@mcp-abap-adt/auth-broker 0.1.5 → 0.1.6

package/dist/AuthBroker.d.ts

@@ -1,8 +1,9 @@
 /**
  * Main AuthBroker class for managing JWT tokens based on destinations
  */
-import { Logger } from './logger';
-import { IServiceKeyStore, ISessionStore } from './stores/interfaces';
+import { Logger } from '@mcp-abap-adt/logger';
+import { IServiceKeyStore, ISessionStore, IAuthorizationConfig, IConnectionConfig } from './stores/interfaces';
+import { ITokenProvider } from './providers';
 /**
  * AuthBroker manages JWT authentication tokens for destinations
  */
@@ -11,19 +12,22 @@ export declare class AuthBroker {
     private logger;
     private serviceKeyStore;
     private sessionStore;
+    private tokenProvider;
     /**
      * Create a new AuthBroker instance
-     * @param stores Object with custom stores. If not provided, creates default file-based stores.
-     *               - serviceKeyStore: Store for service keys (default: FileServiceKeyStore)
-     *               - sessionStore: Store for session data (default: FileSessionStore)
+     * @param stores Object with stores and token provider
+     *               - serviceKeyStore: Store for service keys
+     *               - sessionStore: Store for session data
+     *               - tokenProvider: Token provider implementing ITokenProvider interface
      * @param browser Optional browser name for authentication (chrome, edge, firefox, system, none).
      *                Default: 'system' (system default browser).
      *                Use 'none' to print URL instead of opening browser.
      * @param logger Optional logger instance. If not provided, uses default logger.
      */
-    constructor(stores?: {
-        serviceKeyStore?: IServiceKeyStore;
-        sessionStore?: ISessionStore;
+    constructor(stores: {
+        serviceKeyStore: IServiceKeyStore;
+        sessionStore: ISessionStore;
+        tokenProvider: ITokenProvider;
     }, browser?: string, logger?: Logger);
     /**
      * Get authentication token for destination.
@@ -41,30 +45,16 @@ export declare class AuthBroker {
      */
     refreshToken(destination: string): Promise<string>;
     /**
-     * Internal refresh token implementation
-     * @private
-     */
-    private refreshTokenInternal;
-    /**
-     * Get SAP URL for destination.
-     * Tries to load from session store first, then from service key store.
+     * Get authorization configuration for destination
      * @param destination Destination name (e.g., "TRIAL")
-     * @returns Promise that resolves to SAP URL string, or undefined if not found
-     */
-    getSapUrl(destination: string): Promise<string | undefined>;
-    /**
-     * Clear cached token for specific destination
-     * @param destination Destination name
+     * @returns Promise that resolves to IAuthorizationConfig or null if not found
      */
-    clearCache(destination: string): void;
+    getAuthorizationConfig(destination: string): Promise<IAuthorizationConfig | null>;
     /**
-     * Clear all cached tokens
-     */
-    clearAllCache(): void;
-    /**
-     * Get search paths for error messages (from file stores if available)
-     * @private
+     * Get connection configuration for destination
+     * @param destination Destination name (e.g., "TRIAL")
+     * @returns Promise that resolves to IConnectionConfig or null if not found
      */
-    private getSearchPathsForError;
+    getConnectionConfig(destination: string): Promise<IConnectionConfig | null>;
 }
 //# sourceMappingURL=AuthBroker.d.ts.map

package/dist/AuthBroker.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"AuthBroker.d.ts","sourceRoot":"","sources":["../src/AuthBroker.ts"],"names":[],"mappings":"AAAA;;GAEG;AAOH,OAAO,EAAE,MAAM,EAAiB,MAAM,UAAU,CAAC;AACjD,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAGtE;;GAEG;AACH,qBAAa,UAAU;IACrB,OAAO,CAAC,OAAO,CAAqB;IACpC,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,eAAe,CAAmB;IAC1C,OAAO,CAAC,YAAY,CAAgB;IAEpC;;;;;;;;;OASG;gBAED,MAAM,CAAC,EAAE;QAAE,eAAe,CAAC,EAAE,gBAAgB,CAAC;QAAC,YAAY,CAAC,EAAE,aAAa,CAAA;KAAE,EAC7E,OAAO,CAAC,EAAE,MAAM,EAChB,MAAM,CAAC,EAAE,MAAM;IAQjB;;;;;;OAMG;IACG,QAAQ,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAiDpD;;;;;OAKG;IACG,YAAY,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAoBxD;;;OAGG;YACW,oBAAoB;IAuDlC;;;;;OAKG;IACG,SAAS,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,SAAS,CAAC;IAiBjE;;;OAGG;IACH,UAAU,CAAC,WAAW,EAAE,MAAM,GAAG,IAAI;IAIrC;;OAEG;IACH,aAAa,IAAI,IAAI;IAIrB;;;OAGG;IACH,OAAO,CAAC,sBAAsB;CAW/B"}
+{"version":3,"file":"AuthBroker.d.ts","sourceRoot":"","sources":["../src/AuthBroker.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,MAAM,EAAiB,MAAM,sBAAsB,CAAC;AAC7D,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AAC/G,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAE7C;;GAEG;AACH,qBAAa,UAAU;IACrB,OAAO,CAAC,OAAO,CAAqB;IACpC,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,eAAe,CAAmB;IAC1C,OAAO,CAAC,YAAY,CAAgB;IACpC,OAAO,CAAC,aAAa,CAAiB;IAEtC;;;;;;;;;;OAUG;gBAED,MAAM,EAAE;QAAE,eAAe,EAAE,gBAAgB,CAAC;QAAC,YAAY,EAAE,aAAa,CAAC;QAAC,aAAa,EAAE,cAAc,CAAA;KAAE,EACzG,OAAO,CAAC,EAAE,MAAM,EAChB,MAAM,CAAC,EAAE,MAAM;IASjB;;;;;;OAMG;IACG,QAAQ,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAwDpD;;;;;OAKG;IACG,YAAY,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAuCxD;;;;OAIG;IACG,sBAAsB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,oBAAoB,GAAG,IAAI,CAAC;IAWvF;;;;OAIG;IACG,mBAAmB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,GAAG,IAAI,CAAC;CAWlF"}

package/dist/AuthBroker.js

@@ -4,12 +4,7 @@
  */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.AuthBroker = void 0;
-const tokenValidator_1 = require("./tokenValidator");
-const tokenRefresher_1 = require("./tokenRefresher");
-const browserAuth_1 = require("./browserAuth");
-const cache_1 = require("./cache");
-const logger_1 = require("./logger");
-const stores_1 = require("./stores");
+const logger_1 = require("@mcp-abap-adt/logger");
 /**
  * AuthBroker manages JWT authentication tokens for destinations
  */
@@ -18,19 +13,22 @@ class AuthBroker {
     logger;
     serviceKeyStore;
     sessionStore;
+    tokenProvider;
     /**
      * Create a new AuthBroker instance
-     * @param stores Object with custom stores. If not provided, creates default file-based stores.
-     *               - serviceKeyStore: Store for service keys (default: FileServiceKeyStore)
-     *               - sessionStore: Store for session data (default: FileSessionStore)
+     * @param stores Object with stores and token provider
+     *               - serviceKeyStore: Store for service keys
+     *               - sessionStore: Store for session data
+     *               - tokenProvider: Token provider implementing ITokenProvider interface
      * @param browser Optional browser name for authentication (chrome, edge, firefox, system, none).
      *                Default: 'system' (system default browser).
      *                Use 'none' to print URL instead of opening browser.
      * @param logger Optional logger instance. If not provided, uses default logger.
      */
     constructor(stores, browser, logger) {
-        this.serviceKeyStore = stores?.serviceKeyStore || new stores_1.FileServiceKeyStore();
-        this.sessionStore = stores?.sessionStore || new stores_1.FileSessionStore();
+        this.serviceKeyStore = stores.serviceKeyStore;
+        this.sessionStore = stores.sessionStore;
+        this.tokenProvider = stores.tokenProvider;
         this.browser = browser || 'system';
         this.logger = logger || logger_1.defaultLogger;
     }
@@ -42,47 +40,51 @@ class AuthBroker {
      * @throws Error if neither session data nor service key found
      */
     async getToken(destination) {
-        // Check cache first
-        const cachedToken = (0, cache_1.getCachedToken)(destination);
-        if (cachedToken) {
-            // Validate cached token
-            const envConfig = await this.sessionStore.loadSession(destination);
-            if (envConfig) {
-                const isValid = await (0, tokenValidator_1.validateToken)(cachedToken, envConfig.sapUrl);
+        // Load connection config from session store
+        const connConfig = await this.sessionStore.getConnectionConfig(destination);
+        if (connConfig?.authorizationToken) {
+            // Validate token if provider supports validation and we have service URL
+            if (this.tokenProvider.validateToken && connConfig.serviceUrl) {
+                const isValid = await this.tokenProvider.validateToken(connConfig.authorizationToken, connConfig.serviceUrl);
                 if (isValid) {
-                    return cachedToken;
+                    return connConfig.authorizationToken;
                 }
-                // Token expired, remove from cache
             }
-        }
-        // Load from session store
-        const envConfig = await this.sessionStore.loadSession(destination);
-        if (envConfig && envConfig.jwtToken) {
-            // Validate token
-            const isValid = await (0, tokenValidator_1.validateToken)(envConfig.jwtToken, envConfig.sapUrl);
-            if (isValid) {
-                (0, cache_1.setCachedToken)(destination, envConfig.jwtToken);
-                return envConfig.jwtToken;
+            else {
+                // No service URL or provider doesn't support validation - just return token
+                return connConfig.authorizationToken;
             }
         }
-        // Token not found or expired, check if we have service key for browser auth
+        // Token not found or expired, check if we have service key
         const serviceKey = await this.serviceKeyStore.getServiceKey(destination);
         if (!serviceKey) {
-            // No service key and no valid token - throw error with helpful message
-            const searchPaths = this.getSearchPathsForError();
-            const searchedPaths = searchPaths.length > 0
-                ? `\nSearched in:\n${searchPaths.map(p => `  - ${p}`).join('\n')}`
-                : '';
+            // No service key and no valid token
             throw new Error(`No authentication found for destination "${destination}". ` +
-                `Neither ${destination}.env file nor ${destination}.json service key found.\n` +
-                `Please create one of:\n` +
-                `  - ${destination}.env (with SAP_JWT_TOKEN)\n` +
-                `  - ${destination}.json (service key)${searchedPaths}`);
+                `No session data and no service key found.`);
+        }
+        // Get authorization config from service key
+        const authConfig = await this.serviceKeyStore.getAuthorizationConfig(destination);
+        if (!authConfig) {
+            throw new Error(`Service key for destination "${destination}" does not contain UAA credentials`);
+        }
+        // Get refresh token from session
+        const sessionAuthConfig = await this.sessionStore.getAuthorizationConfig(destination);
+        const authConfigWithRefresh = { ...authConfig, refreshToken: sessionAuthConfig?.refreshToken || authConfig.refreshToken };
+        // Get connection config with token from provider
+        const tokenResult = await this.tokenProvider.getConnectionConfig(authConfigWithRefresh, {
+            browser: this.browser,
+            logger: this.logger,
+        });
+        // Update session with new token
+        await this.sessionStore.setConnectionConfig(destination, tokenResult.connectionConfig);
+        // Update authorization config with new refresh token if available
+        if (tokenResult.refreshToken) {
+            await this.sessionStore.setAuthorizationConfig(destination, {
+                ...authConfig,
+                refreshToken: tokenResult.refreshToken,
+            });
         }
-        // Try to refresh (will use browser auth if no refresh token)
-        const newToken = await this.refreshTokenInternal(destination, serviceKey, envConfig);
-        (0, cache_1.setCachedToken)(destination, newToken);
-        return newToken;
+        return tokenResult.connectionConfig.authorizationToken;
     }
     /**
      * Force refresh token for destination using service key.
@@ -94,107 +96,59 @@ class AuthBroker {
         // Load service key
         const serviceKey = await this.serviceKeyStore.getServiceKey(destination);
         if (!serviceKey) {
-            const searchPaths = this.getSearchPathsForError();
-            const searchedPaths = searchPaths.length > 0
-                ? `\nSearched in:\n${searchPaths.map(p => `  - ${p}`).join('\n')}`
-                : '';
-            throw new Error(`Service key file not found for destination "${destination}".\n` +
-                `Please create file: ${destination}.json${searchedPaths}`);
+            throw new Error(`Service key not found for destination "${destination}".`);
         }
-        // Load existing session (for refresh token)
-        const envConfig = await this.sessionStore.loadSession(destination);
-        return this.refreshTokenInternal(destination, serviceKey, envConfig);
-    }
-    /**
-     * Internal refresh token implementation
-     * @private
-     */
-    async refreshTokenInternal(destination, serviceKey, envConfig) {
-        // Extract UAA configuration
-        const { url: uaaUrl, clientid: clientId, clientsecret: clientSecret } = serviceKey.uaa;
-        if (!uaaUrl || !clientId || !clientSecret) {
-            throw new Error(`Invalid service key for destination "${destination}". ` +
-                `Missing required UAA fields: url, clientid, clientsecret`);
-        }
-        // Validate SAP URL early (before starting browser auth or refresh)
-        const sapUrl = serviceKey.url || serviceKey.abap?.url || serviceKey.sap_url;
-        if (!sapUrl) {
-            throw new Error(`Service key for destination "${destination}" does not contain SAP URL. ` +
-                `Expected field: url, abap.url, or sap_url`);
-        }
-        // Try to load existing refresh token from session store
-        let refreshTokenValue = envConfig?.refreshToken;
-        let result;
-        // If no refresh token, start browser authentication flow
-        if (!refreshTokenValue) {
-            this.logger.debug(`No refresh token found for destination "${destination}". Starting browser authentication...`);
-            result = await (0, browserAuth_1.startBrowserAuth)(serviceKey, this.browser || 'system', this.logger);
+        // Get authorization config from service key
+        const authConfig = await this.serviceKeyStore.getAuthorizationConfig(destination);
+        if (!authConfig) {
+            throw new Error(`Service key for destination "${destination}" does not contain UAA credentials`);
         }
-        else {
-            // Refresh token using refresh token
-            result = await (0, tokenRefresher_1.refreshJwtToken)(refreshTokenValue, uaaUrl, clientId, clientSecret);
-        }
-        // Save new token to session store
-        await this.sessionStore.saveSession(destination, {
-            sapUrl,
-            jwtToken: result.accessToken,
-            refreshToken: result.refreshToken || refreshTokenValue,
-            uaaUrl,
-            uaaClientId: clientId,
-            uaaClientSecret: clientSecret,
-            sapClient: envConfig?.sapClient,
-            language: envConfig?.language,
+        // Get refresh token from session
+        const sessionAuthConfig = await this.sessionStore.getAuthorizationConfig(destination);
+        const authConfigWithRefresh = { ...authConfig, refreshToken: sessionAuthConfig?.refreshToken || authConfig.refreshToken };
+        // Get connection config with token from provider
+        const tokenResult = await this.tokenProvider.getConnectionConfig(authConfigWithRefresh, {
+            browser: this.browser,
+            logger: this.logger,
         });
-        // Update cache with new token
-        (0, cache_1.setCachedToken)(destination, result.accessToken);
-        return result.accessToken;
+        // Update session with new token
+        await this.sessionStore.setConnectionConfig(destination, tokenResult.connectionConfig);
+        // Update authorization config with new refresh token if available
+        if (tokenResult.refreshToken) {
+            await this.sessionStore.setAuthorizationConfig(destination, {
+                ...authConfig,
+                refreshToken: tokenResult.refreshToken,
+            });
+        }
+        return tokenResult.connectionConfig.authorizationToken;
     }
     /**
-     * Get SAP URL for destination.
-     * Tries to load from session store first, then from service key store.
+     * Get authorization configuration for destination
      * @param destination Destination name (e.g., "TRIAL")
-     * @returns Promise that resolves to SAP URL string, or undefined if not found
+     * @returns Promise that resolves to IAuthorizationConfig or null if not found
      */
-    async getSapUrl(destination) {
-        // Try to load from session store first
-        const envConfig = await this.sessionStore.loadSession(destination);
-        if (envConfig?.sapUrl) {
-            return envConfig.sapUrl;
+    async getAuthorizationConfig(destination) {
+        // Try session store first (has tokens)
+        const sessionAuthConfig = await this.sessionStore.getAuthorizationConfig(destination);
+        if (sessionAuthConfig) {
+            return sessionAuthConfig;
         }
-        // Try service key store
-        const serviceKey = await this.serviceKeyStore.getServiceKey(destination);
-        if (serviceKey) {
-            return serviceKey.url || serviceKey.abap?.url || serviceKey.sap_url;
-        }
-        return undefined;
-    }
-    /**
-     * Clear cached token for specific destination
-     * @param destination Destination name
-     */
-    clearCache(destination) {
-        (0, cache_1.clearCache)(destination);
+        // Fall back to service key store (has UAA credentials)
+        return await this.serviceKeyStore.getAuthorizationConfig(destination);
     }
     /**
-     * Clear all cached tokens
-     */
-    clearAllCache() {
-        (0, cache_1.clearAllCache)();
-    }
-    /**
-     * Get search paths for error messages (from file stores if available)
-     * @private
+     * Get connection configuration for destination
+     * @param destination Destination name (e.g., "TRIAL")
+     * @returns Promise that resolves to IConnectionConfig or null if not found
      */
-    getSearchPathsForError() {
-        // Try to get search paths from file stores
-        if (this.serviceKeyStore instanceof stores_1.FileServiceKeyStore) {
-            return this.serviceKeyStore.getSearchPaths();
-        }
-        if (this.sessionStore instanceof stores_1.FileSessionStore) {
-            return this.sessionStore.getSearchPaths();
+    async getConnectionConfig(destination) {
+        // Try session store first (has tokens and URLs)
+        const sessionConnConfig = await this.sessionStore.getConnectionConfig(destination);
+        if (sessionConnConfig) {
+            return sessionConnConfig;
         }
-        // No file stores, return empty array
-        return [];
+        // Fall back to service key store (has URLs but no tokens)
+        return await this.serviceKeyStore.getConnectionConfig(destination);
     }
 }
 exports.AuthBroker = AuthBroker;

package/dist/__tests__/helpers/configHelpers.d.ts

@@ -0,0 +1,49 @@
+/**
+ * Configuration helpers for auth-broker tests
+ * Loads test configuration from test-config.yaml
+ */
+export interface TestConfig {
+    auth_broker?: {
+        paths?: {
+            service_keys_dir?: string;
+            sessions_dir?: string;
+        };
+        abap?: {
+            destination?: string;
+        };
+        xsuaa?: {
+            btp_destination?: string;
+            mcp_destination?: string;
+            mcp_url?: string;
+        };
+    };
+}
+/**
+ * Load test configuration from YAML
+ * Uses test-config.yaml from tests/ directory
+ */
+export declare function loadTestConfig(): TestConfig;
+/**
+ * Check if test config has real values (not placeholders)
+ */
+export declare function hasRealConfig(config: TestConfig, section: 'abap' | 'xsuaa'): boolean;
+/**
+ * Get ABAP destination from config
+ */
+export declare function getAbapDestination(config?: TestConfig): string | null;
+/**
+ * Get XSUAA destinations from config
+ */
+export declare function getXsuaaDestinations(config?: TestConfig): {
+    btp_destination: string | null;
+    mcp_url: string | null;
+};
+/**
+ * Get service keys directory from config
+ */
+export declare function getServiceKeysDir(config?: TestConfig): string | null;
+/**
+ * Get sessions directory from config
+ */
+export declare function getSessionsDir(config?: TestConfig): string | null;
+//# sourceMappingURL=configHelpers.d.ts.map

package/dist/__tests__/helpers/configHelpers.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"configHelpers.d.ts","sourceRoot":"","sources":["../../../src/__tests__/helpers/configHelpers.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAQH,MAAM,WAAW,UAAU;IACzB,WAAW,CAAC,EAAE;QACZ,KAAK,CAAC,EAAE;YACN,gBAAgB,CAAC,EAAE,MAAM,CAAC;YAC1B,YAAY,CAAC,EAAE,MAAM,CAAC;SACvB,CAAC;QACF,IAAI,CAAC,EAAE;YACL,WAAW,CAAC,EAAE,MAAM,CAAC;SACtB,CAAC;QACF,KAAK,CAAC,EAAE;YACN,eAAe,CAAC,EAAE,MAAM,CAAC;YACzB,eAAe,CAAC,EAAE,MAAM,CAAC;YACzB,OAAO,CAAC,EAAE,MAAM,CAAC;SAClB,CAAC;KACH,CAAC;CACH;AAkBD;;;GAGG;AACH,wBAAgB,cAAc,IAAI,UAAU,CA6C3C;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE,MAAM,GAAG,OAAO,GAAG,OAAO,CA2BpF;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,MAAM,CAAC,EAAE,UAAU,GAAG,MAAM,GAAG,IAAI,CAGrE;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,MAAM,CAAC,EAAE,UAAU,GAAG;IACzD,eAAe,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;CACxB,CAOA;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,MAAM,CAAC,EAAE,UAAU,GAAG,MAAM,GAAG,IAAI,CAGpE;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,MAAM,CAAC,EAAE,UAAU,GAAG,MAAM,GAAG,IAAI,CAGjE"}

package/dist/__tests__/helpers/configHelpers.js

@@ -0,0 +1,169 @@
+"use strict";
+/**
+ * Configuration helpers for auth-broker tests
+ * Loads test configuration from test-config.yaml
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.loadTestConfig = loadTestConfig;
+exports.hasRealConfig = hasRealConfig;
+exports.getAbapDestination = getAbapDestination;
+exports.getXsuaaDestinations = getXsuaaDestinations;
+exports.getServiceKeysDir = getServiceKeysDir;
+exports.getSessionsDir = getSessionsDir;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const yaml = __importStar(require("js-yaml"));
+let cachedConfig = null;
+/**
+ * Find project root directory by looking for package.json
+ */
+function findProjectRoot() {
+    let currentDir = __dirname;
+    while (currentDir !== path.dirname(currentDir)) {
+        const packageJsonPath = path.join(currentDir, 'package.json');
+        if (fs.existsSync(packageJsonPath)) {
+            return currentDir;
+        }
+        currentDir = path.dirname(currentDir);
+    }
+    // Fallback to process.cwd() if package.json not found
+    return process.cwd();
+}
+/**
+ * Load test configuration from YAML
+ * Uses test-config.yaml from tests/ directory
+ */
+function loadTestConfig() {
+    if (cachedConfig) {
+        return cachedConfig;
+    }
+    // Find project root and load from tests/test-config.yaml
+    const projectRoot = findProjectRoot();
+    const configPath = path.resolve(projectRoot, 'tests', 'test-config.yaml');
+    const templatePath = path.resolve(projectRoot, 'tests', 'test-config.yaml.template');
+    if (process.env.TEST_VERBOSE) {
+        console.log(`[configHelpers] Project root: ${projectRoot}`);
+        console.log(`[configHelpers] Config path: ${configPath}`);
+        console.log(`[configHelpers] Config exists: ${fs.existsSync(configPath)}`);
+    }
+    if (fs.existsSync(configPath)) {
+        try {
+            const configContent = fs.readFileSync(configPath, 'utf8');
+            cachedConfig = yaml.load(configContent) || {};
+            if (process.env.TEST_VERBOSE) {
+                console.log(`[configHelpers] Loaded config:`, JSON.stringify(cachedConfig, null, 2));
+            }
+            return cachedConfig;
+        }
+        catch (error) {
+            console.warn(`Failed to load test config from ${configPath}:`, error);
+            return {};
+        }
+    }
+    if (fs.existsSync(templatePath)) {
+        console.warn('⚠️  tests/test-config.yaml not found. Using template (all integration tests will be disabled).');
+        try {
+            const templateContent = fs.readFileSync(templatePath, 'utf8');
+            cachedConfig = yaml.load(templateContent) || {};
+            return cachedConfig;
+        }
+        catch (error) {
+            console.warn(`Failed to load test config template from ${templatePath}:`, error);
+            return {};
+        }
+    }
+    console.warn('⚠️  Test configuration files not found.');
+    console.warn('Please create tests/test-config.yaml with test parameters.');
+    return {};
+}
+/**
+ * Check if test config has real values (not placeholders)
+ */
+function hasRealConfig(config, section) {
+    if (!config.auth_broker) {
+        return false;
+    }
+    if (section === 'abap') {
+        const abap = config.auth_broker.abap;
+        if (!abap?.destination) {
+            return false;
+        }
+        // Check if destination is not a placeholder
+        return !abap.destination.includes('<') && !abap.destination.includes('>');
+    }
+    if (section === 'xsuaa') {
+        const xsuaa = config.auth_broker.xsuaa;
+        if (!xsuaa?.btp_destination || !xsuaa?.mcp_url) {
+            return false;
+        }
+        // Check if values are not placeholders
+        return (!xsuaa.btp_destination.includes('<') &&
+            !xsuaa.mcp_url.includes('<'));
+    }
+    return false;
+}
+/**
+ * Get ABAP destination from config
+ */
+function getAbapDestination(config) {
+    const cfg = config || loadTestConfig();
+    return cfg.auth_broker?.abap?.destination || null;
+}
+/**
+ * Get XSUAA destinations from config
+ */
+function getXsuaaDestinations(config) {
+    const cfg = config || loadTestConfig();
+    const xsuaa = cfg.auth_broker?.xsuaa;
+    return {
+        btp_destination: xsuaa?.btp_destination || null,
+        mcp_url: xsuaa?.mcp_url || null,
+    };
+}
+/**
+ * Get service keys directory from config
+ */
+function getServiceKeysDir(config) {
+    const cfg = config || loadTestConfig();
+    return cfg.auth_broker?.paths?.service_keys_dir || null;
+}
+/**
+ * Get sessions directory from config
+ */
+function getSessionsDir(config) {
+    const cfg = config || loadTestConfig();
+    return cfg.auth_broker?.paths?.sessions_dir || null;
+}

package/dist/index.d.ts

@@ -3,8 +3,8 @@
  * JWT authentication broker for MCP ABAP ADT server
  */
 export { AuthBroker } from './AuthBroker';
-export type { EnvConfig, ServiceKey } from './types';
-export { resolveSearchPaths, findFileInPaths } from './pathResolver';
-export { IServiceKeyStore, ISessionStore, ServiceKeyStore, SessionStore } from './stores/interfaces';
-export { FileServiceKeyStore, FileSessionStore, SafeSessionStore } from './stores';
+export type { IAuthorizationConfig, IConnectionConfig, IServiceKeyStore, ISessionStore } from './stores/interfaces';
+export type { IConfig } from './types';
+export type { ITokenProvider, TokenProviderOptions, TokenProviderResult } from './providers';
+export type { Logger } from '@mcp-abap-adt/logger';
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAC1C,YAAY,EAAE,SAAS,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrD,OAAO,EAAE,kBAAkB,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAGrE,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,eAAe,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACrG,OAAO,EAAE,mBAAmB,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,cAAc,CAAC;AAG1C,YAAY,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,qBAAqB,CAAC;AACpH,YAAY,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAEvC,YAAY,EAAE,cAAc,EAAE,oBAAoB,EAAE,mBAAmB,EAAE,MAAM,aAAa,CAAC;AAE7F,YAAY,EAAE,MAAM,EAAE,MAAM,sBAAsB,CAAC"}

package/dist/index.js

@@ -4,13 +4,10 @@
  * JWT authentication broker for MCP ABAP ADT server
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.SafeSessionStore = exports.FileSessionStore = exports.FileServiceKeyStore = exports.findFileInPaths = exports.resolveSearchPaths = exports.AuthBroker = void 0;
+exports.AuthBroker = void 0;
 var AuthBroker_1 = require("./AuthBroker");
 Object.defineProperty(exports, "AuthBroker", { enumerable: true, get: function () { return AuthBroker_1.AuthBroker; } });
-var pathResolver_1 = require("./pathResolver");
-Object.defineProperty(exports, "resolveSearchPaths", { enumerable: true, get: function () { return pathResolver_1.resolveSearchPaths; } });
-Object.defineProperty(exports, "findFileInPaths", { enumerable: true, get: function () { return pathResolver_1.findFileInPaths; } });
-var stores_1 = require("./stores");
-Object.defineProperty(exports, "FileServiceKeyStore", { enumerable: true, get: function () { return stores_1.FileServiceKeyStore; } });
-Object.defineProperty(exports, "FileSessionStore", { enumerable: true, get: function () { return stores_1.FileSessionStore; } });
-Object.defineProperty(exports, "SafeSessionStore", { enumerable: true, get: function () { return stores_1.SafeSessionStore; } });
+// Store and provider implementations are in separate packages:
+// - @mcp-abap-adt/auth-stores-btp - BTP and ABAP stores
+// - @mcp-abap-adt/auth-stores-xsuaa - XSUAA stores
+// - @mcp-abap-adt/auth-providers - XSUAA and BTP token providers