palaryn 0.3.0 → 0.3.2

package/src/auth/routes.ts

@@ -378,6 +378,46 @@ export function createAuthRouter(deps: AuthRouteDeps): Router {
     });
   });
 
+  // ---------------------------------------------------------------------------
+  // PUT /auth/password — change password for current user (or admin sets for another user by email)
+  // ---------------------------------------------------------------------------
+  router.put('/password', async (req: Request, res: Response) => {
+    const sessionUser = (req as any).sessionUser;
+    if (!sessionUser) {
+      res.status(401).json({ error: 'Not authenticated' });
+      return;
+    }
+
+    const { new_password, email } = req.body || {};
+    if (!new_password || new_password.length < 6) {
+      res.status(400).json({ error: 'new_password must be at least 6 characters' });
+      return;
+    }
+
+    // If email is provided and differs from session user, check admin
+    let targetUser = sessionUser;
+    if (email && email !== sessionUser.email) {
+      // Only workspace owners can reset other users' passwords
+      const memberships = workspaceMemberStore.getByUser(sessionUser.id);
+      const isOwner = memberships.some(m => m.role === 'owner');
+      if (!isOwner) {
+        res.status(403).json({ error: 'Only workspace owners can reset other users passwords' });
+        return;
+      }
+      const found = userStore.getByEmail(email);
+      if (!found) {
+        res.status(404).json({ error: 'User not found' });
+        return;
+      }
+      targetUser = found;
+    }
+
+    const newHash = await hashPassword(new_password);
+    userStore.update(targetUser.id, { password_hash: newHash, updated_at: new Date().toISOString() });
+
+    res.json({ ok: true, email: targetUser.email });
+  });
+
   // ---------------------------------------------------------------------------
   // DELETE /auth/users/:id — delete a user and all related data (self only)
   // ---------------------------------------------------------------------------

package/src/executor/http-executor.ts

@@ -7,6 +7,7 @@ import { ToolCall } from '../types/tool-call';
 import { ToolOutput } from '../types/tool-result';
 import { ExecutorConfig } from '../types/config';
 import { ToolExecutor } from './interfaces';
+import { internalAuthTokens } from '../mcp/internal-auth';
 
 /** Maximum response body size in bytes (10 MB) */
 const MAX_RESPONSE_BODY_BYTES = 10 * 1024 * 1024;
@@ -111,15 +112,33 @@ export class HttpExecutor implements ToolExecutor {
 
   // Execute an HTTP request based on ToolCall args
   async execute(toolCall: ToolCall): Promise<ToolOutput> {
-    const { method = 'GET', url, headers = {}, body } = toolCall.args;
+    const { method = 'GET', url, body } = toolCall.args;
+    const headers: Record<string, string> = (toolCall.args.headers as Record<string, string>) || {};
 
     if (!url || typeof url !== 'string') {
       throw new Error('Missing or invalid URL in tool call args');
     }
 
+    // Check for internal auth (self-referencing gateway request via MCP)
+    const internalAuth = internalAuthTokens.get(toolCall.tool_call_id);
+    let skipSsrf = false;
+    if (internalAuth) {
+      internalAuthTokens.delete(toolCall.tool_call_id);
+      if (url.startsWith(internalAuth.gateway_base_url)) {
+        // Inject Bearer token unless the user already set an Authorization header
+        const hasAuth = headers && Object.keys(headers).some(
+          k => k.toLowerCase() === 'authorization',
+        );
+        if (!hasAuth) {
+          headers['Authorization'] = `Bearer ${internalAuth.token}`;
+        }
+        skipSsrf = true;
+      }
+    }
+
     // SSRF protection: block requests to private/internal IPs and pin DNS
     let pinnedIP: string | undefined;
-    if (this.ssrfProtectionEnabled) {
+    if (this.ssrfProtectionEnabled && !skipSsrf) {
       const parsedUrl = new URL(url);
       pinnedIP = await validateResolvedIP(parsedUrl.hostname);
     }

package/src/mcp/http-transport.ts

@@ -6,6 +6,7 @@ import { z } from 'zod';
 import { Gateway } from '../server/gateway';
 import { ToolCall, ToolCallArgs, ToolInfo } from '../types/tool-call';
 import { ToolResult } from '../types/tool-result';
+import { internalAuthTokens } from './internal-auth';
 
 // ---------------------------------------------------------------------------
 // Configuration
@@ -14,15 +15,19 @@ import { ToolResult } from '../types/tool-result';
 export interface MCPHttpConfig {
   /** Platform identifier (default: 'mcp_http') */
   platform?: string;
+  /** Gateway's own base URL — when set, self-referencing requests get the OAuth token injected */
+  gateway_base_url?: string;
 }
 
 interface ResolvedMCPHttpConfig {
   platform: string;
+  gateway_base_url?: string;
 }
 
 function resolveConfig(config?: MCPHttpConfig): ResolvedMCPHttpConfig {
   return {
     platform: config?.platform || 'mcp_http',
+    gateway_base_url: config?.gateway_base_url,
   };
 }
 
@@ -34,6 +39,8 @@ interface IdentityOverride {
   workspace_id: string;
   actor_id: string;
   api_key_tags?: string[];
+  /** Raw OAuth access token — used for self-referencing gateway requests */
+  token?: string;
 }
 
 /**
@@ -68,7 +75,8 @@ function resolveIdentity(extra?: { authInfo?: unknown }): IdentityOverride | und
   }
 
   if (typeof wsId === 'string' && wsId && typeof actorId === 'string' && actorId) {
-    return { workspace_id: wsId, actor_id: actorId, api_key_tags: apiKeyTags };
+    const token = typeof authInfo.token === 'string' ? authInfo.token : undefined;
+    return { workspace_id: wsId, actor_id: actorId, api_key_tags: apiKeyTags, token };
   }
   return undefined;
 }
@@ -160,6 +168,21 @@ function buildToolCall(
   return toolCall;
 }
 
+/** Store internal auth token for self-referencing gateway requests. */
+function setInternalAuth(
+  config: ResolvedMCPHttpConfig,
+  identity: IdentityOverride,
+  toolCall: ToolCall,
+  targetUrl: string,
+): void {
+  if (config.gateway_base_url && identity.token && targetUrl.startsWith(config.gateway_base_url)) {
+    internalAuthTokens.set(toolCall.tool_call_id, {
+      token: identity.token,
+      gateway_base_url: config.gateway_base_url,
+    });
+  }
+}
+
 function formatResult(result: ToolResult): { content: Array<{ type: 'text'; text: string }>; isError?: boolean } {
   const isError = result.status === 'error' || result.status === 'blocked';
 
@@ -393,6 +416,7 @@ function createMCPServerInstance(gateway: Gateway, config: ResolvedMCPHttpConfig
         context,
         identity,
       });
+      setInternalAuth(config, identity, toolCall, a.url as string);
       return formatResult(await executeWithApprovalPolling(gateway, toolCall));
     },
   );
@@ -435,6 +459,7 @@ function createMCPServerInstance(gateway: Gateway, config: ResolvedMCPHttpConfig
         context,
         identity,
       });
+      setInternalAuth(config, identity, toolCall, a.url as string);
       return formatResult(await executeWithApprovalPolling(gateway, toolCall));
     },
   );
@@ -479,6 +504,7 @@ function createMCPServerInstance(gateway: Gateway, config: ResolvedMCPHttpConfig
         context,
         identity,
       });
+      setInternalAuth(config, identity, toolCall, a.url as string);
       return formatResult(await executeWithApprovalPolling(gateway, toolCall));
     },
   );

package/src/mcp/internal-auth.ts

@@ -0,0 +1,14 @@
+/**
+ * Side-channel for passing MCP OAuth tokens to the HttpExecutor without
+ * polluting ToolCall.args (which would trigger DLP and leak into audit logs).
+ *
+ * Keyed by `tool_call_id` — the MCP handler sets an entry before gateway.execute(),
+ * and the HttpExecutor consumes (and deletes) it during request execution.
+ */
+
+export interface InternalAuthEntry {
+  token: string;
+  gateway_base_url: string;
+}
+
+export const internalAuthTokens = new Map<string, InternalAuthEntry>();

package/src/saas/routes.ts

@@ -1149,19 +1149,34 @@ Output: {"name":"approve-slack-writes","description":"Require approval for write
       const controller = new AbortController();
       const timeout = setTimeout(() => controller.abort(), 15000);
 
-      const llmRes = await fetch('https://api.anthropic.com/v1/messages', {
+      // Detect provider from API key prefix
+      const isOpenAI = apiKey.startsWith('sk-proj-') || apiKey.startsWith('sk-');
+      const llmUrl = isOpenAI
+        ? 'https://api.openai.com/v1/chat/completions'
+        : 'https://api.anthropic.com/v1/messages';
+      const llmHeaders: Record<string, string> = isOpenAI
+        ? { 'Content-Type': 'application/json', 'Authorization': `Bearer ${apiKey}` }
+        : { 'Content-Type': 'application/json', 'x-api-key': apiKey, 'anthropic-version': '2023-06-01' };
+      const llmBody = isOpenAI
+        ? JSON.stringify({
+            model: 'gpt-4.1-mini',
+            max_tokens: 1024,
+            messages: [
+              { role: 'system', content: systemPrompt },
+              { role: 'user', content: trimmed },
+            ],
+          })
+        : JSON.stringify({
+            model: 'claude-sonnet-4-5-20241022',
+            max_tokens: 1024,
+            system: systemPrompt,
+            messages: [{ role: 'user', content: trimmed }],
+          });
+
+      const llmRes = await fetch(llmUrl, {
         method: 'POST',
-        headers: {
-          'Content-Type': 'application/json',
-          'x-api-key': apiKey,
-          'anthropic-version': '2023-06-01',
-        },
-        body: JSON.stringify({
-          model: 'claude-sonnet-4-5-20250929',
-          max_tokens: 1024,
-          system: systemPrompt,
-          messages: [{ role: 'user', content: trimmed }],
-        }),
+        headers: llmHeaders,
+        body: llmBody,
         signal: controller.signal,
       });
 
@@ -1174,8 +1189,10 @@ Output: {"name":"approve-slack-writes","description":"Require approval for write
         return;
       }
 
-      const llmData = await llmRes.json() as { content: { type: string; text: string }[] };
-      const text = llmData.content?.[0]?.text || '';
+      const llmData = await llmRes.json() as any;
+      const text = isOpenAI
+        ? (llmData.choices?.[0]?.message?.content || '')
+        : (llmData.content?.[0]?.text || '');
 
       // Strip markdown code fences if present
       const cleaned = text.replace(/^```(?:json)?\s*/i, '').replace(/\s*```\s*$/i, '').trim();
@@ -1621,7 +1638,7 @@ Output: {"name":"approve-slack-writes","description":"Require approval for write
       return;
     }
 
-    const report = detector.getBaselineReport();
+    const report = detector.getBaselineReport(workspaceId);
     res.json(report);
   });
 

package/src/server/app.ts

@@ -843,7 +843,11 @@ export function createApp(config: GatewayConfig, externalSaaSStores?: Partial<Sa
   // MCP HTTP transport with OAuth 2.0 support.
   // When mcp_oauth is enabled, uses the MCP SDK's OAuth router + bearer auth.
   // When disabled, falls back to existing auth middleware + RBAC.
-  const mcpHandler = createMCPHttpHandler(gateway);
+  const mcpBaseUrl = config.mcp_oauth?.base_url
+    || (isProduction ? 'https://app.palaryn.com' : `http://localhost:${config.port}`);
+  const mcpHandler = createMCPHttpHandler(gateway, {
+    gateway_base_url: config.mcp_oauth?.enabled ? mcpBaseUrl : undefined,
+  });
 
   if (config.mcp_oauth?.enabled) {
     // Create OAuth stores — prefer Postgres-backed stores when available