ssh-mcp-pro 1.0.0

package/dist/mcp.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcp.d.ts","sourceRoot":"","sources":["../src/mcp.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,+CAA+C,CAAC;AAS/E,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AASnD,eAAO,MAAM,cAAc,UAAU,CAAC;AACtC,eAAO,MAAM,WAAW,qCAAqC,CAAC;AA4C9D,qBAAa,YAAY;IAKX,OAAO,CAAC,QAAQ,CAAC,SAAS;IAJtC,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAS;IAChC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAwC;IACjE,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAc;gBAEb,SAAS,EAAE,YAAY;IAqBpD,OAAO,CAAC,aAAa;IA2HrB,OAAO,CAAC,kBAAkB;IAQpB,GAAG,IAAI,OAAO,CAAC,IAAI,CAAC;IAKpB,OAAO,CAAC,SAAS,EAAE,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC;CAInD"}

package/dist/mcp.js

@@ -0,0 +1,159 @@
+import { Server } from "@modelcontextprotocol/sdk/server/index.js";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+import { CallToolRequestSchema, GetPromptRequestSchema, ListResourcesRequestSchema, ListPromptsRequestSchema, ReadResourceRequestSchema, ListToolsRequestSchema, } from "@modelcontextprotocol/sdk/types.js";
+import { logger } from "./logging.js";
+import { listResources, readResource } from "./resources.js";
+import { getMCPPrompt, listMCPPrompts } from "./prompts.js";
+import { withSpan } from "./telemetry.js";
+import { createToolRegistry } from "./tools/index.js";
+export const SERVER_VERSION = "1.0.0"; // x-release-please-version
+export const SERVER_NAME = "io.github.oaslananka/ssh-mcp-pro";
+function getSessionIdFromArgs(args) {
+    if (typeof args !== "object" || args === null || Array.isArray(args)) {
+        return undefined;
+    }
+    const sessionId = args.sessionId;
+    if (typeof sessionId !== "string" || sessionId.length === 0) {
+        return undefined;
+    }
+    return sessionId;
+}
+function rateLimitErrorResult(toolName, rateCheck, scope, sessionId) {
+    const payload = {
+        error: true,
+        code: "ERATELIMIT",
+        message: scope === "session" && sessionId
+            ? `Rate limit exceeded for session ${sessionId} while calling tool: ${toolName}`
+            : `Rate limit exceeded for tool: ${toolName}`,
+        resetIn: rateCheck.resetIn,
+        scope,
+        ...(sessionId ? { sessionId } : {}),
+    };
+    return {
+        content: [
+            {
+                type: "text",
+                text: JSON.stringify(payload, null, 2),
+            },
+        ],
+        isError: true,
+    };
+}
+export class SSHMCPServer {
+    container;
+    server;
+    registry;
+    toolProfile;
+    constructor(container) {
+        this.container = container;
+        this.toolProfile = container.config.get("connector").toolProfile;
+        this.server = new Server({
+            name: SERVER_NAME,
+            version: SERVER_VERSION,
+        }, {
+            capabilities: {
+                tools: {},
+                resources: {},
+                prompts: {},
+            },
+        });
+        this.registry = createToolRegistry(container);
+        this.setupHandlers();
+        this.setupErrorHandling();
+    }
+    setupHandlers() {
+        this.server.setRequestHandler(ListResourcesRequestSchema, async () => withSpan("mcp.list_resources", async (span) => {
+            span.setAttribute("mcp.request.kind", "list_resources");
+            span.setAttribute("mcp.tool_profile", this.toolProfile);
+            return listResources(this.toolProfile);
+        }, {
+            attributes: {
+                "mcp.request.kind": "list_resources",
+            },
+        }));
+        this.server.setRequestHandler(ReadResourceRequestSchema, async (request) => withSpan("mcp.read_resource", async (span) => {
+            span.setAttribute("mcp.request.kind", "read_resource");
+            span.setAttribute("mcp.resource.uri", request.params.uri);
+            span.setAttribute("mcp.tool_profile", this.toolProfile);
+            return readResource(request.params.uri, this.container, this.toolProfile);
+        }, {
+            attributes: {
+                "mcp.request.kind": "read_resource",
+                "mcp.resource.uri": request.params.uri,
+            },
+        }));
+        this.server.setRequestHandler(ListPromptsRequestSchema, async () => withSpan("mcp.list_prompts", async (span) => {
+            span.setAttribute("mcp.request.kind", "list_prompts");
+            span.setAttribute("mcp.tool_profile", this.toolProfile);
+            return listMCPPrompts(this.toolProfile);
+        }, {
+            attributes: {
+                "mcp.request.kind": "list_prompts",
+            },
+        }));
+        this.server.setRequestHandler(GetPromptRequestSchema, async (request) => withSpan("mcp.get_prompt", async (span) => {
+            span.setAttribute("mcp.request.kind", "get_prompt");
+            span.setAttribute("mcp.prompt.name", request.params.name);
+            span.setAttribute("mcp.tool_profile", this.toolProfile);
+            return getMCPPrompt(request.params.name, request.params.arguments ?? {}, this.toolProfile);
+        }, {
+            attributes: {
+                "mcp.request.kind": "get_prompt",
+                "mcp.prompt.name": request.params.name,
+            },
+        }));
+        this.server.setRequestHandler(ListToolsRequestSchema, async () => ({
+            tools: this.registry.getAllTools(),
+        }));
+        this.server.setRequestHandler(CallToolRequestSchema, async (request) => withSpan("mcp.call_tool", async (span) => {
+            const { name, arguments: args } = request.params;
+            span.setAttribute("mcp.request.kind", "call_tool");
+            span.setAttribute("mcp.tool.name", name);
+            const rateLimit = this.container.config.get("rateLimit");
+            if (rateLimit.enabled) {
+                const rateCheck = this.container.rateLimiter.check("global");
+                if (!rateCheck.allowed) {
+                    span.setAttribute("mcp.rate_limited", true);
+                    span.setAttribute("mcp.rate_limit.scope", "global");
+                    return rateLimitErrorResult(name, rateCheck, "global");
+                }
+                const sessionId = getSessionIdFromArgs(args);
+                if (sessionId && rateLimit.perSession.enabled) {
+                    const sessionCheck = this.container.rateLimiter.check(`session:${sessionId}`, {
+                        maxRequests: rateLimit.perSession.maxRequests,
+                        windowMs: rateLimit.perSession.windowMs,
+                    });
+                    if (!sessionCheck.allowed) {
+                        span.setAttribute("mcp.rate_limited", true);
+                        span.setAttribute("mcp.rate_limit.scope", "session");
+                        span.setAttribute("mcp.session.id", sessionId);
+                        return rateLimitErrorResult(name, sessionCheck, "session", sessionId);
+                    }
+                }
+            }
+            span.setAttribute("mcp.rate_limited", false);
+            return this.registry.dispatch(name, args ?? {});
+        }, {
+            attributes: {
+                "mcp.request.kind": "call_tool",
+                "mcp.tool.name": request.params.name,
+            },
+        }));
+    }
+    setupErrorHandling() {
+        this.server.onerror = (error) => {
+            logger.error("Server error", {
+                error: error instanceof Error ? error.message : String(error),
+            });
+        };
+    }
+    async run() {
+        const transport = new StdioServerTransport();
+        await this.connect(transport);
+    }
+    async connect(transport) {
+        await this.server.connect(transport);
+        logger.info("SSH MCP Server started successfully");
+    }
+}
+//# sourceMappingURL=mcp.js.map

package/dist/mcp.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"mcp.js","sourceRoot":"","sources":["../src/mcp.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AACnE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AAEjF,OAAO,EACL,qBAAqB,EACrB,sBAAsB,EACtB,0BAA0B,EAC1B,wBAAwB,EACxB,yBAAyB,EACzB,sBAAsB,GACvB,MAAM,oCAAoC,CAAC;AAE5C,OAAO,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AACtC,OAAO,EAAE,aAAa,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC7D,OAAO,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAC5D,OAAO,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AAC1C,OAAO,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;AAItD,MAAM,CAAC,MAAM,cAAc,GAAG,OAAO,CAAC,CAAC,2BAA2B;AAClE,MAAM,CAAC,MAAM,WAAW,GAAG,kCAAkC,CAAC;AAE9D,SAAS,oBAAoB,CAAC,IAAa;IACzC,IAAI,OAAO,IAAI,KAAK,QAAQ,IAAI,IAAI,KAAK,IAAI,IAAI,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QACrE,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,MAAM,SAAS,GAAI,IAAgC,CAAC,SAAS,CAAC;IAC9D,IAAI,OAAO,SAAS,KAAK,QAAQ,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAC5D,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAED,SAAS,oBAAoB,CAC3B,QAAgB,EAChB,SAA2C,EAC3C,KAA2B,EAC3B,SAAkB;IAElB,MAAM,OAAO,GAAG;QACd,KAAK,EAAE,IAAI;QACX,IAAI,EAAE,YAAY;QAClB,OAAO,EACL,KAAK,KAAK,SAAS,IAAI,SAAS;YAC9B,CAAC,CAAC,mCAAmC,SAAS,wBAAwB,QAAQ,EAAE;YAChF,CAAC,CAAC,iCAAiC,QAAQ,EAAE;QACjD,OAAO,EAAE,SAAS,CAAC,OAAO;QAC1B,KAAK;QACL,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;KACpC,CAAC;IAEF,OAAO;QACL,OAAO,EAAE;YACP;gBACE,IAAI,EAAE,MAAe;gBACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;aACvC;SACF;QACD,OAAO,EAAE,IAAI;KACd,CAAC;AACJ,CAAC;AAED,MAAM,OAAO,YAAY;IAKM;IAJZ,MAAM,CAAS;IACf,QAAQ,CAAwC;IAChD,WAAW,CAAc;IAE1C,YAA6B,SAAuB;QAAvB,cAAS,GAAT,SAAS,CAAc;QAClD,IAAI,CAAC,WAAW,GAAG,SAAS,CAAC,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC,WAAW,CAAC;QACjE,IAAI,CAAC,MAAM,GAAG,IAAI,MAAM,CACtB;YACE,IAAI,EAAE,WAAW;YACjB,OAAO,EAAE,cAAc;SACxB,EACD;YACE,YAAY,EAAE;gBACZ,KAAK,EAAE,EAAE;gBACT,SAAS,EAAE,EAAE;gBACb,OAAO,EAAE,EAAE;aACZ;SACF,CACF,CAAC;QACF,IAAI,CAAC,QAAQ,GAAG,kBAAkB,CAAC,SAAS,CAAC,CAAC;QAE9C,IAAI,CAAC,aAAa,EAAE,CAAC;QACrB,IAAI,CAAC,kBAAkB,EAAE,CAAC;IAC5B,CAAC;IAEO,aAAa;QACnB,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,0BAA0B,EAAE,KAAK,IAAI,EAAE,CACnE,QAAQ,CACN,oBAAoB,EACpB,KAAK,EAAE,IAAI,EAAE,EAAE;YACb,IAAI,CAAC,YAAY,CAAC,kBAAkB,EAAE,gBAAgB,CAAC,CAAC;YACxD,IAAI,CAAC,YAAY,CAAC,kBAAkB,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;YACxD,OAAO,aAAa,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACzC,CAAC,EACD;YACE,UAAU,EAAE;gBACV,kBAAkB,EAAE,gBAAgB;aACrC;SACF,CACF,CACF,CAAC;QAEF,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,yBAAyB,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,CACzE,QAAQ,CACN,mBAAmB,EACnB,KAAK,EAAE,IAAI,EAAE,EAAE;YACb,IAAI,CAAC,YAAY,CAAC,kBAAkB,EAAE,eAAe,CAAC,CAAC;YACvD,IAAI,CAAC,YAAY,CAAC,kBAAkB,EAAE,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAC1D,IAAI,CAAC,YAAY,CAAC,kBAAkB,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;YACxD,OAAO,YAAY,CAAC,OAAO,CAAC,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;QAC5E,CAAC,EACD;YACE,UAAU,EAAE;gBACV,kBAAkB,EAAE,eAAe;gBACnC,kBAAkB,EAAE,OAAO,CAAC,MAAM,CAAC,GAAG;aACvC;SACF,CACF,CACF,CAAC;QAEF,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,wBAAwB,EAAE,KAAK,IAAI,EAAE,CACjE,QAAQ,CACN,kBAAkB,EAClB,KAAK,EAAE,IAAI,EAAE,EAAE;YACb,IAAI,CAAC,YAAY,CAAC,kBAAkB,EAAE,cAAc,CAAC,CAAC;YACtD,IAAI,CAAC,YAAY,CAAC,kBAAkB,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;YACxD,OAAO,cAAc,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAC1C,CAAC,EACD;YACE,UAAU,EAAE;gBACV,kBAAkB,EAAE,cAAc;aACnC;SACF,CACF,CACF,CAAC;QAEF,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,sBAAsB,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,CACtE,QAAQ,CACN,gBAAgB,EAChB,KAAK,EAAE,IAAI,EAAE,EAAE;YACb,IAAI,CAAC,YAAY,CAAC,kBAAkB,EAAE,YAAY,CAAC,CAAC;YACpD,IAAI,CAAC,YAAY,CAAC,iBAAiB,EAAE,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YAC1D,IAAI,CAAC,YAAY,CAAC,kBAAkB,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC;YACxD,OAAO,YAAY,CACjB,OAAO,CAAC,MAAM,CAAC,IAAI,EACnB,OAAO,CAAC,MAAM,CAAC,SAAS,IAAI,EAAE,EAC9B,IAAI,CAAC,WAAW,CACjB,CAAC;QACJ,CAAC,EACD;YACE,UAAU,EAAE;gBACV,kBAAkB,EAAE,YAAY;gBAChC,iBAAiB,EAAE,OAAO,CAAC,MAAM,CAAC,IAAI;aACvC;SACF,CACF,CACF,CAAC;QAEF,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,sBAAsB,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC;YACjE,KAAK,EAAE,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE;SACnC,CAAC,CAAC,CAAC;QAEJ,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,qBAAqB,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE,CACrE,QAAQ,CACN,eAAe,EACf,KAAK,EAAE,IAAI,EAAE,EAAE;YACb,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC;YAEjD,IAAI,CAAC,YAAY,CAAC,kBAAkB,EAAE,WAAW,CAAC,CAAC;YACnD,IAAI,CAAC,YAAY,CAAC,eAAe,EAAE,IAAI,CAAC,CAAC;YAEzC,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;YACzD,IAAI,SAAS,CAAC,OAAO,EAAE,CAAC;gBACtB,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;gBAC7D,IAAI,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;oBACvB,IAAI,CAAC,YAAY,CAAC,kBAAkB,EAAE,IAAI,CAAC,CAAC;oBAC5C,IAAI,CAAC,YAAY,CAAC,sBAAsB,EAAE,QAAQ,CAAC,CAAC;oBACpD,OAAO,oBAAoB,CAAC,IAAI,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;gBACzD,CAAC;gBAED,MAAM,SAAS,GAAG,oBAAoB,CAAC,IAAI,CAAC,CAAC;gBAC7C,IAAI,SAAS,IAAI,SAAS,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC;oBAC9C,MAAM,YAAY,GAAG,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,KAAK,CAAC,WAAW,SAAS,EAAE,EAAE;wBAC5E,WAAW,EAAE,SAAS,CAAC,UAAU,CAAC,WAAW;wBAC7C,QAAQ,EAAE,SAAS,CAAC,UAAU,CAAC,QAAQ;qBACxC,CAAC,CAAC;oBACH,IAAI,CAAC,YAAY,CAAC,OAAO,EAAE,CAAC;wBAC1B,IAAI,CAAC,YAAY,CAAC,kBAAkB,EAAE,IAAI,CAAC,CAAC;wBAC5C,IAAI,CAAC,YAAY,CAAC,sBAAsB,EAAE,SAAS,CAAC,CAAC;wBACrD,IAAI,CAAC,YAAY,CAAC,gBAAgB,EAAE,SAAS,CAAC,CAAC;wBAC/C,OAAO,oBAAoB,CAAC,IAAI,EAAE,YAAY,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;oBACxE,CAAC;gBACH,CAAC;YACH,CAAC;YAED,IAAI,CAAC,YAAY,CAAC,kBAAkB,EAAE,KAAK,CAAC,CAAC;YAC7C,OAAO,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,EAAE,IAAI,IAAI,EAAE,CAAC,CAAC;QAClD,CAAC,EACD;YACE,UAAU,EAAE;gBACV,kBAAkB,EAAE,WAAW;gBAC/B,eAAe,EAAE,OAAO,CAAC,MAAM,CAAC,IAAI;aACrC;SACF,CACF,CACF,CAAC;IACJ,CAAC;IAEO,kBAAkB;QACxB,IAAI,CAAC,MAAM,CAAC,OAAO,GAAG,CAAC,KAAK,EAAE,EAAE;YAC9B,MAAM,CAAC,KAAK,CAAC,cAAc,EAAE;gBAC3B,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;aAC9D,CAAC,CAAC;QACL,CAAC,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,GAAG;QACP,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;QAC7C,MAAM,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAChC,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,SAAoB;QAChC,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QACrC,MAAM,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC;IACrD,CAAC;CACF"}

package/dist/metrics.d.ts

@@ -0,0 +1,95 @@
+/**
+ * Metrics data structure
+ */
+export interface Metrics {
+    sessions: {
+        created: number;
+        closed: number;
+        active: number;
+        errors: number;
+    };
+    commands: {
+        executed: number;
+        successful: number;
+        failed: number;
+        totalDurationMs: number;
+        avgDurationMs: number;
+    };
+    files: {
+        reads: number;
+        writes: number;
+        deletes: number;
+        bytesRead: number;
+        bytesWritten: number;
+    };
+    transfers: {
+        uploads: number;
+        downloads: number;
+        bytesUploaded: number;
+        bytesDownloaded: number;
+    };
+    tunnels: {
+        opened: number;
+        closed: number;
+        active: number;
+        errors: number;
+    };
+    policy: {
+        allowed: number;
+        denied: number;
+        explainOnly: number;
+    };
+    uptime: number;
+    startedAt: number;
+}
+/**
+ * Metrics collector for monitoring and observability
+ */
+export declare class MetricsCollector {
+    private metrics;
+    constructor();
+    private createEmptyMetrics;
+    /**
+     * Record session creation
+     */
+    recordSessionCreated(): void;
+    /**
+     * Record session closed
+     */
+    recordSessionClosed(): void;
+    /**
+     * Record session error
+     */
+    recordSessionError(): void;
+    /**
+     * Record command execution
+     */
+    recordCommand(durationMs: number, success: boolean): void;
+    /**
+     * Record file read
+     */
+    recordFileRead(bytes: number): void;
+    /**
+     * Record file write
+     */
+    recordFileWrite(bytes: number): void;
+    recordFileDelete(): void;
+    recordTransfer(kind: "upload" | "download", bytes: number): void;
+    recordTunnelOpened(): void;
+    recordTunnelClosed(): void;
+    recordTunnelError(): void;
+    recordPolicyDecision(allowed: boolean, mode: "enforce" | "explain"): void;
+    /**
+     * Get current metrics
+     */
+    getMetrics(): Metrics;
+    /**
+     * Export metrics in Prometheus format
+     */
+    exportPrometheus(): string;
+    /**
+     * Reset all metrics
+     */
+    reset(): void;
+}
+//# sourceMappingURL=metrics.d.ts.map

package/dist/metrics.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"metrics.d.ts","sourceRoot":"","sources":["../src/metrics.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,MAAM,WAAW,OAAO;IACtB,QAAQ,EAAE;QACR,OAAO,EAAE,MAAM,CAAC;QAChB,MAAM,EAAE,MAAM,CAAC;QACf,MAAM,EAAE,MAAM,CAAC;QACf,MAAM,EAAE,MAAM,CAAC;KAChB,CAAC;IACF,QAAQ,EAAE;QACR,QAAQ,EAAE,MAAM,CAAC;QACjB,UAAU,EAAE,MAAM,CAAC;QACnB,MAAM,EAAE,MAAM,CAAC;QACf,eAAe,EAAE,MAAM,CAAC;QACxB,aAAa,EAAE,MAAM,CAAC;KACvB,CAAC;IACF,KAAK,EAAE;QACL,KAAK,EAAE,MAAM,CAAC;QACd,MAAM,EAAE,MAAM,CAAC;QACf,OAAO,EAAE,MAAM,CAAC;QAChB,SAAS,EAAE,MAAM,CAAC;QAClB,YAAY,EAAE,MAAM,CAAC;KACtB,CAAC;IACF,SAAS,EAAE;QACT,OAAO,EAAE,MAAM,CAAC;QAChB,SAAS,EAAE,MAAM,CAAC;QAClB,aAAa,EAAE,MAAM,CAAC;QACtB,eAAe,EAAE,MAAM,CAAC;KACzB,CAAC;IACF,OAAO,EAAE;QACP,MAAM,EAAE,MAAM,CAAC;QACf,MAAM,EAAE,MAAM,CAAC;QACf,MAAM,EAAE,MAAM,CAAC;QACf,MAAM,EAAE,MAAM,CAAC;KAChB,CAAC;IACF,MAAM,EAAE;QACN,OAAO,EAAE,MAAM,CAAC;QAChB,MAAM,EAAE,MAAM,CAAC;QACf,WAAW,EAAE,MAAM,CAAC;KACrB,CAAC;IACF,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,MAAM,CAAC;CACnB;AAED;;GAEG;AACH,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,OAAO,CAAU;;IAMzB,OAAO,CAAC,kBAAkB;IAmB1B;;OAEG;IACH,oBAAoB,IAAI,IAAI;IAQ5B;;OAEG;IACH,mBAAmB,IAAI,IAAI;IAQ3B;;OAEG;IACH,kBAAkB,IAAI,IAAI;IAI1B;;OAEG;IACH,aAAa,CAAC,UAAU,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,GAAG,IAAI;IAazD;;OAEG;IACH,cAAc,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI;IAKnC;;OAEG;IACH,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI;IAKpC,gBAAgB,IAAI,IAAI;IAIxB,cAAc,CAAC,IAAI,EAAE,QAAQ,GAAG,UAAU,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI;IAWhE,kBAAkB,IAAI,IAAI;IAK1B,kBAAkB,IAAI,IAAI;IAK1B,iBAAiB,IAAI,IAAI;IAIzB,oBAAoB,CAAC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,SAAS,GAAG,SAAS,GAAG,IAAI;IAazE;;OAEG;IACH,UAAU,IAAI,OAAO;IAarB;;OAEG;IACH,gBAAgB,IAAI,MAAM;IA8D1B;;OAEG;IACH,KAAK,IAAI,IAAI;CAId"}

package/dist/metrics.js

@@ -0,0 +1,204 @@
+import { logger } from "./logging.js";
+/**
+ * Metrics collector for monitoring and observability
+ */
+export class MetricsCollector {
+    metrics;
+    constructor() {
+        this.metrics = this.createEmptyMetrics();
+    }
+    createEmptyMetrics() {
+        return {
+            sessions: { created: 0, closed: 0, active: 0, errors: 0 },
+            commands: {
+                executed: 0,
+                successful: 0,
+                failed: 0,
+                totalDurationMs: 0,
+                avgDurationMs: 0,
+            },
+            files: { reads: 0, writes: 0, deletes: 0, bytesRead: 0, bytesWritten: 0 },
+            transfers: { uploads: 0, downloads: 0, bytesUploaded: 0, bytesDownloaded: 0 },
+            tunnels: { opened: 0, closed: 0, active: 0, errors: 0 },
+            policy: { allowed: 0, denied: 0, explainOnly: 0 },
+            uptime: 0,
+            startedAt: Date.now(),
+        };
+    }
+    /**
+     * Record session creation
+     */
+    recordSessionCreated() {
+        this.metrics.sessions.created++;
+        this.metrics.sessions.active++;
+        logger.debug("Metrics: session created", {
+            active: this.metrics.sessions.active,
+        });
+    }
+    /**
+     * Record session closed
+     */
+    recordSessionClosed() {
+        this.metrics.sessions.closed++;
+        this.metrics.sessions.active = Math.max(0, this.metrics.sessions.active - 1);
+        logger.debug("Metrics: session closed", {
+            active: this.metrics.sessions.active,
+        });
+    }
+    /**
+     * Record session error
+     */
+    recordSessionError() {
+        this.metrics.sessions.errors++;
+    }
+    /**
+     * Record command execution
+     */
+    recordCommand(durationMs, success) {
+        this.metrics.commands.executed++;
+        this.metrics.commands.totalDurationMs += durationMs;
+        this.metrics.commands.avgDurationMs =
+            this.metrics.commands.totalDurationMs / this.metrics.commands.executed;
+        if (success) {
+            this.metrics.commands.successful++;
+        }
+        else {
+            this.metrics.commands.failed++;
+        }
+    }
+    /**
+     * Record file read
+     */
+    recordFileRead(bytes) {
+        this.metrics.files.reads++;
+        this.metrics.files.bytesRead += bytes;
+    }
+    /**
+     * Record file write
+     */
+    recordFileWrite(bytes) {
+        this.metrics.files.writes++;
+        this.metrics.files.bytesWritten += bytes;
+    }
+    recordFileDelete() {
+        this.metrics.files.deletes++;
+    }
+    recordTransfer(kind, bytes) {
+        if (kind === "upload") {
+            this.metrics.transfers.uploads++;
+            this.metrics.transfers.bytesUploaded += bytes;
+            return;
+        }
+        this.metrics.transfers.downloads++;
+        this.metrics.transfers.bytesDownloaded += bytes;
+    }
+    recordTunnelOpened() {
+        this.metrics.tunnels.opened++;
+        this.metrics.tunnels.active++;
+    }
+    recordTunnelClosed() {
+        this.metrics.tunnels.closed++;
+        this.metrics.tunnels.active = Math.max(0, this.metrics.tunnels.active - 1);
+    }
+    recordTunnelError() {
+        this.metrics.tunnels.errors++;
+    }
+    recordPolicyDecision(allowed, mode) {
+        if (mode === "explain") {
+            this.metrics.policy.explainOnly++;
+            return;
+        }
+        if (allowed) {
+            this.metrics.policy.allowed++;
+        }
+        else {
+            this.metrics.policy.denied++;
+        }
+    }
+    /**
+     * Get current metrics
+     */
+    getMetrics() {
+        return {
+            ...this.metrics,
+            sessions: { ...this.metrics.sessions },
+            commands: { ...this.metrics.commands },
+            files: { ...this.metrics.files },
+            transfers: { ...this.metrics.transfers },
+            tunnels: { ...this.metrics.tunnels },
+            policy: { ...this.metrics.policy },
+            uptime: Date.now() - this.metrics.startedAt,
+        };
+    }
+    /**
+     * Export metrics in Prometheus format
+     */
+    exportPrometheus() {
+        const m = this.getMetrics();
+        const lines = [
+            "# HELP ssh_mcp_sessions_total Total number of SSH sessions",
+            "# TYPE ssh_mcp_sessions_total counter",
+            `ssh_mcp_sessions_created ${m.sessions.created}`,
+            `ssh_mcp_sessions_closed ${m.sessions.closed}`,
+            `ssh_mcp_sessions_errors ${m.sessions.errors}`,
+            "",
+            "# HELP ssh_mcp_sessions_active Current active sessions",
+            "# TYPE ssh_mcp_sessions_active gauge",
+            `ssh_mcp_sessions_active ${m.sessions.active}`,
+            "",
+            "# HELP ssh_mcp_commands_total Total number of commands executed",
+            "# TYPE ssh_mcp_commands_total counter",
+            `ssh_mcp_commands_executed ${m.commands.executed}`,
+            `ssh_mcp_commands_successful ${m.commands.successful}`,
+            `ssh_mcp_commands_failed ${m.commands.failed}`,
+            "",
+            "# HELP ssh_mcp_command_duration_ms Average command duration",
+            "# TYPE ssh_mcp_command_duration_ms gauge",
+            `ssh_mcp_command_duration_avg_ms ${m.commands.avgDurationMs.toFixed(2)}`,
+            "",
+            "# HELP ssh_mcp_files_total File operations",
+            "# TYPE ssh_mcp_files_total counter",
+            `ssh_mcp_files_reads ${m.files.reads}`,
+            `ssh_mcp_files_writes ${m.files.writes}`,
+            `ssh_mcp_files_deletes ${m.files.deletes}`,
+            `ssh_mcp_files_bytes_read ${m.files.bytesRead}`,
+            `ssh_mcp_files_bytes_written ${m.files.bytesWritten}`,
+            "",
+            "# HELP ssh_mcp_transfers_total File transfer operations",
+            "# TYPE ssh_mcp_transfers_total counter",
+            `ssh_mcp_transfers_uploads ${m.transfers.uploads}`,
+            `ssh_mcp_transfers_downloads ${m.transfers.downloads}`,
+            `ssh_mcp_transfers_bytes_uploaded ${m.transfers.bytesUploaded}`,
+            `ssh_mcp_transfers_bytes_downloaded ${m.transfers.bytesDownloaded}`,
+            "",
+            "# HELP ssh_mcp_tunnels_total SSH tunnel lifecycle events",
+            "# TYPE ssh_mcp_tunnels_total counter",
+            `ssh_mcp_tunnels_opened ${m.tunnels.opened}`,
+            `ssh_mcp_tunnels_closed ${m.tunnels.closed}`,
+            `ssh_mcp_tunnels_errors ${m.tunnels.errors}`,
+            "",
+            "# HELP ssh_mcp_tunnels_active Active SSH tunnels",
+            "# TYPE ssh_mcp_tunnels_active gauge",
+            `ssh_mcp_tunnels_active ${m.tunnels.active}`,
+            "",
+            "# HELP ssh_mcp_policy_decisions_total Policy decisions",
+            "# TYPE ssh_mcp_policy_decisions_total counter",
+            `ssh_mcp_policy_allowed ${m.policy.allowed}`,
+            `ssh_mcp_policy_denied ${m.policy.denied}`,
+            `ssh_mcp_policy_explain_only ${m.policy.explainOnly}`,
+            "",
+            "# HELP ssh_mcp_uptime_ms Server uptime in milliseconds",
+            "# TYPE ssh_mcp_uptime_ms gauge",
+            `ssh_mcp_uptime_ms ${m.uptime}`,
+        ];
+        return lines.join("\n");
+    }
+    /**
+     * Reset all metrics
+     */
+    reset() {
+        this.metrics = this.createEmptyMetrics();
+        logger.info("Metrics reset");
+    }
+}
+//# sourceMappingURL=metrics.js.map

package/dist/metrics.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"metrics.js","sourceRoot":"","sources":["../src/metrics.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,cAAc,CAAC;AA+CtC;;GAEG;AACH,MAAM,OAAO,gBAAgB;IACnB,OAAO,CAAU;IAEzB;QACE,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,kBAAkB,EAAE,CAAC;IAC3C,CAAC;IAEO,kBAAkB;QACxB,OAAO;YACL,QAAQ,EAAE,EAAE,OAAO,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE;YACzD,QAAQ,EAAE;gBACR,QAAQ,EAAE,CAAC;gBACX,UAAU,EAAE,CAAC;gBACb,MAAM,EAAE,CAAC;gBACT,eAAe,EAAE,CAAC;gBAClB,aAAa,EAAE,CAAC;aACjB;YACD,KAAK,EAAE,EAAE,KAAK,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,SAAS,EAAE,CAAC,EAAE,YAAY,EAAE,CAAC,EAAE;YACzE,SAAS,EAAE,EAAE,OAAO,EAAE,CAAC,EAAE,SAAS,EAAE,CAAC,EAAE,aAAa,EAAE,CAAC,EAAE,eAAe,EAAE,CAAC,EAAE;YAC7E,OAAO,EAAE,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE;YACvD,MAAM,EAAE,EAAE,OAAO,EAAE,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,WAAW,EAAE,CAAC,EAAE;YACjD,MAAM,EAAE,CAAC;YACT,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;SACtB,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,oBAAoB;QAClB,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,OAAO,EAAE,CAAC;QAChC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;QAC/B,MAAM,CAAC,KAAK,CAAC,0BAA0B,EAAE;YACvC,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM;SACrC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,mBAAmB;QACjB,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;QAC/B,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QAC7E,MAAM,CAAC,KAAK,CAAC,yBAAyB,EAAE;YACtC,MAAM,EAAE,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM;SACrC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,kBAAkB;QAChB,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;IACjC,CAAC;IAED;;OAEG;IACH,aAAa,CAAC,UAAkB,EAAE,OAAgB;QAChD,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,EAAE,CAAC;QACjC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,eAAe,IAAI,UAAU,CAAC;QACpD,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,aAAa;YACjC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,eAAe,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC;QAEzE,IAAI,OAAO,EAAE,CAAC;YACZ,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,UAAU,EAAE,CAAC;QACrC,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC;QACjC,CAAC;IACH,CAAC;IAED;;OAEG;IACH,cAAc,CAAC,KAAa;QAC1B,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;QAC3B,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,SAAS,IAAI,KAAK,CAAC;IACxC,CAAC;IAED;;OAEG;IACH,eAAe,CAAC,KAAa;QAC3B,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC;QAC5B,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,YAAY,IAAI,KAAK,CAAC;IAC3C,CAAC;IAED,gBAAgB;QACd,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;IAC/B,CAAC;IAED,cAAc,CAAC,IAA2B,EAAE,KAAa;QACvD,IAAI,IAAI,KAAK,QAAQ,EAAE,CAAC;YACtB,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,OAAO,EAAE,CAAC;YACjC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,aAAa,IAAI,KAAK,CAAC;YAC9C,OAAO;QACT,CAAC;QAED,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,SAAS,EAAE,CAAC;QACnC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,eAAe,IAAI,KAAK,CAAC;IAClD,CAAC;IAED,kBAAkB;QAChB,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;QAC9B,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;IAChC,CAAC;IAED,kBAAkB;QAChB,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;QAC9B,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC7E,CAAC;IAED,iBAAiB;QACf,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;IAChC,CAAC;IAED,oBAAoB,CAAC,OAAgB,EAAE,IAA2B;QAChE,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;YACvB,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;YAClC,OAAO;QACT,CAAC;QAED,IAAI,OAAO,EAAE,CAAC;YACZ,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QAChC,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QAC/B,CAAC;IACH,CAAC;IAED;;OAEG;IACH,UAAU;QACR,OAAO;YACL,GAAG,IAAI,CAAC,OAAO;YACf,QAAQ,EAAE,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE;YACtC,QAAQ,EAAE,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE;YACtC,KAAK,EAAE,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE;YAChC,SAAS,EAAE,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE;YACxC,OAAO,EAAE,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC,OAAO,EAAE;YACpC,MAAM,EAAE,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,EAAE;YAClC,MAAM,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,OAAO,CAAC,SAAS;SAC5C,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,gBAAgB;QACd,MAAM,CAAC,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;QAC5B,MAAM,KAAK,GAAa;YACtB,4DAA4D;YAC5D,uCAAuC;YACvC,4BAA4B,CAAC,CAAC,QAAQ,CAAC,OAAO,EAAE;YAChD,2BAA2B,CAAC,CAAC,QAAQ,CAAC,MAAM,EAAE;YAC9C,2BAA2B,CAAC,CAAC,QAAQ,CAAC,MAAM,EAAE;YAC9C,EAAE;YACF,wDAAwD;YACxD,sCAAsC;YACtC,2BAA2B,CAAC,CAAC,QAAQ,CAAC,MAAM,EAAE;YAC9C,EAAE;YACF,iEAAiE;YACjE,uCAAuC;YACvC,6BAA6B,CAAC,CAAC,QAAQ,CAAC,QAAQ,EAAE;YAClD,+BAA+B,CAAC,CAAC,QAAQ,CAAC,UAAU,EAAE;YACtD,2BAA2B,CAAC,CAAC,QAAQ,CAAC,MAAM,EAAE;YAC9C,EAAE;YACF,6DAA6D;YAC7D,0CAA0C;YAC1C,mCAAmC,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE;YACxE,EAAE;YACF,4CAA4C;YAC5C,oCAAoC;YACpC,uBAAuB,CAAC,CAAC,KAAK,CAAC,KAAK,EAAE;YACtC,wBAAwB,CAAC,CAAC,KAAK,CAAC,MAAM,EAAE;YACxC,yBAAyB,CAAC,CAAC,KAAK,CAAC,OAAO,EAAE;YAC1C,4BAA4B,CAAC,CAAC,KAAK,CAAC,SAAS,EAAE;YAC/C,+BAA+B,CAAC,CAAC,KAAK,CAAC,YAAY,EAAE;YACrD,EAAE;YACF,yDAAyD;YACzD,wCAAwC;YACxC,6BAA6B,CAAC,CAAC,SAAS,CAAC,OAAO,EAAE;YAClD,+BAA+B,CAAC,CAAC,SAAS,CAAC,SAAS,EAAE;YACtD,oCAAoC,CAAC,CAAC,SAAS,CAAC,aAAa,EAAE;YAC/D,sCAAsC,CAAC,CAAC,SAAS,CAAC,eAAe,EAAE;YACnE,EAAE;YACF,0DAA0D;YAC1D,sCAAsC;YACtC,0BAA0B,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE;YAC5C,0BAA0B,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE;YAC5C,0BAA0B,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE;YAC5C,EAAE;YACF,kDAAkD;YAClD,qCAAqC;YACrC,0BAA0B,CAAC,CAAC,OAAO,CAAC,MAAM,EAAE;YAC5C,EAAE;YACF,wDAAwD;YACxD,+CAA+C;YAC/C,0BAA0B,CAAC,CAAC,MAAM,CAAC,OAAO,EAAE;YAC5C,yBAAyB,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE;YAC1C,+BAA+B,CAAC,CAAC,MAAM,CAAC,WAAW,EAAE;YACrD,EAAE;YACF,wDAAwD;YACxD,gCAAgC;YAChC,qBAAqB,CAAC,CAAC,MAAM,EAAE;SAChC,CAAC;QAEF,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1B,CAAC;IAED;;OAEG;IACH,KAAK;QACH,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACzC,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;IAC/B,CAAC;CACF"}

package/dist/oauth.d.ts

@@ -0,0 +1,14 @@
+export interface OAuthVerificationConfig {
+    issuer?: string;
+    audience?: string;
+    jwksUrl?: string;
+    requiredScopes: string[];
+    allowedAlgorithms?: string[];
+    jwksTimeoutMs?: number;
+    jwksCooldownMs?: number;
+    jwksCacheMaxAgeMs?: number;
+}
+export declare function isOAuthAuthorizationValid(authorization: string | undefined, config: OAuthVerificationConfig): Promise<boolean>;
+export declare function verifyOAuthAuthorization(authorization: string | undefined, config: OAuthVerificationConfig): Promise<Record<string, unknown>>;
+export declare function normalizeOAuthError(error: unknown): Error;
+//# sourceMappingURL=oauth.d.ts.map

package/dist/oauth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth.d.ts","sourceRoot":"","sources":["../src/oauth.ts"],"names":[],"mappings":"AASA,MAAM,WAAW,uBAAuB;IACtC,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,cAAc,EAAE,MAAM,EAAE,CAAC;IACzB,iBAAiB,CAAC,EAAE,MAAM,EAAE,CAAC;IAC7B,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,iBAAiB,CAAC,EAAE,MAAM,CAAC;CAC5B;AAQD,wBAAsB,yBAAyB,CAC7C,aAAa,EAAE,MAAM,GAAG,SAAS,EACjC,MAAM,EAAE,uBAAuB,GAC9B,OAAO,CAAC,OAAO,CAAC,CAOlB;AAED,wBAAsB,wBAAwB,CAC5C,aAAa,EAAE,MAAM,GAAG,SAAS,EACjC,MAAM,EAAE,uBAAuB,GAC9B,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CA4BlC;AAkED,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,OAAO,GAAG,KAAK,CAKzD"}

package/dist/oauth.js

@@ -0,0 +1,105 @@
+import { createRemoteJWKSet, errors as joseErrors, jwtVerify, } from "jose";
+import { extractBearerToken } from "./auth.js";
+const DEFAULT_ALLOWED_ALGORITHMS = ["RS256"];
+const DEFAULT_JWKS_TIMEOUT_MS = 5000;
+const DEFAULT_JWKS_COOLDOWN_MS = 30_000;
+const DEFAULT_JWKS_CACHE_MAX_AGE_MS = 300_000;
+const jwksCache = new Map();
+export async function isOAuthAuthorizationValid(authorization, config) {
+    try {
+        await verifyOAuthAuthorization(authorization, config);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+export async function verifyOAuthAuthorization(authorization, config) {
+    if (!config.issuer || !config.audience || !config.jwksUrl) {
+        throw new Error("OAuth issuer, audience, and JWKS URL are required");
+    }
+    const token = extractBearerToken(authorization);
+    if (!token) {
+        throw new Error("Missing bearer token");
+    }
+    const algorithms = config.allowedAlgorithms ?? DEFAULT_ALLOWED_ALGORITHMS;
+    const { payload, protectedHeader } = await jwtVerify(token, getJwks(config), {
+        issuer: config.issuer,
+        audience: config.audience,
+        algorithms,
+        clockTolerance: "5s",
+        requiredClaims: ["iss", "aud", "exp", "iat"],
+    });
+    if (!protectedHeader.kid) {
+        throw new Error("JWT kid is required");
+    }
+    if (!protectedHeader.alg || !algorithms.includes(protectedHeader.alg)) {
+        throw new Error("Unsupported JWT algorithm");
+    }
+    validateClaims(payload, config);
+    return payload;
+}
+function getJwks(config) {
+    const key = [
+        config.jwksUrl,
+        config.jwksTimeoutMs ?? DEFAULT_JWKS_TIMEOUT_MS,
+        config.jwksCooldownMs ?? DEFAULT_JWKS_COOLDOWN_MS,
+        config.jwksCacheMaxAgeMs ?? DEFAULT_JWKS_CACHE_MAX_AGE_MS,
+    ].join("|");
+    const cached = jwksCache.get(key);
+    if (cached) {
+        return cached;
+    }
+    const jwks = createRemoteJWKSet(new URL(config.jwksUrl ?? ""), {
+        timeoutDuration: config.jwksTimeoutMs ?? DEFAULT_JWKS_TIMEOUT_MS,
+        cooldownDuration: config.jwksCooldownMs ?? DEFAULT_JWKS_COOLDOWN_MS,
+        cacheMaxAge: config.jwksCacheMaxAgeMs ?? DEFAULT_JWKS_CACHE_MAX_AGE_MS,
+    });
+    jwksCache.set(key, jwks);
+    return jwks;
+}
+function validateClaims(payload, config) {
+    if (payload.iss !== config.issuer) {
+        throw new Error("JWT issuer mismatch");
+    }
+    if (!audienceMatches(payload.aud, config.audience ?? "")) {
+        throw new Error("JWT audience mismatch");
+    }
+    const scopes = extractScopes(payload);
+    for (const requiredScope of config.requiredScopes) {
+        if (!scopes.has(requiredScope)) {
+            throw new Error("JWT required scope is missing");
+        }
+    }
+}
+function audienceMatches(audience, expected) {
+    return audience === expected || (Array.isArray(audience) && audience.includes(expected));
+}
+function extractScopes(payload) {
+    const scopes = new Set();
+    if (typeof payload.scope === "string") {
+        for (const scope of payload.scope.split(/\s+/).filter(Boolean)) {
+            scopes.add(scope);
+        }
+    }
+    if (typeof payload.scp === "string") {
+        for (const scope of payload.scp.split(/\s+/).filter(Boolean)) {
+            scopes.add(scope);
+        }
+    }
+    if (Array.isArray(payload.scp)) {
+        for (const scope of payload.scp) {
+            if (typeof scope === "string") {
+                scopes.add(scope);
+            }
+        }
+    }
+    return scopes;
+}
+export function normalizeOAuthError(error) {
+    if (error instanceof joseErrors.JOSEError) {
+        return new Error(error.message);
+    }
+    return error instanceof Error ? error : new Error(String(error));
+}
+//# sourceMappingURL=oauth.js.map

package/dist/oauth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth.js","sourceRoot":"","sources":["../src/oauth.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,kBAAkB,EAClB,MAAM,IAAI,UAAU,EACpB,SAAS,GAGV,MAAM,MAAM,CAAC;AACd,OAAO,EAAE,kBAAkB,EAAE,MAAM,WAAW,CAAC;AAa/C,MAAM,0BAA0B,GAAG,CAAC,OAAO,CAAC,CAAC;AAC7C,MAAM,uBAAuB,GAAG,IAAI,CAAC;AACrC,MAAM,wBAAwB,GAAG,MAAM,CAAC;AACxC,MAAM,6BAA6B,GAAG,OAAO,CAAC;AAC9C,MAAM,SAAS,GAAG,IAAI,GAAG,EAA2B,CAAC;AAErD,MAAM,CAAC,KAAK,UAAU,yBAAyB,CAC7C,aAAiC,EACjC,MAA+B;IAE/B,IAAI,CAAC;QACH,MAAM,wBAAwB,CAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QACtD,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAC5C,aAAiC,EACjC,MAA+B;IAE/B,IAAI,CAAC,MAAM,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,QAAQ,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QAC1D,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAC;IACvE,CAAC;IAED,MAAM,KAAK,GAAG,kBAAkB,CAAC,aAAa,CAAC,CAAC;IAChD,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;IAC1C,CAAC;IAED,MAAM,UAAU,GAAG,MAAM,CAAC,iBAAiB,IAAI,0BAA0B,CAAC;IAC1E,MAAM,EAAE,OAAO,EAAE,eAAe,EAAE,GAAG,MAAM,SAAS,CAAC,KAAK,EAAE,OAAO,CAAC,MAAM,CAAC,EAAE;QAC3E,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,UAAU;QACV,cAAc,EAAE,IAAI;QACpB,cAAc,EAAE,CAAC,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,CAAC;KAC7C,CAAC,CAAC;IAEH,IAAI,CAAC,eAAe,CAAC,GAAG,EAAE,CAAC;QACzB,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;IACzC,CAAC;IACD,IAAI,CAAC,eAAe,CAAC,GAAG,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,eAAe,CAAC,GAAG,CAAC,EAAE,CAAC;QACtE,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;IAC/C,CAAC;IAED,cAAc,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAChC,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,SAAS,OAAO,CAAC,MAA+B;IAC9C,MAAM,GAAG,GAAG;QACV,MAAM,CAAC,OAAO;QACd,MAAM,CAAC,aAAa,IAAI,uBAAuB;QAC/C,MAAM,CAAC,cAAc,IAAI,wBAAwB;QACjD,MAAM,CAAC,iBAAiB,IAAI,6BAA6B;KAC1D,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAEZ,MAAM,MAAM,GAAG,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;IAClC,IAAI,MAAM,EAAE,CAAC;QACX,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,MAAM,IAAI,GAAG,kBAAkB,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,OAAO,IAAI,EAAE,CAAC,EAAE;QAC7D,eAAe,EAAE,MAAM,CAAC,aAAa,IAAI,uBAAuB;QAChE,gBAAgB,EAAE,MAAM,CAAC,cAAc,IAAI,wBAAwB;QACnE,WAAW,EAAE,MAAM,CAAC,iBAAiB,IAAI,6BAA6B;KACvE,CAAC,CAAC;IACH,SAAS,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;IACzB,OAAO,IAAI,CAAC;AACd,CAAC;AAED,SAAS,cAAc,CAAC,OAAmB,EAAE,MAA+B;IAC1E,IAAI,OAAO,CAAC,GAAG,KAAK,MAAM,CAAC,MAAM,EAAE,CAAC;QAClC,MAAM,IAAI,KAAK,CAAC,qBAAqB,CAAC,CAAC;IACzC,CAAC;IACD,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,GAAG,EAAE,MAAM,CAAC,QAAQ,IAAI,EAAE,CAAC,EAAE,CAAC;QACzD,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC,CAAC;IAC3C,CAAC;IAED,MAAM,MAAM,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;IACtC,KAAK,MAAM,aAAa,IAAI,MAAM,CAAC,cAAc,EAAE,CAAC;QAClD,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,aAAa,CAAC,EAAE,CAAC;YAC/B,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;QACnD,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,eAAe,CAAC,QAAiB,EAAE,QAAgB;IAC1D,OAAO,QAAQ,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;AAC3F,CAAC;AAED,SAAS,aAAa,CAAC,OAAmB;IACxC,MAAM,MAAM,GAAG,IAAI,GAAG,EAAU,CAAC;IACjC,IAAI,OAAO,OAAO,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;QACtC,KAAK,MAAM,KAAK,IAAI,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;YAC/D,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACpB,CAAC;IACH,CAAC;IACD,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;QACpC,KAAK,MAAM,KAAK,IAAI,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;YAC7D,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACpB,CAAC;IACH,CAAC;IACD,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QAC/B,KAAK,MAAM,KAAK,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;YAChC,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;gBAC9B,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;YACpB,CAAC;QACH,CAAC;IACH,CAAC;IACD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,KAAc;IAChD,IAAI,KAAK,YAAY,UAAU,CAAC,SAAS,EAAE,CAAC;QAC1C,OAAO,IAAI,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAClC,CAAC;IACD,OAAO,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;AACnE,CAAC"}