mcp-use 1.34.0 → 1.34.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/.tsbuildinfo +1 -1
- package/dist/{chunk-3UOADQDZ.js → chunk-2EBW4344.js} +40 -4
- package/dist/{chunk-U6UCVQKQ.js → chunk-D7SEH5RU.js} +4 -4
- package/dist/{chunk-3N6PYMAD.js → chunk-LPVVF6US.js} +2 -2
- package/dist/{chunk-AOZBHAT7.js → chunk-LZOTKOYW.js} +1 -1
- package/dist/{chunk-VWJXSLCF.js → chunk-N3DGPXFX.js} +38 -2
- package/dist/{chunk-EIYWOJYK.js → chunk-NXLY2JS7.js} +1 -1
- package/dist/{chunk-WEMFZYUR.js → chunk-PSOT2YDT.js} +1 -1
- package/dist/{chunk-2J3FVMZ5.js → chunk-TAPTQKI4.js} +1 -1
- package/dist/{chunk-7MKAP6XK.js → chunk-VYDFQS24.js} +1 -1
- package/dist/{chunk-XS2ZMBOG.js → chunk-XIAP7CEH.js} +1 -1
- package/dist/{chunk-BOFDVMBT.js → chunk-YQIRNTLE.js} +2 -2
- package/dist/{chunk-4KP3757O.js → chunk-YZ22J43K.js} +1 -1
- package/dist/{client-O5HMGXF3.js → client-AGYZM4PU.js} +4 -4
- package/dist/index.cjs +39 -3
- package/dist/index.js +7 -7
- package/dist/src/agents/index.cjs +1 -1
- package/dist/src/agents/index.js +4 -4
- package/dist/src/auth/browser-provider.d.ts +16 -0
- package/dist/src/auth/browser-provider.d.ts.map +1 -1
- package/dist/src/auth/index.cjs +38 -2
- package/dist/src/auth/index.js +1 -1
- package/dist/src/browser-agent.cjs +1 -1
- package/dist/src/browser-agent.js +2 -2
- package/dist/src/browser.cjs +39 -3
- package/dist/src/browser.js +4 -4
- package/dist/src/client.cjs +1 -1
- package/dist/src/client.js +4 -4
- package/dist/src/react/index.cjs +39 -3
- package/dist/src/react/index.js +4 -4
- package/dist/src/server/index.cjs +1 -1
- package/dist/src/server/index.js +7 -7
- package/dist/src/version.d.ts +1 -1
- package/dist/{stdio-QIYDKXTT.js → stdio-ECCMBHYL.js} +3 -3
- package/dist/{stdio-NRH7PMXI.js → stdio-VYJBFXTQ.js} +2 -2
- package/dist/{tool-execution-helpers-GEQBGCKR.js → tool-execution-helpers-J4XLCZBU.js} +2 -2
- package/package.json +3 -3
|
@@ -3,11 +3,11 @@ import {
|
|
|
3
3
|
HttpConnector,
|
|
4
4
|
normalizeClientInfo,
|
|
5
5
|
resolveCallbacks
|
|
6
|
-
} from "./chunk-
|
|
6
|
+
} from "./chunk-YQIRNTLE.js";
|
|
7
7
|
import {
|
|
8
8
|
Tel,
|
|
9
9
|
getPackageVersion
|
|
10
|
-
} from "./chunk-
|
|
10
|
+
} from "./chunk-XIAP7CEH.js";
|
|
11
11
|
import {
|
|
12
12
|
logger
|
|
13
13
|
} from "./chunk-QWQYAQCK.js";
|
|
@@ -523,6 +523,41 @@ var BrowserOAuthClientProvider = class {
|
|
|
523
523
|
getKey(keySuffix) {
|
|
524
524
|
return this.session.getKey(keySuffix);
|
|
525
525
|
}
|
|
526
|
+
/**
|
|
527
|
+
* Re-anchor an SDK-derived OAuth discovery URL from the MCP connection
|
|
528
|
+
* (proxy) origin onto the actual MCP server.
|
|
529
|
+
*
|
|
530
|
+
* When MCP traffic is tunneled through a gateway/inspector proxy, the SDK
|
|
531
|
+
* transport derives `/.well-known/*` URLs from the URL it connected to (the
|
|
532
|
+
* proxy) whenever no `resource_metadata` hint is available — the SSE
|
|
533
|
+
* transport's EventSource cannot read `WWW-Authenticate`, and token refresh
|
|
534
|
+
* runs without a 401 response at hand. The proxy origin serves no OAuth
|
|
535
|
+
* metadata, so discovery would fail and the server would be misclassified
|
|
536
|
+
* as "does not support OAuth". Rewriting reproduces what a direct
|
|
537
|
+
* connection would have requested: the same well-known document, anchored
|
|
538
|
+
* on the server origin, with the RFC 8414 §3.1 / RFC 9728 §3.1 path
|
|
539
|
+
* insertion using the server's path instead of the proxy's.
|
|
540
|
+
*/
|
|
541
|
+
reanchorWellKnownUrl(url) {
|
|
542
|
+
if (!this.connectionUrl) return url;
|
|
543
|
+
try {
|
|
544
|
+
const requested = new URL(url);
|
|
545
|
+
const connection = new URL(this.connectionUrl);
|
|
546
|
+
if (requested.origin !== connection.origin) return url;
|
|
547
|
+
if (!requested.pathname.startsWith("/.well-known/")) return url;
|
|
548
|
+
const target = new URL(this.serverUrl);
|
|
549
|
+
const rest = requested.pathname.slice("/.well-known/".length);
|
|
550
|
+
const [doc, ...suffixParts] = rest.split("/");
|
|
551
|
+
if (!doc) return url;
|
|
552
|
+
const suffix = suffixParts.length ? `/${suffixParts.join("/")}` : "";
|
|
553
|
+
const connectionPath = connection.pathname.replace(/\/+$/, "");
|
|
554
|
+
const targetPath = target.pathname.replace(/\/+$/, "");
|
|
555
|
+
const newSuffix = suffix && suffix === connectionPath ? targetPath : suffix;
|
|
556
|
+
return `${target.origin}/.well-known/${doc}${newSuffix}${requested.search}`;
|
|
557
|
+
} catch {
|
|
558
|
+
return url;
|
|
559
|
+
}
|
|
560
|
+
}
|
|
526
561
|
/**
|
|
527
562
|
* Returns a `fetch` function, scoped to this provider, that routes OAuth
|
|
528
563
|
* requests (`.well-known` metadata, token, register, authorize) through the
|
|
@@ -552,7 +587,8 @@ var BrowserOAuthClientProvider = class {
|
|
|
552
587
|
const connectionUrl = this.connectionUrl;
|
|
553
588
|
const serverUrl = this.serverUrl;
|
|
554
589
|
return async (input, init) => {
|
|
555
|
-
const
|
|
590
|
+
const requestedUrl = typeof input === "string" ? input : input instanceof URL ? input.toString() : input.url;
|
|
591
|
+
const url = this.reanchorWellKnownUrl(requestedUrl);
|
|
556
592
|
const isOAuthRequest = url.includes("/.well-known/") || url.match(/\/(register|token|authorize)$/);
|
|
557
593
|
if (!isOAuthRequest) {
|
|
558
594
|
return await base(input, init);
|
|
@@ -622,7 +658,7 @@ var BrowserOAuthClientProvider = class {
|
|
|
622
658
|
"[OAuth Proxy] Request failed, falling back to direct fetch:",
|
|
623
659
|
error
|
|
624
660
|
);
|
|
625
|
-
return await base(input, init);
|
|
661
|
+
return url !== requestedUrl ? await base(url, init) : await base(input, init);
|
|
626
662
|
}
|
|
627
663
|
};
|
|
628
664
|
}
|
|
@@ -3,17 +3,17 @@ import {
|
|
|
3
3
|
} from "./chunk-GKPKUKD6.js";
|
|
4
4
|
import {
|
|
5
5
|
CodeModeConnector
|
|
6
|
-
} from "./chunk-
|
|
6
|
+
} from "./chunk-TAPTQKI4.js";
|
|
7
7
|
import {
|
|
8
8
|
BaseConnector
|
|
9
|
-
} from "./chunk-
|
|
9
|
+
} from "./chunk-YZ22J43K.js";
|
|
10
10
|
import {
|
|
11
11
|
JSONSchemaToZod
|
|
12
12
|
} from "./chunk-LG5NSHEL.js";
|
|
13
13
|
import {
|
|
14
14
|
Tel,
|
|
15
15
|
getPackageVersion
|
|
16
|
-
} from "./chunk-
|
|
16
|
+
} from "./chunk-PSOT2YDT.js";
|
|
17
17
|
import {
|
|
18
18
|
logger
|
|
19
19
|
} from "./chunk-QWQYAQCK.js";
|
|
@@ -2356,7 +2356,7 @@ var MCPClient = class _MCPClient extends BaseMCPClient {
|
|
|
2356
2356
|
clientInfo: serverConfig.clientInfo ?? this.config.clientInfo
|
|
2357
2357
|
};
|
|
2358
2358
|
if ("command" in merged && "args" in merged) {
|
|
2359
|
-
const { StdioConnector } = await import("./stdio-
|
|
2359
|
+
const { StdioConnector } = await import("./stdio-ECCMBHYL.js");
|
|
2360
2360
|
const stdioConfig = merged;
|
|
2361
2361
|
return new StdioConnector({
|
|
2362
2362
|
command: stdioConfig.command,
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import {
|
|
2
2
|
CODE_MODE_AGENT_PROMPT
|
|
3
|
-
} from "./chunk-
|
|
3
|
+
} from "./chunk-TAPTQKI4.js";
|
|
4
4
|
import {
|
|
5
5
|
LangChainAdapter
|
|
6
6
|
} from "./chunk-27JERD25.js";
|
|
@@ -8,7 +8,7 @@ import {
|
|
|
8
8
|
Telemetry,
|
|
9
9
|
extractModelInfo,
|
|
10
10
|
getPackageVersion
|
|
11
|
-
} from "./chunk-
|
|
11
|
+
} from "./chunk-PSOT2YDT.js";
|
|
12
12
|
import {
|
|
13
13
|
logger
|
|
14
14
|
} from "./chunk-QWQYAQCK.js";
|
|
@@ -95,6 +95,41 @@ var BrowserOAuthClientProvider = class {
|
|
|
95
95
|
getKey(keySuffix) {
|
|
96
96
|
return this.session.getKey(keySuffix);
|
|
97
97
|
}
|
|
98
|
+
/**
|
|
99
|
+
* Re-anchor an SDK-derived OAuth discovery URL from the MCP connection
|
|
100
|
+
* (proxy) origin onto the actual MCP server.
|
|
101
|
+
*
|
|
102
|
+
* When MCP traffic is tunneled through a gateway/inspector proxy, the SDK
|
|
103
|
+
* transport derives `/.well-known/*` URLs from the URL it connected to (the
|
|
104
|
+
* proxy) whenever no `resource_metadata` hint is available — the SSE
|
|
105
|
+
* transport's EventSource cannot read `WWW-Authenticate`, and token refresh
|
|
106
|
+
* runs without a 401 response at hand. The proxy origin serves no OAuth
|
|
107
|
+
* metadata, so discovery would fail and the server would be misclassified
|
|
108
|
+
* as "does not support OAuth". Rewriting reproduces what a direct
|
|
109
|
+
* connection would have requested: the same well-known document, anchored
|
|
110
|
+
* on the server origin, with the RFC 8414 §3.1 / RFC 9728 §3.1 path
|
|
111
|
+
* insertion using the server's path instead of the proxy's.
|
|
112
|
+
*/
|
|
113
|
+
reanchorWellKnownUrl(url) {
|
|
114
|
+
if (!this.connectionUrl) return url;
|
|
115
|
+
try {
|
|
116
|
+
const requested = new URL(url);
|
|
117
|
+
const connection = new URL(this.connectionUrl);
|
|
118
|
+
if (requested.origin !== connection.origin) return url;
|
|
119
|
+
if (!requested.pathname.startsWith("/.well-known/")) return url;
|
|
120
|
+
const target = new URL(this.serverUrl);
|
|
121
|
+
const rest = requested.pathname.slice("/.well-known/".length);
|
|
122
|
+
const [doc, ...suffixParts] = rest.split("/");
|
|
123
|
+
if (!doc) return url;
|
|
124
|
+
const suffix = suffixParts.length ? `/${suffixParts.join("/")}` : "";
|
|
125
|
+
const connectionPath = connection.pathname.replace(/\/+$/, "");
|
|
126
|
+
const targetPath = target.pathname.replace(/\/+$/, "");
|
|
127
|
+
const newSuffix = suffix && suffix === connectionPath ? targetPath : suffix;
|
|
128
|
+
return `${target.origin}/.well-known/${doc}${newSuffix}${requested.search}`;
|
|
129
|
+
} catch {
|
|
130
|
+
return url;
|
|
131
|
+
}
|
|
132
|
+
}
|
|
98
133
|
/**
|
|
99
134
|
* Returns a `fetch` function, scoped to this provider, that routes OAuth
|
|
100
135
|
* requests (`.well-known` metadata, token, register, authorize) through the
|
|
@@ -124,7 +159,8 @@ var BrowserOAuthClientProvider = class {
|
|
|
124
159
|
const connectionUrl = this.connectionUrl;
|
|
125
160
|
const serverUrl = this.serverUrl;
|
|
126
161
|
return async (input, init) => {
|
|
127
|
-
const
|
|
162
|
+
const requestedUrl = typeof input === "string" ? input : input instanceof URL ? input.toString() : input.url;
|
|
163
|
+
const url = this.reanchorWellKnownUrl(requestedUrl);
|
|
128
164
|
const isOAuthRequest = url.includes("/.well-known/") || url.match(/\/(register|token|authorize)$/);
|
|
129
165
|
if (!isOAuthRequest) {
|
|
130
166
|
return await base(input, init);
|
|
@@ -194,7 +230,7 @@ var BrowserOAuthClientProvider = class {
|
|
|
194
230
|
"[OAuth Proxy] Request failed, falling back to direct fetch:",
|
|
195
231
|
error
|
|
196
232
|
);
|
|
197
|
-
return await base(input, init);
|
|
233
|
+
return url !== requestedUrl ? await base(url, init) : await base(input, init);
|
|
198
234
|
}
|
|
199
235
|
};
|
|
200
236
|
}
|
|
@@ -1,11 +1,11 @@
|
|
|
1
1
|
import {
|
|
2
2
|
BaseConnector,
|
|
3
3
|
ConnectionManager
|
|
4
|
-
} from "./chunk-
|
|
4
|
+
} from "./chunk-VYDFQS24.js";
|
|
5
5
|
import {
|
|
6
6
|
Tel,
|
|
7
7
|
getPackageVersion
|
|
8
|
-
} from "./chunk-
|
|
8
|
+
} from "./chunk-XIAP7CEH.js";
|
|
9
9
|
import {
|
|
10
10
|
logger
|
|
11
11
|
} from "./chunk-QWQYAQCK.js";
|
|
@@ -7,15 +7,15 @@ import {
|
|
|
7
7
|
createConnectorFromConfig,
|
|
8
8
|
normalizeClientInfo,
|
|
9
9
|
resolveCallbacks
|
|
10
|
-
} from "./chunk-
|
|
10
|
+
} from "./chunk-YQIRNTLE.js";
|
|
11
11
|
import "./chunk-URE3PRDB.js";
|
|
12
12
|
import {
|
|
13
13
|
BaseConnector
|
|
14
|
-
} from "./chunk-
|
|
14
|
+
} from "./chunk-VYDFQS24.js";
|
|
15
15
|
import {
|
|
16
16
|
Tel,
|
|
17
17
|
getPackageVersion
|
|
18
|
-
} from "./chunk-
|
|
18
|
+
} from "./chunk-XIAP7CEH.js";
|
|
19
19
|
import {
|
|
20
20
|
logger
|
|
21
21
|
} from "./chunk-QWQYAQCK.js";
|
|
@@ -1107,7 +1107,7 @@ var MCPClient = class _MCPClient extends BaseMCPClient {
|
|
|
1107
1107
|
clientInfo: serverConfig.clientInfo ?? this.config.clientInfo
|
|
1108
1108
|
};
|
|
1109
1109
|
if ("command" in merged && "args" in merged) {
|
|
1110
|
-
const { StdioConnector } = await import("./stdio-
|
|
1110
|
+
const { StdioConnector } = await import("./stdio-VYJBFXTQ.js");
|
|
1111
1111
|
const stdioConfig = merged;
|
|
1112
1112
|
return new StdioConnector({
|
|
1113
1113
|
command: stdioConfig.command,
|
package/dist/index.cjs
CHANGED
|
@@ -1170,7 +1170,7 @@ var VERSION;
|
|
|
1170
1170
|
var init_version = __esm({
|
|
1171
1171
|
"src/version.ts"() {
|
|
1172
1172
|
"use strict";
|
|
1173
|
-
VERSION = "1.34.
|
|
1173
|
+
VERSION = "1.34.1";
|
|
1174
1174
|
__name(getPackageVersion, "getPackageVersion");
|
|
1175
1175
|
}
|
|
1176
1176
|
});
|
|
@@ -10102,6 +10102,41 @@ var BrowserOAuthClientProvider = class {
|
|
|
10102
10102
|
getKey(keySuffix) {
|
|
10103
10103
|
return this.session.getKey(keySuffix);
|
|
10104
10104
|
}
|
|
10105
|
+
/**
|
|
10106
|
+
* Re-anchor an SDK-derived OAuth discovery URL from the MCP connection
|
|
10107
|
+
* (proxy) origin onto the actual MCP server.
|
|
10108
|
+
*
|
|
10109
|
+
* When MCP traffic is tunneled through a gateway/inspector proxy, the SDK
|
|
10110
|
+
* transport derives `/.well-known/*` URLs from the URL it connected to (the
|
|
10111
|
+
* proxy) whenever no `resource_metadata` hint is available — the SSE
|
|
10112
|
+
* transport's EventSource cannot read `WWW-Authenticate`, and token refresh
|
|
10113
|
+
* runs without a 401 response at hand. The proxy origin serves no OAuth
|
|
10114
|
+
* metadata, so discovery would fail and the server would be misclassified
|
|
10115
|
+
* as "does not support OAuth". Rewriting reproduces what a direct
|
|
10116
|
+
* connection would have requested: the same well-known document, anchored
|
|
10117
|
+
* on the server origin, with the RFC 8414 §3.1 / RFC 9728 §3.1 path
|
|
10118
|
+
* insertion using the server's path instead of the proxy's.
|
|
10119
|
+
*/
|
|
10120
|
+
reanchorWellKnownUrl(url) {
|
|
10121
|
+
if (!this.connectionUrl) return url;
|
|
10122
|
+
try {
|
|
10123
|
+
const requested = new URL(url);
|
|
10124
|
+
const connection = new URL(this.connectionUrl);
|
|
10125
|
+
if (requested.origin !== connection.origin) return url;
|
|
10126
|
+
if (!requested.pathname.startsWith("/.well-known/")) return url;
|
|
10127
|
+
const target = new URL(this.serverUrl);
|
|
10128
|
+
const rest = requested.pathname.slice("/.well-known/".length);
|
|
10129
|
+
const [doc, ...suffixParts] = rest.split("/");
|
|
10130
|
+
if (!doc) return url;
|
|
10131
|
+
const suffix = suffixParts.length ? `/${suffixParts.join("/")}` : "";
|
|
10132
|
+
const connectionPath = connection.pathname.replace(/\/+$/, "");
|
|
10133
|
+
const targetPath = target.pathname.replace(/\/+$/, "");
|
|
10134
|
+
const newSuffix = suffix && suffix === connectionPath ? targetPath : suffix;
|
|
10135
|
+
return `${target.origin}/.well-known/${doc}${newSuffix}${requested.search}`;
|
|
10136
|
+
} catch {
|
|
10137
|
+
return url;
|
|
10138
|
+
}
|
|
10139
|
+
}
|
|
10105
10140
|
/**
|
|
10106
10141
|
* Returns a `fetch` function, scoped to this provider, that routes OAuth
|
|
10107
10142
|
* requests (`.well-known` metadata, token, register, authorize) through the
|
|
@@ -10131,7 +10166,8 @@ var BrowserOAuthClientProvider = class {
|
|
|
10131
10166
|
const connectionUrl = this.connectionUrl;
|
|
10132
10167
|
const serverUrl = this.serverUrl;
|
|
10133
10168
|
return async (input, init) => {
|
|
10134
|
-
const
|
|
10169
|
+
const requestedUrl = typeof input === "string" ? input : input instanceof URL ? input.toString() : input.url;
|
|
10170
|
+
const url = this.reanchorWellKnownUrl(requestedUrl);
|
|
10135
10171
|
const isOAuthRequest = url.includes("/.well-known/") || url.match(/\/(register|token|authorize)$/);
|
|
10136
10172
|
if (!isOAuthRequest) {
|
|
10137
10173
|
return await base(input, init);
|
|
@@ -10201,7 +10237,7 @@ var BrowserOAuthClientProvider = class {
|
|
|
10201
10237
|
"[OAuth Proxy] Request failed, falling back to direct fetch:",
|
|
10202
10238
|
error
|
|
10203
10239
|
);
|
|
10204
|
-
return await base(input, init);
|
|
10240
|
+
return url !== requestedUrl ? await base(url, init) : await base(input, init);
|
|
10205
10241
|
}
|
|
10206
10242
|
};
|
|
10207
10243
|
}
|
package/dist/index.js
CHANGED
|
@@ -5,7 +5,7 @@ import {
|
|
|
5
5
|
} from "./chunk-OWF2HVMR.js";
|
|
6
6
|
import {
|
|
7
7
|
StdioConnector
|
|
8
|
-
} from "./chunk-
|
|
8
|
+
} from "./chunk-LZOTKOYW.js";
|
|
9
9
|
import {
|
|
10
10
|
clearRpcLogs,
|
|
11
11
|
getAllRpcLogs,
|
|
@@ -32,7 +32,7 @@ import {
|
|
|
32
32
|
reject,
|
|
33
33
|
resolveCallbacks,
|
|
34
34
|
validate
|
|
35
|
-
} from "./chunk-
|
|
35
|
+
} from "./chunk-D7SEH5RU.js";
|
|
36
36
|
import "./chunk-GKPKUKD6.js";
|
|
37
37
|
import "./chunk-GXNAXUDI.js";
|
|
38
38
|
import {
|
|
@@ -50,12 +50,12 @@ import {
|
|
|
50
50
|
getSupportedProviders,
|
|
51
51
|
isValidLLMString,
|
|
52
52
|
parseLLMString
|
|
53
|
-
} from "./chunk-
|
|
53
|
+
} from "./chunk-LPVVF6US.js";
|
|
54
54
|
import "./chunk-N27VLLMA.js";
|
|
55
|
-
import "./chunk-
|
|
55
|
+
import "./chunk-TAPTQKI4.js";
|
|
56
56
|
import {
|
|
57
57
|
BaseConnector
|
|
58
|
-
} from "./chunk-
|
|
58
|
+
} from "./chunk-YZ22J43K.js";
|
|
59
59
|
import {
|
|
60
60
|
BaseAdapter
|
|
61
61
|
} from "./chunk-27JERD25.js";
|
|
@@ -67,7 +67,7 @@ import {
|
|
|
67
67
|
onMcpAuthorization,
|
|
68
68
|
probeAuthParams,
|
|
69
69
|
runAuthPopup
|
|
70
|
-
} from "./chunk-
|
|
70
|
+
} from "./chunk-N3DGPXFX.js";
|
|
71
71
|
import {
|
|
72
72
|
sanitizeUrl
|
|
73
73
|
} from "./chunk-HDFPTC56.js";
|
|
@@ -98,7 +98,7 @@ import {
|
|
|
98
98
|
createServerRunEventData,
|
|
99
99
|
getPackageVersion,
|
|
100
100
|
setTelemetrySource
|
|
101
|
-
} from "./chunk-
|
|
101
|
+
} from "./chunk-PSOT2YDT.js";
|
|
102
102
|
import {
|
|
103
103
|
telFetch
|
|
104
104
|
} from "./chunk-BXZHMYMM.js";
|
package/dist/src/agents/index.js
CHANGED
|
@@ -3,13 +3,13 @@ import {
|
|
|
3
3
|
MCPAgent,
|
|
4
4
|
PROMPTS,
|
|
5
5
|
RemoteAgent
|
|
6
|
-
} from "../../chunk-
|
|
6
|
+
} from "../../chunk-LPVVF6US.js";
|
|
7
7
|
import "../../chunk-N27VLLMA.js";
|
|
8
|
-
import "../../chunk-
|
|
9
|
-
import "../../chunk-
|
|
8
|
+
import "../../chunk-TAPTQKI4.js";
|
|
9
|
+
import "../../chunk-YZ22J43K.js";
|
|
10
10
|
import "../../chunk-27JERD25.js";
|
|
11
11
|
import "../../chunk-LG5NSHEL.js";
|
|
12
|
-
import "../../chunk-
|
|
12
|
+
import "../../chunk-PSOT2YDT.js";
|
|
13
13
|
import "../../chunk-BXZHMYMM.js";
|
|
14
14
|
import "../../chunk-MTHLLDCX.js";
|
|
15
15
|
import "../../chunk-QWQYAQCK.js";
|
|
@@ -54,6 +54,22 @@ export declare class BrowserOAuthClientProvider implements OAuthClientProvider {
|
|
|
54
54
|
get callbackUrl(): string;
|
|
55
55
|
get scope(): string | undefined;
|
|
56
56
|
getKey(keySuffix: string): string;
|
|
57
|
+
/**
|
|
58
|
+
* Re-anchor an SDK-derived OAuth discovery URL from the MCP connection
|
|
59
|
+
* (proxy) origin onto the actual MCP server.
|
|
60
|
+
*
|
|
61
|
+
* When MCP traffic is tunneled through a gateway/inspector proxy, the SDK
|
|
62
|
+
* transport derives `/.well-known/*` URLs from the URL it connected to (the
|
|
63
|
+
* proxy) whenever no `resource_metadata` hint is available — the SSE
|
|
64
|
+
* transport's EventSource cannot read `WWW-Authenticate`, and token refresh
|
|
65
|
+
* runs without a 401 response at hand. The proxy origin serves no OAuth
|
|
66
|
+
* metadata, so discovery would fail and the server would be misclassified
|
|
67
|
+
* as "does not support OAuth". Rewriting reproduces what a direct
|
|
68
|
+
* connection would have requested: the same well-known document, anchored
|
|
69
|
+
* on the server origin, with the RFC 8414 §3.1 / RFC 9728 §3.1 path
|
|
70
|
+
* insertion using the server's path instead of the proxy's.
|
|
71
|
+
*/
|
|
72
|
+
private reanchorWellKnownUrl;
|
|
57
73
|
/**
|
|
58
74
|
* Returns a `fetch` function, scoped to this provider, that routes OAuth
|
|
59
75
|
* requests (`.well-known` metadata, token, register, authorize) through the
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"browser-provider.d.ts","sourceRoot":"","sources":["../../../src/auth/browser-provider.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,0CAA0C,CAAC;AACpF,OAAO,KAAK,EACV,sBAAsB,EACtB,mBAAmB,EACnB,WAAW,EACZ,MAAM,0CAA0C,CAAC;AAkBlD,UAAU,mBAAmB;IAC3B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,4EAA4E;IAC5E,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB;;;;;;;OAOG;IACH,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B;;;;;OAKG;IACH,gBAAgB,CAAC,EAAE,sBAAsB,CAAC;IAC1C,wEAAwE;IACxE,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,aAAa,CAAC,EAAE,CACd,GAAG,EAAE,MAAM,EACX,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,UAAU,CAAC,MAAM,GAAG,IAAI,KAC7B,IAAI,CAAC;CACX;AAED;;GAEG;AACH,qBAAa,0BAA2B,YAAW,mBAAmB;IACpE,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,gBAAgB,CAAC,EAAE,sBAAsB,CAAC;IACnD,OAAO,CAAC,OAAO,CAAoB;IAGnC,OAAO,CAAC,eAAe,CAAC,CAAU;IAClC,OAAO,CAAC,eAAe,CAAC,CAAU;IAClC,OAAO,CAAC,aAAa,CAAC,CAAS;IAC/B,OAAO,CAAC,aAAa,CAAC,CAAS;IAC/B,OAAO,CAAC,kBAAkB,CAAU;IACpC,OAAO,CAAC,qBAAqB,CAAuB;IACpD,QAAQ,CAAC,aAAa,EAClB,CAAC,CACC,GAAG,EAAE,MAAM,EACX,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,UAAU,CAAC,MAAM,GAAG,IAAI,KAC7B,IAAI,CAAC,GACV,SAAS,CAAC;gBAEF,SAAS,EAAE,MAAM,EAAE,OAAO,GAAE,mBAAwB;IAkBhE,IAAI,gBAAgB,IAAI,MAAM,CAE7B;IAED,IAAI,aAAa,IAAI,MAAM,CAE1B;IAED,IAAI,UAAU,IAAI,MAAM,CAEvB;IAED,IAAI,SAAS,IAAI,MAAM,CAEtB;IAED,IAAI,OAAO,IAAI,MAAM,CAEpB;IAED,IAAI,WAAW,IAAI,MAAM,CAExB;IAED,IAAI,KAAK,IAAI,MAAM,GAAG,SAAS,CAE9B;IAED,MAAM,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM;IAIjC;;;;;;;;;;;;;;;;;;;OAmBG;IACH,aAAa,CAAC,SAAS,CAAC,EAAE,OAAO,KAAK,GAAG,OAAO,KAAK,GAAG,SAAS;
|
|
1
|
+
{"version":3,"file":"browser-provider.d.ts","sourceRoot":"","sources":["../../../src/auth/browser-provider.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,0CAA0C,CAAC;AACpF,OAAO,KAAK,EACV,sBAAsB,EACtB,mBAAmB,EACnB,WAAW,EACZ,MAAM,0CAA0C,CAAC;AAkBlD,UAAU,mBAAmB;IAC3B,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,eAAe,CAAC,EAAE,OAAO,CAAC;IAC1B,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,4EAA4E;IAC5E,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB;;;;;;;OAOG;IACH,kBAAkB,CAAC,EAAE,OAAO,CAAC;IAC7B;;;;;OAKG;IACH,gBAAgB,CAAC,EAAE,sBAAsB,CAAC;IAC1C,wEAAwE;IACxE,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,aAAa,CAAC,EAAE,CACd,GAAG,EAAE,MAAM,EACX,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,UAAU,CAAC,MAAM,GAAG,IAAI,KAC7B,IAAI,CAAC;CACX;AAED;;GAEG;AACH,qBAAa,0BAA2B,YAAW,mBAAmB;IACpE,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,gBAAgB,CAAC,EAAE,sBAAsB,CAAC;IACnD,OAAO,CAAC,OAAO,CAAoB;IAGnC,OAAO,CAAC,eAAe,CAAC,CAAU;IAClC,OAAO,CAAC,eAAe,CAAC,CAAU;IAClC,OAAO,CAAC,aAAa,CAAC,CAAS;IAC/B,OAAO,CAAC,aAAa,CAAC,CAAS;IAC/B,OAAO,CAAC,kBAAkB,CAAU;IACpC,OAAO,CAAC,qBAAqB,CAAuB;IACpD,QAAQ,CAAC,aAAa,EAClB,CAAC,CACC,GAAG,EAAE,MAAM,EACX,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,UAAU,CAAC,MAAM,GAAG,IAAI,KAC7B,IAAI,CAAC,GACV,SAAS,CAAC;gBAEF,SAAS,EAAE,MAAM,EAAE,OAAO,GAAE,mBAAwB;IAkBhE,IAAI,gBAAgB,IAAI,MAAM,CAE7B;IAED,IAAI,aAAa,IAAI,MAAM,CAE1B;IAED,IAAI,UAAU,IAAI,MAAM,CAEvB;IAED,IAAI,SAAS,IAAI,MAAM,CAEtB;IAED,IAAI,OAAO,IAAI,MAAM,CAEpB;IAED,IAAI,WAAW,IAAI,MAAM,CAExB;IAED,IAAI,KAAK,IAAI,MAAM,GAAG,SAAS,CAE9B;IAED,MAAM,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM;IAIjC;;;;;;;;;;;;;;OAcG;IACH,OAAO,CAAC,oBAAoB;IA2B5B;;;;;;;;;;;;;;;;;;;OAmBG;IACH,aAAa,CAAC,SAAS,CAAC,EAAE,OAAO,KAAK,GAAG,OAAO,KAAK,GAAG,SAAS;IAsJjE,IAAI,WAAW,IAAI,MAAM,CAExB;IAED,IAAI,cAAc,IAAI,mBAAmB,CAExC;IAED,MAAM,IAAI,OAAO,CAAC,WAAW,GAAG,SAAS,CAAC;IAI1C,UAAU,CAAC,MAAM,EAAE,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC;IAIxC,iBAAiB,IAAI,OAAO,CAAC,sBAAsB,GAAG,SAAS,CAAC;IAShE,qBAAqB,CACzB,iBAAiB,EAAE,sBAAsB,GACxC,OAAO,CAAC,IAAI,CAAC;IAOhB,YAAY,IAAI,OAAO,CAAC,MAAM,CAAC;IAI/B,gBAAgB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAIrD,qBAAqB,CACnB,KAAK,EAAE,KAAK,GAAG,QAAQ,GAAG,QAAQ,GAAG,UAAU,GAC9C,OAAO,CAAC,IAAI,CAAC;IAIhB;;;;OAIG;IACH,gBAAgB,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IAI1C;;;;OAIG;IACH,oBAAoB,IAAI,OAAO,CAAC;QAC9B,SAAS,EAAE,MAAM,CAAC;QAClB,aAAa,CAAC,EAAE,MAAM,CAAC;KACxB,GAAG,IAAI,CAAC;IAIT;;;;;OAKG;IACG,uBAAuB,CAAC,gBAAgB,EAAE,GAAG,GAAG,OAAO,CAAC,MAAM,CAAC;IAiBrE;;;OAGG;IACG,uBAAuB,CAAC,gBAAgB,EAAE,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC;IAuDnE;;;;OAIG;IACH,OAAO,CAAC,2BAA2B;IAyBnC;;OAEG;IACH,uBAAuB,IAAI,MAAM,GAAG,IAAI;IAMxC,YAAY,IAAI,MAAM;CAqCvB"}
|
package/dist/src/auth/index.cjs
CHANGED
|
@@ -444,6 +444,41 @@ var BrowserOAuthClientProvider = class {
|
|
|
444
444
|
getKey(keySuffix) {
|
|
445
445
|
return this.session.getKey(keySuffix);
|
|
446
446
|
}
|
|
447
|
+
/**
|
|
448
|
+
* Re-anchor an SDK-derived OAuth discovery URL from the MCP connection
|
|
449
|
+
* (proxy) origin onto the actual MCP server.
|
|
450
|
+
*
|
|
451
|
+
* When MCP traffic is tunneled through a gateway/inspector proxy, the SDK
|
|
452
|
+
* transport derives `/.well-known/*` URLs from the URL it connected to (the
|
|
453
|
+
* proxy) whenever no `resource_metadata` hint is available — the SSE
|
|
454
|
+
* transport's EventSource cannot read `WWW-Authenticate`, and token refresh
|
|
455
|
+
* runs without a 401 response at hand. The proxy origin serves no OAuth
|
|
456
|
+
* metadata, so discovery would fail and the server would be misclassified
|
|
457
|
+
* as "does not support OAuth". Rewriting reproduces what a direct
|
|
458
|
+
* connection would have requested: the same well-known document, anchored
|
|
459
|
+
* on the server origin, with the RFC 8414 §3.1 / RFC 9728 §3.1 path
|
|
460
|
+
* insertion using the server's path instead of the proxy's.
|
|
461
|
+
*/
|
|
462
|
+
reanchorWellKnownUrl(url) {
|
|
463
|
+
if (!this.connectionUrl) return url;
|
|
464
|
+
try {
|
|
465
|
+
const requested = new URL(url);
|
|
466
|
+
const connection = new URL(this.connectionUrl);
|
|
467
|
+
if (requested.origin !== connection.origin) return url;
|
|
468
|
+
if (!requested.pathname.startsWith("/.well-known/")) return url;
|
|
469
|
+
const target = new URL(this.serverUrl);
|
|
470
|
+
const rest = requested.pathname.slice("/.well-known/".length);
|
|
471
|
+
const [doc, ...suffixParts] = rest.split("/");
|
|
472
|
+
if (!doc) return url;
|
|
473
|
+
const suffix = suffixParts.length ? `/${suffixParts.join("/")}` : "";
|
|
474
|
+
const connectionPath = connection.pathname.replace(/\/+$/, "");
|
|
475
|
+
const targetPath = target.pathname.replace(/\/+$/, "");
|
|
476
|
+
const newSuffix = suffix && suffix === connectionPath ? targetPath : suffix;
|
|
477
|
+
return `${target.origin}/.well-known/${doc}${newSuffix}${requested.search}`;
|
|
478
|
+
} catch {
|
|
479
|
+
return url;
|
|
480
|
+
}
|
|
481
|
+
}
|
|
447
482
|
/**
|
|
448
483
|
* Returns a `fetch` function, scoped to this provider, that routes OAuth
|
|
449
484
|
* requests (`.well-known` metadata, token, register, authorize) through the
|
|
@@ -473,7 +508,8 @@ var BrowserOAuthClientProvider = class {
|
|
|
473
508
|
const connectionUrl = this.connectionUrl;
|
|
474
509
|
const serverUrl = this.serverUrl;
|
|
475
510
|
return async (input, init) => {
|
|
476
|
-
const
|
|
511
|
+
const requestedUrl = typeof input === "string" ? input : input instanceof URL ? input.toString() : input.url;
|
|
512
|
+
const url = this.reanchorWellKnownUrl(requestedUrl);
|
|
477
513
|
const isOAuthRequest = url.includes("/.well-known/") || url.match(/\/(register|token|authorize)$/);
|
|
478
514
|
if (!isOAuthRequest) {
|
|
479
515
|
return await base(input, init);
|
|
@@ -543,7 +579,7 @@ var BrowserOAuthClientProvider = class {
|
|
|
543
579
|
"[OAuth Proxy] Request failed, falling back to direct fetch:",
|
|
544
580
|
error
|
|
545
581
|
);
|
|
546
|
-
return await base(input, init);
|
|
582
|
+
return url !== requestedUrl ? await base(url, init) : await base(input, init);
|
|
547
583
|
}
|
|
548
584
|
};
|
|
549
585
|
}
|
package/dist/src/auth/index.js
CHANGED
|
@@ -7,7 +7,7 @@ import {
|
|
|
7
7
|
Telemetry,
|
|
8
8
|
extractModelInfo,
|
|
9
9
|
getPackageVersion
|
|
10
|
-
} from "../chunk-
|
|
10
|
+
} from "../chunk-XIAP7CEH.js";
|
|
11
11
|
import {
|
|
12
12
|
logger
|
|
13
13
|
} from "../chunk-QWQYAQCK.js";
|
|
@@ -1671,7 +1671,7 @@ var MCPAgent = class {
|
|
|
1671
1671
|
logger.debug(
|
|
1672
1672
|
`Creating MCPClient with ${Object.keys(this.mcpServersConfig).length} server(s)...`
|
|
1673
1673
|
);
|
|
1674
|
-
const { MCPClient } = await import("../client-
|
|
1674
|
+
const { MCPClient } = await import("../client-AGYZM4PU.js");
|
|
1675
1675
|
this.client = new MCPClient({ mcpServers: this.mcpServersConfig });
|
|
1676
1676
|
logger.debug("\u2705 MCPClient created successfully");
|
|
1677
1677
|
}
|
package/dist/src/browser.cjs
CHANGED
|
@@ -783,7 +783,7 @@ var ClientRemoveServerEvent = class extends BaseTelemetryEvent {
|
|
|
783
783
|
};
|
|
784
784
|
|
|
785
785
|
// src/version.ts
|
|
786
|
-
var VERSION = "1.34.
|
|
786
|
+
var VERSION = "1.34.1";
|
|
787
787
|
function getPackageVersion() {
|
|
788
788
|
return VERSION;
|
|
789
789
|
}
|
|
@@ -3512,6 +3512,41 @@ var BrowserOAuthClientProvider = class {
|
|
|
3512
3512
|
getKey(keySuffix) {
|
|
3513
3513
|
return this.session.getKey(keySuffix);
|
|
3514
3514
|
}
|
|
3515
|
+
/**
|
|
3516
|
+
* Re-anchor an SDK-derived OAuth discovery URL from the MCP connection
|
|
3517
|
+
* (proxy) origin onto the actual MCP server.
|
|
3518
|
+
*
|
|
3519
|
+
* When MCP traffic is tunneled through a gateway/inspector proxy, the SDK
|
|
3520
|
+
* transport derives `/.well-known/*` URLs from the URL it connected to (the
|
|
3521
|
+
* proxy) whenever no `resource_metadata` hint is available — the SSE
|
|
3522
|
+
* transport's EventSource cannot read `WWW-Authenticate`, and token refresh
|
|
3523
|
+
* runs without a 401 response at hand. The proxy origin serves no OAuth
|
|
3524
|
+
* metadata, so discovery would fail and the server would be misclassified
|
|
3525
|
+
* as "does not support OAuth". Rewriting reproduces what a direct
|
|
3526
|
+
* connection would have requested: the same well-known document, anchored
|
|
3527
|
+
* on the server origin, with the RFC 8414 §3.1 / RFC 9728 §3.1 path
|
|
3528
|
+
* insertion using the server's path instead of the proxy's.
|
|
3529
|
+
*/
|
|
3530
|
+
reanchorWellKnownUrl(url) {
|
|
3531
|
+
if (!this.connectionUrl) return url;
|
|
3532
|
+
try {
|
|
3533
|
+
const requested = new URL(url);
|
|
3534
|
+
const connection = new URL(this.connectionUrl);
|
|
3535
|
+
if (requested.origin !== connection.origin) return url;
|
|
3536
|
+
if (!requested.pathname.startsWith("/.well-known/")) return url;
|
|
3537
|
+
const target = new URL(this.serverUrl);
|
|
3538
|
+
const rest = requested.pathname.slice("/.well-known/".length);
|
|
3539
|
+
const [doc, ...suffixParts] = rest.split("/");
|
|
3540
|
+
if (!doc) return url;
|
|
3541
|
+
const suffix = suffixParts.length ? `/${suffixParts.join("/")}` : "";
|
|
3542
|
+
const connectionPath = connection.pathname.replace(/\/+$/, "");
|
|
3543
|
+
const targetPath = target.pathname.replace(/\/+$/, "");
|
|
3544
|
+
const newSuffix = suffix && suffix === connectionPath ? targetPath : suffix;
|
|
3545
|
+
return `${target.origin}/.well-known/${doc}${newSuffix}${requested.search}`;
|
|
3546
|
+
} catch {
|
|
3547
|
+
return url;
|
|
3548
|
+
}
|
|
3549
|
+
}
|
|
3515
3550
|
/**
|
|
3516
3551
|
* Returns a `fetch` function, scoped to this provider, that routes OAuth
|
|
3517
3552
|
* requests (`.well-known` metadata, token, register, authorize) through the
|
|
@@ -3541,7 +3576,8 @@ var BrowserOAuthClientProvider = class {
|
|
|
3541
3576
|
const connectionUrl = this.connectionUrl;
|
|
3542
3577
|
const serverUrl = this.serverUrl;
|
|
3543
3578
|
return async (input, init) => {
|
|
3544
|
-
const
|
|
3579
|
+
const requestedUrl = typeof input === "string" ? input : input instanceof URL ? input.toString() : input.url;
|
|
3580
|
+
const url = this.reanchorWellKnownUrl(requestedUrl);
|
|
3545
3581
|
const isOAuthRequest = url.includes("/.well-known/") || url.match(/\/(register|token|authorize)$/);
|
|
3546
3582
|
if (!isOAuthRequest) {
|
|
3547
3583
|
return await base(input, init);
|
|
@@ -3611,7 +3647,7 @@ var BrowserOAuthClientProvider = class {
|
|
|
3611
3647
|
"[OAuth Proxy] Request failed, falling back to direct fetch:",
|
|
3612
3648
|
error
|
|
3613
3649
|
);
|
|
3614
|
-
return await base(input, init);
|
|
3650
|
+
return url !== requestedUrl ? await base(url, init) : await base(input, init);
|
|
3615
3651
|
}
|
|
3616
3652
|
};
|
|
3617
3653
|
}
|