fa-mcp-sdk 0.4.29 → 0.4.30

package/README.md

@@ -151,6 +151,7 @@ my-mcp-server/
 ├── FA-MCP-SDK-DOC/              # FA-MCP-SDK Documentation
 ├── scripts/                     # Utility scripts
 │   ├── npm/                     # NPM utility scripts
+│   ├── generate-jwt.js           # CLI JWT token generator
 │   ├── kill-port.js             # Port cleanup utility
 │   ├── pre-commit               # Git pre-commit hook
 │   └── remove-nul.js            # File cleanup utility
@@ -207,7 +208,9 @@ Note: The `dist/` directory (compiled JavaScript) is created after running `npm
 | `npm run test:mcp-http` | Test HTTP transport |
 | `npm run test:mcp-sse` | Test SSE transport |
 | `npm run test:mcp-stdio` | Test STDIO transport |
-| `npm run generate-token` | Generate JWT tokens |
+| `npm run generate-token` | Generate JWT tokens (Web UI) |
+| `node scripts/generate-jwt.js` | Generate JWT token (CLI) |
+| `/gen-jwt` | Generate JWT token (Claude Code skill) |
 | `npm run consul:unreg` | Deregister from Consul |
 
 
@@ -215,6 +218,7 @@ Note: The `dist/` directory (compiled JavaScript) is created after running `npm
 `http://localhost:3000` with:
 - MCP endpoints at `/mcp/*`
 - Admin panel for generating access tokens at `/admin`
+- JWT generation API at `/gen-jwt` (when `webServer.genJwtApiEnable: true`)
 - Swagger UI at `/docs`
 - Health check at `/health`
 

package/cli-template/.claude/skills/gen-jwt/SKILL.md

@@ -0,0 +1,113 @@
+---
+name: gen-jwt
+description: "Generate JWT token for MCP server authentication. Use when user asks to generate/create a JWT token, mentions 'jwt', 'token for user', 'токен для', or wants to issue access credentials."
+allowed-tools: Bash(node scripts/generate-jwt.js *), Write
+argument-hint: "[username] [ttl] [options...]"
+---
+
+# JWT Token Generator
+
+Generate a JWT token by running `node scripts/generate-jwt.js` with the appropriate parameters.
+
+## Parameter Extraction
+
+Parse `$ARGUMENTS` and the user's request to extract:
+
+1. **username** (REQUIRED) — the user the token is issued to
+2. **ttl** (REQUIRED) — token lifetime in format `<N>s | <N>m | <N>d | <N>y` (seconds, minutes, days, years)
+3. **request** (optional) — ticket/issue ID if user mentions "заявка", "тикет", "ticket", "request", "issue", "REQ-", "JIRA-" etc. The param key is always `request`
+4. **ip** (optional) — allowed IP addresses/CIDR masks, comma-separated
+5. **service** (optional) — service name, passed via `-s`
+6. **extra params** (optional) — any other key=value pairs
+
+## Interactive Flow
+
+### Step 1: Validate required params
+
+If **username** is missing or empty:
+- Tell the user: "Username is required. Please specify the user the token should be issued to."
+- Wait for response. Do not proceed without it.
+
+If **ttl** is missing, not provided, or doesn't match `<N>s | <N>m | <N>d | <N>y`:
+- Tell the user: "Token lifetime (TTL) is required in format: `<N>s` (seconds), `<N>m` (minutes), `<N>d` (days), or `<N>y` (years). For example: `30d`, `1y`, `8d`. Please specify."
+- Wait for response. Do not proceed without a valid TTL.
+
+### Step 2: Ask about optional params (only if not already provided)
+
+If the user did NOT mention a request/ticket:
+- Ask: "Привязать к заявке? (введите ID заявки или Enter чтобы пропустить)"
+- If user says "no", "skip", "нет", "-", or presses Enter — omit the `request` param.
+
+If the user did NOT mention IP restrictions:
+- Ask: "Ограничить по IP? (введите IP/CIDR через запятую или Enter чтобы пропустить)"
+- If user says "no", "skip", "нет", "-", or presses Enter — omit the `ip` param.
+
+### Step 3: Build and run the command
+
+Construct the CLI command:
+
+```
+node scripts/generate-jwt.js -u <username> -ttl <ttl> [-s <service>] [-p "<params>"]
+```
+
+The `-p` value is a semicolon-separated string of `key=value` pairs built from:
+- `request=<ticket>` (if provided)
+- `ip=<addresses>` (if provided)
+- Any extra key=value pairs from the user's message
+
+**Examples:**
+
+User: "Generate jwt for vpupkin, ticket REQ-12345, 1 year, aaa=foo, bbb=boo, IPs 10.0.0.0/24 and 192.168.1.100"
+```bash
+node scripts/generate-jwt.js -u vpupkin -ttl 1y -p "request=REQ-12345;ip=10.0.0.0/24,192.168.1.100;aaa=foo;bbb=boo"
+```
+
+User: "token for admin on 30 days"
+```bash
+node scripts/generate-jwt.js -u admin -ttl 30d
+```
+
+User: "jwt для svc-account, сервис my-mcp, на 8 дней"
+```bash
+node scripts/generate-jwt.js -u svc-account -ttl 8d -s my-mcp
+```
+
+### Step 4: Save the token to a file
+
+After running the command:
+1. Extract the token string from the output (the long hex line).
+2. Generate a timestamp in format `YYYYMMDD-HHmmss` (local time).
+3. Save the token to a file named `<timestamp>-jwt.txt` in the project root directory using the Write tool. The file should contain only the token string (no extra whitespace or newlines).
+
+### Step 5: Present the result
+
+After running the command:
+
+1. **Parse the JSON payload**: Extract the JSON object between `__PAYLOAD_JSON__` and `__END_PAYLOAD_JSON__` markers in the script output. This object contains ALL fields that were embedded in the token payload.
+
+2. **Show the executed command**: Display the exact `node scripts/generate-jwt.js ...` command with all flags that was run, so the user can copy/reproduce it.
+
+3. **Show the token**: Display the generated token string (the long hex line from the output).
+
+4. **Show the full payload table**: Render a table with ALL key-value pairs from the parsed JSON payload. Use human-readable labels where possible:
+   - `user` → User
+   - `service` → Service
+   - `ttl` → TTL
+   - `expire_iso` → Expires
+   - `iat` → Issued At
+   - `request` → Request
+   - `ip` → IP restriction
+   - Any other keys → display as-is (capitalized)
+
+5. **Show the filename** where the token was saved (e.g., `20260413-120530-jwt.txt`).
+
+## Important Rules
+
+- NEVER use AskUserQuestion with predefined options for ANY parameter. All parameters are free-form text — ask the user to type values directly in chat. Do NOT suggest choices like "admin", "service-account", "30d", "1y", etc. Just ask the question and let the user type their answer.
+- NEVER skip the interactive prompts for optional params — always ask once if not provided. But accept "skip" gracefully.
+- NEVER proceed without valid username and ttl.
+- If the user provides ttl in natural language ("1 year", "30 days", "на год"), convert it to the CLI format: `1y`, `30d`, etc.
+- Russian/English: understand both. "год/лет" = `y`, "день/дней/дня" = `d`, "минут/минуты" = `m`, "секунд" = `s`.
+- The `-p` flag value must be quoted and semicolon-separated: `"key1=val1;key2=val2"`
+- IP addresses in the `ip` param are comma-separated (no spaces after commas in the value).
+- Run the command from the project root directory.

package/cli-template/CLAUDE.md

@@ -30,9 +30,23 @@ npx jest tests/path/to/file.test.ts   # single test file
 # Utilities
 npm run check-llm          # Validate OpenAI API key for Agent Tester
 npm run generate-token     # JWT token generator UI
+
+# JWT token generation (CLI)
+node scripts/generate-jwt.js -u <username> -ttl <duration> [-s <service>] [-p <params>]
+# duration: <N>s | <N>m | <N>d | <N>y
+# example: node scripts/generate-jwt.js -u admin -ttl 30d -s my-mcp -p "role=admin;team=ops"
+
+# JWT generation API (HTTP endpoint, requires webServer.genJwtApiEnable: true)
+# POST /gen-jwt  {"username":"user","ttl":"30d","service":"svc","params":"key=val"}
+
 npm run consul:unreg       # deregister from Consul
 ```
 
+## JWT Token Generation (Skill /gen-jwt)
+
+Generate JWT tokens for MCP server authentication using the `/gen-jwt` skill. 
+Triggers: user asks to generate/create a JWT token, mentions "jwt", "token for user", "токен для", "сгенерируй токен для". 
+
 **Start/stop the server**: `npm run build && npm start`. Stop with Ctrl+C. Port is in `config/default.yaml` → `webServer.port`. Force stop: `node scripts/kill-port.js <port>`.
 
 **Server endpoints** (HTTP mode): `/mcp/*` (MCP protocol), `/docs` (Swagger UI), `/admin` (token generator), `/health`, `/agent-tester` (chat UI for testing tools).

package/cli-template/FA-MCP-SDK-DOC/00-FA-MCP-SDK-index.md

@@ -16,7 +16,7 @@ npm install fa-mcp-sdk
 | [02-1-tools-and-api](02-1-tools-and-api.md) | Tool definitions, `toolHandler`, REST API with tsoa, OpenAPI/Swagger | Creating tools, REST endpoints |
 | [02-2-prompts-and-resources](02-2-prompts-and-resources.md) | Standard/custom prompts, resources, `requireAuth` | Configuring prompts/resources |
 | [03-configuration](03-configuration.md) | `appConfig`, YAML config, cache, PostgreSQL | Server configuration, DB |
-| [04-authentication](04-authentication.md) | JWT, Basic auth, server tokens, `createAuthMW()`, Token Generator | Authentication setup |
+| [04-authentication](04-authentication.md) | JWT, Basic auth, server tokens, `createAuthMW()`, Token Generator, CLI Token Generator, JWT Generation API | Authentication setup |
 | [05-ad-authorization](05-ad-authorization.md) | AD group authorization at HTTP/tool levels | AD group restrictions |
 | [06-utilities](06-utilities.md) | `ServerError`, `normalizeHeaders`, logging, Consul, graceful shutdown | Error handling, utilities |
 | [07-testing-and-operations](07-testing-and-operations.md) | Test clients (STDIO, HTTP, SSE, Streamable HTTP) | Testing, deployment |

package/cli-template/FA-MCP-SDK-DOC/04-authentication.md

@@ -44,6 +44,30 @@ const client = new McpHttpClient('http://localhost:3000');
 const result = await client.callTool('tool', args, getAuthHeadersForTests());
 ```
 
+## Admin Panel Authentication
+
+The admin panel (`/admin`) supports 4 authentication types and can be configured with a single type or multiple types:
+
+```yaml
+# config/default.yaml
+webServer:
+  adminAuth:
+    enabled: true
+    # Single type (string)
+    type: 'basic'
+    # Or multiple types (array) — login page shows tabs to choose
+    type: ['jwtToken', 'basic']
+```
+
+**Supported types:** `permanentServerTokens`, `basic`, `jwtToken`, `ntlm`
+
+When multiple types are configured (e.g. `['jwtToken', 'basic']`), the login page shows tabs:
+- **Token** tab — for `permanentServerTokens` and `jwtToken` authentication
+- **Login** tab — for `basic` (username/password) authentication
+
+For `permanentServerTokens`, `basic`, `jwtToken` — credentials are taken from `webServer.auth` section.
+For `ntlm` — uses AD configuration from `ad.domains` section.
+
 ## Token Generator Authorization
 
 Protect `/admin/` page with custom authorization:
@@ -252,6 +276,105 @@ curl -H "Authorization: Basic $(echo -n 'admin:password' | base64)" http://local
 curl -H "X-API-Key: custom-key" http://localhost:3000/mcp
 ```
 
+## CLI Token Generator
+
+Generate JWT tokens from the command line without starting the server:
+
+```bash
+node scripts/generate-jwt.js -u <username> -ttl <duration> [-s <service>] [-p <params>]
+```
+
+| Option | ENV | Description |
+|--------|-----|-------------|
+| `-u`, `--username` | `JWT_PAYLOAD_USERNAME` | Username (required) |
+| `-ttl` | `JWT_TTL` | Token lifetime: `<N>s` \| `<N>m` \| `<N>d` \| `<N>y` (required) |
+| `-s`, `--service-name` | `JWT_PAYLOAD_SERVICE_NAME` | Service name (optional) |
+| `-p`, `--params` | `JWT_PAYLOAD_PARAMS` | Extra payload `key=value;key=value` (optional) |
+
+The `encryptKey` is read from config `webServer.auth.jwtToken.encryptKey` (via `config/local.yaml` or ENV `WS_TOKEN_ENCRYPT_KEY`).
+
+**Examples:**
+
+```bash
+# 30-day token with service name
+node scripts/generate-jwt.js -u admin -ttl 30d -s my-mcp-server
+
+# 1-year token with extra payload fields
+node scripts/generate-jwt.js -u svc-account -ttl 1y -p "role=admin;team=backend"
+
+# Via environment variables
+JWT_PAYLOAD_USERNAME=admin JWT_TTL=8d node scripts/generate-jwt.js
+```
+
+## Claude Code Skill: `/gen-jwt`
+
+Interactive JWT token generation via Claude Code. Invoke with `/gen-jwt` or natural language (e.g. "сгенерируй токен для vpupkin на 1 год").
+
+The skill parses your request for `username`, `ttl`, `service`, `request` (ticket ID), `ip`, and extra key=value params. If required params (`username`, `ttl`) are missing, it asks interactively. Optional params (`request`, `ip`) are prompted once with an option to skip.
+
+Runs `node scripts/generate-jwt.js` under the hood.
+
+**Example:**
+```
+/gen-jwt для vpupkin, по заявке REQ-12345, на 1 год, role=admin, IP 10.0.0.0/24
+```
+
+Skill location: `.claude/skills/gen-jwt/SKILL.md`
+
+## JWT Generation API
+
+HTTP endpoint for programmatic JWT token generation. Disabled by default.
+
+### Configuration
+
+```yaml
+# config/default.yaml
+webServer:
+  genJwtApiEnable: true   # Enable POST /gen-jwt endpoint
+  auth:
+    enabled: true          # Auth must be enabled — endpoint requires valid credentials
+    jwtToken:
+      encryptKey: 'your-secret-key-here'
+```
+
+Or via ENV: `WS_GEN_JWT_API_ENABLE=true`
+
+### Usage
+
+```bash
+# POST /gen-jwt with any configured auth method
+curl -X POST http://localhost:3000/gen-jwt \
+  -H "Content-Type: application/json" \
+  -u "admin:password" \
+  -d '{
+    "username": "testuser",
+    "ttl": "30d",
+    "service": "my-mcp-server",
+    "params": "role=admin;team=backend"
+  }'
+```
+
+### Request Body
+
+| Field | Type | Required | Description |
+|-------|------|----------|-------------|
+| `username` | string | yes | Username for the token |
+| `ttl` | string | yes | Token lifetime: `<N>s` \| `<N>m` \| `<N>d` \| `<N>y` |
+| `service` | string | no | Service name |
+| `params` | string \| object | no | Extra payload. String: `"key=value;key=value"`. Object: `{"key": "value"}` |
+
+### Response
+
+```json
+{
+  "success": true,
+  "token": "1718000000000.a1b2c3...",
+  "user": "testuser",
+  "expire": "2025-07-10T12:00:00.000Z",
+  "ttlSeconds": 2592000
+}
+```
+
 ## Token Generator App
 
 ```typescript

package/cli-template/package.json

@@ -50,7 +50,7 @@
   "dependencies": {
     "@modelcontextprotocol/sdk": "^1.29.0",
     "dotenv": "^17.4.1",
-    "fa-mcp-sdk": "^0.4.29"
+    "fa-mcp-sdk": "^0.4.30"
   },
   "devDependencies": {
     "@types/express": "^5.0.6",

package/config/_local.yaml

@@ -303,6 +303,13 @@ webServer:
       #> Password for HTTP Basic auth
       password: '***'
 
+  #> ========================================================================
+  #> JWT TOKEN GENERATION API
+  #> POST /gen-jwt — generates a JWT token programmatically.
+  #> Requires valid Authorization header (any method configured in webServer.auth).
+  #> ========================================================================
+  genJwtApiEnable: false
+
   #> ========================================================================
   #> ADMIN PANEL AUTHENTICATION
   #> Token generation page available at /admin endpoint
@@ -312,6 +319,11 @@ webServer:
     #> Enable/disable admin panel
     enabled: true
     #> Authentication type for admin panel: 'permanentServerTokens' | 'basic' | 'jwtToken' | 'ntlm'
+    #> Accepts a single type (string) or multiple types (array):
+    #>   type: 'basic'
+    #>   type: ['jwtToken', 'basic']
     #> For permanentServerTokens, basic, jwtToken — uses credentials from webServer.auth section
     #> For ntlm — uses AD configuration from ad.domains section (no additional credentials needed)
+    #> When multiple types are set (e.g. ['jwtToken', 'basic']), the login page shows tabs
+    #> to choose between Token and Login (username/password) authentication.
     type: 'basic'

package/config/custom-environment-variables.yaml

@@ -51,6 +51,7 @@ webServer:
     basic:
       username: WS_AUTH_BASIC_USERNAME
       password: WS_AUTH_BASIC_PASSWORD
+  genJwtApiEnable: WS_GEN_JWT_API_ENABLE
   adminAuth:
     enabled: WS_ADMIN_AUTH_ENABLED
     type: WS_ADMIN_AUTH_TYPE  # permanentServerTokens | basic | jwtToken | ntlm

package/config/default.yaml

@@ -301,6 +301,13 @@ webServer:
       #> Password for HTTP Basic auth
       password: '***'
 
+  #> ========================================================================
+  #> JWT TOKEN GENERATION API
+  #> POST /gen-jwt — generates a JWT token programmatically.
+  #> Requires valid Authorization header (any method configured in webServer.auth).
+  #> ========================================================================
+  genJwtApiEnable: false
+
   #> ========================================================================
   #> ADMIN PANEL AUTHENTICATION
   #> Token generation page available at /admin endpoint
@@ -310,6 +317,11 @@ webServer:
     #> Enable/disable admin panel
     enabled: true
     #> Authentication type for admin panel: 'permanentServerTokens' | 'basic' | 'jwtToken' | 'ntlm'
+    #> Accepts a single type (string) or multiple types (array):
+    #>   type: 'basic'
+    #>   type: ['jwtToken', 'basic']
     #> For permanentServerTokens, basic, jwtToken — uses credentials from webServer.auth section
     #> For ntlm — uses AD configuration from ad.domains section (no additional credentials needed)
+    #> When multiple types are set (e.g. ['jwtToken', 'basic']), the login page shows tabs
+    #> to choose between Token and Login (username/password) authentication.
     type: 'basic'

package/config/local.yaml

@@ -4,8 +4,8 @@ agentTester:
   showFooterLink: true  # true (default) — show Agent Tester link in home page footer; false — hide link without disabling tester
   useAuth: true
   openAi:
-    apiKey: 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
     apiKeyName: oai-aite-vvmakarov
+    apiKey: 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
     baseURL: ''
     exposeToClient: false
 
@@ -81,7 +81,7 @@ mcp:
   toolAnswerAs: text # text | structuredContent
 
 swagger:
-  servers:  # An array of servers that will be added to swagger docs
+  servers: # An array of servers that will be added to swagger docs
     - url: http://localhost:9876
       description: "Local server"
 
@@ -89,28 +89,17 @@ webServer:
   port: 9876
   auth:
     enabled: true
-    # An array of fixed tokens that pass to the MCP (use only for MCPs with green data or for development)
-    permanentServerTokens: ['test-perm-token']
+    permanentServerTokens: [ 'test-perm-token' ]
     jwtToken:
-      # Symmetric encryption key to generate a token for this MCP
       encryptKey: '66666666-7777-8888-9999-000000000000'
-      # If webServer.auth.enabled and the parameter true, the service name and the service specified in the token will be checked
       checkMCPName: true
-      # If true and JWT token contains non-empty 'ip' field,
-      # the client IP will be checked against the allowed list in the token
       isCheckIP: false
     basic:
       username: vpupkin
       password: '1'
 
-  # ========================================================================
-  # ADMIN PANEL AUTHENTICATION
-  # Token generation page available at /admin endpoint
-  # Supports 4 authentication methods: permanentServerTokens, basic, jwtToken, ntlm
-  # ========================================================================
+  genJwtApiEnable: false
   adminAuth:
-    enabled: false
-    # Authentication type for admin panel: 'permanentServerTokens' | 'basic' | 'jwtToken' | 'ntlm'
-    # For permanentServerTokens, basic, jwtToken - uses credentials from webServer.auth section
-    # For ntlm - uses AD configuration from ad.domains section (no additional credentials needed)
-    type: 'jwtToken'
+    enabled: true
+    # 'permanentServerTokens' | 'basic' | 'jwtToken' | 'ntlm'
+    type: [ 'permanentServerTokens', 'basic', 'jwtToken' ]

package/dist/core/_types_/config.d.ts

@@ -2,6 +2,7 @@ import { IAFDatabasesConfig } from 'af-db-ts';
 import { TFileLogLevel } from 'af-logger-ts';
 import { IAFConsulConfig, IAccessPoints } from 'fa-consul';
 import { IADConfig } from './active-directory-config.js';
+export type AdminAuthType = 'permanentServerTokens' | 'basic' | 'jwtToken' | 'ntlm';
 interface IWebServerConfig {
     webServer: {
         host: string;
@@ -22,8 +23,9 @@ interface IWebServerConfig {
         };
         adminAuth: {
             enabled: boolean;
-            type: 'permanentServerTokens' | 'basic' | 'jwtToken' | 'ntlm';
+            type: AdminAuthType | AdminAuthType[];
         };
+        genJwtApiEnable: boolean;
     };
 }
 interface ILoggerConfig {

package/dist/core/_types_/config.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../../src/core/_types_/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,UAAU,CAAC;AAC9C,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC7C,OAAO,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAE3D,OAAO,EAAE,SAAS,EAAE,MAAM,8BAA8B,CAAC;AAGzD,UAAU,gBAAgB;IACxB,SAAS,EAAE;QACT,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,EAAE,MAAM,CAAC;QACb,WAAW,EAAE,MAAM,EAAE,CAAC;QACtB,IAAI,EAAE;YACJ,OAAO,EAAE,OAAO,CAAC;YACjB,KAAK,CAAC,EAAE;gBACN,QAAQ,EAAE,MAAM,CAAC;gBACjB,QAAQ,EAAE,MAAM,CAAC;aAClB,CAAC;YACF,QAAQ,EAAE;gBACR,UAAU,EAAE,MAAM,CAAC;gBACnB,YAAY,EAAE,OAAO,CAAC;gBACtB,SAAS,EAAE,OAAO,CAAC;aACpB,CAAA;YACD,qBAAqB,EAAE,MAAM,EAAE,CAAC;SACjC,CAAC;QACF,SAAS,EAAE;YACT,OAAO,EAAE,OAAO,CAAC;YACjB,IAAI,EAAE,uBAAuB,GAAG,OAAO,GAAG,UAAU,GAAG,MAAM,CAAC;SAC/D,CAAC;KACH,CAAA;CACF;AAGD,UAAU,aAAa;IACrB,MAAM,EAAE;QACN,KAAK,EAAE,aAAa,CAAC;QACrB,aAAa,EAAE,OAAO,CAAC;QACvB,GAAG,CAAC,EAAE,MAAM,CAAC;KACd,CAAA;CACF;AAED,UAAU,UAAU;IAClB,GAAG,EAAE;QACH,SAAS,EAAE;YACT,WAAW,EAAE,MAAM,CAAC;YACpB,QAAQ,EAAE,MAAM,CAAC;SAClB,CAAC;QACF,YAAY,EAAE,MAAM,GAAG,mBAAmB,CAAA;QAC1C,aAAa,EAAE,OAAO,GAAG,MAAM,CAAC;KACjC,CAAA;CACF;AAED,UAAU,cAAc;IACtB,OAAO,EAAE;QACP,OAAO,CAAC,EAAE;YACR,GAAG,EAAE,MAAM,CAAC;YACZ,WAAW,EAAE,MAAM,CAAC;SACrB,EAAE,CAAC;KACL,CAAA;CACF;AAED,UAAU,kBAAkB;IAC1B,WAAW,CAAC,EAAE;QACZ,OAAO,EAAE,OAAO,CAAC;QACjB,cAAc,CAAC,EAAE,OAAO,CAAC;QACzB,OAAO,EAAE,OAAO,CAAC;QACjB,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,OAAO,CAAC,EAAE,OAAO,CAAC;QAClB,MAAM,CAAC,EAAE;YACP,MAAM,EAAE,MAAM,CAAC;YACf,OAAO,CAAC,EAAE,MAAM,CAAC;YACjB,cAAc,CAAC,EAAE,OAAO,CAAC;SAC1B,CAAC;QACF,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;KACtC,CAAA;CACF;AAED,UAAU,eAAe;IACvB,QAAQ,CAAC,EAAE;QACT,QAAQ,CAAC,EAAE;YACT,IAAI,EAAE,MAAM,CAAC;YACb,IAAI,CAAC,EAAE,MAAM,CAAC;SACf,CAAC;QACF,UAAU,CAAC,EAAE;YACX,IAAI,EAAE,MAAM,CAAC;YACb,IAAI,CAAC,EAAE,MAAM,CAAC;SACf,CAAC;KACH,CAAC;CACH;AAED,UAAU,YAAY;IACpB,KAAK,EAAE;QACL,UAAU,EAAE,GAAG,CAAC;QAChB,QAAQ,EAAE,IAAI,CAAC;KAChB,CAAA;CACF;AAED,MAAM,WAAW,SAAU,SAAQ,SAAS,EAC1C,YAAY,EACZ,aAAa,EACb,kBAAkB,EAClB,gBAAgB,EAChB,UAAU,EACV,cAAc,EACd,kBAAkB,EAClB,eAAe;IAEf,YAAY,EAAE,OAAO,CAAC;IAEtB,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IAEpB,YAAY,EAAE,aAAa,CAAC;IAC5B,MAAM,EAAE,eAAe,GAAG;QACxB,OAAO,EAAE;YACP,IAAI,EAAE,MAAM,CAAC;YACb,GAAG,EAAE,MAAM,CAAC;SACb,CAAC;KACH,CAAC;IACF,OAAO,EAAE;QACP,OAAO,EAAE,MAAM,CAAC;KACjB,CAAA;CACF"}
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../../src/core/_types_/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,UAAU,CAAC;AAC9C,OAAO,EAAE,aAAa,EAAE,MAAM,cAAc,CAAC;AAC7C,OAAO,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAE3D,OAAO,EAAE,SAAS,EAAE,MAAM,8BAA8B,CAAC;AAEzD,MAAM,MAAM,aAAa,GAAG,uBAAuB,GAAG,OAAO,GAAG,UAAU,GAAG,MAAM,CAAC;AAEpF,UAAU,gBAAgB;IACxB,SAAS,EAAE;QACT,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,EAAE,MAAM,CAAC;QACb,WAAW,EAAE,MAAM,EAAE,CAAC;QACtB,IAAI,EAAE;YACJ,OAAO,EAAE,OAAO,CAAC;YACjB,KAAK,CAAC,EAAE;gBACN,QAAQ,EAAE,MAAM,CAAC;gBACjB,QAAQ,EAAE,MAAM,CAAC;aAClB,CAAC;YACF,QAAQ,EAAE;gBACR,UAAU,EAAE,MAAM,CAAC;gBACnB,YAAY,EAAE,OAAO,CAAC;gBACtB,SAAS,EAAE,OAAO,CAAC;aACpB,CAAA;YACD,qBAAqB,EAAE,MAAM,EAAE,CAAC;SACjC,CAAC;QACF,SAAS,EAAE;YACT,OAAO,EAAE,OAAO,CAAC;YACjB,IAAI,EAAE,aAAa,GAAG,aAAa,EAAE,CAAC;SACvC,CAAC;QACF,eAAe,EAAE,OAAO,CAAC;KAC1B,CAAA;CACF;AAGD,UAAU,aAAa;IACrB,MAAM,EAAE;QACN,KAAK,EAAE,aAAa,CAAC;QACrB,aAAa,EAAE,OAAO,CAAC;QACvB,GAAG,CAAC,EAAE,MAAM,CAAC;KACd,CAAA;CACF;AAED,UAAU,UAAU;IAClB,GAAG,EAAE;QACH,SAAS,EAAE;YACT,WAAW,EAAE,MAAM,CAAC;YACpB,QAAQ,EAAE,MAAM,CAAC;SAClB,CAAC;QACF,YAAY,EAAE,MAAM,GAAG,mBAAmB,CAAA;QAC1C,aAAa,EAAE,OAAO,GAAG,MAAM,CAAC;KACjC,CAAA;CACF;AAED,UAAU,cAAc;IACtB,OAAO,EAAE;QACP,OAAO,CAAC,EAAE;YACR,GAAG,EAAE,MAAM,CAAC;YACZ,WAAW,EAAE,MAAM,CAAC;SACrB,EAAE,CAAC;KACL,CAAA;CACF;AAED,UAAU,kBAAkB;IAC1B,WAAW,CAAC,EAAE;QACZ,OAAO,EAAE,OAAO,CAAC;QACjB,cAAc,CAAC,EAAE,OAAO,CAAC;QACzB,OAAO,EAAE,OAAO,CAAC;QACjB,YAAY,CAAC,EAAE,MAAM,CAAC;QACtB,OAAO,CAAC,EAAE,OAAO,CAAC;QAClB,MAAM,CAAC,EAAE;YACP,MAAM,EAAE,MAAM,CAAC;YACf,OAAO,CAAC,EAAE,MAAM,CAAC;YACjB,cAAc,CAAC,EAAE,OAAO,CAAC;SAC1B,CAAC;QACF,WAAW,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;KACtC,CAAA;CACF;AAED,UAAU,eAAe;IACvB,QAAQ,CAAC,EAAE;QACT,QAAQ,CAAC,EAAE;YACT,IAAI,EAAE,MAAM,CAAC;YACb,IAAI,CAAC,EAAE,MAAM,CAAC;SACf,CAAC;QACF,UAAU,CAAC,EAAE;YACX,IAAI,EAAE,MAAM,CAAC;YACb,IAAI,CAAC,EAAE,MAAM,CAAC;SACf,CAAC;KACH,CAAC;CACH;AAED,UAAU,YAAY;IACpB,KAAK,EAAE;QACL,UAAU,EAAE,GAAG,CAAC;QAChB,QAAQ,EAAE,IAAI,CAAC;KAChB,CAAA;CACF;AAED,MAAM,WAAW,SAAU,SAAQ,SAAS,EAC1C,YAAY,EACZ,aAAa,EACb,kBAAkB,EAClB,gBAAgB,EAChB,UAAU,EACV,cAAc,EACd,kBAAkB,EAClB,eAAe;IAEf,YAAY,EAAE,OAAO,CAAC;IAEtB,IAAI,EAAE,MAAM,CAAC;IACb,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IAEpB,YAAY,EAAE,aAAa,CAAC;IAC5B,MAAM,EAAE,eAAe,GAAG;QACxB,OAAO,EAAE;YACP,IAAI,EAAE,MAAM,CAAC;YACb,GAAG,EAAE,MAAM,CAAC;SACb,CAAC;KACH,CAAC;IACF,OAAO,EAAE;QACP,OAAO,EAAE,MAAM,CAAC;KACjB,CAAA;CACF"}

package/dist/core/auth/admin-auth.d.ts

@@ -1,14 +1,25 @@
 /**
  * Admin panel authentication middleware
  * Supports 4 authentication types: permanentServerTokens, basic, jwtToken, ntlm
+ * adminAuth.type accepts a single type or an array of types
  */
 import { RequestHandler } from 'express';
-export type AdminAuthType = 'permanentServerTokens' | 'basic' | 'jwtToken' | 'ntlm';
+import { AdminAuthType } from '../_types_/config.js';
+export type { AdminAuthType };
+/**
+ * Normalizes adminAuth.type to an array
+ */
+export declare function getAdminAuthTypes(): AdminAuthType[];
 /**
  * Validates admin auth configuration
  * Returns error message if configuration is invalid, null if valid
  */
 export declare function validateAdminAuthConfig(): string | null;
+/**
+ * Returns the list of auth methods available for the admin login UI.
+ * Maps auth types to UI categories: 'token' (permanentServerTokens, jwtToken) or 'basic'.
+ */
+export declare function getAdminAuthMethods(): string[];
 /**
  * Creates admin authentication middleware based on adminAuth.type config
  */

package/dist/core/auth/admin-auth.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"admin-auth.d.ts","sourceRoot":"","sources":["../../../src/core/auth/admin-auth.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAGH,OAAO,EAAmC,cAAc,EAAE,MAAM,SAAS,CAAC;AAc1E,MAAM,MAAM,aAAa,GAAG,uBAAuB,GAAG,OAAO,GAAG,UAAU,GAAG,MAAM,CAAC;AAGpF;;;GAGG;AACH,wBAAgB,uBAAuB,IAAK,MAAM,GAAG,IAAI,CA8CxD;AAED;;GAEG;AACH,wBAAgB,iBAAiB,IAAK,cAAc,EAAE,CA0FrD"}
+{"version":3,"file":"admin-auth.d.ts","sourceRoot":"","sources":["../../../src/core/auth/admin-auth.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EAAmC,cAAc,EAAE,MAAM,SAAS,CAAC;AAE1E,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAarD,YAAY,EAAE,aAAa,EAAE,CAAC;AAG9B;;GAEG;AACH,wBAAgB,iBAAiB,IAAK,aAAa,EAAE,CAGpD;AA6CD;;;GAGG;AACH,wBAAgB,uBAAuB,IAAK,MAAM,GAAG,IAAI,CAgBxD;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,IAAK,MAAM,EAAE,CAa/C;AAsCD;;GAEG;AACH,wBAAgB,iBAAiB,IAAK,cAAc,EAAE,CA8DrD"}