@wonderwhy-er/desktop-commander 0.2.16 → 0.2.18-alpha.0

package/dist/http-server-named-tunnel.js

@@ -0,0 +1,167 @@
+#!/usr/bin/env node
+import { spawn } from 'child_process';
+console.log('🚀 Starting Desktop Commander with Named Cloudflare Tunnel');
+console.log('');
+// Configuration - can be overridden with environment variables
+const TUNNEL_NAME = process.env.TUNNEL_NAME || 'desktop-commander';
+const TUNNEL_URL = process.env.TUNNEL_URL; // Must be provided if tunnel exists
+const PORT = process.env.PORT || '3000';
+// Check if cloudflared is available
+const checkCloudflared = spawn('which', ['cloudflared']);
+checkCloudflared.on('close', (code) => {
+    if (code !== 0) {
+        console.error('❌ cloudflared not found');
+        console.error('');
+        console.error('📦 Install cloudflared:');
+        console.error('   macOS:   brew install cloudflare/cloudflare/cloudflared');
+        console.error('   Linux:   https://github.com/cloudflare/cloudflared');
+        console.error('   Windows: https://github.com/cloudflare/cloudflared');
+        console.error('');
+        process.exit(1);
+    }
+    checkTunnelExists();
+});
+function checkTunnelExists() {
+    console.log('🔍 Checking for existing tunnel...');
+    // List existing tunnels
+    const listTunnels = spawn('cloudflared', ['tunnel', 'list']);
+    let output = '';
+    listTunnels.stdout.on('data', (data) => {
+        output += data.toString();
+    });
+    listTunnels.stderr.on('data', (data) => {
+        // Ignore stderr for now
+    });
+    listTunnels.on('close', (code) => {
+        if (code !== 0) {
+            console.error('❌ Failed to list tunnels. Make sure you are logged in:');
+            console.error('   Run: cloudflared tunnel login');
+            console.error('');
+            process.exit(1);
+        }
+        // Check if tunnel exists
+        const tunnelExists = output.includes(TUNNEL_NAME);
+        if (!tunnelExists) {
+            console.log(`❌ Tunnel "${TUNNEL_NAME}" not found`);
+            console.log('');
+            console.log('📝 Setup Instructions:');
+            console.log('');
+            console.log('1️⃣  Login to Cloudflare:');
+            console.log('   cloudflared tunnel login');
+            console.log('');
+            console.log('2️⃣  Create the tunnel:');
+            console.log(`   cloudflared tunnel create ${TUNNEL_NAME}`);
+            console.log('');
+            console.log('3️⃣  Get the tunnel credentials:');
+            console.log('   - Note the Tunnel ID from the output');
+            console.log(`   - Find credentials at: ~/.cloudflared/<TUNNEL-ID>.json`);
+            console.log('');
+            console.log('4️⃣  Create config file at ~/.cloudflared/config.yml:');
+            console.log('   tunnel: <YOUR-TUNNEL-ID>');
+            console.log('   credentials-file: ~/.cloudflared/<YOUR-TUNNEL-ID>.json');
+            console.log('   ingress:');
+            console.log(`     - hostname: dc.yourdomain.com  # Your domain or use *.trycloudflare.com`);
+            console.log(`     - service: http://localhost:${PORT}`);
+            console.log('     - service: http_status:404');
+            console.log('');
+            console.log('5️⃣  (Optional) Route DNS if using custom domain:');
+            console.log(`   cloudflared tunnel route dns ${TUNNEL_NAME} dc.yourdomain.com`);
+            console.log('');
+            console.log('6️⃣  Set your tunnel URL and run:');
+            console.log('   export TUNNEL_URL=https://dc.yourdomain.com');
+            console.log(`   npm run start:named-tunnel`);
+            console.log('');
+            process.exit(1);
+        }
+        if (!TUNNEL_URL) {
+            console.error('❌ TUNNEL_URL environment variable not set');
+            console.error('');
+            console.error('Set your stable tunnel URL:');
+            console.error('   export TUNNEL_URL=https://your-tunnel-url.com');
+            console.error(`   npm run start:named-tunnel`);
+            console.error('');
+            console.error('Or check your config at ~/.cloudflared/config.yml for the hostname');
+            console.error('');
+            process.exit(1);
+        }
+        console.log(`✅ Found tunnel: ${TUNNEL_NAME}`);
+        console.log(`   URL: ${TUNNEL_URL}`);
+        console.log('');
+        startNamedTunnel();
+    });
+}
+function startNamedTunnel() {
+    // Start the HTTP server first with the known URL
+    console.log('📡 Starting Desktop Commander HTTP server...');
+    const server = startServer(TUNNEL_URL);
+    // Give server a moment to start
+    setTimeout(() => {
+        console.log('');
+        console.log('🌐 Starting named Cloudflare Tunnel...');
+        console.log(`   Tunnel name: ${TUNNEL_NAME}`);
+        console.log(`   Public URL: ${TUNNEL_URL}`);
+        console.log('');
+        const tunnel = spawn('cloudflared', ['tunnel', 'run', TUNNEL_NAME]);
+        tunnel.stdout.on('data', (data) => {
+            process.stdout.write(data);
+        });
+        tunnel.stderr.on('data', (data) => {
+            process.stderr.write(data);
+        });
+        tunnel.on('error', (err) => {
+            console.error('❌ Tunnel failed to start:', err);
+            console.error('');
+            console.error('Troubleshooting:');
+            console.error('1. Check config file: ~/.cloudflared/config.yml');
+            console.error('2. Verify credentials file exists');
+            console.error(`3. Try: cloudflared tunnel info ${TUNNEL_NAME}`);
+            console.error('');
+            server.kill();
+            process.exit(1);
+        });
+        tunnel.on('close', (code) => {
+            console.log('');
+            console.log('🔴 Tunnel closed with code:', code);
+            server.kill();
+            process.exit(code || 0);
+        });
+        // Cleanup on exit
+        process.on('SIGINT', () => {
+            console.log('');
+            console.log('🛑 Shutting down...');
+            tunnel.kill();
+            server.kill();
+            process.exit(0);
+        });
+        process.on('SIGTERM', () => {
+            tunnel.kill();
+            server.kill();
+            process.exit(0);
+        });
+    }, 1000); // Wait 1 second for server to initialize
+}
+function startServer(baseURL) {
+    const server = spawn('node', ['dist/http-server.js'], {
+        env: {
+            ...process.env,
+            BASE_URL: baseURL,
+            PORT: PORT
+        },
+        stdio: ['ignore', 'pipe', 'pipe']
+    });
+    server.stdout.on('data', (data) => {
+        process.stdout.write(data);
+    });
+    server.stderr.on('data', (data) => {
+        process.stderr.write(data);
+    });
+    server.on('error', (err) => {
+        console.error('❌ Server failed to start:', err);
+        process.exit(1);
+    });
+    server.on('close', (code) => {
+        console.log('');
+        console.log('🔴 Server closed with code:', code);
+    });
+    return server;
+}

package/dist/http-server-tunnel.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/dist/http-server-tunnel.js

@@ -0,0 +1,111 @@
+#!/usr/bin/env node
+import { spawn } from 'child_process';
+console.log('🚀 Starting Desktop Commander HTTP Server with Cloudflare Tunnel');
+console.log('');
+// Check if cloudflared is available
+const checkCloudflared = spawn('which', ['cloudflared']);
+checkCloudflared.on('close', (code) => {
+    if (code !== 0) {
+        console.error('❌ cloudflared not found');
+        console.error('');
+        console.error('📦 Install cloudflared:');
+        console.error('   macOS:   brew install cloudflare/cloudflare/cloudflared');
+        console.error('   Linux:   https://github.com/cloudflare/cloudflared');
+        console.error('   Windows: https://github.com/cloudflare/cloudflared');
+        console.error('');
+        process.exit(1);
+    }
+    startTunnel();
+});
+function startTunnel() {
+    console.log('🌐 Starting Cloudflare Tunnel...');
+    console.log('⏳ Waiting for tunnel URL...');
+    console.log('');
+    // Start cloudflare tunnel
+    const tunnel = spawn('cloudflared', ['tunnel', '--url', 'http://localhost:3000']);
+    let tunnelURL = null;
+    let server = null;
+    tunnel.stdout.on('data', (data) => {
+        const output = data.toString();
+        process.stdout.write(data);
+        // Look for the tunnel URL in cloudflared output
+        // Format: https://random-name.trycloudflare.com
+        const urlMatch = output.match(/https:\/\/[a-z0-9-]+\.trycloudflare\.com/i);
+        if (urlMatch && !tunnelURL) {
+            tunnelURL = urlMatch[0];
+            console.log('');
+            console.log('✅ Tunnel URL detected:', tunnelURL);
+            console.log('');
+            // Now start the server with the correct BASE_URL (tunnelURL is guaranteed to be non-null here)
+            server = startServer(tunnelURL);
+        }
+    });
+    tunnel.stderr.on('data', (data) => {
+        const output = data.toString();
+        process.stderr.write(data);
+        // Also check stderr for the URL
+        const urlMatch = output.match(/https:\/\/[a-z0-9-]+\.trycloudflare\.com/i);
+        if (urlMatch && !tunnelURL) {
+            tunnelURL = urlMatch[0];
+            console.log('');
+            console.log('✅ Tunnel URL detected:', tunnelURL);
+            console.log('');
+            // Now start the server with the correct BASE_URL (tunnelURL is guaranteed to be non-null here)
+            server = startServer(tunnelURL);
+        }
+    });
+    tunnel.on('error', (err) => {
+        console.error('❌ Tunnel failed to start:', err);
+        process.exit(1);
+    });
+    tunnel.on('close', (code) => {
+        console.log('');
+        console.log('🔴 Tunnel closed with code:', code);
+        if (server)
+            server.kill();
+        process.exit(code);
+    });
+    // Cleanup on exit
+    process.on('SIGINT', () => {
+        console.log('');
+        console.log('🛑 Shutting down...');
+        tunnel.kill();
+        if (server)
+            server.kill();
+        process.exit(0);
+    });
+    process.on('SIGTERM', () => {
+        tunnel.kill();
+        if (server)
+            server.kill();
+        process.exit(0);
+    });
+}
+function startServer(baseURL) {
+    console.log('📡 Starting Desktop Commander HTTP server with BASE_URL:', baseURL);
+    console.log('');
+    // Start the http-server with the tunnel URL
+    const server = spawn('node', ['dist/http-server.js'], {
+        env: {
+            ...process.env,
+            BASE_URL: baseURL,
+            PORT: '3000'
+        },
+        stdio: ['ignore', 'pipe', 'pipe']
+    });
+    server.stdout.on('data', (data) => {
+        process.stdout.write(data);
+    });
+    server.stderr.on('data', (data) => {
+        process.stderr.write(data);
+    });
+    server.on('error', (err) => {
+        console.error('❌ Server failed to start:', err);
+        process.exit(1);
+    });
+    server.on('close', (code) => {
+        console.log('');
+        console.log('🔴 Server closed with code:', code);
+    });
+    return server;
+}

package/dist/http-server.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/dist/http-server.js

@@ -0,0 +1,270 @@
+#!/usr/bin/env node
+import express from 'express';
+import cors from 'cors';
+import { randomUUID } from 'node:crypto';
+import { StreamableHTTPServerTransport } from '@modelcontextprotocol/sdk/server/streamableHttp.js';
+import { InMemoryEventStore } from '@modelcontextprotocol/sdk/examples/shared/inMemoryEventStore.js';
+import { isInitializeRequest } from '@modelcontextprotocol/sdk/types.js';
+import { server as baseServer } from './server.js';
+import { configManager } from './config-manager.js';
+import { OAuthManager, createOAuthRoutes, createAuthMiddleware } from './oauth/index.js';
+// Configuration
+const MCP_PORT = process.env.PORT || 3000;
+const BASE_URL = process.env.BASE_URL || `http://localhost:${MCP_PORT}`;
+const REQUIRE_AUTH = process.env.REQUIRE_AUTH === 'true';
+console.log(`🚀 Starting Desktop Commander HTTP Server`);
+console.log(`   Port: ${MCP_PORT}`);
+console.log(`   Base URL: ${BASE_URL}`);
+console.log(`   Auth: ${REQUIRE_AUTH ? 'ENABLED (OAuth)' : 'DISABLED (development mode)'}`);
+const app = express();
+// Log ALL incoming requests for debugging
+app.use((req, res, next) => {
+    console.log(`\n🌐 ${req.method} ${req.path}`);
+    if (Object.keys(req.query).length > 0) {
+        console.log(`   Query:`, req.query);
+    }
+    if (req.headers.authorization) {
+        console.log(`   Auth: Bearer token present`);
+    }
+    // Capture response
+    const originalJson = res.json.bind(res);
+    const originalSend = res.send.bind(res);
+    const originalEnd = res.end.bind(res);
+    res.json = function (data) {
+        console.log(`   📤 Response ${res.statusCode}:`, JSON.stringify(data, null, 2).substring(0, 500));
+        return originalJson(data);
+    };
+    res.send = function (data) {
+        if (typeof data === 'string' && data.length < 200) {
+            console.log(`   📤 Response ${res.statusCode}: ${data.substring(0, 200)}`);
+        }
+        else {
+            console.log(`   📤 Response ${res.statusCode}: [${typeof data}]`);
+        }
+        return originalSend(data);
+    };
+    res.end = function (data) {
+        console.log(`   📤 Response ended: ${res.statusCode}`);
+        return originalEnd(data);
+    };
+    next();
+});
+// Initialize OAuth if enabled
+const oauthManager = REQUIRE_AUTH ? new OAuthManager(BASE_URL) : null;
+// Middleware
+app.use(cors({
+    origin: '*',
+    exposedHeaders: ['Mcp-Session-Id']
+}));
+app.use(express.json());
+app.use(express.urlencoded({ extended: true }));
+// Add OAuth routes if enabled
+if (oauthManager) {
+    const oauthRoutes = createOAuthRoutes(oauthManager, BASE_URL);
+    app.use(oauthRoutes);
+    console.log('🔐 OAuth routes registered');
+}
+// Create auth middleware
+const authMiddleware = createAuthMiddleware(oauthManager, BASE_URL, REQUIRE_AUTH);
+// Map to store transports by session ID (session-based mode like oauth-test)
+const transports = {};
+// Health check endpoint
+app.get('/', (req, res) => {
+    res.json({
+        name: 'Desktop Commander HTTP Server',
+        version: '0.3.0-alpha',
+        status: 'ready',
+        auth: REQUIRE_AUTH ? 'enabled' : 'disabled',
+        mode: 'session-based',
+        endpoints: {
+            mcp: '/mcp',
+            health: '/',
+            ...(REQUIRE_AUTH ? {
+                oauth_discovery: '/.well-known/oauth-authorization-server',
+                resource_metadata: '/.well-known/oauth-protected-resource',
+                register: '/register',
+                authorize: '/authorize',
+                token: '/token'
+            } : {})
+        }
+    });
+});
+// MCP POST endpoint - handles initialization and tool calls
+app.post('/mcp', authMiddleware, async (req, res) => {
+    const sessionId = req.headers['mcp-session-id'];
+    console.log(`\n📥 POST /mcp`);
+    console.log(`   Session: ${sessionId || 'new'}`);
+    console.log(`   Method: ${req.body?.method}`);
+    if (req.auth) {
+        console.log(`   User: ${req.auth.username} (${req.auth.client_id})`);
+    }
+    console.log(`   Headers:`, JSON.stringify({
+        'content-type': req.headers['content-type'],
+        'accept': req.headers['accept'],
+        'mcp-session-id': req.headers['mcp-session-id'],
+        'user-agent': req.headers['user-agent']
+    }, null, 2));
+    try {
+        let transport;
+        // Check if this is an existing session
+        if (sessionId && transports[sessionId]) {
+            transport = transports[sessionId];
+            console.log(`   ♻️  Using existing session`);
+        }
+        // Check if this is a new initialize request
+        else if (!sessionId && isInitializeRequest(req.body)) {
+            console.log(`   🆕 Creating new session`);
+            const eventStore = new InMemoryEventStore();
+            transport = new StreamableHTTPServerTransport({
+                sessionIdGenerator: () => randomUUID(),
+                eventStore,
+                enableJsonResponse: true, // CRITICAL: Avoid SSE through cloudflare tunnel
+                onsessioninitialized: (sid) => {
+                    console.log(`   ✅ Session initialized: ${sid}`);
+                    transports[sid] = transport;
+                }
+            });
+            transport.onclose = () => {
+                const sid = transport.sessionId;
+                if (sid && transports[sid]) {
+                    console.log(`   🔴 Session closed: ${sid}`);
+                    delete transports[sid];
+                }
+            };
+            // Connect the shared base server to this transport
+            // Note: MCP SDK allows one server to be connected to multiple transports
+            await baseServer.connect(transport);
+            await transport.handleRequest(req, res, req.body);
+            return;
+        }
+        // Invalid request
+        else {
+            console.log(`   ❌ Invalid request: no session ID and not an initialize request`);
+            res.status(400).json({
+                jsonrpc: '2.0',
+                error: {
+                    code: -32000,
+                    message: 'Bad Request: No valid session ID or not an initialize request'
+                },
+                id: null
+            });
+            return;
+        }
+        await transport.handleRequest(req, res, req.body);
+    }
+    catch (error) {
+        console.error('❌ Error handling MCP request:', error);
+        if (!res.headersSent) {
+            res.status(500).json({
+                jsonrpc: '2.0',
+                error: {
+                    code: -32603,
+                    message: 'Internal error',
+                    data: error instanceof Error ? error.message : String(error)
+                },
+                id: null
+            });
+        }
+    }
+});
+// MCP GET endpoint - handles Server-Sent Events (SSE) for notifications
+// DISABLED when using enableJsonResponse: true
+app.get('/mcp', authMiddleware, async (req, res) => {
+    const sessionId = req.headers['mcp-session-id'];
+    console.log(`\n📥 GET /mcp (SSE) - Session: ${sessionId}`);
+    console.log(`   ❌ SSE not supported in JSON-only mode`);
+    // Return error - SSE not supported when using JSON-only mode
+    return res.status(400).json({
+        jsonrpc: '2.0',
+        error: {
+            code: -32000,
+            message: 'SSE not supported. Use POST with mcp-session-id header for all requests.'
+        },
+        id: null
+    });
+});
+// MCP DELETE endpoint - handles session termination
+app.delete('/mcp', authMiddleware, async (req, res) => {
+    const sessionId = req.headers['mcp-session-id'];
+    console.log(`\n🗑️  DELETE /mcp - Session: ${sessionId}`);
+    if (!sessionId || !transports[sessionId]) {
+        return res.status(400).send('Invalid session ID');
+    }
+    const transport = transports[sessionId];
+    try {
+        await transport.handleRequest(req, res);
+    }
+    catch (error) {
+        console.error('❌ Error handling DELETE:', error);
+        if (!res.headersSent) {
+            res.status(500).send('Error terminating session');
+        }
+    }
+});
+// Start the server
+async function startServer() {
+    // Load configuration
+    try {
+        console.log('📁 Loading configuration...');
+        await configManager.loadConfig();
+        console.log('✅ Configuration loaded successfully');
+    }
+    catch (configError) {
+        console.error('⚠️  Failed to load configuration:', configError instanceof Error ? configError.message : String(configError));
+        console.log('   Continuing with default configuration...');
+    }
+    app.listen(MCP_PORT, () => {
+        console.log(`\n✅ Desktop Commander HTTP Server listening on port ${MCP_PORT}`);
+        console.log(`\n📋 Available endpoints:`);
+        console.log(`   GET  /      - Health check`);
+        console.log(`   POST /mcp   - MCP requests`);
+        console.log(`   GET  /mcp   - Server-Sent Events (SSE)`);
+        console.log(`   DELETE /mcp - Terminate session`);
+        if (REQUIRE_AUTH) {
+            console.log(`\n🔐 OAuth endpoints:`);
+            console.log(`   GET  /.well-known/oauth-authorization-server  - Discovery`);
+            console.log(`   GET  /.well-known/oauth-protected-resource    - Resource metadata`);
+            console.log(`   POST /register   - Client registration`);
+            console.log(`   GET  /authorize  - Authorization (login page)`);
+            console.log(`   POST /token      - Token exchange`);
+            console.log(`\n👤 Demo credentials: admin / password123`);
+        }
+        console.log(`\n🔗 Test with MCP Inspector:`);
+        console.log(`   npx @modelcontextprotocol/inspector ${BASE_URL}/mcp`);
+        console.log(`\n📝 Mode: Session-based ${REQUIRE_AUTH ? '(OAuth enabled)' : '(no auth)'}`);
+        console.log(``);
+    }).on('error', (error) => {
+        console.error('❌ Failed to start HTTP server:', error);
+        process.exit(1);
+    });
+}
+// Handle errors
+process.on('uncaughtException', (error) => {
+    console.error('❌ Uncaught exception:', error);
+    console.error('Stack trace:', error.stack);
+    process.exit(1);
+});
+process.on('unhandledRejection', (reason, promise) => {
+    console.error('❌ Unhandled rejection at:', promise);
+    console.error('Reason:', reason);
+    process.exit(1);
+});
+// Graceful shutdown
+process.on('SIGINT', async () => {
+    console.log('\n🛑 Shutting down...');
+    for (const sessionId in transports) {
+        try {
+            await transports[sessionId].close();
+            delete transports[sessionId];
+        }
+        catch (error) {
+            console.error(`Error closing ${sessionId}:`, error);
+        }
+    }
+    process.exit(0);
+});
+// Start the server
+startServer().catch((error) => {
+    console.error('❌ Failed to start server:', error);
+    process.exit(1);
+});

package/dist/index.js

@@ -2,6 +2,7 @@
 import { FilteredStdioServerTransport } from './custom-stdio.js';
 import { server, flushDeferredMessages } from './server.js';
 import { configManager } from './config-manager.js';
+import { featureFlagManager } from './utils/feature-flags.js';
 import { runSetup } from './npm-scripts/setup.js';
 import { runUninstall } from './npm-scripts/uninstall.js';
 import { capture } from './utils/capture.js';
@@ -34,6 +35,9 @@ async function runServer() {
             deferLog('info', 'Loading configuration...');
             await configManager.loadConfig();
             deferLog('info', 'Configuration loaded successfully');
+            // Initialize feature flags (non-blocking)
+            deferLog('info', 'Initializing feature flags...');
+            await featureFlagManager.initialize();
         }
         catch (configError) {
             deferLog('error', `Failed to load configuration: ${configError instanceof Error ? configError.message : String(configError)}`);

package/dist/oauth/auth-middleware.d.ts

@@ -0,0 +1,20 @@
+import { Request, Response, NextFunction } from 'express';
+import { OAuthManager } from './oauth-manager.js';
+declare global {
+    namespace Express {
+        interface Request {
+            auth?: {
+                username: string;
+                client_id: string;
+                scope: string;
+            };
+        }
+    }
+}
+/**
+ * Create authentication middleware for MCP endpoints
+ *
+ * ChatGPT Workaround: Allow unauthenticated tools/list and initialize requests
+ * but require auth for actual tool calls
+ */
+export declare function createAuthMiddleware(oauthManager: OAuthManager | null, baseUrl: string, requireAuth: boolean): (req: Request, res: Response, next: NextFunction) => Promise<void | Response<any, Record<string, any>>>;

package/dist/oauth/auth-middleware.js

@@ -0,0 +1,62 @@
+/**
+ * Create authentication middleware for MCP endpoints
+ *
+ * ChatGPT Workaround: Allow unauthenticated tools/list and initialize requests
+ * but require auth for actual tool calls
+ */
+export function createAuthMiddleware(oauthManager, baseUrl, requireAuth) {
+    return async (req, res, next) => {
+        // Skip auth if disabled
+        if (!requireAuth || !oauthManager) {
+            return next();
+        }
+        // CHATGPT WORKAROUND: Allow unauthenticated discovery requests
+        // ChatGPT needs to see tools before authenticating
+        const method = req.body?.method;
+        if (method === 'initialize' || method === 'tools/list') {
+            console.log(`⚠️  Allowing unauthenticated ${method} for ChatGPT compatibility`);
+            return next();
+        }
+        const auth = req.headers.authorization;
+        // Check for Bearer token
+        if (!auth || !auth.startsWith('Bearer ')) {
+            console.log(`❌ Auth failed: No Bearer token provided for ${method}`);
+            return res.status(401)
+                .set('WWW-Authenticate', `Bearer resource_metadata="${baseUrl}/.well-known/oauth-protected-resource"`)
+                .json({
+                jsonrpc: '2.0',
+                error: {
+                    code: -32001,
+                    message: 'Authorization required',
+                    data: 'Bearer token must be provided in Authorization header'
+                },
+                id: null
+            });
+        }
+        // Extract token
+        const token = auth.substring(7); // Remove "Bearer " prefix
+        // Validate token
+        const validation = oauthManager.validateToken(token);
+        if (!validation.valid) {
+            console.log(`❌ Auth failed: ${validation.error}`);
+            return res.status(401).json({
+                jsonrpc: '2.0',
+                error: {
+                    code: -32001,
+                    message: 'Invalid or expired token',
+                    data: validation.error
+                },
+                id: null
+            });
+        }
+        // Attach user info to request
+        req.auth = {
+            username: validation.username,
+            client_id: validation.client_id,
+            scope: validation.scope
+        };
+        // Log authenticated request
+        console.log(`✅ Authenticated: ${req.auth.username} (${req.auth.client_id})`);
+        next();
+    };
+}

package/dist/oauth/index.d.ts

@@ -0,0 +1,3 @@
+export { OAuthManager } from './oauth-manager.js';
+export { createOAuthRoutes } from './oauth-routes.js';
+export { createAuthMiddleware } from './auth-middleware.js';

package/dist/oauth/index.js

@@ -0,0 +1,3 @@
+export { OAuthManager } from './oauth-manager.js';
+export { createOAuthRoutes } from './oauth-routes.js';
+export { createAuthMiddleware } from './auth-middleware.js';