llm-cli-gateway 2.4.0 → 2.5.0

package/CHANGELOG.md

@@ -4,6 +4,15 @@ All notable changes to the llm-cli-gateway project.
 
 ## Unreleased
 
+## [2.5.0] - 2026-06-08: Remote connector OAuth and workspaces
+
+- Added remote connector OAuth discovery and authorization-code support with
+  hash-only static client/shared-secret configuration, copy-once local secret
+  commands, and OAuth-first ChatGPT setup guidance.
+- Added workspace registry and workspace creation surfaces so provider requests
+  can select registered repo aliases and create local folders/Git repos only
+  under configured allowed roots.
+
 ## [2.4.0] - 2026-06-08: Direct Grok API provider and provider-owned sessions
 
 ### Added

package/README.md

@@ -44,6 +44,8 @@ Or use directly with `npx` from an MCP client:
 - Supports cache-aware `promptParts`, including explicit Claude `cache_control` when opted in.
 - Can run requests inside gateway-managed git worktrees for isolated multi-agent review and implementation loops.
 - Ships personal-appliance setup surfaces: HTTP transport with bearer-token auth, `doctor --json`, setup UI artifacts, provider setup snippets, Docker fallback, and checked release bundles.
+- Remote web connectors use MCP OAuth discovery and authorization-code setup with static client or shared-secret gates. Client secrets are generated locally, stored only as hashes, and printed only by explicit copy-once commands.
+- Provider CLI requests can select registered workspaces by alias via `workspace`; remote requests should use aliases, not arbitrary filesystem paths. New local folder/Git workspaces can be created only under configured allowed roots.
 
 ## Workflow Assets
 

package/dist/auth.d.ts

@@ -8,8 +8,51 @@ export interface AuthResult {
     ok: boolean;
     status?: number;
     message?: string;
+    kind?: "disabled" | "gateway_bearer" | "oauth";
+    scopes?: string[];
+    clientId?: string;
 }
+export type OAuthRegistrationPolicy = "static_clients" | "shared_secret" | "open_dev";
+export interface RemoteOAuthClientConfig {
+    clientId: string;
+    clientSecretHash: string | null;
+    allowedRedirectUris: string[];
+    scopes: string[];
+}
+export interface RemoteOAuthSharedSecretConfig {
+    enabled: boolean;
+    secretHash: string | null;
+    promptLabel: string;
+}
+export interface RemoteOAuthConfig {
+    enabled: boolean;
+    issuer: string | "auto";
+    requirePkce: boolean;
+    allowPlainPkce: boolean;
+    registrationPolicy: OAuthRegistrationPolicy;
+    allowPublicClients: boolean;
+    tokenTtlSeconds: number;
+    clients: RemoteOAuthClientConfig[];
+    sharedSecret: RemoteOAuthSharedSecretConfig | null;
+    sources: {
+        configFile: string | null;
+        envOverrides: string[];
+    };
+}
+export declare function timingSafeStringEqual(left: string, right: string): boolean;
 export declare function loadAuthConfig(env?: NodeJS.ProcessEnv): AuthConfig;
 export declare function getRequiredBearerToken(env?: NodeJS.ProcessEnv): string | null;
+export declare function issueOAuthAccessToken(args: {
+    clientId: string;
+    scopes: string[];
+    ttlSeconds: number;
+    now?: number;
+}): {
+    accessToken: string;
+    expiresIn: number;
+    scope: string;
+};
 export declare function authorizeBearerRequest(req: IncomingMessage, token?: string | null): AuthResult;
-export declare function writeAuthFailure(res: ServerResponse, result: AuthResult): void;
+export declare function writeAuthFailure(res: ServerResponse, result: AuthResult, options?: {
+    resourceMetadataUrl?: string;
+}): void;

package/dist/auth.js

@@ -1,4 +1,15 @@
+import { randomBytes, timingSafeEqual } from "node:crypto";
 const AUTH_SCHEME = "Bearer ";
+const OAUTH_ACCESS_TOKEN_BYTES = 32;
+const oauthAccessTokens = new Map();
+export function timingSafeStringEqual(left, right) {
+    const leftBuffer = Buffer.from(left, "utf8");
+    const rightBuffer = Buffer.from(right, "utf8");
+    if (leftBuffer.length !== rightBuffer.length) {
+        return false;
+    }
+    return timingSafeEqual(leftBuffer, rightBuffer);
+}
 export function loadAuthConfig(env = process.env) {
     const token = env.LLM_GATEWAY_AUTH_TOKEN;
     const disabled = env.LLM_GATEWAY_AUTH_DISABLED === "1";
@@ -14,16 +25,32 @@ export function getRequiredBearerToken(env = process.env) {
         return null;
     return env.LLM_GATEWAY_AUTH_TOKEN || null;
 }
+export function issueOAuthAccessToken(args) {
+    const now = args.now ?? Date.now();
+    const ttlSeconds = Math.max(1, Math.floor(args.ttlSeconds));
+    const scopes = [...new Set(args.scopes.length ? args.scopes : ["mcp"])];
+    const accessToken = `oauth_${randomBytes(OAUTH_ACCESS_TOKEN_BYTES).toString("base64url")}`;
+    oauthAccessTokens.set(accessToken, {
+        clientId: args.clientId,
+        scopes,
+        issuedAt: now,
+        expiresAt: now + ttlSeconds * 1000,
+    });
+    return { accessToken, expiresIn: ttlSeconds, scope: scopes.join(" ") };
+}
+function validateOAuthAccessToken(token, now = Date.now()) {
+    const entry = oauthAccessTokens.get(token);
+    if (!entry)
+        return null;
+    if (entry.expiresAt <= now) {
+        oauthAccessTokens.delete(token);
+        return null;
+    }
+    return entry;
+}
 export function authorizeBearerRequest(req, token = getRequiredBearerToken()) {
     if (!loadAuthConfig().required) {
-        return { ok: true };
-    }
-    if (!token) {
-        return {
-            ok: false,
-            status: 503,
-            message: "HTTP transport requires LLM_GATEWAY_AUTH_TOKEN",
-        };
+        return { ok: true, kind: "disabled", scopes: [] };
     }
     const header = req.headers.authorization;
     const value = Array.isArray(header) ? header[0] : header;
@@ -31,16 +58,36 @@ export function authorizeBearerRequest(req, token = getRequiredBearerToken()) {
         return { ok: false, status: 401, message: "Unauthorized" };
     }
     const supplied = value.slice(AUTH_SCHEME.length);
-    if (supplied !== token) {
-        return { ok: false, status: 401, message: "Unauthorized" };
+    if (token && timingSafeStringEqual(supplied, token)) {
+        return { ok: true, kind: "gateway_bearer", scopes: [] };
     }
-    return { ok: true };
+    const oauthToken = validateOAuthAccessToken(supplied);
+    if (oauthToken) {
+        return {
+            ok: true,
+            kind: "oauth",
+            scopes: oauthToken.scopes,
+            clientId: oauthToken.clientId,
+        };
+    }
+    if (!token) {
+        return {
+            ok: false,
+            status: 503,
+            message: "HTTP transport requires LLM_GATEWAY_AUTH_TOKEN",
+        };
+    }
+    return { ok: false, status: 401, message: "Unauthorized" };
 }
-export function writeAuthFailure(res, result) {
+export function writeAuthFailure(res, result, options = {}) {
     const status = result.status ?? 401;
+    let wwwAuthenticate = 'Bearer realm="llm-cli-gateway"';
+    if (options.resourceMetadataUrl) {
+        wwwAuthenticate += `, resource_metadata="${options.resourceMetadataUrl}"`;
+    }
     res.writeHead(status, {
         "content-type": "application/json",
-        "www-authenticate": 'Bearer realm="llm-cli-gateway"',
+        "www-authenticate": wwwAuthenticate,
     });
     res.end(JSON.stringify({ error: result.message || "Unauthorized" }));
 }

package/dist/config.d.ts

@@ -1,4 +1,5 @@
 import type { Logger } from "./logger.js";
+import type { RemoteOAuthConfig } from "./auth.js";
 export interface DatabaseConfig {
     connectionString: string;
     pool: {
@@ -75,3 +76,4 @@ export interface ProvidersConfig {
 }
 export declare function loadProvidersConfig(logger?: Logger): ProvidersConfig;
 export declare function isXaiProviderEnabled(config: ProvidersConfig, env?: NodeJS.ProcessEnv): boolean;
+export declare function loadRemoteOAuthConfig(logger?: Logger, env?: NodeJS.ProcessEnv): RemoteOAuthConfig;

package/dist/config.js

@@ -4,6 +4,7 @@ import path from "path";
 import { createRequire } from "module";
 import { z } from "zod/v3";
 import { logWarn, noopLogger } from "./logger.js";
+import { hashSecret, isSecretHash } from "./oauth.js";
 const DatabaseUrlSchema = z
     .string()
     .url()
@@ -75,6 +76,21 @@ function readPersistenceFile(configPath, logger) {
         return { raw: undefined, sourcePath: null };
     }
 }
+function readGatewayTomlFile(configPath, logger, fallbackLabel) {
+    if (!existsSync(configPath)) {
+        return { parsed: null, sourcePath: null };
+    }
+    try {
+        const require = createRequire(import.meta.url);
+        const TOML = require("smol-toml");
+        const text = readFileSync(configPath, "utf-8");
+        return { parsed: TOML.parse(text), sourcePath: configPath };
+    }
+    catch (err) {
+        logger.error(`Failed to parse gateway config at ${configPath}; using ${fallbackLabel} defaults`, err);
+        return { parsed: null, sourcePath: null };
+    }
+}
 function applyEnvOverrides(base, logger, sources) {
     const out = { ...base };
     const jobsDbEnv = process.env.LLM_GATEWAY_JOBS_DB;
@@ -332,3 +348,138 @@ export function isXaiProviderEnabled(config, env = process.env) {
         return false;
     return typeof env[keyEnv] === "string" && env[keyEnv].trim().length > 0;
 }
+const OAuthRegistrationPolicySchema = z.enum(["static_clients", "shared_secret", "open_dev"]);
+const OAuthClientSchema = z
+    .object({
+    client_id: z.string().min(1),
+    client_secret_hash: z.string().optional(),
+    allowed_redirect_uris: z.array(z.string().url()).default([]),
+    scopes: z.array(z.string().min(1)).default(["mcp"]),
+})
+    .strict();
+const OAuthSharedSecretSchema = z
+    .object({
+    enabled: z.boolean().default(false),
+    secret_hash: z.string().optional(),
+    prompt_label: z.string().min(1).default("Gateway access code"),
+})
+    .strict();
+const OAuthConfigSchema = z
+    .object({
+    enabled: z.boolean().default(false),
+    issuer: z.string().min(1).default("auto"),
+    require_pkce: z.boolean().default(true),
+    allow_plain_pkce: z.boolean().default(false),
+    registration_policy: OAuthRegistrationPolicySchema.default("static_clients"),
+    allow_public_clients: z.boolean().default(false),
+    token_ttl_seconds: z.number().int().positive().default(3600),
+    clients: z.array(OAuthClientSchema).default([]),
+    shared_secret: OAuthSharedSecretSchema.optional(),
+})
+    .strict();
+function disabledOAuthConfig(sourcePath = null, envOverrides = []) {
+    return {
+        enabled: false,
+        issuer: "auto",
+        requirePkce: true,
+        allowPlainPkce: false,
+        registrationPolicy: "static_clients",
+        allowPublicClients: false,
+        tokenTtlSeconds: 3600,
+        clients: [],
+        sharedSecret: null,
+        sources: { configFile: sourcePath, envOverrides },
+    };
+}
+function isSafeRedirectUri(uri) {
+    return isHttpsOrLoopbackUrl(uri);
+}
+export function loadRemoteOAuthConfig(logger = noopLogger, env = process.env) {
+    const configPath = defaultGatewayConfigPath();
+    const { parsed: configFile, sourcePath } = readGatewayTomlFile(configPath, logger, "OAuth");
+    const rawHttp = configFile?.http ?? {};
+    const rawOAuth = rawHttp.oauth ?? {};
+    const envOverrides = [];
+    const merged = { ...rawOAuth };
+    if (env.LLM_GATEWAY_OAUTH_ENABLED !== undefined) {
+        merged.enabled = env.LLM_GATEWAY_OAUTH_ENABLED === "1";
+        envOverrides.push("LLM_GATEWAY_OAUTH_ENABLED");
+    }
+    if (env.LLM_GATEWAY_OAUTH_REGISTRATION_SECRET || env.LLM_GATEWAY_OAUTH_SHARED_SECRET) {
+        const rawSecret = env.LLM_GATEWAY_OAUTH_REGISTRATION_SECRET || env.LLM_GATEWAY_OAUTH_SHARED_SECRET;
+        merged.registration_policy = "shared_secret";
+        merged.shared_secret = {
+            enabled: true,
+            secret_hash: rawSecret ? hashSecret(rawSecret) : undefined,
+            prompt_label: "Gateway access code",
+        };
+        envOverrides.push(env.LLM_GATEWAY_OAUTH_REGISTRATION_SECRET
+            ? "LLM_GATEWAY_OAUTH_REGISTRATION_SECRET"
+            : "LLM_GATEWAY_OAUTH_SHARED_SECRET");
+    }
+    const parsed = OAuthConfigSchema.safeParse(merged);
+    if (!parsed.success) {
+        logWarn(logger, "Invalid [http.oauth] config; remote OAuth disabled", {
+            error: parsed.error.message,
+        });
+        return disabledOAuthConfig(sourcePath, envOverrides);
+    }
+    const data = parsed.data;
+    if (data.issuer !== "auto" && !isHttpsOrLoopbackUrl(data.issuer)) {
+        logWarn(logger, "Invalid [http.oauth].issuer; remote OAuth disabled");
+        return disabledOAuthConfig(sourcePath, envOverrides);
+    }
+    for (const client of data.clients) {
+        if (!data.allow_public_clients && !client.client_secret_hash) {
+            logWarn(logger, "OAuth client secret hash is required when public clients are disabled", {
+                client_id: client.client_id,
+            });
+            return disabledOAuthConfig(sourcePath, envOverrides);
+        }
+        if (client.client_secret_hash && !isSecretHash(client.client_secret_hash)) {
+            logWarn(logger, "Invalid OAuth client secret hash; remote OAuth disabled", {
+                client_id: client.client_id,
+            });
+            return disabledOAuthConfig(sourcePath, envOverrides);
+        }
+        if (client.allowed_redirect_uris.length === 0 ||
+            client.allowed_redirect_uris.some(uri => !isSafeRedirectUri(uri))) {
+            logWarn(logger, "Invalid OAuth client redirect URI; remote OAuth disabled", {
+                client_id: client.client_id,
+            });
+            return disabledOAuthConfig(sourcePath, envOverrides);
+        }
+    }
+    if (data.shared_secret?.enabled) {
+        if (!data.shared_secret.secret_hash || !isSecretHash(data.shared_secret.secret_hash)) {
+            logWarn(logger, "Invalid [http.oauth.shared_secret] secret_hash; remote OAuth disabled");
+            return disabledOAuthConfig(sourcePath, envOverrides);
+        }
+    }
+    if (data.registration_policy === "open_dev" && env.LLM_GATEWAY_OAUTH_OPEN_DEV !== "1") {
+        logWarn(logger, "[http.oauth].registration_policy='open_dev' is intended for localhost/dev only");
+    }
+    return {
+        enabled: data.enabled,
+        issuer: data.issuer,
+        requirePkce: data.require_pkce,
+        allowPlainPkce: data.allow_plain_pkce,
+        registrationPolicy: data.registration_policy,
+        allowPublicClients: data.allow_public_clients,
+        tokenTtlSeconds: data.token_ttl_seconds,
+        clients: data.clients.map(client => ({
+            clientId: client.client_id,
+            clientSecretHash: client.client_secret_hash ?? null,
+            allowedRedirectUris: client.allowed_redirect_uris,
+            scopes: client.scopes,
+        })),
+        sharedSecret: data.shared_secret
+            ? {
+                enabled: data.shared_secret.enabled,
+                secretHash: data.shared_secret.secret_hash ?? null,
+                promptLabel: data.shared_secret.prompt_label,
+            }
+            : null,
+        sources: { configFile: sourcePath, envOverrides },
+    };
+}

package/dist/doctor.d.ts

@@ -69,6 +69,21 @@ export interface DoctorReport {
         required: boolean;
         token_configured: boolean;
         source: string;
+        oauth: {
+            enabled: boolean;
+            registration_policy: string;
+            clients_configured: number;
+            shared_secret_enabled: boolean;
+            pkce_required: boolean;
+            issuer: string | null;
+        };
+    };
+    workspaces: {
+        enabled: boolean;
+        default: string | null;
+        repo_count: number;
+        allowed_root_count: number;
+        gateway_app_dir_is_workspace: boolean;
     };
     providers: Record<"claude" | "codex" | "gemini" | "grok" | "mistral", {
         cli_available: boolean;

package/dist/doctor.js

@@ -6,7 +6,8 @@ import { loadAuthConfig } from "./auth.js";
 import { createEndpointExposureReport, redactDiagnosticUrl, } from "./endpoint-exposure.js";
 import { listProviderRuntimeStatuses, } from "./provider-status.js";
 import { CLAUDE_MCP_SERVER_NAMES } from "./claude-mcp-config.js";
-import { loadCacheAwarenessConfig } from "./config.js";
+import { loadCacheAwarenessConfig, loadRemoteOAuthConfig, } from "./config.js";
+import { loadWorkspaceRegistry } from "./workspace-registry.js";
 import { computeGlobalCacheStats } from "./cache-stats.js";
 import { FlightRecorder, resolveFlightRecorderDbPath } from "./flight-recorder.js";
 import { buildUpstreamContractReport } from "./upstream-contracts.js";
@@ -168,16 +169,7 @@ function chatGPTConnectorUrl(env, rawPublicUrl) {
         .find(value => value.startsWith("/") && !value.includes("?") && !value.includes("#"));
     if (!rawPublicUrl || !path)
         return null;
-    try {
-        const url = new URL(rawPublicUrl);
-        url.pathname = path;
-        url.search = "";
-        url.hash = "";
-        return redactDiagnosticUrl(url.toString());
-    }
-    catch {
-        return null;
-    }
+    return "<redacted>";
 }
 function buildCacheAwarenessReport(opts) {
     const enabled = [];
@@ -240,6 +232,8 @@ export function createDoctorReport(envOrOptions = process.env) {
         : { env: envOrOptions };
     const env = opts.env ?? process.env;
     const auth = loadAuthConfig(env);
+    const oauth = loadRemoteOAuthConfig(undefined, env);
+    const workspaceRegistry = loadWorkspaceRegistry();
     const transport = defaultTransport(env);
     const rawPublicUrl = env.LLM_GATEWAY_PUBLIC_URL || null;
     const publicUrl = redactDiagnosticUrl(rawPublicUrl);
@@ -294,6 +288,23 @@ export function createDoctorReport(envOrOptions = process.env) {
             required: auth.required,
             token_configured: auth.tokenConfigured,
             source: auth.source,
+            oauth: {
+                enabled: oauth.enabled,
+                registration_policy: oauth.registrationPolicy,
+                clients_configured: oauth.clients.length,
+                shared_secret_enabled: Boolean(oauth.sharedSecret?.enabled),
+                pkce_required: oauth.requirePkce,
+                issuer: oauth.issuer === "auto"
+                    ? publicUrl
+                    : redactDiagnosticUrl(oauth.issuer === "auto" ? null : oauth.issuer),
+            },
+        },
+        workspaces: {
+            enabled: workspaceRegistry.enabled,
+            default: workspaceRegistry.defaultAlias,
+            repo_count: workspaceRegistry.repos.length,
+            allowed_root_count: workspaceRegistry.allowedRoots.length,
+            gateway_app_dir_is_workspace: workspaceRegistry.repos.some(repo => repo.path === join(homedir(), ".llm-cli-gateway")),
         },
         providers: {
             claude: doctorProviderStatus(providerStatuses.claude),

package/dist/http-transport.js

@@ -3,31 +3,42 @@ import { randomUUID } from "node:crypto";
 import { StreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
 import { isInitializeRequest } from "@modelcontextprotocol/sdk/types.js";
 import { authorizeBearerRequest, getRequiredBearerToken, writeAuthFailure } from "./auth.js";
+import { loadRemoteOAuthConfig } from "./config.js";
+import { OAuthServer, oauthBaseUrlFromRequest } from "./oauth.js";
+import { runWithRequestContext } from "./request-context.js";
 const noopLogger = {
     info: (..._args) => { },
     error: (..._args) => { },
     debug: (..._args) => { },
 };
-function readBody(req) {
+function firstHeader(value) {
+    return Array.isArray(value) ? value[0] : value;
+}
+function readRawBody(req) {
     return new Promise((resolve, reject) => {
         const chunks = [];
         req.on("data", chunk => chunks.push(Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk)));
         req.on("error", reject);
         req.on("end", () => {
             if (chunks.length === 0) {
-                resolve(undefined);
+                resolve("");
                 return;
             }
-            const raw = Buffer.concat(chunks).toString("utf8");
-            try {
-                resolve(JSON.parse(raw));
-            }
-            catch (error) {
-                reject(error);
-            }
+            resolve(Buffer.concat(chunks).toString("utf8"));
         });
     });
 }
+async function readBody(req) {
+    const raw = await readRawBody(req);
+    if (!raw)
+        return undefined;
+    try {
+        return JSON.parse(raw);
+    }
+    catch (error) {
+        throw error;
+    }
+}
 function methodNotAllowed(res) {
     res.writeHead(405, { allow: "GET, POST, DELETE", "content-type": "application/json" });
     res.end(JSON.stringify({ error: "Method not allowed" }));
@@ -36,6 +47,10 @@ function jsonError(res, status, message) {
     res.writeHead(status, { "content-type": "application/json" });
     res.end(JSON.stringify({ error: message }));
 }
+function jsonResponse(res, status, body) {
+    res.writeHead(status, { "content-type": "application/json" });
+    res.end(JSON.stringify(body));
+}
 function parseNoAuthPaths(raw, protectedPath) {
     const paths = new Set();
     for (const value of (raw ?? "").split(/[,;\s]+/)) {
@@ -51,6 +66,25 @@ function parseNoAuthPaths(raw, protectedPath) {
     }
     return paths;
 }
+function isLocalHost(host) {
+    const hostname = host.split(":")[0]?.toLowerCase() ?? "";
+    return hostname === "localhost" || hostname === "127.0.0.1" || hostname === "::1";
+}
+function requestBaseUrl(req) {
+    const configured = process.env.LLM_GATEWAY_PUBLIC_URL;
+    if (configured) {
+        try {
+            return new URL(configured).origin;
+        }
+        catch {
+        }
+    }
+    const host = firstHeader(req.headers.host) ?? "127.0.0.1:3333";
+    const forwardedProto = firstHeader(req.headers["x-forwarded-proto"]);
+    const proto = forwardedProto ??
+        (host.startsWith("127.0.0.1") || host.startsWith("localhost") ? "http" : "https");
+    return `${proto}://${host}`;
+}
 export async function startHttpGateway(options) {
     const host = options.host ?? process.env.LLM_GATEWAY_HTTP_HOST ?? "127.0.0.1";
     const port = options.port ?? Number(process.env.LLM_GATEWAY_HTTP_PORT ?? 3333);
@@ -59,6 +93,10 @@ export async function startHttpGateway(options) {
     const logger = options.logger ?? noopLogger;
     const sessions = new Map();
     const token = getRequiredBearerToken();
+    const oauthConfig = loadRemoteOAuthConfig(logger);
+    const oauthServer = oauthConfig.enabled
+        ? new OAuthServer({ protectedPath: path, config: oauthConfig, logger })
+        : null;
     async function closeSession(sessionId) {
         const entry = sessions.get(sessionId);
         if (!entry)
@@ -89,22 +127,46 @@ export async function startHttpGateway(options) {
     const httpServer = createServer(async (req, res) => {
         try {
             const url = new URL(req.url || "/", `http://${req.headers.host || `${host}:${port}`}`);
+            const baseUrl = requestBaseUrl(req);
+            const oauthOrigin = oauthServer ? oauthBaseUrlFromRequest(req, oauthConfig) : null;
+            const effectiveOAuthBaseUrl = oauthOrigin ?? baseUrl;
+            const resourceMetadataUrl = oauthServer && oauthOrigin ? oauthServer.resourceMetadataUrl(oauthOrigin) : undefined;
             if (url.pathname === "/healthz") {
                 res.writeHead(200, { "content-type": "application/json" });
                 res.end(JSON.stringify({ ok: true, sessions: sessions.size }));
                 return;
             }
+            if (oauthServer) {
+                if (oauthServer.isOAuthPath(url.pathname) && !oauthOrigin) {
+                    jsonError(res, 503, "LLM_GATEWAY_PUBLIC_URL is required for public OAuth issuer metadata");
+                    return;
+                }
+                if (await oauthServer.handle({
+                    req,
+                    res,
+                    url,
+                    baseUrl: effectiveOAuthBaseUrl,
+                })) {
+                    return;
+                }
+            }
             const noAuthPath = noAuthPaths.has(url.pathname);
             if (url.pathname !== path && !noAuthPath) {
                 jsonError(res, 404, "Not found");
                 return;
             }
+            let requestContext = { authScopes: [] };
             if (!noAuthPath) {
                 const auth = authorizeBearerRequest(req, token);
                 if (!auth.ok) {
-                    writeAuthFailure(res, auth);
+                    writeAuthFailure(res, auth, resourceMetadataUrl ? { resourceMetadataUrl } : {});
                     return;
                 }
+                requestContext = {
+                    authKind: auth.kind,
+                    authScopes: auth.scopes ?? [],
+                    authClientId: auth.clientId,
+                };
             }
             if (req.method !== "GET" && req.method !== "POST" && req.method !== "DELETE") {
                 methodNotAllowed(res);
@@ -129,7 +191,7 @@ export async function startHttpGateway(options) {
                     return;
                 }
                 const body = req.method === "POST" ? await readBody(req) : undefined;
-                await entry.transport.handleRequest(req, res, body);
+                await runWithRequestContext(requestContext, () => entry.transport.handleRequest(req, res, body));
                 return;
             }
             if (req.method !== "POST") {
@@ -146,7 +208,7 @@ export async function startHttpGateway(options) {
                 return;
             }
             const entry = await createSession();
-            await entry.transport.handleRequest(req, res, body);
+            await runWithRequestContext(requestContext, () => entry.transport.handleRequest(req, res, body));
         }
         catch (error) {
             logger.error("HTTP transport request failed", error);