@google/gemini-cli-core 0.3.0-preview.2 → 0.4.0-nightly.20250904.e133acd2

package/dist/src/mcp/token-storage/keychain-token-storage.js

@@ -0,0 +1,190 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import * as crypto from 'node:crypto';
+import { BaseTokenStorage } from './base-token-storage.js';
+const KEYCHAIN_TEST_PREFIX = '__keychain_test__';
+export class KeychainTokenStorage extends BaseTokenStorage {
+    keychainAvailable = null;
+    keytarModule = null;
+    keytarLoadAttempted = false;
+    async getKeytar() {
+        // If we've already tried loading (successfully or not), return the result
+        if (this.keytarLoadAttempted) {
+            return this.keytarModule;
+        }
+        this.keytarLoadAttempted = true;
+        try {
+            // Try to import keytar without any timeout - let the OS handle it
+            const moduleName = 'keytar';
+            const module = await import(moduleName);
+            this.keytarModule = module.default || module;
+        }
+        catch (error) {
+            console.error(error);
+        }
+        return this.keytarModule;
+    }
+    async getCredentials(serverName) {
+        if (!(await this.checkKeychainAvailability())) {
+            throw new Error('Keychain is not available');
+        }
+        const keytar = await this.getKeytar();
+        if (!keytar) {
+            throw new Error('Keytar module not available');
+        }
+        try {
+            const sanitizedName = this.sanitizeServerName(serverName);
+            const data = await keytar.getPassword(this.serviceName, sanitizedName);
+            if (!data) {
+                return null;
+            }
+            const credentials = JSON.parse(data);
+            if (this.isTokenExpired(credentials)) {
+                return null;
+            }
+            return credentials;
+        }
+        catch (error) {
+            if (error instanceof SyntaxError) {
+                throw new Error(`Failed to parse stored credentials for ${serverName}`);
+            }
+            throw error;
+        }
+    }
+    async setCredentials(credentials) {
+        if (!(await this.checkKeychainAvailability())) {
+            throw new Error('Keychain is not available');
+        }
+        const keytar = await this.getKeytar();
+        if (!keytar) {
+            throw new Error('Keytar module not available');
+        }
+        this.validateCredentials(credentials);
+        const sanitizedName = this.sanitizeServerName(credentials.serverName);
+        const updatedCredentials = {
+            ...credentials,
+            updatedAt: Date.now(),
+        };
+        const data = JSON.stringify(updatedCredentials);
+        await keytar.setPassword(this.serviceName, sanitizedName, data);
+    }
+    async deleteCredentials(serverName) {
+        if (!(await this.checkKeychainAvailability())) {
+            throw new Error('Keychain is not available');
+        }
+        const keytar = await this.getKeytar();
+        if (!keytar) {
+            throw new Error('Keytar module not available');
+        }
+        const sanitizedName = this.sanitizeServerName(serverName);
+        const deleted = await keytar.deletePassword(this.serviceName, sanitizedName);
+        if (!deleted) {
+            throw new Error(`No credentials found for ${serverName}`);
+        }
+    }
+    async listServers() {
+        if (!(await this.checkKeychainAvailability())) {
+            throw new Error('Keychain is not available');
+        }
+        const keytar = await this.getKeytar();
+        if (!keytar) {
+            throw new Error('Keytar module not available');
+        }
+        try {
+            const credentials = await keytar.findCredentials(this.serviceName);
+            return credentials
+                .filter((cred) => !cred.account.startsWith(KEYCHAIN_TEST_PREFIX))
+                .map((cred) => cred.account);
+        }
+        catch (error) {
+            console.error('Failed to list servers from keychain:', error);
+            return [];
+        }
+    }
+    async getAllCredentials() {
+        if (!(await this.checkKeychainAvailability())) {
+            throw new Error('Keychain is not available');
+        }
+        const keytar = await this.getKeytar();
+        if (!keytar) {
+            throw new Error('Keytar module not available');
+        }
+        const result = new Map();
+        try {
+            const credentials = (await keytar.findCredentials(this.serviceName)).filter((c) => !c.account.startsWith(KEYCHAIN_TEST_PREFIX));
+            for (const cred of credentials) {
+                try {
+                    const data = JSON.parse(cred.password);
+                    if (!this.isTokenExpired(data)) {
+                        result.set(cred.account, data);
+                    }
+                }
+                catch (error) {
+                    console.error(`Failed to parse credentials for ${cred.account}:`, error);
+                }
+            }
+        }
+        catch (error) {
+            console.error('Failed to get all credentials from keychain:', error);
+        }
+        return result;
+    }
+    async clearAll() {
+        if (!(await this.checkKeychainAvailability())) {
+            throw new Error('Keychain is not available');
+        }
+        const servers = this.keytarModule
+            ? await this.keytarModule
+                .findCredentials(this.serviceName)
+                .then((creds) => creds.map((c) => c.account))
+                .catch((error) => {
+                throw new Error(`Failed to list servers for clearing: ${error.message}`);
+            })
+            : [];
+        const errors = [];
+        for (const server of servers) {
+            try {
+                await this.deleteCredentials(server);
+            }
+            catch (error) {
+                errors.push(error);
+            }
+        }
+        if (errors.length > 0) {
+            throw new Error(`Failed to clear some credentials: ${errors.map((e) => e.message).join(', ')}`);
+        }
+    }
+    // Checks whether or not a set-get-delete cycle with the keychain works.
+    // Returns false if any operation fails.
+    async checkKeychainAvailability() {
+        if (this.keychainAvailable !== null) {
+            return this.keychainAvailable;
+        }
+        try {
+            const keytar = await this.getKeytar();
+            if (!keytar) {
+                this.keychainAvailable = false;
+                return false;
+            }
+            const testAccount = `${KEYCHAIN_TEST_PREFIX}${crypto.randomBytes(8).toString('hex')}`;
+            const testPassword = 'test';
+            await keytar.setPassword(this.serviceName, testAccount, testPassword);
+            const retrieved = await keytar.getPassword(this.serviceName, testAccount);
+            const deleted = await keytar.deletePassword(this.serviceName, testAccount);
+            const success = deleted && retrieved === testPassword;
+            this.keychainAvailable = success;
+            return success;
+        }
+        catch (_error) {
+            this.keychainAvailable = false;
+            return false;
+        }
+    }
+    async isAvailable() {
+        return this.checkKeychainAvailability();
+    }
+}
+//# sourceMappingURL=keychain-token-storage.js.map

package/dist/src/mcp/token-storage/keychain-token-storage.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"keychain-token-storage.js","sourceRoot":"","sources":["../../../../src/mcp/token-storage/keychain-token-storage.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,MAAM,MAAM,aAAa,CAAC;AACtC,OAAO,EAAE,gBAAgB,EAAE,MAAM,yBAAyB,CAAC;AAgB3D,MAAM,oBAAoB,GAAG,mBAAmB,CAAC;AAEjD,MAAM,OAAO,oBAAqB,SAAQ,gBAAgB;IAChD,iBAAiB,GAAmB,IAAI,CAAC;IACzC,YAAY,GAAkB,IAAI,CAAC;IACnC,mBAAmB,GAAG,KAAK,CAAC;IAEpC,KAAK,CAAC,SAAS;QACb,0EAA0E;QAC1E,IAAI,IAAI,CAAC,mBAAmB,EAAE,CAAC;YAC7B,OAAO,IAAI,CAAC,YAAY,CAAC;QAC3B,CAAC;QAED,IAAI,CAAC,mBAAmB,GAAG,IAAI,CAAC;QAEhC,IAAI,CAAC;YACH,kEAAkE;YAClE,MAAM,UAAU,GAAG,QAAQ,CAAC;YAC5B,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,UAAU,CAAC,CAAC;YACxC,IAAI,CAAC,YAAY,GAAG,MAAM,CAAC,OAAO,IAAI,MAAM,CAAC;QAC/C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QACvB,CAAC;QACD,OAAO,IAAI,CAAC,YAAY,CAAC;IAC3B,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,UAAkB;QACrC,IAAI,CAAC,CAAC,MAAM,IAAI,CAAC,yBAAyB,EAAE,CAAC,EAAE,CAAC;YAC9C,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;QAC/C,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;QACtC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;QACjD,CAAC;QAED,IAAI,CAAC;YACH,MAAM,aAAa,GAAG,IAAI,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;YAC1D,MAAM,IAAI,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,WAAW,EAAE,aAAa,CAAC,CAAC;YAEvE,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,OAAO,IAAI,CAAC;YACd,CAAC;YAED,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAqB,CAAC;YAEzD,IAAI,IAAI,CAAC,cAAc,CAAC,WAAW,CAAC,EAAE,CAAC;gBACrC,OAAO,IAAI,CAAC;YACd,CAAC;YAED,OAAO,WAAW,CAAC;QACrB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,WAAW,EAAE,CAAC;gBACjC,MAAM,IAAI,KAAK,CAAC,0CAA0C,UAAU,EAAE,CAAC,CAAC;YAC1E,CAAC;YACD,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,WAA6B;QAChD,IAAI,CAAC,CAAC,MAAM,IAAI,CAAC,yBAAyB,EAAE,CAAC,EAAE,CAAC;YAC9C,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;QAC/C,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;QACtC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;QACjD,CAAC;QAED,IAAI,CAAC,mBAAmB,CAAC,WAAW,CAAC,CAAC;QAEtC,MAAM,aAAa,GAAG,IAAI,CAAC,kBAAkB,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;QACtE,MAAM,kBAAkB,GAAqB;YAC3C,GAAG,WAAW;YACd,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;SACtB,CAAC;QAEF,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,kBAAkB,CAAC,CAAC;QAChD,MAAM,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,WAAW,EAAE,aAAa,EAAE,IAAI,CAAC,CAAC;IAClE,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,UAAkB;QACxC,IAAI,CAAC,CAAC,MAAM,IAAI,CAAC,yBAAyB,EAAE,CAAC,EAAE,CAAC;YAC9C,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;QAC/C,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;QACtC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;QACjD,CAAC;QAED,MAAM,aAAa,GAAG,IAAI,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;QAC1D,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,cAAc,CACzC,IAAI,CAAC,WAAW,EAChB,aAAa,CACd,CAAC;QAEF,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CAAC,4BAA4B,UAAU,EAAE,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC;IAED,KAAK,CAAC,WAAW;QACf,IAAI,CAAC,CAAC,MAAM,IAAI,CAAC,yBAAyB,EAAE,CAAC,EAAE,CAAC;YAC9C,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;QAC/C,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;QACtC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;QACjD,CAAC;QAED,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,MAAM,MAAM,CAAC,eAAe,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACnE,OAAO,WAAW;iBACf,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,oBAAoB,CAAC,CAAC;iBAChE,GAAG,CAAC,CAAC,IAAyB,EAAE,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACtD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,uCAAuC,EAAE,KAAK,CAAC,CAAC;YAC9D,OAAO,EAAE,CAAC;QACZ,CAAC;IACH,CAAC;IAED,KAAK,CAAC,iBAAiB;QACrB,IAAI,CAAC,CAAC,MAAM,IAAI,CAAC,yBAAyB,EAAE,CAAC,EAAE,CAAC;YAC9C,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;QAC/C,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;QACtC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;QACjD,CAAC;QAED,MAAM,MAAM,GAAG,IAAI,GAAG,EAA4B,CAAC;QACnD,IAAI,CAAC;YACH,MAAM,WAAW,GAAG,CAClB,MAAM,MAAM,CAAC,eAAe,CAAC,IAAI,CAAC,WAAW,CAAC,CAC/C,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,oBAAoB,CAAC,CAAC,CAAC;YAE7D,KAAK,MAAM,IAAI,IAAI,WAAW,EAAE,CAAC;gBAC/B,IAAI,CAAC;oBACH,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAqB,CAAC;oBAC3D,IAAI,CAAC,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,EAAE,CAAC;wBAC/B,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;oBACjC,CAAC;gBACH,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,OAAO,CAAC,KAAK,CACX,mCAAmC,IAAI,CAAC,OAAO,GAAG,EAClD,KAAK,CACN,CAAC;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,8CAA8C,EAAE,KAAK,CAAC,CAAC;QACvE,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAED,KAAK,CAAC,QAAQ;QACZ,IAAI,CAAC,CAAC,MAAM,IAAI,CAAC,yBAAyB,EAAE,CAAC,EAAE,CAAC;YAC9C,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,CAAC;QAC/C,CAAC;QAED,MAAM,OAAO,GAAG,IAAI,CAAC,YAAY;YAC/B,CAAC,CAAC,MAAM,IAAI,CAAC,YAAY;iBACpB,eAAe,CAAC,IAAI,CAAC,WAAW,CAAC;iBACjC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;iBAC5C,KAAK,CAAC,CAAC,KAAY,EAAE,EAAE;gBACtB,MAAM,IAAI,KAAK,CACb,wCAAwC,KAAK,CAAC,OAAO,EAAE,CACxD,CAAC;YACJ,CAAC,CAAC;YACN,CAAC,CAAC,EAAE,CAAC;QACP,MAAM,MAAM,GAAY,EAAE,CAAC;QAE3B,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;YAC7B,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;YACvC,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,MAAM,CAAC,IAAI,CAAC,KAAc,CAAC,CAAC;YAC9B,CAAC;QACH,CAAC;QAED,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACtB,MAAM,IAAI,KAAK,CACb,qCAAqC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAC/E,CAAC;QACJ,CAAC;IACH,CAAC;IAED,wEAAwE;IACxE,wCAAwC;IACxC,KAAK,CAAC,yBAAyB;QAC7B,IAAI,IAAI,CAAC,iBAAiB,KAAK,IAAI,EAAE,CAAC;YACpC,OAAO,IAAI,CAAC,iBAAiB,CAAC;QAChC,CAAC;QAED,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,SAAS,EAAE,CAAC;YACtC,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,IAAI,CAAC,iBAAiB,GAAG,KAAK,CAAC;gBAC/B,OAAO,KAAK,CAAC;YACf,CAAC;YAED,MAAM,WAAW,GAAG,GAAG,oBAAoB,GAAG,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;YACtF,MAAM,YAAY,GAAG,MAAM,CAAC;YAE5B,MAAM,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,EAAE,YAAY,CAAC,CAAC;YACtE,MAAM,SAAS,GAAG,MAAM,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC;YAC1E,MAAM,OAAO,GAAG,MAAM,MAAM,CAAC,cAAc,CACzC,IAAI,CAAC,WAAW,EAChB,WAAW,CACZ,CAAC;YAEF,MAAM,OAAO,GAAG,OAAO,IAAI,SAAS,KAAK,YAAY,CAAC;YACtD,IAAI,CAAC,iBAAiB,GAAG,OAAO,CAAC;YACjC,OAAO,OAAO,CAAC;QACjB,CAAC;QAAC,OAAO,MAAM,EAAE,CAAC;YAChB,IAAI,CAAC,iBAAiB,GAAG,KAAK,CAAC;YAC/B,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED,KAAK,CAAC,WAAW;QACf,OAAO,IAAI,CAAC,yBAAyB,EAAE,CAAC;IAC1C,CAAC;CACF"}

package/dist/src/mcp/token-storage/keychain-token-storage.test.d.ts

@@ -0,0 +1,6 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+export {};

package/dist/src/mcp/token-storage/keychain-token-storage.test.js

@@ -0,0 +1,254 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import { describe, it, expect, beforeEach, afterEach, vi } from 'vitest';
+// Hoist the mock to be available in the vi.mock factory
+const mockKeytar = vi.hoisted(() => ({
+    getPassword: vi.fn(),
+    setPassword: vi.fn(),
+    deletePassword: vi.fn(),
+    findCredentials: vi.fn(),
+}));
+const mockServiceName = 'service-name';
+const mockCryptoRandomBytesString = 'random-string';
+// Mock the dynamic import of 'keytar'
+vi.mock('keytar', () => ({
+    default: mockKeytar,
+}));
+vi.mock('node:crypto', () => ({
+    randomBytes: vi.fn(() => ({
+        toString: vi.fn(() => mockCryptoRandomBytesString),
+    })),
+}));
+describe('KeychainTokenStorage', () => {
+    let storage;
+    beforeEach(async () => {
+        vi.resetAllMocks();
+        // Reset the internal state of the keychain-token-storage module
+        vi.resetModules();
+        const { KeychainTokenStorage } = await import('./keychain-token-storage.js');
+        storage = new KeychainTokenStorage(mockServiceName);
+    });
+    afterEach(() => {
+        vi.restoreAllMocks();
+        vi.useRealTimers();
+    });
+    const validCredentials = {
+        serverName: 'test-server',
+        token: {
+            accessToken: 'access-token',
+            tokenType: 'Bearer',
+            expiresAt: Date.now() + 3600000,
+        },
+        updatedAt: Date.now(),
+    };
+    describe('checkKeychainAvailability', () => {
+        it('should return true if keytar is available and functional', async () => {
+            mockKeytar.setPassword.mockResolvedValue(undefined);
+            mockKeytar.getPassword.mockResolvedValue('test');
+            mockKeytar.deletePassword.mockResolvedValue(true);
+            const isAvailable = await storage.checkKeychainAvailability();
+            expect(isAvailable).toBe(true);
+            expect(mockKeytar.setPassword).toHaveBeenCalledWith(mockServiceName, `__keychain_test__${mockCryptoRandomBytesString}`, 'test');
+            expect(mockKeytar.getPassword).toHaveBeenCalledWith(mockServiceName, `__keychain_test__${mockCryptoRandomBytesString}`);
+            expect(mockKeytar.deletePassword).toHaveBeenCalledWith(mockServiceName, `__keychain_test__${mockCryptoRandomBytesString}`);
+        });
+        it('should return false if keytar fails to set password', async () => {
+            mockKeytar.setPassword.mockRejectedValue(new Error('write error'));
+            const isAvailable = await storage.checkKeychainAvailability();
+            expect(isAvailable).toBe(false);
+        });
+        it('should return false if retrieved password does not match', async () => {
+            mockKeytar.setPassword.mockResolvedValue(undefined);
+            mockKeytar.getPassword.mockResolvedValue('wrong-password');
+            mockKeytar.deletePassword.mockResolvedValue(true);
+            const isAvailable = await storage.checkKeychainAvailability();
+            expect(isAvailable).toBe(false);
+        });
+        it('should cache the availability result', async () => {
+            mockKeytar.setPassword.mockResolvedValue(undefined);
+            mockKeytar.getPassword.mockResolvedValue('test');
+            mockKeytar.deletePassword.mockResolvedValue(true);
+            await storage.checkKeychainAvailability();
+            await storage.checkKeychainAvailability();
+            expect(mockKeytar.setPassword).toHaveBeenCalledTimes(1);
+        });
+    });
+    describe('with keychain unavailable', () => {
+        beforeEach(async () => {
+            // Force keychain to be unavailable
+            mockKeytar.setPassword.mockRejectedValue(new Error('keychain error'));
+            await storage.checkKeychainAvailability();
+        });
+        it('getCredentials should throw', async () => {
+            await expect(storage.getCredentials('server')).rejects.toThrow('Keychain is not available');
+        });
+        it('setCredentials should throw', async () => {
+            await expect(storage.setCredentials(validCredentials)).rejects.toThrow('Keychain is not available');
+        });
+        it('deleteCredentials should throw', async () => {
+            await expect(storage.deleteCredentials('server')).rejects.toThrow('Keychain is not available');
+        });
+        it('listServers should throw', async () => {
+            await expect(storage.listServers()).rejects.toThrow('Keychain is not available');
+        });
+        it('getAllCredentials should throw', async () => {
+            await expect(storage.getAllCredentials()).rejects.toThrow('Keychain is not available');
+        });
+    });
+    describe('with keychain available', () => {
+        beforeEach(async () => {
+            mockKeytar.setPassword.mockResolvedValue(undefined);
+            mockKeytar.getPassword.mockResolvedValue('test');
+            mockKeytar.deletePassword.mockResolvedValue(true);
+            await storage.checkKeychainAvailability();
+            // Reset mocks after availability check
+            vi.resetAllMocks();
+        });
+        describe('getCredentials', () => {
+            it('should return null if no credentials are found', async () => {
+                mockKeytar.getPassword.mockResolvedValue(null);
+                const result = await storage.getCredentials('test-server');
+                expect(result).toBeNull();
+                expect(mockKeytar.getPassword).toHaveBeenCalledWith(mockServiceName, 'test-server');
+            });
+            it('should return credentials if found and not expired', async () => {
+                mockKeytar.getPassword.mockResolvedValue(JSON.stringify(validCredentials));
+                const result = await storage.getCredentials('test-server');
+                expect(result).toEqual(validCredentials);
+            });
+            it('should return null if credentials have expired', async () => {
+                const expiredCreds = {
+                    ...validCredentials,
+                    token: { ...validCredentials.token, expiresAt: Date.now() - 1000 },
+                };
+                mockKeytar.getPassword.mockResolvedValue(JSON.stringify(expiredCreds));
+                const result = await storage.getCredentials('test-server');
+                expect(result).toBeNull();
+            });
+            it('should throw if stored data is corrupted JSON', async () => {
+                mockKeytar.getPassword.mockResolvedValue('not-json');
+                await expect(storage.getCredentials('test-server')).rejects.toThrow('Failed to parse stored credentials for test-server');
+            });
+        });
+        describe('setCredentials', () => {
+            it('should save credentials to keychain', async () => {
+                vi.useFakeTimers();
+                mockKeytar.setPassword.mockResolvedValue(undefined);
+                await storage.setCredentials(validCredentials);
+                expect(mockKeytar.setPassword).toHaveBeenCalledWith(mockServiceName, 'test-server', JSON.stringify({ ...validCredentials, updatedAt: Date.now() }));
+            });
+            it('should throw if saving to keychain fails', async () => {
+                mockKeytar.setPassword.mockRejectedValue(new Error('keychain write error'));
+                await expect(storage.setCredentials(validCredentials)).rejects.toThrow('keychain write error');
+            });
+        });
+        describe('deleteCredentials', () => {
+            it('should delete credentials from keychain', async () => {
+                mockKeytar.deletePassword.mockResolvedValue(true);
+                await storage.deleteCredentials('test-server');
+                expect(mockKeytar.deletePassword).toHaveBeenCalledWith(mockServiceName, 'test-server');
+            });
+            it('should throw if no credentials were found to delete', async () => {
+                mockKeytar.deletePassword.mockResolvedValue(false);
+                await expect(storage.deleteCredentials('test-server')).rejects.toThrow('No credentials found for test-server');
+            });
+            it('should throw if deleting from keychain fails', async () => {
+                mockKeytar.deletePassword.mockRejectedValue(new Error('keychain delete error'));
+                await expect(storage.deleteCredentials('test-server')).rejects.toThrow('keychain delete error');
+            });
+        });
+        describe('listServers', () => {
+            it('should return a list of server names', async () => {
+                mockKeytar.findCredentials.mockResolvedValue([
+                    { account: 'server1', password: '' },
+                    { account: 'server2', password: '' },
+                ]);
+                const result = await storage.listServers();
+                expect(result).toEqual(['server1', 'server2']);
+            });
+            it('should not include internal test keys in the server list', async () => {
+                mockKeytar.findCredentials.mockResolvedValue([
+                    { account: 'server1', password: '' },
+                    {
+                        account: `__keychain_test__${mockCryptoRandomBytesString}`,
+                        password: '',
+                    },
+                    { account: 'server2', password: '' },
+                ]);
+                const result = await storage.listServers();
+                expect(result).toEqual(['server1', 'server2']);
+            });
+            it('should return an empty array on error', async () => {
+                mockKeytar.findCredentials.mockRejectedValue(new Error('find error'));
+                const result = await storage.listServers();
+                expect(result).toEqual([]);
+            });
+        });
+        describe('getAllCredentials', () => {
+            it('should return a map of all valid credentials', async () => {
+                const creds2 = {
+                    ...validCredentials,
+                    serverName: 'server2',
+                };
+                const expiredCreds = {
+                    ...validCredentials,
+                    serverName: 'expired-server',
+                    token: { ...validCredentials.token, expiresAt: Date.now() - 1000 },
+                };
+                const structurallyInvalidCreds = {
+                    serverName: 'invalid-server',
+                };
+                mockKeytar.findCredentials.mockResolvedValue([
+                    {
+                        account: 'test-server',
+                        password: JSON.stringify(validCredentials),
+                    },
+                    { account: 'server2', password: JSON.stringify(creds2) },
+                    {
+                        account: 'expired-server',
+                        password: JSON.stringify(expiredCreds),
+                    },
+                    { account: 'bad-server', password: 'not-json' },
+                    {
+                        account: 'invalid-server',
+                        password: JSON.stringify(structurallyInvalidCreds),
+                    },
+                ]);
+                const result = await storage.getAllCredentials();
+                expect(result.size).toBe(2);
+                expect(result.get('test-server')).toEqual(validCredentials);
+                expect(result.get('server2')).toEqual(creds2);
+                expect(result.has('expired-server')).toBe(false);
+                expect(result.has('bad-server')).toBe(false);
+                expect(result.has('invalid-server')).toBe(false);
+            });
+        });
+        describe('clearAll', () => {
+            it('should delete all credentials for the service', async () => {
+                mockKeytar.findCredentials.mockResolvedValue([
+                    { account: 'server1', password: '' },
+                    { account: 'server2', password: '' },
+                ]);
+                mockKeytar.deletePassword.mockResolvedValue(true);
+                await storage.clearAll();
+                expect(mockKeytar.deletePassword).toHaveBeenCalledTimes(2);
+                expect(mockKeytar.deletePassword).toHaveBeenCalledWith(mockServiceName, 'server1');
+                expect(mockKeytar.deletePassword).toHaveBeenCalledWith(mockServiceName, 'server2');
+            });
+            it('should throw an aggregated error if deletions fail', async () => {
+                mockKeytar.findCredentials.mockResolvedValue([
+                    { account: 'server1', password: '' },
+                    { account: 'server2', password: '' },
+                ]);
+                mockKeytar.deletePassword
+                    .mockResolvedValueOnce(true)
+                    .mockRejectedValueOnce(new Error('delete failed'));
+                await expect(storage.clearAll()).rejects.toThrow('Failed to clear some credentials: delete failed');
+            });
+        });
+    });
+});
+//# sourceMappingURL=keychain-token-storage.test.js.map

package/dist/src/mcp/token-storage/keychain-token-storage.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"keychain-token-storage.test.js","sourceRoot":"","sources":["../../../../src/mcp/token-storage/keychain-token-storage.test.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AAIzE,wDAAwD;AACxD,MAAM,UAAU,GAAG,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;IACnC,WAAW,EAAE,EAAE,CAAC,EAAE,EAAE;IACpB,WAAW,EAAE,EAAE,CAAC,EAAE,EAAE;IACpB,cAAc,EAAE,EAAE,CAAC,EAAE,EAAE;IACvB,eAAe,EAAE,EAAE,CAAC,EAAE,EAAE;CACzB,CAAC,CAAC,CAAC;AAEJ,MAAM,eAAe,GAAG,cAAc,CAAC;AACvC,MAAM,2BAA2B,GAAG,eAAe,CAAC;AAEpD,sCAAsC;AACtC,EAAE,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,EAAE,CAAC,CAAC;IACvB,OAAO,EAAE,UAAU;CACpB,CAAC,CAAC,CAAC;AAEJ,EAAE,CAAC,IAAI,CAAC,aAAa,EAAE,GAAG,EAAE,CAAC,CAAC;IAC5B,WAAW,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC;QACxB,QAAQ,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,2BAA2B,CAAC;KACnD,CAAC,CAAC;CACJ,CAAC,CAAC,CAAC;AAEJ,QAAQ,CAAC,sBAAsB,EAAE,GAAG,EAAE;IACpC,IAAI,OAA6B,CAAC;IAElC,UAAU,CAAC,KAAK,IAAI,EAAE;QACpB,EAAE,CAAC,aAAa,EAAE,CAAC;QACnB,gEAAgE;QAChE,EAAE,CAAC,YAAY,EAAE,CAAC;QAClB,MAAM,EAAE,oBAAoB,EAAE,GAAG,MAAM,MAAM,CAC3C,6BAA6B,CAC9B,CAAC;QACF,OAAO,GAAG,IAAI,oBAAoB,CAAC,eAAe,CAAC,CAAC;IACtD,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,GAAG,EAAE;QACb,EAAE,CAAC,eAAe,EAAE,CAAC;QACrB,EAAE,CAAC,aAAa,EAAE,CAAC;IACrB,CAAC,CAAC,CAAC;IAEH,MAAM,gBAAgB,GAAG;QACvB,UAAU,EAAE,aAAa;QACzB,KAAK,EAAE;YACL,WAAW,EAAE,cAAc;YAC3B,SAAS,EAAE,QAAQ;YACnB,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO;SAChC;QACD,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;KACF,CAAC;IAEtB,QAAQ,CAAC,2BAA2B,EAAE,GAAG,EAAE;QACzC,EAAE,CAAC,0DAA0D,EAAE,KAAK,IAAI,EAAE;YACxE,UAAU,CAAC,WAAW,CAAC,iBAAiB,CAAC,SAAS,CAAC,CAAC;YACpD,UAAU,CAAC,WAAW,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;YACjD,UAAU,CAAC,cAAc,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;YAElD,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,yBAAyB,EAAE,CAAC;YAC9D,MAAM,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC/B,MAAM,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC,oBAAoB,CACjD,eAAe,EACf,oBAAoB,2BAA2B,EAAE,EACjD,MAAM,CACP,CAAC;YACF,MAAM,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC,oBAAoB,CACjD,eAAe,EACf,oBAAoB,2BAA2B,EAAE,CAClD,CAAC;YACF,MAAM,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC,oBAAoB,CACpD,eAAe,EACf,oBAAoB,2BAA2B,EAAE,CAClD,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,qDAAqD,EAAE,KAAK,IAAI,EAAE;YACnE,UAAU,CAAC,WAAW,CAAC,iBAAiB,CAAC,IAAI,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC;YACnE,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,yBAAyB,EAAE,CAAC;YAC9D,MAAM,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAClC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,0DAA0D,EAAE,KAAK,IAAI,EAAE;YACxE,UAAU,CAAC,WAAW,CAAC,iBAAiB,CAAC,SAAS,CAAC,CAAC;YACpD,UAAU,CAAC,WAAW,CAAC,iBAAiB,CAAC,gBAAgB,CAAC,CAAC;YAC3D,UAAU,CAAC,cAAc,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;YAClD,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,yBAAyB,EAAE,CAAC;YAC9D,MAAM,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAClC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,sCAAsC,EAAE,KAAK,IAAI,EAAE;YACpD,UAAU,CAAC,WAAW,CAAC,iBAAiB,CAAC,SAAS,CAAC,CAAC;YACpD,UAAU,CAAC,WAAW,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;YACjD,UAAU,CAAC,cAAc,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;YAElD,MAAM,OAAO,CAAC,yBAAyB,EAAE,CAAC;YAC1C,MAAM,OAAO,CAAC,yBAAyB,EAAE,CAAC;YAE1C,MAAM,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;QAC1D,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,2BAA2B,EAAE,GAAG,EAAE;QACzC,UAAU,CAAC,KAAK,IAAI,EAAE;YACpB,mCAAmC;YACnC,UAAU,CAAC,WAAW,CAAC,iBAAiB,CAAC,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAC,CAAC;YACtE,MAAM,OAAO,CAAC,yBAAyB,EAAE,CAAC;QAC5C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,6BAA6B,EAAE,KAAK,IAAI,EAAE;YAC3C,MAAM,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAC5D,2BAA2B,CAC5B,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,6BAA6B,EAAE,KAAK,IAAI,EAAE;YAC3C,MAAM,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,gBAAgB,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CACpE,2BAA2B,CAC5B,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,gCAAgC,EAAE,KAAK,IAAI,EAAE;YAC9C,MAAM,MAAM,CAAC,OAAO,CAAC,iBAAiB,CAAC,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAC/D,2BAA2B,CAC5B,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,0BAA0B,EAAE,KAAK,IAAI,EAAE;YACxC,MAAM,MAAM,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,CAAC,OAAO,CAAC,OAAO,CACjD,2BAA2B,CAC5B,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,gCAAgC,EAAE,KAAK,IAAI,EAAE;YAC9C,MAAM,MAAM,CAAC,OAAO,CAAC,iBAAiB,EAAE,CAAC,CAAC,OAAO,CAAC,OAAO,CACvD,2BAA2B,CAC5B,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,yBAAyB,EAAE,GAAG,EAAE;QACvC,UAAU,CAAC,KAAK,IAAI,EAAE;YACpB,UAAU,CAAC,WAAW,CAAC,iBAAiB,CAAC,SAAS,CAAC,CAAC;YACpD,UAAU,CAAC,WAAW,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;YACjD,UAAU,CAAC,cAAc,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;YAClD,MAAM,OAAO,CAAC,yBAAyB,EAAE,CAAC;YAC1C,uCAAuC;YACvC,EAAE,CAAC,aAAa,EAAE,CAAC;QACrB,CAAC,CAAC,CAAC;QAEH,QAAQ,CAAC,gBAAgB,EAAE,GAAG,EAAE;YAC9B,EAAE,CAAC,gDAAgD,EAAE,KAAK,IAAI,EAAE;gBAC9D,UAAU,CAAC,WAAW,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;gBAC/C,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,cAAc,CAAC,aAAa,CAAC,CAAC;gBAC3D,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,CAAC;gBAC1B,MAAM,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC,oBAAoB,CACjD,eAAe,EACf,aAAa,CACd,CAAC;YACJ,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,oDAAoD,EAAE,KAAK,IAAI,EAAE;gBAClE,UAAU,CAAC,WAAW,CAAC,iBAAiB,CACtC,IAAI,CAAC,SAAS,CAAC,gBAAgB,CAAC,CACjC,CAAC;gBACF,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,cAAc,CAAC,aAAa,CAAC,CAAC;gBAC3D,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC;YAC3C,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,gDAAgD,EAAE,KAAK,IAAI,EAAE;gBAC9D,MAAM,YAAY,GAAG;oBACnB,GAAG,gBAAgB;oBACnB,KAAK,EAAE,EAAE,GAAG,gBAAgB,CAAC,KAAK,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,EAAE;iBACnE,CAAC;gBACF,UAAU,CAAC,WAAW,CAAC,iBAAiB,CAAC,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC,CAAC;gBACvE,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,cAAc,CAAC,aAAa,CAAC,CAAC;gBAC3D,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,CAAC;YAC5B,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,+CAA+C,EAAE,KAAK,IAAI,EAAE;gBAC7D,UAAU,CAAC,WAAW,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAAC;gBACrD,MAAM,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,aAAa,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CACjE,oDAAoD,CACrD,CAAC;YACJ,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,QAAQ,CAAC,gBAAgB,EAAE,GAAG,EAAE;YAC9B,EAAE,CAAC,qCAAqC,EAAE,KAAK,IAAI,EAAE;gBACnD,EAAE,CAAC,aAAa,EAAE,CAAC;gBACnB,UAAU,CAAC,WAAW,CAAC,iBAAiB,CAAC,SAAS,CAAC,CAAC;gBACpD,MAAM,OAAO,CAAC,cAAc,CAAC,gBAAgB,CAAC,CAAC;gBAC/C,MAAM,CAAC,UAAU,CAAC,WAAW,CAAC,CAAC,oBAAoB,CACjD,eAAe,EACf,aAAa,EACb,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,gBAAgB,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC,CAC/D,CAAC;YACJ,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,0CAA0C,EAAE,KAAK,IAAI,EAAE;gBACxD,UAAU,CAAC,WAAW,CAAC,iBAAiB,CACtC,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAClC,CAAC;gBACF,MAAM,MAAM,CAAC,OAAO,CAAC,cAAc,CAAC,gBAAgB,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CACpE,sBAAsB,CACvB,CAAC;YACJ,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,QAAQ,CAAC,mBAAmB,EAAE,GAAG,EAAE;YACjC,EAAE,CAAC,yCAAyC,EAAE,KAAK,IAAI,EAAE;gBACvD,UAAU,CAAC,cAAc,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;gBAClD,MAAM,OAAO,CAAC,iBAAiB,CAAC,aAAa,CAAC,CAAC;gBAC/C,MAAM,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC,oBAAoB,CACpD,eAAe,EACf,aAAa,CACd,CAAC;YACJ,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,qDAAqD,EAAE,KAAK,IAAI,EAAE;gBACnE,UAAU,CAAC,cAAc,CAAC,iBAAiB,CAAC,KAAK,CAAC,CAAC;gBACnD,MAAM,MAAM,CAAC,OAAO,CAAC,iBAAiB,CAAC,aAAa,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CACpE,sCAAsC,CACvC,CAAC;YACJ,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,8CAA8C,EAAE,KAAK,IAAI,EAAE;gBAC5D,UAAU,CAAC,cAAc,CAAC,iBAAiB,CACzC,IAAI,KAAK,CAAC,uBAAuB,CAAC,CACnC,CAAC;gBACF,MAAM,MAAM,CAAC,OAAO,CAAC,iBAAiB,CAAC,aAAa,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CACpE,uBAAuB,CACxB,CAAC;YACJ,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,QAAQ,CAAC,aAAa,EAAE,GAAG,EAAE;YAC3B,EAAE,CAAC,sCAAsC,EAAE,KAAK,IAAI,EAAE;gBACpD,UAAU,CAAC,eAAe,CAAC,iBAAiB,CAAC;oBAC3C,EAAE,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,EAAE,EAAE;oBACpC,EAAE,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,EAAE,EAAE;iBACrC,CAAC,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,WAAW,EAAE,CAAC;gBAC3C,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC,CAAC;YACjD,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,0DAA0D,EAAE,KAAK,IAAI,EAAE;gBACxE,UAAU,CAAC,eAAe,CAAC,iBAAiB,CAAC;oBAC3C,EAAE,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,EAAE,EAAE;oBACpC;wBACE,OAAO,EAAE,oBAAoB,2BAA2B,EAAE;wBAC1D,QAAQ,EAAE,EAAE;qBACb;oBACD,EAAE,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,EAAE,EAAE;iBACrC,CAAC,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,WAAW,EAAE,CAAC;gBAC3C,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC,CAAC;YACjD,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,uCAAuC,EAAE,KAAK,IAAI,EAAE;gBACrD,UAAU,CAAC,eAAe,CAAC,iBAAiB,CAAC,IAAI,KAAK,CAAC,YAAY,CAAC,CAAC,CAAC;gBACtE,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,WAAW,EAAE,CAAC;gBAC3C,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;YAC7B,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,QAAQ,CAAC,mBAAmB,EAAE,GAAG,EAAE;YACjC,EAAE,CAAC,8CAA8C,EAAE,KAAK,IAAI,EAAE;gBAC5D,MAAM,MAAM,GAAG;oBACb,GAAG,gBAAgB;oBACnB,UAAU,EAAE,SAAS;iBACtB,CAAC;gBACF,MAAM,YAAY,GAAG;oBACnB,GAAG,gBAAgB;oBACnB,UAAU,EAAE,gBAAgB;oBAC5B,KAAK,EAAE,EAAE,GAAG,gBAAgB,CAAC,KAAK,EAAE,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,EAAE;iBACnE,CAAC;gBACF,MAAM,wBAAwB,GAAG;oBAC/B,UAAU,EAAE,gBAAgB;iBAC7B,CAAC;gBAEF,UAAU,CAAC,eAAe,CAAC,iBAAiB,CAAC;oBAC3C;wBACE,OAAO,EAAE,aAAa;wBACtB,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,gBAAgB,CAAC;qBAC3C;oBACD,EAAE,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,EAAE;oBACxD;wBACE,OAAO,EAAE,gBAAgB;wBACzB,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,YAAY,CAAC;qBACvC;oBACD,EAAE,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAE,UAAU,EAAE;oBAC/C;wBACE,OAAO,EAAE,gBAAgB;wBACzB,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,wBAAwB,CAAC;qBACnD;iBACF,CAAC,CAAC;gBAEH,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,iBAAiB,EAAE,CAAC;gBACjD,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gBAC5B,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAC;gBAC5D,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;gBAC9C,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBACjD,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBAC7C,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;YACnD,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,QAAQ,CAAC,UAAU,EAAE,GAAG,EAAE;YACxB,EAAE,CAAC,+CAA+C,EAAE,KAAK,IAAI,EAAE;gBAC7D,UAAU,CAAC,eAAe,CAAC,iBAAiB,CAAC;oBAC3C,EAAE,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,EAAE,EAAE;oBACpC,EAAE,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,EAAE,EAAE;iBACrC,CAAC,CAAC;gBACH,UAAU,CAAC,cAAc,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;gBAElD,MAAM,OAAO,CAAC,QAAQ,EAAE,CAAC;gBAEzB,MAAM,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;gBAC3D,MAAM,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC,oBAAoB,CACpD,eAAe,EACf,SAAS,CACV,CAAC;gBACF,MAAM,CAAC,UAAU,CAAC,cAAc,CAAC,CAAC,oBAAoB,CACpD,eAAe,EACf,SAAS,CACV,CAAC;YACJ,CAAC,CAAC,CAAC;YAEH,EAAE,CAAC,oDAAoD,EAAE,KAAK,IAAI,EAAE;gBAClE,UAAU,CAAC,eAAe,CAAC,iBAAiB,CAAC;oBAC3C,EAAE,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,EAAE,EAAE;oBACpC,EAAE,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,EAAE,EAAE;iBACrC,CAAC,CAAC;gBACH,UAAU,CAAC,cAAc;qBACtB,qBAAqB,CAAC,IAAI,CAAC;qBAC3B,qBAAqB,CAAC,IAAI,KAAK,CAAC,eAAe,CAAC,CAAC,CAAC;gBAErD,MAAM,MAAM,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC,OAAO,CAAC,OAAO,CAC9C,iDAAiD,CAClD,CAAC;YACJ,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/src/mcp/token-storage/types.d.ts

@@ -32,3 +32,7 @@ export interface TokenStorage {
     getAllCredentials(): Promise<Map<string, OAuthCredentials>>;
     clearAll(): Promise<void>;
 }
+export declare enum TokenStorageType {
+    KEYCHAIN = "keychain",
+    ENCRYPTED_FILE = "encrypted_file"
+}

package/dist/src/mcp/token-storage/types.js

@@ -3,5 +3,9 @@
  * Copyright 2025 Google LLC
  * SPDX-License-Identifier: Apache-2.0
  */
-export {};
+export var TokenStorageType;
+(function (TokenStorageType) {
+    TokenStorageType["KEYCHAIN"] = "keychain";
+    TokenStorageType["ENCRYPTED_FILE"] = "encrypted_file";
+})(TokenStorageType || (TokenStorageType = {}));
 //# sourceMappingURL=types.js.map

package/dist/src/mcp/token-storage/types.js.map

@@ -1 +1 @@
-{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../../src/mcp/token-storage/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG"}
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../../../src/mcp/token-storage/types.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAkCH,MAAM,CAAN,IAAY,gBAGX;AAHD,WAAY,gBAAgB;IAC1B,yCAAqB,CAAA;IACrB,qDAAiC,CAAA;AACnC,CAAC,EAHW,gBAAgB,KAAhB,gBAAgB,QAG3B"}

package/dist/src/services/chatRecordingService.d.ts

@@ -6,7 +6,7 @@
 import { type Config } from '../config/config.js';
 import { type Status } from '../core/coreToolScheduler.js';
 import { type ThoughtSummary } from '../core/turn.js';
-import type { PartListUnion } from '@google/genai';
+import type { PartListUnion, GenerateContentResponseUsageMetadata } from '@google/genai';
 /**
  * Token usage summary for a message or conversation.
  */
@@ -24,7 +24,7 @@ export interface TokensSummary {
 export interface BaseMessageRecord {
     id: string;
     timestamp: string;
-    content: string;
+    content: PartListUnion;
 }
 /**
  * Record of a tool call execution within a conversation.
@@ -108,8 +108,7 @@ export declare class ChatRecordingService {
      */
     recordMessage(message: {
         type: ConversationRecordExtra['type'];
-        content: string;
-        append?: boolean;
+        content: PartListUnion;
     }): void;
     /**
      * Records a thought from the assistant's reasoning process.
@@ -118,16 +117,10 @@ export declare class ChatRecordingService {
     /**
      * Updates the tokens for the last message in the conversation (which should be by Gemini).
      */
-    recordMessageTokens(tokens: {
-        input: number;
-        output: number;
-        cached: number;
-        thoughts?: number;
-        tool?: number;
-        total: number;
-    }): void;
+    recordMessageTokens(respUsageMetadata: GenerateContentResponseUsageMetadata): void;
     /**
      * Adds tool calls to the last message in the conversation (which should be by Gemini).
+     * This method enriches tool calls with metadata from the ToolRegistry.
      */
     recordToolCalls(toolCalls: ToolCallRecord[]): void;
     /**

package/dist/src/services/chatRecordingService.js

@@ -97,15 +97,6 @@ export class ChatRecordingService {
             return;
         try {
             this.updateConversation((conversation) => {
-                if (message.append) {
-                    const lastMsg = this.getLastMessage(conversation);
-                    if (lastMsg && lastMsg.type === message.type) {
-                        lastMsg.content += message.content;
-                        return;
-                    }
-                }
-                // We're not appending, or we are appending but the last message's type is not the same as
-                // the specified type, so just create a new message.
                 const msg = this.newMessage(message.type, message.content);
                 if (msg.type === 'gemini') {
                     // If it's a new Gemini message then incorporate any queued thoughts.
@@ -142,19 +133,25 @@ export class ChatRecordingService {
             });
         }
         catch (error) {
-            if (this.config.getDebugMode()) {
-                console.error('Error saving thought:', error);
-                throw error;
-            }
+            console.error('Error saving thought:', error);
+            throw error;
         }
     }
     /**
      * Updates the tokens for the last message in the conversation (which should be by Gemini).
      */
-    recordMessageTokens(tokens) {
+    recordMessageTokens(respUsageMetadata) {
         if (!this.conversationFile)
             return;
         try {
+            const tokens = {
+                input: respUsageMetadata.promptTokenCount ?? 0,
+                output: respUsageMetadata.candidatesTokenCount ?? 0,
+                cached: respUsageMetadata.cachedContentTokenCount ?? 0,
+                thoughts: respUsageMetadata.thoughtsTokenCount ?? 0,
+                tool: respUsageMetadata.toolUsePromptTokenCount ?? 0,
+                total: respUsageMetadata.totalTokenCount ?? 0,
+            };
             this.updateConversation((conversation) => {
                 const lastMsg = this.getLastMessage(conversation);
                 // If the last message already has token info, it's because this new token info is for a
@@ -175,10 +172,22 @@ export class ChatRecordingService {
     }
     /**
      * Adds tool calls to the last message in the conversation (which should be by Gemini).
+     * This method enriches tool calls with metadata from the ToolRegistry.
      */
     recordToolCalls(toolCalls) {
         if (!this.conversationFile)
             return;
+        // Enrich tool calls with metadata from the ToolRegistry
+        const toolRegistry = this.config.getToolRegistry();
+        const enrichedToolCalls = toolCalls.map((toolCall) => {
+            const toolInstance = toolRegistry.getTool(toolCall.name);
+            return {
+                ...toolCall,
+                displayName: toolInstance?.displayName || toolCall.name,
+                description: toolInstance?.description || '',
+                renderOutputAsMarkdown: toolInstance?.isOutputMarkdown || false,
+            };
+        });
         try {
             this.updateConversation((conversation) => {
                 const lastMsg = this.getLastMessage(conversation);
@@ -199,7 +208,7 @@ export class ChatRecordingService {
                         // resulting message's type, and so it thinks that toolCalls may
                         // not be present.  Confirming the type here satisfies it.
                         type: 'gemini',
-                        toolCalls,
+                        toolCalls: enrichedToolCalls,
                         thoughts: this.queuedThoughts,
                         model: this.config.getModel(),
                     };
@@ -234,7 +243,7 @@ export class ChatRecordingService {
                         }
                     });
                     // Add any new tools calls that aren't in the message yet.
-                    for (const toolCall of toolCalls) {
+                    for (const toolCall of enrichedToolCalls) {
                         const existingToolCall = lastMsg.toolCalls.find((tc) => tc.id === toolCall.id);
                         if (!existingToolCall) {
                             lastMsg.toolCalls.push(toolCall);