From ca1f4efb8f80965aceea047217a9fcb0c98c0a18 Mon Sep 17 00:00:00 2001 From: Max Lund Date: Fri, 17 Apr 2026 22:21:18 -0500 Subject: [PATCH] Add OAuth proxy message types MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit New envelope types and payloads used by command center to proxy MCP OAuth flows on behalf of connected squadrons: - OAuthRegisterFlow / OAuthRegisterFlowAck — squadron reserves a flow keyed by the OAuth state value before launching the user's browser. - OAuthCallbackDelivery / OAuthCallbackAck — commander pushes the IdP callback (code/state) back to the originating squadron. - StartMCPLogin / StartMCPLoginAck — commander asks squadron to kick off an OAuth login for a named MCP server from the UI; the ack carries the authorization URL for the browser to open. --- protocol/envelope.go | 8 +++++++ protocol/messages.go | 50 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 58 insertions(+) diff --git a/protocol/envelope.go b/protocol/envelope.go index c28c236..422c2ed 100644 --- a/protocol/envelope.go +++ b/protocol/envelope.go @@ -103,6 +103,14 @@ const ( TypeDownloadDirectory MessageType = "download_directory" TypeDownloadDirectoryResult MessageType = "download_directory_result" + // OAuth proxy (MCP login through command center) + TypeOAuthRegisterFlow MessageType = "oauth_register_flow" + TypeOAuthRegisterFlowAck MessageType = "oauth_register_flow_ack" + TypeOAuthCallbackDelivery MessageType = "oauth_callback_delivery" + TypeOAuthCallbackAck MessageType = "oauth_callback_ack" + TypeStartMCPLogin MessageType = "start_mcp_login" + TypeStartMCPLoginAck MessageType = "start_mcp_login_ack" + // Error TypeError MessageType = "error" ) diff --git a/protocol/messages.go b/protocol/messages.go index 52bc1bd..9fd1479 100644 --- a/protocol/messages.go +++ b/protocol/messages.go @@ -685,6 +685,56 @@ type DownloadDirectoryResultPayload struct { Filename string `json:"filename"` } +// ============================================================================= +// OAuth proxy (MCP login through command center) +// ============================================================================= + +// OAuthRegisterFlowPayload is sent by squadron to commander to reserve an +// OAuth flow before launching the user's browser. Commander stores the +// mapping `state → {instanceID, mcpName}` and later uses `state` in the IdP +// callback to route the code back to the right squadron. +type OAuthRegisterFlowPayload struct { + State string `json:"state"` + McpName string `json:"mcpName"` +} + +// OAuthRegisterFlowAckPayload confirms the flow was stored. +type OAuthRegisterFlowAckPayload struct { + Accepted bool `json:"accepted"` + Reason string `json:"reason,omitempty"` +} + +// OAuthCallbackDeliveryPayload is sent by commander to squadron when the IdP +// redirects a user to commander's /oauth/callback. Squadron's +// WsbridgeCallbackSource listens on `state` to complete the login flow. +type OAuthCallbackDeliveryPayload struct { + State string `json:"state"` + Code string `json:"code,omitempty"` + Error string `json:"error,omitempty"` // non-empty on IdP-side failure +} + +// OAuthCallbackAckPayload confirms squadron received the callback params. +type OAuthCallbackAckPayload struct { + Accepted bool `json:"accepted"` + Reason string `json:"reason,omitempty"` +} + +// StartMCPLoginPayload is sent by commander to squadron to initiate an +// OAuth login for a named MCP server from the UI. Squadron kicks off the +// flow using the WsbridgeCallbackSource and returns the authorization URL +// mid-flow so the browser can open it in a new tab. +type StartMCPLoginPayload struct { + McpName string `json:"mcpName"` +} + +// StartMCPLoginAckPayload carries the IdP authorization URL back to the +// browser. If Accepted is false, Reason explains why. +type StartMCPLoginAckPayload struct { + Accepted bool `json:"accepted"` + AuthURL string `json:"authUrl,omitempty"` + Reason string `json:"reason,omitempty"` +} + // ============================================================================= // Error // =============================================================================