mcp-creatio 0.6.1 → 0.6.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (327) hide show
  1. package/README.md +236 -149
  2. package/dist/cli.d.ts.map +1 -1
  3. package/dist/cli.js +22 -10
  4. package/dist/cli.js.map +1 -1
  5. package/dist/config-builder.d.ts +8 -0
  6. package/dist/config-builder.d.ts.map +1 -1
  7. package/dist/config-builder.js +147 -43
  8. package/dist/config-builder.js.map +1 -1
  9. package/dist/consts.d.ts.map +1 -1
  10. package/dist/consts.js +2 -1
  11. package/dist/consts.js.map +1 -1
  12. package/dist/creatio/auth/auth-manager.d.ts.map +1 -1
  13. package/dist/creatio/auth/auth-manager.js +5 -2
  14. package/dist/creatio/auth/auth-manager.js.map +1 -1
  15. package/dist/creatio/auth/auth.d.ts +4 -31
  16. package/dist/creatio/auth/auth.d.ts.map +1 -1
  17. package/dist/creatio/auth/auth.js +20 -26
  18. package/dist/creatio/auth/auth.js.map +1 -1
  19. package/dist/creatio/auth/constants.d.ts +14 -0
  20. package/dist/creatio/auth/constants.d.ts.map +1 -0
  21. package/dist/creatio/auth/constants.js +20 -0
  22. package/dist/creatio/auth/constants.js.map +1 -0
  23. package/dist/creatio/auth/contracts.d.ts +15 -0
  24. package/dist/creatio/auth/contracts.d.ts.map +1 -0
  25. package/dist/creatio/auth/contracts.js +3 -0
  26. package/dist/creatio/auth/contracts.js.map +1 -0
  27. package/dist/creatio/auth/headers.d.ts +3 -0
  28. package/dist/creatio/auth/headers.d.ts.map +1 -0
  29. package/dist/creatio/auth/headers.js +15 -0
  30. package/dist/creatio/auth/headers.js.map +1 -0
  31. package/dist/creatio/auth/identity.d.ts +8 -0
  32. package/dist/creatio/auth/identity.d.ts.map +1 -0
  33. package/dist/creatio/auth/identity.js +18 -0
  34. package/dist/creatio/auth/identity.js.map +1 -0
  35. package/dist/creatio/auth/index.d.ts +4 -3
  36. package/dist/creatio/auth/index.d.ts.map +1 -1
  37. package/dist/creatio/auth/index.js +5 -3
  38. package/dist/creatio/auth/index.js.map +1 -1
  39. package/dist/creatio/auth/providers/base-oauth2-provider.d.ts +13 -7
  40. package/dist/creatio/auth/providers/base-oauth2-provider.d.ts.map +1 -1
  41. package/dist/creatio/auth/providers/base-oauth2-provider.js +29 -19
  42. package/dist/creatio/auth/providers/base-oauth2-provider.js.map +1 -1
  43. package/dist/creatio/auth/providers/base-provider.js +1 -1
  44. package/dist/creatio/auth/providers/base-provider.js.map +1 -1
  45. package/dist/creatio/auth/providers/broker-provider.d.ts +20 -0
  46. package/dist/creatio/auth/providers/broker-provider.d.ts.map +1 -0
  47. package/dist/creatio/auth/providers/broker-provider.js +72 -0
  48. package/dist/creatio/auth/providers/broker-provider.js.map +1 -0
  49. package/dist/creatio/auth/providers/creatio-oauth-client.d.ts +27 -0
  50. package/dist/creatio/auth/providers/creatio-oauth-client.d.ts.map +1 -0
  51. package/dist/creatio/auth/providers/creatio-oauth-client.js +122 -0
  52. package/dist/creatio/auth/providers/creatio-oauth-client.js.map +1 -0
  53. package/dist/creatio/auth/providers/index.d.ts +3 -1
  54. package/dist/creatio/auth/providers/index.d.ts.map +1 -1
  55. package/dist/creatio/auth/providers/index.js +3 -1
  56. package/dist/creatio/auth/providers/index.js.map +1 -1
  57. package/dist/creatio/auth/providers/oauth2-bearer-provider.d.ts +17 -0
  58. package/dist/creatio/auth/providers/oauth2-bearer-provider.d.ts.map +1 -0
  59. package/dist/creatio/auth/providers/oauth2-bearer-provider.js +33 -0
  60. package/dist/creatio/auth/providers/oauth2-bearer-provider.js.map +1 -0
  61. package/dist/creatio/auth/providers/oauth2-provider.d.ts +2 -2
  62. package/dist/creatio/auth/providers/oauth2-provider.d.ts.map +1 -1
  63. package/dist/creatio/auth/providers/oauth2-provider.js +4 -9
  64. package/dist/creatio/auth/providers/oauth2-provider.js.map +1 -1
  65. package/dist/creatio/auth/providers/type.d.ts +20 -1
  66. package/dist/creatio/auth/providers/type.d.ts.map +1 -1
  67. package/dist/creatio/auth/providers/type.js +22 -2
  68. package/dist/creatio/auth/providers/type.js.map +1 -1
  69. package/dist/creatio/client-config.d.ts +26 -5
  70. package/dist/creatio/client-config.d.ts.map +1 -1
  71. package/dist/creatio/engines/admin-operation-engine.d.ts +1 -1
  72. package/dist/creatio/engines/admin-operation-engine.d.ts.map +1 -1
  73. package/dist/creatio/engines/admin-operation-engine.js +3 -3
  74. package/dist/creatio/engines/admin-operation-engine.js.map +1 -1
  75. package/dist/creatio/engines/configuration-engine.d.ts +1 -1
  76. package/dist/creatio/engines/configuration-engine.d.ts.map +1 -1
  77. package/dist/creatio/engines/configuration-engine.js +3 -3
  78. package/dist/creatio/engines/configuration-engine.js.map +1 -1
  79. package/dist/creatio/engines/crud-engine.d.ts +1 -1
  80. package/dist/creatio/engines/crud-engine.d.ts.map +1 -1
  81. package/dist/creatio/engines/crud-engine.js +4 -4
  82. package/dist/creatio/engines/crud-engine.js.map +1 -1
  83. package/dist/creatio/engines/engine-manager.d.ts +1 -2
  84. package/dist/creatio/engines/engine-manager.d.ts.map +1 -1
  85. package/dist/creatio/engines/engine-manager.js +4 -10
  86. package/dist/creatio/engines/engine-manager.js.map +1 -1
  87. package/dist/creatio/engines/engine.d.ts.map +1 -1
  88. package/dist/creatio/engines/engine.js +12 -1
  89. package/dist/creatio/engines/engine.js.map +1 -1
  90. package/dist/creatio/engines/feature-engine.d.ts +1 -1
  91. package/dist/creatio/engines/feature-engine.d.ts.map +1 -1
  92. package/dist/creatio/engines/feature-engine.js +3 -3
  93. package/dist/creatio/engines/feature-engine.js.map +1 -1
  94. package/dist/creatio/engines/process-engine.d.ts +1 -1
  95. package/dist/creatio/engines/process-engine.d.ts.map +1 -1
  96. package/dist/creatio/engines/process-engine.js +3 -3
  97. package/dist/creatio/engines/process-engine.js.map +1 -1
  98. package/dist/creatio/engines/sys-settings-engine.d.ts +1 -1
  99. package/dist/creatio/engines/sys-settings-engine.d.ts.map +1 -1
  100. package/dist/creatio/engines/sys-settings-engine.js +3 -3
  101. package/dist/creatio/engines/sys-settings-engine.js.map +1 -1
  102. package/dist/creatio/engines/user-engine.d.ts +1 -1
  103. package/dist/creatio/engines/user-engine.d.ts.map +1 -1
  104. package/dist/creatio/engines/user-engine.js +3 -3
  105. package/dist/creatio/engines/user-engine.js.map +1 -1
  106. package/dist/creatio/services/creatio-service-context.d.ts +1 -1
  107. package/dist/creatio/services/creatio-service-context.d.ts.map +1 -1
  108. package/dist/creatio/services/crud-provider-factory.d.ts.map +1 -1
  109. package/dist/creatio/services/crud-provider-factory.js.map +1 -1
  110. package/dist/creatio/services/dataservice/data-service-column-values.d.ts.map +1 -1
  111. package/dist/creatio/services/dataservice/data-service-crud-provider.d.ts +3 -3
  112. package/dist/creatio/services/dataservice/data-service-crud-provider.d.ts.map +1 -1
  113. package/dist/creatio/services/dataservice/data-service-crud-provider.js +5 -5
  114. package/dist/creatio/services/dataservice/data-service-crud-provider.js.map +1 -1
  115. package/dist/creatio/services/dataservice/data-service-filter-translator.d.ts.map +1 -1
  116. package/dist/creatio/services/dataservice/data-service-filter-translator.js +7 -2
  117. package/dist/creatio/services/dataservice/data-service-filter-translator.js.map +1 -1
  118. package/dist/creatio/services/dataservice/data-service-query-builder.d.ts.map +1 -1
  119. package/dist/creatio/services/dataservice/data-service-query-builder.js.map +1 -1
  120. package/dist/creatio/services/dataservice/data-service-schema.d.ts +3 -3
  121. package/dist/creatio/services/dataservice/data-service-schema.d.ts.map +1 -1
  122. package/dist/creatio/services/dataservice/data-service-schema.js +19 -17
  123. package/dist/creatio/services/dataservice/data-service-schema.js.map +1 -1
  124. package/dist/creatio/services/dataservice/data-service-transport.d.ts +1 -1
  125. package/dist/creatio/services/dataservice/data-service-transport.d.ts.map +1 -1
  126. package/dist/creatio/services/dataservice/data-service-transport.js +3 -3
  127. package/dist/creatio/services/dataservice/data-service-transport.js.map +1 -1
  128. package/dist/creatio/services/dataservice/data-service-types.d.ts +0 -19
  129. package/dist/creatio/services/dataservice/data-service-types.d.ts.map +1 -1
  130. package/dist/creatio/services/dataservice/data-service-value-type.d.ts +2 -1
  131. package/dist/creatio/services/dataservice/data-service-value-type.d.ts.map +1 -1
  132. package/dist/creatio/services/dataservice/data-service-value-type.js +20 -16
  133. package/dist/creatio/services/dataservice/data-service-value-type.js.map +1 -1
  134. package/dist/creatio/services/http-client.d.ts +13 -0
  135. package/dist/creatio/services/http-client.d.ts.map +1 -1
  136. package/dist/creatio/services/http-client.js +26 -2
  137. package/dist/creatio/services/http-client.js.map +1 -1
  138. package/dist/creatio/services/identifiers.d.ts +10 -0
  139. package/dist/creatio/services/identifiers.d.ts.map +1 -0
  140. package/dist/creatio/services/identifiers.js +20 -0
  141. package/dist/creatio/services/identifiers.js.map +1 -0
  142. package/dist/creatio/services/odata/metadata-store.d.ts +6 -2
  143. package/dist/creatio/services/odata/metadata-store.d.ts.map +1 -1
  144. package/dist/creatio/services/odata/metadata-store.js +30 -34
  145. package/dist/creatio/services/odata/metadata-store.js.map +1 -1
  146. package/dist/creatio/services/odata/odata-crud-provider.d.ts.map +1 -1
  147. package/dist/creatio/services/odata/odata-crud-provider.js +10 -25
  148. package/dist/creatio/services/odata/odata-crud-provider.js.map +1 -1
  149. package/dist/creatio/services/odata/odata-query-translator.d.ts +4 -5
  150. package/dist/creatio/services/odata/odata-query-translator.d.ts.map +1 -1
  151. package/dist/creatio/services/odata/odata-query-translator.js +32 -20
  152. package/dist/creatio/services/odata/odata-query-translator.js.map +1 -1
  153. package/dist/creatio/services/user-info-provider.d.ts.map +1 -1
  154. package/dist/creatio/services/user-info-provider.js +2 -2
  155. package/dist/creatio/services/user-info-provider.js.map +1 -1
  156. package/dist/index.js +30 -4
  157. package/dist/index.js.map +1 -1
  158. package/dist/log.d.ts +1 -1
  159. package/dist/log.d.ts.map +1 -1
  160. package/dist/log.js +2 -1
  161. package/dist/log.js.map +1 -1
  162. package/dist/server/bearer/base-url-guard.d.ts +20 -0
  163. package/dist/server/bearer/base-url-guard.d.ts.map +1 -0
  164. package/dist/server/bearer/base-url-guard.js +55 -0
  165. package/dist/server/bearer/base-url-guard.js.map +1 -0
  166. package/dist/server/bearer/bearer-edge.d.ts +42 -0
  167. package/dist/server/bearer/bearer-edge.d.ts.map +1 -0
  168. package/dist/server/bearer/bearer-edge.js +122 -0
  169. package/dist/server/bearer/bearer-edge.js.map +1 -0
  170. package/dist/server/bearer/bearer-token.d.ts +27 -0
  171. package/dist/server/bearer/bearer-token.d.ts.map +1 -0
  172. package/dist/server/bearer/bearer-token.js +50 -0
  173. package/dist/server/bearer/bearer-token.js.map +1 -0
  174. package/dist/server/bearer/index.d.ts +3 -0
  175. package/dist/server/bearer/index.d.ts.map +1 -0
  176. package/dist/server/bearer/index.js +19 -0
  177. package/dist/server/bearer/index.js.map +1 -0
  178. package/dist/server/http/auth-edge.d.ts +26 -0
  179. package/dist/server/http/auth-edge.d.ts.map +1 -0
  180. package/dist/server/http/auth-edge.js +75 -0
  181. package/dist/server/http/auth-edge.js.map +1 -0
  182. package/dist/server/http/broker-handlers.d.ts +45 -0
  183. package/dist/server/http/broker-handlers.d.ts.map +1 -0
  184. package/dist/server/http/broker-handlers.js +224 -0
  185. package/dist/server/http/broker-handlers.js.map +1 -0
  186. package/dist/server/http/{httpServer.d.ts → http-server.d.ts} +5 -13
  187. package/dist/server/http/http-server.d.ts.map +1 -0
  188. package/dist/server/http/{httpServer.js → http-server.js} +19 -53
  189. package/dist/server/http/http-server.js.map +1 -0
  190. package/dist/server/http/index.d.ts +1 -3
  191. package/dist/server/http/index.d.ts.map +1 -1
  192. package/dist/server/http/index.js +1 -3
  193. package/dist/server/http/index.js.map +1 -1
  194. package/dist/server/http/mcp-handlers.d.ts.map +1 -1
  195. package/dist/server/http/mcp-handlers.js +16 -3
  196. package/dist/server/http/mcp-handlers.js.map +1 -1
  197. package/dist/server/http/middleware.d.ts +3 -4
  198. package/dist/server/http/middleware.d.ts.map +1 -1
  199. package/dist/server/http/middleware.js +33 -23
  200. package/dist/server/http/middleware.js.map +1 -1
  201. package/dist/server/http/public-origin.d.ts +10 -0
  202. package/dist/server/http/public-origin.d.ts.map +1 -0
  203. package/dist/server/http/public-origin.js +19 -0
  204. package/dist/server/http/public-origin.js.map +1 -0
  205. package/dist/server/http/rate-limiter.d.ts +1 -1
  206. package/dist/server/http/rate-limiter.d.ts.map +1 -1
  207. package/dist/server/http/rate-limiter.js +11 -11
  208. package/dist/server/http/rate-limiter.js.map +1 -1
  209. package/dist/server/http-agent.d.ts +9 -0
  210. package/dist/server/http-agent.d.ts.map +1 -0
  211. package/dist/server/http-agent.js +35 -0
  212. package/dist/server/http-agent.js.map +1 -0
  213. package/dist/server/index.d.ts +2 -0
  214. package/dist/server/index.d.ts.map +1 -1
  215. package/dist/server/index.js +2 -0
  216. package/dist/server/index.js.map +1 -1
  217. package/dist/server/keepalive.d.ts +26 -0
  218. package/dist/server/keepalive.d.ts.map +1 -0
  219. package/dist/server/keepalive.js +64 -0
  220. package/dist/server/keepalive.js.map +1 -0
  221. package/dist/server/mcp/creatio-rest.d.ts +6 -0
  222. package/dist/server/mcp/creatio-rest.d.ts.map +1 -1
  223. package/dist/server/mcp/creatio-rest.js +21 -3
  224. package/dist/server/mcp/creatio-rest.js.map +1 -1
  225. package/dist/server/mcp/crtmcp/crt-mcp-client.d.ts +1 -1
  226. package/dist/server/mcp/crtmcp/crt-mcp-client.d.ts.map +1 -1
  227. package/dist/server/mcp/crtmcp/crt-mcp-client.js +16 -13
  228. package/dist/server/mcp/crtmcp/crt-mcp-client.js.map +1 -1
  229. package/dist/server/mcp/crtmcp/crt-mcp-tool-preparer.d.ts +2 -2
  230. package/dist/server/mcp/crtmcp/crt-mcp-tool-preparer.d.ts.map +1 -1
  231. package/dist/server/mcp/crtmcp/crt-mcp-tool-preparer.js +17 -17
  232. package/dist/server/mcp/crtmcp/crt-mcp-tool-preparer.js.map +1 -1
  233. package/dist/server/mcp/dataforge/dataforge-client.d.ts +12 -12
  234. package/dist/server/mcp/dataforge/dataforge-client.d.ts.map +1 -1
  235. package/dist/server/mcp/dataforge/dataforge-client.js +40 -47
  236. package/dist/server/mcp/dataforge/dataforge-client.js.map +1 -1
  237. package/dist/server/mcp/dataforge/dataforge-tool-preparer.d.ts +2 -2
  238. package/dist/server/mcp/dataforge/dataforge-tool-preparer.d.ts.map +1 -1
  239. package/dist/server/mcp/dataforge/dataforge-tool-preparer.js +9 -9
  240. package/dist/server/mcp/dataforge/dataforge-tool-preparer.js.map +1 -1
  241. package/dist/server/mcp/filters.d.ts.map +1 -1
  242. package/dist/server/mcp/filters.js +4 -1
  243. package/dist/server/mcp/filters.js.map +1 -1
  244. package/dist/server/mcp/globalsearch/globalsearch-client.d.ts +4 -4
  245. package/dist/server/mcp/globalsearch/globalsearch-client.d.ts.map +1 -1
  246. package/dist/server/mcp/globalsearch/globalsearch-client.js +39 -50
  247. package/dist/server/mcp/globalsearch/globalsearch-client.js.map +1 -1
  248. package/dist/server/mcp/globalsearch/globalsearch-tool-preparer.d.ts +1 -1
  249. package/dist/server/mcp/globalsearch/globalsearch-tool-preparer.d.ts.map +1 -1
  250. package/dist/server/mcp/globalsearch/globalsearch-tool-preparer.js +1 -1
  251. package/dist/server/mcp/globalsearch/globalsearch-tool-preparer.js.map +1 -1
  252. package/dist/server/mcp/server.d.ts +35 -8
  253. package/dist/server/mcp/server.d.ts.map +1 -1
  254. package/dist/server/mcp/server.js +104 -44
  255. package/dist/server/mcp/server.js.map +1 -1
  256. package/dist/server/mcp/tools-data.d.ts +2 -2
  257. package/dist/server/mcp/tools-data.d.ts.map +1 -1
  258. package/dist/server/mcp/tools-data.js +1 -1
  259. package/dist/server/mcp/tools-data.js.map +1 -1
  260. package/dist/server/oauth/oauth-server.d.ts +41 -10
  261. package/dist/server/oauth/oauth-server.d.ts.map +1 -1
  262. package/dist/server/oauth/oauth-server.js +82 -48
  263. package/dist/server/oauth/oauth-server.js.map +1 -1
  264. package/dist/server/oauth/storage.d.ts +42 -5
  265. package/dist/server/oauth/storage.d.ts.map +1 -1
  266. package/dist/server/oauth/storage.js +81 -18
  267. package/dist/server/oauth/storage.js.map +1 -1
  268. package/dist/server/oauth/token-manager.d.ts +21 -4
  269. package/dist/server/oauth/token-manager.d.ts.map +1 -1
  270. package/dist/server/oauth/token-manager.js +18 -19
  271. package/dist/server/oauth/token-manager.js.map +1 -1
  272. package/dist/server/oauth/types.d.ts +0 -12
  273. package/dist/server/oauth/types.d.ts.map +1 -1
  274. package/dist/server/oauth/validators.d.ts.map +1 -1
  275. package/dist/server/oauth/validators.js +14 -5
  276. package/dist/server/oauth/validators.js.map +1 -1
  277. package/dist/sessions/index.d.ts +1 -1
  278. package/dist/sessions/index.d.ts.map +1 -1
  279. package/dist/sessions/index.js +1 -1
  280. package/dist/sessions/index.js.map +1 -1
  281. package/dist/sessions/redis-token-store.d.ts +22 -0
  282. package/dist/sessions/redis-token-store.d.ts.map +1 -0
  283. package/dist/sessions/redis-token-store.js +70 -0
  284. package/dist/sessions/redis-token-store.js.map +1 -0
  285. package/dist/sessions/session-context.d.ts +21 -40
  286. package/dist/sessions/session-context.d.ts.map +1 -1
  287. package/dist/sessions/session-context.js +25 -105
  288. package/dist/sessions/session-context.js.map +1 -1
  289. package/dist/sessions/token-crypto.d.ts +8 -0
  290. package/dist/sessions/token-crypto.d.ts.map +1 -0
  291. package/dist/sessions/token-crypto.js +43 -0
  292. package/dist/sessions/token-crypto.js.map +1 -0
  293. package/dist/sessions/token-store.d.ts +42 -0
  294. package/dist/sessions/token-store.d.ts.map +1 -0
  295. package/dist/sessions/token-store.js +66 -0
  296. package/dist/sessions/token-store.js.map +1 -0
  297. package/dist/utils/context.d.ts +12 -0
  298. package/dist/utils/context.d.ts.map +1 -1
  299. package/dist/utils/context.js +16 -0
  300. package/dist/utils/context.js.map +1 -1
  301. package/dist/utils/env-aliases.d.ts +9 -0
  302. package/dist/utils/env-aliases.d.ts.map +1 -0
  303. package/dist/utils/env-aliases.js +61 -0
  304. package/dist/utils/env-aliases.js.map +1 -0
  305. package/dist/utils/env.d.ts +5 -0
  306. package/dist/utils/env.d.ts.map +1 -1
  307. package/dist/utils/env.js +10 -1
  308. package/dist/utils/env.js.map +1 -1
  309. package/package.json +78 -74
  310. package/dist/creatio/auth/providers/oauth2-code-provider.d.ts +0 -21
  311. package/dist/creatio/auth/providers/oauth2-code-provider.d.ts.map +0 -1
  312. package/dist/creatio/auth/providers/oauth2-code-provider.js +0 -251
  313. package/dist/creatio/auth/providers/oauth2-code-provider.js.map +0 -1
  314. package/dist/server/http/creatio-oauth-handlers.d.ts +0 -13
  315. package/dist/server/http/creatio-oauth-handlers.d.ts.map +0 -1
  316. package/dist/server/http/creatio-oauth-handlers.js +0 -160
  317. package/dist/server/http/creatio-oauth-handlers.js.map +0 -1
  318. package/dist/server/http/httpServer.d.ts.map +0 -1
  319. package/dist/server/http/httpServer.js.map +0 -1
  320. package/dist/server/http/mcp-oauth-handlers.d.ts +0 -11
  321. package/dist/server/http/mcp-oauth-handlers.d.ts.map +0 -1
  322. package/dist/server/http/mcp-oauth-handlers.js +0 -118
  323. package/dist/server/http/mcp-oauth-handlers.js.map +0 -1
  324. package/dist/sessions/token-refresh-scheduler.d.ts +0 -16
  325. package/dist/sessions/token-refresh-scheduler.d.ts.map +0 -1
  326. package/dist/sessions/token-refresh-scheduler.js +0 -66
  327. package/dist/sessions/token-refresh-scheduler.js.map +0 -1
@@ -1,64 +1,145 @@
1
1
  "use strict";
2
+ var __importDefault = (this && this.__importDefault) || function (mod) {
3
+ return (mod && mod.__esModule) ? mod : { "default": mod };
4
+ };
2
5
  Object.defineProperty(exports, "__esModule", { value: true });
6
+ exports.getTokenStoreConfig = getTokenStoreConfig;
3
7
  exports.getCreatioClientConfig = getCreatioClientConfig;
8
+ const node_crypto_1 = __importDefault(require("node:crypto"));
4
9
  const creatio_1 = require("./creatio");
10
+ const log_1 = __importDefault(require("./log"));
5
11
  const utils_1 = require("./utils");
6
- function getCreatioClientAuthConfig() {
7
- const codeConf = _getOAuth2CodeAuthConfig();
8
- if (codeConf) {
9
- return codeConf;
12
+ /**
13
+ * The single user-facing auth selector (`CREATIO_MCP_AUTH_MODE`). When unset it is INFERRED from
14
+ * the supplied credentials (see {@link resolveAuthConfig}); `delegated`/`gateway` need none.
15
+ */
16
+ const AUTH_MODES = ['delegated', 'gateway', 'broker', 'client_credentials', 'legacy'];
17
+ const MISSING_CLIENT_CREDENTIALS = 'client_credentials auth requires CREATIO_CLIENT_ID and CREATIO_CLIENT_SECRET';
18
+ const MISSING_LEGACY = 'legacy auth requires CREATIO_LOGIN and CREATIO_PASSWORD';
19
+ const MISSING_BROKER = 'broker auth requires CREATIO_CLIENT_ID';
20
+ function readExplicitMode() {
21
+ const raw = (0, utils_1.env)('CREATIO_MCP_AUTH_MODE')?.toLowerCase();
22
+ if (!raw) {
23
+ return undefined;
10
24
  }
11
- const oauth2Conf = _getOAuth2AuthConfig();
12
- if (oauth2Conf) {
13
- return oauth2Conf;
25
+ if (AUTH_MODES.includes(raw)) {
26
+ return raw;
14
27
  }
15
- const legacyConf = _getLegacyAuthConfig();
16
- if (legacyConf) {
17
- return legacyConf;
28
+ throw new Error(`unsupported_auth_mode:${raw} (expected one of ${AUTH_MODES.join(', ')})`);
29
+ }
30
+ /**
31
+ * Infers the mode from supplied credentials when `CREATIO_MCP_AUTH_MODE` is unset:
32
+ * legacy (login/password) → client_credentials (id/secret) → delegated (stateless, no creds).
33
+ */
34
+ function inferMode() {
35
+ if ((0, utils_1.env)('CREATIO_LOGIN') && (0, utils_1.env)('CREATIO_PASSWORD')) {
36
+ return 'legacy';
37
+ }
38
+ if ((0, utils_1.env)('CREATIO_CLIENT_ID') && (0, utils_1.env)('CREATIO_CLIENT_SECRET')) {
39
+ return 'client_credentials';
18
40
  }
19
- throw new Error('You must set either CREATIO_CODE_* (client id, client secret, redirect, scope) or CREATIO_CLIENT_ID/CREATIO_CLIENT_SECRET, or both CREATIO_LOGIN and CREATIO_PASSWORD');
41
+ return 'delegated';
20
42
  }
21
- function _getOAuth2CodeAuthConfig() {
22
- const codeClientId = (0, utils_1.env)('CREATIO_CODE_CLIENT_ID');
23
- const codeClientSecret = (0, utils_1.env)('CREATIO_CODE_CLIENT_SECRET');
24
- const codeRedirectUri = (0, utils_1.env)('CREATIO_CODE_REDIRECT_URI');
25
- const codeScope = (0, utils_1.env)('CREATIO_CODE_SCOPE');
26
- if (codeClientId && codeClientSecret && codeRedirectUri && codeScope) {
27
- return {
28
- kind: creatio_1.AuthProviderType.OAuth2Code,
29
- clientId: codeClientId,
30
- clientSecret: codeClientSecret,
31
- redirectUri: codeRedirectUri,
32
- scope: codeScope,
33
- };
34
- }
35
- return null;
43
+ function bearerConfig(mode) {
44
+ const conf = { kind: creatio_1.AuthProviderType.OAuth2Bearer, mode };
45
+ const idb = (0, utils_1.env)('CREATIO_ID_BASE_URL');
46
+ if (idb) {
47
+ conf.idBaseUrl = idb;
48
+ }
49
+ return conf;
36
50
  }
37
- function _getOAuth2AuthConfig() {
51
+ function clientCredentialsConfig() {
38
52
  const clientId = (0, utils_1.env)('CREATIO_CLIENT_ID');
39
53
  const clientSecret = (0, utils_1.env)('CREATIO_CLIENT_SECRET');
40
- if (clientId && clientSecret) {
41
- const conf = { kind: creatio_1.AuthProviderType.OAuth2, clientId, clientSecret };
42
- const idb = (0, utils_1.env)('CREATIO_ID_BASE_URL');
43
- if (idb) {
44
- conf.idBaseUrl = idb;
54
+ if (!clientId || !clientSecret) {
55
+ throw new Error(MISSING_CLIENT_CREDENTIALS);
56
+ }
57
+ const conf = { kind: creatio_1.AuthProviderType.OAuth2, clientId, clientSecret };
58
+ const idb = (0, utils_1.env)('CREATIO_ID_BASE_URL');
59
+ if (idb) {
60
+ conf.idBaseUrl = idb;
61
+ }
62
+ return conf;
63
+ }
64
+ /** HS256 security rests ENTIRELY on the secret's entropy, so a short secret is brute-forceable
65
+ * offline from any issued token. Refuse anything weaker than 32 chars (256 bits of base64). */
66
+ const MIN_JWT_SECRET_LENGTH = 32;
67
+ /**
68
+ * The secret that signs the tokens the broker issues to its OWN clients. A stable secret is
69
+ * required to (a) keep client tokens valid across restarts and (b) validate them across multiple
70
+ * instances. A configured secret must clear the entropy floor; in production an explicit secret is
71
+ * mandatory (fail closed). Outside production an unset secret yields an ephemeral one (with a
72
+ * warning) so local/dev just works — at the cost of both properties above.
73
+ */
74
+ function resolveBrokerJwtSecret() {
75
+ const configured = (0, utils_1.env)('CREATIO_MCP_JWT_SECRET');
76
+ if (configured) {
77
+ if (configured.length < MIN_JWT_SECRET_LENGTH) {
78
+ throw new Error(`CREATIO_MCP_JWT_SECRET is too weak: it must be at least ${MIN_JWT_SECRET_LENGTH} ` +
79
+ `characters (got ${configured.length}). HS256 token security depends entirely on it.`);
45
80
  }
46
- return conf;
81
+ return configured;
82
+ }
83
+ if ((0, utils_1.env)('NODE_ENV') === 'production') {
84
+ throw new Error('CREATIO_MCP_JWT_SECRET is required in production for broker mode. Set a stable secret ' +
85
+ `of at least ${MIN_JWT_SECRET_LENGTH} characters.`);
86
+ }
87
+ log_1.default.warn('broker.jwt_secret.ephemeral', {
88
+ detail: 'CREATIO_MCP_JWT_SECRET is not set — generated a random one. Tokens issued to clients ' +
89
+ 'will be invalidated on restart and will not validate across multiple instances. Set a ' +
90
+ 'stable secret for production or horizontal scaling.',
91
+ });
92
+ return node_crypto_1.default.randomBytes(32).toString('base64url');
93
+ }
94
+ function brokerConfig() {
95
+ const clientId = (0, utils_1.env)('CREATIO_CLIENT_ID');
96
+ if (!clientId) {
97
+ throw new Error(MISSING_BROKER);
47
98
  }
48
- return null;
99
+ const jwtSecret = resolveBrokerJwtSecret();
100
+ const conf = { kind: creatio_1.AuthProviderType.Broker, clientId, jwtSecret };
101
+ const clientSecret = (0, utils_1.env)('CREATIO_CLIENT_SECRET');
102
+ if (clientSecret) {
103
+ conf.clientSecret = clientSecret;
104
+ }
105
+ const idb = (0, utils_1.env)('CREATIO_ID_BASE_URL');
106
+ if (idb) {
107
+ conf.idBaseUrl = idb;
108
+ }
109
+ return conf;
49
110
  }
50
- function _getLegacyAuthConfig() {
111
+ function legacyConfig() {
51
112
  const login = (0, utils_1.env)('CREATIO_LOGIN');
52
113
  const password = (0, utils_1.env)('CREATIO_PASSWORD');
53
- if (login && password) {
54
- return { kind: creatio_1.AuthProviderType.Legacy, login, password };
114
+ if (!login || !password) {
115
+ throw new Error(MISSING_LEGACY);
116
+ }
117
+ return { kind: creatio_1.AuthProviderType.Legacy, login, password };
118
+ }
119
+ /**
120
+ * Resolves the one effective auth config from the unified `CREATIO_MCP_AUTH_MODE` selector
121
+ * (explicit or inferred). Credential-based modes throw a clear error when their inputs are missing;
122
+ * stateless Bearer modes (delegated/gateway) need none.
123
+ */
124
+ function resolveAuthConfig() {
125
+ const mode = readExplicitMode() ?? inferMode();
126
+ switch (mode) {
127
+ case 'delegated':
128
+ return bearerConfig(creatio_1.BearerAuthMode.Delegated);
129
+ case 'gateway':
130
+ return bearerConfig(creatio_1.BearerAuthMode.Gateway);
131
+ case 'broker':
132
+ return brokerConfig();
133
+ case 'client_credentials':
134
+ return clientCredentialsConfig();
135
+ case 'legacy':
136
+ return legacyConfig();
55
137
  }
56
- return null;
57
138
  }
58
139
  function getCrudBackend() {
59
- const raw = (0, utils_1.env)('CREATIO_CRUD_BACKEND')?.toLowerCase();
140
+ const raw = (0, utils_1.env)('CREATIO_MCP_CRUD_BACKEND')?.toLowerCase();
60
141
  // DataService is the default backend (Creatio's native data API, what the UI uses);
61
- // set CREATIO_CRUD_BACKEND=odata to opt into the OData backend instead.
142
+ // set CREATIO_MCP_CRUD_BACKEND=odata to opt into the OData backend instead.
62
143
  if (!raw || raw === 'dataservice') {
63
144
  return 'dataservice';
64
145
  }
@@ -67,12 +148,35 @@ function getCrudBackend() {
67
148
  }
68
149
  return 'odata';
69
150
  }
70
- function getCreatioClientConfig() {
151
+ function getRequiredBaseUrl() {
71
152
  const baseUrl = (0, utils_1.env)('CREATIO_BASE_URL');
72
153
  if (!baseUrl) {
73
154
  throw new Error('Environment variable CREATIO_BASE_URL is required but not set');
74
155
  }
75
- const auth = getCreatioClientAuthConfig();
76
- return { baseUrl, auth, crudBackend: getCrudBackend() };
156
+ return baseUrl;
157
+ }
158
+ /**
159
+ * Broker token-store selection. `memory` (default) keeps tokens in-process (lost on restart, single
160
+ * instance); `redis` makes the broker stateless + restart-durable + multi-instance. The at-rest
161
+ * encryption key derives from `CREATIO_MCP_TOKEN_ENC_KEY` when set, else the (mandatory) broker
162
+ * `CREATIO_MCP_JWT_SECRET`.
163
+ */
164
+ function getTokenStoreConfig() {
165
+ const kind = (0, utils_1.env)('CREATIO_MCP_TOKEN_STORE')?.toLowerCase() === 'redis' ? 'redis' : 'memory';
166
+ if (kind === 'memory') {
167
+ return { kind };
168
+ }
169
+ return {
170
+ kind,
171
+ redisUrl: (0, utils_1.env)('CREATIO_MCP_REDIS_URL'),
172
+ encryptionSecret: (0, utils_1.env)('CREATIO_MCP_TOKEN_ENC_KEY') || (0, utils_1.env)('CREATIO_MCP_JWT_SECRET'),
173
+ };
174
+ }
175
+ function getCreatioClientConfig() {
176
+ return {
177
+ baseUrl: getRequiredBaseUrl(),
178
+ auth: resolveAuthConfig(),
179
+ crudBackend: getCrudBackend(),
180
+ };
77
181
  }
78
182
  //# sourceMappingURL=config-builder.js.map
@@ -1 +1 @@
1
- {"version":3,"file":"config-builder.js","sourceRoot":"","sources":["../src/config-builder.ts"],"names":[],"mappings":";;AAkFA,wDAOC;AAzFD,uCAQmB;AACnB,mCAA8B;AAE9B,SAAS,0BAA0B;IAClC,MAAM,QAAQ,GAAG,wBAAwB,EAAE,CAAC;IAC5C,IAAI,QAAQ,EAAE,CAAC;QACd,OAAO,QAAQ,CAAC;IACjB,CAAC;IACD,MAAM,UAAU,GAAG,oBAAoB,EAAE,CAAC;IAC1C,IAAI,UAAU,EAAE,CAAC;QAChB,OAAO,UAAU,CAAC;IACnB,CAAC;IACD,MAAM,UAAU,GAAG,oBAAoB,EAAE,CAAC;IAC1C,IAAI,UAAU,EAAE,CAAC;QAChB,OAAO,UAAU,CAAC;IACnB,CAAC;IACD,MAAM,IAAI,KAAK,CACd,uKAAuK,CACvK,CAAC;AACH,CAAC;AAED,SAAS,wBAAwB;IAChC,MAAM,YAAY,GAAG,IAAA,WAAG,EAAC,wBAAwB,CAAC,CAAC;IACnD,MAAM,gBAAgB,GAAG,IAAA,WAAG,EAAC,4BAA4B,CAAC,CAAC;IAC3D,MAAM,eAAe,GAAG,IAAA,WAAG,EAAC,2BAA2B,CAAC,CAAC;IACzD,MAAM,SAAS,GAAG,IAAA,WAAG,EAAC,oBAAoB,CAAC,CAAC;IAC5C,IAAI,YAAY,IAAI,gBAAgB,IAAI,eAAe,IAAI,SAAS,EAAE,CAAC;QACtE,OAAO;YACN,IAAI,EAAE,0BAAgB,CAAC,UAAU;YACjC,QAAQ,EAAE,YAAY;YACtB,YAAY,EAAE,gBAAgB;YAC9B,WAAW,EAAE,eAAe;YAC5B,KAAK,EAAE,SAAS;SAChB,CAAC;IACH,CAAC;IACD,OAAO,IAAI,CAAC;AACb,CAAC;AAED,SAAS,oBAAoB;IAC5B,MAAM,QAAQ,GAAG,IAAA,WAAG,EAAC,mBAAmB,CAAC,CAAC;IAC1C,MAAM,YAAY,GAAG,IAAA,WAAG,EAAC,uBAAuB,CAAC,CAAC;IAClD,IAAI,QAAQ,IAAI,YAAY,EAAE,CAAC;QAC9B,MAAM,IAAI,GAAqB,EAAE,IAAI,EAAE,0BAAgB,CAAC,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,CAAC;QACzF,MAAM,GAAG,GAAG,IAAA,WAAG,EAAC,qBAAqB,CAAC,CAAC;QACvC,IAAI,GAAG,EAAE,CAAC;YACT,IAAI,CAAC,SAAS,GAAG,GAAG,CAAC;QACtB,CAAC;QACD,OAAO,IAAI,CAAC;IACb,CAAC;IACD,OAAO,IAAI,CAAC;AACb,CAAC;AAED,SAAS,oBAAoB;IAC5B,MAAM,KAAK,GAAG,IAAA,WAAG,EAAC,eAAe,CAAC,CAAC;IACnC,MAAM,QAAQ,GAAG,IAAA,WAAG,EAAC,kBAAkB,CAAC,CAAC;IACzC,IAAI,KAAK,IAAI,QAAQ,EAAE,CAAC;QACvB,OAAO,EAAE,IAAI,EAAE,0BAAgB,CAAC,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC;IAC3D,CAAC;IACD,OAAO,IAAI,CAAC;AACb,CAAC;AAED,SAAS,cAAc;IACtB,MAAM,GAAG,GAAG,IAAA,WAAG,EAAC,sBAAsB,CAAC,EAAE,WAAW,EAAE,CAAC;IACvD,oFAAoF;IACpF,wEAAwE;IACxE,IAAI,CAAC,GAAG,IAAI,GAAG,KAAK,aAAa,EAAE,CAAC;QACnC,OAAO,aAAa,CAAC;IACtB,CAAC;IACD,IAAI,GAAG,KAAK,OAAO,EAAE,CAAC;QACrB,MAAM,IAAI,KAAK,CAAC,4BAA4B,GAAG,sCAAsC,CAAC,CAAC;IACxF,CAAC;IACD,OAAO,OAAO,CAAC;AAChB,CAAC;AAED,SAAgB,sBAAsB;IACrC,MAAM,OAAO,GAAG,IAAA,WAAG,EAAC,kBAAkB,CAAC,CAAC;IACxC,IAAI,CAAC,OAAO,EAAE,CAAC;QACd,MAAM,IAAI,KAAK,CAAC,+DAA+D,CAAC,CAAC;IAClF,CAAC;IACD,MAAM,IAAI,GAAG,0BAA0B,EAAE,CAAC;IAC1C,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,cAAc,EAAE,EAAE,CAAC;AACzD,CAAC"}
1
+ {"version":3,"file":"config-builder.js","sourceRoot":"","sources":["../src/config-builder.ts"],"names":[],"mappings":";;;;;AA6LA,kDAUC;AAED,wDAMC;AA/MD,8DAAiC;AAEjC,uCAUmB;AACnB,gDAAwB;AAExB,mCAA8B;AAE9B;;;GAGG;AACH,MAAM,UAAU,GAAG,CAAC,WAAW,EAAE,SAAS,EAAE,QAAQ,EAAE,oBAAoB,EAAE,QAAQ,CAAU,CAAC;AAG/F,MAAM,0BAA0B,GAC/B,8EAA8E,CAAC;AAChF,MAAM,cAAc,GAAG,yDAAyD,CAAC;AACjF,MAAM,cAAc,GAAG,wCAAwC,CAAC;AAEhE,SAAS,gBAAgB;IACxB,MAAM,GAAG,GAAG,IAAA,WAAG,EAAC,uBAAuB,CAAC,EAAE,WAAW,EAAE,CAAC;IACxD,IAAI,CAAC,GAAG,EAAE,CAAC;QACV,OAAO,SAAS,CAAC;IAClB,CAAC;IACD,IAAK,UAAgC,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACrD,OAAO,GAAe,CAAC;IACxB,CAAC;IACD,MAAM,IAAI,KAAK,CAAC,yBAAyB,GAAG,qBAAqB,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC5F,CAAC;AAED;;;GAGG;AACH,SAAS,SAAS;IACjB,IAAI,IAAA,WAAG,EAAC,eAAe,CAAC,IAAI,IAAA,WAAG,EAAC,kBAAkB,CAAC,EAAE,CAAC;QACrD,OAAO,QAAQ,CAAC;IACjB,CAAC;IACD,IAAI,IAAA,WAAG,EAAC,mBAAmB,CAAC,IAAI,IAAA,WAAG,EAAC,uBAAuB,CAAC,EAAE,CAAC;QAC9D,OAAO,oBAAoB,CAAC;IAC7B,CAAC;IACD,OAAO,WAAW,CAAC;AACpB,CAAC;AAED,SAAS,YAAY,CAAC,IAAoB;IACzC,MAAM,IAAI,GAAqB,EAAE,IAAI,EAAE,0BAAgB,CAAC,YAAY,EAAE,IAAI,EAAE,CAAC;IAC7E,MAAM,GAAG,GAAG,IAAA,WAAG,EAAC,qBAAqB,CAAC,CAAC;IACvC,IAAI,GAAG,EAAE,CAAC;QACT,IAAI,CAAC,SAAS,GAAG,GAAG,CAAC;IACtB,CAAC;IACD,OAAO,IAAI,CAAC;AACb,CAAC;AAED,SAAS,uBAAuB;IAC/B,MAAM,QAAQ,GAAG,IAAA,WAAG,EAAC,mBAAmB,CAAC,CAAC;IAC1C,MAAM,YAAY,GAAG,IAAA,WAAG,EAAC,uBAAuB,CAAC,CAAC;IAClD,IAAI,CAAC,QAAQ,IAAI,CAAC,YAAY,EAAE,CAAC;QAChC,MAAM,IAAI,KAAK,CAAC,0BAA0B,CAAC,CAAC;IAC7C,CAAC;IACD,MAAM,IAAI,GAAqB,EAAE,IAAI,EAAE,0BAAgB,CAAC,MAAM,EAAE,QAAQ,EAAE,YAAY,EAAE,CAAC;IACzF,MAAM,GAAG,GAAG,IAAA,WAAG,EAAC,qBAAqB,CAAC,CAAC;IACvC,IAAI,GAAG,EAAE,CAAC;QACT,IAAI,CAAC,SAAS,GAAG,GAAG,CAAC;IACtB,CAAC;IACD,OAAO,IAAI,CAAC;AACb,CAAC;AAED;gGACgG;AAChG,MAAM,qBAAqB,GAAG,EAAE,CAAC;AAEjC;;;;;;GAMG;AACH,SAAS,sBAAsB;IAC9B,MAAM,UAAU,GAAG,IAAA,WAAG,EAAC,wBAAwB,CAAC,CAAC;IACjD,IAAI,UAAU,EAAE,CAAC;QAChB,IAAI,UAAU,CAAC,MAAM,GAAG,qBAAqB,EAAE,CAAC;YAC/C,MAAM,IAAI,KAAK,CACd,2DAA2D,qBAAqB,GAAG;gBAClF,mBAAmB,UAAU,CAAC,MAAM,iDAAiD,CACtF,CAAC;QACH,CAAC;QACD,OAAO,UAAU,CAAC;IACnB,CAAC;IACD,IAAI,IAAA,WAAG,EAAC,UAAU,CAAC,KAAK,YAAY,EAAE,CAAC;QACtC,MAAM,IAAI,KAAK,CACd,wFAAwF;YACvF,eAAe,qBAAqB,cAAc,CACnD,CAAC;IACH,CAAC;IACD,aAAG,CAAC,IAAI,CAAC,6BAA6B,EAAE;QACvC,MAAM,EACL,uFAAuF;YACvF,wFAAwF;YACxF,qDAAqD;KACtD,CAAC,CAAC;IACH,OAAO,qBAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;AACrD,CAAC;AAED,SAAS,YAAY;IACpB,MAAM,QAAQ,GAAG,IAAA,WAAG,EAAC,mBAAmB,CAAC,CAAC;IAC1C,IAAI,CAAC,QAAQ,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CAAC,cAAc,CAAC,CAAC;IACjC,CAAC;IACD,MAAM,SAAS,GAAG,sBAAsB,EAAE,CAAC;IAC3C,MAAM,IAAI,GAAqB,EAAE,IAAI,EAAE,0BAAgB,CAAC,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;IACtF,MAAM,YAAY,GAAG,IAAA,WAAG,EAAC,uBAAuB,CAAC,CAAC;IAClD,IAAI,YAAY,EAAE,CAAC;QAClB,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;IAClC,CAAC;IACD,MAAM,GAAG,GAAG,IAAA,WAAG,EAAC,qBAAqB,CAAC,CAAC;IACvC,IAAI,GAAG,EAAE,CAAC;QACT,IAAI,CAAC,SAAS,GAAG,GAAG,CAAC;IACtB,CAAC;IACD,OAAO,IAAI,CAAC;AACb,CAAC;AAED,SAAS,YAAY;IACpB,MAAM,KAAK,GAAG,IAAA,WAAG,EAAC,eAAe,CAAC,CAAC;IACnC,MAAM,QAAQ,GAAG,IAAA,WAAG,EAAC,kBAAkB,CAAC,CAAC;IACzC,IAAI,CAAC,KAAK,IAAI,CAAC,QAAQ,EAAE,CAAC;QACzB,MAAM,IAAI,KAAK,CAAC,cAAc,CAAC,CAAC;IACjC,CAAC;IACD,OAAO,EAAE,IAAI,EAAE,0BAAgB,CAAC,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC;AAC3D,CAAC;AAED;;;;GAIG;AACH,SAAS,iBAAiB;IACzB,MAAM,IAAI,GAAG,gBAAgB,EAAE,IAAI,SAAS,EAAE,CAAC;IAC/C,QAAQ,IAAI,EAAE,CAAC;QACd,KAAK,WAAW;YACf,OAAO,YAAY,CAAC,wBAAc,CAAC,SAAS,CAAC,CAAC;QAC/C,KAAK,SAAS;YACb,OAAO,YAAY,CAAC,wBAAc,CAAC,OAAO,CAAC,CAAC;QAC7C,KAAK,QAAQ;YACZ,OAAO,YAAY,EAAE,CAAC;QACvB,KAAK,oBAAoB;YACxB,OAAO,uBAAuB,EAAE,CAAC;QAClC,KAAK,QAAQ;YACZ,OAAO,YAAY,EAAE,CAAC;IACxB,CAAC;AACF,CAAC;AAED,SAAS,cAAc;IACtB,MAAM,GAAG,GAAG,IAAA,WAAG,EAAC,0BAA0B,CAAC,EAAE,WAAW,EAAE,CAAC;IAC3D,oFAAoF;IACpF,4EAA4E;IAC5E,IAAI,CAAC,GAAG,IAAI,GAAG,KAAK,aAAa,EAAE,CAAC;QACnC,OAAO,aAAa,CAAC;IACtB,CAAC;IACD,IAAI,GAAG,KAAK,OAAO,EAAE,CAAC;QACrB,MAAM,IAAI,KAAK,CAAC,4BAA4B,GAAG,sCAAsC,CAAC,CAAC;IACxF,CAAC;IACD,OAAO,OAAO,CAAC;AAChB,CAAC;AAED,SAAS,kBAAkB;IAC1B,MAAM,OAAO,GAAG,IAAA,WAAG,EAAC,kBAAkB,CAAC,CAAC;IACxC,IAAI,CAAC,OAAO,EAAE,CAAC;QACd,MAAM,IAAI,KAAK,CAAC,+DAA+D,CAAC,CAAC;IAClF,CAAC;IACD,OAAO,OAAO,CAAC;AAChB,CAAC;AAED;;;;;GAKG;AACH,SAAgB,mBAAmB;IAClC,MAAM,IAAI,GAAG,IAAA,WAAG,EAAC,yBAAyB,CAAC,EAAE,WAAW,EAAE,KAAK,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC;IAC5F,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;QACvB,OAAO,EAAE,IAAI,EAAE,CAAC;IACjB,CAAC;IACD,OAAO;QACN,IAAI;QACJ,QAAQ,EAAE,IAAA,WAAG,EAAC,uBAAuB,CAAC;QACtC,gBAAgB,EAAE,IAAA,WAAG,EAAC,2BAA2B,CAAC,IAAI,IAAA,WAAG,EAAC,wBAAwB,CAAC;KACnF,CAAC;AACH,CAAC;AAED,SAAgB,sBAAsB;IACrC,OAAO;QACN,OAAO,EAAE,kBAAkB,EAAE;QAC7B,IAAI,EAAE,iBAAiB,EAAE;QACzB,WAAW,EAAE,cAAc,EAAE;KAC7B,CAAC;AACH,CAAC"}
@@ -1 +1 @@
1
- {"version":3,"file":"consts.d.ts","sourceRoot":"","sources":["../src/consts.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,aAAa,QAA8B,CAAC"}
1
+ {"version":3,"file":"consts.d.ts","sourceRoot":"","sources":["../src/consts.ts"],"names":[],"mappings":"AAGA,eAAO,MAAM,aAAa,QAA0C,CAAC"}
package/dist/consts.js CHANGED
@@ -2,5 +2,6 @@
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
3
  exports.HTTP_MCP_PORT = void 0;
4
4
  const utils_1 = require("./utils");
5
- exports.HTTP_MCP_PORT = Number((0, utils_1.env)('PORT')) || 3000;
5
+ // Canonical CREATIO_MCP_PORT; env() transparently falls back to the conventional PORT (no warning).
6
+ exports.HTTP_MCP_PORT = Number((0, utils_1.env)('CREATIO_MCP_PORT')) || 3000;
6
7
  //# sourceMappingURL=consts.js.map
@@ -1 +1 @@
1
- {"version":3,"file":"consts.js","sourceRoot":"","sources":["../src/consts.ts"],"names":[],"mappings":";;;AAAA,mCAA8B;AAEjB,QAAA,aAAa,GAAG,MAAM,CAAC,IAAA,WAAG,EAAC,MAAM,CAAC,CAAC,IAAI,IAAI,CAAC"}
1
+ {"version":3,"file":"consts.js","sourceRoot":"","sources":["../src/consts.ts"],"names":[],"mappings":";;;AAAA,mCAA8B;AAE9B,oGAAoG;AACvF,QAAA,aAAa,GAAG,MAAM,CAAC,IAAA,WAAG,EAAC,kBAAkB,CAAC,CAAC,IAAI,IAAI,CAAC"}
@@ -1 +1 @@
1
- {"version":3,"file":"auth-manager.d.ts","sourceRoot":"","sources":["../../../src/creatio/auth/auth-manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAC;AAEvD,OAAO,EAAE,oBAAoB,EAAE,MAAM,QAAQ,CAAC;AAG9C,qBAAa,kBAAkB;IAC9B,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAsB;IAC9C,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAuB;gBAErC,MAAM,EAAE,mBAAmB;IAchC,WAAW,IAAI,oBAAoB;CAG1C"}
1
+ {"version":3,"file":"auth-manager.d.ts","sourceRoot":"","sources":["../../../src/creatio/auth/auth-manager.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,mBAAmB,EAAE,MAAM,kBAAkB,CAAC;AAEvD,OAAO,EAAE,oBAAoB,EAAE,MAAM,QAAQ,CAAC;AAS9C,qBAAa,kBAAkB;IAC9B,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAsB;IAC9C,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAuB;gBAErC,MAAM,EAAE,mBAAmB;IAgBhC,WAAW,IAAI,oBAAoB;CAG1C"}
@@ -11,8 +11,11 @@ class CreatioAuthManager {
11
11
  if (authKind === providers_1.AuthProviderType.OAuth2) {
12
12
  this._provider = new providers_1.OAuth2Provider(this._config);
13
13
  }
14
- else if (authKind === providers_1.AuthProviderType.OAuth2Code) {
15
- this._provider = new providers_1.OAuth2CodeProvider(this._config);
14
+ else if (authKind === providers_1.AuthProviderType.OAuth2Bearer) {
15
+ this._provider = new providers_1.OAuth2BearerProvider(this._config);
16
+ }
17
+ else if (authKind === providers_1.AuthProviderType.Broker) {
18
+ this._provider = new providers_1.BrokerProvider(this._config);
16
19
  }
17
20
  else if (authKind === providers_1.AuthProviderType.Legacy) {
18
21
  this._provider = new providers_1.LegacyProvider(this._config);
@@ -1 +1 @@
1
- {"version":3,"file":"auth-manager.js","sourceRoot":"","sources":["../../../src/creatio/auth/auth-manager.ts"],"names":[],"mappings":";;;AAGA,2CAAmG;AAEnG,MAAa,kBAAkB;IACb,OAAO,CAAsB;IAC7B,SAAS,CAAuB;IAEjD,YAAY,MAA2B;QACtC,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC;QACtB,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC;QACxC,IAAI,QAAQ,KAAK,4BAAgB,CAAC,MAAM,EAAE,CAAC;YAC1C,IAAI,CAAC,SAAS,GAAG,IAAI,0BAAc,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACnD,CAAC;aAAM,IAAI,QAAQ,KAAK,4BAAgB,CAAC,UAAU,EAAE,CAAC;YACrD,IAAI,CAAC,SAAS,GAAG,IAAI,8BAAkB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACvD,CAAC;aAAM,IAAI,QAAQ,KAAK,4BAAgB,CAAC,MAAM,EAAE,CAAC;YACjD,IAAI,CAAC,SAAS,GAAG,IAAI,0BAAc,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACnD,CAAC;aAAM,CAAC;YACP,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;QAC5C,CAAC;IACF,CAAC;IAEM,WAAW;QACjB,OAAO,IAAI,CAAC,SAAS,CAAC;IACvB,CAAC;CACD;AArBD,gDAqBC"}
1
+ {"version":3,"file":"auth-manager.js","sourceRoot":"","sources":["../../../src/creatio/auth/auth-manager.ts"],"names":[],"mappings":";;;AAGA,2CAMqB;AAErB,MAAa,kBAAkB;IACb,OAAO,CAAsB;IAC7B,SAAS,CAAuB;IAEjD,YAAY,MAA2B;QACtC,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC;QACtB,MAAM,QAAQ,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC;QACxC,IAAI,QAAQ,KAAK,4BAAgB,CAAC,MAAM,EAAE,CAAC;YAC1C,IAAI,CAAC,SAAS,GAAG,IAAI,0BAAc,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACnD,CAAC;aAAM,IAAI,QAAQ,KAAK,4BAAgB,CAAC,YAAY,EAAE,CAAC;YACvD,IAAI,CAAC,SAAS,GAAG,IAAI,gCAAoB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACzD,CAAC;aAAM,IAAI,QAAQ,KAAK,4BAAgB,CAAC,MAAM,EAAE,CAAC;YACjD,IAAI,CAAC,SAAS,GAAG,IAAI,0BAAc,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACnD,CAAC;aAAM,IAAI,QAAQ,KAAK,4BAAgB,CAAC,MAAM,EAAE,CAAC;YACjD,IAAI,CAAC,SAAS,GAAG,IAAI,0BAAc,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACnD,CAAC;aAAM,CAAC;YACP,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;QAC5C,CAAC;IACF,CAAC;IAEM,WAAW;QACjB,OAAO,IAAI,CAAC,SAAS,CAAC;IACvB,CAAC;CACD;AAvBD,gDAuBC"}
@@ -1,32 +1,5 @@
1
- import { AuthProviderType } from './providers';
2
- /**
3
- * Core capability every auth provider has: attach auth headers, refresh on 401, and a
4
- * safe cancel hook for background timers. Kept deliberately small (ISP) — revocation and
5
- * the interactive authorization-code dance are separate, optional capabilities below, so
6
- * a provider is never forced to stub methods it does not support.
7
- */
8
- export interface ICreatioAuthProvider {
9
- type: AuthProviderType;
10
- getHeaders(accept: string, isJson?: boolean): Promise<Record<string, string>>;
11
- refresh(): Promise<void>;
12
- /** Cancels any background token-refresh timers. Safe no-op for providers without them. */
13
- cancelAllRefresh(): void;
14
- }
15
- /** A provider whose tokens can be explicitly revoked (OAuth2 variants). */
16
- export interface IRevocableAuthProvider extends ICreatioAuthProvider {
17
- revoke(): Promise<void>;
18
- }
19
- /** A provider that drives the interactive OAuth2 authorization-code flow. */
20
- export interface IInteractiveAuthProvider extends ICreatioAuthProvider {
21
- getAuthorizeUrl(state: string): Promise<string>;
22
- finishAuthorization(code: string): Promise<void>;
23
- }
24
- export declare function supportsRevoke(provider: ICreatioAuthProvider): provider is IRevocableAuthProvider;
25
- export declare function supportsInteractiveAuth(provider: ICreatioAuthProvider): provider is IInteractiveAuthProvider;
26
- export declare function buildHeaders(accept: string, isJson?: boolean, token?: string): Record<string, string>;
27
- export declare const TOKEN_ENDPOINT = "/connect/token";
28
- export declare const AUTHORIZE_ENDPOINT = "/connect/authorize";
29
- export declare const REVOCATION_ENDPOINT = "/connect/revocation";
30
- export declare const TOKEN_BODY_SNIPPET_MAX = 1024;
31
- export declare const EXPIRES_MARGIN_SECONDS = 30;
1
+ export * from './contracts';
2
+ export * from './headers';
3
+ export * from './identity';
4
+ export * from './constants';
32
5
  //# sourceMappingURL=auth.d.ts.map
@@ -1 +1 @@
1
- {"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../../src/creatio/auth/auth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAE/C;;;;;GAKG;AACH,MAAM,WAAW,oBAAoB;IACpC,IAAI,EAAE,gBAAgB,CAAC;IACvB,UAAU,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;IAC9E,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IACzB,0FAA0F;IAC1F,gBAAgB,IAAI,IAAI,CAAC;CACzB;AAED,2EAA2E;AAC3E,MAAM,WAAW,sBAAuB,SAAQ,oBAAoB;IACnE,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;CACxB;AAED,6EAA6E;AAC7E,MAAM,WAAW,wBAAyB,SAAQ,oBAAoB;IACrE,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAChD,mBAAmB,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACjD;AAED,wBAAgB,cAAc,CAAC,QAAQ,EAAE,oBAAoB,GAAG,QAAQ,IAAI,sBAAsB,CAEjG;AAED,wBAAgB,uBAAuB,CACtC,QAAQ,EAAE,oBAAoB,GAC5B,QAAQ,IAAI,wBAAwB,CAGtC;AAED,wBAAgB,YAAY,CAC3B,MAAM,EAAE,MAAM,EACd,MAAM,CAAC,EAAE,OAAO,EAChB,KAAK,CAAC,EAAE,MAAM,GACZ,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CASxB;AAED,eAAO,MAAM,cAAc,mBAAmB,CAAC;AAC/C,eAAO,MAAM,kBAAkB,uBAAuB,CAAC;AACvD,eAAO,MAAM,mBAAmB,wBAAwB,CAAC;AACzD,eAAO,MAAM,sBAAsB,OAAO,CAAC;AAC3C,eAAO,MAAM,sBAAsB,KAAK,CAAC"}
1
+ {"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../../src/creatio/auth/auth.ts"],"names":[],"mappings":"AAEA,cAAc,aAAa,CAAC;AAC5B,cAAc,WAAW,CAAC;AAC1B,cAAc,YAAY,CAAC;AAC3B,cAAc,aAAa,CAAC"}
@@ -1,29 +1,23 @@
1
1
  "use strict";
2
- Object.defineProperty(exports, "__esModule", { value: true });
3
- exports.EXPIRES_MARGIN_SECONDS = exports.TOKEN_BODY_SNIPPET_MAX = exports.REVOCATION_ENDPOINT = exports.AUTHORIZE_ENDPOINT = exports.TOKEN_ENDPOINT = void 0;
4
- exports.supportsRevoke = supportsRevoke;
5
- exports.supportsInteractiveAuth = supportsInteractiveAuth;
6
- exports.buildHeaders = buildHeaders;
7
- function supportsRevoke(provider) {
8
- return typeof provider.revoke === 'function';
9
- }
10
- function supportsInteractiveAuth(provider) {
11
- const p = provider;
12
- return typeof p.getAuthorizeUrl === 'function' && typeof p.finishAuthorization === 'function';
13
- }
14
- function buildHeaders(accept, isJson, token) {
15
- const headers = { Accept: accept };
16
- if (isJson) {
17
- headers['Content-Type'] = 'application/json';
18
- }
19
- if (token) {
20
- headers['Authorization'] = `Bearer ${token}`;
2
+ var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
3
+ if (k2 === undefined) k2 = k;
4
+ var desc = Object.getOwnPropertyDescriptor(m, k);
5
+ if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
6
+ desc = { enumerable: true, get: function() { return m[k]; } };
21
7
  }
22
- return headers;
23
- }
24
- exports.TOKEN_ENDPOINT = '/connect/token';
25
- exports.AUTHORIZE_ENDPOINT = '/connect/authorize';
26
- exports.REVOCATION_ENDPOINT = '/connect/revocation';
27
- exports.TOKEN_BODY_SNIPPET_MAX = 1024;
28
- exports.EXPIRES_MARGIN_SECONDS = 30;
8
+ Object.defineProperty(o, k2, desc);
9
+ }) : (function(o, m, k, k2) {
10
+ if (k2 === undefined) k2 = k;
11
+ o[k2] = m[k];
12
+ }));
13
+ var __exportStar = (this && this.__exportStar) || function(m, exports) {
14
+ for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
15
+ };
16
+ Object.defineProperty(exports, "__esModule", { value: true });
17
+ // Internal barrel for the auth core, split by concern (SRP): provider contract, header building,
18
+ // identity-base resolution, and protocol constants. Providers import from here ('../auth').
19
+ __exportStar(require("./contracts"), exports);
20
+ __exportStar(require("./headers"), exports);
21
+ __exportStar(require("./identity"), exports);
22
+ __exportStar(require("./constants"), exports);
29
23
  //# sourceMappingURL=auth.js.map
@@ -1 +1 @@
1
- {"version":3,"file":"auth.js","sourceRoot":"","sources":["../../../src/creatio/auth/auth.ts"],"names":[],"mappings":";;;AA2BA,wCAEC;AAED,0DAKC;AAED,oCAaC;AAxBD,SAAgB,cAAc,CAAC,QAA8B;IAC5D,OAAO,OAAQ,QAA4C,CAAC,MAAM,KAAK,UAAU,CAAC;AACnF,CAAC;AAED,SAAgB,uBAAuB,CACtC,QAA8B;IAE9B,MAAM,CAAC,GAAG,QAA6C,CAAC;IACxD,OAAO,OAAO,CAAC,CAAC,eAAe,KAAK,UAAU,IAAI,OAAO,CAAC,CAAC,mBAAmB,KAAK,UAAU,CAAC;AAC/F,CAAC;AAED,SAAgB,YAAY,CAC3B,MAAc,EACd,MAAgB,EAChB,KAAc;IAEd,MAAM,OAAO,GAA2B,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;IAC3D,IAAI,MAAM,EAAE,CAAC;QACZ,OAAO,CAAC,cAAc,CAAC,GAAG,kBAAkB,CAAC;IAC9C,CAAC;IACD,IAAI,KAAK,EAAE,CAAC;QACX,OAAO,CAAC,eAAe,CAAC,GAAG,UAAU,KAAK,EAAE,CAAC;IAC9C,CAAC;IACD,OAAO,OAAO,CAAC;AAChB,CAAC;AAEY,QAAA,cAAc,GAAG,gBAAgB,CAAC;AAClC,QAAA,kBAAkB,GAAG,oBAAoB,CAAC;AAC1C,QAAA,mBAAmB,GAAG,qBAAqB,CAAC;AAC5C,QAAA,sBAAsB,GAAG,IAAI,CAAC;AAC9B,QAAA,sBAAsB,GAAG,EAAE,CAAC"}
1
+ {"version":3,"file":"auth.js","sourceRoot":"","sources":["../../../src/creatio/auth/auth.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,iGAAiG;AACjG,4FAA4F;AAC5F,8CAA4B;AAC5B,4CAA0B;AAC1B,6CAA2B;AAC3B,8CAA4B"}
@@ -0,0 +1,14 @@
1
+ /** Creatio Identity endpoints, relative to the identity base (see {@link resolveIdentityBase}). */
2
+ export declare const TOKEN_ENDPOINT = "/connect/token";
3
+ export declare const AUTHORIZE_ENDPOINT = "/connect/authorize";
4
+ export declare const REVOCATION_ENDPOINT = "/connect/revocation";
5
+ /** Max bytes of a token-endpoint error body to log, so diagnostics never dump huge payloads. */
6
+ export declare const TOKEN_BODY_SNIPPET_MAX = 1024;
7
+ /** Safety margin (seconds) subtracted from a token's lifetime so it is refreshed before it expires. */
8
+ export declare const EXPIRES_MARGIN_SECONDS = 30;
9
+ /** PKCE challenge method the broker always uses on the Creatio leg. */
10
+ export declare const PKCE_S256 = "S256";
11
+ /** Absolute expiry (epoch ms) for a token living `expiresInSeconds`, minus the safety margin so it
12
+ * is refreshed before it actually expires. The single source of truth for token-expiry math. */
13
+ export declare function computeTokenExpiryMs(expiresInSeconds: number, minSeconds?: number): number;
14
+ //# sourceMappingURL=constants.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../../src/creatio/auth/constants.ts"],"names":[],"mappings":"AAAA,mGAAmG;AACnG,eAAO,MAAM,cAAc,mBAAmB,CAAC;AAC/C,eAAO,MAAM,kBAAkB,uBAAuB,CAAC;AACvD,eAAO,MAAM,mBAAmB,wBAAwB,CAAC;AACzD,gGAAgG;AAChG,eAAO,MAAM,sBAAsB,OAAO,CAAC;AAC3C,uGAAuG;AACvG,eAAO,MAAM,sBAAsB,KAAK,CAAC;AACzC,uEAAuE;AACvE,eAAO,MAAM,SAAS,SAAS,CAAC;AAEhC;iGACiG;AACjG,wBAAgB,oBAAoB,CAAC,gBAAgB,EAAE,MAAM,EAAE,UAAU,SAAI,GAAG,MAAM,CAErF"}
@@ -0,0 +1,20 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.PKCE_S256 = exports.EXPIRES_MARGIN_SECONDS = exports.TOKEN_BODY_SNIPPET_MAX = exports.REVOCATION_ENDPOINT = exports.AUTHORIZE_ENDPOINT = exports.TOKEN_ENDPOINT = void 0;
4
+ exports.computeTokenExpiryMs = computeTokenExpiryMs;
5
+ /** Creatio Identity endpoints, relative to the identity base (see {@link resolveIdentityBase}). */
6
+ exports.TOKEN_ENDPOINT = '/connect/token';
7
+ exports.AUTHORIZE_ENDPOINT = '/connect/authorize';
8
+ exports.REVOCATION_ENDPOINT = '/connect/revocation';
9
+ /** Max bytes of a token-endpoint error body to log, so diagnostics never dump huge payloads. */
10
+ exports.TOKEN_BODY_SNIPPET_MAX = 1024;
11
+ /** Safety margin (seconds) subtracted from a token's lifetime so it is refreshed before it expires. */
12
+ exports.EXPIRES_MARGIN_SECONDS = 30;
13
+ /** PKCE challenge method the broker always uses on the Creatio leg. */
14
+ exports.PKCE_S256 = 'S256';
15
+ /** Absolute expiry (epoch ms) for a token living `expiresInSeconds`, minus the safety margin so it
16
+ * is refreshed before it actually expires. The single source of truth for token-expiry math. */
17
+ function computeTokenExpiryMs(expiresInSeconds, minSeconds = 1) {
18
+ return Date.now() + Math.max(minSeconds, expiresInSeconds - exports.EXPIRES_MARGIN_SECONDS) * 1000;
19
+ }
20
+ //# sourceMappingURL=constants.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"constants.js","sourceRoot":"","sources":["../../../src/creatio/auth/constants.ts"],"names":[],"mappings":";;;AAaA,oDAEC;AAfD,mGAAmG;AACtF,QAAA,cAAc,GAAG,gBAAgB,CAAC;AAClC,QAAA,kBAAkB,GAAG,oBAAoB,CAAC;AAC1C,QAAA,mBAAmB,GAAG,qBAAqB,CAAC;AACzD,gGAAgG;AACnF,QAAA,sBAAsB,GAAG,IAAI,CAAC;AAC3C,uGAAuG;AAC1F,QAAA,sBAAsB,GAAG,EAAE,CAAC;AACzC,uEAAuE;AAC1D,QAAA,SAAS,GAAG,MAAM,CAAC;AAEhC;iGACiG;AACjG,SAAgB,oBAAoB,CAAC,gBAAwB,EAAE,UAAU,GAAG,CAAC;IAC5E,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,gBAAgB,GAAG,8BAAsB,CAAC,GAAG,IAAI,CAAC;AAC5F,CAAC"}
@@ -0,0 +1,15 @@
1
+ import { AuthProviderType } from './providers';
2
+ /**
3
+ * The single capability every auth provider has: attach auth headers, refresh on 401, and a safe
4
+ * cancel hook for background timers. Deliberately small (ISP) — the stateless Bearer, client-
5
+ * credentials and legacy providers all fit this one shape; there is no longer any token-issuing or
6
+ * interactive-flow surface on the MCP (clients authenticate against Creatio Identity directly).
7
+ */
8
+ export interface ICreatioAuthProvider {
9
+ type: AuthProviderType;
10
+ getHeaders(accept: string, isJson?: boolean): Promise<Record<string, string>>;
11
+ refresh(): Promise<void>;
12
+ /** Cancels any background timers. Safe no-op for providers without them. */
13
+ cancelAllRefresh(): void;
14
+ }
15
+ //# sourceMappingURL=contracts.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"contracts.d.ts","sourceRoot":"","sources":["../../../src/creatio/auth/contracts.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAE/C;;;;;GAKG;AACH,MAAM,WAAW,oBAAoB;IACpC,IAAI,EAAE,gBAAgB,CAAC;IACvB,UAAU,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;IAC9E,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IACzB,4EAA4E;IAC5E,gBAAgB,IAAI,IAAI,CAAC;CACzB"}
@@ -0,0 +1,3 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ //# sourceMappingURL=contracts.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"contracts.js","sourceRoot":"","sources":["../../../src/creatio/auth/contracts.ts"],"names":[],"mappings":""}
@@ -0,0 +1,3 @@
1
+ /** Builds the standard Creatio request headers, optionally with a JSON content-type and a Bearer token. */
2
+ export declare function buildHeaders(accept: string, isJson?: boolean, token?: string): Record<string, string>;
3
+ //# sourceMappingURL=headers.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"headers.d.ts","sourceRoot":"","sources":["../../../src/creatio/auth/headers.ts"],"names":[],"mappings":"AAAA,2GAA2G;AAC3G,wBAAgB,YAAY,CAC3B,MAAM,EAAE,MAAM,EACd,MAAM,CAAC,EAAE,OAAO,EAChB,KAAK,CAAC,EAAE,MAAM,GACZ,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CASxB"}
@@ -0,0 +1,15 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.buildHeaders = buildHeaders;
4
+ /** Builds the standard Creatio request headers, optionally with a JSON content-type and a Bearer token. */
5
+ function buildHeaders(accept, isJson, token) {
6
+ const headers = { Accept: accept };
7
+ if (isJson) {
8
+ headers['Content-Type'] = 'application/json';
9
+ }
10
+ if (token) {
11
+ headers['Authorization'] = `Bearer ${token}`;
12
+ }
13
+ return headers;
14
+ }
15
+ //# sourceMappingURL=headers.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"headers.js","sourceRoot":"","sources":["../../../src/creatio/auth/headers.ts"],"names":[],"mappings":";;AACA,oCAaC;AAdD,2GAA2G;AAC3G,SAAgB,YAAY,CAC3B,MAAc,EACd,MAAgB,EAChB,KAAc;IAEd,MAAM,OAAO,GAA2B,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC;IAC3D,IAAI,MAAM,EAAE,CAAC;QACZ,OAAO,CAAC,cAAc,CAAC,GAAG,kBAAkB,CAAC;IAC9C,CAAC;IACD,IAAI,KAAK,EAAE,CAAC;QACX,OAAO,CAAC,eAAe,CAAC,GAAG,UAAU,KAAK,EAAE,CAAC;IAC9C,CAAC;IACD,OAAO,OAAO,CAAC;AAChB,CAAC"}
@@ -0,0 +1,8 @@
1
+ /**
2
+ * Canonical Creatio identity base: an explicit `idBaseUrl` when given, otherwise the instance base
3
+ * URL, in both cases normalized to end with the `/0` workspace segment (where Creatio hosts the
4
+ * OAuth/OIDC endpoints, e.g. `/0/connect/token`, `/0/.well-known/openid-configuration`). Shared by
5
+ * the client-credentials provider and the delegated-mode JWKS validator so they target the same host.
6
+ */
7
+ export declare function resolveIdentityBase(baseUrl: string, idBaseUrl?: string): string;
8
+ //# sourceMappingURL=identity.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"identity.d.ts","sourceRoot":"","sources":["../../../src/creatio/auth/identity.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,MAAM,GAAG,MAAM,CAO/E"}
@@ -0,0 +1,18 @@
1
+ "use strict";
2
+ Object.defineProperty(exports, "__esModule", { value: true });
3
+ exports.resolveIdentityBase = resolveIdentityBase;
4
+ /**
5
+ * Canonical Creatio identity base: an explicit `idBaseUrl` when given, otherwise the instance base
6
+ * URL, in both cases normalized to end with the `/0` workspace segment (where Creatio hosts the
7
+ * OAuth/OIDC endpoints, e.g. `/0/connect/token`, `/0/.well-known/openid-configuration`). Shared by
8
+ * the client-credentials provider and the delegated-mode JWKS validator so they target the same host.
9
+ */
10
+ function resolveIdentityBase(baseUrl, idBaseUrl) {
11
+ const raw = idBaseUrl ? String(idBaseUrl) : baseUrl;
12
+ let base = raw.replace(/\/$/, '');
13
+ if (!/\/0$/.test(base)) {
14
+ base = base + '/0';
15
+ }
16
+ return base;
17
+ }
18
+ //# sourceMappingURL=identity.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"identity.js","sourceRoot":"","sources":["../../../src/creatio/auth/identity.ts"],"names":[],"mappings":";;AAMA,kDAOC;AAbD;;;;;GAKG;AACH,SAAgB,mBAAmB,CAAC,OAAe,EAAE,SAAkB;IACtE,MAAM,GAAG,GAAG,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC;IACpD,IAAI,IAAI,GAAG,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IAClC,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC;QACxB,IAAI,GAAG,IAAI,GAAG,IAAI,CAAC;IACpB,CAAC;IACD,OAAO,IAAI,CAAC;AACb,CAAC"}
@@ -1,5 +1,6 @@
1
1
  export * from './auth-manager';
2
- export type { ICreatioAuthProvider, IRevocableAuthProvider, IInteractiveAuthProvider, } from './auth';
3
- export { supportsRevoke, supportsInteractiveAuth } from './auth';
4
- export { AuthProviderType } from './providers/type';
2
+ export type { ICreatioAuthProvider } from './auth';
3
+ export { resolveIdentityBase } from './auth';
4
+ export { CreatioOAuthClient } from './providers';
5
+ export { AuthProviderType, BearerAuthMode } from './providers/type';
5
6
  //# sourceMappingURL=index.d.ts.map
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/creatio/auth/index.ts"],"names":[],"mappings":"AAAA,cAAc,gBAAgB,CAAC;AAC/B,YAAY,EACX,oBAAoB,EACpB,sBAAsB,EACtB,wBAAwB,GACxB,MAAM,QAAQ,CAAC;AAChB,OAAO,EAAE,cAAc,EAAE,uBAAuB,EAAE,MAAM,QAAQ,CAAC;AACjE,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/creatio/auth/index.ts"],"names":[],"mappings":"AAAA,cAAc,gBAAgB,CAAC;AAC/B,YAAY,EAAE,oBAAoB,EAAE,MAAM,QAAQ,CAAC;AACnD,OAAO,EAAE,mBAAmB,EAAE,MAAM,QAAQ,CAAC;AAC7C,OAAO,EAAE,kBAAkB,EAAE,MAAM,aAAa,CAAC;AACjD,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC"}
@@ -14,11 +14,13 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
14
14
  for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
15
15
  };
16
16
  Object.defineProperty(exports, "__esModule", { value: true });
17
- exports.AuthProviderType = exports.supportsInteractiveAuth = exports.supportsRevoke = void 0;
17
+ exports.BearerAuthMode = exports.AuthProviderType = exports.CreatioOAuthClient = exports.resolveIdentityBase = void 0;
18
18
  __exportStar(require("./auth-manager"), exports);
19
19
  var auth_1 = require("./auth");
20
- Object.defineProperty(exports, "supportsRevoke", { enumerable: true, get: function () { return auth_1.supportsRevoke; } });
21
- Object.defineProperty(exports, "supportsInteractiveAuth", { enumerable: true, get: function () { return auth_1.supportsInteractiveAuth; } });
20
+ Object.defineProperty(exports, "resolveIdentityBase", { enumerable: true, get: function () { return auth_1.resolveIdentityBase; } });
21
+ var providers_1 = require("./providers");
22
+ Object.defineProperty(exports, "CreatioOAuthClient", { enumerable: true, get: function () { return providers_1.CreatioOAuthClient; } });
22
23
  var type_1 = require("./providers/type");
23
24
  Object.defineProperty(exports, "AuthProviderType", { enumerable: true, get: function () { return type_1.AuthProviderType; } });
25
+ Object.defineProperty(exports, "BearerAuthMode", { enumerable: true, get: function () { return type_1.BearerAuthMode; } });
24
26
  //# sourceMappingURL=index.js.map
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/creatio/auth/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAAA,iDAA+B;AAM/B,+BAAiE;AAAxD,sGAAA,cAAc,OAAA;AAAE,+GAAA,uBAAuB,OAAA;AAChD,yCAAoD;AAA3C,wGAAA,gBAAgB,OAAA"}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/creatio/auth/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;AAAA,iDAA+B;AAE/B,+BAA6C;AAApC,2GAAA,mBAAmB,OAAA;AAC5B,yCAAiD;AAAxC,+GAAA,kBAAkB,OAAA;AAC3B,yCAAoE;AAA3D,wGAAA,gBAAgB,OAAA;AAAE,sGAAA,cAAc,OAAA"}
@@ -1,17 +1,23 @@
1
- import { OAuth2AuthConfig, OAuth2CodeAuthConfig } from '../../client-config';
1
+ import { OAuth2AuthConfig } from '../../client-config';
2
2
  import { BaseProvider } from './base-provider';
3
- type OAuthConfig = OAuth2AuthConfig | OAuth2CodeAuthConfig;
4
- export declare abstract class BaseOAuth2Provider<T extends OAuthConfig = OAuthConfig> extends BaseProvider<T> {
3
+ /** The raw result of a token fetch — caching and expiry math live in the base. */
4
+ export interface FetchedToken {
5
+ accessToken: string;
6
+ expiresInSeconds: number;
7
+ }
8
+ export declare abstract class BaseOAuth2Provider<T extends OAuth2AuthConfig = OAuth2AuthConfig> extends BaseProvider<T> {
5
9
  protected abstract readonly authErrorCode: string;
10
+ private _inflight;
6
11
  protected accessToken: string | undefined;
7
12
  protected accessTokenExpiryMs: number | undefined;
8
- protected abstract ensureAccessToken(force?: boolean): Promise<string | undefined>;
9
- protected computeExpiryMs(expiresInSeconds: number, minSeconds?: number): number;
13
+ /** Raw token acquisition (the network call only); returns undefined on failure. */
14
+ protected abstract fetchToken(): Promise<FetchedToken | undefined>;
15
+ private _isFresh;
16
+ private _acquireToken;
10
17
  protected getIdentityBase(): string;
11
- protected storageKey(userKey: string): string;
12
18
  protected throwNoTokenError(): void;
19
+ protected ensureAccessToken(force?: boolean): Promise<string | undefined>;
13
20
  getHeaders(accept: string, isJson?: boolean): Promise<Record<string, string>>;
14
21
  refresh(): Promise<void>;
15
22
  }
16
- export {};
17
23
  //# sourceMappingURL=base-oauth2-provider.d.ts.map