@crush-protocol/mcp-client 0.4.2 → 0.4.4

package/dist/cli.js

@@ -2,13 +2,18 @@
 import "dotenv/config";
 import { BacktestClient } from "./backtest/backtestClient.js";
 import { ClickHouseDirectClient } from "./clickhouse/directClient.js";
+import { DEFAULT_MCP_SERVER_URL } from "./config.js";
+import { assertManualLoginNotRequired } from "./mcp/authPreflight.js";
 import { OAuthRemoteMcpClient } from "./mcp/oauthRemoteClient.js";
+import { getCachedAuthStatus, loadStoredTokens } from "./mcp/oauthStorage.js";
 import { runProxy } from "./mcp/proxy.js";
 import { RemoteMcpClient } from "./mcp/remoteClient.js";
+import { CLIENT_VERSION } from "./mcp/version.js";
+import { formatAuthStatus, formatDoctorReport, formatSetupSummary, getLoginCommand, } from "./onboarding/cliOutput.js";
 import { ALL_TARGETS, installClientConfig } from "./setup/setupClients.js";
-const MCP_SERVER_URL = process.env.CRUSH_MCP_SERVER_URL || "https://crush-mcp-ats.dev.xexlab.com/mcp";
+const MCP_SERVER_URL = process.env.CRUSH_MCP_SERVER_URL || DEFAULT_MCP_SERVER_URL;
 const printUsage = () => {
-    console.log(`\ncrush-mcp-client\n\nGeneral:\n  login [SERVER_URL]\n  proxy [SERVER_URL]            — stdio proxy (login once, use everywhere)\n  setup [--cursor] [--claude] [--codex] [--gemini] [--opencode] [--all] [--scope user|project]\n  tools:list [--token TOKEN]\n  tool:call --name TOOL_NAME [--args JSON] [--token TOKEN]\n  ping [--token TOKEN]\n\nBacktest:\n  backtest:schema [--token TOKEN]\n  backtest:tokens [--platform PLATFORM] [--token TOKEN]\n  backtest:validate --expression JSON [--data-source kline|factors] [--token TOKEN]\n  backtest:create --config JSON [--backtest-id ID] [--token TOKEN]\n  backtest:list [--status STATUS] [--limit N] [--offset N] [--token TOKEN]\n\nClickHouse:\n  clickhouse:list-tables [--ch-host HOST --ch-port PORT --ch-user USER --ch-password PASS --ch-database DB]\n  clickhouse:query --sql SQL [--ch-host HOST --ch-port PORT --ch-user USER --ch-password PASS --ch-database DB --ch-row-cap N]\n\nAuth:\n  --token TOKEN uses a provided OAuth access token.\n  Without --token, OAuth runs automatically in the browser when needed.\n\nProxy Mode (recommended for AI tools):\n  1. Login once:  npx @crush-protocol/mcp-client login SERVER_URL\n  2. Configure:   { "command": "npx", "args": ["-y", "@crush-protocol/mcp-client", "proxy", "SERVER_URL"] }\n\nEnv:\n  CRUSH_MCP_SERVER_URL\n  CRUSH_OAUTH_ACCESS_TOKEN\n  CH_HOST, CH_PORT, CH_USER, CH_PASSWORD, CH_DATABASE, CH_ROW_CAP\n`);
+    console.log(`\ncrush-mcp-client v${CLIENT_VERSION}\n\nQuick start:\n  setup [--cursor] [--claude] [--codex] [--gemini] [--opencode] [--all] [--scope user|project]\n  login\n  ping\n\nGeneral:\n  auth:status                  Show whether Crush is authenticated on this machine\n  doctor                       Check auth state and connectivity\n  proxy [SERVER_URL]           stdio proxy mode for MCP hosts\n  tools:list [--token TOKEN]\n  tool:call --name TOOL_NAME [--args JSON] [--token TOKEN]\n  ping [--token TOKEN]\n  --version\n\nBacktest:\n  backtest:schema [--token TOKEN]\n  backtest:tokens [--platform PLATFORM] [--token TOKEN]\n  backtest:validate --expression JSON [--data-source kline|factors] [--token TOKEN]\n  backtest:create --config JSON [--backtest-id ID] [--token TOKEN]\n  backtest:list [--status STATUS] [--limit N] [--offset N] [--token TOKEN]\n\nClickHouse:\n  clickhouse:list-tables [--ch-host HOST --ch-port PORT --ch-user USER --ch-password PASS --ch-database DB]\n  clickhouse:query --sql SQL [--ch-host HOST --ch-port PORT --ch-user USER --ch-password PASS --ch-database DB --ch-row-cap N]\n\nAuthentication:\n  Without --token, Crush uses locally cached OAuth credentials.\n  If not authenticated yet, run:\n    ${getLoginCommand(MCP_SERVER_URL)}\n\nEnv:\n  CRUSH_MCP_SERVER_URL\n  CRUSH_OAUTH_ACCESS_TOKEN\n  CH_HOST, CH_PORT, CH_USER, CH_PASSWORD, CH_DATABASE, CH_ROW_CAP\n`);
 };
 const parseFlags = (args) => {
     const flags = {};
@@ -34,6 +39,7 @@ const requireString = (value, message) => {
     return value;
 };
 const getServerUrl = (override) => override || MCP_SERVER_URL;
+const getExplicitToken = (flags) => typeof flags.token === "string" ? flags.token : process.env.CRUSH_OAUTH_ACCESS_TOKEN || "";
 const getSetupTargets = (flags) => {
     if (flags.all === true) {
         return [...ALL_TARGETS];
@@ -54,7 +60,7 @@ const getSetupTargets = (flags) => {
 const createSmartClient = (flags) => {
     const serverUrl = getServerUrl(typeof flags.server === "string" ? flags.server : undefined);
     // 显式传了 token → 用简单客户端
-    const explicitToken = typeof flags.token === "string" ? flags.token : process.env.CRUSH_OAUTH_ACCESS_TOKEN || "";
+    const explicitToken = getExplicitToken(flags);
     if (explicitToken) {
         return {
             client: new RemoteMcpClient({ serverUrl, token: explicitToken }),
@@ -68,6 +74,11 @@ const createSmartClient = (flags) => {
     };
 };
 const connectClient = async (flags) => {
+    const explicitToken = getExplicitToken(flags);
+    if (!explicitToken) {
+        const serverUrl = getServerUrl(typeof flags.server === "string" ? flags.server : undefined);
+        await assertManualLoginNotRequired(serverUrl);
+    }
     const { client, needsOAuthConnect } = createSmartClient(flags);
     if (needsOAuthConnect) {
         await client.connect();
@@ -77,6 +88,78 @@ const connectClient = async (flags) => {
     }
     return client;
 };
+const buildDoctorChecks = async (flags) => {
+    const serverUrl = getServerUrl(typeof flags.server === "string" ? flags.server : undefined);
+    const checks = [];
+    const explicitToken = getExplicitToken(flags);
+    const authStatus = await getCachedAuthStatus(serverUrl);
+    checks.push({
+        status: serverUrl === DEFAULT_MCP_SERVER_URL ? "ok" : "warn",
+        label: "MCP server URL",
+        detail: serverUrl === DEFAULT_MCP_SERVER_URL
+            ? "Using the official hosted Crush MCP URL."
+            : `Using a custom MCP URL: ${serverUrl}`,
+    });
+    if (explicitToken) {
+        checks.push({
+            status: "ok",
+            label: "Access token",
+            detail: "Using an explicit OAuth access token from --token or CRUSH_OAUTH_ACCESS_TOKEN.",
+        });
+    }
+    else if (authStatus.status === "authenticated") {
+        checks.push({
+            status: "ok",
+            label: "Cached credentials",
+            detail: `OAuth credentials found${authStatus.storageFile ? ` in ${authStatus.storageFile}` : ""}.`,
+        });
+    }
+    else if (authStatus.status === "registered") {
+        checks.push({
+            status: "warn",
+            label: "Cached credentials",
+            detail: `Crush client registration exists, but no usable access token was found. Run: ${getLoginCommand(serverUrl)}`,
+        });
+    }
+    else {
+        checks.push({
+            status: "warn",
+            label: "Cached credentials",
+            detail: `No local Crush credentials found. Run: ${getLoginCommand(serverUrl)}`,
+        });
+    }
+    const storedTokens = explicitToken ? undefined : await loadStoredTokens(serverUrl);
+    const accessToken = explicitToken || storedTokens?.access_token || "";
+    if (!accessToken) {
+        checks.push({
+            status: "warn",
+            label: "Connectivity",
+            detail: "Skipped MCP connectivity check because no access token is available yet.",
+        });
+        return { serverUrl, checks };
+    }
+    const client = new RemoteMcpClient({ serverUrl, token: accessToken });
+    try {
+        await client.connect();
+        await client.ping();
+        checks.push({
+            status: "ok",
+            label: "Connectivity",
+            detail: "Connected to Crush MCP and ping succeeded.",
+        });
+    }
+    catch (error) {
+        checks.push({
+            status: "error",
+            label: "Connectivity",
+            detail: `Failed to connect to Crush MCP: ${error.message}`,
+        });
+    }
+    finally {
+        await client.close().catch(() => undefined);
+    }
+    return { serverUrl, checks };
+};
 const createClickHouseClient = (flags) => {
     const host = typeof flags["ch-host"] === "string" ? flags["ch-host"] : (process.env.CH_HOST ?? "localhost");
     const portRaw = typeof flags["ch-port"] === "string" ? flags["ch-port"] : (process.env.CH_PORT ?? "8123");
@@ -111,10 +194,27 @@ const run = async () => {
     // 如果没有已知子命令，自动进入 proxy 模式
     const isStdioPipe = !process.stdin.isTTY;
     const knownCommands = new Set([
-        "proxy", "login", "setup", "tools:list", "tool:call", "ping",
-        "backtest:schema", "backtest:tokens", "backtest:validate", "backtest:create", "backtest:list",
-        "clickhouse:list-tables", "clickhouse:query",
-        "help", "--help", "-h",
+        "proxy",
+        "login",
+        "setup",
+        "auth:status",
+        "doctor",
+        "tools:list",
+        "tool:call",
+        "ping",
+        "backtest:schema",
+        "backtest:tokens",
+        "backtest:validate",
+        "backtest:create",
+        "backtest:list",
+        "clickhouse:list-tables",
+        "clickhouse:query",
+        "help",
+        "--help",
+        "-h",
+        "version",
+        "--version",
+        "-v",
     ]);
     if (isStdioPipe && (!command || !knownCommands.has(command))) {
         // 无命令或第一个参数是 URL → 自动进入 proxy 模式
@@ -126,6 +226,10 @@ const run = async () => {
         printUsage();
         return;
     }
+    if (command === "version" || command === "--version" || command === "-v") {
+        console.log(CLIENT_VERSION);
+        return;
+    }
     const flags = parseFlags(rest);
     switch (command) {
         case "proxy": {
@@ -139,11 +243,23 @@ const run = async () => {
             // login [SERVER_URL] — 第一个非 flag 参数作为 server URL
             const loginUrl = rest.find((a) => !a.startsWith("--"));
             const serverUrl = getServerUrl(loginUrl);
-            console.log(`Connecting to ${serverUrl} ...`);
+            const authStatus = await getCachedAuthStatus(serverUrl);
+            console.log("Connecting to Crush...");
+            console.log(`Server: ${serverUrl}`);
+            if (authStatus.status === "authenticated") {
+                console.log("Existing credentials found. Verifying they are still valid...");
+            }
+            else {
+                console.log("Opening browser for authorization...");
+                console.log("If the browser does not open, use the authorization URL printed below.");
+                console.log("Waiting for authorization callback on:");
+                console.log("http://127.0.0.1:8787/oauth/callback");
+            }
             const client = new OAuthRemoteMcpClient({ serverUrl });
             try {
                 await client.ensureAuthorized();
-                console.log("OAuth authorization is ready. Tokens are stored locally.");
+                console.log("Crush login complete.");
+                console.log("Credentials are stored locally and will be reused across supported MCP hosts.");
             }
             finally {
                 await client.close();
@@ -153,17 +269,29 @@ const run = async () => {
         case "setup": {
             const targets = getSetupTargets(flags);
             if (targets.length === 0) {
-                throw new Error(`Specify at least one setup target: ${ALL_TARGETS.map((t) => "--" + t).join(", ")}, or --all`);
+                throw new Error(`Specify at least one setup target: ${ALL_TARGETS.map((t) => `--${t}`).join(", ")}, or --all`);
             }
             const rawScope = typeof flags.scope === "string" ? flags.scope : "user";
             if (rawScope !== "user" && rawScope !== "project") {
                 throw new Error("Invalid --scope. Expected 'user' or 'project'.");
             }
             const scope = rawScope;
+            const results = [];
             for (const target of targets) {
-                const location = installClientConfig(target, scope);
-                console.log(`[setup] ${target}: configured (${location})`);
+                results.push(installClientConfig(target, scope));
             }
+            console.log(formatSetupSummary(results, scope));
+            return;
+        }
+        case "auth:status": {
+            const serverUrl = getServerUrl(typeof flags.server === "string" ? flags.server : undefined);
+            const authStatus = await getCachedAuthStatus(serverUrl);
+            console.log(formatAuthStatus(authStatus));
+            return;
+        }
+        case "doctor": {
+            const { serverUrl, checks } = await buildDoctorChecks(flags);
+            console.log(formatDoctorReport(serverUrl, checks));
             return;
         }
         case "tools:list": {

package/dist/config.d.ts

@@ -0,0 +1,4 @@
+export declare const PACKAGE_NAME = "@crush-protocol/mcp-client";
+export declare const SERVER_NAME = "crush-protocol";
+export declare const DEFAULT_MCP_SERVER_URL = "https://crush-mcp-ats.dev.xexlab.com/mcp";
+export declare const DEFAULT_OAUTH_SCOPE = "mcp:tools";

package/dist/config.js

@@ -0,0 +1,4 @@
+export const PACKAGE_NAME = "@crush-protocol/mcp-client";
+export const SERVER_NAME = "crush-protocol";
+export const DEFAULT_MCP_SERVER_URL = "https://crush-mcp-ats.dev.xexlab.com/mcp";
+export const DEFAULT_OAUTH_SCOPE = "mcp:tools";

package/dist/mcp/authPreflight.d.ts

@@ -0,0 +1,9 @@
+import { type CachedAuthStatus } from "./oauthStorage.js";
+export type AuthPreflightResult = {
+    authStatus: CachedAuthStatus;
+    requiresManualLogin: boolean;
+    canAutoRefreshLogin: boolean;
+};
+export declare const getAuthPreflight: (serverUrl: string) => Promise<AuthPreflightResult>;
+export declare const assertManualLoginNotRequired: (serverUrl: string) => Promise<AuthPreflightResult>;
+export declare const getPreflightStatusMessage: (preflight: AuthPreflightResult) => string | null;

package/dist/mcp/authPreflight.js

@@ -0,0 +1,26 @@
+import { formatAutomaticRefreshMessage, formatLoginRequiredMessage } from "../onboarding/cliOutput.js";
+import { getCachedAuthStatus } from "./oauthStorage.js";
+export const getAuthPreflight = async (serverUrl) => {
+    const authStatus = await getCachedAuthStatus(serverUrl);
+    return {
+        authStatus,
+        requiresManualLogin: authStatus.status === "not_authenticated",
+        canAutoRefreshLogin: authStatus.status !== "not_authenticated",
+    };
+};
+export const assertManualLoginNotRequired = async (serverUrl) => {
+    const preflight = await getAuthPreflight(serverUrl);
+    if (preflight.requiresManualLogin) {
+        throw new Error(formatLoginRequiredMessage(serverUrl));
+    }
+    return preflight;
+};
+export const getPreflightStatusMessage = (preflight) => {
+    if (preflight.requiresManualLogin) {
+        return formatLoginRequiredMessage(preflight.authStatus.serverUrl);
+    }
+    if (preflight.authStatus.status === "registered") {
+        return formatAutomaticRefreshMessage(preflight.authStatus.serverUrl);
+    }
+    return null;
+};

package/dist/mcp/oauthProvider.d.ts

@@ -9,6 +9,7 @@ export type InteractiveOAuthProviderOptions = {
     redirectPath?: string;
     storageDir?: string;
     openBrowser?: boolean;
+    authorizationOutput?: "stdout" | "stderr" | "silent";
     onAuthorizationUrl?: (authorizationUrl: URL) => void | Promise<void>;
 };
 export declare class InteractiveOAuthProvider implements OAuthClientProvider {
@@ -17,6 +18,7 @@ export declare class InteractiveOAuthProvider implements OAuthClientProvider {
     private readonly storageFile;
     private readonly scope;
     private readonly openBrowserByDefault;
+    private readonly authorizationOutput;
     private readonly onAuthorizationUrl?;
     private callbackServer?;
     private pendingAuthorization?;

package/dist/mcp/oauthProvider.js

@@ -1,10 +1,10 @@
 import { spawn } from "node:child_process";
-import { createHash, randomBytes } from "node:crypto";
+import { randomBytes } from "node:crypto";
 import { mkdir, readFile, rm, writeFile } from "node:fs/promises";
 import { createServer } from "node:http";
-import os from "node:os";
 import path from "node:path";
-const DEFAULT_SCOPE = "mcp:tools";
+import { DEFAULT_OAUTH_SCOPE } from "../config.js";
+import { defaultStorageDir, getStorageFileForServer } from "./oauthStorage.js";
 const DEFAULT_REDIRECT_PORT = 8787;
 const DEFAULT_REDIRECT_PATH = "/oauth/callback";
 const escapeHtml = (s) => s.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;");
@@ -50,8 +50,6 @@ const renderCallbackHtml = (title, message) => `<!DOCTYPE html>
   </main>
 </body>
 </html>`;
-const defaultStorageDir = () => path.join(os.homedir(), ".crush-mcp");
-const hashServerUrl = (serverUrl) => createHash("sha256").update(serverUrl).digest("hex").slice(0, 16);
 const openBrowser = async (authorizationUrl) => {
     const url = authorizationUrl.toString();
     if (process.env.BROWSER) {
@@ -74,6 +72,7 @@ export class InteractiveOAuthProvider {
     storageFile;
     scope;
     openBrowserByDefault;
+    authorizationOutput;
     onAuthorizationUrl;
     callbackServer;
     pendingAuthorization;
@@ -82,10 +81,11 @@ export class InteractiveOAuthProvider {
         const redirectPort = options.redirectPort ?? DEFAULT_REDIRECT_PORT;
         const redirectPath = options.redirectPath ?? DEFAULT_REDIRECT_PATH;
         this.redirectUrl = new URL(`http://127.0.0.1:${redirectPort}${redirectPath}`);
-        this.scope = options.scope ?? DEFAULT_SCOPE;
+        this.scope = options.scope ?? DEFAULT_OAUTH_SCOPE;
         this.openBrowserByDefault = options.openBrowser ?? true;
+        this.authorizationOutput = options.authorizationOutput ?? "stdout";
         const storageDir = options.storageDir ?? defaultStorageDir();
-        this.storageFile = path.join(storageDir, `oauth-${hashServerUrl(options.serverUrl)}.json`);
+        this.storageFile = getStorageFileForServer(options.serverUrl, storageDir);
         this.onAuthorizationUrl = options.onAuthorizationUrl;
     }
     get clientMetadata() {
@@ -134,7 +134,12 @@ export class InteractiveOAuthProvider {
                 // Fall back to printing the URL when no browser launcher is available.
             }
         }
-        process.stdout.write(`\nOpen this URL to authorize Crush MCP:\n${authorizationUrl.toString()}\n\n`);
+        if (this.authorizationOutput === "stdout") {
+            process.stdout.write(`\nOpen this URL to authorize Crush MCP:\n${authorizationUrl.toString()}\n\n`);
+        }
+        else if (this.authorizationOutput === "stderr") {
+            process.stderr.write(`\nOpen this URL to authorize Crush MCP:\n${authorizationUrl.toString()}\n\n`);
+        }
     }
     async saveCodeVerifier(codeVerifier) {
         const data = await this.loadState();
@@ -169,7 +174,11 @@ export class InteractiveOAuthProvider {
         if (!this.pendingAuthorization) {
             this.createPendingAuthorization();
         }
-        return this.pendingAuthorization.promise;
+        const pendingAuthorization = this.pendingAuthorization;
+        if (!pendingAuthorization) {
+            throw new Error("Pending authorization was not initialized.");
+        }
+        return pendingAuthorization.promise;
     }
     async close() {
         await this.closeCallbackServer();
@@ -208,9 +217,10 @@ export class InteractiveOAuthProvider {
         this.callbackServer = createServer((req, res) => {
             void this.handleCallbackRequest(req, res);
         });
+        const callbackServer = this.callbackServer;
         await new Promise((resolve, reject) => {
-            this.callbackServer.once("error", (error) => reject(error));
-            this.callbackServer.listen(Number(this.redirectUrl.port), this.redirectUrl.hostname, () => resolve());
+            callbackServer.once("error", (error) => reject(error));
+            callbackServer.listen(Number(this.redirectUrl.port), this.redirectUrl.hostname, () => resolve());
         });
     }
     async closeCallbackServer() {

package/dist/mcp/oauthRemoteClient.d.ts

@@ -16,6 +16,9 @@ export declare class OAuthRemoteMcpClient implements McpClientLike {
     private readonly transport;
     private readonly authProvider;
     constructor(options: OAuthRemoteMcpClientOptions);
+    private isAuthError;
+    private recoverAuthorization;
+    private withReauthorization;
     connect(): Promise<void>;
     ensureAuthorized(): Promise<void>;
     runAuthFlow(): Promise<AuthResult>;

package/dist/mcp/oauthRemoteClient.js

@@ -35,25 +35,38 @@ export class OAuthRemoteMcpClient {
             fetch: options.fetch,
         });
     }
+    isAuthError(error) {
+        return (error instanceof UnauthorizedError || String(error).includes("Unauthorized") || String(error).includes("401"));
+    }
+    async recoverAuthorization(error) {
+        if (!this.isAuthError(error)) {
+            throw error;
+        }
+        const authResult = await auth(this.authProvider, {
+            serverUrl: this.options.serverUrl,
+            scope: this.options.scope,
+            fetchFn: this.options.fetch,
+        });
+        if (authResult === "REDIRECT") {
+            const authorizationCode = await this.authProvider.waitForAuthorizationCode();
+            await this.transport.finishAuth(authorizationCode);
+        }
+    }
+    async withReauthorization(operation) {
+        try {
+            return await operation();
+        }
+        catch (error) {
+            await this.recoverAuthorization(error);
+            return operation();
+        }
+    }
     async connect() {
         try {
             await this.client.connect(this.transport);
         }
         catch (error) {
-            if (!(error instanceof UnauthorizedError)) {
-                throw error;
-            }
-            const authResult = await auth(this.authProvider, {
-                serverUrl: this.options.serverUrl,
-                scope: this.options.scope,
-                fetchFn: this.options.fetch,
-            });
-            if (authResult !== "REDIRECT") {
-                await this.client.connect(this.transport);
-                return;
-            }
-            const authorizationCode = await this.authProvider.waitForAuthorizationCode();
-            await this.transport.finishAuth(authorizationCode);
+            await this.recoverAuthorization(error);
             await this.client.connect(this.transport);
         }
     }
@@ -82,15 +95,15 @@ export class OAuthRemoteMcpClient {
         await this.transport.terminateSession();
     }
     async ping() {
-        return this.client.ping();
+        return this.withReauthorization(() => this.client.ping());
     }
     async listTools() {
-        return this.client.listTools();
+        return this.withReauthorization(() => this.client.listTools());
     }
     async callTool(name, args = {}) {
-        return this.client.callTool({
+        return this.withReauthorization(() => this.client.callTool({
             name,
             arguments: args,
-        });
+        }));
     }
 }

package/dist/mcp/oauthStorage.d.ts

@@ -0,0 +1,29 @@
+import type { OAuthClientInformationMixed, OAuthTokens } from "@modelcontextprotocol/sdk/shared/auth.js";
+export type PersistedOAuthState = {
+    clientInformation?: OAuthClientInformationMixed;
+    tokens?: OAuthTokens;
+    codeVerifier?: string;
+};
+export type CachedAuthStatus = {
+    serverUrl: string;
+    matchedServerUrl?: string;
+    storageFile?: string;
+    status: "not_authenticated" | "registered" | "authenticated";
+    hasClientInformation: boolean;
+    hasAccessToken: boolean;
+    hasRefreshToken: boolean;
+    hasCodeVerifier: boolean;
+    scope?: string;
+};
+export declare const defaultStorageDir: () => string;
+export declare const hashServerUrl: (serverUrl: string) => string;
+export declare const getStorageFileForServer: (serverUrl: string, storageDir?: string) => string;
+export declare const getServerUrlCandidates: (serverUrl: string) => string[];
+export declare const readPersistedOAuthState: (storageFile: string) => Promise<PersistedOAuthState | null>;
+export declare const findPersistedOAuthState: (serverUrl: string, storageDir?: string) => Promise<{
+    matchedServerUrl: string;
+    storageFile: string;
+    state: PersistedOAuthState;
+} | null>;
+export declare const loadStoredTokens: (serverUrl: string, storageDir?: string) => Promise<OAuthTokens | undefined>;
+export declare const getCachedAuthStatus: (serverUrl: string, storageDir?: string) => Promise<CachedAuthStatus>;

package/dist/mcp/oauthStorage.js

@@ -0,0 +1,81 @@
+import { createHash } from "node:crypto";
+import { readFile } from "node:fs/promises";
+import os from "node:os";
+import path from "node:path";
+export const defaultStorageDir = () => path.join(os.homedir(), ".crush-mcp");
+export const hashServerUrl = (serverUrl) => createHash("sha256").update(serverUrl).digest("hex").slice(0, 16);
+export const getStorageFileForServer = (serverUrl, storageDir = defaultStorageDir()) => path.join(storageDir, `oauth-${hashServerUrl(serverUrl)}.json`);
+export const getServerUrlCandidates = (serverUrl) => {
+    const candidates = [serverUrl];
+    if (serverUrl.endsWith("/mcp")) {
+        candidates.push(serverUrl.replace(/\/mcp$/, ""));
+    }
+    else {
+        candidates.push(`${serverUrl}/mcp`);
+    }
+    return [...new Set(candidates)];
+};
+export const readPersistedOAuthState = async (storageFile) => {
+    try {
+        const raw = await readFile(storageFile, "utf8");
+        return JSON.parse(raw);
+    }
+    catch (error) {
+        const err = error;
+        if (err.code === "ENOENT") {
+            return null;
+        }
+        throw error;
+    }
+};
+export const findPersistedOAuthState = async (serverUrl, storageDir = defaultStorageDir()) => {
+    for (const candidate of getServerUrlCandidates(serverUrl)) {
+        const storageFile = getStorageFileForServer(candidate, storageDir);
+        const state = await readPersistedOAuthState(storageFile);
+        if (state) {
+            return {
+                matchedServerUrl: candidate,
+                storageFile,
+                state,
+            };
+        }
+    }
+    return null;
+};
+export const loadStoredTokens = async (serverUrl, storageDir = defaultStorageDir()) => {
+    const persisted = await findPersistedOAuthState(serverUrl, storageDir);
+    return persisted?.state.tokens;
+};
+export const getCachedAuthStatus = async (serverUrl, storageDir = defaultStorageDir()) => {
+    const persisted = await findPersistedOAuthState(serverUrl, storageDir);
+    if (!persisted) {
+        return {
+            serverUrl,
+            status: "not_authenticated",
+            hasClientInformation: false,
+            hasAccessToken: false,
+            hasRefreshToken: false,
+            hasCodeVerifier: false,
+        };
+    }
+    const { state, matchedServerUrl, storageFile } = persisted;
+    const hasClientInformation = Boolean(state.clientInformation);
+    const hasAccessToken = typeof state.tokens?.access_token === "string" && state.tokens.access_token.length > 0;
+    const hasRefreshToken = typeof state.tokens?.refresh_token === "string" && state.tokens.refresh_token.length > 0;
+    const hasCodeVerifier = typeof state.codeVerifier === "string" && state.codeVerifier.length > 0;
+    return {
+        serverUrl,
+        matchedServerUrl,
+        storageFile,
+        status: hasAccessToken
+            ? "authenticated"
+            : hasClientInformation || hasCodeVerifier
+                ? "registered"
+                : "not_authenticated",
+        hasClientInformation,
+        hasAccessToken,
+        hasRefreshToken,
+        hasCodeVerifier,
+        scope: state.tokens?.scope,
+    };
+};