Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
microsoft
GitHub Repository: microsoft/vscode
 Path: blob/main/src/vs/workbench/services/authentication/common/authenticationQuery.ts
3296 views
1
/*---------------------------------------------------------------------------------------------

2
 *  Copyright (c) Microsoft Corporation. All rights reserved.

3
 *  Licensed under the MIT License. See License.txt in the project root for license information.

4
 *--------------------------------------------------------------------------------------------*/

5


6
import { Event } from '../../../../base/common/event.js';

7
import { createDecorator } from '../../../../platform/instantiation/common/instantiation.js';

8
import { AuthenticationSessionAccount } from './authentication.js';

9


10
/**

11
 * Statistics about authentication usage

12
 */

13
export interface IAuthenticationUsageStats {

14
	readonly totalSessions: number;

15
	readonly totalAccounts: number;

16
	readonly recentActivity: {

17
		readonly accountName: string;

18
		readonly lastUsed: number;

19
		readonly usageCount: number;

20
	}[];

21
}

22


23
/**

24
 * Information about entities using authentication within a provider

25
 */

26
export interface IActiveEntities {

27
	readonly extensions: string[];

28
	readonly mcpServers: string[];

29
}

30


31
/**

32
 * Base query interface with common properties

33
 */

34
export interface IBaseQuery {

35
	readonly providerId: string;

36
}

37


38
/**

39
 * Query interface for operations on a specific account within a provider

40
 */

41
export interface IAccountQuery extends IBaseQuery {

42
	readonly accountName: string;

43


44
	/**

45
	 * Get operations for a specific extension on this account

46
	 * @param extensionId The extension id

47
	 * @returns An account-extension query interface

48
	 */

49
	extension(extensionId: string): IAccountExtensionQuery;

50


51
	/**

52
	 * Get operations for a specific MCP server on this account

53
	 * @param mcpServerId The MCP server id

54
	 * @returns An account-MCP server query interface

55
	 */

56
	mcpServer(mcpServerId: string): IAccountMcpServerQuery;

57


58
	/**

59
	 * Get operations for all extensions on this account

60
	 * @returns An account-extensions query interface

61
	 */

62
	extensions(): IAccountExtensionsQuery;

63


64
	/**

65
	 * Get operations for all MCP servers on this account

66
	 * @returns An account-MCP servers query interface

67
	 */

68
	mcpServers(): IAccountMcpServersQuery;

69


70
	/**

71
	 * Get operations for all entities (extensions and MCP servers) on this account

72
	 * @returns An account-entities query interface for type-agnostic operations

73
	 */

74
	entities(): IAccountEntitiesQuery;

75


76
	/**

77
	 * Remove all authentication data for this account

78
	 */

79
	remove(): void;

80
}

81


82
/**

83
 * Query interface for operations on a specific extension within a specific account

84
 */

85
export interface IAccountExtensionQuery extends IBaseQuery {

86
	readonly accountName: string;

87
	readonly extensionId: string;

88


89
	/**

90
	 * Check if this extension is allowed to access this account

91
	 * @returns True if allowed, false if denied, undefined if not yet decided

92
	 */

93
	isAccessAllowed(): boolean | undefined;

94


95
	/**

96
	 * Set access permission for this extension on this account

97
	 * @param allowed True to allow, false to deny access

98
	 * @param extensionName Optional extension name for display purposes

99
	 */

100
	setAccessAllowed(allowed: boolean, extensionName?: string): void;

101


102
	/**

103
	 * Add usage record for this extension on this account

104
	 * @param scopes The scopes that were used

105
	 * @param extensionName The extension name for display purposes

106
	 */

107
	addUsage(scopes: readonly string[], extensionName: string): void;

108


109
	/**

110
	 * Get usage history for this extension on this account

111
	 * @returns Array of usage records

112
	 */

113
	getUsage(): {

114
		readonly extensionId: string;

115
		readonly extensionName: string;

116
		readonly scopes: readonly string[];

117
		readonly lastUsed: number;

118
	}[];

119


120
	/**

121
	 * Remove all usage data for this extension on this account

122
	 */

123
	removeUsage(): void;

124


125
	/**

126
	 * Set this account as the preferred account for this extension

127
	 */

128
	setAsPreferred(): void;

129


130
	/**

131
	 * Check if this account is the preferred account for this extension

132
	 */

133
	isPreferred(): boolean;

134


135
	/**

136
	 * Check if this extension is trusted (defined in product.json)

137
	 * @returns True if the extension is trusted, false otherwise

138
	 */

139
	isTrusted(): boolean;

140
}

141


142
/**

143
 * Query interface for operations on a specific MCP server within a specific account

144
 */

145
export interface IAccountMcpServerQuery extends IBaseQuery {

146
	readonly accountName: string;

147
	readonly mcpServerId: string;

148


149
	/**

150
	 * Check if this MCP server is allowed to access this account

151
	 * @returns True if allowed, false if denied, undefined if not yet decided

152
	 */

153
	isAccessAllowed(): boolean | undefined;

154


155
	/**

156
	 * Set access permission for this MCP server on this account

157
	 * @param allowed True to allow, false to deny access

158
	 * @param mcpServerName Optional MCP server name for display purposes

159
	 */

160
	setAccessAllowed(allowed: boolean, mcpServerName?: string): void;

161


162
	/**

163
	 * Add usage record for this MCP server on this account

164
	 * @param scopes The scopes that were used

165
	 * @param mcpServerName The MCP server name for display purposes

166
	 */

167
	addUsage(scopes: readonly string[], mcpServerName: string): void;

168


169
	/**

170
	 * Get usage history for this MCP server on this account

171
	 * @returns Array of usage records

172
	 */

173
	getUsage(): {

174
		readonly mcpServerId: string;

175
		readonly mcpServerName: string;

176
		readonly scopes: readonly string[];

177
		readonly lastUsed: number;

178
	}[];

179


180
	/**

181
	 * Remove all usage data for this MCP server on this account

182
	 */

183
	removeUsage(): void;

184


185
	/**

186
	 * Set this account as the preferred account for this MCP server

187
	 */

188
	setAsPreferred(): void;

189


190
	/**

191
	 * Check if this account is the preferred account for this MCP server

192
	 */

193
	isPreferred(): boolean;

194


195
	/**

196
	 * Check if this MCP server is trusted (defined in product.json)

197
	 * @returns True if the MCP server is trusted, false otherwise

198
	 */

199
	isTrusted(): boolean;

200
}

201


202
/**

203
 * Query interface for operations on all extensions within a specific account

204
 */

205
export interface IAccountExtensionsQuery extends IBaseQuery {

206
	readonly accountName: string;

207


208
	/**

209
	 * Get all extensions that have access to this account with their trusted state

210
	 * @returns Array of objects containing extension data including trusted state

211
	 */

212
	getAllowedExtensions(): { id: string; name: string; allowed?: boolean; lastUsed?: number; trusted?: boolean }[];

213


214
	/**

215
	 * Grant access to this account for all specified extensions

216
	 * @param extensionIds Array of extension IDs to grant access to

217
	 */

218
	allowAccess(extensionIds: string[]): void;

219


220
	/**

221
	 * Remove access to this account for all specified extensions

222
	 * @param extensionIds Array of extension IDs to remove access from

223
	 */

224
	removeAccess(extensionIds: string[]): void;

225


226
	/**

227
	 * Execute a callback for each extension that has used this account

228
	 * @param callback Function to execute for each extension

229
	 */

230
	forEach(callback: (extensionQuery: IAccountExtensionQuery) => void): void;

231
}

232


233
/**

234
 * Query interface for operations on all MCP servers within a specific account

235
 */

236
export interface IAccountMcpServersQuery extends IBaseQuery {

237
	readonly accountName: string;

238


239
	/**

240
	 * Get all MCP servers that have access to this account with their trusted state

241
	 * @returns Array of objects containing MCP server data including trusted state

242
	 */

243
	getAllowedMcpServers(): { id: string; name: string; allowed?: boolean; lastUsed?: number; trusted?: boolean }[];

244


245
	/**

246
	 * Grant access to this account for all specified MCP servers

247
	 * @param mcpServerIds Array of MCP server IDs to grant access to

248
	 */

249
	allowAccess(mcpServerIds: string[]): void;

250


251
	/**

252
	 * Remove access to this account for all specified MCP servers

253
	 * @param mcpServerIds Array of MCP server IDs to remove access from

254
	 */

255
	removeAccess(mcpServerIds: string[]): void;

256


257
	/**

258
	 * Execute a callback for each MCP server that has used this account

259
	 * @param callback Function to execute for each MCP server

260
	 */

261
	forEach(callback: (mcpServerQuery: IAccountMcpServerQuery) => void): void;

262
}

263


264
/**

265
 * Query interface for type-agnostic operations on all entities (extensions and MCP servers) within a specific account

266
 */

267
export interface IAccountEntitiesQuery extends IBaseQuery {

268
	readonly accountName: string;

269


270
	/**

271
	 * Check if this account has been used by any entity (extension or MCP server)

272
	 * @returns True if the account has been used, false otherwise

273
	 */

274
	hasAnyUsage(): boolean;

275


276
	/**

277
	 * Get the total count of entities that have used this account

278
	 * @returns Object with counts for extensions and MCP servers

279
	 */

280
	getEntityCount(): { extensions: number; mcpServers: number; total: number };

281


282
	/**

283
	 * Remove access to this account for all entities (extensions and MCP servers)

284
	 */

285
	removeAllAccess(): void;

286


287
	/**

288
	 * Execute a callback for each entity that has used this account

289
	 * @param callback Function to execute for each entity

290
	 */

291
	forEach(callback: (entityId: string, entityType: 'extension' | 'mcpServer') => void): void;

292
}

293


294
/**

295
 * Query interface for operations on a specific extension within a provider

296
 */

297
export interface IProviderExtensionQuery extends IBaseQuery {

298
	readonly extensionId: string;

299


300
	/**

301
	 * Get the preferred account for this extension within this provider

302
	 * @returns The account name, or undefined if no preference is set

303
	 */

304
	getPreferredAccount(): string | undefined;

305


306
	/**

307
	 * Set the preferred account for this extension within this provider

308
	 * @param account The account to set as preferred

309
	 */

310
	setPreferredAccount(account: AuthenticationSessionAccount): void;

311


312
	/**

313
	 * Remove the account preference for this extension within this provider

314
	 */

315
	removeAccountPreference(): void;

316
}

317


318
/**

319
 * Query interface for operations on a specific MCP server within a provider

320
 */

321
export interface IProviderMcpServerQuery extends IBaseQuery {

322
	readonly mcpServerId: string;

323


324
	/**

325
	 * Get the last used account for this MCP server within a provider

326
	 * @returns The account name, or undefined if no preference is set

327
	 */

328
	getLastUsedAccount(): Promise<string | undefined>;

329


330
	/**

331
	 * Get the preferred account for this MCP server within a provider

332
	 * @returns The account name, or undefined if no preference is set

333
	 */

334
	getPreferredAccount(): string | undefined;

335


336
	/**

337
	 * Set the preferred account for this MCP server within a provider

338
	 * @param account The account to set as preferred

339
	 */

340
	setPreferredAccount(account: AuthenticationSessionAccount): void;

341


342
	/**

343
	 * Remove the account preference for this MCP server within a provider

344
	 */

345
	removeAccountPreference(): void;

346


347
	/**

348
	 * Get all accounts that this MCP server has used within this provider

349
	 * @returns Array of account names

350
	 */

351
	getUsedAccounts(): Promise<string[]>;

352
}

353


354
/**

355
 * Query interface for provider-scoped operations

356
 */

357
export interface IProviderQuery extends IBaseQuery {

358
	/**

359
	 * Get operations for a specific account within this provider

360
	 * @param accountName The account name

361
	 * @returns An account query interface

362
	 */

363
	account(accountName: string): IAccountQuery;

364


365
	/**

366
	 * Get operations for a specific extension within this provider

367
	 * @param extensionId The extension id

368
	 * @returns A provider-extension query interface

369
	 */

370
	extension(extensionId: string): IProviderExtensionQuery;

371


372
	/**

373
	 * Get operations for a specific MCP server within this provider

374
	 * @param mcpServerId The MCP server id

375
	 * @returns A provider-MCP server query interface

376
	 */

377
	mcpServer(mcpServerId: string): IProviderMcpServerQuery;

378


379
	/**

380
	 * Get information about active entities (extensions and MCP servers) within this provider

381
	 * @returns Information about entities that have used authentication

382
	 */

383
	getActiveEntities(): Promise<IActiveEntities>;

384


385
	/**

386
	 * Get all account names for this provider

387
	 * @returns Array of account names

388
	 */

389
	getAccountNames(): Promise<string[]>;

390


391
	/**

392
	 * Get usage statistics for this provider

393
	 * @returns Usage statistics

394
	 */

395
	getUsageStats(): Promise<IAuthenticationUsageStats>;

396


397
	/**

398
	 * Execute a callback for each account in this provider

399
	 * @param callback Function to execute for each account

400
	 */

401
	forEachAccount(callback: (accountQuery: IAccountQuery) => void): Promise<void>;

402
}

403


404
/**

405
 * Query interface for extension-scoped operations (cross-provider)

406
 */

407
export interface IExtensionQuery {

408
	readonly extensionId: string;

409


410
	/**

411
	 * Get all providers where this extension has access

412
	 * @param includeInternal Whether to include internal providers (starting with INTERNAL_AUTH_PROVIDER_PREFIX)

413
	 * @returns Array of provider IDs

414
	 */

415
	getProvidersWithAccess(includeInternal?: boolean): Promise<string[]>;

416


417
	/**

418
	 * Get account preferences for this extension across all providers

419
	 * @param includeInternal Whether to include internal providers (starting with INTERNAL_AUTH_PROVIDER_PREFIX)

420
	 * @returns Map of provider ID to account name

421
	 */

422
	getAllAccountPreferences(includeInternal?: boolean): Map<string, string>;

423


424
	/**

425
	 * Get operations for this extension within a specific provider

426
	 * @param providerId The provider ID

427
	 * @returns A provider-extension query interface

428
	 */

429
	provider(providerId: string): IProviderExtensionQuery;

430
}

431


432
/**

433
 * Query interface for MCP server-scoped operations (cross-provider)

434
 */

435
export interface IMcpServerQuery {

436
	readonly mcpServerId: string;

437


438
	/**

439
	 * Get all providers where this MCP server has access

440
	 * @param includeInternal Whether to include internal providers (starting with INTERNAL_AUTH_PROVIDER_PREFIX)

441
	 * @returns Array of provider IDs

442
	 */

443
	getProvidersWithAccess(includeInternal?: boolean): Promise<string[]>;

444


445
	/**

446
	 * Get account preferences for this MCP server across all providers

447
	 * @param includeInternal Whether to include internal providers (starting with INTERNAL_AUTH_PROVIDER_PREFIX)

448
	 * @returns Map of provider ID to account name

449
	 */

450
	getAllAccountPreferences(includeInternal?: boolean): Map<string, string>;

451


452
	/**

453
	 * Get operations for this MCP server within a specific provider

454
	 * @param providerId The provider ID

455
	 * @returns A provider-MCP server query interface

456
	 */

457
	provider(providerId: string): IProviderMcpServerQuery;

458
}

459


460
/**

461
 * Main authentication query service interface

462
 */

463
export const IAuthenticationQueryService = createDecorator<IAuthenticationQueryService>('IAuthenticationQueryService');

464
export interface IAuthenticationQueryService {

465
	readonly _serviceBrand: undefined;

466


467
	/**

468
	 * Fires when authentication preferences change

469
	 */

470
	readonly onDidChangePreferences: Event<{

471
		readonly providerId: string;

472
		readonly entityType: 'extension' | 'mcpServer';

473
		readonly entityIds: string[];

474
	}>;

475


476
	/**

477
	 * Fires when authentication access permissions change

478
	 */

479
	readonly onDidChangeAccess: Event<{

480
		readonly providerId: string;

481
		readonly accountName: string;

482
	}>;

483


484
	/**

485
	 * Get operations for a specific authentication provider

486
	 * @param providerId The authentication provider id

487
	 * @returns A provider query interface

488
	 */

489
	provider(providerId: string): IProviderQuery;

490


491
	/**

492
	 * Get operations for a specific extension across all providers

493
	 * @param extensionId The extension id

494
	 * @returns An extension query interface

495
	 */

496
	extension(extensionId: string): IExtensionQuery;

497


498
	/**

499
	 * Get operations for a specific MCP server across all providers

500
	 * @param mcpServerId The MCP server id

501
	 * @returns An MCP server query interface

502
	 */

503
	mcpServer(mcpServerId: string): IMcpServerQuery;

504


505
	/**

506
	 * Get all available provider IDs

507
	 * @returns Array of provider IDs

508
	 */

509
	getProviderIds(): string[];

510


511
	/**

512
	 * Clear all authentication data (for testing/debugging purposes)

513
	 * @param confirmation Must be 'CLEAR_ALL_AUTH_DATA' to confirm

514
	 * @param includeInternal Whether to include internal providers (defaults to true for complete clearing)

515
	 */

516
	clearAllData(confirmation: 'CLEAR_ALL_AUTH_DATA', includeInternal?: boolean): Promise<void>;

517
}

518


519