golf-mcp 0.1.8__tar.gz → 0.1.10__tar.gz

{golf_mcp-0.1.8/src/golf_mcp.egg-info → golf_mcp-0.1.10}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: golf-mcp
-Version: 0.1.8
+Version: 0.1.10
 Summary: Framework for building MCP servers
 Author-email: Antoni Gmitruk <antoni@golf.dev>
 License-Expression: Apache-2.0

{golf_mcp-0.1.8 → golf_mcp-0.1.10}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "golf-mcp"
-version = "0.1.8"
+version = "0.1.10"
 description = "Framework for building MCP servers"
 authors = [
     {name = "Antoni Gmitruk", email = "antoni@golf.dev"}
@@ -64,7 +64,7 @@ golf = ["examples/**/*"]
 
 [tool.poetry]
 name = "golf-mcp"
-version = "0.1.8"
+version = "0.1.10"
 description = "Framework for building MCP servers with zero boilerplate"
 authors = ["Antoni Gmitruk <antoni@golf.dev>"]
 license = "Apache-2.0"

golf_mcp-0.1.10/src/golf/__init__.py

@@ -0,0 +1 @@
+__version__ = "0.1.10"

{golf_mcp-0.1.8 → golf_mcp-0.1.10}/src/golf/auth/__init__.py

@@ -11,7 +11,7 @@ from mcp.server.auth.settings import AuthSettings, ClientRegistrationOptions
 
 from .provider import ProviderConfig
 from .oauth import GolfOAuthProvider, create_callback_handler
-from .helpers import get_access_token, get_provider_token, extract_token_from_header, get_api_key, set_api_key
+from .helpers import get_access_token, get_provider_token, extract_token_from_header, get_api_key, set_api_key, debug_api_key_context
 from .api_key import configure_api_key, get_api_key_config, is_api_key_configured
 
 class AuthConfig:

golf_mcp-0.1.10/src/golf/auth/helpers.py

@@ -0,0 +1,207 @@
+"""Helper functions for working with authentication in MCP context."""
+
+from typing import Optional, Dict, Any
+from contextvars import ContextVar
+
+# Re-export get_access_token from the MCP SDK
+from mcp.server.auth.middleware.auth_context import get_access_token
+
+from .oauth import GolfOAuthProvider
+
+# Context variable to store the active OAuth provider
+_active_golf_oauth_provider: Optional[GolfOAuthProvider] = None
+
+# Context variable to store the current request's API key
+_current_api_key: ContextVar[Optional[str]] = ContextVar('current_api_key', default=None)
+
+def _set_active_golf_oauth_provider(provider: GolfOAuthProvider) -> None:
+    """
+    Sets the active GolfOAuthProvider instance.
+    Should only be called once during server startup.
+    """
+    global _active_golf_oauth_provider
+    _active_golf_oauth_provider = provider
+
+def get_provider_token() -> Optional[str]:
+    """
+    Get a provider token (e.g., GitHub token) associated with the current
+    MCP session's access token.
+
+    This relies on _set_active_golf_oauth_provider being called at server startup.
+    """
+    mcp_access_token = get_access_token() # From MCP SDK, uses its own ContextVar
+    if not mcp_access_token:
+        # No active MCP session token.
+        return None
+
+    provider = _active_golf_oauth_provider
+    if not provider:
+        return None
+    
+    if not hasattr(provider, "get_provider_token"):
+        return None
+
+    # Call the get_provider_token method on the actual GolfOAuthProvider instance
+    return provider.get_provider_token(mcp_access_token.token)
+
+def extract_token_from_header(auth_header: str) -> Optional[str]:
+    """Extract bearer token from Authorization header.
+
+    Args:
+        auth_header: Authorization header value
+
+    Returns:
+        Bearer token or None if not present/valid
+    """
+    if not auth_header:
+        return None
+
+    parts = auth_header.split()
+    if len(parts) != 2 or parts[0].lower() != 'bearer':
+        return None
+
+    return parts[1]
+
+def set_api_key(api_key: Optional[str]) -> None:
+    """Set the API key for the current request context.
+    
+    This is an internal function used by the middleware.
+    
+    Args:
+        api_key: The API key to store in the context
+    """
+    _current_api_key.set(api_key)
+
+def get_api_key() -> Optional[str]:
+    """Get the API key from the current request context.
+    
+    This function should be used in tools to retrieve the API key
+    that was sent in the request headers.
+    
+    Returns:
+        The API key if available, None otherwise
+        
+    Example:
+        # In a tool file
+        from golf.auth import get_api_key
+        
+        async def call_api():
+            api_key = get_api_key()
+            if not api_key:
+                return {"error": "No API key provided"}
+            
+            # Use the API key in your request
+            headers = {"Authorization": f"Bearer {api_key}"}
+            ...
+    """
+    # Try to get directly from HTTP request if available (FastMCP pattern)
+    try:
+        # This follows the FastMCP pattern for accessing HTTP requests
+        from fastmcp.server.dependencies import get_http_request
+        request = get_http_request()
+        
+        if request and hasattr(request, 'state') and hasattr(request.state, 'api_key'):
+            api_key = request.state.api_key
+            return api_key
+        
+        # Get the API key configuration
+        from golf.auth.api_key import get_api_key_config
+        api_key_config = get_api_key_config()
+        
+        if api_key_config and request:
+            # Extract API key from headers
+            header_name = api_key_config.header_name
+            header_prefix = api_key_config.header_prefix
+            
+            # Case-insensitive header lookup
+            api_key = None
+            for k, v in request.headers.items():
+                if k.lower() == header_name.lower():
+                    api_key = v
+                    break
+            
+            # Strip prefix if configured
+            if api_key and header_prefix and api_key.startswith(header_prefix):
+                api_key = api_key[len(header_prefix):]
+            
+            if api_key:
+                return api_key
+    except (ImportError, RuntimeError) as e:
+        # FastMCP not available or not in HTTP context
+        pass
+    except Exception as e:
+        pass
+    
+    # Final fallback: environment variable (for development/testing)
+    import os
+    env_api_key = os.environ.get('API_KEY')
+    if env_api_key:
+        return env_api_key
+    
+    return None
+
+def get_api_key_from_request(request) -> Optional[str]:
+    """Get the API key from a specific request object.
+    
+    This is useful when you have direct access to the request object.
+    
+    Args:
+        request: The Starlette Request object
+        
+    Returns:
+        The API key if available, None otherwise
+    """
+    # Check request state first (set by our middleware)
+    if hasattr(request, 'state') and hasattr(request.state, 'api_key'):
+        return request.state.api_key
+    
+    # Fall back to context variable
+    return _current_api_key.get()
+
+def debug_api_key_context() -> Dict[str, Any]:
+    """Debug function to inspect API key context.
+    
+    Returns a dictionary with debugging information about the current
+    API key context. Useful for troubleshooting authentication issues.
+    
+    Returns:
+        Dictionary with debug information
+    """
+    import asyncio
+    import sys
+    import os
+    
+    debug_info = {
+        "context_var_value": _current_api_key.get(),
+        "has_async_task": False,
+        "task_id": None,
+        "main_module_has_storage": False,
+        "main_module_has_context": False,
+        "request_id_from_context": None,
+        "env_vars": {
+            "API_KEY": bool(os.environ.get('API_KEY')),
+            "GOLF_API_KEY_DEBUG": os.environ.get('GOLF_API_KEY_DEBUG', 'false')
+        }
+    }
+    
+    try:
+        task = asyncio.current_task()
+        if task:
+            debug_info["has_async_task"] = True
+            debug_info["task_id"] = id(task)
+    except:
+        pass
+    
+    try:
+        main_module = sys.modules.get('__main__')
+        if main_module:
+            debug_info["main_module_has_storage"] = hasattr(main_module, 'api_key_storage')
+            debug_info["main_module_has_context"] = hasattr(main_module, 'request_id_context')
+            
+            if hasattr(main_module, 'request_id_context'):
+                request_id_context = getattr(main_module, 'request_id_context')
+                debug_info["request_id_from_context"] = request_id_context.get()
+    except:
+        pass
+    
+    return debug_info 

{golf_mcp-0.1.8 → golf_mcp-0.1.10}/src/golf/core/builder.py

@@ -20,6 +20,7 @@ from golf.core.parser import (
 from golf.core.transformer import transform_component
 from golf.core.builder_auth import generate_auth_code, generate_auth_routes
 from golf.auth import get_auth_config
+from golf.auth.api_key import get_api_key_config
 from golf.core.builder_telemetry import (
     generate_telemetry_imports,
     get_otel_dependencies
@@ -548,8 +549,7 @@ class CodeGenerator:
         # Add imports section for different transport methods
         if self.settings.transport == "sse":
             imports.append("import uvicorn")
-            imports.append("from fastmcp.server.http import create_sse_app")
-        elif self.settings.transport != "stdio":
+        elif self.settings.transport in ["streamable-http", "http"]:
             imports.append("import uvicorn")
                 
         # Get transport-specific configuration
@@ -735,12 +735,6 @@ class CodeGenerator:
         server_code_lines.append(mcp_instance_line)
         server_code_lines.append("")
         
-        # Add any post-init code from auth
-        post_init_code = []
-        if auth_components.get("has_auth") and auth_components.get("post_init_code"):
-            post_init_code.extend(auth_components["post_init_code"])
-            post_init_code.append("")
-
         # Main entry point with transport-specific app initialization
         main_code = [
             "if __name__ == \"__main__\":",
@@ -764,16 +758,35 @@ class CodeGenerator:
         
         # Transport-specific run methods
         if self.settings.transport == "sse":
-            main_code.extend([
-                "    # For SSE, FastMCP's run method handles auth integration better",
-                "    mcp.run(transport=\"sse\", host=host, port=port, log_level=\"info\")"
-            ])
-        elif self.settings.transport == "streamable-http":
+            # Check if we need to add API key middleware for SSE
+            api_key_config = get_api_key_config()
+            if auth_components.get("has_auth") and api_key_config:
+                main_code.extend([
+                    "    # For SSE with API key auth, we need to get the app and add middleware",
+                    "    app = mcp.http_app(transport=\"sse\")",
+                    "    app.add_middleware(ApiKeyMiddleware)",
+                    "    # Run with the configured app",
+                    "    uvicorn.run(app, host=host, port=port, log_level=\"info\")"
+                ])
+            else:
+                main_code.extend([
+                    "    # For SSE, FastMCP's run method handles auth integration better",
+                    "    mcp.run(transport=\"sse\", host=host, port=port, log_level=\"info\")"
+                ])
+        elif self.settings.transport in ["streamable-http", "http"]:
             main_code.extend([
                 "    # Create HTTP app and run with uvicorn",
                 "    app = mcp.http_app()",
             ])
             
+            # Check if we need to add API key middleware
+            api_key_config = get_api_key_config()
+            if auth_components.get("has_auth") and api_key_config:
+                main_code.extend([
+                    "    # Add API key middleware",
+                    "    app.add_middleware(ApiKeyMiddleware)",
+                ])
+            
             # Add OpenTelemetry middleware to the HTTP app if enabled
             if self.settings.opentelemetry_enabled:
                 main_code.extend([
@@ -800,7 +813,6 @@ class CodeGenerator:
             env_section + 
             auth_setup_code +
             server_code_lines +
-            post_init_code +
             component_registrations +
             main_code
         )
@@ -1116,9 +1128,13 @@ def build_import_map(project_path: Path, common_files: Dict[str, Path]) -> Dict[
         try:
             rel_to_component = dir_path.relative_to(component_type)
             # Create the new import path
-            new_path = f"components.{component_type}.{rel_to_component}".replace("/", ".")
-            # Fix any double dots
-            new_path = new_path.replace("..", ".")
+            if str(rel_to_component) == ".":
+                # This is at the root of the component type
+                new_path = f"components.{component_type}"
+            else:
+                # Replace path separators with dots
+                path_parts = str(rel_to_component).replace("\\", "/").split("/")
+                new_path = f"components.{component_type}.{'.'.join(path_parts)}"
             
             # Map both the directory and the common file
             orig_module = dir_path_str

{golf_mcp-0.1.8 → golf_mcp-0.1.10}/src/golf/core/builder_auth.py

@@ -145,7 +145,6 @@ def generate_api_key_auth_components(server_name: str, opentelemetry_enabled: bo
         - setup_code: Auth setup code (middleware setup)
         - fastmcp_args: Dict of arguments to add to FastMCP constructor
         - has_auth: Whether auth is configured
-        - post_init_code: Code to run after FastMCP instance is created
     """
     api_key_config = get_api_key_config()
     if not api_key_config:
@@ -153,24 +152,35 @@ def generate_api_key_auth_components(server_name: str, opentelemetry_enabled: bo
             "imports": [],
             "setup_code": [],
             "fastmcp_args": {},
-            "has_auth": False,
-            "post_init_code": []
+            "has_auth": False
         }
     
     auth_imports = [
         "# API key authentication setup",
-        "from golf.auth.helpers import set_api_key",
-        "from golf.auth.api_key import get_api_key_config",
+        "from golf.auth.api_key import get_api_key_config, configure_api_key",
+        "from golf.auth import set_api_key",
         "from starlette.middleware.base import BaseHTTPMiddleware",
         "from starlette.requests import Request",
         "from starlette.responses import JSONResponse",
+        "import os",
     ]
     
     setup_code_lines = [
-        "# Middleware to extract API key from headers",
+        "# Recreate API key configuration from pre_build.py",
+        f"configure_api_key(",
+        f"    header_name={repr(api_key_config.header_name)},",
+        f"    header_prefix={repr(api_key_config.header_prefix)},",
+        f"    required={repr(api_key_config.required)}",
+        f")",
+        "",
+        "# Simplified API key middleware that validates presence",
         "class ApiKeyMiddleware(BaseHTTPMiddleware):",
         "    async def dispatch(self, request: Request, call_next):",
+        "        # Debug mode from environment",
+        "        debug = os.environ.get('GOLF_API_KEY_DEBUG', '').lower() == 'true'",
+        "        ",
         "        api_key_config = get_api_key_config()",
+        "        ",
         "        if api_key_config:",
         "            # Extract API key from the configured header",
         "            header_name = api_key_config.header_name",
@@ -183,109 +193,39 @@ def generate_api_key_auth_components(server_name: str, opentelemetry_enabled: bo
         "                    api_key = v",
         "                    break",
         "            ",
-        "            # Check if API key is required and missing",
+        "            # Process the API key if found",
+        "            if api_key:",
+        "                # Strip prefix if configured",
+        "                if header_prefix and api_key.startswith(header_prefix):",
+        "                    api_key = api_key[len(header_prefix):]",
+        "                ",
+        "                # Store the API key in request state for tools to access",
+        "                request.state.api_key = api_key",
+        "                ",
+        "                # Also store in context variable for tools",
+        "                set_api_key(api_key)",
+        "            ",
+        "            # Check if API key is required but missing",
         "            if api_key_config.required and not api_key:",
         "                return JSONResponse(",
         "                    {'error': 'unauthorized', 'detail': f'Missing required {header_name} header'},",
         "                    status_code=401,",
         "                    headers={'WWW-Authenticate': f'{header_name} realm=\"MCP Server\"'}",
         "                )",
-        "            ",
-        "            # Strip prefix if configured and present",
-        "            if api_key and header_prefix and api_key.startswith(header_prefix):",
-        "                api_key = api_key[len(header_prefix):]",
-        "            elif api_key and header_prefix and api_key_config.required:",
-        "                # Has API key but wrong format when required",
-        "                return JSONResponse(",
-        "                    {'error': 'unauthorized', 'detail': f'Invalid {header_name} format, expected prefix: {header_prefix}'},",
-        "                    status_code=401,",
-        "                    headers={'WWW-Authenticate': f'{header_name} realm=\"MCP Server\"'}",
-        "                )",
-        "            ",
-        "            # Store the API key in context for tools to access",
-        "            set_api_key(api_key)",
         "        ",
         "        # Continue with the request",
-        "        response = await call_next(request)",
-        "        return response",
+        "        return await call_next(request)",
         "",
     ]
     
     # API key auth is handled via middleware, not FastMCP constructor args
     fastmcp_args = {}
     
-    # Code to run after FastMCP instance is created
-    # FastMCP doesn't expose .app directly, so we need to use custom_route
-    # to add a middleware-like functionality
-    post_init_code = [
-        "# API key authentication via custom middleware function",
-        "# Since FastMCP doesn't expose .app, we'll use a different approach",
-        "import functools",
-        "from starlette.responses import JSONResponse",
-        "",
-        "# Store original method references",
-        "_original_call_tool = mcp._mcp_call_tool if hasattr(mcp, '_mcp_call_tool') else None",
-        "_original_read_resource = mcp._mcp_read_resource if hasattr(mcp, '_mcp_read_resource') else None",
-        "_original_get_prompt = mcp._mcp_get_prompt if hasattr(mcp, '_mcp_get_prompt') else None",
-        "",
-        "# Wrapper to extract API key before processing",
-        "def with_api_key_extraction(original_method):",
-        "    @functools.wraps(original_method)",
-        "    async def wrapper(request, *args, **kwargs):",
-        "        # Extract API key from request headers",
-        "        api_key_config = get_api_key_config()",
-        "        if api_key_config and hasattr(request, 'headers'):",
-        "            header_name = api_key_config.header_name",
-        "            header_prefix = api_key_config.header_prefix",
-        "            ",
-        "            # Case-insensitive header lookup",
-        "            api_key = None",
-        "            for k, v in request.headers.items():",
-        "                if k.lower() == header_name.lower():",
-        "                    api_key = v",
-        "                    break",
-        "            ",
-        "            # Check if API key is required and missing",
-        "            if api_key_config.required and not api_key:",
-        "                return JSONResponse(",
-        "                    {'error': 'unauthorized', 'detail': f'Missing required {header_name} header'},",
-        "                    status_code=401,",
-        "                    headers={'WWW-Authenticate': f'{header_name} realm=\"MCP Server\"'}",
-        "                )",
-        "            ",
-        "            # Strip prefix if configured and present",
-        "            if api_key and header_prefix and api_key.startswith(header_prefix):",
-        "                api_key = api_key[len(header_prefix):]",
-        "            elif api_key and header_prefix and api_key_config.required:",
-        "                # Has API key but wrong format when required",
-        "                return JSONResponse(",
-        "                    {'error': 'unauthorized', 'detail': f'Invalid {header_name} format, expected prefix: {header_prefix}'},",
-        "                    status_code=401,",
-        "                    headers={'WWW-Authenticate': f'{header_name} realm=\"MCP Server\"'}",
-        "                )",
-        "            ",
-        "            # Store the API key in context for tools to access",
-        "            set_api_key(api_key)",
-        "        ",
-        "        # Call the original method",
-        "        return await original_method(request, *args, **kwargs)",
-        "    return wrapper",
-        "",
-        "# Wrap the MCP methods if they exist",
-        "if _original_call_tool:",
-        "    mcp._mcp_call_tool = with_api_key_extraction(_original_call_tool)",
-        "if _original_read_resource:",
-        "    mcp._mcp_read_resource = with_api_key_extraction(_original_read_resource)",
-        "if _original_get_prompt:",
-        "    mcp._mcp_get_prompt = with_api_key_extraction(_original_get_prompt)",
-    ]
-    
     return {
         "imports": auth_imports,
         "setup_code": setup_code_lines,
         "fastmcp_args": fastmcp_args,
-        "has_auth": True,
-        "post_init_code": post_init_code
+        "has_auth": True
     }
 
 

{golf_mcp-0.1.8 → golf_mcp-0.1.10}/src/golf/core/telemetry.py

@@ -7,7 +7,6 @@ from pathlib import Path
 from typing import Optional, Dict, Any
 import json
 import uuid
-import getpass
 
 import posthog
 from rich.console import Console
@@ -26,6 +25,7 @@ POSTHOG_HOST = "https://us.i.posthog.com"
 # Telemetry state
 _telemetry_enabled: Optional[bool] = None
 _anonymous_id: Optional[str] = None
+_user_identified: bool = False  # Track if we've already identified the user
 
 
 def get_telemetry_config_path() -> Path:
@@ -142,16 +142,10 @@ def get_anonymous_id() -> str:
             pass
     
     # Generate new ID with more unique data
-    # Include home directory path to differentiate between users on same machine
-    # Include a random component to ensure uniqueness even with identical setups
+    # Use only non-identifying system information
     
-    try:
-        username = getpass.getuser()
-    except Exception:
-        username = "unknown"
-    
-    # Combine multiple factors for uniqueness
-    machine_data = f"{platform.node()}-{platform.machine()}-{platform.system()}-{username}-{str(Path.home())}"
+    # Combine non-identifying factors for uniqueness
+    machine_data = f"{platform.machine()}-{platform.system()}-{platform.python_version()}"
     machine_hash = hashlib.sha256(machine_data.encode()).hexdigest()[:8]
     
     # Add a random component to ensure uniqueness
@@ -200,6 +194,8 @@ def track_event(event_name: str, properties: Optional[Dict[str, Any]] = None) ->
         event_name: Name of the event (e.g., "cli_init", "cli_build")
         properties: Optional properties to include with the event
     """
+    global _user_identified
+    
     if not is_telemetry_enabled():
         return
     
@@ -215,33 +211,33 @@ def track_event(event_name: str, properties: Optional[Dict[str, Any]] = None) ->
         # Get anonymous ID
         anonymous_id = get_anonymous_id()
         
-        # Set person properties to differentiate installations
-        # This helps PostHog understand these are different users
-        try:
-            hostname = platform.node()
-        except Exception:
-            hostname = "unknown"
-            
-        person_properties = {
-            "$set": {
-                "golf_version": __version__,
-                "os": platform.system(),
-                "hostname": hostname,
-                "python_version": f"{platform.python_version_tuple()[0]}.{platform.python_version_tuple()[1]}",
+        # Only identify the user once per session
+        if not _user_identified:
+            # Set person properties to differentiate installations
+            # Only include non-identifying information
+            person_properties = {
+                "$set": {
+                    "golf_version": __version__,
+                    "os": platform.system(),
+                    "python_version": f"{platform.python_version_tuple()[0]}.{platform.python_version_tuple()[1]}",
+                }
             }
-        }
-        
-        # Identify the user with properties
-        posthog.identify(
-            distinct_id=anonymous_id,
-            properties=person_properties
-        )
+            
+            # Identify the user with properties
+            posthog.identify(
+                distinct_id=anonymous_id,
+                properties=person_properties
+            )
+            
+            _user_identified = True
         
         # Only include minimal, non-identifying properties
         safe_properties = {
             "golf_version": __version__,
             "python_version": f"{platform.python_version_tuple()[0]}.{platform.python_version_tuple()[1]}",
             "os": platform.system(),
+            # Explicitly disable IP tracking
+            "$ip": None,
         }
         
         # Filter properties to only include safe ones

{golf_mcp-0.1.8/src/golf/examples/basic → golf_mcp-0.1.10/src/golf/examples/api_key}/.env.example

@@ -2,4 +2,4 @@ GOLF_CLIENT_ID="default-client-id"
 GOLF_CLIENT_SECRET="default-secret"
 JWT_SECRET="example-jwt-secret-for-development-only"
 OTEL_EXPORTER_OTLP_ENDPOINT="http://localhost:4318/v1/traces"
-OTEL_SERVICE_NAME="golf-mcp"
+OTEL_SERVICE_NAME="golf-mcp"

{golf_mcp-0.1.8 → golf_mcp-0.1.10/src/golf_mcp.egg-info}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: golf-mcp
-Version: 0.1.8
+Version: 0.1.10
 Summary: Framework for building MCP servers
 Author-email: Antoni Gmitruk <antoni@golf.dev>
 License-Expression: Apache-2.0

golf_mcp-0.1.8/src/golf/__init__.py

@@ -1 +0,0 @@
-__version__ = "0.1.8"

golf_mcp-0.1.8/src/golf/auth/helpers.py

@@ -1,97 +0,0 @@
-"""Helper functions for working with authentication in MCP context."""
-
-from typing import Optional
-from contextvars import ContextVar
-
-# Re-export get_access_token from the MCP SDK
-from mcp.server.auth.middleware.auth_context import get_access_token
-
-from .oauth import GolfOAuthProvider
-
-# Context variable to store the active OAuth provider
-_active_golf_oauth_provider: Optional[GolfOAuthProvider] = None
-
-# Context variable to store the current request's API key
-_current_api_key: ContextVar[Optional[str]] = ContextVar('current_api_key', default=None)
-
-def _set_active_golf_oauth_provider(provider: GolfOAuthProvider) -> None:
-    """
-    Sets the active GolfOAuthProvider instance.
-    Should only be called once during server startup.
-    """
-    global _active_golf_oauth_provider
-    _active_golf_oauth_provider = provider
-
-def get_provider_token() -> Optional[str]:
-    """
-    Get a provider token (e.g., GitHub token) associated with the current
-    MCP session's access token.
-
-    This relies on _set_active_golf_oauth_provider being called at server startup.
-    """
-    mcp_access_token = get_access_token() # From MCP SDK, uses its own ContextVar
-    if not mcp_access_token:
-        # No active MCP session token.
-        return None
-
-    provider = _active_golf_oauth_provider
-    if not provider:
-        return None
-    
-    if not hasattr(provider, "get_provider_token"):
-        return None
-
-    # Call the get_provider_token method on the actual GolfOAuthProvider instance
-    return provider.get_provider_token(mcp_access_token.token)
-
-def extract_token_from_header(auth_header: str) -> Optional[str]:
-    """Extract bearer token from Authorization header.
-
-    Args:
-        auth_header: Authorization header value
-
-    Returns:
-        Bearer token or None if not present/valid
-    """
-    if not auth_header:
-        return None
-
-    parts = auth_header.split()
-    if len(parts) != 2 or parts[0].lower() != 'bearer':
-        return None
-
-    return parts[1]
-
-def set_api_key(api_key: Optional[str]) -> None:
-    """Set the API key for the current request context.
-    
-    This is an internal function used by the middleware.
-    
-    Args:
-        api_key: The API key to store in the context
-    """
-    _current_api_key.set(api_key)
-
-def get_api_key() -> Optional[str]:
-    """Get the API key from the current request context.
-    
-    This function should be used in tools to retrieve the API key
-    that was sent in the request headers.
-    
-    Returns:
-        The API key if available, None otherwise
-        
-    Example:
-        # In a tool file
-        from golf.auth import get_api_key
-        
-        async def call_api():
-            api_key = get_api_key()
-            if not api_key:
-                return {"error": "No API key provided"}
-            
-            # Use the API key in your request
-            headers = {"Authorization": f"Bearer {api_key}"}
-            ...
-    """
-    return _current_api_key.get()