Add browserAuth() provider for MCP SDK integration

Author: koistya

.github/workflows/main.yml

@@ -0,0 +1,219 @@
+name: CI/CD
+
+on:
+  push:
+    branches: [main]
+    tags: ["v*"]
+  pull_request:
+    branches: [main]
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  test:
+    name: Test (Bun on ${{ matrix.os }})
+    runs-on: ${{ matrix.os }}
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-latest, macos-latest]
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v5
+
+      - name: Setup Bun
+        uses: oven-sh/setup-bun@v2
+        with:
+          bun-version: latest
+
+      - name: Install dependencies
+        run: bun install --frozen-lockfile
+
+      - name: Build templates
+        run: bun run build:templates
+
+      - name: Run tests
+        run: bun test
+
+      - name: Type check
+        if: matrix.os == 'ubuntu-latest'
+        run: bun run typecheck
+
+  build:
+    name: Build & Validate
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v5
+
+      - name: Setup Bun
+        uses: oven-sh/setup-bun@v2
+        with:
+          bun-version: latest
+
+      - name: Cache dependencies
+        uses: actions/cache@v4
+        with:
+          path: ~/.bun/install/cache
+          key: ${{ runner.os }}-bun-${{ hashFiles('**/bun.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-bun-
+
+      - name: Install dependencies
+        run: bun install --frozen-lockfile
+
+      - name: Check formatting
+        run: bun run format:check
+
+      - name: Type check
+        run: bun run typecheck
+
+      - name: Build templates
+        run: bun templates/build.ts
+
+      - name: Build package
+        run: bun run build
+
+      - name: Validate package
+        run: bun run lint:package
+
+      - name: Check dist output
+        run: |
+          if [ ! -f "dist/index.js" ]; then
+            echo "Error: dist/index.js not found"
+            exit 1
+          fi
+          if [ ! -f "dist/index.d.ts" ]; then
+            echo "Error: dist/index.d.ts not found"
+            exit 1
+          fi
+          echo "✅ Build output verified"
+
+      - name: Upload build artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: dist
+          path: dist/
+          retention-days: 1
+
+  validate-examples:
+    name: Validate Examples
+    runs-on: ubuntu-latest
+    needs: build
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v5
+
+      - name: Setup Bun
+        uses: oven-sh/setup-bun@v2
+        with:
+          bun-version: latest
+
+      - name: Install dependencies
+        run: bun install --frozen-lockfile
+
+      - name: Download build artifacts
+        uses: actions/download-artifact@v5
+        with:
+          name: dist
+          path: dist/
+
+      - name: Test demo example (dry run)
+        run: bun run examples/demo.ts --no-browser
+        timeout-minutes: 1
+
+      - name: Check example files
+        run: |
+          for file in examples/*.ts; do
+            echo "Checking $file..."
+            if [[ "$file" == *"demo.ts"* ]]; then
+              echo "✓ $file - skipping (interactive demo)"
+            else
+              bun build "$file" --target=node --outdir=/tmp/build-test > /dev/null && echo "✓ $file builds successfully"
+            fi
+          done
+
+  publish:
+    name: Publish to NPM
+    runs-on: ubuntu-latest
+    needs: [test, build, validate-examples]
+    if: startsWith(github.ref, 'refs/tags/v')
+    environment: npm
+    permissions:
+      contents: write
+      id-token: write
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v5
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: "20"
+          registry-url: "https://registry.npmjs.org"
+
+      - name: Setup Bun
+        uses: oven-sh/setup-bun@v2
+        with:
+          bun-version: latest
+
+      - name: Install dependencies
+        run: bun install --frozen-lockfile
+
+      - name: Build package
+        run: |
+          bun run build:templates
+          bun run build
+
+      - name: Verify version match
+        run: |
+          PACKAGE_VERSION="v$(node -p "require('./package.json').version")"
+          TAG_VERSION="${GITHUB_REF#refs/tags/}"
+          if [ "$PACKAGE_VERSION" != "$TAG_VERSION" ]; then
+            echo "Error: Package version ($PACKAGE_VERSION) doesn't match tag ($TAG_VERSION)"
+            exit 1
+          fi
+          echo "✅ Version verified: $PACKAGE_VERSION"
+
+      - name: Publish to NPM
+        run: npm publish --provenance --access public
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+
+      - name: Create GitHub Release
+        uses: softprops/action-gh-release@v2
+        with:
+          name: Release ${{ github.ref_name }}
+          generate_release_notes: true
+          draft: false
+          prerelease: ${{ contains(github.ref_name, '-') }}
+          files: |
+            dist/**/*
+
+  security:
+    name: Security Scan
+    runs-on: ubuntu-latest
+    if: github.event_name == 'pull_request' || github.event_name == 'push'
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v5
+        with:
+          fetch-depth: 0
+
+      - name: Run Dependabot security scan
+        uses: github/super-linter/slim@v7
+        env:
+          DEFAULT_BRANCH: main
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          VALIDATE_JAVASCRIPT_ES: true
+          VALIDATE_TYPESCRIPT_ES: true
+          VALIDATE_JSON: true
+          VALIDATE_YAML: true
+          FILTER_REGEX_EXCLUDE: .*node_modules/.*|.*dist/.*|.*bun.lock|.*tsconfig\.json

.vscode/settings.json

@@ -5,6 +5,7 @@
     "konstantin",
     "kriasoft",
     "modelcontextprotocol",
+    "publint",
     "streamable",
     "tarkus"
   ]

CLAUDE.md

@@ -0,0 +1,45 @@
+# OAuth Callback Project Guide
+
+## Project Structure
+
+```bash
+oauth-callback/
+├── src/                     # Source code
+│   ├── index.ts             # Main entry - exports getAuthCode(), OAuthError, browserAuth()
+│   ├── server.ts            # HTTP server for OAuth callbacks
+│   ├── errors.ts            # OAuthError class and error handling
+│   ├── mcp-types.ts         # TypeScript interfaces for MCP integration
+│   ├── auth/                # Authentication providers
+│   │   ├── browser-auth.ts  # MCP SDK-compatible OAuth provider
+│   │   └── browser-auth.test.ts
+│   ├── storage/             # Token storage implementations
+│   │   └── memory.ts        # In-memory token store
+│   └── utils/               # Utility functions
+│       └── token.ts         # Token expiry calculations
+│
+├── templates/               # HTML templates for callback pages
+│   ├── success.html         # Success page with animated checkmark
+│   ├── error.html           # Error page for OAuth failures
+│   └── build.ts             # Template compiler (bundles HTML into TypeScript)
+│
+├── examples/                # Usage examples
+│   ├── demo.ts              # Interactive demo with mock OAuth server
+│   ├── github.ts            # GitHub OAuth integration example
+│   └── notion.ts            # Notion MCP with Dynamic Client Registration
+│
+├── dist/                    # Build output (generated)
+│   ├── index.js             # Compiled JavaScript
+│   ├── index.d.ts           # TypeScript declarations
+│   └── ...
+│
+├── package.json             # Project metadata and dependencies
+├── tsconfig.json            # TypeScript configuration
+├── README.md                # User documentation
+└── CLAUDE.md                # This file - AI assistant context
+```
+
+## Key Constraints
+
+- Design Philosophy: Prioritize ideal design over backward compatibility
+- Runtime: Always use Bun (not Node.js/NPM). Bun auto-loads .env files
+- MCP SDK: OAuth/auth implementation in `node_modules/@modelcontextprotocol/sdk/dist/esm/client/auth.js`, `node_modules/@modelcontextprotocol/sdk/dist/esm/client/auth.d.ts`