@girardmedia/bootspring 2.1.3 → 2.2.1

package/dist/mcp-server.js

@@ -0,0 +1,2298 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __esm = (fn, res) => function __init() {
+  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
+};
+var __commonJS = (cb, mod) => function __require() {
+  return mod || (0, cb[__getOwnPropNames(cb)[0]])((mod = { exports: {} }).exports, mod), mod.exports;
+};
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// node_modules/tsup/assets/cjs_shims.js
+var init_cjs_shims = __esm({
+  "node_modules/tsup/assets/cjs_shims.js"() {
+    "use strict";
+  }
+});
+
+// package.json
+var require_package = __commonJS({
+  "package.json"(exports2, module2) {
+    module2.exports = {
+      name: "@girardmedia/bootspring",
+      version: "2.2.1",
+      description: "Thin client for Bootspring cloud MCP, hosted agents, and paywalled workflow intelligence",
+      keywords: [
+        "ai",
+        "development",
+        "scaffolding",
+        "mcp",
+        "claude",
+        "agents",
+        "context",
+        "workflow",
+        "devtools"
+      ],
+      author: "Bootspring",
+      license: "SEE LICENSE IN LICENSE",
+      repository: {
+        type: "git",
+        url: "https://github.com/bootspring/bootspring.git"
+      },
+      homepage: "https://bootspring.com",
+      bugs: {
+        url: "https://github.com/bootspring/bootspring/issues"
+      },
+      bin: {
+        bootspring: "./bin/bootspring.js"
+      },
+      main: "./dist/core.js",
+      types: "./dist/core/index.d.ts",
+      exports: {
+        ".": {
+          types: "./dist/core/index.d.ts",
+          default: "./dist/core.js"
+        },
+        "./mcp": {
+          types: "./dist/mcp/index.d.ts",
+          default: "./dist/mcp-server.js"
+        }
+      },
+      files: [
+        "bin/bootspring.js",
+        "dist/index.js",
+        "dist/core.js",
+        "dist/mcp-server.js",
+        "dist/core/index.d.ts",
+        "dist/mcp/index.d.ts",
+        "generators/",
+        "claude-commands/",
+        "scripts/postinstall.js"
+      ],
+      scripts: {
+        postinstall: "node scripts/postinstall.js",
+        start: "node bin/bootspring.js",
+        dashboard: "node bin/bootspring.js dashboard",
+        mcp: "node dist/mcp-server.js",
+        pretest: "npm run build",
+        test: "vitest run",
+        "test:launch-smoke": "vitest run __tests__/unit/cli-first-run-smoke.test.js __tests__/unit/health-fresh-start.test.ts __tests__/unit/session-project-scope.test.ts __tests__/unit/auth-cli-mixed-states.test.ts __tests__/unit/api-client-project-auth-fallback.test.js __tests__/unit/cli-help-surface.test.js __tests__/unit/cli-command-manifest.test.js",
+        "test:seed-ingestion": "vitest run __tests__/unit/seed-ingestion-regression.test.js",
+        "test:watch": "vitest",
+        "test:coverage": "vitest run --coverage",
+        lint: "eslint .",
+        "lint:fix": "eslint . --fix",
+        typecheck: "tsc --noEmit",
+        "typecheck:active": "tsc --noEmit -p tsconfig.active.json",
+        build: "tsup",
+        "build:watch": "tsup --watch",
+        dev: "tsx watch src/index.ts",
+        "verify:lint-budget": "node scripts/check-lint-budgets.js",
+        "verify:release-gates": "node scripts/release-gate-check.js",
+        "verify:shared-contracts": "node scripts/verify-shared-contracts.js",
+        "verify:thin-client-contract": "node scripts/verify-thin-client-contract.js",
+        "build:mcp-contract": "node scripts/export-mcp-contract.js",
+        "verify:mcp-contract": "node scripts/export-mcp-contract.js --check",
+        "planning:sync": "node scripts/sync-planning-queue.js",
+        "planning:sync:check": "node scripts/sync-planning-queue.js --check",
+        "planning:realign": "node scripts/sync-planning-queue.js --sync-runtime",
+        "verify:package": "node scripts/check-package-boundaries.js",
+        "db:sync": "node shared/db/sync.js",
+        "db:sync:check": "node shared/db/sync.js --check",
+        prepublishOnly: "npm run build && npm test && npm run lint --if-present && npm run verify:package && npm run verify:mcp-contract"
+      },
+      devDependencies: {
+        "@eslint/js": "^9.39.2",
+        "@swc/core": "^1.15.13",
+        "@types/node": "^25.3.1",
+        "@typescript-eslint/eslint-plugin": "^8.57.0",
+        "@typescript-eslint/parser": "^8.57.0",
+        "@vitest/coverage-v8": "^4.0.18",
+        eslint: "^9.39.2",
+        globals: "^17.3.0",
+        tsup: "^8.5.1",
+        tsx: "^4.21.0",
+        typescript: "^5.9.3",
+        vitest: "^4.0.18"
+      },
+      dependencies: {
+        "@modelcontextprotocol/sdk": "^1.0.0",
+        jsonwebtoken: "^9.0.3",
+        ws: "^8.18.0",
+        yaml: "^2.8.0",
+        zod: "^4.3.6"
+      },
+      engines: {
+        node: ">=18.0.0"
+      },
+      overrides: {
+        table: {
+          ajv: "^8.12.0"
+        },
+        minimatch: "^10.2.1",
+        hono: "4.12.4",
+        "@hono/node-server": "1.19.10",
+        "express-rate-limit": "^8.2.2"
+      }
+    };
+  }
+});
+
+// src/core/auth.ts
+var auth_exports = {};
+__export(auth_exports, {
+  BOOTSPRING_DIR: () => BOOTSPRING_DIR,
+  CONFIG_FILE: () => CONFIG_FILE,
+  CREDENTIALS_FILE: () => CREDENTIALS_FILE,
+  DEVICE_FILE: () => DEVICE_FILE,
+  clearCredentials: () => clearCredentials,
+  clearDeviceInfo: () => clearDeviceInfo,
+  clearProjectApiKey: () => clearProjectApiKey,
+  clearProjectScopedSession: () => clearProjectScopedSession,
+  ensureDir: () => ensureDir,
+  generateDeviceFingerprint: () => generateDeviceFingerprint,
+  getApiKey: () => getApiKey,
+  getConfig: () => getConfig,
+  getCredentials: () => getCredentials,
+  getCredentialsPath: () => getCredentialsPath,
+  getDeviceContext: () => getDeviceContext,
+  getDeviceId: () => getDeviceId,
+  getDeviceInfo: () => getDeviceInfo,
+  getLegacyProjectApiKey: () => getLegacyProjectApiKey,
+  getProjectScopedToken: () => getProjectScopedToken,
+  getRefreshToken: () => getRefreshToken,
+  getStoredApiKey: () => getStoredApiKey,
+  getTier: () => getTier,
+  getToken: () => getToken,
+  getUser: () => getUser,
+  isApiKeyAuth: () => isApiKeyAuth,
+  isAuthenticated: () => isAuthenticated,
+  login: () => login,
+  loginWithApiKey: () => loginWithApiKey,
+  logout: () => logout,
+  saveApiKeyToProject: () => saveApiKeyToProject,
+  saveConfig: () => saveConfig,
+  saveCredentials: () => saveCredentials,
+  saveProjectScopedSession: () => saveProjectScopedSession,
+  updateTokens: () => updateTokens
+});
+function getEncryptionKey() {
+  const machineId = os.hostname() + os.userInfo().username;
+  return crypto.createHash("sha256").update(machineId).digest();
+}
+function ensureDir() {
+  if (!fs.existsSync(BOOTSPRING_DIR)) {
+    fs.mkdirSync(BOOTSPRING_DIR, { recursive: true, mode: 448 });
+  }
+}
+function encrypt(data) {
+  try {
+    const key = getEncryptionKey();
+    const iv = crypto.randomBytes(16);
+    const cipher = crypto.createCipheriv("aes-256-cbc", key, iv);
+    let encrypted = cipher.update(JSON.stringify(data), "utf8", "hex");
+    encrypted += cipher.final("hex");
+    return { iv: iv.toString("hex"), data: encrypted };
+  } catch {
+    return data;
+  }
+}
+function decrypt(encrypted) {
+  try {
+    if ("iv" in encrypted && "data" in encrypted && typeof encrypted.iv === "string") {
+      const key = getEncryptionKey();
+      const iv = Buffer.from(encrypted.iv, "hex");
+      const decipher = crypto.createDecipheriv("aes-256-cbc", key, iv);
+      let decrypted = decipher.update(encrypted.data, "hex", "utf8");
+      decrypted += decipher.final("utf8");
+      return JSON.parse(decrypted);
+    }
+    return encrypted;
+  } catch {
+    return encrypted;
+  }
+}
+function getCredentials() {
+  try {
+    if (fs.existsSync(CREDENTIALS_FILE)) {
+      const raw = JSON.parse(fs.readFileSync(CREDENTIALS_FILE, "utf-8"));
+      return decrypt(raw);
+    }
+  } catch {
+  }
+  return null;
+}
+function saveCredentials(credentials) {
+  ensureDir();
+  const encrypted = encrypt(credentials);
+  fs.writeFileSync(
+    CREDENTIALS_FILE,
+    JSON.stringify(encrypted, null, 2),
+    { mode: 384 }
+  );
+}
+function clearCredentials() {
+  try {
+    if (fs.existsSync(CREDENTIALS_FILE)) {
+      fs.unlinkSync(CREDENTIALS_FILE);
+    }
+  } catch {
+  }
+}
+function getToken() {
+  const creds = getCredentials();
+  if (!creds) return null;
+  if (creds.expiresAt && new Date(creds.expiresAt) < /* @__PURE__ */ new Date()) {
+    return null;
+  }
+  return creds.token || null;
+}
+function findNearestProjectConfigPath() {
+  let dir = process.cwd();
+  for (let i = 0; i < 10; i++) {
+    const configPath = path.join(dir, ".bootspring.json");
+    if (fs.existsSync(configPath)) {
+      return configPath;
+    }
+    const parent = path.dirname(dir);
+    if (parent === dir) break;
+    dir = parent;
+  }
+  return null;
+}
+function readNearestProjectConfig() {
+  try {
+    const configPath = findNearestProjectConfigPath();
+    if (!configPath) {
+      return null;
+    }
+    const config = JSON.parse(fs.readFileSync(configPath, "utf-8"));
+    return { path: configPath, config };
+  } catch {
+  }
+  return null;
+}
+function writeNearestProjectConfig(pathname, config) {
+  try {
+    fs.writeFileSync(pathname, JSON.stringify(config, null, 2));
+    return true;
+  } catch {
+    return false;
+  }
+}
+function getProjectScopedSessionState() {
+  const projectConfig = readNearestProjectConfig();
+  if (!projectConfig || !projectConfig.config.projectAuth) {
+    return null;
+  }
+  const projectAuth = projectConfig.config.projectAuth;
+  if (typeof projectAuth.token !== "string" || projectAuth.token.length === 0 || typeof projectAuth.expiresAt !== "string" || projectAuth.expiresAt.length === 0) {
+    return null;
+  }
+  return {
+    token: projectAuth.token,
+    expiresAt: projectAuth.expiresAt,
+    issuedAt: typeof projectAuth.issuedAt === "string" ? projectAuth.issuedAt : (/* @__PURE__ */ new Date()).toISOString(),
+    source: typeof projectAuth.source === "string" ? projectAuth.source : void 0,
+    migratedFromLegacyApiKey: Boolean(projectAuth.migratedFromLegacyApiKey)
+  };
+}
+function getLegacyProjectApiKey() {
+  const projectConfig = readNearestProjectConfig();
+  if (!projectConfig) {
+    return null;
+  }
+  const legacyApiKey = projectConfig.config.apiKey;
+  if (typeof legacyApiKey === "string" && legacyApiKey.length > 0) {
+    return legacyApiKey;
+  }
+  return null;
+}
+function getProjectScopedToken() {
+  const projectAuth = getProjectScopedSessionState();
+  if (!projectAuth) {
+    return null;
+  }
+  const expiresAt = new Date(projectAuth.expiresAt).getTime();
+  if (!Number.isFinite(expiresAt)) {
+    return null;
+  }
+  if (Date.now() >= expiresAt - 6e4) {
+    return null;
+  }
+  return projectAuth.token;
+}
+function getStoredApiKey() {
+  const creds = getCredentials();
+  return creds?.apiKey || null;
+}
+function getApiKey() {
+  const envApiKey = process.env.BOOTSPRING_API_KEY;
+  if (envApiKey) {
+    return envApiKey;
+  }
+  if (getToken()) {
+    return null;
+  }
+  const projectScopedToken = getProjectScopedToken();
+  if (projectScopedToken) {
+    return projectScopedToken;
+  }
+  const storedApiKey = getStoredApiKey();
+  if (storedApiKey) {
+    return storedApiKey;
+  }
+  const legacyApiKey = getLegacyProjectApiKey();
+  if (legacyApiKey) {
+    if (!legacyProjectApiKeyWarned) {
+      legacyProjectApiKeyWarned = true;
+      console.warn(
+        "[bootspring] Using legacy .bootspring.json apiKey fallback. Run `bootspring auth login --api-key <key>` to migrate to short-lived project tokens."
+      );
+    }
+    return legacyApiKey;
+  }
+  return null;
+}
+function isApiKeyAuth() {
+  if (process.env.BOOTSPRING_API_KEY) {
+    return true;
+  }
+  if (getToken()) {
+    return false;
+  }
+  return Boolean(
+    getProjectScopedToken() || getStoredApiKey() || getLegacyProjectApiKey()
+  );
+}
+function getRefreshToken() {
+  const creds = getCredentials();
+  return creds?.refreshToken || null;
+}
+function isAuthenticated() {
+  return !!getToken() || !!getApiKey();
+}
+function getUser() {
+  const creds = getCredentials();
+  return creds?.user || null;
+}
+function getTier() {
+  const envTier = process.env.BOOTSPRING_USER_TIER;
+  if (envTier) {
+    return envTier.toLowerCase();
+  }
+  const user = getUser();
+  return user?.tier || "free";
+}
+function parseExpiry(expiry) {
+  const match = expiry.match(/^(\d+)([mhd])$/);
+  if (!match || !match[1] || !match[2]) return 15 * 60 * 1e3;
+  const value = parseInt(match[1]);
+  const unit = match[2];
+  switch (unit) {
+    case "m":
+      return value * 60 * 1e3;
+    case "h":
+      return value * 60 * 60 * 1e3;
+    case "d":
+      return value * 24 * 60 * 60 * 1e3;
+    default:
+      return 15 * 60 * 1e3;
+  }
+}
+function login(response) {
+  const expiresIn = response.expiresIn ?? "15m";
+  const expiresMs = parseExpiry(expiresIn);
+  const expiresAt = new Date(Date.now() + expiresMs).toISOString();
+  const credentials = {
+    token: response.token,
+    expiresAt
+  };
+  if (response.refreshToken !== void 0) {
+    credentials.refreshToken = response.refreshToken;
+  }
+  if (response.user !== void 0) {
+    credentials.user = response.user;
+  }
+  saveCredentials(credentials);
+}
+function saveProjectScopedSession(token, options = {}) {
+  try {
+    const projectConfig = readNearestProjectConfig();
+    if (!projectConfig || !token) {
+      return false;
+    }
+    const resolvedExpiresAt = (() => {
+      if (options.expiresAt) {
+        return options.expiresAt;
+      }
+      if (typeof options.expiresIn === "number" && Number.isFinite(options.expiresIn)) {
+        return new Date(Date.now() + options.expiresIn * 1e3).toISOString();
+      }
+      if (typeof options.expiresIn === "string") {
+        return new Date(Date.now() + parseExpiry(options.expiresIn)).toISOString();
+      }
+      return new Date(Date.now() + 15 * 60 * 1e3).toISOString();
+    })();
+    const nextConfig = {
+      ...projectConfig.config,
+      projectAuth: {
+        token,
+        expiresAt: resolvedExpiresAt,
+        issuedAt: (/* @__PURE__ */ new Date()).toISOString(),
+        source: options.source || "api-key-exchange",
+        migratedFromLegacyApiKey: Boolean(options.migratedFromLegacyApiKey)
+      }
+    };
+    if (options.migratedFromLegacyApiKey && Object.prototype.hasOwnProperty.call(nextConfig, "apiKey")) {
+      delete nextConfig.apiKey;
+    }
+    return writeNearestProjectConfig(projectConfig.path, nextConfig);
+  } catch {
+  }
+  return false;
+}
+function clearProjectScopedSession() {
+  try {
+    const projectConfig = readNearestProjectConfig();
+    if (!projectConfig || !projectConfig.config.projectAuth) {
+      return false;
+    }
+    const nextConfig = { ...projectConfig.config };
+    delete nextConfig.projectAuth;
+    return writeNearestProjectConfig(projectConfig.path, nextConfig);
+  } catch {
+  }
+  return false;
+}
+function clearProjectApiKey() {
+  try {
+    const projectConfig = readNearestProjectConfig();
+    if (!projectConfig) {
+      return false;
+    }
+    const config = projectConfig.config;
+    if (!Object.prototype.hasOwnProperty.call(config, "apiKey")) {
+      return false;
+    }
+    delete config.apiKey;
+    return writeNearestProjectConfig(projectConfig.path, config);
+  } catch {
+  }
+  return false;
+}
+function saveApiKeyToProject(apiKey) {
+  try {
+    const projectConfig = readNearestProjectConfig();
+    if (!projectConfig) {
+      return false;
+    }
+    const config = { ...projectConfig.config, apiKey };
+    return writeNearestProjectConfig(projectConfig.path, config);
+  } catch {
+  }
+  return false;
+}
+function loginWithApiKey(apiKey, user) {
+  const credentials = { apiKey };
+  if (user !== void 0) {
+    credentials.user = user;
+  }
+  saveCredentials(credentials);
+  clearProjectApiKey();
+}
+function updateTokens(response) {
+  const creds = getCredentials() || {};
+  const expiresIn = response.expiresIn ?? "15m";
+  const expiresMs = parseExpiry(expiresIn);
+  const expiresAt = new Date(Date.now() + expiresMs).toISOString();
+  const credentials = {
+    ...creds,
+    token: response.token,
+    expiresAt
+  };
+  if (response.refreshToken !== void 0) {
+    credentials.refreshToken = response.refreshToken;
+  }
+  saveCredentials(credentials);
+}
+function logout() {
+  clearCredentials();
+  clearProjectScopedSession();
+  clearProjectApiKey();
+}
+function getConfig() {
+  try {
+    if (fs.existsSync(CONFIG_FILE)) {
+      return JSON.parse(fs.readFileSync(CONFIG_FILE, "utf-8"));
+    }
+  } catch {
+  }
+  return {};
+}
+function saveConfig(config) {
+  ensureDir();
+  fs.writeFileSync(CONFIG_FILE, JSON.stringify(config, null, 2));
+}
+function getCredentialsPath() {
+  return CREDENTIALS_FILE;
+}
+function generateDeviceFingerprint() {
+  const networkInterfaces2 = os.networkInterfaces();
+  const macAddresses = Object.values(networkInterfaces2).flat().filter(
+    (iface) => iface !== void 0 && !iface.internal && iface.mac !== "00:00:00:00:00:00"
+  ).map((iface) => iface.mac).sort().join(",");
+  const components = [
+    os.hostname(),
+    os.userInfo().username,
+    os.platform(),
+    os.arch(),
+    os.cpus()[0]?.model || "unknown-cpu",
+    os.homedir(),
+    macAddresses
+  ];
+  return crypto.createHash("sha256").update(components.join("|")).digest("hex");
+}
+function getDeviceInfo() {
+  ensureDir();
+  try {
+    if (fs.existsSync(DEVICE_FILE)) {
+      const stored = JSON.parse(fs.readFileSync(DEVICE_FILE, "utf-8"));
+      const currentFingerprint = generateDeviceFingerprint();
+      if (stored.fingerprint === currentFingerprint) {
+        return stored;
+      }
+    }
+  } catch {
+  }
+  const deviceInfo = {
+    deviceId: crypto.randomUUID(),
+    fingerprint: generateDeviceFingerprint(),
+    createdAt: (/* @__PURE__ */ new Date()).toISOString(),
+    platform: os.platform(),
+    arch: os.arch(),
+    hostname: os.hostname()
+  };
+  fs.writeFileSync(DEVICE_FILE, JSON.stringify(deviceInfo, null, 2), { mode: 384 });
+  return deviceInfo;
+}
+function getDeviceId() {
+  return getDeviceInfo().deviceId;
+}
+function getDeviceContext() {
+  const info = getDeviceInfo();
+  let cliVersion = "unknown";
+  try {
+    const pkg = require_package();
+    cliVersion = pkg.version;
+  } catch {
+  }
+  return {
+    deviceId: info.deviceId,
+    platform: info.platform,
+    arch: info.arch,
+    hostname: info.hostname,
+    cliVersion,
+    nodeVersion: process.version,
+    timezone: Intl.DateTimeFormat().resolvedOptions().timeZone
+  };
+}
+function clearDeviceInfo() {
+  try {
+    if (fs.existsSync(DEVICE_FILE)) {
+      fs.unlinkSync(DEVICE_FILE);
+    }
+  } catch {
+  }
+}
+var fs, path, os, crypto, BOOTSPRING_DIR, CREDENTIALS_FILE, CONFIG_FILE, DEVICE_FILE, legacyProjectApiKeyWarned;
+var init_auth = __esm({
+  "src/core/auth.ts"() {
+    "use strict";
+    init_cjs_shims();
+    fs = __toESM(require("fs"));
+    path = __toESM(require("path"));
+    os = __toESM(require("os"));
+    crypto = __toESM(require("crypto"));
+    BOOTSPRING_DIR = path.join(os.homedir(), ".bootspring");
+    CREDENTIALS_FILE = path.join(BOOTSPRING_DIR, "credentials.json");
+    CONFIG_FILE = path.join(BOOTSPRING_DIR, "config.json");
+    DEVICE_FILE = path.join(BOOTSPRING_DIR, "device.json");
+    legacyProjectApiKeyWarned = false;
+  }
+});
+
+// src/core/auth.js
+var init_auth2 = __esm({
+  "src/core/auth.js"() {
+    "use strict";
+    init_cjs_shims();
+    init_auth();
+  }
+});
+
+// src/core/session.ts
+function ensureDir2() {
+  if (!fs2.existsSync(BOOTSPRING_DIR2)) {
+    fs2.mkdirSync(BOOTSPRING_DIR2, { recursive: true, mode: 448 });
+  }
+}
+function getSession() {
+  try {
+    if (fs2.existsSync(SESSION_FILE)) {
+      return JSON.parse(fs2.readFileSync(SESSION_FILE, "utf-8"));
+    }
+  } catch {
+  }
+  return null;
+}
+function saveSession(session) {
+  ensureDir2();
+  const data = {
+    ...session,
+    updatedAt: (/* @__PURE__ */ new Date()).toISOString()
+  };
+  fs2.writeFileSync(SESSION_FILE, JSON.stringify(data, null, 2));
+}
+function hasScopeMarker(dir) {
+  for (const marker of PROJECT_SCOPE_MARKERS) {
+    if (fs2.existsSync(path2.join(dir, marker))) {
+      return true;
+    }
+  }
+  return false;
+}
+function normalizeDirPath(dir) {
+  const resolved = path2.resolve(dir);
+  try {
+    return fs2.realpathSync.native(resolved);
+  } catch {
+    try {
+      return fs2.realpathSync(resolved);
+    } catch {
+      return resolved;
+    }
+  }
+}
+function findNearestScopeRoot(startDir) {
+  let dir = normalizeDirPath(startDir);
+  for (let i = 0; i < 10; i++) {
+    if (hasScopeMarker(dir)) {
+      return dir;
+    }
+    const parent = path2.dirname(dir);
+    if (parent === dir) {
+      break;
+    }
+    dir = parent;
+  }
+  return null;
+}
+function resolveProjectScope(scopeDir) {
+  const resolvedDir = normalizeDirPath(scopeDir);
+  const scopeRoot = findNearestScopeRoot(resolvedDir);
+  if (scopeRoot) {
+    return { dir: scopeRoot, mode: "tree" };
+  }
+  return { dir: resolvedDir, mode: "exact" };
+}
+function getScopeMode(sessionData, resolvedScopeDir) {
+  if (sessionData.projectScopeMode === "exact" || sessionData.projectScopeMode === "tree") {
+    return sessionData.projectScopeMode;
+  }
+  return hasScopeMarker(resolvedScopeDir) ? "tree" : "exact";
+}
+function setCurrentProject(project, scopeDir) {
+  const session = getSession() || {};
+  if (project) {
+    const scope = resolveProjectScope(scopeDir || process.cwd());
+    session.project = project;
+    session.projectScopeDir = scope.dir;
+    session.projectScopeMode = scope.mode;
+  } else {
+    delete session.project;
+    delete session.projectScopeDir;
+    delete session.projectScopeMode;
+  }
+  saveSession(session);
+}
+function addRecentProject(project) {
+  const session = getSession() || {};
+  const recent = session.recentProjects || [];
+  const filtered = recent.filter((p) => p.id !== project.id);
+  filtered.unshift({
+    id: project.id,
+    name: project.name,
+    slug: project.slug,
+    lastUsed: (/* @__PURE__ */ new Date()).toISOString()
+  });
+  session.recentProjects = filtered.slice(0, 10);
+  saveSession(session);
+}
+function findLocalConfig(startDir) {
+  let dir = startDir || process.cwd();
+  for (let i = 0; i < 10; i++) {
+    const jsonConfigPath = path2.join(dir, LOCAL_CONFIG_NAME);
+    if (fs2.existsSync(jsonConfigPath)) {
+      try {
+        const config = JSON.parse(fs2.readFileSync(jsonConfigPath, "utf-8"));
+        return {
+          ...config,
+          _path: jsonConfigPath,
+          _dir: dir
+        };
+      } catch {
+      }
+    }
+    const jsConfigPath = path2.join(dir, "bootspring.config.js");
+    if (fs2.existsSync(jsConfigPath)) {
+      try {
+        delete require.cache[require.resolve(jsConfigPath)];
+        const config = require(jsConfigPath);
+        if (config.projectId) {
+          const project = config.project;
+          return {
+            projectId: config.projectId,
+            projectName: project?.name || config.name || "Unknown",
+            projectSlug: project?.slug,
+            _path: jsConfigPath,
+            _dir: dir,
+            _fromJsConfig: true
+          };
+        }
+      } catch {
+      }
+    }
+    const parent = path2.dirname(dir);
+    if (parent === dir) break;
+    dir = parent;
+  }
+  return null;
+}
+function getEffectiveProject(startDir) {
+  const local = findLocalConfig(startDir);
+  if (local?.projectId) {
+    return {
+      id: local.projectId,
+      name: local.projectName || "Unknown",
+      slug: local.projectSlug,
+      source: "local",
+      _localConfig: local
+    };
+  }
+  const sessionData = getSession();
+  const sessionProject = sessionData?.project || null;
+  if (!sessionProject) {
+    return null;
+  }
+  if (!sessionData?.projectScopeDir) {
+    return null;
+  }
+  const resolvedScopeDir = normalizeDirPath(sessionData.projectScopeDir);
+  const scopeMode = getScopeMode(sessionData, resolvedScopeDir);
+  const currentDir = normalizeDirPath(startDir || process.cwd());
+  const isInScope = (() => {
+    if (scopeMode === "exact") {
+      return currentDir === resolvedScopeDir;
+    }
+    const relativeToScope = path2.relative(resolvedScopeDir, currentDir);
+    return relativeToScope === "" || !relativeToScope.startsWith("..") && !path2.isAbsolute(relativeToScope);
+  })();
+  if (isInScope) {
+    return {
+      ...sessionProject,
+      source: "session"
+    };
+  }
+  return null;
+}
+var fs2, path2, os2, BOOTSPRING_DIR2, SESSION_FILE, LOCAL_CONFIG_NAME, PROJECT_SCOPE_MARKERS;
+var init_session = __esm({
+  "src/core/session.ts"() {
+    "use strict";
+    init_cjs_shims();
+    fs2 = __toESM(require("fs"));
+    path2 = __toESM(require("path"));
+    os2 = __toESM(require("os"));
+    BOOTSPRING_DIR2 = path2.join(os2.homedir(), ".bootspring");
+    SESSION_FILE = path2.join(BOOTSPRING_DIR2, "session.json");
+    LOCAL_CONFIG_NAME = ".bootspring.json";
+    PROJECT_SCOPE_MARKERS = [
+      LOCAL_CONFIG_NAME,
+      "bootspring.config.js",
+      ".git"
+    ];
+  }
+});
+
+// src/core/session.js
+var init_session2 = __esm({
+  "src/core/session.js"() {
+    "use strict";
+    init_cjs_shims();
+    init_session();
+  }
+});
+
+// src/core/redaction.ts
+function redactPatternMatches(value) {
+  return value.replace(/\b(?:bs|sk)_(?:live|test)_[A-Za-z0-9_-]{8,}\b/g, REDACTED).replace(/\beyJ[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\b/g, REDACTED).replace(/\bBearer\s+[A-Za-z0-9._-]+\b/gi, `Bearer ${REDACTED}`).replace(/\bproj_[A-Za-z0-9_-]{6,}\b/g, `proj_${REDACTED}`).replace(/(["']?(?:authorization|x-api-key|apiKey|token|refreshToken|projectId)["']?\s*[:=]\s*["']?)([^"',\s}]+)/gi, `$1${REDACTED}`);
+}
+function redactSensitiveString(value) {
+  return redactPatternMatches(String(value || ""));
+}
+function redactSensitiveData(input, depth = 0) {
+  if (depth > 10) {
+    return input;
+  }
+  if (typeof input === "string") {
+    return redactSensitiveString(input);
+  }
+  if (Array.isArray(input)) {
+    return input.map((item) => redactSensitiveData(item, depth + 1));
+  }
+  if (!input || typeof input !== "object") {
+    return input;
+  }
+  const output = {};
+  for (const [key, value] of Object.entries(input)) {
+    if (SENSITIVE_KEY_PATTERN.test(key)) {
+      output[key] = REDACTED;
+      continue;
+    }
+    output[key] = redactSensitiveData(value, depth + 1);
+  }
+  return output;
+}
+var REDACTED, SENSITIVE_KEY_PATTERN;
+var init_redaction = __esm({
+  "src/core/redaction.ts"() {
+    "use strict";
+    init_cjs_shims();
+    REDACTED = "[REDACTED]";
+    SENSITIVE_KEY_PATTERN = /(?:^|[_-])(api[_-]?key|token|refresh[_-]?token|authorization|x[_-]?api[_-]?key|project[_-]?id)$/i;
+  }
+});
+
+// src/core/redaction.js
+var init_redaction2 = __esm({
+  "src/core/redaction.js"() {
+    "use strict";
+    init_cjs_shims();
+    init_redaction();
+  }
+});
+
+// src/core/api-client.ts
+var api_client_exports = {};
+__export(api_client_exports, {
+  API_BASE: () => API_BASE,
+  API_VERSION: () => API_VERSION,
+  addProjectMember: () => addProjectMember,
+  analyzeContext: () => analyzeContext,
+  callMcpTool: () => callMcpTool,
+  clearCache: () => clearCache,
+  createCheckout: () => createCheckout,
+  directRequest: () => directRequest,
+  downloadPreseedZip: () => downloadPreseedZip,
+  enrichCodebasePreseed: () => enrichCodebasePreseed,
+  ensureProjectScopedToken: () => ensureProjectScopedToken,
+  exchangeProjectScopedToken: () => exchangeProjectScopedToken,
+  findSimilarProjects: () => findSimilarProjects,
+  getActiveMcpConnectorMap: () => getActiveMcpConnectorMap,
+  getAgent: () => getAgent,
+  getAgentCapabilities: () => getAgentCapabilities,
+  getAgentContext: () => getAgentContext,
+  getInvoices: () => getInvoices,
+  getLintBudgets: () => getLintBudgets,
+  getMcpResource: () => getMcpResource,
+  getOrganization: () => getOrganization,
+  getPortalUrl: () => getPortalUrl,
+  getPreseedDocument: () => getPreseedDocument,
+  getPreseedWizard: () => getPreseedWizard,
+  getProjectActivity: () => getProjectActivity,
+  getProjectMembers: () => getProjectMembers,
+  getSkill: () => getSkill,
+  getSkillContent: () => getSkillContent,
+  getSubscription: () => getSubscription,
+  getSuggestions: () => getSuggestions,
+  getTemplate: () => getTemplate,
+  getUsage: () => getUsage,
+  getWorkflow: () => getWorkflow,
+  healthCheck: () => healthCheck,
+  inviteProjectMember: () => inviteProjectMember,
+  invokeAgent: () => invokeAgent,
+  listAgents: () => listAgents,
+  listMcpConnectors: () => listMcpConnectors,
+  listMcpResources: () => listMcpResources,
+  listMcpTools: () => listMcpTools,
+  listPreseedDocuments: () => listPreseedDocuments,
+  listProjectInvitations: () => listProjectInvitations,
+  listProjects: () => listProjects,
+  listQualityGates: () => listQualityGates,
+  listSkills: () => listSkills,
+  listTemplates: () => listTemplates,
+  listWorkflows: () => listWorkflows,
+  login: () => login2,
+  loginWithApiKey: () => loginWithApiKey2,
+  logout: () => logout2,
+  me: () => me,
+  pollDeviceToken: () => pollDeviceToken,
+  refreshToken: () => refreshToken,
+  register: () => register,
+  removeProjectMember: () => removeProjectMember,
+  request: () => request,
+  requestDeviceCode: () => requestDeviceCode,
+  requireAuth: () => requireAuth,
+  resolveEntitlements: () => resolveEntitlements,
+  respondToProjectInvitation: () => respondToProjectInvitation,
+  runQualityGate: () => runQualityGate,
+  searchSkills: () => searchSkills,
+  setMcpConnectorEnabled: () => setMcpConnectorEnabled,
+  startWorkflow: () => startWorkflow,
+  trackUsage: () => trackUsage,
+  transferProjectOwnership: () => transferProjectOwnership,
+  updateProjectMember: () => updateProjectMember,
+  uploadTelemetryBatch: () => uploadTelemetryBatch,
+  validateApiKey: () => validateApiKey
+});
+function getPackageVersion() {
+  if (packageVersion === null) {
+    try {
+      const pkg = require_package();
+      packageVersion = pkg.version;
+    } catch {
+      packageVersion = "unknown";
+    }
+  }
+  return packageVersion;
+}
+function formatHttpErrorBody(body, statusCode) {
+  const raw = String(body || "").trim();
+  if (!raw) {
+    return `API Error (${statusCode || "unknown"})`;
+  }
+  if (/^\s*<!doctype html/i.test(raw) || /^\s*<html/i.test(raw)) {
+    const titleMatch = raw.match(/<title[^>]*>([^<]+)<\/title>/i);
+    const title = titleMatch && titleMatch[1] ? `: ${titleMatch[1].trim()}` : "";
+    return `Bootspring API returned an HTML error page (HTTP ${statusCode || "unknown"}${title})`;
+  }
+  return redactSensitiveString(raw);
+}
+function parseExpiresInSeconds(raw) {
+  if (typeof raw === "number" && Number.isFinite(raw) && raw > 0) {
+    return Math.round(raw);
+  }
+  if (typeof raw === "string") {
+    const trimmed = raw.trim().toLowerCase();
+    if (!trimmed) return 15 * 60;
+    if (/^\d+$/.test(trimmed)) {
+      return parseInt(trimmed, 10);
+    }
+    const durationMatch = trimmed.match(/^(\d+)\s*([smhd])$/);
+    if (durationMatch) {
+      const value = parseInt(durationMatch[1] || "0", 10);
+      const unit = durationMatch[2];
+      if (unit === "s") return value;
+      if (unit === "m") return value * 60;
+      if (unit === "h") return value * 60 * 60;
+      if (unit === "d") return value * 60 * 60 * 24;
+    }
+  }
+  return 15 * 60;
+}
+function parseProjectScopedTokenPayload(raw) {
+  const payload = raw && typeof raw === "object" && !Array.isArray(raw) ? raw : null;
+  if (!payload) {
+    return null;
+  }
+  const nestedData = payload.data;
+  const source = nestedData && typeof nestedData === "object" && !Array.isArray(nestedData) ? nestedData : payload;
+  const tokenCandidates = [
+    source.token,
+    source.sessionToken,
+    source.session_token,
+    source.accessToken,
+    source.access_token
+  ];
+  const token = tokenCandidates.find((value) => typeof value === "string" && value.length > 0);
+  if (!token) {
+    return null;
+  }
+  const explicitExpiresAt = [source.expiresAt, source.expires_at].find((value) => typeof value === "string" && value.length > 0);
+  const expiresInSeconds = parseExpiresInSeconds(
+    [source.expiresIn, source.expires_in, source.ttl, source.ttlSeconds].find((value) => value !== void 0)
+  );
+  const expiresAt = explicitExpiresAt || new Date(Date.now() + expiresInSeconds * 1e3).toISOString();
+  return {
+    token,
+    expiresAt,
+    expiresInSeconds
+  };
+}
+async function requestProjectScopedToken(path3, apiKey, projectId) {
+  const url = new URL(path3, API_BASE);
+  const isHttps = url.protocol === "https:";
+  const httpModule = isHttps ? https : http;
+  const deviceContext = getDeviceContext();
+  return new Promise((resolve2, reject) => {
+    const requestBody = JSON.stringify({
+      apiKey,
+      projectId,
+      scope: "project",
+      deviceFingerprint: deviceContext.deviceId,
+      deviceName: `CLI - ${deviceContext.hostname}`
+    });
+    const req = httpModule.request(url, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "User-Agent": `bootspring-cli/${getPackageVersion()}`,
+        "Content-Length": Buffer.byteLength(requestBody).toString()
+      },
+      timeout: 1e4
+    }, (res) => {
+      let body = "";
+      res.on("data", (chunk) => {
+        body += chunk;
+      });
+      res.on("end", () => {
+        let parsed = null;
+        try {
+          parsed = body ? JSON.parse(body) : {};
+        } catch {
+          parsed = {};
+        }
+        if (res.statusCode && res.statusCode >= 400) {
+          const payload = parsed && typeof parsed === "object" ? parsed : {};
+          const error = new Error(
+            redactSensitiveString(String(payload.message || payload.error || `Token exchange failed (${res.statusCode})`))
+          );
+          error.status = res.statusCode;
+          error.code = typeof payload.code === "string" ? payload.code : void 0;
+          error.details = redactSensitiveData(payload.details);
+          reject(error);
+          return;
+        }
+        const exchange = parseProjectScopedTokenPayload(parsed);
+        if (!exchange) {
+          const error = new Error("Token exchange response did not include a scoped token");
+          error.status = res.statusCode;
+          reject(error);
+          return;
+        }
+        resolve2(exchange);
+      });
+    });
+    req.on("error", reject);
+    req.on("timeout", () => {
+      req.destroy();
+      reject(new Error("Token exchange request timeout"));
+    });
+    req.write(requestBody);
+    req.end();
+  });
+}
+async function exchangeProjectScopedToken(apiKey, projectId = null) {
+  const paths = [
+    "/api/keys/scoped-token",
+    "/api/keys/exchange",
+    "/api/keys/session"
+  ];
+  let lastError = null;
+  for (const exchangePath of paths) {
+    try {
+      const exchange = await requestProjectScopedToken(exchangePath, apiKey, projectId);
+      return {
+        ...exchange,
+        sourcePath: exchangePath
+      };
+    } catch (error) {
+      lastError = error;
+      const apiError = error;
+      if (apiError.status && apiError.status >= 400 && apiError.status < 500 && apiError.status !== 404 && apiError.status !== 405) {
+        break;
+      }
+    }
+  }
+  throw lastError || new Error("Failed to exchange scoped token");
+}
+async function ensureProjectScopedToken() {
+  if (process.env.BOOTSPRING_API_KEY) {
+    return process.env.BOOTSPRING_API_KEY;
+  }
+  const scopedToken = getProjectScopedToken();
+  if (scopedToken) {
+    return scopedToken;
+  }
+  const project = getEffectiveProject();
+  const projectId = project?.id || null;
+  const storedApiKey = getStoredApiKey();
+  if (storedApiKey) {
+    try {
+      const exchanged = await exchangeProjectScopedToken(storedApiKey, projectId);
+      saveProjectScopedSession(exchanged.token, {
+        expiresAt: exchanged.expiresAt,
+        source: exchanged.sourcePath
+      });
+      return exchanged.token;
+    } catch {
+      return storedApiKey;
+    }
+  }
+  const legacyProjectApiKey = getLegacyProjectApiKey();
+  if (legacyProjectApiKey) {
+    try {
+      const exchanged = await exchangeProjectScopedToken(legacyProjectApiKey, projectId);
+      saveProjectScopedSession(exchanged.token, {
+        expiresAt: exchanged.expiresAt,
+        source: exchanged.sourcePath,
+        migratedFromLegacyApiKey: true
+      });
+      clearProjectApiKey();
+      return exchanged.token;
+    } catch {
+      return legacyProjectApiKey;
+    }
+  }
+  return null;
+}
+async function resolveAuthHeaders() {
+  const token = getToken();
+  if (token) {
+    return { Authorization: `Bearer ${token}` };
+  }
+  const scopedOrApiKey = await ensureProjectScopedToken();
+  if (scopedOrApiKey) {
+    return { "X-API-Key": scopedOrApiKey };
+  }
+  const fallbackApiKey = getApiKey();
+  if (fallbackApiKey) {
+    return { "X-API-Key": fallbackApiKey };
+  }
+  return {};
+}
+async function request(method, path3, data = null, options = {}) {
+  const authHeaders = await resolveAuthHeaders();
+  const url = new URL(`/api/${API_VERSION}${path3}`, API_BASE);
+  const isHttps = url.protocol === "https:";
+  const httpModule = isHttps ? https : http;
+  const deviceId = getDeviceId();
+  const project = getEffectiveProject();
+  const projectId = project?.id || null;
+  const headers = {
+    "Content-Type": "application/json",
+    "User-Agent": `bootspring-cli/${getPackageVersion()}`,
+    "X-Device-Id": deviceId,
+    ...projectId && { "X-Project-Id": projectId },
+    ...authHeaders,
+    ...options.headers
+  };
+  if (method === "GET" && !options.noCache) {
+    const cacheKey = `${method}:${path3}`;
+    const cached = cache.get(cacheKey);
+    if (cached && Date.now() - cached.time < CACHE_TTL) {
+      return cached.data;
+    }
+  }
+  return new Promise((resolve2, reject) => {
+    const req = httpModule.request(url, {
+      method,
+      headers,
+      timeout: options.timeout || 3e4
+    }, (res) => {
+      let body = "";
+      res.on("data", (chunk) => {
+        body += chunk;
+      });
+      res.on("end", () => {
+        try {
+          const json = JSON.parse(body);
+          if (res.statusCode && res.statusCode >= 400) {
+            const error = new Error(
+              redactSensitiveString(String(json.message || json.error || "API Error"))
+            );
+            error.status = res.statusCode;
+            error.code = json.error || json.code;
+            error.details = redactSensitiveData(json.details);
+            reject(error);
+          } else {
+            if (method === "GET" && !options.noCache) {
+              const cacheKey = `${method}:${path3}`;
+              cache.set(cacheKey, { data: json, time: Date.now() });
+            }
+            resolve2(json);
+          }
+        } catch {
+          if (res.statusCode && res.statusCode >= 400) {
+            const error = new Error(formatHttpErrorBody(body, res.statusCode));
+            error.status = res.statusCode;
+            reject(error);
+          } else {
+            resolve2(body);
+          }
+        }
+      });
+    });
+    req.on("error", (err) => {
+      if (err.code === "ECONNREFUSED") {
+        reject(new Error("Cannot connect to Bootspring API. Please check your internet connection."));
+      } else {
+        reject(new Error(redactSensitiveString(err.message || String(err))));
+      }
+    });
+    req.on("timeout", () => {
+      req.destroy();
+      reject(new Error("Request timeout"));
+    });
+    if (data) {
+      req.write(JSON.stringify(data));
+    }
+    req.end();
+  });
+}
+async function directRequest(method, path3, data = null, options = {}) {
+  const authHeaders = await resolveAuthHeaders();
+  const url = new URL(`/api${path3}`, API_BASE);
+  const isHttps = url.protocol === "https:";
+  const httpModule = isHttps ? https : http;
+  const deviceId = getDeviceId();
+  const project = getEffectiveProject();
+  const projectId = project?.id || null;
+  const headers = {
+    "Content-Type": "application/json",
+    "User-Agent": `bootspring-cli/${getPackageVersion()}`,
+    "X-Device-Id": deviceId,
+    ...projectId && { "X-Project-Id": projectId },
+    ...authHeaders,
+    ...options.headers
+  };
+  return new Promise((resolve2, reject) => {
+    const req = httpModule.request(url, {
+      method,
+      headers,
+      timeout: options.timeout || 3e4
+    }, (res) => {
+      let body = "";
+      res.on("data", (chunk) => {
+        body += chunk;
+      });
+      res.on("end", () => {
+        try {
+          const json = JSON.parse(body);
+          if (res.statusCode && res.statusCode >= 400) {
+            const error = new Error(
+              redactSensitiveString(String(json.message || json.error || "API Error"))
+            );
+            error.status = res.statusCode;
+            error.code = json.error || json.code;
+            error.details = redactSensitiveData(json.details);
+            reject(error);
+          } else {
+            resolve2(json);
+          }
+        } catch {
+          if (res.statusCode && res.statusCode >= 400) {
+            const error = new Error(formatHttpErrorBody(body, res.statusCode));
+            error.status = res.statusCode;
+            reject(error);
+          } else {
+            resolve2(body);
+          }
+        }
+      });
+    });
+    req.on("error", (err) => {
+      if (err.code === "ECONNREFUSED") {
+        reject(new Error("Cannot connect to Bootspring API. Please check your internet connection."));
+      } else {
+        reject(new Error(redactSensitiveString(err.message || String(err))));
+      }
+    });
+    req.on("timeout", () => {
+      req.destroy();
+      reject(new Error("Request timeout"));
+    });
+    if (data) {
+      req.write(JSON.stringify(data));
+    }
+    req.end();
+  });
+}
+function clearCache() {
+  cache.clear();
+}
+async function healthCheck() {
+  try {
+    const url = new URL("/health", API_BASE);
+    const isHttps = url.protocol === "https:";
+    const httpModule = isHttps ? https : http;
+    return new Promise((resolve2) => {
+      const req = httpModule.request(url, {
+        method: "GET",
+        timeout: 5e3
+      }, (res) => {
+        let body = "";
+        res.on("data", (chunk) => {
+          body += chunk;
+        });
+        res.on("end", () => {
+          try {
+            const json = JSON.parse(body);
+            resolve2({ connected: true, version: json.version });
+          } catch {
+            resolve2({ connected: false, error: "Invalid response" });
+          }
+        });
+      });
+      req.on("error", (err) => {
+        resolve2({ connected: false, error: redactSensitiveString(err.message) });
+      });
+      req.on("timeout", () => {
+        req.destroy();
+        resolve2({ connected: false, error: "Timeout" });
+      });
+      req.end();
+    });
+  } catch (error) {
+    const err = error;
+    return { connected: false, error: redactSensitiveString(err.message) };
+  }
+}
+function requireAuth() {
+  if (!isAuthenticated()) {
+    const error = new Error("Authentication required. Run: bootspring auth login");
+    error.code = "AUTH_REQUIRED";
+    throw error;
+  }
+}
+async function requestDeviceCode() {
+  const deviceContext = getDeviceContext();
+  const url = new URL("/api/v1/auth/device", API_BASE);
+  const isHttps = url.protocol === "https:";
+  const httpModule = isHttps ? https : http;
+  return new Promise((resolve2, reject) => {
+    const req = httpModule.request(url, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "User-Agent": `bootspring-cli/${getPackageVersion()}`
+      },
+      timeout: 1e4
+    }, (res) => {
+      let body = "";
+      res.on("data", (chunk) => {
+        body += chunk;
+      });
+      res.on("end", () => {
+        try {
+          const json = JSON.parse(body);
+          if (res.statusCode && res.statusCode >= 400) {
+            const error = new Error(
+              redactSensitiveString(String(json.message || json.error || "Failed to get device code"))
+            );
+            error.status = res.statusCode;
+            error.code = json.error;
+            reject(error);
+          } else {
+            resolve2(json);
+          }
+        } catch {
+          reject(new Error("Invalid response from API"));
+        }
+      });
+    });
+    req.on("error", reject);
+    req.on("timeout", () => {
+      req.destroy();
+      reject(new Error("Request timeout"));
+    });
+    req.write(JSON.stringify({ device: deviceContext }));
+    req.end();
+  });
+}
+async function pollDeviceToken(deviceCode) {
+  const url = new URL("/api/v1/auth/device/token", API_BASE);
+  const isHttps = url.protocol === "https:";
+  const httpModule = isHttps ? https : http;
+  return new Promise((resolve2, reject) => {
+    const req = httpModule.request(url, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "User-Agent": `bootspring-cli/${getPackageVersion()}`
+      },
+      timeout: 1e4
+    }, (res) => {
+      let body = "";
+      res.on("data", (chunk) => {
+        body += chunk;
+      });
+      res.on("end", () => {
+        try {
+          const json = JSON.parse(body);
+          if (res.statusCode && res.statusCode >= 400) {
+            const error = new Error(
+              redactSensitiveString(String(json.message || json.error || "Authorization pending"))
+            );
+            error.status = res.statusCode;
+            error.code = json.error;
+            error.details = redactSensitiveData(json);
+            reject(error);
+          } else {
+            resolve2(json);
+          }
+        } catch {
+          reject(new Error("Invalid response from API"));
+        }
+      });
+    });
+    req.on("error", reject);
+    req.on("timeout", () => {
+      req.destroy();
+      reject(new Error("Request timeout"));
+    });
+    req.write(JSON.stringify({ device_code: deviceCode }));
+    req.end();
+  });
+}
+async function login2(email, password) {
+  const deviceContext = getDeviceContext();
+  const response = await request("POST", "/auth/login", {
+    email,
+    password,
+    device: deviceContext
+  });
+  login(response);
+  return response;
+}
+async function loginWithApiKey2(apiKey, options = {}) {
+  const url = new URL("/api/keys/validate", API_BASE);
+  const isHttps = url.protocol === "https:";
+  const httpModule = isHttps ? https : http;
+  const deviceContext = getDeviceContext();
+  return new Promise((resolve2, reject) => {
+    const requestBody = JSON.stringify({
+      apiKey,
+      deviceFingerprint: deviceContext.deviceId,
+      deviceName: `CLI - ${deviceContext.hostname}`
+    });
+    const req = httpModule.request(url, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "User-Agent": `bootspring-cli/${getPackageVersion()}`,
+        "Content-Length": Buffer.byteLength(requestBody).toString()
+      },
+      timeout: 1e4
+    }, (res) => {
+      let body = "";
+      res.on("data", (chunk) => {
+        body += chunk;
+      });
+      res.on("end", async () => {
+        try {
+          const json = JSON.parse(body);
+          if (res.statusCode && res.statusCode >= 400 || !json.valid) {
+            const error = new Error(redactSensitiveString(json.error || "Invalid API key"));
+            error.status = res.statusCode;
+            error.code = json.error;
+            reject(error);
+          } else {
+            const projectId = options.projectId || json.project?.id || null;
+            const user = {
+              tier: json.tier,
+              scopes: json.scopes
+            };
+            loginWithApiKey(apiKey, user);
+            if (json.project) {
+              setCurrentProject(json.project);
+              addRecentProject(json.project);
+            }
+            if (projectId && saveApiKeyToProject) {
+              saveApiKeyToProject(apiKey);
+            }
+            try {
+              const exchanged = await exchangeProjectScopedToken(apiKey, projectId);
+              saveProjectScopedSession(exchanged.token, {
+                expiresAt: exchanged.expiresAt,
+                source: exchanged.sourcePath,
+                migratedFromLegacyApiKey: true
+              });
+            } catch {
+            }
+            resolve2({
+              ...json,
+              user
+            });
+          }
+        } catch {
+          reject(new Error("Invalid response from API"));
+        }
+      });
+    });
+    req.on("error", reject);
+    req.on("timeout", () => {
+      req.destroy();
+      reject(new Error("Request timeout"));
+    });
+    req.write(requestBody);
+    req.end();
+  });
+}
+async function register(email, password, name) {
+  const deviceContext = getDeviceContext();
+  const response = await request("POST", "/auth/register", {
+    email,
+    password,
+    name,
+    device: deviceContext
+  });
+  login(response);
+  return response;
+}
+async function me() {
+  requireAuth();
+  return request("GET", "/auth/me");
+}
+async function validateApiKey(apiKey) {
+  const url = new URL("/api/keys/validate", API_BASE);
+  const isHttps = url.protocol === "https:";
+  const httpModule = isHttps ? https : http;
+  const deviceContext = getDeviceContext();
+  return new Promise((resolve2, reject) => {
+    const requestBody = JSON.stringify({
+      apiKey,
+      deviceFingerprint: deviceContext.deviceId,
+      deviceName: `CLI - ${deviceContext.hostname}`
+    });
+    const req = httpModule.request(url, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "User-Agent": `bootspring-cli/${getPackageVersion()}`,
+        "Content-Length": Buffer.byteLength(requestBody).toString()
+      },
+      timeout: 1e4
+    }, (res) => {
+      let body = "";
+      res.on("data", (chunk) => {
+        body += chunk;
+      });
+      res.on("end", () => {
+        try {
+          const json = JSON.parse(body);
+          if (res.statusCode && res.statusCode >= 400 || !json.valid) {
+            const error = new Error(redactSensitiveString(json.error || "Invalid API key"));
+            error.status = res.statusCode;
+            reject(error);
+          } else {
+            resolve2(json);
+          }
+        } catch {
+          reject(new Error("Invalid response from API"));
+        }
+      });
+    });
+    req.on("error", reject);
+    req.on("timeout", () => {
+      req.destroy();
+      reject(new Error("Request timeout"));
+    });
+    req.write(requestBody);
+    req.end();
+  });
+}
+async function refreshToken() {
+  const refreshTokenValue = getRefreshToken();
+  if (!refreshTokenValue) {
+    throw new Error("No refresh token available");
+  }
+  const deviceContext = getDeviceContext();
+  const response = await request("POST", "/auth/refresh", {
+    refreshToken: refreshTokenValue,
+    device: deviceContext
+  });
+  updateTokens(response);
+  return response;
+}
+async function logout2() {
+  if (isAuthenticated()) {
+    try {
+      const refreshTokenValue = getRefreshToken();
+      await request("POST", "/auth/logout", { refreshToken: refreshTokenValue });
+    } catch {
+    }
+  }
+  logout();
+}
+async function listAgents() {
+  requireAuth();
+  return request("GET", "/agents");
+}
+async function getAgent(id) {
+  requireAuth();
+  return request("GET", `/agents/${encodeURIComponent(id)}`);
+}
+async function getAgentContext(id) {
+  requireAuth();
+  return request("GET", `/agents/${encodeURIComponent(id)}/context`);
+}
+async function invokeAgent(id, projectContext, task) {
+  requireAuth();
+  return request("POST", `/agents/${encodeURIComponent(id)}/invoke`, {
+    projectContext,
+    task
+  });
+}
+async function getAgentCapabilities(id) {
+  requireAuth();
+  return request("GET", `/agents/${encodeURIComponent(id)}/capabilities`);
+}
+async function listSkills(options = {}) {
+  requireAuth();
+  const params = new URLSearchParams();
+  if (options.category) params.append("category", options.category);
+  if (options.search) params.append("search", options.search);
+  const query = params.toString();
+  return request("GET", `/skills${query ? "?" + query : ""}`);
+}
+async function getSkillContent(skillId) {
+  requireAuth();
+  return request("GET", `/skills/${skillId}`);
+}
+async function getSkill(category, name) {
+  requireAuth();
+  return request("GET", `/skills/${encodeURIComponent(category)}/${encodeURIComponent(name)}`);
+}
+async function searchSkills(query, options = {}) {
+  requireAuth();
+  const params = new URLSearchParams();
+  params.append("search", query);
+  if (options.category) params.append("category", options.category);
+  return request("GET", `/skills?${params.toString()}`);
+}
+async function listTemplates(category) {
+  requireAuth();
+  return request("GET", `/templates/${encodeURIComponent(category)}`);
+}
+async function getTemplate(category, name) {
+  requireAuth();
+  return request("GET", `/templates/${encodeURIComponent(category)}/${encodeURIComponent(name)}`);
+}
+async function listWorkflows() {
+  requireAuth();
+  return request("GET", "/orchestrator/workflows");
+}
+async function getWorkflow(id) {
+  requireAuth();
+  return request("GET", `/orchestrator/workflows/${encodeURIComponent(id)}`);
+}
+async function analyzeContext(projectContext, currentTask, recentActions) {
+  requireAuth();
+  return request("POST", "/orchestrator/analyze", {
+    projectContext,
+    currentTask,
+    recentActions
+  });
+}
+async function startWorkflow(workflowId, projectContext, parameters) {
+  requireAuth();
+  return request("POST", "/orchestrator/start", {
+    workflow: workflowId,
+    projectContext,
+    parameters
+  });
+}
+async function getSuggestions(context, action) {
+  requireAuth();
+  return request("POST", "/orchestrator/suggest", { context, action });
+}
+async function listQualityGates() {
+  requireAuth();
+  return request("GET", "/quality/gates");
+}
+async function runQualityGate(gateId, projectContext, options) {
+  requireAuth();
+  return request("POST", "/quality/run", {
+    gate: gateId,
+    projectContext,
+    options
+  });
+}
+async function getLintBudgets() {
+  requireAuth();
+  return request("GET", "/quality/lint-budgets");
+}
+async function listMcpTools() {
+  requireAuth();
+  return request("GET", "/mcp/tools");
+}
+async function callMcpTool(tool, args) {
+  requireAuth();
+  return request("POST", "/mcp/tool", { tool, arguments: args });
+}
+async function listMcpResources() {
+  requireAuth();
+  return request("GET", "/mcp/resources");
+}
+async function getMcpResource(uri) {
+  requireAuth();
+  return request("GET", `/mcp/resources/${encodeURIComponent(uri)}`);
+}
+async function listMcpConnectors() {
+  requireAuth();
+  return request("GET", "/mcp/connectors", null, { noCache: true });
+}
+async function getActiveMcpConnectorMap() {
+  requireAuth();
+  return request("GET", "/mcp/connectors/active", null, { noCache: true });
+}
+async function setMcpConnectorEnabled(connectorId, enabled) {
+  requireAuth();
+  return request("PATCH", `/mcp/connectors/${encodeURIComponent(connectorId)}`, { enabled });
+}
+async function getSubscription() {
+  requireAuth();
+  return request("GET", "/billing/subscription");
+}
+async function createCheckout(plan) {
+  requireAuth();
+  return request("POST", "/billing/create-checkout", { plan });
+}
+async function getPortalUrl() {
+  requireAuth();
+  return request("POST", "/billing/portal");
+}
+async function getUsage() {
+  requireAuth();
+  return request("GET", "/billing/usage");
+}
+async function getInvoices() {
+  requireAuth();
+  return request("GET", "/billing/invoices");
+}
+async function resolveEntitlements() {
+  requireAuth();
+  return request("GET", "/entitlements/resolve", null, { noCache: false });
+}
+async function trackUsage(type, metadata = {}) {
+  requireAuth();
+  return request("POST", "/track", { type, metadata });
+}
+async function uploadTelemetryBatch(events, batchInfo = {}) {
+  requireAuth();
+  const batchId = batchInfo.id || crypto2.randomUUID();
+  return request("POST", "/events/batch", {
+    source: "bootspring",
+    batch: {
+      index: batchInfo.index || 0,
+      total: batchInfo.total || 1,
+      id: batchId
+    },
+    events
+  }, {
+    headers: {
+      "X-Bootspring-Batch-Id": batchId
+    }
+  });
+}
+async function listProjects() {
+  requireAuth();
+  const url = new URL("/api/auth/device/projects", API_BASE);
+  const isHttps = url.protocol === "https:";
+  const httpModule = isHttps ? https : http;
+  const authHeaders = await resolveAuthHeaders();
+  return new Promise((resolve2, reject) => {
+    const headers = {
+      "Content-Type": "application/json",
+      "User-Agent": `bootspring-cli/${getPackageVersion()}`,
+      ...authHeaders
+    };
+    const req = httpModule.request(url, {
+      method: "GET",
+      headers,
+      timeout: 1e4
+    }, (res) => {
+      let body = "";
+      res.on("data", (chunk) => {
+        body += chunk;
+      });
+      res.on("end", () => {
+        try {
+          const json = JSON.parse(body);
+          if (res.statusCode && res.statusCode >= 400) {
+            const error = new Error(
+              redactSensitiveString(String(json.message || json.error || "Failed to list projects"))
+            );
+            error.status = res.statusCode;
+            reject(error);
+          } else {
+            resolve2(json);
+          }
+        } catch {
+          reject(new Error("Invalid response from API"));
+        }
+      });
+    });
+    req.on("error", reject);
+    req.on("timeout", () => {
+      req.destroy();
+      reject(new Error("Request timeout"));
+    });
+    req.end();
+  });
+}
+async function getProjectMembers(projectId) {
+  requireAuth();
+  return directRequest("GET", `/projects/${encodeURIComponent(projectId)}/members`);
+}
+async function addProjectMember(projectId, email, role = "member") {
+  requireAuth();
+  return directRequest("POST", `/projects/${encodeURIComponent(projectId)}/members`, {
+    email,
+    role
+  });
+}
+async function updateProjectMember(projectId, userId, role) {
+  requireAuth();
+  return directRequest("PATCH", `/projects/${encodeURIComponent(projectId)}/members/${encodeURIComponent(userId)}`, {
+    role
+  });
+}
+async function removeProjectMember(projectId, userId) {
+  requireAuth();
+  await directRequest("DELETE", `/projects/${encodeURIComponent(projectId)}/members/${encodeURIComponent(userId)}`);
+}
+async function transferProjectOwnership(projectId, newOwnerId) {
+  requireAuth();
+  return directRequest("POST", `/projects/${encodeURIComponent(projectId)}/transfer`, {
+    newOwnerId
+  });
+}
+async function listProjectInvitations(projectId) {
+  requireAuth();
+  return directRequest(
+    "GET",
+    `/projects/${encodeURIComponent(projectId)}/invitations`
+  );
+}
+async function inviteProjectMember(projectId, email, role = "member") {
+  requireAuth();
+  return directRequest(
+    "POST",
+    `/projects/${encodeURIComponent(projectId)}/invitations`,
+    { email, role }
+  );
+}
+async function respondToProjectInvitation(invitationId, decision) {
+  requireAuth();
+  return directRequest(
+    "POST",
+    `/projects/invitations/${encodeURIComponent(invitationId)}/${decision}`
+  );
+}
+async function getProjectActivity(projectId, options = {}) {
+  requireAuth();
+  const limit = Number(options.limit);
+  const effectiveLimit = Number.isFinite(limit) && limit > 0 ? Math.min(limit, 200) : 50;
+  return directRequest(
+    "GET",
+    `/projects/${encodeURIComponent(projectId)}/activity?limit=${effectiveLimit}`
+  );
+}
+async function findSimilarProjects(name, repoUrl) {
+  requireAuth();
+  const params = new URLSearchParams();
+  if (name) params.set("name", name);
+  if (repoUrl) params.set("repo", repoUrl);
+  return directRequest("GET", `/projects/similar?${params.toString()}`);
+}
+async function listPreseedDocuments(projectId) {
+  requireAuth();
+  return directRequest("GET", `/projects/${encodeURIComponent(projectId)}/preseed/documents`);
+}
+async function getPreseedDocument(projectId, documentName) {
+  requireAuth();
+  return directRequest("GET", `/projects/${encodeURIComponent(projectId)}/preseed/documents?name=${encodeURIComponent(documentName)}`);
+}
+async function enrichCodebasePreseed(payload = {}, options = {}) {
+  requireAuth();
+  const contractVersion = typeof payload.contractVersion === "string" && payload.contractVersion.trim() ? payload.contractVersion.trim() : "preseed-enrichment.v1";
+  const body = {
+    ...payload,
+    contractVersion
+  };
+  const requestedPaths = Array.isArray(options.paths) ? options.paths.filter((candidate) => typeof candidate === "string" && candidate.trim().length > 0) : [];
+  const candidatePaths = [.../* @__PURE__ */ new Set([...requestedPaths, ...PRESEED_CODEBASE_ENRICHMENT_PATHS])];
+  const requestOptions = {
+    timeout: Number(options.timeout) > 0 ? Number(options.timeout) : 6e4,
+    noCache: true,
+    headers: {
+      ...options.headers || {},
+      "X-Bootspring-Contract": contractVersion
+    }
+  };
+  let lastError = null;
+  for (const endpoint of candidatePaths) {
+    try {
+      return await request("POST", endpoint, body, requestOptions);
+    } catch (error) {
+      lastError = error;
+      const status = Number(error.status);
+      if (status === 404 || status === 405 || status === 501) {
+        continue;
+      }
+      throw error;
+    }
+  }
+  const unavailable = new Error("Remote enrichment endpoint unavailable");
+  unavailable.code = "ENRICHMENT_ENDPOINT_UNAVAILABLE";
+  unavailable.details = { attemptedPaths: candidatePaths };
+  if (lastError && typeof lastError.status === "number") {
+    unavailable.status = lastError.status;
+  }
+  throw unavailable;
+}
+async function downloadPreseedZip(projectId) {
+  requireAuth();
+  const authHeaders = await resolveAuthHeaders();
+  const url = new URL(`/api/projects/${encodeURIComponent(projectId)}/preseed/documents?format=zip`, API_BASE);
+  const isHttps = url.protocol === "https:";
+  const httpModule = isHttps ? https : http;
+  return new Promise((resolve2, reject) => {
+    const headers = {
+      "User-Agent": `bootspring-cli/${getPackageVersion()}`,
+      ...authHeaders
+    };
+    const req = httpModule.request(url, {
+      method: "GET",
+      headers,
+      timeout: 6e4
+    }, (res) => {
+      if (res.statusCode && res.statusCode >= 400) {
+        let body = "";
+        res.on("data", (chunk) => {
+          body += chunk;
+        });
+        res.on("end", () => {
+          try {
+            const json = JSON.parse(body);
+            const error = new Error(
+              redactSensitiveString(String(json.message || json.error || "Failed to download preseed documents"))
+            );
+            error.status = res.statusCode;
+            reject(error);
+          } catch {
+            reject(new Error(redactSensitiveString(`HTTP ${res.statusCode}: ${body}`)));
+          }
+        });
+        return;
+      }
+      const chunks = [];
+      res.on("data", (chunk) => chunks.push(chunk));
+      res.on("end", () => {
+        resolve2(Buffer.concat(chunks));
+      });
+    });
+    req.on("error", reject);
+    req.on("timeout", () => {
+      req.destroy();
+      reject(new Error("Request timeout"));
+    });
+    req.end();
+  });
+}
+async function getPreseedWizard(projectId) {
+  requireAuth();
+  return directRequest("GET", `/projects/${encodeURIComponent(projectId)}/preseed/wizard`);
+}
+async function getOrganization(orgId, options = {}) {
+  requireAuth();
+  try {
+    return await request("GET", `/organizations/${encodeURIComponent(orgId)}`, null, options);
+  } catch {
+    return null;
+  }
+}
+var https, http, crypto2, API_BASE, API_VERSION, cache, CACHE_TTL, PRESEED_CODEBASE_ENRICHMENT_PATHS, packageVersion;
+var init_api_client = __esm({
+  "src/core/api-client.ts"() {
+    "use strict";
+    init_cjs_shims();
+    https = __toESM(require("https"));
+    http = __toESM(require("http"));
+    crypto2 = __toESM(require("crypto"));
+    init_auth2();
+    init_session2();
+    init_redaction2();
+    API_BASE = process.env["BOOTSPRING_API_URL"] || "https://api.bootspring.com";
+    API_VERSION = "v1";
+    cache = /* @__PURE__ */ new Map();
+    CACHE_TTL = 6e4;
+    PRESEED_CODEBASE_ENRICHMENT_PATHS = [
+      "/preseed/enrich/from-codebase",
+      "/preseed/from-codebase/enrich",
+      "/projects/preseed/enrich/from-codebase"
+    ];
+    packageVersion = null;
+  }
+});
+
+// src/mcp-proxy.ts
+init_cjs_shims();
+var { Server } = require("@modelcontextprotocol/sdk/server/index.js");
+var { StdioServerTransport } = require("@modelcontextprotocol/sdk/server/stdio.js");
+var {
+  CallToolRequestSchema,
+  ListResourcesRequestSchema,
+  ListToolsRequestSchema,
+  ReadResourceRequestSchema
+} = require("@modelcontextprotocol/sdk/types.js");
+var api = (init_api_client(), __toCommonJS(api_client_exports));
+var auth = (init_auth(), __toCommonJS(auth_exports));
+var VERSION = require_package().version;
+var FALLBACK_TOOLS = [
+  {
+    name: "bootspring_agent",
+    description: "Invoke a hosted Bootspring agent.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        agent: { type: "string" },
+        task: { type: "string" }
+      },
+      required: ["agent"]
+    }
+  },
+  {
+    name: "bootspring_skill",
+    description: "Fetch a hosted Bootspring skill.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        skill: { type: "string" }
+      },
+      required: ["skill"]
+    }
+  },
+  {
+    name: "bootspring_context",
+    description: "Get or analyze project context.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        action: { type: "string", enum: ["get", "generate", "analyze"] }
+      },
+      required: ["action"]
+    }
+  },
+  {
+    name: "bootspring_orchestrator",
+    description: "Use the hosted orchestrator.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        action: { type: "string", enum: ["analyze", "start", "suggest"] },
+        workflow: { type: "string" }
+      },
+      required: ["action"]
+    }
+  },
+  {
+    name: "bootspring_quality",
+    description: "Fetch a hosted quality gate.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        gate: { type: "string", enum: ["pre-commit", "pre-push", "pre-deploy"] }
+      },
+      required: ["gate"]
+    }
+  },
+  {
+    name: "bootspring_todo",
+    description: "Manage local todo items.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        action: { type: "string", enum: ["list", "add", "complete", "delete"] },
+        text: { type: "string" },
+        id: { type: "string" }
+      },
+      required: ["action"]
+    }
+  }
+];
+var FALLBACK_RESOURCES = [
+  {
+    uri: "bootspring://context",
+    name: "Project Context",
+    description: "Current project context and configuration",
+    mimeType: "application/json"
+  },
+  {
+    uri: "bootspring://agents",
+    name: "Available Agents",
+    description: "Hosted Bootspring agents for your account",
+    mimeType: "application/json"
+  },
+  {
+    uri: "bootspring://skills",
+    name: "Code Skills",
+    description: "Hosted Bootspring skills and patterns",
+    mimeType: "application/json"
+  },
+  {
+    uri: "bootspring://workflows",
+    name: "Workflows",
+    description: "Hosted Bootspring workflows",
+    mimeType: "application/json"
+  }
+];
+var TOOLS = FALLBACK_TOOLS;
+var RESOURCES = FALLBACK_RESOURCES;
+function formatTextContent(value) {
+  return typeof value === "string" ? value : JSON.stringify(value, null, 2);
+}
+function createAuthError(message) {
+  return {
+    content: [{ type: "text", text: message }],
+    isError: true
+  };
+}
+async function resolveTools() {
+  if (!auth.isAuthenticated()) {
+    return FALLBACK_TOOLS;
+  }
+  try {
+    const response = await api.listMcpTools();
+    return Array.isArray(response) ? response : response.tools || FALLBACK_TOOLS;
+  } catch {
+    return FALLBACK_TOOLS;
+  }
+}
+async function resolveResources() {
+  if (!auth.isAuthenticated()) {
+    return FALLBACK_RESOURCES;
+  }
+  try {
+    const response = await api.listMcpResources();
+    return Array.isArray(response) ? response : response.resources || FALLBACK_RESOURCES;
+  } catch {
+    return FALLBACK_RESOURCES;
+  }
+}
+async function proxyToolCall(name, args) {
+  if (!auth.isAuthenticated()) {
+    return createAuthError("Authentication required. Run `bootspring auth login` first.");
+  }
+  try {
+    const response = await api.callMcpTool(name, args || {});
+    return {
+      content: [{ type: "text", text: formatTextContent(response.result || response) }]
+    };
+  } catch (error) {
+    const message = error.status === 403 ? "This MCP capability requires a paid Bootspring plan." : error.message;
+    return {
+      content: [{ type: "text", text: `Error: ${message}` }],
+      isError: true
+    };
+  }
+}
+async function proxyResourceRead(uri) {
+  if (!auth.isAuthenticated()) {
+    return {
+      contents: [{
+        uri,
+        mimeType: "text/plain",
+        text: "Authentication required. Run `bootspring auth login` first."
+      }]
+    };
+  }
+  try {
+    const response = await api.getMcpResource(uri);
+    return {
+      contents: [{
+        uri: response.uri || uri,
+        mimeType: response.mimeType || "application/json",
+        text: formatTextContent(response.content || response)
+      }]
+    };
+  } catch (error) {
+    return {
+      contents: [{
+        uri,
+        mimeType: "text/plain",
+        text: `Error: ${error.message}`
+      }]
+    };
+  }
+}
+var toolHandlers = Object.fromEntries(
+  TOOLS.map((tool) => [tool.name, async (args = {}) => proxyToolCall(tool.name, args)])
+);
+var resourceHandlers = Object.fromEntries(
+  RESOURCES.map((resource) => [resource.uri, async () => proxyResourceRead(resource.uri)])
+);
+async function main() {
+  const server = new Server(
+    { name: "bootspring", version: VERSION },
+    { capabilities: { tools: {}, resources: {} } }
+  );
+  server.setRequestHandler(ListToolsRequestSchema, async () => ({
+    tools: await resolveTools()
+  }));
+  server.setRequestHandler(CallToolRequestSchema, async (request2) => {
+    const { name, arguments: args } = request2.params;
+    return proxyToolCall(name, args);
+  });
+  server.setRequestHandler(ListResourcesRequestSchema, async () => ({
+    resources: await resolveResources()
+  }));
+  server.setRequestHandler(ReadResourceRequestSchema, async (request2) => proxyResourceRead(request2.params.uri));
+  const transport = new StdioServerTransport();
+  await server.connect(transport);
+  console.error(`Bootspring MCP proxy v${VERSION} started`);
+}
+if (require.main === module) {
+  main().catch((error) => {
+    console.error("Failed to start MCP proxy:", error.message);
+    process.exit(1);
+  });
+}
+module.exports = {
+  TOOLS,
+  RESOURCES,
+  toolHandlers,
+  resourceHandlers,
+  FALLBACK_TOOLS,
+  FALLBACK_RESOURCES,
+  main
+};
+//# sourceMappingURL=mcp-server.js.map