mcp-creatio 0.6.2 → 0.6.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (353) hide show
  1. package/README.md +280 -156
  2. package/dist/cli.d.ts.map +1 -1
  3. package/dist/cli.js +27 -10
  4. package/dist/cli.js.map +1 -1
  5. package/dist/config-builder.d.ts +8 -0
  6. package/dist/config-builder.d.ts.map +1 -1
  7. package/dist/config-builder.js +147 -43
  8. package/dist/config-builder.js.map +1 -1
  9. package/dist/consts.d.ts.map +1 -1
  10. package/dist/consts.js +2 -1
  11. package/dist/consts.js.map +1 -1
  12. package/dist/creatio/auth/auth-manager.d.ts.map +1 -1
  13. package/dist/creatio/auth/auth-manager.js +5 -2
  14. package/dist/creatio/auth/auth-manager.js.map +1 -1
  15. package/dist/creatio/auth/auth.d.ts +4 -31
  16. package/dist/creatio/auth/auth.d.ts.map +1 -1
  17. package/dist/creatio/auth/auth.js +20 -26
  18. package/dist/creatio/auth/auth.js.map +1 -1
  19. package/dist/creatio/auth/constants.d.ts +14 -0
  20. package/dist/creatio/auth/constants.d.ts.map +1 -0
  21. package/dist/creatio/auth/constants.js +20 -0
  22. package/dist/creatio/auth/constants.js.map +1 -0
  23. package/dist/creatio/auth/contracts.d.ts +15 -0
  24. package/dist/creatio/auth/contracts.d.ts.map +1 -0
  25. package/dist/creatio/auth/contracts.js +3 -0
  26. package/dist/creatio/auth/contracts.js.map +1 -0
  27. package/dist/creatio/auth/headers.d.ts +3 -0
  28. package/dist/creatio/auth/headers.d.ts.map +1 -0
  29. package/dist/creatio/auth/headers.js +15 -0
  30. package/dist/creatio/auth/headers.js.map +1 -0
  31. package/dist/creatio/auth/identity.d.ts +8 -0
  32. package/dist/creatio/auth/identity.d.ts.map +1 -0
  33. package/dist/creatio/auth/identity.js +18 -0
  34. package/dist/creatio/auth/identity.js.map +1 -0
  35. package/dist/creatio/auth/index.d.ts +4 -3
  36. package/dist/creatio/auth/index.d.ts.map +1 -1
  37. package/dist/creatio/auth/index.js +5 -3
  38. package/dist/creatio/auth/index.js.map +1 -1
  39. package/dist/creatio/auth/providers/base-oauth2-provider.d.ts +13 -7
  40. package/dist/creatio/auth/providers/base-oauth2-provider.d.ts.map +1 -1
  41. package/dist/creatio/auth/providers/base-oauth2-provider.js +29 -19
  42. package/dist/creatio/auth/providers/base-oauth2-provider.js.map +1 -1
  43. package/dist/creatio/auth/providers/base-provider.js +1 -1
  44. package/dist/creatio/auth/providers/base-provider.js.map +1 -1
  45. package/dist/creatio/auth/providers/broker-provider.d.ts +20 -0
  46. package/dist/creatio/auth/providers/broker-provider.d.ts.map +1 -0
  47. package/dist/creatio/auth/providers/broker-provider.js +72 -0
  48. package/dist/creatio/auth/providers/broker-provider.js.map +1 -0
  49. package/dist/creatio/auth/providers/creatio-oauth-client.d.ts +27 -0
  50. package/dist/creatio/auth/providers/creatio-oauth-client.d.ts.map +1 -0
  51. package/dist/creatio/auth/providers/creatio-oauth-client.js +122 -0
  52. package/dist/creatio/auth/providers/creatio-oauth-client.js.map +1 -0
  53. package/dist/creatio/auth/providers/index.d.ts +3 -1
  54. package/dist/creatio/auth/providers/index.d.ts.map +1 -1
  55. package/dist/creatio/auth/providers/index.js +3 -1
  56. package/dist/creatio/auth/providers/index.js.map +1 -1
  57. package/dist/creatio/auth/providers/oauth2-bearer-provider.d.ts +17 -0
  58. package/dist/creatio/auth/providers/oauth2-bearer-provider.d.ts.map +1 -0
  59. package/dist/creatio/auth/providers/oauth2-bearer-provider.js +33 -0
  60. package/dist/creatio/auth/providers/oauth2-bearer-provider.js.map +1 -0
  61. package/dist/creatio/auth/providers/oauth2-provider.d.ts +2 -2
  62. package/dist/creatio/auth/providers/oauth2-provider.d.ts.map +1 -1
  63. package/dist/creatio/auth/providers/oauth2-provider.js +4 -9
  64. package/dist/creatio/auth/providers/oauth2-provider.js.map +1 -1
  65. package/dist/creatio/auth/providers/type.d.ts +20 -1
  66. package/dist/creatio/auth/providers/type.d.ts.map +1 -1
  67. package/dist/creatio/auth/providers/type.js +22 -2
  68. package/dist/creatio/auth/providers/type.js.map +1 -1
  69. package/dist/creatio/client-config.d.ts +26 -5
  70. package/dist/creatio/client-config.d.ts.map +1 -1
  71. package/dist/creatio/engines/admin-operation-engine.d.ts +1 -1
  72. package/dist/creatio/engines/admin-operation-engine.d.ts.map +1 -1
  73. package/dist/creatio/engines/admin-operation-engine.js +3 -3
  74. package/dist/creatio/engines/admin-operation-engine.js.map +1 -1
  75. package/dist/creatio/engines/configuration-engine.d.ts +1 -1
  76. package/dist/creatio/engines/configuration-engine.d.ts.map +1 -1
  77. package/dist/creatio/engines/configuration-engine.js +3 -3
  78. package/dist/creatio/engines/configuration-engine.js.map +1 -1
  79. package/dist/creatio/engines/crud-engine.d.ts +1 -1
  80. package/dist/creatio/engines/crud-engine.d.ts.map +1 -1
  81. package/dist/creatio/engines/crud-engine.js +4 -4
  82. package/dist/creatio/engines/crud-engine.js.map +1 -1
  83. package/dist/creatio/engines/engine-manager.d.ts +4 -2
  84. package/dist/creatio/engines/engine-manager.d.ts.map +1 -1
  85. package/dist/creatio/engines/engine-manager.js +9 -10
  86. package/dist/creatio/engines/engine-manager.js.map +1 -1
  87. package/dist/creatio/engines/engine.d.ts.map +1 -1
  88. package/dist/creatio/engines/engine.js +12 -1
  89. package/dist/creatio/engines/engine.js.map +1 -1
  90. package/dist/creatio/engines/feature-engine.d.ts +1 -1
  91. package/dist/creatio/engines/feature-engine.d.ts.map +1 -1
  92. package/dist/creatio/engines/feature-engine.js +3 -3
  93. package/dist/creatio/engines/feature-engine.js.map +1 -1
  94. package/dist/creatio/engines/process-engine.d.ts +1 -1
  95. package/dist/creatio/engines/process-engine.d.ts.map +1 -1
  96. package/dist/creatio/engines/process-engine.js +3 -3
  97. package/dist/creatio/engines/process-engine.js.map +1 -1
  98. package/dist/creatio/engines/sys-settings-engine.d.ts +1 -1
  99. package/dist/creatio/engines/sys-settings-engine.d.ts.map +1 -1
  100. package/dist/creatio/engines/sys-settings-engine.js +3 -3
  101. package/dist/creatio/engines/sys-settings-engine.js.map +1 -1
  102. package/dist/creatio/engines/user-engine.d.ts +1 -1
  103. package/dist/creatio/engines/user-engine.d.ts.map +1 -1
  104. package/dist/creatio/engines/user-engine.js +3 -3
  105. package/dist/creatio/engines/user-engine.js.map +1 -1
  106. package/dist/creatio/provider-context.d.ts +3 -0
  107. package/dist/creatio/provider-context.d.ts.map +1 -1
  108. package/dist/creatio/services/client-cache-hash-client.d.ts +22 -0
  109. package/dist/creatio/services/client-cache-hash-client.d.ts.map +1 -0
  110. package/dist/creatio/services/client-cache-hash-client.js +56 -0
  111. package/dist/creatio/services/client-cache-hash-client.js.map +1 -0
  112. package/dist/creatio/services/creatio-service-context.d.ts +6 -1
  113. package/dist/creatio/services/creatio-service-context.d.ts.map +1 -1
  114. package/dist/creatio/services/creatio-service-context.js +15 -1
  115. package/dist/creatio/services/creatio-service-context.js.map +1 -1
  116. package/dist/creatio/services/crud-provider-factory.d.ts +4 -0
  117. package/dist/creatio/services/crud-provider-factory.d.ts.map +1 -1
  118. package/dist/creatio/services/crud-provider-factory.js +1 -1
  119. package/dist/creatio/services/crud-provider-factory.js.map +1 -1
  120. package/dist/creatio/services/dataservice/data-service-column-values.d.ts.map +1 -1
  121. package/dist/creatio/services/dataservice/data-service-crud-provider.d.ts +5 -3
  122. package/dist/creatio/services/dataservice/data-service-crud-provider.d.ts.map +1 -1
  123. package/dist/creatio/services/dataservice/data-service-crud-provider.js +8 -6
  124. package/dist/creatio/services/dataservice/data-service-crud-provider.js.map +1 -1
  125. package/dist/creatio/services/dataservice/data-service-filter-translator.d.ts.map +1 -1
  126. package/dist/creatio/services/dataservice/data-service-filter-translator.js +7 -2
  127. package/dist/creatio/services/dataservice/data-service-filter-translator.js.map +1 -1
  128. package/dist/creatio/services/dataservice/data-service-query-builder.d.ts.map +1 -1
  129. package/dist/creatio/services/dataservice/data-service-query-builder.js.map +1 -1
  130. package/dist/creatio/services/dataservice/data-service-schema.d.ts +6 -4
  131. package/dist/creatio/services/dataservice/data-service-schema.d.ts.map +1 -1
  132. package/dist/creatio/services/dataservice/data-service-schema.js +29 -18
  133. package/dist/creatio/services/dataservice/data-service-schema.js.map +1 -1
  134. package/dist/creatio/services/dataservice/data-service-transport.d.ts +4 -1
  135. package/dist/creatio/services/dataservice/data-service-transport.d.ts.map +1 -1
  136. package/dist/creatio/services/dataservice/data-service-transport.js +8 -3
  137. package/dist/creatio/services/dataservice/data-service-transport.js.map +1 -1
  138. package/dist/creatio/services/dataservice/data-service-types.d.ts +0 -19
  139. package/dist/creatio/services/dataservice/data-service-types.d.ts.map +1 -1
  140. package/dist/creatio/services/dataservice/data-service-value-type.d.ts +2 -1
  141. package/dist/creatio/services/dataservice/data-service-value-type.d.ts.map +1 -1
  142. package/dist/creatio/services/dataservice/data-service-value-type.js +20 -16
  143. package/dist/creatio/services/dataservice/data-service-value-type.js.map +1 -1
  144. package/dist/creatio/services/http-client.d.ts +13 -0
  145. package/dist/creatio/services/http-client.d.ts.map +1 -1
  146. package/dist/creatio/services/http-client.js +26 -2
  147. package/dist/creatio/services/http-client.js.map +1 -1
  148. package/dist/creatio/services/identifiers.d.ts +10 -0
  149. package/dist/creatio/services/identifiers.d.ts.map +1 -0
  150. package/dist/creatio/services/identifiers.js +20 -0
  151. package/dist/creatio/services/identifiers.js.map +1 -0
  152. package/dist/creatio/services/index.d.ts +2 -0
  153. package/dist/creatio/services/index.d.ts.map +1 -1
  154. package/dist/creatio/services/index.js +2 -0
  155. package/dist/creatio/services/index.js.map +1 -1
  156. package/dist/creatio/services/odata/metadata-store.d.ts +16 -3
  157. package/dist/creatio/services/odata/metadata-store.d.ts.map +1 -1
  158. package/dist/creatio/services/odata/metadata-store.js +65 -38
  159. package/dist/creatio/services/odata/metadata-store.js.map +1 -1
  160. package/dist/creatio/services/odata/odata-crud-provider.d.ts.map +1 -1
  161. package/dist/creatio/services/odata/odata-crud-provider.js +10 -25
  162. package/dist/creatio/services/odata/odata-crud-provider.js.map +1 -1
  163. package/dist/creatio/services/odata/odata-query-translator.d.ts +4 -5
  164. package/dist/creatio/services/odata/odata-query-translator.d.ts.map +1 -1
  165. package/dist/creatio/services/odata/odata-query-translator.js +32 -20
  166. package/dist/creatio/services/odata/odata-query-translator.js.map +1 -1
  167. package/dist/creatio/services/schema-freshness-gate.d.ts +26 -0
  168. package/dist/creatio/services/schema-freshness-gate.d.ts.map +1 -0
  169. package/dist/creatio/services/schema-freshness-gate.js +58 -0
  170. package/dist/creatio/services/schema-freshness-gate.js.map +1 -0
  171. package/dist/creatio/services/user-info-provider.d.ts.map +1 -1
  172. package/dist/creatio/services/user-info-provider.js +2 -2
  173. package/dist/creatio/services/user-info-provider.js.map +1 -1
  174. package/dist/index.js +35 -4
  175. package/dist/index.js.map +1 -1
  176. package/dist/log.d.ts +1 -1
  177. package/dist/log.d.ts.map +1 -1
  178. package/dist/log.js +6 -2
  179. package/dist/log.js.map +1 -1
  180. package/dist/server/bearer/base-url-guard.d.ts +20 -0
  181. package/dist/server/bearer/base-url-guard.d.ts.map +1 -0
  182. package/dist/server/bearer/base-url-guard.js +55 -0
  183. package/dist/server/bearer/base-url-guard.js.map +1 -0
  184. package/dist/server/bearer/bearer-edge.d.ts +42 -0
  185. package/dist/server/bearer/bearer-edge.d.ts.map +1 -0
  186. package/dist/server/bearer/bearer-edge.js +122 -0
  187. package/dist/server/bearer/bearer-edge.js.map +1 -0
  188. package/dist/server/bearer/bearer-token.d.ts +27 -0
  189. package/dist/server/bearer/bearer-token.d.ts.map +1 -0
  190. package/dist/server/bearer/bearer-token.js +50 -0
  191. package/dist/server/bearer/bearer-token.js.map +1 -0
  192. package/dist/server/bearer/index.d.ts +3 -0
  193. package/dist/server/bearer/index.d.ts.map +1 -0
  194. package/dist/server/bearer/index.js +19 -0
  195. package/dist/server/bearer/index.js.map +1 -0
  196. package/dist/server/http/auth-edge.d.ts +26 -0
  197. package/dist/server/http/auth-edge.d.ts.map +1 -0
  198. package/dist/server/http/auth-edge.js +75 -0
  199. package/dist/server/http/auth-edge.js.map +1 -0
  200. package/dist/server/http/broker-handlers.d.ts +45 -0
  201. package/dist/server/http/broker-handlers.d.ts.map +1 -0
  202. package/dist/server/http/broker-handlers.js +224 -0
  203. package/dist/server/http/broker-handlers.js.map +1 -0
  204. package/dist/server/http/{httpServer.d.ts → http-server.d.ts} +5 -13
  205. package/dist/server/http/http-server.d.ts.map +1 -0
  206. package/dist/server/http/{httpServer.js → http-server.js} +19 -53
  207. package/dist/server/http/http-server.js.map +1 -0
  208. package/dist/server/http/index.d.ts +1 -3
  209. package/dist/server/http/index.d.ts.map +1 -1
  210. package/dist/server/http/index.js +1 -3
  211. package/dist/server/http/index.js.map +1 -1
  212. package/dist/server/http/mcp-handlers.d.ts.map +1 -1
  213. package/dist/server/http/mcp-handlers.js +16 -3
  214. package/dist/server/http/mcp-handlers.js.map +1 -1
  215. package/dist/server/http/middleware.d.ts +3 -4
  216. package/dist/server/http/middleware.d.ts.map +1 -1
  217. package/dist/server/http/middleware.js +33 -23
  218. package/dist/server/http/middleware.js.map +1 -1
  219. package/dist/server/http/public-origin.d.ts +10 -0
  220. package/dist/server/http/public-origin.d.ts.map +1 -0
  221. package/dist/server/http/public-origin.js +19 -0
  222. package/dist/server/http/public-origin.js.map +1 -0
  223. package/dist/server/http/rate-limiter.d.ts +1 -1
  224. package/dist/server/http/rate-limiter.d.ts.map +1 -1
  225. package/dist/server/http/rate-limiter.js +11 -11
  226. package/dist/server/http/rate-limiter.js.map +1 -1
  227. package/dist/server/http-agent.d.ts +9 -0
  228. package/dist/server/http-agent.d.ts.map +1 -0
  229. package/dist/server/http-agent.js +35 -0
  230. package/dist/server/http-agent.js.map +1 -0
  231. package/dist/server/index.d.ts +2 -0
  232. package/dist/server/index.d.ts.map +1 -1
  233. package/dist/server/index.js +2 -0
  234. package/dist/server/index.js.map +1 -1
  235. package/dist/server/keepalive.d.ts +26 -0
  236. package/dist/server/keepalive.d.ts.map +1 -0
  237. package/dist/server/keepalive.js +64 -0
  238. package/dist/server/keepalive.js.map +1 -0
  239. package/dist/server/mcp/creatio-rest.d.ts +6 -0
  240. package/dist/server/mcp/creatio-rest.d.ts.map +1 -1
  241. package/dist/server/mcp/creatio-rest.js +21 -3
  242. package/dist/server/mcp/creatio-rest.js.map +1 -1
  243. package/dist/server/mcp/crtmcp/crt-mcp-client.d.ts +1 -1
  244. package/dist/server/mcp/crtmcp/crt-mcp-client.d.ts.map +1 -1
  245. package/dist/server/mcp/crtmcp/crt-mcp-client.js +16 -13
  246. package/dist/server/mcp/crtmcp/crt-mcp-client.js.map +1 -1
  247. package/dist/server/mcp/crtmcp/crt-mcp-tool-preparer.d.ts +2 -2
  248. package/dist/server/mcp/crtmcp/crt-mcp-tool-preparer.d.ts.map +1 -1
  249. package/dist/server/mcp/crtmcp/crt-mcp-tool-preparer.js +17 -17
  250. package/dist/server/mcp/crtmcp/crt-mcp-tool-preparer.js.map +1 -1
  251. package/dist/server/mcp/dataforge/dataforge-client.d.ts +12 -12
  252. package/dist/server/mcp/dataforge/dataforge-client.d.ts.map +1 -1
  253. package/dist/server/mcp/dataforge/dataforge-client.js +40 -47
  254. package/dist/server/mcp/dataforge/dataforge-client.js.map +1 -1
  255. package/dist/server/mcp/dataforge/dataforge-tool-preparer.d.ts +2 -2
  256. package/dist/server/mcp/dataforge/dataforge-tool-preparer.d.ts.map +1 -1
  257. package/dist/server/mcp/dataforge/dataforge-tool-preparer.js +9 -9
  258. package/dist/server/mcp/dataforge/dataforge-tool-preparer.js.map +1 -1
  259. package/dist/server/mcp/filters.d.ts.map +1 -1
  260. package/dist/server/mcp/filters.js +4 -1
  261. package/dist/server/mcp/filters.js.map +1 -1
  262. package/dist/server/mcp/globalsearch/globalsearch-client.d.ts +4 -4
  263. package/dist/server/mcp/globalsearch/globalsearch-client.d.ts.map +1 -1
  264. package/dist/server/mcp/globalsearch/globalsearch-client.js +39 -50
  265. package/dist/server/mcp/globalsearch/globalsearch-client.js.map +1 -1
  266. package/dist/server/mcp/globalsearch/globalsearch-tool-preparer.d.ts +1 -1
  267. package/dist/server/mcp/globalsearch/globalsearch-tool-preparer.d.ts.map +1 -1
  268. package/dist/server/mcp/globalsearch/globalsearch-tool-preparer.js +1 -1
  269. package/dist/server/mcp/globalsearch/globalsearch-tool-preparer.js.map +1 -1
  270. package/dist/server/mcp/server.d.ts +35 -8
  271. package/dist/server/mcp/server.d.ts.map +1 -1
  272. package/dist/server/mcp/server.js +113 -45
  273. package/dist/server/mcp/server.js.map +1 -1
  274. package/dist/server/mcp/tools-data.d.ts +2 -2
  275. package/dist/server/mcp/tools-data.d.ts.map +1 -1
  276. package/dist/server/mcp/tools-data.js +1 -1
  277. package/dist/server/mcp/tools-data.js.map +1 -1
  278. package/dist/server/oauth/oauth-server.d.ts +41 -10
  279. package/dist/server/oauth/oauth-server.d.ts.map +1 -1
  280. package/dist/server/oauth/oauth-server.js +82 -48
  281. package/dist/server/oauth/oauth-server.js.map +1 -1
  282. package/dist/server/oauth/storage.d.ts +42 -5
  283. package/dist/server/oauth/storage.d.ts.map +1 -1
  284. package/dist/server/oauth/storage.js +81 -18
  285. package/dist/server/oauth/storage.js.map +1 -1
  286. package/dist/server/oauth/token-manager.d.ts +21 -4
  287. package/dist/server/oauth/token-manager.d.ts.map +1 -1
  288. package/dist/server/oauth/token-manager.js +18 -19
  289. package/dist/server/oauth/token-manager.js.map +1 -1
  290. package/dist/server/oauth/types.d.ts +0 -12
  291. package/dist/server/oauth/types.d.ts.map +1 -1
  292. package/dist/server/oauth/validators.d.ts.map +1 -1
  293. package/dist/server/oauth/validators.js +14 -5
  294. package/dist/server/oauth/validators.js.map +1 -1
  295. package/dist/sessions/index.d.ts +1 -1
  296. package/dist/sessions/index.d.ts.map +1 -1
  297. package/dist/sessions/index.js +1 -1
  298. package/dist/sessions/index.js.map +1 -1
  299. package/dist/sessions/redis-token-store.d.ts +22 -0
  300. package/dist/sessions/redis-token-store.d.ts.map +1 -0
  301. package/dist/sessions/redis-token-store.js +70 -0
  302. package/dist/sessions/redis-token-store.js.map +1 -0
  303. package/dist/sessions/session-context.d.ts +21 -40
  304. package/dist/sessions/session-context.d.ts.map +1 -1
  305. package/dist/sessions/session-context.js +25 -105
  306. package/dist/sessions/session-context.js.map +1 -1
  307. package/dist/sessions/token-crypto.d.ts +8 -0
  308. package/dist/sessions/token-crypto.d.ts.map +1 -0
  309. package/dist/sessions/token-crypto.js +43 -0
  310. package/dist/sessions/token-crypto.js.map +1 -0
  311. package/dist/sessions/token-store.d.ts +42 -0
  312. package/dist/sessions/token-store.d.ts.map +1 -0
  313. package/dist/sessions/token-store.js +66 -0
  314. package/dist/sessions/token-store.js.map +1 -0
  315. package/dist/utils/context.d.ts +12 -0
  316. package/dist/utils/context.d.ts.map +1 -1
  317. package/dist/utils/context.js +16 -0
  318. package/dist/utils/context.js.map +1 -1
  319. package/dist/utils/env-aliases.d.ts +9 -0
  320. package/dist/utils/env-aliases.d.ts.map +1 -0
  321. package/dist/utils/env-aliases.js +61 -0
  322. package/dist/utils/env-aliases.js.map +1 -0
  323. package/dist/utils/env.d.ts +5 -0
  324. package/dist/utils/env.d.ts.map +1 -1
  325. package/dist/utils/env.js +10 -1
  326. package/dist/utils/env.js.map +1 -1
  327. package/dist/utils/index.d.ts +1 -0
  328. package/dist/utils/index.d.ts.map +1 -1
  329. package/dist/utils/index.js +1 -0
  330. package/dist/utils/index.js.map +1 -1
  331. package/dist/utils/redact.d.ts +25 -0
  332. package/dist/utils/redact.d.ts.map +1 -0
  333. package/dist/utils/redact.js +64 -0
  334. package/dist/utils/redact.js.map +1 -0
  335. package/package.json +78 -76
  336. package/dist/creatio/auth/providers/oauth2-code-provider.d.ts +0 -21
  337. package/dist/creatio/auth/providers/oauth2-code-provider.d.ts.map +0 -1
  338. package/dist/creatio/auth/providers/oauth2-code-provider.js +0 -251
  339. package/dist/creatio/auth/providers/oauth2-code-provider.js.map +0 -1
  340. package/dist/server/http/creatio-oauth-handlers.d.ts +0 -13
  341. package/dist/server/http/creatio-oauth-handlers.d.ts.map +0 -1
  342. package/dist/server/http/creatio-oauth-handlers.js +0 -160
  343. package/dist/server/http/creatio-oauth-handlers.js.map +0 -1
  344. package/dist/server/http/httpServer.d.ts.map +0 -1
  345. package/dist/server/http/httpServer.js.map +0 -1
  346. package/dist/server/http/mcp-oauth-handlers.d.ts +0 -11
  347. package/dist/server/http/mcp-oauth-handlers.d.ts.map +0 -1
  348. package/dist/server/http/mcp-oauth-handlers.js +0 -118
  349. package/dist/server/http/mcp-oauth-handlers.js.map +0 -1
  350. package/dist/sessions/token-refresh-scheduler.d.ts +0 -16
  351. package/dist/sessions/token-refresh-scheduler.d.ts.map +0 -1
  352. package/dist/sessions/token-refresh-scheduler.js +0 -66
  353. package/dist/sessions/token-refresh-scheduler.js.map +0 -1
@@ -1 +1 @@
1
- {"version":3,"file":"validators.js","sourceRoot":"","sources":["../../../src/server/oauth/validators.ts"],"names":[],"mappings":";;;AAMA,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC,CAAC,aAAa,EAAE,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,OAAO,CAAC,CAAC,CAAC;AAC3F,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,CAAC,WAAW,EAAE,WAAW,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC,CAAC;AAE3E,MAAa,eAAe;IAC3B;;;;OAIG;IACI,MAAM,CAAC,oBAAoB,CAAC,GAAW;QAC7C,IAAI,MAAW,CAAC;QAChB,IAAI,CAAC;YACJ,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QACvB,CAAC;QAAC,MAAM,CAAC;YACR,OAAO,KAAK,CAAC;QACd,CAAC;QACD,MAAM,KAAK,GAAG,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;QAC5C,IAAI,iBAAiB,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;YAClC,OAAO,KAAK,CAAC;QACd,CAAC;QACD,IAAI,KAAK,KAAK,OAAO,IAAI,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC7C,OAAO,cAAc,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,CAAC;QAC1D,CAAC;QACD,yFAAyF;QACzF,OAAO,IAAI,CAAC;IACb,CAAC;IAEM,MAAM,CAAC,4BAA4B,CACzC,MAAiC,EACjC,MAA+B;QAE/B,IAAI,CAAC,MAAM,EAAE,CAAC;YACb,OAAO,EAAE,KAAK,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,CAAC;QAC3E,CAAC;QACD,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,QAAQ,CAAC,MAAM,CAAC,YAAY,CAAC,EAAE,CAAC;YACzD,OAAO,EAAE,KAAK,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,sBAAsB,EAAE,CAAC;QAChF,CAAC;QACD,IAAI,MAAM,CAAC,aAAa,KAAK,MAAM,EAAE,CAAC;YACrC,OAAO,EAAE,KAAK,EAAE,2BAA2B,EAAE,CAAC;QAC/C,CAAC;QACD,IAAI,CAAC,MAAM,CAAC,cAAc,IAAI,MAAM,CAAC,qBAAqB,KAAK,MAAM,EAAE,CAAC;YACvE,OAAO,EAAE,KAAK,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,eAAe,EAAE,CAAC;QACzE,CAAC;QACD,OAAO,IAAI,CAAC;IACb,CAAC;IAEM,MAAM,CAAC,oBAAoB,CAAC,MAAyB;QAC3D,IAAI,MAAM,CAAC,UAAU,KAAK,oBAAoB,EAAE,CAAC;YAChD,OAAO,EAAE,KAAK,EAAE,wBAAwB,EAAE,CAAC;QAC5C,CAAC;QACD,IAAI,CAAC,MAAM,CAAC,IAAI,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC;YAC3C,OAAO,EAAE,KAAK,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,+BAA+B,EAAE,CAAC;QACzF,CAAC;QACD,OAAO,IAAI,CAAC;IACb,CAAC;IAEM,MAAM,CAAC,0BAA0B,CAAC,aAAsB;QAC9D,IAAI,CAAC,aAAa,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE,CAAC;YACrD,OAAO,gDAAgD,CAAC;QACzD,CAAC;QACD,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAChC,OAAO,6CAA6C,CAAC;QACtD,CAAC;QACD,KAAK,MAAM,GAAG,IAAI,aAAa,EAAE,CAAC;YACjC,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;gBAC7B,OAAO,mCAAmC,CAAC;YAC5C,CAAC;YACD,IAAI,CAAC;gBACJ,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;YACd,CAAC;YAAC,MAAM,CAAC;gBACR,OAAO,yBAAyB,GAAG,EAAE,CAAC;YACvC,CAAC;YACD,IAAI,CAAC,eAAe,CAAC,oBAAoB,CAAC,GAAG,CAAC,EAAE,CAAC;gBAChD,OAAO,gEAAgE,GAAG,EAAE,CAAC;YAC9E,CAAC;QACF,CAAC;QACD,OAAO,IAAI,CAAC;IACb,CAAC;CACD;AA3ED,0CA2EC"}
1
+ {"version":3,"file":"validators.js","sourceRoot":"","sources":["../../../src/server/oauth/validators.ts"],"names":[],"mappings":";;;AAMA,MAAM,iBAAiB,GAAG,IAAI,GAAG,CAAC,CAAC,aAAa,EAAE,OAAO,EAAE,OAAO,EAAE,WAAW,EAAE,OAAO,CAAC,CAAC,CAAC;AAC3F,MAAM,cAAc,GAAG,IAAI,GAAG,CAAC,CAAC,WAAW,EAAE,WAAW,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC,CAAC;AAE3E,MAAa,eAAe;IAC3B;;;;OAIG;IACI,MAAM,CAAC,oBAAoB,CAAC,GAAW;QAC7C,IAAI,MAAW,CAAC;QAChB,IAAI,CAAC;YACJ,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QACvB,CAAC;QAAC,MAAM,CAAC;YACR,OAAO,KAAK,CAAC;QACd,CAAC;QACD,MAAM,KAAK,GAAG,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC;QAC5C,IAAI,iBAAiB,CAAC,GAAG,CAAC,KAAK,CAAC,EAAE,CAAC;YAClC,OAAO,KAAK,CAAC;QACd,CAAC;QACD,IAAI,KAAK,KAAK,OAAO,IAAI,KAAK,KAAK,QAAQ,EAAE,CAAC;YAC7C,OAAO,cAAc,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,WAAW,EAAE,CAAC,CAAC;QAC1D,CAAC;QACD,yFAAyF;QACzF,OAAO,IAAI,CAAC;IACb,CAAC;IAEM,MAAM,CAAC,4BAA4B,CACzC,MAAiC,EACjC,MAA+B;QAE/B,IAAI,CAAC,MAAM,EAAE,CAAC;YACb,OAAO,EAAE,KAAK,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,CAAC;QAC3E,CAAC;QACD,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,QAAQ,CAAC,MAAM,CAAC,YAAY,CAAC,EAAE,CAAC;YACzD,OAAO,EAAE,KAAK,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,sBAAsB,EAAE,CAAC;QAChF,CAAC;QACD,IAAI,MAAM,CAAC,aAAa,KAAK,MAAM,EAAE,CAAC;YACrC,OAAO,EAAE,KAAK,EAAE,2BAA2B,EAAE,CAAC;QAC/C,CAAC;QACD,IAAI,CAAC,MAAM,CAAC,cAAc,IAAI,MAAM,CAAC,qBAAqB,KAAK,MAAM,EAAE,CAAC;YACvE,OAAO,EAAE,KAAK,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,eAAe,EAAE,CAAC;QACzE,CAAC;QACD,OAAO,IAAI,CAAC;IACb,CAAC;IAEM,MAAM,CAAC,oBAAoB,CAAC,MAAyB;QAC3D,IAAI,MAAM,CAAC,UAAU,KAAK,oBAAoB,EAAE,CAAC;YAChD,IAAI,CAAC,MAAM,CAAC,IAAI,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC;gBAC3C,OAAO;oBACN,KAAK,EAAE,iBAAiB;oBACxB,iBAAiB,EAAE,+BAA+B;iBAClD,CAAC;YACH,CAAC;YACD,OAAO,IAAI,CAAC;QACb,CAAC;QACD,IAAI,MAAM,CAAC,UAAU,KAAK,eAAe,EAAE,CAAC;YAC3C,IAAI,CAAC,MAAM,CAAC,aAAa,EAAE,CAAC;gBAC3B,OAAO,EAAE,KAAK,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,uBAAuB,EAAE,CAAC;YACjF,CAAC;YACD,OAAO,IAAI,CAAC;QACb,CAAC;QACD,OAAO,EAAE,KAAK,EAAE,wBAAwB,EAAE,CAAC;IAC5C,CAAC;IAEM,MAAM,CAAC,0BAA0B,CAAC,aAAsB;QAC9D,IAAI,CAAC,aAAa,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,aAAa,CAAC,EAAE,CAAC;YACrD,OAAO,gDAAgD,CAAC;QACzD,CAAC;QACD,IAAI,aAAa,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAChC,OAAO,6CAA6C,CAAC;QACtD,CAAC;QACD,KAAK,MAAM,GAAG,IAAI,aAAa,EAAE,CAAC;YACjC,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;gBAC7B,OAAO,mCAAmC,CAAC;YAC5C,CAAC;YACD,IAAI,CAAC;gBACJ,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;YACd,CAAC;YAAC,MAAM,CAAC;gBACR,OAAO,yBAAyB,GAAG,EAAE,CAAC;YACvC,CAAC;YACD,IAAI,CAAC,eAAe,CAAC,oBAAoB,CAAC,GAAG,CAAC,EAAE,CAAC;gBAChD,OAAO,gEAAgE,GAAG,EAAE,CAAC;YAC9E,CAAC;QACF,CAAC;QACD,OAAO,IAAI,CAAC;IACb,CAAC;CACD;AApFD,0CAoFC"}
@@ -1,3 +1,3 @@
1
1
  export * from './session-context';
2
- export * from './token-refresh-scheduler';
2
+ export * from './token-store';
3
3
  //# sourceMappingURL=index.d.ts.map
@@ -1 +1 @@
1
- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/sessions/index.ts"],"names":[],"mappings":"AAAA,cAAc,mBAAmB,CAAC;AAClC,cAAc,2BAA2B,CAAC"}
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/sessions/index.ts"],"names":[],"mappings":"AAAA,cAAc,mBAAmB,CAAC;AAClC,cAAc,eAAe,CAAC"}
@@ -15,5 +15,5 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
15
15
  };
16
16
  Object.defineProperty(exports, "__esModule", { value: true });
17
17
  __exportStar(require("./session-context"), exports);
18
- __exportStar(require("./token-refresh-scheduler"), exports);
18
+ __exportStar(require("./token-store"), exports);
19
19
  //# sourceMappingURL=index.js.map
@@ -1 +1 @@
1
- {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/sessions/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,oDAAkC;AAClC,4DAA0C"}
1
+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/sessions/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,oDAAkC;AAClC,gDAA8B"}
@@ -0,0 +1,22 @@
1
+ import type { UserTokens } from './session-context';
2
+ import type { TokenStore } from './token-store';
3
+ /**
4
+ * Redis-backed broker token store: stateless + restart-durable + multi-instance safe. Tokens are
5
+ * AES-256-GCM encrypted at rest; per-key TTL (reset on every write) handles idle eviction natively,
6
+ * so {@link evictStale} is a no-op. Lazy-loaded by {@link createTokenStore} so memory-mode never
7
+ * touches the `redis` dependency.
8
+ */
9
+ export declare class RedisTokenStore implements TokenStore {
10
+ private readonly _key;
11
+ private readonly _ttlSeconds;
12
+ private readonly _client;
13
+ constructor(url: string, _key: Buffer, _ttlSeconds: number);
14
+ private _redisKey;
15
+ connect(): Promise<void>;
16
+ get(userKey: string): Promise<UserTokens | null>;
17
+ set(userKey: string, tokens: UserTokens): Promise<void>;
18
+ delete(userKey: string): Promise<void>;
19
+ evictStale(): Promise<number>;
20
+ close(): Promise<void>;
21
+ }
22
+ //# sourceMappingURL=redis-token-store.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"redis-token-store.d.ts","sourceRoot":"","sources":["../../src/sessions/redis-token-store.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AACpD,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,eAAe,CAAC;AAKhD;;;;;GAKG;AACH,qBAAa,eAAgB,YAAW,UAAU;IAKhD,OAAO,CAAC,QAAQ,CAAC,IAAI;IACrB,OAAO,CAAC,QAAQ,CAAC,WAAW;IAL7B,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAkB;gBAGzC,GAAG,EAAE,MAAM,EACM,IAAI,EAAE,MAAM,EACZ,WAAW,EAAE,MAAM;IAMrC,OAAO,CAAC,SAAS;IAIJ,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAKxB,GAAG,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;IAehD,GAAG,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC;IAMvD,MAAM,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAItC,UAAU,IAAI,OAAO,CAAC,MAAM,CAAC;IAI7B,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;CAOnC"}
@@ -0,0 +1,70 @@
1
+ "use strict";
2
+ var __importDefault = (this && this.__importDefault) || function (mod) {
3
+ return (mod && mod.__esModule) ? mod : { "default": mod };
4
+ };
5
+ Object.defineProperty(exports, "__esModule", { value: true });
6
+ exports.RedisTokenStore = void 0;
7
+ const redis_1 = require("redis");
8
+ const log_1 = __importDefault(require("../log"));
9
+ const token_crypto_1 = require("./token-crypto");
10
+ const KEY_PREFIX = 'mcp:creatio:tok:';
11
+ /**
12
+ * Redis-backed broker token store: stateless + restart-durable + multi-instance safe. Tokens are
13
+ * AES-256-GCM encrypted at rest; per-key TTL (reset on every write) handles idle eviction natively,
14
+ * so {@link evictStale} is a no-op. Lazy-loaded by {@link createTokenStore} so memory-mode never
15
+ * touches the `redis` dependency.
16
+ */
17
+ class RedisTokenStore {
18
+ _key;
19
+ _ttlSeconds;
20
+ _client;
21
+ constructor(url, _key, _ttlSeconds) {
22
+ this._key = _key;
23
+ this._ttlSeconds = _ttlSeconds;
24
+ this._client = (0, redis_1.createClient)({ url });
25
+ this._client.on('error', (err) => log_1.default.warn('redis.client.error', { error: String(err) }));
26
+ }
27
+ _redisKey(userKey) {
28
+ return `${KEY_PREFIX}${userKey}`;
29
+ }
30
+ async connect() {
31
+ await this._client.connect();
32
+ log_1.default.info('redis.token_store.connected', {});
33
+ }
34
+ async get(userKey) {
35
+ const blob = await this._client.get(this._redisKey(userKey));
36
+ if (!blob) {
37
+ return null;
38
+ }
39
+ try {
40
+ return JSON.parse((0, token_crypto_1.decryptToken)(blob, this._key));
41
+ }
42
+ catch (err) {
43
+ // A corrupt/undecryptable entry (e.g. rotated key) is treated as absent so the user
44
+ // simply re-authorizes, rather than wedging on a bad blob.
45
+ log_1.default.warn('redis.token_store.decrypt_failed', { error: String(err) });
46
+ return null;
47
+ }
48
+ }
49
+ async set(userKey, tokens) {
50
+ const payload = { ...tokens, storedAtMs: tokens.storedAtMs ?? Date.now() };
51
+ const blob = (0, token_crypto_1.encryptToken)(JSON.stringify(payload), this._key);
52
+ await this._client.set(this._redisKey(userKey), blob, { EX: this._ttlSeconds });
53
+ }
54
+ async delete(userKey) {
55
+ await this._client.del(this._redisKey(userKey));
56
+ }
57
+ async evictStale() {
58
+ return 0; // Redis expires keys natively via the per-write TTL.
59
+ }
60
+ async close() {
61
+ try {
62
+ await this._client.quit();
63
+ }
64
+ catch (err) {
65
+ log_1.default.warn('redis.token_store.close_failed', { error: String(err) });
66
+ }
67
+ }
68
+ }
69
+ exports.RedisTokenStore = RedisTokenStore;
70
+ //# sourceMappingURL=redis-token-store.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"redis-token-store.js","sourceRoot":"","sources":["../../src/sessions/redis-token-store.ts"],"names":[],"mappings":";;;;;;AAAA,iCAAqC;AAErC,iDAAyB;AAEzB,iDAA4D;AAM5D,MAAM,UAAU,GAAG,kBAAkB,CAAC;AAEtC;;;;;GAKG;AACH,MAAa,eAAe;IAKT;IACA;IALD,OAAO,CAAkB;IAE1C,YACC,GAAW,EACM,IAAY,EACZ,WAAmB;QADnB,SAAI,GAAJ,IAAI,CAAQ;QACZ,gBAAW,GAAX,WAAW,CAAQ;QAEpC,IAAI,CAAC,OAAO,GAAG,IAAA,oBAAY,EAAC,EAAE,GAAG,EAAE,CAAC,CAAC;QACrC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,aAAG,CAAC,IAAI,CAAC,oBAAoB,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC;IAC3F,CAAC;IAEO,SAAS,CAAC,OAAe;QAChC,OAAO,GAAG,UAAU,GAAG,OAAO,EAAE,CAAC;IAClC,CAAC;IAEM,KAAK,CAAC,OAAO;QACnB,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;QAC7B,aAAG,CAAC,IAAI,CAAC,6BAA6B,EAAE,EAAE,CAAC,CAAC;IAC7C,CAAC;IAEM,KAAK,CAAC,GAAG,CAAC,OAAe;QAC/B,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;QAC7D,IAAI,CAAC,IAAI,EAAE,CAAC;YACX,OAAO,IAAI,CAAC;QACb,CAAC;QACD,IAAI,CAAC;YACJ,OAAO,IAAI,CAAC,KAAK,CAAC,IAAA,2BAAY,EAAC,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,CAAe,CAAC;QAChE,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACd,oFAAoF;YACpF,2DAA2D;YAC3D,aAAG,CAAC,IAAI,CAAC,kCAAkC,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YACrE,OAAO,IAAI,CAAC;QACb,CAAC;IACF,CAAC;IAEM,KAAK,CAAC,GAAG,CAAC,OAAe,EAAE,MAAkB;QACnD,MAAM,OAAO,GAAe,EAAE,GAAG,MAAM,EAAE,UAAU,EAAE,MAAM,CAAC,UAAU,IAAI,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;QACvF,MAAM,IAAI,GAAG,IAAA,2BAAY,EAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,IAAI,CAAC,IAAI,CAAC,CAAC;QAC9D,MAAM,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC;IACjF,CAAC;IAEM,KAAK,CAAC,MAAM,CAAC,OAAe;QAClC,MAAM,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC,CAAC;IACjD,CAAC;IAEM,KAAK,CAAC,UAAU;QACtB,OAAO,CAAC,CAAC,CAAC,qDAAqD;IAChE,CAAC;IAEM,KAAK,CAAC,KAAK;QACjB,IAAI,CAAC;YACJ,MAAM,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;QAC3B,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACd,aAAG,CAAC,IAAI,CAAC,gCAAgC,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QACpE,CAAC;IACF,CAAC;CACD;AAzDD,0CAyDC"}
@@ -1,4 +1,5 @@
1
1
  import { StreamableHTTPServerTransport } from '@modelcontextprotocol/sdk/server/streamableHttp.js';
2
+ import { TokenStore } from './token-store';
2
3
  export interface SessionInfo {
3
4
  id: string;
4
5
  userKey?: string | undefined;
@@ -7,35 +8,32 @@ export interface SessionInfo {
7
8
  createdAt: Date;
8
9
  remoteIp?: string | undefined;
9
10
  }
11
+ /**
12
+ * A user's Creatio tokens, held per `userKey` in `broker` mode (the MCP brokered the login, so it
13
+ * owns the refresh lifecycle). Other modes store nothing here.
14
+ */
10
15
  export interface UserTokens {
11
16
  accessToken: string;
12
17
  accessTokenExpiryMs: number;
13
18
  refreshToken?: string | undefined;
14
- /** When this entry was stored/last refreshed; set by setTokensForUser. Drives idle eviction. */
19
+ /** When stored/last refreshed; drives idle eviction. */
15
20
  storedAtMs?: number | undefined;
16
21
  }
17
- export interface OAuthState {
18
- userKey: string;
19
- sessionId?: string | undefined;
20
- createdAt: number;
21
- expiresAt: number;
22
- }
23
- export interface OAuthStateResult {
24
- userKey: string;
25
- sessionId?: string | undefined;
26
- }
22
+ /**
23
+ * Tracks live MCP streamable-HTTP sessions (id ↔ transport ↔ user identity) for the HTTP server.
24
+ *
25
+ * In the stateless per-request Bearer model the MCP stores NO tokens: every request carries its own
26
+ * Creatio access token (delegated: from the client; gateway: injected by the Control-Plane). This
27
+ * context therefore only manages transport/session lifecycle and the identity used for logging.
28
+ */
27
29
  export declare class SessionContext {
28
- /** Idle window after which a token entry is considered abandoned and evicted, even if it
29
- * still has a refresh token. Generous (24h) so a returning client within a normal working
30
- * day keeps transparent refresh; resets on every store/refresh. */
31
- private static readonly TOKEN_IDLE_TTL_MS;
32
30
  private static _instance;
33
31
  private readonly _sessions;
34
- private readonly _userTokens;
35
- private readonly _oauthStates;
36
32
  private readonly _deletingSessions;
33
+ private _tokenStore;
37
34
  static get instance(): SessionContext;
38
- private _generateState;
35
+ /** Swap the broker token store (e.g. Redis) — call once at startup, broker mode only. */
36
+ setTokenStore(store: TokenStore): void;
39
37
  createSession(sessionId: string, userKey?: string, remoteIp?: string): SessionInfo;
40
38
  getSession(sessionId: string): SessionInfo | undefined;
41
39
  hasSession(sessionId: string): boolean;
@@ -45,30 +43,13 @@ export declare class SessionContext {
45
43
  deleteSession(sessionId: string): void;
46
44
  getAllSessions(): SessionInfo[];
47
45
  getSessionsForUser(userKey: string): SessionInfo[];
48
- getTokensForSession(sessionId: string): Promise<UserTokens | null>;
49
- getTokensForUser(userKey: string): Promise<UserTokens | null>;
50
- setTokensForUser(userKey: string, tokens: UserTokens): Promise<void>;
51
- deleteTokensForUser(userKey: string): Promise<void>;
52
- createOAuthState(userKey: string, sessionId?: string): string;
53
- validateOAuthState(state: string): OAuthStateResult | null;
54
- validateAndConsumeOAuthState(state: string): OAuthStateResult | undefined;
55
- cleanupExpiredOAuthStates(): void;
56
- /**
57
- * Bound the per-user token map on a long-running process WITHOUT evicting tokens a client
58
- * could still use. Refresh is keyed by userKey (not session) — Bearer clients carry identity
59
- * in the JWT and often have no live session between reconnects — so a token is removed only
60
- * when it is genuinely unreachable:
61
- * - expired AND has no refresh token (cannot be revived), or
62
- * - idle past {@link TOKEN_IDLE_TTL_MS} since it was last stored/refreshed (abandoned).
63
- * Unexpired tokens and recently-stored refreshable tokens are always kept. Returns count removed.
64
- */
65
- evictStaleTokens(now?: number): number;
66
- getEffectiveTokens(sessionId?: string, userKey?: string): Promise<UserTokens | null>;
67
- createSessionWithUser(sessionId: string, userKey: string, remoteIp?: string): Promise<SessionInfo>;
68
46
  getStats(): {
69
47
  sessionsCount: number;
70
- tokensCount: number;
71
- oauthStatesCount: number;
72
48
  };
49
+ getTokensForUser(userKey: string): Promise<UserTokens | null>;
50
+ setTokensForUser(userKey: string, tokens: UserTokens): Promise<void>;
51
+ deleteTokensForUser(userKey: string): Promise<void>;
52
+ /** Evict stale token entries (no-op for a store with native key-expiry, e.g. Redis). */
53
+ evictStaleTokens(now?: number): Promise<number>;
73
54
  }
74
55
  //# sourceMappingURL=session-context.d.ts.map
@@ -1 +1 @@
1
- {"version":3,"file":"session-context.d.ts","sourceRoot":"","sources":["../../src/sessions/session-context.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,6BAA6B,EAAE,MAAM,oDAAoD,CAAC;AAInG,MAAM,WAAW,WAAW;IAC3B,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC7B,SAAS,CAAC,EAAE,6BAA6B,GAAG,SAAS,CAAC;IACtD,QAAQ,EAAE,OAAO,CAAC;IAClB,SAAS,EAAE,IAAI,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;CAC9B;AAED,MAAM,WAAW,UAAU;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,mBAAmB,EAAE,MAAM,CAAC;IAC5B,YAAY,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAClC,gGAAgG;IAChG,UAAU,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;CAChC;AAED,MAAM,WAAW,UAAU;IAC1B,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC/B,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,gBAAgB;IAChC,OAAO,EAAE,MAAM,CAAC;IAChB,SAAS,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;CAC/B;AAED,qBAAa,cAAc;IAC1B;;wEAEoE;IACpE,OAAO,CAAC,MAAM,CAAC,QAAQ,CAAC,iBAAiB,CAAuB;IAChE,OAAO,CAAC,MAAM,CAAC,SAAS,CAA6B;IACrD,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAkC;IAC5D,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAiC;IAC7D,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAiC;IAC9D,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAqB;IAEvD,WAAkB,QAAQ,IAAI,cAAc,CAK3C;IAED,OAAO,CAAC,cAAc;IAKf,aAAa,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,WAAW;IAgBlF,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,WAAW,GAAG,SAAS;IAItD,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO;IAItC,mBAAmB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO;IAS/C,mBAAmB,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,6BAA6B,GAAG,IAAI;IAOtF,gBAAgB,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,IAAI;IAQ1D,aAAa,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI;IAiBtC,cAAc,IAAI,WAAW,EAAE;IAI/B,kBAAkB,CAAC,OAAO,EAAE,MAAM,GAAG,WAAW,EAAE;IAI5C,mBAAmB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;IAQlE,gBAAgB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;IAI7D,gBAAgB,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC;IASpE,mBAAmB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAIzD,gBAAgB,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,MAAM,GAAG,MAAM;IAY7D,kBAAkB,CAAC,KAAK,EAAE,MAAM,GAAG,gBAAgB,GAAG,IAAI;IAa1D,4BAA4B,CAAC,KAAK,EAAE,MAAM,GAAG,gBAAgB,GAAG,SAAS;IAIzE,yBAAyB,IAAI,IAAI;IASxC;;;;;;;;OAQG;IACI,gBAAgB,CAAC,GAAG,GAAE,MAAmB,GAAG,MAAM;IAkB5C,kBAAkB,CAC9B,SAAS,CAAC,EAAE,MAAM,EAClB,OAAO,CAAC,EAAE,MAAM,GACd,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;IAUhB,qBAAqB,CACjC,SAAS,EAAE,MAAM,EACjB,OAAO,EAAE,MAAM,EACf,QAAQ,CAAC,EAAE,MAAM,GACf,OAAO,CAAC,WAAW,CAAC;IAKhB,QAAQ,IAAI;QAAE,aAAa,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,MAAM,CAAC;QAAC,gBAAgB,EAAE,MAAM,CAAA;KAAE;CAO3F"}
1
+ {"version":3,"file":"session-context.d.ts","sourceRoot":"","sources":["../../src/sessions/session-context.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,6BAA6B,EAAE,MAAM,oDAAoD,CAAC;AAInG,OAAO,EAAsB,UAAU,EAAE,MAAM,eAAe,CAAC;AAE/D,MAAM,WAAW,WAAW;IAC3B,EAAE,EAAE,MAAM,CAAC;IACX,OAAO,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC7B,SAAS,CAAC,EAAE,6BAA6B,GAAG,SAAS,CAAC;IACtD,QAAQ,EAAE,OAAO,CAAC;IAClB,SAAS,EAAE,IAAI,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;CAC9B;AAED;;;GAGG;AACH,MAAM,WAAW,UAAU;IAC1B,WAAW,EAAE,MAAM,CAAC;IACpB,mBAAmB,EAAE,MAAM,CAAC;IAC5B,YAAY,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAClC,wDAAwD;IACxD,UAAU,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;CAChC;AAED;;;;;;GAMG;AACH,qBAAa,cAAc;IAC1B,OAAO,CAAC,MAAM,CAAC,SAAS,CAA6B;IACrD,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAkC;IAC5D,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAqB;IAGvD,OAAO,CAAC,WAAW,CAAwC;IAE3D,WAAkB,QAAQ,IAAI,cAAc,CAK3C;IAED,yFAAyF;IAClF,aAAa,CAAC,KAAK,EAAE,UAAU,GAAG,IAAI;IAItC,aAAa,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,WAAW;IAgBlF,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,WAAW,GAAG,SAAS;IAItD,UAAU,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO;IAItC,mBAAmB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO;IAS/C,mBAAmB,CAAC,SAAS,EAAE,MAAM,EAAE,SAAS,EAAE,6BAA6B,GAAG,IAAI;IAOtF,gBAAgB,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,IAAI;IAQ1D,aAAa,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI;IAiBtC,cAAc,IAAI,WAAW,EAAE;IAI/B,kBAAkB,CAAC,OAAO,EAAE,MAAM,GAAG,WAAW,EAAE;IAIlD,QAAQ,IAAI;QAAE,aAAa,EAAE,MAAM,CAAA;KAAE;IAMrC,gBAAgB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;IAI7D,gBAAgB,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC;IAIpE,mBAAmB,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAI1D,wFAAwF;IACjF,gBAAgB,CAAC,GAAG,GAAE,MAAmB,GAAG,OAAO,CAAC,MAAM,CAAC;CAGlE"}
@@ -4,27 +4,31 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
4
4
  };
5
5
  Object.defineProperty(exports, "__esModule", { value: true });
6
6
  exports.SessionContext = void 0;
7
- const crypto_1 = __importDefault(require("crypto"));
8
7
  const log_1 = __importDefault(require("../log"));
8
+ const token_store_1 = require("./token-store");
9
+ /**
10
+ * Tracks live MCP streamable-HTTP sessions (id ↔ transport ↔ user identity) for the HTTP server.
11
+ *
12
+ * In the stateless per-request Bearer model the MCP stores NO tokens: every request carries its own
13
+ * Creatio access token (delegated: from the client; gateway: injected by the Control-Plane). This
14
+ * context therefore only manages transport/session lifecycle and the identity used for logging.
15
+ */
9
16
  class SessionContext {
10
- /** Idle window after which a token entry is considered abandoned and evicted, even if it
11
- * still has a refresh token. Generous (24h) so a returning client within a normal working
12
- * day keeps transparent refresh; resets on every store/refresh. */
13
- static TOKEN_IDLE_TTL_MS = 24 * 60 * 60 * 1000;
14
17
  static _instance;
15
18
  _sessions = new Map();
16
- _userTokens = new Map();
17
- _oauthStates = new Map();
18
19
  _deletingSessions = new Set();
20
+ // Broker-mode Creatio token store. Defaults to in-memory (single instance, lost on restart);
21
+ // swapped for the Redis store at startup via {@link setTokenStore} when configured.
22
+ _tokenStore = new token_store_1.InMemoryTokenStore();
19
23
  static get instance() {
20
24
  if (!SessionContext._instance) {
21
25
  SessionContext._instance = new SessionContext();
22
26
  }
23
27
  return SessionContext._instance;
24
28
  }
25
- _generateState() {
26
- // Cryptographically secure, unguessable CSRF/state token (CWE-330).
27
- return crypto_1.default.randomBytes(32).toString('base64url');
29
+ /** Swap the broker token store (e.g. Redis) — call once at startup, broker mode only. */
30
+ setTokenStore(store) {
31
+ this._tokenStore = store;
28
32
  }
29
33
  createSession(sessionId, userKey, remoteIp) {
30
34
  const session = {
@@ -91,106 +95,22 @@ class SessionContext {
91
95
  getSessionsForUser(userKey) {
92
96
  return Array.from(this._sessions.values()).filter((s) => s.userKey === userKey);
93
97
  }
94
- async getTokensForSession(sessionId) {
95
- const session = this._sessions.get(sessionId);
96
- if (!session?.userKey) {
97
- return null;
98
- }
99
- return this.getTokensForUser(session.userKey);
100
- }
101
- async getTokensForUser(userKey) {
102
- return this._userTokens.get(userKey) || null;
103
- }
104
- async setTokensForUser(userKey, tokens) {
105
- // Stamp the store time (unless the caller supplied one) so idle eviction can tell a
106
- // recently-refreshed token from an abandoned one.
107
- this._userTokens.set(userKey, {
108
- ...tokens,
109
- storedAtMs: tokens.storedAtMs ?? Date.now(),
110
- });
111
- }
112
- async deleteTokensForUser(userKey) {
113
- this._userTokens.delete(userKey);
114
- }
115
- createOAuthState(userKey, sessionId) {
116
- const state = this._generateState();
117
- const stateInfo = {
118
- userKey,
119
- sessionId,
120
- createdAt: Date.now(),
121
- expiresAt: Date.now() + 10 * 60 * 1000,
122
- };
123
- this._oauthStates.set(state, stateInfo);
124
- return state;
98
+ getStats() {
99
+ return { sessionsCount: this._sessions.size };
125
100
  }
126
- validateOAuthState(state) {
127
- const stateInfo = this._oauthStates.get(state);
128
- if (!stateInfo) {
129
- return null;
130
- }
131
- if (Date.now() > stateInfo.expiresAt) {
132
- this._oauthStates.delete(state);
133
- return null;
134
- }
135
- this._oauthStates.delete(state);
136
- return { userKey: stateInfo.userKey, sessionId: stateInfo.sessionId };
101
+ // --- Per-user Creatio token store (broker mode only) — delegated to the configured TokenStore ---
102
+ getTokensForUser(userKey) {
103
+ return this._tokenStore.get(userKey);
137
104
  }
138
- validateAndConsumeOAuthState(state) {
139
- return this.validateOAuthState(state) ?? undefined;
105
+ setTokensForUser(userKey, tokens) {
106
+ return this._tokenStore.set(userKey, tokens);
140
107
  }
141
- cleanupExpiredOAuthStates() {
142
- const now = Date.now();
143
- for (const [state, stateInfo] of this._oauthStates.entries()) {
144
- if (now > stateInfo.expiresAt) {
145
- this._oauthStates.delete(state);
146
- }
147
- }
108
+ deleteTokensForUser(userKey) {
109
+ return this._tokenStore.delete(userKey);
148
110
  }
149
- /**
150
- * Bound the per-user token map on a long-running process WITHOUT evicting tokens a client
151
- * could still use. Refresh is keyed by userKey (not session) — Bearer clients carry identity
152
- * in the JWT and often have no live session between reconnects — so a token is removed only
153
- * when it is genuinely unreachable:
154
- * - expired AND has no refresh token (cannot be revived), or
155
- * - idle past {@link TOKEN_IDLE_TTL_MS} since it was last stored/refreshed (abandoned).
156
- * Unexpired tokens and recently-stored refreshable tokens are always kept. Returns count removed.
157
- */
111
+ /** Evict stale token entries (no-op for a store with native key-expiry, e.g. Redis). */
158
112
  evictStaleTokens(now = Date.now()) {
159
- let removed = 0;
160
- for (const [userKey, tokens] of this._userTokens.entries()) {
161
- const expired = now > tokens.accessTokenExpiryMs;
162
- const deadNoRefresh = expired && !tokens.refreshToken;
163
- const idleFor = now - (tokens.storedAtMs ?? now);
164
- const abandoned = idleFor > SessionContext.TOKEN_IDLE_TTL_MS;
165
- if (deadNoRefresh || abandoned) {
166
- this._userTokens.delete(userKey);
167
- removed++;
168
- }
169
- }
170
- if (removed > 0) {
171
- log_1.default.info('session.tokens.evicted', { removed, remaining: this._userTokens.size });
172
- }
173
- return removed;
174
- }
175
- async getEffectiveTokens(sessionId, userKey) {
176
- if (userKey) {
177
- return this.getTokensForUser(userKey);
178
- }
179
- if (sessionId) {
180
- return this.getTokensForSession(sessionId);
181
- }
182
- return null;
183
- }
184
- async createSessionWithUser(sessionId, userKey, remoteIp) {
185
- const session = this.createSession(sessionId, userKey, remoteIp);
186
- return session;
187
- }
188
- getStats() {
189
- return {
190
- sessionsCount: this._sessions.size,
191
- tokensCount: this._userTokens.size,
192
- oauthStatesCount: this._oauthStates.size,
193
- };
113
+ return this._tokenStore.evictStale(now);
194
114
  }
195
115
  }
196
116
  exports.SessionContext = SessionContext;
@@ -1 +1 @@
1
- {"version":3,"file":"session-context.js","sourceRoot":"","sources":["../../src/sessions/session-context.ts"],"names":[],"mappings":";;;;;;AAAA,oDAA4B;AAI5B,iDAAyB;AA+BzB,MAAa,cAAc;IAC1B;;wEAEoE;IAC5D,MAAM,CAAU,iBAAiB,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;IACxD,MAAM,CAAC,SAAS,CAA6B;IACpC,SAAS,GAAG,IAAI,GAAG,EAAuB,CAAC;IAC3C,WAAW,GAAG,IAAI,GAAG,EAAsB,CAAC;IAC5C,YAAY,GAAG,IAAI,GAAG,EAAsB,CAAC;IAC7C,iBAAiB,GAAG,IAAI,GAAG,EAAU,CAAC;IAEhD,MAAM,KAAK,QAAQ;QACzB,IAAI,CAAC,cAAc,CAAC,SAAS,EAAE,CAAC;YAC/B,cAAc,CAAC,SAAS,GAAG,IAAI,cAAc,EAAE,CAAC;QACjD,CAAC;QACD,OAAO,cAAc,CAAC,SAAS,CAAC;IACjC,CAAC;IAEO,cAAc;QACrB,oEAAoE;QACpE,OAAO,gBAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IACrD,CAAC;IAEM,aAAa,CAAC,SAAiB,EAAE,OAAgB,EAAE,QAAiB;QAC1E,MAAM,OAAO,GAAgB;YAC5B,EAAE,EAAE,SAAS;YACb,QAAQ,EAAE,KAAK;YACf,SAAS,EAAE,IAAI,IAAI,EAAE;SACrB,CAAC;QACF,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;YAC3B,OAAO,CAAC,OAAO,GAAG,OAAO,CAAC;QAC3B,CAAC;QACD,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;YAC5B,OAAO,CAAC,QAAQ,GAAG,QAAQ,CAAC;QAC7B,CAAC;QACD,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QACvC,OAAO,OAAO,CAAC;IAChB,CAAC;IAEM,UAAU,CAAC,SAAiB;QAClC,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IACtC,CAAC;IAEM,UAAU,CAAC,SAAiB;QAClC,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IACtC,CAAC;IAEM,mBAAmB,CAAC,SAAiB;QAC3C,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC9C,IAAI,OAAO,EAAE,CAAC;YACb,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC;YACxB,OAAO,IAAI,CAAC;QACb,CAAC;QACD,OAAO,KAAK,CAAC;IACd,CAAC;IAEM,mBAAmB,CAAC,SAAiB,EAAE,SAAwC;QACrF,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC9C,IAAI,OAAO,EAAE,CAAC;YACb,OAAO,CAAC,SAAS,GAAG,SAAS,CAAC;QAC/B,CAAC;IACF,CAAC;IAEM,gBAAgB,CAAC,SAAiB,EAAE,OAAe;QACzD,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC9C,IAAI,OAAO,EAAE,CAAC;YACb,OAAO,CAAC,OAAO,GAAG,OAAO,CAAC;YAC1B,aAAG,CAAC,IAAI,CAAC,qBAAqB,EAAE,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,CAAC;QACzD,CAAC;IACF,CAAC;IAEM,aAAa,CAAC,SAAiB;QACrC,IAAI,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;YAC3C,OAAO;QACR,CAAC;QACD,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QACtC,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC9C,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QACjC,IAAI,OAAO,EAAE,SAAS,EAAE,CAAC;YACxB,IAAI,CAAC;gBACJ,OAAO,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC;YAC3B,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACd,aAAG,CAAC,IAAI,CAAC,wBAAwB,EAAE,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YACvE,CAAC;QACF,CAAC;QACD,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAC1C,CAAC;IAEM,cAAc;QACpB,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC,CAAC;IAC5C,CAAC;IAEM,kBAAkB,CAAC,OAAe;QACxC,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,OAAO,CAAC,CAAC;IACjF,CAAC;IAEM,KAAK,CAAC,mBAAmB,CAAC,SAAiB;QACjD,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC9C,IAAI,CAAC,OAAO,EAAE,OAAO,EAAE,CAAC;YACvB,OAAO,IAAI,CAAC;QACb,CAAC;QACD,OAAO,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;IAC/C,CAAC;IAEM,KAAK,CAAC,gBAAgB,CAAC,OAAe;QAC5C,OAAO,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC;IAC9C,CAAC;IAEM,KAAK,CAAC,gBAAgB,CAAC,OAAe,EAAE,MAAkB;QAChE,oFAAoF;QACpF,kDAAkD;QAClD,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,OAAO,EAAE;YAC7B,GAAG,MAAM;YACT,UAAU,EAAE,MAAM,CAAC,UAAU,IAAI,IAAI,CAAC,GAAG,EAAE;SAC3C,CAAC,CAAC;IACJ,CAAC;IAEM,KAAK,CAAC,mBAAmB,CAAC,OAAe;QAC/C,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAClC,CAAC;IAEM,gBAAgB,CAAC,OAAe,EAAE,SAAkB;QAC1D,MAAM,KAAK,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;QACpC,MAAM,SAAS,GAAe;YAC7B,OAAO;YACP,SAAS;YACT,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;YACrB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI;SACtC,CAAC;QACF,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,KAAK,EAAE,SAAS,CAAC,CAAC;QACxC,OAAO,KAAK,CAAC;IACd,CAAC;IAEM,kBAAkB,CAAC,KAAa;QACtC,MAAM,SAAS,GAAG,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QAC/C,IAAI,CAAC,SAAS,EAAE,CAAC;YAChB,OAAO,IAAI,CAAC;QACb,CAAC;QACD,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC,SAAS,EAAE,CAAC;YACtC,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAChC,OAAO,IAAI,CAAC;QACb,CAAC;QACD,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAChC,OAAO,EAAE,OAAO,EAAE,SAAS,CAAC,OAAO,EAAE,SAAS,EAAE,SAAS,CAAC,SAAS,EAAE,CAAC;IACvE,CAAC;IAEM,4BAA4B,CAAC,KAAa;QAChD,OAAO,IAAI,CAAC,kBAAkB,CAAC,KAAK,CAAC,IAAI,SAAS,CAAC;IACpD,CAAC;IAEM,yBAAyB;QAC/B,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,KAAK,MAAM,CAAC,KAAK,EAAE,SAAS,CAAC,IAAI,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,EAAE,CAAC;YAC9D,IAAI,GAAG,GAAG,SAAS,CAAC,SAAS,EAAE,CAAC;gBAC/B,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YACjC,CAAC;QACF,CAAC;IACF,CAAC;IAED;;;;;;;;OAQG;IACI,gBAAgB,CAAC,MAAc,IAAI,CAAC,GAAG,EAAE;QAC/C,IAAI,OAAO,GAAG,CAAC,CAAC;QAChB,KAAK,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,IAAI,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,EAAE,CAAC;YAC5D,MAAM,OAAO,GAAG,GAAG,GAAG,MAAM,CAAC,mBAAmB,CAAC;YACjD,MAAM,aAAa,GAAG,OAAO,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC;YACtD,MAAM,OAAO,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,UAAU,IAAI,GAAG,CAAC,CAAC;YACjD,MAAM,SAAS,GAAG,OAAO,GAAG,cAAc,CAAC,iBAAiB,CAAC;YAC7D,IAAI,aAAa,IAAI,SAAS,EAAE,CAAC;gBAChC,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;gBACjC,OAAO,EAAE,CAAC;YACX,CAAC;QACF,CAAC;QACD,IAAI,OAAO,GAAG,CAAC,EAAE,CAAC;YACjB,aAAG,CAAC,IAAI,CAAC,wBAAwB,EAAE,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,CAAC,WAAW,CAAC,IAAI,EAAE,CAAC,CAAC;QACnF,CAAC;QACD,OAAO,OAAO,CAAC;IAChB,CAAC;IAEM,KAAK,CAAC,kBAAkB,CAC9B,SAAkB,EAClB,OAAgB;QAEhB,IAAI,OAAO,EAAE,CAAC;YACb,OAAO,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;QACvC,CAAC;QACD,IAAI,SAAS,EAAE,CAAC;YACf,OAAO,IAAI,CAAC,mBAAmB,CAAC,SAAS,CAAC,CAAC;QAC5C,CAAC;QACD,OAAO,IAAI,CAAC;IACb,CAAC;IAEM,KAAK,CAAC,qBAAqB,CACjC,SAAiB,EACjB,OAAe,EACf,QAAiB;QAEjB,MAAM,OAAO,GAAG,IAAI,CAAC,aAAa,CAAC,SAAS,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;QACjE,OAAO,OAAO,CAAC;IAChB,CAAC;IAEM,QAAQ;QACd,OAAO;YACN,aAAa,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI;YAClC,WAAW,EAAE,IAAI,CAAC,WAAW,CAAC,IAAI;YAClC,gBAAgB,EAAE,IAAI,CAAC,YAAY,CAAC,IAAI;SACxC,CAAC;IACH,CAAC;;AAtNF,wCAuNC"}
1
+ {"version":3,"file":"session-context.js","sourceRoot":"","sources":["../../src/sessions/session-context.ts"],"names":[],"mappings":";;;;;;AAEA,iDAAyB;AAEzB,+CAA+D;AAuB/D;;;;;;GAMG;AACH,MAAa,cAAc;IAClB,MAAM,CAAC,SAAS,CAA6B;IACpC,SAAS,GAAG,IAAI,GAAG,EAAuB,CAAC;IAC3C,iBAAiB,GAAG,IAAI,GAAG,EAAU,CAAC;IACvD,6FAA6F;IAC7F,oFAAoF;IAC5E,WAAW,GAAe,IAAI,gCAAkB,EAAE,CAAC;IAEpD,MAAM,KAAK,QAAQ;QACzB,IAAI,CAAC,cAAc,CAAC,SAAS,EAAE,CAAC;YAC/B,cAAc,CAAC,SAAS,GAAG,IAAI,cAAc,EAAE,CAAC;QACjD,CAAC;QACD,OAAO,cAAc,CAAC,SAAS,CAAC;IACjC,CAAC;IAED,yFAAyF;IAClF,aAAa,CAAC,KAAiB;QACrC,IAAI,CAAC,WAAW,GAAG,KAAK,CAAC;IAC1B,CAAC;IAEM,aAAa,CAAC,SAAiB,EAAE,OAAgB,EAAE,QAAiB;QAC1E,MAAM,OAAO,GAAgB;YAC5B,EAAE,EAAE,SAAS;YACb,QAAQ,EAAE,KAAK;YACf,SAAS,EAAE,IAAI,IAAI,EAAE;SACrB,CAAC;QACF,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;YAC3B,OAAO,CAAC,OAAO,GAAG,OAAO,CAAC;QAC3B,CAAC;QACD,IAAI,QAAQ,KAAK,SAAS,EAAE,CAAC;YAC5B,OAAO,CAAC,QAAQ,GAAG,QAAQ,CAAC;QAC7B,CAAC;QACD,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;QACvC,OAAO,OAAO,CAAC;IAChB,CAAC;IAEM,UAAU,CAAC,SAAiB;QAClC,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IACtC,CAAC;IAEM,UAAU,CAAC,SAAiB;QAClC,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IACtC,CAAC;IAEM,mBAAmB,CAAC,SAAiB;QAC3C,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC9C,IAAI,OAAO,EAAE,CAAC;YACb,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC;YACxB,OAAO,IAAI,CAAC;QACb,CAAC;QACD,OAAO,KAAK,CAAC;IACd,CAAC;IAEM,mBAAmB,CAAC,SAAiB,EAAE,SAAwC;QACrF,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC9C,IAAI,OAAO,EAAE,CAAC;YACb,OAAO,CAAC,SAAS,GAAG,SAAS,CAAC;QAC/B,CAAC;IACF,CAAC;IAEM,gBAAgB,CAAC,SAAiB,EAAE,OAAe;QACzD,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC9C,IAAI,OAAO,EAAE,CAAC;YACb,OAAO,CAAC,OAAO,GAAG,OAAO,CAAC;YAC1B,aAAG,CAAC,IAAI,CAAC,qBAAqB,EAAE,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,CAAC;QACzD,CAAC;IACF,CAAC;IAEM,aAAa,CAAC,SAAiB;QACrC,IAAI,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,SAAS,CAAC,EAAE,CAAC;YAC3C,OAAO;QACR,CAAC;QACD,IAAI,CAAC,iBAAiB,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QACtC,MAAM,OAAO,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC9C,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QACjC,IAAI,OAAO,EAAE,SAAS,EAAE,CAAC;YACxB,IAAI,CAAC;gBACJ,OAAO,CAAC,SAAS,CAAC,KAAK,EAAE,CAAC;YAC3B,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACd,aAAG,CAAC,IAAI,CAAC,wBAAwB,EAAE,EAAE,SAAS,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YACvE,CAAC;QACF,CAAC;QACD,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAC1C,CAAC;IAEM,cAAc;QACpB,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC,CAAC;IAC5C,CAAC;IAEM,kBAAkB,CAAC,OAAe;QACxC,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,OAAO,CAAC,CAAC;IACjF,CAAC;IAEM,QAAQ;QACd,OAAO,EAAE,aAAa,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;IAC/C,CAAC;IAED,mGAAmG;IAE5F,gBAAgB,CAAC,OAAe;QACtC,OAAO,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IACtC,CAAC;IAEM,gBAAgB,CAAC,OAAe,EAAE,MAAkB;QAC1D,OAAO,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAC9C,CAAC;IAEM,mBAAmB,CAAC,OAAe;QACzC,OAAO,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IACzC,CAAC;IAED,wFAAwF;IACjF,gBAAgB,CAAC,MAAc,IAAI,CAAC,GAAG,EAAE;QAC/C,OAAO,IAAI,CAAC,WAAW,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IACzC,CAAC;CACD;AAnHD,wCAmHC"}
@@ -0,0 +1,8 @@
1
+ /** Derive a stable 32-byte key from a secret (any length), domain-separated so it never collides
2
+ * with the JWT-signing use of the same secret when no dedicated `CREATIO_MCP_TOKEN_ENC_KEY` is set. */
3
+ export declare function deriveTokenKey(secret: string): Buffer;
4
+ /** Encrypt to a self-describing `iv.tag.ciphertext` (base64url) blob. */
5
+ export declare function encryptToken(plaintext: string, key: Buffer): string;
6
+ /** Decrypt an `iv.tag.ciphertext` blob; throws if the key is wrong or the blob was tampered with. */
7
+ export declare function decryptToken(blob: string, key: Buffer): string;
8
+ //# sourceMappingURL=token-crypto.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"token-crypto.d.ts","sourceRoot":"","sources":["../../src/sessions/token-crypto.ts"],"names":[],"mappings":"AAUA;wGACwG;AACxG,wBAAgB,cAAc,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAErD;AAED,yEAAyE;AACzE,wBAAgB,YAAY,CAAC,SAAS,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,MAAM,CAMnE;AAED,qGAAqG;AACrG,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,EAAE,MAAM,GAAG,MAAM,CAW9D"}
@@ -0,0 +1,43 @@
1
+ "use strict";
2
+ var __importDefault = (this && this.__importDefault) || function (mod) {
3
+ return (mod && mod.__esModule) ? mod : { "default": mod };
4
+ };
5
+ Object.defineProperty(exports, "__esModule", { value: true });
6
+ exports.deriveTokenKey = deriveTokenKey;
7
+ exports.encryptToken = encryptToken;
8
+ exports.decryptToken = decryptToken;
9
+ const node_crypto_1 = __importDefault(require("node:crypto"));
10
+ /**
11
+ * AES-256-GCM encryption for tokens at rest. Stored Creatio tokens are bearer credentials, so a
12
+ * persistent store (Redis) must never hold them in plaintext — a dump of the store would otherwise
13
+ * be a credential leak. GCM gives confidentiality + integrity (a tampered blob fails to decrypt).
14
+ */
15
+ const ALGORITHM = 'aes-256-gcm';
16
+ const IV_BYTES = 12;
17
+ /** Derive a stable 32-byte key from a secret (any length), domain-separated so it never collides
18
+ * with the JWT-signing use of the same secret when no dedicated `CREATIO_MCP_TOKEN_ENC_KEY` is set. */
19
+ function deriveTokenKey(secret) {
20
+ return node_crypto_1.default.createHash('sha256').update(`mcp-creatio:token-enc:${secret}`).digest();
21
+ }
22
+ /** Encrypt to a self-describing `iv.tag.ciphertext` (base64url) blob. */
23
+ function encryptToken(plaintext, key) {
24
+ const iv = node_crypto_1.default.randomBytes(IV_BYTES);
25
+ const cipher = node_crypto_1.default.createCipheriv(ALGORITHM, key, iv);
26
+ const ciphertext = Buffer.concat([cipher.update(plaintext, 'utf8'), cipher.final()]);
27
+ const tag = cipher.getAuthTag();
28
+ return [iv, tag, ciphertext].map((b) => b.toString('base64url')).join('.');
29
+ }
30
+ /** Decrypt an `iv.tag.ciphertext` blob; throws if the key is wrong or the blob was tampered with. */
31
+ function decryptToken(blob, key) {
32
+ const [ivB64, tagB64, ctB64] = blob.split('.');
33
+ if (!ivB64 || !tagB64 || !ctB64) {
34
+ throw new Error('token_blob_malformed');
35
+ }
36
+ const decipher = node_crypto_1.default.createDecipheriv(ALGORITHM, key, Buffer.from(ivB64, 'base64url'));
37
+ decipher.setAuthTag(Buffer.from(tagB64, 'base64url'));
38
+ return Buffer.concat([
39
+ decipher.update(Buffer.from(ctB64, 'base64url')),
40
+ decipher.final(),
41
+ ]).toString('utf8');
42
+ }
43
+ //# sourceMappingURL=token-crypto.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"token-crypto.js","sourceRoot":"","sources":["../../src/sessions/token-crypto.ts"],"names":[],"mappings":";;;;;AAYA,wCAEC;AAGD,oCAMC;AAGD,oCAWC;AArCD,8DAAiC;AAEjC;;;;GAIG;AACH,MAAM,SAAS,GAAG,aAAa,CAAC;AAChC,MAAM,QAAQ,GAAG,EAAE,CAAC;AAEpB;wGACwG;AACxG,SAAgB,cAAc,CAAC,MAAc;IAC5C,OAAO,qBAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,yBAAyB,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC;AACvF,CAAC;AAED,yEAAyE;AACzE,SAAgB,YAAY,CAAC,SAAiB,EAAE,GAAW;IAC1D,MAAM,EAAE,GAAG,qBAAM,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;IACxC,MAAM,MAAM,GAAG,qBAAM,CAAC,cAAc,CAAC,SAAS,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;IACzD,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IACrF,MAAM,GAAG,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;IAChC,OAAO,CAAC,EAAE,EAAE,GAAG,EAAE,UAAU,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC5E,CAAC;AAED,qGAAqG;AACrG,SAAgB,YAAY,CAAC,IAAY,EAAE,GAAW;IACrD,MAAM,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/C,IAAI,CAAC,KAAK,IAAI,CAAC,MAAM,IAAI,CAAC,KAAK,EAAE,CAAC;QACjC,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;IACzC,CAAC;IACD,MAAM,QAAQ,GAAG,qBAAM,CAAC,gBAAgB,CAAC,SAAS,EAAE,GAAG,EAAE,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,WAAW,CAAC,CAAC,CAAC;IAC1F,QAAQ,CAAC,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC;IACtD,OAAO,MAAM,CAAC,MAAM,CAAC;QACpB,QAAQ,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,WAAW,CAAC,CAAC;QAChD,QAAQ,CAAC,KAAK,EAAE;KAChB,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;AACrB,CAAC"}
@@ -0,0 +1,42 @@
1
+ import type { UserTokens } from './session-context';
2
+ /** Idle window after which an abandoned token entry is evicted (24h), even if refreshable. */
3
+ export declare const TOKEN_IDLE_TTL_MS: number;
4
+ /**
5
+ * Where the broker keeps each user's Creatio tokens. The default {@link InMemoryTokenStore} is fine
6
+ * for a single dev/process instance (tokens are lost on restart); {@link RedisTokenStore} makes the
7
+ * broker stateless + horizontally scalable + restart-durable for production. Async by contract so a
8
+ * network-backed store fits without changing callers.
9
+ */
10
+ export interface TokenStore {
11
+ get(userKey: string): Promise<UserTokens | null>;
12
+ set(userKey: string, tokens: UserTokens): Promise<void>;
13
+ delete(userKey: string): Promise<void>;
14
+ /** Drop entries that are dead-and-non-refreshable or idle past the TTL; returns how many. A
15
+ * store with native key-expiry (Redis) returns 0 here — expiry is handled on write. */
16
+ evictStale(now: number): Promise<number>;
17
+ close(): Promise<void>;
18
+ }
19
+ export declare class InMemoryTokenStore implements TokenStore {
20
+ private readonly _tokens;
21
+ get(userKey: string): Promise<UserTokens | null>;
22
+ set(userKey: string, tokens: UserTokens): Promise<void>;
23
+ delete(userKey: string): Promise<void>;
24
+ evictStale(now: number): Promise<number>;
25
+ close(): Promise<void>;
26
+ /** Test/diagnostic helper — current entry count. */
27
+ size(): number;
28
+ }
29
+ export type TokenStoreKind = 'memory' | 'redis';
30
+ export interface TokenStoreConfig {
31
+ kind: TokenStoreKind;
32
+ /** Redis connection URL (redis store only). */
33
+ redisUrl?: string | undefined;
34
+ /** Secret the at-rest encryption key is derived from (redis store only). */
35
+ encryptionSecret?: string | undefined;
36
+ }
37
+ /**
38
+ * Build the configured token store. Redis is imported lazily (and listed as a dependency) so a
39
+ * memory-mode deployment never loads it. Encryption is mandatory for the Redis store.
40
+ */
41
+ export declare function createTokenStore(config: TokenStoreConfig): Promise<TokenStore>;
42
+ //# sourceMappingURL=token-store.d.ts.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"token-store.d.ts","sourceRoot":"","sources":["../../src/sessions/token-store.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAC;AAEpD,8FAA8F;AAC9F,eAAO,MAAM,iBAAiB,QAAsB,CAAC;AAErD;;;;;GAKG;AACH,MAAM,WAAW,UAAU;IAC1B,GAAG,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC;IACjD,GAAG,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACxD,MAAM,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IACvC;4FACwF;IACxF,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IACzC,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;CACvB;AAED,qBAAa,kBAAmB,YAAW,UAAU;IACpD,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAiC;IAE5C,GAAG,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,UAAU,GAAG,IAAI,CAAC;IAIhD,GAAG,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,UAAU,GAAG,OAAO,CAAC,IAAI,CAAC;IAIvD,MAAM,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAItC,UAAU,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAgBxC,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC;IAInC,oDAAoD;IAC7C,IAAI,IAAI,MAAM;CAGrB;AAED,MAAM,MAAM,cAAc,GAAG,QAAQ,GAAG,OAAO,CAAC;AAEhD,MAAM,WAAW,gBAAgB;IAChC,IAAI,EAAE,cAAc,CAAC;IACrB,+CAA+C;IAC/C,QAAQ,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAC9B,4EAA4E;IAC5E,gBAAgB,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;CACtC;AAED;;;GAGG;AACH,wBAAsB,gBAAgB,CAAC,MAAM,EAAE,gBAAgB,GAAG,OAAO,CAAC,UAAU,CAAC,CAkBpF"}
@@ -0,0 +1,66 @@
1
+ "use strict";
2
+ var __importDefault = (this && this.__importDefault) || function (mod) {
3
+ return (mod && mod.__esModule) ? mod : { "default": mod };
4
+ };
5
+ Object.defineProperty(exports, "__esModule", { value: true });
6
+ exports.InMemoryTokenStore = exports.TOKEN_IDLE_TTL_MS = void 0;
7
+ exports.createTokenStore = createTokenStore;
8
+ const log_1 = __importDefault(require("../log"));
9
+ const token_crypto_1 = require("./token-crypto");
10
+ /** Idle window after which an abandoned token entry is evicted (24h), even if refreshable. */
11
+ exports.TOKEN_IDLE_TTL_MS = 24 * 60 * 60 * 1000;
12
+ class InMemoryTokenStore {
13
+ _tokens = new Map();
14
+ async get(userKey) {
15
+ return this._tokens.get(userKey) ?? null;
16
+ }
17
+ async set(userKey, tokens) {
18
+ this._tokens.set(userKey, { ...tokens, storedAtMs: tokens.storedAtMs ?? Date.now() });
19
+ }
20
+ async delete(userKey) {
21
+ this._tokens.delete(userKey);
22
+ }
23
+ async evictStale(now) {
24
+ let removed = 0;
25
+ for (const [userKey, tokens] of this._tokens) {
26
+ const deadNoRefresh = now > tokens.accessTokenExpiryMs && !tokens.refreshToken;
27
+ const abandoned = now - (tokens.storedAtMs ?? now) > exports.TOKEN_IDLE_TTL_MS;
28
+ if (deadNoRefresh || abandoned) {
29
+ this._tokens.delete(userKey);
30
+ removed++;
31
+ }
32
+ }
33
+ if (removed > 0) {
34
+ log_1.default.info('session.tokens.evicted', { removed, remaining: this._tokens.size });
35
+ }
36
+ return removed;
37
+ }
38
+ async close() {
39
+ this._tokens.clear();
40
+ }
41
+ /** Test/diagnostic helper — current entry count. */
42
+ size() {
43
+ return this._tokens.size;
44
+ }
45
+ }
46
+ exports.InMemoryTokenStore = InMemoryTokenStore;
47
+ /**
48
+ * Build the configured token store. Redis is imported lazily (and listed as a dependency) so a
49
+ * memory-mode deployment never loads it. Encryption is mandatory for the Redis store.
50
+ */
51
+ async function createTokenStore(config) {
52
+ if (config.kind === 'memory') {
53
+ return new InMemoryTokenStore();
54
+ }
55
+ if (!config.redisUrl) {
56
+ throw new Error('redis token store requires CREATIO_MCP_REDIS_URL');
57
+ }
58
+ if (!config.encryptionSecret) {
59
+ throw new Error('redis token store requires an encryption secret (CREATIO_MCP_JWT_SECRET)');
60
+ }
61
+ const { RedisTokenStore } = await import('./redis-token-store.js');
62
+ const store = new RedisTokenStore(config.redisUrl, (0, token_crypto_1.deriveTokenKey)(config.encryptionSecret), Math.floor(exports.TOKEN_IDLE_TTL_MS / 1000));
63
+ await store.connect();
64
+ return store;
65
+ }
66
+ //# sourceMappingURL=token-store.js.map
@@ -0,0 +1 @@
1
+ {"version":3,"file":"token-store.js","sourceRoot":"","sources":["../../src/sessions/token-store.ts"],"names":[],"mappings":";;;;;;AAgFA,4CAkBC;AAlGD,iDAAyB;AAEzB,iDAAgD;AAIhD,8FAA8F;AACjF,QAAA,iBAAiB,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAkBrD,MAAa,kBAAkB;IACb,OAAO,GAAG,IAAI,GAAG,EAAsB,CAAC;IAElD,KAAK,CAAC,GAAG,CAAC,OAAe;QAC/B,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC;IAC1C,CAAC;IAEM,KAAK,CAAC,GAAG,CAAC,OAAe,EAAE,MAAkB;QACnD,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,EAAE,EAAE,GAAG,MAAM,EAAE,UAAU,EAAE,MAAM,CAAC,UAAU,IAAI,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;IACvF,CAAC;IAEM,KAAK,CAAC,MAAM,CAAC,OAAe;QAClC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC9B,CAAC;IAEM,KAAK,CAAC,UAAU,CAAC,GAAW;QAClC,IAAI,OAAO,GAAG,CAAC,CAAC;QAChB,KAAK,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YAC9C,MAAM,aAAa,GAAG,GAAG,GAAG,MAAM,CAAC,mBAAmB,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC;YAC/E,MAAM,SAAS,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,UAAU,IAAI,GAAG,CAAC,GAAG,yBAAiB,CAAC;YACvE,IAAI,aAAa,IAAI,SAAS,EAAE,CAAC;gBAChC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;gBAC7B,OAAO,EAAE,CAAC;YACX,CAAC;QACF,CAAC;QACD,IAAI,OAAO,GAAG,CAAC,EAAE,CAAC;YACjB,aAAG,CAAC,IAAI,CAAC,wBAAwB,EAAE,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;QAC/E,CAAC;QACD,OAAO,OAAO,CAAC;IAChB,CAAC;IAEM,KAAK,CAAC,KAAK;QACjB,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;IACtB,CAAC;IAED,oDAAoD;IAC7C,IAAI;QACV,OAAO,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC;IAC1B,CAAC;CACD;AAvCD,gDAuCC;AAYD;;;GAGG;AACI,KAAK,UAAU,gBAAgB,CAAC,MAAwB;IAC9D,IAAI,MAAM,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC9B,OAAO,IAAI,kBAAkB,EAAE,CAAC;IACjC,CAAC;IACD,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;IACrE,CAAC;IACD,IAAI,CAAC,MAAM,CAAC,gBAAgB,EAAE,CAAC;QAC9B,MAAM,IAAI,KAAK,CAAC,0EAA0E,CAAC,CAAC;IAC7F,CAAC;IACD,MAAM,EAAE,eAAe,EAAE,GAAG,MAAM,MAAM,CAAC,wBAAwB,CAAC,CAAC;IACnE,MAAM,KAAK,GAAG,IAAI,eAAe,CAChC,MAAM,CAAC,QAAQ,EACf,IAAA,6BAAc,EAAC,MAAM,CAAC,gBAAgB,CAAC,EACvC,IAAI,CAAC,KAAK,CAAC,yBAAiB,GAAG,IAAI,CAAC,CACpC,CAAC;IACF,MAAM,KAAK,CAAC,OAAO,EAAE,CAAC;IACtB,OAAO,KAAK,CAAC;AACd,CAAC"}