()
| 15 | |
| 16 | // @see : https://posthog.com/docs/advanced/proxy/nextjs |
| 17 | async rewrites() { |
| 18 | return [ |
| 19 | { |
| 20 | source: "/ingest/static/:path*", |
| 21 | destination: `https://us-assets.i.posthog.com/static/:path*`, |
| 22 | }, |
| 23 | { |
| 24 | source: "/ingest/:path*", |
| 25 | destination: `https://us.i.posthog.com/:path*`, |
| 26 | }, |
| 27 | { |
| 28 | source: "/ingest/decide", |
| 29 | destination: `https://us.i.posthog.com/decide`, |
| 30 | }, |
| 31 | // Expose OAuth discovery documents at canonical RFC paths (without /api/ee prefix) |
| 32 | // so MCP clients and OAuth tools can find them via standard discovery. |
| 33 | // |
| 34 | // RFC 8414: /.well-known/oauth-authorization-server |
| 35 | { |
| 36 | source: "/.well-known/oauth-authorization-server", |
| 37 | destination: "/api/ee/.well-known/oauth-authorization-server", |
| 38 | }, |
| 39 | // RFC 9728: path-specific form /.well-known/oauth-protected-resource/{resource-path} |
| 40 | { |
| 41 | source: "/.well-known/oauth-protected-resource/:path*", |
| 42 | destination: "/api/ee/.well-known/oauth-protected-resource/:path*", |
| 43 | }, |
| 44 | // Non-spec fallback: some MCP clients (observed in Claude Code and Cursor) guess |
| 45 | // /register as the Dynamic Client Registration endpoint (RFC 7591) when OAuth |
| 46 | // Authorization Server Metadata discovery fails entirely. This happens when the |
| 47 | // instance does not hold an enterprise license, causing all well-known endpoints |
| 48 | // to return 404. Per the MCP spec, clients should only attempt Dynamic Client |
| 49 | // Registration if the authorization server advertises a registration_endpoint in |
| 50 | // its metadata — guessing the URL is not spec-compliant behavior. This rewrite |
| 51 | // ensures those requests reach the actual endpoint rather than hitting a 404. |
| 52 | { |
| 53 | source: "/register", |
| 54 | destination: "/api/ee/oauth/register", |
| 55 | }, |
| 56 | // The MCP server lives under /api/ee/mcp so it sits in the EE-licensed |
| 57 | // route tree, but is exposed at the stable, public /api/mcp path that |
| 58 | // existing MCP client configurations point at. |
| 59 | { |
| 60 | source: "/api/mcp", |
| 61 | destination: "/api/ee/mcp", |
| 62 | } |
| 63 | ]; |
| 64 | }, |
| 65 | // This is required to support PostHog trailing slash API requests |
| 66 | skipTrailingSlashRedirect: true, |
| 67 |
nothing calls this directly
no outgoing calls
no test coverage detected