@kontext-dev/js-sdk 0.1.0

package/dist/mcp/index.cjs

@@ -0,0 +1,799 @@
+'use strict';
+
+var index_js = require('@modelcontextprotocol/sdk/client/index.js');
+var streamableHttp_js = require('@modelcontextprotocol/sdk/client/streamableHttp.js');
+var types_js = require('@modelcontextprotocol/sdk/types.js');
+var crypto = require('crypto');
+
+// src/mcp/client.ts
+
+// src/storage/memory.ts
+var MemoryStorage = class {
+  store = /* @__PURE__ */ new Map();
+  async getJson(key) {
+    const value = this.store.get(key);
+    if (value === void 0) {
+      return void 0;
+    }
+    return JSON.parse(JSON.stringify(value));
+  }
+  async setJson(key, value) {
+    if (value === void 0) {
+      this.store.delete(key);
+    } else {
+      this.store.set(key, JSON.parse(JSON.stringify(value)));
+    }
+  }
+  /**
+   * Clear all stored data
+   */
+  clear() {
+    this.store.clear();
+  }
+  /**
+   * Get the number of stored items
+   */
+  get size() {
+    return this.store.size;
+  }
+  /**
+   * Check if a key exists
+   */
+  has(key) {
+    return this.store.has(key);
+  }
+  /**
+   * Get all keys (useful for debugging)
+   */
+  keys() {
+    return Array.from(this.store.keys());
+  }
+};
+
+// src/storage/types.ts
+function createStorageKey(applicationClientId, sessionKey, ...parts) {
+  const namespace = sessionKey ? `kontext:${applicationClientId}:${sessionKey}` : `kontext:${applicationClientId}`;
+  return [namespace, ...parts].join(":");
+}
+var StorageKeys = {
+  // Existing keys
+  TOKENS: "tokens",
+  CODE_VERIFIER: "code_verifier",
+  STATE: "state",
+  // Pattern B (RFC 8693 Token Exchange) keys
+  /** Identity tokens (no audience) */
+  IDENTITY_TOKENS: "identity_tokens",
+  /** Prefix for resource-scoped tokens */
+  RESOURCE_TOKENS: "resource_tokens"
+};
+function resourceTokenKey(resource) {
+  return `${StorageKeys.RESOURCE_TOKENS}:${resource}`;
+}
+
+// src/errors.ts
+var KontextError = class extends Error {
+  /** Brand field for type narrowing without instanceof */
+  kontextError = true;
+  /** Machine-readable error code, always prefixed with `kontext_` */
+  code;
+  /** HTTP status code when applicable */
+  statusCode;
+  /** Auto-generated link to error documentation */
+  docsUrl;
+  /** Server request ID for debugging / support escalation */
+  requestId;
+  /** Contextual metadata bag (integration IDs, param names, etc.) */
+  meta;
+  constructor(message, code, options) {
+    super(message, { cause: options?.cause });
+    this.name = "KontextError";
+    this.code = code;
+    this.statusCode = options?.statusCode;
+    this.requestId = options?.requestId;
+    this.meta = options?.meta ?? {};
+    this.docsUrl = `https://docs.kontext.dev/errors/${code}`;
+    Object.setPrototypeOf(this, new.target.prototype);
+  }
+  toJSON() {
+    return {
+      name: this.name,
+      code: this.code,
+      message: this.message,
+      statusCode: this.statusCode,
+      docsUrl: this.docsUrl,
+      requestId: this.requestId,
+      meta: Object.keys(this.meta).length > 0 ? this.meta : void 0
+    };
+  }
+  toString() {
+    const parts = [`[${this.code}] ${this.message}`];
+    if (this.docsUrl) parts.push(`Docs: ${this.docsUrl}`);
+    if (this.requestId) parts.push(`Request ID: ${this.requestId}`);
+    return parts.join("\n");
+  }
+};
+var AuthorizationRequiredError = class extends KontextError {
+  authorizationUrl;
+  constructor(message = "Authorization required. Complete the OAuth flow to continue.", options) {
+    super(message, "kontext_authorization_required", {
+      statusCode: 401,
+      ...options
+    });
+    this.name = "AuthorizationRequiredError";
+    this.authorizationUrl = options?.authorizationUrl;
+  }
+};
+var OAuthError = class extends KontextError {
+  errorCode;
+  errorDescription;
+  constructor(message, code, options) {
+    super(message, code, {
+      statusCode: options?.statusCode ?? 400,
+      ...options
+    });
+    this.name = "OAuthError";
+    this.errorCode = options?.errorCode;
+    this.errorDescription = options?.errorDescription;
+  }
+};
+function errorProps(err) {
+  return err;
+}
+function isUnauthorizedError(err) {
+  const props = errorProps(err);
+  if (props.statusCode === 401 || props.status === 401) return true;
+  if (err.name === "UnauthorizedError") return true;
+  if (err.message === "Unauthorized") return true;
+  return false;
+}
+
+// src/oauth/provider.ts
+var KontextOAuthProvider = class {
+  config;
+  storagePrefix;
+  pendingState = null;
+  expiryBufferMs = 60 * 1e3;
+  constructor(config) {
+    this.config = config;
+    this.storagePrefix = createStorageKey(config.clientId, config.sessionKey);
+  }
+  /**
+   * The redirect URL for OAuth callbacks
+   */
+  get redirectUrl() {
+    return this.config.redirectUri;
+  }
+  /**
+   * OAuth client metadata
+   */
+  get clientMetadata() {
+    return {
+      redirect_uris: [this.config.redirectUri],
+      client_name: this.config.clientName,
+      grant_types: ["authorization_code", "refresh_token"],
+      response_types: ["code"],
+      token_endpoint_auth_method: "none"
+      // Public client
+    };
+  }
+  /**
+   * Generate a random state parameter for OAuth CSRF protection
+   */
+  state() {
+    const array = new Uint8Array(32);
+    if (globalThis.crypto?.getRandomValues) {
+      globalThis.crypto.getRandomValues(array);
+    } else {
+      array.set(crypto.randomBytes(32));
+    }
+    const state = Array.from(
+      array,
+      (byte) => byte.toString(16).padStart(2, "0")
+    ).join("");
+    this.pendingState = state;
+    void this.config.storage.setJson(
+      this.getStorageKey(StorageKeys.STATE),
+      state
+    );
+    return state;
+  }
+  /**
+   * Returns the client information (client_id)
+   * Since we're a public client with pre-registered credentials,
+   * we don't use dynamic client registration.
+   */
+  async clientInformation() {
+    return {
+      client_id: this.config.clientId
+    };
+  }
+  /**
+   * Load stored OAuth tokens
+   */
+  async tokens() {
+    const key = this.getStorageKey(StorageKeys.TOKENS);
+    return this.config.storage.getJson(key);
+  }
+  /**
+   * Save OAuth tokens after successful authorization
+   */
+  async saveTokens(tokens) {
+    const key = this.getStorageKey(StorageKeys.TOKENS);
+    await this.config.storage.setJson(key, this.withIssuedAt(tokens));
+  }
+  /**
+   * Redirect the user agent to the authorization URL
+   */
+  async redirectToAuthorization(authorizationUrl) {
+    await this.config.onRedirectToAuthorization(authorizationUrl);
+  }
+  /**
+   * Save the PKCE code verifier before redirecting to authorization
+   */
+  async saveCodeVerifier(codeVerifier) {
+    const key = this.getStorageKey(StorageKeys.CODE_VERIFIER);
+    await this.config.storage.setJson(key, codeVerifier);
+  }
+  /**
+   * Load the PKCE code verifier for token exchange
+   */
+  async codeVerifier() {
+    const key = this.getStorageKey(StorageKeys.CODE_VERIFIER);
+    const verifier = await this.config.storage.getJson(key);
+    if (!verifier) {
+      throw new OAuthError(
+        "No PKCE code verifier found in storage. The OAuth flow may have expired or storage was cleared. Restart the auth flow.",
+        "kontext_oauth_code_verifier_missing"
+      );
+    }
+    return verifier;
+  }
+  /**
+   * Invalidate stored credentials
+   */
+  async invalidateCredentials(scope) {
+    if (scope === "all" || scope === "tokens") {
+      const tokensKey = this.getStorageKey(StorageKeys.TOKENS);
+      await this.config.storage.setJson(tokensKey, void 0);
+      const identityKey = this.getStorageKey(StorageKeys.IDENTITY_TOKENS);
+      await this.config.storage.setJson(identityKey, void 0);
+    }
+    if (scope === "all" || scope === "verifier") {
+      const verifierKey = this.getStorageKey(StorageKeys.CODE_VERIFIER);
+      await this.config.storage.setJson(verifierKey, void 0);
+    }
+    if (scope === "all") {
+      this.pendingState = null;
+      const stateKey = this.getStorageKey(StorageKeys.STATE);
+      await this.config.storage.setJson(stateKey, void 0);
+    }
+  }
+  /**
+   * Clear all stored state (tokens, verifier, etc.)
+   * Call this to force re-authentication
+   */
+  async clearAll() {
+    await this.invalidateCredentials("all");
+  }
+  /**
+   * Check if we have valid (non-expired) tokens
+   */
+  async hasValidTokens() {
+    const storedTokens = await this.tokens();
+    return this.isTokenValid(storedTokens);
+  }
+  // ==========================================================================
+  // Pattern B: Identity and Resource Token Management (RFC 8693)
+  // ==========================================================================
+  /**
+   * Save identity tokens (no audience)
+   * These are the tokens obtained from the initial OAuth flow before token exchange.
+   */
+  async saveIdentityTokens(tokens) {
+    const key = this.getStorageKey(StorageKeys.IDENTITY_TOKENS);
+    await this.config.storage.setJson(key, this.withIssuedAt(tokens));
+  }
+  /**
+   * Load identity tokens
+   * Returns the identity tokens obtained from the initial OAuth flow.
+   */
+  async identityTokens() {
+    const key = this.getStorageKey(StorageKeys.IDENTITY_TOKENS);
+    return this.config.storage.getJson(key);
+  }
+  /**
+   * Save resource-scoped tokens for a specific resource
+   *
+   * @param resource The resource identifier (e.g., "mcp-gateway")
+   * @param tokens The resource-scoped tokens
+   */
+  async saveResourceTokens(resource, tokens) {
+    const key = this.getStorageKey(resourceTokenKey(resource));
+    await this.config.storage.setJson(key, this.withIssuedAt(tokens));
+  }
+  /**
+   * Load resource-scoped tokens for a specific resource
+   *
+   * @param resource The resource identifier (e.g., "mcp-gateway")
+   * @returns The resource-scoped tokens, or undefined if not found
+   */
+  async resourceTokens(resource) {
+    const key = this.getStorageKey(resourceTokenKey(resource));
+    return this.config.storage.getJson(key);
+  }
+  /**
+   * Clear resource tokens for a specific resource
+   *
+   * @param resource The resource identifier (e.g., "mcp-gateway")
+   */
+  async clearResourceTokens(resource) {
+    const key = this.getStorageKey(resourceTokenKey(resource));
+    await this.config.storage.setJson(key, void 0);
+  }
+  /**
+   * Check if we have valid identity tokens
+   */
+  async hasValidIdentityTokens() {
+    const tokens = await this.identityTokens();
+    return this.isTokenValid(tokens);
+  }
+  /**
+   * Check if we have valid resource tokens for a specific resource
+   *
+   * @param resource The resource identifier
+   */
+  async hasValidResourceTokens(resource) {
+    const tokens = await this.resourceTokens(resource);
+    return this.isTokenValid(tokens);
+  }
+  async validateState(state) {
+    if (!state) {
+      return false;
+    }
+    const key = this.getStorageKey(StorageKeys.STATE);
+    const storedState = this.pendingState ?? await this.config.storage.getJson(key);
+    const isValid = storedState === state;
+    if (isValid) {
+      this.pendingState = null;
+      await this.config.storage.setJson(key, void 0);
+    }
+    return isValid;
+  }
+  withIssuedAt(tokens) {
+    if (!tokens.expires_in) {
+      return tokens;
+    }
+    return { ...tokens, issued_at: Date.now() };
+  }
+  isTokenValid(tokens) {
+    if (!tokens?.access_token) {
+      return false;
+    }
+    if (!tokens.expires_in) {
+      return true;
+    }
+    const issuedAt = tokens.issued_at;
+    if (!issuedAt) {
+      return true;
+    }
+    const expiresAt = issuedAt + tokens.expires_in * 1e3;
+    return Date.now() < expiresAt - this.expiryBufferMs;
+  }
+  getStorageKey(key) {
+    return `${this.storagePrefix}:${key}`;
+  }
+};
+function parseOAuthCallback(callbackUrl) {
+  const url = typeof callbackUrl === "string" ? new URL(callbackUrl) : callbackUrl;
+  const params = url.searchParams;
+  const error = params.get("error");
+  if (error) {
+    return {
+      error,
+      errorDescription: params.get("error_description") ?? void 0
+    };
+  }
+  return {
+    code: params.get("code") ?? void 0,
+    state: params.get("state") ?? void 0
+  };
+}
+
+// src/mcp/client.ts
+var DEFAULT_SERVER = "https://api.kontext.dev";
+function normalizeKontextServerUrl(server) {
+  let url = server.replace(/\/$/, "");
+  url = url.replace(/\/api\/v1\/?$/, "").replace(/\/mcp\/?$/, "");
+  url = url.replace(/\/$/, "");
+  return url;
+}
+var KontextMcp = class {
+  config;
+  storage;
+  oauthProvider;
+  transport = null;
+  client = null;
+  _isConnected = false;
+  _pendingConnect = null;
+  _pendingAuthFlow = null;
+  _authFlowResolve = null;
+  constructor(config) {
+    this.config = config;
+    this.storage = config.storage ?? new MemoryStorage();
+    this.oauthProvider = new KontextOAuthProvider({
+      clientId: config.clientId,
+      redirectUri: config.redirectUri,
+      storage: this.storage,
+      sessionKey: config.sessionKey ?? "default",
+      clientName: config.clientName,
+      onRedirectToAuthorization: async (url) => {
+        this._pendingAuthFlow = new Promise((resolve) => {
+          this._authFlowResolve = resolve;
+        });
+        const result = await config.onAuthRequired(url);
+        if (result) {
+          await this.handleCallback(result);
+        }
+      }
+    });
+  }
+  /**
+   * Check if we're currently connected
+   */
+  get isConnected() {
+    return this._isConnected;
+  }
+  /**
+   * Get the underlying MCP client for advanced usage
+   */
+  get mcpClient() {
+    return this.client;
+  }
+  /**
+   * Get the session ID from the transport
+   */
+  get sessionId() {
+    return this.transport?.sessionId;
+  }
+  /**
+   * Get the server base URL
+   */
+  get serverUrl() {
+    return normalizeKontextServerUrl(this.config.server ?? DEFAULT_SERVER);
+  }
+  /**
+   * Get the MCP endpoint URL.
+   * When `url` is provided, use it directly. Otherwise derive from server.
+   */
+  get mcpEndpointUrl() {
+    return this.config.url ?? `${this.serverUrl}/mcp`;
+  }
+  /**
+   * List available tools from the server
+   *
+   * This will automatically handle authentication if needed.
+   */
+  async listTools() {
+    await this.ensureConnected();
+    const response = await this.client.listTools();
+    return response.tools;
+  }
+  /**
+   * Call a tool
+   *
+   * This will automatically handle authentication if needed.
+   *
+   * @param name The tool name
+   * @param args The tool arguments
+   */
+  async callTool(name, args) {
+    await this.ensureConnected();
+    try {
+      const result = await this.client.callTool({
+        name,
+        arguments: args
+      });
+      return result;
+    } catch (error) {
+      if (error instanceof types_js.UrlElicitationRequiredError && this.config.onElicitationUrl) {
+        for (const elicitation of error.elicitations) {
+          await this.config.onElicitationUrl({
+            url: elicitation.url,
+            message: elicitation.message ?? "Action required",
+            elicitationId: elicitation.elicitationId ?? "",
+            integrationId: elicitation.integrationId,
+            integrationName: elicitation.integrationName
+          });
+        }
+      }
+      throw error;
+    }
+  }
+  /**
+   * Create a connect session for the hosted connect UI.
+   *
+   * Returns a URL that can be opened in a browser to let the user
+   * connect integrations proactively (before hitting -32042 errors).
+   */
+  async createConnectSession() {
+    const tokens = await this.oauthProvider.tokens();
+    if (!tokens?.access_token) {
+      throw new AuthorizationRequiredError(
+        "Authorization required. Complete the OAuth flow first."
+      );
+    }
+    const response = await fetch(`${this.serverUrl}/mcp/connect-session`, {
+      method: "POST",
+      headers: {
+        Authorization: `Bearer ${tokens.access_token}`,
+        "Content-Type": "application/json"
+      }
+    });
+    if (response.status === 401) {
+      throw new AuthorizationRequiredError(
+        "Access token expired or invalid. Re-authenticate and retry."
+      );
+    }
+    if (!response.ok) {
+      throw new KontextError(
+        `Failed to create connect session: HTTP ${response.status}`,
+        "kontext_connect_session_failed",
+        { statusCode: response.status }
+      );
+    }
+    return await response.json();
+  }
+  /**
+   * List integrations attached to the current application/runtime identity.
+   *
+   * This is used by higher-level orchestrators to discover mixed integration
+   * topologies (gateway + internal credential integrations).
+   */
+  async listRuntimeIntegrations() {
+    const tokens = await this.oauthProvider.tokens();
+    if (!tokens?.access_token) {
+      throw new AuthorizationRequiredError(
+        "Authorization required. Complete the OAuth flow first."
+      );
+    }
+    const response = await fetch(`${this.serverUrl}/mcp/integrations`, {
+      method: "GET",
+      headers: {
+        Authorization: `Bearer ${tokens.access_token}`
+      }
+    });
+    if (response.status === 401) {
+      throw new AuthorizationRequiredError(
+        "Access token expired or invalid. Re-authenticate and retry."
+      );
+    }
+    if (!response.ok) {
+      throw new KontextError(
+        `Failed to list runtime integrations: HTTP ${response.status}`,
+        "kontext_runtime_integrations_failed",
+        { statusCode: response.status }
+      );
+    }
+    const payload = await response.json();
+    const items = Array.isArray(payload?.items) ? payload.items : [];
+    return items.map((item) => {
+      const id = typeof item.id === "string" ? item.id : "";
+      const name = typeof item.name === "string" ? item.name : id;
+      const url = typeof item.url === "string" ? item.url : "";
+      if (!id || !url) return null;
+      const category = item.category === "internal_mcp_credentials" ? "internal_mcp_credentials" : "gateway_remote_mcp";
+      const connectType = item.connectType === "credentials" || item.connectType === "oauth" || item.connectType === "none" ? item.connectType : category === "internal_mcp_credentials" ? "credentials" : item.authMode === "oauth" ? "oauth" : "none";
+      const rawConnection = item.connection && typeof item.connection === "object" ? item.connection : void 0;
+      const connected = rawConnection && typeof rawConnection.connected === "boolean" ? rawConnection.connected : false;
+      const status = rawConnection?.status === "connected" ? "connected" : "disconnected";
+      return {
+        id,
+        name,
+        url,
+        category,
+        connectType,
+        authMode: item.authMode === "oauth" || item.authMode === "user_token" || item.authMode === "server_token" || item.authMode === "none" ? item.authMode : void 0,
+        credentialSchema: item.credentialSchema,
+        requiresOauth: typeof item.requiresOauth === "boolean" ? item.requiresOauth : void 0,
+        connection: rawConnection ? {
+          connected,
+          status,
+          expiresAt: typeof rawConnection.expiresAt === "string" ? rawConnection.expiresAt : void 0,
+          displayName: typeof rawConnection.displayName === "string" ? rawConnection.displayName : void 0
+        } : void 0
+      };
+    }).filter((item) => item !== null);
+  }
+  /**
+   * Handle an OAuth callback URL
+   *
+   * Call this after the user has been redirected back from authorization.
+   * This is required for web apps where `onAuthRequired` redirects instead of waiting.
+   *
+   * @param callbackUrl The full callback URL with query parameters
+   */
+  async handleCallback(callbackUrl) {
+    const { code, state, error, errorDescription } = parseOAuthCallback(callbackUrl);
+    if (error) {
+      this._authFlowResolve?.();
+      this._authFlowResolve = null;
+      throw new AuthorizationRequiredError(
+        errorDescription ?? `OAuth error: ${error}`
+      );
+    }
+    const isValidState = await this.oauthProvider.validateState(state);
+    if (!isValidState) {
+      this._authFlowResolve?.();
+      this._authFlowResolve = null;
+      throw new OAuthError(
+        "OAuth state validation failed. The state parameter did not match. Retry the authorization flow.",
+        "kontext_oauth_state_invalid"
+      );
+    }
+    if (!code) {
+      this._authFlowResolve?.();
+      this._authFlowResolve = null;
+      throw new AuthorizationRequiredError(
+        "No authorization code in callback URL"
+      );
+    }
+    try {
+      if (!this.transport) {
+        this.transport = new streamableHttp_js.StreamableHTTPClientTransport(
+          new URL(this.mcpEndpointUrl),
+          {
+            authProvider: this.oauthProvider
+          }
+        );
+      }
+      await this.transport.finishAuth(code);
+      const tokens = await this.oauthProvider.tokens();
+      if (!tokens?.access_token) {
+        throw new AuthorizationRequiredError("Failed to obtain tokens");
+      }
+      await this.oauthProvider.saveTokens(tokens);
+    } finally {
+      this._authFlowResolve?.();
+      this._authFlowResolve = null;
+    }
+  }
+  /**
+   * Disconnect from the server
+   */
+  async disconnect() {
+    try {
+      if (this.transport) {
+        try {
+          await this.transport.terminateSession();
+        } catch {
+        }
+        await this.transport.close();
+      }
+    } finally {
+      this.transport = null;
+      this.client = null;
+      this._isConnected = false;
+    }
+  }
+  /**
+   * Clear stored tokens and require re-authentication
+   */
+  async clearAuth() {
+    await this.oauthProvider.clearAll();
+    await this.disconnect();
+  }
+  /**
+   * Check if this URL is an OAuth callback
+   *
+   * Useful for web apps to detect if the current URL is a callback.
+   *
+   * @param url The URL to check
+   */
+  isCallback(url) {
+    const urlObj = typeof url === "string" ? new URL(url) : url;
+    const redirectUri = new URL(this.config.redirectUri);
+    return urlObj.pathname === redirectUri.pathname && (urlObj.searchParams.has("code") || urlObj.searchParams.has("error"));
+  }
+  /**
+   * Ensure we're connected, handling auth if needed
+   */
+  async ensureConnected() {
+    if (this._isConnected && this.client) {
+      return;
+    }
+    if (this._pendingConnect) {
+      await this._pendingConnect;
+      return;
+    }
+    this._pendingConnect = this.doConnect();
+    try {
+      await this._pendingConnect;
+    } finally {
+      this._pendingConnect = null;
+    }
+  }
+  /**
+   * Internal connection logic
+   */
+  async doConnect(authRetryCount = 0) {
+    if (!this.transport) {
+      this.transport = new streamableHttp_js.StreamableHTTPClientTransport(
+        new URL(this.mcpEndpointUrl),
+        {
+          authProvider: this.oauthProvider
+        }
+      );
+    }
+    const capabilities = {
+      tools: {}
+    };
+    if (this.config.onElicitationUrl) {
+      capabilities.elicitation = { url: {} };
+    }
+    this.client = new index_js.Client(
+      {
+        name: this.config.clientName ?? "kontext-sdk",
+        version: this.config.clientVersion ?? "0.0.1"
+      },
+      { capabilities }
+    );
+    if (this.config.onElicitationUrl) {
+      const onElicitationUrl = this.config.onElicitationUrl;
+      this.client.setRequestHandler(types_js.ElicitRequestSchema, async (request) => {
+        const params = request.params;
+        if (params.mode === "url" && "url" in params) {
+          await onElicitationUrl({
+            url: params.url,
+            message: params.message ?? "Action required",
+            elicitationId: params.elicitationId ?? "",
+            integrationId: params.integrationId,
+            integrationName: params.integrationName
+          });
+        }
+        return { action: "accept" };
+      });
+      this.client.setNotificationHandler(
+        types_js.ElicitationCompleteNotificationSchema,
+        () => {
+        }
+      );
+    }
+    try {
+      await this.client.connect(this.transport);
+      this._isConnected = true;
+    } catch (error) {
+      if (error instanceof Error && isUnauthorizedError(error)) {
+        if (this._pendingAuthFlow) {
+          await this._pendingAuthFlow;
+          this._pendingAuthFlow = null;
+          this.transport = null;
+          this.client = null;
+          if (authRetryCount >= 1) {
+            throw new AuthorizationRequiredError(
+              "Authorization completed, but the MCP server still rejected the token. Verify OAuth resource audience and token issuer configuration.",
+              { cause: error }
+            );
+          }
+          return this.doConnect(authRetryCount + 1);
+        }
+        this.transport = null;
+        this.client = null;
+        throw new AuthorizationRequiredError(
+          "Authorization required. Complete the OAuth flow and retry."
+        );
+      }
+      this.transport = null;
+      this.client = null;
+      if (error instanceof KontextError) throw error;
+      throw new KontextError(
+        `Failed to connect to MCP server at ${this.mcpEndpointUrl}. ${error instanceof Error ? error.message : String(error)}`,
+        "kontext_mcp_connection_failed",
+        { cause: error }
+      );
+    }
+  }
+};
+
+exports.KontextMcp = KontextMcp;
+//# sourceMappingURL=index.cjs.map
+//# sourceMappingURL=index.cjs.map