@better-i18n/mcp 0.19.1 → 0.21.0

package/dist/index.d.ts

@@ -1,12 +1,32 @@
 #!/usr/bin/env node
 /**
- * Better i18n MCP Server — stdio transport
+ * @better-i18n/mcp — stdio MCP server for Claude Code / Cursor / Codex.
  *
- * Model Context Protocol server for Better i18n translation management.
- * Enables AI assistants (Claude, ChatGPT, etc.) to manage translations
- * directly from IDEs like Cursor.
+ * Bridges an MCP client (stdio) to Better i18n's remote MCP endpoint
+ * (Streamable HTTP at https://mcp.better-i18n.com/mcp).
  *
- * For HTTP transport (OpenAI, Codex, Agents SDK), see http.ts.
+ * Two auth modes:
+ *   - OAuth (default): no key needed. First run opens your browser to
+ *     sign in to Better i18n; tokens are cached in ~/.better-i18n and
+ *     refreshed automatically on later runs.
+ *   - API key: set BETTER_I18N_API_KEY=bi-… for headless tools (CI, scripts).
+ *
+ * The tool catalog is forwarded from the server — never hard-coded here,
+ * so new tools ship on an API deploy without an npm release.
+ *
+ * Config:
+ *   {
+ *     "mcpServers": {
+ *       "better-i18n": { "command": "npx", "args": ["-y", "@better-i18n/mcp@latest"] }
+ *     }
+ *   }
+ *
+ * Env / flags:
+ *   --local / BETTER_I18N_LOCAL  → http://localhost:8788
+ *   BETTER_I18N_MCP_URL          → explicit MCP endpoint host override
+ *   BETTER_I18N_API_KEY          → use API-key auth instead of OAuth
+ *   --debug / BETTER_I18N_DEBUG  → verbose stderr logging
+ *   BETTER_I18N_OAUTH_PORT       → loopback callback port (default 8976)
  */
 export {};
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA;;;;;;;;GAQG"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG"}

package/dist/index.js

@@ -1,43 +1,221 @@
 #!/usr/bin/env node
 /**
- * Better i18n MCP Server — stdio transport
+ * @better-i18n/mcp — stdio MCP server for Claude Code / Cursor / Codex.
  *
- * Model Context Protocol server for Better i18n translation management.
- * Enables AI assistants (Claude, ChatGPT, etc.) to manage translations
- * directly from IDEs like Cursor.
+ * Bridges an MCP client (stdio) to Better i18n's remote MCP endpoint
+ * (Streamable HTTP at https://mcp.better-i18n.com/mcp).
  *
- * For HTTP transport (OpenAI, Codex, Agents SDK), see http.ts.
+ * Two auth modes:
+ *   - OAuth (default): no key needed. First run opens your browser to
+ *     sign in to Better i18n; tokens are cached in ~/.better-i18n and
+ *     refreshed automatically on later runs.
+ *   - API key: set BETTER_I18N_API_KEY=bi-… for headless tools (CI, scripts).
+ *
+ * The tool catalog is forwarded from the server — never hard-coded here,
+ * so new tools ship on an API deploy without an npm release.
+ *
+ * Config:
+ *   {
+ *     "mcpServers": {
+ *       "better-i18n": { "command": "npx", "args": ["-y", "@better-i18n/mcp@latest"] }
+ *     }
+ *   }
+ *
+ * Env / flags:
+ *   --local / BETTER_I18N_LOCAL  → http://localhost:8788
+ *   BETTER_I18N_MCP_URL          → explicit MCP endpoint host override
+ *   BETTER_I18N_API_KEY          → use API-key auth instead of OAuth
+ *   --debug / BETTER_I18N_DEBUG  → verbose stderr logging
+ *   BETTER_I18N_OAUTH_PORT       → loopback callback port (default 8976)
  */
 import { createRequire } from "node:module";
+import { createServer } from "node:http";
+import { Client } from "@modelcontextprotocol/sdk/client/index.js";
+import { StreamableHTTPClientTransport } from "@modelcontextprotocol/sdk/client/streamableHttp.js";
+import { UnauthorizedError } from "@modelcontextprotocol/sdk/client/auth.js";
+import { Server } from "@modelcontextprotocol/sdk/server/index.js";
 import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
-import { resolveConfig, createConfiguredServer, createBetterI18nClient, } from "./server.js";
+import { CallToolRequestSchema, ListToolsRequestSchema, } from "@modelcontextprotocol/sdk/types.js";
+import { NodeOAuthProvider } from "./oauth-provider.js";
 const require = createRequire(import.meta.url);
 const pkg = require("../package.json");
-async function main() {
-    const config = resolveConfig();
-    console.error(`[better-i18n] Mode: ${config.isLocalDev ? "LOCAL DEV" : "PRODUCTION"}`);
-    console.error(`[better-i18n] API URL: ${config.apiUrl}`);
-    if (!config.apiKey) {
-        console.error("[better-i18n] ERROR: BETTER_I18N_API_KEY environment variable is required");
-        console.error("[better-i18n] Get your API key from: https://dash.better-i18n.com/settings/api-keys");
-        process.exit(1);
+const VERSION = pkg.version;
+const LOCAL_MCP_URL = "http://localhost:8788";
+const PROD_MCP_URL = "https://mcp.better-i18n.com";
+const DEFAULT_OAUTH_PORT = 8976;
+function resolveConfig() {
+    const argv = process.argv.slice(2);
+    const local = argv.includes("--local") ||
+        process.env.BETTER_I18N_LOCAL === "true" ||
+        process.env.BETTER_I18N_LOCAL === "1";
+    const mcpUrl = process.env.BETTER_I18N_MCP_URL || (local ? LOCAL_MCP_URL : PROD_MCP_URL);
+    const apiKey = process.env.BETTER_I18N_API_KEY;
+    const debug = process.env.BETTER_I18N_DEBUG === "true" || argv.includes("--debug");
+    const oauthPort = Number(process.env.BETTER_I18N_OAUTH_PORT) || DEFAULT_OAUTH_PORT;
+    return { mcpUrl, apiKey, debug, local, oauthPort };
+}
+function log(debug, ...args) {
+    if (debug)
+        console.error("[better-i18n-mcp]", ...args);
+}
+/**
+ * Branded HTML for the OAuth loopback redirect — Better i18n login screen:
+ * single logo, status card, light/dark aware.
+ */
+function renderCallbackPage(status, detail) {
+    const isSuccess = status === "success";
+    return `<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="utf-8" />
+<meta name="viewport" content="width=device-width, initial-scale=1" />
+<title>Better i18n MCP</title>
+<style>
+  * { margin: 0; padding: 0; box-sizing: border-box; }
+  body { font-family: system-ui, -apple-system, sans-serif; min-height: 100vh; display: flex; align-items: center; justify-content: center; background: #fafafa; color: #111; }
+  @media (prefers-color-scheme: dark) { body { background: #0a0a0a; color: #fafafa; } }
+  .page { width: 480px; max-width: 100%; padding: 0 16px; text-align: center; }
+  .logos { display: flex; align-items: center; justify-content: center; margin-bottom: 20px; }
+  .logo-circle { width: 64px; height: 64px; border-radius: 50%; border: 1px solid #e5e5e5; background: #fff; display: flex; align-items: center; justify-content: center; }
+  @media (prefers-color-scheme: dark) { .logo-circle { border-color: #262626; background: #171717; } }
+  h1 { font-size: 22px; font-weight: 600; margin-bottom: 24px; }
+  .card { overflow: hidden; border-radius: 12px; border: 1px solid #e5e5e5; background: #fff; text-align: center; }
+  @media (prefers-color-scheme: dark) { .card { border-color: #262626; background: #171717; } }
+  .card-body { padding: 28px 24px; }
+  .icon-wrap { width: 48px; height: 48px; border-radius: 50%; display: flex; align-items: center; justify-content: center; margin: 0 auto 16px; }
+  .icon-success { background: #ecfdf5; color: #059669; }
+  @media (prefers-color-scheme: dark) { .icon-success { background: rgba(16,185,129,0.12); color: #34d399; } }
+  .icon-error { background: #fef2f2; color: #dc2626; }
+  @media (prefers-color-scheme: dark) { .icon-error { background: rgba(220,38,38,0.12); color: #f87171; } }
+  .title { font-size: 15px; font-weight: 600; margin-bottom: 6px; }
+  .desc { font-size: 13px; color: #6b7280; line-height: 1.5; }
+  @media (prefers-color-scheme: dark) { .desc { color: #9ca3af; } }
+  .footer { padding: 0 24px 20px; text-align: center; font-size: 12px; color: #9ca3af; }
+  @media (prefers-color-scheme: dark) { .footer { color: #6b7280; } }
+</style>
+</head>
+<body>
+<div class="page">
+  <div class="logos">
+    <div class="logo-circle">
+      <svg width="30" height="30" viewBox="0 0 42 42" fill="none"><path fill-rule="evenodd" clip-rule="evenodd" d="M28.7 0H12.8L0 12.8V28.7L12.8 41.5H28.7L41.5 28.7V12.8L28.7 0ZM15 28.9L6.80002 20.7L15 12.5C18.1 9.4 23.2 9.4 26.3 12.5L34.5 20.7L26.3 28.9C23.2 32 18.2 32 15 28.9Z" fill="currentColor"/></svg>
+    </div>
+  </div>
+
+  <h1>${isSuccess ? "Better i18n connected" : "Connection failed"}</h1>
+
+  <div class="card">
+    <div class="card-body">
+      <div class="icon-wrap ${isSuccess ? "icon-success" : "icon-error"}">
+        ${isSuccess
+        ? '<svg width="22" height="22" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2.4" stroke-linecap="round" stroke-linejoin="round"><path d="M20 6 9 17l-5-5"/></svg>'
+        : '<svg width="22" height="22" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2.4" stroke-linecap="round" stroke-linejoin="round"><line x1="18" y1="6" x2="6" y2="18"/><line x1="6" y1="6" x2="18" y2="18"/></svg>'}
+      </div>
+      <p class="title">${isSuccess ? "You're all set" : "Something went wrong"}</p>
+      <p class="desc">${isSuccess ? "You can close this tab and return to your editor." : detail || "No authorization code was received. Please try connecting again."}</p>
+    </div>
+    <p class="footer">${isSuccess ? "Your AI client is now connected to Better i18n." : "If this keeps happening, check that you're signed in to Better i18n."}</p>
+  </div>
+</div>
+</body>
+</html>`;
+}
+/**
+ * Wait for the OAuth provider's loopback redirect, resolving with the
+ * authorization code. Runs a one-shot HTTP server on the callback port.
+ */
+function waitForAuthCode(port) {
+    let resolveCode;
+    let rejectCode;
+    const promise = new Promise((res, rej) => {
+        resolveCode = res;
+        rejectCode = rej;
+    });
+    const server = createServer((req, res) => {
+        const url = new URL(req.url ?? "/", `http://localhost:${port}`);
+        if (url.pathname !== "/callback") {
+            res.writeHead(404).end();
+            return;
+        }
+        const code = url.searchParams.get("code");
+        const error = url.searchParams.get("error");
+        res.writeHead(200, { "Content-Type": "text/html; charset=utf-8" });
+        if (code) {
+            res.end(renderCallbackPage("success"));
+            resolveCode(code);
+        }
+        else {
+            res.end(renderCallbackPage("error", error ?? undefined));
+            rejectCode(new Error(error ?? "Authorization failed"));
+        }
+    });
+    server.listen(port);
+    return { promise, close: () => server.close() };
+}
+/**
+ * Connect an SDK Client to the remote MCP endpoint, performing the OAuth
+ * dance interactively if needed. Returns the connected client.
+ */
+async function connectRemote(cfg) {
+    const url = new URL(`${cfg.mcpUrl}/mcp`);
+    const client = new Client({ name: "better-i18n-bridge", version: VERSION }, { capabilities: {} });
+    // API-key mode: simple bearer header, no OAuth.
+    if (cfg.apiKey) {
+        const transport = new StreamableHTTPClientTransport(url, {
+            requestInit: { headers: { Authorization: `Bearer ${cfg.apiKey}` } },
+        });
+        await client.connect(transport);
+        log(cfg.debug, `connected to ${cfg.mcpUrl}${cfg.local ? " (local)" : ""} via API key`);
+        return client;
+    }
+    // OAuth mode: cached tokens → connect; otherwise interactive consent.
+    const redirectUrl = `http://localhost:${cfg.oauthPort}/callback`;
+    const authProvider = new NodeOAuthProvider({ mcpUrl: cfg.mcpUrl, redirectUrl });
+    const makeTransport = () => new StreamableHTTPClientTransport(url, { authProvider });
+    try {
+        await client.connect(makeTransport());
+        log(cfg.debug, `connected to ${cfg.mcpUrl}${cfg.local ? " (local)" : ""} via cached OAuth token`);
+        return client;
     }
-    const apiClient = createBetterI18nClient({
-        apiUrl: config.apiUrl,
-        apiKey: config.apiKey,
-        debug: config.debug,
+    catch (err) {
+        if (!(err instanceof UnauthorizedError))
+            throw err;
+    }
+    // Interactive: provider already opened the browser via redirectToAuthorization
+    // during the failed connect. Catch the loopback redirect, finish auth, reconnect.
+    const callback = waitForAuthCode(cfg.oauthPort);
+    let code;
+    try {
+        code = await callback.promise;
+    }
+    finally {
+        callback.close();
+    }
+    const transport = makeTransport();
+    await transport.finishAuth(code);
+    await client.connect(transport);
+    log(cfg.debug, `connected to ${cfg.mcpUrl}${cfg.local ? " (local)" : ""} via OAuth (fresh login)`);
+    return client;
+}
+async function main() {
+    const cfg = resolveConfig();
+    const remote = await connectRemote(cfg);
+    const server = new Server({ name: "better-i18n", version: VERSION }, { capabilities: { tools: {} } });
+    server.setRequestHandler(ListToolsRequestSchema, async () => {
+        return await remote.listTools();
     });
-    const server = createConfiguredServer(apiClient, {
-        packageName: pkg.name,
-        version: pkg.version,
+    server.setRequestHandler(CallToolRequestSchema, async (request) => {
+        return (await remote.callTool({
+            name: request.params.name,
+            arguments: request.params.arguments,
+        }));
     });
-    console.error("[better-i18n] MCP Server ready");
     const transport = new StdioServerTransport();
     await server.connect(transport);
-    console.error("[better-i18n] MCP Server running on stdio");
+    log(cfg.debug, `bridge ready (v${VERSION})`);
 }
-main().catch((error) => {
-    console.error("[better-i18n] Fatal error:", error);
+main().catch((err) => {
+    console.error("[better-i18n-mcp] fatal:", err instanceof Error ? err.message : err);
     process.exit(1);
 });
 //# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA;;;;;;;;GAQG;AAEH,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EACL,aAAa,EACb,sBAAsB,EACtB,sBAAsB,GACvB,MAAM,aAAa,CAAC;AAErB,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC/C,MAAM,GAAG,GAAG,OAAO,CAAC,iBAAiB,CAAsC,CAAC;AAE5E,KAAK,UAAU,IAAI;IACjB,MAAM,MAAM,GAAG,aAAa,EAAE,CAAC;IAE/B,OAAO,CAAC,KAAK,CACX,uBAAuB,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,YAAY,EAAE,CACxE,CAAC;IACF,OAAO,CAAC,KAAK,CAAC,0BAA0B,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;IAEzD,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QACnB,OAAO,CAAC,KAAK,CACX,2EAA2E,CAC5E,CAAC;QACF,OAAO,CAAC,KAAK,CACX,qFAAqF,CACtF,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,SAAS,GAAG,sBAAsB,CAAC;QACvC,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,KAAK,EAAE,MAAM,CAAC,KAAK;KACpB,CAAC,CAAC;IAEH,MAAM,MAAM,GAAG,sBAAsB,CAAC,SAAS,EAAE;QAC/C,WAAW,EAAE,GAAG,CAAC,IAAI;QACrB,OAAO,EAAE,GAAG,CAAC,OAAO;KACrB,CAAC,CAAC;IAEH,OAAO,CAAC,KAAK,CAAC,gCAAgC,CAAC,CAAC;IAEhD,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAChC,OAAO,CAAC,KAAK,CAAC,2CAA2C,CAAC,CAAC;AAC7D,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE;IACrB,OAAO,CAAC,KAAK,CAAC,4BAA4B,EAAE,KAAK,CAAC,CAAC;IACnD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AAEH,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAC5C,OAAO,EAAE,YAAY,EAAE,MAAM,WAAW,CAAC;AACzC,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AACnE,OAAO,EAAE,6BAA6B,EAAE,MAAM,oDAAoD,CAAC;AACnG,OAAO,EAAE,iBAAiB,EAAE,MAAM,0CAA0C,CAAC;AAC7E,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AACnE,OAAO,EAAE,oBAAoB,EAAE,MAAM,2CAA2C,CAAC;AACjF,OAAO,EACL,qBAAqB,EACrB,sBAAsB,GACvB,MAAM,oCAAoC,CAAC;AAC5C,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AAExD,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC/C,MAAM,GAAG,GAAG,OAAO,CAAC,iBAAiB,CAAsC,CAAC;AAC5E,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC;AAE5B,MAAM,aAAa,GAAG,uBAAuB,CAAC;AAC9C,MAAM,YAAY,GAAG,6BAA6B,CAAC;AACnD,MAAM,kBAAkB,GAAG,IAAI,CAAC;AAEhC,SAAS,aAAa;IACpB,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACnC,MAAM,KAAK,GACT,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC;QACxB,OAAO,CAAC,GAAG,CAAC,iBAAiB,KAAK,MAAM;QACxC,OAAO,CAAC,GAAG,CAAC,iBAAiB,KAAK,GAAG,CAAC;IACxC,MAAM,MAAM,GACV,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC;IAC5E,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC;IAC/C,MAAM,KAAK,GACT,OAAO,CAAC,GAAG,CAAC,iBAAiB,KAAK,MAAM,IAAI,IAAI,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;IACvE,MAAM,SAAS,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,IAAI,kBAAkB,CAAC;IACnF,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,SAAS,EAAE,CAAC;AACrD,CAAC;AAED,SAAS,GAAG,CAAC,KAAc,EAAE,GAAG,IAAe;IAC7C,IAAI,KAAK;QAAE,OAAO,CAAC,KAAK,CAAC,mBAAmB,EAAE,GAAG,IAAI,CAAC,CAAC;AACzD,CAAC;AAED;;;GAGG;AACH,SAAS,kBAAkB,CACzB,MAA2B,EAC3B,MAAe;IAEf,MAAM,SAAS,GAAG,MAAM,KAAK,SAAS,CAAC;IACvC,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;QAsCD,SAAS,CAAC,CAAC,CAAC,uBAAuB,CAAC,CAAC,CAAC,mBAAmB;;;;8BAInC,SAAS,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,YAAY;UAE7D,SAAS;QACP,CAAC,CAAC,uLAAuL;QACzL,CAAC,CAAC,sOACN;;yBAEiB,SAAS,CAAC,CAAC,CAAC,gBAAgB,CAAC,CAAC,CAAC,sBAAsB;wBACtD,SAAS,CAAC,CAAC,CAAC,mDAAmD,CAAC,CAAC,CAAC,MAAM,IAAI,kEAAkE;;wBAE9I,SAAS,CAAC,CAAC,CAAC,iDAAiD,CAAC,CAAC,CAAC,sEAAsE;;;;QAItJ,CAAC;AACT,CAAC;AAED;;;GAGG;AACH,SAAS,eAAe,CAAC,IAAY;IAInC,IAAI,WAAoC,CAAC;IACzC,IAAI,UAAiC,CAAC;IACtC,MAAM,OAAO,GAAG,IAAI,OAAO,CAAS,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QAC/C,WAAW,GAAG,GAAG,CAAC;QAClB,UAAU,GAAG,GAAG,CAAC;IACnB,CAAC,CAAC,CAAC;IAEH,MAAM,MAAM,GAAG,YAAY,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QACvC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,IAAI,GAAG,EAAE,oBAAoB,IAAI,EAAE,CAAC,CAAC;QAChE,IAAI,GAAG,CAAC,QAAQ,KAAK,WAAW,EAAE,CAAC;YACjC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC;YACzB,OAAO;QACT,CAAC;QACD,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;QAC1C,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QAC5C,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,0BAA0B,EAAE,CAAC,CAAC;QACnE,IAAI,IAAI,EAAE,CAAC;YACT,GAAG,CAAC,GAAG,CAAC,kBAAkB,CAAC,SAAS,CAAC,CAAC,CAAC;YACvC,WAAW,CAAC,IAAI,CAAC,CAAC;QACpB,CAAC;aAAM,CAAC;YACN,GAAG,CAAC,GAAG,CAAC,kBAAkB,CAAC,OAAO,EAAE,KAAK,IAAI,SAAS,CAAC,CAAC,CAAC;YACzD,UAAU,CAAC,IAAI,KAAK,CAAC,KAAK,IAAI,sBAAsB,CAAC,CAAC,CAAC;QACzD,CAAC;IACH,CAAC,CAAC,CAAC;IACH,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IACpB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,MAAM,CAAC,KAAK,EAAE,EAAE,CAAC;AAClD,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,aAAa,CAC1B,GAAqC;IAErC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,GAAG,CAAC,MAAM,MAAM,CAAC,CAAC;IACzC,MAAM,MAAM,GAAG,IAAI,MAAM,CACvB,EAAE,IAAI,EAAE,oBAAoB,EAAE,OAAO,EAAE,OAAO,EAAE,EAChD,EAAE,YAAY,EAAE,EAAE,EAAE,CACrB,CAAC;IAEF,gDAAgD;IAChD,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;QACf,MAAM,SAAS,GAAG,IAAI,6BAA6B,CAAC,GAAG,EAAE;YACvD,WAAW,EAAE,EAAE,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,GAAG,CAAC,MAAM,EAAE,EAAE,EAAE;SACpE,CAAC,CAAC;QACH,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;QAChC,GAAG,CACD,GAAG,CAAC,KAAK,EACT,gBAAgB,GAAG,CAAC,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,cAAc,CACvE,CAAC;QACF,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,sEAAsE;IACtE,MAAM,WAAW,GAAG,oBAAoB,GAAG,CAAC,SAAS,WAAW,CAAC;IACjE,MAAM,YAAY,GAAG,IAAI,iBAAiB,CAAC,EAAE,MAAM,EAAE,GAAG,CAAC,MAAM,EAAE,WAAW,EAAE,CAAC,CAAC;IAEhF,MAAM,aAAa,GAAG,GAAG,EAAE,CACzB,IAAI,6BAA6B,CAAC,GAAG,EAAE,EAAE,YAAY,EAAE,CAAC,CAAC;IAE3D,IAAI,CAAC;QACH,MAAM,MAAM,CAAC,OAAO,CAAC,aAAa,EAAE,CAAC,CAAC;QACtC,GAAG,CACD,GAAG,CAAC,KAAK,EACT,gBAAgB,GAAG,CAAC,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,yBAAyB,CAClF,CAAC;QACF,OAAO,MAAM,CAAC;IAChB,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,CAAC,CAAC,GAAG,YAAY,iBAAiB,CAAC;YAAE,MAAM,GAAG,CAAC;IACrD,CAAC;IAED,+EAA+E;IAC/E,kFAAkF;IAClF,MAAM,QAAQ,GAAG,eAAe,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IAChD,IAAI,IAAY,CAAC;IACjB,IAAI,CAAC;QACH,IAAI,GAAG,MAAM,QAAQ,CAAC,OAAO,CAAC;IAChC,CAAC;YAAS,CAAC;QACT,QAAQ,CAAC,KAAK,EAAE,CAAC;IACnB,CAAC;IAED,MAAM,SAAS,GAAG,aAAa,EAAE,CAAC;IAClC,MAAM,SAAS,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;IACjC,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAChC,GAAG,CACD,GAAG,CAAC,KAAK,EACT,gBAAgB,GAAG,CAAC,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,0BAA0B,CACnF,CAAC;IACF,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,KAAK,UAAU,IAAI;IACjB,MAAM,GAAG,GAAG,aAAa,EAAE,CAAC;IAC5B,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,GAAG,CAAC,CAAC;IAExC,MAAM,MAAM,GAAG,IAAI,MAAM,CACvB,EAAE,IAAI,EAAE,aAAa,EAAE,OAAO,EAAE,OAAO,EAAE,EACzC,EAAE,YAAY,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,CAChC,CAAC;IAEF,MAAM,CAAC,iBAAiB,CAAC,sBAAsB,EAAE,KAAK,IAAI,EAAE;QAC1D,OAAO,MAAM,MAAM,CAAC,SAAS,EAAE,CAAC;IAClC,CAAC,CAAC,CAAC;IAEH,MAAM,CAAC,iBAAiB,CAAC,qBAAqB,EAAE,KAAK,EAAE,OAAO,EAAE,EAAE;QAChE,OAAO,CAAC,MAAM,MAAM,CAAC,QAAQ,CAAC;YAC5B,IAAI,EAAE,OAAO,CAAC,MAAM,CAAC,IAAI;YACzB,SAAS,EAAE,OAAO,CAAC,MAAM,CAAC,SAAS;SACpC,CAAC,CAAU,CAAC;IACf,CAAC,CAAC,CAAC;IAEH,MAAM,SAAS,GAAG,IAAI,oBAAoB,EAAE,CAAC;IAC7C,MAAM,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;IAChC,GAAG,CAAC,GAAG,CAAC,KAAK,EAAE,kBAAkB,OAAO,GAAG,CAAC,CAAC;AAC/C,CAAC;AAED,IAAI,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IACnB,OAAO,CAAC,KAAK,CACX,0BAA0B,EAC1B,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CACzC,CAAC;IACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/dist/oauth-provider.d.ts

@@ -0,0 +1,39 @@
+/**
+ * Node OAuth client provider for the Better i18n MCP stdio bridge.
+ *
+ * Implements the SDK's OAuthClientProvider so the bridge can authenticate
+ * via the browser consent flow instead of a pasted API key. State that
+ * must survive across runs (dynamic client registration, tokens, PKCE
+ * verifier) is persisted to ~/.better-i18n/, keyed by the MCP host so a
+ * user can run against prod and local without clobbering credentials.
+ *
+ * No npm deps — pure Node built-ins. Browser is opened via the platform
+ * opener; the redirect lands on a local loopback server (see index.ts).
+ */
+import type { OAuthClientInformationFull, OAuthClientMetadata, OAuthTokens } from "@modelcontextprotocol/sdk/shared/auth.js";
+import type { OAuthClientProvider } from "@modelcontextprotocol/sdk/client/auth.js";
+export declare class NodeOAuthProvider implements OAuthClientProvider {
+    private readonly file;
+    private cache;
+    private readonly _redirectUrl;
+    constructor(opts: {
+        mcpUrl: string;
+        redirectUrl: string;
+    });
+    private read;
+    private write;
+    get redirectUrl(): string;
+    get clientMetadata(): OAuthClientMetadata;
+    state(): string;
+    clientInformation(): OAuthClientInformationFull | undefined;
+    saveClientInformation(info: OAuthClientInformationFull): void;
+    tokens(): OAuthTokens | undefined;
+    saveTokens(tokens: OAuthTokens): void;
+    saveCodeVerifier(codeVerifier: string): void;
+    codeVerifier(): string;
+    redirectToAuthorization(authorizationUrl: URL): void;
+    /** Wipe persisted tokens — used when the server rejects them as expired
+     * beyond refresh, so the next connect re-runs the consent flow. */
+    clearTokens(): void;
+}
+//# sourceMappingURL=oauth-provider.d.ts.map

package/dist/oauth-provider.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-provider.d.ts","sourceRoot":"","sources":["../src/oauth-provider.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAOH,OAAO,KAAK,EACV,0BAA0B,EAC1B,mBAAmB,EACnB,WAAW,EACZ,MAAM,0CAA0C,CAAC;AAClD,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,0CAA0C,CAAC;AAoBpF,qBAAa,iBAAkB,YAAW,mBAAmB;IAC3D,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAS;IAC9B,OAAO,CAAC,KAAK,CAAgB;IAC7B,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAS;gBAE1B,IAAI,EAAE;QAAE,MAAM,EAAE,MAAM,CAAC;QAAC,WAAW,EAAE,MAAM,CAAA;KAAE;IAazD,OAAO,CAAC,IAAI;IASZ,OAAO,CAAC,KAAK;IAUb,IAAI,WAAW,IAAI,MAAM,CAExB;IAED,IAAI,cAAc,IAAI,mBAAmB,CASxC;IAED,KAAK,IAAI,MAAM;IAOf,iBAAiB,IAAI,0BAA0B,GAAG,SAAS;IAI3D,qBAAqB,CAAC,IAAI,EAAE,0BAA0B,GAAG,IAAI;IAK7D,MAAM,IAAI,WAAW,GAAG,SAAS;IAIjC,UAAU,CAAC,MAAM,EAAE,WAAW,GAAG,IAAI;IAKrC,gBAAgB,CAAC,YAAY,EAAE,MAAM,GAAG,IAAI;IAK5C,YAAY,IAAI,MAAM;IAKtB,uBAAuB,CAAC,gBAAgB,EAAE,GAAG,GAAG,IAAI;IAUpD;uEACmE;IACnE,WAAW,IAAI,IAAI;CAKpB"}

package/dist/oauth-provider.js

@@ -0,0 +1,123 @@
+/**
+ * Node OAuth client provider for the Better i18n MCP stdio bridge.
+ *
+ * Implements the SDK's OAuthClientProvider so the bridge can authenticate
+ * via the browser consent flow instead of a pasted API key. State that
+ * must survive across runs (dynamic client registration, tokens, PKCE
+ * verifier) is persisted to ~/.better-i18n/, keyed by the MCP host so a
+ * user can run against prod and local without clobbering credentials.
+ *
+ * No npm deps — pure Node built-ins. Browser is opened via the platform
+ * opener; the redirect lands on a local loopback server (see index.ts).
+ */
+import { createHash } from "node:crypto";
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
+import { homedir } from "node:os";
+import { join } from "node:path";
+import { spawn } from "node:child_process";
+function openBrowser(url) {
+    const platform = process.platform;
+    const cmd = platform === "darwin" ? "open" : platform === "win32" ? "cmd" : "xdg-open";
+    const args = platform === "win32" ? ["/c", "start", "", url] : [url];
+    try {
+        spawn(cmd, args, { stdio: "ignore", detached: true }).unref();
+    }
+    catch {
+        // Headless / no opener — fall through; the URL is also printed to stderr.
+    }
+}
+export class NodeOAuthProvider {
+    file;
+    cache;
+    _redirectUrl;
+    constructor(opts) {
+        const dir = join(homedir(), ".better-i18n");
+        if (!existsSync(dir))
+            mkdirSync(dir, { recursive: true });
+        // Key the credential file by MCP host so prod/local don't collide.
+        const hostKey = createHash("sha256")
+            .update(opts.mcpUrl)
+            .digest("hex")
+            .slice(0, 12);
+        this.file = join(dir, `mcp-auth-${hostKey}.json`);
+        this.cache = this.read();
+        this._redirectUrl = opts.redirectUrl;
+    }
+    read() {
+        try {
+            if (!existsSync(this.file))
+                return {};
+            return JSON.parse(readFileSync(this.file, "utf8"));
+        }
+        catch {
+            return {};
+        }
+    }
+    write() {
+        try {
+            writeFileSync(this.file, JSON.stringify(this.cache, null, 2), {
+                mode: 0o600,
+            });
+        }
+        catch (e) {
+            console.error("[better-i18n-mcp] failed to persist auth:", e);
+        }
+    }
+    get redirectUrl() {
+        return this._redirectUrl;
+    }
+    get clientMetadata() {
+        return {
+            client_name: "Better i18n MCP (CLI)",
+            redirect_uris: [this._redirectUrl],
+            grant_types: ["authorization_code", "refresh_token"],
+            response_types: ["code"],
+            token_endpoint_auth_method: "none",
+            scope: "openid profile email offline_access",
+        };
+    }
+    state() {
+        return createHash("sha256")
+            .update(`${Date.now()}-${Math.random()}`)
+            .digest("hex")
+            .slice(0, 24);
+    }
+    clientInformation() {
+        return this.cache.clientInformation;
+    }
+    saveClientInformation(info) {
+        this.cache.clientInformation = info;
+        this.write();
+    }
+    tokens() {
+        return this.cache.tokens;
+    }
+    saveTokens(tokens) {
+        this.cache.tokens = tokens;
+        this.write();
+    }
+    saveCodeVerifier(codeVerifier) {
+        this.cache.codeVerifier = codeVerifier;
+        this.write();
+    }
+    codeVerifier() {
+        if (!this.cache.codeVerifier)
+            throw new Error("No PKCE code verifier saved");
+        return this.cache.codeVerifier;
+    }
+    redirectToAuthorization(authorizationUrl) {
+        const url = authorizationUrl.toString();
+        console.error("\n[better-i18n-mcp] Opening your browser to sign in to Better i18n…\n" +
+            "If it doesn't open automatically, visit:\n" +
+            `  ${url}\n`);
+        openBrowser(url);
+    }
+    /** Wipe persisted tokens — used when the server rejects them as expired
+     * beyond refresh, so the next connect re-runs the consent flow. */
+    clearTokens() {
+        this.cache.tokens = undefined;
+        this.cache.codeVerifier = undefined;
+        this.write();
+    }
+}
+//# sourceMappingURL=oauth-provider.js.map

package/dist/oauth-provider.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-provider.js","sourceRoot":"","sources":["../src/oauth-provider.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;GAWG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,SAAS,CAAC;AAC7E,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,KAAK,EAAE,MAAM,oBAAoB,CAAC;AAc3C,SAAS,WAAW,CAAC,GAAW;IAC9B,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IAClC,MAAM,GAAG,GACP,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,UAAU,CAAC;IAC7E,MAAM,IAAI,GAAG,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;IACrE,IAAI,CAAC;QACH,KAAK,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,KAAK,EAAE,CAAC;IAChE,CAAC;IAAC,MAAM,CAAC;QACP,0EAA0E;IAC5E,CAAC;AACH,CAAC;AAED,MAAM,OAAO,iBAAiB;IACX,IAAI,CAAS;IACtB,KAAK,CAAgB;IACZ,YAAY,CAAS;IAEtC,YAAY,IAA6C;QACvD,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,EAAE,EAAE,cAAc,CAAC,CAAC;QAC5C,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC1D,mEAAmE;QACnE,MAAM,OAAO,GAAG,UAAU,CAAC,QAAQ,CAAC;aACjC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC;aACnB,MAAM,CAAC,KAAK,CAAC;aACb,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAChB,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,YAAY,OAAO,OAAO,CAAC,CAAC;QAClD,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QACzB,IAAI,CAAC,YAAY,GAAG,IAAI,CAAC,WAAW,CAAC;IACvC,CAAC;IAEO,IAAI;QACV,IAAI,CAAC;YACH,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC;gBAAE,OAAO,EAAE,CAAC;YACtC,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,EAAE,MAAM,CAAC,CAAkB,CAAC;QACtE,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;IAEO,KAAK;QACX,IAAI,CAAC;YACH,aAAa,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE;gBAC5D,IAAI,EAAE,KAAK;aACZ,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO,CAAC,KAAK,CAAC,2CAA2C,EAAE,CAAC,CAAC,CAAC;QAChE,CAAC;IACH,CAAC;IAED,IAAI,WAAW;QACb,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAED,IAAI,cAAc;QAChB,OAAO;YACL,WAAW,EAAE,uBAAuB;YACpC,aAAa,EAAE,CAAC,IAAI,CAAC,YAAY,CAAC;YAClC,WAAW,EAAE,CAAC,oBAAoB,EAAE,eAAe,CAAC;YACpD,cAAc,EAAE,CAAC,MAAM,CAAC;YACxB,0BAA0B,EAAE,MAAM;YAClC,KAAK,EAAE,qCAAqC;SAC7C,CAAC;IACJ,CAAC;IAED,KAAK;QACH,OAAO,UAAU,CAAC,QAAQ,CAAC;aACxB,MAAM,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC;aACxC,MAAM,CAAC,KAAK,CAAC;aACb,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAClB,CAAC;IAED,iBAAiB;QACf,OAAO,IAAI,CAAC,KAAK,CAAC,iBAAiB,CAAC;IACtC,CAAC;IAED,qBAAqB,CAAC,IAAgC;QACpD,IAAI,CAAC,KAAK,CAAC,iBAAiB,GAAG,IAAI,CAAC;QACpC,IAAI,CAAC,KAAK,EAAE,CAAC;IACf,CAAC;IAED,MAAM;QACJ,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC;IAC3B,CAAC;IAED,UAAU,CAAC,MAAmB;QAC5B,IAAI,CAAC,KAAK,CAAC,MAAM,GAAG,MAAM,CAAC;QAC3B,IAAI,CAAC,KAAK,EAAE,CAAC;IACf,CAAC;IAED,gBAAgB,CAAC,YAAoB;QACnC,IAAI,CAAC,KAAK,CAAC,YAAY,GAAG,YAAY,CAAC;QACvC,IAAI,CAAC,KAAK,EAAE,CAAC;IACf,CAAC;IAED,YAAY;QACV,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,YAAY;YAAE,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;QAC7E,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC;IACjC,CAAC;IAED,uBAAuB,CAAC,gBAAqB;QAC3C,MAAM,GAAG,GAAG,gBAAgB,CAAC,QAAQ,EAAE,CAAC;QACxC,OAAO,CAAC,KAAK,CACX,uEAAuE;YACrE,4CAA4C;YAC5C,KAAK,GAAG,IAAI,CACf,CAAC;QACF,WAAW,CAAC,GAAG,CAAC,CAAC;IACnB,CAAC;IAED;uEACmE;IACnE,WAAW;QACT,IAAI,CAAC,KAAK,CAAC,MAAM,GAAG,SAAS,CAAC;QAC9B,IAAI,CAAC,KAAK,CAAC,YAAY,GAAG,SAAS,CAAC;QACpC,IAAI,CAAC,KAAK,EAAE,CAAC;IACf,CAAC;CACF"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@better-i18n/mcp",
-  "version": "0.19.1",
+  "version": "0.21.0",
   "description": "MCP server for Better i18n translation management - AI-powered translation workflow for Cursor, Claude, and other AI assistants",
   "license": "MIT",
   "type": "module",