mcp-openapi 0.1.0

package/README.md

@@ -0,0 +1,351 @@
+# mcp-openapi
+
+> Turn any OpenAPI/Swagger spec into MCP tools — so Claude and other AI assistants can call your REST APIs.
+
+[![npm version](https://img.shields.io/npm/v/mcp-openapi.svg)](https://www.npmjs.com/package/mcp-openapi)
+[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](https://opensource.org/licenses/MIT)
+[![npm downloads](https://img.shields.io/npm/dm/mcp-openapi.svg)](https://www.npmjs.com/package/mcp-openapi)
+
+Point `mcp-openapi` at any OpenAPI 3.x or Swagger 2.0 spec URL and it generates [Model Context Protocol (MCP)](https://modelcontextprotocol.io/) tools automatically. No code generation, no config files, no boilerplate. Your AI assistant gets callable tools for every API endpoint in seconds.
+
+---
+
+## Quick Start
+
+**1. Run it** (no install required):
+
+```bash
+npx mcp-openapi --spec https://petstore3.swagger.io/api/v3/openapi.json
+```
+
+**2. Add it to Claude Desktop** (`claude_desktop_config.json`):
+
+```json
+{
+  "mcpServers": {
+    "petstore": {
+      "command": "npx",
+      "args": [
+        "mcp-openapi",
+        "--spec", "https://petstore3.swagger.io/api/v3/openapi.json"
+      ]
+    }
+  }
+}
+```
+
+**3. Ask Claude to use it:**
+
+> "List all available pets in the store"
+
+Claude sees MCP tools like `find_pets_by_status`, `get_pet_by_id`, `add_pet` and calls them directly.
+
+---
+
+## Why mcp-openapi?
+
+Most MCP-to-API bridges require you to write tool definitions by hand or generate code from a spec. `mcp-openapi` skips all of that.
+
+| Feature | mcp-openapi | Hand-written MCP servers | Generic HTTP tools |
+|---------|:-----------:|:------------------------:|:------------------:|
+| Zero config setup | Yes | No | Partial |
+| OpenAPI 3.x + Swagger 2.0 | Yes | N/A | N/A |
+| Flat parameter schemas (LLM-optimized) | Yes | Manual | No |
+| Smart tool naming from operationId | Yes | Manual | No |
+| Auth (API key, Bearer, OAuth2) | Built-in | DIY | DIY |
+| Retry with exponential backoff | Built-in | DIY | DIY |
+| Response truncation for LLM context | Built-in | DIY | No |
+
+**Flat parameter schemas** are the key differentiator. Instead of passing nested JSON objects (which LLMs frequently get wrong), `mcp-openapi` flattens path, query, header, and body parameters into a single flat object. This dramatically improves tool-calling accuracy.
+
+---
+
+## How It Works
+
+```
+OpenAPI/Swagger Spec          mcp-openapi               AI Assistant
+     (URL or file)                                      (Claude, etc.)
+          |                         |                         |
+          |   1. Parse & validate   |                         |
+          |------------------------>|                         |
+          |                         |                         |
+          |   2. Generate MCP tools |                         |
+          |   (one per endpoint)    |                         |
+          |------------------------>|                         |
+          |                         |                         |
+          |                         |   3. Register tools     |
+          |                         |   via stdio transport   |
+          |                         |------------------------>|
+          |                         |                         |
+          |                         |   4. AI calls a tool    |
+          |                         |<------------------------|
+          |                         |                         |
+          |   5. Build & execute    |                         |
+          |   HTTP request          |                         |
+          |<------------------------|                         |
+          |                         |                         |
+          |   6. Return truncated   |                         |
+          |   response to AI        |                         |
+          |------------------------>|------------------------>|
+```
+
+Each API endpoint becomes one MCP tool:
+- **Tool name** is derived from `operationId` (converted to `snake_case`) or from `method + path`
+- **Parameters** are flattened into a single input schema (path, query, header, and body params merged)
+- **Responses** are truncated to ~50KB to stay within LLM context limits
+- **Errors** (429, 5xx) trigger automatic retries with exponential backoff (up to 3 retries)
+
+---
+
+## Claude Desktop Integration
+
+Add any API to Claude Desktop by editing your config file:
+
+**Location:**
+- macOS: `~/Library/Application Support/Claude/claude_desktop_config.json`
+- Windows: `%APPDATA%\Claude\claude_desktop_config.json`
+
+### Public API (no auth)
+
+```json
+{
+  "mcpServers": {
+    "petstore": {
+      "command": "npx",
+      "args": [
+        "mcp-openapi",
+        "--spec", "https://petstore3.swagger.io/api/v3/openapi.json"
+      ]
+    }
+  }
+}
+```
+
+### API with Bearer Token
+
+```json
+{
+  "mcpServers": {
+    "github": {
+      "command": "npx",
+      "args": [
+        "mcp-openapi",
+        "--spec", "https://raw.githubusercontent.com/github/rest-api-description/main/descriptions/api.github.com/api.github.com.json",
+        "--auth-type", "bearer",
+        "--auth-token", "$GITHUB_TOKEN",
+        "--prefix", "github",
+        "--include", "listReposForAuthenticatedUser,getRepo,listIssues,createIssue"
+      ],
+      "env": {
+        "GITHUB_TOKEN": "ghp_your_token_here"
+      }
+    }
+  }
+}
+```
+
+### API with API Key
+
+```json
+{
+  "mcpServers": {
+    "weather": {
+      "command": "npx",
+      "args": [
+        "mcp-openapi",
+        "--spec", "https://api.weather.example.com/openapi.json",
+        "--auth-type", "api-key",
+        "--auth-name", "X-API-Key",
+        "--auth-value", "$WEATHER_API_KEY",
+        "--auth-in", "header"
+      ],
+      "env": {
+        "WEATHER_API_KEY": "your_key_here"
+      }
+    }
+  }
+}
+```
+
+---
+
+## CLI Reference
+
+```bash
+npx mcp-openapi --spec <url-or-path> [options]
+```
+
+### General Options
+
+| Option | Short | Default | Description |
+|--------|-------|---------|-------------|
+| `--spec <url\|path>` | `-s` | *required* | OpenAPI spec URL or local file path |
+| `--config <path>` | `-c` | | JSON config file path |
+| `--base-url <url>` | | from spec | Override the API base URL |
+| `--prefix <name>` | | | Prefix for all tool names (e.g. `github` -> `github_list_repos`) |
+| `--include <patterns>` | | all | Comma-separated operationIds to include |
+| `--exclude <patterns>` | | none | Comma-separated operationIds to exclude |
+| `--timeout <ms>` | | `30000` | HTTP request timeout in milliseconds |
+| `--max-retries <n>` | | `3` | Max retries on 429/5xx responses |
+| `--header <name:value>` | `-H` | | Custom header (repeatable) |
+| `--transport <type>` | | `stdio` | Transport type: `stdio` or `sse` |
+| `--port <n>` | | `3000` | Port for SSE transport |
+| `--help` | `-h` | | Show help |
+| `--version` | `-v` | | Show version |
+
+### Auth Options
+
+**Bearer token:**
+
+| Option | Description |
+|--------|-------------|
+| `--auth-type bearer` | Use Bearer token authentication |
+| `--auth-token <token>` | The token value (supports `$ENV_VAR` syntax) |
+
+**API key:**
+
+| Option | Description |
+|--------|-------------|
+| `--auth-type api-key` | Use API key authentication |
+| `--auth-name <name>` | Header or query parameter name |
+| `--auth-value <value>` | The API key value (supports `$ENV_VAR` syntax) |
+| `--auth-in <header\|query>` | Where to send the key (default: `header`) |
+
+**OAuth2 client credentials:**
+
+| Option | Description |
+|--------|-------------|
+| `--auth-type oauth2` | Use OAuth2 client credentials flow |
+| `--auth-client-id <id>` | OAuth2 client ID |
+| `--auth-client-secret <secret>` | OAuth2 client secret |
+| `--auth-token-url <url>` | Token endpoint URL |
+| `--auth-scopes <scopes>` | Comma-separated scopes |
+
+---
+
+## CLI Examples
+
+```bash
+# Basic usage with a remote spec
+npx mcp-openapi --spec https://petstore3.swagger.io/api/v3/openapi.json
+
+# Local YAML spec with Bearer auth
+npx mcp-openapi --spec ./api.yaml --auth-type bearer --auth-token '$API_KEY'
+
+# Filter to specific endpoints with a prefix
+npx mcp-openapi --spec ./api.json --prefix myapi --include 'listUsers,getUser'
+
+# Override base URL (useful for local dev)
+npx mcp-openapi --spec https://api.example.com/openapi.json --base-url http://localhost:3000
+
+# Add custom headers
+npx mcp-openapi --spec ./api.json -H 'X-Custom: value' -H 'X-Another: value2'
+
+# Use a JSON config file
+npx mcp-openapi --config ./mcp-config.json
+```
+
+### Config File Format
+
+Instead of CLI flags, you can use a JSON config file:
+
+```json
+{
+  "spec": "https://api.example.com/openapi.json",
+  "prefix": "myapi",
+  "include": ["listUsers", "getUser", "createUser"],
+  "auth": {
+    "type": "bearer",
+    "token": "$API_TOKEN"
+  },
+  "timeout": 15000,
+  "maxRetries": 2,
+  "headers": {
+    "X-Custom-Header": "value"
+  }
+}
+```
+
+CLI arguments take precedence over config file values.
+
+---
+
+## Supported Specs
+
+| Format | Versions | File types |
+|--------|----------|------------|
+| OpenAPI | 3.0.x, 3.1.x | `.json`, `.yaml`, `.yml` |
+| Swagger | 2.0 | `.json`, `.yaml`, `.yml` |
+
+Specs can be loaded from:
+- Remote URLs (`https://...`)
+- Local file paths (`./api.yaml`, `/absolute/path/spec.json`)
+
+---
+
+## Programmatic Usage
+
+You can also use `mcp-openapi` as a library in your own MCP server:
+
+```typescript
+import { createServer } from 'mcp-openapi';
+
+const { server, tools, spec } = await createServer({
+  spec: 'https://petstore3.swagger.io/api/v3/openapi.json',
+  prefix: 'petstore',
+  auth: {
+    type: 'bearer',
+    token: process.env.API_TOKEN,
+  },
+});
+
+console.log(`Loaded ${tools.length} tools from ${spec.info.title}`);
+```
+
+---
+
+## Requirements
+
+- Node.js 18 or later
+- An OpenAPI 3.x or Swagger 2.0 spec (URL or local file)
+
+---
+
+## Contributing
+
+Contributions are welcome. Here is how to get started:
+
+```bash
+# Clone the repo
+git clone https://github.com/Docat0209/auto-revenue.git
+cd auto-revenue
+
+# Install dependencies
+pnpm install
+
+# Navigate to the package
+cd packages/mcp-servers/openapi
+
+# Run tests
+pnpm test
+
+# Build
+pnpm build
+```
+
+Before submitting a PR:
+1. Add tests for new features
+2. Run `pnpm lint` and fix any issues
+3. Follow [Conventional Commits](https://www.conventionalcommits.org/) for commit messages
+
+---
+
+## License
+
+MIT
+
+---
+
+## Keywords
+
+mcp, model-context-protocol, openapi, swagger, claude, ai, llm, api, tools, rest-api, ai-tools, mcp-server

package/dist/bin/mcp-openapi.d.ts

@@ -0,0 +1,3 @@
+#!/usr/bin/env node
+export {};
+//# sourceMappingURL=mcp-openapi.d.ts.map

package/dist/bin/mcp-openapi.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcp-openapi.d.ts","sourceRoot":"","sources":["../../bin/mcp-openapi.ts"],"names":[],"mappings":""}

package/dist/bin/mcp-openapi.js

@@ -0,0 +1,26 @@
+#!/usr/bin/env node
+import { parseCliArgs, loadConfigFile, mergeConfigs } from "../src/config/cli-args.js";
+import { startServer } from "../src/server.js";
+import { logger } from "../src/utils/logger.js";
+async function main() {
+    try {
+        let config = parseCliArgs(process.argv);
+        // Load config file if specified
+        const configWithExtra = config;
+        if (configWithExtra.config) {
+            const fileConfig = await loadConfigFile(configWithExtra.config);
+            config = mergeConfigs(fileConfig, config);
+        }
+        if (!config.spec) {
+            logger.error("Missing required --spec argument. Use --help for usage.");
+            process.exit(1);
+        }
+        await startServer(config);
+    }
+    catch (error) {
+        logger.error(error instanceof Error ? error.message : String(error));
+        process.exit(1);
+    }
+}
+main();
+//# sourceMappingURL=mcp-openapi.js.map

package/dist/bin/mcp-openapi.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcp-openapi.js","sourceRoot":"","sources":["../../bin/mcp-openapi.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,YAAY,EAAE,cAAc,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AAEvF,OAAO,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AAC/C,OAAO,EAAE,MAAM,EAAE,MAAM,wBAAwB,CAAC;AAEhD,KAAK,UAAU,IAAI;IAClB,IAAI,CAAC;QACJ,IAAI,MAAM,GAAG,YAAY,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QAExC,gCAAgC;QAChC,MAAM,eAAe,GAAG,MAAgD,CAAC;QACzE,IAAI,eAAe,CAAC,MAAM,EAAE,CAAC;YAC5B,MAAM,UAAU,GAAG,MAAM,cAAc,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC;YAChE,MAAM,GAAG,YAAY,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;QAC3C,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;YAClB,MAAM,CAAC,KAAK,CAAC,yDAAyD,CAAC,CAAC;YACxE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACjB,CAAC;QAED,MAAM,WAAW,CAAC,MAAM,CAAC,CAAC;IAC3B,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QAChB,MAAM,CAAC,KAAK,CACX,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CACtD,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IACjB,CAAC;AACF,CAAC;AAED,IAAI,EAAE,CAAC"}

package/dist/src/auth/api-key.d.ts

@@ -0,0 +1,10 @@
+import type { PreparedRequest } from "../executor/types.js";
+import type { AuthProvider } from "./types.js";
+export declare class ApiKeyAuth implements AuthProvider {
+    private readonly name;
+    private readonly value;
+    private readonly location;
+    constructor(name: string, value: string, location: "header" | "query");
+    apply(request: PreparedRequest): Promise<PreparedRequest>;
+}
+//# sourceMappingURL=api-key.d.ts.map

package/dist/src/auth/api-key.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"api-key.d.ts","sourceRoot":"","sources":["../../../src/auth/api-key.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAC5D,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAE/C,qBAAa,UAAW,YAAW,YAAY;IAE7C,OAAO,CAAC,QAAQ,CAAC,IAAI;IACrB,OAAO,CAAC,QAAQ,CAAC,KAAK;IACtB,OAAO,CAAC,QAAQ,CAAC,QAAQ;gBAFR,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,MAAM,EACb,QAAQ,EAAE,QAAQ,GAAG,OAAO;IAGxC,KAAK,CAAC,OAAO,EAAE,eAAe,GAAG,OAAO,CAAC,eAAe,CAAC;CAY/D"}

package/dist/src/auth/api-key.js

@@ -0,0 +1,23 @@
+export class ApiKeyAuth {
+    name;
+    value;
+    location;
+    constructor(name, value, location) {
+        this.name = name;
+        this.value = value;
+        this.location = location;
+    }
+    async apply(request) {
+        if (this.location === "header") {
+            return {
+                ...request,
+                headers: { ...request.headers, [this.name]: this.value },
+            };
+        }
+        return {
+            ...request,
+            query: { ...request.query, [this.name]: this.value },
+        };
+    }
+}
+//# sourceMappingURL=api-key.js.map

package/dist/src/auth/api-key.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"api-key.js","sourceRoot":"","sources":["../../../src/auth/api-key.ts"],"names":[],"mappings":"AAGA,MAAM,OAAO,UAAU;IAEJ;IACA;IACA;IAHlB,YACkB,IAAY,EACZ,KAAa,EACb,QAA4B;QAF5B,SAAI,GAAJ,IAAI,CAAQ;QACZ,UAAK,GAAL,KAAK,CAAQ;QACb,aAAQ,GAAR,QAAQ,CAAoB;IAC3C,CAAC;IAEJ,KAAK,CAAC,KAAK,CAAC,OAAwB;QACnC,IAAI,IAAI,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;YAChC,OAAO;gBACN,GAAG,OAAO;gBACV,OAAO,EAAE,EAAE,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,IAAI,CAAC,KAAK,EAAE;aACxD,CAAC;QACH,CAAC;QACD,OAAO;YACN,GAAG,OAAO;YACV,KAAK,EAAE,EAAE,GAAG,OAAO,CAAC,KAAK,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,IAAI,CAAC,KAAK,EAAE;SACpD,CAAC;IACH,CAAC;CACD"}

package/dist/src/auth/auth-manager.d.ts

@@ -0,0 +1,4 @@
+import type { AuthConfig } from "../config/types.js";
+import type { AuthProvider } from "./types.js";
+export declare function createAuthProvider(config?: AuthConfig): AuthProvider | null;
+//# sourceMappingURL=auth-manager.d.ts.map

package/dist/src/auth/auth-manager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-manager.d.ts","sourceRoot":"","sources":["../../../src/auth/auth-manager.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,MAAM,oBAAoB,CAAC;AAKrD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAmB/C,wBAAgB,kBAAkB,CAAC,MAAM,CAAC,EAAE,UAAU,GAAG,YAAY,GAAG,IAAI,CAmB3E"}

package/dist/src/auth/auth-manager.js

@@ -0,0 +1,36 @@
+import { logger } from "../utils/logger.js";
+import { ApiKeyAuth } from "./api-key.js";
+import { BearerAuth } from "./bearer.js";
+import { OAuth2Auth } from "./oauth2.js";
+/**
+ * Resolve environment variable references in auth values.
+ * Values starting with $ are treated as env var names.
+ */
+function resolveEnvVar(value) {
+    if (value.startsWith("$")) {
+        const envName = value.slice(1);
+        const envValue = process.env[envName];
+        if (!envValue) {
+            logger.warn(`Environment variable ${envName} is not set`);
+            return "";
+        }
+        return envValue;
+    }
+    return value;
+}
+export function createAuthProvider(config) {
+    if (!config)
+        return null;
+    switch (config.type) {
+        case "api-key":
+            return new ApiKeyAuth(config.name, resolveEnvVar(config.value), config.in);
+        case "bearer":
+            return new BearerAuth(resolveEnvVar(config.token));
+        case "oauth2":
+            return new OAuth2Auth(resolveEnvVar(config.clientId), resolveEnvVar(config.clientSecret), config.tokenUrl, config.scopes);
+        default:
+            logger.warn("Unknown auth type, skipping auth");
+            return null;
+    }
+}
+//# sourceMappingURL=auth-manager.js.map

package/dist/src/auth/auth-manager.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-manager.js","sourceRoot":"","sources":["../../../src/auth/auth-manager.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,MAAM,EAAE,MAAM,oBAAoB,CAAC;AAC5C,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC1C,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAGzC;;;GAGG;AACH,SAAS,aAAa,CAAC,KAAa;IACnC,IAAI,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QAC3B,MAAM,OAAO,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAC/B,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACtC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACf,MAAM,CAAC,IAAI,CAAC,wBAAwB,OAAO,aAAa,CAAC,CAAC;YAC1D,OAAO,EAAE,CAAC;QACX,CAAC;QACD,OAAO,QAAQ,CAAC;IACjB,CAAC;IACD,OAAO,KAAK,CAAC;AACd,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,MAAmB;IACrD,IAAI,CAAC,MAAM;QAAE,OAAO,IAAI,CAAC;IAEzB,QAAQ,MAAM,CAAC,IAAI,EAAE,CAAC;QACrB,KAAK,SAAS;YACb,OAAO,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,EAAE,aAAa,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC;QAC5E,KAAK,QAAQ;YACZ,OAAO,IAAI,UAAU,CAAC,aAAa,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;QACpD,KAAK,QAAQ;YACZ,OAAO,IAAI,UAAU,CACpB,aAAa,CAAC,MAAM,CAAC,QAAQ,CAAC,EAC9B,aAAa,CAAC,MAAM,CAAC,YAAY,CAAC,EAClC,MAAM,CAAC,QAAQ,EACf,MAAM,CAAC,MAAM,CACb,CAAC;QACH;YACC,MAAM,CAAC,IAAI,CAAC,kCAAkC,CAAC,CAAC;YAChD,OAAO,IAAI,CAAC;IACd,CAAC;AACF,CAAC"}

package/dist/src/auth/bearer.d.ts

@@ -0,0 +1,8 @@
+import type { PreparedRequest } from "../executor/types.js";
+import type { AuthProvider } from "./types.js";
+export declare class BearerAuth implements AuthProvider {
+    private readonly token;
+    constructor(token: string);
+    apply(request: PreparedRequest): Promise<PreparedRequest>;
+}
+//# sourceMappingURL=bearer.d.ts.map

package/dist/src/auth/bearer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"bearer.d.ts","sourceRoot":"","sources":["../../../src/auth/bearer.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAC5D,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAE/C,qBAAa,UAAW,YAAW,YAAY;IAClC,OAAO,CAAC,QAAQ,CAAC,KAAK;gBAAL,KAAK,EAAE,MAAM;IAEpC,KAAK,CAAC,OAAO,EAAE,eAAe,GAAG,OAAO,CAAC,eAAe,CAAC;CAS/D"}

package/dist/src/auth/bearer.js

@@ -0,0 +1,16 @@
+export class BearerAuth {
+    token;
+    constructor(token) {
+        this.token = token;
+    }
+    async apply(request) {
+        return {
+            ...request,
+            headers: {
+                ...request.headers,
+                Authorization: `Bearer ${this.token}`,
+            },
+        };
+    }
+}
+//# sourceMappingURL=bearer.js.map

package/dist/src/auth/bearer.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"bearer.js","sourceRoot":"","sources":["../../../src/auth/bearer.ts"],"names":[],"mappings":"AAGA,MAAM,OAAO,UAAU;IACO;IAA7B,YAA6B,KAAa;QAAb,UAAK,GAAL,KAAK,CAAQ;IAAG,CAAC;IAE9C,KAAK,CAAC,KAAK,CAAC,OAAwB;QACnC,OAAO;YACN,GAAG,OAAO;YACV,OAAO,EAAE;gBACR,GAAG,OAAO,CAAC,OAAO;gBAClB,aAAa,EAAE,UAAU,IAAI,CAAC,KAAK,EAAE;aACrC;SACD,CAAC;IACH,CAAC;CACD"}

package/dist/src/auth/index.d.ts

@@ -0,0 +1,3 @@
+export { createAuthProvider } from "./auth-manager.js";
+export type { AuthProvider } from "./types.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/src/auth/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/auth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAC;AACvD,YAAY,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC"}

package/dist/src/auth/index.js

@@ -0,0 +1,2 @@
+export { createAuthProvider } from "./auth-manager.js";
+//# sourceMappingURL=index.js.map

package/dist/src/auth/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/auth/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAAE,MAAM,mBAAmB,CAAC"}

package/dist/src/auth/oauth2.d.ts

@@ -0,0 +1,14 @@
+import type { PreparedRequest } from "../executor/types.js";
+import type { AuthProvider } from "./types.js";
+export declare class OAuth2Auth implements AuthProvider {
+    private readonly clientId;
+    private readonly clientSecret;
+    private readonly tokenUrl;
+    private readonly scopes;
+    private accessToken;
+    private expiresAt;
+    constructor(clientId: string, clientSecret: string, tokenUrl: string, scopes?: string[]);
+    apply(request: PreparedRequest): Promise<PreparedRequest>;
+    private getToken;
+}
+//# sourceMappingURL=oauth2.d.ts.map

package/dist/src/auth/oauth2.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth2.d.ts","sourceRoot":"","sources":["../../../src/auth/oauth2.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAC5D,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAE/C,qBAAa,UAAW,YAAW,YAAY;IAK7C,OAAO,CAAC,QAAQ,CAAC,QAAQ;IACzB,OAAO,CAAC,QAAQ,CAAC,YAAY;IAC7B,OAAO,CAAC,QAAQ,CAAC,QAAQ;IACzB,OAAO,CAAC,QAAQ,CAAC,MAAM;IAPxB,OAAO,CAAC,WAAW,CAAuB;IAC1C,OAAO,CAAC,SAAS,CAAK;gBAGJ,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,EACpB,QAAQ,EAAE,MAAM,EAChB,MAAM,GAAE,MAAM,EAAO;IAGjC,KAAK,CAAC,OAAO,EAAE,eAAe,GAAG,OAAO,CAAC,eAAe,CAAC;YAWjD,QAAQ;CA6CtB"}

package/dist/src/auth/oauth2.js

@@ -0,0 +1,59 @@
+import { AuthError } from "../utils/errors.js";
+export class OAuth2Auth {
+    clientId;
+    clientSecret;
+    tokenUrl;
+    scopes;
+    accessToken = null;
+    expiresAt = 0;
+    constructor(clientId, clientSecret, tokenUrl, scopes = []) {
+        this.clientId = clientId;
+        this.clientSecret = clientSecret;
+        this.tokenUrl = tokenUrl;
+        this.scopes = scopes;
+    }
+    async apply(request) {
+        const token = await this.getToken();
+        return {
+            ...request,
+            headers: {
+                ...request.headers,
+                Authorization: `Bearer ${token}`,
+            },
+        };
+    }
+    async getToken() {
+        if (this.accessToken && Date.now() < this.expiresAt) {
+            return this.accessToken;
+        }
+        const params = new URLSearchParams({
+            grant_type: "client_credentials",
+            client_id: this.clientId,
+            client_secret: this.clientSecret,
+        });
+        if (this.scopes.length > 0) {
+            params.set("scope", this.scopes.join(" "));
+        }
+        try {
+            const response = await fetch(this.tokenUrl, {
+                method: "POST",
+                headers: { "Content-Type": "application/x-www-form-urlencoded" },
+                body: params,
+                signal: AbortSignal.timeout(10_000),
+            });
+            if (!response.ok) {
+                throw new AuthError(`OAuth2 token request failed: ${response.status} ${response.statusText}`);
+            }
+            const data = (await response.json());
+            this.accessToken = data.access_token;
+            this.expiresAt = Date.now() + (data.expires_in ?? 3600) * 1000 - 60_000; // refresh 1 min early
+            return this.accessToken;
+        }
+        catch (error) {
+            if (error instanceof AuthError)
+                throw error;
+            throw new AuthError(`OAuth2 token request failed: ${error instanceof Error ? error.message : String(error)}`);
+        }
+    }
+}
+//# sourceMappingURL=oauth2.js.map

package/dist/src/auth/oauth2.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth2.js","sourceRoot":"","sources":["../../../src/auth/oauth2.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,SAAS,EAAE,MAAM,oBAAoB,CAAC;AAI/C,MAAM,OAAO,UAAU;IAKJ;IACA;IACA;IACA;IAPV,WAAW,GAAkB,IAAI,CAAC;IAClC,SAAS,GAAG,CAAC,CAAC;IAEtB,YACkB,QAAgB,EAChB,YAAoB,EACpB,QAAgB,EAChB,SAAmB,EAAE;QAHrB,aAAQ,GAAR,QAAQ,CAAQ;QAChB,iBAAY,GAAZ,YAAY,CAAQ;QACpB,aAAQ,GAAR,QAAQ,CAAQ;QAChB,WAAM,GAAN,MAAM,CAAe;IACpC,CAAC;IAEJ,KAAK,CAAC,KAAK,CAAC,OAAwB;QACnC,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,QAAQ,EAAE,CAAC;QACpC,OAAO;YACN,GAAG,OAAO;YACV,OAAO,EAAE;gBACR,GAAG,OAAO,CAAC,OAAO;gBAClB,aAAa,EAAE,UAAU,KAAK,EAAE;aAChC;SACD,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,QAAQ;QACrB,IAAI,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;YACrD,OAAO,IAAI,CAAC,WAAW,CAAC;QACzB,CAAC;QAED,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;YAClC,UAAU,EAAE,oBAAoB;YAChC,SAAS,EAAE,IAAI,CAAC,QAAQ;YACxB,aAAa,EAAE,IAAI,CAAC,YAAY;SAChC,CAAC,CAAC;QAEH,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YAC5B,MAAM,CAAC,GAAG,CAAC,OAAO,EAAE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;QAC5C,CAAC;QAED,IAAI,CAAC;YACJ,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,IAAI,CAAC,QAAQ,EAAE;gBAC3C,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;gBAChE,IAAI,EAAE,MAAM;gBACZ,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,MAAM,CAAC;aACnC,CAAC,CAAC;YAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBAClB,MAAM,IAAI,SAAS,CAClB,gCAAgC,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CACxE,CAAC;YACH,CAAC;YAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAGlC,CAAC;YAEF,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,YAAY,CAAC;YACrC,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,UAAU,IAAI,IAAI,CAAC,GAAG,IAAI,GAAG,MAAM,CAAC,CAAC,sBAAsB;YAE/F,OAAO,IAAI,CAAC,WAAW,CAAC;QACzB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YAChB,IAAI,KAAK,YAAY,SAAS;gBAAE,MAAM,KAAK,CAAC;YAC5C,MAAM,IAAI,SAAS,CAClB,gCAAgC,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CACxF,CAAC;QACH,CAAC;IACF,CAAC;CACD"}

package/dist/src/auth/types.d.ts

@@ -0,0 +1,5 @@
+import type { PreparedRequest } from "../executor/types.js";
+export interface AuthProvider {
+    apply(request: PreparedRequest): Promise<PreparedRequest>;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/src/auth/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/auth/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAE5D,MAAM,WAAW,YAAY;IAC5B,KAAK,CAAC,OAAO,EAAE,eAAe,GAAG,OAAO,CAAC,eAAe,CAAC,CAAC;CAC1D"}

package/dist/src/auth/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/src/auth/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/auth/types.ts"],"names":[],"mappings":""}

package/dist/src/config/cli-args.d.ts

@@ -0,0 +1,5 @@
+import type { McpOpenApiConfig } from "./types.js";
+export declare function parseCliArgs(argv: string[]): McpOpenApiConfig;
+export declare function loadConfigFile(path: string): Promise<Partial<McpOpenApiConfig>>;
+export declare function mergeConfigs(fileConfig: Partial<McpOpenApiConfig>, cliConfig: McpOpenApiConfig): McpOpenApiConfig;
+//# sourceMappingURL=cli-args.d.ts.map

package/dist/src/config/cli-args.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cli-args.d.ts","sourceRoot":"","sources":["../../../src/config/cli-args.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAc,gBAAgB,EAAE,MAAM,YAAY,CAAC;AAE/D,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,GAAG,gBAAgB,CAyE7D;AAED,wBAAsB,cAAc,CAAC,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAGrF;AAED,wBAAgB,YAAY,CAC3B,UAAU,EAAE,OAAO,CAAC,gBAAgB,CAAC,EACrC,SAAS,EAAE,gBAAgB,GACzB,gBAAgB,CAQlB"}