@zuplo/runtime 6.71.3 → 6.71.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/out/esm/{chunk-T5FTGFWF.js → chunk-LM6CZZF3.js} +70 -70
- package/out/esm/chunk-LM6CZZF3.js.map +1 -0
- package/out/esm/index.js +1 -1
- package/out/esm/mcp-gateway/index.js +13 -13
- package/out/esm/mcp-gateway/index.js.map +1 -1
- package/out/types/index.d.ts +52 -0
- package/out/types/mcp-gateway/index.d.ts +52 -0
- package/package.json +1 -1
- package/out/esm/chunk-T5FTGFWF.js.map +0 -1
- /package/out/esm/{chunk-T5FTGFWF.js.LEGAL.txt → chunk-LM6CZZF3.js.LEGAL.txt} +0 -0
package/out/types/index.d.ts
CHANGED
|
@@ -6205,6 +6205,10 @@ export declare interface McpAuth0OAuthInboundPolicyOptions {
|
|
|
6205
6205
|
remoteTimeoutMs?: number;
|
|
6206
6206
|
stateTtlSeconds?: number;
|
|
6207
6207
|
sessionTtlSeconds?: number;
|
|
6208
|
+
/**
|
|
6209
|
+
* Whether to send S256 PKCE on the federated browser-login authorization request and replay the verifier at the token exchange. Defaults to "none". Set to "S256" when the identity provider mandates PKCE on the authorization-code flow.
|
|
6210
|
+
*/
|
|
6211
|
+
pkce?: "S256" | "none";
|
|
6208
6212
|
};
|
|
6209
6213
|
}
|
|
6210
6214
|
|
|
@@ -6232,6 +6236,12 @@ declare const mcpAuth0OAuthOptionsSchema: z.ZodObject<
|
|
|
6232
6236
|
remoteTimeoutMs: z.ZodOptional<z.ZodNumber>;
|
|
6233
6237
|
stateTtlSeconds: z.ZodOptional<z.ZodNumber>;
|
|
6234
6238
|
sessionTtlSeconds: z.ZodOptional<z.ZodNumber>;
|
|
6239
|
+
pkce: z.ZodOptional<
|
|
6240
|
+
z.ZodEnum<{
|
|
6241
|
+
none: "none";
|
|
6242
|
+
S256: "S256";
|
|
6243
|
+
}>
|
|
6244
|
+
>;
|
|
6235
6245
|
},
|
|
6236
6246
|
z.core.$strict
|
|
6237
6247
|
>
|
|
@@ -6384,6 +6394,10 @@ export declare interface McpCognitoOAuthInboundPolicyOptions {
|
|
|
6384
6394
|
remoteTimeoutMs?: number;
|
|
6385
6395
|
stateTtlSeconds?: number;
|
|
6386
6396
|
sessionTtlSeconds?: number;
|
|
6397
|
+
/**
|
|
6398
|
+
* Whether to send S256 PKCE on the federated browser-login authorization request and replay the verifier at the token exchange. Defaults to "none". Set to "S256" when the identity provider mandates PKCE on the authorization-code flow.
|
|
6399
|
+
*/
|
|
6400
|
+
pkce?: "S256" | "none";
|
|
6387
6401
|
};
|
|
6388
6402
|
}
|
|
6389
6403
|
|
|
@@ -6453,6 +6467,10 @@ export declare interface McpEntraOAuthInboundPolicyOptions {
|
|
|
6453
6467
|
remoteTimeoutMs?: number;
|
|
6454
6468
|
stateTtlSeconds?: number;
|
|
6455
6469
|
sessionTtlSeconds?: number;
|
|
6470
|
+
/**
|
|
6471
|
+
* Whether to send S256 PKCE on the federated browser-login authorization request and replay the verifier at the token exchange. Defaults to "none". Set to "S256" when the identity provider mandates PKCE on the authorization-code flow.
|
|
6472
|
+
*/
|
|
6473
|
+
pkce?: "S256" | "none";
|
|
6456
6474
|
};
|
|
6457
6475
|
}
|
|
6458
6476
|
|
|
@@ -6521,6 +6539,10 @@ export declare interface McpGoogleOAuthInboundPolicyOptions {
|
|
|
6521
6539
|
remoteTimeoutMs?: number;
|
|
6522
6540
|
stateTtlSeconds?: number;
|
|
6523
6541
|
sessionTtlSeconds?: number;
|
|
6542
|
+
/**
|
|
6543
|
+
* Whether to send S256 PKCE on the federated browser-login authorization request and replay the verifier at the token exchange. Defaults to "none". Set to "S256" when the identity provider mandates PKCE on the authorization-code flow.
|
|
6544
|
+
*/
|
|
6545
|
+
pkce?: "S256" | "none";
|
|
6524
6546
|
};
|
|
6525
6547
|
}
|
|
6526
6548
|
|
|
@@ -6595,6 +6617,10 @@ export declare interface McpKeycloakOAuthInboundPolicyOptions {
|
|
|
6595
6617
|
remoteTimeoutMs?: number;
|
|
6596
6618
|
stateTtlSeconds?: number;
|
|
6597
6619
|
sessionTtlSeconds?: number;
|
|
6620
|
+
/**
|
|
6621
|
+
* Whether to send S256 PKCE on the federated browser-login authorization request and replay the verifier at the token exchange. Defaults to "none". Set to "S256" when the identity provider mandates PKCE on the authorization-code flow.
|
|
6622
|
+
*/
|
|
6623
|
+
pkce?: "S256" | "none";
|
|
6598
6624
|
};
|
|
6599
6625
|
}
|
|
6600
6626
|
|
|
@@ -6664,6 +6690,10 @@ export declare interface McpLogtoOAuthInboundPolicyOptions {
|
|
|
6664
6690
|
remoteTimeoutMs?: number;
|
|
6665
6691
|
stateTtlSeconds?: number;
|
|
6666
6692
|
sessionTtlSeconds?: number;
|
|
6693
|
+
/**
|
|
6694
|
+
* Whether to send S256 PKCE on the federated browser-login authorization request and replay the verifier at the token exchange. Defaults to "none". Set to "S256" when the identity provider mandates PKCE on the authorization-code flow.
|
|
6695
|
+
*/
|
|
6696
|
+
pkce?: "S256" | "none";
|
|
6667
6697
|
};
|
|
6668
6698
|
}
|
|
6669
6699
|
|
|
@@ -6743,6 +6773,10 @@ export declare interface McpOAuthInboundPolicyOptions {
|
|
|
6743
6773
|
* Optional audience parameter for the IdP authorization request (Auth0-style API audiences).
|
|
6744
6774
|
*/
|
|
6745
6775
|
audience?: string;
|
|
6776
|
+
/**
|
|
6777
|
+
* Whether to send S256 PKCE on the federated browser-login authorization request and replay the verifier at the token exchange. Defaults to "none". Set to "S256" when the identity provider mandates PKCE on the authorization-code flow (e.g. OAuth 2.1 IdPs, hardened Okta/Entra tenants). Leave as "none" for IdPs that may reject unexpected PKCE parameters.
|
|
6778
|
+
*/
|
|
6779
|
+
pkce?: "S256" | "none";
|
|
6746
6780
|
/**
|
|
6747
6781
|
* Timeout for outbound calls to the IdP (token exchange, JWKS fetch).
|
|
6748
6782
|
*/
|
|
@@ -6860,6 +6894,12 @@ declare const mcpOAuthRuntimeConfigSchema: z.ZodObject<
|
|
|
6860
6894
|
clientSecret: z.ZodOptional<z.ZodString>;
|
|
6861
6895
|
scope: z.ZodDefault<z.ZodString>;
|
|
6862
6896
|
audience: z.ZodOptional<z.ZodString>;
|
|
6897
|
+
pkce: z.ZodDefault<
|
|
6898
|
+
z.ZodEnum<{
|
|
6899
|
+
none: "none";
|
|
6900
|
+
S256: "S256";
|
|
6901
|
+
}>
|
|
6902
|
+
>;
|
|
6863
6903
|
remoteTimeoutMs: z.ZodDefault<z.ZodCoercedNumber<unknown>>;
|
|
6864
6904
|
stateTtlSeconds: z.ZodDefault<z.ZodCoercedNumber<unknown>>;
|
|
6865
6905
|
sessionTtlSeconds: z.ZodDefault<z.ZodCoercedNumber<unknown>>;
|
|
@@ -7008,6 +7048,10 @@ export declare interface McpOktaOAuthInboundPolicyOptions {
|
|
|
7008
7048
|
remoteTimeoutMs?: number;
|
|
7009
7049
|
stateTtlSeconds?: number;
|
|
7010
7050
|
sessionTtlSeconds?: number;
|
|
7051
|
+
/**
|
|
7052
|
+
* Whether to send S256 PKCE on the federated browser-login authorization request and replay the verifier at the token exchange. Defaults to "none". Set to "S256" when the identity provider mandates PKCE on the authorization-code flow.
|
|
7053
|
+
*/
|
|
7054
|
+
pkce?: "S256" | "none";
|
|
7011
7055
|
};
|
|
7012
7056
|
}
|
|
7013
7057
|
|
|
@@ -7161,6 +7205,10 @@ export declare interface McpPingOAuthInboundPolicyOptions {
|
|
|
7161
7205
|
remoteTimeoutMs?: number;
|
|
7162
7206
|
stateTtlSeconds?: number;
|
|
7163
7207
|
sessionTtlSeconds?: number;
|
|
7208
|
+
/**
|
|
7209
|
+
* Whether to send S256 PKCE on the federated browser-login authorization request and replay the verifier at the token exchange. Defaults to "none". Set to "S256" when the identity provider mandates PKCE on the authorization-code flow.
|
|
7210
|
+
*/
|
|
7211
|
+
pkce?: "S256" | "none";
|
|
7164
7212
|
};
|
|
7165
7213
|
}
|
|
7166
7214
|
|
|
@@ -7241,6 +7289,10 @@ export declare interface McpWorkosOAuthInboundPolicyOptions {
|
|
|
7241
7289
|
remoteTimeoutMs?: number;
|
|
7242
7290
|
stateTtlSeconds?: number;
|
|
7243
7291
|
sessionTtlSeconds?: number;
|
|
7292
|
+
/**
|
|
7293
|
+
* Whether to send S256 PKCE on the federated browser-login authorization request and replay the verifier at the token exchange. Defaults to "none". Set to "S256" when the identity provider mandates PKCE on the authorization-code flow.
|
|
7294
|
+
*/
|
|
7295
|
+
pkce?: "S256" | "none";
|
|
7244
7296
|
};
|
|
7245
7297
|
}
|
|
7246
7298
|
|
|
@@ -1083,6 +1083,10 @@ export declare interface McpAuth0OAuthInboundPolicyOptions {
|
|
|
1083
1083
|
remoteTimeoutMs?: number;
|
|
1084
1084
|
stateTtlSeconds?: number;
|
|
1085
1085
|
sessionTtlSeconds?: number;
|
|
1086
|
+
/**
|
|
1087
|
+
* Whether to send S256 PKCE on the federated browser-login authorization request and replay the verifier at the token exchange. Defaults to "none". Set to "S256" when the identity provider mandates PKCE on the authorization-code flow.
|
|
1088
|
+
*/
|
|
1089
|
+
pkce?: "S256" | "none";
|
|
1086
1090
|
};
|
|
1087
1091
|
}
|
|
1088
1092
|
|
|
@@ -1110,6 +1114,12 @@ declare const mcpAuth0OAuthOptionsSchema: z.ZodObject<
|
|
|
1110
1114
|
remoteTimeoutMs: z.ZodOptional<z.ZodNumber>;
|
|
1111
1115
|
stateTtlSeconds: z.ZodOptional<z.ZodNumber>;
|
|
1112
1116
|
sessionTtlSeconds: z.ZodOptional<z.ZodNumber>;
|
|
1117
|
+
pkce: z.ZodOptional<
|
|
1118
|
+
z.ZodEnum<{
|
|
1119
|
+
none: "none";
|
|
1120
|
+
S256: "S256";
|
|
1121
|
+
}>
|
|
1122
|
+
>;
|
|
1113
1123
|
},
|
|
1114
1124
|
z.core.$strict
|
|
1115
1125
|
>
|
|
@@ -1387,6 +1397,10 @@ export declare interface McpCognitoOAuthInboundPolicyOptions {
|
|
|
1387
1397
|
remoteTimeoutMs?: number;
|
|
1388
1398
|
stateTtlSeconds?: number;
|
|
1389
1399
|
sessionTtlSeconds?: number;
|
|
1400
|
+
/**
|
|
1401
|
+
* Whether to send S256 PKCE on the federated browser-login authorization request and replay the verifier at the token exchange. Defaults to "none". Set to "S256" when the identity provider mandates PKCE on the authorization-code flow.
|
|
1402
|
+
*/
|
|
1403
|
+
pkce?: "S256" | "none";
|
|
1390
1404
|
};
|
|
1391
1405
|
}
|
|
1392
1406
|
|
|
@@ -1456,6 +1470,10 @@ export declare interface McpEntraOAuthInboundPolicyOptions {
|
|
|
1456
1470
|
remoteTimeoutMs?: number;
|
|
1457
1471
|
stateTtlSeconds?: number;
|
|
1458
1472
|
sessionTtlSeconds?: number;
|
|
1473
|
+
/**
|
|
1474
|
+
* Whether to send S256 PKCE on the federated browser-login authorization request and replay the verifier at the token exchange. Defaults to "none". Set to "S256" when the identity provider mandates PKCE on the authorization-code flow.
|
|
1475
|
+
*/
|
|
1476
|
+
pkce?: "S256" | "none";
|
|
1459
1477
|
};
|
|
1460
1478
|
}
|
|
1461
1479
|
|
|
@@ -1579,6 +1597,10 @@ export declare interface McpGoogleOAuthInboundPolicyOptions {
|
|
|
1579
1597
|
remoteTimeoutMs?: number;
|
|
1580
1598
|
stateTtlSeconds?: number;
|
|
1581
1599
|
sessionTtlSeconds?: number;
|
|
1600
|
+
/**
|
|
1601
|
+
* Whether to send S256 PKCE on the federated browser-login authorization request and replay the verifier at the token exchange. Defaults to "none". Set to "S256" when the identity provider mandates PKCE on the authorization-code flow.
|
|
1602
|
+
*/
|
|
1603
|
+
pkce?: "S256" | "none";
|
|
1582
1604
|
};
|
|
1583
1605
|
}
|
|
1584
1606
|
|
|
@@ -1653,6 +1675,10 @@ export declare interface McpKeycloakOAuthInboundPolicyOptions {
|
|
|
1653
1675
|
remoteTimeoutMs?: number;
|
|
1654
1676
|
stateTtlSeconds?: number;
|
|
1655
1677
|
sessionTtlSeconds?: number;
|
|
1678
|
+
/**
|
|
1679
|
+
* Whether to send S256 PKCE on the federated browser-login authorization request and replay the verifier at the token exchange. Defaults to "none". Set to "S256" when the identity provider mandates PKCE on the authorization-code flow.
|
|
1680
|
+
*/
|
|
1681
|
+
pkce?: "S256" | "none";
|
|
1656
1682
|
};
|
|
1657
1683
|
}
|
|
1658
1684
|
|
|
@@ -1722,6 +1748,10 @@ export declare interface McpLogtoOAuthInboundPolicyOptions {
|
|
|
1722
1748
|
remoteTimeoutMs?: number;
|
|
1723
1749
|
stateTtlSeconds?: number;
|
|
1724
1750
|
sessionTtlSeconds?: number;
|
|
1751
|
+
/**
|
|
1752
|
+
* Whether to send S256 PKCE on the federated browser-login authorization request and replay the verifier at the token exchange. Defaults to "none". Set to "S256" when the identity provider mandates PKCE on the authorization-code flow.
|
|
1753
|
+
*/
|
|
1754
|
+
pkce?: "S256" | "none";
|
|
1725
1755
|
};
|
|
1726
1756
|
}
|
|
1727
1757
|
|
|
@@ -1801,6 +1831,10 @@ export declare interface McpOAuthInboundPolicyOptions {
|
|
|
1801
1831
|
* Optional audience parameter for the IdP authorization request (Auth0-style API audiences).
|
|
1802
1832
|
*/
|
|
1803
1833
|
audience?: string;
|
|
1834
|
+
/**
|
|
1835
|
+
* Whether to send S256 PKCE on the federated browser-login authorization request and replay the verifier at the token exchange. Defaults to "none". Set to "S256" when the identity provider mandates PKCE on the authorization-code flow (e.g. OAuth 2.1 IdPs, hardened Okta/Entra tenants). Leave as "none" for IdPs that may reject unexpected PKCE parameters.
|
|
1836
|
+
*/
|
|
1837
|
+
pkce?: "S256" | "none";
|
|
1804
1838
|
/**
|
|
1805
1839
|
* Timeout for outbound calls to the IdP (token exchange, JWKS fetch).
|
|
1806
1840
|
*/
|
|
@@ -1918,6 +1952,12 @@ declare const mcpOAuthRuntimeConfigSchema: z.ZodObject<
|
|
|
1918
1952
|
clientSecret: z.ZodOptional<z.ZodString>;
|
|
1919
1953
|
scope: z.ZodDefault<z.ZodString>;
|
|
1920
1954
|
audience: z.ZodOptional<z.ZodString>;
|
|
1955
|
+
pkce: z.ZodDefault<
|
|
1956
|
+
z.ZodEnum<{
|
|
1957
|
+
none: "none";
|
|
1958
|
+
S256: "S256";
|
|
1959
|
+
}>
|
|
1960
|
+
>;
|
|
1921
1961
|
remoteTimeoutMs: z.ZodDefault<z.ZodCoercedNumber<unknown>>;
|
|
1922
1962
|
stateTtlSeconds: z.ZodDefault<z.ZodCoercedNumber<unknown>>;
|
|
1923
1963
|
sessionTtlSeconds: z.ZodDefault<z.ZodCoercedNumber<unknown>>;
|
|
@@ -2066,6 +2106,10 @@ export declare interface McpOktaOAuthInboundPolicyOptions {
|
|
|
2066
2106
|
remoteTimeoutMs?: number;
|
|
2067
2107
|
stateTtlSeconds?: number;
|
|
2068
2108
|
sessionTtlSeconds?: number;
|
|
2109
|
+
/**
|
|
2110
|
+
* Whether to send S256 PKCE on the federated browser-login authorization request and replay the verifier at the token exchange. Defaults to "none". Set to "S256" when the identity provider mandates PKCE on the authorization-code flow.
|
|
2111
|
+
*/
|
|
2112
|
+
pkce?: "S256" | "none";
|
|
2069
2113
|
};
|
|
2070
2114
|
}
|
|
2071
2115
|
|
|
@@ -2219,6 +2263,10 @@ export declare interface McpPingOAuthInboundPolicyOptions {
|
|
|
2219
2263
|
remoteTimeoutMs?: number;
|
|
2220
2264
|
stateTtlSeconds?: number;
|
|
2221
2265
|
sessionTtlSeconds?: number;
|
|
2266
|
+
/**
|
|
2267
|
+
* Whether to send S256 PKCE on the federated browser-login authorization request and replay the verifier at the token exchange. Defaults to "none". Set to "S256" when the identity provider mandates PKCE on the authorization-code flow.
|
|
2268
|
+
*/
|
|
2269
|
+
pkce?: "S256" | "none";
|
|
2222
2270
|
};
|
|
2223
2271
|
}
|
|
2224
2272
|
|
|
@@ -2365,6 +2413,10 @@ export declare interface McpWorkosOAuthInboundPolicyOptions {
|
|
|
2365
2413
|
remoteTimeoutMs?: number;
|
|
2366
2414
|
stateTtlSeconds?: number;
|
|
2367
2415
|
sessionTtlSeconds?: number;
|
|
2416
|
+
/**
|
|
2417
|
+
* Whether to send S256 PKCE on the federated browser-login authorization request and replay the verifier at the token exchange. Defaults to "none". Set to "S256" when the identity provider mandates PKCE on the authorization-code flow.
|
|
2418
|
+
*/
|
|
2419
|
+
pkce?: "S256" | "none";
|
|
2368
2420
|
};
|
|
2369
2421
|
}
|
|
2370
2422
|
|