anyapi-mcp-server 1.6.0 → 1.7.0

package/build/api-index.js

@@ -1,6 +1,82 @@
 import yaml from "js-yaml";
 const PAGE_SIZE = 20;
 const HTTP_METHODS = new Set(["get", "post", "put", "delete", "patch"]);
+const MAX_BODY_SCHEMA_DEPTH = 6;
+function extractProperties(schema, spec, depth, visited) {
+    const properties = schema.properties;
+    if (!properties)
+        return undefined;
+    const requiredFields = new Set(Array.isArray(schema.required) ? schema.required : []);
+    const result = {};
+    for (const [propName, propDef] of Object.entries(properties)) {
+        let def = propDef;
+        let refPath;
+        // Resolve property-level $ref
+        if (def["$ref"] && typeof def["$ref"] === "string") {
+            refPath = def["$ref"];
+            if (visited.has(refPath)) {
+                result[propName] = { type: "object", required: requiredFields.has(propName) };
+                continue;
+            }
+            const resolved = resolveRef(refPath, spec);
+            if (resolved)
+                def = resolved;
+        }
+        const prop = {
+            type: def.type ?? "string",
+            required: requiredFields.has(propName),
+        };
+        if (def.description)
+            prop.description = def.description;
+        // Recurse into nested objects
+        if (prop.type === "object" && def.properties && depth < MAX_BODY_SCHEMA_DEPTH) {
+            const branch = new Set(visited);
+            if (refPath)
+                branch.add(refPath);
+            const nested = extractProperties(def, spec, depth + 1, branch);
+            if (nested) {
+                prop.properties = nested;
+                if (Array.isArray(def.required) && def.required.length > 0) {
+                    prop.required_fields = def.required;
+                }
+            }
+        }
+        if (def.items && typeof def.items === "object") {
+            let itemsDef = def.items;
+            let itemsRefPath;
+            if (itemsDef["$ref"] && typeof itemsDef["$ref"] === "string") {
+                itemsRefPath = itemsDef["$ref"];
+                if (!visited.has(itemsRefPath)) {
+                    const resolved = resolveRef(itemsRefPath, spec);
+                    if (resolved)
+                        itemsDef = resolved;
+                }
+            }
+            const itemType = itemsDef.type ?? "string";
+            if (itemType === "object" && itemsDef.properties && depth < MAX_BODY_SCHEMA_DEPTH) {
+                const branch = new Set(visited);
+                if (itemsRefPath)
+                    branch.add(itemsRefPath);
+                const nestedItems = extractProperties(itemsDef, spec, depth + 1, branch);
+                if (nestedItems) {
+                    prop.items = {
+                        type: itemType,
+                        properties: nestedItems,
+                        required: Array.isArray(itemsDef.required) ? itemsDef.required : undefined,
+                    };
+                }
+                else {
+                    prop.items = { type: itemType };
+                }
+            }
+            else {
+                prop.items = { type: itemType };
+            }
+        }
+        result[propName] = prop;
+    }
+    return Object.keys(result).length > 0 ? result : undefined;
+}
 function extractRequestBodySchema(requestBody, spec) {
     if (!requestBody || typeof requestBody !== "object")
         return undefined;
@@ -26,34 +102,10 @@ function extractRequestBodySchema(requestBody, spec) {
             return undefined;
         schema = resolved;
     }
-    const properties = schema.properties;
-    if (!properties)
+    const result = extractProperties(schema, spec, 0, new Set());
+    if (!result)
         return undefined;
-    const requiredFields = new Set(Array.isArray(schema.required) ? schema.required : []);
-    const result = {};
-    for (const [propName, propDef] of Object.entries(properties)) {
-        let def = propDef;
-        // Resolve property-level $ref
-        if (def["$ref"] && typeof def["$ref"] === "string") {
-            const resolved = resolveRef(def["$ref"], spec);
-            if (resolved)
-                def = resolved;
-        }
-        const prop = {
-            type: def.type ?? "string",
-            required: requiredFields.has(propName),
-        };
-        if (def.description)
-            prop.description = def.description;
-        if (def.items && typeof def.items === "object") {
-            const items = def.items;
-            prop.items = { type: items.type ?? "string" };
-        }
-        result[propName] = prop;
-    }
-    return Object.keys(result).length > 0
-        ? { contentType: "application/json", properties: result }
-        : undefined;
+    return { contentType: "application/json", properties: result };
 }
 function resolveRef(ref, spec) {
     // Handle "#/components/schemas/Foo" style refs
@@ -118,6 +170,7 @@ function postmanUrlToPath(url) {
 export class ApiIndex {
     byTag = new Map();
     allEndpoints = [];
+    oauthSchemes = [];
     constructor(specContents) {
         for (const specContent of specContents) {
             let parsed;
@@ -185,6 +238,46 @@ export class ApiIndex {
                 this.addEndpoint(endpoint);
             }
         }
+        this.extractSecuritySchemes(rawSpec);
+    }
+    extractSecuritySchemes(spec) {
+        // OpenAPI 3.x: components.securitySchemes
+        const components = spec.components;
+        const securitySchemes = components?.securitySchemes;
+        // OpenAPI 2.x (Swagger): securityDefinitions
+        const securityDefs = spec.securityDefinitions;
+        const schemes = securitySchemes ?? securityDefs ?? {};
+        for (const schemeDef of Object.values(schemes)) {
+            if (schemeDef.type !== "oauth2")
+                continue;
+            // OpenAPI 3.x: flows.authorizationCode, flows.clientCredentials, etc.
+            const flows = schemeDef.flows;
+            if (flows) {
+                for (const flow of Object.values(flows)) {
+                    const scopes = flow.scopes
+                        ? Object.keys(flow.scopes)
+                        : [];
+                    this.oauthSchemes.push({
+                        authorizationUrl: flow.authorizationUrl,
+                        tokenUrl: flow.tokenUrl,
+                        scopes,
+                    });
+                }
+                continue;
+            }
+            // OpenAPI 2.x (Swagger): direct fields on the scheme
+            const scopes = schemeDef.scopes
+                ? Object.keys(schemeDef.scopes)
+                : [];
+            this.oauthSchemes.push({
+                authorizationUrl: schemeDef.authorizationUrl,
+                tokenUrl: schemeDef.tokenUrl,
+                scopes,
+            });
+        }
+    }
+    getOAuthSchemes() {
+        return this.oauthSchemes;
     }
     parsePostman(collection) {
         this.walkPostmanItems(collection.item ?? [], []);

package/build/config.js

@@ -62,7 +62,17 @@ Required:
 Optional:
   --header     HTTP header as "Key: Value" (repeatable)
                Supports \${ENV_VAR} interpolation in values
-  --log        Path to request/response log file (NDJSON format)`;
+  --log        Path to request/response log file (NDJSON format)
+
+OAuth 2.0 (all optional, but client-id/client-secret/token-url are required together):
+  --oauth-client-id      OAuth client ID
+  --oauth-client-secret  OAuth client secret
+  --oauth-token-url      OAuth token endpoint URL
+  --oauth-auth-url       OAuth authorization endpoint URL (authorization_code flow)
+  --oauth-scopes         Comma-separated scopes (e.g. "read,write")
+  --oauth-flow           "authorization_code" (default) or "client_credentials"
+  --oauth-param          Extra auth URL param as "key=value" (repeatable)
+               All OAuth values support \${ENV_VAR} interpolation`;
 export async function loadConfig() {
     const name = getArg("--name");
     const specUrls = getAllArgs("--spec");
@@ -84,11 +94,55 @@ export async function loadConfig() {
         headers[key] = interpolateEnv(value);
     }
     const logPath = getArg("--log");
+    // --- OAuth CLI flags ---
+    const oauthClientId = getArg("--oauth-client-id");
+    const oauthClientSecret = getArg("--oauth-client-secret");
+    const oauthTokenUrl = getArg("--oauth-token-url");
+    const oauthAuthUrl = getArg("--oauth-auth-url");
+    const oauthScopes = getArg("--oauth-scopes");
+    const oauthFlow = getArg("--oauth-flow");
+    const oauthParams = getAllArgs("--oauth-param");
+    const hasAnyOAuth = oauthClientId || oauthClientSecret || oauthTokenUrl;
+    if (hasAnyOAuth && !(oauthClientId && oauthClientSecret && oauthTokenUrl)) {
+        console.error("ERROR: --oauth-client-id, --oauth-client-secret, and --oauth-token-url must all be provided together.");
+        process.exit(1);
+    }
+    let oauth;
+    if (oauthClientId && oauthClientSecret && oauthTokenUrl) {
+        const extraParams = {};
+        for (const raw of oauthParams) {
+            const eqIdx = raw.indexOf("=");
+            if (eqIdx === -1) {
+                console.error(`ERROR: Invalid --oauth-param format "${raw}". Expected "key=value"`);
+                process.exit(1);
+            }
+            extraParams[raw.slice(0, eqIdx)] = interpolateEnv(raw.slice(eqIdx + 1));
+        }
+        const flow = (oauthFlow ? interpolateEnv(oauthFlow) : "authorization_code");
+        if (flow !== "authorization_code" && flow !== "client_credentials") {
+            console.error(`ERROR: Invalid --oauth-flow "${flow}". Must be "authorization_code" or "client_credentials".`);
+            process.exit(1);
+        }
+        oauth = {
+            clientId: interpolateEnv(oauthClientId),
+            clientSecret: interpolateEnv(oauthClientSecret),
+            tokenUrl: interpolateEnv(oauthTokenUrl),
+            authUrl: oauthAuthUrl ? interpolateEnv(oauthAuthUrl) : undefined,
+            scopes: oauthScopes
+                ? interpolateEnv(oauthScopes)
+                    .split(/[,\s]+/)
+                    .filter(Boolean)
+                : [],
+            flow,
+            extraParams,
+        };
+    }
     return {
         name,
         specs,
         baseUrl: interpolateEnv(baseUrl).replace(/\/+$/, ""),
         headers: Object.keys(headers).length > 0 ? headers : undefined,
         logPath: logPath ? resolve(logPath) : undefined,
+        oauth,
     };
 }

package/build/data-cache.js

@@ -0,0 +1,96 @@
+import { randomBytes } from "node:crypto";
+import { mkdirSync, writeFileSync, readFileSync, readdirSync, unlinkSync } from "node:fs";
+import { join } from "node:path";
+import { platform, env } from "node:process";
+const TTL_MS = 5 * 60 * 1000; // 5 minutes
+function defaultResponseDir() {
+    if (platform === "win32") {
+        const base = env.LOCALAPPDATA ?? join(env.USERPROFILE ?? "", "AppData", "Local");
+        return join(base, "anyapi-mcp", "responses");
+    }
+    return join(env.HOME ?? "/tmp", ".cache", "anyapi-mcp", "responses");
+}
+let responseDir = defaultResponseDir();
+export function _setResponseDirForTests(dir) {
+    responseDir = dir;
+}
+export function _clearAllForTests() {
+    try {
+        for (const file of readdirSync(responseDir)) {
+            if (file.endsWith(".json")) {
+                try {
+                    unlinkSync(join(responseDir, file));
+                }
+                catch { /* ignore */ }
+            }
+        }
+    }
+    catch { /* dir may not exist */ }
+}
+function ensureDir() {
+    mkdirSync(responseDir, { recursive: true });
+}
+export function cleanupExpired() {
+    try {
+        const now = Date.now();
+        for (const file of readdirSync(responseDir)) {
+            if (!file.endsWith(".json"))
+                continue;
+            try {
+                const content = readFileSync(join(responseDir, file), "utf-8");
+                const entry = JSON.parse(content);
+                if (entry.expiresAt < now) {
+                    unlinkSync(join(responseDir, file));
+                }
+            }
+            catch {
+                /* ignore individual file errors */
+            }
+        }
+    }
+    catch {
+        /* dir may not exist yet */
+    }
+}
+export function storeResponse(method, path, data, responseHeaders) {
+    const dataKey = randomBytes(4).toString("hex");
+    const entry = {
+        method,
+        path,
+        data,
+        responseHeaders,
+        expiresAt: Date.now() + TTL_MS,
+    };
+    try {
+        ensureDir();
+        writeFileSync(join(responseDir, `${dataKey}.json`), JSON.stringify(entry));
+        cleanupExpired();
+    }
+    catch (err) {
+        process.stderr.write(`data-cache: failed to store ${dataKey}: ${err}\n`);
+    }
+    return dataKey;
+}
+export function loadResponse(dataKey) {
+    try {
+        const filePath = join(responseDir, `${dataKey}.json`);
+        const content = readFileSync(filePath, "utf-8");
+        const entry = JSON.parse(content);
+        if (entry.expiresAt < Date.now()) {
+            try {
+                unlinkSync(filePath);
+            }
+            catch { /* ignore */ }
+            return null;
+        }
+        return {
+            method: entry.method,
+            path: entry.path,
+            data: entry.data,
+            responseHeaders: entry.responseHeaders,
+        };
+    }
+    catch {
+        return null;
+    }
+}

package/build/error-context.js

@@ -97,7 +97,7 @@ function getSuggestion(status, endpoint) {
             return msg;
         }
         case 401:
-            return "Authentication required. Provide credentials via --header (e.g. --header \"Authorization: Bearer <token>\") or per-request headers parameter.";
+            return "Authentication required. Use the auth tool to authenticate via OAuth, or provide credentials via --header (e.g. --header \"Authorization: Bearer <token>\") or per-request headers parameter.";
         case 403:
             return "Forbidden. Your credentials don't have permission for this operation. Verify your API key or token has the required scopes.";
         case 404: {