gitlab-mcp-test 6.62.1

package/dist/src/main.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/dist/src/main.js

@@ -0,0 +1,219 @@
+#!/usr/bin/env node
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+const server_1 = require("./server");
+const logger_1 = require("./logger");
+const config_1 = require("./oauth/config");
+const profiles_1 = require("./profiles");
+const cli_utils_1 = require("./cli-utils");
+const discovery_1 = require("./discovery");
+const namespace_1 = require("./utils/namespace");
+async function main() {
+    const cliArgs = (0, cli_utils_1.parseCliArgs)();
+    if (cliArgs.setup) {
+        const { runSetupWizard } = await Promise.resolve().then(() => __importStar(require("./cli/setup")));
+        const result = await runSetupWizard({ mode: cliArgs.setupMode });
+        process.exit(result.success ? 0 : 1);
+    }
+    if (cliArgs.init) {
+        const { runSetupWizard } = await Promise.resolve().then(() => __importStar(require("./cli/setup")));
+        const result = await runSetupWizard({ mode: "local" });
+        process.exit(result.success ? 0 : 1);
+    }
+    if (cliArgs.install) {
+        const { runInstallCommand, parseInstallFlags, buildServerConfigFromEnv } = await Promise.resolve().then(() => __importStar(require("./cli/install")));
+        const flags = parseInstallFlags(cliArgs.installArgs);
+        const serverConfig = buildServerConfigFromEnv();
+        await runInstallCommand(serverConfig, flags);
+        process.exit(0);
+    }
+    if (cliArgs.docker) {
+        if (cliArgs.dockerArgs[0] === "init") {
+            const { runSetupWizard } = await Promise.resolve().then(() => __importStar(require("./cli/setup")));
+            const result = await runSetupWizard({ mode: "server" });
+            process.exit(result.success ? 0 : 1);
+            return;
+        }
+        const { runDockerCommand } = await Promise.resolve().then(() => __importStar(require("./cli/docker")));
+        await runDockerCommand(cliArgs.dockerArgs);
+        process.exit(0);
+    }
+    if (cliArgs.showProjectConfig) {
+        try {
+            const projectConfig = await (0, profiles_1.findProjectConfig)(process.cwd());
+            (0, cli_utils_1.displayProjectConfig)(projectConfig);
+            process.exit(0);
+        }
+        catch (error) {
+            const message = error instanceof Error ? error.message : String(error);
+            (0, logger_1.logError)("Failed to load project config", { error: message });
+            process.exit(1);
+        }
+    }
+    let autoDiscoveryResult = null;
+    if (cliArgs.auto) {
+        try {
+            autoDiscoveryResult = await (0, discovery_1.autoDiscover)({
+                repoPath: cliArgs.cwd,
+                remoteName: cliArgs.remoteName,
+                noProjectConfig: true,
+                dryRun: cliArgs.dryRun,
+            });
+            if (autoDiscoveryResult) {
+                if (cliArgs.dryRun) {
+                    console.log((0, discovery_1.formatDiscoveryResult)(autoDiscoveryResult));
+                    process.exit(0);
+                }
+                (0, logger_1.logInfo)("Auto-discovery detected GitLab configuration", {
+                    host: autoDiscoveryResult.host,
+                    project: autoDiscoveryResult.projectPath,
+                    profile: autoDiscoveryResult.matchedProfile?.profileName,
+                });
+            }
+            else {
+                (0, logger_1.logWarn)("Auto-discovery failed: not in a git repository or no remote found");
+            }
+        }
+        catch (error) {
+            const message = error instanceof Error ? error.message : String(error);
+            (0, logger_1.logError)("Auto-discovery failed", { error: message });
+            process.exit(1);
+        }
+    }
+    if (cliArgs.profileName) {
+        try {
+            const result = await (0, profiles_1.tryApplyProfileFromEnv)(cliArgs.profileName);
+            if (result) {
+                if ("profileName" in result) {
+                    (0, logger_1.logInfo)("Using CLI-specified profile", {
+                        profile: result.profileName,
+                        host: result.host,
+                    });
+                }
+                else {
+                    (0, logger_1.logInfo)("Using CLI-specified preset", { preset: result.presetName });
+                }
+                if (autoDiscoveryResult?.matchedProfile &&
+                    autoDiscoveryResult.matchedProfile.profileName !== cliArgs.profileName) {
+                    (0, logger_1.logWarn)("Auto-discovered profile ignored: --profile takes precedence", {
+                        cliProfile: cliArgs.profileName,
+                        autoProfile: autoDiscoveryResult.matchedProfile.profileName,
+                    });
+                }
+            }
+        }
+        catch (error) {
+            const message = error instanceof Error ? error.message : String(error);
+            (0, logger_1.logError)("Failed to load profile", { error: message });
+            process.exit(1);
+        }
+    }
+    else if (autoDiscoveryResult?.matchedProfile) {
+        try {
+            const result = await (0, profiles_1.tryApplyProfileFromEnv)(autoDiscoveryResult.matchedProfile.profileName);
+            if (result && "profileName" in result) {
+                (0, logger_1.logInfo)("Using auto-discovered profile", {
+                    profile: result.profileName,
+                    host: result.host,
+                });
+            }
+        }
+        catch (error) {
+            const message = error instanceof Error ? error.message : String(error);
+            (0, logger_1.logWarn)("Failed to apply auto-discovered profile", { error: message });
+        }
+    }
+    else {
+        try {
+            const result = await (0, profiles_1.tryApplyProfileFromEnv)();
+            if (result) {
+                if ("profileName" in result) {
+                    (0, logger_1.logInfo)("Using configuration profile", {
+                        profile: result.profileName,
+                        host: result.host,
+                    });
+                }
+                else {
+                    (0, logger_1.logInfo)("Using configuration preset", { preset: result.presetName });
+                }
+            }
+        }
+        catch (error) {
+            const message = error instanceof Error ? error.message : String(error);
+            (0, logger_1.logError)("Failed to load profile", { error: message });
+            process.exit(1);
+        }
+    }
+    if (!cliArgs.noProjectConfig) {
+        try {
+            const projectConfig = await (0, profiles_1.findProjectConfig)(process.cwd());
+            if (projectConfig) {
+                const summary = (0, profiles_1.getProjectConfigSummary)(projectConfig);
+                (0, logger_1.logInfo)("Loaded project configuration (restrictions applied)", {
+                    path: projectConfig.configPath,
+                    preset: summary.presetSummary,
+                    profile: summary.profileSummary,
+                });
+            }
+        }
+        catch (error) {
+            const message = error instanceof Error ? error.message : String(error);
+            (0, logger_1.logWarn)("Failed to load project config, continuing without it", { error: message });
+        }
+    }
+    if (autoDiscoveryResult) {
+        process.env.GITLAB_DEFAULT_PROJECT ??= autoDiscoveryResult.projectPath;
+        const namespace = (0, namespace_1.extractNamespaceFromPath)(autoDiscoveryResult.projectPath);
+        if (namespace) {
+            process.env.GITLAB_DEFAULT_NAMESPACE ??= namespace;
+        }
+        (0, logger_1.logDebug)("Default context set from auto-discovery", {
+            defaultProject: process.env.GITLAB_DEFAULT_PROJECT,
+            defaultNamespace: process.env.GITLAB_DEFAULT_NAMESPACE,
+        });
+    }
+    await (0, server_1.startServer)();
+}
+main().catch((error) => {
+    if (error instanceof config_1.ConfigurationError) {
+        console.error(error.guidance);
+    }
+    else {
+        (0, logger_1.logError)("Failed to start GitLab MCP Server", { error: String(error) });
+    }
+    process.exit(1);
+});
+//# sourceMappingURL=main.js.map

package/dist/src/main.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"main.js","sourceRoot":"","sources":["../../src/main.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEA,qCAAuC;AACvC,qCAAgE;AAChE,2CAAoD;AACpD,yCAAgG;AAChG,2CAAiE;AACjE,2CAAuF;AACvF,iDAA6D;AAkB7D,KAAK,UAAU,IAAI;IACjB,MAAM,OAAO,GAAG,IAAA,wBAAY,GAAE,CAAC;IAG/B,IAAI,OAAO,CAAC,KAAK,EAAE,CAAC;QAClB,MAAM,EAAE,cAAc,EAAE,GAAG,wDAAa,aAAa,GAAC,CAAC;QACvD,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,EAAE,IAAI,EAAE,OAAO,CAAC,SAAS,EAAE,CAAC,CAAC;QACjE,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACvC,CAAC;IAGD,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QACjB,MAAM,EAAE,cAAc,EAAE,GAAG,wDAAa,aAAa,GAAC,CAAC;QACvD,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;QACvD,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACvC,CAAC;IAGD,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;QACpB,MAAM,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,wBAAwB,EAAE,GACtE,wDAAa,eAAe,GAAC,CAAC;QAChC,MAAM,KAAK,GAAG,iBAAiB,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;QACrD,MAAM,YAAY,GAAG,wBAAwB,EAAE,CAAC;QAChD,MAAM,iBAAiB,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC;QAC7C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAGD,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;QAEnB,IAAI,OAAO,CAAC,UAAU,CAAC,CAAC,CAAC,KAAK,MAAM,EAAE,CAAC;YACrC,MAAM,EAAE,cAAc,EAAE,GAAG,wDAAa,aAAa,GAAC,CAAC;YACvD,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC;YACxD,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YACrC,OAAO;QACT,CAAC;QACD,MAAM,EAAE,gBAAgB,EAAE,GAAG,wDAAa,cAAc,GAAC,CAAC;QAC1D,MAAM,gBAAgB,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QAC3C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAGD,IAAI,OAAO,CAAC,iBAAiB,EAAE,CAAC;QAC9B,IAAI,CAAC;YACH,MAAM,aAAa,GAAG,MAAM,IAAA,4BAAiB,EAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;YAC7D,IAAA,gCAAoB,EAAC,aAAa,CAAC,CAAC;YACpC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACvE,IAAA,iBAAQ,EAAC,+BAA+B,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;YAC9D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAGD,IAAI,mBAAmB,GAA+B,IAAI,CAAC;IAG3D,IAAI,OAAO,CAAC,IAAI,EAAE,CAAC;QACjB,IAAI,CAAC;YACH,mBAAmB,GAAG,MAAM,IAAA,wBAAY,EAAC;gBACvC,QAAQ,EAAE,OAAO,CAAC,GAAG;gBACrB,UAAU,EAAE,OAAO,CAAC,UAAU;gBAC9B,eAAe,EAAE,IAAI;gBACrB,MAAM,EAAE,OAAO,CAAC,MAAM;aACvB,CAAC,CAAC;YAEH,IAAI,mBAAmB,EAAE,CAAC;gBAExB,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;oBACnB,OAAO,CAAC,GAAG,CAAC,IAAA,iCAAqB,EAAC,mBAAmB,CAAC,CAAC,CAAC;oBACxD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gBAClB,CAAC;gBAED,IAAA,gBAAO,EAAC,8CAA8C,EAAE;oBACtD,IAAI,EAAE,mBAAmB,CAAC,IAAI;oBAC9B,OAAO,EAAE,mBAAmB,CAAC,WAAW;oBACxC,OAAO,EAAE,mBAAmB,CAAC,cAAc,EAAE,WAAW;iBACzD,CAAC,CAAC;YACL,CAAC;iBAAM,CAAC;gBACN,IAAA,gBAAO,EAAC,mEAAmE,CAAC,CAAC;YAC/E,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACvE,IAAA,iBAAQ,EAAC,uBAAuB,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;YACtD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAGD,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;QAExB,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAA,iCAAsB,EAAC,OAAO,CAAC,WAAW,CAAC,CAAC;YACjE,IAAI,MAAM,EAAE,CAAC;gBACX,IAAI,aAAa,IAAI,MAAM,EAAE,CAAC;oBAC5B,IAAA,gBAAO,EAAC,6BAA6B,EAAE;wBACrC,OAAO,EAAE,MAAM,CAAC,WAAW;wBAC3B,IAAI,EAAE,MAAM,CAAC,IAAI;qBAClB,CAAC,CAAC;gBACL,CAAC;qBAAM,CAAC;oBACN,IAAA,gBAAO,EAAC,4BAA4B,EAAE,EAAE,MAAM,EAAE,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC;gBACvE,CAAC;gBAGD,IACE,mBAAmB,EAAE,cAAc;oBACnC,mBAAmB,CAAC,cAAc,CAAC,WAAW,KAAK,OAAO,CAAC,WAAW,EACtE,CAAC;oBACD,IAAA,gBAAO,EAAC,6DAA6D,EAAE;wBACrE,UAAU,EAAE,OAAO,CAAC,WAAW;wBAC/B,WAAW,EAAE,mBAAmB,CAAC,cAAc,CAAC,WAAW;qBAC5D,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACvE,IAAA,iBAAQ,EAAC,wBAAwB,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;YACvD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;SAAM,IAAI,mBAAmB,EAAE,cAAc,EAAE,CAAC;QAE/C,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAA,iCAAsB,EAAC,mBAAmB,CAAC,cAAc,CAAC,WAAW,CAAC,CAAC;YAC5F,IAAI,MAAM,IAAI,aAAa,IAAI,MAAM,EAAE,CAAC;gBACtC,IAAA,gBAAO,EAAC,+BAA+B,EAAE;oBACvC,OAAO,EAAE,MAAM,CAAC,WAAW;oBAC3B,IAAI,EAAE,MAAM,CAAC,IAAI;iBAClB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACvE,IAAA,gBAAO,EAAC,yCAAyC,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;QACzE,CAAC;IACH,CAAC;SAAM,CAAC;QAEN,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAA,iCAAsB,GAAE,CAAC;YAC9C,IAAI,MAAM,EAAE,CAAC;gBACX,IAAI,aAAa,IAAI,MAAM,EAAE,CAAC;oBAC5B,IAAA,gBAAO,EAAC,6BAA6B,EAAE;wBACrC,OAAO,EAAE,MAAM,CAAC,WAAW;wBAC3B,IAAI,EAAE,MAAM,CAAC,IAAI;qBAClB,CAAC,CAAC;gBACL,CAAC;qBAAM,CAAC;oBACN,IAAA,gBAAO,EAAC,4BAA4B,EAAE,EAAE,MAAM,EAAE,MAAM,CAAC,UAAU,EAAE,CAAC,CAAC;gBACvE,CAAC;YACH,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACvE,IAAA,iBAAQ,EAAC,wBAAwB,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;YACvD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAGD,IAAI,CAAC,OAAO,CAAC,eAAe,EAAE,CAAC;QAC7B,IAAI,CAAC;YACH,MAAM,aAAa,GAAG,MAAM,IAAA,4BAAiB,EAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;YAC7D,IAAI,aAAa,EAAE,CAAC;gBAClB,MAAM,OAAO,GAAG,IAAA,kCAAuB,EAAC,aAAa,CAAC,CAAC;gBACvD,IAAA,gBAAO,EAAC,qDAAqD,EAAE;oBAC7D,IAAI,EAAE,aAAa,CAAC,UAAU;oBAC9B,MAAM,EAAE,OAAO,CAAC,aAAa;oBAC7B,OAAO,EAAE,OAAO,CAAC,cAAc;iBAChC,CAAC,CAAC;YAKL,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACvE,IAAA,gBAAO,EAAC,sDAAsD,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;QACtF,CAAC;IACH,CAAC;IAGD,IAAI,mBAAmB,EAAE,CAAC;QAExB,OAAO,CAAC,GAAG,CAAC,sBAAsB,KAAK,mBAAmB,CAAC,WAAW,CAAC;QAGvE,MAAM,SAAS,GAAG,IAAA,oCAAwB,EAAC,mBAAmB,CAAC,WAAW,CAAC,CAAC;QAC5E,IAAI,SAAS,EAAE,CAAC;YACd,OAAO,CAAC,GAAG,CAAC,wBAAwB,KAAK,SAAS,CAAC;QACrD,CAAC;QAED,IAAA,iBAAQ,EAAC,yCAAyC,EAAE;YAClD,cAAc,EAAE,OAAO,CAAC,GAAG,CAAC,sBAAsB;YAClD,gBAAgB,EAAE,OAAO,CAAC,GAAG,CAAC,wBAAwB;SACvD,CAAC,CAAC;IACL,CAAC;IAGD,MAAM,IAAA,oBAAW,GAAE,CAAC;AACtB,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,KAAc,EAAE,EAAE;IAE9B,IAAI,KAAK,YAAY,2BAAkB,EAAE,CAAC;QACxC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;IAChC,CAAC;SAAM,CAAC;QACN,IAAA,iBAAQ,EAAC,mCAAmC,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;IAC1E,CAAC;IACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/dist/src/middleware/index.d.ts

@@ -0,0 +1,2 @@
+export { oauthAuthMiddleware, createOAuthMiddleware, optionalOAuthMiddleware } from "./oauth-auth";
+export { rateLimiterMiddleware, stopCleanup as stopRateLimitCleanup, getRateLimitStats, } from "./rate-limiter";

package/dist/src/middleware/index.js

@@ -0,0 +1,12 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getRateLimitStats = exports.stopRateLimitCleanup = exports.rateLimiterMiddleware = exports.optionalOAuthMiddleware = exports.createOAuthMiddleware = exports.oauthAuthMiddleware = void 0;
+var oauth_auth_1 = require("./oauth-auth");
+Object.defineProperty(exports, "oauthAuthMiddleware", { enumerable: true, get: function () { return oauth_auth_1.oauthAuthMiddleware; } });
+Object.defineProperty(exports, "createOAuthMiddleware", { enumerable: true, get: function () { return oauth_auth_1.createOAuthMiddleware; } });
+Object.defineProperty(exports, "optionalOAuthMiddleware", { enumerable: true, get: function () { return oauth_auth_1.optionalOAuthMiddleware; } });
+var rate_limiter_1 = require("./rate-limiter");
+Object.defineProperty(exports, "rateLimiterMiddleware", { enumerable: true, get: function () { return rate_limiter_1.rateLimiterMiddleware; } });
+Object.defineProperty(exports, "stopRateLimitCleanup", { enumerable: true, get: function () { return rate_limiter_1.stopCleanup; } });
+Object.defineProperty(exports, "getRateLimitStats", { enumerable: true, get: function () { return rate_limiter_1.getRateLimitStats; } });
+//# sourceMappingURL=index.js.map

package/dist/src/middleware/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/middleware/index.ts"],"names":[],"mappings":";;;AAMA,2CAAmG;AAA1F,iHAAA,mBAAmB,OAAA;AAAE,mHAAA,qBAAqB,OAAA;AAAE,qHAAA,uBAAuB,OAAA;AAC5E,+CAIwB;AAHtB,qHAAA,qBAAqB,OAAA;AACrB,oHAAA,WAAW,OAAwB;AACnC,iHAAA,iBAAiB,OAAA"}

package/dist/src/middleware/oauth-auth.d.ts

@@ -0,0 +1,4 @@
+import { Request, Response, NextFunction } from "express";
+export declare function oauthAuthMiddleware(req: Request, res: Response, next: NextFunction): Promise<void>;
+export declare function createOAuthMiddleware(): typeof oauthAuthMiddleware;
+export declare function optionalOAuthMiddleware(req: Request, res: Response, next: NextFunction): Promise<void>;

package/dist/src/middleware/oauth-auth.js

@@ -0,0 +1,137 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.oauthAuthMiddleware = oauthAuthMiddleware;
+exports.createOAuthMiddleware = createOAuthMiddleware;
+exports.optionalOAuthMiddleware = optionalOAuthMiddleware;
+const config_1 = require("../oauth/config");
+const session_store_1 = require("../oauth/session-store");
+const token_utils_1 = require("../oauth/token-utils");
+const gitlab_device_flow_1 = require("../oauth/gitlab-device-flow");
+const metadata_1 = require("../oauth/endpoints/metadata");
+const logger_1 = require("../logger");
+const request_logger_1 = require("../utils/request-logger");
+const config_2 = require("../config");
+async function oauthAuthMiddleware(req, res, next) {
+    const config = (0, config_1.loadOAuthConfig)();
+    if (!config) {
+        sendUnauthorized(req, res, "server_error", "OAuth not configured");
+        return;
+    }
+    const authHeader = req.headers.authorization;
+    if (!authHeader) {
+        sendUnauthorized(req, res, "unauthorized", "Missing Authorization header");
+        return;
+    }
+    if (!authHeader.startsWith("Bearer ")) {
+        sendUnauthorized(req, res, "unauthorized", "Invalid Authorization header format. Expected: Bearer <token>");
+        return;
+    }
+    const token = authHeader.slice(7);
+    if (!token) {
+        sendUnauthorized(req, res, "unauthorized", "Empty Bearer token");
+        return;
+    }
+    const payload = (0, token_utils_1.verifyMCPToken)(token, config.sessionSecret);
+    if (!payload) {
+        sendUnauthorized(req, res, "invalid_token", "Token is invalid or expired");
+        return;
+    }
+    const sessionId = payload.sid;
+    const session = session_store_1.sessionStore.getSession(sessionId);
+    if (!session) {
+        sendUnauthorized(req, res, "invalid_token", "Session not found or expired");
+        return;
+    }
+    if (session.mcpAccessToken !== token) {
+        sendUnauthorized(req, res, "invalid_token", "Token has been superseded");
+        return;
+    }
+    if ((0, token_utils_1.isTokenExpiringSoon)(session.gitlabTokenExpiry)) {
+        try {
+            const newTokens = await (0, gitlab_device_flow_1.refreshGitLabToken)(session.gitlabRefreshToken, config);
+            session_store_1.sessionStore.updateSession(sessionId, {
+                gitlabAccessToken: newTokens.access_token,
+                gitlabRefreshToken: newTokens.refresh_token,
+                gitlabTokenExpiry: (0, token_utils_1.calculateTokenExpiry)(newTokens.expires_in),
+            });
+            (0, logger_1.logDebug)("GitLab token refreshed during request", {
+                sessionId: (0, logger_1.truncateId)(sessionId),
+            });
+        }
+        catch (error) {
+            (0, logger_1.logError)("Failed to refresh GitLab token during request", { err: error });
+            sendUnauthorized(req, res, "invalid_token", "GitLab token refresh failed. Please re-authenticate.");
+            return;
+        }
+    }
+    const updatedSession = session_store_1.sessionStore.getSession(sessionId);
+    if (!updatedSession) {
+        sendUnauthorized(req, res, "invalid_token", "Session lost during token refresh");
+        return;
+    }
+    res.locals.oauthSessionId = updatedSession.id;
+    res.locals.gitlabToken = updatedSession.gitlabAccessToken;
+    res.locals.gitlabUserId = updatedSession.gitlabUserId;
+    res.locals.gitlabUsername = updatedSession.gitlabUsername;
+    res.locals.gitlabApiUrl = updatedSession.gitlabApiUrl ?? config_2.GITLAB_BASE_URL;
+    res.locals.instanceLabel = updatedSession.instanceLabel;
+    (0, logger_1.logDebug)("OAuth session validated, passing to route handler", {
+        sessionId: (0, logger_1.truncateId)(updatedSession.id),
+        method: req.method,
+        path: req.path,
+    });
+    next();
+}
+function createOAuthMiddleware() {
+    return oauthAuthMiddleware;
+}
+async function optionalOAuthMiddleware(req, res, next) {
+    const config = (0, config_1.loadOAuthConfig)();
+    if (!config) {
+        next();
+        return;
+    }
+    const authHeader = req.headers.authorization;
+    if (!authHeader?.startsWith("Bearer ")) {
+        next();
+        return;
+    }
+    const token = authHeader.slice(7);
+    if (!token) {
+        next();
+        return;
+    }
+    const payload = (0, token_utils_1.verifyMCPToken)(token, config.sessionSecret);
+    if (!payload) {
+        next();
+        return;
+    }
+    const session = session_store_1.sessionStore.getSession(payload.sid);
+    if (session?.mcpAccessToken !== token) {
+        next();
+        return;
+    }
+    res.locals.oauthSessionId = session.id;
+    res.locals.gitlabToken = session.gitlabAccessToken;
+    res.locals.gitlabUserId = session.gitlabUserId;
+    res.locals.gitlabUsername = session.gitlabUsername;
+    res.locals.gitlabApiUrl = session.gitlabApiUrl ?? config_2.GITLAB_BASE_URL;
+    res.locals.instanceLabel = session.instanceLabel;
+    next();
+}
+function sendUnauthorized(req, res, error, description) {
+    (0, logger_1.logWarn)("Authentication rejected", {
+        event: "auth_rejected",
+        ...(0, request_logger_1.getMinimalRequestContext)(req),
+        reason: error,
+        description,
+    });
+    const response = {
+        error,
+        error_description: description,
+    };
+    const baseUrl = (0, metadata_1.getBaseUrl)(req);
+    res.setHeader("WWW-Authenticate", `Bearer realm="gitlab-mcp", resource_metadata="${baseUrl}/.well-known/oauth-protected-resource"`);
+    res.status(401).json(response);
+}
+//# sourceMappingURL=oauth-auth.js.map

package/dist/src/middleware/oauth-auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-auth.js","sourceRoot":"","sources":["../../../src/middleware/oauth-auth.ts"],"names":[],"mappings":";;AAmCA,kDAoHC;AAQD,sDAEC;AAWD,0DAiDC;AA9MD,4CAAkD;AAClD,0DAAsD;AACtD,sDAAiG;AACjG,oEAAiE;AACjE,0DAAyD;AACzD,sCAAoE;AAEpE,4DAAmE;AACnE,sCAA4C;AAYrC,KAAK,UAAU,mBAAmB,CACvC,GAAY,EACZ,GAAa,EACb,IAAkB;IAElB,MAAM,MAAM,GAAG,IAAA,wBAAe,GAAE,CAAC;IACjC,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,gBAAgB,CAAC,GAAG,EAAE,GAAG,EAAE,cAAc,EAAE,sBAAsB,CAAC,CAAC;QACnE,OAAO;IACT,CAAC;IAGD,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC;IAC7C,IAAI,CAAC,UAAU,EAAE,CAAC;QAChB,gBAAgB,CAAC,GAAG,EAAE,GAAG,EAAE,cAAc,EAAE,8BAA8B,CAAC,CAAC;QAC3E,OAAO;IACT,CAAC;IAED,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QACtC,gBAAgB,CACd,GAAG,EACH,GAAG,EACH,cAAc,EACd,+DAA+D,CAChE,CAAC;QACF,OAAO;IACT,CAAC;IAED,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAElC,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,gBAAgB,CAAC,GAAG,EAAE,GAAG,EAAE,cAAc,EAAE,oBAAoB,CAAC,CAAC;QACjE,OAAO;IACT,CAAC;IAGD,MAAM,OAAO,GAAG,IAAA,4BAAc,EAAC,KAAK,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC;IAC5D,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,gBAAgB,CAAC,GAAG,EAAE,GAAG,EAAE,eAAe,EAAE,6BAA6B,CAAC,CAAC;QAC3E,OAAO;IACT,CAAC;IAGD,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC;IAC9B,MAAM,OAAO,GAAG,4BAAY,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IAEnD,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,gBAAgB,CAAC,GAAG,EAAE,GAAG,EAAE,eAAe,EAAE,8BAA8B,CAAC,CAAC;QAC5E,OAAO;IACT,CAAC;IAGD,IAAI,OAAO,CAAC,cAAc,KAAK,KAAK,EAAE,CAAC;QAErC,gBAAgB,CAAC,GAAG,EAAE,GAAG,EAAE,eAAe,EAAE,2BAA2B,CAAC,CAAC;QACzE,OAAO;IACT,CAAC;IAGD,IAAI,IAAA,iCAAmB,EAAC,OAAO,CAAC,iBAAiB,CAAC,EAAE,CAAC;QACnD,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,MAAM,IAAA,uCAAkB,EAAC,OAAO,CAAC,kBAAkB,EAAE,MAAM,CAAC,CAAC;YAE/E,4BAAY,CAAC,aAAa,CAAC,SAAS,EAAE;gBACpC,iBAAiB,EAAE,SAAS,CAAC,YAAY;gBACzC,kBAAkB,EAAE,SAAS,CAAC,aAAa;gBAC3C,iBAAiB,EAAE,IAAA,kCAAoB,EAAC,SAAS,CAAC,UAAU,CAAC;aAC9D,CAAC,CAAC;YAEH,IAAA,iBAAQ,EAAC,uCAAuC,EAAE;gBAChD,SAAS,EAAE,IAAA,mBAAU,EAAC,SAAS,CAAC;aACjC,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAc,EAAE,CAAC;YACxB,IAAA,iBAAQ,EAAC,+CAA+C,EAAE,EAAE,GAAG,EAAE,KAAc,EAAE,CAAC,CAAC;YACnF,gBAAgB,CACd,GAAG,EACH,GAAG,EACH,eAAe,EACf,sDAAsD,CACvD,CAAC;YACF,OAAO;QACT,CAAC;IACH,CAAC;IAGD,MAAM,cAAc,GAAG,4BAAY,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IAC1D,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,gBAAgB,CAAC,GAAG,EAAE,GAAG,EAAE,eAAe,EAAE,mCAAmC,CAAC,CAAC;QACjF,OAAO;IACT,CAAC;IAWD,GAAG,CAAC,MAAM,CAAC,cAAc,GAAG,cAAc,CAAC,EAAE,CAAC;IAC9C,GAAG,CAAC,MAAM,CAAC,WAAW,GAAG,cAAc,CAAC,iBAAiB,CAAC;IAC1D,GAAG,CAAC,MAAM,CAAC,YAAY,GAAG,cAAc,CAAC,YAAY,CAAC;IACtD,GAAG,CAAC,MAAM,CAAC,cAAc,GAAG,cAAc,CAAC,cAAc,CAAC;IAE1D,GAAG,CAAC,MAAM,CAAC,YAAY,GAAG,cAAc,CAAC,YAAY,IAAI,wBAAe,CAAC;IACzE,GAAG,CAAC,MAAM,CAAC,aAAa,GAAG,cAAc,CAAC,aAAa,CAAC;IAExD,IAAA,iBAAQ,EAAC,mDAAmD,EAAE;QAC5D,SAAS,EAAE,IAAA,mBAAU,EAAC,cAAc,CAAC,EAAE,CAAC;QACxC,MAAM,EAAE,GAAG,CAAC,MAAM;QAClB,IAAI,EAAE,GAAG,CAAC,IAAI;KACf,CAAC,CAAC;IAGH,IAAI,EAAE,CAAC;AACT,CAAC;AAQD,SAAgB,qBAAqB;IACnC,OAAO,mBAAmB,CAAC;AAC7B,CAAC;AAWM,KAAK,UAAU,uBAAuB,CAC3C,GAAY,EACZ,GAAa,EACb,IAAkB;IAElB,MAAM,MAAM,GAAG,IAAA,wBAAe,GAAE,CAAC;IACjC,IAAI,CAAC,MAAM,EAAE,CAAC;QAEZ,IAAI,EAAE,CAAC;QACP,OAAO;IACT,CAAC;IAED,MAAM,UAAU,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC;IAC7C,IAAI,CAAC,UAAU,EAAE,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QAEvC,IAAI,EAAE,CAAC;QACP,OAAO;IACT,CAAC;IAED,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAClC,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,IAAI,EAAE,CAAC;QACP,OAAO;IACT,CAAC;IAGD,MAAM,OAAO,GAAG,IAAA,4BAAc,EAAC,KAAK,EAAE,MAAM,CAAC,aAAa,CAAC,CAAC;IAC5D,IAAI,CAAC,OAAO,EAAE,CAAC;QAEb,IAAI,EAAE,CAAC;QACP,OAAO;IACT,CAAC;IAED,MAAM,OAAO,GAAG,4BAAY,CAAC,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACrD,IAAI,OAAO,EAAE,cAAc,KAAK,KAAK,EAAE,CAAC;QACtC,IAAI,EAAE,CAAC;QACP,OAAO;IACT,CAAC;IAGD,GAAG,CAAC,MAAM,CAAC,cAAc,GAAG,OAAO,CAAC,EAAE,CAAC;IACvC,GAAG,CAAC,MAAM,CAAC,WAAW,GAAG,OAAO,CAAC,iBAAiB,CAAC;IACnD,GAAG,CAAC,MAAM,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;IAC/C,GAAG,CAAC,MAAM,CAAC,cAAc,GAAG,OAAO,CAAC,cAAc,CAAC;IAEnD,GAAG,CAAC,MAAM,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,IAAI,wBAAe,CAAC;IAClE,GAAG,CAAC,MAAM,CAAC,aAAa,GAAG,OAAO,CAAC,aAAa,CAAC;IAEjD,IAAI,EAAE,CAAC;AACT,CAAC;AAUD,SAAS,gBAAgB,CAAC,GAAY,EAAE,GAAa,EAAE,KAAa,EAAE,WAAmB;IAEvF,IAAA,gBAAO,EAAC,yBAAyB,EAAE;QACjC,KAAK,EAAE,eAAe;QACtB,GAAG,IAAA,yCAAwB,EAAC,GAAG,CAAC;QAChC,MAAM,EAAE,KAAK;QACb,WAAW;KACZ,CAAC,CAAC;IAEH,MAAM,QAAQ,GAAuB;QACnC,KAAK;QACL,iBAAiB,EAAE,WAAW;KAC/B,CAAC;IAGF,MAAM,OAAO,GAAG,IAAA,qBAAU,EAAC,GAAG,CAAC,CAAC;IAIhC,GAAG,CAAC,SAAS,CACX,kBAAkB,EAClB,iDAAiD,OAAO,wCAAwC,CACjG,CAAC;IACF,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;AACjC,CAAC"}

package/dist/src/middleware/rate-limiter.d.ts

@@ -0,0 +1,11 @@
+import { RequestHandler } from "express";
+export declare function stopCleanup(): void;
+export declare function rateLimiterMiddleware(): RequestHandler;
+export declare function getRateLimitStats(): {
+    totalEntries: number;
+    entries: Array<{
+        key: string;
+        count: number;
+        resetAt: Date;
+    }>;
+};

package/dist/src/middleware/rate-limiter.js

@@ -0,0 +1,183 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.stopCleanup = stopCleanup;
+exports.rateLimiterMiddleware = rateLimiterMiddleware;
+exports.getRateLimitStats = getRateLimitStats;
+const config_1 = require("../config");
+const logger_1 = require("../logger");
+const request_logger_1 = require("../utils/request-logger");
+const rateLimitStore = new Map();
+const CLEANUP_INTERVAL_MS = 60000;
+let cleanupInterval = null;
+function startCleanup() {
+    if (cleanupInterval)
+        return;
+    cleanupInterval = setInterval(() => {
+        const now = Date.now();
+        let cleaned = 0;
+        for (const [key, entry] of rateLimitStore.entries()) {
+            if (entry.resetAt <= now) {
+                rateLimitStore.delete(key);
+                cleaned++;
+            }
+        }
+        if (cleaned > 0) {
+            (0, logger_1.logDebug)("Rate limiter cleanup: removed expired entries", { cleaned });
+        }
+    }, CLEANUP_INTERVAL_MS);
+    cleanupInterval.unref();
+}
+function stopCleanup() {
+    if (cleanupInterval) {
+        clearInterval(cleanupInterval);
+        cleanupInterval = null;
+    }
+}
+function getIpAddress(req) {
+    return req.ip ?? req.socket.remoteAddress ?? "unknown";
+}
+function isAuthenticated(req, res) {
+    const oauthSessionId = res.locals.oauthSessionId;
+    if (oauthSessionId) {
+        return true;
+    }
+    const mcpSessionId = req.headers["mcp-session-id"];
+    if (mcpSessionId) {
+        return true;
+    }
+    return false;
+}
+function checkRateLimit(key, windowMs, maxRequests) {
+    const now = Date.now();
+    let entry = rateLimitStore.get(key);
+    if (!entry || entry.resetAt <= now) {
+        entry = {
+            count: 0,
+            resetAt: now + windowMs,
+        };
+        rateLimitStore.set(key, entry);
+    }
+    const allowed = entry.count < maxRequests;
+    if (allowed) {
+        entry.count++;
+    }
+    return {
+        allowed,
+        remaining: Math.max(0, maxRequests - entry.count),
+        resetAt: entry.resetAt,
+        total: maxRequests,
+        used: entry.count,
+    };
+}
+function setRateLimitHeaders(res, info) {
+    res.set("X-RateLimit-Limit", info.total.toString());
+    res.set("X-RateLimit-Remaining", info.remaining.toString());
+    res.set("X-RateLimit-Reset", Math.ceil(info.resetAt / 1000).toString());
+}
+function rateLimiterMiddleware() {
+    startCleanup();
+    return (req, res, next) => {
+        if (req.path === "/health") {
+            next();
+            return;
+        }
+        const authenticated = isAuthenticated(req, res);
+        if (authenticated) {
+            if (!config_1.RATE_LIMIT_SESSION_ENABLED) {
+                next();
+                return;
+            }
+            const sessionId = res.locals.oauthSessionId || req.headers["mcp-session-id"];
+            const key = `session:${sessionId}`;
+            const info = checkRateLimit(key, config_1.RATE_LIMIT_SESSION_WINDOW_MS, config_1.RATE_LIMIT_SESSION_MAX_REQUESTS);
+            setRateLimitHeaders(res, info);
+            const usagePercent = (info.used / info.total) * 100;
+            if (info.allowed && usagePercent >= 80) {
+                const rateLimitInfo = (0, request_logger_1.buildRateLimitInfo)("session", sessionId, info.used, info.total, info.resetAt);
+                (0, logger_1.logDebug)("Approaching session rate limit threshold", {
+                    event: "rate_limit_warning",
+                    ...(0, request_logger_1.getMinimalRequestContext)(req),
+                    rateLimit: rateLimitInfo,
+                });
+            }
+            if (!info.allowed) {
+                const retryAfter = Math.ceil((info.resetAt - Date.now()) / 1000);
+                const rateLimitInfo = (0, request_logger_1.buildRateLimitInfo)("session", sessionId, info.used, info.total, info.resetAt);
+                (0, logger_1.logWarn)("Session rate limit exceeded", {
+                    event: "rate_limit_exceeded",
+                    ...(0, request_logger_1.getMinimalRequestContext)(req),
+                    rateLimit: rateLimitInfo,
+                    hasOAuthSession: !!res.locals.oauthSessionId,
+                    hasMcpSessionHeader: !!req.headers["mcp-session-id"],
+                });
+                res.set("Retry-After", retryAfter.toString());
+                res.status(429).json({
+                    error: "Too Many Requests",
+                    message: "Session rate limit exceeded. Please slow down your requests.",
+                    retryAfter,
+                    limit: info.total,
+                    remaining: info.remaining,
+                    resetAt: new Date(info.resetAt).toISOString(),
+                });
+                return;
+            }
+            next();
+            return;
+        }
+        if (!config_1.RATE_LIMIT_IP_ENABLED) {
+            next();
+            return;
+        }
+        const ip = getIpAddress(req);
+        const key = `ip:${ip}`;
+        const info = checkRateLimit(key, config_1.RATE_LIMIT_IP_WINDOW_MS, config_1.RATE_LIMIT_IP_MAX_REQUESTS);
+        setRateLimitHeaders(res, info);
+        const usagePercent = (info.used / info.total) * 100;
+        if (info.allowed && usagePercent >= 80) {
+            const rateLimitInfo = (0, request_logger_1.buildRateLimitInfo)("ip", ip, info.used, info.total, info.resetAt);
+            (0, logger_1.logDebug)("Approaching IP rate limit threshold", {
+                event: "rate_limit_warning",
+                ...(0, request_logger_1.getMinimalRequestContext)(req),
+                rateLimit: rateLimitInfo,
+                authClassification: "anonymous",
+                authReason: "no OAuth session and no MCP-Session-Id header",
+            });
+        }
+        if (!info.allowed) {
+            const retryAfter = Math.ceil((info.resetAt - Date.now()) / 1000);
+            const rateLimitInfo = (0, request_logger_1.buildRateLimitInfo)("ip", ip, info.used, info.total, info.resetAt);
+            const mcpSessionHeader = req.headers["mcp-session-id"];
+            (0, logger_1.logWarn)("IP rate limit exceeded", {
+                event: "rate_limit_exceeded",
+                ...(0, request_logger_1.getMinimalRequestContext)(req),
+                rateLimit: rateLimitInfo,
+                authClassification: "anonymous",
+                authReason: "no OAuth session and no MCP-Session-Id header",
+                mcpSessionId: (0, request_logger_1.truncateId)(mcpSessionHeader),
+            });
+            res.set("Retry-After", retryAfter.toString());
+            res.status(429).json({
+                error: "Too Many Requests",
+                message: "Rate limit exceeded. Please authenticate or slow down your requests.",
+                retryAfter,
+                limit: info.total,
+                remaining: info.remaining,
+                resetAt: new Date(info.resetAt).toISOString(),
+            });
+            return;
+        }
+        next();
+    };
+}
+function getRateLimitStats() {
+    const entries = Array.from(rateLimitStore.entries()).map(([key, entry]) => ({
+        key,
+        count: entry.count,
+        resetAt: new Date(entry.resetAt),
+    }));
+    return {
+        totalEntries: rateLimitStore.size,
+        entries,
+    };
+}
+//# sourceMappingURL=rate-limiter.js.map

package/dist/src/middleware/rate-limiter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rate-limiter.js","sourceRoot":"","sources":["../../../src/middleware/rate-limiter.ts"],"names":[],"mappings":";;AAiEA,kCAKC;AA+FD,sDA6IC;AAKD,8CAcC;AAxTD,sCAOmB;AACnB,sCAA8C;AAC9C,4DAAmG;AAQnG,MAAM,cAAc,GAAG,IAAI,GAAG,EAA0B,CAAC;AAGzD,MAAM,mBAAmB,GAAG,KAAK,CAAC;AAClC,IAAI,eAAe,GAA0C,IAAI,CAAC;AAKlE,SAAS,YAAY;IACnB,IAAI,eAAe;QAAE,OAAO;IAE5B,eAAe,GAAG,WAAW,CAAC,GAAG,EAAE;QACjC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,IAAI,OAAO,GAAG,CAAC,CAAC;QAEhB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,cAAc,CAAC,OAAO,EAAE,EAAE,CAAC;YACpD,IAAI,KAAK,CAAC,OAAO,IAAI,GAAG,EAAE,CAAC;gBACzB,cAAc,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;gBAC3B,OAAO,EAAE,CAAC;YACZ,CAAC;QACH,CAAC;QAED,IAAI,OAAO,GAAG,CAAC,EAAE,CAAC;YAChB,IAAA,iBAAQ,EAAC,+CAA+C,EAAE,EAAE,OAAO,EAAE,CAAC,CAAC;QACzE,CAAC;IACH,CAAC,EAAE,mBAAmB,CAAC,CAAC;IAGxB,eAAe,CAAC,KAAK,EAAE,CAAC;AAC1B,CAAC;AAKD,SAAgB,WAAW;IACzB,IAAI,eAAe,EAAE,CAAC;QACpB,aAAa,CAAC,eAAe,CAAC,CAAC;QAC/B,eAAe,GAAG,IAAI,CAAC;IACzB,CAAC;AACH,CAAC;AAKD,SAAS,YAAY,CAAC,GAAY;IAChC,OAAO,GAAG,CAAC,EAAE,IAAI,GAAG,CAAC,MAAM,CAAC,aAAa,IAAI,SAAS,CAAC;AACzD,CAAC;AAKD,SAAS,eAAe,CAAC,GAAY,EAAE,GAAa;IAElD,MAAM,cAAc,GAAG,GAAG,CAAC,MAAM,CAAC,cAAoC,CAAC;IACvE,IAAI,cAAc,EAAE,CAAC;QACnB,OAAO,IAAI,CAAC;IACd,CAAC;IAGD,MAAM,YAAY,GAAG,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAuB,CAAC;IACzE,IAAI,YAAY,EAAE,CAAC;QACjB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAKD,SAAS,cAAc,CACrB,GAAW,EACX,QAAgB,EAChB,WAAmB;IAQnB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,IAAI,KAAK,GAAG,cAAc,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAGpC,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,OAAO,IAAI,GAAG,EAAE,CAAC;QACnC,KAAK,GAAG;YACN,KAAK,EAAE,CAAC;YACR,OAAO,EAAE,GAAG,GAAG,QAAQ;SACxB,CAAC;QACF,cAAc,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;IACjC,CAAC;IAGD,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,GAAG,WAAW,CAAC;IAG1C,IAAI,OAAO,EAAE,CAAC;QACZ,KAAK,CAAC,KAAK,EAAE,CAAC;IAChB,CAAC;IAED,OAAO;QACL,OAAO;QACP,SAAS,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,WAAW,GAAG,KAAK,CAAC,KAAK,CAAC;QACjD,OAAO,EAAE,KAAK,CAAC,OAAO;QACtB,KAAK,EAAE,WAAW;QAClB,IAAI,EAAE,KAAK,CAAC,KAAK;KAClB,CAAC;AACJ,CAAC;AAKD,SAAS,mBAAmB,CAC1B,GAAa,EACb,IAA2D;IAE3D,GAAG,CAAC,GAAG,CAAC,mBAAmB,EAAE,IAAI,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC;IACpD,GAAG,CAAC,GAAG,CAAC,uBAAuB,EAAE,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,CAAC,CAAC;IAC5D,GAAG,CAAC,GAAG,CAAC,mBAAmB,EAAE,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC;AAC1E,CAAC;AAcD,SAAgB,qBAAqB;IAEnC,YAAY,EAAE,CAAC;IAEf,OAAO,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAQ,EAAE;QAE/D,IAAI,GAAG,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YAC3B,IAAI,EAAE,CAAC;YACP,OAAO;QACT,CAAC;QAGD,MAAM,aAAa,GAAG,eAAe,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QAIhD,IAAI,aAAa,EAAE,CAAC;YAElB,IAAI,CAAC,mCAA0B,EAAE,CAAC;gBAChC,IAAI,EAAE,CAAC;gBACP,OAAO;YACT,CAAC;YAGD,MAAM,SAAS,GACZ,GAAG,CAAC,MAAM,CAAC,cAAyB,IAAK,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAY,CAAC;YACrF,MAAM,GAAG,GAAG,WAAW,SAAS,EAAE,CAAC;YACnC,MAAM,IAAI,GAAG,cAAc,CACzB,GAAG,EACH,qCAA4B,EAC5B,wCAA+B,CAChC,CAAC;YAEF,mBAAmB,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;YAG/B,MAAM,YAAY,GAAG,CAAC,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC;YACpD,IAAI,IAAI,CAAC,OAAO,IAAI,YAAY,IAAI,EAAE,EAAE,CAAC;gBACvC,MAAM,aAAa,GAAG,IAAA,mCAAkB,EACtC,SAAS,EACT,SAAS,EACT,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,KAAK,EACV,IAAI,CAAC,OAAO,CACb,CAAC;gBACF,IAAA,iBAAQ,EAAC,0CAA0C,EAAE;oBACnD,KAAK,EAAE,oBAAoB;oBAC3B,GAAG,IAAA,yCAAwB,EAAC,GAAG,CAAC;oBAChC,SAAS,EAAE,aAAa;iBACzB,CAAC,CAAC;YACL,CAAC;YAED,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;gBAClB,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC;gBACjE,MAAM,aAAa,GAAG,IAAA,mCAAkB,EACtC,SAAS,EACT,SAAS,EACT,IAAI,CAAC,IAAI,EACT,IAAI,CAAC,KAAK,EACV,IAAI,CAAC,OAAO,CACb,CAAC;gBAEF,IAAA,gBAAO,EAAC,6BAA6B,EAAE;oBACrC,KAAK,EAAE,qBAAqB;oBAC5B,GAAG,IAAA,yCAAwB,EAAC,GAAG,CAAC;oBAChC,SAAS,EAAE,aAAa;oBACxB,eAAe,EAAE,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,cAAc;oBAC5C,mBAAmB,EAAE,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAC;iBACrD,CAAC,CAAC;gBAEH,GAAG,CAAC,GAAG,CAAC,aAAa,EAAE,UAAU,CAAC,QAAQ,EAAE,CAAC,CAAC;gBAC9C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACnB,KAAK,EAAE,mBAAmB;oBAC1B,OAAO,EAAE,8DAA8D;oBACvE,UAAU;oBACV,KAAK,EAAE,IAAI,CAAC,KAAK;oBACjB,SAAS,EAAE,IAAI,CAAC,SAAS;oBACzB,OAAO,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE;iBAC9C,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YAED,IAAI,EAAE,CAAC;YACP,OAAO;QACT,CAAC;QAGD,IAAI,CAAC,8BAAqB,EAAE,CAAC;YAC3B,IAAI,EAAE,CAAC;YACP,OAAO;QACT,CAAC;QAED,MAAM,EAAE,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC;QAC7B,MAAM,GAAG,GAAG,MAAM,EAAE,EAAE,CAAC;QACvB,MAAM,IAAI,GAAG,cAAc,CAAC,GAAG,EAAE,gCAAuB,EAAE,mCAA0B,CAAC,CAAC;QAEtF,mBAAmB,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QAG/B,MAAM,YAAY,GAAG,CAAC,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC;QACpD,IAAI,IAAI,CAAC,OAAO,IAAI,YAAY,IAAI,EAAE,EAAE,CAAC;YACvC,MAAM,aAAa,GAAG,IAAA,mCAAkB,EAAC,IAAI,EAAE,EAAE,EAAE,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;YACxF,IAAA,iBAAQ,EAAC,qCAAqC,EAAE;gBAC9C,KAAK,EAAE,oBAAoB;gBAC3B,GAAG,IAAA,yCAAwB,EAAC,GAAG,CAAC;gBAChC,SAAS,EAAE,aAAa;gBACxB,kBAAkB,EAAE,WAAW;gBAC/B,UAAU,EAAE,+CAA+C;aAC5D,CAAC,CAAC;QACL,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YAClB,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,GAAG,IAAI,CAAC,CAAC;YACjE,MAAM,aAAa,GAAG,IAAA,mCAAkB,EAAC,IAAI,EAAE,EAAE,EAAE,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,CAAC;YAGxF,MAAM,gBAAgB,GAAG,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAuB,CAAC;YAE7E,IAAA,gBAAO,EAAC,wBAAwB,EAAE;gBAChC,KAAK,EAAE,qBAAqB;gBAC5B,GAAG,IAAA,yCAAwB,EAAC,GAAG,CAAC;gBAChC,SAAS,EAAE,aAAa;gBACxB,kBAAkB,EAAE,WAAW;gBAC/B,UAAU,EAAE,+CAA+C;gBAC3D,YAAY,EAAE,IAAA,2BAAU,EAAC,gBAAgB,CAAC;aAC3C,CAAC,CAAC;YAEH,GAAG,CAAC,GAAG,CAAC,aAAa,EAAE,UAAU,CAAC,QAAQ,EAAE,CAAC,CAAC;YAC9C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,KAAK,EAAE,mBAAmB;gBAC1B,OAAO,EAAE,sEAAsE;gBAC/E,UAAU;gBACV,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,OAAO,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE;aAC9C,CAAC,CAAC;YACH,OAAO;QACT,CAAC;QAED,IAAI,EAAE,CAAC;IACT,CAAC,CAAC;AACJ,CAAC;AAKD,SAAgB,iBAAiB;IAI/B,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC;QAC1E,GAAG;QACH,KAAK,EAAE,KAAK,CAAC,KAAK;QAClB,OAAO,EAAE,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC;KACjC,CAAC,CAAC,CAAC;IAEJ,OAAO;QACL,YAAY,EAAE,cAAc,CAAC,IAAI;QACjC,OAAO;KACR,CAAC;AACJ,CAAC"}

package/dist/src/oauth/config.d.ts

@@ -0,0 +1,25 @@
+import { z } from "zod";
+declare const OAuthConfigSchema: z.ZodObject<{
+    enabled: z.ZodLiteral<true>;
+    sessionSecret: z.ZodString;
+    gitlabClientId: z.ZodString;
+    gitlabClientSecret: z.ZodOptional<z.ZodString>;
+    gitlabScopes: z.ZodDefault<z.ZodString>;
+    tokenTtl: z.ZodDefault<z.ZodNumber>;
+    refreshTokenTtl: z.ZodDefault<z.ZodNumber>;
+    devicePollInterval: z.ZodDefault<z.ZodNumber>;
+    deviceTimeout: z.ZodDefault<z.ZodNumber>;
+}, z.core.$strip>;
+export type OAuthConfig = z.infer<typeof OAuthConfigSchema>;
+export declare function loadOAuthConfig(): OAuthConfig | null;
+export declare class ConfigurationError extends Error {
+    readonly guidance: string;
+    constructor(guidance: string);
+}
+export declare function validateStaticConfig(): void;
+export declare function isOAuthEnabled(): boolean;
+export declare function resetOAuthConfigCache(): void;
+export declare function getAuthModeDescription(): string;
+export declare function isStaticTokenConfigured(): boolean;
+export declare function isAuthenticationConfigured(): boolean;
+export {};