PyPI - PraisonAI - Versions diffs - 3.0.0__py3-none-any.whl - Mend

PraisonAI 3.0.0__py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (393) hide show

praisonai/__init__.py +54 -0
praisonai/__main__.py +15 -0
praisonai/acp/__init__.py +54 -0
praisonai/acp/config.py +159 -0
praisonai/acp/server.py +587 -0
praisonai/acp/session.py +219 -0
praisonai/adapters/__init__.py +50 -0
praisonai/adapters/readers.py +395 -0
praisonai/adapters/rerankers.py +315 -0
praisonai/adapters/retrievers.py +394 -0
praisonai/adapters/vector_stores.py +409 -0
praisonai/agent_scheduler.py +337 -0
praisonai/agents_generator.py +903 -0
praisonai/api/call.py +292 -0
praisonai/auto.py +1197 -0
praisonai/capabilities/__init__.py +275 -0
praisonai/capabilities/a2a.py +140 -0
praisonai/capabilities/assistants.py +283 -0
praisonai/capabilities/audio.py +320 -0
praisonai/capabilities/batches.py +469 -0
praisonai/capabilities/completions.py +336 -0
praisonai/capabilities/container_files.py +155 -0
praisonai/capabilities/containers.py +93 -0
praisonai/capabilities/embeddings.py +158 -0
praisonai/capabilities/files.py +467 -0
praisonai/capabilities/fine_tuning.py +293 -0
praisonai/capabilities/guardrails.py +182 -0
praisonai/capabilities/images.py +330 -0
praisonai/capabilities/mcp.py +190 -0
praisonai/capabilities/messages.py +270 -0
praisonai/capabilities/moderations.py +154 -0
praisonai/capabilities/ocr.py +217 -0
praisonai/capabilities/passthrough.py +204 -0
praisonai/capabilities/rag.py +207 -0
praisonai/capabilities/realtime.py +160 -0
praisonai/capabilities/rerank.py +165 -0
praisonai/capabilities/responses.py +266 -0
praisonai/capabilities/search.py +109 -0
praisonai/capabilities/skills.py +133 -0
praisonai/capabilities/vector_store_files.py +334 -0
praisonai/capabilities/vector_stores.py +304 -0
praisonai/capabilities/videos.py +141 -0
praisonai/chainlit_ui.py +304 -0
praisonai/chat/__init__.py +106 -0
praisonai/chat/app.py +125 -0
praisonai/cli/__init__.py +26 -0
praisonai/cli/app.py +213 -0
praisonai/cli/commands/__init__.py +75 -0
praisonai/cli/commands/acp.py +70 -0
praisonai/cli/commands/completion.py +333 -0
praisonai/cli/commands/config.py +166 -0
praisonai/cli/commands/debug.py +142 -0
praisonai/cli/commands/diag.py +55 -0
praisonai/cli/commands/doctor.py +166 -0
praisonai/cli/commands/environment.py +179 -0
praisonai/cli/commands/lsp.py +112 -0
praisonai/cli/commands/mcp.py +210 -0
praisonai/cli/commands/profile.py +457 -0
praisonai/cli/commands/run.py +228 -0
praisonai/cli/commands/schedule.py +150 -0
praisonai/cli/commands/serve.py +97 -0
praisonai/cli/commands/session.py +212 -0
praisonai/cli/commands/traces.py +145 -0
praisonai/cli/commands/version.py +101 -0
praisonai/cli/configuration/__init__.py +18 -0
praisonai/cli/configuration/loader.py +353 -0
praisonai/cli/configuration/paths.py +114 -0
praisonai/cli/configuration/schema.py +164 -0
praisonai/cli/features/__init__.py +268 -0
praisonai/cli/features/acp.py +236 -0
praisonai/cli/features/action_orchestrator.py +546 -0
praisonai/cli/features/agent_scheduler.py +773 -0
praisonai/cli/features/agent_tools.py +474 -0
praisonai/cli/features/agents.py +375 -0
praisonai/cli/features/at_mentions.py +471 -0
praisonai/cli/features/auto_memory.py +182 -0
praisonai/cli/features/autonomy_mode.py +490 -0
praisonai/cli/features/background.py +356 -0
praisonai/cli/features/base.py +168 -0
praisonai/cli/features/capabilities.py +1326 -0
praisonai/cli/features/checkpoints.py +338 -0
praisonai/cli/features/code_intelligence.py +652 -0
praisonai/cli/features/compaction.py +294 -0
praisonai/cli/features/compare.py +534 -0
praisonai/cli/features/cost_tracker.py +514 -0
praisonai/cli/features/debug.py +810 -0
praisonai/cli/features/deploy.py +517 -0
praisonai/cli/features/diag.py +289 -0
praisonai/cli/features/doctor/__init__.py +63 -0
praisonai/cli/features/doctor/checks/__init__.py +24 -0
praisonai/cli/features/doctor/checks/acp_checks.py +240 -0
praisonai/cli/features/doctor/checks/config_checks.py +366 -0
praisonai/cli/features/doctor/checks/db_checks.py +366 -0
praisonai/cli/features/doctor/checks/env_checks.py +543 -0
praisonai/cli/features/doctor/checks/lsp_checks.py +199 -0
praisonai/cli/features/doctor/checks/mcp_checks.py +349 -0
praisonai/cli/features/doctor/checks/memory_checks.py +268 -0
praisonai/cli/features/doctor/checks/network_checks.py +251 -0
praisonai/cli/features/doctor/checks/obs_checks.py +328 -0
praisonai/cli/features/doctor/checks/performance_checks.py +235 -0
praisonai/cli/features/doctor/checks/permissions_checks.py +259 -0
praisonai/cli/features/doctor/checks/selftest_checks.py +322 -0
praisonai/cli/features/doctor/checks/serve_checks.py +426 -0
praisonai/cli/features/doctor/checks/skills_checks.py +231 -0
praisonai/cli/features/doctor/checks/tools_checks.py +371 -0
praisonai/cli/features/doctor/engine.py +266 -0
praisonai/cli/features/doctor/formatters.py +310 -0
praisonai/cli/features/doctor/handler.py +397 -0
praisonai/cli/features/doctor/models.py +264 -0
praisonai/cli/features/doctor/registry.py +239 -0
praisonai/cli/features/endpoints.py +1019 -0
praisonai/cli/features/eval.py +560 -0
praisonai/cli/features/external_agents.py +231 -0
praisonai/cli/features/fast_context.py +410 -0
praisonai/cli/features/flow_display.py +566 -0
praisonai/cli/features/git_integration.py +651 -0
praisonai/cli/features/guardrail.py +171 -0
praisonai/cli/features/handoff.py +185 -0
praisonai/cli/features/hooks.py +583 -0
praisonai/cli/features/image.py +384 -0
praisonai/cli/features/interactive_runtime.py +585 -0
praisonai/cli/features/interactive_tools.py +380 -0
praisonai/cli/features/interactive_tui.py +603 -0
praisonai/cli/features/jobs.py +632 -0
praisonai/cli/features/knowledge.py +531 -0
praisonai/cli/features/lite.py +244 -0
praisonai/cli/features/lsp_cli.py +225 -0
praisonai/cli/features/mcp.py +169 -0
praisonai/cli/features/message_queue.py +587 -0
praisonai/cli/features/metrics.py +211 -0
praisonai/cli/features/n8n.py +673 -0
praisonai/cli/features/observability.py +293 -0
praisonai/cli/features/ollama.py +361 -0
praisonai/cli/features/output_style.py +273 -0
praisonai/cli/features/package.py +631 -0
praisonai/cli/features/performance.py +308 -0
praisonai/cli/features/persistence.py +636 -0
praisonai/cli/features/profile.py +226 -0
praisonai/cli/features/profiler/__init__.py +81 -0
praisonai/cli/features/profiler/core.py +558 -0
praisonai/cli/features/profiler/optimizations.py +652 -0
praisonai/cli/features/profiler/suite.py +386 -0
praisonai/cli/features/profiling.py +350 -0
praisonai/cli/features/queue/__init__.py +73 -0
praisonai/cli/features/queue/manager.py +395 -0
praisonai/cli/features/queue/models.py +286 -0
praisonai/cli/features/queue/persistence.py +564 -0
praisonai/cli/features/queue/scheduler.py +484 -0
praisonai/cli/features/queue/worker.py +372 -0
praisonai/cli/features/recipe.py +1723 -0
praisonai/cli/features/recipes.py +449 -0
praisonai/cli/features/registry.py +229 -0
praisonai/cli/features/repo_map.py +860 -0
praisonai/cli/features/router.py +466 -0
praisonai/cli/features/sandbox_executor.py +515 -0
praisonai/cli/features/serve.py +829 -0
praisonai/cli/features/session.py +222 -0
praisonai/cli/features/skills.py +856 -0
praisonai/cli/features/slash_commands.py +650 -0
praisonai/cli/features/telemetry.py +179 -0
praisonai/cli/features/templates.py +1384 -0
praisonai/cli/features/thinking.py +305 -0
praisonai/cli/features/todo.py +334 -0
praisonai/cli/features/tools.py +680 -0
praisonai/cli/features/tui/__init__.py +83 -0
praisonai/cli/features/tui/app.py +580 -0
praisonai/cli/features/tui/cli.py +566 -0
praisonai/cli/features/tui/debug.py +511 -0
praisonai/cli/features/tui/events.py +99 -0
praisonai/cli/features/tui/mock_provider.py +328 -0
praisonai/cli/features/tui/orchestrator.py +652 -0
praisonai/cli/features/tui/screens/__init__.py +50 -0
praisonai/cli/features/tui/screens/main.py +245 -0
praisonai/cli/features/tui/screens/queue.py +174 -0
praisonai/cli/features/tui/screens/session.py +124 -0
praisonai/cli/features/tui/screens/settings.py +148 -0
praisonai/cli/features/tui/widgets/__init__.py +56 -0
praisonai/cli/features/tui/widgets/chat.py +261 -0
praisonai/cli/features/tui/widgets/composer.py +224 -0
praisonai/cli/features/tui/widgets/queue_panel.py +200 -0
praisonai/cli/features/tui/widgets/status.py +167 -0
praisonai/cli/features/tui/widgets/tool_panel.py +248 -0
praisonai/cli/features/workflow.py +720 -0
praisonai/cli/legacy.py +236 -0
praisonai/cli/main.py +5559 -0
praisonai/cli/schedule_cli.py +54 -0
praisonai/cli/state/__init__.py +31 -0
praisonai/cli/state/identifiers.py +161 -0
praisonai/cli/state/sessions.py +313 -0
praisonai/code/__init__.py +93 -0
praisonai/code/agent_tools.py +344 -0
praisonai/code/diff/__init__.py +21 -0
praisonai/code/diff/diff_strategy.py +432 -0
praisonai/code/tools/__init__.py +27 -0
praisonai/code/tools/apply_diff.py +221 -0
praisonai/code/tools/execute_command.py +275 -0
praisonai/code/tools/list_files.py +274 -0
praisonai/code/tools/read_file.py +206 -0
praisonai/code/tools/search_replace.py +248 -0
praisonai/code/tools/write_file.py +217 -0
praisonai/code/utils/__init__.py +46 -0
praisonai/code/utils/file_utils.py +307 -0
praisonai/code/utils/ignore_utils.py +308 -0
praisonai/code/utils/text_utils.py +276 -0
praisonai/db/__init__.py +64 -0
praisonai/db/adapter.py +531 -0
praisonai/deploy/__init__.py +62 -0
praisonai/deploy/api.py +231 -0
praisonai/deploy/docker.py +454 -0
praisonai/deploy/doctor.py +367 -0
praisonai/deploy/main.py +327 -0
praisonai/deploy/models.py +179 -0
praisonai/deploy/providers/__init__.py +33 -0
praisonai/deploy/providers/aws.py +331 -0
praisonai/deploy/providers/azure.py +358 -0
praisonai/deploy/providers/base.py +101 -0
praisonai/deploy/providers/gcp.py +314 -0
praisonai/deploy/schema.py +208 -0
praisonai/deploy.py +185 -0
praisonai/endpoints/__init__.py +53 -0
praisonai/endpoints/a2u_server.py +410 -0
praisonai/endpoints/discovery.py +165 -0
praisonai/endpoints/providers/__init__.py +28 -0
praisonai/endpoints/providers/a2a.py +253 -0
praisonai/endpoints/providers/a2u.py +208 -0
praisonai/endpoints/providers/agents_api.py +171 -0
praisonai/endpoints/providers/base.py +231 -0
praisonai/endpoints/providers/mcp.py +263 -0
praisonai/endpoints/providers/recipe.py +206 -0
praisonai/endpoints/providers/tools_mcp.py +150 -0
praisonai/endpoints/registry.py +131 -0
praisonai/endpoints/server.py +161 -0
praisonai/inbuilt_tools/__init__.py +24 -0
praisonai/inbuilt_tools/autogen_tools.py +117 -0
praisonai/inc/__init__.py +2 -0
praisonai/inc/config.py +96 -0
praisonai/inc/models.py +155 -0
praisonai/integrations/__init__.py +56 -0
praisonai/integrations/base.py +303 -0
praisonai/integrations/claude_code.py +270 -0
praisonai/integrations/codex_cli.py +255 -0
praisonai/integrations/cursor_cli.py +195 -0
praisonai/integrations/gemini_cli.py +222 -0
praisonai/jobs/__init__.py +67 -0
praisonai/jobs/executor.py +425 -0
praisonai/jobs/models.py +230 -0
praisonai/jobs/router.py +314 -0
praisonai/jobs/server.py +186 -0
praisonai/jobs/store.py +203 -0
praisonai/llm/__init__.py +66 -0
praisonai/llm/registry.py +382 -0
praisonai/mcp_server/__init__.py +152 -0
praisonai/mcp_server/adapters/__init__.py +74 -0
praisonai/mcp_server/adapters/agents.py +128 -0
praisonai/mcp_server/adapters/capabilities.py +168 -0
praisonai/mcp_server/adapters/cli_tools.py +568 -0
praisonai/mcp_server/adapters/extended_capabilities.py +462 -0
praisonai/mcp_server/adapters/knowledge.py +93 -0
praisonai/mcp_server/adapters/memory.py +104 -0
praisonai/mcp_server/adapters/prompts.py +306 -0
praisonai/mcp_server/adapters/resources.py +124 -0
praisonai/mcp_server/adapters/tools_bridge.py +280 -0
praisonai/mcp_server/auth/__init__.py +48 -0
praisonai/mcp_server/auth/api_key.py +291 -0
praisonai/mcp_server/auth/oauth.py +460 -0
praisonai/mcp_server/auth/oidc.py +289 -0
praisonai/mcp_server/auth/scopes.py +260 -0
praisonai/mcp_server/cli.py +852 -0
praisonai/mcp_server/elicitation.py +445 -0
praisonai/mcp_server/icons.py +302 -0
praisonai/mcp_server/recipe_adapter.py +573 -0
praisonai/mcp_server/recipe_cli.py +824 -0
praisonai/mcp_server/registry.py +703 -0
praisonai/mcp_server/sampling.py +422 -0
praisonai/mcp_server/server.py +490 -0
praisonai/mcp_server/tasks.py +443 -0
praisonai/mcp_server/transports/__init__.py +18 -0
praisonai/mcp_server/transports/http_stream.py +376 -0
praisonai/mcp_server/transports/stdio.py +132 -0
praisonai/persistence/__init__.py +84 -0
praisonai/persistence/config.py +238 -0
praisonai/persistence/conversation/__init__.py +25 -0
praisonai/persistence/conversation/async_mysql.py +427 -0
praisonai/persistence/conversation/async_postgres.py +410 -0
praisonai/persistence/conversation/async_sqlite.py +371 -0
praisonai/persistence/conversation/base.py +151 -0
praisonai/persistence/conversation/json_store.py +250 -0
praisonai/persistence/conversation/mysql.py +387 -0
praisonai/persistence/conversation/postgres.py +401 -0
praisonai/persistence/conversation/singlestore.py +240 -0
praisonai/persistence/conversation/sqlite.py +341 -0
praisonai/persistence/conversation/supabase.py +203 -0
praisonai/persistence/conversation/surrealdb.py +287 -0
praisonai/persistence/factory.py +301 -0
praisonai/persistence/hooks/__init__.py +18 -0
praisonai/persistence/hooks/agent_hooks.py +297 -0
praisonai/persistence/knowledge/__init__.py +26 -0
praisonai/persistence/knowledge/base.py +144 -0
praisonai/persistence/knowledge/cassandra.py +232 -0
praisonai/persistence/knowledge/chroma.py +295 -0
praisonai/persistence/knowledge/clickhouse.py +242 -0
praisonai/persistence/knowledge/cosmosdb_vector.py +438 -0
praisonai/persistence/knowledge/couchbase.py +286 -0
praisonai/persistence/knowledge/lancedb.py +216 -0
praisonai/persistence/knowledge/langchain_adapter.py +291 -0
praisonai/persistence/knowledge/lightrag_adapter.py +212 -0
praisonai/persistence/knowledge/llamaindex_adapter.py +256 -0
praisonai/persistence/knowledge/milvus.py +277 -0
praisonai/persistence/knowledge/mongodb_vector.py +306 -0
praisonai/persistence/knowledge/pgvector.py +335 -0
praisonai/persistence/knowledge/pinecone.py +253 -0
praisonai/persistence/knowledge/qdrant.py +301 -0
praisonai/persistence/knowledge/redis_vector.py +291 -0
praisonai/persistence/knowledge/singlestore_vector.py +299 -0
praisonai/persistence/knowledge/surrealdb_vector.py +309 -0
praisonai/persistence/knowledge/upstash_vector.py +266 -0
praisonai/persistence/knowledge/weaviate.py +223 -0
praisonai/persistence/migrations/__init__.py +10 -0
praisonai/persistence/migrations/manager.py +251 -0
praisonai/persistence/orchestrator.py +406 -0
praisonai/persistence/state/__init__.py +21 -0
praisonai/persistence/state/async_mongodb.py +200 -0
praisonai/persistence/state/base.py +107 -0
praisonai/persistence/state/dynamodb.py +226 -0
praisonai/persistence/state/firestore.py +175 -0
praisonai/persistence/state/gcs.py +155 -0
praisonai/persistence/state/memory.py +245 -0
praisonai/persistence/state/mongodb.py +158 -0
praisonai/persistence/state/redis.py +190 -0
praisonai/persistence/state/upstash.py +144 -0
praisonai/persistence/tests/__init__.py +3 -0
praisonai/persistence/tests/test_all_backends.py +633 -0
praisonai/profiler.py +1214 -0
praisonai/recipe/__init__.py +134 -0
praisonai/recipe/bridge.py +278 -0
praisonai/recipe/core.py +893 -0
praisonai/recipe/exceptions.py +54 -0
praisonai/recipe/history.py +402 -0
praisonai/recipe/models.py +266 -0
praisonai/recipe/operations.py +440 -0
praisonai/recipe/policy.py +422 -0
praisonai/recipe/registry.py +849 -0
praisonai/recipe/runtime.py +214 -0
praisonai/recipe/security.py +711 -0
praisonai/recipe/serve.py +859 -0
praisonai/recipe/server.py +613 -0
praisonai/scheduler/__init__.py +45 -0
praisonai/scheduler/agent_scheduler.py +552 -0
praisonai/scheduler/base.py +124 -0
praisonai/scheduler/daemon_manager.py +225 -0
praisonai/scheduler/state_manager.py +155 -0
praisonai/scheduler/yaml_loader.py +193 -0
praisonai/scheduler.py +194 -0
praisonai/setup/__init__.py +1 -0
praisonai/setup/build.py +21 -0
praisonai/setup/post_install.py +23 -0
praisonai/setup/setup_conda_env.py +25 -0
praisonai/setup.py +16 -0
praisonai/templates/__init__.py +116 -0
praisonai/templates/cache.py +364 -0
praisonai/templates/dependency_checker.py +358 -0
praisonai/templates/discovery.py +391 -0
praisonai/templates/loader.py +564 -0
praisonai/templates/registry.py +511 -0
praisonai/templates/resolver.py +206 -0
praisonai/templates/security.py +327 -0
praisonai/templates/tool_override.py +498 -0
praisonai/templates/tools_doctor.py +256 -0
praisonai/test.py +105 -0
praisonai/train.py +562 -0
praisonai/train_vision.py +306 -0
praisonai/ui/agents.py +824 -0
praisonai/ui/callbacks.py +57 -0
praisonai/ui/chainlit_compat.py +246 -0
praisonai/ui/chat.py +532 -0
praisonai/ui/code.py +717 -0
praisonai/ui/colab.py +474 -0
praisonai/ui/colab_chainlit.py +81 -0
praisonai/ui/components/aicoder.py +284 -0
praisonai/ui/context.py +283 -0
praisonai/ui/database_config.py +56 -0
praisonai/ui/db.py +294 -0
praisonai/ui/realtime.py +488 -0
praisonai/ui/realtimeclient/__init__.py +756 -0
praisonai/ui/realtimeclient/tools.py +242 -0
praisonai/ui/sql_alchemy.py +710 -0
praisonai/upload_vision.py +140 -0
praisonai/version.py +1 -0
praisonai-3.0.0.dist-info/METADATA +3493 -0
praisonai-3.0.0.dist-info/RECORD +393 -0
praisonai-3.0.0.dist-info/WHEEL +5 -0
praisonai-3.0.0.dist-info/entry_points.txt +4 -0
praisonai-3.0.0.dist-info/top_level.txt +1 -0

praisonai/mcp_server/auth/oidc.py ADDED Viewed

@@ -0,0 +1,289 @@
+"""
+OpenID Connect Discovery Implementation
+Implements OpenID Connect Discovery 1.0 per MCP 2025-11-25 specification.
+Based on:
+- OpenID Connect Discovery 1.0
+- OAuth 2.0 Authorization Server Metadata (RFC8414)
+"""
+import logging
+import time
+from dataclasses import dataclass, field
+from typing import Any, Dict, List, Optional
+logger = logging.getLogger(__name__)
+@dataclass
+class OIDCConfig:
+    """OpenID Connect configuration."""
+    # Required endpoints
+    issuer: str
+    authorization_endpoint: str
+    token_endpoint: str
+    # Optional endpoints
+    userinfo_endpoint: Optional[str] = None
+    jwks_uri: Optional[str] = None
+    registration_endpoint: Optional[str] = None
+    revocation_endpoint: Optional[str] = None
+    introspection_endpoint: Optional[str] = None
+    end_session_endpoint: Optional[str] = None
+    # Supported features
+    scopes_supported: List[str] = field(default_factory=list)
+    response_types_supported: List[str] = field(default_factory=list)
+    grant_types_supported: List[str] = field(default_factory=list)
+    subject_types_supported: List[str] = field(default_factory=list)
+    id_token_signing_alg_values_supported: List[str] = field(default_factory=list)
+    token_endpoint_auth_methods_supported: List[str] = field(default_factory=list)
+    claims_supported: List[str] = field(default_factory=list)
+    code_challenge_methods_supported: List[str] = field(default_factory=list)
+    # Cache metadata
+    _fetched_at: Optional[float] = None
+    def to_dict(self) -> Dict[str, Any]:
+        return {
+            "issuer": self.issuer,
+            "authorization_endpoint": self.authorization_endpoint,
+            "token_endpoint": self.token_endpoint,
+            "userinfo_endpoint": self.userinfo_endpoint,
+            "jwks_uri": self.jwks_uri,
+            "scopes_supported": self.scopes_supported,
+            "response_types_supported": self.response_types_supported,
+            "grant_types_supported": self.grant_types_supported,
+            "token_endpoint_auth_methods_supported": self.token_endpoint_auth_methods_supported,
+            "code_challenge_methods_supported": self.code_challenge_methods_supported,
+        }
+    @classmethod
+    def from_dict(cls, data: Dict[str, Any]) -> "OIDCConfig":
+        return cls(
+            issuer=data["issuer"],
+            authorization_endpoint=data["authorization_endpoint"],
+            token_endpoint=data["token_endpoint"],
+            userinfo_endpoint=data.get("userinfo_endpoint"),
+            jwks_uri=data.get("jwks_uri"),
+            registration_endpoint=data.get("registration_endpoint"),
+            revocation_endpoint=data.get("revocation_endpoint"),
+            introspection_endpoint=data.get("introspection_endpoint"),
+            end_session_endpoint=data.get("end_session_endpoint"),
+            scopes_supported=data.get("scopes_supported", []),
+            response_types_supported=data.get("response_types_supported", []),
+            grant_types_supported=data.get("grant_types_supported", []),
+            subject_types_supported=data.get("subject_types_supported", []),
+            id_token_signing_alg_values_supported=data.get("id_token_signing_alg_values_supported", []),
+            token_endpoint_auth_methods_supported=data.get("token_endpoint_auth_methods_supported", []),
+            claims_supported=data.get("claims_supported", []),
+            code_challenge_methods_supported=data.get("code_challenge_methods_supported", []),
+            _fetched_at=time.time(),
+        )
+class OIDCDiscovery:
+    """
+    OpenID Connect Discovery client.
+    Fetches and caches OIDC configuration from well-known endpoints.
+    """
+    def __init__(
+        self,
+        cache_ttl: int = 3600,
+    ):
+        """
+        Initialize OIDC discovery client.
+        Args:
+            cache_ttl: Cache TTL in seconds
+        """
+        self._cache: Dict[str, OIDCConfig] = {}
+        self._cache_ttl = cache_ttl
+    async def discover(self, issuer: str, force_refresh: bool = False) -> OIDCConfig:
+        """
+        Discover OIDC configuration for an issuer.
+        Args:
+            issuer: Issuer URL
+            force_refresh: Force cache refresh
+        Returns:
+            OIDCConfig instance
+        """
+        # Check cache
+        if not force_refresh and issuer in self._cache:
+            config = self._cache[issuer]
+            if config._fetched_at and time.time() - config._fetched_at < self._cache_ttl:
+                return config
+        # Fetch configuration
+        config = await self._fetch_config(issuer)
+        self._cache[issuer] = config
+        return config
+    async def _fetch_config(self, issuer: str) -> OIDCConfig:
+        """Fetch OIDC configuration from well-known endpoint."""
+        try:
+            import httpx
+        except ImportError:
+            raise ImportError("httpx required for OIDC discovery. Install with: pip install httpx")
+        # Build well-known URL
+        discovery_url = f"{issuer.rstrip('/')}/.well-known/openid-configuration"
+        async with httpx.AsyncClient() as client:
+            response = await client.get(discovery_url, follow_redirects=True)
+            response.raise_for_status()
+            data = response.json()
+            # Validate issuer matches
+            if data.get("issuer") != issuer and data.get("issuer") != issuer.rstrip("/"):
+                logger.warning(f"Issuer mismatch: expected {issuer}, got {data.get('issuer')}")
+            return OIDCConfig.from_dict(data)
+    def get_cached(self, issuer: str) -> Optional[OIDCConfig]:
+        """Get cached configuration without fetching."""
+        return self._cache.get(issuer)
+    def clear_cache(self, issuer: Optional[str] = None) -> None:
+        """Clear cached configurations."""
+        if issuer:
+            if issuer in self._cache:
+                del self._cache[issuer]
+        else:
+            self._cache.clear()
+@dataclass
+class ClientMetadata:
+    """
+    OAuth Client ID Metadata Document.
+    Per draft-ietf-oauth-client-id-metadata-document-00
+    """
+    client_id: str
+    client_name: Optional[str] = None
+    client_uri: Optional[str] = None
+    logo_uri: Optional[str] = None
+    contacts: List[str] = field(default_factory=list)
+    tos_uri: Optional[str] = None
+    policy_uri: Optional[str] = None
+    # Redirect URIs
+    redirect_uris: List[str] = field(default_factory=list)
+    # Grant types
+    grant_types: List[str] = field(default_factory=lambda: ["authorization_code"])
+    response_types: List[str] = field(default_factory=lambda: ["code"])
+    # Token endpoint auth
+    token_endpoint_auth_method: str = "client_secret_basic"
+    # Scopes
+    scope: Optional[str] = None
+    # Software statement
+    software_id: Optional[str] = None
+    software_version: Optional[str] = None
+    def to_dict(self) -> Dict[str, Any]:
+        result = {"client_id": self.client_id}
+        if self.client_name:
+            result["client_name"] = self.client_name
+        if self.client_uri:
+            result["client_uri"] = self.client_uri
+        if self.logo_uri:
+            result["logo_uri"] = self.logo_uri
+        if self.contacts:
+            result["contacts"] = self.contacts
+        if self.redirect_uris:
+            result["redirect_uris"] = self.redirect_uris
+        if self.grant_types:
+            result["grant_types"] = self.grant_types
+        if self.response_types:
+            result["response_types"] = self.response_types
+        if self.token_endpoint_auth_method:
+            result["token_endpoint_auth_method"] = self.token_endpoint_auth_method
+        if self.scope:
+            result["scope"] = self.scope
+        return result
+    @classmethod
+    def from_dict(cls, data: Dict[str, Any]) -> "ClientMetadata":
+        return cls(
+            client_id=data["client_id"],
+            client_name=data.get("client_name"),
+            client_uri=data.get("client_uri"),
+            logo_uri=data.get("logo_uri"),
+            contacts=data.get("contacts", []),
+            tos_uri=data.get("tos_uri"),
+            policy_uri=data.get("policy_uri"),
+            redirect_uris=data.get("redirect_uris", []),
+            grant_types=data.get("grant_types", ["authorization_code"]),
+            response_types=data.get("response_types", ["code"]),
+            token_endpoint_auth_method=data.get("token_endpoint_auth_method", "client_secret_basic"),
+            scope=data.get("scope"),
+            software_id=data.get("software_id"),
+            software_version=data.get("software_version"),
+        )
+async def fetch_client_metadata(client_id_url: str) -> ClientMetadata:
+    """
+    Fetch OAuth Client ID Metadata Document.
+    Per draft-ietf-oauth-client-id-metadata-document-00
+    Args:
+        client_id_url: URL of the client ID metadata document
+    Returns:
+        ClientMetadata instance
+    """
+    try:
+        import httpx
+    except ImportError:
+        raise ImportError("httpx required for client metadata. Install with: pip install httpx")
+    async with httpx.AsyncClient() as client:
+        response = await client.get(client_id_url, follow_redirects=True)
+        response.raise_for_status()
+        data = response.json()
+        return ClientMetadata.from_dict(data)
+async def fetch_protected_resource_metadata(resource_url: str) -> Dict[str, Any]:
+    """
+    Fetch OAuth 2.0 Protected Resource Metadata.
+    Per RFC 9728
+    Args:
+        resource_url: URL of the protected resource
+    Returns:
+        Metadata dictionary
+    """
+    try:
+        import httpx
+    except ImportError:
+        raise ImportError("httpx required for resource metadata. Install with: pip install httpx")
+    # Build well-known URL
+    metadata_url = f"{resource_url.rstrip('/')}/.well-known/oauth-protected-resource"
+    async with httpx.AsyncClient() as client:
+        response = await client.get(metadata_url, follow_redirects=True)
+        response.raise_for_status()
+        return response.json()

praisonai/mcp_server/auth/scopes.py ADDED Viewed

@@ -0,0 +1,260 @@
+"""
+MCP Scope Management
+Implements incremental scope handling per MCP 2025-11-25 specification.
+Features:
+- Scope validation and enforcement
+- WWW-Authenticate challenges for scope escalation
+- Scope hierarchy support
+"""
+import logging
+from dataclasses import dataclass
+from typing import Any, Dict, List, Optional, Set
+logger = logging.getLogger(__name__)
+# Standard MCP scopes
+MCP_SCOPES = {
+    "tools:read": "Read tool definitions",
+    "tools:call": "Execute tools",
+    "resources:read": "Read resources",
+    "resources:subscribe": "Subscribe to resource changes",
+    "prompts:read": "Read prompts",
+    "prompts:execute": "Execute prompts",
+    "sampling:create": "Create sampling requests",
+    "tasks:read": "Read tasks",
+    "tasks:write": "Create and manage tasks",
+    "admin": "Administrative access",
+}
+@dataclass
+class ScopeChallenge:
+    """
+    Scope challenge for incremental consent.
+    Used when an operation requires additional scopes.
+    """
+    required_scopes: List[str]
+    granted_scopes: List[str]
+    missing_scopes: List[str]
+    error: str = "insufficient_scope"
+    error_description: Optional[str] = None
+    def to_www_authenticate(self, realm: Optional[str] = None) -> str:
+        """Generate WWW-Authenticate header value."""
+        parts = ["Bearer"]
+        params = []
+        if realm:
+            params.append(f'realm="{realm}"')
+        if self.missing_scopes:
+            params.append(f'scope="{" ".join(self.missing_scopes)}"')
+        params.append(f'error="{self.error}"')
+        if self.error_description:
+            params.append(f'error_description="{self.error_description}"')
+        if params:
+            parts.append(", ".join(params))
+        return " ".join(parts)
+    def to_dict(self) -> Dict[str, Any]:
+        return {
+            "required_scopes": self.required_scopes,
+            "granted_scopes": self.granted_scopes,
+            "missing_scopes": self.missing_scopes,
+            "error": self.error,
+            "error_description": self.error_description,
+        }
+class ScopeManager:
+    """
+    MCP Scope Manager.
+    Handles scope validation, enforcement, and incremental consent.
+    """
+    def __init__(
+        self,
+        available_scopes: Optional[Dict[str, str]] = None,
+        scope_hierarchy: Optional[Dict[str, List[str]]] = None,
+    ):
+        """
+        Initialize scope manager.
+        Args:
+            available_scopes: Available scopes with descriptions
+            scope_hierarchy: Scope hierarchy (parent -> children)
+        """
+        self._available_scopes = available_scopes or MCP_SCOPES.copy()
+        self._scope_hierarchy = scope_hierarchy or {
+            "admin": list(MCP_SCOPES.keys()),
+            "tools:call": ["tools:read"],
+            "resources:subscribe": ["resources:read"],
+            "tasks:write": ["tasks:read"],
+        }
+    def expand_scopes(self, scopes: List[str]) -> Set[str]:
+        """
+        Expand scopes based on hierarchy.
+        Args:
+            scopes: List of scopes
+        Returns:
+            Expanded set of scopes
+        """
+        expanded = set(scopes)
+        for scope in scopes:
+            if scope in self._scope_hierarchy:
+                expanded.update(self._scope_hierarchy[scope])
+        return expanded
+    def validate_scopes(
+        self,
+        required: List[str],
+        granted: List[str],
+    ) -> tuple[bool, Optional[ScopeChallenge]]:
+        """
+        Validate that granted scopes satisfy requirements.
+        Args:
+            required: Required scopes
+            granted: Granted scopes
+        Returns:
+            Tuple of (is_valid, challenge)
+        """
+        # Expand granted scopes
+        expanded_granted = self.expand_scopes(granted)
+        # Check each required scope
+        missing = []
+        for scope in required:
+            if scope not in expanded_granted:
+                missing.append(scope)
+        if missing:
+            return False, ScopeChallenge(
+                required_scopes=required,
+                granted_scopes=granted,
+                missing_scopes=missing,
+                error_description=f"Missing required scopes: {', '.join(missing)}",
+            )
+        return True, None
+    def check_scope(
+        self,
+        scope: str,
+        granted: List[str],
+    ) -> bool:
+        """
+        Check if a single scope is granted.
+        Args:
+            scope: Required scope
+            granted: Granted scopes
+        Returns:
+            True if scope is granted
+        """
+        expanded = self.expand_scopes(granted)
+        return scope in expanded
+    def get_scope_description(self, scope: str) -> Optional[str]:
+        """Get description for a scope."""
+        return self._available_scopes.get(scope)
+    def list_available_scopes(self) -> Dict[str, str]:
+        """List all available scopes with descriptions."""
+        return self._available_scopes.copy()
+    def add_scope(self, scope: str, description: str) -> None:
+        """Add a custom scope."""
+        self._available_scopes[scope] = description
+    def add_hierarchy(self, parent: str, children: List[str]) -> None:
+        """Add scope hierarchy."""
+        if parent in self._scope_hierarchy:
+            self._scope_hierarchy[parent].extend(children)
+        else:
+            self._scope_hierarchy[parent] = children
+@dataclass
+class ScopeRequirement:
+    """Scope requirement for an operation."""
+    scopes: List[str]
+    any_of: bool = False  # If True, any scope is sufficient
+    description: Optional[str] = None
+    def check(self, granted: List[str], manager: ScopeManager) -> tuple[bool, Optional[ScopeChallenge]]:
+        """Check if requirement is satisfied."""
+        if self.any_of:
+            # Any scope is sufficient
+            for scope in self.scopes:
+                if manager.check_scope(scope, granted):
+                    return True, None
+            return False, ScopeChallenge(
+                required_scopes=self.scopes,
+                granted_scopes=granted,
+                missing_scopes=self.scopes,
+                error_description=f"Requires one of: {', '.join(self.scopes)}",
+            )
+        else:
+            # All scopes required
+            return manager.validate_scopes(self.scopes, granted)
+# Operation to scope mapping
+OPERATION_SCOPES: Dict[str, ScopeRequirement] = {
+    "tools/list": ScopeRequirement(["tools:read"]),
+    "tools/call": ScopeRequirement(["tools:call"]),
+    "resources/list": ScopeRequirement(["resources:read"]),
+    "resources/read": ScopeRequirement(["resources:read"]),
+    "resources/subscribe": ScopeRequirement(["resources:subscribe"]),
+    "prompts/list": ScopeRequirement(["prompts:read"]),
+    "prompts/get": ScopeRequirement(["prompts:read"]),
+    "sampling/createMessage": ScopeRequirement(["sampling:create"]),
+    "tasks/create": ScopeRequirement(["tasks:write"]),
+    "tasks/get": ScopeRequirement(["tasks:read"]),
+    "tasks/list": ScopeRequirement(["tasks:read"]),
+    "tasks/cancel": ScopeRequirement(["tasks:write"]),
+}
+def get_operation_scopes(operation: str) -> Optional[ScopeRequirement]:
+    """Get scope requirement for an operation."""
+    return OPERATION_SCOPES.get(operation)
+def require_scope(*scopes: str, any_of: bool = False):
+    """
+    Decorator to require scopes for a function.
+    Args:
+        scopes: Required scopes
+        any_of: If True, any scope is sufficient
+    Returns:
+        Decorator function
+    """
+    requirement = ScopeRequirement(list(scopes), any_of=any_of)
+    def decorator(func):
+        func._scope_requirement = requirement
+        return func
+    return decorator