agents 0.0.0-eede2bd → 0.0.0-ef38e84

package/dist/do-oauth-client-provider-CcTno-25.d.ts

@@ -0,0 +1,142 @@
+import { OAuthClientProvider } from "@modelcontextprotocol/sdk/client/auth.js";
+import {
+  OAuthClientInformationFull,
+  OAuthClientMetadata,
+  OAuthTokens
+} from "@modelcontextprotocol/sdk/shared/auth.js";
+
+//#region src/mcp/client-storage.d.ts
+/**
+ * Represents a row in the cf_agents_mcp_servers table
+ */
+type MCPServerRow = {
+  id: string;
+  name: string;
+  server_url: string;
+  client_id: string | null;
+  auth_url: string | null;
+  callback_url: string;
+  server_options: string | null;
+};
+/**
+ * KV storage interface for OAuth-related data
+ * Used by OAuth providers to store tokens, client info, etc.
+ */
+interface OAuthClientStorage {
+  /**
+   * Get a value from key-value storage (for OAuth data like tokens, client info, etc.)
+   */
+  get<T>(key: string): Promise<T | undefined> | undefined;
+  /**
+   * Put a value into key-value storage (for OAuth data like tokens, client info, etc.)
+   */
+  put(key: string, value: unknown): Promise<void> | void;
+}
+/**
+ * Storage interface for MCP client manager
+ * Abstracts storage operations to decouple from specific storage implementations
+ */
+interface MCPClientStorage extends OAuthClientStorage {
+  /**
+   * Create the cf_agents_mcp_servers table if it doesn't exist
+   */
+  create(): Promise<void>;
+  /**
+   * Drop the cf_agents_mcp_servers table
+   */
+  destroy(): Promise<void>;
+  /**
+   * Save or update an MCP server configuration
+   */
+  saveServer(server: MCPServerRow): Promise<void>;
+  /**
+   * Remove an MCP server from storage
+   */
+  removeServer(serverId: string): Promise<void>;
+  /**
+   * List all MCP servers from storage
+   */
+  listServers(): Promise<MCPServerRow[]>;
+  /**
+   * Get an MCP server by its callback URL
+   * Used during OAuth callback to identify which server is being authenticated
+   */
+  getServerByCallbackUrl(callbackUrl: string): Promise<MCPServerRow | null>;
+  /**
+   * Clear auth_url after successful OAuth authentication
+   * This prevents the agent from continuously asking for OAuth on reconnect
+   * when stored tokens are still valid.
+   */
+  clearAuthUrl(serverId: string): Promise<void>;
+}
+//#endregion
+//#region src/mcp/do-oauth-client-provider.d.ts
+interface AgentsOAuthProvider extends OAuthClientProvider {
+  authUrl: string | undefined;
+  clientId: string | undefined;
+  serverId: string | undefined;
+}
+declare class DurableObjectOAuthClientProvider implements AgentsOAuthProvider {
+  storage: OAuthClientStorage;
+  clientName: string;
+  baseRedirectUrl: string;
+  private _authUrl_;
+  private _serverId_;
+  private _clientId_;
+  constructor(
+    storage: OAuthClientStorage,
+    clientName: string,
+    baseRedirectUrl: string
+  );
+  get clientMetadata(): OAuthClientMetadata;
+  get clientUri(): string;
+  get redirectUrl(): string;
+  get clientId(): string;
+  set clientId(clientId_: string);
+  get serverId(): string;
+  set serverId(serverId_: string);
+  keyPrefix(clientId: string): string;
+  clientInfoKey(clientId: string): string;
+  clientInformation(): Promise<
+    | {
+        client_id: string;
+        client_secret?: string | undefined;
+        client_id_issued_at?: number | undefined;
+        client_secret_expires_at?: number | undefined;
+      }
+    | undefined
+  >;
+  saveClientInformation(
+    clientInformation: OAuthClientInformationFull
+  ): Promise<void>;
+  tokenKey(clientId: string): string;
+  tokens(): Promise<
+    | {
+        access_token: string;
+        token_type: string;
+        id_token?: string | undefined;
+        expires_in?: number | undefined;
+        scope?: string | undefined;
+        refresh_token?: string | undefined;
+      }
+    | undefined
+  >;
+  saveTokens(tokens: OAuthTokens): Promise<void>;
+  get authUrl(): string | undefined;
+  /**
+   * Because this operates on the server side (but we need browser auth), we send this url back to the user
+   * and require user interact to initiate the redirect flow
+   */
+  redirectToAuthorization(authUrl: URL): void;
+  codeVerifierKey(clientId: string): string;
+  saveCodeVerifier(verifier: string): Promise<void>;
+  codeVerifier(): Promise<string>;
+}
+//#endregion
+export {
+  MCPServerRow as i,
+  DurableObjectOAuthClientProvider as n,
+  MCPClientStorage as r,
+  AgentsOAuthProvider as t
+};
+//# sourceMappingURL=do-oauth-client-provider-CcTno-25.d.ts.map

package/dist/do-oauth-client-provider-D2P1lSft.js

@@ -0,0 +1,93 @@
+import { nanoid } from "nanoid";
+
+//#region src/mcp/do-oauth-client-provider.ts
+var DurableObjectOAuthClientProvider = class {
+	constructor(storage, clientName, baseRedirectUrl) {
+		this.storage = storage;
+		this.clientName = clientName;
+		this.baseRedirectUrl = baseRedirectUrl;
+	}
+	get clientMetadata() {
+		return {
+			client_name: this.clientName,
+			client_uri: this.clientUri,
+			grant_types: ["authorization_code", "refresh_token"],
+			redirect_uris: [this.redirectUrl],
+			response_types: ["code"],
+			token_endpoint_auth_method: "none"
+		};
+	}
+	get clientUri() {
+		return new URL(this.redirectUrl).origin;
+	}
+	get redirectUrl() {
+		return `${this.baseRedirectUrl}/${this.serverId}`;
+	}
+	get clientId() {
+		if (!this._clientId_) throw new Error("Trying to access clientId before it was set");
+		return this._clientId_;
+	}
+	set clientId(clientId_) {
+		this._clientId_ = clientId_;
+	}
+	get serverId() {
+		if (!this._serverId_) throw new Error("Trying to access serverId before it was set");
+		return this._serverId_;
+	}
+	set serverId(serverId_) {
+		this._serverId_ = serverId_;
+	}
+	keyPrefix(clientId) {
+		return `/${this.clientName}/${this.serverId}/${clientId}`;
+	}
+	clientInfoKey(clientId) {
+		return `${this.keyPrefix(clientId)}/client_info/`;
+	}
+	async clientInformation() {
+		if (!this._clientId_) return;
+		return await this.storage.get(this.clientInfoKey(this.clientId)) ?? void 0;
+	}
+	async saveClientInformation(clientInformation) {
+		await this.storage.put(this.clientInfoKey(clientInformation.client_id), clientInformation);
+		this.clientId = clientInformation.client_id;
+	}
+	tokenKey(clientId) {
+		return `${this.keyPrefix(clientId)}/token`;
+	}
+	async tokens() {
+		if (!this._clientId_) return;
+		return await this.storage.get(this.tokenKey(this.clientId)) ?? void 0;
+	}
+	async saveTokens(tokens) {
+		await this.storage.put(this.tokenKey(this.clientId), tokens);
+	}
+	get authUrl() {
+		return this._authUrl_;
+	}
+	/**
+	* Because this operates on the server side (but we need browser auth), we send this url back to the user
+	* and require user interact to initiate the redirect flow
+	*/
+	redirectToAuthorization(authUrl) {
+		const stateToken = nanoid();
+		authUrl.searchParams.set("state", stateToken);
+		this._authUrl_ = authUrl.toString();
+	}
+	codeVerifierKey(clientId) {
+		return `${this.keyPrefix(clientId)}/code_verifier`;
+	}
+	async saveCodeVerifier(verifier) {
+		const key = this.codeVerifierKey(this.clientId);
+		if (await this.storage.get(key)) return;
+		await this.storage.put(key, verifier);
+	}
+	async codeVerifier() {
+		const codeVerifier = await this.storage.get(this.codeVerifierKey(this.clientId));
+		if (!codeVerifier) throw new Error("No code verifier found");
+		return codeVerifier;
+	}
+};
+
+//#endregion
+export { DurableObjectOAuthClientProvider as t };
+//# sourceMappingURL=do-oauth-client-provider-D2P1lSft.js.map

package/dist/do-oauth-client-provider-D2P1lSft.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"do-oauth-client-provider-D2P1lSft.js","names":["storage: OAuthClientStorage","clientName: string","baseRedirectUrl: string"],"sources":["../src/mcp/do-oauth-client-provider.ts"],"sourcesContent":["import type { OAuthClientProvider } from \"@modelcontextprotocol/sdk/client/auth.js\";\nimport type {\n  OAuthClientInformation,\n  OAuthClientInformationFull,\n  OAuthClientMetadata,\n  OAuthTokens\n} from \"@modelcontextprotocol/sdk/shared/auth.js\";\nimport { nanoid } from \"nanoid\";\nimport type { OAuthClientStorage } from \"./client-storage\";\n\n// A slight extension to the standard OAuthClientProvider interface because `redirectToAuthorization` doesn't give us the interface we need\n// This allows us to track authentication for a specific server and associated dynamic client registration\nexport interface AgentsOAuthProvider extends OAuthClientProvider {\n  authUrl: string | undefined;\n  clientId: string | undefined;\n  serverId: string | undefined;\n}\n\nexport class DurableObjectOAuthClientProvider implements AgentsOAuthProvider {\n  private _authUrl_: string | undefined;\n  private _serverId_: string | undefined;\n  private _clientId_: string | undefined;\n\n  constructor(\n    public storage: OAuthClientStorage,\n    public clientName: string,\n    public baseRedirectUrl: string\n  ) {}\n\n  get clientMetadata(): OAuthClientMetadata {\n    return {\n      client_name: this.clientName,\n      client_uri: this.clientUri,\n      grant_types: [\"authorization_code\", \"refresh_token\"],\n      redirect_uris: [this.redirectUrl],\n      response_types: [\"code\"],\n      token_endpoint_auth_method: \"none\"\n    };\n  }\n\n  get clientUri() {\n    return new URL(this.redirectUrl).origin;\n  }\n\n  get redirectUrl() {\n    return `${this.baseRedirectUrl}/${this.serverId}`;\n  }\n\n  get clientId() {\n    if (!this._clientId_) {\n      throw new Error(\"Trying to access clientId before it was set\");\n    }\n    return this._clientId_;\n  }\n\n  set clientId(clientId_: string) {\n    this._clientId_ = clientId_;\n  }\n\n  get serverId() {\n    if (!this._serverId_) {\n      throw new Error(\"Trying to access serverId before it was set\");\n    }\n    return this._serverId_;\n  }\n\n  set serverId(serverId_: string) {\n    this._serverId_ = serverId_;\n  }\n\n  keyPrefix(clientId: string) {\n    return `/${this.clientName}/${this.serverId}/${clientId}`;\n  }\n\n  clientInfoKey(clientId: string) {\n    return `${this.keyPrefix(clientId)}/client_info/`;\n  }\n\n  async clientInformation() {\n    if (!this._clientId_) {\n      return undefined;\n    }\n    return (\n      (await this.storage.get<OAuthClientInformation>(\n        this.clientInfoKey(this.clientId)\n      )) ?? undefined\n    );\n  }\n\n  async saveClientInformation(clientInformation: OAuthClientInformationFull) {\n    await this.storage.put(\n      this.clientInfoKey(clientInformation.client_id),\n      clientInformation\n    );\n    this.clientId = clientInformation.client_id;\n  }\n\n  tokenKey(clientId: string) {\n    return `${this.keyPrefix(clientId)}/token`;\n  }\n\n  async tokens() {\n    if (!this._clientId_) {\n      return undefined;\n    }\n    return (\n      (await this.storage.get<OAuthTokens>(this.tokenKey(this.clientId))) ??\n      undefined\n    );\n  }\n\n  async saveTokens(tokens: OAuthTokens) {\n    await this.storage.put(this.tokenKey(this.clientId), tokens);\n  }\n\n  get authUrl() {\n    return this._authUrl_;\n  }\n\n  /**\n   * Because this operates on the server side (but we need browser auth), we send this url back to the user\n   * and require user interact to initiate the redirect flow\n   */\n  redirectToAuthorization(authUrl: URL) {\n    // Generate secure random token for state parameter\n    const stateToken = nanoid();\n    authUrl.searchParams.set(\"state\", stateToken);\n    this._authUrl_ = authUrl.toString();\n  }\n\n  codeVerifierKey(clientId: string) {\n    return `${this.keyPrefix(clientId)}/code_verifier`;\n  }\n\n  async saveCodeVerifier(verifier: string) {\n    const key = this.codeVerifierKey(this.clientId);\n\n    // Don't overwrite existing verifier to preserve first PKCE verifier\n    const existing = await this.storage.get<string>(key);\n    if (existing) {\n      return;\n    }\n\n    await this.storage.put(key, verifier);\n  }\n\n  async codeVerifier() {\n    const codeVerifier = await this.storage.get<string>(\n      this.codeVerifierKey(this.clientId)\n    );\n    if (!codeVerifier) {\n      throw new Error(\"No code verifier found\");\n    }\n    return codeVerifier;\n  }\n}\n"],"mappings":";;;AAkBA,IAAa,mCAAb,MAA6E;CAK3E,YACE,AAAOA,SACP,AAAOC,YACP,AAAOC,iBACP;EAHO;EACA;EACA;;CAGT,IAAI,iBAAsC;AACxC,SAAO;GACL,aAAa,KAAK;GAClB,YAAY,KAAK;GACjB,aAAa,CAAC,sBAAsB,gBAAgB;GACpD,eAAe,CAAC,KAAK,YAAY;GACjC,gBAAgB,CAAC,OAAO;GACxB,4BAA4B;GAC7B;;CAGH,IAAI,YAAY;AACd,SAAO,IAAI,IAAI,KAAK,YAAY,CAAC;;CAGnC,IAAI,cAAc;AAChB,SAAO,GAAG,KAAK,gBAAgB,GAAG,KAAK;;CAGzC,IAAI,WAAW;AACb,MAAI,CAAC,KAAK,WACR,OAAM,IAAI,MAAM,8CAA8C;AAEhE,SAAO,KAAK;;CAGd,IAAI,SAAS,WAAmB;AAC9B,OAAK,aAAa;;CAGpB,IAAI,WAAW;AACb,MAAI,CAAC,KAAK,WACR,OAAM,IAAI,MAAM,8CAA8C;AAEhE,SAAO,KAAK;;CAGd,IAAI,SAAS,WAAmB;AAC9B,OAAK,aAAa;;CAGpB,UAAU,UAAkB;AAC1B,SAAO,IAAI,KAAK,WAAW,GAAG,KAAK,SAAS,GAAG;;CAGjD,cAAc,UAAkB;AAC9B,SAAO,GAAG,KAAK,UAAU,SAAS,CAAC;;CAGrC,MAAM,oBAAoB;AACxB,MAAI,CAAC,KAAK,WACR;AAEF,SACG,MAAM,KAAK,QAAQ,IAClB,KAAK,cAAc,KAAK,SAAS,CAClC,IAAK;;CAIV,MAAM,sBAAsB,mBAA+C;AACzE,QAAM,KAAK,QAAQ,IACjB,KAAK,cAAc,kBAAkB,UAAU,EAC/C,kBACD;AACD,OAAK,WAAW,kBAAkB;;CAGpC,SAAS,UAAkB;AACzB,SAAO,GAAG,KAAK,UAAU,SAAS,CAAC;;CAGrC,MAAM,SAAS;AACb,MAAI,CAAC,KAAK,WACR;AAEF,SACG,MAAM,KAAK,QAAQ,IAAiB,KAAK,SAAS,KAAK,SAAS,CAAC,IAClE;;CAIJ,MAAM,WAAW,QAAqB;AACpC,QAAM,KAAK,QAAQ,IAAI,KAAK,SAAS,KAAK,SAAS,EAAE,OAAO;;CAG9D,IAAI,UAAU;AACZ,SAAO,KAAK;;;;;;CAOd,wBAAwB,SAAc;EAEpC,MAAM,aAAa,QAAQ;AAC3B,UAAQ,aAAa,IAAI,SAAS,WAAW;AAC7C,OAAK,YAAY,QAAQ,UAAU;;CAGrC,gBAAgB,UAAkB;AAChC,SAAO,GAAG,KAAK,UAAU,SAAS,CAAC;;CAGrC,MAAM,iBAAiB,UAAkB;EACvC,MAAM,MAAM,KAAK,gBAAgB,KAAK,SAAS;AAI/C,MADiB,MAAM,KAAK,QAAQ,IAAY,IAAI,CAElD;AAGF,QAAM,KAAK,QAAQ,IAAI,KAAK,SAAS;;CAGvC,MAAM,eAAe;EACnB,MAAM,eAAe,MAAM,KAAK,QAAQ,IACtC,KAAK,gBAAgB,KAAK,SAAS,CACpC;AACD,MAAI,CAAC,aACH,OAAM,IAAI,MAAM,yBAAyB;AAE3C,SAAO"}