nitrostack 1.0.83 → 1.0.85

package/dist/auth/__tests__/quick-setup.test.js

@@ -1,95 +0,0 @@
-import { jest, describe, it, expect } from '@jest/globals';
-const { setupJWTAuth, setupAPIKeyAuth, setupOAuthAuth, generateTestCredentials, printAuthSetupInstructions, validateAuthEnv } = await import('../quick-setup.js');
-describe('Quick Setup', () => {
-    const mockApp = {
-        use: jest.fn(),
-        get: jest.fn()
-    };
-    beforeEach(() => {
-        jest.clearAllMocks();
-        // Redirect console.log to avoid noise
-        jest.spyOn(console, 'log').mockImplementation(() => { });
-    });
-    afterEach(() => {
-        jest.restoreAllMocks();
-    });
-    it('should setup JWT auth', () => {
-        setupJWTAuth(mockApp, { secret: 'secret' });
-        setupJWTAuth(mockApp, { secret: 'secret', audience: 'aud', issuer: 'iss', algorithm: 'HS256' });
-        expect(mockApp.use).toHaveBeenCalled();
-    });
-    it('should setup API Key auth', () => {
-        setupAPIKeyAuth(mockApp, { keys: ['key'], allowQueryParam: true });
-        setupAPIKeyAuth(mockApp, { keys: ['key'], allowQueryParam: false });
-        expect(mockApp.use).toHaveBeenCalledTimes(2);
-    });
-    it('should setup OAuth auth', () => {
-        setupOAuthAuth(mockApp, {
-            resourceUri: 'uri',
-            authorizationServers: ['as'],
-            tokenIntrospectionEndpoint: 'end',
-            tokenIntrospectionClientId: 'id',
-            tokenIntrospectionClientSecret: 'sec'
-        });
-        setupOAuthAuth(mockApp, {
-            resourceUri: 'uri',
-            authorizationServers: ['as'],
-            tokenIntrospectionEndpoint: 'end',
-            tokenIntrospectionClientId: 'id',
-            tokenIntrospectionClientSecret: 'sec',
-            scopesSupported: ['scope']
-        });
-        expect(mockApp.use).toHaveBeenCalled();
-        expect(mockApp.get).toHaveBeenCalled();
-    });
-    it('should generate test credentials', () => {
-        const creds = generateTestCredentials();
-        expect(creds.jwtSecret).toBeDefined();
-        expect(creds.apiKey).toContain('sk_');
-        const creds2 = generateTestCredentials({ jwtAudience: 'aud', jwtIssuer: 'iss', apiKeyPrefix: 'test' });
-        expect(creds2.apiKey).toContain('test_');
-    });
-    it('should print setup instructions', () => {
-        printAuthSetupInstructions('jwt');
-        printAuthSetupInstructions('apikey');
-        printAuthSetupInstructions('oauth');
-        expect(console.log).toHaveBeenCalled();
-    });
-    describe('validateAuthEnv', () => {
-        const originalEnv = process.env;
-        beforeEach(() => {
-            process.env = { ...originalEnv };
-        });
-        afterEach(() => {
-            process.env = originalEnv;
-        });
-        it('should validate JWT env', () => {
-            delete process.env.JWT_SECRET;
-            let result = validateAuthEnv('jwt');
-            expect(result.valid).toBe(false);
-            process.env.JWT_SECRET = 'secret';
-            result = validateAuthEnv('jwt');
-            expect(result.valid).toBe(true);
-        });
-        it('should validate API Key env', () => {
-            delete process.env.API_KEY_1;
-            delete process.env.API_KEY;
-            let result = validateAuthEnv('apikey');
-            expect(result.valid).toBe(false);
-            process.env.API_KEY_1 = 'key';
-            result = validateAuthEnv('apikey');
-            expect(result.valid).toBe(true);
-        });
-        it('should validate OAuth env', () => {
-            process.env.OAUTH_RESOURCE_URI = 'uri';
-            process.env.OAUTH_AUTH_SERVER = 'as';
-            const result = validateAuthEnv('oauth');
-            expect(result.valid).toBe(false);
-            process.env.OAUTH_INTROSPECTION_ENDPOINT = 'e';
-            process.env.OAUTH_CLIENT_ID = 'id';
-            process.env.OAUTH_CLIENT_SECRET = 's';
-            expect(validateAuthEnv('oauth').valid).toBe(true);
-        });
-    });
-});
-//# sourceMappingURL=quick-setup.test.js.map

package/dist/auth/__tests__/quick-setup.test.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"quick-setup.test.js","sourceRoot":"","sources":["../../../src/auth/__tests__/quick-setup.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,eAAe,CAAC;AAE3D,MAAM,EAAE,YAAY,EAAE,eAAe,EAAE,cAAc,EAAE,uBAAuB,EAAE,0BAA0B,EAAE,eAAe,EAAE,GAAG,MAAM,MAAM,CAAC,mBAAmB,CAAC,CAAC;AAElK,QAAQ,CAAC,aAAa,EAAE,GAAG,EAAE;IACzB,MAAM,OAAO,GAAG;QACZ,GAAG,EAAE,IAAI,CAAC,EAAE,EAAE;QACd,GAAG,EAAE,IAAI,CAAC,EAAE,EAAE;KACV,CAAC;IAET,UAAU,CAAC,GAAG,EAAE;QACZ,IAAI,CAAC,aAAa,EAAE,CAAC;QACrB,sCAAsC;QACtC,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,kBAAkB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC;IAC7D,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,GAAG,EAAE;QACX,IAAI,CAAC,eAAe,EAAE,CAAC;IAC3B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uBAAuB,EAAE,GAAG,EAAE;QAC7B,YAAY,CAAC,OAAO,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,CAAC,CAAC;QAC5C,YAAY,CAAC,OAAO,EAAE,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,CAAC;QAChG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,gBAAgB,EAAE,CAAC;IAC3C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2BAA2B,EAAE,GAAG,EAAE;QACjC,eAAe,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,CAAC,KAAK,CAAC,EAAE,eAAe,EAAE,IAAI,EAAE,CAAC,CAAC;QACnE,eAAe,CAAC,OAAO,EAAE,EAAE,IAAI,EAAE,CAAC,KAAK,CAAC,EAAE,eAAe,EAAE,KAAK,EAAE,CAAC,CAAC;QACpE,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;IACjD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yBAAyB,EAAE,GAAG,EAAE;QAC/B,cAAc,CAAC,OAAO,EAAE;YACpB,WAAW,EAAE,KAAK;YAClB,oBAAoB,EAAE,CAAC,IAAI,CAAC;YAC5B,0BAA0B,EAAE,KAAK;YACjC,0BAA0B,EAAE,IAAI;YAChC,8BAA8B,EAAE,KAAK;SACxC,CAAC,CAAC;QACH,cAAc,CAAC,OAAO,EAAE;YACpB,WAAW,EAAE,KAAK;YAClB,oBAAoB,EAAE,CAAC,IAAI,CAAC;YAC5B,0BAA0B,EAAE,KAAK;YACjC,0BAA0B,EAAE,IAAI;YAChC,8BAA8B,EAAE,KAAK;YACrC,eAAe,EAAE,CAAC,OAAO,CAAC;SAC7B,CAAC,CAAC;QACH,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,gBAAgB,EAAE,CAAC;QACvC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,gBAAgB,EAAE,CAAC;IAC3C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;QACxC,MAAM,KAAK,GAAG,uBAAuB,EAAE,CAAC;QACxC,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,CAAC;QACtC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QAEtC,MAAM,MAAM,GAAG,uBAAuB,CAAC,EAAE,WAAW,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE,YAAY,EAAE,MAAM,EAAE,CAAC,CAAC;QACvG,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;IAC7C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iCAAiC,EAAE,GAAG,EAAE;QACvC,0BAA0B,CAAC,KAAK,CAAC,CAAC;QAClC,0BAA0B,CAAC,QAAQ,CAAC,CAAC;QACrC,0BAA0B,CAAC,OAAO,CAAC,CAAC;QACpC,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,gBAAgB,EAAE,CAAC;IAC3C,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,iBAAiB,EAAE,GAAG,EAAE;QAC7B,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC;QAEhC,UAAU,CAAC,GAAG,EAAE;YACZ,OAAO,CAAC,GAAG,GAAG,EAAE,GAAG,WAAW,EAAE,CAAC;QACrC,CAAC,CAAC,CAAC;QAEH,SAAS,CAAC,GAAG,EAAE;YACX,OAAO,CAAC,GAAG,GAAG,WAAW,CAAC;QAC9B,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,yBAAyB,EAAE,GAAG,EAAE;YAC/B,OAAO,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC;YAC9B,IAAI,MAAM,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;YACpC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAEjC,OAAO,CAAC,GAAG,CAAC,UAAU,GAAG,QAAQ,CAAC;YAClC,MAAM,GAAG,eAAe,CAAC,KAAK,CAAC,CAAC;YAChC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,6BAA6B,EAAE,GAAG,EAAE;YACnC,OAAO,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC;YAC7B,OAAO,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC;YAC3B,IAAI,MAAM,GAAG,eAAe,CAAC,QAAQ,CAAC,CAAC;YACvC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAEjC,OAAO,CAAC,GAAG,CAAC,SAAS,GAAG,KAAK,CAAC;YAC9B,MAAM,GAAG,eAAe,CAAC,QAAQ,CAAC,CAAC;YACnC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,2BAA2B,EAAE,GAAG,EAAE;YACjC,OAAO,CAAC,GAAG,CAAC,kBAAkB,GAAG,KAAK,CAAC;YACvC,OAAO,CAAC,GAAG,CAAC,iBAAiB,GAAG,IAAI,CAAC;YACrC,MAAM,MAAM,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;YACxC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAEjC,OAAO,CAAC,GAAG,CAAC,4BAA4B,GAAG,GAAG,CAAC;YAC/C,OAAO,CAAC,GAAG,CAAC,eAAe,GAAG,IAAI,CAAC;YACnC,OAAO,CAAC,GAAG,CAAC,mBAAmB,GAAG,GAAG,CAAC;YACtC,MAAM,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACtD,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;AACP,CAAC,CAAC,CAAC"}

package/dist/auth/__tests__/secure-secret.test.d.ts

@@ -1,2 +0,0 @@
-export {};
-//# sourceMappingURL=secure-secret.test.d.ts.map

package/dist/auth/__tests__/secure-secret.test.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"secure-secret.test.d.ts","sourceRoot":"","sources":["../../../src/auth/__tests__/secure-secret.test.ts"],"names":[],"mappings":""}

package/dist/auth/__tests__/secure-secret.test.js

@@ -1,104 +0,0 @@
-import { jest, describe, it, expect, beforeEach, afterEach } from '@jest/globals';
-import { SecretValue, isSecretValue, unwrapSecret } from '../secure-secret.js';
-describe('Secure Secret', () => {
-    const originalEnv = process.env;
-    beforeEach(() => {
-        jest.resetModules();
-        process.env = { ...originalEnv };
-        jest.spyOn(console, 'warn').mockImplementation(() => { });
-    });
-    afterEach(() => {
-        process.env = originalEnv;
-        jest.restoreAllMocks();
-    });
-    describe('SecretValue constructor', () => {
-        it('should throw if value is empty', () => {
-            // @ts-ignore - testing private constructor or bypassed via fromValue
-            expect(() => SecretValue.fromValue('', { allowHardcoded: true })).toThrow('Secret value cannot be empty');
-        });
-        it('should warn if secret is short', () => {
-            SecretValue.fromValue('short', { allowHardcoded: true });
-            expect(console.warn).toHaveBeenCalledWith(expect.stringContaining('less than 16 characters'));
-        });
-    });
-    describe('fromEnv', () => {
-        it('should load from env variable', () => {
-            process.env.TEST_SECRET = 'a-very-long-secret-value';
-            const secret = SecretValue.fromEnv('TEST_SECRET');
-            expect(secret.getValue()).toBe('a-very-long-secret-value');
-            expect(secret.isFromEnvironment()).toBe(true);
-        });
-        it('should throw if env variable missing', () => {
-            delete process.env.MISSING;
-            expect(() => SecretValue.fromEnv('MISSING')).toThrow('is not set');
-            expect(() => SecretValue.fromEnv('MISSING', { required: false })).toThrow('is not set');
-        });
-    });
-    describe('fromValue', () => {
-        it('should create from explicit value if allowed', () => {
-            const secret = SecretValue.fromValue('manual-secret-value', { allowHardcoded: true });
-            expect(secret.getValue()).toBe('manual-secret-value');
-            expect(secret.isFromEnvironment()).toBe(false);
-        });
-        it('should throw if hardcoded not allowed', () => {
-            expect(() => SecretValue.fromValue('fail')).toThrow('Hardcoded secrets are not allowed');
-        });
-        it('should warn in non-test environment and handle missing reason', () => {
-            process.env.NODE_ENV = 'production';
-            SecretValue.fromValue('manual-secret-value-long', { allowHardcoded: true, reason: 'Testing' });
-            expect(console.warn).toHaveBeenCalledWith(expect.stringContaining('Testing'));
-            SecretValue.fromValue('manual-secret-value-long', { allowHardcoded: true });
-            expect(console.warn).toHaveBeenCalledWith(expect.stringContaining('Not specified'));
-        });
-    });
-    describe('fromEnvOptional', () => {
-        it('should return secret if exists', () => {
-            process.env.OPT = 'opt-secret-value-long';
-            expect(SecretValue.fromEnvOptional('OPT')?.getValue()).toBe('opt-secret-value-long');
-        });
-        it('should return undefined if missing', () => {
-            expect(SecretValue.fromEnvOptional('MISSING_OPT')).toBeUndefined();
-        });
-    });
-    describe('isSecretValue', () => {
-        it('should correctly identify SecretValue', () => {
-            const secret = SecretValue.fromValue('val'.repeat(6), { allowHardcoded: true });
-            expect(isSecretValue(secret)).toBe(true);
-            expect(isSecretValue('string')).toBe(false);
-            expect(isSecretValue({})).toBe(false);
-        });
-    });
-    describe('unwrapSecret', () => {
-        it('should unwrap SecretValue', () => {
-            const secret = SecretValue.fromValue('val'.repeat(6), { allowHardcoded: true });
-            expect(unwrapSecret(secret)).toBe(secret.getValue());
-        });
-        it('should return string as-is', () => {
-            expect(unwrapSecret('string')).toBe('string');
-        });
-        it('should warn in production for raw strings', () => {
-            process.env.NODE_ENV = 'production';
-            unwrapSecret('raw');
-            expect(console.warn).toHaveBeenCalledWith(expect.stringContaining('Using raw string as secret'));
-        });
-    });
-    describe('Representations', () => {
-        const value = 'my-secret-value-long';
-        const secret = SecretValue.fromValue(value, { allowHardcoded: true });
-        it('should unwrap', () => {
-            expect(secret.unwrap()).toBe(value);
-        });
-        it('should redact in toString', () => {
-            expect(secret.toString()).toBe('[SecretValue: REDACTED]');
-        });
-        it('should redact in toJSON', () => {
-            expect(secret.toJSON()).toBe('[SecretValue: REDACTED]');
-        });
-        it('should redact in util.inspect', () => {
-            const inspect = secret[Symbol.for('nodejs.util.inspect.custom')]();
-            expect(inspect).toContain('REDACTED');
-            expect(inspect).not.toContain(value);
-        });
-    });
-});
-//# sourceMappingURL=secure-secret.test.js.map

package/dist/auth/__tests__/secure-secret.test.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"secure-secret.test.js","sourceRoot":"","sources":["../../../src/auth/__tests__/secure-secret.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAClF,OAAO,EAAE,WAAW,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AAE/E,QAAQ,CAAC,eAAe,EAAE,GAAG,EAAE;IAC3B,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC;IAEhC,UAAU,CAAC,GAAG,EAAE;QACZ,IAAI,CAAC,YAAY,EAAE,CAAC;QACpB,OAAO,CAAC,GAAG,GAAG,EAAE,GAAG,WAAW,EAAE,CAAC;QACjC,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,kBAAkB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,GAAG,EAAE;QACX,OAAO,CAAC,GAAG,GAAG,WAAW,CAAC;QAC1B,IAAI,CAAC,eAAe,EAAE,CAAC;IAC3B,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,yBAAyB,EAAE,GAAG,EAAE;QACrC,EAAE,CAAC,gCAAgC,EAAE,GAAG,EAAE;YACtC,qEAAqE;YACrE,MAAM,CAAC,GAAG,EAAE,CAAC,WAAW,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,cAAc,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,8BAA8B,CAAC,CAAC;QAC9G,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,gCAAgC,EAAE,GAAG,EAAE;YACtC,WAAW,CAAC,SAAS,CAAC,OAAO,EAAE,EAAE,cAAc,EAAE,IAAI,EAAE,CAAC,CAAC;YACzD,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,oBAAoB,CAAC,MAAM,CAAC,gBAAgB,CAAC,yBAAyB,CAAC,CAAC,CAAC;QAClG,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,SAAS,EAAE,GAAG,EAAE;QACrB,EAAE,CAAC,+BAA+B,EAAE,GAAG,EAAE;YACrC,OAAO,CAAC,GAAG,CAAC,WAAW,GAAG,0BAA0B,CAAC;YACrD,MAAM,MAAM,GAAG,WAAW,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC;YAClD,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC;YAC3D,MAAM,CAAC,MAAM,CAAC,iBAAiB,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAClD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;YAC5C,OAAO,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC;YAC3B,MAAM,CAAC,GAAG,EAAE,CAAC,WAAW,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;YACnE,MAAM,CAAC,GAAG,EAAE,CAAC,WAAW,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC5F,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,WAAW,EAAE,GAAG,EAAE;QACvB,EAAE,CAAC,8CAA8C,EAAE,GAAG,EAAE;YACpD,MAAM,MAAM,GAAG,WAAW,CAAC,SAAS,CAAC,qBAAqB,EAAE,EAAE,cAAc,EAAE,IAAI,EAAE,CAAC,CAAC;YACtF,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;YACtD,MAAM,CAAC,MAAM,CAAC,iBAAiB,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACnD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;YAC7C,MAAM,CAAC,GAAG,EAAE,CAAC,WAAW,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,mCAAmC,CAAC,CAAC;QAC7F,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,+DAA+D,EAAE,GAAG,EAAE;YACrE,OAAO,CAAC,GAAG,CAAC,QAAQ,GAAG,YAAY,CAAC;YACpC,WAAW,CAAC,SAAS,CAAC,0BAA0B,EAAE,EAAE,cAAc,EAAE,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC;YAC/F,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,oBAAoB,CAAC,MAAM,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAC,CAAC;YAE9E,WAAW,CAAC,SAAS,CAAC,0BAA0B,EAAE,EAAE,cAAc,EAAE,IAAI,EAAE,CAAC,CAAC;YAC5E,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,oBAAoB,CAAC,MAAM,CAAC,gBAAgB,CAAC,eAAe,CAAC,CAAC,CAAC;QACxF,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,iBAAiB,EAAE,GAAG,EAAE;QAC7B,EAAE,CAAC,gCAAgC,EAAE,GAAG,EAAE;YACtC,OAAO,CAAC,GAAG,CAAC,GAAG,GAAG,uBAAuB,CAAC;YAC1C,MAAM,CAAC,WAAW,CAAC,eAAe,CAAC,KAAK,CAAC,EAAE,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;QACzF,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,oCAAoC,EAAE,GAAG,EAAE;YAC1C,MAAM,CAAC,WAAW,CAAC,eAAe,CAAC,aAAa,CAAC,CAAC,CAAC,aAAa,EAAE,CAAC;QACvE,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,eAAe,EAAE,GAAG,EAAE;QAC3B,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;YAC7C,MAAM,MAAM,GAAG,WAAW,CAAC,SAAS,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,cAAc,EAAE,IAAI,EAAE,CAAC,CAAC;YAChF,MAAM,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACzC,MAAM,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAC5C,MAAM,CAAC,aAAa,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC1C,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,cAAc,EAAE,GAAG,EAAE;QAC1B,EAAE,CAAC,2BAA2B,EAAE,GAAG,EAAE;YACjC,MAAM,MAAM,GAAG,WAAW,CAAC,SAAS,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,cAAc,EAAE,IAAI,EAAE,CAAC,CAAC;YAChF,MAAM,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC;QACzD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,4BAA4B,EAAE,GAAG,EAAE;YAClC,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAClD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,2CAA2C,EAAE,GAAG,EAAE;YACjD,OAAO,CAAC,GAAG,CAAC,QAAQ,GAAG,YAAY,CAAC;YACpC,YAAY,CAAC,KAAK,CAAC,CAAC;YACpB,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,oBAAoB,CAAC,MAAM,CAAC,gBAAgB,CAAC,4BAA4B,CAAC,CAAC,CAAC;QACrG,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,iBAAiB,EAAE,GAAG,EAAE;QAC7B,MAAM,KAAK,GAAG,sBAAsB,CAAC;QACrC,MAAM,MAAM,GAAG,WAAW,CAAC,SAAS,CAAC,KAAK,EAAE,EAAE,cAAc,EAAE,IAAI,EAAE,CAAC,CAAC;QAEtE,EAAE,CAAC,eAAe,EAAE,GAAG,EAAE;YACrB,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,2BAA2B,EAAE,GAAG,EAAE;YACjC,MAAM,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;QAC9D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,yBAAyB,EAAE,GAAG,EAAE;YAC/B,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;QAC5D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,+BAA+B,EAAE,GAAG,EAAE;YACrC,MAAM,OAAO,GAAI,MAAc,CAAC,MAAM,CAAC,GAAG,CAAC,4BAA4B,CAAC,CAAC,EAAE,CAAC;YAC5E,MAAM,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;YACtC,MAAM,CAAC,OAAO,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QACzC,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;AACP,CAAC,CAAC,CAAC"}

package/dist/auth/__tests__/server-integration.test.d.ts

@@ -1,2 +0,0 @@
-export {};
-//# sourceMappingURL=server-integration.test.d.ts.map

package/dist/auth/__tests__/server-integration.test.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"server-integration.test.d.ts","sourceRoot":"","sources":["../../../src/auth/__tests__/server-integration.test.ts"],"names":[],"mappings":""}

package/dist/auth/__tests__/server-integration.test.js

@@ -1,156 +0,0 @@
-import { jest, describe, it, expect, beforeEach, afterEach } from '@jest/globals';
-// Mock middleware
-const mockCreateAuthMiddleware = jest.fn();
-const mockRequireScopes = jest.fn();
-jest.unstable_mockModule('../middleware.js', () => ({
-    createAuthMiddleware: mockCreateAuthMiddleware,
-    requireScopes: mockRequireScopes,
-}));
-// Mock metadata
-const mockCreateMetadata = jest.fn();
-jest.unstable_mockModule('../server-metadata.js', () => ({
-    createProtectedResourceMetadata: mockCreateMetadata,
-}));
-const { configureServerAuth, createScopeGuards, createMCPScopeGuards, getStandardMCPScopes, validateAuthConfig } = await import('../server-integration.js');
-describe('Server Integration', () => {
-    let app;
-    const config = {
-        resourceUri: 'https://api',
-        authorizationServers: ['https://auth'],
-        tokenIntrospectionEndpoint: 'https://auth/introspect',
-        audience: 'api'
-    };
-    beforeEach(() => {
-        jest.clearAllMocks();
-        app = {
-            get: jest.fn(),
-            use: jest.fn()
-        };
-        mockCreateAuthMiddleware.mockReturnValue((req, res, next) => next());
-        mockRequireScopes.mockReturnValue((req, res, next) => next());
-        mockCreateMetadata.mockReturnValue({ resource: 'api' });
-        jest.spyOn(console, 'log').mockImplementation(() => { });
-        jest.spyOn(console, 'warn').mockImplementation(() => { });
-    });
-    afterEach(() => {
-        jest.restoreAllMocks();
-    });
-    describe('configureServerAuth', () => {
-        it('should setup metadata and middleware', () => {
-            configureServerAuth(app, config);
-            expect(app.get).toHaveBeenCalledWith('/.well-known/oauth-protected-resource', expect.any(Function));
-            expect(app.use).toHaveBeenCalledWith('/mcp/*', expect.any(Function));
-            expect(mockCreateAuthMiddleware).toHaveBeenCalledWith(config);
-        });
-        it('should use custom paths', () => {
-            configureServerAuth(app, config, {
-                metadataPath: '/custom/meta',
-                protectRoutes: ['/api/*']
-            });
-            expect(app.get).toHaveBeenCalledWith('/custom/meta', expect.any(Function));
-            expect(app.use).toHaveBeenCalledWith('/api/*', expect.any(Function));
-        });
-        it('should return metadata on GET request', async () => {
-            configureServerAuth(app, config);
-            const handler = app.get.mock.calls.find((c) => c[0] === '/.well-known/oauth-protected-resource')[1];
-            const res = { json: jest.fn() };
-            handler({}, res);
-            expect(mockCreateMetadata).toHaveBeenCalled();
-            expect(res.json).toHaveBeenCalled();
-        });
-    });
-    describe('Guards', () => {
-        it('createScopeGuards', () => {
-            const guards = createScopeGuards({ read: ['mcp:read'], empty: [] });
-            expect(guards.read).toBeDefined();
-            expect(guards.empty).toBeUndefined();
-            expect(mockRequireScopes).toHaveBeenCalledWith('mcp:read');
-        });
-        it('createMCPScopeGuards', () => {
-            // Test with default prefix
-            const guardsDefault = createMCPScopeGuards();
-            expect(guardsDefault.read).toBeDefined();
-            expect(mockRequireScopes).toHaveBeenCalledWith('mcp:read');
-            // Test with custom prefix
-            const guardsCustom = createMCPScopeGuards('my');
-            expect(guardsCustom.read).toBeDefined();
-            expect(mockRequireScopes).toHaveBeenCalledWith('my:read');
-        });
-        it('getStandardMCPScopes', () => {
-            // Test with default prefix
-            const standardDefault = getStandardMCPScopes();
-            expect(standardDefault.scopes).toContain('mcp:read');
-            // Test with custom prefix
-            const standardCustom = getStandardMCPScopes('my');
-            expect(standardCustom.scopes).toContain('my:read');
-            expect(standardCustom.descriptions['my:read']).toBeDefined();
-        });
-    });
-    describe('validateAuthConfig', () => {
-        const containsError = (result, sub) => result.errors.some((e) => e.includes(sub));
-        const containsWarning = (result, sub) => result.warnings.some((w) => w.includes(sub));
-        it('should detect missing required fields', () => {
-            const result = validateAuthConfig({});
-            expect(result.valid).toBe(false);
-            expect(containsError(result, 'resourceUri is required')).toBe(true);
-            expect(containsError(result, 'At least one authorization server is required')).toBe(true);
-        });
-        it('should detect missing validation method', () => {
-            const result = validateAuthConfig({
-                resourceUri: 'https://api',
-                authorizationServers: ['s']
-            });
-            expect(containsError(result, 'Either tokenIntrospectionEndpoint or jwksUri must be configured')).toBe(true);
-        });
-        it('should warn for missing introspection credentials', () => {
-            const result = validateAuthConfig({
-                ...config,
-                tokenIntrospectionClientId: undefined,
-                tokenIntrospectionClientSecret: undefined
-            });
-            expect(containsWarning(result, 'tokenIntrospectionClientId not set')).toBe(true);
-            expect(containsWarning(result, 'tokenIntrospectionClientSecret not set')).toBe(true);
-        });
-        it('should error for missing JWT audience', () => {
-            const result = validateAuthConfig({
-                resourceUri: 'https://api',
-                authorizationServers: ['s'],
-                jwksUri: 'http://jwks',
-                audience: undefined
-            });
-            expect(containsError(result, 'audience is required for JWT validation')).toBe(true);
-        });
-        it('should warn for missing JWT issuer', () => {
-            const result = validateAuthConfig({
-                resourceUri: 'https://api',
-                authorizationServers: ['s'],
-                jwksUri: 'http://jwks',
-                audience: 'a',
-                issuer: undefined
-            });
-            expect(containsWarning(result, 'issuer not set')).toBe(true);
-        });
-        it('should warn for missing overall audience', () => {
-            const result = validateAuthConfig({
-                ...config,
-                audience: undefined
-            });
-            expect(containsWarning(result, 'audience not set')).toBe(true);
-        });
-        it('should validate HTTPS in production', () => {
-            const originalNodeEnv = process.env.NODE_ENV;
-            process.env.NODE_ENV = 'production';
-            // Invalid URL
-            const r1 = validateAuthConfig({ ...config, resourceUri: 'invalid' });
-            expect(containsError(r1, 'resourceUri is not a valid URL')).toBe(true);
-            // HTTP URL
-            const r2 = validateAuthConfig({ ...config, resourceUri: 'http://api' });
-            expect(containsError(r2, 'resourceUri must use HTTPS in production')).toBe(true);
-            // Valid HTTPS
-            const r3 = validateAuthConfig({ ...config, resourceUri: 'https://api' });
-            expect(r3.errors.some(e => e.includes('HTTPS'))).toBe(false);
-            process.env.NODE_ENV = originalNodeEnv;
-        });
-    });
-});
-//# sourceMappingURL=server-integration.test.js.map

package/dist/auth/__tests__/server-integration.test.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"server-integration.test.js","sourceRoot":"","sources":["../../../src/auth/__tests__/server-integration.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAElF,kBAAkB;AAClB,MAAM,wBAAwB,GAAG,IAAI,CAAC,EAAE,EAAS,CAAC;AAClD,MAAM,iBAAiB,GAAG,IAAI,CAAC,EAAE,EAAS,CAAC;AAC3C,IAAI,CAAC,mBAAmB,CAAC,kBAAkB,EAAE,GAAG,EAAE,CAAC,CAAC;IAChD,oBAAoB,EAAE,wBAAwB;IAC9C,aAAa,EAAE,iBAAiB;CACnC,CAAC,CAAC,CAAC;AAEJ,gBAAgB;AAChB,MAAM,kBAAkB,GAAG,IAAI,CAAC,EAAE,EAAS,CAAC;AAC5C,IAAI,CAAC,mBAAmB,CAAC,uBAAuB,EAAE,GAAG,EAAE,CAAC,CAAC;IACrD,+BAA+B,EAAE,kBAAkB;CACtD,CAAC,CAAC,CAAC;AAEJ,MAAM,EACF,mBAAmB,EACnB,iBAAiB,EACjB,oBAAoB,EACpB,oBAAoB,EACpB,kBAAkB,EACrB,GAAG,MAAM,MAAM,CAAC,0BAA0B,CAAC,CAAC;AAE7C,QAAQ,CAAC,oBAAoB,EAAE,GAAG,EAAE;IAChC,IAAI,GAAQ,CAAC;IACb,MAAM,MAAM,GAAQ;QAChB,WAAW,EAAE,aAAa;QAC1B,oBAAoB,EAAE,CAAC,cAAc,CAAC;QACtC,0BAA0B,EAAE,yBAAyB;QACrD,QAAQ,EAAE,KAAK;KAClB,CAAC;IAEF,UAAU,CAAC,GAAG,EAAE;QACZ,IAAI,CAAC,aAAa,EAAE,CAAC;QACrB,GAAG,GAAG;YACF,GAAG,EAAE,IAAI,CAAC,EAAE,EAAE;YACd,GAAG,EAAE,IAAI,CAAC,EAAE,EAAE;SACjB,CAAC;QACF,wBAAwB,CAAC,eAAe,CAAC,CAAC,GAAQ,EAAE,GAAQ,EAAE,IAAS,EAAE,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC;QACpF,iBAAiB,CAAC,eAAe,CAAC,CAAC,GAAQ,EAAE,GAAQ,EAAE,IAAS,EAAE,EAAE,CAAC,IAAI,EAAE,CAAC,CAAC;QAC7E,kBAAkB,CAAC,eAAe,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC;QACxD,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC,kBAAkB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC;QACzD,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC,kBAAkB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,GAAG,EAAE;QACX,IAAI,CAAC,eAAe,EAAE,CAAC;IAC3B,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,qBAAqB,EAAE,GAAG,EAAE;QACjC,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;YAC5C,mBAAmB,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;YACjC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,oBAAoB,CAAC,uCAAuC,EAAE,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;YACpG,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,oBAAoB,CAAC,QAAQ,EAAE,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;YACrE,MAAM,CAAC,wBAAwB,CAAC,CAAC,oBAAoB,CAAC,MAAM,CAAC,CAAC;QAClE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,yBAAyB,EAAE,GAAG,EAAE;YAC/B,mBAAmB,CAAC,GAAG,EAAE,MAAM,EAAE;gBAC7B,YAAY,EAAE,cAAc;gBAC5B,aAAa,EAAE,CAAC,QAAQ,CAAC;aAC5B,CAAC,CAAC;YACH,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,oBAAoB,CAAC,cAAc,EAAE,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;YAC3E,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,oBAAoB,CAAC,QAAQ,EAAE,MAAM,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC;QACzE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,uCAAuC,EAAE,KAAK,IAAI,EAAE;YACnD,mBAAmB,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;YACjC,MAAM,OAAO,GAAG,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,uCAAuC,CAAC,CAAC,CAAC,CAAC,CAAC;YACzG,MAAM,GAAG,GAAG,EAAE,IAAI,EAAE,IAAI,CAAC,EAAE,EAAE,EAAE,CAAC;YAChC,OAAO,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC;YACjB,MAAM,CAAC,kBAAkB,CAAC,CAAC,gBAAgB,EAAE,CAAC;YAC9C,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,gBAAgB,EAAE,CAAC;QACxC,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE;QACpB,EAAE,CAAC,mBAAmB,EAAE,GAAG,EAAE;YACzB,MAAM,MAAM,GAAG,iBAAiB,CAAC,EAAE,IAAI,EAAE,CAAC,UAAU,CAAC,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,CAAC;YACpE,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;YAClC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,aAAa,EAAE,CAAC;YACrC,MAAM,CAAC,iBAAiB,CAAC,CAAC,oBAAoB,CAAC,UAAU,CAAC,CAAC;QAC/D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,sBAAsB,EAAE,GAAG,EAAE;YAC5B,2BAA2B;YAC3B,MAAM,aAAa,GAAG,oBAAoB,EAAE,CAAC;YAC7C,MAAM,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;YACzC,MAAM,CAAC,iBAAiB,CAAC,CAAC,oBAAoB,CAAC,UAAU,CAAC,CAAC;YAE3D,0BAA0B;YAC1B,MAAM,YAAY,GAAG,oBAAoB,CAAC,IAAI,CAAC,CAAC;YAChD,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;YACxC,MAAM,CAAC,iBAAiB,CAAC,CAAC,oBAAoB,CAAC,SAAS,CAAC,CAAC;QAC9D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,sBAAsB,EAAE,GAAG,EAAE;YAC5B,2BAA2B;YAC3B,MAAM,eAAe,GAAG,oBAAoB,EAAE,CAAC;YAC/C,MAAM,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;YAErD,0BAA0B;YAC1B,MAAM,cAAc,GAAG,oBAAoB,CAAC,IAAI,CAAC,CAAC;YAClD,MAAM,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;YACnD,MAAM,CAAC,cAAc,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;QACjE,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,oBAAoB,EAAE,GAAG,EAAE;QAChC,MAAM,aAAa,GAAG,CAAC,MAAW,EAAE,GAAW,EAAE,EAAE,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;QACvG,MAAM,eAAe,GAAG,CAAC,MAAW,EAAE,GAAW,EAAE,EAAE,CAAC,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;QAE3G,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;YAC7C,MAAM,MAAM,GAAG,kBAAkB,CAAC,EAAS,CAAC,CAAC;YAC7C,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACjC,MAAM,CAAC,aAAa,CAAC,MAAM,EAAE,yBAAyB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACpE,MAAM,CAAC,aAAa,CAAC,MAAM,EAAE,+CAA+C,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC9F,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,yCAAyC,EAAE,GAAG,EAAE;YAC/C,MAAM,MAAM,GAAG,kBAAkB,CAAC;gBAC9B,WAAW,EAAE,aAAa;gBAC1B,oBAAoB,EAAE,CAAC,GAAG,CAAC;aACvB,CAAC,CAAC;YACV,MAAM,CAAC,aAAa,CAAC,MAAM,EAAE,iEAAiE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAChH,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,mDAAmD,EAAE,GAAG,EAAE;YACzD,MAAM,MAAM,GAAG,kBAAkB,CAAC;gBAC9B,GAAG,MAAM;gBACT,0BAA0B,EAAE,SAAS;gBACrC,8BAA8B,EAAE,SAAS;aAC5C,CAAC,CAAC;YACH,MAAM,CAAC,eAAe,CAAC,MAAM,EAAE,oCAAoC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACjF,MAAM,CAAC,eAAe,CAAC,MAAM,EAAE,wCAAwC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACzF,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;YAC7C,MAAM,MAAM,GAAG,kBAAkB,CAAC;gBAC9B,WAAW,EAAE,aAAa;gBAC1B,oBAAoB,EAAE,CAAC,GAAG,CAAC;gBAC3B,OAAO,EAAE,aAAa;gBACtB,QAAQ,EAAE,SAAS;aACf,CAAC,CAAC;YACV,MAAM,CAAC,aAAa,CAAC,MAAM,EAAE,yCAAyC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACxF,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,oCAAoC,EAAE,GAAG,EAAE;YAC1C,MAAM,MAAM,GAAG,kBAAkB,CAAC;gBAC9B,WAAW,EAAE,aAAa;gBAC1B,oBAAoB,EAAE,CAAC,GAAG,CAAC;gBAC3B,OAAO,EAAE,aAAa;gBACtB,QAAQ,EAAE,GAAG;gBACb,MAAM,EAAE,SAAS;aACb,CAAC,CAAC;YACV,MAAM,CAAC,eAAe,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACjE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,0CAA0C,EAAE,GAAG,EAAE;YAChD,MAAM,MAAM,GAAG,kBAAkB,CAAC;gBAC9B,GAAG,MAAM;gBACT,QAAQ,EAAE,SAAS;aACtB,CAAC,CAAC;YACH,MAAM,CAAC,eAAe,CAAC,MAAM,EAAE,kBAAkB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;YAC3C,MAAM,eAAe,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC;YAC7C,OAAO,CAAC,GAAG,CAAC,QAAQ,GAAG,YAAY,CAAC;YAEpC,cAAc;YACd,MAAM,EAAE,GAAG,kBAAkB,CAAC,EAAE,GAAG,MAAM,EAAE,WAAW,EAAE,SAAS,EAAE,CAAC,CAAC;YACrE,MAAM,CAAC,aAAa,CAAC,EAAE,EAAE,gCAAgC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAEvE,WAAW;YACX,MAAM,EAAE,GAAG,kBAAkB,CAAC,EAAE,GAAG,MAAM,EAAE,WAAW,EAAE,YAAY,EAAE,CAAC,CAAC;YACxE,MAAM,CAAC,aAAa,CAAC,EAAE,EAAE,0CAA0C,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAEjF,cAAc;YACd,MAAM,EAAE,GAAG,kBAAkB,CAAC,EAAE,GAAG,MAAM,EAAE,WAAW,EAAE,aAAa,EAAE,CAAC,CAAC;YACzE,MAAM,CAAC,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAE7D,OAAO,CAAC,GAAG,CAAC,QAAQ,GAAG,eAAe,CAAC;QAC3C,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;AACP,CAAC,CAAC,CAAC"}

package/dist/auth/__tests__/server-metadata.test.d.ts

@@ -1,2 +0,0 @@
-export {};
-//# sourceMappingURL=server-metadata.test.d.ts.map

package/dist/auth/__tests__/server-metadata.test.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"server-metadata.test.d.ts","sourceRoot":"","sources":["../../../src/auth/__tests__/server-metadata.test.ts"],"names":[],"mappings":""}

package/dist/auth/__tests__/server-metadata.test.js

@@ -1,72 +0,0 @@
-import { describe, it, expect } from '@jest/globals';
-import { createProtectedResourceMetadata, getWellKnownMetadataUris, generateWWWAuthenticateHeader, parseWWWAuthenticateHeader } from '../server-metadata.js';
-describe('Server Metadata', () => {
-    describe('createProtectedResourceMetadata', () => {
-        it('should create metadata with minimal info', () => {
-            const meta = createProtectedResourceMetadata('https://api', ['https://auth']);
-            expect(meta.resource).toBe('https://api');
-            expect(meta.authorization_servers).toEqual(['https://auth']);
-            expect(meta.bearer_methods_supported).toEqual(['header']);
-        });
-        it('should include supported scopes', () => {
-            const meta = createProtectedResourceMetadata('https://api', ['https://auth'], ['read', 'write']);
-            expect(meta.scopes_supported).toEqual(['read', 'write']);
-        });
-    });
-    describe('getWellKnownMetadataUris', () => {
-        it('should return multiple URIs if resource has path', () => {
-            const url = new URL('https://api.com/mcp');
-            const uris = getWellKnownMetadataUris(url);
-            expect(uris).toHaveLength(2);
-            expect(uris).toContain('https://api.com/.well-known/oauth-protected-resource/mcp');
-            expect(uris).toContain('https://api.com/.well-known/oauth-protected-resource');
-        });
-        it('should return single URI if resource is root', () => {
-            const url = new URL('https://api.com/');
-            const uris = getWellKnownMetadataUris(url);
-            expect(uris).toHaveLength(1);
-            expect(uris).toContain('https://api.com/.well-known/oauth-protected-resource');
-        });
-    });
-    describe('generateWWWAuthenticateHeader', () => {
-        it('should generate basic header', () => {
-            expect(generateWWWAuthenticateHeader({})).toBe('Bearer');
-        });
-        it('should include all parameters', () => {
-            const header = generateWWWAuthenticateHeader({
-                realm: 'mcp',
-                scope: 'read write',
-                resourceMetadataUrl: 'https://meta',
-                error: 'invalid_token',
-                errorDescription: 'Expired'
-            });
-            expect(header).toContain('realm="mcp"');
-            expect(header).toContain('scope="read write"');
-            expect(header).toContain('resource_metadata="https://meta"');
-            expect(header).toContain('error="invalid_token"');
-            expect(header).toContain('error_description="Expired"');
-        });
-    });
-    describe('parseWWWAuthenticateHeader', () => {
-        it('should parse valid header', () => {
-            const header = 'Bearer realm="mcp", scope="read", resource_metadata="https://api", error="invalid", error_description="desc"';
-            const parsed = parseWWWAuthenticateHeader(header);
-            expect(parsed?.scheme).toBe('Bearer');
-            expect(parsed?.realm).toBe('mcp');
-            expect(parsed?.scope).toBe('read');
-            expect(parsed?.resourceMetadata).toBe('https://api');
-            expect(parsed?.error).toBe('invalid');
-            expect(parsed?.errorDescription).toBe('desc');
-        });
-        it('should return null for invalid headers', () => {
-            expect(parseWWWAuthenticateHeader('')).toBeNull();
-            expect(parseWWWAuthenticateHeader('Basic realm="mcp"')).toBeNull();
-        });
-        it('should handle partial parameters', () => {
-            const parsed = parseWWWAuthenticateHeader('Bearer realm="test"');
-            expect(parsed?.realm).toBe('test');
-            expect(parsed?.scope).toBeUndefined();
-        });
-    });
-});
-//# sourceMappingURL=server-metadata.test.js.map

package/dist/auth/__tests__/server-metadata.test.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"server-metadata.test.js","sourceRoot":"","sources":["../../../src/auth/__tests__/server-metadata.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,eAAe,CAAC;AACrD,OAAO,EACH,+BAA+B,EAC/B,wBAAwB,EACxB,6BAA6B,EAC7B,0BAA0B,EAC7B,MAAM,uBAAuB,CAAC;AAE/B,QAAQ,CAAC,iBAAiB,EAAE,GAAG,EAAE;IAC7B,QAAQ,CAAC,iCAAiC,EAAE,GAAG,EAAE;QAC7C,EAAE,CAAC,0CAA0C,EAAE,GAAG,EAAE;YAChD,MAAM,IAAI,GAAG,+BAA+B,CAAC,aAAa,EAAE,CAAC,cAAc,CAAC,CAAC,CAAC;YAC9E,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;YAC1C,MAAM,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC,OAAO,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC;YAC7D,MAAM,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC;QAC9D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,iCAAiC,EAAE,GAAG,EAAE;YACvC,MAAM,IAAI,GAAG,+BAA+B,CAAC,aAAa,EAAE,CAAC,cAAc,CAAC,EAAE,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;YACjG,MAAM,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,OAAO,CAAC,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;QAC7D,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,0BAA0B,EAAE,GAAG,EAAE;QACtC,EAAE,CAAC,kDAAkD,EAAE,GAAG,EAAE;YACxD,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,qBAAqB,CAAC,CAAC;YAC3C,MAAM,IAAI,GAAG,wBAAwB,CAAC,GAAG,CAAC,CAAC;YAC3C,MAAM,CAAC,IAAI,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YAC7B,MAAM,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,0DAA0D,CAAC,CAAC;YACnF,MAAM,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,sDAAsD,CAAC,CAAC;QACnF,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,8CAA8C,EAAE,GAAG,EAAE;YACpD,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,kBAAkB,CAAC,CAAC;YACxC,MAAM,IAAI,GAAG,wBAAwB,CAAC,GAAG,CAAC,CAAC;YAC3C,MAAM,CAAC,IAAI,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YAC7B,MAAM,CAAC,IAAI,CAAC,CAAC,SAAS,CAAC,sDAAsD,CAAC,CAAC;QACnF,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,+BAA+B,EAAE,GAAG,EAAE;QAC3C,EAAE,CAAC,8BAA8B,EAAE,GAAG,EAAE;YACpC,MAAM,CAAC,6BAA6B,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC7D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,+BAA+B,EAAE,GAAG,EAAE;YACrC,MAAM,MAAM,GAAG,6BAA6B,CAAC;gBACzC,KAAK,EAAE,KAAK;gBACZ,KAAK,EAAE,YAAY;gBACnB,mBAAmB,EAAE,cAAc;gBACnC,KAAK,EAAE,eAAe;gBACtB,gBAAgB,EAAE,SAAS;aAC9B,CAAC,CAAC;YACH,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC;YACxC,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,oBAAoB,CAAC,CAAC;YAC/C,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,kCAAkC,CAAC,CAAC;YAC7D,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,uBAAuB,CAAC,CAAC;YAClD,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,6BAA6B,CAAC,CAAC;QAC5D,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,4BAA4B,EAAE,GAAG,EAAE;QACxC,EAAE,CAAC,2BAA2B,EAAE,GAAG,EAAE;YACjC,MAAM,MAAM,GAAG,8GAA8G,CAAC;YAC9H,MAAM,MAAM,GAAG,0BAA0B,CAAC,MAAM,CAAC,CAAC;YAClD,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;YACtC,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YAClC,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACnC,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;YACrD,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;YACtC,MAAM,CAAC,MAAM,EAAE,gBAAgB,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAClD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,wCAAwC,EAAE,GAAG,EAAE;YAC9C,MAAM,CAAC,0BAA0B,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;YAClD,MAAM,CAAC,0BAA0B,CAAC,mBAAmB,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;QACvE,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;YACxC,MAAM,MAAM,GAAG,0BAA0B,CAAC,qBAAqB,CAAC,CAAC;YACjE,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;YACnC,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC,aAAa,EAAE,CAAC;QAC1C,CAAC,CAAC,CAAC;IACP,CAAC,CAAC,CAAC;AACP,CAAC,CAAC,CAAC"}

package/dist/auth/__tests__/simple-jwt.test.d.ts

@@ -1,2 +0,0 @@
-export {};
-//# sourceMappingURL=simple-jwt.test.d.ts.map

package/dist/auth/__tests__/simple-jwt.test.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"simple-jwt.test.d.ts","sourceRoot":"","sources":["../../../src/auth/__tests__/simple-jwt.test.ts"],"names":[],"mappings":""}

package/dist/auth/__tests__/simple-jwt.test.js

@@ -1,125 +0,0 @@
-import { jest, describe, it, expect, beforeEach } from '@jest/globals';
-import jwt from 'jsonwebtoken';
-import { createSimpleJWTAuth, generateJWT, verifyJWT, decodeJWT } from '../simple-jwt.js';
-import { SecretValue } from '../secure-secret.js';
-describe('Simple JWT Auth', () => {
-    const secret = 'test-secret';
-    const baseConfig = { secret };
-    describe('Utilities', () => {
-        beforeEach(() => {
-            jest.restoreAllMocks();
-        });
-        it('should generate and verify JWT', () => {
-            const token = generateJWT({
-                secret,
-                payload: { sub: 'user1', scopes: ['read'] },
-                expiresIn: '1h',
-                audience: 'aud',
-                issuer: 'iss'
-            });
-            expect(token).toBeDefined();
-            const payload = verifyJWT(token, { secret, audience: 'aud', issuer: 'iss' });
-            expect(payload?.sub).toBe('user1');
-            expect(payload?.aud).toBe('aud');
-            expect(payload?.iss).toBe('iss');
-        });
-        it('should return null for invalid JWT in verifyJWT', () => {
-            expect(verifyJWT('invalid', baseConfig)).toBeNull();
-        });
-        it('should handle custom validation in verifyJWT', () => {
-            const token = generateJWT({ secret, payload: { sub: 'u' } });
-            const validResult = verifyJWT(token, { secret, customValidation: (p) => p.sub === 'u' });
-            expect(validResult).not.toBeNull();
-            const invalidResult = verifyJWT(token, { secret, customValidation: (p) => p.sub === 'wrong' });
-            expect(invalidResult).toBeNull();
-        });
-        it('should decode JWT', () => {
-            const token = generateJWT({ secret, payload: { sub: 'u' } });
-            const decoded = decodeJWT(token);
-            expect(decoded?.sub).toBe('u');
-        });
-        it('should handle decode error', () => {
-            jest.spyOn(jwt, 'decode').mockImplementation(() => { throw new Error('Fail'); });
-            expect(decodeJWT('anything')).toBeNull();
-        });
-    });
-    describe('Middleware', () => {
-        let req;
-        let res;
-        let next;
-        beforeEach(() => {
-            jest.restoreAllMocks();
-            req = { headers: {} };
-            res = {
-                status: jest.fn().mockReturnThis(),
-                json: jest.fn()
-            };
-            next = jest.fn();
-        });
-        it('should authenticate valid token', async () => {
-            const token = generateJWT({ secret, payload: { sub: 'u', scope: 's1 s2' } });
-            req.headers.authorization = `Bearer ${token}`;
-            const middleware = createSimpleJWTAuth(baseConfig);
-            await middleware(req, res, next);
-            expect(next).toHaveBeenCalled();
-            expect(req.auth.authenticated).toBe(true);
-            expect(req.auth.scopes).toEqual(['s1', 's2']);
-        });
-        it('should handle audience and issuer validation', async () => {
-            const token = generateJWT({ secret, payload: { sub: 'u' }, audience: 'aud', issuer: 'iss' });
-            req.headers.authorization = `Bearer ${token}`;
-            const middleware = createSimpleJWTAuth({ secret, audience: 'aud', issuer: 'iss' });
-            await middleware(req, res, next);
-            expect(next).toHaveBeenCalled();
-            expect(req.auth.tokenInfo.aud).toEqual(['aud']);
-        });
-        it('should 401 if no header', async () => {
-            const middleware = createSimpleJWTAuth(baseConfig);
-            await middleware(req, res, next);
-            expect(res.status).toHaveBeenCalledWith(401);
-        });
-        it('should 401 if expired', async () => {
-            const token = jwt.sign({ sub: 'u', exp: Math.floor(Date.now() / 1000) - 10 }, secret);
-            req.headers.authorization = `Bearer ${token}`;
-            const middleware = createSimpleJWTAuth({ secret });
-            await middleware(req, res, next);
-            expect(res.status).toHaveBeenCalledWith(401);
-            expect(res.json).toHaveBeenCalledWith(expect.objectContaining({ error: 'token_expired' }));
-        });
-        it('should 401 if invalid token string', async () => {
-            req.headers.authorization = 'Bearer invalid-token';
-            const middleware = createSimpleJWTAuth(baseConfig);
-            await middleware(req, res, next);
-            expect(res.status).toHaveBeenCalledWith(401);
-            expect(res.json).toHaveBeenCalledWith(expect.objectContaining({ error: 'invalid_token' }));
-        });
-        it('should 403 if custom validation fails', async () => {
-            const token = generateJWT({ secret, payload: { sub: 'u' } });
-            req.headers.authorization = `Bearer ${token}`;
-            const middleware = createSimpleJWTAuth({ secret, customValidation: () => false });
-            await middleware(req, res, next);
-            expect(res.status).toHaveBeenCalledWith(403);
-        });
-        it('should handle runtime errors in middleware', async () => {
-            req.headers.authorization = 'Bearer valid-looking-token';
-            jest.spyOn(jwt, 'verify').mockImplementationOnce(() => { throw new Error('Unexpected'); });
-            const middleware = createSimpleJWTAuth(baseConfig);
-            await middleware(req, res, next);
-            expect(res.status).toHaveBeenCalledWith(500);
-        });
-        it('should handle SecretValue from env', async () => {
-            const prev = process.env.JWT_SECRET;
-            process.env.JWT_SECRET = secret;
-            const token = generateJWT({ secret: SecretValue.fromEnv('JWT_SECRET'), payload: { sub: 'u' } });
-            expect(token).toBeDefined();
-            process.env.JWT_SECRET = prev;
-        });
-        it('should handle malformed header', async () => {
-            req.headers.authorization = 'NotBearer token';
-            const middleware = createSimpleJWTAuth(baseConfig);
-            await middleware(req, res, next);
-            expect(res.status).toHaveBeenCalledWith(401);
-        });
-    });
-});
-//# sourceMappingURL=simple-jwt.test.js.map