !== "/";
+    // Build discovery URLs based on MCP spec priority order
+    const discoveryUrls = [];
+    if (hasPath) {
+        // For URLs with path components (e.g., https://auth.example.com/tenant1)
+        const pathWithoutLeadingSlash = serverUrl.pathname.replace(/^\//, "");
+        // 1. OAuth 2.0 Authorization Server Metadata with path insertion
+        discoveryUrls.push(`${serverUrl.origin}/.well-known/oauth-authorization-server/${pathWithoutLeadingSlash}`);
+        // 2. OpenID Connect Discovery 1.0 with path insertion
+        discoveryUrls.push(`${serverUrl.origin}/.well-known/openid-configuration/${pathWithoutLeadingSlash}`);
+        // 3. OpenID Connect Discovery 1.0 path appending
+        discoveryUrls.push(`${authServerUrl}/.well-known/openid-configuration`);
+    }
+    else {
+        // For URLs without path components
+        // 1. OAuth 2.0 Authorization Server Metadata
+        discoveryUrls.push(`${serverUrl.origin}/.well-known/oauth-authorization-server`);
+        // 2. OpenID Connect Discovery 1.0
+        discoveryUrls.push(`${serverUrl.origin}/.well-known/openid-configuration`);
+    }
+    for (const url of discoveryUrls) {
+        try {
+            const response = await fetch(url);
+            if (response.ok) {
+                const metadata = (await response.json());
+                return metadata;
+            }
+        }
+        catch (_a) {
+            // Continue to next URL
+        }
+    }
+    throw new Error(`Could not discover authorization server metadata for ${authServerUrl}`);
+}
+/**
+ * Verify that the authorization server supports PKCE with S256
+ * Per MCP spec: MUST refuse to proceed if PKCE not supported
+ *
+ * Note: Many servers don't advertise code_challenge_methods_supported but still support PKCE.
+ * We return { supported: boolean, advertised: boolean } to allow callers to decide.
+ */
+export function verifyPKCESupport(metadata) {
+    const methods = metadata.code_challenge_methods_supported;
+    if (!methods || methods.length === 0) {
+        // Not advertised, but might still be supported
+        return { supported: true, advertised: false };
+    }
+    return { supported: methods.includes("S256"), advertised: true };
+}
+/**
+ * Register client using Dynamic Client Registration
+ * Per RFC 7591
+ */
+export async function registerClient(registrationEndpoint, request) {
+    const response = await fetch(registrationEndpoint, {
+        method: "POST",
+        headers: {
+            "Content-Type": "application/json",
+        },
+        body: JSON.stringify(request),
+    });
+    if (!response.ok) {
+        const error = await response.text();
+        throw new Error(`Client registration failed: ${response.status} ${error}`);
+    }
+    return (await response.json());
+}
+/**
+ * Build authorization URL with all required parameters
+ */
+export function buildAuthorizationUrl(params) {
+    const url = new URL(params.authorizationEndpoint);
+    url.searchParams.set("response_type", "code");
+    url.searchParams.set("client_id", params.clientId);
+    url.searchParams.set("redirect_uri", params.redirectUri);
+    url.searchParams.set("state", params.state);
+    url.searchParams.set("code_challenge", params.codeChallenge);
+    url.searchParams.set("code_challenge_method", params.codeChallengeMethod);
+    if (params.scope) {
+        url.searchParams.set("scope", params.scope);
+    }
+    // Resource parameter per RFC 8707
+    if (params.resource) {
+        url.searchParams.set("resource", params.resource);
+    }
+    return url.toString();
+}
+/**
+ * Exchange authorization code for tokens
+ */
+export async function exchangeCodeForTokens(params) {
+    const body = new URLSearchParams();
+    body.set("grant_type", "authorization_code");
+    body.set("code", params.code);
+    body.set("redirect_uri", params.redirectUri);
+    body.set("client_id", params.clientId);
+    body.set("code_verifier", params.codeVerifier);
+    if (params.clientSecret) {
+        body.set("client_secret", params.clientSecret);
+    }
+    if (params.resource) {
+        body.set("resource", params.resource);
+    }
+    const response = await fetch(params.tokenEndpoint, {
+        method: "POST",
+        headers: {
+            "Content-Type": "application/x-www-form-urlencoded",
+        },
+        body: body.toString(),
+    });
+    if (!response.ok) {
+        const error = await response.text();
+        throw new Error(`Token exchange failed: ${response.status} ${error}`);
+    }
+    return (await response.json());
+}
+/**
+ * Refresh access token using refresh token
+ */
+export async function refreshAccessToken(params) {
+    const body = new URLSearchParams();
+    body.set("grant_type", "refresh_token");
+    body.set("refresh_token", params.refreshToken);
+    body.set("client_id", params.clientId);
+    if (params.clientSecret) {
+        body.set("client_secret", params.clientSecret);
+    }
+    if (params.resource) {
+        body.set("resource", params.resource);
+    }
+    const response = await fetch(params.tokenEndpoint, {
+        method: "POST",
+        headers: {
+            "Content-Type": "application/x-www-form-urlencoded",
+        },
+        body: body.toString(),
+    });
+    if (!response.ok) {
+        const error = await response.text();
+        throw new Error(`Token refresh failed: ${response.status} ${error}`);
+    }
+    return (await response.json());
+}
+/**
+ * Get canonical resource URI for an MCP server
+ * Per RFC 8707 - Resource Indicators
+ */
+export function getCanonicalResourceUri(mcpServerUrl) {
+    const url = new URL(mcpServerUrl);
+    // Remove trailing slash unless semantically significant
+    let resource = `${url.protocol}//${url.host}${url.pathname}`;
+    if (resource.endsWith("/") && resource !== `${url.protocol}//${url.host}/`) {
+        resource = resource.slice(0, -1);
+    }
+    return resource;
+}

package/dist/domains/package/package-handler.d.ts

@@ -7,12 +7,12 @@ export declare const packageHandler: {
         code: number;
         message: string;
     }>;
-    executeTool: (packageName: string, toolKey: string, inputData: Record<string, unknown>, envs?: Record<string, string>, sandboxProvider?: MCPSandboxProvider) => Promise<{
+    executeTool: (packageName: string, toolKey: string, inputData: Record<string, unknown>, envs?: Record<string, string>, sandboxProvider?: MCPSandboxProvider, accessToken?: string) => Promise<{
         success: boolean;
         code: number;
         message: string;
     }>;
-    listTools: (packageName: string, sandboxProvider?: MCPSandboxProvider) => Promise<{
+    listTools: (packageName: string, sandboxProvider?: MCPSandboxProvider, accessToken?: string) => Promise<{
         success: boolean;
         code: number;
         message: string;

package/dist/domains/package/package-handler.js

@@ -22,11 +22,11 @@ export const packageHandler = {
             throw error;
         }
     },
-    executeTool: async (packageName, toolKey, inputData, envs, sandboxProvider) => {
+    executeTool: async (packageName, toolKey, inputData, envs, sandboxProvider, accessToken) => {
         try {
             const executor = ExecutorFactory.create(sandboxProvider);
             const packageSO = await PackageSO.init(packageName, repository, executor);
-            const result = await packageSO.executeTool(toolKey, inputData, envs);
+            const result = await packageSO.executeTool(toolKey, inputData, envs, accessToken);
             return createResponse(result);
         }
         catch (error) {
@@ -42,11 +42,11 @@ export const packageHandler = {
             throw error;
         }
     },
-    listTools: async (packageName, sandboxProvider) => {
+    listTools: async (packageName, sandboxProvider, accessToken) => {
         try {
             const executor = ExecutorFactory.create(sandboxProvider);
             const packageSO = await PackageSO.init(packageName, repository, executor);
-            const tools = await packageSO.getTools();
+            const tools = await packageSO.getTools(accessToken);
             return createResponse(tools);
         }
         catch (error) {

package/dist/domains/package/package-route.js

@@ -2,7 +2,7 @@ import { createRoute, OpenAPIHono } from "@hono/zod-openapi";
 import { createResponse, createRouteResponses } from "../../shared/utils/response-util";
 import { getPythonDependencies } from "../../shared/utils/validation-util";
 import { packageHandler } from "./package-handler";
-import { ExecuteToolResponseSchema, PackageDetailResponseSchema, PackagesListResponseSchema, packageNameQuerySchema, ToolExecuteSchema, ToolsResponseSchema, } from "./package-schema";
+import { ExecuteToolResponseSchema, PackageDetailResponseSchema, PackagesListResponseSchema, packageNameQuerySchema, ToolExecuteSchema, ToolsResponseSchema, toolsQuerySchema, } from "./package-schema";
 export const packageRoutes = new OpenAPIHono();
 const packageDetailRoute = createRoute({
     method: "get",
@@ -20,14 +20,14 @@ packageRoutes.openapi(packageDetailRoute, async (c) => {
 const toolsRoute = createRoute({
     method: "get",
     path: "/packages/tools",
-    request: { query: packageNameQuerySchema },
+    request: { query: toolsQuerySchema },
     responses: createRouteResponses(ToolsResponseSchema, {
         includeErrorResponses: true,
     }),
 });
 packageRoutes.openapi(toolsRoute, async (c) => {
-    const { packageName, sandboxProvider } = c.req.valid("query");
-    const result = await packageHandler.listTools(packageName, sandboxProvider);
+    const { packageName, sandboxProvider, accessToken } = c.req.valid("query");
+    const result = await packageHandler.listTools(packageName, sandboxProvider, accessToken);
     return c.json(result, 200);
 });
 const executeToolRoute = createRoute({
@@ -49,7 +49,7 @@ const executeToolRoute = createRoute({
 });
 packageRoutes.openapi(executeToolRoute, async (c) => {
     const body = c.req.valid("json");
-    const result = await packageHandler.executeTool(body.packageName, body.toolKey, body.inputData, body.envs, body.sandboxProvider);
+    const result = await packageHandler.executeTool(body.packageName, body.toolKey, body.inputData, body.envs, body.sandboxProvider, body.accessToken);
     return c.json(result, 200);
 });
 const packagesListRoute = createRoute({

package/dist/domains/package/package-schema.d.ts

@@ -9,23 +9,40 @@ export declare const packageNameQuerySchema: z.ZodObject<{
     packageName: string;
     sandboxProvider?: "SANDOCK" | "DAYTONA" | "E2B" | "LOCAL" | undefined;
 }>;
+export declare const toolsQuerySchema: z.ZodObject<{
+    packageName: z.ZodString;
+    sandboxProvider: z.ZodOptional<z.ZodEnum<["LOCAL", "DAYTONA", "SANDOCK", "E2B"]>>;
+} & {
+    accessToken: z.ZodOptional<z.ZodString>;
+}, "strip", z.ZodTypeAny, {
+    packageName: string;
+    accessToken?: string | undefined;
+    sandboxProvider?: "SANDOCK" | "DAYTONA" | "E2B" | "LOCAL" | undefined;
+}, {
+    packageName: string;
+    accessToken?: string | undefined;
+    sandboxProvider?: "SANDOCK" | "DAYTONA" | "E2B" | "LOCAL" | undefined;
+}>;
 export declare const ToolExecuteSchema: z.ZodObject<{
     packageName: z.ZodString;
     toolKey: z.ZodString;
     inputData: z.ZodRecord<z.ZodString, z.ZodUnknown>;
     envs: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
     sandboxProvider: z.ZodOptional<z.ZodEnum<["LOCAL", "DAYTONA", "SANDOCK", "E2B"]>>;
+    accessToken: z.ZodOptional<z.ZodString>;
 }, "strip", z.ZodTypeAny, {
     packageName: string;
     toolKey: string;
     inputData: Record<string, unknown>;
     envs?: Record<string, string> | undefined;
+    accessToken?: string | undefined;
     sandboxProvider?: "SANDOCK" | "DAYTONA" | "E2B" | "LOCAL" | undefined;
 }, {
     packageName: string;
     toolKey: string;
     inputData: Record<string, unknown>;
     envs?: Record<string, string> | undefined;
+    accessToken?: string | undefined;
     sandboxProvider?: "SANDOCK" | "DAYTONA" | "E2B" | "LOCAL" | undefined;
 }>;
 export declare const PackageDetailResponseSchema: z.ZodObject<{
@@ -43,12 +60,30 @@ export declare const PackageDetailResponseSchema: z.ZodObject<{
         remotes: z.ZodOptional<z.ZodArray<z.ZodObject<{
             type: z.ZodLiteral<"streamable-http">;
             url: z.ZodString;
+            auth: z.ZodOptional<z.ZodObject<{
+                type: z.ZodEnum<["oauth2"]>;
+                scopes: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+            }, "strip", z.ZodTypeAny, {
+                type: "oauth2";
+                scopes?: string[] | undefined;
+            }, {
+                type: "oauth2";
+                scopes?: string[] | undefined;
+            }>>;
         }, "strip", z.ZodTypeAny, {
             type: "streamable-http";
             url: string;
+            auth?: {
+                type: "oauth2";
+                scopes?: string[] | undefined;
+            } | undefined;
         }, {
             type: "streamable-http";
             url: string;
+            auth?: {
+                type: "oauth2";
+                scopes?: string[] | undefined;
+            } | undefined;
         }>, "many">>;
         key: z.ZodOptional<z.ZodString>;
         name: z.ZodOptional<z.ZodString>;
@@ -116,6 +151,10 @@ export declare const PackageDetailResponseSchema: z.ZodObject<{
         remotes?: {
             type: "streamable-http";
             url: string;
+            auth?: {
+                type: "oauth2";
+                scopes?: string[] | undefined;
+            } | undefined;
         }[] | undefined;
         readme?: string | undefined;
         license?: string | undefined;
@@ -148,6 +187,10 @@ export declare const PackageDetailResponseSchema: z.ZodObject<{
         remotes?: {
             type: "streamable-http";
             url: string;
+            auth?: {
+                type: "oauth2";
+                scopes?: string[] | undefined;
+            } | undefined;
         }[] | undefined;
         readme?: string | undefined;
         license?: string | undefined;
@@ -185,6 +228,10 @@ export declare const PackageDetailResponseSchema: z.ZodObject<{
         remotes?: {
             type: "streamable-http";
             url: string;
+            auth?: {
+                type: "oauth2";
+                scopes?: string[] | undefined;
+            } | undefined;
         }[] | undefined;
         readme?: string | undefined;
         license?: string | undefined;
@@ -222,6 +269,10 @@ export declare const PackageDetailResponseSchema: z.ZodObject<{
         remotes?: {
             type: "streamable-http";
             url: string;
+            auth?: {
+                type: "oauth2";
+                scopes?: string[] | undefined;
+            } | undefined;
         }[] | undefined;
         readme?: string | undefined;
         license?: string | undefined;

package/dist/domains/package/package-schema.js

@@ -18,6 +18,16 @@ export const packageNameQuerySchema = z.object({
         description: "Optional sandbox provider to override default (LOCAL, DAYTONA, SANDOCK, E2B)",
     }),
 });
+export const toolsQuerySchema = packageNameQuerySchema.extend({
+    accessToken: z
+        .string()
+        .optional()
+        .openapi({
+        param: { name: "accessToken", in: "query" },
+        description: "OAuth access token for MCP servers that require OAuth authentication. " +
+            "This token will be included in the Authorization header when calling the MCP server.",
+    }),
+});
 export const ToolExecuteSchema = z
     .object({
     packageName: z.string().openapi({ example: "@modelcontextprotocol/server-filesystem" }),
@@ -28,6 +38,13 @@ export const ToolExecuteSchema = z
         example: "LOCAL",
         description: "Optional sandbox provider to override default (LOCAL, DAYTONA, SANDOCK, E2B)",
     }),
+    accessToken: z
+        .string()
+        .optional()
+        .openapi({
+        description: "OAuth access token for MCP servers that require OAuth authentication. " +
+            "This token will be included in the Authorization header when calling the MCP server.",
+    }),
 })
     .openapi("ToolExecute");
 const ToolDataSchema = z.object({

package/dist/domains/package/package-so.d.ts

@@ -27,6 +27,10 @@ export declare class PackageSO {
         remotes?: {
             type: "streamable-http";
             url: string;
+            auth?: {
+                type: "oauth2";
+                scopes?: string[] | undefined;
+            } | undefined;
         }[] | undefined;
         readme?: string | undefined;
         license?: string | undefined;
@@ -38,7 +42,7 @@ export declare class PackageSO {
         }> | undefined;
     };
     static init(packageName: string, repository: PackageRepository, executor: ToolExecutor): Promise<PackageSO>;
-    getTools(): Promise<Tool[]>;
-    executeTool(toolKey: string, inputData: Record<string, unknown>, envs?: Record<string, string>): Promise<unknown>;
+    getTools(accessToken?: string): Promise<Tool[]>;
+    executeTool(toolKey: string, inputData: Record<string, unknown>, envs?: Record<string, string>, accessToken?: string): Promise<unknown>;
     getDetailWithTools(): Promise<MCPServerPackageConfigWithTools>;
 }

package/dist/domains/package/package-so.js

@@ -36,15 +36,16 @@ export class PackageSO {
         const packageInfo = allPackages[packageName] || {};
         return new PackageSO(packageName, config, packageInfo, executor);
     }
-    async getTools() {
-        return await this._executor.listTools(this.packageName);
+    async getTools(accessToken) {
+        return await this._executor.listTools(this.packageName, accessToken);
     }
-    async executeTool(toolKey, inputData, envs) {
+    async executeTool(toolKey, inputData, envs, accessToken) {
         return await this._executor.executeTool({
             packageName: this.packageName,
             toolKey,
             inputData,
             envs,
+            accessToken,
         });
     }
     async getDetailWithTools() {