palaryn 0.1.0 → 0.3.2

package/src/interceptor/provider-interceptor.ts

@@ -0,0 +1,315 @@
+import { ProviderInterceptConfig } from '../types/config';
+
+export interface ProviderToolBlock {
+  provider: 'claude' | 'openai' | 'gemini' | 'unknown';
+  tool_name: string;
+  tool_type: string;
+  inputs: Record<string, unknown>;
+  outputs?: unknown;
+  block_index: number;
+}
+
+type Provider = ProviderToolBlock['provider'];
+
+const DEFAULT_URL_PATTERNS = [
+  'api\\.anthropic\\.com',
+  'api\\.openai\\.com',
+  'generativelanguage\\.googleapis\\.com',
+];
+
+const CLAUDE_TOOL_TYPES: Record<string, string> = {
+  computer_20241022: 'computer_use',
+  str_replace_editor: 'text_editor',
+  bash_20241022: 'bash',
+};
+
+const OPENAI_TOOL_TYPES = new Set([
+  'code_interpreter',
+  'file_search',
+  'web_search',
+]);
+
+const GEMINI_TOOL_TYPES = new Set([
+  'code_execution',
+  'google_search',
+]);
+
+export class ProviderInterceptor {
+  private urlPatterns: RegExp[];
+  private scanInputs: boolean;
+  private scanOutputs: boolean;
+
+  constructor(config: ProviderInterceptConfig) {
+    const patterns = config.provider_url_patterns?.length
+      ? config.provider_url_patterns
+      : DEFAULT_URL_PATTERNS;
+    this.urlPatterns = patterns.map((p) => new RegExp(p));
+    this.scanInputs = config.scan_inputs;
+    this.scanOutputs = config.scan_outputs;
+  }
+
+  /** Check if a URL matches any provider pattern */
+  matchesProvider(url: string): boolean {
+    return this.urlPatterns.some((re) => re.test(url));
+  }
+
+  /** Detect which provider a URL belongs to */
+  detectProvider(url: string): Provider {
+    if (/api\.anthropic\.com/.test(url)) return 'claude';
+    if (/api\.openai\.com/.test(url)) return 'openai';
+    if (/generativelanguage\.googleapis\.com/.test(url)) return 'gemini';
+    return 'unknown';
+  }
+
+  /** Extract tool blocks from a request body (pre-execution) */
+  extractFromRequest(body: unknown, provider: string): ProviderToolBlock[] {
+    if (!this.scanInputs || !body || typeof body !== 'object') return [];
+    try {
+      switch (provider) {
+        case 'claude': return this.extractClaudeRequest(body);
+        case 'openai': return this.extractOpenAIRequest(body);
+        case 'gemini': return this.extractGeminiRequest(body);
+        default: return [];
+      }
+    } catch {
+      return [];
+    }
+  }
+
+  /** Extract tool blocks from a response body (post-execution) */
+  extractFromResponse(body: unknown, provider: string): ProviderToolBlock[] {
+    if (!this.scanOutputs || !body || typeof body !== 'object') return [];
+    try {
+      switch (provider) {
+        case 'claude': return this.extractClaudeResponse(body);
+        case 'openai': return this.extractOpenAIResponse(body);
+        case 'gemini': return this.extractGeminiResponse(body);
+        default: return [];
+      }
+    } catch {
+      return [];
+    }
+  }
+
+  /** Get all inputs as a flat object for DLP scanning */
+  flattenInputsForDLP(blocks: ProviderToolBlock[]): Record<string, unknown> {
+    const result: Record<string, unknown> = {};
+    for (const block of blocks) {
+      for (const [key, value] of Object.entries(block.inputs)) {
+        result[`${block.tool_name}.${key}`] = value;
+      }
+    }
+    return result;
+  }
+
+  /** Get all outputs as a flat object for DLP scanning */
+  flattenOutputsForDLP(blocks: ProviderToolBlock[]): Record<string, unknown> {
+    const result: Record<string, unknown> = {};
+    for (const block of blocks) {
+      if (block.outputs !== undefined) {
+        result[`${block.tool_name}.output`] = block.outputs;
+      }
+    }
+    return result;
+  }
+
+  // --- Claude extraction ---
+
+  private extractClaudeRequest(body: unknown): ProviderToolBlock[] {
+    const blocks: ProviderToolBlock[] = [];
+    const messages = getArray(body, 'messages');
+    let index = 0;
+    for (const msg of messages) {
+      const content = getArray(msg, 'content');
+      for (const part of content) {
+        if (!isObject(part)) continue;
+        const type = getString(part, 'type');
+        if (type === 'tool_use') {
+          const name = getString(part, 'name') || 'unknown';
+          blocks.push({
+            provider: 'claude',
+            tool_name: name,
+            tool_type: resolveClaudeToolType(name),
+            inputs: isObject(part.input) ? part.input as Record<string, unknown> : {},
+            block_index: index++,
+          });
+        } else if (type === 'tool_result') {
+          const toolUseId = getString(part, 'tool_use_id') || 'unknown';
+          blocks.push({
+            provider: 'claude',
+            tool_name: `tool_result:${toolUseId}`,
+            tool_type: 'tool_result',
+            inputs: {},
+            outputs: part.content,
+            block_index: index++,
+          });
+        }
+      }
+    }
+    return blocks;
+  }
+
+  private extractClaudeResponse(body: unknown): ProviderToolBlock[] {
+    const blocks: ProviderToolBlock[] = [];
+    const content = getArray(body, 'content');
+    let index = 0;
+    for (const part of content) {
+      if (!isObject(part)) continue;
+      if (getString(part, 'type') === 'tool_use') {
+        const name = getString(part, 'name') || 'unknown';
+        blocks.push({
+          provider: 'claude',
+          tool_name: name,
+          tool_type: resolveClaudeToolType(name),
+          inputs: isObject(part.input) ? part.input as Record<string, unknown> : {},
+          block_index: index++,
+        });
+      }
+    }
+    return blocks;
+  }
+
+  // --- OpenAI extraction ---
+
+  private extractOpenAIRequest(body: unknown): ProviderToolBlock[] {
+    const blocks: ProviderToolBlock[] = [];
+    const messages = getArray(body, 'messages');
+    let index = 0;
+    for (const msg of messages) {
+      const toolCalls = getArray(msg, 'tool_calls');
+      for (const tc of toolCalls) {
+        if (!isObject(tc)) continue;
+        const fn = isObject(tc.function) ? tc.function as Record<string, unknown> : null;
+        if (!fn) continue;
+        const name = getString(fn, 'name') || 'unknown';
+        const args = parseJsonString(getString(fn, 'arguments'));
+        blocks.push({
+          provider: 'openai',
+          tool_name: name,
+          tool_type: resolveOpenAIToolType(name),
+          inputs: args,
+          block_index: index++,
+        });
+      }
+    }
+    return blocks;
+  }
+
+  private extractOpenAIResponse(body: unknown): ProviderToolBlock[] {
+    const blocks: ProviderToolBlock[] = [];
+    const choices = getArray(body, 'choices');
+    let index = 0;
+    for (const choice of choices) {
+      if (!isObject(choice)) continue;
+      const message = isObject(choice.message) ? choice.message as Record<string, unknown> : null;
+      if (!message) continue;
+      const toolCalls = getArray(message, 'tool_calls');
+      for (const tc of toolCalls) {
+        if (!isObject(tc)) continue;
+        const fn = isObject(tc.function) ? tc.function as Record<string, unknown> : null;
+        if (!fn) continue;
+        const name = getString(fn, 'name') || 'unknown';
+        const args = parseJsonString(getString(fn, 'arguments'));
+        blocks.push({
+          provider: 'openai',
+          tool_name: name,
+          tool_type: resolveOpenAIToolType(name),
+          inputs: args,
+          block_index: index++,
+        });
+      }
+    }
+    return blocks;
+  }
+
+  // --- Gemini extraction ---
+
+  private extractGeminiRequest(body: unknown): ProviderToolBlock[] {
+    const blocks: ProviderToolBlock[] = [];
+    const contents = getArray(body, 'contents');
+    let index = 0;
+    for (const content of contents) {
+      if (!isObject(content)) continue;
+      const parts = getArray(content, 'parts');
+      for (const part of parts) {
+        if (!isObject(part)) continue;
+        const fc = isObject(part.functionCall) ? part.functionCall as Record<string, unknown> : null;
+        if (!fc) continue;
+        const name = getString(fc, 'name') || 'unknown';
+        blocks.push({
+          provider: 'gemini',
+          tool_name: name,
+          tool_type: resolveGeminiToolType(name),
+          inputs: isObject(fc.args) ? fc.args as Record<string, unknown> : {},
+          block_index: index++,
+        });
+      }
+    }
+    return blocks;
+  }
+
+  private extractGeminiResponse(body: unknown): ProviderToolBlock[] {
+    const blocks: ProviderToolBlock[] = [];
+    const candidates = getArray(body, 'candidates');
+    let index = 0;
+    for (const candidate of candidates) {
+      if (!isObject(candidate)) continue;
+      const content = isObject(candidate.content) ? candidate.content as Record<string, unknown> : null;
+      if (!content) continue;
+      const parts = getArray(content, 'parts');
+      for (const part of parts) {
+        if (!isObject(part)) continue;
+        const fc = isObject(part.functionCall) ? part.functionCall as Record<string, unknown> : null;
+        if (!fc) continue;
+        const name = getString(fc, 'name') || 'unknown';
+        blocks.push({
+          provider: 'gemini',
+          tool_name: name,
+          tool_type: resolveGeminiToolType(name),
+          inputs: isObject(fc.args) ? fc.args as Record<string, unknown> : {},
+          block_index: index++,
+        });
+      }
+    }
+    return blocks;
+  }
+}
+
+// --- Helpers ---
+
+function isObject(val: unknown): val is Record<string, unknown> {
+  return val !== null && typeof val === 'object' && !Array.isArray(val);
+}
+
+function getArray(obj: unknown, key: string): unknown[] {
+  if (!isObject(obj)) return [];
+  const val = obj[key];
+  return Array.isArray(val) ? val : [];
+}
+
+function getString(obj: Record<string, unknown>, key: string): string {
+  const val = obj[key];
+  return typeof val === 'string' ? val : '';
+}
+
+function parseJsonString(str: string): Record<string, unknown> {
+  if (!str) return {};
+  try {
+    const parsed = JSON.parse(str);
+    return isObject(parsed) ? parsed : {};
+  } catch {
+    return {};
+  }
+}
+
+function resolveClaudeToolType(name: string): string {
+  return CLAUDE_TOOL_TYPES[name] || 'function';
+}
+
+function resolveOpenAIToolType(name: string): string {
+  return OPENAI_TOOL_TYPES.has(name) ? name : 'function';
+}
+
+function resolveGeminiToolType(name: string): string {
+  return GEMINI_TOOL_TYPES.has(name) ? name : 'function';
+}

package/src/mcp/auth-verifier.ts

@@ -0,0 +1,152 @@
+/**
+ * Hybrid OAuth Token Verifier for MCP bearer auth.
+ *
+ * Implements OAuthTokenVerifier from the MCP SDK. Tries OAuth token
+ * verification first, then falls back to API key lookup (config keys +
+ * SaaS user keys). This preserves backward compatibility so that existing
+ * `--header "Authorization: Bearer <api-key>"` usage still works.
+ */
+import * as crypto from 'crypto';
+import { OAuthTokenVerifier } from '@modelcontextprotocol/sdk/server/auth/provider.js';
+import { AuthInfo } from '@modelcontextprotocol/sdk/server/auth/types.js';
+import { InvalidTokenError } from '@modelcontextprotocol/sdk/server/auth/errors.js';
+import { AuthConfig } from '../types/config';
+import { UserApiKeyStore } from '../storage/interfaces';
+import { resolvePermissions } from '../middleware/auth';
+import { PalarynOAuthProvider } from './oauth-provider';
+
+export interface HybridVerifierDeps {
+  oauthProvider?: PalarynOAuthProvider;
+  authConfig: AuthConfig;
+  userApiKeyStore?: UserApiKeyStore;
+}
+
+export class HybridTokenVerifier implements OAuthTokenVerifier {
+  private oauthProvider?: PalarynOAuthProvider;
+  private authConfig: AuthConfig;
+  private userApiKeyStore?: UserApiKeyStore;
+
+  constructor(deps: HybridVerifierDeps) {
+    this.oauthProvider = deps.oauthProvider;
+    this.authConfig = deps.authConfig;
+    this.userApiKeyStore = deps.userApiKeyStore;
+  }
+
+  /**
+   * Constant-time API key lookup. Iterates all configured keys and uses
+   * crypto.timingSafeEqual to prevent timing-based side-channel attacks.
+   */
+  private constantTimeLookup(token: string): string | undefined {
+    const tokenHash = crypto.createHash('sha256').update(token).digest();
+    let matched: string | undefined;
+
+    for (const key of Object.keys(this.authConfig.api_keys)) {
+      const keyHash = crypto.createHash('sha256').update(key).digest();
+      if (crypto.timingSafeEqual(tokenHash, keyHash)) {
+        matched = key;
+      }
+    }
+
+    return matched;
+  }
+
+  async verifyAccessToken(token: string): Promise<AuthInfo> {
+    // 1. Try OAuth token first (if provider is configured)
+    if (this.oauthProvider) {
+      try {
+        return await this.oauthProvider.verifyAccessToken(token);
+      } catch {
+        // Not an OAuth token — fall through to API key
+      }
+    }
+
+    // 2. Try config API keys (constant-time comparison to prevent timing attacks)
+    if (this.authConfig.enabled) {
+      const matchedKey = this.constantTimeLookup(token);
+      const keyConfig = matchedKey ? this.authConfig.api_keys[matchedKey] : undefined;
+      if (keyConfig && !keyConfig.revoked) {
+        if (keyConfig.expires_at) {
+          const expiresAt = new Date(keyConfig.expires_at);
+          if (expiresAt.getTime() <= Date.now()) {
+            throw new InvalidTokenError('API key has expired');
+          }
+        }
+
+        // Fire-and-forget: update last_used_at
+        keyConfig.last_used_at = new Date().toISOString();
+
+        const roles = keyConfig.roles || [];
+        const permissions = resolvePermissions(roles, this.authConfig.rbac);
+
+        return {
+          token,
+          clientId: 'api_key',
+          scopes: ['mcp:tools'],
+          expiresAt: keyConfig.expires_at
+            ? Math.floor(new Date(keyConfig.expires_at).getTime() / 1000)
+            : Math.floor(Date.now() / 1000) + 86400, // default: 24h from now
+          extra: {
+            workspace_id: keyConfig.workspace_id,
+            actor_id: `apikey:${crypto.createHash('sha256').update(token).digest('hex').slice(0, 12)}`,
+            roles,
+            permissions,
+            auth_method: 'api_key',
+          },
+        };
+      }
+    }
+
+    // 3. Try SaaS-generated API keys (UserApiKeyStore, supports salted + unsalted)
+    if (this.userApiKeyStore) {
+      let saasKey: ReturnType<typeof this.userApiKeyStore.getByKeyHash>;
+      if (this.userApiKeyStore.verifyToken) {
+        saasKey = this.userApiKeyStore.verifyToken(token);
+      } else {
+        const keyHash = crypto.createHash('sha256').update(token).digest('hex');
+        saasKey = this.userApiKeyStore.getByKeyHash(keyHash);
+      }
+      if (saasKey && !saasKey.revoked) {
+        // Fire-and-forget: update last_used_at
+        this.userApiKeyStore.update(saasKey.id, { last_used_at: new Date().toISOString() });
+
+        const roles = saasKey.roles || [];
+        const permissions = resolvePermissions(roles, this.authConfig.rbac);
+
+        return {
+          token,
+          clientId: 'api_key',
+          scopes: ['mcp:tools'],
+          expiresAt: Math.floor(Date.now() / 1000) + 86400, // 24h
+          extra: {
+            workspace_id: saasKey.workspace_id,
+            actor_id: `apikey:${crypto.createHash('sha256').update(token).digest('hex').slice(0, 12)}`,
+            user_id: saasKey.user_id,
+            roles,
+            permissions,
+            auth_method: 'api_key',
+            api_key_tags: saasKey.tags && saasKey.tags.length > 0 ? saasKey.tags : undefined,
+          },
+        };
+      }
+    }
+
+    // 4. Auth disabled — anonymous access
+    if (!this.authConfig.enabled) {
+      return {
+        token,
+        clientId: 'anonymous',
+        scopes: ['mcp:tools'],
+        expiresAt: Math.floor(Date.now() / 1000) + 86400,
+        extra: {
+          workspace_id: 'ws_default',
+          actor_id: 'anonymous',
+          roles: [],
+          permissions: [],
+          auth_method: 'none',
+        },
+      };
+    }
+
+    throw new InvalidTokenError('Invalid access token');
+  }
+}