PL jc UdZddlZddlZddlZddlZddlZddlZddlZddlZddl Z ddl Z ddl Z ddl Z ddl mZmZddlmZddlmZddlmZmZejeZdZ ddlmZdd lmZmZm Z m!Z!d Zn #e"$re#d YnwxYw dd l$m%Z%n #e"$rdZ%YnwxYwGd de&Z'da(e)dze*d<defdZ+de,de,fdZ-de)fdZ.de/fdZ0de/fdZ1dede2dzfdZ3dede2ddfdZ4GddZ5de6e7e2ffdZ8de,ddfdZ9de6e,e,dzffd Z:d!e,ddfd"Z;d#e2de)fd$Z d.d!e,d*e,d+e2dzdd,fd-Z?dS)/aa MCP OAuth 2.1 Client Support Implements the browser-based OAuth 2.1 authorization code flow with PKCE for MCP servers that require OAuth authentication instead of static bearer tokens. Uses the MCP Python SDK's ``OAuthClientProvider`` (an ``httpx.Auth`` subclass) which handles discovery, dynamic client registration, PKCE, token exchange, refresh, and step-up authorization automatically. This module provides the glue: - ``HermesTokenStorage``: persists tokens/client-info to disk so they survive across process restarts. - Callback server: ephemeral localhost HTTP server to capture the OAuth redirect with the authorization code. - ``build_oauth_auth()``: entry point called by ``mcp_tool.py`` that wires everything together and returns the ``httpx.Auth`` object. Configuration in config.yaml:: mcp_servers: my_server: url: "https://mcp.example.com/mcp" auth: oauth oauth: # all fields optional client_id: "pre-registered-id" # skip dynamic registration client_secret: "secret" # confidential clients only scope: "read write" # default: server-provided redirect_port: 0 # 0 = auto-pick free port client_name: "My Custom Client" # default: "Hermes Agent" N)BaseHTTPRequestHandler HTTPServer)Path)Any)parse_qsurlparseF)OAuthClientProvider)OAuthClientInformationFullOAuthClientMetadata OAuthMetadata OAuthTokenTz8MCP OAuth types not available -- OAuth MCP auth disabled)AnyUrlceZdZdZdS)OAuthNonInteractiveErrorzHRaised when OAuth requires browser interaction in a non-interactive env.N)__name__ __module__ __qualname____doc__3/home/kuhnn/.hermes/hermes-agent/tools/mcp_oauth.pyrrSsRRRRrr _oauth_portreturnc  ddlm}t|}n^#t$rQttjdttjdz }YnwxYw|dz S)zReturn the directory for MCP OAuth token files. Uses HERMES_HOME so each profile gets its own OAuth tokens. Layout: ``HERMES_HOME/mcp-tokens/`` r)get_hermes_home HERMES_HOMEz.hermesz mcp-tokens) hermes_constantsrr ImportErrorosenvirongetstrhome)rbases r_get_token_dirr%es Q444444OO%%&& QQQBJNN=#dikkI6M2N2NOOPPQ , s AA;:A;namechtjdd|dddpdS)zBSanitize a server name for use as a filename (no path separators).z[^\w\-]_Ndefault)resubstrip)r&s r_safe_filenamer.ss2 6*c4 ( ( . .s 3 3DSD 9 FYFrctjtjtj5}|d|dcdddS#1swxYwYdS)z(Find an available TCP port on localhost.) 127.0.0.1rN)socketAF_INET SOCK_STREAMbind getsockname)ss r_find_free_portr8xs v~v'9 : :"a    }}q!""""""""""""""""""s/A&&A*-A*cp tjS#ttf$rYdSwxYw)z@Return True if we can reasonably expect to interact with a user.F)sysstdinisattyAttributeError ValueErrorrrr_is_interactiver?sBy!!! J 'uus  55ctjdstjdrdStjdkrdS tjjdkrdSn#t $rYnwxYwtjdstjdrdSdS) z3Return True if opening a browser is likely to work. SSH_CLIENTSSH_TTYFntTDarwinDISPLAYWAYLAND_DISPLAY)rr r!r&unamesysnamer=rrr_can_open_browserrIs z~~l##rz~~i'@'@u w$t 8::  ) )4 *       z~~i  BJNN3D$E$Et 5sA33 B?Bpathc|sdS tj|dS#tjt f$r'}t d||Yd}~dSd}~wwxYw)zCRead a JSON file, returning None if it doesn't exist or is invalid.Nutf-8encodingzFailed to read %s: %s)existsjsonloads read_textJSONDecodeErrorOSErrorloggerwarning)rJexcs r _read_jsonrXs ;;==tz$..'.::;;;  ' *.c:::ttttts'AA=A88A=datact|jdd tj|jdn#t$rYnwxYw|dtjdtjd} tj t|tj tj ztj ztjtjz}tj|dd 5}t%j||d t |tj|d d d n #1swxYwYtj||d S#t$r* |d n#t$rYnwxYwwxYw)aWrite a dict as JSON with restricted permissions (0o600). Uses ``os.open`` with ``O_EXCL`` and an explicit mode so the file is created atomically at 0o600. The previous ``write_text`` + post-write ``chmod`` opened a TOCTOU window where the temp file briefly inherited the process umask (commonly 0o644 = world-readable), exposing OAuth tokens to other local users between create and chmod. Mirrors the fix in ``agent/google_oauth.py`` (#19673). T)parentsexist_okiz.tmp..wrLrM)indentr*N missing_ok)parentmkdirrchmodrT with_suffixgetpidsecrets token_hexopenr"O_WRONLYO_CREATO_EXCLstatS_IRUSRS_IWUSRfdopenrPdumpflushfsyncfilenoreplaceunlink)rJrYtmpfdfhs r _write_jsonr|s KdT222  e$$$$         G29;;GG1B11E1EGG H HC W HH K"* $ry 0 L4< '   Yr3 1 1 1 "R IdBq# 6 6 6 6 HHJJJ HRYY[[ ! ! ! " " " " " " " " " " " " " " " 3   JJ$J ' ' ' '    D  se9 AAA5F=AE! F!E%%F(E%)F F7F%$F7% F2/F71F22F7ceZdZdZdefdZdefdZdefdZdefdZ dd Z dd Z ddZ ddZ ddZddZd dZdefdZd S)!HermesTokenStoragea6Persist OAuth tokens and client registration to JSON files. File layout:: HERMES_HOME/mcp-tokens/.json -- tokens HERMES_HOME/mcp-tokens/.client.json -- client info HERMES_HOME/mcp-tokens/.meta.json -- oauth server metadata server_namec.t||_dSN)r. _server_name)selfrs r__init__zHermesTokenStorage.__init__s*;77rrc4t|jdz S)Nz.jsonr%rrs r _tokens_pathzHermesTokenStorage._tokens_pathsT%6"="="===rc4t|jdz S)Nz .client.jsonrrs r_client_info_pathz$HermesTokenStorage._client_info_pathsT%6"D"D"DDDrc4t|jdz S)Nz .meta.jsonrrs r _meta_pathzHermesTokenStorage._meta_pathsT%6"B"B"BBBrOAuthToken | Nonec0Kt|}|dS|dd}|5tt |t jz d|d<n|d |j}n#t$rd}YnwxYw|e |t|dz}tt |t jz d|d<n#ttf$rYnwxYw tj |S#tttf$r9}td||Yd}~dSd}~wwxYw)N expires_atr expires_inz$Corrupt tokens at %s -- ignoring: %s)rXrpopintmaxtimer!rost_mtimerT TypeErrorr>r model_validateKeyErrorrUrV)rrYabsolute_expiry file_mtimeimplied_expiryrWs r get_tokenszHermesTokenStorage.get_tokenss$++--.. <4 ((<66  &!$S49;;)F%J%J!K!KD   XXl # # / "!..005577@  " " "!  "%%/#d<6H2I2I%IN),S$)++1Mq-Q-Q)R)RD&&!:.D ,T22 2Ix0    NNA4CTCTCVCVX[ \ \ \44444 s= +B77 CC A DD-,D-1EF.FFtokensr NchK|dd}|d}|? tjt|z|d<n#tt f$rYnwxYwt ||t d|j dS)NrPTmode exclude_nonerrzOAuth tokens saved for %s) model_dumpr!rrrr>r|rrUdebugr)rrpayloadrs r set_tokenszHermesTokenStorage.set_tokenss##d#CC[[..  ! (, c*oo(E %%z*     D%%''111 0$2CDDDDDs&AA-,A-!OAuthClientInformationFull | Nonec Kt|}|dS tj|S#tt t f$r9}td||Yd}~dSd}~wwxYw)Nz)Corrupt client info at %s -- ignoring: %s) rXrr rr>rrrUrVrrYrWs rget_client_infoz"HermesTokenStorage.get_client_info&s$002233 <4 -rrrUrVrs rload_oauth_metadataz&HermesTokenStorage.load_oauth_metadata@s$//++,, <4  /55 5Ix0    NNI4??K\K\^a b b b44444 s;B .BB c|||fD]}|ddS)z.Delete all stored OAuth state for this server.TrbN)rrrrx)rps rremovezHermesTokenStorage.removeLs[##%%t'='='?'?ARARS & &A HHH % % % % & &rcN|S)z7Return True if we have tokens on disk (may be expired).)rrOrs rhas_cached_tokensz$HermesTokenStorage.has_cached_tokensQs   ""))+++r)rr)rr rN)rr)rr rN)rr rN)rrrN)rrrrr"rrrrrrrrrrrrboolrrrrr~r~sH8C8888>d>>>>E4EEEECDCCCC %%%%NEEEE,JJJJGGGG&&&& ,4,,,,,,rr~cBddddGfddt}|fS)aTCreate a per-flow callback HTTP handler class with its own result dict. Returns ``(HandlerClass, result_dict)`` where *result_dict* is a mutable dict that the handler writes ``auth_code`` and ``state`` into when the OAuth redirect arrives. Each call returns a fresh pair so concurrent flows don't stomp on each other. N) auth_codestateerrorc0eZdZdfd ZdededdfdZdS)(_make_callback_handler.._HandlerrNctt|jj}|ddgd}|ddgd}|ddgd}|d<|d<|d<|rdnd|pdd }|d |d d ||j | dS) Ncoderrrrzn

Authorization Successful

You can close this tab and return to Hermes.

z3

Authorization Failed

Error: unknownz

z Content-Typeztext/html; charset=utf-8) rrrJqueryr! send_response send_header end_headerswfilewriteencode)rparamsrrrbodyresults rdo_GETz/_make_callback_handler.._Handler.do_GETfs%hty11788F::ftf--a0DJJw//2EJJw//2E"&F; #F7O#F7O TTD"/iDDD    s # # #   ^-G H H H       J  T[[]] + + + + +rfmtargscBtd||zdS)NzOAuth callback: %s)rUr)rrrs r log_messagez4_make_callback_handler.._Handler.log_message|s! LL-sTz : : : : :rr)rrrrr"rr)rsr_Handlerres\ , , , , , ,, ;3 ;s ;t ; ; ; ; ; ;rr)r)rrs @r_make_callback_handlerr[sV,0$NNF;;;;;;;);;;4 V rauthorization_urlc `Kd|d}t|tjtr\t jdst jdr4tdtdtdtd tjt r~ tj|}|rtd tjntd tjd Sd S#t$rtd tjYd SwxYwtd tjd S)zShow the authorization URL to the user. Opens the browser automatically when possible; always prints the URL as a fallback for headless/SSH/gateway environments. zL MCP OAuth: authorization required. Open this URL in your browser:  )filerArBza Remote session detected. The OAuth provider will redirect your browser to http://127.0.0.1:z/callback which the callback listener on THIS machine is waiting on. If your browser is on a different machine, forward the port first in a separate terminal: ssh -N -L z :127.0.0.1:zv @ Then open the URL above. See: https://hermes-agent.nousresearch.com/docs/guides/oauth-over-ssh z" (Browser opened automatically.) u= (Could not open browser — please open the URL manually.) u= (Headless environment detected — open the URL manually.) N) printr:stderrrrgetenvrI webbrowserrk Exception)rmsgopeneds r_redirect_handlerrs %  % % %  #CJ    ,//  29Y3G3G    r$/ r r )  r r 6A  r r r  a e_%677F i;#*MMMMMV]`]ghhhhhhNM e e e RY\Yc d d d d d d d e NUXU_``````sA C''%DDcKttdt\}} tdtf|}n#t$rt dwxYwt j|jd}| d}d}d } ||kr6|d |d n%tj |d{V||z }||k6| n#| wxYw|d rtd |d |d t d |d |dfS)u]Wait for the OAuth callback to arrive on the local callback server. Uses the module-level ``_oauth_port`` which is set by ``build_oauth_auth`` before this is ever called. Polls for the result without blocking the event loop. Raises: OAuthNonInteractiveError: If the callback times out (no user present to complete the browser auth). RuntimeError: If ``_oauth_port`` has not been set, which would indicate that ``build_oauth_auth`` was skipped — the asserting form below was a silent bug when running Python with ``-O``/``-OO``. Nu_OAuth callback port not set — build_oauth_auth must be called before _wait_for_oauth_callbackr0uuOAuth callback timed out — could not bind callback port. Complete the authorization in a browser first, then retry.T)targetdaemongr@g?grrzOAuth authorization failed: uqOAuth callback timed out — no authorization code received. Ensure you completed the browser authorization flow.r) r RuntimeErrorrrrTr threadingThreadhandle_requeststartasynciosleep server_close) handler_clsrserver server_threadtimeout poll_intervalelapseds r_wait_for_callbackrs .   122K [+6 DD    ' I    $F,A$OOOMGMGk".&/2M- .. . . . . . . . } $G   gMK&/KKLLL k"& C   + w //sAArr r)rrrr redirect_urimetadata_kwargss r_build_client_metadatars 77# $ $D | W   ''-88K GGG  E6t666L# ../,o>!(&, ''O )#(  wwM8L45  -o > >>rrclient_metadatac|d}|sdS|d}d|d}||g|j|j|jd}|dr |d|d<|dr |d|d<|d r |d |d <t j|}t ||d d t d ||j dS)z=If cfg has a pre-registered client_id, persist it to storage. client_idNrrr)rrrrr r rrrPTrz$Pre-registered client_id=%s for '%s') r!rrr r rr|rrrUrr)rrrrrr  info_dictrs r_maybe_preregister_clientr7s/  $$I   D6t666L&&2)8&5&P !!I ww:%(%9 /" ww}6#&}#5 -  www* \ ',;IFFK))++[-C-C^b-C-c-cddd LL7GDXYYYYYr server_url oauth_configzOAuthClientProvider | Nonec tstd|dSt|pi}t |}t s/|std|t|t|}t|||t|||ttt|ddS)aQBuild an ``httpx.Auth``-compatible OAuth handler for an MCP server. Public API preserved for backwards compatibility. New code should use :func:`tools.mcp_oauth_manager.get_manager` so OAuth state is shared across config-time, runtime, and reconnect paths. Args: server_name: Server key in mcp_servers config (used for storage). server_url: MCP server endpoint URL. oauth_config: Optional dict from the ``oauth:`` block in config.yaml. Returns: An ``OAuthClientProvider`` instance, or None if the MCP SDK lacks OAuth support. zjMCP OAuth requested for '%s' but SDK auth types are not available. Install with: pip install 'mcp>=1.26.0'NzMCP OAuth for '%s': non-interactive environment and no cached tokens found. The OAuth flow requires browser authorization. Run interactively first to complete the initial authorization, then cached tokens will be reused.ri,)rrrredirect_handlercallback_handlerr)_OAUTH_AVAILABLErUrVdictr~r?rrrrr rrfloatr!)rrrrrrs rbuild_oauth_authrVs(  6    t |!r " "C --G    W%>%>%@%@  ,     S!!!,S11OgsO<<< '*+cggi--..    rr)@rrrPloggingrr+rir2ror:rrr http.serverrrpathlibrtypingr urllib.parserr getLoggerrrUrmcp.client.authr mcp.shared.authr r r r rrpydanticrrrrr__annotations__r%r"r.r8rr?rIrrXr|r~tupletyperrrrrrrrrrrr)sB    ::::::::++++++++  8 $ $  M333333MMM LLKLLLLLM FFFSSSSS|SSS S4Z     GGGGGG """""4&TdTk$d$$$4$$$$XB,B,B,B,B,B,B,B,T$dDj 1$$$$X(as(at(a(a(a(aV:0%S4Z"8:0:0:0:0D>S>T>>>> $3*??)>????<Z !Z Z+Z ZZZZD!%3333+3" 333333s$#A88BBB B*)B*