@zuplo/runtime 6.71.26 → 6.72.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/out/esm/{chunk-D3O7C43P.js → chunk-FAOWNDMK.js} +55 -55
- package/out/esm/{chunk-D3O7C43P.js.map → chunk-FAOWNDMK.js.map} +1 -1
- package/out/esm/index.js +1 -1
- package/out/esm/mcp-gateway/index.js +13 -13
- package/out/esm/mcp-gateway/index.js.map +1 -1
- package/out/types/mcp-gateway/index.d.ts +192 -0
- package/package.json +1 -1
- /package/out/esm/{chunk-D3O7C43P.js.LEGAL.txt → chunk-FAOWNDMK.js.LEGAL.txt} +0 -0
|
@@ -1,5 +1,57 @@
|
|
|
1
1
|
import { z } from "zod/v4";
|
|
2
2
|
|
|
3
|
+
/**
|
|
4
|
+
* Optional per-caller access control. Defaults to mode 'allPublic' (no access control). Set mode to 'rolesAndGroups' to match the caller's role/group claims against each capability's markup (every capability must then set roles/groups or public: true), or 'function' to delegate to a custom resolver.
|
|
5
|
+
* @public
|
|
6
|
+
*/
|
|
7
|
+
declare interface AccessControl {
|
|
8
|
+
/**
|
|
9
|
+
* Access-control strategy. 'allPublic' (default): no access control; roles/groups/public markup is not allowed. 'rolesAndGroups': match the caller's role and group claims against each capability's markup. 'function': delegate to the resolver named by 'identifier'.
|
|
10
|
+
*/
|
|
11
|
+
mode?: "allPublic" | "rolesAndGroups" | "function";
|
|
12
|
+
/**
|
|
13
|
+
* Property on request.user.data holding the caller's roles (commonly a JWT 'roles' claim, but request.user.data is set by whichever auth policy ran — JWT, API key, etc.), matched against each capability's 'roles'. Supports a dot-path for nested values, e.g. 'realm_access.roles'. Used in mode 'rolesAndGroups'. Defaults to 'roles'.
|
|
14
|
+
*/
|
|
15
|
+
roleClaim?: string;
|
|
16
|
+
/**
|
|
17
|
+
* Property on request.user.data holding the caller's groups (commonly a JWT 'groups' claim, but request.user.data is set by whichever auth policy ran — JWT, API key, etc.), matched against each capability's 'groups'. Supports a dot-path for nested values, e.g. 'cognito:groups'. Used in mode 'rolesAndGroups'. Defaults to 'groups'.
|
|
18
|
+
*/
|
|
19
|
+
groupClaim?: string;
|
|
20
|
+
/**
|
|
21
|
+
* Custom capability resolver, required when mode is 'function'. It fully replaces built-in roles/groups matching.
|
|
22
|
+
*/
|
|
23
|
+
identifier?: {
|
|
24
|
+
/**
|
|
25
|
+
* Module to load the resolver from, e.g. $import(./modules/mcp-access-control).
|
|
26
|
+
*/
|
|
27
|
+
module: string;
|
|
28
|
+
/**
|
|
29
|
+
* Named export of the resolver function, e.g. 'default'.
|
|
30
|
+
*/
|
|
31
|
+
export: string;
|
|
32
|
+
};
|
|
33
|
+
}
|
|
34
|
+
|
|
35
|
+
/**
|
|
36
|
+
* The set of MCP capabilities a caller is permitted to see and invoke, returned
|
|
37
|
+
* by an {@link McpCapabilityResolver}. Each array lists the allowed identifiers
|
|
38
|
+
* (tool/prompt names, resource/template URIs).
|
|
39
|
+
*
|
|
40
|
+
* Omit a property to leave that capability type unrestricted (it falls back to
|
|
41
|
+
* the static allowlist). Return an empty array to expose none of that type.
|
|
42
|
+
* Returned identifiers are always clamped to the policy's configured catalog, so
|
|
43
|
+
* a resolver can only ever narrow access, never widen it — a capability type
|
|
44
|
+
* left as passthrough (no static allowlist) is therefore not narrowed at all.
|
|
45
|
+
*
|
|
46
|
+
* @public
|
|
47
|
+
*/
|
|
48
|
+
export declare interface AllowedCapabilities {
|
|
49
|
+
tools?: string[];
|
|
50
|
+
prompts?: string[];
|
|
51
|
+
resources?: string[];
|
|
52
|
+
resourceTemplates?: string[];
|
|
53
|
+
}
|
|
54
|
+
|
|
3
55
|
/**
|
|
4
56
|
* MCP tool annotations to expose downstream.
|
|
5
57
|
* @public
|
|
@@ -68,6 +120,22 @@ declare interface BuildRouteConfiguration {
|
|
|
68
120
|
/* Excluded from this release type: raw */
|
|
69
121
|
}
|
|
70
122
|
|
|
123
|
+
/**
|
|
124
|
+
* Built-in resolver for `accessControl.mode: "rolesAndGroups"`.
|
|
125
|
+
*
|
|
126
|
+
* Reads the caller's roles and groups from two properties on `request.user.data`
|
|
127
|
+
* (`accessControl.roleClaim` / `accessControl.groupClaim`, defaulting to
|
|
128
|
+
* `roles`/`groups`, each allowing a dot-path such as `realm_access.roles`).
|
|
129
|
+
* `request.user.data` is populated by whichever auth policy ran (JWT claims,
|
|
130
|
+
* API-key metadata, etc.). A capability marked `public: true` is allowed for
|
|
131
|
+
* everyone; otherwise the caller must match any listed role or group. In this
|
|
132
|
+
* mode every capability must be classified (see {@link assertClassified}), so
|
|
133
|
+
* nothing is public by omission.
|
|
134
|
+
*
|
|
135
|
+
* @public
|
|
136
|
+
*/
|
|
137
|
+
export declare const claimsCapabilityResolver: McpCapabilityResolver;
|
|
138
|
+
|
|
71
139
|
/**
|
|
72
140
|
* The 2-letter continent codes Cloudflare uses
|
|
73
141
|
* @public
|
|
@@ -135,6 +203,14 @@ declare const EventType: {
|
|
|
135
203
|
|
|
136
204
|
declare type EventType = (typeof EventType)[keyof typeof EventType];
|
|
137
205
|
|
|
206
|
+
/**
|
|
207
|
+
* Access control: groups allowed to see and invoke this capability. Matched against the caller's groups on request.user.data (accessControl.groupClaim, default 'groups'). Used when accessControl.mode is 'rolesAndGroups'.
|
|
208
|
+
*
|
|
209
|
+
* @minItems 1
|
|
210
|
+
* @public
|
|
211
|
+
*/
|
|
212
|
+
declare type Groups = [string, ...string[]];
|
|
213
|
+
|
|
138
214
|
/**
|
|
139
215
|
* @public
|
|
140
216
|
*/
|
|
@@ -1138,6 +1214,10 @@ declare const mcpAuth0OAuthOptionsSchema: z.ZodObject<
|
|
|
1138
1214
|
* with a customer-facing `ConfigurationError` instead of failing at module
|
|
1139
1215
|
* load.
|
|
1140
1216
|
*
|
|
1217
|
+
* Optional per-caller access control (`accessControl`) narrows the curated
|
|
1218
|
+
* catalog. See {@link claimsCapabilityResolver} for built-in role/group matching
|
|
1219
|
+
* and {@link McpCapabilityResolver} for custom resolvers.
|
|
1220
|
+
*
|
|
1141
1221
|
* @public
|
|
1142
1222
|
* @title MCP Capability Filter
|
|
1143
1223
|
* @product mcp-gateway
|
|
@@ -1173,6 +1253,7 @@ export declare interface McpCapabilityFilterInboundPolicyOptions {
|
|
|
1173
1253
|
* Resource templates to expose. Use a string for URI-template-only filtering, or an object to expose and project template name, description, MIME type, and _meta. Omit to pass through all upstream resource templates; use an empty array to expose no resource templates.
|
|
1174
1254
|
*/
|
|
1175
1255
|
resourceTemplates?: (string | ResourceTemplateProjection)[];
|
|
1256
|
+
accessControl?: AccessControl;
|
|
1176
1257
|
}
|
|
1177
1258
|
|
|
1178
1259
|
declare const mcpCapabilityFilterOptionsSchema: z.ZodObject<
|
|
@@ -1190,6 +1271,9 @@ declare const mcpCapabilityFilterOptionsSchema: z.ZodObject<
|
|
|
1190
1271
|
z.ZodRecord<z.ZodString, z.ZodUnknown>
|
|
1191
1272
|
>;
|
|
1192
1273
|
_meta: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
|
|
1274
|
+
roles: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
1275
|
+
groups: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
1276
|
+
public: z.ZodOptional<z.ZodBoolean>;
|
|
1193
1277
|
},
|
|
1194
1278
|
z.core.$strict
|
|
1195
1279
|
>,
|
|
@@ -1207,6 +1291,9 @@ declare const mcpCapabilityFilterOptionsSchema: z.ZodObject<
|
|
|
1207
1291
|
name: z.ZodString;
|
|
1208
1292
|
description: z.ZodOptional<z.ZodString>;
|
|
1209
1293
|
_meta: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
|
|
1294
|
+
roles: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
1295
|
+
groups: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
1296
|
+
public: z.ZodOptional<z.ZodBoolean>;
|
|
1210
1297
|
},
|
|
1211
1298
|
z.core.$strict
|
|
1212
1299
|
>,
|
|
@@ -1226,6 +1313,9 @@ declare const mcpCapabilityFilterOptionsSchema: z.ZodObject<
|
|
|
1226
1313
|
description: z.ZodOptional<z.ZodString>;
|
|
1227
1314
|
mimeType: z.ZodOptional<z.ZodString>;
|
|
1228
1315
|
_meta: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
|
|
1316
|
+
roles: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
1317
|
+
groups: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
1318
|
+
public: z.ZodOptional<z.ZodBoolean>;
|
|
1229
1319
|
},
|
|
1230
1320
|
z.core.$strict
|
|
1231
1321
|
>,
|
|
@@ -1245,6 +1335,9 @@ declare const mcpCapabilityFilterOptionsSchema: z.ZodObject<
|
|
|
1245
1335
|
description: z.ZodOptional<z.ZodString>;
|
|
1246
1336
|
mimeType: z.ZodOptional<z.ZodString>;
|
|
1247
1337
|
_meta: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
|
|
1338
|
+
roles: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
1339
|
+
groups: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
1340
|
+
public: z.ZodOptional<z.ZodBoolean>;
|
|
1248
1341
|
},
|
|
1249
1342
|
z.core.$strict
|
|
1250
1343
|
>,
|
|
@@ -1252,10 +1345,53 @@ declare const mcpCapabilityFilterOptionsSchema: z.ZodObject<
|
|
|
1252
1345
|
>
|
|
1253
1346
|
>
|
|
1254
1347
|
>;
|
|
1348
|
+
accessControl: z.ZodOptional<
|
|
1349
|
+
z.ZodObject<
|
|
1350
|
+
{
|
|
1351
|
+
mode: z.ZodOptional<
|
|
1352
|
+
z.ZodEnum<{
|
|
1353
|
+
function: "function";
|
|
1354
|
+
allPublic: "allPublic";
|
|
1355
|
+
rolesAndGroups: "rolesAndGroups";
|
|
1356
|
+
}>
|
|
1357
|
+
>;
|
|
1358
|
+
roleClaim: z.ZodOptional<z.ZodString>;
|
|
1359
|
+
groupClaim: z.ZodOptional<z.ZodString>;
|
|
1360
|
+
identifier: z.ZodOptional<
|
|
1361
|
+
z.ZodObject<
|
|
1362
|
+
{
|
|
1363
|
+
module: z.ZodUnknown;
|
|
1364
|
+
export: z.ZodString;
|
|
1365
|
+
},
|
|
1366
|
+
z.core.$strict
|
|
1367
|
+
>
|
|
1368
|
+
>;
|
|
1369
|
+
},
|
|
1370
|
+
z.core.$strict
|
|
1371
|
+
>
|
|
1372
|
+
>;
|
|
1255
1373
|
},
|
|
1256
1374
|
z.core.$strict
|
|
1257
1375
|
>;
|
|
1258
1376
|
|
|
1377
|
+
/**
|
|
1378
|
+
* Resolves, per request, which MCP capabilities a caller may see and invoke.
|
|
1379
|
+
*
|
|
1380
|
+
* The built-in {@link claimsCapabilityResolver} (used for
|
|
1381
|
+
* `accessControl.mode: "rolesAndGroups"`) matches the caller's role and group
|
|
1382
|
+
* claims against each capability's `roles`/`groups` markup. Provide a custom
|
|
1383
|
+
* resolver with `accessControl.mode: "function"` and
|
|
1384
|
+
* `accessControl.identifier: { module, export }` to derive access any other way,
|
|
1385
|
+
* e.g. from an external entitlements API.
|
|
1386
|
+
*
|
|
1387
|
+
* @public
|
|
1388
|
+
*/
|
|
1389
|
+
export declare type McpCapabilityResolver = (
|
|
1390
|
+
request: ZuploRequest,
|
|
1391
|
+
context: ZuploContext,
|
|
1392
|
+
options: McpCapabilityFilterInboundPolicyOptions
|
|
1393
|
+
) => AllowedCapabilities | Promise<AllowedCapabilities>;
|
|
1394
|
+
|
|
1259
1395
|
/**
|
|
1260
1396
|
* Authenticate MCP gateway requests using a gateway-issued OAuth access token,
|
|
1261
1397
|
* with browser login delegated to Clerk.
|
|
@@ -2343,6 +2479,10 @@ export declare interface McpTokenExchangeInboundPolicyOptions {
|
|
|
2343
2479
|
* Delimiter used to join scopes in the OAuth authorization request. Defaults to a single space.
|
|
2344
2480
|
*/
|
|
2345
2481
|
scopeDelimiter?: string;
|
|
2482
|
+
/**
|
|
2483
|
+
* Overrides the OIDC `prompt` parameter on upstream authorization requests. The MCP SDK adds `prompt=consent` whenever the requested scope includes `offline_access`, which forces a consent screen on every authorization on providers like Microsoft Entra ID even after a tenant admin has granted org-wide admin consent. Leave unset to keep the SDK's behavior; set to `false` to strip the `prompt` parameter; set an explicit value to replace it. Warning: stripping `prompt=consent` while requesting `offline_access` can silently prevent refresh-token issuance on providers that require a fresh consent grant for offline access (e.g. Google) — only use this when the provider grants offline access via pre-authorized/admin consent (e.g. Entra tenant admin consent).
|
|
2484
|
+
*/
|
|
2485
|
+
prompt?: ("none" | "login" | "consent" | "select_account") | false;
|
|
2346
2486
|
/**
|
|
2347
2487
|
* OAuth client registration mode. Defaults to `auto`, which uses Client ID Metadata Documents when the upstream advertises support and falls back to Dynamic Client Registration otherwise.
|
|
2348
2488
|
*/
|
|
@@ -3217,8 +3357,17 @@ declare interface PromptProjection {
|
|
|
3217
3357
|
*/
|
|
3218
3358
|
description?: string;
|
|
3219
3359
|
_meta?: Metadata;
|
|
3360
|
+
roles?: Roles;
|
|
3361
|
+
groups?: Groups;
|
|
3362
|
+
public?: Public;
|
|
3220
3363
|
}
|
|
3221
3364
|
|
|
3365
|
+
/**
|
|
3366
|
+
* Access control: mark this capability as available to all callers. In mode 'rolesAndGroups' every capability must set roles/groups OR public: true (not both) — an unclassified capability is a configuration error, so nothing is ever exposed by omission.
|
|
3367
|
+
* @public
|
|
3368
|
+
*/
|
|
3369
|
+
declare type Public = boolean;
|
|
3370
|
+
|
|
3222
3371
|
/**
|
|
3223
3372
|
* Generic type parameters for a request.
|
|
3224
3373
|
* Extends RequestInitGeneric and adds query parameter typing.
|
|
@@ -3298,6 +3447,9 @@ declare interface ResourceProjection {
|
|
|
3298
3447
|
*/
|
|
3299
3448
|
mimeType?: string;
|
|
3300
3449
|
_meta?: Metadata;
|
|
3450
|
+
roles?: Roles;
|
|
3451
|
+
groups?: Groups;
|
|
3452
|
+
public?: Public;
|
|
3301
3453
|
}
|
|
3302
3454
|
|
|
3303
3455
|
declare interface ResourceTemplateProjection {
|
|
@@ -3318,6 +3470,9 @@ declare interface ResourceTemplateProjection {
|
|
|
3318
3470
|
*/
|
|
3319
3471
|
mimeType?: string;
|
|
3320
3472
|
_meta?: Metadata;
|
|
3473
|
+
roles?: Roles;
|
|
3474
|
+
groups?: Groups;
|
|
3475
|
+
public?: Public;
|
|
3321
3476
|
}
|
|
3322
3477
|
|
|
3323
3478
|
/**
|
|
@@ -3336,6 +3491,14 @@ declare type ResponsesDefinition = Record<
|
|
|
3336
3491
|
>
|
|
3337
3492
|
>;
|
|
3338
3493
|
|
|
3494
|
+
/**
|
|
3495
|
+
* Access control: roles allowed to see and invoke this capability. Matched against the caller's roles on request.user.data (accessControl.roleClaim, default 'roles'). Used when accessControl.mode is 'rolesAndGroups'.
|
|
3496
|
+
*
|
|
3497
|
+
* @minItems 1
|
|
3498
|
+
* @public
|
|
3499
|
+
*/
|
|
3500
|
+
declare type Roles = [string, ...string[]];
|
|
3501
|
+
|
|
3339
3502
|
/**
|
|
3340
3503
|
* @public
|
|
3341
3504
|
*/
|
|
@@ -3449,6 +3612,9 @@ declare interface ToolProjection {
|
|
|
3449
3612
|
description?: string;
|
|
3450
3613
|
annotations?: Annotations;
|
|
3451
3614
|
_meta?: Metadata;
|
|
3615
|
+
roles?: Roles;
|
|
3616
|
+
groups?: Groups;
|
|
3617
|
+
public?: Public;
|
|
3452
3618
|
}
|
|
3453
3619
|
|
|
3454
3620
|
declare type UpstreamTokenExchangePolicyOptions = z.infer<
|
|
@@ -3509,6 +3675,19 @@ declare const upstreamTokenExchangePolicyOptionsSchema: z.ZodObject<
|
|
|
3509
3675
|
{
|
|
3510
3676
|
scopes: z.ZodDefault<z.ZodArray<z.ZodString>>;
|
|
3511
3677
|
scopeDelimiter: z.ZodDefault<z.ZodString>;
|
|
3678
|
+
prompt: z.ZodOptional<
|
|
3679
|
+
z.ZodUnion<
|
|
3680
|
+
[
|
|
3681
|
+
z.ZodEnum<{
|
|
3682
|
+
none: "none";
|
|
3683
|
+
login: "login";
|
|
3684
|
+
consent: "consent";
|
|
3685
|
+
select_account: "select_account";
|
|
3686
|
+
}>,
|
|
3687
|
+
z.ZodLiteral<false>,
|
|
3688
|
+
]
|
|
3689
|
+
>
|
|
3690
|
+
>;
|
|
3512
3691
|
clientRegistration: z.ZodDefault<
|
|
3513
3692
|
z.ZodDiscriminatedUnion<
|
|
3514
3693
|
[
|
|
@@ -3550,6 +3729,19 @@ declare const upstreamTokenExchangePolicyOptionsSchema: z.ZodObject<
|
|
|
3550
3729
|
{
|
|
3551
3730
|
scopes: z.ZodDefault<z.ZodArray<z.ZodString>>;
|
|
3552
3731
|
scopeDelimiter: z.ZodDefault<z.ZodString>;
|
|
3732
|
+
prompt: z.ZodOptional<
|
|
3733
|
+
z.ZodUnion<
|
|
3734
|
+
[
|
|
3735
|
+
z.ZodEnum<{
|
|
3736
|
+
none: "none";
|
|
3737
|
+
login: "login";
|
|
3738
|
+
consent: "consent";
|
|
3739
|
+
select_account: "select_account";
|
|
3740
|
+
}>,
|
|
3741
|
+
z.ZodLiteral<false>,
|
|
3742
|
+
]
|
|
3743
|
+
>
|
|
3744
|
+
>;
|
|
3553
3745
|
clientRegistration: z.ZodDefault<
|
|
3554
3746
|
z.ZodDiscriminatedUnion<
|
|
3555
3747
|
[
|
package/package.json
CHANGED
|
File without changes
|