chore: expand provider catalog — MCP/LLM providers, type fixes, JSONC migration

src/authsome/auth/bundled_providers/ahrefs.json → src/authsome/auth/bundled_providers/ahrefs.jsonc

@@ -1,3 +1,7 @@
+// Ahrefs
+// SEO intelligence, backlink analysis, and keyword research APIs.
+// auth: api_key | flow: api_key
+// API keys are workspace-level; generate at ahrefs.com/user/api.
 {
   "schema_version": 1,
   "name": "ahrefs",
@@ -16,3 +20,4 @@
     "AHREFS_API_KEY": "API_TOKEN"
   }
 }
+

src/authsome/auth/bundled_providers/anthropic.jsonc

@@ -0,0 +1,26 @@
+// Anthropic
+// API key access to Claude models via the Anthropic Messages API.
+// auth: api_key | flow: api_key
+// Anthropic uses x-api-key header — NOT Authorization Bearer like most providers.
+// Keys begin with "sk-ant-" and are generated at console.anthropic.com/keys.
+{
+  "schema_version": 1,
+  "name": "anthropic",
+  "display_name": "Anthropic",
+  "logo": "img.logo.dev/name/anthropic",
+  "description": "Anthropic API key for Claude model inference and the Messages API.",
+  "type": "llm",
+  "auth_type": "api_key",
+  "flow": "api_key",
+  "api_url": "https://api.anthropic.com",
+  "api_key": {
+    "header_name": "x-api-key",
+    "header_prefix": null,
+    "env_var": "ANTHROPIC_API_KEY",
+    "key_pattern": "^sk-ant-[A-Za-z0-9_-]+$",
+    "key_pattern_hint": "Anthropic API keys start with 'sk-ant-'. Generate one at console.anthropic.com/keys."
+  },
+  "export": {
+    "ANTHROPIC_API_KEY": "API_TOKEN"
+  }
+}

src/authsome/auth/bundled_providers/apollo.json → src/authsome/auth/bundled_providers/apollo.jsonc

@@ -1,3 +1,7 @@
+// Apollo
+// Sales intelligence and prospecting data for go-to-market workflows.
+// auth: api_key | flow: api_key
+// API keys are found at app.apollo.io/#/settings/integrations/api.
 {
   "schema_version": 1,
   "name": "apollo",
@@ -16,3 +20,4 @@
     "APOLLO_API_KEY": "API_TOKEN"
   }
 }
+

src/authsome/auth/bundled_providers/ashby.json → src/authsome/auth/bundled_providers/ashby.jsonc

@@ -1,3 +1,7 @@
+// Ashby
+// Recruiting operations, candidate data, and hiring workflow automation.
+// auth: api_key | flow: api_key
+// API keys are org-level; generate at app.ashbyhq.com/settings/api-keys.
 {
   "schema_version": 1,
   "name": "ashby",
@@ -16,3 +20,4 @@
     "ASHBY_API_KEY": "API_TOKEN"
   }
 }
+

src/authsome/auth/bundled_providers/atlassian.json → src/authsome/auth/bundled_providers/atlassian.jsonc

@@ -1,3 +1,7 @@
+// Atlassian
+// Jira and Atlassian workspace APIs for project and issue management.
+// auth: oauth2 | flow: pkce
+// OAuth scopes cover both Jira and Confluence — add granular scopes as needed.
 {
   "schema_version": 1,
   "name": "atlassian",
@@ -28,3 +32,4 @@
     "ATLASSIAN_ACCESS_TOKEN": "ACCESS_TOKEN"
   }
 }
+

src/authsome/auth/bundled_providers/bedrock.jsonc

@@ -0,0 +1,26 @@
+// AWS Bedrock
+// AWS IAM access key for invoking foundation models via Amazon Bedrock.
+// auth: api_key | flow: api_key
+// The "API key" stored here is the AWS_ACCESS_KEY_ID. You must also set
+// AWS_SECRET_ACCESS_KEY and AWS_DEFAULT_REGION in your environment.
+// Bedrock uses AWS Signature V4 — the sdk/boto3 picks up credentials from env automatically.
+{
+  "schema_version": 1,
+  "name": "bedrock",
+  "display_name": "AWS Bedrock",
+  "logo": "img.logo.dev/name/amazon-web-services",
+  "description": "AWS IAM credentials for Amazon Bedrock foundation model inference.",
+  "type": "llm",
+  "auth_type": "api_key",
+  "flow": "api_key",
+  "api_url": "https://bedrock-runtime.us-east-1.amazonaws.com",
+  "api_key": {
+    "header_name": "X-Amz-Security-Token",
+    "header_prefix": null,
+    "env_var": "AWS_ACCESS_KEY_ID",
+    "key_pattern_hint": "Enter your AWS Access Key ID (AKIA... or ASIA...). Also set AWS_SECRET_ACCESS_KEY and AWS_DEFAULT_REGION."
+  },
+  "export": {
+    "AWS_ACCESS_KEY_ID": "API_TOKEN"
+  }
+}

src/authsome/auth/bundled_providers/beehiiv.json → src/authsome/auth/bundled_providers/beehiiv.jsonc

@@ -1,3 +1,7 @@
+// Beehiiv
+// Newsletter publishing, subscribers, and audience growth automation.
+// auth: api_key | flow: api_key
+// API keys are publication-level; generate at app.beehiiv.com/settings/integrations.
 {
   "schema_version": 1,
   "name": "beehiiv",
@@ -16,3 +20,4 @@
     "BEEHIIV_API_KEY": "API_TOKEN"
   }
 }
+

src/authsome/auth/bundled_providers/brave-search-mcp.jsonc

@@ -0,0 +1,25 @@
+// Brave Search MCP
+// API key for the Brave Search remote MCP server.
+// auth: api_key | flow: api_key
+// The key is injected as a Bearer token when connecting the MCP client to the server URL.
+// Keys are generated at brave.com/search/api/.
+{
+  "schema_version": 1,
+  "name": "brave-search-mcp",
+  "display_name": "Brave Search MCP",
+  "logo": "img.logo.dev/name/brave",
+  "description": "Brave Search API key for the remote MCP server — enables agents to search the web via MCP.",
+  "type": "mcp",
+  "auth_type": "api_key",
+  "flow": "api_key",
+  "api_url": "https://api.search.brave.com/mcp",
+  "api_key": {
+    "header_name": "Authorization",
+    "header_prefix": "Bearer",
+    "env_var": "BRAVE_API_KEY",
+    "key_pattern_hint": "Brave Search API keys are generated at brave.com/search/api/."
+  },
+  "export": {
+    "BRAVE_API_KEY": "API_TOKEN"
+  }
+}

src/authsome/auth/bundled_providers/brevo.json → src/authsome/auth/bundled_providers/brevo.jsonc

@@ -1,3 +1,7 @@
+// Brevo
+// Email marketing, transactional messaging, and contact management APIs.
+// auth: api_key | flow: api_key
+// Brevo was formerly Sendinblue. Keys at app.brevo.com/settings/keys/api.
 {
   "schema_version": 1,
   "name": "brevo",
@@ -16,3 +20,4 @@
     "BREVO_API_KEY": "API_TOKEN"
   }
 }
+

src/authsome/auth/bundled_providers/buffer.json → src/authsome/auth/bundled_providers/buffer.jsonc

@@ -1,3 +1,7 @@
+// Buffer
+// Social scheduling and publishing workflows for connected channels.
+// auth: api_key | flow: api_key
+// Scopes cover multiple social channels; remove scopes for channels you don't need.
 {
   "schema_version": 1,
   "name": "buffer",
@@ -16,3 +20,4 @@
     "BUFFER_API_KEY": "API_TOKEN"
   }
 }
+

src/authsome/auth/bundled_providers/calendly.json → src/authsome/auth/bundled_providers/calendly.jsonc

@@ -1,3 +1,7 @@
+// Calendly
+// Scheduling links, events, invitees, and calendar booking automation.
+// auth: api_key | flow: api_key
+// OAuth token provides access to the user's event types and scheduled events.
 {
   "schema_version": 1,
   "name": "calendly",
@@ -16,3 +20,4 @@
     "CALENDLY_API_KEY": "API_TOKEN"
   }
 }
+

src/authsome/auth/bundled_providers/clearbit.json → src/authsome/auth/bundled_providers/clearbit.jsonc

@@ -1,3 +1,7 @@
+// Clearbit
+// Company and contact enrichment data for sales and marketing workflows.
+// auth: api_key | flow: api_key
+// API keys are account-level; some endpoints require different keys (Enrichment vs. Reveal).
 {
   "schema_version": 1,
   "name": "clearbit",
@@ -16,3 +20,4 @@
     "CLEARBIT_API_KEY": "API_TOKEN"
   }
 }
+

src/authsome/auth/bundled_providers/cloudflare-mcp.jsonc

@@ -0,0 +1,27 @@
+// Cloudflare MCP
+// Cloudflare API token for the remote Cloudflare MCP server.
+// auth: api_key | flow: api_key
+// Distinct from the cloudflare.jsonc app provider which covers the REST API.
+// This provider targets the Cloudflare remote MCP server endpoint.
+// Create a scoped API token at dash.cloudflare.com/profile/api-tokens.
+{
+  "schema_version": 1,
+  "name": "cloudflare-mcp",
+  "display_name": "Cloudflare MCP",
+  "logo": "img.logo.dev/name/cloudflare",
+  "description": "Cloudflare API token for the remote MCP server — enables agents to manage zones, Workers, and DNS records via MCP.",
+  "type": "mcp",
+  "auth_type": "api_key",
+  "flow": "api_key",
+  "api_url": "https://mcp.cloudflare.com",
+  "api_key": {
+    "header_name": "Authorization",
+    "header_prefix": "Bearer",
+    "env_var": "CLOUDFLARE_API_TOKEN",
+    "key_pattern": "^[A-Za-z0-9_-]{40}$",
+    "key_pattern_hint": "Cloudflare API tokens are 40-character strings. Create a scoped token at dash.cloudflare.com/profile/api-tokens."
+  },
+  "export": {
+    "CLOUDFLARE_API_TOKEN": "API_TOKEN"
+  }
+}

src/authsome/auth/bundled_providers/cloudflare.json → src/authsome/auth/bundled_providers/cloudflare.jsonc

@@ -1,3 +1,7 @@
+// Cloudflare
+// Cloudflare API token access for managing zones, DNS, Workers, and account resources.
+// auth: api_key | flow: api_key
+// Prefer scoped tokens over global API keys. Create at dash.cloudflare.com/profile/api-tokens.
 {
   "schema_version": 1,
   "name": "cloudflare",
@@ -19,3 +23,4 @@
     "CLOUDFLARE_API_TOKEN": "API_TOKEN"
   }
 }
+

src/authsome/auth/bundled_providers/confluence.json → src/authsome/auth/bundled_providers/confluence.jsonc

@@ -1,3 +1,7 @@
+// Confluence
+// Confluence Cloud access for reading and writing pages, spaces, and content via the Confluence REST API.
+// auth: oauth2 | flow: pkce
+// Covered by the Atlassian OAuth provider; this standalone provider uses the Confluence REST API directly.
 {
   "schema_version": 1,
   "name": "confluence",
@@ -29,3 +33,4 @@
     "CONFLUENCE_ACCESS_TOKEN": "ACCESS_TOKEN"
   }
 }
+

src/authsome/auth/bundled_providers/discord.json → src/authsome/auth/bundled_providers/discord.jsonc

@@ -1,3 +1,7 @@
+// Discord
+// Discord identity, guild, and messaging integrations over OAuth.
+// auth: oauth2 | flow: pkce
+// Scopes needed vary by bot — guilds.members.read requires privileged intent approval.
 {
   "schema_version": 1,
   "name": "discord",
@@ -27,3 +31,4 @@
     "DISCORD_ACCESS_TOKEN": "ACCESS_TOKEN"
   }
 }
+

src/authsome/auth/bundled_providers/dub.json → src/authsome/auth/bundled_providers/dub.jsonc

@@ -1,3 +1,7 @@
+// Dub.co
+// Short links, conversion tracking, and link analytics from Dub.co.
+// auth: api_key | flow: api_key
+// API keys are workspace-level; generate at app.dub.co/settings/tokens.
 {
   "schema_version": 1,
   "name": "dub",
@@ -16,3 +20,4 @@
     "DUB_API_KEY": "API_TOKEN"
   }
 }
+

src/authsome/auth/bundled_providers/fireworks.jsonc

@@ -0,0 +1,24 @@
+// Fireworks AI
+// API key access to open-source and fine-tuned models via Fireworks AI.
+// auth: api_key | flow: api_key
+// OpenAI-compatible API. Keys are generated at fireworks.ai/account/api-keys.
+{
+  "schema_version": 1,
+  "name": "fireworks",
+  "display_name": "Fireworks AI",
+  "logo": "img.logo.dev/name/fireworks-ai",
+  "description": "Fireworks AI API key for fast inference on open-source and fine-tuned models.",
+  "type": "llm",
+  "auth_type": "api_key",
+  "flow": "api_key",
+  "api_url": "https://api.fireworks.ai/inference/v1",
+  "api_key": {
+    "header_name": "Authorization",
+    "header_prefix": "Bearer",
+    "env_var": "FIREWORKS_API_KEY",
+    "key_pattern_hint": "Fireworks AI keys are generated at fireworks.ai/account/api-keys."
+  },
+  "export": {
+    "FIREWORKS_API_KEY": "API_TOKEN"
+  }
+}

src/authsome/auth/bundled_providers/g2.json → src/authsome/auth/bundled_providers/g2.jsonc

@@ -1,3 +1,7 @@
+// G2
+// Review, buyer intent, and marketplace data from G2.
+// auth: api_key | flow: api_key
+// G2 has two key types: public (read) and private (write). Use private only if needed.
 {
   "schema_version": 1,
   "name": "g2",
@@ -16,3 +20,4 @@
     "G2_API_TOKEN": "API_TOKEN"
   }
 }
+

src/authsome/auth/bundled_providers/github-mcp.jsonc

@@ -0,0 +1,28 @@
+// GitHub MCP
+// GitHub personal access token for the remote GitHub MCP server.
+// auth: api_key | flow: api_key
+// Distinct from the GitHub OAuth provider (github.jsonc) which uses PKCE/device-code.
+// This provider stores a fine-grained PAT injected as Bearer token at the MCP endpoint.
+// Prefer fine-grained tokens scoped to only the repos and permissions the agent needs.
+{
+  "schema_version": 1,
+  "name": "github-mcp",
+  "display_name": "GitHub MCP",
+  "logo": "img.logo.dev/name/github",
+  "description": "GitHub personal access token for the remote MCP server — enables agents to manage repos, issues, and PRs via MCP.",
+  "type": "mcp",
+  "auth_type": "api_key",
+  "flow": "api_key",
+  "api_url": "https://api.githubcopilot.com/mcp",
+  "api_key": {
+    "header_name": "Authorization",
+    "header_prefix": "Bearer",
+    "env_var": "GITHUB_TOKEN",
+    "key_pattern": "^(ghp_|github_pat_)[A-Za-z0-9_]+$",
+    "key_pattern_hint": "GitHub tokens start with 'ghp_' (classic) or 'github_pat_' (fine-grained). Create one at github.com/settings/tokens."
+  },
+  "export": {
+    "GITHUB_TOKEN": "API_TOKEN",
+    "GH_TOKEN": "API_TOKEN"
+  }
+}

src/authsome/auth/bundled_providers/github.json → src/authsome/auth/bundled_providers/github.jsonc

@@ -1,3 +1,7 @@
+// GitHub
+// Connect GitHub to manage repositories, pull requests, users, and developer automation with vault-backed credentials.
+// auth: oauth2 | flow: pkce
+// Fine-grained PATs are preferred over classic tokens. Device-code flow is supported for headless envs.
 {
   "schema_version": 1,
   "name": "github",
@@ -31,3 +35,4 @@
   },
   "docs_url": "https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/managing-your-personal-access-tokens"
 }
+

src/authsome/auth/bundled_providers/gitlab.json → src/authsome/auth/bundled_providers/gitlab.jsonc

@@ -1,3 +1,7 @@
+// GitLab
+// GitLab repositories, user data, and project automation over OAuth.
+// auth: oauth2 | flow: pkce
+// Scopes: 'api' covers full access; prefer granular scopes in production.
 {
   "schema_version": 1,
   "name": "gitlab",
@@ -29,3 +33,4 @@
     "GITLAB_ACCESS_TOKEN": "ACCESS_TOKEN"
   }
 }
+

src/authsome/auth/bundled_providers/google-admin.json → src/authsome/auth/bundled_providers/google-admin.jsonc

@@ -1,3 +1,7 @@
+// Google Admin
+// Google Workspace Admin access for managing users, groups, and organizational units via the Admin SDK.
+// auth: oauth2 | flow: pkce
+// Requires Google Workspace domain admin privileges; not available to personal Gmail accounts.
 {
   "schema_version": 1,
   "name": "google-admin",
@@ -27,3 +31,4 @@
     "GOOGLE_ADMIN_ACCESS_TOKEN": "ACCESS_TOKEN"
   }
 }
+

src/authsome/auth/bundled_providers/google-analytics.json → src/authsome/auth/bundled_providers/google-analytics.jsonc

@@ -1,3 +1,7 @@
+// Google Analytics
+// Google Analytics access for reading web analytics data via the Analytics Data API.
+// auth: oauth2 | flow: pkce
+// Scopes cover GA4; UA properties use different APIs and are deprecated.
 {
   "schema_version": 1,
   "name": "google-analytics",
@@ -26,3 +30,4 @@
     "GOOGLE_ANALYTICS_ACCESS_TOKEN": "ACCESS_TOKEN"
   }
 }
+