arc-1 0.9.18 → 0.9.19

package/dist/server/oauth-state.js

@@ -1,163 +0,0 @@
-/**
- * Stateless, signed OAuth `state` codec for the XSUAA callback proxy.
- *
- * ── Why this exists (issue #214) ──────────────────────────────────────
- * XSUAA echoes a literal `+` (not `%2B`) for any `state` value that
- * contains `+` when it redirects back to the OAuth client. Standard base64
- * `state` values (e.g. VS Code generates `randomBytes(16).toString('base64')`)
- * contain `+` ~50% of the time. The receiving client parses the callback
- * query string with `application/x-www-form-urlencoded` semantics, where
- * `+` decodes to a space, so the round-tripped `state` no longer matches the
- * value the client generated → "State does not match" → login fails.
- *
- * ARC-1 cannot influence what XSUAA emits, and XSUAA redirects DIRECTLY to
- * the client today (ARC-1 is not in the return path). The only fix is to
- * insert ARC-1 into the return path: send XSUAA a `state` that ARC-1
- * controls and that is immune to the `+` bug, then re-emit the client's
- * ORIGINAL `state` correctly when redirecting back to the client.
- *
- * ── How this codec is immune to the `+` bug ───────────────────────────
- * The token is `base64url(payload) + "." + base64url(sig)`. base64url uses
- * the alphabet `A-Za-z0-9-_` — no `+`, no `/`. The `.` separator is an
- * RFC 3986 unreserved character. So the entire token is URL-safe: XSUAA has
- * no `+` to mangle, and Express's `+`→space query decoding is a no-op on it.
- * The client's real `state` (which may contain `+`) rides INSIDE the opaque
- * base64url payload, so it survives the XSUAA round-trip untouched.
- *
- * ── Why stateless (vs an in-memory map) ───────────────────────────────
- * Mirrors the StatelessDcrClientStore design (PR #212): the token carries
- * its own payload + HMAC signature, so any instance with the same signing
- * key can validate it. No in-memory map → survives `cf restart`, cell
- * moves, and horizontal scale-out. The signing key is derived (HKDF-style)
- * from the same secret the DCR store uses, with a distinct domain-separation
- * label so the two key spaces never overlap.
- *
- * ── Upstream tracking / when this whole module can be deleted ──────────
- * This is a WORKAROUND for an XSUAA bug. It can be removed ONLY when XSUAA
- * stops emitting a literal `+` (emits `%2B`) for `state` on the authorize
- * redirect. Tracking:
- *   - arc-1 issue:      https://github.com/marianfoo/arc-1/issues/214
- *   - XSUAA root cause: no public SAP Note as of 2026-06; the `+`→literal
- *                       echo is the actual defect and the only thing whose
- *                       fix makes this module removable.
- *   - VS Code (client): https://github.com/microsoft/vscode/issues/314715
- *                       asks VS Code to use base64url `state`. If accepted it
- *                       fixes the VS Code SYMPTOM only — other MCP clients
- *                       (Cursor, claude.ai, Copilot Studio, …) still send
- *                       base64 `state` containing `+`, so the callback proxy
- *                       stays until the XSUAA-side fix lands. Do NOT delete
- *                       this module just because vscode#314715 closes.
- * To verify whether the XSUAA bug is gone, re-run the issue #214 spectrum
- * reproducer (see the issue thread) against the target XSUAA tenant.
- */
-import crypto from 'node:crypto';
-/** Domain-separation label for the HKDF-style key derivation. Bump the
- *  version suffix to invalidate every outstanding state token at once. */
-const KDF_LABEL = 'arc1-oauth-state/v1';
-/** Truncated HMAC length in bytes. 16 bytes (128 bits) is ample for a
- *  short-lived, single-use CSRF state token — matches StatelessDcrClientStore. */
-const SIG_BYTES = 16;
-/** Default lifetime of a state token. The OAuth authorize→callback hop is
- *  interactive (user logs in), so a few minutes covers it; XSUAA auth codes
- *  themselves expire on a similar horizon. */
-const DEFAULT_TTL_SECONDS = 600; // 10 minutes
-/**
- * Signs and verifies OAuth `state` tokens for the XSUAA callback proxy.
- */
-export class OAuthStateCodec {
-    hmacKey;
-    ttlSeconds;
-    constructor(signingSecret, opts = {}) {
-        if (!signingSecret) {
-            throw new Error('OAuthStateCodec requires a non-empty signingSecret');
-        }
-        // HKDF-style: derive a dedicated key from the shared secret + label.
-        // The label domain-separates this key from the DCR client-id signing key.
-        this.hmacKey = crypto.createHmac('sha256', signingSecret).update(KDF_LABEL).digest();
-        this.ttlSeconds = opts.ttlSeconds ?? DEFAULT_TTL_SECONDS;
-    }
-    /**
-     * Encode a URL-safe, signed state token. The returned value is safe to put
-     * in a query string and round-trip through XSUAA (no `+`, no `/`).
-     *
-     * @param input.now Injectable clock (epoch ms) for deterministic tests.
-     */
-    encode(input) {
-        const nowSec = Math.floor((input.now ?? Date.now()) / 1000);
-        const payload = {
-            v: 1,
-            r: input.clientRedirectUri,
-            cid: input.clientId,
-            exp: nowSec + this.ttlSeconds,
-        };
-        if (input.clientState !== undefined) {
-            payload.s = input.clientState;
-        }
-        const payloadB64 = Buffer.from(JSON.stringify(payload), 'utf8').toString('base64url');
-        return `${payloadB64}.${this.sign(payloadB64)}`;
-    }
-    /**
-     * Decode and verify a state token. Never throws — returns a typed result.
-     *
-     * @param now Injectable clock (epoch ms) for deterministic tests.
-     */
-    decode(token, now = Date.now()) {
-        if (typeof token !== 'string' || token.length === 0) {
-            return { kind: 'error', reason: 'malformed' };
-        }
-        const dot = token.lastIndexOf('.');
-        if (dot <= 0 || dot === token.length - 1) {
-            return { kind: 'error', reason: 'malformed' };
-        }
-        const payloadB64 = token.slice(0, dot);
-        const sigB64 = token.slice(dot + 1);
-        if (!this.verifySignature(payloadB64, sigB64)) {
-            return { kind: 'error', reason: 'bad_signature' };
-        }
-        const payload = parsePayload(payloadB64);
-        if (!payload) {
-            return { kind: 'error', reason: 'invalid_payload' };
-        }
-        if (payload.exp * 1000 <= now) {
-            return { kind: 'error', reason: 'expired' };
-        }
-        return { kind: 'ok', clientState: payload.s, clientRedirectUri: payload.r, clientId: payload.cid };
-    }
-    sign(payloadB64) {
-        const fullDigest = crypto.createHmac('sha256', this.hmacKey).update(payloadB64).digest();
-        return fullDigest.subarray(0, SIG_BYTES).toString('base64url');
-    }
-    verifySignature(payloadB64, sigB64) {
-        const expected = Buffer.from(this.sign(payloadB64), 'base64url');
-        const actual = Buffer.from(sigB64, 'base64url');
-        if (actual.length !== expected.length || actual.length !== SIG_BYTES) {
-            return false;
-        }
-        return crypto.timingSafeEqual(actual, expected);
-    }
-}
-/**
- * Parse a base64url payload back into a typed `StatePayload`. Returns
- * `undefined` on any failure (decode error, JSON parse error, schema mismatch).
- */
-function parsePayload(payloadB64) {
-    try {
-        const json = Buffer.from(payloadB64, 'base64url').toString('utf8');
-        const obj = JSON.parse(json);
-        if (obj.v !== 1)
-            return undefined;
-        if (typeof obj.r !== 'string' || obj.r.length === 0)
-            return undefined;
-        if (typeof obj.cid !== 'string' || obj.cid.length === 0)
-            return undefined;
-        if (typeof obj.exp !== 'number' || !Number.isFinite(obj.exp))
-            return undefined;
-        if (obj.s !== undefined && typeof obj.s !== 'string')
-            return undefined;
-        return { v: 1, s: obj.s, r: obj.r, cid: obj.cid, exp: obj.exp };
-    }
-    catch {
-        return undefined;
-    }
-}
-//# sourceMappingURL=oauth-state.js.map

package/dist/server/oauth-state.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"oauth-state.js","sourceRoot":"","sources":["../../src/server/oauth-state.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmDG;AAEH,OAAO,MAAM,MAAM,aAAa,CAAC;AAEjC;0EAC0E;AAC1E,MAAM,SAAS,GAAG,qBAAqB,CAAC;AAExC;kFACkF;AAClF,MAAM,SAAS,GAAG,EAAE,CAAC;AAErB;;8CAE8C;AAC9C,MAAM,mBAAmB,GAAG,GAAG,CAAC,CAAC,aAAa;AA2B9C;;GAEG;AACH,MAAM,OAAO,eAAe;IACT,OAAO,CAAS;IAChB,UAAU,CAAS;IAEpC,YAAY,aAAqB,EAAE,OAAgC,EAAE;QACnE,IAAI,CAAC,aAAa,EAAE,CAAC;YACnB,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;QACxE,CAAC;QACD,qEAAqE;QACrE,0EAA0E;QAC1E,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,EAAE,aAAa,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,EAAE,CAAC;QACrF,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,IAAI,mBAAmB,CAAC;IAC3D,CAAC;IAED;;;;;OAKG;IACH,MAAM,CAAC,KAA0F;QAC/F,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,KAAK,CAAC,GAAG,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC;QAC5D,MAAM,OAAO,GAAiB;YAC5B,CAAC,EAAE,CAAC;YACJ,CAAC,EAAE,KAAK,CAAC,iBAAiB;YAC1B,GAAG,EAAE,KAAK,CAAC,QAAQ;YACnB,GAAG,EAAE,MAAM,GAAG,IAAI,CAAC,UAAU;SAC9B,CAAC;QACF,IAAI,KAAK,CAAC,WAAW,KAAK,SAAS,EAAE,CAAC;YACpC,OAAO,CAAC,CAAC,GAAG,KAAK,CAAC,WAAW,CAAC;QAChC,CAAC;QACD,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,MAAM,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QACtF,OAAO,GAAG,UAAU,IAAI,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,CAAC;IAClD,CAAC;IAED;;;;OAIG;IACH,MAAM,CAAC,KAAa,EAAE,MAAc,IAAI,CAAC,GAAG,EAAE;QAC5C,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACpD,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;QAChD,CAAC;QACD,MAAM,GAAG,GAAG,KAAK,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;QACnC,IAAI,GAAG,IAAI,CAAC,IAAI,GAAG,KAAK,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACzC,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,CAAC;QAChD,CAAC;QACD,MAAM,UAAU,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;QACvC,MAAM,MAAM,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC;QAEpC,IAAI,CAAC,IAAI,CAAC,eAAe,CAAC,UAAU,EAAE,MAAM,CAAC,EAAE,CAAC;YAC9C,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,eAAe,EAAE,CAAC;QACpD,CAAC;QAED,MAAM,OAAO,GAAG,YAAY,CAAC,UAAU,CAAC,CAAC;QACzC,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,iBAAiB,EAAE,CAAC;QACtD,CAAC;QAED,IAAI,OAAO,CAAC,GAAG,GAAG,IAAI,IAAI,GAAG,EAAE,CAAC;YAC9B,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC;QAC9C,CAAC;QAED,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,CAAC,CAAC,EAAE,iBAAiB,EAAE,OAAO,CAAC,CAAC,EAAE,QAAQ,EAAE,OAAO,CAAC,GAAG,EAAE,CAAC;IACrG,CAAC;IAEO,IAAI,CAAC,UAAkB;QAC7B,MAAM,UAAU,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,MAAM,EAAE,CAAC;QACzF,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IACjE,CAAC;IAEO,eAAe,CAAC,UAAkB,EAAE,MAAc;QACxD,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,EAAE,WAAW,CAAC,CAAC;QACjE,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;QAChD,IAAI,MAAM,CAAC,MAAM,KAAK,QAAQ,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;YACrE,OAAO,KAAK,CAAC;QACf,CAAC;QACD,OAAO,MAAM,CAAC,eAAe,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAClD,CAAC;CACF;AAED;;;GAGG;AACH,SAAS,YAAY,CAAC,UAAkB;IACtC,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;QACnE,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAA4B,CAAC;QACxD,IAAI,GAAG,CAAC,CAAC,KAAK,CAAC;YAAE,OAAO,SAAS,CAAC;QAClC,IAAI,OAAO,GAAG,CAAC,CAAC,KAAK,QAAQ,IAAI,GAAG,CAAC,CAAC,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,SAAS,CAAC;QACtE,IAAI,OAAO,GAAG,CAAC,GAAG,KAAK,QAAQ,IAAI,GAAG,CAAC,GAAG,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,SAAS,CAAC;QAC1E,IAAI,OAAO,GAAG,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC;YAAE,OAAO,SAAS,CAAC;QAC/E,IAAI,GAAG,CAAC,CAAC,KAAK,SAAS,IAAI,OAAO,GAAG,CAAC,CAAC,KAAK,QAAQ;YAAE,OAAO,SAAS,CAAC;QACvE,OAAO,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,GAAG,CAAC,CAAuB,EAAE,CAAC,EAAE,GAAG,CAAC,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,GAAG,EAAE,CAAC;IACxF,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,SAAS,CAAC;IACnB,CAAC;AACH,CAAC"}

package/dist/server/stateless-client-store.d.ts

@@ -1,173 +0,0 @@
-/**
- * Stateless OAuth Dynamic Client Registration store.
- *
- * MCP clients (Claude Desktop, Cursor, Copilot CLI…) register dynamically
- * via RFC 7591 and cache the returned `client_id` locally. With an
- * in-memory or local-disk store, every CF push / restart wipes the
- * server-side registry — the cached `client_id` then fails with
- * `invalid_client` and the user has to clear their MCP client's OAuth
- * cache to recover.
- *
- * This store eliminates the storage problem entirely. Each `client_id`
- * is a self-validating token: it carries the registration payload
- * (redirect_uris, grant_types, …) plus an HMAC-SHA256 signature derived
- * from a server-held key. `getClient` re-derives the payload by
- * verifying the signature; no persistence is needed. Any process with
- * the same signing key can validate any client_id ever issued.
- *
- * Tradeoffs vs the persisted in-memory store:
- *   + Survives `cf push`, `cf restart`, cell moves, multi-instance scale-out
- *   + No external dependency, no service binding, no native module
- *   - Per-client revocation is impossible (only TTL or full key rotation)
- *   - Rotating the signing key invalidates every outstanding registration
- *
- * Default TTL is 30 days (matches typical refresh-token lifetimes). Setting
- * `ttlSeconds` to `0` or a negative value disables expiration — recommended
- * when MCP clients don't auto-re-register on `invalid_client` (Copilot CLI,
- * Cursor) and a finite TTL just produces periodic outages without security
- * gain. In that mode, forced revocation goes through full key rotation
- * (rotate the signing secret or bump `KDF_LABEL` from `arc1-dcr/v1` → `v2`).
- *
- * The signing key is derived (via HKDF-style HMAC) from the XSUAA
- * `clientsecret`, so it's already as stable as the service binding —
- * service rebinding rotates both at once, which is the right boundary.
- */
-import type { OAuthRegisteredClientsStore } from '@modelcontextprotocol/sdk/server/auth/clients.js';
-import type { OAuthClientInformationFull } from '@modelcontextprotocol/sdk/shared/auth.js';
-/**
- * Redirect-URI allowlist for the pre-registered XSUAA default client — a vendored
- * mirror of `oauth2-configuration.redirect-uris` in `xs-security.json`.
- *
- * ── Why ARC-1 must enforce this (not just XSUAA) ──
- * The issue-#214 callback proxy (see `oauth-state.ts`) sends XSUAA ARC-1's OWN
- * `/oauth/callback` as the redirect_uri and carries the client's real
- * redirect_uri inside the signed state. XSUAA therefore no longer validates the
- * client's redirect_uri — ARC-1 does. Without an allowlist, `ensureRedirectUri`
- * would auto-trust ANY redirect_uri supplied at `/authorize` for the shared
- * default client, letting an attacker steer a victim's authorization code to
- * their own URI (security audit 2026-06, follow-up to PR #352).
- *
- * ── Why vendored, not read from xs-security.json ──
- * `xs-security.json` is consumed by XSUAA at service-creation time and is NOT
- * shipped with the running app (excluded by `.cfignore`, the npm `files`
- * allowlist, and the Dockerfile), and the service binding does not expose the
- * patterns — so ARC-1 cannot read them at runtime. To prevent drift,
- * `tests/unit/server/stateless-client-store.test.ts` asserts this list stays
- * equal to `xs-security.json`. Keep the two in sync when adding a client.
- *
- * Glob semantics (xs-security.json): `*` matches within a single host/path
- * segment (never `/`), `**` matches across segments.
- */
-export declare const XSUAA_REDIRECT_URI_PATTERNS: readonly ["http://localhost:*/**", "https://*.hana.ondemand.com/**", "https://*.applicationstudio.cloud.sap/**", "https://claude.ai/api/mcp/auth_callback", "https://callback.mistral.ai/v1/integrations_auth/oauth2_callback", "cursor://anysphere.cursor-retrieval/**", "cursor://anysphere.cursor-mcp/**", "vscode://vscode.microsoft-authentication/**", "https://global.consent.azure-apim.net/redirect/**"];
-/**
- * Is `uri` an allowed redirect target for the pre-registered XSUAA default
- * client? True iff it matches an `XSUAA_REDIRECT_URI_PATTERNS` entry. Stateless,
- * so it gives the same answer on every instance — used both to gate dynamic
- * registration (`ensureRedirectUri`) and to validate the redirect target at
- * `/oauth/callback` (`checkRedirectUri`).
- *
- * SECURITY — parse before matching: the value matched here is later re-parsed
- * with `new URL()` and used as the 302 target that carries the OAuth `code`, so
- * the glob decision MUST agree with how the URL actually parses. The patterns
- * are string globs; a `*` sitting in the PORT position (the localhost pattern)
- * would otherwise let a URL-userinfo segment ride inside the same-segment
- * wildcard — `http://localhost:x@evil.com/cb` matches the `localhost:[^slash]`
- * port glob yet `new URL(...).host === 'evil.com'`, steering a victim's code to an
- * attacker host. So we reject anything that doesn't parse, reject any userinfo
- * (`user[:pass]@`, which no legitimate redirect_uri carries), and — for http/https —
- * match the glob against a subject rebuilt from the PARSED components rather than the
- * raw string, so `\`, `#` and `?` (authority terminators the WHATWG parser folds) cannot
- * relocate the host past a same-segment wildcard. After these guards, a glob match
- * implies the parsed host is the literal host in the pattern.
- */
-export declare function matchesXsuaaRedirectPattern(uri: string): boolean;
-export interface StatelessDcrClientStoreOptions {
-    /**
-     * How long an issued client_id remains valid, in seconds. After this
-     * window `getClient()` returns undefined and clients are forced to
-     * re-register via `/register`. Default: 30 days. Set to `0` (or any
-     * non-positive value) to disable expiration — registrations then stay
-     * valid until the signing key rotates.
-     */
-    ttlSeconds?: number;
-    /** Clock injection point for tests. Default: `Date.now`. */
-    now?: () => number;
-}
-export declare class StatelessDcrClientStore implements OAuthRegisteredClientsStore {
-    private readonly xsuaaClient;
-    private readonly hmacKey;
-    private readonly ttlSeconds;
-    private readonly now;
-    constructor(xsuaaClientId: string, xsuaaClientSecret: string, signingSecret: string, options?: StatelessDcrClientStoreOptions);
-    getClient(clientId: string): Promise<OAuthClientInformationFull | undefined>;
-    registerClient(client: Omit<OAuthClientInformationFull, 'client_id' | 'client_id_issued_at'>): Promise<OAuthClientInformationFull>;
-    /**
-     * Called by the MCP SDK before redirect_uri validation on `/authorize`.
-     *
-     * For the pre-registered XSUAA client we mutate the in-memory list so the
-     * SDK's exact-match check passes. The mutation is replayed on every
-     * `/authorize`, so it doesn't need to persist. SECURITY: we register a
-     * candidate URI ONLY if it matches `XSUAA_REDIRECT_URI_PATTERNS` (the vendored
-     * mirror of xs-security.json). The issue-#214 callback proxy removed XSUAA
-     * from the client-redirect path, so an un-gated add here would let an attacker
-     * register an arbitrary redirect_uri and have the SDK accept it — the entry
-     * point for authorization-code interception (security audit 2026-06). A
-     * non-matching URI is dropped (audited); the SDK's exact-match check then
-     * rejects the `/authorize` request before any state is minted.
-     *
-     * For DCR (`arc1-…`) clients we are stateless by design: there's nothing
-     * to mutate. The previous in-memory store implemented a percent-encoding
-     * loose-match (BAS/Theia registers `?x=1` then authorizes with `%3Fx=1`).
-     * Reproducing that statelessly would require either bundling every
-     * encoding variant in the signed payload or keeping a per-process scratch
-     * map, both of which undermine the "no state" goal. We accept the
-     * regression: affected clients re-register on encoding-variant mismatch,
-     * which is exactly what they did under the old store after every restart.
-     */
-    ensureRedirectUri(clientId: string, uri: string): void;
-    /**
-     * Validate that `uri` is an allowed redirect target for `clientId` at the
-     * `/oauth/callback` proxy — the control that stops authorization-code
-     * interception (security audit 2026-06, follow-up to PR #352).
-     *
-     *  - Default (pre-registered XSUAA) client → must match the redirect-uri
-     *    allowlist (`matchesXsuaaRedirectPattern`). Deliberately consults the
-     *    static allowlist, NOT the mutable in-memory list, so the verdict is
-     *    stateless and identical on every instance — a code is never forwarded to
-     *    an unlisted URI even if `/authorize` ran on a different instance.
-     *  - DCR (`arc1-…`) client → must be one of the redirect_uris baked immutably
-     *    into the signed client_id (re-derived by `getClient`). Returns
-     *    `unknown_client` when the id is unrecognised / expired / forged.
-     */
-    checkRedirectUri(clientId: string, uri: string): Promise<'ok' | 'unknown_client' | 'unregistered'>;
-    private payloadToClientInfo;
-    private encode;
-    /**
-     * Decode and verify a `client_id`. Returns either the parsed payload or a
-     * structured failure reason — the caller emits the failure as an audit
-     * event with the right reason code (so probing attempts are observable).
-     */
-    private decodeAndVerify;
-    private verifySignature;
-    private sign;
-    /**
-     * The client_secret is derived deterministically from the client_id, so
-     * any instance with the same signing key can validate it. This is the
-     * core reason DCR survives container restarts and scales out horizontally
-     * with no shared state.
-     */
-    private deriveSecret;
-    private emitLookupFailed;
-}
-/**
- * Validate a redirect URI against the allowed scheme/host policy.
- *
- * Allowed: `https://*`, `http://` to localhost / 127.0.0.1 / [::1], and known
- * MCP-client custom schemes (`claude:`, `cursor:`, `vscode:`,
- * `vscode-insiders:`).
- *
- * Rejected: `javascript:`, `data:`, `file:`, `ftp:`, and any `http://` to
- * non-loopback hosts.
- */
-export declare function validateRedirectUri(uri: string): void;
-//# sourceMappingURL=stateless-client-store.d.ts.map

package/dist/server/stateless-client-store.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"stateless-client-store.d.ts","sourceRoot":"","sources":["../../src/server/stateless-client-store.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiCG;AAGH,OAAO,KAAK,EAAE,2BAA2B,EAAE,MAAM,kDAAkD,CAAC;AACpG,OAAO,KAAK,EAAE,0BAA0B,EAAE,MAAM,0CAA0C,CAAC;AAuD3F;;;;;;;;;;;;;;;;;;;;;;;GAuBG;AACH,eAAO,MAAM,2BAA2B,mZAU9B,CAAC;AAwBX;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,wBAAgB,2BAA2B,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAmBhE;AAuBD,MAAM,WAAW,8BAA8B;IAC7C;;;;;;OAMG;IACH,UAAU,CAAC,EAAE,MAAM,CAAC;IAEpB,4DAA4D;IAC5D,GAAG,CAAC,EAAE,MAAM,MAAM,CAAC;CACpB;AAuBD,qBAAa,uBAAwB,YAAW,2BAA2B;IACzE,OAAO,CAAC,QAAQ,CAAC,WAAW,CAA6B;IACzD,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAS;IACjC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAS;IACpC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAe;gBAGjC,aAAa,EAAE,MAAM,EACrB,iBAAiB,EAAE,MAAM,EACzB,aAAa,EAAE,MAAM,EACrB,OAAO,GAAE,8BAAmC;IA+BxC,SAAS,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,0BAA0B,GAAG,SAAS,CAAC;IA4B5E,cAAc,CAClB,MAAM,EAAE,IAAI,CAAC,0BAA0B,EAAE,WAAW,GAAG,qBAAqB,CAAC,GAC5E,OAAO,CAAC,0BAA0B,CAAC;IAqDtC;;;;;;;;;;;;;;;;;;;;;;OAsBG;IACH,iBAAiB,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,IAAI;IA2BtD;;;;;;;;;;;;;OAaG;IACG,gBAAgB,CAAC,QAAQ,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,GAAG,gBAAgB,GAAG,cAAc,CAAC;IAWxG,OAAO,CAAC,mBAAmB;IAa3B,OAAO,CAAC,MAAM;IAMd;;;;OAIG;IACH,OAAO,CAAC,eAAe;IAsBvB,OAAO,CAAC,eAAe;IAOvB,OAAO,CAAC,IAAI;IAMZ;;;;;OAKG;IACH,OAAO,CAAC,YAAY;IAIpB,OAAO,CAAC,gBAAgB;CAczB;AAoBD;;;;;;;;;GASG;AACH,wBAAgB,mBAAmB,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,CA6BrD"}