noumen 0.1.0 → 0.3.0

package/dist/chunk-Y45R3PQL.js

@@ -0,0 +1,684 @@
+import {
+  maybeResizeAndDownsampleImageBuffer
+} from "./chunk-5GEX6ZSB.js";
+import {
+  buildMcpToolName
+} from "./chunk-4SQA2UCV.js";
+
+// src/mcp/client.ts
+import { Client } from "@modelcontextprotocol/sdk/client/index.js";
+import { StdioClientTransport } from "@modelcontextprotocol/sdk/client/stdio.js";
+import { StreamableHTTPClientTransport } from "@modelcontextprotocol/sdk/client/streamableHttp.js";
+import { SSEClientTransport } from "@modelcontextprotocol/sdk/client/sse.js";
+import { WebSocketClientTransport } from "@modelcontextprotocol/sdk/client/websocket.js";
+import { UnauthorizedError } from "@modelcontextprotocol/sdk/client/auth.js";
+
+// src/mcp/auth/provider.ts
+import { randomBytes } from "crypto";
+import { exec } from "child_process";
+var NoumenOAuthProvider = class {
+  serverKey;
+  storage;
+  _clientMetadata;
+  _callbackPort;
+  _onAuthorizationUrl;
+  _signal;
+  _preRegisteredClientId;
+  _preRegisteredClientSecret;
+  _state = null;
+  constructor(serverKey, options) {
+    this.serverKey = serverKey;
+    this.storage = options.storage;
+    this._clientMetadata = options.clientMetadata;
+    this._callbackPort = options.callbackPort ?? 3118;
+    this._onAuthorizationUrl = options.onAuthorizationUrl;
+    this._signal = options.signal;
+    this._preRegisteredClientId = options.clientId;
+    this._preRegisteredClientSecret = options.clientSecret;
+  }
+  get redirectUrl() {
+    return `http://localhost:${this._callbackPort}/callback`;
+  }
+  get clientMetadata() {
+    return this._clientMetadata;
+  }
+  async state() {
+    if (!this._state) {
+      this._state = randomBytes(32).toString("base64url");
+    }
+    return this._state;
+  }
+  async clientInformation() {
+    if (this._preRegisteredClientId) {
+      const info = {
+        client_id: this._preRegisteredClientId
+      };
+      if (this._preRegisteredClientSecret) {
+        info.client_secret = this._preRegisteredClientSecret;
+      }
+      return info;
+    }
+    const data = await this.storage.load(this.serverKey);
+    return data?.clientInformation;
+  }
+  async saveClientInformation(clientInformation) {
+    const data = await this.storage.load(this.serverKey) ?? {};
+    data.clientInformation = clientInformation;
+    await this.storage.save(this.serverKey, data);
+  }
+  async tokens() {
+    const data = await this.storage.load(this.serverKey);
+    if (!data?.tokens) return void 0;
+    const REFRESH_BUFFER_MS = 5 * 60 * 1e3;
+    if (data.expiresAt && data.tokens.refresh_token && Date.now() >= data.expiresAt - REFRESH_BUFFER_MS) {
+      return void 0;
+    }
+    return data.tokens;
+  }
+  async saveTokens(tokens) {
+    const data = await this.storage.load(this.serverKey) ?? {};
+    data.tokens = tokens;
+    if (tokens.expires_in != null) {
+      data.expiresAt = Date.now() + tokens.expires_in * 1e3;
+    }
+    await this.storage.save(this.serverKey, data);
+  }
+  async redirectToAuthorization(authorizationUrl) {
+    const urlStr = authorizationUrl.toString();
+    if (this._onAuthorizationUrl) {
+      await this._onAuthorizationUrl(urlStr);
+      return;
+    }
+    openBrowser(urlStr);
+  }
+  async saveCodeVerifier(codeVerifier) {
+    const data = await this.storage.load(this.serverKey) ?? {};
+    data.codeVerifier = codeVerifier;
+    await this.storage.save(this.serverKey, data);
+  }
+  async codeVerifier() {
+    const data = await this.storage.load(this.serverKey);
+    return data?.codeVerifier ?? "";
+  }
+  async invalidateCredentials(scope) {
+    if (scope === "all") {
+      this._state = null;
+      await this.storage.delete(this.serverKey);
+      return;
+    }
+    const data = await this.storage.load(this.serverKey);
+    if (!data) return;
+    switch (scope) {
+      case "client":
+        delete data.clientInformation;
+        break;
+      case "tokens":
+        delete data.tokens;
+        delete data.expiresAt;
+        break;
+      case "verifier":
+        delete data.codeVerifier;
+        break;
+      case "discovery":
+        delete data.discoveryState;
+        break;
+    }
+    await this.storage.save(this.serverKey, data);
+  }
+  async saveDiscoveryState(state) {
+    const data = await this.storage.load(this.serverKey) ?? {};
+    data.discoveryState = state;
+    await this.storage.save(this.serverKey, data);
+  }
+  async discoveryState() {
+    const data = await this.storage.load(this.serverKey);
+    return data?.discoveryState;
+  }
+};
+function openBrowser(url) {
+  const platform = process.platform;
+  const cmd = platform === "darwin" ? "open" : platform === "win32" ? "start" : "xdg-open";
+  exec(`${cmd} ${JSON.stringify(url)}`);
+}
+
+// src/mcp/auth/callback-server.ts
+import * as http from "http";
+var DEFAULT_FALLBACK_PORT = 3118;
+var EPHEMERAL_PORT_MIN = 49152;
+var EPHEMERAL_PORT_MAX = 65535;
+var MAX_PORT_ATTEMPTS = 50;
+var CALLBACK_TIMEOUT_MS = 5 * 60 * 1e3;
+async function findAvailablePort(preferred) {
+  if (preferred != null) {
+    const ok = await isPortAvailable(preferred);
+    if (ok) return preferred;
+  }
+  for (let i = 0; i < MAX_PORT_ATTEMPTS; i++) {
+    const port = EPHEMERAL_PORT_MIN + Math.floor(Math.random() * (EPHEMERAL_PORT_MAX - EPHEMERAL_PORT_MIN + 1));
+    const ok = await isPortAvailable(port);
+    if (ok) return port;
+  }
+  return DEFAULT_FALLBACK_PORT;
+}
+function isPortAvailable(port) {
+  return new Promise((resolve) => {
+    const server = http.createServer();
+    server.once("error", () => resolve(false));
+    server.listen(port, "127.0.0.1", () => {
+      server.close(() => resolve(true));
+    });
+  });
+}
+var OAuthCallbackServer = class {
+  server = null;
+  port = 0;
+  /**
+   * Start listening on a local port and return a promise that resolves
+   * when the authorization callback is received.
+   */
+  async start(options) {
+    const port = await findAvailablePort(options?.callbackPort);
+    this.port = port;
+    const redirectUri = `http://localhost:${port}/callback`;
+    const callbackPromise = new Promise(
+      (resolve, reject) => {
+        const server = http.createServer((req, res) => {
+          if (!req.url?.startsWith("/callback")) {
+            res.writeHead(404);
+            res.end("Not found");
+            return;
+          }
+          const parsed = new URL(req.url, `http://localhost:${port}`);
+          const code = parsed.searchParams.get("code") ?? void 0;
+          const state = parsed.searchParams.get("state") ?? void 0;
+          const error = parsed.searchParams.get("error") ?? void 0;
+          const errorDescription = parsed.searchParams.get("error_description") ?? void 0;
+          if (error) {
+            res.writeHead(400, { "Content-Type": "text/html" });
+            res.end(
+              `<html><body><h1>Authorization Error</h1><p>${escapeHtml(error)}: ${escapeHtml(errorDescription ?? "")}</p></body></html>`
+            );
+            cleanup();
+            reject(new Error(`OAuth error: ${error} - ${errorDescription ?? ""}`));
+            return;
+          }
+          if (!code) {
+            res.writeHead(400, { "Content-Type": "text/html" });
+            res.end(
+              "<html><body><h1>Error</h1><p>Missing authorization code.</p></body></html>"
+            );
+            cleanup();
+            reject(new Error("Missing authorization code in callback"));
+            return;
+          }
+          if (options?.expectedState && state !== options.expectedState) {
+            res.writeHead(400, { "Content-Type": "text/html" });
+            res.end(
+              "<html><body><h1>Error</h1><p>State parameter mismatch.</p></body></html>"
+            );
+            cleanup();
+            reject(new Error("OAuth state mismatch"));
+            return;
+          }
+          res.writeHead(200, { "Content-Type": "text/html" });
+          res.end(
+            "<html><body><h1>Authorization Successful</h1><p>You can close this window.</p></body></html>"
+          );
+          cleanup();
+          resolve({ code, state });
+        });
+        this.server = server;
+        const timeout = setTimeout(() => {
+          cleanup();
+          reject(new Error("OAuth callback timeout"));
+        }, CALLBACK_TIMEOUT_MS);
+        const cleanup = () => {
+          clearTimeout(timeout);
+          this.close();
+        };
+        if (options?.signal) {
+          if (options.signal.aborted) {
+            cleanup();
+            reject(new Error("OAuth callback aborted"));
+            return;
+          }
+          options.signal.addEventListener(
+            "abort",
+            () => {
+              cleanup();
+              reject(new Error("OAuth callback aborted"));
+            },
+            { once: true }
+          );
+        }
+        server.listen(port, "127.0.0.1");
+        server.unref();
+      }
+    );
+    return { port, redirectUri, waitForCallback: () => callbackPromise };
+  }
+  close() {
+    if (this.server) {
+      try {
+        this.server.close();
+      } catch {
+      }
+      this.server = null;
+    }
+  }
+};
+function escapeHtml(s) {
+  return s.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;");
+}
+
+// src/mcp/auth/storage.ts
+import * as fs from "fs/promises";
+import * as path from "path";
+var InMemoryTokenStorage = class {
+  store = /* @__PURE__ */ new Map();
+  async load(serverKey) {
+    return this.store.get(serverKey);
+  }
+  async save(serverKey, data) {
+    this.store.set(serverKey, data);
+  }
+  async delete(serverKey) {
+    this.store.delete(serverKey);
+  }
+};
+var FileTokenStorage = class {
+  filePath;
+  constructor(filePath) {
+    this.filePath = filePath ?? path.join(
+      process.env.HOME ?? process.env.USERPROFILE ?? ".",
+      ".noumen",
+      "mcp-oauth-tokens.json"
+    );
+  }
+  async load(serverKey) {
+    const all = await this.readAll();
+    return all[serverKey];
+  }
+  async save(serverKey, data) {
+    const all = await this.readAll();
+    all[serverKey] = data;
+    await this.writeAll(all);
+  }
+  async delete(serverKey) {
+    const all = await this.readAll();
+    delete all[serverKey];
+    await this.writeAll(all);
+  }
+  async readAll() {
+    try {
+      const raw = await fs.readFile(this.filePath, "utf-8");
+      return JSON.parse(raw);
+    } catch {
+      return {};
+    }
+  }
+  async writeAll(data) {
+    await fs.mkdir(path.dirname(this.filePath), { recursive: true });
+    await fs.writeFile(this.filePath, JSON.stringify(data, null, 2), "utf-8");
+  }
+};
+
+// src/mcp/client.ts
+var DEFAULT_TOOL_TIMEOUT_MS = 6e4;
+var MAX_TEXT_RESULT_BYTES = 1024 * 1024;
+var McpClientManager = class {
+  connections = /* @__PURE__ */ new Map();
+  serverConfigs;
+  tokenStorage;
+  onAuthorizationUrl;
+  constructor(mcpServers, options) {
+    this.serverConfigs = mcpServers;
+    this.tokenStorage = options?.tokenStorage ?? new InMemoryTokenStorage();
+    this.onAuthorizationUrl = options?.onAuthorizationUrl;
+  }
+  async connect() {
+    const entries = Object.entries(this.serverConfigs);
+    const results = await Promise.allSettled(
+      entries.map(([name, config]) => this.connectToServer(name, config))
+    );
+    for (let i = 0; i < results.length; i++) {
+      const result = results[i];
+      const name = entries[i][0];
+      if (result.status === "rejected") {
+        this.connections.set(name, {
+          name,
+          client: null,
+          status: "failed",
+          config: entries[i][1],
+          cleanup: async () => {
+          }
+        });
+      }
+    }
+  }
+  async connectToServer(name, config) {
+    const client = new Client({ name: `noumen-${name}`, version: "0.1.0" });
+    let transport;
+    let cleanup;
+    const configType = "type" in config ? config.type : "stdio";
+    switch (configType) {
+      case "http": {
+        const httpConfig = config;
+        const url = new URL(httpConfig.url);
+        const authProvider = await this.resolveAuthProvider(name, httpConfig);
+        transport = new StreamableHTTPClientTransport(url, {
+          authProvider: authProvider ?? void 0,
+          requestInit: httpConfig.headers ? { headers: httpConfig.headers } : void 0
+        });
+        cleanup = async () => {
+          await transport.close();
+        };
+        break;
+      }
+      case "sse": {
+        const sseConfig = config;
+        const url = new URL(sseConfig.url);
+        const authProvider = await this.resolveAuthProvider(name, sseConfig);
+        transport = new SSEClientTransport(url, {
+          authProvider: authProvider ?? void 0,
+          requestInit: sseConfig.headers ? { headers: sseConfig.headers } : void 0
+        });
+        cleanup = async () => {
+          await transport.close();
+        };
+        break;
+      }
+      case "websocket": {
+        const wsConfig = config;
+        const url = new URL(wsConfig.url);
+        transport = new WebSocketClientTransport(url);
+        cleanup = async () => {
+          await transport.close();
+        };
+        break;
+      }
+      default: {
+        const stdioConfig = config;
+        transport = new StdioClientTransport({
+          command: stdioConfig.command,
+          args: stdioConfig.args,
+          env: stdioConfig.env ? { ...process.env, ...stdioConfig.env } : void 0
+        });
+        cleanup = async () => {
+          await transport.close();
+        };
+        break;
+      }
+    }
+    try {
+      await client.connect(transport);
+    } catch (err) {
+      if (err instanceof UnauthorizedError) {
+        this.connections.set(name, {
+          name,
+          client,
+          status: "needs-auth",
+          config,
+          cleanup
+        });
+        return;
+      }
+      throw err;
+    }
+    this.connections.set(name, {
+      name,
+      client,
+      status: "connected",
+      config,
+      cleanup
+    });
+  }
+  /**
+   * Resolve an OAuthClientProvider for an HTTP or SSE server config.
+   * Returns null if the server doesn't require authentication.
+   */
+  async resolveAuthProvider(serverName, config) {
+    if (config.authProvider) return config.authProvider;
+    if (!config.oauth) return null;
+    const oauth = config.oauth;
+    const serverKey = `${serverName}|${config.url}`;
+    const port = await findAvailablePort(oauth.callbackPort);
+    return new NoumenOAuthProvider(serverKey, {
+      storage: this.tokenStorage,
+      clientId: oauth.clientId,
+      clientSecret: oauth.clientSecret,
+      callbackPort: port,
+      onAuthorizationUrl: this.onAuthorizationUrl,
+      clientMetadata: {
+        redirect_uris: [`http://localhost:${port}/callback`],
+        client_name: `noumen-${serverName}`,
+        grant_types: ["authorization_code", "refresh_token"],
+        response_types: ["code"],
+        scope: oauth.scopes
+      }
+    });
+  }
+  async getTools() {
+    const tools = [];
+    for (const [serverName, conn] of this.connections) {
+      if (conn.status !== "connected" || !conn.client) continue;
+      try {
+        const result = await conn.client.listTools();
+        for (const mcpTool of result.tools) {
+          tools.push(this.mapMcpTool(serverName, mcpTool));
+        }
+      } catch {
+      }
+    }
+    return tools;
+  }
+  mapMcpTool(serverName, mcpTool) {
+    const qualifiedName = buildMcpToolName(serverName, mcpTool.name);
+    const parameters = mcpTool.inputSchema ?? {
+      type: "object",
+      properties: {}
+    };
+    const mcpInfo = {
+      serverName,
+      toolName: mcpTool.name
+    };
+    return {
+      name: qualifiedName,
+      description: mcpTool.description ?? "",
+      parameters,
+      mcpInfo,
+      call: async (args) => {
+        return this.callTool(serverName, mcpTool.name, args);
+      }
+    };
+  }
+  async callTool(serverName, toolName, args, options) {
+    const conn = this.connections.get(serverName);
+    if (!conn || conn.status !== "connected" || !conn.client) {
+      return {
+        content: `MCP server "${serverName}" is not connected`,
+        isError: true
+      };
+    }
+    try {
+      const timeoutMs = options?.timeoutMs ?? DEFAULT_TOOL_TIMEOUT_MS;
+      const abortController = new AbortController();
+      const timer = setTimeout(() => abortController.abort(), timeoutMs);
+      let result;
+      try {
+        result = await conn.client.callTool(
+          { name: toolName, arguments: args },
+          void 0,
+          { signal: abortController.signal }
+        );
+      } finally {
+        clearTimeout(timer);
+      }
+      const contentBlocks = result.content;
+      if (!contentBlocks) {
+        return { content: JSON.stringify(result), isError: result.isError === true };
+      }
+      const parts = [];
+      for (const block of contentBlocks) {
+        if (block.type === "text") {
+          parts.push({ type: "text", text: block.text ?? "" });
+        } else if (block.type === "image" && block.data) {
+          const imageBuffer = Buffer.from(block.data, "base64");
+          const ext = block.mimeType?.split("/")[1] || "png";
+          try {
+            const resized = await maybeResizeAndDownsampleImageBuffer(
+              imageBuffer,
+              imageBuffer.length,
+              ext
+            );
+            parts.push({
+              type: "image",
+              data: resized.buffer.toString("base64"),
+              media_type: `image/${resized.mediaType}`
+            });
+          } catch {
+            parts.push({
+              type: "image",
+              data: block.data,
+              media_type: block.mimeType ?? "image/png"
+            });
+          }
+        } else if (block.type === "resource" && block.blob) {
+          const isImage = block.mimeType?.startsWith("image/") ?? false;
+          if (isImage) {
+            const imageBuffer = Buffer.from(block.blob, "base64");
+            const ext = block.mimeType?.split("/")[1] || "png";
+            try {
+              const resized = await maybeResizeAndDownsampleImageBuffer(
+                imageBuffer,
+                imageBuffer.length,
+                ext
+              );
+              parts.push({
+                type: "image",
+                data: resized.buffer.toString("base64"),
+                media_type: `image/${resized.mediaType}`
+              });
+            } catch {
+              parts.push({
+                type: "image",
+                data: block.blob,
+                media_type: block.mimeType ?? "image/png"
+              });
+            }
+          } else {
+            parts.push({ type: "text", text: JSON.stringify(block) });
+          }
+        } else {
+          parts.push({ type: "text", text: JSON.stringify(block) });
+        }
+      }
+      if (parts.every((p) => p.type === "text")) {
+        let text = parts.map((p) => p.text).join("\n");
+        if (Buffer.byteLength(text, "utf-8") > MAX_TEXT_RESULT_BYTES) {
+          text = text.slice(0, MAX_TEXT_RESULT_BYTES) + "\n...[output truncated]";
+        }
+        return { content: text, isError: result.isError === true };
+      }
+      return { content: parts, isError: result.isError === true };
+    } catch (err) {
+      const isAbort = err instanceof DOMException && err.name === "AbortError";
+      const message = isAbort ? `MCP tool "${toolName}" on server "${serverName}" timed out` : err instanceof Error ? err.message : String(err);
+      return { content: message, isError: true };
+    }
+  }
+  getConnectionStatus() {
+    return Array.from(this.connections.values()).map((c) => ({
+      name: c.name,
+      status: c.status
+    }));
+  }
+  /**
+   * Returns server names that are in `needs-auth` status and require
+   * interactive OAuth before they can be used.
+   */
+  getServersNeedingAuth() {
+    return Array.from(this.connections.entries()).filter(([, conn]) => conn.status === "needs-auth").map(([name]) => name);
+  }
+  /**
+   * Reconnect a server by closing its existing connection and
+   * establishing a new one. Useful after completing OAuth.
+   */
+  async reconnect(serverName) {
+    const conn = this.connections.get(serverName);
+    if (conn) {
+      await conn.cleanup().catch(() => {
+      });
+      this.connections.delete(serverName);
+    }
+    const config = this.serverConfigs[serverName];
+    if (!config) return;
+    try {
+      await this.connectToServer(serverName, config);
+    } catch {
+      this.connections.set(serverName, {
+        name: serverName,
+        client: null,
+        status: "failed",
+        config,
+        cleanup: async () => {
+        }
+      });
+    }
+  }
+  /**
+   * Trigger interactive OAuth for a `needs-auth` server, then reconnect.
+   * Runs the full MCP SDK auth orchestrator with a local callback server.
+   *
+   * Returns the authorization URL if the flow requires user interaction,
+   * or null if the server connected without browser auth (e.g. cached tokens).
+   */
+  async performAuth(serverName, options) {
+    const config = this.serverConfigs[serverName];
+    if (!config) {
+      throw new Error(`Unknown MCP server: ${serverName}`);
+    }
+    const configType = "type" in config ? config.type : "stdio";
+    if (configType !== "http" && configType !== "sse") {
+      throw new Error(
+        `OAuth is only supported for HTTP and SSE transports, got: ${configType}`
+      );
+    }
+    const httpConfig = config;
+    if (!httpConfig.oauth && !httpConfig.authProvider) {
+      throw new Error(
+        `Server "${serverName}" has no OAuth configuration`
+      );
+    }
+    let capturedAuthUrl;
+    const originalCallback = this.onAuthorizationUrl;
+    this.onAuthorizationUrl = async (url) => {
+      capturedAuthUrl = url;
+      if (originalCallback) await originalCallback(url);
+    };
+    try {
+      await this.reconnect(serverName);
+    } finally {
+      this.onAuthorizationUrl = originalCallback;
+    }
+    return { authUrl: capturedAuthUrl };
+  }
+  async close() {
+    const cleanups = Array.from(this.connections.values()).map(
+      (c) => c.cleanup().catch(() => {
+      })
+    );
+    await Promise.all(cleanups);
+    this.connections.clear();
+  }
+};
+
+export {
+  NoumenOAuthProvider,
+  findAvailablePort,
+  OAuthCallbackServer,
+  InMemoryTokenStorage,
+  FileTokenStorage,
+  McpClientManager
+};
+//# sourceMappingURL=chunk-Y45R3PQL.js.map