golf-mcp 0.2.1__tar.gz → 0.2.3__tar.gz

{golf_mcp-0.2.1 → golf_mcp-0.2.3}/MANIFEST.in

@@ -1,6 +1,7 @@
 include README.md
 include LICENSE
 include pyproject.toml
+include src/golf/_endpoints.py.in
 graft .docs
 graft src/golf/examples
 

{golf_mcp-0.2.1 → golf_mcp-0.2.3}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: golf-mcp
-Version: 0.2.1
+Version: 0.2.3
 Summary: Framework for building MCP servers
 Author-email: Antoni Gmitruk <antoni@golf.dev>
 License-Expression: Apache-2.0

{golf_mcp-0.2.1 → golf_mcp-0.2.3}/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "golf-mcp"
-version = "0.2.1"
+version = "0.2.3"
 description = "Framework for building MCP servers"
 authors = [
     {name = "Antoni Gmitruk", email = "antoni@golf.dev"}
@@ -66,7 +66,7 @@ golf = ["examples/**/*"]
 
 [tool.poetry]
 name = "golf-mcp"
-version = "0.2.1"
+version = "0.2.3"
 description = "Framework for building MCP servers with zero boilerplate"
 authors = ["Antoni Gmitruk <antoni@golf.dev>"]
 license = "Apache-2.0"

{golf_mcp-0.2.1 → golf_mcp-0.2.3}/src/golf/__init__.py

@@ -1,4 +1,4 @@
-__version__ = "0.2.1"
+__version__ = "0.2.3"
 
 # Import endpoints with fallback for dev mode
 try:

golf_mcp-0.2.3/src/golf/_endpoints.py.in

@@ -0,0 +1,6 @@
+# Auto-generated at build time by setup.py:build_py
+# This template contains placeholders that are replaced during build
+
+# Platform endpoints
+PLATFORM_API_URL = "{PLATFORM_API_URL}"
+OTEL_ENDPOINT = "{OTEL_ENDPOINT}"

{golf_mcp-0.2.1 → golf_mcp-0.2.3}/src/golf/auth/__init__.py

@@ -206,14 +206,14 @@ def configure_oauth_proxy(
     redirect_path: str = "/oauth/callback",
 ) -> None:
     """Configure OAuth proxy authentication for non-DCR providers.
-    
+
     This sets up an OAuth proxy that bridges MCP clients (expecting DCR) with
     traditional OAuth providers like GitHub, Google, Okta Web Apps that use
     fixed client credentials.
-    
+
     Args:
         upstream_authorization_endpoint: Provider's authorization URL
-        upstream_token_endpoint: Provider's token endpoint URL  
+        upstream_token_endpoint: Provider's token endpoint URL
         upstream_client_id: Your client ID registered with the provider
         upstream_client_secret: Your client secret from the provider
         base_url: This proxy server's public URL
@@ -221,7 +221,7 @@ def configure_oauth_proxy(
         scopes_supported: Scopes to advertise to MCP clients
         upstream_revocation_endpoint: Optional token revocation endpoint
         redirect_path: OAuth callback path (default: /oauth/callback)
-        
+
     Note:
         Requires golf-mcp-enterprise package for implementation.
     """

{golf_mcp-0.2.1 → golf_mcp-0.2.3}/src/golf/auth/factory.py

@@ -258,6 +258,7 @@ def _create_oauth_proxy_provider(config: OAuthProxyConfig) -> "AuthProvider":
     try:
         # Try to import from enterprise package
         from golf_enterprise import create_oauth_proxy_provider
+
         return create_oauth_proxy_provider(config)
     except ImportError as e:
         raise ImportError(
@@ -342,7 +343,8 @@ def register_builtin_providers() -> None:
     - static: Static token verification (development)
     - oauth_server: Full OAuth authorization server
     - remote: Remote authorization server integration
-    - oauth_proxy: OAuth proxy for non-DCR providers (requires golf-mcp-enterprise)
+
+    Note: oauth_proxy provider is registered by the golf-mcp-enterprise package
     """
     registry = get_provider_registry()
 
@@ -351,7 +353,7 @@ def register_builtin_providers() -> None:
     registry.register_factory("static", _create_static_provider)
     registry.register_factory("oauth_server", _create_oauth_server_provider)
     registry.register_factory("remote", _create_remote_provider)
-    registry.register_factory("oauth_proxy", _create_oauth_proxy_provider)
+    # oauth_proxy is registered by golf-mcp-enterprise package when installed
 
 
 # Register built-in providers when module is imported

{golf_mcp-0.2.1 → golf_mcp-0.2.3}/src/golf/auth/providers.py

@@ -442,5 +442,173 @@ class RemoteAuthConfig(BaseModel):
         return self
 
 
+class OAuthProxyConfig(BaseModel):
+    """Configuration for OAuth proxy functionality (requires golf-mcp-enterprise).
+
+    This configuration enables bridging MCP clients (which expect Dynamic Client
+    Registration) with OAuth providers that use fixed client credentials like
+    GitHub Apps, Google Cloud Console apps, Okta Web Applications, etc.
+
+    The proxy acts as a DCR-capable authorization server to MCP clients while
+    using your fixed upstream client credentials with the actual OAuth provider.
+
+    Note: This class provides configuration only. The actual implementation
+    requires the golf-mcp-enterprise package.
+    """
+
+    provider_type: Literal["oauth_proxy"] = "oauth_proxy"
+
+    # Upstream OAuth provider configuration
+    upstream_authorization_endpoint: str = Field(..., description="Upstream provider's authorization endpoint URL")
+    upstream_token_endpoint: str = Field(..., description="Upstream provider's token endpoint URL")
+    upstream_client_id: str = Field(..., description="Your registered client ID with the upstream provider")
+    upstream_client_secret: str = Field(..., description="Your registered client secret with the upstream provider")
+    upstream_revocation_endpoint: str | None = Field(None, description="Optional upstream token revocation endpoint")
+
+    # This proxy server configuration
+    base_url: str = Field(..., description="Public URL of this OAuth proxy server")
+    redirect_path: str = Field("/oauth/callback", description="OAuth callback path (must match provider registration)")
+
+    # Scopes and token verification
+    scopes_supported: list[str] = Field(default_factory=list, description="Scopes supported by this proxy")
+    token_verifier_config: JWTAuthConfig | StaticTokenConfig = Field(
+        ..., description="Token verifier configuration for validating upstream tokens"
+    )
+
+    # Environment variable names for runtime configuration
+    upstream_authorization_endpoint_env_var: str | None = Field(
+        None, description="Environment variable name for upstream authorization endpoint"
+    )
+    upstream_token_endpoint_env_var: str | None = Field(
+        None, description="Environment variable name for upstream token endpoint"
+    )
+    upstream_client_id_env_var: str | None = Field(None, description="Environment variable name for upstream client ID")
+    upstream_client_secret_env_var: str | None = Field(
+        None, description="Environment variable name for upstream client secret"
+    )
+    upstream_revocation_endpoint_env_var: str | None = Field(
+        None, description="Environment variable name for upstream revocation endpoint"
+    )
+    base_url_env_var: str | None = Field(None, description="Environment variable name for base URL")
+
+    @field_validator("upstream_authorization_endpoint", "upstream_token_endpoint", "base_url")
+    @classmethod
+    def validate_required_urls(cls, v: str) -> str:
+        """Validate required URLs are properly formatted."""
+        if not v or not v.strip():
+            raise ValueError("URL cannot be empty")
+
+        url = v.strip()
+        try:
+            from urllib.parse import urlparse
+
+            parsed = urlparse(url)
+            if not parsed.scheme or not parsed.netloc:
+                raise ValueError(f"Invalid URL format: '{url}' - must include scheme and netloc")
+            if parsed.scheme not in ("http", "https"):
+                raise ValueError(f"URL must use http or https scheme: '{url}'")
+        except Exception as e:
+            if isinstance(e, ValueError):
+                raise
+            raise ValueError(f"Invalid URL '{url}': {e}") from e
+
+        return url
+
+    @field_validator("upstream_revocation_endpoint")
+    @classmethod
+    def validate_optional_url(cls, v: str | None) -> str | None:
+        """Validate optional URLs are properly formatted."""
+        if not v:
+            return v
+
+        url = v.strip()
+        if not url:
+            return None
+
+        try:
+            from urllib.parse import urlparse
+
+            parsed = urlparse(url)
+            if not parsed.scheme or not parsed.netloc:
+                raise ValueError(f"Invalid URL format: '{url}' - must include scheme and netloc")
+            if parsed.scheme not in ("http", "https"):
+                raise ValueError(f"URL must use http or https scheme: '{url}'")
+        except Exception as e:
+            if isinstance(e, ValueError):
+                raise
+            raise ValueError(f"Invalid URL '{url}': {e}") from e
+
+        return url
+
+    @field_validator("scopes_supported")
+    @classmethod
+    def validate_scopes_supported(cls, v: list[str]) -> list[str]:
+        """Validate scopes_supported format and security."""
+        if not v:
+            return v
+
+        cleaned_scopes = []
+        for scope in v:
+            scope = scope.strip()
+            if not scope:
+                raise ValueError("Scopes cannot be empty or whitespace-only")
+
+            # OAuth 2.0 scope format validation (RFC 6749)
+            if not all(32 < ord(c) < 127 and c not in ' "\\' for c in scope):
+                raise ValueError(
+                    f"Invalid scope format: '{scope}' - must be ASCII printable without spaces, quotes, or backslashes"
+                )
+
+            # Reasonable length limit to prevent abuse
+            if len(scope) > 128:
+                raise ValueError(f"Scope too long: '{scope}' - maximum 128 characters")
+
+            cleaned_scopes.append(scope)
+
+        return cleaned_scopes
+
+    @model_validator(mode="after")
+    def validate_oauth_proxy_config(self) -> "OAuthProxyConfig":
+        """Validate OAuth proxy configuration consistency."""
+        # Validate token verifier config is compatible
+        if not isinstance(self.token_verifier_config, JWTAuthConfig | StaticTokenConfig):
+            raise ValueError(
+                f"token_verifier_config must be JWTAuthConfig or StaticTokenConfig, got {type(self.token_verifier_config).__name__}"
+            )
+
+        # Warn about HTTPS requirements in production
+        is_production = (
+            os.environ.get("GOLF_ENV", "").lower() in ("prod", "production")
+            or os.environ.get("NODE_ENV", "").lower() == "production"
+            or os.environ.get("ENVIRONMENT", "").lower() in ("prod", "production")
+        )
+
+        if is_production:
+            from urllib.parse import urlparse
+
+            urls_to_check = [
+                ("base_url", self.base_url),
+                ("upstream_authorization_endpoint", self.upstream_authorization_endpoint),
+                ("upstream_token_endpoint", self.upstream_token_endpoint),
+            ]
+
+            if self.upstream_revocation_endpoint:
+                urls_to_check.append(("upstream_revocation_endpoint", self.upstream_revocation_endpoint))
+
+            for field_name, url in urls_to_check:
+                parsed = urlparse(url)
+                if parsed.scheme == "http":
+                    import warnings
+
+                    warnings.warn(
+                        f"OAuth proxy {field_name} '{url}' uses HTTP in production environment. "
+                        "HTTPS is strongly recommended for OAuth endpoints to prevent token interception.",
+                        UserWarning,
+                        stacklevel=2,
+                    )
+
+        return self
+
+
 # Union type for all auth configurations
-AuthConfig = JWTAuthConfig | StaticTokenConfig | OAuthServerConfig | RemoteAuthConfig
+AuthConfig = JWTAuthConfig | StaticTokenConfig | OAuthServerConfig | RemoteAuthConfig | OAuthProxyConfig

{golf_mcp-0.2.1 → golf_mcp-0.2.3}/src/golf/core/builder_auth.py

@@ -64,7 +64,7 @@ def generate_auth_code(
         f"auth_config = {auth_config_repr}",
         "try:",
         "    auth_provider = create_auth_provider(auth_config)",
-        "    print(f'Authentication configured with {auth_config.provider_type} provider')",
+        "    # Authentication configured with {auth_config.provider_type} provider",
         "except Exception as e:",
         "    print(f'Authentication setup failed: {e}', file=sys.stderr)",
         "    auth_provider = None",
@@ -203,7 +203,7 @@ if auth_provider and hasattr(auth_provider, 'get_routes'):
         # Add routes to FastMCP's additional HTTP routes list
         try:
             mcp._additional_http_routes.extend(auth_routes)
-            print(f"Added {len(auth_routes)} OAuth metadata routes")
+            # Added {len(auth_routes)} OAuth metadata routes
         except Exception as e:
             print(f"Warning: Failed to add OAuth routes: {e}")
 """

{golf_mcp-0.2.1 → golf_mcp-0.2.3}/src/golf_mcp.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: golf-mcp
-Version: 0.2.1
+Version: 0.2.3
 Summary: Framework for building MCP servers
 Author-email: Antoni Gmitruk <antoni@golf.dev>
 License-Expression: Apache-2.0

golf_mcp-0.2.3/src/golf_mcp.egg-info/SOURCES.txt

@@ -0,0 +1,63 @@
+LICENSE
+MANIFEST.in
+README.md
+pyproject.toml
+setup.py
+.docs/docs.md
+.docs/fastmcp-diff.md
+.docs/mcp.md
+src/golf/__init__.py
+src/golf/_endpoints.py.in
+src/golf/_endpoints_fallback.py
+src/golf/auth/__init__.py
+src/golf/auth/api_key.py
+src/golf/auth/factory.py
+src/golf/auth/helpers.py
+src/golf/auth/providers.py
+src/golf/auth/registry.py
+src/golf/cli/__init__.py
+src/golf/cli/branding.py
+src/golf/cli/main.py
+src/golf/commands/__init__.py
+src/golf/commands/build.py
+src/golf/commands/init.py
+src/golf/commands/run.py
+src/golf/core/__init__.py
+src/golf/core/builder.py
+src/golf/core/builder_auth.py
+src/golf/core/builder_metrics.py
+src/golf/core/builder_telemetry.py
+src/golf/core/config.py
+src/golf/core/parser.py
+src/golf/core/platform.py
+src/golf/core/telemetry.py
+src/golf/core/transformer.py
+src/golf/examples/__init__.py
+src/golf/examples/basic/.env.example
+src/golf/examples/basic/README.md
+src/golf/examples/basic/auth.py
+src/golf/examples/basic/golf.json
+src/golf/examples/basic/prompts/welcome.py
+src/golf/examples/basic/resources/current_time.py
+src/golf/examples/basic/resources/info.py
+src/golf/examples/basic/resources/weather/city.py
+src/golf/examples/basic/resources/weather/common.py
+src/golf/examples/basic/resources/weather/current.py
+src/golf/examples/basic/resources/weather/forecast.py
+src/golf/examples/basic/tools/calculator.py
+src/golf/examples/basic/tools/say/hello.py
+src/golf/metrics/__init__.py
+src/golf/metrics/collector.py
+src/golf/metrics/registry.py
+src/golf/telemetry/__init__.py
+src/golf/telemetry/instrumentation.py
+src/golf/utilities/__init__.py
+src/golf/utilities/context.py
+src/golf/utilities/elicitation.py
+src/golf/utilities/sampling.py
+src/golf_mcp.egg-info/PKG-INFO
+src/golf_mcp.egg-info/SOURCES.txt
+src/golf_mcp.egg-info/dependency_links.txt
+src/golf_mcp.egg-info/entry_points.txt
+src/golf_mcp.egg-info/requires.txt
+src/golf_mcp.egg-info/top_level.txt

golf_mcp-0.2.1/src/golf/examples/basic/htmlcov/.gitignore

@@ -1,2 +0,0 @@
-# Created by coverage.py
-*