@leanmcp/auth 0.4.4-alpha.6.6dae082 → 0.4.4-alpha.67.ad9d43a

package/dist/{auth0-DWCHZ7IN.mjs → auth0-ABDAL2B7.mjs}

@@ -1,6 +1,6 @@
 import {
   AuthProviderBase
-} from "./chunk-ZJYMG6ZM.mjs";
+} from "./chunk-L2EFAPCF.mjs";
 import {
   __name
 } from "./chunk-LPEX4YW6.mjs";

package/dist/{chunk-ZJYMG6ZM.mjs → chunk-L2EFAPCF.mjs}

@@ -176,31 +176,37 @@ var AuthProvider = class extends AuthProviderBase {
     const finalConfig = config || this.config;
     switch (this.providerType) {
       case "cognito": {
-        const { AuthCognito } = await import("./cognito-XKPEG6UH.mjs");
+        const { AuthCognito } = await import("./cognito-SL5RPP2Y.mjs");
         this.providerInstance = new AuthCognito();
         await this.providerInstance.init(finalConfig);
         break;
       }
       case "auth0": {
-        const { AuthAuth0 } = await import("./auth0-DWCHZ7IN.mjs");
+        const { AuthAuth0 } = await import("./auth0-ABDAL2B7.mjs");
         this.providerInstance = new AuthAuth0();
         await this.providerInstance.init(finalConfig);
         break;
       }
       case "clerk": {
-        const { AuthClerk } = await import("./clerk-YVTZMRLF.mjs");
+        const { AuthClerk } = await import("./clerk-Z3T5NM5E.mjs");
         this.providerInstance = new AuthClerk();
         await this.providerInstance.init(finalConfig);
         break;
       }
+      case "firebase": {
+        const { AuthFirebase } = await import("./firebase-ZVHBNZ3E.mjs");
+        this.providerInstance = new AuthFirebase();
+        await this.providerInstance.init(finalConfig);
+        break;
+      }
       case "leanmcp": {
-        const { AuthLeanmcp } = await import("./leanmcp-73RUGZ2B.mjs");
+        const { AuthLeanmcp } = await import("./leanmcp-VW5635QY.mjs");
         this.providerInstance = new AuthLeanmcp();
         await this.providerInstance.init(finalConfig);
         break;
       }
       default:
-        throw new Error(`Unsupported auth provider: ${this.providerType}. Supported providers: cognito, auth0, clerk, leanmcp`);
+        throw new Error(`Unsupported auth provider: ${this.providerType}. Supported providers: cognito, auth0, clerk, firebase, leanmcp`);
     }
   }
   /**

package/dist/{clerk-YVTZMRLF.mjs → clerk-Z3T5NM5E.mjs}

@@ -1,6 +1,6 @@
 import {
   AuthProviderBase
-} from "./chunk-ZJYMG6ZM.mjs";
+} from "./chunk-L2EFAPCF.mjs";
 import {
   __name
 } from "./chunk-LPEX4YW6.mjs";

package/dist/{cognito-XKPEG6UH.mjs → cognito-SL5RPP2Y.mjs}

@@ -1,6 +1,6 @@
 import {
   AuthProviderBase
-} from "./chunk-ZJYMG6ZM.mjs";
+} from "./chunk-L2EFAPCF.mjs";
 import {
   __name
 } from "./chunk-LPEX4YW6.mjs";

package/dist/firebase-ZVHBNZ3E.mjs

@@ -0,0 +1,228 @@
+import {
+  AuthProviderBase
+} from "./chunk-L2EFAPCF.mjs";
+import {
+  __name
+} from "./chunk-LPEX4YW6.mjs";
+
+// src/providers/firebase.ts
+import axios from "axios";
+import jwt from "jsonwebtoken";
+import jwkToPem from "jwk-to-pem";
+var AuthFirebase = class extends AuthProviderBase {
+  static {
+    __name(this, "AuthFirebase");
+  }
+  projectId = "";
+  apiKey = "";
+  jwksCache = null;
+  jwksCacheExpiry = 0;
+  /**
+  * Google's public keys URL for Firebase token verification
+  * These rotate regularly, so we cache with respect to Cache-Control headers
+  */
+  GOOGLE_JWKS_URL = "https://www.googleapis.com/service_accounts/v1/jwk/securetoken@system.gserviceaccount.com";
+  /**
+  * Firebase Auth REST API for token refresh
+  * Docs: https://firebase.google.com/docs/reference/rest/auth
+  */
+  SECURE_TOKEN_URL = "https://securetoken.googleapis.com/v1/token";
+  /**
+  * Initialize Firebase Auth Provider
+  *
+  * @param config - Configuration options
+  * @param config.projectId - Firebase project ID (required)
+  * @param config.apiKey - Firebase Web API key (required for token refresh)
+  */
+  async init(config) {
+    this.projectId = config?.projectId || process.env.FIREBASE_PROJECT_ID || "";
+    this.apiKey = config?.apiKey || process.env.FIREBASE_API_KEY || "";
+    if (!this.projectId) {
+      throw new Error("Firebase config missing: projectId is required. Provide it in config or set FIREBASE_PROJECT_ID environment variable.");
+    }
+    if (!this.apiKey) {
+      console.warn("[Firebase Auth] API key not provided. Token refresh will not be available. Set FIREBASE_API_KEY environment variable or pass apiKey in config.");
+    }
+  }
+  /**
+  * Refresh an authentication token using Firebase's secure token API
+  *
+  * @param refreshToken - The refresh token obtained during sign-in
+  * @returns New tokens including access_token, id_token, and refresh_token
+  */
+  async refreshToken(refreshToken) {
+    if (!this.apiKey) {
+      throw new Error("Firebase API key is required for token refresh. Set FIREBASE_API_KEY environment variable or pass apiKey in config.");
+    }
+    const url = `${this.SECURE_TOKEN_URL}?key=${this.apiKey}`;
+    try {
+      const { data } = await axios.post(url, {
+        grant_type: "refresh_token",
+        refresh_token: refreshToken
+      }, {
+        headers: {
+          "Content-Type": "application/json"
+        }
+      });
+      return {
+        access_token: data.access_token,
+        id_token: data.id_token,
+        refresh_token: data.refresh_token,
+        expires_in: parseInt(data.expires_in, 10),
+        token_type: data.token_type || "Bearer",
+        user_id: data.user_id
+      };
+    } catch (error) {
+      if (axios.isAxiosError(error) && error.response?.data?.error) {
+        const firebaseError = error.response.data.error;
+        throw new Error(`Firebase token refresh failed: ${firebaseError.message || firebaseError.code || "Unknown error"}`);
+      }
+      throw error;
+    }
+  }
+  /**
+  * Verify if a Firebase ID token is valid
+  *
+  * Verification includes:
+  *  - Signature validation using Google's public keys
+  *  - Expiration check
+  *  - Issuer validation (must be from your Firebase project)
+  *  - Audience validation (must match your project ID)
+  *
+  * @param token - The Firebase ID token to verify
+  * @returns true if valid, throws error otherwise
+  */
+  async verifyToken(token) {
+    try {
+      await this.verifyJwt(token);
+      return true;
+    } catch (error) {
+      if (error instanceof Error) {
+        if (error.message.includes("jwt expired")) {
+          throw new Error("Token has expired");
+        }
+        if (error.message.includes("invalid signature")) {
+          throw new Error("Invalid token signature");
+        }
+        if (error.message.includes("jwt malformed")) {
+          throw new Error("Malformed token");
+        }
+        if (error.message.includes("invalid issuer")) {
+          throw new Error("Invalid token issuer - token not from expected Firebase project");
+        }
+        if (error.message.includes("invalid audience")) {
+          throw new Error("Invalid token audience - token not intended for this project");
+        }
+        throw error;
+      }
+      return false;
+    }
+  }
+  /**
+  * Extract user information from a Firebase ID token
+  *
+  * @param idToken - The Firebase ID token
+  * @returns Normalized user object with common fields
+  */
+  async getUser(idToken) {
+    const decoded = jwt.decode(idToken);
+    if (!decoded) {
+      throw new Error("Invalid ID token - unable to decode");
+    }
+    return {
+      // Standard claims
+      sub: decoded.sub,
+      email: decoded.email,
+      email_verified: decoded.email_verified,
+      // Firebase-specific identifiers
+      uid: decoded.user_id || decoded.sub,
+      firebase_uid: decoded.user_id || decoded.sub,
+      // User profile
+      name: decoded.name,
+      picture: decoded.picture,
+      phone_number: decoded.phone_number,
+      // Provider info
+      sign_in_provider: decoded.firebase?.sign_in_provider,
+      identities: decoded.firebase?.identities,
+      // Token metadata
+      auth_time: decoded.auth_time,
+      iat: decoded.iat,
+      exp: decoded.exp,
+      // Full token for access to any custom claims
+      attributes: decoded
+    };
+  }
+  /**
+  * Fetch Google's public keys for Firebase token verification
+  * Keys are cached based on Cache-Control headers
+  */
+  async fetchJWKS() {
+    const now = Date.now();
+    if (this.jwksCache && now < this.jwksCacheExpiry) {
+      return this.jwksCache;
+    }
+    try {
+      const response = await axios.get(this.GOOGLE_JWKS_URL);
+      this.jwksCache = response.data.keys;
+      const cacheControl = response.headers["cache-control"];
+      if (cacheControl) {
+        const maxAgeMatch = cacheControl.match(/max-age=(\d+)/);
+        if (maxAgeMatch) {
+          const maxAge = parseInt(maxAgeMatch[1], 10) * 1e3;
+          this.jwksCacheExpiry = now + maxAge;
+        } else {
+          this.jwksCacheExpiry = now + 3600 * 1e3;
+        }
+      } else {
+        this.jwksCacheExpiry = now + 3600 * 1e3;
+      }
+      return this.jwksCache;
+    } catch (error) {
+      if (this.jwksCache) {
+        console.warn("[Firebase Auth] Failed to refresh JWKS, using cached keys");
+        return this.jwksCache;
+      }
+      throw new Error("Failed to fetch Google public keys for Firebase token verification");
+    }
+  }
+  /**
+  * Verify JWT token using Google's public keys
+  */
+  async verifyJwt(token) {
+    const decoded = jwt.decode(token, {
+      complete: true
+    });
+    if (!decoded) {
+      throw new Error("Invalid token - unable to decode");
+    }
+    const jwks = await this.fetchJWKS();
+    const key = jwks.find((k) => k.kid === decoded.header.kid);
+    if (!key) {
+      this.jwksCache = null;
+      const refreshedJwks = await this.fetchJWKS();
+      const refreshedKey = refreshedJwks.find((k) => k.kid === decoded.header.kid);
+      if (!refreshedKey) {
+        throw new Error("Signing key not found in Google JWKS - token may be invalid or keys rotated");
+      }
+      const pem2 = jwkToPem(refreshedKey);
+      return this.verifyWithPem(token, pem2);
+    }
+    const pem = jwkToPem(key);
+    return this.verifyWithPem(token, pem);
+  }
+  /**
+  * Verify token with PEM key and validate claims
+  */
+  verifyWithPem(token, pem) {
+    return jwt.verify(token, pem, {
+      algorithms: [
+        "RS256"
+      ],
+      issuer: `https://securetoken.google.com/${this.projectId}`,
+      audience: this.projectId
+    });
+  }
+};
+export {
+  AuthFirebase
+};

package/dist/index.js

@@ -557,17 +557,247 @@ var init_clerk = __esm({
   }
 });
 
+// src/providers/firebase.ts
+var firebase_exports = {};
+__export(firebase_exports, {
+  AuthFirebase: () => AuthFirebase
+});
+var import_axios4, import_jsonwebtoken4, import_jwk_to_pem4, AuthFirebase;
+var init_firebase = __esm({
+  "src/providers/firebase.ts"() {
+    "use strict";
+    import_axios4 = __toESM(require("axios"));
+    import_jsonwebtoken4 = __toESM(require("jsonwebtoken"));
+    import_jwk_to_pem4 = __toESM(require("jwk-to-pem"));
+    init_index();
+    AuthFirebase = class extends AuthProviderBase {
+      static {
+        __name(this, "AuthFirebase");
+      }
+      projectId = "";
+      apiKey = "";
+      jwksCache = null;
+      jwksCacheExpiry = 0;
+      /**
+      * Google's public keys URL for Firebase token verification
+      * These rotate regularly, so we cache with respect to Cache-Control headers
+      */
+      GOOGLE_JWKS_URL = "https://www.googleapis.com/service_accounts/v1/jwk/securetoken@system.gserviceaccount.com";
+      /**
+      * Firebase Auth REST API for token refresh
+      * Docs: https://firebase.google.com/docs/reference/rest/auth
+      */
+      SECURE_TOKEN_URL = "https://securetoken.googleapis.com/v1/token";
+      /**
+      * Initialize Firebase Auth Provider
+      *
+      * @param config - Configuration options
+      * @param config.projectId - Firebase project ID (required)
+      * @param config.apiKey - Firebase Web API key (required for token refresh)
+      */
+      async init(config) {
+        this.projectId = config?.projectId || process.env.FIREBASE_PROJECT_ID || "";
+        this.apiKey = config?.apiKey || process.env.FIREBASE_API_KEY || "";
+        if (!this.projectId) {
+          throw new Error("Firebase config missing: projectId is required. Provide it in config or set FIREBASE_PROJECT_ID environment variable.");
+        }
+        if (!this.apiKey) {
+          console.warn("[Firebase Auth] API key not provided. Token refresh will not be available. Set FIREBASE_API_KEY environment variable or pass apiKey in config.");
+        }
+      }
+      /**
+      * Refresh an authentication token using Firebase's secure token API
+      *
+      * @param refreshToken - The refresh token obtained during sign-in
+      * @returns New tokens including access_token, id_token, and refresh_token
+      */
+      async refreshToken(refreshToken) {
+        if (!this.apiKey) {
+          throw new Error("Firebase API key is required for token refresh. Set FIREBASE_API_KEY environment variable or pass apiKey in config.");
+        }
+        const url = `${this.SECURE_TOKEN_URL}?key=${this.apiKey}`;
+        try {
+          const { data } = await import_axios4.default.post(url, {
+            grant_type: "refresh_token",
+            refresh_token: refreshToken
+          }, {
+            headers: {
+              "Content-Type": "application/json"
+            }
+          });
+          return {
+            access_token: data.access_token,
+            id_token: data.id_token,
+            refresh_token: data.refresh_token,
+            expires_in: parseInt(data.expires_in, 10),
+            token_type: data.token_type || "Bearer",
+            user_id: data.user_id
+          };
+        } catch (error) {
+          if (import_axios4.default.isAxiosError(error) && error.response?.data?.error) {
+            const firebaseError = error.response.data.error;
+            throw new Error(`Firebase token refresh failed: ${firebaseError.message || firebaseError.code || "Unknown error"}`);
+          }
+          throw error;
+        }
+      }
+      /**
+      * Verify if a Firebase ID token is valid
+      *
+      * Verification includes:
+      *  - Signature validation using Google's public keys
+      *  - Expiration check
+      *  - Issuer validation (must be from your Firebase project)
+      *  - Audience validation (must match your project ID)
+      *
+      * @param token - The Firebase ID token to verify
+      * @returns true if valid, throws error otherwise
+      */
+      async verifyToken(token) {
+        try {
+          await this.verifyJwt(token);
+          return true;
+        } catch (error) {
+          if (error instanceof Error) {
+            if (error.message.includes("jwt expired")) {
+              throw new Error("Token has expired");
+            }
+            if (error.message.includes("invalid signature")) {
+              throw new Error("Invalid token signature");
+            }
+            if (error.message.includes("jwt malformed")) {
+              throw new Error("Malformed token");
+            }
+            if (error.message.includes("invalid issuer")) {
+              throw new Error("Invalid token issuer - token not from expected Firebase project");
+            }
+            if (error.message.includes("invalid audience")) {
+              throw new Error("Invalid token audience - token not intended for this project");
+            }
+            throw error;
+          }
+          return false;
+        }
+      }
+      /**
+      * Extract user information from a Firebase ID token
+      *
+      * @param idToken - The Firebase ID token
+      * @returns Normalized user object with common fields
+      */
+      async getUser(idToken) {
+        const decoded = import_jsonwebtoken4.default.decode(idToken);
+        if (!decoded) {
+          throw new Error("Invalid ID token - unable to decode");
+        }
+        return {
+          // Standard claims
+          sub: decoded.sub,
+          email: decoded.email,
+          email_verified: decoded.email_verified,
+          // Firebase-specific identifiers
+          uid: decoded.user_id || decoded.sub,
+          firebase_uid: decoded.user_id || decoded.sub,
+          // User profile
+          name: decoded.name,
+          picture: decoded.picture,
+          phone_number: decoded.phone_number,
+          // Provider info
+          sign_in_provider: decoded.firebase?.sign_in_provider,
+          identities: decoded.firebase?.identities,
+          // Token metadata
+          auth_time: decoded.auth_time,
+          iat: decoded.iat,
+          exp: decoded.exp,
+          // Full token for access to any custom claims
+          attributes: decoded
+        };
+      }
+      /**
+      * Fetch Google's public keys for Firebase token verification
+      * Keys are cached based on Cache-Control headers
+      */
+      async fetchJWKS() {
+        const now = Date.now();
+        if (this.jwksCache && now < this.jwksCacheExpiry) {
+          return this.jwksCache;
+        }
+        try {
+          const response = await import_axios4.default.get(this.GOOGLE_JWKS_URL);
+          this.jwksCache = response.data.keys;
+          const cacheControl = response.headers["cache-control"];
+          if (cacheControl) {
+            const maxAgeMatch = cacheControl.match(/max-age=(\d+)/);
+            if (maxAgeMatch) {
+              const maxAge = parseInt(maxAgeMatch[1], 10) * 1e3;
+              this.jwksCacheExpiry = now + maxAge;
+            } else {
+              this.jwksCacheExpiry = now + 3600 * 1e3;
+            }
+          } else {
+            this.jwksCacheExpiry = now + 3600 * 1e3;
+          }
+          return this.jwksCache;
+        } catch (error) {
+          if (this.jwksCache) {
+            console.warn("[Firebase Auth] Failed to refresh JWKS, using cached keys");
+            return this.jwksCache;
+          }
+          throw new Error("Failed to fetch Google public keys for Firebase token verification");
+        }
+      }
+      /**
+      * Verify JWT token using Google's public keys
+      */
+      async verifyJwt(token) {
+        const decoded = import_jsonwebtoken4.default.decode(token, {
+          complete: true
+        });
+        if (!decoded) {
+          throw new Error("Invalid token - unable to decode");
+        }
+        const jwks = await this.fetchJWKS();
+        const key = jwks.find((k) => k.kid === decoded.header.kid);
+        if (!key) {
+          this.jwksCache = null;
+          const refreshedJwks = await this.fetchJWKS();
+          const refreshedKey = refreshedJwks.find((k) => k.kid === decoded.header.kid);
+          if (!refreshedKey) {
+            throw new Error("Signing key not found in Google JWKS - token may be invalid or keys rotated");
+          }
+          const pem2 = (0, import_jwk_to_pem4.default)(refreshedKey);
+          return this.verifyWithPem(token, pem2);
+        }
+        const pem = (0, import_jwk_to_pem4.default)(key);
+        return this.verifyWithPem(token, pem);
+      }
+      /**
+      * Verify token with PEM key and validate claims
+      */
+      verifyWithPem(token, pem) {
+        return import_jsonwebtoken4.default.verify(token, pem, {
+          algorithms: [
+            "RS256"
+          ],
+          issuer: `https://securetoken.google.com/${this.projectId}`,
+          audience: this.projectId
+        });
+      }
+    };
+  }
+});
+
 // src/providers/leanmcp.ts
 var leanmcp_exports = {};
 __export(leanmcp_exports, {
   AuthLeanmcp: () => AuthLeanmcp
 });
-var import_axios4, import_jsonwebtoken4, AuthLeanmcp;
+var import_axios5, import_jsonwebtoken5, AuthLeanmcp;
 var init_leanmcp = __esm({
   "src/providers/leanmcp.ts"() {
     "use strict";
-    import_axios4 = __toESM(require("axios"));
-    import_jsonwebtoken4 = __toESM(require("jsonwebtoken"));
+    import_axios5 = __toESM(require("axios"));
+    import_jsonwebtoken5 = __toESM(require("jsonwebtoken"));
     init_index();
     AuthLeanmcp = class extends AuthProviderBase {
       static {
@@ -584,7 +814,7 @@ var init_leanmcp = __esm({
       async refreshToken(refreshToken) {
         const url = `${this.authUrl}/api/refresh`;
         try {
-          const { data } = await import_axios4.default.post(url, {
+          const { data } = await import_axios5.default.post(url, {
             refresh_token: refreshToken
           }, {
             headers: {
@@ -593,7 +823,7 @@ var init_leanmcp = __esm({
           });
           return data;
         } catch (error) {
-          if (import_axios4.default.isAxiosError(error) && error.response) {
+          if (import_axios5.default.isAxiosError(error) && error.response) {
             throw new Error(`Failed to refresh token: ${error.response.data.error?.message || error.response.data.error || "Unknown error"}`);
           }
           throw error;
@@ -603,7 +833,7 @@ var init_leanmcp = __esm({
         if (this.apiKey) {
           const url2 = `${this.orchestrationApiUrl}/public/auth/verify-user`;
           try {
-            await import_axios4.default.post(url2, {
+            await import_axios5.default.post(url2, {
               token
             }, {
               headers: {
@@ -619,7 +849,7 @@ var init_leanmcp = __esm({
         }
         const url = `${this.authUrl}/api/verify`;
         try {
-          const { data } = await import_axios4.default.post(url, {
+          const { data } = await import_axios5.default.post(url, {
             token
           }, {
             headers: {
@@ -635,7 +865,7 @@ var init_leanmcp = __esm({
         if (this.apiKey) {
           const url = `${this.orchestrationApiUrl}/public/auth/verify-user`;
           try {
-            const { data } = await import_axios4.default.post(url, {
+            const { data } = await import_axios5.default.post(url, {
               token
             }, {
               headers: {
@@ -656,7 +886,7 @@ var init_leanmcp = __esm({
             throw new Error("Invalid user token or API key");
           }
         }
-        const decoded = import_jsonwebtoken4.default.decode(token);
+        const decoded = import_jsonwebtoken5.default.decode(token);
         if (!decoded) throw new Error("Invalid ID token");
         return {
           uid: decoded.user_id || decoded.sub,
@@ -683,7 +913,7 @@ var init_leanmcp = __esm({
         }
         const url = `${this.orchestrationApiUrl}/public/secrets/user/${projectId}`;
         try {
-          const { data } = await import_axios4.default.get(url, {
+          const { data } = await import_axios5.default.get(url, {
             headers: {
               Authorization: `Bearer ${token}`,
               "x-api-key": this.apiKey
@@ -757,6 +987,12 @@ var init_index = __esm({
             await this.providerInstance.init(finalConfig);
             break;
           }
+          case "firebase": {
+            const { AuthFirebase: AuthFirebase2 } = await Promise.resolve().then(() => (init_firebase(), firebase_exports));
+            this.providerInstance = new AuthFirebase2();
+            await this.providerInstance.init(finalConfig);
+            break;
+          }
           case "leanmcp": {
             const { AuthLeanmcp: AuthLeanmcp2 } = await Promise.resolve().then(() => (init_leanmcp(), leanmcp_exports));
             this.providerInstance = new AuthLeanmcp2();
@@ -764,7 +1000,7 @@ var init_index = __esm({
             break;
           }
           default:
-            throw new Error(`Unsupported auth provider: ${this.providerType}. Supported providers: cognito, auth0, clerk, leanmcp`);
+            throw new Error(`Unsupported auth provider: ${this.providerType}. Supported providers: cognito, auth0, clerk, firebase, leanmcp`);
         }
       }
       /**

package/dist/index.mjs

@@ -6,7 +6,7 @@ import {
   getAuthProvider,
   getAuthUser,
   isAuthenticationRequired
-} from "./chunk-ZJYMG6ZM.mjs";
+} from "./chunk-L2EFAPCF.mjs";
 import "./chunk-LPEX4YW6.mjs";
 export {
   AuthProvider,

package/dist/{leanmcp-73RUGZ2B.mjs → leanmcp-VW5635QY.mjs}

@@ -1,6 +1,6 @@
 import {
   AuthProviderBase
-} from "./chunk-ZJYMG6ZM.mjs";
+} from "./chunk-L2EFAPCF.mjs";
 import {
   __name
 } from "./chunk-LPEX4YW6.mjs";

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@leanmcp/auth",
-  "version": "0.4.4-alpha.6.6dae082",
+  "version": "0.4.4-alpha.67.ad9d43a",
   "description": "Authentication and identity module with OAuth 2.1 client, token storage, and multiple providers",
   "main": "dist/index.js",
   "module": "dist/index.mjs",
@@ -44,11 +44,11 @@
     "test:watch": "jest --watch"
   },
   "dependencies": {
-    "@leanmcp/core": "^0.3.0",
+    "@leanmcp/core": "^0.4.0",
     "reflect-metadata": "^0.2.1"
   },
   "devDependencies": {
-    "@leanmcp/env-injection": "^0.1.0",
+    "@leanmcp/env-injection": "^0.1.4",
     "@types/jest": "^29.5.0",
     "@types/jsonwebtoken": "^9.0.10",
     "@types/jwk-to-pem": "^2.0.3",
@@ -60,7 +60,7 @@
   },
   "peerDependencies": {
     "@aws-sdk/client-cognito-identity-provider": "^3.0.0",
-    "@leanmcp/env-injection": "^0.1.0",
+    "@leanmcp/env-injection": "^0.1.4",
     "axios": "^1.0.0",
     "jsonwebtoken": "^9.0.0",
     "jwk-to-pem": "^2.0.0",