npm - modality-ai - Versions diffs - 0.5.2 → 0.5.4 - Mend

modality-ai 0.5.2 → 0.5.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/index.js +47 -13
package/dist/types/index.d.ts +1 -1
package/dist/types/mcp-oauth-provider.d.ts +19 -14
package/package.json +1 -1

package/dist/index.js CHANGED Viewed

@@ -138837,9 +138837,16 @@ import { createHash } from "node:crypto";
 import { mkdirSync, readFileSync, writeFileSync } from "node:fs";
 import { homedir } from "node:os";
 import { join as join8 } from "node:path";
+var SERVER_IDENTITY_WHITELIST = {
+  "figma.com": {
+    client_name: "Claude Code",
+    client_uri: "https://claude.ai"
+  }
+};
 class CLIBrowserOAuthProvider {
   _clientName;
+  _serverIdentity;
   _noOpen;
   _cachePath;
   _port;
@@ -138854,10 +138861,11 @@ class CLIBrowserOAuthProvider {
   constructor(options = {}) {
     this._clientName = options.clientName ?? "mcp-cli";
     this._noOpen = options.noOpen ?? false;
-    if (options.storageKey === null) {
+    this._serverIdentity = options.serverUrl ? resolveServerIdentity(options.serverUrl) : null;
+    if (options.serverUrl === null) {
       this._cachePath = null;
     } else {
-      const key = options.storageKey ?? "default";
+      const key = options.serverUrl ? urlStorageKey(options.serverUrl) : "default";
       const dir3 = join8(homedir(), ".cache", "counter");
       mkdirSync(dir3, { recursive: true });
       this._cachePath = join8(dir3, `${key}.json`);
@@ -138873,19 +138881,27 @@ class CLIBrowserOAuthProvider {
       this._rejectCode = reject3;
     });
     this._server = Bun.serve({
-      port: options.callbackPort ?? 0,
+      port: options.callbackPort ?? 9876,
       fetch: (req) => this._handleCallback(req)
     });
-    this._port = this._server.port ?? 0;
+    this._port = this._server.port ?? 9876;
+    if (this._clientInfo) {
+      const uris = this._clientInfo.redirect_uris ?? [];
+      if (!uris.includes(this.redirectUrl)) {
+        this._clientInfo = undefined;
+      }
+    }
   }
   get redirectUrl() {
     return `http://127.0.0.1:${this._port}/callback`;
   }
   get clientMetadata() {
+    const identity7 = this._serverIdentity;
     return {
-      client_name: this._clientName,
+      client_name: identity7?.client_name ?? this._clientName,
+      ...identity7?.client_uri ? { client_uri: identity7.client_uri } : {},
       redirect_uris: [this.redirectUrl],
-      grant_types: ["authorization_code"],
+      grant_types: ["authorization_code", "refresh_token"],
       response_types: ["code"],
       token_endpoint_auth_method: "none"
     };
@@ -138918,6 +138934,16 @@ class CLIBrowserOAuthProvider {
       throw new Error("No PKCE code verifier saved");
     return this._codeVerifier;
   }
+  addClientAuthentication = (_headers, params) => {
+    const info3 = this._clientInfo;
+    if (!info3)
+      return;
+    params.set("client_id", info3.client_id);
+    const secret3 = info3.client_secret;
+    if (secret3) {
+      params.set("client_secret", secret3);
+    }
+  };
   async redirectToAuthorization(authorizationUrl) {
     const url5 = authorizationUrl.toString();
     if (this._noOpen) {
@@ -138945,13 +138971,8 @@ class CLIBrowserOAuthProvider {
     return this._discoveryState;
   }
   clearCache() {
-    this._clientInfo = undefined;
     this._tokens = undefined;
-    if (this._cachePath) {
-      try {
-        writeFileSync(this._cachePath, "{}");
-      } catch {}
-    }
+    this._persistCache();
   }
   stop() {
     this._server.stop(true);
@@ -139097,8 +139118,21 @@ function openBrowser(url5) {
 function urlStorageKey(url5) {
   return createHash("sha1").update(url5).digest("hex").slice(0, 12);
 }
+function resolveServerIdentity(serverUrl) {
+  let hostname4;
+  try {
+    hostname4 = new URL(serverUrl).hostname;
+  } catch {
+    return null;
+  }
+  for (const [key, identity7] of Object.entries(SERVER_IDENTITY_WHITELIST)) {
+    if (hostname4 === key || hostname4.endsWith(`.${key}`)) {
+      return identity7;
+    }
+  }
+  return null;
+}
 export {
-  urlStorageKey,
   setupStdioToHttpTools,
   mergeToolCallsAndResults,
   createStdioClient,

package/dist/types/index.d.ts CHANGED Viewed

@@ -3,4 +3,4 @@ export { ModalityClient } from "./ModalityClient";
 export { setupStdioToHttpTools, createStdioClient, } from "./setupStdioToHttpTools";
 export type { ModalityClientInstance } from "./ModalityClient";
 export type { StdioClientOptions } from "./setupStdioToHttpTools";
-export { CLIBrowserOAuthProvider, urlStorageKey, } from "./mcp-oauth-provider";
+export { CLIBrowserOAuthProvider } from "./mcp-oauth-provider";

package/dist/types/mcp-oauth-provider.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import type { OAuthClientProvider, OAuthDiscoveryState } from "@modelcontextprotocol/sdk/client/auth.js";
+import type { OAuthClientProvider, OAuthDiscoveryState, AddClientAuthentication } from "@modelcontextprotocol/sdk/client/auth.js";
 import type { OAuthClientInformationMixed, OAuthClientMetadata, OAuthTokens } from "@modelcontextprotocol/sdk/shared/auth.js";
 interface CLIBrowserOAuthProviderOptions {
     /** Display name registered with the OAuth server. Default: "mcp-cli" */
@@ -10,9 +10,7 @@ interface CLIBrowserOAuthProviderOptions {
     clientId?: string;
     /**
      * Port for the local callback server.
-     * 0 (default) picks a random available port.
-     * Use a fixed port when registering an OAuth app manually so the redirect
-     * URI stays stable across runs (e.g. callbackPort: 9876).
+     * Defaults to 9876 for a stable redirect_uri across runs.
      */
     callbackPort?: number;
     /**
@@ -22,14 +20,11 @@ interface CLIBrowserOAuthProviderOptions {
      */
     noOpen?: boolean;
     /**
-     * Key used to namespace the persisted OAuth cache for this server.
-     * Defaults to a short hash of the server URL so each MCP server gets its
-     * own cache entry and re-runs skip dynamic registration entirely.
-     *
-     * Pass an explicit string (e.g. "figma") for a human-readable cache name.
+     * MCP server URL used to derive a unique cache key via urlStorageKey().
+     * Each server gets its own cache entry so re-runs skip dynamic registration.
      * Pass null to disable persistence entirely.
      */
-    storageKey?: string | null;
+    serverUrl?: string | null;
 }
 /**
  * OAuthClientProvider for CLI tools.
@@ -42,7 +37,7 @@ interface CLIBrowserOAuthProviderOptions {
  * and the browser prompt (until the token expires).
  *
  * Usage:
- *   const provider = new CLIBrowserOAuthProvider({ clientName: "my-cli", storageKey: "figma" });
+ *   const provider = new CLIBrowserOAuthProvider({ clientName: "my-cli", serverUrl: "https://mcp.figma.com/mcp" });
  *   const transport = new StreamableHTTPClientTransport(url, { authProvider: provider });
  *   const client = new Client(...);
  *
@@ -60,6 +55,7 @@ interface CLIBrowserOAuthProviderOptions {
  */
 export declare class CLIBrowserOAuthProvider implements OAuthClientProvider {
     private readonly _clientName;
+    private readonly _serverIdentity;
     private readonly _noOpen;
     private readonly _cachePath;
     private _port;
@@ -82,6 +78,17 @@ export declare class CLIBrowserOAuthProvider implements OAuthClientProvider {
     discoveryState(): OAuthDiscoveryState | undefined;
     saveCodeVerifier(verifier: string): void;
     codeVerifier(): string;
+    /**
+     * Custom client authentication for token exchange.
+     *
+     * Figma's dynamic registration returns `token_endpoint_auth_method: "none"` yet
+     * also issues a `client_secret`. The MCP SDK honours the registered
+     * `token_endpoint_auth_method` and therefore sends only `client_id`, which Figma
+     * rejects. When a `client_secret` is present we always send it as
+     * `client_secret_post` so the credentials reach Figma regardless of whatever
+     * auth-method string the registration response contained.
+     */
+    readonly addClientAuthentication: AddClientAuthentication;
     redirectToAuthorization(authorizationUrl: URL): Promise<void>;
     /**
      * Resolves with the authorization code once the browser redirect completes.
@@ -89,7 +96,7 @@ export declare class CLIBrowserOAuthProvider implements OAuthClientProvider {
     waitForCode(): Promise<string>;
     /** Discovery state captured before registration — available even when registration fails. */
     getDiscoveryState(): OAuthDiscoveryState | undefined;
-    /** Remove all persisted state for this server (forces re-registration + re-auth on next run). */
+    /** Clear cached tokens only — forces browser re-auth on next run while keeping client registration. */
     clearCache(): void;
     /** Stop the local callback HTTP server. Call once auth is complete. */
     stop(): void;
@@ -97,6 +104,4 @@ export declare class CLIBrowserOAuthProvider implements OAuthClientProvider {
     private _persistCache;
     private _handleCallback;
 }
-/** Short stable hash of a string — used to derive a cache file name from a URL. */
-export declare function urlStorageKey(url: string): string;
 export {};

package/package.json CHANGED Viewed

@@ -1,5 +1,5 @@
 {
-  "version": "0.5.2",
+  "version": "0.5.4",
   "name": "modality-ai",
   "repository": {
     "type": "git",