npm - @kadoa/mcp - Versions diffs - 0.5.3-rc.1 → 0.5.3 - Mend

@kadoa/mcp 0.5.3-rc.1 → 0.5.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.js CHANGED Viewed

@@ -28938,8 +28938,17 @@ var toString, getPrototypeOf, iterator, toStringTag, kindOf, kindOfTest = (type)
 }, isDate, isFile, isReactNativeBlob = (value) => {
   return !!(value && typeof value.uri !== "undefined");
 }, isReactNative = (formData) => formData && typeof formData.getParts !== "undefined", isBlob, isFileList, isStream = (val) => isObject2(val) && isFunction(val.pipe), G, FormDataCtor, isFormData = (thing) => {
-  let kind;
-  return thing && (FormDataCtor && thing instanceof FormDataCtor || isFunction(thing.append) && ((kind = kindOf(thing)) === "formdata" || kind === "object" && isFunction(thing.toString) && thing.toString() === "[object FormData]"));
+  if (!thing)
+    return false;
+  if (FormDataCtor && thing instanceof FormDataCtor)
+    return true;
+  const proto = getPrototypeOf(thing);
+  if (!proto || proto === Object.prototype)
+    return false;
+  if (!isFunction(thing.append))
+    return false;
+  const kind = kindOf(thing);
+  return kind === "formdata" || kind === "object" && isFunction(thing.toString) && thing.toString() === "[object FormData]";
 }, isURLSearchParams, isReadableStream, isRequest, isResponse, isHeaders, trim = (str) => {
   return str.trim ? str.trim() : str.replace(/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g, "");
 }, _global, isContextDefined = (context) => !isUndefined(context) && context !== _global, extend2 = (a, b, thisArg, { allOwnKeys } = {}) => {
@@ -29286,6 +29295,7 @@ var init_AxiosError = __esm(() => {
   AxiosError.ERR_CANCELED = "ERR_CANCELED";
   AxiosError.ERR_NOT_SUPPORT = "ERR_NOT_SUPPORT";
   AxiosError.ERR_INVALID_URL = "ERR_INVALID_URL";
+  AxiosError.ERR_FORM_DATA_DEPTH_EXCEEDED = "ERR_FORM_DATA_DEPTH_EXCEEDED";
   AxiosError_default = AxiosError;
 });
@@ -39437,6 +39447,7 @@ function toFormData(obj, formData, options) {
   const dots = options.dots;
   const indexes = options.indexes;
   const _Blob = options.Blob || typeof Blob !== "undefined" && Blob;
+  const maxDepth = options.maxDepth === undefined ? 100 : options.maxDepth;
   const useBlob = _Blob && utils_default.isSpecCompliantForm(formData);
   if (!utils_default.isFunction(visitor)) {
     throw new TypeError("visitor must be a function");
@@ -39488,9 +39499,12 @@ function toFormData(obj, formData, options) {
     convertValue,
     isVisitable
   });
-  function build(value, path) {
+  function build(value, path, depth = 0) {
     if (utils_default.isUndefined(value))
       return;
+    if (depth > maxDepth) {
+      throw new AxiosError_default("Object is too deeply nested (" + depth + " levels). Max depth: " + maxDepth, AxiosError_default.ERR_FORM_DATA_DEPTH_EXCEEDED);
+    }
     if (stack.indexOf(value) !== -1) {
       throw Error("Circular reference detected in " + path.join("."));
     }
@@ -39498,7 +39512,7 @@ function toFormData(obj, formData, options) {
     utils_default.forEach(value, function each(el, key) {
       const result = !(utils_default.isUndefined(el) || el === null) && visitor.call(formData, el, utils_default.isString(key) ? key.trim() : key, path, exposedHelpers);
       if (result === true) {
-        build(el, path ? path.concat(key) : [key]);
+        build(el, path ? path.concat(key) : [key], depth + 1);
       }
     });
     stack.pop();
@@ -39528,10 +39542,9 @@ function encode3(str) {
     "(": "%28",
     ")": "%29",
     "~": "%7E",
-    "%20": "+",
-    "%00": "\x00"
+    "%20": "+"
   };
-  return encodeURIComponent(str).replace(/[!'()~]|%20|%00/g, function replacer(match) {
+  return encodeURIComponent(str).replace(/[!'()~]|%20/g, function replacer(match) {
     return charMap[match];
   });
 }
@@ -39757,7 +39770,7 @@ function formDataToJSON(formData) {
     name = !name && utils_default.isArray(target) ? target.length : name;
     if (isLast) {
       if (utils_default.hasOwnProp(target, name)) {
-        target[name] = [target[name], value];
+        target[name] = utils_default.isArray(target[name]) ? target[name].concat(value) : [target[name], value];
       } else {
         target[name] = value;
       }
@@ -39801,7 +39814,7 @@ function stringifySafely(rawValue, parser, encoder) {
   }
   return (encoder || JSON.stringify)(rawValue);
 }
-var defaults, defaults_default;
+var own = (obj, key) => obj != null && utils_default.hasOwnProp(obj, key) ? obj[key] : undefined, defaults, defaults_default;
 var init_defaults = __esm(() => {
   init_utils();
   init_AxiosError();
@@ -39837,12 +39850,14 @@ var init_defaults = __esm(() => {
         }
         let isFileList2;
         if (isObjectPayload) {
+          const formSerializer = own(this, "formSerializer");
           if (contentType.indexOf("application/x-www-form-urlencoded") > -1) {
-            return toURLEncodedForm(data, this.formSerializer).toString();
+            return toURLEncodedForm(data, formSerializer).toString();
           }
           if ((isFileList2 = utils_default.isFileList(data)) || contentType.indexOf("multipart/form-data") > -1) {
-            const _FormData = this.env && this.env.FormData;
-            return toFormData_default(isFileList2 ? { "files[]": data } : data, _FormData && new _FormData, this.formSerializer);
+            const env = own(this, "env");
+            const _FormData = env && env.FormData;
+            return toFormData_default(isFileList2 ? { "files[]": data } : data, _FormData && new _FormData, formSerializer);
           }
         }
         if (isObjectPayload || hasJSONContentType) {
@@ -39854,21 +39869,22 @@ var init_defaults = __esm(() => {
     ],
     transformResponse: [
       function transformResponse(data) {
-        const transitional = this.transitional || defaults.transitional;
+        const transitional = own(this, "transitional") || defaults.transitional;
         const forcedJSONParsing = transitional && transitional.forcedJSONParsing;
-        const JSONRequested = this.responseType === "json";
+        const responseType = own(this, "responseType");
+        const JSONRequested = responseType === "json";
         if (utils_default.isResponse(data) || utils_default.isReadableStream(data)) {
           return data;
         }
-        if (data && utils_default.isString(data) && (forcedJSONParsing && !this.responseType || JSONRequested)) {
+        if (data && utils_default.isString(data) && (forcedJSONParsing && !responseType || JSONRequested)) {
           const silentJSONParsing = transitional && transitional.silentJSONParsing;
           const strictJSONParsing = !silentJSONParsing && JSONRequested;
           try {
-            return JSON.parse(data, this.parseReviver);
+            return JSON.parse(data, own(this, "parseReviver"));
           } catch (e) {
             if (strictJSONParsing) {
               if (e.name === "SyntaxError") {
-                throw AxiosError_default.from(e, AxiosError_default.ERR_BAD_RESPONSE, this, null, this.response);
+                throw AxiosError_default.from(e, AxiosError_default.ERR_BAD_RESPONSE, this, null, own(this, "response"));
               }
               throw e;
             }
@@ -39952,14 +39968,36 @@ var init_parseHeaders = __esm(() => {
 });
 // node_modules/axios/lib/core/AxiosHeaders.js
+function trimSPorHTAB(str) {
+  let start = 0;
+  let end = str.length;
+  while (start < end) {
+    const code = str.charCodeAt(start);
+    if (code !== 9 && code !== 32) {
+      break;
+    }
+    start += 1;
+  }
+  while (end > start) {
+    const code = str.charCodeAt(end - 1);
+    if (code !== 9 && code !== 32) {
+      break;
+    }
+    end -= 1;
+  }
+  return start === 0 && end === str.length ? str : str.slice(start, end);
+}
 function normalizeHeader(header) {
   return header && String(header).trim().toLowerCase();
 }
+function sanitizeHeaderValue(str) {
+  return trimSPorHTAB(str.replace(INVALID_HEADER_VALUE_CHARS_RE, ""));
+}
 function normalizeValue(value) {
   if (value === false || value == null) {
     return value;
   }
-  return utils_default.isArray(value) ? value.map(normalizeValue) : String(value);
+  return utils_default.isArray(value) ? value.map(normalizeValue) : sanitizeHeaderValue(String(value));
 }
 function parseTokens(str) {
   const tokens = Object.create(null);
@@ -40002,11 +40040,12 @@ function buildAccessors(obj, header) {
     });
   });
 }
-var $internals, isValidHeaderName = (str) => /^[-_a-zA-Z0-9^`|~,!#$%&'*+.]+$/.test(str.trim()), AxiosHeaders, AxiosHeaders_default;
+var $internals, INVALID_HEADER_VALUE_CHARS_RE, isValidHeaderName = (str) => /^[-_a-zA-Z0-9^`|~,!#$%&'*+.]+$/.test(str.trim()), AxiosHeaders, AxiosHeaders_default;
 var init_AxiosHeaders = __esm(() => {
   init_utils();
   init_parseHeaders();
   $internals = Symbol("internals");
+  INVALID_HEADER_VALUE_CHARS_RE = /[^\x09\x20-\x7E\x80-\xFF]/g;
   AxiosHeaders = class AxiosHeaders {
     constructor(headers) {
       headers && this.set(headers);
@@ -40259,7 +40298,7 @@ function combineURLs(baseURL, relativeURL) {
 // node_modules/axios/lib/core/buildFullPath.js
 function buildFullPath(baseURL, requestedURL, allowAbsoluteUrls) {
   let isRelativeUrl = !isAbsoluteURL(requestedURL);
-  if (baseURL && (isRelativeUrl || allowAbsoluteUrls == false)) {
+  if (baseURL && (isRelativeUrl || allowAbsoluteUrls === false)) {
     return combineURLs(baseURL, requestedURL);
   }
   return requestedURL;
@@ -40267,9 +40306,66 @@ function buildFullPath(baseURL, requestedURL, allowAbsoluteUrls) {
 var init_buildFullPath = () => {};
 // node_modules/proxy-from-env/index.js
-var require_proxy_from_env = __commonJS((exports) => {
-  var parseUrl = __require("url").parse;
-  var DEFAULT_PORTS = {
+function parseUrl(urlString) {
+  try {
+    return new URL(urlString);
+  } catch {
+    return null;
+  }
+}
+function getProxyForUrl(url3) {
+  var parsedUrl = (typeof url3 === "string" ? parseUrl(url3) : url3) || {};
+  var proto = parsedUrl.protocol;
+  var hostname3 = parsedUrl.host;
+  var port = parsedUrl.port;
+  if (typeof hostname3 !== "string" || !hostname3 || typeof proto !== "string") {
+    return "";
+  }
+  proto = proto.split(":", 1)[0];
+  hostname3 = hostname3.replace(/:\d*$/, "");
+  port = parseInt(port) || DEFAULT_PORTS[proto] || 0;
+  if (!shouldProxy(hostname3, port)) {
+    return "";
+  }
+  var proxy = getEnv(proto + "_proxy") || getEnv("all_proxy");
+  if (proxy && proxy.indexOf("://") === -1) {
+    proxy = proto + "://" + proxy;
+  }
+  return proxy;
+}
+function shouldProxy(hostname3, port) {
+  var NO_PROXY = getEnv("no_proxy").toLowerCase();
+  if (!NO_PROXY) {
+    return true;
+  }
+  if (NO_PROXY === "*") {
+    return false;
+  }
+  return NO_PROXY.split(/[,\s]/).every(function(proxy) {
+    if (!proxy) {
+      return true;
+    }
+    var parsedProxy = proxy.match(/^(.+):(\d+)$/);
+    var parsedProxyHostname = parsedProxy ? parsedProxy[1] : proxy;
+    var parsedProxyPort = parsedProxy ? parseInt(parsedProxy[2]) : 0;
+    if (parsedProxyPort && parsedProxyPort !== port) {
+      return true;
+    }
+    if (!/^[.*]/.test(parsedProxyHostname)) {
+      return hostname3 !== parsedProxyHostname;
+    }
+    if (parsedProxyHostname.charAt(0) === "*") {
+      parsedProxyHostname = parsedProxyHostname.slice(1);
+    }
+    return !hostname3.endsWith(parsedProxyHostname);
+  });
+}
+function getEnv(key) {
+  return process.env[key.toLowerCase()] || process.env[key.toUpperCase()] || "";
+}
+var DEFAULT_PORTS;
+var init_proxy_from_env = __esm(() => {
+  DEFAULT_PORTS = {
     ftp: 21,
     gopher: 70,
     http: 80,
@@ -40277,60 +40373,6 @@ var require_proxy_from_env = __commonJS((exports) => {
     ws: 80,
     wss: 443
   };
-  var stringEndsWith = String.prototype.endsWith || function(s) {
-    return s.length <= this.length && this.indexOf(s, this.length - s.length) !== -1;
-  };
-  function getProxyForUrl(url3) {
-    var parsedUrl = typeof url3 === "string" ? parseUrl(url3) : url3 || {};
-    var proto = parsedUrl.protocol;
-    var hostname3 = parsedUrl.host;
-    var port = parsedUrl.port;
-    if (typeof hostname3 !== "string" || !hostname3 || typeof proto !== "string") {
-      return "";
-    }
-    proto = proto.split(":", 1)[0];
-    hostname3 = hostname3.replace(/:\d*$/, "");
-    port = parseInt(port) || DEFAULT_PORTS[proto] || 0;
-    if (!shouldProxy(hostname3, port)) {
-      return "";
-    }
-    var proxy = getEnv("npm_config_" + proto + "_proxy") || getEnv(proto + "_proxy") || getEnv("npm_config_proxy") || getEnv("all_proxy");
-    if (proxy && proxy.indexOf("://") === -1) {
-      proxy = proto + "://" + proxy;
-    }
-    return proxy;
-  }
-  function shouldProxy(hostname3, port) {
-    var NO_PROXY = (getEnv("npm_config_no_proxy") || getEnv("no_proxy")).toLowerCase();
-    if (!NO_PROXY) {
-      return true;
-    }
-    if (NO_PROXY === "*") {
-      return false;
-    }
-    return NO_PROXY.split(/[,\s]/).every(function(proxy) {
-      if (!proxy) {
-        return true;
-      }
-      var parsedProxy = proxy.match(/^(.+):(\d+)$/);
-      var parsedProxyHostname = parsedProxy ? parsedProxy[1] : proxy;
-      var parsedProxyPort = parsedProxy ? parseInt(parsedProxy[2]) : 0;
-      if (parsedProxyPort && parsedProxyPort !== port) {
-        return true;
-      }
-      if (!/^[.*]/.test(parsedProxyHostname)) {
-        return hostname3 !== parsedProxyHostname;
-      }
-      if (parsedProxyHostname.charAt(0) === "*") {
-        parsedProxyHostname = parsedProxyHostname.slice(1);
-      }
-      return !stringEndsWith.call(hostname3, parsedProxyHostname);
-    });
-  }
-  function getEnv(key) {
-    return process.env[key.toLowerCase()] || process.env[key.toUpperCase()] || "";
-  }
-  exports.getProxyForUrl = getProxyForUrl;
 });
 // node_modules/ms/index.js
@@ -41269,7 +41311,7 @@ var require_follow_redirects = __commonJS((exports, module) => {
       removeMatchingHeaders(/^content-/i, this._options.headers);
     }
     var currentHostHeader = removeMatchingHeaders(/^host$/i, this._options.headers);
-    var currentUrlParts = parseUrl(this._currentUrl);
+    var currentUrlParts = parseUrl2(this._currentUrl);
     var currentHost = currentHostHeader || currentUrlParts.host;
     var currentUrl = /^\w+:/.test(location) ? this._currentUrl : url3.format(Object.assign(currentUrlParts, { host: currentHost }));
     var redirectUrl = resolveUrl(location, currentUrl);
@@ -41308,7 +41350,7 @@ var require_follow_redirects = __commonJS((exports, module) => {
         if (isURL(input)) {
           input = spreadUrlObject(input);
         } else if (isString2(input)) {
-          input = spreadUrlObject(parseUrl(input));
+          input = spreadUrlObject(parseUrl2(input));
         } else {
           callback = options;
           options = validateUrl(input);
@@ -41343,7 +41385,7 @@ var require_follow_redirects = __commonJS((exports, module) => {
     return exports2;
   }
   function noop2() {}
-  function parseUrl(input) {
+  function parseUrl2(input) {
     var parsed;
     if (useNativeURL) {
       parsed = new URL2(input);
@@ -41356,7 +41398,7 @@ var require_follow_redirects = __commonJS((exports, module) => {
     return parsed;
   }
   function resolveUrl(relative, base) {
-    return useNativeURL ? new URL2(relative, base) : parseUrl(url3.resolve(base, relative));
+    return useNativeURL ? new URL2(relative, base) : parseUrl2(url3.resolve(base, relative));
   }
   function validateUrl(input) {
     if (/^\[/.test(input.hostname) && !/^\[[:0-9a-f]+\]$/i.test(input.hostname)) {
@@ -41442,7 +41484,7 @@ var require_follow_redirects = __commonJS((exports, module) => {
 });
 // node_modules/axios/lib/env/data.js
-var VERSION = "1.13.6";
+var VERSION = "1.15.2";
 // node_modules/axios/lib/helpers/parseProtocol.js
 function parseProtocol(url3) {
@@ -41632,7 +41674,8 @@ class FormDataPart {
     if (isStringValue) {
       value = textEncoder.encode(String(value).replace(/\r?\n|\r\n?/g, CRLF));
     } else {
-      headers += `Content-Type: ${value.type || "application/octet-stream"}${CRLF}`;
+      const safeType = String(value.type || "application/octet-stream").replace(/[\r\n]/g, "");
+      headers += `Content-Type: ${safeType}${CRLF}`;
     }
     this.headers = textEncoder.encode(headers + CRLF);
     this.contentLength = isStringValue ? value.byteLength : value.size;
@@ -41749,6 +41792,120 @@ var init_callbackify = __esm(() => {
   callbackify_default = callbackify;
 });
+// node_modules/axios/lib/helpers/shouldBypassProxy.js
+function shouldBypassProxy(location) {
+  let parsed;
+  try {
+    parsed = new URL(location);
+  } catch (_err) {
+    return false;
+  }
+  const noProxy = (process.env.no_proxy || process.env.NO_PROXY || "").toLowerCase();
+  if (!noProxy) {
+    return false;
+  }
+  if (noProxy === "*") {
+    return true;
+  }
+  const port = Number.parseInt(parsed.port, 10) || DEFAULT_PORTS2[parsed.protocol.split(":", 1)[0]] || 0;
+  const hostname3 = normalizeNoProxyHost(parsed.hostname.toLowerCase());
+  return noProxy.split(/[\s,]+/).some((entry) => {
+    if (!entry) {
+      return false;
+    }
+    let [entryHost, entryPort] = parseNoProxyEntry(entry);
+    entryHost = normalizeNoProxyHost(entryHost);
+    if (!entryHost) {
+      return false;
+    }
+    if (entryPort && entryPort !== port) {
+      return false;
+    }
+    if (entryHost.charAt(0) === "*") {
+      entryHost = entryHost.slice(1);
+    }
+    if (entryHost.charAt(0) === ".") {
+      return hostname3.endsWith(entryHost);
+    }
+    return hostname3 === entryHost || isLoopback(hostname3) && isLoopback(entryHost);
+  });
+}
+var LOOPBACK_HOSTNAMES, isIPv4Loopback = (host) => {
+  const parts = host.split(".");
+  if (parts.length !== 4)
+    return false;
+  if (parts[0] !== "127")
+    return false;
+  return parts.every((p) => /^\d+$/.test(p) && Number(p) >= 0 && Number(p) <= 255);
+}, isIPv6Loopback = (host) => {
+  if (host === "::1")
+    return true;
+  const v4MappedDotted = host.match(/^::ffff:(\d+\.\d+\.\d+\.\d+)$/i);
+  if (v4MappedDotted)
+    return isIPv4Loopback(v4MappedDotted[1]);
+  const v4MappedHex = host.match(/^::ffff:([0-9a-f]{1,4}):([0-9a-f]{1,4})$/i);
+  if (v4MappedHex) {
+    const high = parseInt(v4MappedHex[1], 16);
+    return high >= 32512 && high <= 32767;
+  }
+  const groups = host.split(":");
+  if (groups.length === 8) {
+    for (let i = 0;i < 7; i++) {
+      if (!/^0+$/.test(groups[i]))
+        return false;
+    }
+    return /^0*1$/.test(groups[7]);
+  }
+  return false;
+}, isLoopback = (host) => {
+  if (!host)
+    return false;
+  if (LOOPBACK_HOSTNAMES.has(host))
+    return true;
+  if (isIPv4Loopback(host))
+    return true;
+  return isIPv6Loopback(host);
+}, DEFAULT_PORTS2, parseNoProxyEntry = (entry) => {
+  let entryHost = entry;
+  let entryPort = 0;
+  if (entryHost.charAt(0) === "[") {
+    const bracketIndex = entryHost.indexOf("]");
+    if (bracketIndex !== -1) {
+      const host = entryHost.slice(1, bracketIndex);
+      const rest = entryHost.slice(bracketIndex + 1);
+      if (rest.charAt(0) === ":" && /^\d+$/.test(rest.slice(1))) {
+        entryPort = Number.parseInt(rest.slice(1), 10);
+      }
+      return [host, entryPort];
+    }
+  }
+  const firstColon = entryHost.indexOf(":");
+  const lastColon = entryHost.lastIndexOf(":");
+  if (firstColon !== -1 && firstColon === lastColon && /^\d+$/.test(entryHost.slice(lastColon + 1))) {
+    entryPort = Number.parseInt(entryHost.slice(lastColon + 1), 10);
+    entryHost = entryHost.slice(0, lastColon);
+  }
+  return [entryHost, entryPort];
+}, normalizeNoProxyHost = (hostname3) => {
+  if (!hostname3) {
+    return hostname3;
+  }
+  if (hostname3.charAt(0) === "[" && hostname3.charAt(hostname3.length - 1) === "]") {
+    hostname3 = hostname3.slice(1, -1);
+  }
+  return hostname3.replace(/\.+$/, "");
+};
+var init_shouldBypassProxy = __esm(() => {
+  LOOPBACK_HOSTNAMES = new Set(["localhost"]);
+  DEFAULT_PORTS2 = {
+    http: 80,
+    https: 443,
+    ws: 80,
+    wss: 443,
+    ftp: 21
+  };
+});
 // node_modules/axios/lib/helpers/speedometer.js
 function speedometer(samplesCount, min) {
   samplesCount = samplesCount || 10;
@@ -41831,19 +41988,19 @@ var progressEventReducer = (listener, isDownloadStream, freq = 3) => {
   let bytesNotified = 0;
   const _speedometer = speedometer_default(50, 250);
   return throttle_default((e) => {
-    const loaded = e.loaded;
+    const rawLoaded = e.loaded;
     const total = e.lengthComputable ? e.total : undefined;
-    const progressBytes = loaded - bytesNotified;
+    const loaded = total != null ? Math.min(rawLoaded, total) : rawLoaded;
+    const progressBytes = Math.max(0, loaded - bytesNotified);
     const rate = _speedometer(progressBytes);
-    const inRange = loaded <= total;
-    bytesNotified = loaded;
+    bytesNotified = Math.max(bytesNotified, loaded);
     const data = {
       loaded,
       total,
       progress: total ? loaded / total : undefined,
       bytes: progressBytes,
       rate: rate ? rate : undefined,
-      estimated: rate && total && inRange ? (total - loaded) / rate : undefined,
+      estimated: rate && total ? (total - loaded) / rate : undefined,
       event: e,
       lengthComputable: total != null,
       [isDownloadStream ? "download" : "upload"]: true
@@ -41924,6 +42081,7 @@ import http from "http";
 import https from "https";
 import http2 from "http2";
 import util4 from "util";
+import { resolve as resolvePath } from "path";
 import zlib from "zlib";
 import stream3 from "stream";
 import { EventEmitter } from "events";
@@ -41961,6 +42119,9 @@ class Http2Sessions {
           } else {
             entries.splice(i, 1);
           }
+          if (!session.closed) {
+            session.close();
+          }
           return;
         }
       }
@@ -42005,9 +42166,11 @@ function dispatchBeforeRedirect(options, responseDetails) {
 function setProxy(options, configProxy, location) {
   let proxy = configProxy;
   if (!proxy && proxy !== false) {
-    const proxyUrl = import_proxy_from_env.default.getProxyForUrl(location);
+    const proxyUrl = getProxyForUrl(location);
     if (proxyUrl) {
-      proxy = new URL(proxyUrl);
+      if (!shouldBypassProxy(location)) {
+        proxy = new URL(proxyUrl);
+      }
     }
   }
   if (proxy) {
@@ -42038,7 +42201,7 @@ function setProxy(options, configProxy, location) {
     setProxy(redirectOptions, configProxy, redirectOptions.href);
   };
 }
-var import_proxy_from_env, import_follow_redirects, zlibOptions, brotliOptions, isBrotliSupported, httpFollow, httpsFollow, isHttps, supportedProtocols, flushOnFinish = (stream4, [throttled, flush]) => {
+var import_follow_redirects, zlibOptions, brotliOptions, isBrotliSupported, httpFollow, httpsFollow, isHttps, kAxiosSocketListener, kAxiosCurrentReq, supportedProtocols, flushOnFinish = (stream4, [throttled, flush]) => {
   stream4.on("end", flush).on("error", flush);
   return throttled;
 }, http2Sessions, isHttpAdapterSupported, wrapAsync = (asyncExecutor) => {
@@ -42075,6 +42238,7 @@ var init_http = __esm(() => {
   init_settle();
   init_buildFullPath();
   init_buildURL();
+  init_proxy_from_env();
   init_transitional();
   init_AxiosError();
   init_CanceledError();
@@ -42086,8 +42250,8 @@ var init_http = __esm(() => {
   init_readBlob();
   init_ZlibHeaderTransformStream();
   init_callbackify();
+  init_shouldBypassProxy();
   init_progressEventReducer();
-  import_proxy_from_env = __toESM(require_proxy_from_env(), 1);
   import_follow_redirects = __toESM(require_follow_redirects(), 1);
   zlibOptions = {
     flush: zlib.constants.Z_SYNC_FLUSH,
@@ -42100,6 +42264,8 @@ var init_http = __esm(() => {
   isBrotliSupported = utils_default.isFunction(zlib.createBrotliDecompress);
   ({ http: httpFollow, https: httpsFollow } = import_follow_redirects.default);
   isHttps = /https:?/;
+  kAxiosSocketListener = Symbol("axios.http.socketListener");
+  kAxiosCurrentReq = Symbol("axios.http.currentReq");
   supportedProtocols = platform_default.protocols.map((protocol) => {
     return protocol + ":";
   });
@@ -42134,8 +42300,16 @@ var init_http = __esm(() => {
   };
   http_default = isHttpAdapterSupported && function httpAdapter(config2) {
     return wrapAsync(async function dispatchHttpRequest(resolve, reject, onDone) {
-      let { data, lookup, family, httpVersion = 1, http2Options } = config2;
-      const { responseType, responseEncoding } = config2;
+      const own2 = (key) => utils_default.hasOwnProp(config2, key) ? config2[key] : undefined;
+      let data = own2("data");
+      let lookup = own2("lookup");
+      let family = own2("family");
+      let httpVersion = own2("httpVersion");
+      if (httpVersion === undefined)
+        httpVersion = 1;
+      let http2Options = own2("http2Options");
+      const responseType = own2("responseType");
+      const responseEncoding = own2("responseEncoding");
       const method = config2.method.toUpperCase();
       let isDone;
       let rejected = false;
@@ -42261,7 +42435,7 @@ var init_http = __esm(() => {
           tag: `axios-${VERSION}-boundary`,
           boundary: userBoundary && userBoundary[1] || undefined
         });
-      } else if (utils_default.isFormData(data) && utils_default.isFunction(data.getHeaders)) {
+      } else if (utils_default.isFormData(data) && utils_default.isFunction(data.getHeaders) && data.getHeaders !== Object.prototype.getHeaders) {
         headers.set(data.getHeaders());
         if (!headers.hasContentLength()) {
           try {
@@ -42306,9 +42480,10 @@ var init_http = __esm(() => {
         onUploadProgress && data.on("progress", flushOnFinish(data, progressEventDecorator(contentLength, progressEventReducer(asyncDecorator(onUploadProgress), false, 3))));
       }
       let auth = undefined;
-      if (config2.auth) {
-        const username = config2.auth.username || "";
-        const password = config2.auth.password || "";
+      const configAuth = own2("auth");
+      if (configAuth) {
+        const username = configAuth.username || "";
+        const password = configAuth.password || "";
         auth = username + ":" + password;
       }
       if (!auth && parsed.username) {
@@ -42328,7 +42503,7 @@ var init_http = __esm(() => {
         return reject(customErr);
       }
       headers.set("Accept-Encoding", "gzip, compress, deflate" + (isBrotliSupported ? ", br" : ""), false);
-      const options = {
+      const options = Object.assign(Object.create(null), {
         path,
         method,
         headers: headers.toJSON(),
@@ -42337,11 +42512,22 @@ var init_http = __esm(() => {
         protocol,
         family,
         beforeRedirect: dispatchBeforeRedirect,
-        beforeRedirects: {},
+        beforeRedirects: Object.create(null),
         http2Options
-      };
+      });
       !utils_default.isUndefined(lookup) && (options.lookup = lookup);
       if (config2.socketPath) {
+        if (typeof config2.socketPath !== "string") {
+          return reject(new AxiosError_default("socketPath must be a string", AxiosError_default.ERR_BAD_OPTION_VALUE, config2));
+        }
+        if (config2.allowedSocketPaths != null) {
+          const allowed = Array.isArray(config2.allowedSocketPaths) ? config2.allowedSocketPaths : [config2.allowedSocketPaths];
+          const resolvedSocket = resolvePath(config2.socketPath);
+          const isAllowed = allowed.some((entry) => typeof entry === "string" && resolvePath(entry) === resolvedSocket);
+          if (!isAllowed) {
+            return reject(new AxiosError_default(`socketPath "${config2.socketPath}" is not permitted by allowedSocketPaths`, AxiosError_default.ERR_BAD_OPTION_VALUE, config2));
+          }
+        }
         options.socketPath = config2.socketPath;
       } else {
         options.hostname = parsed.hostname.startsWith("[") ? parsed.hostname.slice(1, -1) : parsed.hostname;
@@ -42354,16 +42540,18 @@ var init_http = __esm(() => {
       if (isHttp2) {
         transport = http2Transport;
       } else {
-        if (config2.transport) {
-          transport = config2.transport;
+        const configTransport = own2("transport");
+        if (configTransport) {
+          transport = configTransport;
         } else if (config2.maxRedirects === 0) {
           transport = isHttpsRequest ? https : http;
         } else {
           if (config2.maxRedirects) {
             options.maxRedirects = config2.maxRedirects;
           }
-          if (config2.beforeRedirect) {
-            options.beforeRedirects.config = config2.beforeRedirect;
+          const configBeforeRedirect = own2("beforeRedirect");
+          if (configBeforeRedirect) {
+            options.beforeRedirects.config = configBeforeRedirect;
           }
           transport = isHttpsRequest ? httpsFollow : httpFollow;
         }
@@ -42373,9 +42561,7 @@ var init_http = __esm(() => {
       } else {
         options.maxBodyLength = Infinity;
       }
-      if (config2.insecureHTTPParser) {
-        options.insecureHTTPParser = config2.insecureHTTPParser;
-      }
+      options.insecureHTTPParser = Boolean(own2("insecureHTTPParser"));
       req = transport.request(options, function handleResponse(res) {
         if (req.destroyed)
           return;
@@ -42423,6 +42609,23 @@ var init_http = __esm(() => {
           request: lastRequest
         };
         if (responseType === "stream") {
+          if (config2.maxContentLength > -1) {
+            const limit = config2.maxContentLength;
+            const source = responseStream;
+            async function* enforceMaxContentLength() {
+              let totalResponseBytes = 0;
+              for await (const chunk of source) {
+                totalResponseBytes += chunk.length;
+                if (totalResponseBytes > limit) {
+                  throw new AxiosError_default("maxContentLength size of " + limit + " exceeded", AxiosError_default.ERR_BAD_RESPONSE, config2, lastRequest);
+                }
+                yield chunk;
+              }
+            }
+            responseStream = stream3.Readable.from(enforceMaxContentLength(), {
+              objectMode: false
+            });
+          }
           response.data = responseStream;
           settle(resolve, reject, response);
         } else {
@@ -42485,6 +42688,21 @@ var init_http = __esm(() => {
       });
       req.on("socket", function handleRequestSocket(socket) {
         socket.setKeepAlive(true, 1000 * 60);
+        if (!socket[kAxiosSocketListener]) {
+          socket.on("error", function handleSocketError(err) {
+            const current = socket[kAxiosCurrentReq];
+            if (current && !current.destroyed) {
+              current.destroy(err);
+            }
+          });
+          socket[kAxiosSocketListener] = true;
+        }
+        socket[kAxiosCurrentReq] = req;
+        req.once("close", function clearCurrentReq() {
+          if (socket[kAxiosCurrentReq] === req) {
+            socket[kAxiosCurrentReq] = null;
+          }
+        });
       });
       if (config2.timeout) {
         const timeout = parseInt(config2.timeout, 10);
@@ -42520,7 +42738,28 @@ var init_http = __esm(() => {
             abort(new CanceledError_default("Request stream has been aborted", config2, req));
           }
         });
-        data.pipe(req);
+        let uploadStream = data;
+        if (config2.maxBodyLength > -1 && config2.maxRedirects === 0) {
+          const limit = config2.maxBodyLength;
+          let bytesSent = 0;
+          uploadStream = stream3.pipeline([
+            data,
+            new stream3.Transform({
+              transform(chunk, _enc, cb) {
+                bytesSent += chunk.length;
+                if (bytesSent > limit) {
+                  return cb(new AxiosError_default("Request body larger than maxBodyLength limit", AxiosError_default.ERR_BAD_REQUEST, config2, req));
+                }
+                cb(null, chunk);
+              }
+            })
+          ], utils_default.noop);
+          uploadStream.on("error", (err) => {
+            if (!req.destroyed)
+              req.destroy(err);
+          });
+        }
+        uploadStream.pipe(req);
       } else {
         data && req.write(data);
         req.end();
@@ -42587,7 +42826,13 @@ var init_cookies = __esm(() => {
 // node_modules/axios/lib/core/mergeConfig.js
 function mergeConfig(config1, config2) {
   config2 = config2 || {};
-  const config3 = {};
+  const config3 = Object.create(null);
+  Object.defineProperty(config3, "hasOwnProperty", {
+    value: Object.prototype.hasOwnProperty,
+    enumerable: false,
+    writable: true,
+    configurable: true
+  });
   function getMergedValue(target, source, prop, caseless) {
     if (utils_default.isPlainObject(target) && utils_default.isPlainObject(source)) {
       return utils_default.merge.call({ caseless }, target, source);
@@ -42618,9 +42863,9 @@ function mergeConfig(config1, config2) {
     }
   }
   function mergeDirectKeys(a, b, prop) {
-    if (prop in config2) {
+    if (utils_default.hasOwnProp(config2, prop)) {
       return getMergedValue(a, b);
-    } else if (prop in config1) {
+    } else if (utils_default.hasOwnProp(config1, prop)) {
       return getMergedValue(undefined, a);
     }
   }
@@ -42651,6 +42896,7 @@ function mergeConfig(config1, config2) {
     httpsAgent: defaultToConfig2,
     cancelToken: defaultToConfig2,
     socketPath: defaultToConfig2,
+    allowedSocketPaths: defaultToConfig2,
     responseEncoding: defaultToConfig2,
     validateStatus: mergeDirectKeys,
     headers: (a, b, prop) => mergeDeepProperties(headersToObject(a), headersToObject(b), prop, true)
@@ -42659,7 +42905,9 @@ function mergeConfig(config1, config2) {
     if (prop === "__proto__" || prop === "constructor" || prop === "prototype")
       return;
     const merge3 = utils_default.hasOwnProp(mergeMap, prop) ? mergeMap[prop] : mergeDeepProperties;
-    const configValue = merge3(config1[prop], config2[prop], prop);
+    const a = utils_default.hasOwnProp(config1, prop) ? config1[prop] : undefined;
+    const b = utils_default.hasOwnProp(config2, prop) ? config2[prop] : undefined;
+    const configValue = merge3(a, b, prop);
     utils_default.isUndefined(configValue) && merge3 !== mergeDirectKeys || (config3[prop] = configValue);
   });
   return config3;
@@ -42673,9 +42921,18 @@ var init_mergeConfig = __esm(() => {
 // node_modules/axios/lib/helpers/resolveConfig.js
 var resolveConfig_default = (config2) => {
   const newConfig = mergeConfig({}, config2);
-  let { data, withXSRFToken, xsrfHeaderName, xsrfCookieName, headers, auth } = newConfig;
+  const own2 = (key) => utils_default.hasOwnProp(newConfig, key) ? newConfig[key] : undefined;
+  const data = own2("data");
+  let withXSRFToken = own2("withXSRFToken");
+  const xsrfHeaderName = own2("xsrfHeaderName");
+  const xsrfCookieName = own2("xsrfCookieName");
+  let headers = own2("headers");
+  const auth = own2("auth");
+  const baseURL = own2("baseURL");
+  const allowAbsoluteUrls = own2("allowAbsoluteUrls");
+  const url3 = own2("url");
   newConfig.headers = headers = AxiosHeaders_default.from(headers);
-  newConfig.url = buildURL(buildFullPath(newConfig.baseURL, newConfig.url, newConfig.allowAbsoluteUrls), config2.params, config2.paramsSerializer);
+  newConfig.url = buildURL(buildFullPath(baseURL, url3, allowAbsoluteUrls), config2.params, config2.paramsSerializer);
   if (auth) {
     headers.set("Authorization", "Basic " + btoa((auth.username || "") + ":" + (auth.password ? unescape(encodeURIComponent(auth.password)) : "")));
   }
@@ -42693,8 +42950,11 @@ var resolveConfig_default = (config2) => {
     }
   }
   if (platform_default.hasStandardBrowserEnv) {
-    withXSRFToken && utils_default.isFunction(withXSRFToken) && (withXSRFToken = withXSRFToken(newConfig));
-    if (withXSRFToken || withXSRFToken !== false && isURLSameOrigin_default(newConfig.url)) {
+    if (utils_default.isFunction(withXSRFToken)) {
+      withXSRFToken = withXSRFToken(newConfig);
+    }
+    const shouldSendXSRF = withXSRFToken === true || withXSRFToken == null && isURLSameOrigin_default(newConfig.url);
+    if (shouldSendXSRF) {
       const xsrfValue = xsrfHeaderName && xsrfCookieName && cookies_default.read(xsrfCookieName);
       if (xsrfValue) {
         headers.set(xsrfHeaderName, xsrfValue);
@@ -42986,14 +43246,18 @@ var DEFAULT_CHUNK_SIZE, isFunction2, globalFetchAPI, ReadableStream2, TextEncode
   const encodeText = isFetchSupported && (typeof TextEncoder2 === "function" ? ((encoder) => (str) => encoder.encode(str))(new TextEncoder2) : async (str) => new Uint8Array(await new Request(str).arrayBuffer()));
   const supportsRequestStream = isRequestSupported && isReadableStreamSupported && test(() => {
     let duplexAccessed = false;
-    const hasContentType = new Request(platform_default.origin, {
+    const request = new Request(platform_default.origin, {
       body: new ReadableStream2,
       method: "POST",
       get duplex() {
         duplexAccessed = true;
         return "half";
       }
-    }).headers.has("Content-Type");
+    });
+    const hasContentType = request.headers.has("Content-Type");
+    if (request.body != null) {
+      request.body.cancel();
+    }
     return duplexAccessed && !hasContentType;
   });
   const supportsResponseStream = isResponseSupported && isReadableStreamSupported && test(() => utils_default.isReadableStream(new Response2("").body));
@@ -43082,6 +43346,12 @@ var DEFAULT_CHUNK_SIZE, isFunction2, globalFetchAPI, ReadableStream2, TextEncode
         withCredentials = withCredentials ? "include" : "omit";
       }
       const isCredentialsSupported = isRequestSupported && "credentials" in Request.prototype;
+      if (utils_default.isFormData(data)) {
+        const contentType = headers.getContentType();
+        if (contentType && /^multipart\/form-data/i.test(contentType) && !/boundary=/i.test(contentType)) {
+          headers.delete("content-type");
+        }
+      }
       const resolvedOptions = {
         ...fetchOptions,
         signal: composedSignal,
@@ -43271,7 +43541,7 @@ function assertOptions(options, schema, allowUnknown) {
   let i = keys.length;
   while (i-- > 0) {
     const opt = keys[i];
-    const validator = schema[opt];
+    const validator = Object.prototype.hasOwnProperty.call(schema, opt) ? schema[opt] : undefined;
     if (validator) {
       const value = options[opt];
       const result = value === undefined || validator(value, opt, options);
@@ -43338,13 +43608,27 @@ class Axios {
       if (err instanceof Error) {
         let dummy = {};
         Error.captureStackTrace ? Error.captureStackTrace(dummy) : dummy = new Error;
-        const stack = dummy.stack ? dummy.stack.replace(/^.+\n/, "") : "";
+        const stack = (() => {
+          if (!dummy.stack) {
+            return "";
+          }
+          const firstNewlineIndex = dummy.stack.indexOf(`
+`);
+          return firstNewlineIndex === -1 ? "" : dummy.stack.slice(firstNewlineIndex + 1);
+        })();
         try {
           if (!err.stack) {
             err.stack = stack;
-          } else if (stack && !String(err.stack).endsWith(stack.replace(/^.+\n.+\n/, ""))) {
-            err.stack += `
+          } else if (stack) {
+            const firstNewlineIndex = stack.indexOf(`
+`);
+            const secondNewlineIndex = firstNewlineIndex === -1 ? -1 : stack.indexOf(`
+`, firstNewlineIndex + 1);
+            const stackWithoutTwoTopLines = secondNewlineIndex === -1 ? "" : stack.slice(secondNewlineIndex + 1);
+            if (!String(err.stack).endsWith(stackWithoutTwoTopLines)) {
+              err.stack += `
 ` + stack;
+            }
           }
         } catch (e) {}
       }
@@ -43848,26 +44132,13 @@ var init_dist = __esm(() => {
   init_upperFirst();
 });
-// node_modules/uuid/dist-node/native.js
-import { randomUUID } from "node:crypto";
-var native_default;
-var init_native = __esm(() => {
-  native_default = { randomUUID };
-});
 // node_modules/uuid/dist-node/rng.js
-import { randomFillSync } from "node:crypto";
 function rng() {
-  if (poolPtr > rnds8Pool.length - 16) {
-    randomFillSync(rnds8Pool);
-    poolPtr = 0;
-  }
-  return rnds8Pool.slice(poolPtr, poolPtr += 16);
+  return crypto.getRandomValues(rnds8);
 }
-var rnds8Pool, poolPtr;
+var rnds8;
 var init_rng = __esm(() => {
-  rnds8Pool = new Uint8Array(256);
-  poolPtr = rnds8Pool.length;
+  rnds8 = new Uint8Array(16);
 });
 // node_modules/uuid/dist-node/stringify.js
@@ -43883,6 +44154,12 @@ var init_stringify = __esm(() => {
 });
 // node_modules/uuid/dist-node/v4.js
+function v4(options, buf, offset) {
+  if (!buf && !options && crypto.randomUUID) {
+    return crypto.randomUUID();
+  }
+  return _v4(options, buf, offset);
+}
 function _v4(options, buf, offset) {
   options = options || {};
   const rnds = options.random ?? options.rng?.() ?? rng();
@@ -43903,15 +44180,8 @@ function _v4(options, buf, offset) {
   }
   return unsafeStringify(rnds);
 }
-function v4(options, buf, offset) {
-  if (native_default.randomUUID && !buf && !options) {
-    return native_default.randomUUID();
-  }
-  return _v4(options, buf, offset);
-}
 var v4_default;
 var init_v42 = __esm(() => {
-  init_native();
   init_rng();
   init_stringify();
   v4_default = v4;
@@ -46617,8 +46887,8 @@ var import_debug, __require2, ChangeDifferenceType, KadoaErrorCode, _KadoaSdkExc
         options: localVarRequestOptions
       };
     },
-    v4WorkflowsPost: async (createWorkflowBody, options = {}) => {
-      const localVarPath = `/v4/workflows/`;
+    v4WorkflowsPost: async (publicWorkflowCreateRequest, options = {}) => {
+      const localVarPath = `/v4/workflows`;
       const localVarUrlObj = new URL$1(localVarPath, DUMMY_BASE_URL);
       let baseOptions;
       if (configuration) {
@@ -46633,7 +46903,7 @@ var import_debug, __require2, ChangeDifferenceType, KadoaErrorCode, _KadoaSdkExc
       setSearchParams(localVarUrlObj, localVarQueryParameter);
       let headersFromBaseOptions = baseOptions && baseOptions.headers ? baseOptions.headers : {};
       localVarRequestOptions.headers = { ...localVarHeaderParameter, ...headersFromBaseOptions, ...options.headers };
-      localVarRequestOptions.data = serializeDataIfNeeded(createWorkflowBody, localVarRequestOptions, configuration);
+      localVarRequestOptions.data = serializeDataIfNeeded(publicWorkflowCreateRequest, localVarRequestOptions, configuration);
       return {
         url: toPathString(localVarUrlObj),
         options: localVarRequestOptions
@@ -46730,7 +47000,30 @@ var import_debug, __require2, ChangeDifferenceType, KadoaErrorCode, _KadoaSdkExc
         options: localVarRequestOptions
       };
     },
-    v4WorkflowsWorkflowIdDataGet: async (workflowId, xApiKey, authorization, runId, format, sortBy2, order, filters, page, limit, gzip, rowIds, includeAnomalies, options = {}) => {
+    v4WorkflowsWorkflowIdDataExportsExportIdGet: async (workflowId, exportId, options = {}) => {
+      assertParamExists("v4WorkflowsWorkflowIdDataExportsExportIdGet", "workflowId", workflowId);
+      assertParamExists("v4WorkflowsWorkflowIdDataExportsExportIdGet", "exportId", exportId);
+      const localVarPath = `/v4/workflows/{workflowId}/data/exports/{exportId}`.replace(`{${"workflowId"}}`, encodeURIComponent(String(workflowId))).replace(`{${"exportId"}}`, encodeURIComponent(String(exportId)));
+      const localVarUrlObj = new URL$1(localVarPath, DUMMY_BASE_URL);
+      let baseOptions;
+      if (configuration) {
+        baseOptions = configuration.baseOptions;
+      }
+      const localVarRequestOptions = { method: "GET", ...baseOptions, ...options };
+      const localVarHeaderParameter = {};
+      const localVarQueryParameter = {};
+      await setApiKeyToObject(localVarHeaderParameter, "x-api-key", configuration);
+      await setBearerAuthToObject(localVarHeaderParameter, configuration);
+      localVarHeaderParameter["Accept"] = "text/csv";
+      setSearchParams(localVarUrlObj, localVarQueryParameter);
+      let headersFromBaseOptions = baseOptions && baseOptions.headers ? baseOptions.headers : {};
+      localVarRequestOptions.headers = { ...localVarHeaderParameter, ...headersFromBaseOptions, ...options.headers };
+      return {
+        url: toPathString(localVarUrlObj),
+        options: localVarRequestOptions
+      };
+    },
+    v4WorkflowsWorkflowIdDataGet: async (workflowId, xApiKey, authorization, runId, format, sortBy2, order, filters, page, limit, gzip, rowIds, includeAnomalies, download, options = {}) => {
       assertParamExists("v4WorkflowsWorkflowIdDataGet", "workflowId", workflowId);
       const localVarPath = `/v4/workflows/{workflowId}/data`.replace(`{${"workflowId"}}`, encodeURIComponent(String(workflowId)));
       const localVarUrlObj = new URL$1(localVarPath, DUMMY_BASE_URL);
@@ -46773,6 +47066,9 @@ var import_debug, __require2, ChangeDifferenceType, KadoaErrorCode, _KadoaSdkExc
       if (includeAnomalies !== undefined) {
         localVarQueryParameter["includeAnomalies"] = includeAnomalies;
       }
+      if (download !== undefined) {
+        localVarQueryParameter["download"] = download;
+      }
       localVarHeaderParameter["Accept"] = "application/json,text/csv";
       if (xApiKey != null) {
         localVarHeaderParameter["x-api-key"] = String(xApiKey);
@@ -46986,6 +47282,27 @@ var import_debug, __require2, ChangeDifferenceType, KadoaErrorCode, _KadoaSdkExc
         options: localVarRequestOptions
       };
     },
+    v4WorkflowsWorkflowIdStopPut: async (workflowId, options = {}) => {
+      assertParamExists("v4WorkflowsWorkflowIdStopPut", "workflowId", workflowId);
+      const localVarPath = `/v4/workflows/{workflowId}/stop`.replace(`{${"workflowId"}}`, encodeURIComponent(String(workflowId)));
+      const localVarUrlObj = new URL$1(localVarPath, DUMMY_BASE_URL);
+      let baseOptions;
+      if (configuration) {
+        baseOptions = configuration.baseOptions;
+      }
+      const localVarRequestOptions = { method: "PUT", ...baseOptions, ...options };
+      const localVarHeaderParameter = {};
+      const localVarQueryParameter = {};
+      await setApiKeyToObject(localVarHeaderParameter, "x-api-key", configuration);
+      localVarHeaderParameter["Accept"] = "application/json";
+      setSearchParams(localVarUrlObj, localVarQueryParameter);
+      let headersFromBaseOptions = baseOptions && baseOptions.headers ? baseOptions.headers : {};
+      localVarRequestOptions.headers = { ...localVarHeaderParameter, ...headersFromBaseOptions, ...options.headers };
+      return {
+        url: toPathString(localVarUrlObj),
+        options: localVarRequestOptions
+      };
+    },
     v5ChangesChangeIdGet: async (changeId, xApiKey, authorization, options = {}) => {
       assertParamExists("v5ChangesChangeIdGet", "changeId", changeId);
       const localVarPath = `/v5/changes/{changeId}`.replace(`{${"changeId"}}`, encodeURIComponent(String(changeId)));
@@ -47124,8 +47441,8 @@ var import_debug, __require2, ChangeDifferenceType, KadoaErrorCode, _KadoaSdkExc
       const localVarOperationServerBasePath = operationServerMap["WorkflowsApi.v4WorkflowsGet"]?.[localVarOperationServerIndex]?.url;
       return (axios2, basePath) => createRequestFunction(localVarAxiosArgs, axios_default, BASE_PATH, configuration)(axios2, localVarOperationServerBasePath || basePath);
     },
-    async v4WorkflowsPost(createWorkflowBody, options) {
-      const localVarAxiosArgs = await localVarAxiosParamCreator.v4WorkflowsPost(createWorkflowBody, options);
+    async v4WorkflowsPost(publicWorkflowCreateRequest, options) {
+      const localVarAxiosArgs = await localVarAxiosParamCreator.v4WorkflowsPost(publicWorkflowCreateRequest, options);
       const localVarOperationServerIndex = configuration?.serverIndex ?? 0;
       const localVarOperationServerBasePath = operationServerMap["WorkflowsApi.v4WorkflowsPost"]?.[localVarOperationServerIndex]?.url;
       return (axios2, basePath) => createRequestFunction(localVarAxiosArgs, axios_default, BASE_PATH, configuration)(axios2, localVarOperationServerBasePath || basePath);
@@ -47148,8 +47465,14 @@ var import_debug, __require2, ChangeDifferenceType, KadoaErrorCode, _KadoaSdkExc
       const localVarOperationServerBasePath = operationServerMap["WorkflowsApi.v4WorkflowsWorkflowIdComplianceRejectPut"]?.[localVarOperationServerIndex]?.url;
       return (axios2, basePath) => createRequestFunction(localVarAxiosArgs, axios_default, BASE_PATH, configuration)(axios2, localVarOperationServerBasePath || basePath);
     },
-    async v4WorkflowsWorkflowIdDataGet(workflowId, xApiKey, authorization, runId, format, sortBy2, order, filters, page, limit, gzip, rowIds, includeAnomalies, options) {
-      const localVarAxiosArgs = await localVarAxiosParamCreator.v4WorkflowsWorkflowIdDataGet(workflowId, xApiKey, authorization, runId, format, sortBy2, order, filters, page, limit, gzip, rowIds, includeAnomalies, options);
+    async v4WorkflowsWorkflowIdDataExportsExportIdGet(workflowId, exportId, options) {
+      const localVarAxiosArgs = await localVarAxiosParamCreator.v4WorkflowsWorkflowIdDataExportsExportIdGet(workflowId, exportId, options);
+      const localVarOperationServerIndex = configuration?.serverIndex ?? 0;
+      const localVarOperationServerBasePath = operationServerMap["WorkflowsApi.v4WorkflowsWorkflowIdDataExportsExportIdGet"]?.[localVarOperationServerIndex]?.url;
+      return (axios2, basePath) => createRequestFunction(localVarAxiosArgs, axios_default, BASE_PATH, configuration)(axios2, localVarOperationServerBasePath || basePath);
+    },
+    async v4WorkflowsWorkflowIdDataGet(workflowId, xApiKey, authorization, runId, format, sortBy2, order, filters, page, limit, gzip, rowIds, includeAnomalies, download, options) {
+      const localVarAxiosArgs = await localVarAxiosParamCreator.v4WorkflowsWorkflowIdDataGet(workflowId, xApiKey, authorization, runId, format, sortBy2, order, filters, page, limit, gzip, rowIds, includeAnomalies, download, options);
       const localVarOperationServerIndex = configuration?.serverIndex ?? 0;
       const localVarOperationServerBasePath = operationServerMap["WorkflowsApi.v4WorkflowsWorkflowIdDataGet"]?.[localVarOperationServerIndex]?.url;
       return (axios2, basePath) => createRequestFunction(localVarAxiosArgs, axios_default, BASE_PATH, configuration)(axios2, localVarOperationServerBasePath || basePath);
@@ -47208,6 +47531,12 @@ var import_debug, __require2, ChangeDifferenceType, KadoaErrorCode, _KadoaSdkExc
       const localVarOperationServerBasePath = operationServerMap["WorkflowsApi.v4WorkflowsWorkflowIdSchedulePut"]?.[localVarOperationServerIndex]?.url;
       return (axios2, basePath) => createRequestFunction(localVarAxiosArgs, axios_default, BASE_PATH, configuration)(axios2, localVarOperationServerBasePath || basePath);
     },
+    async v4WorkflowsWorkflowIdStopPut(workflowId, options) {
+      const localVarAxiosArgs = await localVarAxiosParamCreator.v4WorkflowsWorkflowIdStopPut(workflowId, options);
+      const localVarOperationServerIndex = configuration?.serverIndex ?? 0;
+      const localVarOperationServerBasePath = operationServerMap["WorkflowsApi.v4WorkflowsWorkflowIdStopPut"]?.[localVarOperationServerIndex]?.url;
+      return (axios2, basePath) => createRequestFunction(localVarAxiosArgs, axios_default, BASE_PATH, configuration)(axios2, localVarOperationServerBasePath || basePath);
+    },
     async v5ChangesChangeIdGet(changeId, xApiKey, authorization, options) {
       const localVarAxiosArgs = await localVarAxiosParamCreator.v5ChangesChangeIdGet(changeId, xApiKey, authorization, options);
       const localVarOperationServerIndex = configuration?.serverIndex ?? 0;
@@ -47389,8 +47718,7 @@ var import_debug, __require2, ChangeDifferenceType, KadoaErrorCode, _KadoaSdkExc
       page: options.page ?? 1,
       limit: options.limit ?? this.defaultLimit
     });
-    const result = response.data;
-    return result;
+    return response.data;
   }
   async fetchAllData(options) {
     const iterator2 = new PagedIterator((pageOptions) => this.fetchData({ ...options, ...pageOptions }));
@@ -48325,7 +48653,7 @@ var import_debug, __require2, ChangeDifferenceType, KadoaErrorCode, _KadoaSdkExc
     }));
     return channels;
   }
-}, PUBLIC_API_URI, WSS_API_URI, REALTIME_API_URI, SDK_VERSION = "0.29.1", SDK_NAME = "kadoa-node-sdk", SDK_LANGUAGE = "node", debug6, isDrainControlMessage = (message) => message.type === "control.draining", isRealtimeEvent = (message) => message.type !== "heartbeat" && message.type !== "control.draining", _Realtime = class _Realtime2 {
+}, PUBLIC_API_URI, WSS_API_URI, REALTIME_API_URI, SDK_VERSION = "0.31.1", SDK_NAME = "kadoa-node-sdk", SDK_LANGUAGE = "node", debug6, isDrainControlMessage = (message) => message.type === "control.draining", isRealtimeEvent = (message) => message.type !== "heartbeat" && message.type !== "control.draining", _Realtime = class _Realtime2 {
   constructor(config2) {
     this.drainingSockets = /* @__PURE__ */ new Set;
     this.lastHeartbeat = Date.now();
@@ -49059,53 +49387,20 @@ var import_debug, __require2, ChangeDifferenceType, KadoaErrorCode, _KadoaSdkExc
   }
   async create(input) {
     validateAdditionalData(input.additionalData);
-    const domainName = new URL(input.urls[0]).hostname;
-    if (input.navigationMode === "agentic-navigation") {
-      if (!input.userPrompt) {
-        throw new KadoaSdkException("userPrompt is required when navigationMode is 'agentic-navigation'", {
-          code: "VALIDATION_ERROR",
-          details: { navigationMode: input.navigationMode }
-        });
-      }
-      const agenticRequest = {
-        urls: input.urls,
-        navigationMode: "agentic-navigation",
-        name: input.name ?? domainName,
-        description: input.description,
-        userPrompt: input.userPrompt,
-        schemaId: input.schemaId,
-        entity: input.entity,
-        fields: input.fields,
-        bypassPreview: input.bypassPreview ?? true,
-        tags: input.tags,
-        interval: input.interval,
-        monitoring: input.monitoring,
-        location: input.location,
-        autoStart: input.autoStart,
-        schedules: input.schedules,
-        additionalData: input.additionalData,
-        limit: input.limit
-      };
-      const response2 = await this.workflowsApi.v4WorkflowsPost({
-        createWorkflowBody: agenticRequest
+    if (!input.userPrompt) {
+      throw new KadoaSdkException("userPrompt is required to create a workflow", {
+        code: "VALIDATION_ERROR",
+        details: { urls: input.urls }
       });
-      const workflowId2 = response2.data?.workflowId;
-      if (!workflowId2) {
-        throw new KadoaSdkException(ERROR_MESSAGES.NO_WORKFLOW_ID, {
-          code: "INTERNAL_ERROR",
-          details: {
-            response: response2.data
-          }
-        });
-      }
-      return { id: workflowId2 };
     }
+    const domainName = new URL(input.urls[0]).hostname;
     const request = {
       urls: input.urls,
       name: input.name ?? domainName,
-      schemaId: input.schemaId,
       description: input.description,
-      navigationMode: input.navigationMode,
+      userPrompt: input.userPrompt,
+      navigationMode: "agentic-navigation",
+      schemaId: input.schemaId,
       ...input.entity != null && { entity: input.entity },
       fields: input.fields,
       bypassPreview: input.bypassPreview ?? true,
@@ -49113,13 +49408,12 @@ var import_debug, __require2, ChangeDifferenceType, KadoaErrorCode, _KadoaSdkExc
       interval: input.interval,
       monitoring: input.monitoring,
       location: input.location,
-      autoStart: input.autoStart,
       schedules: input.schedules,
       additionalData: input.additionalData,
       limit: input.limit
     };
     const response = await this.workflowsApi.v4WorkflowsPost({
-      createWorkflowBody: request
+      publicWorkflowCreateRequest: request
     });
     const workflowId = response.data?.workflowId;
     if (!workflowId) {
@@ -49148,6 +49442,14 @@ var import_debug, __require2, ChangeDifferenceType, KadoaErrorCode, _KadoaSdkExc
     });
     return response.data?.workflows?.[0];
   }
+  async getAuditLog(id, options) {
+    const response = await this.workflowsApi.v5WorkflowsWorkflowIdAuditlogGet({
+      workflowId: id,
+      page: options?.page,
+      limit: options?.limit
+    });
+    return response.data;
+  }
   async delete(id) {
     await this.workflowsApi.v4WorkflowsWorkflowIdDelete({
       workflowId: id
@@ -49855,7 +50157,7 @@ var init_dist2 = __esm(() => {
       return WorkflowsApiFp(this.configuration).v4WorkflowsGet(requestParameters.search, requestParameters.skip, requestParameters.limit, requestParameters.state, requestParameters.runState, requestParameters.displayState, requestParameters.inSupport, requestParameters.tags, requestParameters.userId, requestParameters.monitoring, requestParameters.updateInterval, requestParameters.includeDeleted, requestParameters.format, options).then((request) => request(this.axios, this.basePath));
     }
     v4WorkflowsPost(requestParameters = {}, options) {
-      return WorkflowsApiFp(this.configuration).v4WorkflowsPost(requestParameters.createWorkflowBody, options).then((request) => request(this.axios, this.basePath));
+      return WorkflowsApiFp(this.configuration).v4WorkflowsPost(requestParameters.publicWorkflowCreateRequest, options).then((request) => request(this.axios, this.basePath));
     }
     v4WorkflowsWorkflowIdAuditlogGet(requestParameters, options) {
       return WorkflowsApiFp(this.configuration).v4WorkflowsWorkflowIdAuditlogGet(requestParameters.workflowId, requestParameters.xApiKey, requestParameters.authorization, requestParameters.page, requestParameters.limit, options).then((request) => request(this.axios, this.basePath));
@@ -49866,8 +50168,11 @@ var init_dist2 = __esm(() => {
     v4WorkflowsWorkflowIdComplianceRejectPut(requestParameters, options) {
       return WorkflowsApiFp(this.configuration).v4WorkflowsWorkflowIdComplianceRejectPut(requestParameters.workflowId, requestParameters.v4WorkflowsWorkflowIdComplianceRejectPutRequest, requestParameters.xApiKey, requestParameters.authorization, options).then((request) => request(this.axios, this.basePath));
     }
+    v4WorkflowsWorkflowIdDataExportsExportIdGet(requestParameters, options) {
+      return WorkflowsApiFp(this.configuration).v4WorkflowsWorkflowIdDataExportsExportIdGet(requestParameters.workflowId, requestParameters.exportId, options).then((request) => request(this.axios, this.basePath));
+    }
     v4WorkflowsWorkflowIdDataGet(requestParameters, options) {
-      return WorkflowsApiFp(this.configuration).v4WorkflowsWorkflowIdDataGet(requestParameters.workflowId, requestParameters.xApiKey, requestParameters.authorization, requestParameters.runId, requestParameters.format, requestParameters.sortBy, requestParameters.order, requestParameters.filters, requestParameters.page, requestParameters.limit, requestParameters.gzip, requestParameters.rowIds, requestParameters.includeAnomalies, options).then((request) => request(this.axios, this.basePath));
+      return WorkflowsApiFp(this.configuration).v4WorkflowsWorkflowIdDataGet(requestParameters.workflowId, requestParameters.xApiKey, requestParameters.authorization, requestParameters.runId, requestParameters.format, requestParameters.sortBy, requestParameters.order, requestParameters.filters, requestParameters.page, requestParameters.limit, requestParameters.gzip, requestParameters.rowIds, requestParameters.includeAnomalies, requestParameters.download, options).then((request) => request(this.axios, this.basePath));
     }
     v4WorkflowsWorkflowIdDelete(requestParameters, options) {
       return WorkflowsApiFp(this.configuration).v4WorkflowsWorkflowIdDelete(requestParameters.workflowId, options).then((request) => request(this.axios, this.basePath));
@@ -49896,6 +50201,9 @@ var init_dist2 = __esm(() => {
     v4WorkflowsWorkflowIdSchedulePut(requestParameters, options) {
       return WorkflowsApiFp(this.configuration).v4WorkflowsWorkflowIdSchedulePut(requestParameters.workflowId, requestParameters.v4WorkflowsWorkflowIdSchedulePutRequest, options).then((request) => request(this.axios, this.basePath));
     }
+    v4WorkflowsWorkflowIdStopPut(requestParameters, options) {
+      return WorkflowsApiFp(this.configuration).v4WorkflowsWorkflowIdStopPut(requestParameters.workflowId, options).then((request) => request(this.axios, this.basePath));
+    }
     v5ChangesChangeIdGet(requestParameters, options) {
       return WorkflowsApiFp(this.configuration).v5ChangesChangeIdGet(requestParameters.changeId, requestParameters.xApiKey, requestParameters.authorization, options).then((request) => request(this.axios, this.basePath));
     }
@@ -50391,6 +50699,25 @@ function classifyError(error48, toolName) {
   }
   return "Unknown error";
 }
+function jsonEq(a, b) {
+  return JSON.stringify(a) === JSON.stringify(b);
+}
+function diffWorkflowAuditEntry(entry) {
+  const prev = entry.previousValue;
+  const next = entry.newValue;
+  if (!prev || !next)
+    return [];
+  const changed = [];
+  for (const key of WORKFLOW_AUDIT_WATCHED_KEYS) {
+    if (!jsonEq(prev[key], next[key]))
+      changed.push(key);
+  }
+  const prevPrompt = prev["additionalData"]?.["userPrompt"];
+  const nextPrompt = next["additionalData"]?.["userPrompt"];
+  if (!jsonEq(prevPrompt, nextPrompt))
+    changed.push("additionalData.userPrompt");
+  return changed;
+}
 function registerTools(server, ctx) {
   function withErrorHandling(name, handler) {
     return async (...args) => {
@@ -50751,6 +51078,42 @@ function registerTools(server, ctx) {
       notificationConfig: workflow.notificationConfig
     });
   }));
+  server.registerTool("get_workflow_history", {
+    description: "Get the configuration revision history (audit log) for a workflow. Each entry captures who changed the workflow, when, from which channel (UI/API/SDK/MCP/CLI/SYSTEM), and a `changedFields` list summarizing what changed between revisions. Use this to answer questions like 'did this workflow's prompt or schema change, when, and from what to what?'. Note: CREATE entries return null `previousValue`/`newValue` and an empty `changedFields` (no initial-state snapshot is captured).",
+    inputSchema: {
+      workflowId: exports_external.string().describe("The workflow ID"),
+      page: exports_external.preprocess(coerceNumber(), exports_external.number()).optional().describe("Page number, 1-based (default: 1)"),
+      limit: exports_external.preprocess(coerceNumber(), exports_external.number()).optional().describe("Entries per page (default: 25)")
+    },
+    annotations: { readOnlyHint: true, destructiveHint: false, idempotentHint: true }
+  }, withErrorHandling("get_workflow_history", async (args) => {
+    const response = await ctx.client.workflow.getAuditLog(args.workflowId, {
+      page: args.page,
+      limit: args.limit
+    });
+    const entries = (response.logEntries ?? []).map((e) => ({
+      id: e.id,
+      operationType: e.operationType,
+      createdAt: e.createdAt,
+      userEmail: e.userEmail,
+      userId: e.userId,
+      requestSource: e.requestSource,
+      authMethod: e.authMethod,
+      changedFields: diffWorkflowAuditEntry({
+        previousValue: e.previousValue,
+        newValue: e.newValue
+      }),
+      previousValue: e.previousValue,
+      newValue: e.newValue
+    }));
+    return jsonResult({
+      workflowId: response.id,
+      totalCount: response.pagination?.totalCount ?? response.logEntriesCount ?? entries.length,
+      page: response.pagination?.page ?? 1,
+      totalPages: response.pagination?.totalPages ?? 1,
+      entries
+    });
+  }));
   server.registerTool("run_workflow", {
     description: "Run a workflow to extract fresh data. The run is asynchronous and may take several minutes. Do NOT poll or sleep-wait for completion. Return the workflow ID to the user and let them check status with get_workflow or fetch results later with fetch_data.",
     inputSchema: {
@@ -51479,7 +51842,7 @@ function registerTools(server, ctx) {
     return jsonResult({ schemas: schemas4, count: schemas4.length });
   }));
 }
-var SchemaFieldShape, DASHBOARD_BASE_URL = "https://www.kadoa.com";
+var SchemaFieldShape, DASHBOARD_BASE_URL = "https://www.kadoa.com", WORKFLOW_AUDIT_WATCHED_KEYS;
 var init_tools = __esm(() => {
   init_zod();
   init_dist2();
@@ -51493,6 +51856,17 @@ var init_tools = __esm(() => {
     isRequired: exports_external.boolean().optional(),
     isUnique: exports_external.boolean().optional()
   };
+  WORKFLOW_AUDIT_WATCHED_KEYS = [
+    "name",
+    "tags",
+    "urls",
+    "schedules",
+    "entity",
+    "schema",
+    "monitoringConfig",
+    "location",
+    "navigationMode"
+  ];
 });
 // package.json
@@ -51500,7 +51874,7 @@ var package_default;
 var init_package = __esm(() => {
   package_default = {
     name: "@kadoa/mcp",
-    version: "0.5.3-rc.1",
+    version: "0.5.3",
     description: "Kadoa MCP Server — manage workflows from Claude Desktop, Cursor, and other MCP clients",
     type: "module",
     main: "dist/index.js",
@@ -51524,7 +51898,7 @@ var init_package = __esm(() => {
       prepublishOnly: "bun run check-types && bun run test:unit && bun run build"
     },
     dependencies: {
-      "@kadoa/node-sdk": "^0.29.1",
+      "@kadoa/node-sdk": "^0.31.1",
       "@modelcontextprotocol/sdk": "^1.26.0",
       express: "^5.2.1",
       ioredis: "^5.6.1",
@@ -55542,10 +55916,6 @@ function generatePKCE() {
   const challenge = createHash2("sha256").update(verifier).digest("base64url");
   return { verifier, challenge };
 }
-function kadoaAuthUrl() {
-  const raw = process.env.KADOA_AUTH_URL || "https://auth.kadoa.com";
-  return raw.replace(/\/+$/, "");
-}
 function jwtClaims(jwt2) {
   try {
     const payload = JSON.parse(Buffer.from(jwt2.split(".")[1], "base64url").toString());
@@ -55558,6 +55928,76 @@ function jwtClaims(jwt2) {
     return {};
   }
 }
+async function exchangeSupabaseCode(code, codeVerifier) {
+  const supabaseUrl = process.env.SUPABASE_URL;
+  if (!supabaseUrl)
+    throw new Error("SUPABASE_URL is not configured");
+  const res = await fetch(`${supabaseUrl}/auth/v1/token?grant_type=pkce`, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+      apikey: process.env.SUPABASE_ANON_KEY
+    },
+    body: JSON.stringify({ auth_code: code, code_verifier: codeVerifier })
+  });
+  if (!res.ok) {
+    const body = await res.text();
+    throw new Error(`Supabase token exchange failed (${res.status}): ${body}`);
+  }
+  const data = await res.json();
+  return { accessToken: data.access_token, refreshToken: data.refresh_token };
+}
+async function fetchUserTeams(supabaseJwt) {
+  const kadoaApiUrl = process.env.KADOA_PUBLIC_API_URI || "https://api.kadoa.com";
+  const userRes = await fetch(`${kadoaApiUrl}/v4/user`, {
+    headers: { Authorization: `Bearer ${supabaseJwt}` }
+  });
+  if (!userRes.ok) {
+    const body = await userRes.text();
+    throw new Error(`Kadoa /v4/user failed (${userRes.status}): ${body}`);
+  }
+  const userData = await userRes.json();
+  if (!userData.teams?.length) {
+    throw new Error("User has no teams");
+  }
+  return userData.teams.map((t) => ({
+    id: t.id,
+    name: t.name,
+    memberRole: t.memberRole
+  }));
+}
+async function setActiveTeamAndRefresh(jwt2, refreshToken, teamId) {
+  const kadoaApiUrl = process.env.KADOA_PUBLIC_API_URI || "https://api.kadoa.com";
+  const supabaseUrl = process.env.SUPABASE_URL;
+  if (!supabaseUrl)
+    throw new Error("SUPABASE_URL is not configured");
+  const setRes = await fetch(`${kadoaApiUrl}/v5/auth/active-team`, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+      Authorization: `Bearer ${jwt2}`
+    },
+    body: JSON.stringify({ teamId })
+  });
+  if (!setRes.ok) {
+    const body = await setRes.text();
+    throw new Error(`POST /v5/auth/active-team failed (${setRes.status}): ${body}`);
+  }
+  const refreshRes = await fetch(`${supabaseUrl}/auth/v1/token?grant_type=refresh_token`, {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+      apikey: process.env.SUPABASE_ANON_KEY
+    },
+    body: JSON.stringify({ refresh_token: refreshToken })
+  });
+  if (!refreshRes.ok) {
+    const body = await refreshRes.text();
+    throw new Error(`Supabase token refresh failed (${refreshRes.status}): ${body}`);
+  }
+  const data = await refreshRes.json();
+  return { jwt: data.access_token, refreshToken: data.refresh_token };
+}
 class KadoaOAuthProvider {
   store;
@@ -55583,23 +56023,151 @@ class KadoaOAuthProvider {
     };
   }
   async authorize(client, params, res) {
+    const supabaseUrl = process.env.SUPABASE_URL;
     const serverUrl = process.env.MCP_SERVER_URL;
-    if (!serverUrl)
-      throw new Error("MCP_SERVER_URL must be configured");
+    if (!supabaseUrl || !serverUrl) {
+      throw new Error("SUPABASE_URL and MCP_SERVER_URL must be configured");
+    }
     const state = randomToken();
     const { verifier, challenge } = generatePKCE();
     await this.store.set("pending_auths", state, {
       client,
       params,
-      mcpVerifier: verifier
+      supabaseCodeVerifier: verifier
     }, 600);
-    const authUrl = new URL(`${kadoaAuthUrl()}/login`);
-    authUrl.searchParams.set("callback_url", `${serverUrl}/auth/callback`);
-    authUrl.searchParams.set("state", state);
-    authUrl.searchParams.set("code_challenge", challenge);
+    res.type("html").send(renderLoginPage(state));
+  }
+  async handleGoogleLogin(req, res) {
+    const { state } = req.body;
+    const pending = await this.store.get("pending_auths", state);
+    if (!pending) {
+      res.status(400).send("Unknown or expired state parameter");
+      return;
+    }
+    const supabaseUrl = process.env.SUPABASE_URL;
+    const serverUrl = process.env.MCP_SERVER_URL;
+    if (!supabaseUrl || !serverUrl) {
+      res.status(500).send("Server misconfigured");
+      return;
+    }
+    const redirectTo = `${serverUrl}/auth/callback?mcp_state=${state}`;
+    const authUrl = new URL(`${supabaseUrl}/auth/v1/authorize`);
+    authUrl.searchParams.set("provider", "google");
+    authUrl.searchParams.set("redirect_to", redirectTo);
+    authUrl.searchParams.set("code_challenge", pending.supabaseCodeVerifier ? createHash2("sha256").update(pending.supabaseCodeVerifier).digest("base64url") : "");
     authUrl.searchParams.set("code_challenge_method", "S256");
     res.redirect(authUrl.toString());
   }
+  async handleEmailPasswordLogin(req, res) {
+    const { state, email: email3, password } = req.body;
+    if (!state || !email3 || !password) {
+      res.status(400).send("Missing required fields");
+      return;
+    }
+    const pending = await this.store.get("pending_auths", state);
+    if (!pending) {
+      res.status(400).type("html").send(renderLoginPage(state, "Session expired — please try again"));
+      return;
+    }
+    const supabaseUrl = process.env.SUPABASE_URL;
+    if (!supabaseUrl) {
+      res.status(500).send("Server misconfigured");
+      return;
+    }
+    try {
+      const tokenRes = await fetch(`${supabaseUrl}/auth/v1/token?grant_type=password`, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json",
+          apikey: process.env.SUPABASE_ANON_KEY
+        },
+        body: JSON.stringify({ email: email3, password })
+      });
+      if (!tokenRes.ok) {
+        const body = await tokenRes.json().catch(() => ({ error_description: "Authentication failed" }));
+        const message = body.error_description || body.msg || "Invalid email or password";
+        res.type("html").send(renderLoginPage(state, message));
+        return;
+      }
+      const data = await tokenRes.json();
+      await this.store.del("pending_auths", state);
+      await this.completeAuthWithTokens(pending, res, data.access_token, data.refresh_token);
+    } catch (error48) {
+      console.error("Email/password login error:", error48);
+      res.type("html").send(renderLoginPage(state, "An unexpected error occurred"));
+    }
+  }
+  async handleSSOLogin(req, res) {
+    const { state, email: email3 } = req.body;
+    if (!state || !email3) {
+      res.status(400).send("Missing required fields");
+      return;
+    }
+    const pending = await this.store.get("pending_auths", state);
+    if (!pending) {
+      res.status(400).type("html").send(renderLoginPage(state, "Session expired — please try again"));
+      return;
+    }
+    const supabaseUrl = process.env.SUPABASE_URL;
+    const serverUrl = process.env.MCP_SERVER_URL;
+    if (!supabaseUrl || !serverUrl) {
+      res.status(500).send("Server misconfigured");
+      return;
+    }
+    const domain2 = email3.includes("@") ? email3.split("@").pop() : email3;
+    try {
+      const ssoRes = await fetch(`${supabaseUrl}/auth/v1/sso`, {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json",
+          apikey: process.env.SUPABASE_ANON_KEY
+        },
+        body: JSON.stringify({
+          domain: domain2,
+          redirect_to: `${serverUrl}/auth/callback?mcp_state=${state}`,
+          skip_http_redirect: true,
+          code_challenge: createHash2("sha256").update(pending.supabaseCodeVerifier).digest("base64url"),
+          code_challenge_method: "s256"
+        })
+      });
+      if (!ssoRes.ok) {
+        const body = await ssoRes.json().catch(() => ({}));
+        const message = body.error_description || body.msg || body.message || "No SSO provider configured for this domain";
+        res.type("html").send(renderLoginPage(state, message));
+        return;
+      }
+      const data = await ssoRes.json();
+      if (!data.url) {
+        res.type("html").send(renderLoginPage(state, "No SSO provider configured for this domain"));
+        return;
+      }
+      res.redirect(data.url);
+    } catch (error48) {
+      console.error("SSO login error:", error48);
+      res.type("html").send(renderLoginPage(state, "An unexpected error occurred"));
+    }
+  }
+  async completeAuthWithTokens(pending, res, supabaseJwt, supabaseRefreshToken) {
+    const teams = await fetchUserTeams(supabaseJwt);
+    if (teams.length === 1) {
+      const refreshed = await setActiveTeamAndRefresh(supabaseJwt, supabaseRefreshToken, teams[0].id);
+      await this.completeAuthFlow(pending, res, {
+        jwt: refreshed.jwt,
+        refreshToken: refreshed.refreshToken,
+        teamId: teams[0].id
+      });
+      return;
+    }
+    const selectionToken = randomToken();
+    await this.store.set("pending_team_selections", selectionToken, {
+      supabaseJwt,
+      supabaseRefreshToken,
+      teams,
+      pending,
+      expiresAt: Date.now() + TEAM_SELECTION_TTL
+    }, 600);
+    res.type("html").send(renderTeamSelectionPage(teams, selectionToken));
+  }
   async challengeForAuthorizationCode(_client, authorizationCode) {
     const entry = await this.store.get("auth_codes", authorizationCode);
     if (!entry)
@@ -55724,9 +56292,9 @@ class KadoaOAuthProvider {
     };
   }
   async handleAuthCallback(req, res) {
-    const { code, state } = req.query;
+    const { code, mcp_state: state } = req.query;
     if (!code || !state) {
-      res.status(400).send("Missing code or state parameter");
+      res.status(400).send("Missing code or mcp_state parameter");
       return;
     }
     const pending = await this.store.get("pending_auths", state);
@@ -55736,28 +56304,10 @@ class KadoaOAuthProvider {
     }
     await this.store.del("pending_auths", state);
     try {
-      const tokenRes = await fetch(`${kadoaAuthUrl()}/api/token`, {
-        method: "POST",
-        headers: { "Content-Type": "application/json" },
-        body: JSON.stringify({ code, code_verifier: pending.mcpVerifier })
-      });
-      if (!tokenRes.ok) {
-        const body = await tokenRes.text().catch(() => "");
-        throw new Error(`auth.kadoa.com /api/token failed (${tokenRes.status}): ${body}`);
-      }
-      const data = await tokenRes.json();
-      if (typeof data?.access_token !== "string" || typeof data?.refresh_token !== "string" || typeof data?.team_id !== "string") {
-        throw new Error("auth.kadoa.com /api/token returned malformed response");
-      }
-      const claims = jwtClaims(data.access_token);
-      console.error(`[AUTH] CALLBACK_OK: tokens received (email=${claims.email}, team=${data.team_id})`);
-      await this.completeAuthFlow(pending, res, {
-        jwt: data.access_token,
-        refreshToken: data.refresh_token,
-        teamId: data.team_id
-      });
+      const supabaseTokens = await exchangeSupabaseCode(code, pending.supabaseCodeVerifier);
+      await this.completeAuthWithTokens(pending, res, supabaseTokens.accessToken, supabaseTokens.refreshToken);
     } catch (error48) {
-      console.error("[AUTH] CALLBACK_FAIL:", error48);
+      console.error("Auth callback error:", error48);
       const redirectUrl = new URL(pending.params.redirectUri);
       redirectUrl.searchParams.set("error", "server_error");
       redirectUrl.searchParams.set("error_description", error48 instanceof Error ? error48.message : "Authentication failed");
@@ -55767,6 +56317,45 @@ class KadoaOAuthProvider {
       res.redirect(redirectUrl.toString());
     }
   }
+  async handleTeamSelection(req, res) {
+    const { token, teamId } = req.body;
+    if (!token || !teamId) {
+      res.status(400).send("Missing token or teamId");
+      return;
+    }
+    const entry = await this.store.get("pending_team_selections", token);
+    if (!entry) {
+      res.status(400).send("Unknown or expired team selection token");
+      return;
+    }
+    if (entry.expiresAt < Date.now()) {
+      await this.store.del("pending_team_selections", token);
+      res.status(400).send("Team selection expired — please log in again");
+      return;
+    }
+    if (!entry.teams.some((t) => t.id === teamId)) {
+      res.status(403).send("Invalid team selection");
+      return;
+    }
+    await this.store.del("pending_team_selections", token);
+    try {
+      const refreshed = await setActiveTeamAndRefresh(entry.supabaseJwt, entry.supabaseRefreshToken, teamId);
+      await this.completeAuthFlow(entry.pending, res, {
+        jwt: refreshed.jwt,
+        refreshToken: refreshed.refreshToken,
+        teamId
+      });
+    } catch (error48) {
+      console.error("Team selection error:", error48);
+      const redirectUrl = new URL(entry.pending.params.redirectUri);
+      redirectUrl.searchParams.set("error", "server_error");
+      redirectUrl.searchParams.set("error_description", error48 instanceof Error ? error48.message : "Failed to set active team");
+      if (entry.pending.params.state) {
+        redirectUrl.searchParams.set("state", entry.pending.params.state);
+      }
+      res.redirect(redirectUrl.toString());
+    }
+  }
   async completeAuthFlow(pending, res, credentials) {
     const mcpCode = randomToken();
     await this.store.set("auth_codes", mcpCode, {
@@ -55786,9 +56375,429 @@ class KadoaOAuthProvider {
     res.redirect(redirectUrl.toString());
   }
 }
-var ACCESS_TOKEN_TTL;
+function renderTeamSelectionPage(teams, selectionToken) {
+  const teamButtons = teams.map((t) => `
+      <button type="submit" name="teamId" value="${t.id}" class="team-btn">
+        <span class="team-name">${escapeHtml(t.name)}</span>
+        ${t.memberRole ? `<span class="team-role">${escapeHtml(t.memberRole.toLowerCase())}</span>` : ""}
+      </button>`).join(`
+`);
+  return `<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="utf-8" />
+  <meta name="viewport" content="width=device-width, initial-scale=1" />
+  <title>Select Team - Kadoa</title>
+  <style>
+    * { margin: 0; padding: 0; box-sizing: border-box; }
+    body {
+      font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif;
+      background: oklch(1 0 0);
+      color: oklch(0.17 0.02 228);
+      min-height: 100vh;
+      display: flex;
+      align-items: center;
+      justify-content: center;
+    }
+    .container {
+      width: 100%;
+      max-width: 420px;
+      padding: 2rem;
+    }
+    .logo {
+      text-align: center;
+      margin-bottom: 2rem;
+    }
+    h1 {
+      font-size: 1.25rem;
+      font-weight: 600;
+      text-align: center;
+      margin-bottom: 0.5rem;
+      color: oklch(0.17 0.02 228);
+    }
+    .subtitle {
+      text-align: center;
+      color: oklch(0.56 0.02 228);
+      font-size: 0.875rem;
+      margin-bottom: 1.5rem;
+    }
+    .team-btn {
+      width: 100%;
+      display: flex;
+      align-items: center;
+      justify-content: space-between;
+      padding: 0.875rem 1rem;
+      margin-bottom: 0.5rem;
+      background: oklch(1 0 0);
+      border: 1px solid oklch(0.5 0.02 228 / 0.4);
+      border-radius: 0.3rem;
+      color: oklch(0.17 0.02 228);
+      font-size: 15px;
+      cursor: pointer;
+      transition: background 0.15s, border-color 0.15s, box-shadow 0.15s;
+      box-shadow: 0px 1px 1px 0px oklch(0.68 0.01 60.13 / 0.11);
+    }
+    .team-btn:hover {
+      background: oklch(0.96 0 286);
+      border-color: oklch(0.7 0.18 42);
+    }
+    .team-btn:active {
+      background: oklch(0.72 0.23 54 / 0.13);
+    }
+    .team-name { font-weight: 500; }
+    .team-role {
+      font-size: 13px;
+      color: oklch(0.56 0.02 228 / 0.67);
+      text-transform: capitalize;
+    }
+  </style>
+</head>
+<body>
+  <div class="container">
+    <div class="logo">
+      <svg width="108" height="32" viewBox="0 0 108 32" fill="none" xmlns="http://www.w3.org/2000/svg">
+        <g clip-path="url(#clip0)">
+          <path d="M4.5 27V20.0059C4.49955 18.6288 3.38499 17.5105 2.00781 17.5059L-0.00585938 17.5V14.5L2.00781 14.4941C3.38499 14.4895 4.49955 13.3712 4.5 11.9941V5C4.5 2.51472 6.51472 0.5 9 0.5H12V3.5H9C8.17157 3.5 7.5 4.17157 7.5 5V11.9941C7.49977 13.5757 6.82719 14.9966 5.75781 16C6.82719 17.0034 7.49977 18.4243 7.5 20.0059V27C7.5 27.8284 8.17157 28.5 9 28.5H12V31.5H9C6.51472 31.5 4.5 29.4853 4.5 27Z" fill="#FD7412"/>
+          <path d="M103.5 27V20.0059C103.5 18.6288 104.615 17.5105 105.992 17.5059L108.006 17.5V14.5L105.992 14.4941C104.615 14.4895 103.5 13.3712 103.5 11.9941V5C103.5 2.51472 101.485 0.5 99 0.5H96V3.5H99C99.8284 3.5 100.5 4.17157 100.5 5V11.9941C100.5 13.5757 101.173 14.9966 102.242 16C101.173 17.0034 100.5 18.4243 100.5 20.0059V27C100.5 27.8284 99.8284 28.5 99 28.5H96V31.5H99C101.485 31.5 103.5 29.4853 103.5 27Z" fill="#FD7412"/>
+          <path d="M85.2346 26.308C84.0026 26.308 82.92 26.0093 81.9866 25.412C81.0533 24.8147 80.3253 23.9653 79.8026 22.864C79.28 21.7627 79.0186 20.4373 79.0186 18.888C79.0186 17.3573 79.28 16.0413 79.8026 14.94C80.3253 13.8387 81.0533 12.9987 81.9866 12.42C82.92 11.8227 84.0026 11.524 85.2346 11.524C86.3733 11.524 87.3906 11.804 88.2866 12.364C89.2013 12.9053 89.7986 13.6427 90.0786 14.576H89.7706L90.1066 11.804H94.1666C94.1106 12.42 94.0546 13.0453 93.9986 13.68C93.9613 14.296 93.9426 14.9027 93.9426 15.5V26H89.7426L89.7146 23.34H90.0506C89.752 24.236 89.1546 24.9547 88.2586 25.496C87.3626 26.0373 86.3546 26.308 85.2346 26.308ZM86.5226 23.116C87.4933 23.116 88.2773 22.7707 88.8746 22.08C89.472 21.3893 89.7706 20.3253 89.7706 18.888C89.7706 17.4507 89.472 16.396 88.8746 15.724C88.2773 15.052 87.4933 14.716 86.5226 14.716C85.552 14.716 84.768 15.052 84.1706 15.724C83.5733 16.396 83.2746 17.4507 83.2746 18.888C83.2746 20.3253 83.564 21.3893 84.1426 22.08C84.74 22.7707 85.5333 23.116 86.5226 23.116Z" fill="#18181B"/>
+          <path d="M70.1002 26.308C68.5882 26.308 67.2722 26.0093 66.1522 25.412C65.0509 24.796 64.1922 23.9373 63.5762 22.836C62.9789 21.7347 62.6802 20.4187 62.6802 18.888C62.6802 17.376 62.9789 16.0693 63.5762 14.968C64.1922 13.8667 65.0509 13.0173 66.1522 12.42C67.2722 11.8227 68.5882 11.524 70.1002 11.524C71.6122 11.524 72.9282 11.8227 74.0482 12.42C75.1682 13.0173 76.0269 13.8667 76.6242 14.968C77.2402 16.0693 77.5482 17.376 77.5482 18.888C77.5482 20.4187 77.2402 21.7347 76.6242 22.836C76.0269 23.9373 75.1682 24.796 74.0482 25.412C72.9282 26.0093 71.6122 26.308 70.1002 26.308ZM70.1002 23.116C71.0709 23.116 71.8362 22.7707 72.3962 22.08C72.9749 21.3893 73.2642 20.3253 73.2642 18.888C73.2642 17.4507 72.9749 16.396 72.3962 15.724C71.8362 15.052 71.0709 14.716 70.1002 14.716C69.1295 14.716 68.3549 15.052 67.7762 15.724C67.2162 16.396 66.9362 17.4507 66.9362 18.888C66.9362 20.3253 67.2162 21.3893 67.7762 22.08C68.3549 22.7707 69.1295 23.116 70.1002 23.116Z" fill="#18181B"/>
+          <path d="M51.8208 26.308C50.5888 26.308 49.4968 26.0093 48.5448 25.412C47.6115 24.8147 46.8741 23.9653 46.3328 22.864C45.8101 21.7627 45.5488 20.4373 45.5488 18.888C45.5488 17.3573 45.8101 16.0413 46.3328 14.94C46.8555 13.8387 47.5928 12.9987 48.5448 12.42C49.4968 11.8227 50.5888 11.524 51.8208 11.524C52.9408 11.524 53.9395 11.7947 54.8168 12.336C55.7128 12.8587 56.3101 13.568 56.6088 14.464H56.2448V5.392H60.4728V26H56.3008V23.228H56.6648C56.3661 24.1613 55.7688 24.908 54.8728 25.468C53.9768 26.028 52.9595 26.308 51.8208 26.308ZM53.0808 23.116C54.0515 23.116 54.8355 22.7707 55.4328 22.08C56.0301 21.3893 56.3288 20.3253 56.3288 18.888C56.3288 17.4507 56.0301 16.396 55.4328 15.724C54.8355 15.052 54.0515 14.716 53.0808 14.716C52.1101 14.716 51.3168 15.052 50.7008 15.724C50.1035 16.396 49.8048 17.4507 49.8048 18.888C49.8048 20.3253 50.1035 21.3893 50.7008 22.08C51.3168 22.7707 52.1101 23.116 53.0808 23.116Z" fill="#18181B"/>
+          <path d="M34.6334 26.308C33.4014 26.308 32.3187 26.0093 31.3854 25.412C30.4521 24.8147 29.7241 23.9653 29.2014 22.864C28.6787 21.7627 28.4174 20.4373 28.4174 18.888C28.4174 17.3573 28.6787 16.0413 29.2014 14.94C29.7241 13.8387 30.4521 12.9987 31.3854 12.42C32.3187 11.8227 33.4014 11.524 34.6334 11.524C35.7721 11.524 36.7894 11.804 37.6854 12.364C38.6001 12.9053 39.1974 13.6427 39.4774 14.576H39.1694L39.5054 11.804H43.5654C43.5094 12.42 43.4534 13.0453 43.3974 13.68C43.3601 14.296 43.3414 14.9027 43.3414 15.5V26H39.1414L39.1134 23.34H39.4494C39.1507 24.236 38.5534 24.9547 37.6574 25.496C36.7614 26.0373 35.7534 26.308 34.6334 26.308ZM35.9214 23.116C36.8921 23.116 37.6761 22.7707 38.2734 22.08C38.8707 21.3893 39.1694 20.3253 39.1694 18.888C39.1694 17.4507 38.8707 16.396 38.2734 15.724C37.6761 15.052 36.8921 14.716 35.9214 14.716C34.9507 14.716 34.1667 15.052 33.5694 15.724C32.9721 16.396 32.6734 17.4507 32.6734 18.888C32.6734 20.3253 32.9627 21.3893 33.5414 22.08C34.1387 22.7707 34.9321 23.116 35.9214 23.116Z" fill="#18181B"/>
+          <path d="M13.736 26V5.392H17.964V17.712H18.02L23.284 11.804H28.324L21.52 19.364V17.824L28.688 26H23.508L18.02 19.84H17.964V26H13.736Z" fill="#18181B"/>
+        </g>
+        <defs><clipPath id="clip0"><rect width="108" height="32" fill="white"/></clipPath></defs>
+      </svg>
+    </div>
+    <h1>Select a team</h1>
+    <p class="subtitle">Choose which team to connect with this MCP session</p>
+    <form method="POST" action="/team-select">
+      <input type="hidden" name="token" value="${selectionToken}" />
+      ${teamButtons}
+    </form>
+  </div>
+</body>
+</html>`;
+}
+function renderLoginPage(state, error48) {
+  const errorHtml = error48 ? `<div class="error">${escapeHtml(error48)}</div>` : "";
+  return `<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="utf-8" />
+  <meta name="viewport" content="width=device-width, initial-scale=1" />
+  <title>Sign In - Kadoa</title>
+  <style>
+    * { margin: 0; padding: 0; box-sizing: border-box; }
+    body {
+      font-family: ui-sans-serif, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif;
+      background: hsl(0 0% 98%);
+      color: #18181b;
+      min-height: 100dvh;
+      display: flex;
+      align-items: center;
+      justify-content: center;
+      background-image: radial-gradient(circle, #d4d4d8 1px, transparent 1px);
+      background-size: 24px 24px;
+      background-position: center top;
+    }
+    .card {
+      width: 100%;
+      max-width: 460px;
+      background: #fff;
+      padding: 1rem;
+      display: flex;
+      flex-direction: column;
+      gap: 1rem;
+      min-height: 100dvh;
+    }
+    @media (min-width: 768px) {
+      .card { padding: 3rem; min-height: auto; border-left: 1px solid #e0e1e5; border-right: 1px solid #e0e1e5; }
+    }
+    .logo { display: grid; place-content: center; }
+    h1 {
+      font-size: 20px;
+      font-weight: 600;
+      text-align: center;
+      color: #18181b;
+    }
+    .spacer { height: 0; }
+    @media (min-width: 768px) { .spacer { height: 3rem; } }
+    .error {
+      background: #fef2f2;
+      color: #991b1b;
+      border: 1px solid #fecaca;
+      border-radius: 4px;
+      padding: 0.6rem 0.875rem;
+      font-size: 15px;
+    }
+    /* Buttons — matching KUI default + primary looks */
+    .btn {
+      width: 100%;
+      padding: 0.6em 1em;
+      border-radius: 4px;
+      font-size: 16px;
+      font-weight: 500;
+      cursor: pointer;
+      display: flex;
+      align-items: center;
+      justify-content: center;
+      gap: 0.5rem;
+      transition: background 0.15s, border-color 0.15s;
+      text-decoration: none;
+    }
+    .btn-default {
+      background: #fff;
+      color: #18181b;
+      border: 1px solid #d4d4d8;
+      box-shadow: inset 0 -3px 0 0 rgba(0,0,0,0.03), 0 1px 0px 1px rgba(255,255,255,0.5), 0 -1px 0px 1px rgba(0,0,0,0.02);
+    }
+    .btn-default:hover {
+      background: rgba(113,113,122,0.1);
+    }
+    .btn-primary {
+      background: hsl(212 70% 27%);
+      color: #fff;
+      border: 1px solid hsl(214 70% 23%);
+      box-shadow: inset 0 2px 0 0 rgba(56,189,248,0.2), 0 -1px 0px 1px rgba(0,0,0,0.02);
+    }
+    .btn-primary:hover {
+      background: hsl(212 70% 33%);
+    }
+    /* OR divider */
+    .line-or {
+      display: flex;
+      align-items: center;
+      gap: 0.5rem;
+      font-weight: 500;
+      color: rgba(24,24,27,0.6);
+      font-size: 14px;
+      margin: 0.5rem 0;
+    }
+    .line-or hr {
+      flex: 1;
+      border: none;
+      border-top: 1px solid rgba(113,113,122,0.15);
+    }
+    /* Form inputs — matching KUI input style */
+    label {
+      display: block;
+      font-size: 16px;
+      font-weight: 500;
+      margin-bottom: 0.25rem;
+      color: #18181b;
+    }
+    input[type="email"], input[type="password"] {
+      width: 100%;
+      padding: 0.35em 0.5em;
+      border: 1px solid #d4d4d8;
+      border-radius: 4px;
+      font-size: 18px;
+      font-family: inherit;
+      color: #18181b;
+      background: #fff;
+      outline: none;
+      box-shadow: inset 0 3px 0 0 rgba(0,0,0,0.025);
+      transition: border-color 0.15s;
+      caret-color: hsl(25 98% 53%);
+    }
+    input[type="email"]:hover, input[type="password"]:hover {
+      border-color: hsl(31 99% 72%);
+    }
+    input[type="email"]:focus, input[type="password"]:focus {
+      border-color: hsl(25 98% 53%);
+      box-shadow: inset 0 3px 0 0 rgba(0,0,0,0.025), 0 0 0 2px rgba(249,115,22,0.2);
+    }
+    .field { margin-bottom: 0.75rem; }
+    hr.separator {
+      border: none;
+      border-top: 1px solid rgba(113,113,122,0.15);
+      margin: 0.5rem 0;
+    }
+    .google-icon { width: 18px; height: 18px; }
+    .key-icon { width: 16px; height: 16px; }
+    /* Tabs for email/SSO — keep simple, same visual weight */
+    .tabs {
+      display: none;
+    }
+    .tab-content { display: none; }
+    .tab-content.active { display: block; }
+    .tab-switch {
+      text-align: center;
+      margin-top: 0.25rem;
+    }
+    .tab-switch a {
+      font-size: 15px;
+      color: #18181b;
+      text-decoration: underline;
+      text-decoration-color: rgba(251,146,60,0.5);
+      text-underline-offset: 2px;
+      cursor: pointer;
+    }
+    .tab-switch a:hover {
+      background: rgba(251,146,60,0.1);
+      border-radius: 2px;
+    }
+  </style>
+</head>
+<body>
+  <div class="card">
+    <!-- Logo {k} -->
+    <div class="logo">
+      <svg width="40" height="40" viewBox="0 0 40 40" fill="none" xmlns="http://www.w3.org/2000/svg">
+        <path opacity="0.15" d="M25.3196 6.25H14.6804C14.6804 7.49264 13.6596 8.5 12.4005 8.5C11.3808 8.5 10.8312 8.67478 10.5466 8.82497C10.3001 8.95506 10.147 9.11941 10.0189 9.38005C9.85482 9.7141 9.74438 10.1712 9.68281 10.8152C9.62136 11.458 9.61405 12.2133 9.61405 13.125L9.61416 13.3731C9.61532 14.9118 9.61694 17.0733 8.75235 18.8332C8.55109 19.2428 8.30266 19.6357 8 20C8.30266 20.3643 8.55109 20.7572 8.75235 21.1668C9.61694 22.9267 9.61532 25.0882 9.61416 26.6269L9.61405 26.875C9.61405 27.7867 9.62136 28.542 9.68281 29.1848C9.74438 29.8288 9.85482 30.2859 10.0189 30.6199C10.147 30.8806 10.3001 31.0449 10.5466 31.175C10.8312 31.3252 11.3808 31.5 12.4005 31.5C13.6596 31.5 14.6804 32.5074 14.6804 33.75H25.3196C25.3196 32.5074 26.3404 31.5 27.5995 31.5C28.6192 31.5 29.1688 31.3252 29.4534 31.175C29.6999 31.0449 29.853 30.8806 29.9811 30.6199C30.1452 30.2859 30.2556 29.8288 30.3172 29.1848C30.3786 28.542 30.386 27.7867 30.386 26.875L30.3858 26.6269C30.3847 25.0882 30.3831 22.9267 31.2477 21.1668C31.4489 20.7572 31.6973 20.3643 32 20C31.6973 19.6357 31.4489 19.2428 31.2477 18.8332C30.3831 17.0733 30.3847 14.9118 30.3858 13.3731L30.386 13.125C30.386 12.2133 30.3786 11.458 30.3172 10.8152C30.2556 10.1712 30.1452 9.7141 29.9811 9.38005C29.853 9.11941 29.6999 8.95506 29.4534 8.82497C29.1688 8.67478 28.6192 8.5 27.5995 8.5C26.3404 8.5 25.3196 7.49264 25.3196 6.25Z" fill="#fd7412"/>
+        <path d="M12.5 6.25C2.5 6.25 12.5 20 2.5 20C12.5 20 2.5 33.75 12.5 33.75" stroke="#fd7412" stroke-linecap="round" stroke-linejoin="round" stroke-width="1.8"/>
+        <path d="M16 10V29" stroke="#18181B" stroke-linecap="round" stroke-linejoin="round" stroke-width="1.8"/>
+        <path d="M27.5 6.25C37.5 6.25 27.5 20 37.5 20C27.5 20 37.5 33.75 27.5 33.75" stroke="#fd7412" stroke-linecap="round" stroke-linejoin="round" stroke-width="1.8"/>
+        <path d="M16 23L25 18" stroke="#18181B" stroke-linecap="round" stroke-linejoin="round" stroke-width="1.8"/>
+        <path d="M25 29L16 23" stroke="#18181B" stroke-linecap="round" stroke-linejoin="round" stroke-width="1.8"/>
+      </svg>
+    </div>
+    <!-- Heading -->
+    <h1>Sign in to Kadoa</h1>
+    <div class="spacer"></div>
+    ${errorHtml}
+    <!-- Continue with Google -->
+    <form method="POST" action="/auth/google">
+      <input type="hidden" name="state" value="${escapeHtml(state)}" />
+      <button type="submit" class="btn btn-default">
+        <svg class="google-icon" viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg">
+          <path d="M22.56 12.25c0-.78-.07-1.53-.2-2.25H12v4.26h5.92a5.06 5.06 0 0 1-2.2 3.32v2.77h3.57c2.08-1.92 3.28-4.74 3.28-8.1z" fill="#4285F4"/>
+          <path d="M12 23c2.97 0 5.46-.98 7.28-2.66l-3.57-2.77c-.98.66-2.23 1.06-3.71 1.06-2.86 0-5.29-1.93-6.16-4.53H2.18v2.84C3.99 20.53 7.7 23 12 23z" fill="#34A853"/>
+          <path d="M5.84 14.09c-.22-.66-.35-1.36-.35-2.09s.13-1.43.35-2.09V7.07H2.18C1.43 8.55 1 10.22 1 12s.43 3.45 1.18 4.93l2.85-2.22.81-.62z" fill="#FBBC05"/>
+          <path d="M12 5.38c1.62 0 3.06.56 4.21 1.64l3.15-3.15C17.45 2.09 14.97 1 12 1 7.7 1 3.99 3.47 2.18 7.07l3.66 2.84c.87-2.6 3.3-4.53 6.16-4.53z" fill="#EA4335"/>
+        </svg>
+        Continue with Google
+      </button>
+    </form>
+    <!-- Continue with SSO -->
+    <div id="sso-button-wrapper">
+      <form method="POST" action="/auth/sso" id="sso-direct-form" style="display:none">
+        <input type="hidden" name="state" value="${escapeHtml(state)}" />
+        <input type="hidden" name="email" id="sso-email-hidden" />
+      </form>
+      <button type="button" class="btn btn-default" id="sso-toggle-btn">
+        <svg class="key-icon" viewBox="0 0 16 16" fill="none" xmlns="http://www.w3.org/2000/svg">
+          <path d="M10 1a5 5 0 0 0-4.546 7.066l-4.161 4.16a.5.5 0 0 0-.146.354V14.5a.5.5 0 0 0 .5.5h2a.5.5 0 0 0 .5-.5V14h1a.5.5 0 0 0 .5-.5v-1h1a.5.5 0 0 0 .354-.146l.94-.94A5 5 0 1 0 10 1zm1.5 4a1.5 1.5 0 1 1 0-3 1.5 1.5 0 0 1 0 3z" fill="currentColor"/>
+        </svg>
+        Continue with SSO
+      </button>
+    </div>
+    <!-- OR divider -->
+    <div class="line-or">
+      <hr />
+      OR
+      <hr />
+    </div>
+    <!-- Email + Password form -->
+    <div class="tab-content active" id="tab-email">
+      <form method="POST" action="/auth/login">
+        <input type="hidden" name="state" value="${escapeHtml(state)}" />
+        <div class="field">
+          <label for="email">Sign in with email:</label>
+          <input type="email" id="email" name="email" required autocomplete="email" />
+        </div>
+        <div class="field">
+          <label for="password">Your password:</label>
+          <input type="password" id="password" name="password" required autocomplete="current-password" />
+        </div>
+        <button type="submit" class="btn btn-primary">Continue</button>
+      </form>
+    </div>
+    <!-- SSO form (shown when "Continue with SSO" is clicked) -->
+    <div class="tab-content" id="tab-sso">
+      <form method="POST" action="/auth/sso">
+        <input type="hidden" name="state" value="${escapeHtml(state)}" />
+        <div class="field">
+          <label for="sso-email">Work email:</label>
+          <input type="email" id="sso-email" name="email" required autocomplete="email" />
+        </div>
+        <button type="submit" class="btn btn-primary">Continue with SSO</button>
+      </form>
+      <div class="tab-switch">
+        <a id="back-to-email">Sign in with email instead</a>
+      </div>
+    </div>
+    <div style="flex:1"></div>
+    <script>
+      var ssoBtn = document.getElementById('sso-toggle-btn');
+      var tabEmail = document.getElementById('tab-email');
+      var tabSso = document.getElementById('tab-sso');
+      var ssoWrapper = document.getElementById('sso-button-wrapper');
+      var lineOr = document.querySelector('.line-or');
+      var backLink = document.getElementById('back-to-email');
+      ssoBtn.addEventListener('click', function() {
+        tabEmail.classList.remove('active');
+        tabSso.classList.add('active');
+        ssoWrapper.style.display = 'none';
+        lineOr.style.display = 'none';
+        document.getElementById('sso-email').focus();
+      });
+      backLink.addEventListener('click', function() {
+        tabSso.classList.remove('active');
+        tabEmail.classList.add('active');
+        ssoWrapper.style.display = '';
+        lineOr.style.display = '';
+      });
+    </script>
+  </div>
+</body>
+</html>`;
+}
+function escapeHtml(str) {
+  return str.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&#39;");
+}
+var TEAM_SELECTION_TTL, ACCESS_TOKEN_TTL;
 var init_auth2 = __esm(() => {
   init_errors4();
+  TEAM_SELECTION_TTL = 10 * 60 * 1000;
   ACCESS_TOKEN_TTL = 7 * 24 * 3600;
 });
@@ -55893,6 +56902,7 @@ var exports_http = {};
 __export(exports_http, {
   startHttpServer: () => startHttpServer
 });
+import express8 from "express";
 function jwtClaims2(jwt2) {
   try {
     return JSON.parse(Buffer.from(jwt2.split(".")[1], "base64url").toString());
@@ -55949,6 +56959,18 @@ async function startHttpServer(options) {
   app.get("/auth/callback", (req, res) => {
     provider.handleAuthCallback(req, res);
   });
+  app.post("/auth/google", express8.urlencoded({ extended: false }), (req, res) => {
+    provider.handleGoogleLogin(req, res);
+  });
+  app.post("/auth/login", express8.urlencoded({ extended: false }), (req, res) => {
+    provider.handleEmailPasswordLogin(req, res);
+  });
+  app.post("/auth/sso", express8.urlencoded({ extended: false }), (req, res) => {
+    provider.handleSSOLogin(req, res);
+  });
+  app.post("/team-select", express8.urlencoded({ extended: false }), (req, res) => {
+    provider.handleTeamSelection(req, res);
+  });
   app.get("/health", (_req, res) => {
     res.json({
       status: "ok",