agents 0.3.10 → 0.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (67) hide show
  1. package/README.md +2 -2
  2. package/dist/{index-N6791tVt.d.ts → agent-DY6QmSI_.d.ts} +3 -25
  3. package/dist/ai-types.js +1 -1
  4. package/dist/client-connection-CGMuV62J.js +472 -0
  5. package/dist/client-connection-CGMuV62J.js.map +1 -0
  6. package/dist/client-storage-Cvy5r9FG.d.ts +355 -0
  7. package/dist/client.d.ts +11 -7
  8. package/dist/client.js +6 -2
  9. package/dist/client.js.map +1 -1
  10. package/dist/email.d.ts +146 -16
  11. package/dist/email.js +222 -2
  12. package/dist/email.js.map +1 -0
  13. package/dist/index.d.ts +142 -41
  14. package/dist/index.js +2326 -6
  15. package/dist/index.js.map +1 -0
  16. package/dist/internal_context.d.ts +33 -6
  17. package/dist/internal_context.js +11 -2
  18. package/dist/internal_context.js.map +1 -0
  19. package/dist/mcp/client.d.ts +516 -2
  20. package/dist/mcp/client.js +662 -3
  21. package/dist/mcp/client.js.map +1 -0
  22. package/dist/mcp/do-oauth-client-provider.d.ts +61 -2
  23. package/dist/mcp/do-oauth-client-provider.js +154 -2
  24. package/dist/mcp/do-oauth-client-provider.js.map +1 -0
  25. package/dist/mcp/index.d.ts +3 -5
  26. package/dist/mcp/index.js +8 -7
  27. package/dist/mcp/index.js.map +1 -1
  28. package/dist/mcp/x402.d.ts +34 -14
  29. package/dist/mcp/x402.js +128 -66
  30. package/dist/mcp/x402.js.map +1 -1
  31. package/dist/{mcp-BwPscEiF.d.ts → mcp-Dw5vDrY8.d.ts} +1 -1
  32. package/dist/observability/index.d.ts +23 -2
  33. package/dist/observability/index.js +25 -6
  34. package/dist/observability/index.js.map +1 -0
  35. package/dist/react.d.ts +10 -10
  36. package/dist/react.js +6 -2
  37. package/dist/react.js.map +1 -1
  38. package/dist/types.d.ts +14 -1
  39. package/dist/types.js +16 -2
  40. package/dist/types.js.map +1 -0
  41. package/dist/utils.js +15 -2
  42. package/dist/utils.js.map +1 -0
  43. package/dist/workflow-types.d.ts +235 -23
  44. package/dist/workflows.d.ts +22 -24
  45. package/dist/workflows.js +2 -5
  46. package/dist/workflows.js.map +1 -1
  47. package/package.json +24 -28
  48. package/dist/client-CtC9E06G.js +0 -1122
  49. package/dist/client-CtC9E06G.js.map +0 -1
  50. package/dist/client-DV1CZKqa.d.ts +0 -969
  51. package/dist/do-oauth-client-provider-BqnOQzjy.d.ts +0 -70
  52. package/dist/do-oauth-client-provider-DDg8QrEA.js +0 -155
  53. package/dist/do-oauth-client-provider-DDg8QrEA.js.map +0 -1
  54. package/dist/email-8ljcpvwV.d.ts +0 -157
  55. package/dist/email-XHsSYsTO.js +0 -223
  56. package/dist/email-XHsSYsTO.js.map +0 -1
  57. package/dist/internal_context-CEu5ji80.d.ts +0 -29
  58. package/dist/internal_context-D9eKFth1.js +0 -8
  59. package/dist/internal_context-D9eKFth1.js.map +0 -1
  60. package/dist/src-i_UcyBYf.js +0 -2147
  61. package/dist/src-i_UcyBYf.js.map +0 -1
  62. package/dist/types-BITaDFf-.js +0 -16
  63. package/dist/types-BITaDFf-.js.map +0 -1
  64. package/dist/types-DSSHBW6w.d.ts +0 -14
  65. package/dist/utils-B49TmLCI.js +0 -16
  66. package/dist/utils-B49TmLCI.js.map +0 -1
  67. package/dist/workflow-types-Z_Oem1FJ.d.ts +0 -260
package/dist/mcp/client.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"client.js","names":[],"sources":["../../src/mcp/client.ts"],"sourcesContent":["import type { Client } from \"@modelcontextprotocol/sdk/client/index.js\";\nimport escapeHtml from \"escape-html\";\nimport type { RequestOptions } from \"@modelcontextprotocol/sdk/shared/protocol.js\";\nimport type {\n CallToolRequest,\n CallToolResultSchema,\n CompatibilityCallToolResultSchema,\n GetPromptRequest,\n Prompt,\n ReadResourceRequest,\n Resource,\n ResourceTemplate,\n Tool\n} from \"@modelcontextprotocol/sdk/types.js\";\nimport { CfWorkerJsonSchemaValidator } from \"@modelcontextprotocol/sdk/validation/cfworker-provider.js\";\nimport type { ToolSet } from \"ai\";\nimport type { JSONSchema7 } from \"json-schema\";\nimport { nanoid } from \"nanoid\";\nimport { Emitter, type Event, DisposableStore } from \"../core/events\";\nimport type { MCPObservabilityEvent } from \"../observability/mcp\";\nimport {\n MCPClientConnection,\n MCPConnectionState,\n type MCPTransportOptions\n} from \"./client-connection\";\nimport { toErrorMessage } from \"./errors\";\nimport type { TransportType } from \"./types\";\nimport type { MCPServerRow } from \"./client-storage\";\nimport type { AgentMcpOAuthProvider } from \"./do-oauth-client-provider\";\nimport { DurableObjectOAuthClientProvider } from \"./do-oauth-client-provider\";\n\nconst defaultClientOptions: ConstructorParameters<typeof Client>[1] = {\n jsonSchemaValidator: new CfWorkerJsonSchemaValidator()\n};\n\n/**\n * Options that can be stored in the server_options column\n * This is what gets JSON.stringify'd and stored in the database\n */\nexport type MCPServerOptions = {\n client?: ConstructorParameters<typeof Client>[1];\n transport?: {\n headers?: HeadersInit;\n type?: TransportType;\n };\n};\n\n/**\n * Result of an OAuth callback request\n */\nexport type MCPOAuthCallbackResult =\n | { serverId: string; authSuccess: true; authError?: undefined }\n | { serverId: string; authSuccess: false; authError: string };\n\n/**\n * Options for registering an MCP server\n */\nexport type RegisterServerOptions = {\n url: string;\n name: string;\n callbackUrl: string;\n client?: ConstructorParameters<typeof Client>[1];\n transport?: MCPTransportOptions;\n authUrl?: string;\n clientId?: string;\n};\n\n/**\n * Result of attempting to connect to an MCP server.\n * Discriminated union ensures error is present only on failure.\n */\nexport type MCPConnectionResult =\n | {\n state: typeof MCPConnectionState.FAILED;\n error: string;\n }\n | {\n state: typeof MCPConnectionState.AUTHENTICATING;\n authUrl: string;\n clientId?: string;\n }\n | {\n state: typeof MCPConnectionState.CONNECTED;\n };\n\n/**\n * Result of discovering server capabilities.\n * success indicates whether discovery completed successfully.\n * state is the current connection state at time of return.\n * error is present when success is false.\n */\nexport type MCPDiscoverResult = {\n success: boolean;\n state: MCPConnectionState;\n error?: string;\n};\n\nexport type MCPClientOAuthCallbackConfig = {\n successRedirect?: string;\n errorRedirect?: string;\n customHandler?: (result: MCPClientOAuthResult) => Response;\n};\n\nexport type MCPClientOAuthResult = {\n serverId: string;\n authSuccess: boolean;\n authError?: string;\n};\n\nexport type MCPClientManagerOptions = {\n storage: DurableObjectStorage;\n};\n\n/**\n * Utility class that aggregates multiple MCP clients into one\n */\nexport class MCPClientManager {\n public mcpConnections: Record<string, MCPClientConnection> = {};\n private _didWarnAboutUnstableGetAITools = false;\n private _oauthCallbackConfig?: MCPClientOAuthCallbackConfig;\n private _connectionDisposables = new Map<string, DisposableStore>();\n private _storage: DurableObjectStorage;\n private _isRestored = false;\n\n /** @internal Protected for testing purposes. */\n protected readonly _onObservabilityEvent =\n new Emitter<MCPObservabilityEvent>();\n public readonly onObservabilityEvent: Event<MCPObservabilityEvent> =\n this._onObservabilityEvent.event;\n\n private readonly _onServerStateChanged = new Emitter<void>();\n /**\n * Event that fires whenever any MCP server state changes (registered, connected, removed, etc.)\n * This is useful for broadcasting server state to clients.\n */\n public readonly onServerStateChanged: Event<void> =\n this._onServerStateChanged.event;\n\n /**\n * @param _name Name of the MCP client\n * @param _version Version of the MCP Client\n * @param options Storage adapter for persisting MCP server state\n */\n constructor(\n private _name: string,\n private _version: string,\n options: MCPClientManagerOptions\n ) {\n if (!options.storage) {\n throw new Error(\n \"MCPClientManager requires a valid DurableObjectStorage instance\"\n );\n }\n this._storage = options.storage;\n }\n\n // SQL helper - runs a query and returns results as array\n private sql<T extends Record<string, SqlStorageValue>>(\n query: string,\n ...bindings: SqlStorageValue[]\n ): T[] {\n return [...this._storage.sql.exec<T>(query, ...bindings)];\n }\n\n // Storage operations\n private saveServerToStorage(server: MCPServerRow): void {\n this.sql(\n `INSERT OR REPLACE INTO cf_agents_mcp_servers (\n id, name, server_url, client_id, auth_url, callback_url, server_options\n ) VALUES (?, ?, ?, ?, ?, ?, ?)`,\n server.id,\n server.name,\n server.server_url,\n server.client_id ?? null,\n server.auth_url ?? null,\n server.callback_url,\n server.server_options ?? null\n );\n }\n\n private removeServerFromStorage(serverId: string): void {\n this.sql(\"DELETE FROM cf_agents_mcp_servers WHERE id = ?\", serverId);\n }\n\n private getServersFromStorage(): MCPServerRow[] {\n return this.sql<MCPServerRow>(\n \"SELECT id, name, server_url, client_id, auth_url, callback_url, server_options FROM cf_agents_mcp_servers\"\n );\n }\n\n private clearServerAuthUrl(serverId: string): void {\n this.sql(\n \"UPDATE cf_agents_mcp_servers SET auth_url = NULL WHERE id = ?\",\n serverId\n );\n }\n\n private failConnection(\n serverId: string,\n error: string\n ): MCPOAuthCallbackResult {\n this.clearServerAuthUrl(serverId);\n if (this.mcpConnections[serverId]) {\n this.mcpConnections[serverId].connectionState = MCPConnectionState.FAILED;\n this.mcpConnections[serverId].connectionError = error;\n }\n this._onServerStateChanged.fire();\n return { serverId, authSuccess: false, authError: error };\n }\n\n jsonSchema: typeof import(\"ai\").jsonSchema | undefined;\n\n /**\n * Create an auth provider for a server\n * @internal\n */\n private createAuthProvider(\n serverId: string,\n callbackUrl: string,\n clientName: string,\n clientId?: string\n ): AgentMcpOAuthProvider {\n if (!this._storage) {\n throw new Error(\n \"Cannot create auth provider: storage is not initialized\"\n );\n }\n const authProvider = new DurableObjectOAuthClientProvider(\n this._storage,\n clientName,\n callbackUrl\n );\n authProvider.serverId = serverId;\n if (clientId) {\n authProvider.clientId = clientId;\n }\n return authProvider;\n }\n\n /**\n * Restore MCP server connections from storage\n * This method is called on Agent initialization to restore previously connected servers\n *\n * @param clientName Name to use for OAuth client (typically the agent instance name)\n */\n async restoreConnectionsFromStorage(clientName: string): Promise<void> {\n if (this._isRestored) {\n return;\n }\n\n const servers = this.getServersFromStorage();\n\n if (!servers || servers.length === 0) {\n this._isRestored = true;\n return;\n }\n\n for (const server of servers) {\n const existingConn = this.mcpConnections[server.id];\n\n // Skip if connection already exists and is in a good state\n if (existingConn) {\n if (existingConn.connectionState === MCPConnectionState.READY) {\n console.warn(\n `[MCPClientManager] Server ${server.id} already has a ready connection. Skipping recreation.`\n );\n continue;\n }\n\n // Don't interrupt in-flight OAuth or connections\n if (\n existingConn.connectionState === MCPConnectionState.AUTHENTICATING ||\n existingConn.connectionState === MCPConnectionState.CONNECTING ||\n existingConn.connectionState === MCPConnectionState.DISCOVERING\n ) {\n // Let the existing flow complete\n continue;\n }\n\n // If failed, clean up the old connection before recreating\n if (existingConn.connectionState === MCPConnectionState.FAILED) {\n try {\n await existingConn.client.close();\n } catch (error) {\n console.warn(\n `[MCPClientManager] Error closing failed connection ${server.id}:`,\n error\n );\n }\n delete this.mcpConnections[server.id];\n this._connectionDisposables.get(server.id)?.dispose();\n this._connectionDisposables.delete(server.id);\n }\n }\n\n const parsedOptions: MCPServerOptions | null = server.server_options\n ? JSON.parse(server.server_options)\n : null;\n\n const authProvider = this.createAuthProvider(\n server.id,\n server.callback_url,\n clientName,\n server.client_id ?? undefined\n );\n\n // Create the in-memory connection object (no need to save to storage - we just read from it!)\n const conn = this.createConnection(server.id, server.server_url, {\n client: parsedOptions?.client ?? {},\n transport: {\n ...(parsedOptions?.transport ?? {}),\n type: parsedOptions?.transport?.type ?? (\"auto\" as TransportType),\n authProvider\n }\n });\n\n // If auth_url exists, OAuth flow is in progress - set state and wait for callback\n if (server.auth_url) {\n conn.connectionState = MCPConnectionState.AUTHENTICATING;\n continue;\n }\n\n // Start connection in background (don't await) to avoid blocking the DO\n this._restoreServer(server.id);\n }\n\n this._isRestored = true;\n }\n\n /**\n * Internal method to restore a single server connection and discovery\n */\n private async _restoreServer(serverId: string): Promise<void> {\n // Always try to connect - the connection logic will determine if OAuth is needed\n // If stored OAuth tokens are valid, connection will succeed automatically\n // If tokens are missing/invalid, connection will fail with Unauthorized\n // and state will be set to \"authenticating\"\n const connectResult = await this.connectToServer(serverId).catch(\n (error) => {\n console.error(`Error connecting to ${serverId}:`, error);\n return null;\n }\n );\n\n if (connectResult?.state === MCPConnectionState.CONNECTED) {\n const discoverResult = await this.discoverIfConnected(serverId);\n if (discoverResult && !discoverResult.success) {\n console.error(`Error discovering ${serverId}:`, discoverResult.error);\n }\n }\n }\n\n /**\n * Connect to and register an MCP server\n *\n * @deprecated This method is maintained for backward compatibility.\n * For new code, use registerServer() and connectToServer() separately.\n *\n * @param url Server URL\n * @param options Connection options\n * @returns Object with server ID, auth URL (if OAuth), and client ID (if OAuth)\n */\n async connect(\n url: string,\n options: {\n // Allows you to reconnect to a server (in the case of an auth reconnect)\n reconnect?: {\n // server id\n id: string;\n oauthClientId?: string;\n oauthCode?: string;\n };\n // we're overriding authProvider here because we want to be able to access the auth URL\n transport?: MCPTransportOptions;\n client?: ConstructorParameters<typeof Client>[1];\n } = {}\n ): Promise<{\n id: string;\n authUrl?: string;\n clientId?: string;\n }> {\n /* Late initialization of jsonSchemaFn */\n /**\n * We need to delay loading ai sdk, because putting it in module scope is\n * causing issues with startup time.\n * The only place it's used is in getAITools, which only matters after\n * .connect() is called on at least one server.\n * So it's safe to delay loading it until .connect() is called.\n */\n await this.ensureJsonSchema();\n\n const id = options.reconnect?.id ?? nanoid(8);\n\n if (options.transport?.authProvider) {\n options.transport.authProvider.serverId = id;\n // reconnect with auth\n if (options.reconnect?.oauthClientId) {\n options.transport.authProvider.clientId =\n options.reconnect?.oauthClientId;\n }\n }\n\n // During OAuth reconnect, reuse existing connection to preserve state\n if (!options.reconnect?.oauthCode || !this.mcpConnections[id]) {\n const normalizedTransport = {\n ...options.transport,\n type: options.transport?.type ?? (\"auto\" as TransportType)\n };\n\n this.mcpConnections[id] = new MCPClientConnection(\n new URL(url),\n {\n name: this._name,\n version: this._version\n },\n {\n client: options.client ?? {},\n transport: normalizedTransport\n }\n );\n\n // Pipe connection-level observability events to the manager-level emitter\n // and track the subscription for cleanup.\n const store = new DisposableStore();\n // If we somehow already had disposables for this id, clear them first\n const existing = this._connectionDisposables.get(id);\n if (existing) existing.dispose();\n this._connectionDisposables.set(id, store);\n store.add(\n this.mcpConnections[id].onObservabilityEvent((event) => {\n this._onObservabilityEvent.fire(event);\n })\n );\n }\n\n // Initialize connection first. this will try connect\n await this.mcpConnections[id].init();\n\n // Handle OAuth completion if we have a reconnect code\n if (options.reconnect?.oauthCode) {\n try {\n await this.mcpConnections[id].completeAuthorization(\n options.reconnect.oauthCode\n );\n\n // Reinitialize connection\n await this.mcpConnections[id].init();\n } catch (error) {\n this._onObservabilityEvent.fire({\n type: \"mcp:client:connect\",\n displayMessage: `Failed to complete OAuth reconnection for ${id} for ${url}`,\n payload: {\n url: url,\n transport: options.transport?.type ?? \"auto\",\n state: this.mcpConnections[id].connectionState,\n error: toErrorMessage(error)\n },\n timestamp: Date.now(),\n id\n });\n // Re-throw to signal failure to the caller\n throw error;\n }\n }\n\n // If connection is in authenticating state, return auth URL for OAuth flow\n const authUrl = options.transport?.authProvider?.authUrl;\n if (\n this.mcpConnections[id].connectionState ===\n MCPConnectionState.AUTHENTICATING &&\n authUrl &&\n options.transport?.authProvider?.redirectUrl\n ) {\n return {\n authUrl,\n clientId: options.transport?.authProvider?.clientId,\n id\n };\n }\n\n // If connection is connected, discover capabilities\n const discoverResult = await this.discoverIfConnected(id);\n if (discoverResult && !discoverResult.success) {\n throw new Error(\n `Failed to discover server capabilities: ${discoverResult.error}`\n );\n }\n\n return {\n id\n };\n }\n\n /**\n * Create an in-memory connection object and set up observability\n * Does NOT save to storage - use registerServer() for that\n * @returns The connection object (existing or newly created)\n */\n private createConnection(\n id: string,\n url: string,\n options: {\n client?: ConstructorParameters<typeof Client>[1];\n transport: MCPTransportOptions;\n }\n ): MCPClientConnection {\n // Return existing connection if already exists\n if (this.mcpConnections[id]) {\n return this.mcpConnections[id];\n }\n\n const normalizedTransport = {\n ...options.transport,\n type: options.transport?.type ?? (\"auto\" as TransportType)\n };\n\n this.mcpConnections[id] = new MCPClientConnection(\n new URL(url),\n {\n name: this._name,\n version: this._version\n },\n {\n client: { ...defaultClientOptions, ...options.client },\n transport: normalizedTransport\n }\n );\n\n // Pipe connection-level observability events to the manager-level emitter\n const store = new DisposableStore();\n const existing = this._connectionDisposables.get(id);\n if (existing) existing.dispose();\n this._connectionDisposables.set(id, store);\n store.add(\n this.mcpConnections[id].onObservabilityEvent((event) => {\n this._onObservabilityEvent.fire(event);\n })\n );\n\n return this.mcpConnections[id];\n }\n\n /**\n * Register an MCP server connection without connecting\n * Creates the connection object, sets up observability, and saves to storage\n *\n * @param id Server ID\n * @param options Registration options including URL, name, callback URL, and connection config\n * @returns Server ID\n */\n async registerServer(\n id: string,\n options: RegisterServerOptions\n ): Promise<string> {\n // Create the in-memory connection\n this.createConnection(id, options.url, {\n client: options.client,\n transport: {\n ...options.transport,\n type: options.transport?.type ?? (\"auto\" as TransportType)\n }\n });\n\n // Save to storage (exclude authProvider since it's recreated during restore)\n const { authProvider: _, ...transportWithoutAuth } =\n options.transport ?? {};\n this.saveServerToStorage({\n id,\n name: options.name,\n server_url: options.url,\n callback_url: options.callbackUrl,\n client_id: options.clientId ?? null,\n auth_url: options.authUrl ?? null,\n server_options: JSON.stringify({\n client: options.client,\n transport: transportWithoutAuth\n })\n });\n\n this._onServerStateChanged.fire();\n\n return id;\n }\n\n /**\n * Connect to an already registered MCP server and initialize the connection.\n *\n * For OAuth servers, returns `{ state: \"authenticating\", authUrl, clientId? }`.\n * The user must complete the OAuth flow via the authUrl, which triggers a\n * callback handled by `handleCallbackRequest()`.\n *\n * For non-OAuth servers, establishes the transport connection and returns\n * `{ state: \"connected\" }`. Call `discoverIfConnected()` afterwards to\n * discover capabilities and transition to \"ready\" state.\n *\n * @param id Server ID (must be registered first via registerServer())\n * @returns Connection result with current state and OAuth info (if applicable)\n */\n async connectToServer(id: string): Promise<MCPConnectionResult> {\n const conn = this.mcpConnections[id];\n if (!conn) {\n throw new Error(\n `Server ${id} is not registered. Call registerServer() first.`\n );\n }\n\n const error = await conn.init();\n this._onServerStateChanged.fire();\n\n switch (conn.connectionState) {\n case MCPConnectionState.FAILED:\n return {\n state: conn.connectionState,\n error: error ?? \"Unknown connection error\"\n };\n\n case MCPConnectionState.AUTHENTICATING: {\n const authUrl = conn.options.transport.authProvider?.authUrl;\n const redirectUrl = conn.options.transport.authProvider?.redirectUrl;\n\n if (!authUrl || !redirectUrl) {\n return {\n state: MCPConnectionState.FAILED,\n error: `OAuth configuration incomplete: missing ${!authUrl ? \"authUrl\" : \"redirectUrl\"}`\n };\n }\n\n const clientId = conn.options.transport.authProvider?.clientId;\n\n // Update storage with auth URL and client ID\n const servers = this.getServersFromStorage();\n const serverRow = servers.find((s) => s.id === id);\n if (serverRow) {\n this.saveServerToStorage({\n ...serverRow,\n auth_url: authUrl,\n client_id: clientId ?? null\n });\n // Broadcast again so clients receive the auth_url\n this._onServerStateChanged.fire();\n }\n\n return {\n state: conn.connectionState,\n authUrl,\n clientId\n };\n }\n\n case MCPConnectionState.CONNECTED:\n return { state: conn.connectionState };\n\n default:\n return {\n state: MCPConnectionState.FAILED,\n error: `Unexpected connection state after init: ${conn.connectionState}`\n };\n }\n }\n\n private extractServerIdFromState(state: string | null): string | null {\n if (!state) return null;\n const parts = state.split(\".\");\n return parts.length === 2 ? parts[1] : null;\n }\n\n isCallbackRequest(req: Request): boolean {\n if (req.method !== \"GET\") {\n return false;\n }\n\n const url = new URL(req.url);\n const state = url.searchParams.get(\"state\");\n const serverId = this.extractServerIdFromState(state);\n if (!serverId) {\n return false;\n }\n\n // Match by server ID AND verify the request origin + pathname matches the registered callback URL.\n // This prevents unrelated GET requests with a `state` param from being intercepted.\n const servers = this.getServersFromStorage();\n return servers.some((server) => {\n if (server.id !== serverId) return false;\n try {\n const storedUrl = new URL(server.callback_url);\n return (\n storedUrl.origin === url.origin && storedUrl.pathname === url.pathname\n );\n } catch {\n return false;\n }\n });\n }\n\n async handleCallbackRequest(req: Request): Promise<MCPOAuthCallbackResult> {\n const url = new URL(req.url);\n const code = url.searchParams.get(\"code\");\n const state = url.searchParams.get(\"state\");\n const error = url.searchParams.get(\"error\");\n const errorDescription = url.searchParams.get(\"error_description\");\n\n // Early validation - these throw because we can't identify the connection\n if (!state) {\n throw new Error(\"Unauthorized: no state provided\");\n }\n\n const serverId = this.extractServerIdFromState(state);\n if (!serverId) {\n throw new Error(\n \"No serverId found in state parameter. Expected format: {nonce}.{serverId}\"\n );\n }\n\n const servers = this.getServersFromStorage();\n const serverExists = servers.some((server) => server.id === serverId);\n if (!serverExists) {\n throw new Error(\n `No server found with id \"${serverId}\". Was the request matched with \\`isCallbackRequest()\\`?`\n );\n }\n\n if (this.mcpConnections[serverId] === undefined) {\n throw new Error(`Could not find serverId: ${serverId}`);\n }\n\n // We have a valid connection - all errors from here should fail the connection\n const conn = this.mcpConnections[serverId];\n\n try {\n if (!conn.options.transport.authProvider) {\n throw new Error(\n \"Trying to finalize authentication for a server connection without an authProvider\"\n );\n }\n\n const authProvider = conn.options.transport.authProvider;\n authProvider.serverId = serverId;\n\n // Two-phase state validation: check first (non-destructive), consume later\n // This prevents DoS attacks where attacker consumes valid state before legitimate callback\n const stateValidation = await authProvider.checkState(state);\n if (!stateValidation.valid) {\n throw new Error(stateValidation.error || \"Invalid state\");\n }\n\n if (error) {\n // Escape external OAuth error params to prevent XSS\n throw new Error(escapeHtml(errorDescription || error));\n }\n\n if (!code) {\n throw new Error(\"Unauthorized: no code provided\");\n }\n\n // Already authenticated - just return success\n if (\n conn.connectionState === MCPConnectionState.READY ||\n conn.connectionState === MCPConnectionState.CONNECTED\n ) {\n this.clearServerAuthUrl(serverId);\n return { serverId, authSuccess: true };\n }\n\n if (conn.connectionState !== MCPConnectionState.AUTHENTICATING) {\n throw new Error(\n `Failed to authenticate: the client is in \"${conn.connectionState}\" state, expected \"authenticating\"`\n );\n }\n\n await authProvider.consumeState(state);\n await conn.completeAuthorization(code);\n await authProvider.deleteCodeVerifier();\n this.clearServerAuthUrl(serverId);\n conn.connectionError = null;\n this._onServerStateChanged.fire();\n\n return { serverId, authSuccess: true };\n } catch (err) {\n const message = err instanceof Error ? err.message : String(err);\n return this.failConnection(serverId, message);\n }\n }\n\n /**\n * Discover server capabilities if connection is in CONNECTED or READY state.\n * Transitions to DISCOVERING then READY (or CONNECTED on error).\n * Can be called to refresh server capabilities (e.g., from a UI refresh button).\n *\n * If called while a previous discovery is in-flight for the same server,\n * the previous discovery will be aborted.\n *\n * @param serverId The server ID to discover\n * @param options Optional configuration\n * @param options.timeoutMs Timeout in milliseconds (default: 30000)\n * @returns Result with current state and optional error, or undefined if connection not found\n */\n async discoverIfConnected(\n serverId: string,\n options: { timeoutMs?: number } = {}\n ): Promise<MCPDiscoverResult | undefined> {\n const conn = this.mcpConnections[serverId];\n if (!conn) {\n this._onObservabilityEvent.fire({\n type: \"mcp:client:discover\",\n displayMessage: `Connection not found for ${serverId}`,\n payload: {},\n timestamp: Date.now(),\n id: nanoid()\n });\n return undefined;\n }\n\n // Delegate to connection's discover method which handles cancellation and timeout\n const result = await conn.discover(options);\n this._onServerStateChanged.fire();\n\n return {\n ...result,\n state: conn.connectionState\n };\n }\n\n /**\n * Establish connection in the background after OAuth completion\n * This method connects to the server and discovers its capabilities\n * @param serverId The server ID to establish connection for\n */\n async establishConnection(serverId: string): Promise<void> {\n const conn = this.mcpConnections[serverId];\n if (!conn) {\n this._onObservabilityEvent.fire({\n type: \"mcp:client:preconnect\",\n displayMessage: `Connection not found for serverId: ${serverId}`,\n payload: { serverId },\n timestamp: Date.now(),\n id: nanoid()\n });\n return;\n }\n\n // Skip if already discovering or ready - prevents duplicate work\n if (\n conn.connectionState === MCPConnectionState.DISCOVERING ||\n conn.connectionState === MCPConnectionState.READY\n ) {\n this._onObservabilityEvent.fire({\n type: \"mcp:client:connect\",\n displayMessage: `establishConnection skipped for ${serverId}, already in ${conn.connectionState} state`,\n payload: {\n url: conn.url.toString(),\n transport: conn.options.transport.type || \"unknown\",\n state: conn.connectionState\n },\n timestamp: Date.now(),\n id: nanoid()\n });\n return;\n }\n\n const connectResult = await this.connectToServer(serverId);\n this._onServerStateChanged.fire();\n\n if (connectResult.state === MCPConnectionState.CONNECTED) {\n await this.discoverIfConnected(serverId);\n }\n\n this._onObservabilityEvent.fire({\n type: \"mcp:client:connect\",\n displayMessage: `establishConnection completed for ${serverId}, final state: ${conn.connectionState}`,\n payload: {\n url: conn.url.toString(),\n transport: conn.options.transport.type || \"unknown\",\n state: conn.connectionState\n },\n timestamp: Date.now(),\n id: nanoid()\n });\n }\n\n /**\n * Configure OAuth callback handling\n * @param config OAuth callback configuration\n */\n configureOAuthCallback(config: MCPClientOAuthCallbackConfig): void {\n this._oauthCallbackConfig = config;\n }\n\n /**\n * Get the current OAuth callback configuration\n * @returns The current OAuth callback configuration\n */\n getOAuthCallbackConfig(): MCPClientOAuthCallbackConfig | undefined {\n return this._oauthCallbackConfig;\n }\n\n /**\n * @returns namespaced list of tools\n */\n listTools(): NamespacedData[\"tools\"] {\n return getNamespacedData(this.mcpConnections, \"tools\");\n }\n\n /**\n * Lazy-loads the jsonSchema function from the AI SDK.\n *\n * This defers importing the \"ai\" package until it's actually needed, which helps reduce\n * initial bundle size and startup time. The jsonSchema function is required for converting\n * MCP tools into AI SDK tool definitions via getAITools().\n *\n * @internal This method is for internal use only. It's automatically called before operations\n * that need jsonSchema (like getAITools() or OAuth flows). External consumers should not need\n * to call this directly.\n */\n async ensureJsonSchema() {\n if (!this.jsonSchema) {\n const { jsonSchema } = await import(\"ai\");\n this.jsonSchema = jsonSchema;\n }\n }\n\n /**\n * @returns a set of tools that you can use with the AI SDK\n */\n getAITools(): ToolSet {\n if (!this.jsonSchema) {\n throw new Error(\"jsonSchema not initialized.\");\n }\n\n // Warn if tools are being read from non-ready connections\n for (const [id, conn] of Object.entries(this.mcpConnections)) {\n if (\n conn.connectionState !== MCPConnectionState.READY &&\n conn.connectionState !== MCPConnectionState.AUTHENTICATING\n ) {\n console.warn(\n `[getAITools] WARNING: Reading tools from connection ${id} in state \"${conn.connectionState}\". Tools may not be loaded yet.`\n );\n }\n }\n\n return Object.fromEntries(\n getNamespacedData(this.mcpConnections, \"tools\").map((tool) => {\n return [\n `tool_${tool.serverId.replace(/-/g, \"\")}_${tool.name}`,\n {\n description: tool.description,\n execute: async (args) => {\n const result = await this.callTool({\n arguments: args,\n name: tool.name,\n serverId: tool.serverId\n });\n if (result.isError) {\n const content = result.content as\n | Array<{ type: string; text?: string }>\n | undefined;\n const textContent = content?.[0];\n const message =\n textContent?.type === \"text\" && textContent.text\n ? textContent.text\n : \"Tool call failed\";\n throw new Error(message);\n }\n return result;\n },\n inputSchema: this.jsonSchema!(tool.inputSchema as JSONSchema7),\n outputSchema: tool.outputSchema\n ? this.jsonSchema!(tool.outputSchema as JSONSchema7)\n : undefined\n }\n ];\n })\n );\n }\n\n /**\n * @deprecated this has been renamed to getAITools(), and unstable_getAITools will be removed in the next major version\n * @returns a set of tools that you can use with the AI SDK\n */\n unstable_getAITools(): ToolSet {\n if (!this._didWarnAboutUnstableGetAITools) {\n this._didWarnAboutUnstableGetAITools = true;\n console.warn(\n \"unstable_getAITools is deprecated, use getAITools instead. unstable_getAITools will be removed in the next major version.\"\n );\n }\n return this.getAITools();\n }\n\n /**\n * Closes all active in-memory connections to MCP servers.\n *\n * Note: This only closes the transport connections - it does NOT remove\n * servers from storage. Servers will still be listed and their callback\n * URLs will still match incoming OAuth requests.\n *\n * Use removeServer() instead if you want to fully clean up a server\n * (closes connection AND removes from storage).\n */\n async closeAllConnections() {\n const ids = Object.keys(this.mcpConnections);\n\n // Cancel all in-flight discoveries\n for (const id of ids) {\n this.mcpConnections[id].cancelDiscovery();\n }\n\n await Promise.all(\n ids.map(async (id) => {\n await this.mcpConnections[id].client.close();\n })\n );\n // Dispose all per-connection subscriptions\n for (const id of ids) {\n const store = this._connectionDisposables.get(id);\n if (store) store.dispose();\n this._connectionDisposables.delete(id);\n delete this.mcpConnections[id];\n }\n }\n\n /**\n * Closes a connection to an MCP server\n * @param id The id of the connection to close\n */\n async closeConnection(id: string) {\n if (!this.mcpConnections[id]) {\n throw new Error(`Connection with id \"${id}\" does not exist.`);\n }\n\n // Cancel any in-flight discovery\n this.mcpConnections[id].cancelDiscovery();\n\n await this.mcpConnections[id].client.close();\n delete this.mcpConnections[id];\n\n const store = this._connectionDisposables.get(id);\n if (store) store.dispose();\n this._connectionDisposables.delete(id);\n }\n\n /**\n * Remove an MCP server - closes connection if active and removes from storage.\n */\n async removeServer(serverId: string): Promise<void> {\n if (this.mcpConnections[serverId]) {\n try {\n await this.closeConnection(serverId);\n } catch (_e) {\n // Ignore errors when closing\n }\n }\n this.removeServerFromStorage(serverId);\n this._onServerStateChanged.fire();\n }\n\n /**\n * List all MCP servers from storage\n */\n listServers(): MCPServerRow[] {\n return this.getServersFromStorage();\n }\n\n /**\n * Dispose the manager and all resources.\n */\n async dispose(): Promise<void> {\n try {\n await this.closeAllConnections();\n } finally {\n // Dispose manager-level emitters\n this._onServerStateChanged.dispose();\n this._onObservabilityEvent.dispose();\n }\n }\n\n /**\n * @returns namespaced list of prompts\n */\n listPrompts(): NamespacedData[\"prompts\"] {\n return getNamespacedData(this.mcpConnections, \"prompts\");\n }\n\n /**\n * @returns namespaced list of tools\n */\n listResources(): NamespacedData[\"resources\"] {\n return getNamespacedData(this.mcpConnections, \"resources\");\n }\n\n /**\n * @returns namespaced list of resource templates\n */\n listResourceTemplates(): NamespacedData[\"resourceTemplates\"] {\n return getNamespacedData(this.mcpConnections, \"resourceTemplates\");\n }\n\n /**\n * Namespaced version of callTool\n */\n async callTool(\n params: CallToolRequest[\"params\"] & { serverId: string },\n resultSchema?:\n | typeof CallToolResultSchema\n | typeof CompatibilityCallToolResultSchema,\n options?: RequestOptions\n ) {\n const unqualifiedName = params.name.replace(`${params.serverId}.`, \"\");\n return this.mcpConnections[params.serverId].client.callTool(\n {\n ...params,\n name: unqualifiedName\n },\n resultSchema,\n options\n );\n }\n\n /**\n * Namespaced version of readResource\n */\n readResource(\n params: ReadResourceRequest[\"params\"] & { serverId: string },\n options: RequestOptions\n ) {\n return this.mcpConnections[params.serverId].client.readResource(\n params,\n options\n );\n }\n\n /**\n * Namespaced version of getPrompt\n */\n getPrompt(\n params: GetPromptRequest[\"params\"] & { serverId: string },\n options: RequestOptions\n ) {\n return this.mcpConnections[params.serverId].client.getPrompt(\n params,\n options\n );\n }\n}\n\ntype NamespacedData = {\n tools: (Tool & { serverId: string })[];\n prompts: (Prompt & { serverId: string })[];\n resources: (Resource & { serverId: string })[];\n resourceTemplates: (ResourceTemplate & { serverId: string })[];\n};\n\nexport function getNamespacedData<T extends keyof NamespacedData>(\n mcpClients: Record<string, MCPClientConnection>,\n type: T\n): NamespacedData[T] {\n const sets = Object.entries(mcpClients).map(([name, conn]) => {\n return { data: conn[type], name };\n });\n\n const namespacedData = sets.flatMap(({ name: serverId, data }) => {\n return data.map((item) => {\n return {\n ...item,\n // we add a serverId so we can easily pull it out and send the tool call to the right server\n serverId\n };\n });\n });\n\n return namespacedData as NamespacedData[T]; // Type assertion needed due to TS limitations with conditional return types\n}\n"],"mappings":";;;;;;;AA+BA,MAAM,uBAAgE,EACpE,qBAAqB,IAAI,6BAA6B,EACvD;;;;AAmFD,IAAa,mBAAb,MAA8B;;;;;;CA2B5B,YACE,AAAQ,OACR,AAAQ,UACR,SACA;EAHQ;EACA;wBA5BmD,EAAE;yCACrB;gDAET,IAAI,KAA8B;qBAE7C;+BAIpB,IAAI,SAAgC;8BAEpC,KAAK,sBAAsB;+BAEY,IAAI,SAAe;8BAM1D,KAAK,sBAAsB;AAY3B,MAAI,CAAC,QAAQ,QACX,OAAM,IAAI,MACR,kEACD;AAEH,OAAK,WAAW,QAAQ;;CAI1B,AAAQ,IACN,OACA,GAAG,UACE;AACL,SAAO,CAAC,GAAG,KAAK,SAAS,IAAI,KAAQ,OAAO,GAAG,SAAS,CAAC;;CAI3D,AAAQ,oBAAoB,QAA4B;AACtD,OAAK,IACH;;uCAGA,OAAO,IACP,OAAO,MACP,OAAO,YACP,OAAO,aAAa,MACpB,OAAO,YAAY,MACnB,OAAO,cACP,OAAO,kBAAkB,KAC1B;;CAGH,AAAQ,wBAAwB,UAAwB;AACtD,OAAK,IAAI,kDAAkD,SAAS;;CAGtE,AAAQ,wBAAwC;AAC9C,SAAO,KAAK,IACV,4GACD;;CAGH,AAAQ,mBAAmB,UAAwB;AACjD,OAAK,IACH,iEACA,SACD;;CAGH,AAAQ,eACN,UACA,OACwB;AACxB,OAAK,mBAAmB,SAAS;AACjC,MAAI,KAAK,eAAe,WAAW;AACjC,QAAK,eAAe,UAAU,kBAAkB,mBAAmB;AACnE,QAAK,eAAe,UAAU,kBAAkB;;AAElD,OAAK,sBAAsB,MAAM;AACjC,SAAO;GAAE;GAAU,aAAa;GAAO,WAAW;GAAO;;;;;;CAS3D,AAAQ,mBACN,UACA,aACA,YACA,UACuB;AACvB,MAAI,CAAC,KAAK,SACR,OAAM,IAAI,MACR,0DACD;EAEH,MAAM,eAAe,IAAI,iCACvB,KAAK,UACL,YACA,YACD;AACD,eAAa,WAAW;AACxB,MAAI,SACF,cAAa,WAAW;AAE1B,SAAO;;;;;;;;CAST,MAAM,8BAA8B,YAAmC;AACrE,MAAI,KAAK,YACP;EAGF,MAAM,UAAU,KAAK,uBAAuB;AAE5C,MAAI,CAAC,WAAW,QAAQ,WAAW,GAAG;AACpC,QAAK,cAAc;AACnB;;AAGF,OAAK,MAAM,UAAU,SAAS;GAC5B,MAAM,eAAe,KAAK,eAAe,OAAO;AAGhD,OAAI,cAAc;AAChB,QAAI,aAAa,oBAAoB,mBAAmB,OAAO;AAC7D,aAAQ,KACN,6BAA6B,OAAO,GAAG,uDACxC;AACD;;AAIF,QACE,aAAa,oBAAoB,mBAAmB,kBACpD,aAAa,oBAAoB,mBAAmB,cACpD,aAAa,oBAAoB,mBAAmB,YAGpD;AAIF,QAAI,aAAa,oBAAoB,mBAAmB,QAAQ;AAC9D,SAAI;AACF,YAAM,aAAa,OAAO,OAAO;cAC1B,OAAO;AACd,cAAQ,KACN,sDAAsD,OAAO,GAAG,IAChE,MACD;;AAEH,YAAO,KAAK,eAAe,OAAO;AAClC,UAAK,uBAAuB,IAAI,OAAO,GAAG,EAAE,SAAS;AACrD,UAAK,uBAAuB,OAAO,OAAO,GAAG;;;GAIjD,MAAM,gBAAyC,OAAO,iBAClD,KAAK,MAAM,OAAO,eAAe,GACjC;GAEJ,MAAM,eAAe,KAAK,mBACxB,OAAO,IACP,OAAO,cACP,YACA,OAAO,aAAa,OACrB;GAGD,MAAM,OAAO,KAAK,iBAAiB,OAAO,IAAI,OAAO,YAAY;IAC/D,QAAQ,eAAe,UAAU,EAAE;IACnC,WAAW;KACT,GAAI,eAAe,aAAa,EAAE;KAClC,MAAM,eAAe,WAAW,QAAS;KACzC;KACD;IACF,CAAC;AAGF,OAAI,OAAO,UAAU;AACnB,SAAK,kBAAkB,mBAAmB;AAC1C;;AAIF,QAAK,eAAe,OAAO,GAAG;;AAGhC,OAAK,cAAc;;;;;CAMrB,MAAc,eAAe,UAAiC;AAY5D,OAPsB,MAAM,KAAK,gBAAgB,SAAS,CAAC,OACxD,UAAU;AACT,WAAQ,MAAM,uBAAuB,SAAS,IAAI,MAAM;AACxD,UAAO;IAEV,GAEkB,UAAU,mBAAmB,WAAW;GACzD,MAAM,iBAAiB,MAAM,KAAK,oBAAoB,SAAS;AAC/D,OAAI,kBAAkB,CAAC,eAAe,QACpC,SAAQ,MAAM,qBAAqB,SAAS,IAAI,eAAe,MAAM;;;;;;;;;;;;;CAe3E,MAAM,QACJ,KACA,UAWI,EAAE,EAKL;;;;;;;;AASD,QAAM,KAAK,kBAAkB;EAE7B,MAAM,KAAK,QAAQ,WAAW,MAAM,OAAO,EAAE;AAE7C,MAAI,QAAQ,WAAW,cAAc;AACnC,WAAQ,UAAU,aAAa,WAAW;AAE1C,OAAI,QAAQ,WAAW,cACrB,SAAQ,UAAU,aAAa,WAC7B,QAAQ,WAAW;;AAKzB,MAAI,CAAC,QAAQ,WAAW,aAAa,CAAC,KAAK,eAAe,KAAK;GAC7D,MAAM,sBAAsB;IAC1B,GAAG,QAAQ;IACX,MAAM,QAAQ,WAAW,QAAS;IACnC;AAED,QAAK,eAAe,MAAM,IAAI,oBAC5B,IAAI,IAAI,IAAI,EACZ;IACE,MAAM,KAAK;IACX,SAAS,KAAK;IACf,EACD;IACE,QAAQ,QAAQ,UAAU,EAAE;IAC5B,WAAW;IACZ,CACF;GAID,MAAM,QAAQ,IAAI,iBAAiB;GAEnC,MAAM,WAAW,KAAK,uBAAuB,IAAI,GAAG;AACpD,OAAI,SAAU,UAAS,SAAS;AAChC,QAAK,uBAAuB,IAAI,IAAI,MAAM;AAC1C,SAAM,IACJ,KAAK,eAAe,IAAI,sBAAsB,UAAU;AACtD,SAAK,sBAAsB,KAAK,MAAM;KACtC,CACH;;AAIH,QAAM,KAAK,eAAe,IAAI,MAAM;AAGpC,MAAI,QAAQ,WAAW,UACrB,KAAI;AACF,SAAM,KAAK,eAAe,IAAI,sBAC5B,QAAQ,UAAU,UACnB;AAGD,SAAM,KAAK,eAAe,IAAI,MAAM;WAC7B,OAAO;AACd,QAAK,sBAAsB,KAAK;IAC9B,MAAM;IACN,gBAAgB,6CAA6C,GAAG,OAAO;IACvE,SAAS;KACF;KACL,WAAW,QAAQ,WAAW,QAAQ;KACtC,OAAO,KAAK,eAAe,IAAI;KAC/B,OAAO,eAAe,MAAM;KAC7B;IACD,WAAW,KAAK,KAAK;IACrB;IACD,CAAC;AAEF,SAAM;;EAKV,MAAM,UAAU,QAAQ,WAAW,cAAc;AACjD,MACE,KAAK,eAAe,IAAI,oBACtB,mBAAmB,kBACrB,WACA,QAAQ,WAAW,cAAc,YAEjC,QAAO;GACL;GACA,UAAU,QAAQ,WAAW,cAAc;GAC3C;GACD;EAIH,MAAM,iBAAiB,MAAM,KAAK,oBAAoB,GAAG;AACzD,MAAI,kBAAkB,CAAC,eAAe,QACpC,OAAM,IAAI,MACR,2CAA2C,eAAe,QAC3D;AAGH,SAAO,EACL,IACD;;;;;;;CAQH,AAAQ,iBACN,IACA,KACA,SAIqB;AAErB,MAAI,KAAK,eAAe,IACtB,QAAO,KAAK,eAAe;EAG7B,MAAM,sBAAsB;GAC1B,GAAG,QAAQ;GACX,MAAM,QAAQ,WAAW,QAAS;GACnC;AAED,OAAK,eAAe,MAAM,IAAI,oBAC5B,IAAI,IAAI,IAAI,EACZ;GACE,MAAM,KAAK;GACX,SAAS,KAAK;GACf,EACD;GACE,QAAQ;IAAE,GAAG;IAAsB,GAAG,QAAQ;IAAQ;GACtD,WAAW;GACZ,CACF;EAGD,MAAM,QAAQ,IAAI,iBAAiB;EACnC,MAAM,WAAW,KAAK,uBAAuB,IAAI,GAAG;AACpD,MAAI,SAAU,UAAS,SAAS;AAChC,OAAK,uBAAuB,IAAI,IAAI,MAAM;AAC1C,QAAM,IACJ,KAAK,eAAe,IAAI,sBAAsB,UAAU;AACtD,QAAK,sBAAsB,KAAK,MAAM;IACtC,CACH;AAED,SAAO,KAAK,eAAe;;;;;;;;;;CAW7B,MAAM,eACJ,IACA,SACiB;AAEjB,OAAK,iBAAiB,IAAI,QAAQ,KAAK;GACrC,QAAQ,QAAQ;GAChB,WAAW;IACT,GAAG,QAAQ;IACX,MAAM,QAAQ,WAAW,QAAS;IACnC;GACF,CAAC;EAGF,MAAM,EAAE,cAAc,GAAG,GAAG,yBAC1B,QAAQ,aAAa,EAAE;AACzB,OAAK,oBAAoB;GACvB;GACA,MAAM,QAAQ;GACd,YAAY,QAAQ;GACpB,cAAc,QAAQ;GACtB,WAAW,QAAQ,YAAY;GAC/B,UAAU,QAAQ,WAAW;GAC7B,gBAAgB,KAAK,UAAU;IAC7B,QAAQ,QAAQ;IAChB,WAAW;IACZ,CAAC;GACH,CAAC;AAEF,OAAK,sBAAsB,MAAM;AAEjC,SAAO;;;;;;;;;;;;;;;;CAiBT,MAAM,gBAAgB,IAA0C;EAC9D,MAAM,OAAO,KAAK,eAAe;AACjC,MAAI,CAAC,KACH,OAAM,IAAI,MACR,UAAU,GAAG,kDACd;EAGH,MAAM,QAAQ,MAAM,KAAK,MAAM;AAC/B,OAAK,sBAAsB,MAAM;AAEjC,UAAQ,KAAK,iBAAb;GACE,KAAK,mBAAmB,OACtB,QAAO;IACL,OAAO,KAAK;IACZ,OAAO,SAAS;IACjB;GAEH,KAAK,mBAAmB,gBAAgB;IACtC,MAAM,UAAU,KAAK,QAAQ,UAAU,cAAc;IACrD,MAAM,cAAc,KAAK,QAAQ,UAAU,cAAc;AAEzD,QAAI,CAAC,WAAW,CAAC,YACf,QAAO;KACL,OAAO,mBAAmB;KAC1B,OAAO,2CAA2C,CAAC,UAAU,YAAY;KAC1E;IAGH,MAAM,WAAW,KAAK,QAAQ,UAAU,cAAc;IAItD,MAAM,YADU,KAAK,uBAAuB,CAClB,MAAM,MAAM,EAAE,OAAO,GAAG;AAClD,QAAI,WAAW;AACb,UAAK,oBAAoB;MACvB,GAAG;MACH,UAAU;MACV,WAAW,YAAY;MACxB,CAAC;AAEF,UAAK,sBAAsB,MAAM;;AAGnC,WAAO;KACL,OAAO,KAAK;KACZ;KACA;KACD;;GAGH,KAAK,mBAAmB,UACtB,QAAO,EAAE,OAAO,KAAK,iBAAiB;GAExC,QACE,QAAO;IACL,OAAO,mBAAmB;IAC1B,OAAO,2CAA2C,KAAK;IACxD;;;CAIP,AAAQ,yBAAyB,OAAqC;AACpE,MAAI,CAAC,MAAO,QAAO;EACnB,MAAM,QAAQ,MAAM,MAAM,IAAI;AAC9B,SAAO,MAAM,WAAW,IAAI,MAAM,KAAK;;CAGzC,kBAAkB,KAAuB;AACvC,MAAI,IAAI,WAAW,MACjB,QAAO;EAGT,MAAM,MAAM,IAAI,IAAI,IAAI,IAAI;EAC5B,MAAM,QAAQ,IAAI,aAAa,IAAI,QAAQ;EAC3C,MAAM,WAAW,KAAK,yBAAyB,MAAM;AACrD,MAAI,CAAC,SACH,QAAO;AAMT,SADgB,KAAK,uBAAuB,CAC7B,MAAM,WAAW;AAC9B,OAAI,OAAO,OAAO,SAAU,QAAO;AACnC,OAAI;IACF,MAAM,YAAY,IAAI,IAAI,OAAO,aAAa;AAC9C,WACE,UAAU,WAAW,IAAI,UAAU,UAAU,aAAa,IAAI;WAE1D;AACN,WAAO;;IAET;;CAGJ,MAAM,sBAAsB,KAA+C;EACzE,MAAM,MAAM,IAAI,IAAI,IAAI,IAAI;EAC5B,MAAM,OAAO,IAAI,aAAa,IAAI,OAAO;EACzC,MAAM,QAAQ,IAAI,aAAa,IAAI,QAAQ;EAC3C,MAAM,QAAQ,IAAI,aAAa,IAAI,QAAQ;EAC3C,MAAM,mBAAmB,IAAI,aAAa,IAAI,oBAAoB;AAGlE,MAAI,CAAC,MACH,OAAM,IAAI,MAAM,kCAAkC;EAGpD,MAAM,WAAW,KAAK,yBAAyB,MAAM;AACrD,MAAI,CAAC,SACH,OAAM,IAAI,MACR,4EACD;AAKH,MAAI,CAFY,KAAK,uBAAuB,CACf,MAAM,WAAW,OAAO,OAAO,SAAS,CAEnE,OAAM,IAAI,MACR,4BAA4B,SAAS,0DACtC;AAGH,MAAI,KAAK,eAAe,cAAc,OACpC,OAAM,IAAI,MAAM,4BAA4B,WAAW;EAIzD,MAAM,OAAO,KAAK,eAAe;AAEjC,MAAI;AACF,OAAI,CAAC,KAAK,QAAQ,UAAU,aAC1B,OAAM,IAAI,MACR,oFACD;GAGH,MAAM,eAAe,KAAK,QAAQ,UAAU;AAC5C,gBAAa,WAAW;GAIxB,MAAM,kBAAkB,MAAM,aAAa,WAAW,MAAM;AAC5D,OAAI,CAAC,gBAAgB,MACnB,OAAM,IAAI,MAAM,gBAAgB,SAAS,gBAAgB;AAG3D,OAAI,MAEF,OAAM,IAAI,MAAM,WAAW,oBAAoB,MAAM,CAAC;AAGxD,OAAI,CAAC,KACH,OAAM,IAAI,MAAM,iCAAiC;AAInD,OACE,KAAK,oBAAoB,mBAAmB,SAC5C,KAAK,oBAAoB,mBAAmB,WAC5C;AACA,SAAK,mBAAmB,SAAS;AACjC,WAAO;KAAE;KAAU,aAAa;KAAM;;AAGxC,OAAI,KAAK,oBAAoB,mBAAmB,eAC9C,OAAM,IAAI,MACR,6CAA6C,KAAK,gBAAgB,oCACnE;AAGH,SAAM,aAAa,aAAa,MAAM;AACtC,SAAM,KAAK,sBAAsB,KAAK;AACtC,SAAM,aAAa,oBAAoB;AACvC,QAAK,mBAAmB,SAAS;AACjC,QAAK,kBAAkB;AACvB,QAAK,sBAAsB,MAAM;AAEjC,UAAO;IAAE;IAAU,aAAa;IAAM;WAC/B,KAAK;GACZ,MAAM,UAAU,eAAe,QAAQ,IAAI,UAAU,OAAO,IAAI;AAChE,UAAO,KAAK,eAAe,UAAU,QAAQ;;;;;;;;;;;;;;;;CAiBjD,MAAM,oBACJ,UACA,UAAkC,EAAE,EACI;EACxC,MAAM,OAAO,KAAK,eAAe;AACjC,MAAI,CAAC,MAAM;AACT,QAAK,sBAAsB,KAAK;IAC9B,MAAM;IACN,gBAAgB,4BAA4B;IAC5C,SAAS,EAAE;IACX,WAAW,KAAK,KAAK;IACrB,IAAI,QAAQ;IACb,CAAC;AACF;;EAIF,MAAM,SAAS,MAAM,KAAK,SAAS,QAAQ;AAC3C,OAAK,sBAAsB,MAAM;AAEjC,SAAO;GACL,GAAG;GACH,OAAO,KAAK;GACb;;;;;;;CAQH,MAAM,oBAAoB,UAAiC;EACzD,MAAM,OAAO,KAAK,eAAe;AACjC,MAAI,CAAC,MAAM;AACT,QAAK,sBAAsB,KAAK;IAC9B,MAAM;IACN,gBAAgB,sCAAsC;IACtD,SAAS,EAAE,UAAU;IACrB,WAAW,KAAK,KAAK;IACrB,IAAI,QAAQ;IACb,CAAC;AACF;;AAIF,MACE,KAAK,oBAAoB,mBAAmB,eAC5C,KAAK,oBAAoB,mBAAmB,OAC5C;AACA,QAAK,sBAAsB,KAAK;IAC9B,MAAM;IACN,gBAAgB,mCAAmC,SAAS,eAAe,KAAK,gBAAgB;IAChG,SAAS;KACP,KAAK,KAAK,IAAI,UAAU;KACxB,WAAW,KAAK,QAAQ,UAAU,QAAQ;KAC1C,OAAO,KAAK;KACb;IACD,WAAW,KAAK,KAAK;IACrB,IAAI,QAAQ;IACb,CAAC;AACF;;EAGF,MAAM,gBAAgB,MAAM,KAAK,gBAAgB,SAAS;AAC1D,OAAK,sBAAsB,MAAM;AAEjC,MAAI,cAAc,UAAU,mBAAmB,UAC7C,OAAM,KAAK,oBAAoB,SAAS;AAG1C,OAAK,sBAAsB,KAAK;GAC9B,MAAM;GACN,gBAAgB,qCAAqC,SAAS,iBAAiB,KAAK;GACpF,SAAS;IACP,KAAK,KAAK,IAAI,UAAU;IACxB,WAAW,KAAK,QAAQ,UAAU,QAAQ;IAC1C,OAAO,KAAK;IACb;GACD,WAAW,KAAK,KAAK;GACrB,IAAI,QAAQ;GACb,CAAC;;;;;;CAOJ,uBAAuB,QAA4C;AACjE,OAAK,uBAAuB;;;;;;CAO9B,yBAAmE;AACjE,SAAO,KAAK;;;;;CAMd,YAAqC;AACnC,SAAO,kBAAkB,KAAK,gBAAgB,QAAQ;;;;;;;;;;;;;CAcxD,MAAM,mBAAmB;AACvB,MAAI,CAAC,KAAK,YAAY;GACpB,MAAM,EAAE,eAAe,MAAM,OAAO;AACpC,QAAK,aAAa;;;;;;CAOtB,aAAsB;AACpB,MAAI,CAAC,KAAK,WACR,OAAM,IAAI,MAAM,8BAA8B;AAIhD,OAAK,MAAM,CAAC,IAAI,SAAS,OAAO,QAAQ,KAAK,eAAe,CAC1D,KACE,KAAK,oBAAoB,mBAAmB,SAC5C,KAAK,oBAAoB,mBAAmB,eAE5C,SAAQ,KACN,uDAAuD,GAAG,aAAa,KAAK,gBAAgB,iCAC7F;AAIL,SAAO,OAAO,YACZ,kBAAkB,KAAK,gBAAgB,QAAQ,CAAC,KAAK,SAAS;AAC5D,UAAO,CACL,QAAQ,KAAK,SAAS,QAAQ,MAAM,GAAG,CAAC,GAAG,KAAK,QAChD;IACE,aAAa,KAAK;IAClB,SAAS,OAAO,SAAS;KACvB,MAAM,SAAS,MAAM,KAAK,SAAS;MACjC,WAAW;MACX,MAAM,KAAK;MACX,UAAU,KAAK;MAChB,CAAC;AACF,SAAI,OAAO,SAAS;MAIlB,MAAM,cAHU,OAAO,UAGO;MAC9B,MAAM,UACJ,aAAa,SAAS,UAAU,YAAY,OACxC,YAAY,OACZ;AACN,YAAM,IAAI,MAAM,QAAQ;;AAE1B,YAAO;;IAET,aAAa,KAAK,WAAY,KAAK,YAA2B;IAC9D,cAAc,KAAK,eACf,KAAK,WAAY,KAAK,aAA4B,GAClD;IACL,CACF;IACD,CACH;;;;;;CAOH,sBAA+B;AAC7B,MAAI,CAAC,KAAK,iCAAiC;AACzC,QAAK,kCAAkC;AACvC,WAAQ,KACN,4HACD;;AAEH,SAAO,KAAK,YAAY;;;;;;;;;;;;CAa1B,MAAM,sBAAsB;EAC1B,MAAM,MAAM,OAAO,KAAK,KAAK,eAAe;AAG5C,OAAK,MAAM,MAAM,IACf,MAAK,eAAe,IAAI,iBAAiB;AAG3C,QAAM,QAAQ,IACZ,IAAI,IAAI,OAAO,OAAO;AACpB,SAAM,KAAK,eAAe,IAAI,OAAO,OAAO;IAC5C,CACH;AAED,OAAK,MAAM,MAAM,KAAK;GACpB,MAAM,QAAQ,KAAK,uBAAuB,IAAI,GAAG;AACjD,OAAI,MAAO,OAAM,SAAS;AAC1B,QAAK,uBAAuB,OAAO,GAAG;AACtC,UAAO,KAAK,eAAe;;;;;;;CAQ/B,MAAM,gBAAgB,IAAY;AAChC,MAAI,CAAC,KAAK,eAAe,IACvB,OAAM,IAAI,MAAM,uBAAuB,GAAG,mBAAmB;AAI/D,OAAK,eAAe,IAAI,iBAAiB;AAEzC,QAAM,KAAK,eAAe,IAAI,OAAO,OAAO;AAC5C,SAAO,KAAK,eAAe;EAE3B,MAAM,QAAQ,KAAK,uBAAuB,IAAI,GAAG;AACjD,MAAI,MAAO,OAAM,SAAS;AAC1B,OAAK,uBAAuB,OAAO,GAAG;;;;;CAMxC,MAAM,aAAa,UAAiC;AAClD,MAAI,KAAK,eAAe,UACtB,KAAI;AACF,SAAM,KAAK,gBAAgB,SAAS;WAC7B,IAAI;AAIf,OAAK,wBAAwB,SAAS;AACtC,OAAK,sBAAsB,MAAM;;;;;CAMnC,cAA8B;AAC5B,SAAO,KAAK,uBAAuB;;;;;CAMrC,MAAM,UAAyB;AAC7B,MAAI;AACF,SAAM,KAAK,qBAAqB;YACxB;AAER,QAAK,sBAAsB,SAAS;AACpC,QAAK,sBAAsB,SAAS;;;;;;CAOxC,cAAyC;AACvC,SAAO,kBAAkB,KAAK,gBAAgB,UAAU;;;;;CAM1D,gBAA6C;AAC3C,SAAO,kBAAkB,KAAK,gBAAgB,YAAY;;;;;CAM5D,wBAA6D;AAC3D,SAAO,kBAAkB,KAAK,gBAAgB,oBAAoB;;;;;CAMpE,MAAM,SACJ,QACA,cAGA,SACA;EACA,MAAM,kBAAkB,OAAO,KAAK,QAAQ,GAAG,OAAO,SAAS,IAAI,GAAG;AACtE,SAAO,KAAK,eAAe,OAAO,UAAU,OAAO,SACjD;GACE,GAAG;GACH,MAAM;GACP,EACD,cACA,QACD;;;;;CAMH,aACE,QACA,SACA;AACA,SAAO,KAAK,eAAe,OAAO,UAAU,OAAO,aACjD,QACA,QACD;;;;;CAMH,UACE,QACA,SACA;AACA,SAAO,KAAK,eAAe,OAAO,UAAU,OAAO,UACjD,QACA,QACD;;;AAWL,SAAgB,kBACd,YACA,MACmB;AAenB,QAda,OAAO,QAAQ,WAAW,CAAC,KAAK,CAAC,MAAM,UAAU;AAC5D,SAAO;GAAE,MAAM,KAAK;GAAO;GAAM;GACjC,CAE0B,SAAS,EAAE,MAAM,UAAU,WAAW;AAChE,SAAO,KAAK,KAAK,SAAS;AACxB,UAAO;IACL,GAAG;IAEH;IACD;IACD;GACF"}
package/dist/mcp/do-oauth-client-provider.d.ts CHANGED
@@ -1,2 +1,61 @@
1
- import { n as DurableObjectOAuthClientProvider, t as AgentsOAuthProvider } from "../do-oauth-client-provider-BqnOQzjy.js";
2
- export { AgentsOAuthProvider, DurableObjectOAuthClientProvider };
1
+ import { OAuthClientProvider } from "@modelcontextprotocol/sdk/client/auth.js";
2
+ import { OAuthClientInformation, OAuthClientInformationFull, OAuthClientMetadata, OAuthTokens } from "@modelcontextprotocol/sdk/shared/auth.js";
3
+
4
+ //#region src/mcp/do-oauth-client-provider.d.ts
5
+ interface AgentMcpOAuthProvider extends OAuthClientProvider {
6
+ authUrl: string | undefined;
7
+ clientId: string | undefined;
8
+ serverId: string | undefined;
9
+ checkState(state: string): Promise<{
10
+ valid: boolean;
11
+ serverId?: string;
12
+ error?: string;
13
+ }>;
14
+ consumeState(state: string): Promise<void>;
15
+ deleteCodeVerifier(): Promise<void>;
16
+ }
17
+ /**
18
+ * @deprecated Use {@link AgentMcpOAuthProvider} instead.
19
+ */
20
+ type AgentsOAuthProvider = AgentMcpOAuthProvider;
21
+ declare class DurableObjectOAuthClientProvider implements AgentMcpOAuthProvider {
22
+ storage: DurableObjectStorage;
23
+ clientName: string;
24
+ baseRedirectUrl: string;
25
+ private _authUrl_;
26
+ private _serverId_;
27
+ private _clientId_;
28
+ constructor(storage: DurableObjectStorage, clientName: string, baseRedirectUrl: string);
29
+ get clientMetadata(): OAuthClientMetadata;
30
+ get clientUri(): string;
31
+ get redirectUrl(): string;
32
+ get clientId(): string;
33
+ set clientId(clientId_: string);
34
+ get serverId(): string;
35
+ set serverId(serverId_: string);
36
+ keyPrefix(clientId: string): string;
37
+ clientInfoKey(clientId: string): string;
38
+ clientInformation(): Promise<OAuthClientInformation | undefined>;
39
+ saveClientInformation(clientInformation: OAuthClientInformationFull): Promise<void>;
40
+ tokenKey(clientId: string): string;
41
+ tokens(): Promise<OAuthTokens | undefined>;
42
+ saveTokens(tokens: OAuthTokens): Promise<void>;
43
+ get authUrl(): string | undefined;
44
+ stateKey(nonce: string): string;
45
+ state(): Promise<string>;
46
+ checkState(state: string): Promise<{
47
+ valid: boolean;
48
+ serverId?: string;
49
+ error?: string;
50
+ }>;
51
+ consumeState(state: string): Promise<void>;
52
+ redirectToAuthorization(authUrl: URL): Promise<void>;
53
+ invalidateCredentials(scope: "all" | "client" | "tokens" | "verifier"): Promise<void>;
54
+ codeVerifierKey(clientId: string): string;
55
+ saveCodeVerifier(verifier: string): Promise<void>;
56
+ codeVerifier(): Promise<string>;
57
+ deleteCodeVerifier(): Promise<void>;
58
+ }
59
+ //#endregion
60
+ export { AgentMcpOAuthProvider, AgentsOAuthProvider, DurableObjectOAuthClientProvider };
61
+ //# sourceMappingURL=do-oauth-client-provider.d.ts.map
package/dist/mcp/do-oauth-client-provider.js CHANGED
@@ -1,3 +1,155 @@
1
- import { t as DurableObjectOAuthClientProvider } from "../do-oauth-client-provider-DDg8QrEA.js";
1
+ import { nanoid } from "nanoid";
2
2
 
3
- export { DurableObjectOAuthClientProvider };
3
+ //#region src/mcp/do-oauth-client-provider.ts
4
+ const STATE_EXPIRATION_MS = 600 * 1e3;
5
+ var DurableObjectOAuthClientProvider = class {
6
+ constructor(storage, clientName, baseRedirectUrl) {
7
+ this.storage = storage;
8
+ this.clientName = clientName;
9
+ this.baseRedirectUrl = baseRedirectUrl;
10
+ if (!storage) throw new Error("DurableObjectOAuthClientProvider requires a valid DurableObjectStorage instance");
11
+ }
12
+ get clientMetadata() {
13
+ return {
14
+ client_name: this.clientName,
15
+ client_uri: this.clientUri,
16
+ grant_types: ["authorization_code", "refresh_token"],
17
+ redirect_uris: [this.redirectUrl],
18
+ response_types: ["code"],
19
+ token_endpoint_auth_method: "none"
20
+ };
21
+ }
22
+ get clientUri() {
23
+ return new URL(this.redirectUrl).origin;
24
+ }
25
+ get redirectUrl() {
26
+ return this.baseRedirectUrl;
27
+ }
28
+ get clientId() {
29
+ if (!this._clientId_) throw new Error("Trying to access clientId before it was set");
30
+ return this._clientId_;
31
+ }
32
+ set clientId(clientId_) {
33
+ this._clientId_ = clientId_;
34
+ }
35
+ get serverId() {
36
+ if (!this._serverId_) throw new Error("Trying to access serverId before it was set");
37
+ return this._serverId_;
38
+ }
39
+ set serverId(serverId_) {
40
+ this._serverId_ = serverId_;
41
+ }
42
+ keyPrefix(clientId) {
43
+ return `/${this.clientName}/${this.serverId}/${clientId}`;
44
+ }
45
+ clientInfoKey(clientId) {
46
+ return `${this.keyPrefix(clientId)}/client_info/`;
47
+ }
48
+ async clientInformation() {
49
+ if (!this._clientId_) return;
50
+ return await this.storage.get(this.clientInfoKey(this.clientId)) ?? void 0;
51
+ }
52
+ async saveClientInformation(clientInformation) {
53
+ await this.storage.put(this.clientInfoKey(clientInformation.client_id), clientInformation);
54
+ this.clientId = clientInformation.client_id;
55
+ }
56
+ tokenKey(clientId) {
57
+ return `${this.keyPrefix(clientId)}/token`;
58
+ }
59
+ async tokens() {
60
+ if (!this._clientId_) return;
61
+ return await this.storage.get(this.tokenKey(this.clientId)) ?? void 0;
62
+ }
63
+ async saveTokens(tokens) {
64
+ await this.storage.put(this.tokenKey(this.clientId), tokens);
65
+ }
66
+ get authUrl() {
67
+ return this._authUrl_;
68
+ }
69
+ stateKey(nonce) {
70
+ return `/${this.clientName}/${this.serverId}/state/${nonce}`;
71
+ }
72
+ async state() {
73
+ const nonce = nanoid();
74
+ const state = `${nonce}.${this.serverId}`;
75
+ const storedState = {
76
+ nonce,
77
+ serverId: this.serverId,
78
+ createdAt: Date.now()
79
+ };
80
+ await this.storage.put(this.stateKey(nonce), storedState);
81
+ return state;
82
+ }
83
+ async checkState(state) {
84
+ const parts = state.split(".");
85
+ if (parts.length !== 2) return {
86
+ valid: false,
87
+ error: "Invalid state format"
88
+ };
89
+ const [nonce, serverId] = parts;
90
+ const key = this.stateKey(nonce);
91
+ const storedState = await this.storage.get(key);
92
+ if (!storedState) return {
93
+ valid: false,
94
+ error: "State not found or already used"
95
+ };
96
+ if (storedState.serverId !== serverId) {
97
+ await this.storage.delete(key);
98
+ return {
99
+ valid: false,
100
+ error: "State serverId mismatch"
101
+ };
102
+ }
103
+ if (Date.now() - storedState.createdAt > STATE_EXPIRATION_MS) {
104
+ await this.storage.delete(key);
105
+ return {
106
+ valid: false,
107
+ error: "State expired"
108
+ };
109
+ }
110
+ return {
111
+ valid: true,
112
+ serverId
113
+ };
114
+ }
115
+ async consumeState(state) {
116
+ const parts = state.split(".");
117
+ if (parts.length !== 2) {
118
+ console.warn(`[OAuth] consumeState called with invalid state format: ${state.substring(0, 20)}...`);
119
+ return;
120
+ }
121
+ const [nonce] = parts;
122
+ await this.storage.delete(this.stateKey(nonce));
123
+ }
124
+ async redirectToAuthorization(authUrl) {
125
+ this._authUrl_ = authUrl.toString();
126
+ }
127
+ async invalidateCredentials(scope) {
128
+ if (!this._clientId_) return;
129
+ const deleteKeys = [];
130
+ if (scope === "all" || scope === "client") deleteKeys.push(this.clientInfoKey(this.clientId));
131
+ if (scope === "all" || scope === "tokens") deleteKeys.push(this.tokenKey(this.clientId));
132
+ if (scope === "all" || scope === "verifier") deleteKeys.push(this.codeVerifierKey(this.clientId));
133
+ if (deleteKeys.length > 0) await this.storage.delete(deleteKeys);
134
+ }
135
+ codeVerifierKey(clientId) {
136
+ return `${this.keyPrefix(clientId)}/code_verifier`;
137
+ }
138
+ async saveCodeVerifier(verifier) {
139
+ const key = this.codeVerifierKey(this.clientId);
140
+ if (await this.storage.get(key)) return;
141
+ await this.storage.put(key, verifier);
142
+ }
143
+ async codeVerifier() {
144
+ const codeVerifier = await this.storage.get(this.codeVerifierKey(this.clientId));
145
+ if (!codeVerifier) throw new Error("No code verifier found");
146
+ return codeVerifier;
147
+ }
148
+ async deleteCodeVerifier() {
149
+ await this.storage.delete(this.codeVerifierKey(this.clientId));
150
+ }
151
+ };
152
+
153
+ //#endregion
154
+ export { DurableObjectOAuthClientProvider };
155
+ //# sourceMappingURL=do-oauth-client-provider.js.map
package/dist/mcp/do-oauth-client-provider.js.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"do-oauth-client-provider.js","names":[],"sources":["../../src/mcp/do-oauth-client-provider.ts"],"sourcesContent":["import type { OAuthClientProvider } from \"@modelcontextprotocol/sdk/client/auth.js\";\nimport type {\n OAuthClientInformation,\n OAuthClientInformationFull,\n OAuthClientMetadata,\n OAuthTokens\n} from \"@modelcontextprotocol/sdk/shared/auth.js\";\nimport { nanoid } from \"nanoid\";\n\nconst STATE_EXPIRATION_MS = 10 * 60 * 1000; // 10 minutes\n\ninterface StoredState {\n nonce: string;\n serverId: string;\n createdAt: number;\n}\n\n// A slight extension to the standard OAuthClientProvider interface because `redirectToAuthorization` doesn't give us the interface we need\n// This allows us to track authentication for a specific server and associated dynamic client registration\nexport interface AgentMcpOAuthProvider extends OAuthClientProvider {\n authUrl: string | undefined;\n clientId: string | undefined;\n serverId: string | undefined;\n checkState(\n state: string\n ): Promise<{ valid: boolean; serverId?: string; error?: string }>;\n consumeState(state: string): Promise<void>;\n deleteCodeVerifier(): Promise<void>;\n}\n\n/**\n * @deprecated Use {@link AgentMcpOAuthProvider} instead.\n */\nexport type AgentsOAuthProvider = AgentMcpOAuthProvider;\n\nexport class DurableObjectOAuthClientProvider implements AgentMcpOAuthProvider {\n private _authUrl_: string | undefined;\n private _serverId_: string | undefined;\n private _clientId_: string | undefined;\n\n constructor(\n public storage: DurableObjectStorage,\n public clientName: string,\n public baseRedirectUrl: string\n ) {\n if (!storage) {\n throw new Error(\n \"DurableObjectOAuthClientProvider requires a valid DurableObjectStorage instance\"\n );\n }\n }\n\n get clientMetadata(): OAuthClientMetadata {\n return {\n client_name: this.clientName,\n client_uri: this.clientUri,\n grant_types: [\"authorization_code\", \"refresh_token\"],\n redirect_uris: [this.redirectUrl],\n response_types: [\"code\"],\n token_endpoint_auth_method: \"none\"\n };\n }\n\n get clientUri() {\n return new URL(this.redirectUrl).origin;\n }\n\n get redirectUrl() {\n return this.baseRedirectUrl;\n }\n\n get clientId() {\n if (!this._clientId_) {\n throw new Error(\"Trying to access clientId before it was set\");\n }\n return this._clientId_;\n }\n\n set clientId(clientId_: string) {\n this._clientId_ = clientId_;\n }\n\n get serverId() {\n if (!this._serverId_) {\n throw new Error(\"Trying to access serverId before it was set\");\n }\n return this._serverId_;\n }\n\n set serverId(serverId_: string) {\n this._serverId_ = serverId_;\n }\n\n keyPrefix(clientId: string) {\n return `/${this.clientName}/${this.serverId}/${clientId}`;\n }\n\n clientInfoKey(clientId: string) {\n return `${this.keyPrefix(clientId)}/client_info/`;\n }\n\n async clientInformation(): Promise<OAuthClientInformation | undefined> {\n if (!this._clientId_) {\n return undefined;\n }\n return (\n (await this.storage.get<OAuthClientInformation>(\n this.clientInfoKey(this.clientId)\n )) ?? undefined\n );\n }\n\n async saveClientInformation(\n clientInformation: OAuthClientInformationFull\n ): Promise<void> {\n await this.storage.put(\n this.clientInfoKey(clientInformation.client_id),\n clientInformation\n );\n this.clientId = clientInformation.client_id;\n }\n\n tokenKey(clientId: string) {\n return `${this.keyPrefix(clientId)}/token`;\n }\n\n async tokens(): Promise<OAuthTokens | undefined> {\n if (!this._clientId_) {\n return undefined;\n }\n return (\n (await this.storage.get<OAuthTokens>(this.tokenKey(this.clientId))) ??\n undefined\n );\n }\n\n async saveTokens(tokens: OAuthTokens): Promise<void> {\n await this.storage.put(this.tokenKey(this.clientId), tokens);\n }\n\n get authUrl() {\n return this._authUrl_;\n }\n\n stateKey(nonce: string) {\n return `/${this.clientName}/${this.serverId}/state/${nonce}`;\n }\n\n async state(): Promise<string> {\n const nonce = nanoid();\n const state = `${nonce}.${this.serverId}`;\n const storedState: StoredState = {\n nonce,\n serverId: this.serverId,\n createdAt: Date.now()\n };\n await this.storage.put(this.stateKey(nonce), storedState);\n return state;\n }\n\n async checkState(\n state: string\n ): Promise<{ valid: boolean; serverId?: string; error?: string }> {\n const parts = state.split(\".\");\n if (parts.length !== 2) {\n return { valid: false, error: \"Invalid state format\" };\n }\n\n const [nonce, serverId] = parts;\n const key = this.stateKey(nonce);\n const storedState = await this.storage.get<StoredState>(key);\n\n if (!storedState) {\n return { valid: false, error: \"State not found or already used\" };\n }\n\n if (storedState.serverId !== serverId) {\n await this.storage.delete(key);\n return { valid: false, error: \"State serverId mismatch\" };\n }\n\n const age = Date.now() - storedState.createdAt;\n if (age > STATE_EXPIRATION_MS) {\n await this.storage.delete(key);\n return { valid: false, error: \"State expired\" };\n }\n\n return { valid: true, serverId };\n }\n\n async consumeState(state: string): Promise<void> {\n const parts = state.split(\".\");\n if (parts.length !== 2) {\n // This should never happen since checkState validates format first.\n // Log for debugging but don't throw - state consumption is best-effort.\n console.warn(\n `[OAuth] consumeState called with invalid state format: ${state.substring(0, 20)}...`\n );\n return;\n }\n const [nonce] = parts;\n await this.storage.delete(this.stateKey(nonce));\n }\n\n async redirectToAuthorization(authUrl: URL): Promise<void> {\n this._authUrl_ = authUrl.toString();\n }\n\n async invalidateCredentials(\n scope: \"all\" | \"client\" | \"tokens\" | \"verifier\"\n ): Promise<void> {\n if (!this._clientId_) return;\n\n const deleteKeys: string[] = [];\n\n if (scope === \"all\" || scope === \"client\") {\n deleteKeys.push(this.clientInfoKey(this.clientId));\n }\n if (scope === \"all\" || scope === \"tokens\") {\n deleteKeys.push(this.tokenKey(this.clientId));\n }\n if (scope === \"all\" || scope === \"verifier\") {\n deleteKeys.push(this.codeVerifierKey(this.clientId));\n }\n\n if (deleteKeys.length > 0) {\n await this.storage.delete(deleteKeys);\n }\n }\n\n codeVerifierKey(clientId: string) {\n return `${this.keyPrefix(clientId)}/code_verifier`;\n }\n\n async saveCodeVerifier(verifier: string): Promise<void> {\n const key = this.codeVerifierKey(this.clientId);\n\n // Don't overwrite existing verifier to preserve first PKCE verifier\n const existing = await this.storage.get<string>(key);\n if (existing) {\n return;\n }\n\n await this.storage.put(key, verifier);\n }\n\n async codeVerifier(): Promise<string> {\n const codeVerifier = await this.storage.get<string>(\n this.codeVerifierKey(this.clientId)\n );\n if (!codeVerifier) {\n throw new Error(\"No code verifier found\");\n }\n return codeVerifier;\n }\n\n async deleteCodeVerifier(): Promise<void> {\n await this.storage.delete(this.codeVerifierKey(this.clientId));\n }\n}\n"],"mappings":";;;AASA,MAAM,sBAAsB,MAAU;AA0BtC,IAAa,mCAAb,MAA+E;CAK7E,YACE,AAAO,SACP,AAAO,YACP,AAAO,iBACP;EAHO;EACA;EACA;AAEP,MAAI,CAAC,QACH,OAAM,IAAI,MACR,kFACD;;CAIL,IAAI,iBAAsC;AACxC,SAAO;GACL,aAAa,KAAK;GAClB,YAAY,KAAK;GACjB,aAAa,CAAC,sBAAsB,gBAAgB;GACpD,eAAe,CAAC,KAAK,YAAY;GACjC,gBAAgB,CAAC,OAAO;GACxB,4BAA4B;GAC7B;;CAGH,IAAI,YAAY;AACd,SAAO,IAAI,IAAI,KAAK,YAAY,CAAC;;CAGnC,IAAI,cAAc;AAChB,SAAO,KAAK;;CAGd,IAAI,WAAW;AACb,MAAI,CAAC,KAAK,WACR,OAAM,IAAI,MAAM,8CAA8C;AAEhE,SAAO,KAAK;;CAGd,IAAI,SAAS,WAAmB;AAC9B,OAAK,aAAa;;CAGpB,IAAI,WAAW;AACb,MAAI,CAAC,KAAK,WACR,OAAM,IAAI,MAAM,8CAA8C;AAEhE,SAAO,KAAK;;CAGd,IAAI,SAAS,WAAmB;AAC9B,OAAK,aAAa;;CAGpB,UAAU,UAAkB;AAC1B,SAAO,IAAI,KAAK,WAAW,GAAG,KAAK,SAAS,GAAG;;CAGjD,cAAc,UAAkB;AAC9B,SAAO,GAAG,KAAK,UAAU,SAAS,CAAC;;CAGrC,MAAM,oBAAiE;AACrE,MAAI,CAAC,KAAK,WACR;AAEF,SACG,MAAM,KAAK,QAAQ,IAClB,KAAK,cAAc,KAAK,SAAS,CAClC,IAAK;;CAIV,MAAM,sBACJ,mBACe;AACf,QAAM,KAAK,QAAQ,IACjB,KAAK,cAAc,kBAAkB,UAAU,EAC/C,kBACD;AACD,OAAK,WAAW,kBAAkB;;CAGpC,SAAS,UAAkB;AACzB,SAAO,GAAG,KAAK,UAAU,SAAS,CAAC;;CAGrC,MAAM,SAA2C;AAC/C,MAAI,CAAC,KAAK,WACR;AAEF,SACG,MAAM,KAAK,QAAQ,IAAiB,KAAK,SAAS,KAAK,SAAS,CAAC,IAClE;;CAIJ,MAAM,WAAW,QAAoC;AACnD,QAAM,KAAK,QAAQ,IAAI,KAAK,SAAS,KAAK,SAAS,EAAE,OAAO;;CAG9D,IAAI,UAAU;AACZ,SAAO,KAAK;;CAGd,SAAS,OAAe;AACtB,SAAO,IAAI,KAAK,WAAW,GAAG,KAAK,SAAS,SAAS;;CAGvD,MAAM,QAAyB;EAC7B,MAAM,QAAQ,QAAQ;EACtB,MAAM,QAAQ,GAAG,MAAM,GAAG,KAAK;EAC/B,MAAM,cAA2B;GAC/B;GACA,UAAU,KAAK;GACf,WAAW,KAAK,KAAK;GACtB;AACD,QAAM,KAAK,QAAQ,IAAI,KAAK,SAAS,MAAM,EAAE,YAAY;AACzD,SAAO;;CAGT,MAAM,WACJ,OACgE;EAChE,MAAM,QAAQ,MAAM,MAAM,IAAI;AAC9B,MAAI,MAAM,WAAW,EACnB,QAAO;GAAE,OAAO;GAAO,OAAO;GAAwB;EAGxD,MAAM,CAAC,OAAO,YAAY;EAC1B,MAAM,MAAM,KAAK,SAAS,MAAM;EAChC,MAAM,cAAc,MAAM,KAAK,QAAQ,IAAiB,IAAI;AAE5D,MAAI,CAAC,YACH,QAAO;GAAE,OAAO;GAAO,OAAO;GAAmC;AAGnE,MAAI,YAAY,aAAa,UAAU;AACrC,SAAM,KAAK,QAAQ,OAAO,IAAI;AAC9B,UAAO;IAAE,OAAO;IAAO,OAAO;IAA2B;;AAI3D,MADY,KAAK,KAAK,GAAG,YAAY,YAC3B,qBAAqB;AAC7B,SAAM,KAAK,QAAQ,OAAO,IAAI;AAC9B,UAAO;IAAE,OAAO;IAAO,OAAO;IAAiB;;AAGjD,SAAO;GAAE,OAAO;GAAM;GAAU;;CAGlC,MAAM,aAAa,OAA8B;EAC/C,MAAM,QAAQ,MAAM,MAAM,IAAI;AAC9B,MAAI,MAAM,WAAW,GAAG;AAGtB,WAAQ,KACN,0DAA0D,MAAM,UAAU,GAAG,GAAG,CAAC,KAClF;AACD;;EAEF,MAAM,CAAC,SAAS;AAChB,QAAM,KAAK,QAAQ,OAAO,KAAK,SAAS,MAAM,CAAC;;CAGjD,MAAM,wBAAwB,SAA6B;AACzD,OAAK,YAAY,QAAQ,UAAU;;CAGrC,MAAM,sBACJ,OACe;AACf,MAAI,CAAC,KAAK,WAAY;EAEtB,MAAM,aAAuB,EAAE;AAE/B,MAAI,UAAU,SAAS,UAAU,SAC/B,YAAW,KAAK,KAAK,cAAc,KAAK,SAAS,CAAC;AAEpD,MAAI,UAAU,SAAS,UAAU,SAC/B,YAAW,KAAK,KAAK,SAAS,KAAK,SAAS,CAAC;AAE/C,MAAI,UAAU,SAAS,UAAU,WAC/B,YAAW,KAAK,KAAK,gBAAgB,KAAK,SAAS,CAAC;AAGtD,MAAI,WAAW,SAAS,EACtB,OAAM,KAAK,QAAQ,OAAO,WAAW;;CAIzC,gBAAgB,UAAkB;AAChC,SAAO,GAAG,KAAK,UAAU,SAAS,CAAC;;CAGrC,MAAM,iBAAiB,UAAiC;EACtD,MAAM,MAAM,KAAK,gBAAgB,KAAK,SAAS;AAI/C,MADiB,MAAM,KAAK,QAAQ,IAAY,IAAI,CAElD;AAGF,QAAM,KAAK,QAAQ,IAAI,KAAK,SAAS;;CAGvC,MAAM,eAAgC;EACpC,MAAM,eAAe,MAAM,KAAK,QAAQ,IACtC,KAAK,gBAAgB,KAAK,SAAS,CACpC;AACD,MAAI,CAAC,aACH,OAAM,IAAI,MAAM,yBAAyB;AAE3C,SAAO;;CAGT,MAAM,qBAAoC;AACxC,QAAM,KAAK,QAAQ,OAAO,KAAK,gBAAgB,KAAK,SAAS,CAAC"}
package/dist/mcp/index.d.ts CHANGED
@@ -1,13 +1,11 @@
1
- import "../internal_context-CEu5ji80.js";
2
- import "../email-8ljcpvwV.js";
3
- import { a as MCPConnectionResult, c as MCPServerOptions, f as BaseTransportType, h as ServeOptions, i as MCPClientOAuthResult, m as MaybePromise, o as MCPDiscoverResult, p as CORSOptions, r as MCPClientOAuthCallbackConfig } from "../client-DV1CZKqa.js";
4
- import "../workflow-types-Z_Oem1FJ.js";
1
+ import { a as BaseTransportType, c as ServeOptions, o as CORSOptions, s as MaybePromise } from "../client-storage-Cvy5r9FG.js";
2
+ import { MCPClientOAuthCallbackConfig, MCPClientOAuthResult, MCPConnectionResult, MCPDiscoverResult, MCPServerOptions } from "./client.js";
5
3
  import { Agent, Connection, ConnectionContext } from "../index.js";
6
4
  import { SSEClientTransport, SSEClientTransportOptions } from "@modelcontextprotocol/sdk/client/sse.js";
7
5
  import { StreamableHTTPClientTransport, StreamableHTTPClientTransportOptions } from "@modelcontextprotocol/sdk/client/streamableHttp.js";
8
6
  import { ElicitRequest, ElicitRequestSchema, ElicitResult, ElicitResult as ElicitResult$1, InitializeRequestParams, JSONRPCMessage, MessageExtraInfo, RequestId } from "@modelcontextprotocol/sdk/types.js";
9
- import { Server } from "@modelcontextprotocol/sdk/server/index.js";
10
7
  import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
8
+ import { Server } from "@modelcontextprotocol/sdk/server/index.js";
11
9
  import { Transport, TransportSendOptions } from "@modelcontextprotocol/sdk/shared/transport.js";
12
10
  import { EventStore } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
13
11
 
package/dist/mcp/index.js CHANGED
@@ -1,13 +1,11 @@
1
- import { t as MessageType } from "../types-BITaDFf-.js";
2
- import "../email-XHsSYsTO.js";
3
- import "../internal_context-D9eKFth1.js";
4
- import "../client-CtC9E06G.js";
5
- import "../do-oauth-client-provider-DDg8QrEA.js";
6
- import { o as getAgentByName, s as getCurrentAgent, t as Agent } from "../src-i_UcyBYf.js";
1
+ import { MessageType } from "../types.js";
2
+ import "../client-connection-CGMuV62J.js";
3
+ import { Agent, getAgentByName, getCurrentAgent } from "../index.js";
7
4
  import { AsyncLocalStorage } from "node:async_hooks";
8
5
  import { SSEClientTransport } from "@modelcontextprotocol/sdk/client/sse.js";
9
6
  import { StreamableHTTPClientTransport } from "@modelcontextprotocol/sdk/client/streamableHttp.js";
10
7
  import { ElicitRequestSchema, InitializeRequestSchema, JSONRPCMessageSchema, SUPPORTED_PROTOCOL_VERSIONS, isInitializeRequest, isJSONRPCErrorResponse, isJSONRPCNotification, isJSONRPCRequest, isJSONRPCResultResponse } from "@modelcontextprotocol/sdk/types.js";
8
+ import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
11
9
 
12
10
  //#region src/mcp/utils.ts
13
11
  /**
@@ -1239,7 +1237,10 @@ function createMcpHandler(server, options = {}) {
1239
1237
  return await transport.handleRequest(request);
1240
1238
  };
1241
1239
  const authContext = buildAuthContext();
1242
- if (!transport.started) await server.connect(transport);
1240
+ if (!transport.started) {
1241
+ if (server instanceof McpServer ? server.isConnected() : server.transport !== void 0) throw new Error("Server is already connected to a transport. Create a new McpServer instance per request for stateless handlers.");
1242
+ await server.connect(transport);
1243
+ }
1243
1244
  try {
1244
1245
  if (authContext) return await runWithAuthContext(authContext, handleRequest);
1245
1246
  else return await handleRequest();