npm - mcp-server-framework - Versions diffs - 1.0.0 - Mend

mcp-server-framework 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (673) hide show

package/CHANGELOG.md +174 -0
package/LICENSE-GPL.md +219 -0
package/LICENSE.md +187 -0
package/README.md +439 -0
package/build/config/config-cache.d.ts +120 -0
package/build/config/config-cache.d.ts.map +1 -0
package/build/config/config-cache.js +310 -0
package/build/config/config-cache.js.map +1 -0
package/build/config/env.d.ts +476 -0
package/build/config/env.d.ts.map +1 -0
package/build/config/env.js +441 -0
package/build/config/env.js.map +1 -0
package/build/config/extensions.d.ts +107 -0
package/build/config/extensions.d.ts.map +1 -0
package/build/config/extensions.js +152 -0
package/build/config/extensions.js.map +1 -0
package/build/config/file/index.d.ts +8 -0
package/build/config/file/index.d.ts.map +1 -0
package/build/config/file/index.js +10 -0
package/build/config/file/index.js.map +1 -0
package/build/config/file/loader.d.ts +31 -0
package/build/config/file/loader.d.ts.map +1 -0
package/build/config/file/loader.js +313 -0
package/build/config/file/loader.js.map +1 -0
package/build/config/file/schema.d.ts +583 -0
package/build/config/file/schema.d.ts.map +1 -0
package/build/config/file/schema.js +388 -0
package/build/config/file/schema.js.map +1 -0
package/build/config/index.d.ts +15 -0
package/build/config/index.d.ts.map +1 -0
package/build/config/index.js +27 -0
package/build/config/index.js.map +1 -0
package/build/config/startup-warnings.d.ts +46 -0
package/build/config/startup-warnings.d.ts.map +1 -0
package/build/config/startup-warnings.js +61 -0
package/build/config/startup-warnings.js.map +1 -0
package/build/connection/connection-state.d.ts +196 -0
package/build/connection/connection-state.d.ts.map +1 -0
package/build/connection/connection-state.js +426 -0
package/build/connection/connection-state.js.map +1 -0
package/build/connection/core/base.d.ts +43 -0
package/build/connection/core/base.d.ts.map +1 -0
package/build/connection/core/base.js +82 -0
package/build/connection/core/base.js.map +1 -0
package/build/connection/core/constants.d.ts +121 -0
package/build/connection/core/constants.d.ts.map +1 -0
package/build/connection/core/constants.js +151 -0
package/build/connection/core/constants.js.map +1 -0
package/build/connection/core/index.d.ts +13 -0
package/build/connection/core/index.d.ts.map +1 -0
package/build/connection/core/index.js +14 -0
package/build/connection/core/index.js.map +1 -0
package/build/connection/core/types.d.ts +102 -0
package/build/connection/core/types.d.ts.map +1 -0
package/build/connection/core/types.js +31 -0
package/build/connection/core/types.js.map +1 -0
package/build/connection/index.d.ts +19 -0
package/build/connection/index.d.ts.map +1 -0
package/build/connection/index.js +22 -0
package/build/connection/index.js.map +1 -0
package/build/connection/types.d.ts +125 -0
package/build/connection/types.d.ts.map +1 -0
package/build/connection/types.js +39 -0
package/build/connection/types.js.map +1 -0
package/build/errors/categories/auth.d.ts +59 -0
package/build/errors/categories/auth.d.ts.map +1 -0
package/build/errors/categories/auth.js +111 -0
package/build/errors/categories/auth.js.map +1 -0
package/build/errors/categories/connection.d.ts +70 -0
package/build/errors/categories/connection.d.ts.map +1 -0
package/build/errors/categories/connection.js +120 -0
package/build/errors/categories/connection.js.map +1 -0
package/build/errors/categories/index.d.ts +14 -0
package/build/errors/categories/index.d.ts.map +1 -0
package/build/errors/categories/index.js +20 -0
package/build/errors/categories/index.js.map +1 -0
package/build/errors/categories/operation.d.ts +83 -0
package/build/errors/categories/operation.d.ts.map +1 -0
package/build/errors/categories/operation.js +149 -0
package/build/errors/categories/operation.js.map +1 -0
package/build/errors/categories/protocol.d.ts +68 -0
package/build/errors/categories/protocol.d.ts.map +1 -0
package/build/errors/categories/protocol.js +135 -0
package/build/errors/categories/protocol.js.map +1 -0
package/build/errors/categories/session.d.ts +50 -0
package/build/errors/categories/session.d.ts.map +1 -0
package/build/errors/categories/session.js +97 -0
package/build/errors/categories/session.js.map +1 -0
package/build/errors/categories/system.d.ts +95 -0
package/build/errors/categories/system.d.ts.map +1 -0
package/build/errors/categories/system.js +190 -0
package/build/errors/categories/system.js.map +1 -0
package/build/errors/categories/transport.d.ts +70 -0
package/build/errors/categories/transport.d.ts.map +1 -0
package/build/errors/categories/transport.js +148 -0
package/build/errors/categories/transport.js.map +1 -0
package/build/errors/categories/validation.d.ts +140 -0
package/build/errors/categories/validation.d.ts.map +1 -0
package/build/errors/categories/validation.js +311 -0
package/build/errors/categories/validation.js.map +1 -0
package/build/errors/core/base.d.ts +103 -0
package/build/errors/core/base.d.ts.map +1 -0
package/build/errors/core/base.js +219 -0
package/build/errors/core/base.js.map +1 -0
package/build/errors/core/constants.d.ts +40 -0
package/build/errors/core/constants.d.ts.map +1 -0
package/build/errors/core/constants.js +49 -0
package/build/errors/core/constants.js.map +1 -0
package/build/errors/core/error-codes.d.ts +72 -0
package/build/errors/core/error-codes.d.ts.map +1 -0
package/build/errors/core/error-codes.js +88 -0
package/build/errors/core/error-codes.js.map +1 -0
package/build/errors/core/http.d.ts +69 -0
package/build/errors/core/http.d.ts.map +1 -0
package/build/errors/core/http.js +106 -0
package/build/errors/core/http.js.map +1 -0
package/build/errors/core/index.d.ts +23 -0
package/build/errors/core/index.d.ts.map +1 -0
package/build/errors/core/index.js +41 -0
package/build/errors/core/index.js.map +1 -0
package/build/errors/core/json-rpc.d.ts +69 -0
package/build/errors/core/json-rpc.d.ts.map +1 -0
package/build/errors/core/json-rpc.js +79 -0
package/build/errors/core/json-rpc.js.map +1 -0
package/build/errors/core/messages.d.ts +51 -0
package/build/errors/core/messages.d.ts.map +1 -0
package/build/errors/core/messages.js +59 -0
package/build/errors/core/messages.js.map +1 -0
package/build/errors/core/types.d.ts +80 -0
package/build/errors/core/types.d.ts.map +1 -0
package/build/errors/core/types.js +10 -0
package/build/errors/core/types.js.map +1 -0
package/build/errors/factory.d.ts +199 -0
package/build/errors/factory.d.ts.map +1 -0
package/build/errors/factory.js +244 -0
package/build/errors/factory.js.map +1 -0
package/build/errors/index.d.ts +35 -0
package/build/errors/index.d.ts.map +1 -0
package/build/errors/index.js +67 -0
package/build/errors/index.js.map +1 -0
package/build/index.d.ts +93 -0
package/build/index.d.ts.map +1 -0
package/build/index.js +107 -0
package/build/index.js.map +1 -0
package/build/logger/core/constants.d.ts +143 -0
package/build/logger/core/constants.d.ts.map +1 -0
package/build/logger/core/constants.js +206 -0
package/build/logger/core/constants.js.map +1 -0
package/build/logger/core/context.d.ts +170 -0
package/build/logger/core/context.d.ts.map +1 -0
package/build/logger/core/context.js +237 -0
package/build/logger/core/context.js.map +1 -0
package/build/logger/core/errors.d.ts +101 -0
package/build/logger/core/errors.d.ts.map +1 -0
package/build/logger/core/errors.js +128 -0
package/build/logger/core/errors.js.map +1 -0
package/build/logger/core/format.d.ts +40 -0
package/build/logger/core/format.d.ts.map +1 -0
package/build/logger/core/format.js +47 -0
package/build/logger/core/format.js.map +1 -0
package/build/logger/core/index.d.ts +19 -0
package/build/logger/core/index.d.ts.map +1 -0
package/build/logger/core/index.js +47 -0
package/build/logger/core/index.js.map +1 -0
package/build/logger/core/trace-context.d.ts +51 -0
package/build/logger/core/trace-context.d.ts.map +1 -0
package/build/logger/core/trace-context.js +42 -0
package/build/logger/core/trace-context.js.map +1 -0
package/build/logger/core/types.d.ts +233 -0
package/build/logger/core/types.d.ts.map +1 -0
package/build/logger/core/types.js +10 -0
package/build/logger/core/types.js.map +1 -0
package/build/logger/factory.d.ts +150 -0
package/build/logger/factory.d.ts.map +1 -0
package/build/logger/factory.js +236 -0
package/build/logger/factory.js.map +1 -0
package/build/logger/formatters/index.d.ts +12 -0
package/build/logger/formatters/index.d.ts.map +1 -0
package/build/logger/formatters/index.js +15 -0
package/build/logger/formatters/index.js.map +1 -0
package/build/logger/formatters/json-formatter.d.ts +54 -0
package/build/logger/formatters/json-formatter.d.ts.map +1 -0
package/build/logger/formatters/json-formatter.js +80 -0
package/build/logger/formatters/json-formatter.js.map +1 -0
package/build/logger/formatters/schema.d.ts +230 -0
package/build/logger/formatters/schema.d.ts.map +1 -0
package/build/logger/formatters/schema.js +278 -0
package/build/logger/formatters/schema.js.map +1 -0
package/build/logger/formatters/text-formatter.d.ts +50 -0
package/build/logger/formatters/text-formatter.d.ts.map +1 -0
package/build/logger/formatters/text-formatter.js +93 -0
package/build/logger/formatters/text-formatter.js.map +1 -0
package/build/logger/index.d.ts +39 -0
package/build/logger/index.d.ts.map +1 -0
package/build/logger/index.js +43 -0
package/build/logger/index.js.map +1 -0
package/build/logger/logger.d.ts +278 -0
package/build/logger/logger.d.ts.map +1 -0
package/build/logger/logger.js +459 -0
package/build/logger/logger.js.map +1 -0
package/build/logger/mcp-logger.d.ts +177 -0
package/build/logger/mcp-logger.d.ts.map +1 -0
package/build/logger/mcp-logger.js +294 -0
package/build/logger/mcp-logger.js.map +1 -0
package/build/logger/scrubbing/index.d.ts +14 -0
package/build/logger/scrubbing/index.d.ts.map +1 -0
package/build/logger/scrubbing/index.js +16 -0
package/build/logger/scrubbing/index.js.map +1 -0
package/build/logger/scrubbing/injection-guard.d.ts +69 -0
package/build/logger/scrubbing/injection-guard.d.ts.map +1 -0
package/build/logger/scrubbing/injection-guard.js +102 -0
package/build/logger/scrubbing/injection-guard.js.map +1 -0
package/build/logger/scrubbing/secret-scrubber.d.ts +72 -0
package/build/logger/scrubbing/secret-scrubber.d.ts.map +1 -0
package/build/logger/scrubbing/secret-scrubber.js +177 -0
package/build/logger/scrubbing/secret-scrubber.js.map +1 -0
package/build/logger/writers/base-writer.d.ts +45 -0
package/build/logger/writers/base-writer.d.ts.map +1 -0
package/build/logger/writers/base-writer.js +41 -0
package/build/logger/writers/base-writer.js.map +1 -0
package/build/logger/writers/composite-writer.d.ts +83 -0
package/build/logger/writers/composite-writer.d.ts.map +1 -0
package/build/logger/writers/composite-writer.js +121 -0
package/build/logger/writers/composite-writer.js.map +1 -0
package/build/logger/writers/console-writer.d.ts +59 -0
package/build/logger/writers/console-writer.d.ts.map +1 -0
package/build/logger/writers/console-writer.js +73 -0
package/build/logger/writers/console-writer.js.map +1 -0
package/build/logger/writers/file-writer.d.ts +160 -0
package/build/logger/writers/file-writer.d.ts.map +1 -0
package/build/logger/writers/file-writer.js +345 -0
package/build/logger/writers/file-writer.js.map +1 -0
package/build/logger/writers/index.d.ts +15 -0
package/build/logger/writers/index.d.ts.map +1 -0
package/build/logger/writers/index.js +19 -0
package/build/logger/writers/index.js.map +1 -0
package/build/mcp/capabilities/apps/define-app.d.ts +68 -0
package/build/mcp/capabilities/apps/define-app.d.ts.map +1 -0
package/build/mcp/capabilities/apps/define-app.js +127 -0
package/build/mcp/capabilities/apps/define-app.js.map +1 -0
package/build/mcp/capabilities/apps/index.d.ts +10 -0
package/build/mcp/capabilities/apps/index.d.ts.map +1 -0
package/build/mcp/capabilities/apps/index.js +10 -0
package/build/mcp/capabilities/apps/index.js.map +1 -0
package/build/mcp/capabilities/capabilities.d.ts +24 -0
package/build/mcp/capabilities/capabilities.d.ts.map +1 -0
package/build/mcp/capabilities/capabilities.js +50 -0
package/build/mcp/capabilities/capabilities.js.map +1 -0
package/build/mcp/capabilities/index.d.ts +17 -0
package/build/mcp/capabilities/index.d.ts.map +1 -0
package/build/mcp/capabilities/index.js +20 -0
package/build/mcp/capabilities/index.js.map +1 -0
package/build/mcp/capabilities/prompts/define-prompt.d.ts +95 -0
package/build/mcp/capabilities/prompts/define-prompt.d.ts.map +1 -0
package/build/mcp/capabilities/prompts/define-prompt.js +109 -0
package/build/mcp/capabilities/prompts/define-prompt.js.map +1 -0
package/build/mcp/capabilities/prompts/index.d.ts +10 -0
package/build/mcp/capabilities/prompts/index.d.ts.map +1 -0
package/build/mcp/capabilities/prompts/index.js +10 -0
package/build/mcp/capabilities/prompts/index.js.map +1 -0
package/build/mcp/capabilities/registry/base-registry.d.ts +95 -0
package/build/mcp/capabilities/registry/base-registry.d.ts.map +1 -0
package/build/mcp/capabilities/registry/base-registry.js +149 -0
package/build/mcp/capabilities/registry/base-registry.js.map +1 -0
package/build/mcp/capabilities/registry/index.d.ts +16 -0
package/build/mcp/capabilities/registry/index.d.ts.map +1 -0
package/build/mcp/capabilities/registry/index.js +34 -0
package/build/mcp/capabilities/registry/index.js.map +1 -0
package/build/mcp/capabilities/registry/prompt-registry.d.ts +116 -0
package/build/mcp/capabilities/registry/prompt-registry.d.ts.map +1 -0
package/build/mcp/capabilities/registry/prompt-registry.js +232 -0
package/build/mcp/capabilities/registry/prompt-registry.js.map +1 -0
package/build/mcp/capabilities/registry/reset.d.ts +30 -0
package/build/mcp/capabilities/registry/reset.d.ts.map +1 -0
package/build/mcp/capabilities/registry/reset.js +48 -0
package/build/mcp/capabilities/registry/reset.js.map +1 -0
package/build/mcp/capabilities/registry/resource-registry.d.ts +152 -0
package/build/mcp/capabilities/registry/resource-registry.d.ts.map +1 -0
package/build/mcp/capabilities/registry/resource-registry.js +430 -0
package/build/mcp/capabilities/registry/resource-registry.js.map +1 -0
package/build/mcp/capabilities/registry/scope-enforcement.d.ts +48 -0
package/build/mcp/capabilities/registry/scope-enforcement.d.ts.map +1 -0
package/build/mcp/capabilities/registry/scope-enforcement.js +62 -0
package/build/mcp/capabilities/registry/scope-enforcement.js.map +1 -0
package/build/mcp/capabilities/registry/task-tool-registry.d.ts +96 -0
package/build/mcp/capabilities/registry/task-tool-registry.d.ts.map +1 -0
package/build/mcp/capabilities/registry/task-tool-registry.js +190 -0
package/build/mcp/capabilities/registry/task-tool-registry.js.map +1 -0
package/build/mcp/capabilities/registry/tool-registry.d.ts +100 -0
package/build/mcp/capabilities/registry/tool-registry.d.ts.map +1 -0
package/build/mcp/capabilities/registry/tool-registry.js +242 -0
package/build/mcp/capabilities/registry/tool-registry.js.map +1 -0
package/build/mcp/capabilities/resources/define-resource.d.ts +103 -0
package/build/mcp/capabilities/resources/define-resource.d.ts.map +1 -0
package/build/mcp/capabilities/resources/define-resource.js +137 -0
package/build/mcp/capabilities/resources/define-resource.js.map +1 -0
package/build/mcp/capabilities/resources/index.d.ts +10 -0
package/build/mcp/capabilities/resources/index.d.ts.map +1 -0
package/build/mcp/capabilities/resources/index.js +10 -0
package/build/mcp/capabilities/resources/index.js.map +1 -0
package/build/mcp/capabilities/server-capabilities.d.ts +33 -0
package/build/mcp/capabilities/server-capabilities.d.ts.map +1 -0
package/build/mcp/capabilities/server-capabilities.js +16 -0
package/build/mcp/capabilities/server-capabilities.js.map +1 -0
package/build/mcp/capabilities/tasks/define-task.d.ts +75 -0
package/build/mcp/capabilities/tasks/define-task.d.ts.map +1 -0
package/build/mcp/capabilities/tasks/define-task.js +93 -0
package/build/mcp/capabilities/tasks/define-task.js.map +1 -0
package/build/mcp/capabilities/tasks/index.d.ts +11 -0
package/build/mcp/capabilities/tasks/index.d.ts.map +1 -0
package/build/mcp/capabilities/tasks/index.js +11 -0
package/build/mcp/capabilities/tasks/index.js.map +1 -0
package/build/mcp/capabilities/tools/define-tool.d.ts +62 -0
package/build/mcp/capabilities/tools/define-tool.d.ts.map +1 -0
package/build/mcp/capabilities/tools/define-tool.js +73 -0
package/build/mcp/capabilities/tools/define-tool.js.map +1 -0
package/build/mcp/capabilities/tools/index.d.ts +10 -0
package/build/mcp/capabilities/tools/index.d.ts.map +1 -0
package/build/mcp/capabilities/tools/index.js +10 -0
package/build/mcp/capabilities/tools/index.js.map +1 -0
package/build/mcp/handlers/index.d.ts +19 -0
package/build/mcp/handlers/index.d.ts.map +1 -0
package/build/mcp/handlers/index.js +26 -0
package/build/mcp/handlers/index.js.map +1 -0
package/build/mcp/handlers/ping.d.ts +27 -0
package/build/mcp/handlers/ping.d.ts.map +1 -0
package/build/mcp/handlers/ping.js +61 -0
package/build/mcp/handlers/ping.js.map +1 -0
package/build/mcp/handlers/progress.d.ts +41 -0
package/build/mcp/handlers/progress.d.ts.map +1 -0
package/build/mcp/handlers/progress.js +79 -0
package/build/mcp/handlers/progress.js.map +1 -0
package/build/mcp/index.d.ts +28 -0
package/build/mcp/index.d.ts.map +1 -0
package/build/mcp/index.js +34 -0
package/build/mcp/index.js.map +1 -0
package/build/mcp/responses/helpers.d.ts +146 -0
package/build/mcp/responses/helpers.d.ts.map +1 -0
package/build/mcp/responses/helpers.js +197 -0
package/build/mcp/responses/helpers.js.map +1 -0
package/build/mcp/responses/index.d.ts +9 -0
package/build/mcp/responses/index.d.ts.map +1 -0
package/build/mcp/responses/index.js +12 -0
package/build/mcp/responses/index.js.map +1 -0
package/build/mcp/types/context.d.ts +371 -0
package/build/mcp/types/context.d.ts.map +1 -0
package/build/mcp/types/context.js +17 -0
package/build/mcp/types/context.js.map +1 -0
package/build/mcp/types/definition.d.ts +727 -0
package/build/mcp/types/definition.d.ts.map +1 -0
package/build/mcp/types/definition.js +29 -0
package/build/mcp/types/definition.js.map +1 -0
package/build/mcp/types/handler.d.ts +58 -0
package/build/mcp/types/handler.d.ts.map +1 -0
package/build/mcp/types/handler.js +10 -0
package/build/mcp/types/handler.js.map +1 -0
package/build/mcp/types/index.d.ts +21 -0
package/build/mcp/types/index.d.ts.map +1 -0
package/build/mcp/types/index.js +18 -0
package/build/mcp/types/index.js.map +1 -0
package/build/mcp/types/response.d.ts +79 -0
package/build/mcp/types/response.d.ts.map +1 -0
package/build/mcp/types/response.js +10 -0
package/build/mcp/types/response.js.map +1 -0
package/build/server/auth/auth-context.d.ts +52 -0
package/build/server/auth/auth-context.d.ts.map +1 -0
package/build/server/auth/auth-context.js +45 -0
package/build/server/auth/auth-context.js.map +1 -0
package/build/server/auth/guards.d.ts +72 -0
package/build/server/auth/guards.d.ts.map +1 -0
package/build/server/auth/guards.js +103 -0
package/build/server/auth/guards.js.map +1 -0
package/build/server/auth/index.d.ts +21 -0
package/build/server/auth/index.d.ts.map +1 -0
package/build/server/auth/index.js +20 -0
package/build/server/auth/index.js.map +1 -0
package/build/server/auth/oidc-discovery.d.ts +68 -0
package/build/server/auth/oidc-discovery.d.ts.map +1 -0
package/build/server/auth/oidc-discovery.js +234 -0
package/build/server/auth/oidc-discovery.js.map +1 -0
package/build/server/auth/oidc-provider.d.ts +96 -0
package/build/server/auth/oidc-provider.d.ts.map +1 -0
package/build/server/auth/oidc-provider.js +126 -0
package/build/server/auth/oidc-provider.js.map +1 -0
package/build/server/auth/types.d.ts +204 -0
package/build/server/auth/types.d.ts.map +1 -0
package/build/server/auth/types.js +29 -0
package/build/server/auth/types.js.map +1 -0
package/build/server/auth/upstream-provider.d.ts +161 -0
package/build/server/auth/upstream-provider.d.ts.map +1 -0
package/build/server/auth/upstream-provider.js +411 -0
package/build/server/auth/upstream-provider.js.map +1 -0
package/build/server/builder/constants.d.ts +45 -0
package/build/server/builder/constants.d.ts.map +1 -0
package/build/server/builder/constants.js +54 -0
package/build/server/builder/constants.js.map +1 -0
package/build/server/builder/index.d.ts +24 -0
package/build/server/builder/index.d.ts.map +1 -0
package/build/server/builder/index.js +25 -0
package/build/server/builder/index.js.map +1 -0
package/build/server/builder/primitive-collector.d.ts +24 -0
package/build/server/builder/primitive-collector.d.ts.map +1 -0
package/build/server/builder/primitive-collector.js +89 -0
package/build/server/builder/primitive-collector.js.map +1 -0
package/build/server/builder/server-builder.d.ts +53 -0
package/build/server/builder/server-builder.d.ts.map +1 -0
package/build/server/builder/server-builder.js +132 -0
package/build/server/builder/server-builder.js.map +1 -0
package/build/server/builder/types.d.ts +93 -0
package/build/server/builder/types.d.ts.map +1 -0
package/build/server/builder/types.js +25 -0
package/build/server/builder/types.js.map +1 -0
package/build/server/builder/validation.d.ts +36 -0
package/build/server/builder/validation.d.ts.map +1 -0
package/build/server/builder/validation.js +44 -0
package/build/server/builder/validation.js.map +1 -0
package/build/server/create-server.d.ts +57 -0
package/build/server/create-server.d.ts.map +1 -0
package/build/server/create-server.js +104 -0
package/build/server/create-server.js.map +1 -0
package/build/server/http/express-app.d.ts +103 -0
package/build/server/http/express-app.d.ts.map +1 -0
package/build/server/http/express-app.js +391 -0
package/build/server/http/express-app.js.map +1 -0
package/build/server/http/http-server.d.ts +67 -0
package/build/server/http/http-server.d.ts.map +1 -0
package/build/server/http/http-server.js +188 -0
package/build/server/http/http-server.js.map +1 -0
package/build/server/http/http-transport.d.ts +33 -0
package/build/server/http/http-transport.d.ts.map +1 -0
package/build/server/http/http-transport.js +84 -0
package/build/server/http/http-transport.js.map +1 -0
package/build/server/http/index.d.ts +15 -0
package/build/server/http/index.d.ts.map +1 -0
package/build/server/http/index.js +11 -0
package/build/server/http/index.js.map +1 -0
package/build/server/index.d.ts +25 -0
package/build/server/index.d.ts.map +1 -0
package/build/server/index.js +41 -0
package/build/server/index.js.map +1 -0
package/build/server/lifecycle.d.ts +114 -0
package/build/server/lifecycle.d.ts.map +1 -0
package/build/server/lifecycle.js +30 -0
package/build/server/lifecycle.js.map +1 -0
package/build/server/middleware/bearer-auth.d.ts +43 -0
package/build/server/middleware/bearer-auth.d.ts.map +1 -0
package/build/server/middleware/bearer-auth.js +75 -0
package/build/server/middleware/bearer-auth.js.map +1 -0
package/build/server/middleware/custom-header-auth.d.ts +40 -0
package/build/server/middleware/custom-header-auth.d.ts.map +1 -0
package/build/server/middleware/custom-header-auth.js +90 -0
package/build/server/middleware/custom-header-auth.js.map +1 -0
package/build/server/middleware/dns-rebinding.d.ts +25 -0
package/build/server/middleware/dns-rebinding.d.ts.map +1 -0
package/build/server/middleware/dns-rebinding.js +94 -0
package/build/server/middleware/dns-rebinding.js.map +1 -0
package/build/server/middleware/index.d.ts +69 -0
package/build/server/middleware/index.d.ts.map +1 -0
package/build/server/middleware/index.js +68 -0
package/build/server/middleware/index.js.map +1 -0
package/build/server/middleware/logging.d.ts +21 -0
package/build/server/middleware/logging.d.ts.map +1 -0
package/build/server/middleware/logging.js +36 -0
package/build/server/middleware/logging.js.map +1 -0
package/build/server/middleware/oauth-router.d.ts +50 -0
package/build/server/middleware/oauth-router.d.ts.map +1 -0
package/build/server/middleware/oauth-router.js +53 -0
package/build/server/middleware/oauth-router.js.map +1 -0
package/build/server/middleware/protocol-version.d.ts +13 -0
package/build/server/middleware/protocol-version.d.ts.map +1 -0
package/build/server/middleware/protocol-version.js +48 -0
package/build/server/middleware/protocol-version.js.map +1 -0
package/build/server/middleware/rate-limit.d.ts +47 -0
package/build/server/middleware/rate-limit.d.ts.map +1 -0
package/build/server/middleware/rate-limit.js +109 -0
package/build/server/middleware/rate-limit.js.map +1 -0
package/build/server/middleware/trust-proxy.d.ts +37 -0
package/build/server/middleware/trust-proxy.d.ts.map +1 -0
package/build/server/middleware/trust-proxy.js +154 -0
package/build/server/middleware/trust-proxy.js.map +1 -0
package/build/server/option-overrides.d.ts +25 -0
package/build/server/option-overrides.d.ts.map +1 -0
package/build/server/option-overrides.js +85 -0
package/build/server/option-overrides.js.map +1 -0
package/build/server/routes/health.d.ts +87 -0
package/build/server/routes/health.d.ts.map +1 -0
package/build/server/routes/health.js +183 -0
package/build/server/routes/health.js.map +1 -0
package/build/server/routes/index.d.ts +16 -0
package/build/server/routes/index.d.ts.map +1 -0
package/build/server/routes/index.js +18 -0
package/build/server/routes/index.js.map +1 -0
package/build/server/routes/metrics.d.ts +40 -0
package/build/server/routes/metrics.d.ts.map +1 -0
package/build/server/routes/metrics.js +81 -0
package/build/server/routes/metrics.js.map +1 -0
package/build/server/routes/oauth-router.d.ts +50 -0
package/build/server/routes/oauth-router.d.ts.map +1 -0
package/build/server/routes/oauth-router.js +53 -0
package/build/server/routes/oauth-router.js.map +1 -0
package/build/server/routes/readiness-status.d.ts +25 -0
package/build/server/routes/readiness-status.d.ts.map +1 -0
package/build/server/routes/readiness-status.js +27 -0
package/build/server/routes/readiness-status.js.map +1 -0
package/build/server/routes/sse-router.d.ts +43 -0
package/build/server/routes/sse-router.d.ts.map +1 -0
package/build/server/routes/sse-router.js +92 -0
package/build/server/routes/sse-router.js.map +1 -0
package/build/server/routes/streamable-http-router.d.ts +36 -0
package/build/server/routes/streamable-http-router.d.ts.map +1 -0
package/build/server/routes/streamable-http-router.js +59 -0
package/build/server/routes/streamable-http-router.js.map +1 -0
package/build/server/server-instance.d.ts +185 -0
package/build/server/server-instance.d.ts.map +1 -0
package/build/server/server-instance.js +615 -0
package/build/server/server-instance.js.map +1 -0
package/build/server/server-options.d.ts +411 -0
package/build/server/server-options.d.ts.map +1 -0
package/build/server/server-options.js +17 -0
package/build/server/server-options.js.map +1 -0
package/build/server/session/in-memory-store.d.ts +128 -0
package/build/server/session/in-memory-store.d.ts.map +1 -0
package/build/server/session/in-memory-store.js +312 -0
package/build/server/session/in-memory-store.js.map +1 -0
package/build/server/session/index.d.ts +43 -0
package/build/server/session/index.d.ts.map +1 -0
package/build/server/session/index.js +47 -0
package/build/server/session/index.js.map +1 -0
package/build/server/session/mcp-session.d.ts +210 -0
package/build/server/session/mcp-session.d.ts.map +1 -0
package/build/server/session/mcp-session.js +428 -0
package/build/server/session/mcp-session.js.map +1 -0
package/build/server/session/session-factory.d.ts +119 -0
package/build/server/session/session-factory.d.ts.map +1 -0
package/build/server/session/session-factory.js +131 -0
package/build/server/session/session-factory.js.map +1 -0
package/build/server/session/session-housekeeper.d.ts +100 -0
package/build/server/session/session-housekeeper.d.ts.map +1 -0
package/build/server/session/session-housekeeper.js +217 -0
package/build/server/session/session-housekeeper.js.map +1 -0
package/build/server/session/session-manager.d.ts +227 -0
package/build/server/session/session-manager.d.ts.map +1 -0
package/build/server/session/session-manager.js +282 -0
package/build/server/session/session-manager.js.map +1 -0
package/build/server/session/session-store.d.ts +95 -0
package/build/server/session/session-store.d.ts.map +1 -0
package/build/server/session/session-store.js +13 -0
package/build/server/session/session-store.js.map +1 -0
package/build/server/session/session.d.ts +132 -0
package/build/server/session/session.d.ts.map +1 -0
package/build/server/session/session.js +61 -0
package/build/server/session/session.js.map +1 -0
package/build/server/transport/constants.d.ts +85 -0
package/build/server/transport/constants.d.ts.map +1 -0
package/build/server/transport/constants.js +103 -0
package/build/server/transport/constants.js.map +1 -0
package/build/server/transport/index.d.ts +21 -0
package/build/server/transport/index.d.ts.map +1 -0
package/build/server/transport/index.js +28 -0
package/build/server/transport/index.js.map +1 -0
package/build/server/transport/sse/handler.d.ts +46 -0
package/build/server/transport/sse/handler.d.ts.map +1 -0
package/build/server/transport/sse/handler.js +189 -0
package/build/server/transport/sse/handler.js.map +1 -0
package/build/server/transport/sse/index.d.ts +15 -0
package/build/server/transport/sse/index.d.ts.map +1 -0
package/build/server/transport/sse/index.js +14 -0
package/build/server/transport/sse/index.js.map +1 -0
package/build/server/transport/sse/transport.d.ts +94 -0
package/build/server/transport/sse/transport.d.ts.map +1 -0
package/build/server/transport/sse/transport.js +175 -0
package/build/server/transport/sse/transport.js.map +1 -0
package/build/server/transport/stdio-transport.d.ts +23 -0
package/build/server/transport/stdio-transport.d.ts.map +1 -0
package/build/server/transport/stdio-transport.js +59 -0
package/build/server/transport/stdio-transport.js.map +1 -0
package/build/server/transport/streamable-http/index.d.ts +9 -0
package/build/server/transport/streamable-http/index.d.ts.map +1 -0
package/build/server/transport/streamable-http/index.js +9 -0
package/build/server/transport/streamable-http/index.js.map +1 -0
package/build/server/transport/streamable-http/stateful-handler.d.ts +41 -0
package/build/server/transport/streamable-http/stateful-handler.d.ts.map +1 -0
package/build/server/transport/streamable-http/stateful-handler.js +264 -0
package/build/server/transport/streamable-http/stateful-handler.js.map +1 -0
package/build/server/transport/streamable-http/stateless-handler.d.ts +28 -0
package/build/server/transport/streamable-http/stateless-handler.d.ts.map +1 -0
package/build/server/transport/streamable-http/stateless-handler.js +81 -0
package/build/server/transport/streamable-http/stateless-handler.js.map +1 -0
package/build/server/transport/streamable-http/transport.d.ts +110 -0
package/build/server/transport/streamable-http/transport.d.ts.map +1 -0
package/build/server/transport/streamable-http/transport.js +118 -0
package/build/server/transport/streamable-http/transport.js.map +1 -0
package/build/server/transport/transport-context.d.ts +67 -0
package/build/server/transport/transport-context.d.ts.map +1 -0
package/build/server/transport/transport-context.js +38 -0
package/build/server/transport/transport-context.js.map +1 -0
package/build/server/transport/types.d.ts +56 -0
package/build/server/transport/types.d.ts.map +1 -0
package/build/server/transport/types.js +11 -0
package/build/server/transport/types.js.map +1 -0
package/build/server/transport-options.d.ts +248 -0
package/build/server/transport-options.d.ts.map +1 -0
package/build/server/transport-options.js +18 -0
package/build/server/transport-options.js.map +1 -0
package/build/server/types.d.ts +172 -0
package/build/server/types.d.ts.map +1 -0
package/build/server/types.js +9 -0
package/build/server/types.js.map +1 -0
package/build/telemetry/connection-telemetry-bridge.d.ts +30 -0
package/build/telemetry/connection-telemetry-bridge.d.ts.map +1 -0
package/build/telemetry/connection-telemetry-bridge.js +54 -0
package/build/telemetry/connection-telemetry-bridge.js.map +1 -0
package/build/telemetry/core/config.d.ts +38 -0
package/build/telemetry/core/config.d.ts.map +1 -0
package/build/telemetry/core/config.js +54 -0
package/build/telemetry/core/config.js.map +1 -0
package/build/telemetry/core/constants.d.ts +183 -0
package/build/telemetry/core/constants.d.ts.map +1 -0
package/build/telemetry/core/constants.js +207 -0
package/build/telemetry/core/constants.js.map +1 -0
package/build/telemetry/core/diag-logger.d.ts +35 -0
package/build/telemetry/core/diag-logger.d.ts.map +1 -0
package/build/telemetry/core/diag-logger.js +54 -0
package/build/telemetry/core/diag-logger.js.map +1 -0
package/build/telemetry/core/index.d.ts +12 -0
package/build/telemetry/core/index.d.ts.map +1 -0
package/build/telemetry/core/index.js +32 -0
package/build/telemetry/core/index.js.map +1 -0
package/build/telemetry/core/types.d.ts +106 -0
package/build/telemetry/core/types.d.ts.map +1 -0
package/build/telemetry/core/types.js +10 -0
package/build/telemetry/core/types.js.map +1 -0
package/build/telemetry/index.d.ts +59 -0
package/build/telemetry/index.d.ts.map +1 -0
package/build/telemetry/index.js +79 -0
package/build/telemetry/index.js.map +1 -0
package/build/telemetry/metrics.d.ts +127 -0
package/build/telemetry/metrics.d.ts.map +1 -0
package/build/telemetry/metrics.js +337 -0
package/build/telemetry/metrics.js.map +1 -0
package/build/telemetry/sdk.d.ts +110 -0
package/build/telemetry/sdk.d.ts.map +1 -0
package/build/telemetry/sdk.js +547 -0
package/build/telemetry/sdk.js.map +1 -0
package/build/telemetry/tracing.d.ts +78 -0
package/build/telemetry/tracing.d.ts.map +1 -0
package/build/telemetry/tracing.js +257 -0
package/build/telemetry/tracing.js.map +1 -0
package/build/utils/env-helpers.d.ts +46 -0
package/build/utils/env-helpers.d.ts.map +1 -0
package/build/utils/env-helpers.js +54 -0
package/build/utils/env-helpers.js.map +1 -0
package/build/utils/index.d.ts +14 -0
package/build/utils/index.d.ts.map +1 -0
package/build/utils/index.js +19 -0
package/build/utils/index.js.map +1 -0
package/build/utils/sensitive-keys.d.ts +48 -0
package/build/utils/sensitive-keys.d.ts.map +1 -0
package/build/utils/sensitive-keys.js +131 -0
package/build/utils/sensitive-keys.js.map +1 -0
package/build/utils/string-helpers.d.ts +126 -0
package/build/utils/string-helpers.d.ts.map +1 -0
package/build/utils/string-helpers.js +189 -0
package/build/utils/string-helpers.js.map +1 -0
package/build/utils/validation.d.ts +84 -0
package/build/utils/validation.d.ts.map +1 -0
package/build/utils/validation.js +111 -0
package/build/utils/validation.js.map +1 -0
package/build/utils/zod-helpers.d.ts +92 -0
package/build/utils/zod-helpers.d.ts.map +1 -0
package/build/utils/zod-helpers.js +120 -0
package/build/utils/zod-helpers.js.map +1 -0
package/package.json +133 -0

package/build/server/auth/types.d.ts ADDED Viewed

@@ -0,0 +1,204 @@
+/**
+ * Auth Types
+ *
+ * Core type definitions for the framework's authentication and authorization system.
+ * Provides the {@link AuthProvider} union type, {@link TokenVerifier} interface,
+ * and {@link AuthOptions} configuration.
+ *
+ * The SDK provides {@link OAuthServerProvider} for full OAuth flows and
+ * {@link OAuthTokenVerifier} for token-only verification. This module wraps
+ * these into a unified {@link AuthProvider} type for framework use.
+ *
+ * @module server/auth/types
+ */
+import type { OAuthServerProvider } from "@modelcontextprotocol/sdk/server/auth/provider.js";
+import type { AuthInfo } from "@modelcontextprotocol/sdk/server/auth/types.js";
+import type { RequestHandler } from "express";
+export type { OAuthServerProvider, AuthInfo };
+/**
+ * Minimal interface for custom token verification.
+ *
+ * Implement this to integrate non-OAuth auth (API keys, JWTs, custom tokens)
+ * into the framework's auth pipeline. Structurally compatible with the SDK's
+ * `OAuthTokenVerifier`.
+ *
+ * @example
+ * ```typescript
+ * const apiKeyVerifier: TokenVerifier = {
+ *   verifyAccessToken: async (token) => {
+ *     const user = await db.users.findByApiKey(token);
+ *     if (!user) throw new Error('Invalid API key');
+ *     return { token, clientId: user.id, scopes: user.permissions };
+ *   },
+ * };
+ * ```
+ */
+export interface TokenVerifier {
+    /**
+     * Verify an access token and return auth information.
+     *
+     * @param token - The bearer token from the Authorization header
+     * @returns Auth info with clientId, scopes, and optional expiry
+     * @throws If the token is invalid, expired, or revoked
+     */
+    verifyAccessToken(token: string): Promise<AuthInfo>;
+}
+/**
+ * Authentication provider — either a full OAuth server or a token verifier.
+ *
+ * - **`OAuthServerProvider`**: Full OAuth 2.1 flow with authorization,
+ *   token exchange, client registration, and token revocation.
+ *   Enables `mcpAuthRouter()` for `/authorize`, `/token`, etc.
+ *
+ * - **`TokenVerifier`**: Token-only verification for custom auth.
+ *   Bearer tokens are validated but no OAuth endpoints are mounted.
+ *
+ * Use {@link isFullOAuthProvider} to discriminate at runtime.
+ */
+export type AuthProvider = OAuthServerProvider | TokenVerifier;
+/**
+ * Type guard to distinguish a full OAuth provider from a token verifier.
+ *
+ * Full OAuth providers have a `clientsStore` property (per SDK's
+ * `OAuthServerProvider` interface) — token verifiers do not.
+ *
+ * @param provider - The auth provider to check
+ * @returns `true` if the provider offers full OAuth capabilities
+ */
+export declare function isFullOAuthProvider(provider: AuthProvider): provider is OAuthServerProvider;
+/**
+ * Extra data attached to the auth context by the consumer.
+ *
+ * Populated via the `onAuthenticated` hook, this allows consumers to
+ * map OAuth `clientId`/`scopes` to their own user model, permissions,
+ * or any additional data needed in tool handlers.
+ *
+ * @example
+ * ```typescript
+ * auth: {
+ *   onAuthenticated: async (authInfo) => ({
+ *     userId: await resolveUser(authInfo.clientId),
+ *     role: 'admin',
+ *     permissions: ['read', 'write', 'deploy'],
+ *   }),
+ * }
+ * ```
+ */
+export type AuthenticatedExtra = Record<string, unknown>;
+/**
+ * Authentication configuration for the server.
+ *
+ * Passed via `ServerOptions.auth` or `McpServerBuilder.withAuthOptions()`.
+ *
+ * @example External OAuth provider (e.g. GitHub via SDK's ProxyOAuthServerProvider)
+ * ```typescript
+ * import { ProxyOAuthServerProvider } from '@modelcontextprotocol/sdk/server/auth/providers/proxyProvider.js';
+ *
+ * const github = new ProxyOAuthServerProvider({ endpoints, verifyAccessToken, getClient });
+ * createServer({
+ *   name: 'my-server',
+ *   version: '1.0.0',
+ *   transport: { mode: 'http' },
+ *   auth: {
+ *     provider: github,
+ *     issuerUrl: new URL('https://github.com'),
+ *     requiredScopes: ['read:user'],
+ *   },
+ * });
+ * ```
+ *
+ * @example Custom header auth (e.g. X-API-Key)
+ * ```typescript
+ * createServer({
+ *   name: 'my-server',
+ *   version: '1.0.0',
+ *   transport: { mode: 'http' },
+ *   auth: {
+ *     provider: myApiKeyVerifier,
+ *     headerName: 'X-API-Key',
+ *   },
+ * });
+ * ```
+ *
+ * @example Token verification only (Bearer)
+ * ```typescript
+ * createServer({
+ *   name: 'my-server',
+ *   version: '1.0.0',
+ *   transport: { mode: 'http' },
+ *   auth: {
+ *     provider: myJwtVerifier,
+ *   },
+ * });
+ * ```
+ */
+export interface AuthOptions {
+    /** Authentication provider (full OAuth or token verifier) */
+    readonly provider: AuthProvider;
+    /**
+     * Global required scopes for the `/mcp` endpoint.
+     *
+     * All requests to `/mcp` must have tokens with these scopes.
+     * Per-capability scopes can be set via `requiredScopes` on tool, resource, and prompt definitions.
+     */
+    readonly requiredScopes?: string[];
+    /**
+     * When `true`, capability list handlers (`tools/list`, `resources/list`, `prompts/list`)
+     * filter out entries whose `requiredScopes` are not satisfied by the requesting user's token.
+     *
+     * **Default: `false`** (spec-konform — all capabilities are listed regardless of scopes).
+     * Enforcement always happens at execution time (403), independent of this setting.
+     *
+     * Enable this for UIs that should only show actionable items to users.
+     */
+    readonly scopeFilterCapabilities?: boolean;
+    /**
+     * OAuth issuer URL (Authorization Server identifier).
+     *
+     * Required for full OAuth providers. Used as the `issuer` in
+     * OAuth Authorization Server Metadata (RFC 8414).
+     * Must use HTTPS scheme and have no query or fragment components.
+     */
+    readonly issuerUrl?: URL;
+    /**
+     * Protected Resource Metadata URL (RFC 9728).
+     *
+     * Included in `WWW-Authenticate` headers for 401 responses,
+     * allowing clients to discover the authorization server.
+     */
+    readonly resourceMetadataUrl?: string;
+    /**
+     * Custom header name for token extraction.
+     *
+     * When set, the framework extracts the token from this header instead of
+     * the standard `Authorization: Bearer <token>` header. Only allowed with
+     * {@link TokenVerifier} providers (not with full OAuth providers).
+     *
+     * @example `'X-API-Key'` — extracts the value of the `X-API-Key` header
+     */
+    readonly headerName?: string;
+    /**
+     * Hook called after successful token verification.
+     *
+     * Use this to map OAuth `clientId`/`scopes` to your own user model.
+     * The returned data is available in tool handlers via `context.auth.extra`.
+     *
+     * @param authInfo - Verified auth info from the token
+     * @returns Extra data for `context.auth.extra`, or `undefined`
+     */
+    readonly onAuthenticated?: (authInfo: AuthInfo) => Promise<AuthenticatedExtra | undefined>;
+    /**
+     * Express handler for the OAuth callback route (`GET /callback`).
+     *
+     * Required for OAuth providers that use server-side callbacks (e.g.,
+     * GitHub, Google) where the upstream provider redirects back to the
+     * MCP server rather than directly to the MCP client.
+     *
+     * The handler receives the authorization code from the upstream provider
+     * and redirects the user to the MCP client's redirect_uri.
+     *
+     * Only effective when a full OAuth provider is configured.
+     */
+    readonly callbackHandler?: RequestHandler;
+}
+//# sourceMappingURL=types.d.ts.map

package/build/server/auth/types.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/server/auth/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,mDAAmD,CAAC;AAC7F,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,gDAAgD,CAAC;AAC/E,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,SAAS,CAAC;AAG9C,YAAY,EAAE,mBAAmB,EAAE,QAAQ,EAAE,CAAC;AAM9C;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,WAAW,aAAa;IAC5B;;;;;;OAMG;IACH,iBAAiB,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;CACrD;AAMD;;;;;;;;;;;GAWG;AACH,MAAM,MAAM,YAAY,GAAG,mBAAmB,GAAG,aAAa,CAAC;AAM/D;;;;;;;;GAQG;AACH,wBAAgB,mBAAmB,CAAC,QAAQ,EAAE,YAAY,GAAG,QAAQ,IAAI,mBAAmB,CAE3F;AAMD;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,MAAM,kBAAkB,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AAMzD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8CG;AACH,MAAM,WAAW,WAAW;IAC1B,6DAA6D;IAC7D,QAAQ,CAAC,QAAQ,EAAE,YAAY,CAAC;IAEhC;;;;;OAKG;IACH,QAAQ,CAAC,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;IAEnC;;;;;;;;OAQG;IACH,QAAQ,CAAC,uBAAuB,CAAC,EAAE,OAAO,CAAC;IAE3C;;;;;;OAMG;IACH,QAAQ,CAAC,SAAS,CAAC,EAAE,GAAG,CAAC;IAEzB;;;;;OAKG;IACH,QAAQ,CAAC,mBAAmB,CAAC,EAAE,MAAM,CAAC;IAEtC;;;;;;;;OAQG;IACH,QAAQ,CAAC,UAAU,CAAC,EAAE,MAAM,CAAC;IAE7B;;;;;;;;OAQG;IACH,QAAQ,CAAC,eAAe,CAAC,EAAE,CAAC,QAAQ,EAAE,QAAQ,KAAK,OAAO,CAAC,kBAAkB,GAAG,SAAS,CAAC,CAAC;IAE3F;;;;;;;;;;;OAWG;IACH,QAAQ,CAAC,eAAe,CAAC,EAAE,cAAc,CAAC;CAC3C"}

package/build/server/auth/types.js ADDED Viewed

@@ -0,0 +1,29 @@
+/**
+ * Auth Types
+ *
+ * Core type definitions for the framework's authentication and authorization system.
+ * Provides the {@link AuthProvider} union type, {@link TokenVerifier} interface,
+ * and {@link AuthOptions} configuration.
+ *
+ * The SDK provides {@link OAuthServerProvider} for full OAuth flows and
+ * {@link OAuthTokenVerifier} for token-only verification. This module wraps
+ * these into a unified {@link AuthProvider} type for framework use.
+ *
+ * @module server/auth/types
+ */
+// ============================================================================
+// Type Guards
+// ============================================================================
+/**
+ * Type guard to distinguish a full OAuth provider from a token verifier.
+ *
+ * Full OAuth providers have a `clientsStore` property (per SDK's
+ * `OAuthServerProvider` interface) — token verifiers do not.
+ *
+ * @param provider - The auth provider to check
+ * @returns `true` if the provider offers full OAuth capabilities
+ */
+export function isFullOAuthProvider(provider) {
+    return "clientsStore" in provider;
+}
+//# sourceMappingURL=types.js.map

package/build/server/auth/types.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/server/auth/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AA4DH,+EAA+E;AAC/E,cAAc;AACd,+EAA+E;AAE/E;;;;;;;;GAQG;AACH,MAAM,UAAU,mBAAmB,CAAC,QAAsB;IACxD,OAAO,cAAc,IAAI,QAAQ,CAAC;AACpC,CAAC"}

package/build/server/auth/upstream-provider.d.ts ADDED Viewed

@@ -0,0 +1,161 @@
+/**
+ * Upstream OAuth Provider Factory
+ *
+ * Creates a generic {@link OAuthServerProvider} that proxies OAuth flows
+ * to any upstream authorization server using the **server-side callback pattern**.
+ *
+ * This pattern is needed because MCP clients (Inspector, VS Code, Claude Desktop)
+ * each have their own callback URL, but upstream providers (GitHub, Google, etc.)
+ * validate `redirect_uri` against the registered callback. By routing all callbacks
+ * through the MCP server, we solve this mismatch transparently.
+ *
+ * Flow:
+ *   Client → MCP Server /authorize → Upstream /authorize
+ *     (redirect_uri = MCP Server /callback)
+ *   Upstream → MCP Server /callback?code=X&state=UP
+ *   MCP Server → Client callback?code=X&state=DOWN
+ *   Client → MCP Server /token (code=X)
+ *   MCP Server → Upstream token endpoint → returns token
+ *
+ * @example
+ * ```typescript
+ * import { createUpstreamOAuthProvider } from 'mcp-server-framework';
+ *
+ * const { provider, callbackHandler } = createUpstreamOAuthProvider({
+ *   endpoints: {
+ *     authorizationUrl: 'https://github.com/login/oauth/authorize',
+ *     tokenUrl: 'https://github.com/login/oauth/access_token',
+ *     userinfoUrl: 'https://api.github.com/user',
+ *   },
+ *   clientId: process.env.GITHUB_CLIENT_ID!,
+ *   clientSecret: process.env.GITHUB_CLIENT_SECRET!,
+ *   serverUrl: 'http://localhost:8000',
+ *   upstreamScopes: ['read:user'],
+ *   tokenRequestContentType: 'json',
+ *   mapUserInfo: async (token, data) => ({
+ *     token,
+ *     clientId: data.login as string,
+ *     scopes: ['read', 'write'],
+ *     expiresAt: Math.floor(Date.now() / 1000) + 3600,
+ *   }),
+ * });
+ *
+ * createServer({
+ *   auth: { provider, callbackHandler, issuerUrl: new URL('http://localhost:8000') },
+ * });
+ * ```
+ *
+ * @module server/auth/upstream-provider
+ */
+import type { RequestHandler } from "express";
+import type { OAuthServerProvider } from "@modelcontextprotocol/sdk/server/auth/provider.js";
+import type { AuthInfo } from "@modelcontextprotocol/sdk/server/auth/types.js";
+/**
+ * Upstream OAuth endpoint URLs.
+ */
+export interface UpstreamEndpoints {
+    /** Authorization endpoint (user is redirected here) */
+    readonly authorizationUrl: string;
+    /** Token endpoint (code → access_token exchange) */
+    readonly tokenUrl: string;
+    /**
+     * UserInfo endpoint for token verification.
+     * The response is passed to {@link UpstreamOAuthOptions.mapUserInfo}.
+     * Required unless a custom `verifyAccessToken` is provided.
+     */
+    readonly userinfoUrl?: string | undefined;
+    /** Token revocation endpoint (optional) */
+    readonly revocationUrl?: string | undefined;
+}
+/**
+ * Options for {@link createUpstreamOAuthProvider}.
+ */
+export interface UpstreamOAuthOptions {
+    /** Upstream OAuth endpoint URLs */
+    readonly endpoints: UpstreamEndpoints;
+    /** Client ID registered with the upstream OAuth provider */
+    readonly clientId: string;
+    /** Client secret registered with the upstream OAuth provider */
+    readonly clientSecret: string;
+    /** MCP server base URL (e.g. `http://localhost:8000`). Used as `redirect_uri` target. */
+    readonly serverUrl: string;
+    /** Scopes to request from the upstream provider (e.g. `['read:user']`, `['openid', 'profile']`) */
+    readonly upstreamScopes: readonly string[];
+    /**
+     * Map the upstream userinfo response to MCP {@link AuthInfo}.
+     *
+     * Called by `verifyAccessToken()` after fetching the userinfo endpoint.
+     * The `data` parameter contains the parsed JSON response from the userinfo URL.
+     *
+     * @param token - The access token being verified
+     * @param data - Parsed JSON response from the userinfo endpoint
+     * @returns Auth info for the MCP session
+     */
+    readonly mapUserInfo: (token: string, data: Record<string, unknown>) => Promise<AuthInfo>;
+    /**
+     * Content type for the token exchange request.
+     * - `'form'` — `application/x-www-form-urlencoded` (OAuth 2.1 standard, default)
+     * - `'json'` — `application/json` (used by GitHub)
+     *
+     * @default 'form'
+     */
+    readonly tokenRequestContentType?: "form" | "json";
+    /**
+     * Extra query parameters appended to the upstream authorization URL.
+     * Useful for non-standard providers that need additional parameters
+     * like `response_type`, `access_type`, etc.
+     *
+     * Standard parameters (`client_id`, `redirect_uri`, `state`, `scope`)
+     * are set automatically and should NOT be included here.
+     */
+    readonly upstreamAuthorizeParams?: Readonly<Record<string, string>>;
+    /**
+     * Whether the upstream provider supports refresh tokens.
+     * When `true`, `exchangeRefreshToken()` proxies to the token endpoint.
+     *
+     * @default false
+     */
+    readonly refreshTokenSupport?: boolean;
+    /**
+     * TTL for pending authorization state (upstream state → client info mapping).
+     * @default 600000 (10 minutes)
+     */
+    readonly pendingAuthTtlMs?: number;
+    /**
+     * TTL for code context (authorization code → redirect_uri mapping).
+     * @default 300000 (5 minutes)
+     */
+    readonly codeContextTtlMs?: number;
+}
+/**
+ * Result of {@link createUpstreamOAuthProvider}.
+ *
+ * Pass `provider` and `callbackHandler` to {@link AuthOptions}:
+ * ```typescript
+ * createServer({
+ *   auth: { provider, callbackHandler, issuerUrl: new URL(serverUrl) },
+ * });
+ * ```
+ */
+export interface UpstreamOAuthProviderResult {
+    /** OAuthServerProvider for the framework's auth pipeline */
+    readonly provider: OAuthServerProvider;
+    /** Express handler for `GET /callback` — receives upstream redirects */
+    readonly callbackHandler: RequestHandler;
+    /** Dispose cleanup resources (eviction timers). Called during server shutdown. */
+    readonly dispose?: () => void;
+}
+/**
+ * Creates an {@link OAuthServerProvider} that proxies OAuth flows to an
+ * upstream authorization server using server-side callbacks.
+ *
+ * This is the generic extraction of the server-side callback pattern —
+ * all provider-specific logic is encapsulated in the options (endpoints,
+ * scopes, `mapUserInfo`). The boilerplate (client store, state mapping,
+ * callback handler, token exchange, TTL management) is handled here.
+ *
+ * @param options - Upstream OAuth configuration
+ * @returns Provider and callback handler, ready for {@link AuthOptions}
+ */
+export declare function createUpstreamOAuthProvider(options: UpstreamOAuthOptions): UpstreamOAuthProviderResult;
+//# sourceMappingURL=upstream-provider.d.ts.map

package/build/server/auth/upstream-provider.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"upstream-provider.d.ts","sourceRoot":"","sources":["../../../src/server/auth/upstream-provider.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgDG;AAGH,OAAO,KAAK,EAAqB,cAAc,EAAE,MAAM,SAAS,CAAC;AACjE,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,mDAAmD,CAAC;AAC7F,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,gDAAgD,CAAC;AAsC/E;;GAEG;AACH,MAAM,WAAW,iBAAiB;IAChC,uDAAuD;IACvD,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC;IAElC,oDAAoD;IACpD,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAE1B;;;;OAIG;IACH,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;IAE1C,2CAA2C;IAC3C,QAAQ,CAAC,aAAa,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;CAC7C;AAED;;GAEG;AACH,MAAM,WAAW,oBAAoB;IACnC,mCAAmC;IACnC,QAAQ,CAAC,SAAS,EAAE,iBAAiB,CAAC;IAEtC,4DAA4D;IAC5D,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAE1B,gEAAgE;IAChE,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAE9B,yFAAyF;IACzF,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAE3B,mGAAmG;IACnG,QAAQ,CAAC,cAAc,EAAE,SAAS,MAAM,EAAE,CAAC;IAE3C;;;;;;;;;OASG;IACH,QAAQ,CAAC,WAAW,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,KAAK,OAAO,CAAC,QAAQ,CAAC,CAAC;IAE1F;;;;;;OAMG;IACH,QAAQ,CAAC,uBAAuB,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAEnD;;;;;;;OAOG;IACH,QAAQ,CAAC,uBAAuB,CAAC,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;IAEpE;;;;;OAKG;IACH,QAAQ,CAAC,mBAAmB,CAAC,EAAE,OAAO,CAAC;IAEvC;;;OAGG;IACH,QAAQ,CAAC,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAEnC;;;OAGG;IACH,QAAQ,CAAC,gBAAgB,CAAC,EAAE,MAAM,CAAC;CACpC;AAED;;;;;;;;;GASG;AACH,MAAM,WAAW,2BAA2B;IAC1C,4DAA4D;IAC5D,QAAQ,CAAC,QAAQ,EAAE,mBAAmB,CAAC;IAEvC,wEAAwE;IACxE,QAAQ,CAAC,eAAe,EAAE,cAAc,CAAC;IAEzC,kFAAkF;IAClF,QAAQ,CAAC,OAAO,CAAC,EAAE,MAAM,IAAI,CAAC;CAC/B;AAwBD;;;;;;;;;;;GAWG;AACH,wBAAgB,2BAA2B,CAAC,OAAO,EAAE,oBAAoB,GAAG,2BAA2B,CAgXtG"}