airlock-bot 0.0.1 → 0.2.1

package/dist/middleware/post/output-summarizer.js

@@ -0,0 +1,38 @@
+import { childLogger } from '../../util/logger.js';
+const log = childLogger('mw:output-summarizer');
+const DEFAULT_THRESHOLD = 10_000;
+/**
+ * Summarizes large tool outputs using the Vercel AI SDK.
+ * Requires `ai` package and a provider to be configured.
+ * The caller must pass a model string that the AI SDK can resolve.
+ * Falls back gracefully if the SDK or model is unavailable.
+ */
+export function outputSummarizerMiddleware(opts) {
+    const threshold = opts.threshold_chars ?? DEFAULT_THRESHOLD;
+    return async (ctx, next) => {
+        const response = await next();
+        if (response.text.length < threshold)
+            return response;
+        try {
+            // Dynamic import so this middleware doesn't hard-fail if `ai` isn't installed
+            const { generateText } = await import('ai');
+            const { text: summary } = await generateText({
+                // eslint-disable-next-line @typescript-eslint/no-explicit-any, @typescript-eslint/no-unsafe-assignment
+                model: opts.model, // provider-specific model reference
+                system: 'You are a concise technical summarizer. Summarize the following tool output, preserving key data, errors, and actionable information. Be brief.',
+                prompt: response.text.slice(0, 50_000), // cap input
+                maxOutputTokens: 1024,
+            });
+            response.text = `<summary>\n${summary}\n</summary>\n\n<original-length>${response.text.length} chars</original-length>`;
+            if (response.fullOutputPath) {
+                response.text += `\n<full-output>${response.fullOutputPath}</full-output>`;
+            }
+        }
+        catch (err) {
+            log.warn({ err }, 'Output summarization failed, returning raw output');
+            // Fall through — return original response unchanged
+        }
+        return response;
+    };
+}
+//# sourceMappingURL=output-summarizer.js.map

package/dist/middleware/post/output-summarizer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"output-summarizer.js","sourceRoot":"","sources":["../../../src/middleware/post/output-summarizer.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,EAAE,MAAM,sBAAsB,CAAC;AAEnD,MAAM,GAAG,GAAG,WAAW,CAAC,sBAAsB,CAAC,CAAC;AAShD,MAAM,iBAAiB,GAAG,MAAM,CAAC;AAEjC;;;;;GAKG;AACH,MAAM,UAAU,0BAA0B,CAAC,IAA6B;IACtE,MAAM,SAAS,GAAG,IAAI,CAAC,eAAe,IAAI,iBAAiB,CAAC;IAE5D,OAAO,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QACzB,MAAM,QAAQ,GAAG,MAAM,IAAI,EAAE,CAAC;QAE9B,IAAI,QAAQ,CAAC,IAAI,CAAC,MAAM,GAAG,SAAS;YAAE,OAAO,QAAQ,CAAC;QAEtD,IAAI,CAAC;YACH,8EAA8E;YAC9E,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,CAAC;YAE5C,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,MAAM,YAAY,CAAC;gBAC3C,uGAAuG;gBACvG,KAAK,EAAE,IAAI,CAAC,KAAY,EAAE,oCAAoC;gBAC9D,MAAM,EACJ,iJAAiJ;gBACnJ,MAAM,EAAE,QAAQ,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,MAAM,CAAC,EAAE,YAAY;gBACpD,eAAe,EAAE,IAAI;aACtB,CAAC,CAAC;YAEH,QAAQ,CAAC,IAAI,GAAG,cAAc,OAAO,oCAAoC,QAAQ,CAAC,IAAI,CAAC,MAAM,0BAA0B,CAAC;YACxH,IAAI,QAAQ,CAAC,cAAc,EAAE,CAAC;gBAC5B,QAAQ,CAAC,IAAI,IAAI,kBAAkB,QAAQ,CAAC,cAAc,gBAAgB,CAAC;YAC7E,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,GAAG,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,EAAE,mDAAmD,CAAC,CAAC;YACvE,oDAAoD;QACtD,CAAC;QAED,OAAO,QAAQ,CAAC;IAClB,CAAC,CAAC;AACJ,CAAC"}

package/dist/middleware/post/strip-query-params.d.ts

@@ -0,0 +1,3 @@
+import type { Middleware } from '../types.js';
+export declare function stripQueryParamsMiddleware(): Middleware;
+//# sourceMappingURL=strip-query-params.d.ts.map

package/dist/middleware/post/strip-query-params.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"strip-query-params.d.ts","sourceRoot":"","sources":["../../../src/middleware/post/strip-query-params.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAI9C,wBAAgB,0BAA0B,IAAI,UAAU,CAmBvD"}

package/dist/middleware/post/strip-query-params.js

@@ -0,0 +1,22 @@
+const READ_ONLY_HTTP_TOOLS = new Set(['http/get', 'http/head']);
+export function stripQueryParamsMiddleware() {
+    return async (ctx, next) => {
+        if (!READ_ONLY_HTTP_TOOLS.has(ctx.toolName))
+            return next();
+        const url = ctx.args['url'];
+        if (typeof url !== 'string')
+            return next();
+        try {
+            const parsed = new URL(url);
+            if (parsed.search) {
+                parsed.search = '';
+                ctx.args['url'] = parsed.toString();
+            }
+        }
+        catch {
+            // Invalid URL — let downstream handle it
+        }
+        return next();
+    };
+}
+//# sourceMappingURL=strip-query-params.js.map

package/dist/middleware/post/strip-query-params.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"strip-query-params.js","sourceRoot":"","sources":["../../../src/middleware/post/strip-query-params.ts"],"names":[],"mappings":"AAEA,MAAM,oBAAoB,GAAG,IAAI,GAAG,CAAC,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC,CAAC;AAEhE,MAAM,UAAU,0BAA0B;IACxC,OAAO,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QACzB,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,GAAG,CAAC,QAAQ,CAAC;YAAE,OAAO,IAAI,EAAE,CAAC;QAE3D,MAAM,GAAG,GAAG,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC5B,IAAI,OAAO,GAAG,KAAK,QAAQ;YAAE,OAAO,IAAI,EAAE,CAAC;QAE3C,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;YAC5B,IAAI,MAAM,CAAC,MAAM,EAAE,CAAC;gBAClB,MAAM,CAAC,MAAM,GAAG,EAAE,CAAC;gBACnB,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,MAAM,CAAC,QAAQ,EAAE,CAAC;YACtC,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,yCAAyC;QAC3C,CAAC;QAED,OAAO,IAAI,EAAE,CAAC;IAChB,CAAC,CAAC;AACJ,CAAC"}

package/dist/middleware/post/untrusted-envelope.d.ts

@@ -0,0 +1,3 @@
+import type { Middleware } from '../types.js';
+export declare function untrustedEnvelopeMiddleware(): Middleware;
+//# sourceMappingURL=untrusted-envelope.d.ts.map

package/dist/middleware/post/untrusted-envelope.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"untrusted-envelope.d.ts","sourceRoot":"","sources":["../../../src/middleware/post/untrusted-envelope.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAE9C,wBAAgB,2BAA2B,IAAI,UAAU,CAcxD"}

package/dist/middleware/post/untrusted-envelope.js

@@ -0,0 +1,10 @@
+export function untrustedEnvelopeMiddleware() {
+    return async (ctx, next) => {
+        const response = await next();
+        const escapedTool = ctx.toolName.replace(/[&<>"]/g, (c) => ({ '&': '&amp;', '<': '&lt;', '>': '&gt;', '"': '&quot;' })[c]);
+        const escapedCallId = ctx.callId.replace(/[&<>"]/g, (c) => ({ '&': '&amp;', '<': '&lt;', '>': '&gt;', '"': '&quot;' })[c]);
+        response.text = `<untrusted-output tool="${escapedTool}" call-id="${escapedCallId}">\n${response.text}\n</untrusted-output>`;
+        return response;
+    };
+}
+//# sourceMappingURL=untrusted-envelope.js.map

package/dist/middleware/post/untrusted-envelope.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"untrusted-envelope.js","sourceRoot":"","sources":["../../../src/middleware/post/untrusted-envelope.ts"],"names":[],"mappings":"AAEA,MAAM,UAAU,2BAA2B;IACzC,OAAO,KAAK,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QACzB,MAAM,QAAQ,GAAG,MAAM,IAAI,EAAE,CAAC;QAC9B,MAAM,WAAW,GAAG,GAAG,CAAC,QAAQ,CAAC,OAAO,CACtC,SAAS,EACT,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC,CAAE,CACvE,CAAC;QACF,MAAM,aAAa,GAAG,GAAG,CAAC,MAAM,CAAC,OAAO,CACtC,SAAS,EACT,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC,CAAE,CACvE,CAAC;QACF,QAAQ,CAAC,IAAI,GAAG,2BAA2B,WAAW,cAAc,aAAa,OAAO,QAAQ,CAAC,IAAI,uBAAuB,CAAC;QAC7H,OAAO,QAAQ,CAAC;IAClB,CAAC,CAAC;AACJ,CAAC"}

package/dist/middleware/types.d.ts

@@ -0,0 +1,32 @@
+import type { ToolRegistry } from '../registry/registry.js';
+import type { AllowlistEngine } from '../allowlist/engine.js';
+import type { HitlEngine } from '../hitl/engine.js';
+import type { HitlBatcher } from '../hitl/batcher.js';
+import type { AuditLogger } from '../audit/logger.js';
+import type { AgentConfig, SecurityConfig } from '../config/schema.js';
+export interface ToolCallContext {
+    callId: string;
+    agentId: string;
+    agentConfig: AgentConfig;
+    toolName: string;
+    args: Record<string, unknown>;
+    meta: Record<string, unknown>;
+    deps: MiddlewareDeps;
+    startedAt: number;
+}
+export interface ToolCallResponse {
+    result: unknown;
+    text: string;
+    truncated?: boolean;
+    fullOutputPath?: string;
+}
+export type Middleware = (ctx: ToolCallContext, next: () => Promise<ToolCallResponse>) => Promise<ToolCallResponse>;
+export interface MiddlewareDeps {
+    registry: ToolRegistry;
+    allowlist: AllowlistEngine;
+    hitlEngine: HitlEngine;
+    hitlBatcher: HitlBatcher;
+    auditLogger: AuditLogger;
+    securityConfig: SecurityConfig;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/middleware/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/middleware/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,yBAAyB,CAAC;AAC5D,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAC9D,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AACpD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,KAAK,EAAE,WAAW,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AAEvE,MAAM,WAAW,eAAe;IAC9B,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,WAAW,CAAC;IACzB,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC9B,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAC9B,IAAI,EAAE,cAAc,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,gBAAgB;IAC/B,MAAM,EAAE,OAAO,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,MAAM,UAAU,GAAG,CACvB,GAAG,EAAE,eAAe,EACpB,IAAI,EAAE,MAAM,OAAO,CAAC,gBAAgB,CAAC,KAClC,OAAO,CAAC,gBAAgB,CAAC,CAAC;AAE/B,MAAM,WAAW,cAAc;IAC7B,QAAQ,EAAE,YAAY,CAAC;IACvB,SAAS,EAAE,eAAe,CAAC;IAC3B,UAAU,EAAE,UAAU,CAAC;IACvB,WAAW,EAAE,WAAW,CAAC;IACzB,WAAW,EAAE,WAAW,CAAC;IACzB,cAAc,EAAE,cAAc,CAAC;CAChC"}

package/dist/middleware/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/middleware/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/middleware/types.ts"],"names":[],"mappings":""}

package/dist/pool/http-client.d.ts

@@ -0,0 +1,26 @@
+import type { Tool } from '@modelcontextprotocol/sdk/types.js';
+export declare class HttpMcpClient {
+    private id;
+    private url;
+    private headers?;
+    private oauth;
+    private oauthCallbackPort;
+    private client?;
+    private transport?;
+    private oauthProvider?;
+    private reconnectAttempt;
+    private stopped;
+    private ready;
+    private awaitingAuth;
+    constructor(id: string, url: string, headers?: Record<string, string> | undefined, oauth?: boolean, oauthCallbackPort?: number);
+    connect(): Promise<void>;
+    listTools(): Promise<Tool[]>;
+    callTool(name: string, args: Record<string, unknown>): Promise<unknown>;
+    getServerInfo(): {
+        name: string;
+        version: string;
+    } | undefined;
+    isReady(): boolean;
+    stop(): Promise<void>;
+}
+//# sourceMappingURL=http-client.d.ts.map

package/dist/pool/http-client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"http-client.d.ts","sourceRoot":"","sources":["../../src/pool/http-client.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,oCAAoC,CAAC;AAQ/D,qBAAa,aAAa;IAWtB,OAAO,CAAC,EAAE;IACV,OAAO,CAAC,GAAG;IACX,OAAO,CAAC,OAAO,CAAC;IAChB,OAAO,CAAC,KAAK;IACb,OAAO,CAAC,iBAAiB;IAd3B,OAAO,CAAC,MAAM,CAAC,CAAS;IACxB,OAAO,CAAC,SAAS,CAAC,CAAgC;IAClD,OAAO,CAAC,aAAa,CAAC,CAAoB;IAC1C,OAAO,CAAC,gBAAgB,CAAK;IAC7B,OAAO,CAAC,OAAO,CAAS;IACxB,OAAO,CAAC,KAAK,CAAS;IAEtB,OAAO,CAAC,YAAY,CAAS;gBAGnB,EAAE,EAAE,MAAM,EACV,GAAG,EAAE,MAAM,EACX,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,YAAA,EAChC,KAAK,UAAQ,EACb,iBAAiB,SAAQ;IAO7B,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAgExB,SAAS,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;IAM5B,QAAQ,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,OAAO,CAAC;IAK7E,aAAa,IAAI;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,GAAG,SAAS;IAI9D,OAAO,IAAI,OAAO;IAIZ,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;CAK5B"}

package/dist/pool/http-client.js

@@ -0,0 +1,108 @@
+import { Client } from '@modelcontextprotocol/sdk/client/index.js';
+import { StreamableHTTPClientTransport } from '@modelcontextprotocol/sdk/client/streamableHttp.js';
+import { UnauthorizedError } from '@modelcontextprotocol/sdk/client/auth.js';
+import { FileOAuthProvider } from './oauth-provider.js';
+import { childLogger } from '../util/logger.js';
+const log = childLogger('http-client');
+const BACKOFF_STEPS = [1000, 2000, 4000, 8000, 16000, 30000];
+export class HttpMcpClient {
+    id;
+    url;
+    headers;
+    oauth;
+    oauthCallbackPort;
+    client;
+    transport;
+    oauthProvider;
+    reconnectAttempt = 0;
+    stopped = false;
+    ready = false;
+    awaitingAuth = false;
+    constructor(id, url, headers, oauth = false, oauthCallbackPort = 18432) {
+        this.id = id;
+        this.url = url;
+        this.headers = headers;
+        this.oauth = oauth;
+        this.oauthCallbackPort = oauthCallbackPort;
+        if (this.oauth) {
+            this.oauthProvider = new FileOAuthProvider(this.id, this.oauthCallbackPort);
+        }
+    }
+    async connect() {
+        // Don't reconnect while waiting for the user to complete the browser OAuth flow
+        if (this.awaitingAuth) {
+            log.debug({ id: this.id }, 'Skipping connect — already awaiting OAuth');
+            return;
+        }
+        const transportOpts = {};
+        if (this.headers) {
+            transportOpts.requestInit = { headers: this.headers };
+        }
+        if (this.oauthProvider) {
+            transportOpts.authProvider = this.oauthProvider;
+        }
+        this.transport = new StreamableHTTPClientTransport(new URL(this.url), transportOpts);
+        this.client = new Client({ name: 'airlock', version: '0.1.0' });
+        this.transport.onclose = () => {
+            this.ready = false;
+            if (!this.stopped && !this.awaitingAuth) {
+                const delay = BACKOFF_STEPS[Math.min(this.reconnectAttempt, BACKOFF_STEPS.length - 1)];
+                log.warn({ id: this.id, attempt: this.reconnectAttempt, delay }, 'HTTP MCP disconnected, reconnecting');
+                this.reconnectAttempt++;
+                setTimeout(() => {
+                    void this.connect().catch((err) => log.error({ err, id: this.id }, 'Reconnect failed'));
+                }, delay);
+            }
+        };
+        try {
+            await this.client.connect(this.transport);
+            this.reconnectAttempt = 0;
+            this.ready = true;
+            log.info({ id: this.id, url: this.url }, 'MCP HTTP client connected');
+        }
+        catch (err) {
+            if (err instanceof UnauthorizedError && this.oauthProvider) {
+                this.awaitingAuth = true;
+                try {
+                    log.info({ id: this.id }, 'OAuth authorization required, waiting for browser flow');
+                    const code = await this.oauthProvider.waitForAuthCode();
+                    await this.transport.finishAuth(code);
+                    this.client = new Client({ name: 'airlock', version: '0.1.0' });
+                    await this.client.connect(this.transport);
+                    this.reconnectAttempt = 0;
+                    this.ready = true;
+                    log.info({ id: this.id, url: this.url }, 'MCP HTTP client connected (after OAuth)');
+                }
+                finally {
+                    this.awaitingAuth = false;
+                }
+                return;
+            }
+            log.error({ err, id: this.id }, 'MCP HTTP connect failed');
+            throw err;
+        }
+    }
+    async listTools() {
+        if (!this.client || !this.ready)
+            throw new Error(`MCP ${this.id} not connected`);
+        const result = await this.client.listTools();
+        return result.tools;
+    }
+    async callTool(name, args) {
+        if (!this.client || !this.ready)
+            throw new Error(`MCP ${this.id} not connected`);
+        return this.client.callTool({ name, arguments: args });
+    }
+    getServerInfo() {
+        return this.client?.getServerVersion();
+    }
+    isReady() {
+        return this.ready;
+    }
+    async stop() {
+        this.stopped = true;
+        this.oauthProvider?.stopCallbackServer();
+        await this.transport?.close();
+    }
+}
+//# sourceMappingURL=http-client.js.map

package/dist/pool/http-client.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"http-client.js","sourceRoot":"","sources":["../../src/pool/http-client.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AACnE,OAAO,EAAE,6BAA6B,EAAE,MAAM,oDAAoD,CAAC;AACnG,OAAO,EAAE,iBAAiB,EAAE,MAAM,0CAA0C,CAAC;AAE7E,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AACxD,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAEhD,MAAM,GAAG,GAAG,WAAW,CAAC,aAAa,CAAC,CAAC;AAEvC,MAAM,aAAa,GAAG,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC;AAE7D,MAAM,OAAO,aAAa;IAWd;IACA;IACA;IACA;IACA;IAdF,MAAM,CAAU;IAChB,SAAS,CAAiC;IAC1C,aAAa,CAAqB;IAClC,gBAAgB,GAAG,CAAC,CAAC;IACrB,OAAO,GAAG,KAAK,CAAC;IAChB,KAAK,GAAG,KAAK,CAAC;IAEd,YAAY,GAAG,KAAK,CAAC;IAE7B,YACU,EAAU,EACV,GAAW,EACX,OAAgC,EAChC,QAAQ,KAAK,EACb,oBAAoB,KAAK;QAJzB,OAAE,GAAF,EAAE,CAAQ;QACV,QAAG,GAAH,GAAG,CAAQ;QACX,YAAO,GAAP,OAAO,CAAyB;QAChC,UAAK,GAAL,KAAK,CAAQ;QACb,sBAAiB,GAAjB,iBAAiB,CAAQ;QAEjC,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,aAAa,GAAG,IAAI,iBAAiB,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC,iBAAiB,CAAC,CAAC;QAC9E,CAAC;IACH,CAAC;IAED,KAAK,CAAC,OAAO;QACX,gFAAgF;QAChF,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACtB,GAAG,CAAC,KAAK,CAAC,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE,EAAE,2CAA2C,CAAC,CAAC;YACxE,OAAO;QACT,CAAC;QAED,MAAM,aAAa,GAAmE,EAAE,CAAC;QAEzF,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,aAAa,CAAC,WAAW,GAAG,EAAE,OAAO,EAAE,IAAI,CAAC,OAAO,EAAE,CAAC;QACxD,CAAC;QAED,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;YACvB,aAAa,CAAC,YAAY,GAAG,IAAI,CAAC,aAAa,CAAC;QAClD,CAAC;QAED,IAAI,CAAC,SAAS,GAAG,IAAI,6BAA6B,CAAC,IAAI,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,aAAa,CAAC,CAAC;QAErF,IAAI,CAAC,MAAM,GAAG,IAAI,MAAM,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC;QAEhE,IAAI,CAAC,SAAS,CAAC,OAAO,GAAG,GAAG,EAAE;YAC5B,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;YACnB,IAAI,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;gBACxC,MAAM,KAAK,GAAG,aAAa,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,gBAAgB,EAAE,aAAa,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC;gBACvF,GAAG,CAAC,IAAI,CACN,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE,OAAO,EAAE,IAAI,CAAC,gBAAgB,EAAE,KAAK,EAAE,EACtD,qCAAqC,CACtC,CAAC;gBACF,IAAI,CAAC,gBAAgB,EAAE,CAAC;gBACxB,UAAU,CAAC,GAAG,EAAE;oBACd,KAAK,IAAI,CAAC,OAAO,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE,EAAE,kBAAkB,CAAC,CAAC,CAAC;gBAC1F,CAAC,EAAE,KAAK,CAAC,CAAC;YACZ,CAAC;QACH,CAAC,CAAC;QAEF,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YAC1C,IAAI,CAAC,gBAAgB,GAAG,CAAC,CAAC;YAC1B,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;YAClB,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,2BAA2B,CAAC,CAAC;QACxE,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,iBAAiB,IAAI,IAAI,CAAC,aAAa,EAAE,CAAC;gBAC3D,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC;gBACzB,IAAI,CAAC;oBACH,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE,EAAE,wDAAwD,CAAC,CAAC;oBACpF,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,eAAe,EAAE,CAAC;oBACxD,MAAM,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;oBAEtC,IAAI,CAAC,MAAM,GAAG,IAAI,MAAM,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC;oBAChE,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;oBAC1C,IAAI,CAAC,gBAAgB,GAAG,CAAC,CAAC;oBAC1B,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC;oBAClB,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE,GAAG,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,yCAAyC,CAAC,CAAC;gBACtF,CAAC;wBAAS,CAAC;oBACT,IAAI,CAAC,YAAY,GAAG,KAAK,CAAC;gBAC5B,CAAC;gBACD,OAAO;YACT,CAAC;YACD,GAAG,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE,EAAE,yBAAyB,CAAC,CAAC;YAC3D,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;IAED,KAAK,CAAC,SAAS;QACb,IAAI,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK;YAAE,MAAM,IAAI,KAAK,CAAC,OAAO,IAAI,CAAC,EAAE,gBAAgB,CAAC,CAAC;QACjF,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE,CAAC;QAC7C,OAAO,MAAM,CAAC,KAAK,CAAC;IACtB,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,IAAY,EAAE,IAA6B;QACxD,IAAI,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK;YAAE,MAAM,IAAI,KAAK,CAAC,OAAO,IAAI,CAAC,EAAE,gBAAgB,CAAC,CAAC;QACjF,OAAO,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACzD,CAAC;IAED,aAAa;QACX,OAAO,IAAI,CAAC,MAAM,EAAE,gBAAgB,EAAE,CAAC;IACzC,CAAC;IAED,OAAO;QACL,OAAO,IAAI,CAAC,KAAK,CAAC;IACpB,CAAC;IAED,KAAK,CAAC,IAAI;QACR,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC;QACpB,IAAI,CAAC,aAAa,EAAE,kBAAkB,EAAE,CAAC;QACzC,MAAM,IAAI,CAAC,SAAS,EAAE,KAAK,EAAE,CAAC;IAChC,CAAC;CACF"}

package/dist/pool/oauth-provider.d.ts

@@ -0,0 +1,34 @@
+import type { OAuthClientProvider } from '@modelcontextprotocol/sdk/client/auth.js';
+import type { OAuthClientMetadata, OAuthClientInformationFull, OAuthTokens } from '@modelcontextprotocol/sdk/shared/auth.js';
+/**
+ * File-backed OAuthClientProvider that persists tokens to ~/.airlock/oauth/<server-id>.json
+ * and opens the browser for authorization.
+ */
+export declare class FileOAuthProvider implements OAuthClientProvider {
+    private serverId;
+    private callbackPort;
+    private storePath;
+    private data;
+    private callbackServer?;
+    private authCodeResolve?;
+    private browserOpenedAt;
+    constructor(serverId: string, callbackPort: number);
+    get redirectUrl(): string;
+    get clientMetadata(): OAuthClientMetadata;
+    clientInformation(): Promise<OAuthClientInformationFull | undefined>;
+    saveClientInformation(info: OAuthClientInformationFull): Promise<void>;
+    tokens(): Promise<OAuthTokens | undefined>;
+    saveTokens(tokens: OAuthTokens): Promise<void>;
+    redirectToAuthorization(url: URL): Promise<void>;
+    saveCodeVerifier(verifier: string): Promise<void>;
+    codeVerifier(): Promise<string>;
+    /**
+     * Starts a temporary HTTP server to listen for the OAuth callback.
+     * Returns a promise that resolves with the authorization code.
+     */
+    waitForAuthCode(): Promise<string>;
+    stopCallbackServer(): void;
+    private load;
+    private save;
+}
+//# sourceMappingURL=oauth-provider.d.ts.map

package/dist/pool/oauth-provider.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-provider.d.ts","sourceRoot":"","sources":["../../src/pool/oauth-provider.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,0CAA0C,CAAC;AACpF,OAAO,KAAK,EACV,mBAAmB,EACnB,0BAA0B,EAC1B,WAAW,EACZ,MAAM,0CAA0C,CAAC;AAWlD;;;GAGG;AACH,qBAAa,iBAAkB,YAAW,mBAAmB;IAQzD,OAAO,CAAC,QAAQ;IAChB,OAAO,CAAC,YAAY;IARtB,OAAO,CAAC,SAAS,CAAS;IAC1B,OAAO,CAAC,IAAI,CAAqB;IACjC,OAAO,CAAC,cAAc,CAAC,CAAa;IACpC,OAAO,CAAC,eAAe,CAAC,CAAyB;IACjD,OAAO,CAAC,eAAe,CAAK;gBAGlB,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM;IAO9B,IAAI,WAAW,IAAI,MAAM,CAExB;IAED,IAAI,cAAc,IAAI,mBAAmB,CAQxC;IAEK,iBAAiB,IAAI,OAAO,CAAC,0BAA0B,GAAG,SAAS,CAAC;IAKpE,qBAAqB,CAAC,IAAI,EAAE,0BAA0B,GAAG,OAAO,CAAC,IAAI,CAAC;IAKtE,MAAM,IAAI,OAAO,CAAC,WAAW,GAAG,SAAS,CAAC;IAK1C,UAAU,CAAC,MAAM,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC;IAKpD,uBAAuB,CAAC,GAAG,EAAE,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC;IAgB1C,gBAAgB,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAKjD,YAAY,IAAI,OAAO,CAAC,MAAM,CAAC;IAKrC;;;OAGG;IACH,eAAe,IAAI,OAAO,CAAC,MAAM,CAAC;IAgDlC,kBAAkB,IAAI,IAAI;YAKZ,IAAI;YASJ,IAAI;CAKnB"}

package/dist/pool/oauth-provider.js

@@ -0,0 +1,135 @@
+import { readFile, writeFile, mkdir } from 'fs/promises';
+import { join } from 'path';
+import { execFile } from 'child_process';
+import { createServer } from 'http';
+import { childLogger } from '../util/logger.js';
+const log = childLogger('oauth');
+/**
+ * File-backed OAuthClientProvider that persists tokens to ~/.airlock/oauth/<server-id>.json
+ * and opens the browser for authorization.
+ */
+export class FileOAuthProvider {
+    serverId;
+    callbackPort;
+    storePath;
+    data = {};
+    callbackServer;
+    authCodeResolve;
+    browserOpenedAt = 0;
+    constructor(serverId, callbackPort) {
+        this.serverId = serverId;
+        this.callbackPort = callbackPort;
+        const home = process.env.HOME ?? process.env.USERPROFILE ?? '.';
+        const dir = join(home, '.airlock', 'oauth');
+        this.storePath = join(dir, `${serverId}.json`);
+    }
+    get redirectUrl() {
+        return `http://127.0.0.1:${this.callbackPort}/oauth/callback`;
+    }
+    get clientMetadata() {
+        return {
+            redirect_uris: [this.redirectUrl],
+            client_name: `Airlock (${this.serverId})`,
+            token_endpoint_auth_method: 'none',
+            grant_types: ['authorization_code', 'refresh_token'],
+            response_types: ['code'],
+        };
+    }
+    async clientInformation() {
+        await this.load();
+        return this.data.clientInfo;
+    }
+    async saveClientInformation(info) {
+        this.data.clientInfo = info;
+        await this.save();
+    }
+    async tokens() {
+        await this.load();
+        return this.data.tokens;
+    }
+    async saveTokens(tokens) {
+        this.data.tokens = tokens;
+        await this.save();
+    }
+    redirectToAuthorization(url) {
+        const now = Date.now();
+        if (now - this.browserOpenedAt < 30_000) {
+            log.debug({ serverId: this.serverId }, 'Skipping duplicate browser open (debounced)');
+            return Promise.resolve();
+        }
+        this.browserOpenedAt = now;
+        log.info({ serverId: this.serverId, url: url.toString() }, 'Opening browser for OAuth authorization');
+        const cmd = process.platform === 'darwin' ? 'open' : 'xdg-open';
+        execFile(cmd, [url.toString()]);
+        return Promise.resolve();
+    }
+    async saveCodeVerifier(verifier) {
+        this.data.codeVerifier = verifier;
+        await this.save();
+    }
+    async codeVerifier() {
+        await this.load();
+        return this.data.codeVerifier ?? '';
+    }
+    /**
+     * Starts a temporary HTTP server to listen for the OAuth callback.
+     * Returns a promise that resolves with the authorization code.
+     */
+    waitForAuthCode() {
+        return new Promise((resolve, reject) => {
+            this.authCodeResolve = resolve;
+            this.callbackServer = createServer((req, res) => {
+                const url = new URL(req.url ?? '/', `http://127.0.0.1:${this.callbackPort}`);
+                if (url.pathname !== '/oauth/callback') {
+                    res.writeHead(404);
+                    res.end('Not found');
+                    return;
+                }
+                const code = url.searchParams.get('code');
+                const error = url.searchParams.get('error');
+                if (error) {
+                    res.writeHead(200, { 'Content-Type': 'text/html' });
+                    res.end('<html><body><h2>Authorization failed</h2><p>You can close this tab.</p></body></html>');
+                    this.stopCallbackServer();
+                    reject(new Error(`OAuth error: ${error}`));
+                    return;
+                }
+                if (code) {
+                    res.writeHead(200, { 'Content-Type': 'text/html' });
+                    res.end('<html><body><h2>Authorized!</h2><p>You can close this tab.</p></body></html>');
+                    this.stopCallbackServer();
+                    this.authCodeResolve?.(code);
+                    return;
+                }
+                res.writeHead(400);
+                res.end('Missing code parameter');
+            });
+            this.callbackServer.listen(this.callbackPort, '127.0.0.1', () => {
+                log.info({ port: this.callbackPort }, 'OAuth callback server listening');
+            });
+            this.callbackServer.on('error', (err) => {
+                log.error({ err }, 'OAuth callback server error');
+                reject(err);
+            });
+        });
+    }
+    stopCallbackServer() {
+        this.callbackServer?.close();
+        this.callbackServer = undefined;
+    }
+    async load() {
+        try {
+            const data = await readFile(this.storePath, 'utf-8');
+            this.data = JSON.parse(data);
+        }
+        catch {
+            this.data = {};
+        }
+    }
+    async save() {
+        const dir = join(this.storePath, '..');
+        await mkdir(dir, { recursive: true });
+        await writeFile(this.storePath, JSON.stringify(this.data, null, 2));
+    }
+}
+//# sourceMappingURL=oauth-provider.js.map

package/dist/pool/oauth-provider.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-provider.js","sourceRoot":"","sources":["../../src/pool/oauth-provider.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,aAAa,CAAC;AACzD,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AACzC,OAAO,EAAE,YAAY,EAA6B,MAAM,MAAM,CAAC;AAO/D,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAEhD,MAAM,GAAG,GAAG,WAAW,CAAC,OAAO,CAAC,CAAC;AAQjC;;;GAGG;AACH,MAAM,OAAO,iBAAiB;IAQlB;IACA;IARF,SAAS,CAAS;IAClB,IAAI,GAAkB,EAAE,CAAC;IACzB,cAAc,CAAc;IAC5B,eAAe,CAA0B;IACzC,eAAe,GAAG,CAAC,CAAC;IAE5B,YACU,QAAgB,EAChB,YAAoB;QADpB,aAAQ,GAAR,QAAQ,CAAQ;QAChB,iBAAY,GAAZ,YAAY,CAAQ;QAE5B,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,GAAG,CAAC;QAChE,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,EAAE,UAAU,EAAE,OAAO,CAAC,CAAC;QAC5C,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,OAAO,CAAC,CAAC;IACjD,CAAC;IAED,IAAI,WAAW;QACb,OAAO,oBAAoB,IAAI,CAAC,YAAY,iBAAiB,CAAC;IAChE,CAAC;IAED,IAAI,cAAc;QAChB,OAAO;YACL,aAAa,EAAE,CAAC,IAAI,CAAC,WAAW,CAAC;YACjC,WAAW,EAAE,YAAY,IAAI,CAAC,QAAQ,GAAG;YACzC,0BAA0B,EAAE,MAAM;YAClC,WAAW,EAAE,CAAC,oBAAoB,EAAE,eAAe,CAAC;YACpD,cAAc,EAAE,CAAC,MAAM,CAAC;SACzB,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,iBAAiB;QACrB,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAClB,OAAO,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC;IAC9B,CAAC;IAED,KAAK,CAAC,qBAAqB,CAAC,IAAgC;QAC1D,IAAI,CAAC,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;QAC5B,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;IACpB,CAAC;IAED,KAAK,CAAC,MAAM;QACV,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAClB,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC;IAC1B,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,MAAmB;QAClC,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QAC1B,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;IACpB,CAAC;IAED,uBAAuB,CAAC,GAAQ;QAC9B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,IAAI,GAAG,GAAG,IAAI,CAAC,eAAe,GAAG,MAAM,EAAE,CAAC;YACxC,GAAG,CAAC,KAAK,CAAC,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,EAAE,6CAA6C,CAAC,CAAC;YACtF,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;QAC3B,CAAC;QACD,IAAI,CAAC,eAAe,GAAG,GAAG,CAAC;QAC3B,GAAG,CAAC,IAAI,CACN,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,GAAG,EAAE,GAAG,CAAC,QAAQ,EAAE,EAAE,EAChD,yCAAyC,CAC1C,CAAC;QACF,MAAM,GAAG,GAAG,OAAO,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,UAAU,CAAC;QAChE,QAAQ,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;QAChC,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;IAC3B,CAAC;IAED,KAAK,CAAC,gBAAgB,CAAC,QAAgB;QACrC,IAAI,CAAC,IAAI,CAAC,YAAY,GAAG,QAAQ,CAAC;QAClC,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;IACpB,CAAC;IAED,KAAK,CAAC,YAAY;QAChB,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;QAClB,OAAO,IAAI,CAAC,IAAI,CAAC,YAAY,IAAI,EAAE,CAAC;IACtC,CAAC;IAED;;;OAGG;IACH,eAAe;QACb,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,IAAI,CAAC,eAAe,GAAG,OAAO,CAAC;YAE/B,IAAI,CAAC,cAAc,GAAG,YAAY,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;gBAC9C,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,IAAI,GAAG,EAAE,oBAAoB,IAAI,CAAC,YAAY,EAAE,CAAC,CAAC;gBAC7E,IAAI,GAAG,CAAC,QAAQ,KAAK,iBAAiB,EAAE,CAAC;oBACvC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;oBACnB,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;oBACrB,OAAO;gBACT,CAAC;gBAED,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;gBAC1C,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;gBAE5C,IAAI,KAAK,EAAE,CAAC;oBACV,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;oBACpD,GAAG,CAAC,GAAG,CACL,uFAAuF,CACxF,CAAC;oBACF,IAAI,CAAC,kBAAkB,EAAE,CAAC;oBAC1B,MAAM,CAAC,IAAI,KAAK,CAAC,gBAAgB,KAAK,EAAE,CAAC,CAAC,CAAC;oBAC3C,OAAO;gBACT,CAAC;gBAED,IAAI,IAAI,EAAE,CAAC;oBACT,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;oBACpD,GAAG,CAAC,GAAG,CAAC,8EAA8E,CAAC,CAAC;oBACxF,IAAI,CAAC,kBAAkB,EAAE,CAAC;oBAC1B,IAAI,CAAC,eAAe,EAAE,CAAC,IAAI,CAAC,CAAC;oBAC7B,OAAO;gBACT,CAAC;gBAED,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;gBACnB,GAAG,CAAC,GAAG,CAAC,wBAAwB,CAAC,CAAC;YACpC,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE,WAAW,EAAE,GAAG,EAAE;gBAC9D,GAAG,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,YAAY,EAAE,EAAE,iCAAiC,CAAC,CAAC;YAC3E,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,cAAc,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;gBACtC,GAAG,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,6BAA6B,CAAC,CAAC;gBAClD,MAAM,CAAC,GAAG,CAAC,CAAC;YACd,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IAED,kBAAkB;QAChB,IAAI,CAAC,cAAc,EAAE,KAAK,EAAE,CAAC;QAC7B,IAAI,CAAC,cAAc,GAAG,SAAS,CAAC;IAClC,CAAC;IAEO,KAAK,CAAC,IAAI;QAChB,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;YACrD,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAkB,CAAC;QAChD,CAAC;QAAC,MAAM,CAAC;YACP,IAAI,CAAC,IAAI,GAAG,EAAE,CAAC;QACjB,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,IAAI;QAChB,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;QACvC,MAAM,KAAK,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QACtC,MAAM,SAAS,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IACtE,CAAC;CACF"}

package/dist/pool/pool.d.ts

@@ -0,0 +1,30 @@
+import type { McpServerConfig } from '../config/schema.js';
+import type { Tool } from '@modelcontextprotocol/sdk/types.js';
+export type HealthStatus = 'ok' | 'degraded' | 'down';
+export declare class ClientPool {
+    private mcps;
+    private options?;
+    private clients;
+    private healthTimer?;
+    private _onClientReady?;
+    constructor(mcps: Record<string, McpServerConfig>, options?: {
+        stdioStderr?: "inherit" | "ignore" | "pipe";
+    } | undefined);
+    onClientReady(cb: (id: string) => void): void;
+    initialize(): Promise<void>;
+    private connectClient;
+    private connectInBackground;
+    private createClient;
+    listTools(mcpId: string): Promise<Tool[]>;
+    callTool(mcpId: string, toolName: string, args: Record<string, unknown>): Promise<unknown>;
+    reload(newMcps: Record<string, McpServerConfig>): Promise<void>;
+    healthCheck(): Record<string, HealthStatus>;
+    getServerInfo(mcpId: string): {
+        name: string;
+        version: string;
+    } | undefined;
+    getMcpIds(): string[];
+    private startHealthCheck;
+    stop(): Promise<void>;
+}
+//# sourceMappingURL=pool.d.ts.map

package/dist/pool/pool.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"pool.d.ts","sourceRoot":"","sources":["../../src/pool/pool.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAC3D,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,oCAAoC,CAAC;AAM/D,MAAM,MAAM,YAAY,GAAG,IAAI,GAAG,UAAU,GAAG,MAAM,CAAC;AAEtD,qBAAa,UAAU;IAMnB,OAAO,CAAC,IAAI;IACZ,OAAO,CAAC,OAAO,CAAC;IANlB,OAAO,CAAC,OAAO,CAAgC;IAC/C,OAAO,CAAC,WAAW,CAAC,CAAiB;IACrC,OAAO,CAAC,cAAc,CAAC,CAAuB;gBAGpC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,EACrC,OAAO,CAAC,EAAE;QAAE,WAAW,CAAC,EAAE,SAAS,GAAG,QAAQ,GAAG,MAAM,CAAA;KAAE,YAAA;IAGnE,aAAa,CAAC,EAAE,EAAE,CAAC,EAAE,EAAE,MAAM,KAAK,IAAI,GAAG,IAAI;IAIvC,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;YAMnB,aAAa;IAa3B,OAAO,CAAC,mBAAmB;IAU3B,OAAO,CAAC,YAAY;IAWd,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;IAMzC,QAAQ,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,OAAO,CAAC,OAAO,CAAC;IAO1F,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,eAAe,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC;IAyBrE,WAAW,IAAI,MAAM,CAAC,MAAM,EAAE,YAAY,CAAC;IAQ3C,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,GAAG,SAAS;IAI3E,SAAS,IAAI,MAAM,EAAE;IAIrB,OAAO,CAAC,gBAAgB;IAWlB,IAAI,IAAI,OAAO,CAAC,IAAI,CAAC;CAI5B"}

package/dist/pool/pool.js

@@ -0,0 +1,119 @@
+import { StdioMcpClient } from './stdio-client.js';
+import { SseMcpClient } from './sse-client.js';
+import { HttpMcpClient } from './http-client.js';
+import { childLogger } from '../util/logger.js';
+const log = childLogger('pool');
+export class ClientPool {
+    mcps;
+    options;
+    clients = new Map();
+    healthTimer;
+    _onClientReady;
+    constructor(mcps, options) {
+        this.mcps = mcps;
+        this.options = options;
+    }
+    onClientReady(cb) {
+        this._onClientReady = cb;
+    }
+    async initialize() {
+        const entries = Object.entries(this.mcps);
+        await Promise.allSettled(entries.map(([id, cfg]) => this.connectClient(id, cfg)));
+        this.startHealthCheck();
+    }
+    async connectClient(id, cfg) {
+        const client = this.createClient(id, cfg);
+        this.clients.set(id, client);
+        try {
+            await client.connect();
+            log.info({ id }, 'MCP connected');
+            this._onClientReady?.(id);
+        }
+        catch (err) {
+            log.error({ err, id }, 'Failed to connect MCP (will retry in background)');
+            this.connectInBackground(id, client);
+        }
+    }
+    connectInBackground(id, client) {
+        client
+            .connect()
+            .then(() => {
+            log.info({ id }, 'MCP connected (background)');
+            this._onClientReady?.(id);
+        })
+            .catch(() => { });
+    }
+    createClient(id, cfg) {
+        switch (cfg.type) {
+            case 'stdio':
+                return new StdioMcpClient(id, cfg.command, cfg.args, cfg.env, this.options?.stdioStderr);
+            case 'sse':
+                return new SseMcpClient(id, cfg.url, cfg.headers);
+            case 'http':
+                return new HttpMcpClient(id, cfg.url, cfg.headers, cfg.oauth, cfg.oauth_callback_port);
+        }
+    }
+    async listTools(mcpId) {
+        const client = this.clients.get(mcpId);
+        if (!client)
+            throw new Error(`Unknown MCP: ${mcpId}`);
+        return client.listTools();
+    }
+    async callTool(mcpId, toolName, args) {
+        const client = this.clients.get(mcpId);
+        if (!client)
+            throw new Error(`Unknown MCP: ${mcpId}`);
+        if (!client.isReady())
+            throw new Error(`MCP ${mcpId} is not connected`);
+        return client.callTool(toolName, args);
+    }
+    async reload(newMcps) {
+        const oldIds = new Set(this.clients.keys());
+        const newIds = new Set(Object.keys(newMcps));
+        // Remove MCPs that no longer exist
+        for (const id of oldIds) {
+            if (!newIds.has(id)) {
+                log.info({ id }, 'Removing MCP (no longer in config)');
+                const client = this.clients.get(id);
+                await client.stop().catch((err) => log.error({ err, id }, 'Error stopping removed MCP'));
+                this.clients.delete(id);
+            }
+        }
+        // Add new MCPs
+        for (const [id, cfg] of Object.entries(newMcps)) {
+            if (!oldIds.has(id)) {
+                log.info({ id }, 'Adding new MCP from config reload');
+                void this.connectClient(id, cfg);
+            }
+        }
+        this.mcps = newMcps;
+    }
+    healthCheck() {
+        const result = {};
+        for (const [id, client] of this.clients) {
+            result[id] = client.isReady() ? 'ok' : 'down';
+        }
+        return result;
+    }
+    getServerInfo(mcpId) {
+        return this.clients.get(mcpId)?.getServerInfo();
+    }
+    getMcpIds() {
+        return Array.from(this.clients.keys());
+    }
+    startHealthCheck() {
+        this.healthTimer = setInterval(() => {
+            const health = this.healthCheck();
+            const down = Object.entries(health).filter(([, s]) => s === 'down');
+            if (down.length > 0) {
+                log.warn({ down: down.map(([id]) => id) }, 'Some MCPs are down');
+            }
+        }, 30_000);
+        this.healthTimer.unref();
+    }
+    async stop() {
+        clearInterval(this.healthTimer);
+        await Promise.allSettled(Array.from(this.clients.values()).map((c) => c.stop()));
+    }
+}
+//# sourceMappingURL=pool.js.map