refactor(oauth): extract authorize-param validation into src/util#223
Merged
mgoldsborough merged 2 commits intoMay 24, 2026
Merged
Conversation
Move validateAdditionalAuthorizationParams and RESERVED_AUTHORIZE_PARAMS out of workspace-oauth-provider.ts into a dependency-free src/util/oauth-params.ts. The registry layer (projection.ts) imported the validator only, yet transitively pulled the MCP SDK auth client, the OAuth flow registry, validateBundleUrl, and crypto/fs. The helpers are pure; src/util/ is where pure helpers live (mirrors url.ts). Closes NimbleBrainInc#198
Resolve import-ordering conflicts in lifecycle.ts and workspace-oauth-provider.ts: keep main's new WorkspaceContext / AutomationDomainContext imports alongside the PR's split of validateAdditionalAuthorizationParams into src/util/oauth-params.ts.
mgoldsborough
added a commit
that referenced
this pull request
May 25, 2026
…t conflicts main advanced 3 commits past the branch point; #223 ("refactor(oauth): extract authorize-param validation into src/util") moved `validateAdditionalAuthorizationParams` from `tools/workspace-oauth-provider.ts` to `util/oauth-params.ts`. Two import conflicts, resolved by usage: - src/bundles/lifecycle.ts — imports `validateAdditionalAuthorizationParams` from the new `util/oauth-params.ts` path and keeps `WorkspaceOAuthProvider` (both used). Drops `UserPoolSource` — this branch's T008 removed the per-user OAuth pool, so it has zero usages here (main still had it). - src/tools/connector-tools.ts — drops the conflicted import entirely: `validateAdditionalAuthorizationParams` is already imported from `util/oauth-params.ts`, and `WorkspaceOAuthProvider` has zero usages in this file's refactored form. Import-only resolution; no behavioral change. verify:static green, unit 3097 / integration 611, 0 fail.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
validateAdditionalAuthorizationParams+RESERVED_AUTHORIZE_PARAMSout ofsrc/tools/workspace-oauth-provider.tsinto a new dependency-freesrc/util/oauth-params.ts.bundles/lifecycle.ts,registries/projection.ts,tools/connector-tools.ts, and the provider's own constructor) at the new module. No re-export — all call sites are in-repo.projection.ts) imported only the validator yet transitively pulled the MCP SDK auth client, the OAuth flow registry,validateBundleUrl, and crypto/fs. The helpers are pure;src/util/is where pure helpers live (mirrorsurl.ts).Pure code move — function body, signature, reserved-key list unchanged. Error-message prefix updated
[workspace-oauth-provider]→[oauth-params]to match the new module.Closes #198
Test plan
test/unit/oauth-params.test.ts— undefined, empty, non-reserved, every reserved key, OIDC hijack vectors, multi-key error message (6 cases)bun run verify:static— format, lint, tsc,check:cycles, codegen all cleanbun run test:unit(246 pass) +bun run test:integration(475 pass, 0 fail)from datetime import UTC), unrelated to this change🤖 Generated with Claude Code