npm - claude-flow-novice - Versions diffs - 2.15.11 → 2.16.1 - Mend

claude-flow-novice 2.15.11 → 2.16.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (741) hide show

package/dist/lib/result-cache.js ADDED Viewed

@@ -0,0 +1,285 @@
+/**
+ * Agent Result Cache - Phase 6 Performance Optimization
+ *
+ * Implements Redis-based caching for agent results to reduce redundant work.
+ *
+ * Performance targets:
+ * - Cache hit rate: ~80% (with 1-hour TTL)
+ * - Cache operation latency: <10ms
+ * - 80% reduction in redundant agent execution
+ *
+ * Features:
+ * - SHA256-based task hashing for cache keys
+ * - Configurable TTL (default 1 hour)
+ * - Prometheus metrics (hits, misses, size)
+ * - Graceful degradation if Redis unavailable
+ * - TypeScript strict mode (no any types)
+ * - Cache invalidation API
+ */ import { createHash } from 'crypto';
+import { getRedisPool } from './connection-pool.js';
+/**
+ * Default cache configuration
+ */ const DEFAULT_CONFIG = {
+    ttlSeconds: parseInt(process.env.CFN_CACHE_TTL_SECONDS || '3600', 10),
+    maxEntries: parseInt(process.env.CFN_CACHE_MAX_ENTRIES || '10000', 10),
+    prefix: process.env.CFN_CACHE_PREFIX || 'cfn:cache:'
+};
+/**
+ * Metrics tracking
+ */ let cacheHits = 0;
+let cacheMisses = 0;
+let cacheSizeBytes = 0;
+let cacheEntries = 0;
+/**
+ * Cache availability flag
+ */ let cacheAvailable = true;
+/**
+ * Generate SHA256 hash for task description
+ * Ensures consistent cache keys for identical tasks
+ */ export function generateTaskHash(taskDescription) {
+    return createHash('sha256').update(taskDescription.trim()).digest('hex');
+}
+/**
+ * Build cache key from agent type and task hash
+ */ function buildCacheKey(agentType, taskHash) {
+    return `${DEFAULT_CONFIG.prefix}${agentType}:${taskHash}`;
+}
+/**
+ * Get cached result for agent task
+ * Returns null if cache miss or error
+ *
+ * @param agentType - Type of agent (e.g., 'backend-developer')
+ * @param taskDescription - Task description to hash
+ * @returns Cached result or null
+ */ export async function getCachedResult(agentType, taskDescription) {
+    if (!cacheAvailable) {
+        cacheMisses++;
+        return null;
+    }
+    try {
+        const redis = getRedisPool();
+        const taskHash = generateTaskHash(taskDescription);
+        const cacheKey = buildCacheKey(agentType, taskHash);
+        const startTime = Date.now();
+        const cachedData = await redis.get(cacheKey);
+        const latency = Date.now() - startTime;
+        if (latency > 10) {
+            console.warn(`Cache GET latency ${latency}ms exceeds 10ms target`);
+        }
+        if (!cachedData) {
+            cacheMisses++;
+            return null;
+        }
+        const parsed = JSON.parse(cachedData);
+        // Validate expiration
+        const expiresAt = new Date(parsed.expiresAt);
+        if (expiresAt < new Date()) {
+            // Expired, delete and return null
+            await redis.del(cacheKey);
+            cacheMisses++;
+            return null;
+        }
+        cacheHits++;
+        return parsed;
+    } catch (error) {
+        const err = error;
+        console.error('Cache GET error:', err.message);
+        // Graceful degradation
+        cacheAvailable = false;
+        cacheMisses++;
+        return null;
+    }
+}
+/**
+ * Set cached result for agent task
+ * Implements TTL-based expiration and size limits
+ *
+ * @param agentType - Type of agent
+ * @param taskDescription - Task description to hash
+ * @param result - Agent result to cache
+ * @param confidence - Confidence score
+ */ export async function setCachedResult(agentType, taskDescription, result, confidence) {
+    if (!cacheAvailable) {
+        return;
+    }
+    try {
+        const redis = getRedisPool();
+        const taskHash = generateTaskHash(taskDescription);
+        const cacheKey = buildCacheKey(agentType, taskHash);
+        // Check max entries limit
+        const currentEntries = await redis.dbsize();
+        if (currentEntries >= DEFAULT_CONFIG.maxEntries) {
+            console.warn(`Cache at max capacity (${DEFAULT_CONFIG.maxEntries} entries), evicting oldest entries`);
+        // Redis with maxmemory-policy=allkeys-lru handles eviction automatically
+        }
+        const now = new Date();
+        const expiresAt = new Date(now.getTime() + DEFAULT_CONFIG.ttlSeconds * 1000);
+        const cachedResult = {
+            agentType,
+            taskHash,
+            result,
+            confidence,
+            cachedAt: now.toISOString(),
+            expiresAt: expiresAt.toISOString()
+        };
+        const serialized = JSON.stringify(cachedResult);
+        const sizeBytes = Buffer.byteLength(serialized, 'utf8');
+        const startTime = Date.now();
+        await redis.set(cacheKey, serialized, 'EX', DEFAULT_CONFIG.ttlSeconds);
+        const latency = Date.now() - startTime;
+        if (latency > 10) {
+            console.warn(`Cache SET latency ${latency}ms exceeds 10ms target`);
+        }
+        // Update metrics
+        cacheSizeBytes += sizeBytes;
+        cacheEntries++;
+    } catch (error) {
+        const err = error;
+        console.error('Cache SET error:', err.message);
+        // Graceful degradation
+        cacheAvailable = false;
+    }
+}
+/**
+ * Invalidate cache entries
+ * If agentType provided, only invalidates that agent's cache
+ * Otherwise, clears all cache entries
+ *
+ * @param agentType - Optional agent type to target
+ * @returns Number of entries deleted
+ */ export async function invalidateCache(agentType) {
+    if (!cacheAvailable) {
+        return 0;
+    }
+    try {
+        const redis = getRedisPool();
+        let deletedCount = 0;
+        if (agentType) {
+            // Delete specific agent type cache entries
+            const pattern = `${DEFAULT_CONFIG.prefix}${agentType}:*`;
+            const keys = await redis.keys(pattern);
+            if (keys.length > 0) {
+                deletedCount = await redis.del(...keys);
+            }
+        } else {
+            // Delete all cache entries
+            const pattern = `${DEFAULT_CONFIG.prefix}*`;
+            const keys = await redis.keys(pattern);
+            if (keys.length > 0) {
+                deletedCount = await redis.del(...keys);
+            }
+        }
+        // Reset metrics
+        if (!agentType) {
+            cacheHits = 0;
+            cacheMisses = 0;
+            cacheSizeBytes = 0;
+            cacheEntries = 0;
+        }
+        console.log(`Cache invalidated: ${deletedCount} entries deleted`);
+        return deletedCount;
+    } catch (error) {
+        const err = error;
+        console.error('Cache invalidation error:', err.message);
+        cacheAvailable = false;
+        return 0;
+    }
+}
+/**
+ * Get cache metrics for Prometheus monitoring
+ * Exposes hits, misses, hit rate, size, and entry count
+ */ export function getCacheMetrics() {
+    const totalRequests = cacheHits + cacheMisses;
+    const hitRate = totalRequests > 0 ? cacheHits / totalRequests : 0;
+    return {
+        hits: cacheHits,
+        misses: cacheMisses,
+        totalRequests,
+        hitRate: parseFloat(hitRate.toFixed(4)),
+        sizeBytes: cacheSizeBytes,
+        entries: cacheEntries,
+        lastUpdated: new Date().toISOString()
+    };
+}
+/**
+ * Reset cache metrics
+ * Used for testing and monitoring reset
+ */ export function resetCacheMetrics() {
+    cacheHits = 0;
+    cacheMisses = 0;
+    cacheSizeBytes = 0;
+    cacheEntries = 0;
+    console.log('Cache metrics reset');
+}
+/**
+ * Check if cache is available
+ * Used for graceful degradation checks
+ */ export function isCacheAvailable() {
+    return cacheAvailable;
+}
+/**
+ * Reset cache availability flag
+ * Used after Redis reconnection
+ */ export function resetCacheAvailability() {
+    cacheAvailable = true;
+    console.log('Cache availability reset');
+}
+/**
+ * Get cache configuration
+ * Returns current cache settings
+ */ export function getCacheConfig() {
+    return {
+        ...DEFAULT_CONFIG
+    };
+}
+/**
+ * Update cache TTL for future entries
+ * Does not affect existing cached entries
+ *
+ * @param ttlSeconds - New TTL in seconds
+ */ export function updateCacheTTL(ttlSeconds) {
+    if (ttlSeconds < 60 || ttlSeconds > 86400) {
+        throw new Error(`Invalid TTL: ${ttlSeconds}s. Must be between 60s (1 min) and 86400s (24 hours).`);
+    }
+    DEFAULT_CONFIG.ttlSeconds = ttlSeconds;
+    console.log(`Cache TTL updated to ${ttlSeconds} seconds`);
+}
+/**
+ * Get cache entry count from Redis
+ * More accurate than tracked metric (accounts for evictions)
+ */ export async function getCacheEntryCount() {
+    if (!cacheAvailable) {
+        return 0;
+    }
+    try {
+        const redis = getRedisPool();
+        const pattern = `${DEFAULT_CONFIG.prefix}*`;
+        const keys = await redis.keys(pattern);
+        return keys.length;
+    } catch (error) {
+        const err = error;
+        console.error('Failed to get cache entry count:', err.message);
+        return 0;
+    }
+}
+/**
+ * Prewarm cache with common agent tasks
+ * Used during system initialization
+ *
+ * @param entries - Array of [agentType, taskDescription, result, confidence] tuples
+ */ export async function prewarmCache(entries) {
+    let warmedCount = 0;
+    for (const [agentType, taskDescription, result, confidence] of entries){
+        try {
+            await setCachedResult(agentType, taskDescription, result, confidence);
+            warmedCount++;
+        } catch (error) {
+            const err = error;
+            console.error(`Failed to prewarm cache entry: ${err.message}`);
+        }
+    }
+    console.log(`Cache prewarmed with ${warmedCount} entries`);
+    return warmedCount;
+}
+//# sourceMappingURL=result-cache.js.map

package/dist/lib/result-cache.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../../src/lib/result-cache.ts"],"sourcesContent":["/**\r\n * Agent Result Cache - Phase 6 Performance Optimization\r\n *\r\n * Implements Redis-based caching for agent results to reduce redundant work.\r\n *\r\n * Performance targets:\r\n * - Cache hit rate: ~80% (with 1-hour TTL)\r\n * - Cache operation latency: <10ms\r\n * - 80% reduction in redundant agent execution\r\n *\r\n * Features:\r\n * - SHA256-based task hashing for cache keys\r\n * - Configurable TTL (default 1 hour)\r\n * - Prometheus metrics (hits, misses, size)\r\n * - Graceful degradation if Redis unavailable\r\n * - TypeScript strict mode (no any types)\r\n * - Cache invalidation API\r\n */\r\n\r\nimport { createHash } from 'crypto';\r\nimport { getRedisPool } from './connection-pool.js';\r\n\r\n/**\r\n * Cache configuration\r\n */\r\nexport interface CacheConfig {\r\n ttlSeconds: number; // Default 3600 (1 hour)\r\n maxEntries: number; // Default 10000\r\n prefix: string; // Default 'cfn:cache:'\r\n}\r\n\r\n/**\r\n * Cached result structure\r\n */\r\nexport interface CachedResult {\r\n agentType: string;\r\n taskHash: string;\r\n result: unknown;\r\n confidence: number;\r\n cachedAt: string;\r\n expiresAt: string;\r\n}\r\n\r\n/**\r\n * Cache metrics for Prometheus monitoring\r\n */\r\nexport interface CacheMetrics {\r\n hits: number;\r\n misses: number;\r\n totalRequests: number;\r\n hitRate: number;\r\n sizeBytes: number;\r\n entries: number;\r\n lastUpdated: string;\r\n}\r\n\r\n/**\r\n * Default cache configuration\r\n */\r\nconst DEFAULT_CONFIG: CacheConfig = {\r\n ttlSeconds: parseInt(process.env.CFN_CACHE_TTL_SECONDS || '3600', 10),\r\n maxEntries: parseInt(process.env.CFN_CACHE_MAX_ENTRIES || '10000', 10),\r\n prefix: process.env.CFN_CACHE_PREFIX || 'cfn:cache:',\r\n};\r\n\r\n/**\r\n * Metrics tracking\r\n */\r\nlet cacheHits = 0;\r\nlet cacheMisses = 0;\r\nlet cacheSizeBytes = 0;\r\nlet cacheEntries = 0;\r\n\r\n/**\r\n * Cache availability flag\r\n */\r\nlet cacheAvailable = true;\r\n\r\n/**\r\n * Generate SHA256 hash for task description\r\n * Ensures consistent cache keys for identical tasks\r\n */\r\nexport function generateTaskHash(taskDescription: string): string {\r\n return createHash('sha256').update(taskDescription.trim()).digest('hex');\r\n}\r\n\r\n/**\r\n * Build cache key from agent type and task hash\r\n */\r\nfunction buildCacheKey(agentType: string, taskHash: string): string {\r\n return `${DEFAULT_CONFIG.prefix}${agentType}:${taskHash}`;\r\n}\r\n\r\n/**\r\n * Get cached result for agent task\r\n * Returns null if cache miss or error\r\n *\r\n * @param agentType - Type of agent (e.g., 'backend-developer')\r\n * @param taskDescription - Task description to hash\r\n * @returns Cached result or null\r\n */\r\nexport async function getCachedResult(\r\n agentType: string,\r\n taskDescription: string\r\n): Promise<CachedResult | null> {\r\n if (!cacheAvailable) {\r\n cacheMisses++;\r\n return null;\r\n }\r\n\r\n try {\r\n const redis = getRedisPool();\r\n const taskHash = generateTaskHash(taskDescription);\r\n const cacheKey = buildCacheKey(agentType, taskHash);\r\n\r\n const startTime = Date.now();\r\n const cachedData = await redis.get(cacheKey);\r\n const latency = Date.now() - startTime;\r\n\r\n if (latency > 10) {\r\n console.warn(`Cache GET latency ${latency}ms exceeds 10ms target`);\r\n }\r\n\r\n if (!cachedData) {\r\n cacheMisses++;\r\n return null;\r\n }\r\n\r\n const parsed = JSON.parse(cachedData) as CachedResult;\r\n\r\n // Validate expiration\r\n const expiresAt = new Date(parsed.expiresAt);\r\n if (expiresAt < new Date()) {\r\n // Expired, delete and return null\r\n await redis.del(cacheKey);\r\n cacheMisses++;\r\n return null;\r\n }\r\n\r\n cacheHits++;\r\n return parsed;\r\n } catch (error) {\r\n const err = error as Error;\r\n console.error('Cache GET error:', err.message);\r\n // Graceful degradation\r\n cacheAvailable = false;\r\n cacheMisses++;\r\n return null;\r\n }\r\n}\r\n\r\n/**\r\n * Set cached result for agent task\r\n * Implements TTL-based expiration and size limits\r\n *\r\n * @param agentType - Type of agent\r\n * @param taskDescription - Task description to hash\r\n * @param result - Agent result to cache\r\n * @param confidence - Confidence score\r\n */\r\nexport async function setCachedResult(\r\n agentType: string,\r\n taskDescription: string,\r\n result: unknown,\r\n confidence: number\r\n): Promise<void> {\r\n if (!cacheAvailable) {\r\n return;\r\n }\r\n\r\n try {\r\n const redis = getRedisPool();\r\n const taskHash = generateTaskHash(taskDescription);\r\n const cacheKey = buildCacheKey(agentType, taskHash);\r\n\r\n // Check max entries limit\r\n const currentEntries = await redis.dbsize();\r\n if (currentEntries >= DEFAULT_CONFIG.maxEntries) {\r\n console.warn(\r\n `Cache at max capacity (${DEFAULT_CONFIG.maxEntries} entries), evicting oldest entries`\r\n );\r\n // Redis with maxmemory-policy=allkeys-lru handles eviction automatically\r\n }\r\n\r\n const now = new Date();\r\n const expiresAt = new Date(now.getTime() + DEFAULT_CONFIG.ttlSeconds * 1000);\r\n\r\n const cachedResult: CachedResult = {\r\n agentType,\r\n taskHash,\r\n result,\r\n confidence,\r\n cachedAt: now.toISOString(),\r\n expiresAt: expiresAt.toISOString(),\r\n };\r\n\r\n const serialized = JSON.stringify(cachedResult);\r\n const sizeBytes = Buffer.byteLength(serialized, 'utf8');\r\n\r\n const startTime = Date.now();\r\n await redis.set(cacheKey, serialized, 'EX', DEFAULT_CONFIG.ttlSeconds);\r\n const latency = Date.now() - startTime;\r\n\r\n if (latency > 10) {\r\n console.warn(`Cache SET latency ${latency}ms exceeds 10ms target`);\r\n }\r\n\r\n // Update metrics\r\n cacheSizeBytes += sizeBytes;\r\n cacheEntries++;\r\n } catch (error) {\r\n const err = error as Error;\r\n console.error('Cache SET error:', err.message);\r\n // Graceful degradation\r\n cacheAvailable = false;\r\n }\r\n}\r\n\r\n/**\r\n * Invalidate cache entries\r\n * If agentType provided, only invalidates that agent's cache\r\n * Otherwise, clears all cache entries\r\n *\r\n * @param agentType - Optional agent type to target\r\n * @returns Number of entries deleted\r\n */\r\nexport async function invalidateCache(agentType?: string): Promise<number> {\r\n if (!cacheAvailable) {\r\n return 0;\r\n }\r\n\r\n try {\r\n const redis = getRedisPool();\r\n let deletedCount = 0;\r\n\r\n if (agentType) {\r\n // Delete specific agent type cache entries\r\n const pattern = `${DEFAULT_CONFIG.prefix}${agentType}:*`;\r\n const keys = await redis.keys(pattern);\r\n\r\n if (keys.length > 0) {\r\n deletedCount = await redis.del(...keys);\r\n }\r\n } else {\r\n // Delete all cache entries\r\n const pattern = `${DEFAULT_CONFIG.prefix}*`;\r\n const keys = await redis.keys(pattern);\r\n\r\n if (keys.length > 0) {\r\n deletedCount = await redis.del(...keys);\r\n }\r\n }\r\n\r\n // Reset metrics\r\n if (!agentType) {\r\n cacheHits = 0;\r\n cacheMisses = 0;\r\n cacheSizeBytes = 0;\r\n cacheEntries = 0;\r\n }\r\n\r\n console.log(`Cache invalidated: ${deletedCount} entries deleted`);\r\n return deletedCount;\r\n } catch (error) {\r\n const err = error as Error;\r\n console.error('Cache invalidation error:', err.message);\r\n cacheAvailable = false;\r\n return 0;\r\n }\r\n}\r\n\r\n/**\r\n * Get cache metrics for Prometheus monitoring\r\n * Exposes hits, misses, hit rate, size, and entry count\r\n */\r\nexport function getCacheMetrics(): CacheMetrics {\r\n const totalRequests = cacheHits + cacheMisses;\r\n const hitRate = totalRequests > 0 ? cacheHits / totalRequests : 0;\r\n\r\n return {\r\n hits: cacheHits,\r\n misses: cacheMisses,\r\n totalRequests,\r\n hitRate: parseFloat(hitRate.toFixed(4)),\r\n sizeBytes: cacheSizeBytes,\r\n entries: cacheEntries,\r\n lastUpdated: new Date().toISOString(),\r\n };\r\n}\r\n\r\n/**\r\n * Reset cache metrics\r\n * Used for testing and monitoring reset\r\n */\r\nexport function resetCacheMetrics(): void {\r\n cacheHits = 0;\r\n cacheMisses = 0;\r\n cacheSizeBytes = 0;\r\n cacheEntries = 0;\r\n console.log('Cache metrics reset');\r\n}\r\n\r\n/**\r\n * Check if cache is available\r\n * Used for graceful degradation checks\r\n */\r\nexport function isCacheAvailable(): boolean {\r\n return cacheAvailable;\r\n}\r\n\r\n/**\r\n * Reset cache availability flag\r\n * Used after Redis reconnection\r\n */\r\nexport function resetCacheAvailability(): void {\r\n cacheAvailable = true;\r\n console.log('Cache availability reset');\r\n}\r\n\r\n/**\r\n * Get cache configuration\r\n * Returns current cache settings\r\n */\r\nexport function getCacheConfig(): CacheConfig {\r\n return { ...DEFAULT_CONFIG };\r\n}\r\n\r\n/**\r\n * Update cache TTL for future entries\r\n * Does not affect existing cached entries\r\n *\r\n * @param ttlSeconds - New TTL in seconds\r\n */\r\nexport function updateCacheTTL(ttlSeconds: number): void {\r\n if (ttlSeconds < 60 || ttlSeconds > 86400) {\r\n throw new Error(\r\n `Invalid TTL: ${ttlSeconds}s. Must be between 60s (1 min) and 86400s (24 hours).`\r\n );\r\n }\r\n DEFAULT_CONFIG.ttlSeconds = ttlSeconds;\r\n console.log(`Cache TTL updated to ${ttlSeconds} seconds`);\r\n}\r\n\r\n/**\r\n * Get cache entry count from Redis\r\n * More accurate than tracked metric (accounts for evictions)\r\n */\r\nexport async function getCacheEntryCount(): Promise<number> {\r\n if (!cacheAvailable) {\r\n return 0;\r\n }\r\n\r\n try {\r\n const redis = getRedisPool();\r\n const pattern = `${DEFAULT_CONFIG.prefix}*`;\r\n const keys = await redis.keys(pattern);\r\n return keys.length;\r\n } catch (error) {\r\n const err = error as Error;\r\n console.error('Failed to get cache entry count:', err.message);\r\n return 0;\r\n }\r\n}\r\n\r\n/**\r\n * Prewarm cache with common agent tasks\r\n * Used during system initialization\r\n *\r\n * @param entries - Array of [agentType, taskDescription, result, confidence] tuples\r\n */\r\nexport async function prewarmCache(\r\n entries: Array<[string, string, unknown, number]>\r\n): Promise<number> {\r\n let warmedCount = 0;\r\n\r\n for (const [agentType, taskDescription, result, confidence] of entries) {\r\n try {\r\n await setCachedResult(agentType, taskDescription, result, confidence);\r\n warmedCount++;\r\n } catch (error) {\r\n const err = error as Error;\r\n console.error(`Failed to prewarm cache entry: ${err.message}`);\r\n }\r\n }\r\n\r\n console.log(`Cache prewarmed with ${warmedCount} entries`);\r\n return warmedCount;\r\n}\r\n"],"names":["createHash","getRedisPool","DEFAULT_CONFIG","ttlSeconds","parseInt","process","env","CFN_CACHE_TTL_SECONDS","maxEntries","CFN_CACHE_MAX_ENTRIES","prefix","CFN_CACHE_PREFIX","cacheHits","cacheMisses","cacheSizeBytes","cacheEntries","cacheAvailable","generateTaskHash","taskDescription","update","trim","digest","buildCacheKey","agentType","taskHash","getCachedResult","redis","cacheKey","startTime","Date","now","cachedData","get","latency","console","warn","parsed","JSON","parse","expiresAt","del","error","err","message","setCachedResult","result","confidence","currentEntries","dbsize","getTime","cachedResult","cachedAt","toISOString","serialized","stringify","sizeBytes","Buffer","byteLength","set","invalidateCache","deletedCount","pattern","keys","length","log","getCacheMetrics","totalRequests","hitRate","hits","misses","parseFloat","toFixed","entries","lastUpdated","resetCacheMetrics","isCacheAvailable","resetCacheAvailability","getCacheConfig","updateCacheTTL","Error","getCacheEntryCount","prewarmCache","warmedCount"],"mappings":"AAAA;;;;;;;;;;;;;;;;;CAiBC,GAED,SAASA,UAAU,QAAQ,SAAS;AACpC,SAASC,YAAY,QAAQ,uBAAuB;AAoCpD;;CAEC,GACD,MAAMC,iBAA8B;IAClCC,YAAYC,SAASC,QAAQC,GAAG,CAACC,qBAAqB,IAAI,QAAQ;IAClEC,YAAYJ,SAASC,QAAQC,GAAG,CAACG,qBAAqB,IAAI,SAAS;IACnEC,QAAQL,QAAQC,GAAG,CAACK,gBAAgB,IAAI;AAC1C;AAEA;;CAEC,GACD,IAAIC,YAAY;AAChB,IAAIC,cAAc;AAClB,IAAIC,iBAAiB;AACrB,IAAIC,eAAe;AAEnB;;CAEC,GACD,IAAIC,iBAAiB;AAErB;;;CAGC,GACD,OAAO,SAASC,iBAAiBC,eAAuB;IACtD,OAAOlB,WAAW,UAAUmB,MAAM,CAACD,gBAAgBE,IAAI,IAAIC,MAAM,CAAC;AACpE;AAEA;;CAEC,GACD,SAASC,cAAcC,SAAiB,EAAEC,QAAgB;IACxD,OAAO,GAAGtB,eAAeQ,MAAM,GAAGa,UAAU,CAAC,EAAEC,UAAU;AAC3D;AAEA;;;;;;;CAOC,GACD,OAAO,eAAeC,gBACpBF,SAAiB,EACjBL,eAAuB;IAEvB,IAAI,CAACF,gBAAgB;QACnBH;QACA,OAAO;IACT;IAEA,IAAI;QACF,MAAMa,QAAQzB;QACd,MAAMuB,WAAWP,iBAAiBC;QAClC,MAAMS,WAAWL,cAAcC,WAAWC;QAE1C,MAAMI,YAAYC,KAAKC,GAAG;QAC1B,MAAMC,aAAa,MAAML,MAAMM,GAAG,CAACL;QACnC,MAAMM,UAAUJ,KAAKC,GAAG,KAAKF;QAE7B,IAAIK,UAAU,IAAI;YAChBC,QAAQC,IAAI,CAAC,CAAC,kBAAkB,EAAEF,QAAQ,sBAAsB,CAAC;QACnE;QAEA,IAAI,CAACF,YAAY;YACflB;YACA,OAAO;QACT;QAEA,MAAMuB,SAASC,KAAKC,KAAK,CAACP;QAE1B,sBAAsB;QACtB,MAAMQ,YAAY,IAAIV,KAAKO,OAAOG,SAAS;QAC3C,IAAIA,YAAY,IAAIV,QAAQ;YAC1B,kCAAkC;YAClC,MAAMH,MAAMc,GAAG,CAACb;YAChBd;YACA,OAAO;QACT;QAEAD;QACA,OAAOwB;IACT,EAAE,OAAOK,OAAO;QACd,MAAMC,MAAMD;QACZP,QAAQO,KAAK,CAAC,oBAAoBC,IAAIC,OAAO;QAC7C,uBAAuB;QACvB3B,iBAAiB;QACjBH;QACA,OAAO;IACT;AACF;AAEA;;;;;;;;CAQC,GACD,OAAO,eAAe+B,gBACpBrB,SAAiB,EACjBL,eAAuB,EACvB2B,MAAe,EACfC,UAAkB;IAElB,IAAI,CAAC9B,gBAAgB;QACnB;IACF;IAEA,IAAI;QACF,MAAMU,QAAQzB;QACd,MAAMuB,WAAWP,iBAAiBC;QAClC,MAAMS,WAAWL,cAAcC,WAAWC;QAE1C,0BAA0B;QAC1B,MAAMuB,iBAAiB,MAAMrB,MAAMsB,MAAM;QACzC,IAAID,kBAAkB7C,eAAeM,UAAU,EAAE;YAC/C0B,QAAQC,IAAI,CACV,CAAC,uBAAuB,EAAEjC,eAAeM,UAAU,CAAC,kCAAkC,CAAC;QAEzF,yEAAyE;QAC3E;QAEA,MAAMsB,MAAM,IAAID;QAChB,MAAMU,YAAY,IAAIV,KAAKC,IAAImB,OAAO,KAAK/C,eAAeC,UAAU,GAAG;QAEvE,MAAM+C,eAA6B;YACjC3B;YACAC;YACAqB;YACAC;YACAK,UAAUrB,IAAIsB,WAAW;YACzBb,WAAWA,UAAUa,WAAW;QAClC;QAEA,MAAMC,aAAahB,KAAKiB,SAAS,CAACJ;QAClC,MAAMK,YAAYC,OAAOC,UAAU,CAACJ,YAAY;QAEhD,MAAMzB,YAAYC,KAAKC,GAAG;QAC1B,MAAMJ,MAAMgC,GAAG,CAAC/B,UAAU0B,YAAY,MAAMnD,eAAeC,UAAU;QACrE,MAAM8B,UAAUJ,KAAKC,GAAG,KAAKF;QAE7B,IAAIK,UAAU,IAAI;YAChBC,QAAQC,IAAI,CAAC,CAAC,kBAAkB,EAAEF,QAAQ,sBAAsB,CAAC;QACnE;QAEA,iBAAiB;QACjBnB,kBAAkByC;QAClBxC;IACF,EAAE,OAAO0B,OAAO;QACd,MAAMC,MAAMD;QACZP,QAAQO,KAAK,CAAC,oBAAoBC,IAAIC,OAAO;QAC7C,uBAAuB;QACvB3B,iBAAiB;IACnB;AACF;AAEA;;;;;;;CAOC,GACD,OAAO,eAAe2C,gBAAgBpC,SAAkB;IACtD,IAAI,CAACP,gBAAgB;QACnB,OAAO;IACT;IAEA,IAAI;QACF,MAAMU,QAAQzB;QACd,IAAI2D,eAAe;QAEnB,IAAIrC,WAAW;YACb,2CAA2C;YAC3C,MAAMsC,UAAU,GAAG3D,eAAeQ,MAAM,GAAGa,UAAU,EAAE,CAAC;YACxD,MAAMuC,OAAO,MAAMpC,MAAMoC,IAAI,CAACD;YAE9B,IAAIC,KAAKC,MAAM,GAAG,GAAG;gBACnBH,eAAe,MAAMlC,MAAMc,GAAG,IAAIsB;YACpC;QACF,OAAO;YACL,2BAA2B;YAC3B,MAAMD,UAAU,GAAG3D,eAAeQ,MAAM,CAAC,CAAC,CAAC;YAC3C,MAAMoD,OAAO,MAAMpC,MAAMoC,IAAI,CAACD;YAE9B,IAAIC,KAAKC,MAAM,GAAG,GAAG;gBACnBH,eAAe,MAAMlC,MAAMc,GAAG,IAAIsB;YACpC;QACF;QAEA,gBAAgB;QAChB,IAAI,CAACvC,WAAW;YACdX,YAAY;YACZC,cAAc;YACdC,iBAAiB;YACjBC,eAAe;QACjB;QAEAmB,QAAQ8B,GAAG,CAAC,CAAC,mBAAmB,EAAEJ,aAAa,gBAAgB,CAAC;QAChE,OAAOA;IACT,EAAE,OAAOnB,OAAO;QACd,MAAMC,MAAMD;QACZP,QAAQO,KAAK,CAAC,6BAA6BC,IAAIC,OAAO;QACtD3B,iBAAiB;QACjB,OAAO;IACT;AACF;AAEA;;;CAGC,GACD,OAAO,SAASiD;IACd,MAAMC,gBAAgBtD,YAAYC;IAClC,MAAMsD,UAAUD,gBAAgB,IAAItD,YAAYsD,gBAAgB;IAEhE,OAAO;QACLE,MAAMxD;QACNyD,QAAQxD;QACRqD;QACAC,SAASG,WAAWH,QAAQI,OAAO,CAAC;QACpChB,WAAWzC;QACX0D,SAASzD;QACT0D,aAAa,IAAI5C,OAAOuB,WAAW;IACrC;AACF;AAEA;;;CAGC,GACD,OAAO,SAASsB;IACd9D,YAAY;IACZC,cAAc;IACdC,iBAAiB;IACjBC,eAAe;IACfmB,QAAQ8B,GAAG,CAAC;AACd;AAEA;;;CAGC,GACD,OAAO,SAASW;IACd,OAAO3D;AACT;AAEA;;;CAGC,GACD,OAAO,SAAS4D;IACd5D,iBAAiB;IACjBkB,QAAQ8B,GAAG,CAAC;AACd;AAEA;;;CAGC,GACD,OAAO,SAASa;IACd,OAAO;QAAE,GAAG3E,cAAc;IAAC;AAC7B;AAEA;;;;;CAKC,GACD,OAAO,SAAS4E,eAAe3E,UAAkB;IAC/C,IAAIA,aAAa,MAAMA,aAAa,OAAO;QACzC,MAAM,IAAI4E,MACR,CAAC,aAAa,EAAE5E,WAAW,qDAAqD,CAAC;IAErF;IACAD,eAAeC,UAAU,GAAGA;IAC5B+B,QAAQ8B,GAAG,CAAC,CAAC,qBAAqB,EAAE7D,WAAW,QAAQ,CAAC;AAC1D;AAEA;;;CAGC,GACD,OAAO,eAAe6E;IACpB,IAAI,CAAChE,gBAAgB;QACnB,OAAO;IACT;IAEA,IAAI;QACF,MAAMU,QAAQzB;QACd,MAAM4D,UAAU,GAAG3D,eAAeQ,MAAM,CAAC,CAAC,CAAC;QAC3C,MAAMoD,OAAO,MAAMpC,MAAMoC,IAAI,CAACD;QAC9B,OAAOC,KAAKC,MAAM;IACpB,EAAE,OAAOtB,OAAO;QACd,MAAMC,MAAMD;QACZP,QAAQO,KAAK,CAAC,oCAAoCC,IAAIC,OAAO;QAC7D,OAAO;IACT;AACF;AAEA;;;;;CAKC,GACD,OAAO,eAAesC,aACpBT,OAAiD;IAEjD,IAAIU,cAAc;IAElB,KAAK,MAAM,CAAC3D,WAAWL,iBAAiB2B,QAAQC,WAAW,IAAI0B,QAAS;QACtE,IAAI;YACF,MAAM5B,gBAAgBrB,WAAWL,iBAAiB2B,QAAQC;YAC1DoC;QACF,EAAE,OAAOzC,OAAO;YACd,MAAMC,MAAMD;YACZP,QAAQO,KAAK,CAAC,CAAC,+BAA+B,EAAEC,IAAIC,OAAO,EAAE;QAC/D;IACF;IAEAT,QAAQ8B,GAAG,CAAC,CAAC,qBAAqB,EAAEkB,YAAY,QAAQ,CAAC;IACzD,OAAOA;AACT"}

package/dist/mcp/auth-middleware.js CHANGED Viewed

@@ -9,7 +9,8 @@ let MCPAuthMiddleware = class MCPAuthMiddleware {
     constructor(options = {}){
         this.redis = null;
         this.options = {
-            redisUrl: options.redisUrl || process.env.CFN_REDIS_URL || process.env.MCP_REDIS_URL || `redis://${process.env.CFN_REDIS_HOST || 'cfn-redis'}:${process.env.CFN_REDIS_PORT || 6379}`,
+            // FIX: Default to 'localhost' for host execution, Docker deployments should set CFN_REDIS_HOST explicitly
+            redisUrl: options.redisUrl || process.env.CFN_REDIS_URL || process.env.MCP_REDIS_URL || `redis://${process.env.CFN_REDIS_HOST || 'localhost'}:${process.env.CFN_REDIS_PORT || 6379}`,
             tokenExpiry: options.tokenExpiry || '24h',
             authRequired: options.authRequired !== false,
             rateLimitWindow: options.rateLimitWindow || 60,

package/dist/mcp/auth-middleware.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"sources":["../../src/mcp/auth-middleware.js"],"sourcesContent":["/*\r\n MCP Authentication Middleware\r\n * Token-based authentication and authorization for MCP containers\r\n /\r\n\r\nconst crypto = require('crypto');\r\nconst Redis = require('redis');\r\nconst fs = require('fs').promises;\r\nconst path = require('path');\r\n\r\nclass MCPAuthMiddleware {\r\n constructor(options = {}) {\r\n this.redis = null;\r\n this.options = {\r\n redisUrl: options.redisUrl \|\| process.env.CFN_REDIS_URL \|\| process.env.MCP_REDIS_URL \|\| `redis://${process.env.CFN_REDIS_HOST \|\| 'cfn-redis'}:${process.env.CFN_REDIS_PORT \|\| 6379}`,\r\n tokenExpiry: options.tokenExpiry \|\| '24h',\r\n authRequired: options.authRequired !== false,\r\n rateLimitWindow: options.rateLimitWindow \|\| 60, // seconds\r\n rateLimitMax: options.rateLimitMax \|\| 100,\r\n agentConfigPath: options.agentConfigPath \|\| './config/agent-whitelist.json',\r\n skillConfigPath: options.skillConfigPath \|\| './config/skill-requirements.json',\r\n ...options\r\n };\r\n\r\n this.agentWhitelist = new Map();\r\n this.skillRequirements = new Map();\r\n this.rateLimitCache = new Map();\r\n }\r\n\r\n /\r\n Initialize authentication middleware\r\n /\r\n async initialize() {\r\n try {\r\n // Connect to Redis\r\n this.redis = Redis.createClient({ url: this.options.redisUrl });\r\n await this.redis.connect();\r\n\r\n console.log('[MCPAuth] Connected to Redis for authentication');\r\n\r\n // Load configuration\r\n await this.loadAgentWhitelist();\r\n await this.loadSkillRequirements();\r\n\r\n // Start cleanup interval\r\n this.startCleanupInterval();\r\n\r\n console.log('[MCPAuth] Authentication middleware initialized successfully');\r\n } catch (error) {\r\n console.error('[MCPAuth] Failed to initialize:', error);\r\n throw error;\r\n }\r\n }\r\n\r\n /\r\n Load agent whitelist from configuration\r\n /\r\n async loadAgentWhitelist() {\r\n try {\r\n const configPath = path.resolve(this.options.agentConfigPath);\r\n const config = await fs.readFile(configPath, 'utf8');\r\n const whitelist = JSON.parse(config);\r\n\r\n this.agentWhitelist.clear();\r\n for (const agent of whitelist.agents) {\r\n this.agentWhitelist.set(agent.type, agent);\r\n }\r\n\r\n console.log(`[MCPAuth] Loaded ${this.agentWhitelist.size} agent configurations`);\r\n } catch (error) {\r\n console.warn('[MCPAuth] Failed to load agent whitelist:', error.message);\r\n // Default to empty whitelist (deny all)\r\n this.agentWhitelist.clear();\r\n }\r\n }\r\n\r\n /\r\n Load skill requirements from configuration\r\n /\r\n async loadSkillRequirements() {\r\n try {\r\n const configPath = path.resolve(this.options.skillConfigPath);\r\n const config = await fs.readFile(configPath, 'utf8');\r\n const requirements = JSON.parse(config);\r\n\r\n this.skillRequirements.clear();\r\n for (const [tool, req] of Object.entries(requirements.tools)) {\r\n this.skillRequirements.set(tool, req);\r\n }\r\n\r\n console.log(`[MCPAuth] Loaded ${this.skillRequirements.size} tool skill requirements`);\r\n } catch (error) {\r\n console.warn('[MCPAuth] Failed to load skill requirements:', error.message);\r\n this.skillRequirements.clear();\r\n }\r\n }\r\n\r\n /\r\n Authenticate agent request\r\n /\r\n async authenticateRequest(request, response, next) {\r\n try {\r\n // Skip authentication if not required\r\n if (!this.options.authRequired) {\r\n return next();\r\n }\r\n\r\n // Extract authentication headers\r\n const agentToken = request.headers['x-agent-token'];\r\n const agentType = request.headers['x-agent-type'];\r\n const toolName = request.body?.name \|\| request.params?.toolName;\r\n\r\n // Validate required headers\r\n if (!agentToken \|\| !agentType) {\r\n return this.sendErrorResponse(response, 401, 'Missing authentication headers', {\r\n required: ['x-agent-token', 'x-agent-type']\r\n });\r\n }\r\n\r\n // Validate token in Redis\r\n const tokenData = await this.validateToken(agentToken, agentType);\r\n if (!tokenData) {\r\n return this.sendErrorResponse(response, 401, 'Invalid or expired token', {\r\n agentType,\r\n tokenValid: false\r\n });\r\n }\r\n\r\n // Validate agent type against whitelist\r\n if (!this.isAgentAuthorized(agentType)) {\r\n return this.sendErrorResponse(response, 403, 'Agent type not authorized', {\r\n agentType,\r\n allowedTypes: Array.from(this.agentWhitelist.keys())\r\n });\r\n }\r\n\r\n // Validate skill-based tool access\r\n if (toolName && !this.authorizeToolAccess(agentType, toolName)) {\r\n const toolRequirements = this.skillRequirements.get(toolName);\r\n return this.sendErrorResponse(response, 403, 'Insufficient skills for tool access', {\r\n agentType,\r\n toolName,\r\n requiredSkills: toolRequirements?.requiredSkills \|\| [],\r\n agentSkills: tokenData.skills \|\| []\r\n });\r\n }\r\n\r\n // Check rate limits\r\n if (!this.checkRateLimit(agentType, agentToken)) {\r\n return this.sendErrorResponse(response, 429, 'Rate limit exceeded', {\r\n agentType,\r\n window: this.options.rateLimitWindow,\r\n maxRequests: this.options.rateLimitMax\r\n });\r\n }\r\n\r\n // Add agent context to request\r\n request.agentContext = {\r\n agentType,\r\n agentToken,\r\n skills: tokenData.skills \|\| [],\r\n authenticated: true,\r\n timestamp: Date.now()\r\n };\r\n\r\n // Update last activity\r\n await this.updateAgentActivity(agentToken, agentType);\r\n\r\n return next();\r\n\r\n } catch (error) {\r\n console.error('[MCPAuth] Authentication error:', error);\r\n return this.sendErrorResponse(response, 500, 'Authentication error', {\r\n error: error.message\r\n });\r\n }\r\n }\r\n\r\n /\r\n Validate token against Redis\r\n /\r\n async validateToken(token, agentType) {\r\n try {\r\n const key = `mcp:agent:${agentType}:${token}`;\r\n const tokenData = await this.redis.get(key);\r\n\r\n if (!tokenData) {\r\n return null;\r\n }\r\n\r\n const data = JSON.parse(tokenData);\r\n\r\n // Check expiration\r\n if (Date.now() > data.expiresAt) {\r\n await this.redis.del(key);\r\n return null;\r\n }\r\n\r\n return data;\r\n } catch (error) {\r\n console.error('[MCPAuth] Token validation error:', error);\r\n return null;\r\n }\r\n }\r\n\r\n /\r\n Check if agent type is authorized\r\n /\r\n isAgentAuthorized(agentType) {\r\n return this.agentWhitelist.has(agentType);\r\n }\r\n\r\n /\r\n Authorize tool access based on skills\r\n /\r\n authorizeToolAccess(agentType, toolName) {\r\n const toolRequirements = this.skillRequirements.get(toolName);\r\n if (!toolRequirements) {\r\n // No skill requirements defined - allow access\r\n return true;\r\n }\r\n\r\n const agentConfig = this.agentWhitelist.get(agentType);\r\n if (!agentConfig) {\r\n return false;\r\n }\r\n\r\n const requiredSkills = toolRequirements.requiredSkills \|\| [];\r\n const agentSkills = agentConfig.skills \|\| [];\r\n\r\n // Check if agent has all required skills\r\n return requiredSkills.every(skill => agentSkills.includes(skill));\r\n }\r\n\r\n /\r\n Check rate limits for agent\r\n /\r\n checkRateLimit(agentType, token) {\r\n const now = Date.now();\r\n const windowStart = now - (this.options.rateLimitWindow 1000);\r\n const key = `${agentType}:${token}`;\r\n\r\n if (!this.rateLimitCache.has(key)) {\r\n this.rateLimitCache.set(key, []);\r\n }\r\n\r\n const requests = this.rateLimitCache.get(key);\r\n\r\n // Remove old requests outside window\r\n const validRequests = requests.filter(timestamp => timestamp > windowStart);\r\n this.rateLimitCache.set(key, validRequests);\r\n\r\n // Check if under limit\r\n if (validRequests.length >= this.options.rateLimitMax) {\r\n return false;\r\n }\r\n\r\n // Add current request\r\n validRequests.push(now);\r\n return true;\r\n }\r\n\r\n /*\r\n Update agent activity in Redis\r\n /\r\n async updateAgentActivity(token, agentType) {\r\n try {\r\n const key = `mcp:agent:${agentType}:${token}`;\r\n const activity = {\r\n lastActivity: Date.now(),\r\n requestCount: 1\r\n };\r\n\r\n await this.redis.hIncrBy(key, 'requestCount', 1);\r\n await this.redis.hSet(key, 'lastActivity', Date.now().toString());\r\n await this.redis.expire(key, this.parseExpiry(this.options.tokenExpiry));\r\n } catch (error) {\r\n console.error('[MCPAuth] Failed to update activity:', error);\r\n }\r\n }\r\n\r\n /\r\n Generate agent token\r\n /\r\n generateAgentToken(agentType, skills = [], expiresIn = null) {\r\n const token = crypto.randomBytes(32).toString('hex');\r\n const expiresAt = Date.now() + (this.parseExpiry(expiresIn \|\| this.options.tokenExpiry) 1000);\r\n\r\n return {\r\n token,\r\n agentType,\r\n skills,\r\n expiresAt,\r\n createdAt: Date.now()\r\n };\r\n }\r\n\r\n /*\r\n Register agent token in Redis\r\n /\r\n async registerAgentToken(tokenData) {\r\n try {\r\n const key = `mcp:agent:${tokenData.agentType}:${tokenData.token}`;\r\n const value = JSON.stringify(tokenData);\r\n\r\n await this.redis.setEx(key, this.parseExpiry(this.options.tokenExpiry), value);\r\n\r\n console.log(`[MCPAuth] Registered token for agent: ${tokenData.agentType}`);\r\n return tokenData;\r\n } catch (error) {\r\n console.error('[MCPAuth] Failed to register token:', error);\r\n throw error;\r\n }\r\n }\r\n\r\n /\r\n Revoke agent token\r\n /\r\n async revokeAgentToken(agentType, token) {\r\n try {\r\n const key = `mcp:agent:${agentType}:${token}`;\r\n await this.redis.del(key);\r\n\r\n console.log(`[MCPAuth] Revoked token for agent: ${agentType}`);\r\n return true;\r\n } catch (error) {\r\n console.error('[MCPAuth] Failed to revoke token:', error);\r\n return false;\r\n }\r\n }\r\n\r\n /\r\n Send error response\r\n /\r\n sendErrorResponse(response, statusCode, message, details = null) {\r\n const errorResponse = {\r\n jsonrpc: '2.0',\r\n error: {\r\n code: statusCode === 401 ? -32001 : statusCode === 403 ? -32002 : -32003,\r\n message,\r\n ...(details && { details })\r\n },\r\n id: response.body?.id \|\| null\r\n };\r\n\r\n response.writeHead(statusCode, { 'Content-Type': 'application/json' });\r\n response.end(JSON.stringify(errorResponse));\r\n }\r\n\r\n /\r\n Parse expiry string to seconds\r\n /\r\n parseExpiry(expiry) {\r\n if (typeof expiry === 'number') {\r\n return expiry;\r\n }\r\n\r\n const match = expiry.match(/^(\\d+)([smhd])$/);\r\n if (!match) {\r\n return 3600; // Default to 1 hour\r\n }\r\n\r\n const value = parseInt(match[1]);\r\n const unit = match[2];\r\n const multipliers = { s: 1, m: 60, h: 3600, d: 86400 };\r\n\r\n return value (multipliers[unit] \|\| 3600);\r\n }\r\n\r\n /*\r\n Start cleanup interval for rate limit cache\r\n /\r\n startCleanupInterval() {\r\n setInterval(() => {\r\n const now = Date.now();\r\n const windowStart = now - (this.options.rateLimitWindow 1000);\r\n\r\n for (const [key, requests] of this.rateLimitCache.entries()) {\r\n const validRequests = requests.filter(timestamp => timestamp > windowStart);\r\n if (validRequests.length === 0) {\r\n this.rateLimitCache.delete(key);\r\n } else {\r\n this.rateLimitCache.set(key, validRequests);\r\n }\r\n }\r\n }, 60000); // Clean up every minute\r\n }\r\n\r\n /*\r\n Get authentication statistics\r\n /\r\n async getStats() {\r\n try {\r\n const stats = {\r\n registeredAgents: this.agentWhitelist.size,\r\n configuredTools: this.skillRequirements.size,\r\n rateLimitedClients: this.rateLimitCache.size,\r\n redisConnected: this.redis?.isOpen \|\| false\r\n };\r\n\r\n // Get active tokens count\r\n if (this.redis?.isOpen) {\r\n const keys = await this.redis.keys('mcp:agent:');\r\n stats.activeTokens = keys.length;\r\n }\r\n\r\n return stats;\r\n } catch (error) {\r\n console.error('[MCPAuth] Failed to get stats:', error);\r\n return { error: error.message };\r\n }\r\n }\r\n\r\n /*\r\n Shutdown authentication middleware\r\n */\r\n async shutdown() {\r\n try {\r\n if (this.redis) {\r\n await this.redis.quit();\r\n this.redis = null;\r\n }\r\n console.log('[MCPAuth] Authentication middleware shutdown complete');\r\n } catch (error) {\r\n console.error('[MCPAuth] Shutdown error:', error);\r\n }\r\n }\r\n}\r\n\r\nmodule.exports = MCPAuthMiddleware;"],"names":["crypto","require","Redis","fs","promises","path","MCPAuthMiddleware","options","redis","redisUrl","process","env","CFN_REDIS_URL","MCP_REDIS_URL","CFN_REDIS_HOST","CFN_REDIS_PORT","tokenExpiry","authRequired","rateLimitWindow","rateLimitMax","agentConfigPath","skillConfigPath","agentWhitelist","Map","skillRequirements","rateLimitCache","initialize","createClient","url","connect","console","log","loadAgentWhitelist","loadSkillRequirements","startCleanupInterval","error","configPath","resolve","config","readFile","whitelist","JSON","parse","clear","agent","agents","set","type","size","warn","message","requirements","tool","req","Object","entries","tools","authenticateRequest","request","response","next","agentToken","headers","agentType","toolName","body","name","params","sendErrorResponse","required","tokenData","validateToken","tokenValid","isAgentAuthorized","allowedTypes","Array","from","keys","authorizeToolAccess","toolRequirements","get","requiredSkills","agentSkills","skills","checkRateLimit","window","maxRequests","agentContext","authenticated","timestamp","Date","now","updateAgentActivity","token","key","data","expiresAt","del","has","agentConfig","every","skill","includes","windowStart","requests","validRequests","filter","length","push","activity","lastActivity","requestCount","hIncrBy","hSet","toString","expire","parseExpiry","generateAgentToken","expiresIn","randomBytes","createdAt","registerAgentToken","value","stringify","setEx","revokeAgentToken","statusCode","details","errorResponse","jsonrpc","code","id","writeHead","end","expiry","match","parseInt","unit","multipliers","s","m","h","d","setInterval","delete","getStats","stats","registeredAgents","configuredTools","rateLimitedClients","redisConnected","isOpen","activeTokens","shutdown","quit","module","exports"],"mappings":"AAAA;;;CAGC,GAED,MAAMA,SAASC,QAAQ;AACvB,MAAMC,QAAQD,QAAQ;AACtB,MAAME,KAAKF,QAAQ,MAAMG,QAAQ;AACjC,MAAMC,OAAOJ,QAAQ;AAErB,IAAA,AAAMK,oBAAN,MAAMA;IACJ,YAAYC,UAAU,CAAC,CAAC,CAAE;QACxB,IAAI,CAACC,KAAK,GAAG;QACb,IAAI,CAACD,OAAO,GAAG;YACbE,UAAUF,QAAQE,QAAQ,IAAIC,QAAQC,GAAG,CAACC,aAAa,IAAIF,QAAQC,GAAG,CAACE,aAAa,IAAI,CAAC,QAAQ,EAAEH,QAAQC,GAAG,CAACG,cAAc,IAAI,YAAY,CAAC,EAAEJ,QAAQC,GAAG,CAACI,cAAc,IAAI,MAAM;YACpLC,aAAaT,QAAQS,WAAW,IAAI;YACpCC,cAAcV,QAAQU,YAAY,KAAK;YACvCC,iBAAiBX,QAAQW,eAAe,IAAI;YAC5CC,cAAcZ,QAAQY,YAAY,IAAI;YACtCC,iBAAiBb,QAAQa,eAAe,IAAI;YAC5CC,iBAAiBd,QAAQc,eAAe,IAAI;YAC5C,GAAGd,OAAO;QACZ;QAEA,IAAI,CAACe,cAAc,GAAG,IAAIC;QAC1B,IAAI,CAACC,iBAAiB,GAAG,IAAID;QAC7B,IAAI,CAACE,cAAc,GAAG,IAAIF;IAC5B;IAEA;;GAEC,GACD,MAAMG,aAAa;QACjB,IAAI;YACF,mBAAmB;YACnB,IAAI,CAAClB,KAAK,GAAGN,MAAMyB,YAAY,CAAC;gBAAEC,KAAK,IAAI,CAACrB,OAAO,CAACE,QAAQ;YAAC;YAC7D,MAAM,IAAI,CAACD,KAAK,CAACqB,OAAO;YAExBC,QAAQC,GAAG,CAAC;YAEZ,qBAAqB;YACrB,MAAM,IAAI,CAACC,kBAAkB;YAC7B,MAAM,IAAI,CAACC,qBAAqB;YAEhC,yBAAyB;YACzB,IAAI,CAACC,oBAAoB;YAEzBJ,QAAQC,GAAG,CAAC;QACd,EAAE,OAAOI,OAAO;YACdL,QAAQK,KAAK,CAAC,mCAAmCA;YACjD,MAAMA;QACR;IACF;IAEA;;GAEC,GACD,MAAMH,qBAAqB;QACzB,IAAI;YACF,MAAMI,aAAa/B,KAAKgC,OAAO,CAAC,IAAI,CAAC9B,OAAO,CAACa,eAAe;YAC5D,MAAMkB,SAAS,MAAMnC,GAAGoC,QAAQ,CAACH,YAAY;YAC7C,MAAMI,YAAYC,KAAKC,KAAK,CAACJ;YAE7B,IAAI,CAAChB,cAAc,CAACqB,KAAK;YACzB,KAAK,MAAMC,SAASJ,UAAUK,MAAM,CAAE;gBACpC,IAAI,CAACvB,cAAc,CAACwB,GAAG,CAACF,MAAMG,IAAI,EAAEH;YACtC;YAEAd,QAAQC,GAAG,CAAC,CAAC,iBAAiB,EAAE,IAAI,CAACT,cAAc,CAAC0B,IAAI,CAAC,qBAAqB,CAAC;QACjF,EAAE,OAAOb,OAAO;YACdL,QAAQmB,IAAI,CAAC,6CAA6Cd,MAAMe,OAAO;YACvE,wCAAwC;YACxC,IAAI,CAAC5B,cAAc,CAACqB,KAAK;QAC3B;IACF;IAEA;;GAEC,GACD,MAAMV,wBAAwB;QAC5B,IAAI;YACF,MAAMG,aAAa/B,KAAKgC,OAAO,CAAC,IAAI,CAAC9B,OAAO,CAACc,eAAe;YAC5D,MAAMiB,SAAS,MAAMnC,GAAGoC,QAAQ,CAACH,YAAY;YAC7C,MAAMe,eAAeV,KAAKC,KAAK,CAACJ;YAEhC,IAAI,CAACd,iBAAiB,CAACmB,KAAK;YAC5B,KAAK,MAAM,CAACS,MAAMC,IAAI,IAAIC,OAAOC,OAAO,CAACJ,aAAaK,KAAK,EAAG;gBAC5D,IAAI,CAAChC,iBAAiB,CAACsB,GAAG,CAACM,MAAMC;YACnC;YAEAvB,QAAQC,GAAG,CAAC,CAAC,iBAAiB,EAAE,IAAI,CAACP,iBAAiB,CAACwB,IAAI,CAAC,wBAAwB,CAAC;QACvF,EAAE,OAAOb,OAAO;YACdL,QAAQmB,IAAI,CAAC,gDAAgDd,MAAMe,OAAO;YAC1E,IAAI,CAAC1B,iBAAiB,CAACmB,KAAK;QAC9B;IACF;IAEA;;GAEC,GACD,MAAMc,oBAAoBC,OAAO,EAAEC,QAAQ,EAAEC,IAAI,EAAE;QACjD,IAAI;YACF,sCAAsC;YACtC,IAAI,CAAC,IAAI,CAACrD,OAAO,CAACU,YAAY,EAAE;gBAC9B,OAAO2C;YACT;YAEA,iCAAiC;YACjC,MAAMC,aAAaH,QAAQI,OAAO,CAAC,gBAAgB;YACnD,MAAMC,YAAYL,QAAQI,OAAO,CAAC,eAAe;YACjD,MAAME,WAAWN,QAAQO,IAAI,EAAEC,QAAQR,QAAQS,MAAM,EAAEH;YAEvD,4BAA4B;YAC5B,IAAI,CAACH,cAAc,CAACE,WAAW;gBAC7B,OAAO,IAAI,CAACK,iBAAiB,CAACT,UAAU,KAAK,kCAAkC;oBAC7EU,UAAU;wBAAC;wBAAiB;qBAAe;gBAC7C;YACF;YAEA,0BAA0B;YAC1B,MAAMC,YAAY,MAAM,IAAI,CAACC,aAAa,CAACV,YAAYE;YACvD,IAAI,CAACO,WAAW;gBACd,OAAO,IAAI,CAACF,iBAAiB,CAACT,UAAU,KAAK,4BAA4B;oBACvEI;oBACAS,YAAY;gBACd;YACF;YAEA,wCAAwC;YACxC,IAAI,CAAC,IAAI,CAACC,iBAAiB,CAACV,YAAY;gBACtC,OAAO,IAAI,CAACK,iBAAiB,CAACT,UAAU,KAAK,6BAA6B;oBACxEI;oBACAW,cAAcC,MAAMC,IAAI,CAAC,IAAI,CAACtD,cAAc,CAACuD,IAAI;gBACnD;YACF;YAEA,mCAAmC;YACnC,IAAIb,YAAY,CAAC,IAAI,CAACc,mBAAmB,CAACf,WAAWC,WAAW;gBAC9D,MAAMe,mBAAmB,IAAI,CAACvD,iBAAiB,CAACwD,GAAG,CAAChB;gBACpD,OAAO,IAAI,CAACI,iBAAiB,CAACT,UAAU,KAAK,uCAAuC;oBAClFI;oBACAC;oBACAiB,gBAAgBF,kBAAkBE,kBAAkB,EAAE;oBACtDC,aAAaZ,UAAUa,MAAM,IAAI,EAAE;gBACrC;YACF;YAEA,oBAAoB;YACpB,IAAI,CAAC,IAAI,CAACC,cAAc,CAACrB,WAAWF,aAAa;gBAC/C,OAAO,IAAI,CAACO,iBAAiB,CAACT,UAAU,KAAK,uBAAuB;oBAClEI;oBACAsB,QAAQ,IAAI,CAAC9E,OAAO,CAACW,eAAe;oBACpCoE,aAAa,IAAI,CAAC/E,OAAO,CAACY,YAAY;gBACxC;YACF;YAEA,+BAA+B;YAC/BuC,QAAQ6B,YAAY,GAAG;gBACrBxB;gBACAF;gBACAsB,QAAQb,UAAUa,MAAM,IAAI,EAAE;gBAC9BK,eAAe;gBACfC,WAAWC,KAAKC,GAAG;YACrB;YAEA,uBAAuB;YACvB,MAAM,IAAI,CAACC,mBAAmB,CAAC/B,YAAYE;YAE3C,OAAOH;QAET,EAAE,OAAOzB,OAAO;YACdL,QAAQK,KAAK,CAAC,mCAAmCA;YACjD,OAAO,IAAI,CAACiC,iBAAiB,CAACT,UAAU,KAAK,wBAAwB;gBACnExB,OAAOA,MAAMe,OAAO;YACtB;QACF;IACF;IAEA;;GAEC,GACD,MAAMqB,cAAcsB,KAAK,EAAE9B,SAAS,EAAE;QACpC,IAAI;YACF,MAAM+B,MAAM,CAAC,UAAU,EAAE/B,UAAU,CAAC,EAAE8B,OAAO;YAC7C,MAAMvB,YAAY,MAAM,IAAI,CAAC9D,KAAK,CAACwE,GAAG,CAACc;YAEvC,IAAI,CAACxB,WAAW;gBACd,OAAO;YACT;YAEA,MAAMyB,OAAOtD,KAAKC,KAAK,CAAC4B;YAExB,mBAAmB;YACnB,IAAIoB,KAAKC,GAAG,KAAKI,KAAKC,SAAS,EAAE;gBAC/B,MAAM,IAAI,CAACxF,KAAK,CAACyF,GAAG,CAACH;gBACrB,OAAO;YACT;YAEA,OAAOC;QACT,EAAE,OAAO5D,OAAO;YACdL,QAAQK,KAAK,CAAC,qCAAqCA;YACnD,OAAO;QACT;IACF;IAEA;;GAEC,GACDsC,kBAAkBV,SAAS,EAAE;QAC3B,OAAO,IAAI,CAACzC,cAAc,CAAC4E,GAAG,CAACnC;IACjC;IAEA;;GAEC,GACDe,oBAAoBf,SAAS,EAAEC,QAAQ,EAAE;QACvC,MAAMe,mBAAmB,IAAI,CAACvD,iBAAiB,CAACwD,GAAG,CAAChB;QACpD,IAAI,CAACe,kBAAkB;YACrB,+CAA+C;YAC/C,OAAO;QACT;QAEA,MAAMoB,cAAc,IAAI,CAAC7E,cAAc,CAAC0D,GAAG,CAACjB;QAC5C,IAAI,CAACoC,aAAa;YAChB,OAAO;QACT;QAEA,MAAMlB,iBAAiBF,iBAAiBE,cAAc,IAAI,EAAE;QAC5D,MAAMC,cAAciB,YAAYhB,MAAM,IAAI,EAAE;QAE5C,yCAAyC;QACzC,OAAOF,eAAemB,KAAK,CAACC,CAAAA,QAASnB,YAAYoB,QAAQ,CAACD;IAC5D;IAEA;;GAEC,GACDjB,eAAerB,SAAS,EAAE8B,KAAK,EAAE;QAC/B,MAAMF,MAAMD,KAAKC,GAAG;QACpB,MAAMY,cAAcZ,MAAO,IAAI,CAACpF,OAAO,CAACW,eAAe,GAAG;QAC1D,MAAM4E,MAAM,GAAG/B,UAAU,CAAC,EAAE8B,OAAO;QAEnC,IAAI,CAAC,IAAI,CAACpE,cAAc,CAACyE,GAAG,CAACJ,MAAM;YACjC,IAAI,CAACrE,cAAc,CAACqB,GAAG,CAACgD,KAAK,EAAE;QACjC;QAEA,MAAMU,WAAW,IAAI,CAAC/E,cAAc,CAACuD,GAAG,CAACc;QAEzC,qCAAqC;QACrC,MAAMW,gBAAgBD,SAASE,MAAM,CAACjB,CAAAA,YAAaA,YAAYc;QAC/D,IAAI,CAAC9E,cAAc,CAACqB,GAAG,CAACgD,KAAKW;QAE7B,uBAAuB;QACvB,IAAIA,cAAcE,MAAM,IAAI,IAAI,CAACpG,OAAO,CAACY,YAAY,EAAE;YACrD,OAAO;QACT;QAEA,sBAAsB;QACtBsF,cAAcG,IAAI,CAACjB;QACnB,OAAO;IACT;IAEA;;GAEC,GACD,MAAMC,oBAAoBC,KAAK,EAAE9B,SAAS,EAAE;QAC1C,IAAI;YACF,MAAM+B,MAAM,CAAC,UAAU,EAAE/B,UAAU,CAAC,EAAE8B,OAAO;YAC7C,MAAMgB,WAAW;gBACfC,cAAcpB,KAAKC,GAAG;gBACtBoB,cAAc;YAChB;YAEA,MAAM,IAAI,CAACvG,KAAK,CAACwG,OAAO,CAAClB,KAAK,gBAAgB;YAC9C,MAAM,IAAI,CAACtF,KAAK,CAACyG,IAAI,CAACnB,KAAK,gBAAgBJ,KAAKC,GAAG,GAAGuB,QAAQ;YAC9D,MAAM,IAAI,CAAC1G,KAAK,CAAC2G,MAAM,CAACrB,KAAK,IAAI,CAACsB,WAAW,CAAC,IAAI,CAAC7G,OAAO,CAACS,WAAW;QACxE,EAAE,OAAOmB,OAAO;YACdL,QAAQK,KAAK,CAAC,wCAAwCA;QACxD;IACF;IAEA;;GAEC,GACDkF,mBAAmBtD,SAAS,EAAEoB,SAAS,EAAE,EAAEmC,YAAY,IAAI,EAAE;QAC3D,MAAMzB,QAAQ7F,OAAOuH,WAAW,CAAC,IAAIL,QAAQ,CAAC;QAC9C,MAAMlB,YAAYN,KAAKC,GAAG,KAAM,IAAI,CAACyB,WAAW,CAACE,aAAa,IAAI,CAAC/G,OAAO,CAACS,WAAW,IAAI;QAE1F,OAAO;YACL6E;YACA9B;YACAoB;YACAa;YACAwB,WAAW9B,KAAKC,GAAG;QACrB;IACF;IAEA;;GAEC,GACD,MAAM8B,mBAAmBnD,SAAS,EAAE;QAClC,IAAI;YACF,MAAMwB,MAAM,CAAC,UAAU,EAAExB,UAAUP,SAAS,CAAC,CAAC,EAAEO,UAAUuB,KAAK,EAAE;YACjE,MAAM6B,QAAQjF,KAAKkF,SAAS,CAACrD;YAE7B,MAAM,IAAI,CAAC9D,KAAK,CAACoH,KAAK,CAAC9B,KAAK,IAAI,CAACsB,WAAW,CAAC,IAAI,CAAC7G,OAAO,CAACS,WAAW,GAAG0G;YAExE5F,QAAQC,GAAG,CAAC,CAAC,sCAAsC,EAAEuC,UAAUP,SAAS,EAAE;YAC1E,OAAOO;QACT,EAAE,OAAOnC,OAAO;YACdL,QAAQK,KAAK,CAAC,uCAAuCA;YACrD,MAAMA;QACR;IACF;IAEA;;GAEC,GACD,MAAM0F,iBAAiB9D,SAAS,EAAE8B,KAAK,EAAE;QACvC,IAAI;YACF,MAAMC,MAAM,CAAC,UAAU,EAAE/B,UAAU,CAAC,EAAE8B,OAAO;YAC7C,MAAM,IAAI,CAACrF,KAAK,CAACyF,GAAG,CAACH;YAErBhE,QAAQC,GAAG,CAAC,CAAC,mCAAmC,EAAEgC,WAAW;YAC7D,OAAO;QACT,EAAE,OAAO5B,OAAO;YACdL,QAAQK,KAAK,CAAC,qCAAqCA;YACnD,OAAO;QACT;IACF;IAEA;;GAEC,GACDiC,kBAAkBT,QAAQ,EAAEmE,UAAU,EAAE5E,OAAO,EAAE6E,UAAU,IAAI,EAAE;QAC/D,MAAMC,gBAAgB;YACpBC,SAAS;YACT9F,OAAO;gBACL+F,MAAMJ,eAAe,MAAM,CAAC,QAAQA,eAAe,MAAM,CAAC,QAAQ,CAAC;gBACnE5E;gBACA,GAAI6E,WAAW;oBAAEA;gBAAQ,CAAC;YAC5B;YACAI,IAAIxE,SAASM,IAAI,EAAEkE,MAAM;QAC3B;QAEAxE,SAASyE,SAAS,CAACN,YAAY;YAAE,gBAAgB;QAAmB;QACpEnE,SAAS0E,GAAG,CAAC5F,KAAKkF,SAAS,CAACK;IAC9B;IAEA;;GAEC,GACDZ,YAAYkB,MAAM,EAAE;QAClB,IAAI,OAAOA,WAAW,UAAU;YAC9B,OAAOA;QACT;QAEA,MAAMC,QAAQD,OAAOC,KAAK,CAAC;QAC3B,IAAI,CAACA,OAAO;YACV,OAAO,MAAM,oBAAoB;QACnC;QAEA,MAAMb,QAAQc,SAASD,KAAK,CAAC,EAAE;QAC/B,MAAME,OAAOF,KAAK,CAAC,EAAE;QACrB,MAAMG,cAAc;YAAEC,GAAG;YAAGC,GAAG;YAAIC,GAAG;YAAMC,GAAG;QAAM;QAErD,OAAOpB,QAASgB,CAAAA,WAAW,CAACD,KAAK,IAAI,IAAG;IAC1C;IAEA;;GAEC,GACDvG,uBAAuB;QACrB6G,YAAY;YACV,MAAMpD,MAAMD,KAAKC,GAAG;YACpB,MAAMY,cAAcZ,MAAO,IAAI,CAACpF,OAAO,CAACW,eAAe,GAAG;YAE1D,KAAK,MAAM,CAAC4E,KAAKU,SAAS,IAAI,IAAI,CAAC/E,cAAc,CAAC8B,OAAO,GAAI;gBAC3D,MAAMkD,gBAAgBD,SAASE,MAAM,CAACjB,CAAAA,YAAaA,YAAYc;gBAC/D,IAAIE,cAAcE,MAAM,KAAK,GAAG;oBAC9B,IAAI,CAAClF,cAAc,CAACuH,MAAM,CAAClD;gBAC7B,OAAO;oBACL,IAAI,CAACrE,cAAc,CAACqB,GAAG,CAACgD,KAAKW;gBAC/B;YACF;QACF,GAAG,QAAQ,wBAAwB;IACrC;IAEA;;GAEC,GACD,MAAMwC,WAAW;QACf,IAAI;YACF,MAAMC,QAAQ;gBACZC,kBAAkB,IAAI,CAAC7H,cAAc,CAAC0B,IAAI;gBAC1CoG,iBAAiB,IAAI,CAAC5H,iBAAiB,CAACwB,IAAI;gBAC5CqG,oBAAoB,IAAI,CAAC5H,cAAc,CAACuB,IAAI;gBAC5CsG,gBAAgB,IAAI,CAAC9I,KAAK,EAAE+I,UAAU;YACxC;YAEA,0BAA0B;YAC1B,IAAI,IAAI,CAAC/I,KAAK,EAAE+I,QAAQ;gBACtB,MAAM1E,OAAO,MAAM,IAAI,CAACrE,KAAK,CAACqE,IAAI,CAAC;gBACnCqE,MAAMM,YAAY,GAAG3E,KAAK8B,MAAM;YAClC;YAEA,OAAOuC;QACT,EAAE,OAAO/G,OAAO;YACdL,QAAQK,KAAK,CAAC,kCAAkCA;YAChD,OAAO;gBAAEA,OAAOA,MAAMe,OAAO;YAAC;QAChC;IACF;IAEA;;GAEC,GACD,MAAMuG,WAAW;QACf,IAAI;YACF,IAAI,IAAI,CAACjJ,KAAK,EAAE;gBACd,MAAM,IAAI,CAACA,KAAK,CAACkJ,IAAI;gBACrB,IAAI,CAAClJ,KAAK,GAAG;YACf;YACAsB,QAAQC,GAAG,CAAC;QACd,EAAE,OAAOI,OAAO;YACdL,QAAQK,KAAK,CAAC,6BAA6BA;QAC7C;IACF;AACF;AAEAwH,OAAOC,OAAO,GAAGtJ"}
1	+ {"version":3,"sources":["../../src/mcp/auth-middleware.js"],"sourcesContent":["/*\r\n MCP Authentication Middleware\r\n * Token-based authentication and authorization for MCP containers\r\n /\r\n\r\nconst crypto = require('crypto');\r\nconst Redis = require('redis');\r\nconst fs = require('fs').promises;\r\nconst path = require('path');\r\n\r\nclass MCPAuthMiddleware {\r\n constructor(options = {}) {\r\n this.redis = null;\r\n this.options = {\r\n // FIX: Default to 'localhost' for host execution, Docker deployments should set CFN_REDIS_HOST explicitly\r\n redisUrl: options.redisUrl \|\| process.env.CFN_REDIS_URL \|\| process.env.MCP_REDIS_URL \|\| `redis://${process.env.CFN_REDIS_HOST \|\| 'localhost'}:${process.env.CFN_REDIS_PORT \|\| 6379}`,\r\n tokenExpiry: options.tokenExpiry \|\| '24h',\r\n authRequired: options.authRequired !== false,\r\n rateLimitWindow: options.rateLimitWindow \|\| 60, // seconds\r\n rateLimitMax: options.rateLimitMax \|\| 100,\r\n agentConfigPath: options.agentConfigPath \|\| './config/agent-whitelist.json',\r\n skillConfigPath: options.skillConfigPath \|\| './config/skill-requirements.json',\r\n ...options\r\n };\r\n\r\n this.agentWhitelist = new Map();\r\n this.skillRequirements = new Map();\r\n this.rateLimitCache = new Map();\r\n }\r\n\r\n /\r\n Initialize authentication middleware\r\n /\r\n async initialize() {\r\n try {\r\n // Connect to Redis\r\n this.redis = Redis.createClient({ url: this.options.redisUrl });\r\n await this.redis.connect();\r\n\r\n console.log('[MCPAuth] Connected to Redis for authentication');\r\n\r\n // Load configuration\r\n await this.loadAgentWhitelist();\r\n await this.loadSkillRequirements();\r\n\r\n // Start cleanup interval\r\n this.startCleanupInterval();\r\n\r\n console.log('[MCPAuth] Authentication middleware initialized successfully');\r\n } catch (error) {\r\n console.error('[MCPAuth] Failed to initialize:', error);\r\n throw error;\r\n }\r\n }\r\n\r\n /\r\n Load agent whitelist from configuration\r\n /\r\n async loadAgentWhitelist() {\r\n try {\r\n const configPath = path.resolve(this.options.agentConfigPath);\r\n const config = await fs.readFile(configPath, 'utf8');\r\n const whitelist = JSON.parse(config);\r\n\r\n this.agentWhitelist.clear();\r\n for (const agent of whitelist.agents) {\r\n this.agentWhitelist.set(agent.type, agent);\r\n }\r\n\r\n console.log(`[MCPAuth] Loaded ${this.agentWhitelist.size} agent configurations`);\r\n } catch (error) {\r\n console.warn('[MCPAuth] Failed to load agent whitelist:', error.message);\r\n // Default to empty whitelist (deny all)\r\n this.agentWhitelist.clear();\r\n }\r\n }\r\n\r\n /\r\n Load skill requirements from configuration\r\n /\r\n async loadSkillRequirements() {\r\n try {\r\n const configPath = path.resolve(this.options.skillConfigPath);\r\n const config = await fs.readFile(configPath, 'utf8');\r\n const requirements = JSON.parse(config);\r\n\r\n this.skillRequirements.clear();\r\n for (const [tool, req] of Object.entries(requirements.tools)) {\r\n this.skillRequirements.set(tool, req);\r\n }\r\n\r\n console.log(`[MCPAuth] Loaded ${this.skillRequirements.size} tool skill requirements`);\r\n } catch (error) {\r\n console.warn('[MCPAuth] Failed to load skill requirements:', error.message);\r\n this.skillRequirements.clear();\r\n }\r\n }\r\n\r\n /\r\n Authenticate agent request\r\n /\r\n async authenticateRequest(request, response, next) {\r\n try {\r\n // Skip authentication if not required\r\n if (!this.options.authRequired) {\r\n return next();\r\n }\r\n\r\n // Extract authentication headers\r\n const agentToken = request.headers['x-agent-token'];\r\n const agentType = request.headers['x-agent-type'];\r\n const toolName = request.body?.name \|\| request.params?.toolName;\r\n\r\n // Validate required headers\r\n if (!agentToken \|\| !agentType) {\r\n return this.sendErrorResponse(response, 401, 'Missing authentication headers', {\r\n required: ['x-agent-token', 'x-agent-type']\r\n });\r\n }\r\n\r\n // Validate token in Redis\r\n const tokenData = await this.validateToken(agentToken, agentType);\r\n if (!tokenData) {\r\n return this.sendErrorResponse(response, 401, 'Invalid or expired token', {\r\n agentType,\r\n tokenValid: false\r\n });\r\n }\r\n\r\n // Validate agent type against whitelist\r\n if (!this.isAgentAuthorized(agentType)) {\r\n return this.sendErrorResponse(response, 403, 'Agent type not authorized', {\r\n agentType,\r\n allowedTypes: Array.from(this.agentWhitelist.keys())\r\n });\r\n }\r\n\r\n // Validate skill-based tool access\r\n if (toolName && !this.authorizeToolAccess(agentType, toolName)) {\r\n const toolRequirements = this.skillRequirements.get(toolName);\r\n return this.sendErrorResponse(response, 403, 'Insufficient skills for tool access', {\r\n agentType,\r\n toolName,\r\n requiredSkills: toolRequirements?.requiredSkills \|\| [],\r\n agentSkills: tokenData.skills \|\| []\r\n });\r\n }\r\n\r\n // Check rate limits\r\n if (!this.checkRateLimit(agentType, agentToken)) {\r\n return this.sendErrorResponse(response, 429, 'Rate limit exceeded', {\r\n agentType,\r\n window: this.options.rateLimitWindow,\r\n maxRequests: this.options.rateLimitMax\r\n });\r\n }\r\n\r\n // Add agent context to request\r\n request.agentContext = {\r\n agentType,\r\n agentToken,\r\n skills: tokenData.skills \|\| [],\r\n authenticated: true,\r\n timestamp: Date.now()\r\n };\r\n\r\n // Update last activity\r\n await this.updateAgentActivity(agentToken, agentType);\r\n\r\n return next();\r\n\r\n } catch (error) {\r\n console.error('[MCPAuth] Authentication error:', error);\r\n return this.sendErrorResponse(response, 500, 'Authentication error', {\r\n error: error.message\r\n });\r\n }\r\n }\r\n\r\n /\r\n Validate token against Redis\r\n /\r\n async validateToken(token, agentType) {\r\n try {\r\n const key = `mcp:agent:${agentType}:${token}`;\r\n const tokenData = await this.redis.get(key);\r\n\r\n if (!tokenData) {\r\n return null;\r\n }\r\n\r\n const data = JSON.parse(tokenData);\r\n\r\n // Check expiration\r\n if (Date.now() > data.expiresAt) {\r\n await this.redis.del(key);\r\n return null;\r\n }\r\n\r\n return data;\r\n } catch (error) {\r\n console.error('[MCPAuth] Token validation error:', error);\r\n return null;\r\n }\r\n }\r\n\r\n /\r\n Check if agent type is authorized\r\n /\r\n isAgentAuthorized(agentType) {\r\n return this.agentWhitelist.has(agentType);\r\n }\r\n\r\n /\r\n Authorize tool access based on skills\r\n /\r\n authorizeToolAccess(agentType, toolName) {\r\n const toolRequirements = this.skillRequirements.get(toolName);\r\n if (!toolRequirements) {\r\n // No skill requirements defined - allow access\r\n return true;\r\n }\r\n\r\n const agentConfig = this.agentWhitelist.get(agentType);\r\n if (!agentConfig) {\r\n return false;\r\n }\r\n\r\n const requiredSkills = toolRequirements.requiredSkills \|\| [];\r\n const agentSkills = agentConfig.skills \|\| [];\r\n\r\n // Check if agent has all required skills\r\n return requiredSkills.every(skill => agentSkills.includes(skill));\r\n }\r\n\r\n /\r\n Check rate limits for agent\r\n /\r\n checkRateLimit(agentType, token) {\r\n const now = Date.now();\r\n const windowStart = now - (this.options.rateLimitWindow 1000);\r\n const key = `${agentType}:${token}`;\r\n\r\n if (!this.rateLimitCache.has(key)) {\r\n this.rateLimitCache.set(key, []);\r\n }\r\n\r\n const requests = this.rateLimitCache.get(key);\r\n\r\n // Remove old requests outside window\r\n const validRequests = requests.filter(timestamp => timestamp > windowStart);\r\n this.rateLimitCache.set(key, validRequests);\r\n\r\n // Check if under limit\r\n if (validRequests.length >= this.options.rateLimitMax) {\r\n return false;\r\n }\r\n\r\n // Add current request\r\n validRequests.push(now);\r\n return true;\r\n }\r\n\r\n /*\r\n Update agent activity in Redis\r\n /\r\n async updateAgentActivity(token, agentType) {\r\n try {\r\n const key = `mcp:agent:${agentType}:${token}`;\r\n const activity = {\r\n lastActivity: Date.now(),\r\n requestCount: 1\r\n };\r\n\r\n await this.redis.hIncrBy(key, 'requestCount', 1);\r\n await this.redis.hSet(key, 'lastActivity', Date.now().toString());\r\n await this.redis.expire(key, this.parseExpiry(this.options.tokenExpiry));\r\n } catch (error) {\r\n console.error('[MCPAuth] Failed to update activity:', error);\r\n }\r\n }\r\n\r\n /\r\n Generate agent token\r\n /\r\n generateAgentToken(agentType, skills = [], expiresIn = null) {\r\n const token = crypto.randomBytes(32).toString('hex');\r\n const expiresAt = Date.now() + (this.parseExpiry(expiresIn \|\| this.options.tokenExpiry) 1000);\r\n\r\n return {\r\n token,\r\n agentType,\r\n skills,\r\n expiresAt,\r\n createdAt: Date.now()\r\n };\r\n }\r\n\r\n /*\r\n Register agent token in Redis\r\n /\r\n async registerAgentToken(tokenData) {\r\n try {\r\n const key = `mcp:agent:${tokenData.agentType}:${tokenData.token}`;\r\n const value = JSON.stringify(tokenData);\r\n\r\n await this.redis.setEx(key, this.parseExpiry(this.options.tokenExpiry), value);\r\n\r\n console.log(`[MCPAuth] Registered token for agent: ${tokenData.agentType}`);\r\n return tokenData;\r\n } catch (error) {\r\n console.error('[MCPAuth] Failed to register token:', error);\r\n throw error;\r\n }\r\n }\r\n\r\n /\r\n Revoke agent token\r\n /\r\n async revokeAgentToken(agentType, token) {\r\n try {\r\n const key = `mcp:agent:${agentType}:${token}`;\r\n await this.redis.del(key);\r\n\r\n console.log(`[MCPAuth] Revoked token for agent: ${agentType}`);\r\n return true;\r\n } catch (error) {\r\n console.error('[MCPAuth] Failed to revoke token:', error);\r\n return false;\r\n }\r\n }\r\n\r\n /\r\n Send error response\r\n /\r\n sendErrorResponse(response, statusCode, message, details = null) {\r\n const errorResponse = {\r\n jsonrpc: '2.0',\r\n error: {\r\n code: statusCode === 401 ? -32001 : statusCode === 403 ? -32002 : -32003,\r\n message,\r\n ...(details && { details })\r\n },\r\n id: response.body?.id \|\| null\r\n };\r\n\r\n response.writeHead(statusCode, { 'Content-Type': 'application/json' });\r\n response.end(JSON.stringify(errorResponse));\r\n }\r\n\r\n /\r\n Parse expiry string to seconds\r\n /\r\n parseExpiry(expiry) {\r\n if (typeof expiry === 'number') {\r\n return expiry;\r\n }\r\n\r\n const match = expiry.match(/^(\\d+)([smhd])$/);\r\n if (!match) {\r\n return 3600; // Default to 1 hour\r\n }\r\n\r\n const value = parseInt(match[1]);\r\n const unit = match[2];\r\n const multipliers = { s: 1, m: 60, h: 3600, d: 86400 };\r\n\r\n return value (multipliers[unit] \|\| 3600);\r\n }\r\n\r\n /*\r\n Start cleanup interval for rate limit cache\r\n /\r\n startCleanupInterval() {\r\n setInterval(() => {\r\n const now = Date.now();\r\n const windowStart = now - (this.options.rateLimitWindow 1000);\r\n\r\n for (const [key, requests] of this.rateLimitCache.entries()) {\r\n const validRequests = requests.filter(timestamp => timestamp > windowStart);\r\n if (validRequests.length === 0) {\r\n this.rateLimitCache.delete(key);\r\n } else {\r\n this.rateLimitCache.set(key, validRequests);\r\n }\r\n }\r\n }, 60000); // Clean up every minute\r\n }\r\n\r\n /*\r\n Get authentication statistics\r\n /\r\n async getStats() {\r\n try {\r\n const stats = {\r\n registeredAgents: this.agentWhitelist.size,\r\n configuredTools: this.skillRequirements.size,\r\n rateLimitedClients: this.rateLimitCache.size,\r\n redisConnected: this.redis?.isOpen \|\| false\r\n };\r\n\r\n // Get active tokens count\r\n if (this.redis?.isOpen) {\r\n const keys = await this.redis.keys('mcp:agent:');\r\n stats.activeTokens = keys.length;\r\n }\r\n\r\n return stats;\r\n } catch (error) {\r\n console.error('[MCPAuth] Failed to get stats:', error);\r\n return { error: error.message };\r\n }\r\n }\r\n\r\n /*\r\n Shutdown authentication middleware\r\n */\r\n async shutdown() {\r\n try {\r\n if (this.redis) {\r\n await this.redis.quit();\r\n this.redis = null;\r\n }\r\n console.log('[MCPAuth] Authentication middleware shutdown complete');\r\n } catch (error) {\r\n console.error('[MCPAuth] Shutdown error:', error);\r\n }\r\n }\r\n}\r\n\r\nmodule.exports = MCPAuthMiddleware;"],"names":["crypto","require","Redis","fs","promises","path","MCPAuthMiddleware","options","redis","redisUrl","process","env","CFN_REDIS_URL","MCP_REDIS_URL","CFN_REDIS_HOST","CFN_REDIS_PORT","tokenExpiry","authRequired","rateLimitWindow","rateLimitMax","agentConfigPath","skillConfigPath","agentWhitelist","Map","skillRequirements","rateLimitCache","initialize","createClient","url","connect","console","log","loadAgentWhitelist","loadSkillRequirements","startCleanupInterval","error","configPath","resolve","config","readFile","whitelist","JSON","parse","clear","agent","agents","set","type","size","warn","message","requirements","tool","req","Object","entries","tools","authenticateRequest","request","response","next","agentToken","headers","agentType","toolName","body","name","params","sendErrorResponse","required","tokenData","validateToken","tokenValid","isAgentAuthorized","allowedTypes","Array","from","keys","authorizeToolAccess","toolRequirements","get","requiredSkills","agentSkills","skills","checkRateLimit","window","maxRequests","agentContext","authenticated","timestamp","Date","now","updateAgentActivity","token","key","data","expiresAt","del","has","agentConfig","every","skill","includes","windowStart","requests","validRequests","filter","length","push","activity","lastActivity","requestCount","hIncrBy","hSet","toString","expire","parseExpiry","generateAgentToken","expiresIn","randomBytes","createdAt","registerAgentToken","value","stringify","setEx","revokeAgentToken","statusCode","details","errorResponse","jsonrpc","code","id","writeHead","end","expiry","match","parseInt","unit","multipliers","s","m","h","d","setInterval","delete","getStats","stats","registeredAgents","configuredTools","rateLimitedClients","redisConnected","isOpen","activeTokens","shutdown","quit","module","exports"],"mappings":"AAAA;;;CAGC,GAED,MAAMA,SAASC,QAAQ;AACvB,MAAMC,QAAQD,QAAQ;AACtB,MAAME,KAAKF,QAAQ,MAAMG,QAAQ;AACjC,MAAMC,OAAOJ,QAAQ;AAErB,IAAA,AAAMK,oBAAN,MAAMA;IACJ,YAAYC,UAAU,CAAC,CAAC,CAAE;QACxB,IAAI,CAACC,KAAK,GAAG;QACb,IAAI,CAACD,OAAO,GAAG;YACb,0GAA0G;YAC1GE,UAAUF,QAAQE,QAAQ,IAAIC,QAAQC,GAAG,CAACC,aAAa,IAAIF,QAAQC,GAAG,CAACE,aAAa,IAAI,CAAC,QAAQ,EAAEH,QAAQC,GAAG,CAACG,cAAc,IAAI,YAAY,CAAC,EAAEJ,QAAQC,GAAG,CAACI,cAAc,IAAI,MAAM;YACpLC,aAAaT,QAAQS,WAAW,IAAI;YACpCC,cAAcV,QAAQU,YAAY,KAAK;YACvCC,iBAAiBX,QAAQW,eAAe,IAAI;YAC5CC,cAAcZ,QAAQY,YAAY,IAAI;YACtCC,iBAAiBb,QAAQa,eAAe,IAAI;YAC5CC,iBAAiBd,QAAQc,eAAe,IAAI;YAC5C,GAAGd,OAAO;QACZ;QAEA,IAAI,CAACe,cAAc,GAAG,IAAIC;QAC1B,IAAI,CAACC,iBAAiB,GAAG,IAAID;QAC7B,IAAI,CAACE,cAAc,GAAG,IAAIF;IAC5B;IAEA;;GAEC,GACD,MAAMG,aAAa;QACjB,IAAI;YACF,mBAAmB;YACnB,IAAI,CAAClB,KAAK,GAAGN,MAAMyB,YAAY,CAAC;gBAAEC,KAAK,IAAI,CAACrB,OAAO,CAACE,QAAQ;YAAC;YAC7D,MAAM,IAAI,CAACD,KAAK,CAACqB,OAAO;YAExBC,QAAQC,GAAG,CAAC;YAEZ,qBAAqB;YACrB,MAAM,IAAI,CAACC,kBAAkB;YAC7B,MAAM,IAAI,CAACC,qBAAqB;YAEhC,yBAAyB;YACzB,IAAI,CAACC,oBAAoB;YAEzBJ,QAAQC,GAAG,CAAC;QACd,EAAE,OAAOI,OAAO;YACdL,QAAQK,KAAK,CAAC,mCAAmCA;YACjD,MAAMA;QACR;IACF;IAEA;;GAEC,GACD,MAAMH,qBAAqB;QACzB,IAAI;YACF,MAAMI,aAAa/B,KAAKgC,OAAO,CAAC,IAAI,CAAC9B,OAAO,CAACa,eAAe;YAC5D,MAAMkB,SAAS,MAAMnC,GAAGoC,QAAQ,CAACH,YAAY;YAC7C,MAAMI,YAAYC,KAAKC,KAAK,CAACJ;YAE7B,IAAI,CAAChB,cAAc,CAACqB,KAAK;YACzB,KAAK,MAAMC,SAASJ,UAAUK,MAAM,CAAE;gBACpC,IAAI,CAACvB,cAAc,CAACwB,GAAG,CAACF,MAAMG,IAAI,EAAEH;YACtC;YAEAd,QAAQC,GAAG,CAAC,CAAC,iBAAiB,EAAE,IAAI,CAACT,cAAc,CAAC0B,IAAI,CAAC,qBAAqB,CAAC;QACjF,EAAE,OAAOb,OAAO;YACdL,QAAQmB,IAAI,CAAC,6CAA6Cd,MAAMe,OAAO;YACvE,wCAAwC;YACxC,IAAI,CAAC5B,cAAc,CAACqB,KAAK;QAC3B;IACF;IAEA;;GAEC,GACD,MAAMV,wBAAwB;QAC5B,IAAI;YACF,MAAMG,aAAa/B,KAAKgC,OAAO,CAAC,IAAI,CAAC9B,OAAO,CAACc,eAAe;YAC5D,MAAMiB,SAAS,MAAMnC,GAAGoC,QAAQ,CAACH,YAAY;YAC7C,MAAMe,eAAeV,KAAKC,KAAK,CAACJ;YAEhC,IAAI,CAACd,iBAAiB,CAACmB,KAAK;YAC5B,KAAK,MAAM,CAACS,MAAMC,IAAI,IAAIC,OAAOC,OAAO,CAACJ,aAAaK,KAAK,EAAG;gBAC5D,IAAI,CAAChC,iBAAiB,CAACsB,GAAG,CAACM,MAAMC;YACnC;YAEAvB,QAAQC,GAAG,CAAC,CAAC,iBAAiB,EAAE,IAAI,CAACP,iBAAiB,CAACwB,IAAI,CAAC,wBAAwB,CAAC;QACvF,EAAE,OAAOb,OAAO;YACdL,QAAQmB,IAAI,CAAC,gDAAgDd,MAAMe,OAAO;YAC1E,IAAI,CAAC1B,iBAAiB,CAACmB,KAAK;QAC9B;IACF;IAEA;;GAEC,GACD,MAAMc,oBAAoBC,OAAO,EAAEC,QAAQ,EAAEC,IAAI,EAAE;QACjD,IAAI;YACF,sCAAsC;YACtC,IAAI,CAAC,IAAI,CAACrD,OAAO,CAACU,YAAY,EAAE;gBAC9B,OAAO2C;YACT;YAEA,iCAAiC;YACjC,MAAMC,aAAaH,QAAQI,OAAO,CAAC,gBAAgB;YACnD,MAAMC,YAAYL,QAAQI,OAAO,CAAC,eAAe;YACjD,MAAME,WAAWN,QAAQO,IAAI,EAAEC,QAAQR,QAAQS,MAAM,EAAEH;YAEvD,4BAA4B;YAC5B,IAAI,CAACH,cAAc,CAACE,WAAW;gBAC7B,OAAO,IAAI,CAACK,iBAAiB,CAACT,UAAU,KAAK,kCAAkC;oBAC7EU,UAAU;wBAAC;wBAAiB;qBAAe;gBAC7C;YACF;YAEA,0BAA0B;YAC1B,MAAMC,YAAY,MAAM,IAAI,CAACC,aAAa,CAACV,YAAYE;YACvD,IAAI,CAACO,WAAW;gBACd,OAAO,IAAI,CAACF,iBAAiB,CAACT,UAAU,KAAK,4BAA4B;oBACvEI;oBACAS,YAAY;gBACd;YACF;YAEA,wCAAwC;YACxC,IAAI,CAAC,IAAI,CAACC,iBAAiB,CAACV,YAAY;gBACtC,OAAO,IAAI,CAACK,iBAAiB,CAACT,UAAU,KAAK,6BAA6B;oBACxEI;oBACAW,cAAcC,MAAMC,IAAI,CAAC,IAAI,CAACtD,cAAc,CAACuD,IAAI;gBACnD;YACF;YAEA,mCAAmC;YACnC,IAAIb,YAAY,CAAC,IAAI,CAACc,mBAAmB,CAACf,WAAWC,WAAW;gBAC9D,MAAMe,mBAAmB,IAAI,CAACvD,iBAAiB,CAACwD,GAAG,CAAChB;gBACpD,OAAO,IAAI,CAACI,iBAAiB,CAACT,UAAU,KAAK,uCAAuC;oBAClFI;oBACAC;oBACAiB,gBAAgBF,kBAAkBE,kBAAkB,EAAE;oBACtDC,aAAaZ,UAAUa,MAAM,IAAI,EAAE;gBACrC;YACF;YAEA,oBAAoB;YACpB,IAAI,CAAC,IAAI,CAACC,cAAc,CAACrB,WAAWF,aAAa;gBAC/C,OAAO,IAAI,CAACO,iBAAiB,CAACT,UAAU,KAAK,uBAAuB;oBAClEI;oBACAsB,QAAQ,IAAI,CAAC9E,OAAO,CAACW,eAAe;oBACpCoE,aAAa,IAAI,CAAC/E,OAAO,CAACY,YAAY;gBACxC;YACF;YAEA,+BAA+B;YAC/BuC,QAAQ6B,YAAY,GAAG;gBACrBxB;gBACAF;gBACAsB,QAAQb,UAAUa,MAAM,IAAI,EAAE;gBAC9BK,eAAe;gBACfC,WAAWC,KAAKC,GAAG;YACrB;YAEA,uBAAuB;YACvB,MAAM,IAAI,CAACC,mBAAmB,CAAC/B,YAAYE;YAE3C,OAAOH;QAET,EAAE,OAAOzB,OAAO;YACdL,QAAQK,KAAK,CAAC,mCAAmCA;YACjD,OAAO,IAAI,CAACiC,iBAAiB,CAACT,UAAU,KAAK,wBAAwB;gBACnExB,OAAOA,MAAMe,OAAO;YACtB;QACF;IACF;IAEA;;GAEC,GACD,MAAMqB,cAAcsB,KAAK,EAAE9B,SAAS,EAAE;QACpC,IAAI;YACF,MAAM+B,MAAM,CAAC,UAAU,EAAE/B,UAAU,CAAC,EAAE8B,OAAO;YAC7C,MAAMvB,YAAY,MAAM,IAAI,CAAC9D,KAAK,CAACwE,GAAG,CAACc;YAEvC,IAAI,CAACxB,WAAW;gBACd,OAAO;YACT;YAEA,MAAMyB,OAAOtD,KAAKC,KAAK,CAAC4B;YAExB,mBAAmB;YACnB,IAAIoB,KAAKC,GAAG,KAAKI,KAAKC,SAAS,EAAE;gBAC/B,MAAM,IAAI,CAACxF,KAAK,CAACyF,GAAG,CAACH;gBACrB,OAAO;YACT;YAEA,OAAOC;QACT,EAAE,OAAO5D,OAAO;YACdL,QAAQK,KAAK,CAAC,qCAAqCA;YACnD,OAAO;QACT;IACF;IAEA;;GAEC,GACDsC,kBAAkBV,SAAS,EAAE;QAC3B,OAAO,IAAI,CAACzC,cAAc,CAAC4E,GAAG,CAACnC;IACjC;IAEA;;GAEC,GACDe,oBAAoBf,SAAS,EAAEC,QAAQ,EAAE;QACvC,MAAMe,mBAAmB,IAAI,CAACvD,iBAAiB,CAACwD,GAAG,CAAChB;QACpD,IAAI,CAACe,kBAAkB;YACrB,+CAA+C;YAC/C,OAAO;QACT;QAEA,MAAMoB,cAAc,IAAI,CAAC7E,cAAc,CAAC0D,GAAG,CAACjB;QAC5C,IAAI,CAACoC,aAAa;YAChB,OAAO;QACT;QAEA,MAAMlB,iBAAiBF,iBAAiBE,cAAc,IAAI,EAAE;QAC5D,MAAMC,cAAciB,YAAYhB,MAAM,IAAI,EAAE;QAE5C,yCAAyC;QACzC,OAAOF,eAAemB,KAAK,CAACC,CAAAA,QAASnB,YAAYoB,QAAQ,CAACD;IAC5D;IAEA;;GAEC,GACDjB,eAAerB,SAAS,EAAE8B,KAAK,EAAE;QAC/B,MAAMF,MAAMD,KAAKC,GAAG;QACpB,MAAMY,cAAcZ,MAAO,IAAI,CAACpF,OAAO,CAACW,eAAe,GAAG;QAC1D,MAAM4E,MAAM,GAAG/B,UAAU,CAAC,EAAE8B,OAAO;QAEnC,IAAI,CAAC,IAAI,CAACpE,cAAc,CAACyE,GAAG,CAACJ,MAAM;YACjC,IAAI,CAACrE,cAAc,CAACqB,GAAG,CAACgD,KAAK,EAAE;QACjC;QAEA,MAAMU,WAAW,IAAI,CAAC/E,cAAc,CAACuD,GAAG,CAACc;QAEzC,qCAAqC;QACrC,MAAMW,gBAAgBD,SAASE,MAAM,CAACjB,CAAAA,YAAaA,YAAYc;QAC/D,IAAI,CAAC9E,cAAc,CAACqB,GAAG,CAACgD,KAAKW;QAE7B,uBAAuB;QACvB,IAAIA,cAAcE,MAAM,IAAI,IAAI,CAACpG,OAAO,CAACY,YAAY,EAAE;YACrD,OAAO;QACT;QAEA,sBAAsB;QACtBsF,cAAcG,IAAI,CAACjB;QACnB,OAAO;IACT;IAEA;;GAEC,GACD,MAAMC,oBAAoBC,KAAK,EAAE9B,SAAS,EAAE;QAC1C,IAAI;YACF,MAAM+B,MAAM,CAAC,UAAU,EAAE/B,UAAU,CAAC,EAAE8B,OAAO;YAC7C,MAAMgB,WAAW;gBACfC,cAAcpB,KAAKC,GAAG;gBACtBoB,cAAc;YAChB;YAEA,MAAM,IAAI,CAACvG,KAAK,CAACwG,OAAO,CAAClB,KAAK,gBAAgB;YAC9C,MAAM,IAAI,CAACtF,KAAK,CAACyG,IAAI,CAACnB,KAAK,gBAAgBJ,KAAKC,GAAG,GAAGuB,QAAQ;YAC9D,MAAM,IAAI,CAAC1G,KAAK,CAAC2G,MAAM,CAACrB,KAAK,IAAI,CAACsB,WAAW,CAAC,IAAI,CAAC7G,OAAO,CAACS,WAAW;QACxE,EAAE,OAAOmB,OAAO;YACdL,QAAQK,KAAK,CAAC,wCAAwCA;QACxD;IACF;IAEA;;GAEC,GACDkF,mBAAmBtD,SAAS,EAAEoB,SAAS,EAAE,EAAEmC,YAAY,IAAI,EAAE;QAC3D,MAAMzB,QAAQ7F,OAAOuH,WAAW,CAAC,IAAIL,QAAQ,CAAC;QAC9C,MAAMlB,YAAYN,KAAKC,GAAG,KAAM,IAAI,CAACyB,WAAW,CAACE,aAAa,IAAI,CAAC/G,OAAO,CAACS,WAAW,IAAI;QAE1F,OAAO;YACL6E;YACA9B;YACAoB;YACAa;YACAwB,WAAW9B,KAAKC,GAAG;QACrB;IACF;IAEA;;GAEC,GACD,MAAM8B,mBAAmBnD,SAAS,EAAE;QAClC,IAAI;YACF,MAAMwB,MAAM,CAAC,UAAU,EAAExB,UAAUP,SAAS,CAAC,CAAC,EAAEO,UAAUuB,KAAK,EAAE;YACjE,MAAM6B,QAAQjF,KAAKkF,SAAS,CAACrD;YAE7B,MAAM,IAAI,CAAC9D,KAAK,CAACoH,KAAK,CAAC9B,KAAK,IAAI,CAACsB,WAAW,CAAC,IAAI,CAAC7G,OAAO,CAACS,WAAW,GAAG0G;YAExE5F,QAAQC,GAAG,CAAC,CAAC,sCAAsC,EAAEuC,UAAUP,SAAS,EAAE;YAC1E,OAAOO;QACT,EAAE,OAAOnC,OAAO;YACdL,QAAQK,KAAK,CAAC,uCAAuCA;YACrD,MAAMA;QACR;IACF;IAEA;;GAEC,GACD,MAAM0F,iBAAiB9D,SAAS,EAAE8B,KAAK,EAAE;QACvC,IAAI;YACF,MAAMC,MAAM,CAAC,UAAU,EAAE/B,UAAU,CAAC,EAAE8B,OAAO;YAC7C,MAAM,IAAI,CAACrF,KAAK,CAACyF,GAAG,CAACH;YAErBhE,QAAQC,GAAG,CAAC,CAAC,mCAAmC,EAAEgC,WAAW;YAC7D,OAAO;QACT,EAAE,OAAO5B,OAAO;YACdL,QAAQK,KAAK,CAAC,qCAAqCA;YACnD,OAAO;QACT;IACF;IAEA;;GAEC,GACDiC,kBAAkBT,QAAQ,EAAEmE,UAAU,EAAE5E,OAAO,EAAE6E,UAAU,IAAI,EAAE;QAC/D,MAAMC,gBAAgB;YACpBC,SAAS;YACT9F,OAAO;gBACL+F,MAAMJ,eAAe,MAAM,CAAC,QAAQA,eAAe,MAAM,CAAC,QAAQ,CAAC;gBACnE5E;gBACA,GAAI6E,WAAW;oBAAEA;gBAAQ,CAAC;YAC5B;YACAI,IAAIxE,SAASM,IAAI,EAAEkE,MAAM;QAC3B;QAEAxE,SAASyE,SAAS,CAACN,YAAY;YAAE,gBAAgB;QAAmB;QACpEnE,SAAS0E,GAAG,CAAC5F,KAAKkF,SAAS,CAACK;IAC9B;IAEA;;GAEC,GACDZ,YAAYkB,MAAM,EAAE;QAClB,IAAI,OAAOA,WAAW,UAAU;YAC9B,OAAOA;QACT;QAEA,MAAMC,QAAQD,OAAOC,KAAK,CAAC;QAC3B,IAAI,CAACA,OAAO;YACV,OAAO,MAAM,oBAAoB;QACnC;QAEA,MAAMb,QAAQc,SAASD,KAAK,CAAC,EAAE;QAC/B,MAAME,OAAOF,KAAK,CAAC,EAAE;QACrB,MAAMG,cAAc;YAAEC,GAAG;YAAGC,GAAG;YAAIC,GAAG;YAAMC,GAAG;QAAM;QAErD,OAAOpB,QAASgB,CAAAA,WAAW,CAACD,KAAK,IAAI,IAAG;IAC1C;IAEA;;GAEC,GACDvG,uBAAuB;QACrB6G,YAAY;YACV,MAAMpD,MAAMD,KAAKC,GAAG;YACpB,MAAMY,cAAcZ,MAAO,IAAI,CAACpF,OAAO,CAACW,eAAe,GAAG;YAE1D,KAAK,MAAM,CAAC4E,KAAKU,SAAS,IAAI,IAAI,CAAC/E,cAAc,CAAC8B,OAAO,GAAI;gBAC3D,MAAMkD,gBAAgBD,SAASE,MAAM,CAACjB,CAAAA,YAAaA,YAAYc;gBAC/D,IAAIE,cAAcE,MAAM,KAAK,GAAG;oBAC9B,IAAI,CAAClF,cAAc,CAACuH,MAAM,CAAClD;gBAC7B,OAAO;oBACL,IAAI,CAACrE,cAAc,CAACqB,GAAG,CAACgD,KAAKW;gBAC/B;YACF;QACF,GAAG,QAAQ,wBAAwB;IACrC;IAEA;;GAEC,GACD,MAAMwC,WAAW;QACf,IAAI;YACF,MAAMC,QAAQ;gBACZC,kBAAkB,IAAI,CAAC7H,cAAc,CAAC0B,IAAI;gBAC1CoG,iBAAiB,IAAI,CAAC5H,iBAAiB,CAACwB,IAAI;gBAC5CqG,oBAAoB,IAAI,CAAC5H,cAAc,CAACuB,IAAI;gBAC5CsG,gBAAgB,IAAI,CAAC9I,KAAK,EAAE+I,UAAU;YACxC;YAEA,0BAA0B;YAC1B,IAAI,IAAI,CAAC/I,KAAK,EAAE+I,QAAQ;gBACtB,MAAM1E,OAAO,MAAM,IAAI,CAACrE,KAAK,CAACqE,IAAI,CAAC;gBACnCqE,MAAMM,YAAY,GAAG3E,KAAK8B,MAAM;YAClC;YAEA,OAAOuC;QACT,EAAE,OAAO/G,OAAO;YACdL,QAAQK,KAAK,CAAC,kCAAkCA;YAChD,OAAO;gBAAEA,OAAOA,MAAMe,OAAO;YAAC;QAChC;IACF;IAEA;;GAEC,GACD,MAAMuG,WAAW;QACf,IAAI;YACF,IAAI,IAAI,CAACjJ,KAAK,EAAE;gBACd,MAAM,IAAI,CAACA,KAAK,CAACkJ,IAAI;gBACrB,IAAI,CAAClJ,KAAK,GAAG;YACf;YACAsB,QAAQC,GAAG,CAAC;QACd,EAAE,OAAOI,OAAO;YACdL,QAAQK,KAAK,CAAC,6BAA6BA;QAC7C;IACF;AACF;AAEAwH,OAAOC,OAAO,GAAGtJ"}

package/dist/mcp/playwright-mcp-server-auth.js CHANGED Viewed

@@ -16,7 +16,8 @@ let AuthenticatedPlaywrightMCPServer = class AuthenticatedPlaywrightMCPServer {
         });
         // Initialize authentication middleware
         this.auth = new MCPAuthMiddleware({
-            redisUrl: options.redisUrl || process.env.CFN_REDIS_URL || process.env.MCP_REDIS_URL || `redis://${process.env.CFN_REDIS_HOST || 'cfn-redis'}:${process.env.CFN_REDIS_PORT || 6379}`,
+            // FIX: Default to 'localhost' for host execution, Docker deployments should set CFN_REDIS_HOST explicitly
+            redisUrl: options.redisUrl || process.env.CFN_REDIS_URL || process.env.MCP_REDIS_URL || `redis://${process.env.CFN_REDIS_HOST || 'localhost'}:${process.env.CFN_REDIS_PORT || 6379}`,
             authRequired: options.authRequired !== false && process.env.MCP_AUTH_REQUIRED !== 'false',
             agentConfigPath: options.agentConfigPath || process.env.MCP_AGENT_CONFIG || './config/agent-whitelist.json',
             skillConfigPath: options.skillConfigPath || process.env.MCP_SKILL_CONFIG || './config/skill-requirements.json',