UNPKG

codecrucible-synth

Version:

Production-Ready AI Development Platform with Multi-Voice Synthesis, Smithery MCP Integration, Enterprise Security, and Zero-Timeout Reliability

github.com/rhinos0608/codecrucible-synth

rhinos0608/codecrucible-synth

150 lines 3.7 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
/** * OAuth Resource Server for MCP Security (2024 Standards) * Implements RFC 6749 OAuth 2.0 and RFC 8707 Resource Indicators * * Based on 2024 MCP security research: * - OAuth Resource Server classification required for all MCP servers * - Resource Indicators (RFC 8707) provide fine-grained access control * - JWT validation with JWKS endpoint for scalable token verification * - Bearer token authentication with proper scope validation */ import { EventEmitter } from 'events'; export interface OAuthConfig { issuer: string; jwksUri: string; audience: string; requiredScopes: string[]; resourceIndicators: string[]; tokenValidation: { enabled: boolean; clockTolerance: number; maxAge: number; algorithms: string[]; }; caching: { jwksCache: boolean; jwksCacheTtl: number; tokenCache: boolean; tokenCacheTtl: number; }; } export interface TokenClaims { iss: string; sub: string; aud: string | string[]; exp: number; iat: number; nbf?: number; jti?: string; scope?: string; resource?: string | string[]; client_id?: string; username?: string; roles?: string[]; } export interface ValidationResult { valid: boolean; claims?: TokenClaims; scopes: string[]; resourceIndicators: string[]; error?: string; errorDescription?: string; } export interface JWK { kty: string; use?: string; alg?: string; kid?: string; n?: string; e?: string; x?: string; y?: string; crv?: string; k?: string; } export interface JWKS { keys: JWK[]; } export declare class OAuthResourceServer extends EventEmitter { private config; private jwksCache; private tokenCache; private cleanupInterval; constructor(config: OAuthConfig); /** * Validate OAuth Bearer token according to 2024 MCP standards */ validateBearerToken(authorizationHeader: string): Promise<ValidationResult>; /** * Extract Bearer token from Authorization header */ private extractBearerToken; /** * Validate JWT token with comprehensive checks */ private validateJWT; /** * Validate JWT signature using JWKS */ private validateSignature; /** * Get signing key from JWKS endpoint */ private getSigningKey; /** * Fetch JWKS from the configured endpoint */ private fetchJWKS; /** * Convert JWK to Node.js crypto key */ private jwkToCryptoKey; /** * Extract OAuth scopes from token claims */ private extractScopes; /** * Validate required OAuth scopes */ private validateScopes; /** * Extract resource indicators from token claims (RFC 8707) */ private extractResourceIndicators; /** * Validate resource indicators (RFC 8707) */ private validateResourceIndicators; /** * Decode base64url without padding */ private decodeBase64Url; /** * Decode base64url to buffer */ private decodeBase64UrlToBuffer; /** * Start cache cleanup interval */ private startCacheCleanup; /** * Clean up expired cache entries */ private cleanupExpiredEntries; /** * Get OAuth server metrics */ getMetrics(): { jwksCacheSize: number; tokenCacheSize: number; cacheHitRate: number; validationCount: number; errorCount: number; }; /** * Shutdown OAuth Resource Server */ shutdown(): void; } export declare const defaultOAuthConfig: OAuthConfig; //# sourceMappingURL=oauth-resource-server.d.ts.map