UNPKG

@vfarcic/dot-ai

Version:

AI-powered development productivity platform that enhances software development workflows through intelligent automation and AI-driven assistance

github.com/vfarcic/dot-ai

vfarcic/dot-ai

99 lines 2.58 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
/** * OAuth type definitions for PRD #380: Gateway Auth & RBAC * * Defines the identity contract, authentication result, and JWT claims * used throughout the OAuth + dual-mode auth system. */ /** * User identity extracted from OAuth tokens. * Populated when authentication succeeds via JWT (not legacy token). */ export interface UserIdentity { userId: string; email?: string; groups: string[]; source: 'oauth' | 'token'; } /** * Authentication result from the dual-mode middleware. * When JWT auth succeeds, `identity` contains the user's claims. * When legacy token auth succeeds, `identity` is undefined. */ export interface AuthResult { authorized: boolean; message?: string; identity?: UserIdentity; } /** * JWT payload claims for dot-ai access tokens. * HMAC-SHA256 signed using node:crypto. */ export interface JwtClaims { sub: string; email?: string; groups: string[]; iat: number; exp: number; } /** * Pending authorization request. * Created when /authorize is called, before redirecting to Dex. * Maps a session ID to the original client request params. */ export interface PendingAuthRequest { clientId: string; redirectUri: string; codeChallenge: string; codeChallengeMethod: 'S256'; state: string; createdAt: number; } /** * Issued authorization code. * Created after Dex callback, consumed by /token. */ export interface AuthorizationCode { code: string; clientId: string; redirectUri: string; codeChallenge: string; codeChallengeMethod: 'S256'; userIdentity: UserIdentity; createdAt: number; expiresAt: number; } /** * Token request body (POST /token). * RFC 6749 requires application/x-www-form-urlencoded. */ export interface TokenRequest { grant_type: string; code: string; redirect_uri: string; client_id: string; code_verifier: string; requested_expiry?: string; } /** * Token response body. */ export interface TokenResponse { access_token: string; token_type: 'bearer'; expires_in: number; } /** * Dex OIDC provider configuration. * * Two separate URLs are needed because in Kubernetes the MCP server pod * can't reach Dex via the external ingress hostname (it resolves to * the pod itself). Browser redirects use issuerUrl (external); server- * to-server token exchange uses tokenEndpoint (in-cluster service URL). */ export interface DexConfig { issuerUrl: string; tokenEndpoint: string; clientId: string; clientSecret: string; } //# sourceMappingURL=types.d.ts.map