@contentstack/mcp 0.1.1 → 0.3.0

package/dist/index.js

@@ -1,19 +1,19 @@
 #!/usr/bin/env node
 
 // src/index.ts
-import { Server } from "@modelcontextprotocol/sdk/server/index.js";
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
 import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
 import {
   CallToolRequestSchema,
   ListToolsRequestSchema
 } from "@modelcontextprotocol/sdk/types.js";
-import axios2 from "axios";
+import axios3 from "axios";
 import dotenv from "dotenv";
 
 // package.json
 var package_default = {
   name: "@contentstack/mcp",
-  version: "0.1.1",
+  version: "0.3.0",
   main: "./dist/index.js",
   type: "module",
   publishConfig: {
@@ -46,9 +46,11 @@ var package_default = {
     url: "https://github.com/contentstack/mcp.git"
   },
   dependencies: {
-    "@modelcontextprotocol/sdk": "^1.11.0",
+    "@modelcontextprotocol/sdk": "^1.24.0",
     axios: "^1.9.0",
-    dotenv: "^16.5.0"
+    dotenv: "^16.5.0",
+    inquirer: "^12.6.3",
+    open: "^10.1.2"
   },
   devDependencies: {
     "@commitlint/cli": "^19.8.1",
@@ -61,6 +63,7 @@ var package_default = {
     "eslint-plugin-only-warn": "^1.1.0",
     husky: "^9.1.7",
     jest: "^29.7.0",
+    "lint-staged": "^16.0.0",
     prettier: "^3.5.3",
     "ts-jest": "^29.3.2",
     "ts-node": "^10.9.2",
@@ -81,6 +84,17 @@ var package_default = {
   }
 };
 
+// src/oauth.ts
+import axios from "axios";
+import http from "http";
+import url from "url";
+import fs from "fs/promises";
+import path from "path";
+import os from "os";
+import open from "open";
+import crypto from "crypto";
+import inquirer from "inquirer";
+
 // src/utils/constants.ts
 var CMA_URLS = {
   NA: "https://api.contentstack.io",
@@ -98,10 +112,99 @@ var CDA_URLS = {
   GCP_NA: "https://gcp-na-cdn.contentstack.com",
   GCP_EU: "https://gcp-eu-cdn.contentstack.com"
 };
+var BRANDKIT_URLS = {
+  ai: {
+    NA: "https://ai.contentstack.com",
+    EU: "https://eu-ai.contentstack.com",
+    AZURE_NA: "https://azure-na-ai.contentstack.com",
+    AZURE_EU: "https://azure-eu-ai.contentstack.com",
+    GCP_NA: "https://gcp-na-ai.contentstack.com",
+    GCP_EU: "https://gcp-eu-ai.contentstack.com"
+  },
+  "brand-kits-api": {
+    NA: "https://brand-kits-api.contentstack.com",
+    EU: "https://eu-brand-kits-api.contentstack.com",
+    AZURE_NA: "https://azure-na-brand-kits-api.contentstack.com",
+    AZURE_EU: "https://azure-eu-brand-kits-api.contentstack.com",
+    GCP_NA: "https://gcp-na-brand-kits-api.contentstack.com",
+    GCP_EU: "https://gcp-eu-brand-kits-api.contentstack.com"
+  }
+};
+var OAUTH_URLS = {
+  NA: {
+    name: "North America (AWS)",
+    uiHost: "https://app.contentstack.com",
+    devHub: "https://developerhub-api.contentstack.com"
+  },
+  EU: {
+    name: "Europe (AWS)",
+    uiHost: "https://eu-app.contentstack.com",
+    devHub: "https://eu-developerhub-api.contentstack.com"
+  },
+  AZURE_NA: {
+    name: "North America (Azure)",
+    uiHost: "https://azure-na-app.contentstack.com",
+    devHub: "https://azure-na-developerhub-api.contentstack.com"
+  },
+  AZURE_EU: {
+    name: "Europe (Azure)",
+    uiHost: "https://azure-eu-app.contentstack.com",
+    devHub: "https://azure-eu-developerhub-api.contentstack.com"
+  },
+  GCP_NA: {
+    name: "North America (GCP)",
+    uiHost: "https://gcp-na-app.contentstack.com",
+    devHub: "https://gcp-na-developerhub-api.contentstack.com"
+  },
+  GCP_EU: {
+    name: "Europe (GCP)",
+    uiHost: "https://gcp-eu-app.contentstack.com",
+    devHub: "https://gcp-eu-developerhub-api.contentstack.com"
+  }
+};
+var LYTICS_URL = "https://api.lytics.io";
+var PERSONALIZE_URLS = {
+  NA: "https://personalize-api.contentstack.com",
+  EU: "https://eu-personalize-api.contentstack.com",
+  AZURE_NA: "https://azure-na-personalize-api.contentstack.com",
+  AZURE_EU: "https://azure-eu-personalize-api.contentstack.com",
+  GCP_NA: "https://gcp-na-personalize-api.contentstack.com",
+  GCP_EU: "https://gcp-eu-personalize-api.contentstack.com"
+};
+var ANALYTICS_URLS = {
+  NA: "https://app.contentstack.com/analytics",
+  EU: "https://eu-app.contentstack.com/analytics",
+  AZURE_NA: "https://azure-na-app.contentstack.com/analytics",
+  AZURE_EU: "https://azure-eu-app.contentstack.com/analytics",
+  GCP_NA: "https://gcp-na-app.contentstack.com/analytics",
+  GCP_EU: "https://gcp-eu-app.contentstack.com/analytics"
+};
+var LAUNCH_URLS = {
+  NA: "https://launch-api.contentstack.com/manage",
+  EU: "https://eu-launch-api.contentstack.com/manage",
+  AZURE_NA: "https://azure-na-launch-api.contentstack.com/manage",
+  AZURE_EU: "https://azure-eu-launch-api.contentstack.com/manage",
+  GCP_NA: "https://gcp-na-launch-api.contentstack.com/manage",
+  GCP_EU: "https://gcp-eu-launch-api.contentstack.com/manage"
+};
+var DEVELOPERHUB_URLS = {
+  NA: "https://developerhub-api.contentstack.com",
+  EU: "https://eu-developerhub-api.contentstack.com",
+  AZURE_NA: "https://azure-na-developerhub-api.contentstack.com",
+  AZURE_EU: "https://azure-eu-developerhub-api.contentstack.com",
+  GCP_NA: "https://gcp-na-developerhub-api.contentstack.com",
+  GCP_EU: "https://gcp-eu-developerhub-api.contentstack.com"
+};
 var GroupEnum = {
   CMA: "cma",
   CDA: "cda",
-  ALL: "all"
+  ALL: "all",
+  BRANDKIT: "brandkit",
+  LYTICS: "lytics",
+  ANALYTICS: "analytics",
+  PERSONALIZE: "personalize",
+  LAUNCH: "launch",
+  DEVELOPERHUB: "developerhub"
 };
 var apiVersionHeaders = [
   "publish_variants_of_an_entry",
@@ -109,64 +212,713 @@ var apiVersionHeaders = [
   "unpublish_an_entry"
 ];
 var TOOL_URLS = {
-  cma: "http://mcp.contentstack.com/cma/tools",
-  cda: "http://mcp.contentstack.com/cda/tools"
+  cma: "https://mcp.contentstack.com/cma/tools",
+  cda: "https://mcp.contentstack.com/cda/tools",
+  brandkit: "https://mcp.contentstack.com/brandkit/tools",
+  lytics: "https://mcp.contentstack.com/lytics/tools",
+  personalize: "https://mcp.contentstack.com/personalize/tools",
+  analytics: "https://mcp.contentstack.com/analytics/tools",
+  launch: "https://mcp.contentstack.com/launch/tools",
+  developerhub: "https://mcp.contentstack.com/developerhub/tools"
+};
+
+// src/oauth.ts
+var ContentstackOAuthHandler = class _ContentstackOAuthHandler {
+  appId;
+  clientId;
+  redirectUri;
+  responseType = "code";
+  port = 8184;
+  region;
+  codeVerifier;
+  codeChallenge;
+  oauthBaseUrl;
+  devHubUrl;
+  configDir;
+  configFile;
+  authCompleted = false;
+  constructor() {
+    this.appId = process.env.CONTENTSTACK_OAUTH_APP_ID ?? "68340a606295230012cb88fd";
+    this.clientId = process.env.CONTENTSTACK_OAUTH_CLIENT_ID ?? "cGQZujH3Y_oYkf59";
+    this.redirectUri = process.env.CONTENTSTACK_OAUTH_REDIRECT_URI ?? "http://localhost:8184";
+    this.configDir = this.getConfigDir();
+    this.configFile = path.join(this.configDir, "oauth-config.json");
+  }
+  getConfigDir() {
+    const platform = process.platform;
+    const dirName = "ContentstackMCP";
+    if (platform === "win32") {
+      return path.join(os.homedir(), "AppData", "Local", dirName);
+    } else if (platform === "darwin") {
+      return path.join(os.homedir(), "Library", "Application Support", dirName);
+    } else {
+      return path.join(os.homedir(), ".config", dirName);
+    }
+  }
+  async showMainMenu() {
+    try {
+      await this.ensureConfigDir();
+      let exitProgram = false;
+      while (!exitProgram) {
+        const { action } = await inquirer.prompt([
+          {
+            type: "list",
+            name: "action",
+            message: "Select an action:",
+            choices: [
+              { name: "Authorization", value: "auth" },
+              { name: "Exit", value: "exit" }
+            ]
+          }
+        ]);
+        switch (action) {
+          case "auth":
+            await this.showAuthMenu();
+            break;
+          case "exit":
+            exitProgram = true;
+            break;
+        }
+      }
+    } catch (error) {
+      const err = error;
+      console.error("Error:", err.message);
+      process.exit(1);
+    }
+  }
+  async showAuthMenu() {
+    const { authAction } = await inquirer.prompt([
+      {
+        type: "list",
+        name: "authAction",
+        message: "Authorization actions:",
+        choices: [
+          { name: "Login", value: "login" },
+          { name: "Reauthorize", value: "reauth" },
+          { name: "Logout", value: "logout" },
+          { name: "Back", value: "back" }
+        ]
+      }
+    ]);
+    switch (authAction) {
+      case "login":
+        await this.login();
+        break;
+      case "logout":
+        await this.logout();
+        process.exit(0);
+        break;
+      case "reauth":
+        await this.reauthorize();
+        break;
+      case "back":
+        return;
+    }
+  }
+  async login() {
+    try {
+      await this.selectRegion();
+      await this.startOAuthFlow();
+    } catch (error) {
+      const err = error;
+      console.error("Authentication failed:", err.message);
+    }
+  }
+  async reauthorize() {
+    try {
+      const config = await this.loadConfig();
+      if (config && config.region) {
+        this.applyRegion(config.region);
+        await this.saveConfig({ region: config.region });
+        console.log("Existing tokens cleared. Starting reauthorization...");
+        await this.startOAuthFlow();
+      } else {
+        console.log("No existing configuration found. Starting login flow...");
+        await this.login();
+      }
+    } catch (error) {
+      const err = error;
+      console.error("Reauthorization failed:", err.message);
+    }
+  }
+  applyRegion(region) {
+    this.region = region;
+    this.oauthBaseUrl = OAUTH_URLS[region]?.uiHost;
+    this.devHubUrl = `${OAUTH_URLS[region]?.devHub}`;
+  }
+  async logout() {
+    try {
+      const config = await this.loadConfig();
+      if (!config || !config.access_token) {
+        console.error("No active session found.");
+        return;
+      }
+      if (config.region) {
+        this.applyRegion(config.region);
+        try {
+          const authorizationId = await this.getOAuthAppAuthorization(
+            config.access_token,
+            config.user_uid,
+            config.organization_uid
+          );
+          if (authorizationId) {
+            await this.revokeOAuthAppAuthorization(
+              authorizationId,
+              config.access_token,
+              config.organization_uid
+            );
+            console.log("Successfully revoked OAuth app authorization.");
+          }
+        } catch (error) {
+          console.warn(
+            `Error revoking OAuth app authorization: ${error.message}. Proceeding with local logout.`
+          );
+        }
+      }
+      await fs.unlink(this.configFile).catch(() => {
+      });
+      console.log("Logged out successfully. All configuration removed.");
+    } catch (error) {
+      console.error(`Logout failed: ${error.message}`);
+      throw new Error("Failed to complete logout");
+    }
+  }
+  async getOAuthAppAuthorization(accessToken, userUid, organizationUid) {
+    try {
+      const headers = {
+        authorization: `Bearer ${accessToken}`,
+        organization_uid: organizationUid,
+        "Content-type": "application/json"
+      };
+      const response = await axios.get(
+        `${this.devHubUrl}/manifests/${this.appId}/authorizations`,
+        { headers }
+      );
+      const data = response.data;
+      if (data?.data?.length > 0) {
+        if (!userUid) {
+          throw new Error("Unable to determine user UID for authorization");
+        }
+        const currentUserAuthorization = data.data.filter((element) => element.user.uid === userUid) || [];
+        if (currentUserAuthorization.length === 0) {
+          console.warn("No authorizations found for current user!");
+          return null;
+        }
+        return currentUserAuthorization[0].authorization_uid;
+      } else {
+        console.warn("No authorizations found for the app!");
+        return null;
+      }
+    } catch (error) {
+      console.error(`Error getting OAuth app authorizations: ${error.message}`);
+      throw error;
+    }
+  }
+  async revokeOAuthAppAuthorization(authorizationId, accessToken, organizationUid) {
+    if (!authorizationId || authorizationId.length < 1) {
+      throw new Error("Invalid authorization ID");
+    }
+    try {
+      const headers = {
+        authorization: `Bearer ${accessToken}`,
+        organization_uid: organizationUid,
+        "Content-type": "application/json"
+      };
+      await axios.delete(
+        `${this.devHubUrl}/manifests/${this.appId}/authorizations/${authorizationId}`,
+        { headers }
+      );
+      console.log(`Successfully revoked authorization ID: ${authorizationId}`);
+    } catch (error) {
+      console.error(`Error revoking OAuth app authorization: ${error.message}`);
+      throw error;
+    }
+  }
+  static async getAuthHeaders() {
+    const handler = new _ContentstackOAuthHandler();
+    const tokenData = await handler.ensureValidToken();
+    if (!tokenData) {
+      throw new Error(
+        "Not authenticated. Please run the authentication command first."
+      );
+    }
+    return {
+      Authorization: `Bearer ${tokenData.access_token}`,
+      organization_uid: tokenData.organization_uid
+    };
+  }
+  async selectRegion() {
+    const regionKeys = Object.keys(OAUTH_URLS);
+    const choices = regionKeys.map((key) => ({
+      name: `${OAUTH_URLS[key].name} (${key})`,
+      value: key
+    }));
+    const { selectedRegion } = await inquirer.prompt([
+      {
+        type: "list",
+        name: "selectedRegion",
+        message: "Select your Contentstack region:",
+        choices
+      }
+    ]);
+    this.region = selectedRegion;
+    if (!this.region) {
+      console.error("Invalid region selected.");
+      return;
+    }
+    this.oauthBaseUrl = OAUTH_URLS[this.region]?.uiHost;
+    this.devHubUrl = `${OAUTH_URLS[this.region]?.devHub}/apps`;
+    await this.saveConfig({ region: this.region });
+    console.log(`Selected region: ${OAUTH_URLS[this.region]?.name}`);
+  }
+  async saveConfig(config) {
+    await fs.writeFile(this.configFile, JSON.stringify(config, null, 2));
+  }
+  async loadConfig() {
+    try {
+      const data = await fs.readFile(this.configFile, "utf8");
+      return JSON.parse(data);
+    } catch (error) {
+      if (error.code === "ENOENT") {
+        return null;
+      }
+      throw new Error(`Failed to load config: ${error.message}`);
+    }
+  }
+  async ensureConfigDir() {
+    try {
+      await fs.mkdir(this.configDir, { recursive: true });
+    } catch (error) {
+      if (error.code === "EACCES") {
+        throw new Error(
+          `Permission denied when creating config directory at ${this.configDir}. Please check your permissions.`
+        );
+      }
+      throw error;
+    }
+  }
+  async startOAuthFlow() {
+    if (!this.region) {
+      console.log("Region not configured. Please select a region first.");
+      await this.selectRegion();
+    }
+    this.codeVerifier = this.generateCodeVerifier();
+    this.codeChallenge = await this.generateCodeChallenge(this.codeVerifier);
+    this.authCompleted = false;
+    const server = this.createHTTPServer();
+    try {
+      await this.openAuthorizationUrl();
+      let attempts = 0;
+      const maxAttempts = 120;
+      console.log("Waiting for authentication to complete...");
+      while (!this.authCompleted && attempts < maxAttempts) {
+        await new Promise((resolve) => setTimeout(resolve, 1e3));
+        attempts++;
+      }
+      if (server.listening) {
+        server.close();
+        if (!this.authCompleted) {
+          console.log("Authentication timed out. Please try again.");
+          console.log(
+            "If you're experiencing network issues, try running the command again."
+          );
+        }
+      }
+      if (this.authCompleted) {
+        console.log("Authentication completed successfully.");
+        process.exit(0);
+      }
+    } catch (error) {
+      console.error("OAuth flow failed:", error);
+      if (server.listening) {
+        server.close();
+      }
+      throw error;
+    }
+  }
+  generateCodeVerifier(length = 128) {
+    const charset = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~";
+    return Array.from(
+      { length },
+      () => charset.charAt(Math.floor(Math.random() * charset.length))
+    ).join("");
+  }
+  async generateCodeChallenge(codeVerifier) {
+    const hash = crypto.createHash("sha256");
+    hash.update(codeVerifier);
+    const hashBuffer = hash.digest();
+    const base64String = hashBuffer.toString("base64");
+    return base64String.replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+  }
+  createHTTPServer() {
+    let requestHandled = false;
+    const server = http.createServer(
+      async (req, res) => {
+        if (req.url === "/favicon.ico") {
+          res.writeHead(204);
+          res.end();
+          return;
+        }
+        if (requestHandled) {
+          res.writeHead(200, { "Content-Type": "text/html" });
+          res.end(
+            "<html><body><h3>Request already processed.</h3><p>You can close this window and return to the terminal.</p></body></html>"
+          );
+          return;
+        }
+        const queryObject = url.parse(req.url ?? "", true).query;
+        if (!queryObject.code) {
+          console.error(
+            "Error occurred while logging in with OAuth. No authorization code received."
+          );
+          this.sendErrorResponse(res);
+          return;
+        }
+        requestHandled = true;
+        console.log("Authorization code successfully received.");
+        try {
+          await this.exchangeCodeForToken(queryObject.code);
+          this.sendSuccessResponse(res);
+          this.authCompleted = true;
+          setTimeout(() => {
+            if (server.listening) {
+              server.close(() => {
+                console.log("OAuth flow completed successfully.");
+              });
+            }
+          }, 1e3);
+        } catch (error) {
+          const err = error;
+          console.error("Error exchanging code for token:", err.message);
+          this.sendErrorResponse(res);
+          setTimeout(() => {
+            if (server.listening) {
+              server.close();
+            }
+          }, 1e3);
+        }
+      }
+    );
+    server.listen(this.port, () => {
+      console.log(`Waiting for authorization response on port ${this.port}...`);
+    });
+    server.on("error", (err) => {
+      console.error("Server error:", err);
+      if (err.code === "EADDRINUSE") {
+        console.error(
+          `Port ${this.port} is already in use. Please ensure no other instances are running.`
+        );
+      }
+      process.exit(1);
+    });
+    return server;
+  }
+  sendSuccessResponse(res) {
+    const successHtml = `
+       <!DOCTYPE html>
+      <html>
+      <head>
+        <title>Contentstack MCP - Authorization Successful</title>
+      <style>
+        body { font-family: Arial, sans-serif; text-align: center; margin-top: 100px; }
+        h1 { color: #6c5ce7; }
+        p { color: #475161; margin-bottom: 20px; }
+        a { color: #6c5ce7; text-decoration: none; }
+      </style>
+       </head>
+      <body>
+      <h1>Successfully authorized!</h1>
+      <p style="font-size: 16px; font-weight: 600">You can close this window and return to the terminal.</p>
+      <p>
+        You can review the access permissions on the
+        <a href="${this.oauthBaseUrl}/#!/marketplace/authorized-apps" target="_blank">Authorized Apps page</a>.
+      </p>
+       </body>
+      </html>`;
+    res.writeHead(200, { "Content-Type": "text/html" });
+    res.end(successHtml);
+  }
+  sendErrorResponse(res) {
+    const errorHtml = `
+           <!DOCTYPE html>
+      <html>
+      <head>
+        <title>Contentstack MCP - Authorization Failed</title>
+        <style>
+        body { font-family: Arial, sans-serif; text-align: center; margin-top: 100px; }
+        h1 { color: #e74c3c; }
+        p { color: #475161; }
+       </style>
+      </head>
+      <body>
+      <h1>Authentication Failed</h1>
+      <p>Please try again by rerunning the authentication command.</p>
+       </body>
+      </html>`;
+    res.writeHead(200, { "Content-Type": "text/html" });
+    res.end(errorHtml);
+  }
+  async openAuthorizationUrl() {
+    if (!this.oauthBaseUrl) throw new Error("oauthBaseUrl not set");
+    const authUrl = new URL(
+      `${this.oauthBaseUrl}/#!/apps/${this.appId}/authorize`
+    );
+    authUrl.searchParams.set("response_type", this.responseType);
+    authUrl.searchParams.set("client_id", this.clientId);
+    authUrl.searchParams.set("redirect_uri", this.redirectUri);
+    authUrl.searchParams.set("code_challenge", this.codeChallenge ?? "");
+    authUrl.searchParams.set("code_challenge_method", "S256");
+    const authUrlString = authUrl.toString();
+    console.log("Opening browser to authorize application...");
+    console.log(
+      "If the browser does not open automatically, please open this URL:"
+    );
+    console.log("\x1B[36m%s\x1B[0m", authUrlString);
+    try {
+      await open(authUrlString);
+    } catch (error) {
+      console.error(
+        "Failed to open browser automatically. Please copy and paste the URL manually."
+      );
+      console.log("\x1B[36m%s\x1B[0m", authUrlString);
+    }
+  }
+  async exchangeCodeForToken(code) {
+    const params = new URLSearchParams({
+      grant_type: "authorization_code",
+      client_id: this.clientId,
+      code_verifier: this.codeVerifier ?? "",
+      redirect_uri: this.redirectUri,
+      code
+    });
+    try {
+      const response = await axios.post(
+        `${this.devHubUrl}/token`,
+        params,
+        {
+          headers: { "Content-Type": "application/x-www-form-urlencoded" }
+        }
+      );
+      const tokenData = response.data;
+      if (!tokenData.access_token) {
+        throw new Error("Invalid token response");
+      }
+      const existingConfig = await this.loadConfig();
+      const region = this.region || existingConfig?.region;
+      if (!region) {
+        throw new Error("Region not specified");
+      }
+      await this.saveConfig({
+        ...tokenData,
+        region,
+        token_issued_at: Date.now()
+      });
+      console.log("Access token obtained successfully.");
+      return tokenData;
+    } catch (error) {
+      console.error(
+        "Token exchange failed:",
+        error.response?.data || error.message
+      );
+      throw new Error("Failed to exchange authorization code for tokens");
+    }
+  }
+  async ensureValidToken() {
+    const config = await this.loadConfig();
+    if (!config || !config.access_token || !config.region) return null;
+    const region = config.region;
+    this.applyRegion(region);
+    const now = Date.now();
+    const expiryTime = config.token_issued_at + config.expires_in * 1e3;
+    if (now >= expiryTime - 5 * 60 * 1e3) {
+      return this.refreshToken(config.refresh_token);
+    }
+    return config;
+  }
+  async refreshToken(refreshToken) {
+    const params = new URLSearchParams({
+      grant_type: "refresh_token",
+      client_id: this.clientId,
+      refresh_token: refreshToken,
+      redirect_uri: this.redirectUri
+    });
+    try {
+      const response = await axios.post(
+        `${this.devHubUrl}/token`,
+        params,
+        {
+          headers: { "Content-Type": "application/x-www-form-urlencoded" }
+        }
+      );
+      const tokenData = response.data;
+      if (!tokenData.access_token) throw new Error("Invalid token response");
+      const existingConfig = await this.loadConfig();
+      await this.saveConfig({
+        ...existingConfig,
+        ...tokenData,
+        refresh_token: tokenData.refresh_token ?? existingConfig?.refresh_token,
+        token_issued_at: Date.now()
+      });
+      return await this.loadConfig();
+    } catch (error) {
+      console.error(
+        "Token refresh failed:",
+        error.response?.data || error.message
+      );
+      throw new Error("Failed to refresh access token");
+    }
+  }
 };
+var oauth_default = ContentstackOAuthHandler;
 
 // src/utils/index.ts
-import axios from "axios";
-var getBaseUrl = (region, group) => {
+import axios2 from "axios";
+import fs2 from "fs";
+var fetchToolsJson = async (url2) => {
+  try {
+    if (url2.startsWith("http")) {
+      return await axios2.get(url2);
+    }
+    return { data: JSON.parse(fs2.readFileSync(url2, "utf8")) };
+  } catch (error) {
+    throw new Error(`Error fetching tools from ${url2}: ${error}`);
+  }
+};
+var getBaseUrl = (region, group, subgroup) => {
   if (group === GroupEnum.CMA) {
     return CMA_URLS[region];
   } else if (group === GroupEnum.CDA) {
     return CDA_URLS[region];
+  } else if (group === "brandkit") {
+    if (!subgroup) {
+      throw new Error("Subgroup is required for brandkit group");
+    }
+    return BRANDKIT_URLS[subgroup][region];
+  } else if (group === GroupEnum.LYTICS) {
+    return LYTICS_URL;
+  } else if (group === GroupEnum.PERSONALIZE) {
+    return PERSONALIZE_URLS[region];
+  } else if (group === GroupEnum.ANALYTICS) {
+    return ANALYTICS_URLS[region];
+  } else if (group === GroupEnum.LAUNCH) {
+    return LAUNCH_URLS[region];
+  } else if (group === GroupEnum.DEVELOPERHUB) {
+    return DEVELOPERHUB_URLS[region];
   } else {
     throw new Error(`Invalid group: ${group}`);
   }
 };
-var getTools = async (group) => {
+var getTools = async (groups) => {
   try {
-    switch (group) {
-      case GroupEnum.CMA: {
-        const response = await axios.get(TOOL_URLS.cma);
-        return { ...response.data };
-      }
-      case GroupEnum.CDA: {
-        const response = await axios.get(TOOL_URLS.cda);
-        return { ...response.data };
-      }
-      case GroupEnum.ALL: {
-        const [contentstackRes, deliveryRes] = await Promise.all([
-          axios.get(TOOL_URLS.cma),
-          axios.get(TOOL_URLS.cda)
-        ]);
-        return {
-          ...contentstackRes.data,
-          ...deliveryRes.data
-        };
-      }
-      default:
-        throw new Error(`Invalid group: ${group}`);
+    const urlMapping = {
+      [GroupEnum.CMA]: TOOL_URLS.cma,
+      [GroupEnum.CDA]: TOOL_URLS.cda,
+      [GroupEnum.BRANDKIT]: TOOL_URLS.brandkit,
+      [GroupEnum.LYTICS]: TOOL_URLS.lytics,
+      [GroupEnum.PERSONALIZE]: TOOL_URLS.personalize,
+      [GroupEnum.ANALYTICS]: TOOL_URLS.analytics,
+      [GroupEnum.LAUNCH]: TOOL_URLS.launch,
+      [GroupEnum.DEVELOPERHUB]: TOOL_URLS.developerhub
+    };
+    if (groups.includes(GroupEnum.ALL)) {
+      const [
+        cmaRes,
+        cdaRes,
+        brandkitRes,
+        lyticsRes,
+        personalizeRes,
+        analyticsRes,
+        launchRes,
+        developerhubRes
+      ] = await Promise.all([
+        fetchToolsJson(TOOL_URLS.cma),
+        fetchToolsJson(TOOL_URLS.cda),
+        fetchToolsJson(TOOL_URLS.brandkit),
+        fetchToolsJson(TOOL_URLS.lytics),
+        fetchToolsJson(TOOL_URLS.personalize),
+        fetchToolsJson(TOOL_URLS.analytics),
+        fetchToolsJson(TOOL_URLS.launch),
+        fetchToolsJson(TOOL_URLS.developerhub)
+      ]);
+      return {
+        ...cmaRes.data,
+        ...cdaRes.data,
+        ...brandkitRes.data,
+        ...lyticsRes.data,
+        ...personalizeRes.data,
+        ...analyticsRes.data,
+        ...launchRes.data,
+        ...developerhubRes.data
+      };
     }
+    const responses = await Promise.all(
+      groups.map((group) => {
+        const url2 = urlMapping[group];
+        if (!url2) {
+          throw new Error(`Invalid group: ${group}`);
+        }
+        return fetchToolsJson(url2);
+      })
+    );
+    return responses.reduce((allTools, response) => {
+      return { ...allTools, ...response.data };
+    }, {});
   } catch (error) {
-    throw new Error(`Failed to fetch tools for group ${group}`);
+    throw new Error(
+      `Failed to fetch tools: ${error instanceof Error ? error.message : "Unknown error"}`
+    );
   }
 };
-function buildContentstackRequest(actionMapper, args, groupName, options) {
+function resolvePathParam(argKey, args, options) {
+  if (argKey.startsWith("$")) {
+    const realKey = argKey.slice(1);
+    return options[realKey];
+  }
+  return args[argKey] ?? options[argKey];
+}
+async function buildContentstackRequest(actionMapper, args, groupName, subgroupName, options) {
   if (!actionMapper) {
     throw new Error(`Unknown action`);
   }
-  let url = actionMapper.apiUrl;
+  if (actionMapper.type === "graphql") {
+    return buildGraphQLRequest(
+      actionMapper,
+      args,
+      groupName,
+      subgroupName,
+      options
+    );
+  }
+  let url2 = actionMapper.apiUrl;
   if (actionMapper.params) {
-    Object.entries(actionMapper.params).forEach(([paramName, argName]) => {
-      url = url.replace(new RegExp(paramName, "g"), args[argName] ?? "");
+    Object.entries(actionMapper.params).forEach(([placeholder, argKey]) => {
+      const value = resolvePathParam(argKey, args, options);
+      if (value === void 0) {
+        throw new Error(
+          `Missing required path parameter "${argKey}" for URL "${actionMapper.apiUrl}"`
+        );
+      }
+      url2 = url2.replace(
+        new RegExp(placeholder, "g"),
+        encodeURIComponent(String(value))
+      );
     });
   }
   const queryParams = {};
   if (actionMapper.queryParams) {
     Object.entries(actionMapper.queryParams).forEach(([paramName, argName]) => {
       if (args[argName] !== void 0) {
-        queryParams[paramName] = args[argName];
+        const value = args[argName];
+        if (paramName.endsWith("[]")) {
+          const cleanParamName = paramName.slice(0, -2);
+          if (Array.isArray(value)) {
+            queryParams[cleanParamName] = value;
+          } else {
+            queryParams[cleanParamName] = [value];
+          }
+        } else {
+          queryParams[paramName] = value;
+        }
       }
     });
   }
@@ -196,16 +948,40 @@ function buildContentstackRequest(actionMapper, args, groupName, options) {
       }
     }
   }
-  const returnObj = buildReturnValue(
+  const returnObj = await buildReturnValue(
     groupName,
+    subgroupName,
     actionMapper.method,
-    url,
+    url2,
     body,
     queryParams,
     options
   );
   return returnObj;
 }
+async function buildGraphQLRequest(actionMapper, args, groupName, subgroupName, options) {
+  const { query, variables: variableMapping } = actionMapper;
+  const variables = {};
+  Object.entries(variableMapping).forEach(([varName, config]) => {
+    const sourceKey = config["x-mapFrom"];
+    if (args[sourceKey] !== void 0) {
+      variables[varName] = args[sourceKey];
+    }
+  });
+  const graphqlBody = {
+    query,
+    variables
+  };
+  return buildReturnValue(
+    groupName,
+    subgroupName,
+    "POST",
+    actionMapper.apiUrl,
+    graphqlBody,
+    {},
+    options
+  );
+}
 function buildBodyPayload(schema, data) {
   function walk(sch) {
     if (sch.type === "object") {
@@ -263,47 +1039,109 @@ function buildBodyPayload(schema, data) {
   }
   return walk(schema).value;
 }
-function buildReturnValue(groupName, method, url, data, queryParams, options) {
-  if (!url) {
+async function buildReturnValue(groupName, subgroupName, method, url2, data, queryParams, options) {
+  if (!url2) {
     throw new Error("URL is required");
   }
-  const { apiKey, managementToken, deliveryToken, group, region } = options;
-  const baseUrl = getBaseUrl(region, groupName);
-  if (!baseUrl) {
-    throw new Error(`Invalid group: ${group}`);
-  }
-  const fullUrl = `${baseUrl}${url.startsWith("/") ? url : `/${url}`}`;
+  const {
+    apiKey,
+    deliveryToken,
+    brandKitUID,
+    launchProjectId,
+    personalizeProjectId,
+    lyticsAccessToken,
+    region,
+    useOAuth
+  } = options;
+  const baseUrl = getBaseUrl(region, groupName, subgroupName);
+  const fullUrl = `${baseUrl}${url2.startsWith("/") ? url2 : `/${url2}`}`;
   const config = {
     method,
     url: fullUrl,
     data: data || void 0,
     params: Object.keys(queryParams || {}).length > 0 ? queryParams : void 0,
-    headers: {
-      "Content-Type": "application/json",
-      api_key: apiKey
+    paramsSerializer: function(params) {
+      const searchParams = new URLSearchParams();
+      Object.entries(params).forEach(([key, value]) => {
+        if (Array.isArray(value)) {
+          value.forEach((item) => searchParams.append(`${key}[]`, item));
+        } else if (value !== void 0) {
+          searchParams.append(key, value);
+        }
+      });
+      return searchParams.toString();
+    },
+    headers: method === "POST" && data === void 0 ? {} : {
+      "Content-Type": "application/json"
     }
   };
-  switch (groupName) {
-    case GroupEnum.CMA:
-      if (!managementToken) {
-        throw new Error("Management token is required for Contentstack API");
+  if (groupName !== GroupEnum.LYTICS) {
+    config.headers = {
+      ...config.headers,
+      api_key: apiKey
+    };
+  }
+  if (groupName === GroupEnum.CDA) {
+    if (!deliveryToken) {
+      throw new Error("Delivery token is required for Delivery API");
+    }
+    config.headers = {
+      ...config.headers,
+      access_token: deliveryToken
+    };
+  } else if (groupName === GroupEnum.LYTICS) {
+    if (!lyticsAccessToken) {
+      throw new Error("Lytics access token is required for Lytics API");
+    }
+    config.headers = {
+      ...config.headers,
+      Authorization: lyticsAccessToken
+    };
+  } else {
+    if (!useOAuth) {
+      throw new Error(
+        "Please run the command with npx @contentstack/mcp --auth"
+      );
+    }
+    const oauthHeaders = await oauth_default.getAuthHeaders();
+    if (groupName === GroupEnum.BRANDKIT) {
+      if (!brandKitUID) {
+        throw new Error("Brand Kit UID is required for Brand Kit API");
       }
       config.headers = {
         ...config.headers,
-        authorization: managementToken
+        brand_kit_uid: brandKitUID
       };
-      break;
-    case GroupEnum.CDA:
-      if (!deliveryToken) {
-        throw new Error("Delivery token is required for Delivery API");
+    } else if (groupName === GroupEnum.PERSONALIZE) {
+      if (!personalizeProjectId) {
+        throw new Error(
+          "Personalize Project ID is required for Personalize API"
+        );
       }
       config.headers = {
         ...config.headers,
-        access_token: deliveryToken
+        "x-project-uid": personalizeProjectId
       };
-      break;
-    default:
-      throw new Error(`Unknown tool group: ${group}`);
+    } else if (groupName === GroupEnum.ANALYTICS) {
+      config.params = {
+        ...config.params,
+        orgUid: oauthHeaders["organization_uid"]
+      };
+    } else if (groupName === GroupEnum.LAUNCH) {
+      if (!launchProjectId) {
+        throw new Error("Launch Project ID is required for Launch API");
+      }
+      config.headers = {
+        ...config.headers,
+        "apollographql-client-name": "contentfly-client",
+        "apollographql-client-version": "1.3",
+        "x-project-uid": launchProjectId
+      };
+    }
+    config.headers = {
+      ...config.headers,
+      ...oauthHeaders
+    };
   }
   return config;
 }
@@ -311,35 +1149,103 @@ function buildReturnValue(groupName, method, url, data, queryParams, options) {
 // src/index.ts
 dotenv.config();
 var TOKEN_ARGS = {
-  MANAGEMENT: "--management-token",
+  OAUTH: "--auth",
   DELIVERY: "--delivery-token",
   API_KEY: "--stack-api-key",
-  REGION: "--region"
+  BRAND_KIT_ID: "--brand-kit-id",
+  LYTICS_ACCESS_TOKEN: "--lytics-access-token",
+  PERSONALIZE_PROJECT_ID: "--personalize-project-id",
+  LAUNCH_PROJECT_ID: "--launch-project-id",
+  GROUPS: "--groups"
 };
 var GROUPS = {
   ALL: "all",
   CMA: "cma",
-  CDA: "cda"
+  CDA: "cda",
+  BRAND_KIT: "brandkit",
+  LYTICS: "lytics",
+  ANALYTICS: "analytics",
+  PERSONALIZE: "personalize",
+  LAUNCH: "launch",
+  DEVELOPERHUB: "developerhub"
 };
 function getArgValue(argName) {
   const index = process.argv.findIndex((arg) => arg === argName);
   return index !== -1 ? process.argv[index + 1] : null;
 }
-function determineGroup(managementToken, deliveryToken) {
-  if (managementToken?.trim() && deliveryToken?.trim()) {
-    return GROUPS.ALL;
-  }
-  if (managementToken?.trim()) {
-    return GROUPS.CMA;
-  }
-  if (deliveryToken?.trim()) {
-    return GROUPS.CDA;
+function hasNonLyticsGroups(groups) {
+  return groups.some((group) => group !== GROUPS.LYTICS);
+}
+function validateGroupRequirements(groups, options) {
+  const groupsToValidate = groups.includes(GROUPS.ALL) ? [
+    GROUPS.CMA,
+    GROUPS.CDA,
+    GROUPS.BRAND_KIT,
+    GROUPS.LYTICS,
+    GROUPS.ANALYTICS,
+    GROUPS.PERSONALIZE,
+    GROUPS.LAUNCH
+  ] : groups;
+  for (const group of groupsToValidate) {
+    if (group === GROUPS.CDA && !options.deliveryToken) {
+      throw new Error(
+        "Delivery token is required for Content Delivery API (CDA). Please provide it using --delivery-token or CONTENTSTACK_DELIVERY_TOKEN environment variable."
+      );
+    }
+    if (group === GROUPS.LYTICS && !options.lyticsAccessToken) {
+      throw new Error(
+        "Lytics access token is required for Lytics API. Please provide it using --lytics-access-token or LYTICS_ACCESS_TOKEN environment variable."
+      );
+    }
+    if ([
+      GROUPS.CMA,
+      GROUPS.BRAND_KIT,
+      GROUPS.PERSONALIZE,
+      GROUPS.ANALYTICS,
+      GROUPS.LAUNCH
+    ].includes(group) && !options.useOAuth) {
+      let groupName;
+      switch (group) {
+        case GROUPS.CMA:
+          groupName = "Content Management API";
+          break;
+        case GROUPS.BRAND_KIT:
+          groupName = "Brand Kit API";
+          break;
+        case GROUPS.PERSONALIZE:
+          groupName = "Personalize API";
+          break;
+        case GROUPS.ANALYTICS:
+          groupName = "Analytics API";
+          break;
+        case GROUPS.LAUNCH:
+          groupName = "Launch API";
+          break;
+      }
+      throw new Error(
+        `OAuth configuration is required for ${groupName}. Please run with npx @contentstack/mcp --auth first.`
+      );
+    }
+    if (group === GROUPS.BRAND_KIT && !options.brandKitUID) {
+      throw new Error(
+        "Brand Kit ID is required for Brand Kit API. Please provide it using --brand-kit-id or CONTENTSTACK_BRAND_KIT_ID environment variable."
+      );
+    }
+    if (group === GROUPS.PERSONALIZE && !options.personalizeProjectId) {
+      throw new Error(
+        "Personalize Project ID is required for Personalize API. Please provide it using --personalize-project-id or CONTENTSTACK_PERSONALIZE_PROJECT_ID environment variable."
+      );
+    }
+    if (group === GROUPS.LAUNCH && !options.launchProjectId) {
+      throw new Error(
+        "Launch Project ID is required for Launch API. Please provide it using --launch-project-id or CONTENTSTACK_LAUNCH_PROJECT_ID environment variable."
+      );
+    }
   }
-  return null;
 }
 function createContentstackMCPServer(options) {
-  const { group } = options;
-  const server = new Server(
+  const { groups } = options;
+  const mcpServer = new McpServer(
     {
       name: "Contentstack MCP",
       version: package_default.version
@@ -351,10 +1257,10 @@ function createContentstackMCPServer(options) {
     }
   );
   let toolData;
-  server.setRequestHandler(ListToolsRequestSchema, async () => {
+  mcpServer.server.setRequestHandler(ListToolsRequestSchema, async () => {
     try {
-      toolData = await getTools(group);
-      if (!toolData) {
+      toolData = await getTools(groups);
+      if (!toolData || Object.keys(toolData).length === 0) {
         throw new Error("No tools data received");
       }
       return {
@@ -366,7 +1272,7 @@ function createContentstackMCPServer(options) {
       );
     }
   });
-  server.setRequestHandler(CallToolRequestSchema, async (request) => {
+  mcpServer.server.setRequestHandler(CallToolRequestSchema, async (request) => {
     const { name, arguments: args } = request.params;
     if (!name || !args) {
       throw new Error("Invalid request: Missing tool name or arguments");
@@ -377,10 +1283,12 @@ function createContentstackMCPServer(options) {
         throw new Error(`Unknown tool: ${name}`);
       }
       const groupName = toolData[name].group;
-      const requestConfig = buildContentstackRequest(
+      const subgroupName = toolData[name].subGroup ?? void 0;
+      const requestConfig = await buildContentstackRequest(
         mapper,
         args,
         groupName,
+        subgroupName,
         options
       );
       if (apiVersionHeaders.includes(name)) {
@@ -391,7 +1299,7 @@ function createContentstackMCPServer(options) {
       }
       let response;
       try {
-        response = await axios2(requestConfig);
+        response = await axios3(requestConfig);
       } catch (error) {
         console.error("API call failed:", error.response.data);
         throw new Error(
@@ -410,15 +1318,43 @@ function createContentstackMCPServer(options) {
       throw new Error(`Tool execution failed: ${error.message}`);
     }
   });
-  return server;
+  return mcpServer;
+}
+async function checkOAuthConfig() {
+  try {
+    const handler = new oauth_default();
+    const tokenData = await handler.loadConfig();
+    const isConfigured = Boolean(
+      tokenData && tokenData.access_token && tokenData.refresh_token
+    );
+    return { isConfigured, tokenData };
+  } catch (error) {
+    console.warn("OAuth not configured:", error.message);
+    return { isConfigured: false, tokenData: null };
+  }
 }
 async function initializeMCP() {
-  const managementToken = getArgValue(TOKEN_ARGS.MANAGEMENT);
+  const oauthArg = process.argv.includes(TOKEN_ARGS.OAUTH);
+  if (oauthArg) {
+    const handler = new oauth_default();
+    await handler.showMainMenu();
+    return;
+  }
   const apiKey = getArgValue(TOKEN_ARGS.API_KEY);
   const deliveryToken = getArgValue(TOKEN_ARGS.DELIVERY);
-  const region = getArgValue(TOKEN_ARGS.REGION);
-  if (managementToken) {
-    process.env.CONTENTSTACK_MANAGEMENT_TOKEN = managementToken;
+  const brandKitID = getArgValue(TOKEN_ARGS.BRAND_KIT_ID);
+  const launchProjectId = getArgValue(TOKEN_ARGS.LAUNCH_PROJECT_ID);
+  const personalizeProjectId = getArgValue(TOKEN_ARGS.PERSONALIZE_PROJECT_ID);
+  const lyticsAccessToken = getArgValue(TOKEN_ARGS.LYTICS_ACCESS_TOKEN);
+  const groupArg = getArgValue(TOKEN_ARGS.GROUPS) || process.env.GROUPS || "cma";
+  const groups = groupArg.split(",");
+  const invalidGroups = groups.filter(
+    (g) => !Object.values(GROUPS).includes(g)
+  );
+  if (invalidGroups.length > 0) {
+    throw new Error(
+      `Invalid groups specified: ${invalidGroups.join(", ")}. Valid options are: ${Object.values(GROUPS).join(", ")}`
+    );
   }
   if (apiKey) {
     process.env.CONTENTSTACK_API_KEY = apiKey;
@@ -426,23 +1362,42 @@ async function initializeMCP() {
   if (deliveryToken) {
     process.env.CONTENTSTACK_DELIVERY_TOKEN = deliveryToken;
   }
-  if (region) {
-    process.env.CONTENTSTACK_REGION = region;
+  if (lyticsAccessToken) {
+    process.env.LYTICS_ACCESS_TOKEN = lyticsAccessToken;
   }
-  if (!process.env.CONTENTSTACK_API_KEY && !apiKey) {
-    throw new Error("Please provide the Contentstack API key");
+  if (brandKitID) {
+    process.env.CONTENTSTACK_BRAND_KIT_ID = brandKitID;
   }
-  const group = determineGroup(
-    process.env.CONTENTSTACK_MANAGEMENT_TOKEN,
-    process.env.CONTENTSTACK_DELIVERY_TOKEN
-  );
-  const server = createContentstackMCPServer({
+  if (launchProjectId) {
+    process.env.CONTENTSTACK_LAUNCH_PROJECT_ID = launchProjectId;
+  }
+  if (personalizeProjectId) {
+    process.env.CONTENTSTACK_PERSONALIZE_PROJECT_ID = personalizeProjectId;
+  }
+  const { isConfigured: oauthConfigured, tokenData } = await checkOAuthConfig();
+  if (hasNonLyticsGroups(groups) && !process.env.CONTENTSTACK_API_KEY && !apiKey) {
+    throw new Error(
+      "Please provide the Contentstack API key for non-Lytics groups"
+    );
+  }
+  if (!oauthConfigured && !process.env.CONTENTSTACK_DELIVERY_TOKEN && hasNonLyticsGroups(groups)) {
+    console.warn(
+      "Neither OAuth nor delivery token is configured. Please run with npx @contentstack/mcp --auth to authenticate."
+    );
+  }
+  const options = {
     apiKey: process.env.CONTENTSTACK_API_KEY || "",
-    managementToken: process.env.CONTENTSTACK_MANAGEMENT_TOKEN || "",
     deliveryToken: process.env.CONTENTSTACK_DELIVERY_TOKEN || "",
-    region: process.env.CONTENTSTACK_REGION || "NA",
-    group
-  });
+    brandKitUID: process.env.CONTENTSTACK_BRAND_KIT_ID || "",
+    launchProjectId: process.env.CONTENTSTACK_LAUNCH_PROJECT_ID || "",
+    lyticsAccessToken: process.env.LYTICS_ACCESS_TOKEN || "",
+    personalizeProjectId: process.env.CONTENTSTACK_PERSONALIZE_PROJECT_ID || "",
+    region: tokenData?.region,
+    groups,
+    useOAuth: oauthConfigured
+  };
+  validateGroupRequirements(groups, options);
+  const server = createContentstackMCPServer(options);
   const transport = new StdioServerTransport();
   await server.connect(transport);
 }