@egain/egain-mcp-server 1.0.13 → 1.0.16

package/bin/mcp-server.js

@@ -4046,9 +4046,9 @@ var init_config = __esm(() => {
   SDK_METADATA = {
     language: "typescript",
     openapiDocVersion: "1.0.0",
-    sdkVersion: "1.0.13",
+    sdkVersion: "1.0.16",
     genVersion: "2.723.8",
-    userAgent: "speakeasy-sdk/mcp-typescript 1.0.13 2.723.8 1.0.0 @egain/egain-mcp-server"
+    userAgent: "speakeasy-sdk/mcp-typescript 1.0.16 2.723.8 1.0.0 @egain/egain-mcp-server"
   };
 });
 
@@ -40865,9 +40865,6 @@ class AuthenticationHook {
                 case "CLIENT_ID":
                   config.clientId = cleanValue;
                   break;
-                case "CLIENT_SECRET":
-                  config.clientSecret = cleanValue;
-                  break;
                 case "REDIRECT_URL":
                   config.redirectUri = cleanValue;
                   break;
@@ -40886,9 +40883,6 @@ class AuthenticationHook {
                 case "EGAIN_CLIENT_ID":
                   config.clientId = cleanValue;
                   break;
-                case "EGAIN_CLIENT_SECRET":
-                  config.clientSecret = cleanValue;
-                  break;
                 case "EGAIN_REDIRECT_URI":
                   config.redirectUri = cleanValue;
                   break;
@@ -40909,16 +40903,6 @@ class AuthenticationHook {
     }
     return {};
   }
-  getSafariWarningPage() {
-    try {
-      const projectRoot = getProjectRoot();
-      const htmlPath = path.join(projectRoot, "src", "hooks", "auth-pages", "safari-warning.html");
-      return fs.readFileSync(htmlPath, "utf8");
-    } catch (error) {
-      console.error("⚠️  Could not load Safari warning page:", error);
-      return "<html><body><h1>Safari Not Supported</h1><p>Safari does not support private browsing mode via command line.</p></body></html>";
-    }
-  }
   getConfigPage() {
     try {
       const projectRoot = getProjectRoot();
@@ -40982,19 +40966,15 @@ class AuthenticationHook {
     existingParams.set("scope", scope);
     existingParams.set("forceLogin", "yes");
     existingParams.set("prompt", "login");
-    if (!this.authConfig.clientSecret) {
-      existingParams.set("code_challenge", this.codeChallenge);
-      existingParams.set("code_challenge_method", "S256");
-      console.error("\uD83D\uDD10 Using PKCE flow (public client)");
-    } else {
-      console.error("\uD83D\uDD10 Using SSO/confidential client flow (no PKCE)");
-    }
+    existingParams.set("code_challenge", this.codeChallenge);
+    existingParams.set("code_challenge_method", "S256");
+    console.error("\uD83D\uDD10 Using PKCE flow (public client)");
     const fullUrl = `${baseUrl}?${existingParams.toString()}`;
     return fullUrl;
   }
   async getUserAccessToken(code) {
-    const { clientId, clientSecret, redirectUri, accessUrl } = this.authConfig;
-    console.error("\uD83D\uDD04 Starting token exchange...");
+    const { clientId, redirectUri, accessUrl } = this.authConfig;
+    console.error("\uD83D\uDD04 Starting token exchange with PKCE...");
     if (accessUrl && !accessUrl.toLowerCase().includes("token")) {
       console.error('⚠️  WARNING: Access Token URL does not contain "token" - verify this is correct!');
     }
@@ -41004,64 +40984,33 @@ class AuthenticationHook {
       "Content-Type": "application/x-www-form-urlencoded"
     };
     try {
-      if (clientSecret) {
-        console.error("\uD83D\uDD04 Using SSO/confidential client flow (client_secret only, no PKCE)...");
-        const confidentialClientBody = new URLSearchParams({
-          code,
-          grant_type: "authorization_code",
-          redirect_uri: redirectUri,
-          client_id: clientId,
-          client_secret: clientSecret
-        });
-        const confidentialResponse = await fetch(accessUrl, {
-          method: "POST",
-          headers,
-          body: confidentialClientBody
-        });
-        console.error("\uD83D\uDCE8 Token response received (confidential client):", confidentialResponse.status, confidentialResponse.statusText);
-        if (confidentialResponse.ok) {
-          const data = await confidentialResponse.json();
-          if (data.access_token) {
-            console.error("✅ Token received (confidential client)");
-            await this.saveTokenWithExpiration(data.access_token, data.expires_in);
-            return data.access_token;
-          } else {
-            throw new Error("No access_token in confidential client response");
-          }
+      console.error("\uD83D\uDD04 Using PKCE flow (code_verifier)...");
+      const publicClientBody = new URLSearchParams({
+        code,
+        grant_type: "authorization_code",
+        redirect_uri: redirectUri,
+        client_id: clientId,
+        code_verifier: this.codeVerifier
+      });
+      const publicResponse = await fetch(accessUrl, {
+        method: "POST",
+        headers,
+        body: publicClientBody
+      });
+      console.error("\uD83D\uDCE8 Token response received:", publicResponse.status, publicResponse.statusText);
+      if (publicResponse.ok) {
+        const data = await publicResponse.json();
+        if (data.access_token) {
+          console.error("✅ Token received");
+          await this.saveTokenWithExpiration(data.access_token, data.expires_in);
+          return data.access_token;
         } else {
-          const errorText = await confidentialResponse.text();
-          console.error("❌ Confidential client failed:", confidentialResponse.status);
-          throw new Error(`Token request failed: ${confidentialResponse.status} - ${errorText}`);
+          throw new Error("No access_token in response");
         }
       } else {
-        console.error("\uD83D\uDD04 Using public client flow (PKCE with code_verifier)...");
-        const publicClientBody = new URLSearchParams({
-          code,
-          grant_type: "authorization_code",
-          redirect_uri: redirectUri,
-          client_id: clientId,
-          code_verifier: this.codeVerifier
-        });
-        const publicResponse = await fetch(accessUrl, {
-          method: "POST",
-          headers,
-          body: publicClientBody
-        });
-        console.error("\uD83D\uDCE8 Token response received (public client):", publicResponse.status, publicResponse.statusText);
-        if (publicResponse.ok) {
-          const data = await publicResponse.json();
-          if (data.access_token) {
-            console.error("✅ Token received (public client)");
-            await this.saveTokenWithExpiration(data.access_token, data.expires_in);
-            return data.access_token;
-          } else {
-            throw new Error("No access_token in public client response");
-          }
-        } else {
-          const errorText = await publicResponse.text();
-          console.error("❌ Public client failed:", publicResponse.status);
-          throw new Error(`Token request failed (public client): ${publicResponse.status} - ${errorText}`);
-        }
+        const errorText = await publicResponse.text();
+        console.error("❌ Token exchange failed:", publicResponse.status);
+        throw new Error(`Token request failed: ${publicResponse.status} - ${errorText}`);
       }
     } catch (error) {
       console.error("\uD83D\uDCA5 Token exchange error:", error);
@@ -41229,11 +41178,6 @@ class AuthenticationHook {
           res.end(this.getConfigPage());
           return;
         }
-        if (url.pathname === "/safari-warning") {
-          res.writeHead(200, { "Content-Type": "text/html" });
-          res.end(this.getSafariWarningPage());
-          return;
-        }
         if (url.pathname === "/browser-error") {
           res.writeHead(200, { "Content-Type": "text/html" });
           res.end(this.getBrowserErrorPage());
@@ -41255,7 +41199,6 @@ class AuthenticationHook {
                 accessTokenUrl: this.authConfig.accessUrl,
                 clientId: this.authConfig.clientId,
                 redirectUrl: this.authConfig.redirectUri,
-                clientSecret: this.authConfig.clientSecret,
                 scopePrefix: this.authConfig.scopePrefix
               }
             }));
@@ -41346,7 +41289,6 @@ class AuthenticationHook {
                 accessUrl: config.accessTokenUrl,
                 clientId: config.clientId,
                 redirectUri: config.redirectUrl,
-                clientSecret: config.clientSecret || undefined,
                 scopePrefix: config.scopePrefix || undefined
               };
               try {
@@ -41436,9 +41378,16 @@ class AuthenticationHook {
                 console.error("\uD83C\uDF89 Authentication complete! Stopping config server...");
                 this.stopConfigServer();
               } catch (authError) {
-                const isOAuthError = authError instanceof Error && authError.message.includes("OAuth error:");
-                if (isOAuthError) {
-                  console.error("❌ OAuth authentication error:", authError.message);
+                const errorMessage = authError.message || String(authError);
+                const isScopeError = errorMessage.includes("invalid_scope") || errorMessage.toLowerCase().includes("scope");
+                const isRetryableError = errorMessage.includes("access_denied") || errorMessage.includes("invalid_grant") || errorMessage.toLowerCase().includes("password") || errorMessage.toLowerCase().includes("username") || errorMessage.toLowerCase().includes("credential");
+                if (isScopeError) {
+                  console.error("❌ OAuth scope error:", errorMessage);
+                  console.error("\uD83D\uDCA1 This is a configuration error. Please check your scope settings.");
+                  console.error("\uD83D\uDED1 Stopping server - please fix the configuration and try again.");
+                  this.stopConfigServer();
+                } else if (isRetryableError) {
+                  console.error("❌ OAuth authentication error:", errorMessage);
                   console.error("\uD83D\uDCA1 The configuration server will remain running. Please try again with correct credentials.");
                 } else {
                   console.error("❌ Token exchange error:", authError);
@@ -41674,11 +41623,27 @@ class AuthenticationHook {
             const errorDescMatch = currentUrl.match(/error_description=([^&]+)/);
             const error = errorMatch && errorMatch[1] ? decodeURIComponent(errorMatch[1]) : "unknown_error";
             const errorDesc = errorDescMatch && errorDescMatch[1] ? decodeURIComponent(errorDescMatch[1]) : "No description";
+            const isScopeError = error === "invalid_scope" || errorDesc.toLowerCase().includes("scope");
+            const isRetryableError = error === "access_denied" || error === "invalid_grant" || errorDesc.toLowerCase().includes("password") || errorDesc.toLowerCase().includes("username") || errorDesc.toLowerCase().includes("credential");
             if (!oAuthErrorLogged) {
               console.error("❌ OAuth authentication error:", `${error} - ${errorDesc}`);
-              console.error("\uD83D\uDCA1 The configuration server will remain running. Please try again with correct credentials.");
-              console.error("\uD83D\uDD0D Continuing to monitor browser for authorization code...");
-              oAuthErrorLogged = true;
+              if (isScopeError) {
+                console.error("\uD83D\uDCA1 This is a configuration error. Please check your scope settings and close this window.");
+                console.error("\uD83D\uDED1 Stopping monitoring - please fix the configuration and try again.");
+                oAuthErrorLogged = true;
+                this.stopConfigServer();
+                return;
+              } else if (isRetryableError) {
+                console.error("\uD83D\uDCA1 The configuration server will remain running. Please try again with correct credentials.");
+                console.error("\uD83D\uDD0D Continuing to monitor browser for authorization code...");
+                oAuthErrorLogged = true;
+              } else {
+                console.error("\uD83D\uDCA1 Please check the error message displayed in your browser and close the window.");
+                console.error("\uD83D\uDED1 Stopping monitoring.");
+                oAuthErrorLogged = true;
+                this.stopConfigServer();
+                return;
+              }
             }
           }
         } else {
@@ -41712,9 +41677,9 @@ class AuthenticationHook {
       await this.detectDefaultBrowser();
     }
     console.error(`\uD83C\uDF10 Browser: ${this.detectedBrowser}`);
-    const configUrl = this.detectedBrowser === "Safari" ? `http://${CONFIG_SERVER_HOST}:${CONFIG_SERVER_PORT}/safari-warning` : `http://${CONFIG_SERVER_HOST}:${CONFIG_SERVER_PORT}/config`;
+    const configUrl = this.detectedBrowser === "Safari" ? `http://${CONFIG_SERVER_HOST}:${CONFIG_SERVER_PORT}/browser-error?type=notsupported&browser=${encodeURIComponent(this.detectedBrowser)}` : `http://${CONFIG_SERVER_HOST}:${CONFIG_SERVER_PORT}/config`;
     if (this.detectedBrowser === "Safari") {
-      console.error("⚠️  Safari detected - showing browser installation guide...");
+      console.error("⚠️  Safari detected - Safari is not supported for authentication");
     } else {
       console.error("\uD83D\uDCCB Opening browser for configuration...");
     }
@@ -41775,6 +41740,21 @@ class AuthenticationHook {
               await execAsync(`open -a "Firefox" "${configUrl}"`);
             }
           }
+        } else if (this.detectedBrowser === "Opera") {
+          console.error(`   Opening Opera in private mode...`);
+          try {
+            const args = incognitoFlag ? `--args ${incognitoFlag} "${configUrl}"` : `"${configUrl}"`;
+            await execAsync(`open -n -a "Opera" ${args}`);
+          } catch (error) {
+            console.error(`   First attempt failed, trying with existing instance...`);
+            try {
+              const args = incognitoFlag ? `--args ${incognitoFlag} "${configUrl}"` : `"${configUrl}"`;
+              await execAsync(`open -a "Opera" ${args}`);
+            } catch (fallbackError) {
+              console.error(`   ⚠️  Could not open Opera in private mode automatically`);
+              await execAsync(`open -a "Opera" "${configUrl}"`);
+            }
+          }
         } else {
           const args = incognitoFlag ? `--args ${incognitoFlag} --app="${configUrl}" --window-size=${windowWidth},${windowHeight} --window-position=100,100` : `"${configUrl}"`;
           const command = `open -n -a "${this.detectedBrowser}" ${args}`;
@@ -46810,7 +46790,7 @@ The Search API is a hybrid search service that combines semantic understanding w
 function createMCPServer(deps) {
   const server = new McpServer({
     name: "EgainMcp",
-    version: "1.0.13"
+    version: "1.0.16"
   });
   const getClient = deps.getSDK || (() => new EgainMcpCore({
     security: deps.security,
@@ -48057,7 +48037,7 @@ var routes = ln({
 var app = _e(routes, {
   name: "mcp",
   versionInfo: {
-    currentVersion: "1.0.13"
+    currentVersion: "1.0.16"
   }
 });
 Yt(app, process3.argv.slice(2), buildContext(process3));
@@ -48065,5 +48045,5 @@ export {
   app
 };
 
-//# debugId=B092F14BDBBDEC7964756E2164756E21
+//# debugId=EBFE61A4F0D0DC0664756E2164756E21
 //# sourceMappingURL=mcp-server.js.map