npm - @caplets/core - Versions diffs - 0.20.0 → 0.20.1 - Mend

@caplets/core 0.20.0 → 0.20.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/auth.d.ts +2 -2
package/dist/{completion-CbazRAiL.js → completion-D-kuyArL.js} +1 -1
package/dist/index.js +3 -3
package/dist/native.js +1 -1
package/dist/{service-D0MwLNyb.js → service-Bsq7R0mt.js} +109 -27
package/package.json +1 -1

package/dist/auth.d.ts CHANGED Viewed

@@ -30,8 +30,8 @@ export type GenericAuthTarget = {
     requestTimeoutMs?: number | undefined;
 };
 export declare function staticRemoteHeaders(server: CapletServerConfig): Record<string, string>;
-export declare function oauthHeaders(server: CapletServerConfig, authDir?: string): Record<string, string>;
-export declare function genericOAuthHeaders(target: GenericAuthTarget, authDir?: string): Record<string, string>;
+export declare function oauthHeaders(server: CapletServerConfig, authDir?: string): Promise<Record<string, string>>;
+export declare function genericOAuthHeaders(target: GenericAuthTarget, authDir?: string): Promise<Record<string, string>>;
 export declare class FileOAuthProvider implements OAuthClientProvider {
     readonly server: CapletServerConfig;
     readonly redirectUrl: string;

package/dist/{completion-CbazRAiL.js → completion-D-kuyArL.js} RENAMED Viewed

@@ -1,4 +1,4 @@
-import { St as resolveProjectConfigPath, Y as loadConfigWithSources, bt as resolveConfigPath, mt as DEFAULT_COMPLETION_CACHE_DIR, pt as DEFAULT_AUTH_DIR, vn as __exportAll, yt as resolveCapletsRoot } from "./service-D0MwLNyb.js";
+import { St as resolveProjectConfigPath, Y as loadConfigWithSources, bt as resolveConfigPath, mt as DEFAULT_COMPLETION_CACHE_DIR, pt as DEFAULT_AUTH_DIR, vn as __exportAll, yt as resolveCapletsRoot } from "./service-Bsq7R0mt.js";
 import { u as CapletsError } from "./validation-CdqbI2zN.js";
 import { mkdirSync, readFileSync, renameSync, writeFileSync } from "node:fs";
 import { dirname, join } from "node:path";

package/dist/index.js CHANGED Viewed

@@ -1,9 +1,9 @@
-import { $ as parseConfig, $t as ReadResourceRequestSchema, A as QuickJsCodeModeSandbox, At as toJsonSchemaCompat, B as CapletsEngine, Bt as ErrorCode, C as nativeCapletToolName, Ct as ReadBuffer, D as codeModeRunInputSchema, Dt as AjvJsonSchemaValidator, Et as assertToolsCallTaskCapability, F as redactCodeModeLogText, Ft as CreateMessageResultWithToolsSchema, G as handleServerTool, Gt as LATEST_PROTOCOL_VERSION, H as decodeDirectResourceUri, Ht as InitializeRequestSchema, I as codeModeDeclarationHash, It as CreateTaskResultSchema, J as loadConfig, Jt as ListResourcesRequestSchema, K as ServerRegistry, Kt as ListPromptsRequestSchema, L as generateCodeModeDeclarations, M as createCodeModeCapletsApi, Mt as CallToolResultSchema, N as listCodeModeCallableCaplets, Nt as CompleteRequestSchema, O as codeModeRunParamsSchema, Ot as Protocol, P as CodeModeLogStore, Pt as CreateMessageResultSchema, Q as loadProjectConfig, Qt as McpError, R as generateCodeModeRunToolDescription, Rt as ElicitResultSchema, S as nativeCapletToolDescription, St as resolveProjectConfigPath, T as nativeCodeModeToolId, Tt as assertClientRequestTaskCapability, U as findProjectRoot, Ut as InitializedNotificationSchema, V as resolveExposure, Vt as GetPromptRequestSchema, W as fingerprintProjectRoot, Wt as JSONRPCMessageSchema, X as loadGlobalConfig, Xt as ListToolsRequestSchema, Y as loadConfigWithSources, Yt as ListRootsResultSchema, Z as loadLocalOverlayConfigWithSources, Zt as LoggingLevelSchema, _ as controlUrlForBase, _n as safeParseAsync, _t as defaultConfigBaseDir, a as projectBindingError, an as isJSONRPCErrorResponse, at as markdownStructuredContent, b as resolveCapletsServer, bt as resolveConfigPath, c as cloudAuthPath, cn as getLiteralValue, ct as startGenericOAuthFlow, d as CloudAuthClient, dn as getSchemaDescription, dt as isTokenBundleExpired, en as SUPPORTED_PROTOCOL_VERSIONS, et as discoverCapletFiles, fn as isSchemaOptional, ft as readTokenBundle, g as resolveCapletsRemote, gn as safeParse, gt as defaultCacheBaseDir, hn as objectFromShape, ht as DEFAULT_OBSERVED_OUTPUT_SHAPE_CACHE_DIR, i as ProjectBindingError, in as isInitializeRequest, it as markdownCallToolResultContent, j as diagnoseCodeModeTypeScript, jt as CallToolRequestSchema, k as runCodeMode, kt as mergeCapabilities, l as migrateCredentials, ln as getObjectShape, lt as startOAuthFlow, m as buildProjectSyncManifest, mn as normalizeObjectSchema, n as resolveRemoteSelection, nn as assertCompleteRequestPrompt, nt as loadCapletFilesFromMap, o as projectBindingRecovery, on as isJSONRPCRequest, ot as runGenericOAuthFlow, p as createSdkRemoteCapletsClient, pn as isZ4Schema, q as capabilityDescription, qt as ListResourceTemplatesRequestSchema, r as PROJECT_BINDING_ERROR_CODES, rn as assertCompleteRequestResourceTemplate, rt as hasRenderableStructuredContent, s as CloudAuthStore, sn as isJSONRPCResultResponse, st as runOAuthFlow, t as createNativeCapletsService, tn as SetLevelRequestSchema, tt as validateCapletFile, u as redactedCloudAuthStatus, un as getParseErrorMessage, ut as deleteTokenBundle, v as parseServerBaseUrl, vt as defaultStateBaseDir, wt as serializeMessage, x as nativeCapletPromptGuidance, xt as resolveProjectCapletsRoot, y as resolveCapletsMode, yt as resolveCapletsRoot, z as minifyCodeModeDeclarationText, zt as EmptyResultSchema } from "./service-D0MwLNyb.js";
+import { $ as parseConfig, $t as ReadResourceRequestSchema, A as QuickJsCodeModeSandbox, At as toJsonSchemaCompat, B as CapletsEngine, Bt as ErrorCode, C as nativeCapletToolName, Ct as ReadBuffer, D as codeModeRunInputSchema, Dt as AjvJsonSchemaValidator, Et as assertToolsCallTaskCapability, F as redactCodeModeLogText, Ft as CreateMessageResultWithToolsSchema, G as handleServerTool, Gt as LATEST_PROTOCOL_VERSION, H as decodeDirectResourceUri, Ht as InitializeRequestSchema, I as codeModeDeclarationHash, It as CreateTaskResultSchema, J as loadConfig, Jt as ListResourcesRequestSchema, K as ServerRegistry, Kt as ListPromptsRequestSchema, L as generateCodeModeDeclarations, M as createCodeModeCapletsApi, Mt as CallToolResultSchema, N as listCodeModeCallableCaplets, Nt as CompleteRequestSchema, O as codeModeRunParamsSchema, Ot as Protocol, P as CodeModeLogStore, Pt as CreateMessageResultSchema, Q as loadProjectConfig, Qt as McpError, R as generateCodeModeRunToolDescription, Rt as ElicitResultSchema, S as nativeCapletToolDescription, St as resolveProjectConfigPath, T as nativeCodeModeToolId, Tt as assertClientRequestTaskCapability, U as findProjectRoot, Ut as InitializedNotificationSchema, V as resolveExposure, Vt as GetPromptRequestSchema, W as fingerprintProjectRoot, Wt as JSONRPCMessageSchema, X as loadGlobalConfig, Xt as ListToolsRequestSchema, Y as loadConfigWithSources, Yt as ListRootsResultSchema, Z as loadLocalOverlayConfigWithSources, Zt as LoggingLevelSchema, _ as controlUrlForBase, _n as safeParseAsync, _t as defaultConfigBaseDir, a as projectBindingError, an as isJSONRPCErrorResponse, at as markdownStructuredContent, b as resolveCapletsServer, bt as resolveConfigPath, c as cloudAuthPath, cn as getLiteralValue, ct as startGenericOAuthFlow, d as CloudAuthClient, dn as getSchemaDescription, dt as isTokenBundleExpired, en as SUPPORTED_PROTOCOL_VERSIONS, et as discoverCapletFiles, fn as isSchemaOptional, ft as readTokenBundle, g as resolveCapletsRemote, gn as safeParse, gt as defaultCacheBaseDir, hn as objectFromShape, ht as DEFAULT_OBSERVED_OUTPUT_SHAPE_CACHE_DIR, i as ProjectBindingError, in as isInitializeRequest, it as markdownCallToolResultContent, j as diagnoseCodeModeTypeScript, jt as CallToolRequestSchema, k as runCodeMode, kt as mergeCapabilities, l as migrateCredentials, ln as getObjectShape, lt as startOAuthFlow, m as buildProjectSyncManifest, mn as normalizeObjectSchema, n as resolveRemoteSelection, nn as assertCompleteRequestPrompt, nt as loadCapletFilesFromMap, o as projectBindingRecovery, on as isJSONRPCRequest, ot as runGenericOAuthFlow, p as createSdkRemoteCapletsClient, pn as isZ4Schema, q as capabilityDescription, qt as ListResourceTemplatesRequestSchema, r as PROJECT_BINDING_ERROR_CODES, rn as assertCompleteRequestResourceTemplate, rt as hasRenderableStructuredContent, s as CloudAuthStore, sn as isJSONRPCResultResponse, st as runOAuthFlow, t as createNativeCapletsService, tn as SetLevelRequestSchema, tt as validateCapletFile, u as redactedCloudAuthStatus, un as getParseErrorMessage, ut as deleteTokenBundle, v as parseServerBaseUrl, vt as defaultStateBaseDir, wt as serializeMessage, x as nativeCapletPromptGuidance, xt as resolveProjectCapletsRoot, y as resolveCapletsMode, yt as resolveCapletsRoot, z as minifyCodeModeDeclarationText, zt as EmptyResultSchema } from "./service-Bsq7R0mt.js";
 import { _ as record, b as unknown, d as literal, m as object, n as ZodOptional, o as array, p as number, r as _enum, s as boolean, v as string, x as url } from "./schemas-BZ6BBrh7.js";
 import { f as redactSecrets, i as SERVER_ID_PATTERN, l as CAPLETS_ERROR_CODES, p as toSafeError, u as CapletsError } from "./validation-CdqbI2zN.js";
 import { generatedToolInputSchema, generatedToolInputSchemaForCaplet } from "./generated-tool-input-schema.js";
 import { f as observedOutputShapeKey, i as observeOutputShape, u as FileObservedOutputShapeStore } from "./observed-output-shapes-uzAMQPhg.js";
-import { a as formatCapletList, c as resolveCliConfigPaths, l as cliCommands$1, n as completionScript, o as formatConfigPaths, s as listCaplets, t as completeCliWords, u as completionShells } from "./completion-CbazRAiL.js";
+import { a as formatCapletList, c as resolveCliConfigPaths, l as cliCommands$1, n as completionScript, o as formatConfigPaths, s as listCaplets, t as completeCliWords, u as completionShells } from "./completion-D-kuyArL.js";
 import { n as normalizeCapletSourcePath, t as FilesystemCapletSource } from "./filesystem-Kkg32TOJ.js";
 import { parseConfig as parseConfig$1 } from "./config-runtime.js";
 import fs, { accessSync, chmodSync, closeSync, constants, copyFileSync, cpSync, existsSync, lstatSync, mkdirSync, mkdtempSync, openSync, readFileSync, readdirSync, readlinkSync, realpathSync, rmSync, statSync, writeFileSync, writeSync } from "node:fs";
@@ -1553,7 +1553,7 @@ const EMPTY_COMPLETION_RESULT = { completion: {
 } };
 //#endregion
 //#region package.json
-var version = "0.20.0";
+var version = "0.20.1";
 //#endregion
 //#region src/serve/session.ts
 var CapletsMcpSession = class {

package/dist/native.js CHANGED Viewed

@@ -1,4 +1,4 @@
-import { C as nativeCapletToolName, E as nativeCodeModeToolName, S as nativeCapletToolDescription, T as nativeCodeModeToolId, f as RemoteNativeCapletsService, h as resolveNativeCapletsServiceOptions, p as createSdkRemoteCapletsClient, t as createNativeCapletsService, w as nativeCapletsSystemGuidance, x as nativeCapletPromptGuidance } from "./service-D0MwLNyb.js";
+import { C as nativeCapletToolName, E as nativeCodeModeToolName, S as nativeCapletToolDescription, T as nativeCodeModeToolId, f as RemoteNativeCapletsService, h as resolveNativeCapletsServiceOptions, p as createSdkRemoteCapletsClient, t as createNativeCapletsService, w as nativeCapletsSystemGuidance, x as nativeCapletPromptGuidance } from "./service-Bsq7R0mt.js";
 import { generatedToolInputJsonSchema, generatedToolInputSchema } from "./generated-tool-input-schema.js";
 //#region src/native/process-cleanup.ts
 function registerNativeCapletsProcessCleanup(service, options = {}) {

package/dist/{service-D0MwLNyb.js → service-Bsq7R0mt.js} RENAMED Viewed

@@ -17317,23 +17317,24 @@ function staticRemoteHeaders(server) {
 	if (server.auth?.type === "headers") return server.auth.headers;
 	return {};
 }
-function genericOAuthHeaders(target, authDir) {
+async function genericOAuthHeaders(target, authDir) {
 	if (target.auth?.type !== "oauth2" && target.auth?.type !== "oidc") return {};
 	const authConfig = target.auth;
-	const bundle = readTokenBundle(target.server, authDir);
-	if (!bundle?.accessToken) throw new CapletsError("AUTH_REQUIRED", `OAuth credentials required for ${target.server}`, {
+	let bundle = readTokenBundle(target.server, authDir);
+	if (!bundle?.accessToken && !bundle?.refreshToken) throw new CapletsError("AUTH_REQUIRED", `OAuth credentials required for ${target.server}`, {
 		server: target.server,
 		backend: target.backend,
 		authType: authConfig.type,
 		nextAction: "run_caplets_auth_login"
 	});
-	if (isTokenBundleExpired(bundle)) throw new CapletsError("AUTH_REFRESH_FAILED", `OAuth token for ${target.server} is expired`, {
+	assertTokenBundleMatchesTarget(bundle, target, authConfig);
+	if (!bundle.accessToken || isTokenBundleExpired(bundle)) bundle = await refreshGenericOAuthBundle(target, authConfig, bundle, authDir);
+	if (!bundle.accessToken || isTokenBundleExpired(bundle)) throw new CapletsError("AUTH_REFRESH_FAILED", `OAuth token for ${target.server} is expired`, {
 		server: target.server,
 		backend: target.backend,
 		authType: authConfig.type,
 		nextAction: "run_caplets_auth_login"
 	});
-	assertTokenBundleMatchesTarget(bundle, target, authConfig);
 	return { authorization: `${bundle.tokenType ?? "Bearer"} ${bundle.accessToken}` };
 }
 var FileOAuthProvider = class {
@@ -17768,6 +17769,87 @@ async function resolveGenericClient(target, authConfig, metadata, redirectUri, a
 		dynamic: true
 	};
 }
+async function refreshGenericOAuthBundle(target, authConfig, bundle, authDir) {
+	if (!bundle.refreshToken) throw new CapletsError("AUTH_REFRESH_FAILED", `OAuth token for ${target.server} is expired`, {
+		server: target.server,
+		backend: target.backend,
+		authType: authConfig.type,
+		nextAction: "run_caplets_auth_login"
+	});
+	const allowLoopbackHttp = isLoopbackDevelopmentTarget(target, authConfig);
+	let metadata = {};
+	let tokenEndpoint = authConfig.tokenUrl;
+	if (!tokenEndpoint) {
+		metadata = await discoverAuthorizationServer(target, authConfig, allowLoopbackHttp);
+		tokenEndpoint = metadata.token_endpoint;
+	}
+	if (!tokenEndpoint) throw new CapletsError("AUTH_REFRESH_FAILED", "OAuth metadata is missing token endpoint", {
+		server: target.server,
+		backend: target.backend,
+		authType: authConfig.type,
+		nextAction: "run_caplets_auth_login"
+	});
+	assertAllowedAuthUrl(tokenEndpoint, "token endpoint", allowLoopbackHttp);
+	const clientId = authConfig.clientId ?? authConfig.clientMetadataUrl ?? bundle.clientId;
+	if (!clientId) throw new CapletsError("AUTH_REFRESH_FAILED", "OAuth clientId is required to refresh tokens", {
+		server: target.server,
+		backend: target.backend,
+		authType: authConfig.type,
+		nextAction: "run_caplets_auth_login"
+	});
+	const clientSecret = authConfig.clientSecret ?? bundle.clientSecret;
+	const params = new URLSearchParams({
+		grant_type: "refresh_token",
+		refresh_token: bundle.refreshToken,
+		client_id: clientId
+	});
+	if (clientSecret) params.set("client_secret", clientSecret);
+	let tokenResponse;
+	try {
+		tokenResponse = await fetchJson(tokenEndpoint, target.requestTimeoutMs, {
+			method: "POST",
+			headers: { "content-type": "application/x-www-form-urlencoded" },
+			body: params.toString()
+		}, allowLoopbackHttp);
+	} catch (error) {
+		if (error instanceof CapletsError) throw new CapletsError("AUTH_REFRESH_FAILED", `OAuth token refresh failed`, {
+			server: target.server,
+			backend: target.backend,
+			authType: authConfig.type,
+			nextAction: "run_caplets_auth_login",
+			cause: error.details
+		});
+		throw error;
+	}
+	const idToken = asString(tokenResponse.id_token);
+	const idClaims = parseJwtPayload(idToken);
+	if (idToken) {
+		if (!metadata.issuer && !authConfig.issuer) metadata = await discoverAuthorizationServer(target, authConfig, allowLoopbackHttp);
+		validateOidcToken(authConfig, metadata, idToken, idClaims, clientId);
+	}
+	const refreshed = stripUndefined$1({
+		...bundle,
+		server: target.server,
+		authType: authConfig.type,
+		accessToken: requireString(tokenResponse.access_token, "access_token"),
+		refreshToken: asString(tokenResponse.refresh_token) ?? bundle.refreshToken,
+		tokenType: asString(tokenResponse.token_type) ?? bundle.tokenType,
+		expiresAt: refreshedExpiresAt(tokenResponse.expires_in, bundle.expiresAt),
+		scope: asString(tokenResponse.scope) ?? bundle.scope ?? scopesFor(authConfig),
+		idToken: idToken ?? bundle.idToken,
+		issuer: asString(idClaims?.iss) ?? bundle.issuer ?? metadata.issuer ?? authConfig.issuer,
+		subject: asString(idClaims?.sub) ?? bundle.subject,
+		clientId,
+		clientSecret,
+		protectedResourceOrigin: protectedResourceOrigin(target, authConfig)
+	});
+	writeTokenBundle(refreshed, authDir);
+	return refreshed;
+}
+function refreshedExpiresAt(expiresIn, fallback) {
+	if (typeof expiresIn === "number") return new Date(Date.now() + expiresIn * 1e3).toISOString();
+	if (fallback && Date.parse(fallback) > Date.now()) return fallback;
+}
 async function fetchOptionalJson(url, timeoutMs, allowLoopbackHttp = false) {
 	try {
 		return await fetchJson(url, timeoutMs, {}, allowLoopbackHttp);
@@ -49327,7 +49409,7 @@ var GraphQLManager = class {
 			const headers = new Headers({
 				"content-type": "application/json",
 				...staticHeaders(endpoint),
-				...genericOAuthHeaders({
+				...await genericOAuthHeaders({
 					server: endpoint.server,
 					backend: "graphql",
 					url: endpoint.endpointUrl,
@@ -49630,7 +49712,7 @@ async function postGraphQl(endpoint, url, payload, authDir) {
 			headers: {
 				"content-type": "application/json",
 				...staticHeaders(endpoint),
-				...genericOAuthHeaders({
+				...await genericOAuthHeaders({
 					server: endpoint.server,
 					backend: "graphql",
 					url: endpoint.endpointUrl,
@@ -49655,7 +49737,7 @@ async function fetchGraphQlText(endpoint, url, authDir, sendAuth = true) {
 		response = await fetch(url, {
 			redirect: "manual",
 			signal: controller.signal,
-			headers: { ...sendAuth ? schemaAuthHeaders(endpoint, authDir) : {} }
+			headers: { ...sendAuth ? await schemaAuthHeaders(endpoint, authDir) : {} }
 		});
 	} catch (error) {
 		if (isAbortError(error)) throw new CapletsError("TOOL_CALL_TIMEOUT", "GraphQL schema request timed out");
@@ -49667,10 +49749,10 @@ async function fetchGraphQlText(endpoint, url, authDir, sendAuth = true) {
 	if (!response.ok) throw new CapletsError("DOWNSTREAM_PROTOCOL_ERROR", "GraphQL schema request failed", { status: response.status });
 	return readGraphQlText(response);
 }
-function schemaAuthHeaders(endpoint, authDir) {
+async function schemaAuthHeaders(endpoint, authDir) {
 	return {
 		...staticHeaders(endpoint),
-		...genericOAuthHeaders({
+		...await genericOAuthHeaders({
 			server: endpoint.server,
 			backend: "graphql",
 			url: endpoint.endpointUrl,
@@ -49726,7 +49808,7 @@ var HttpActionManager = class {
 		try {
 			const operations = operationsFor(api);
 			validateBaseUrl(api);
-			authHeaders$1(api, this.options.authDir);
+			await authHeaders$1(api, this.options.authDir);
 			for (const operation of operations) validateAction(api, operation);
 			this.registry.setStatus(api.server, "available");
 			return {
@@ -49755,7 +49837,7 @@ var HttpActionManager = class {
 	async callTool(api, toolName, args) {
 		const operation = getOperation(api, toolName);
 		const startedAt = Date.now();
-		const request = buildRequest$1(api, operation, args, this.options.authDir);
+		const request = await buildRequest$1(api, operation, args, this.options.authDir);
 		const controller = new AbortController();
 		const timeout = setTimeout(() => controller.abort(), api.requestTimeoutMs);
 		try {
@@ -49836,14 +49918,14 @@ function getOperation(api, toolName) {
 	});
 	return operation;
 }
-function buildRequest$1(api, operation, args, authDir) {
+async function buildRequest$1(api, operation, args, authDir) {
 	validateBaseUrl(api);
 	validateAction(api, operation);
 	const url = buildActionUrl(api.baseUrl, substitutePath$1(operation.path, args, operation), { allowEncodedSlash: true });
 	const query = resolveMappingToRecord(operation.query, args, "query");
 	for (const [key, value] of Object.entries(query)) if (value !== void 0 && value !== null) url.searchParams.append(key, serializeHttpValue$1("query", key, value));
 	const headers = new Headers();
-	applyAuth$1(headers, api, authDir);
+	await applyAuth$1(headers, api, authDir);
 	const resolvedHeaders = resolveMappingToRecord(operation.headers, args, "headers");
 	for (const [key, value] of Object.entries(resolvedHeaders)) if (value !== void 0 && value !== null) {
 		validateResolvedHeader(api, operation, key);
@@ -49919,16 +50001,16 @@ function serializeHttpValue$1(location, name, value) {
 		default: throw new CapletsError("REQUEST_INVALID", `HTTP action ${location} parameter ${name} must be a string, number, or boolean`);
 	}
 }
-function applyAuth$1(headers, api, authDir) {
-	for (const [key, value] of Object.entries(authHeaders$1(api, authDir))) headers.set(key, value);
+async function applyAuth$1(headers, api, authDir) {
+	for (const [key, value] of Object.entries(await authHeaders$1(api, authDir))) headers.set(key, value);
 }
-function authHeaders$1(api, authDir) {
+async function authHeaders$1(api, authDir) {
 	switch (api.auth.type) {
 		case "none": return {};
 		case "bearer": return { authorization: `Bearer ${api.auth.token}` };
 		case "headers": return api.auth.headers;
 		case "oauth2":
-		case "oidc": return genericOAuthHeaders({
+		case "oidc": return await genericOAuthHeaders({
 			server: api.server,
 			backend: "http",
 			baseUrl: api.baseUrl,
@@ -59754,7 +59836,7 @@ var OpenApiManager = class {
 	}
 	async callTool(endpoint, toolName, args) {
 		const operation = await this.getOperation(endpoint, toolName);
-		const request = buildRequest(endpoint, operation, args, this.options.authDir);
+		const request = await buildRequest(endpoint, operation, args, this.options.authDir);
 		const controller = new AbortController();
 		const timeout = setTimeout(() => controller.abort(), endpoint.requestTimeoutMs);
 		try {
@@ -59868,7 +59950,7 @@ async function loadOpenApiSource(endpoint, authDir) {
 	if (endpoint.specPath) return endpoint.specPath;
 	if (!endpoint.specUrl) throw new CapletsError("CONFIG_INVALID", `${endpoint.server} is missing OpenAPI spec source`);
 	if (!endpoint.baseUrl) throw new CapletsError("CONFIG_INVALID", `${endpoint.server} must configure baseUrl when using remote specUrl`);
-	return parseOpenApiSourceText(await fetchWithLimit(endpoint.specUrl, endpoint.requestTimeoutMs, shouldSendSpecAuth(endpoint) ? authHeaders(endpoint, authDir) : {}));
+	return parseOpenApiSourceText(await fetchWithLimit(endpoint.specUrl, endpoint.requestTimeoutMs, shouldSendSpecAuth(endpoint) ? await authHeaders(endpoint, authDir) : {}));
 }
 function parseOpenApiSourceText(source) {
 	let parsed;
@@ -60039,13 +60121,13 @@ function rejectExternalRefs(value) {
 	if (typeof object.$ref === "string" && !object.$ref.startsWith("#/")) throw new CapletsError("CONFIG_INVALID", "External OpenAPI $ref values are not supported");
 	for (const nested of Object.values(object)) rejectExternalRefs(nested);
 }
-function buildRequest(endpoint, operation, args, authDir) {
+async function buildRequest(endpoint, operation, args, authDir) {
 	const base = endpoint.baseUrl ?? operation.baseUrl;
 	validateOperationBaseUrl(endpoint, base);
 	const url = buildOperationUrl(base, substitutePath(operation.path, asRecord(args.path), operation));
 	for (const [key, value] of Object.entries(asRecord(args.query))) if (value !== void 0 && value !== null) url.searchParams.append(key, serializeHttpValue("query", key, value));
 	const headers = new Headers();
-	applyAuth(headers, endpoint, authDir);
+	await applyAuth(headers, endpoint, authDir);
 	const configuredHeaderNames = configuredAuthHeaderNames(endpoint);
 	for (const [key, value] of Object.entries(operation.staticHeaders ?? {})) if (!headers.has(key) && !configuredHeaderNames.has(key.toLowerCase())) headers.set(key, value);
 	for (const [key, value] of Object.entries(asRecord(args.header))) if (value !== void 0 && value !== null) {
@@ -60090,19 +60172,19 @@ function serializeHttpValue(location, name, value) {
 function asRecord(value) {
 	return value && typeof value === "object" && !Array.isArray(value) ? value : {};
 }
-function applyAuth(headers, endpoint, authDir) {
-	for (const [key, value] of Object.entries(authHeaders(endpoint, authDir))) headers.set(key, value);
+async function applyAuth(headers, endpoint, authDir) {
+	for (const [key, value] of Object.entries(await authHeaders(endpoint, authDir))) headers.set(key, value);
 }
 function configuredAuthHeaderNames(endpoint) {
 	return endpoint.auth.type === "headers" ? new Set(Object.keys(endpoint.auth.headers).map((key) => key.toLowerCase())) : /* @__PURE__ */ new Set();
 }
-function authHeaders(endpoint, authDir) {
+async function authHeaders(endpoint, authDir) {
 	switch (endpoint.auth.type) {
 		case "none": return {};
 		case "bearer": return { authorization: `Bearer ${endpoint.auth.token}` };
 		case "headers": return endpoint.auth.headers;
 		case "oauth2":
-		case "oidc": return genericOAuthHeaders(endpoint, authDir);
+		case "oidc": return await genericOAuthHeaders(endpoint, authDir);
 	}
 }
 function shouldSendSpecAuth(endpoint) {
@@ -61697,7 +61779,7 @@ var CapletsEngine = class {
 		}
 	}
 	async completeCliWords(words) {
-		const { completeCliWords } = await import("./completion-CbazRAiL.js").then((n) => n.r);
+		const { completeCliWords } = await import("./completion-D-kuyArL.js").then((n) => n.r);
 		return await completeCliWords(words, {
 			config: this.registry.config,
 			managers: {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@caplets/core",
-  "version": "0.20.0",
+  "version": "0.20.1",
   "description": "Core runtime library for Caplets Code Mode and progressive disclosure gateways.",
   "keywords": [
     "caplets",