@mcp-abap-adt/auth-broker 0.2.13 → 0.2.15

package/CHANGELOG.md

@@ -11,6 +11,32 @@ Thank you to all contributors! See [CONTRIBUTORS.md](CONTRIBUTORS.md) for the co
 
 ## [Unreleased]
 
+## [0.2.15] - 2025-12-30
+
+### Fixed
+- **CLI**: Remove duplicate `authConfig` declaration in `mcp-auth.ts` that caused esbuild/tsx to fail with "symbol already declared" error
+
+## [0.2.14] - 2025-12-26
+
+### Added
+- **Structured logging**: Added detailed logging throughout `AuthBroker` for better debugging and observability
+  - Logs broker initialization with configuration details
+  - Logs token retrieval operations with formatted tokens (start...end format)
+  - Logs token persistence with expiration dates in readable format
+  - Logs session state checks with token and refresh token information
+  - Uses `formatToken()` and `formatExpirationDate()` utilities for consistent formatting
+- **Token formatting utilities**: Added `formatExpirationDate()` function to `utils/formatting.ts` for readable date/time formatting (e.g., "2025-12-25 19:21:27 UTC")
+- **Test configuration**: Added `forceExit: true` to `jest.config.js` to prevent test hanging after completion
+
+### Changed
+- **Dependencies**: Updated `@mcp-abap-adt/auth-providers` from `^0.2.8` to `^0.2.10`
+- **Dependencies**: Updated `@mcp-abap-adt/auth-stores` from `^0.2.9` to `^0.2.10`
+- **Logging format**: All token logging now uses formatted tokens (shows first 25 and last 25 characters, skipping middle)
+- **Logging format**: All expiration date logging now uses readable date/time format instead of raw timestamps
+
+### Fixed
+- **Test hanging**: Fixed issue where tests would hang after completion by adding `forceExit: true` to Jest configuration
+
 ## [0.2.13] - 2025-12-26
 
 ### Changed

package/README.md

@@ -177,10 +177,14 @@ const connection = new JwtAbapConnection(config, tokenRefresher);
 
 #### Debugging Variables
 
-- `DEBUG_AUTH_BROKER` - Enable debug logging for `auth-broker` package
+- `DEBUG_BROKER` - Enable debug logging for `auth-broker` package (short name)
   - Set to `true` to enable logging (default: `false`)
   - When enabled, logs authentication steps, token operations, and error details
   - Can be explicitly disabled by setting to `false`
+  - Example: `DEBUG_BROKER=true npm test`
+  
+- `DEBUG_AUTH_BROKER` - Long name (backward compatibility)
+  - Same as `DEBUG_BROKER`, but longer name
   - Example: `DEBUG_AUTH_BROKER=true npm test`
   
 - `LOG_LEVEL` - Control log verbosity level
@@ -189,18 +193,48 @@ const connection = new JwtAbapConnection(config, tokenRefresher);
   - `info` - Informational messages, warnings, and errors
   - `warn` - Warnings and errors only
   - `error` - Errors only
-  - Example: `LOG_LEVEL=debug DEBUG_AUTH_BROKER=true npm test`
+  - Example: `LOG_LEVEL=debug DEBUG_BROKER=true npm test`
 
 - `DEBUG` - Alternative way to enable debugging
   - Set to `true` to enable all debug logging
-  - Or set to a string containing `auth-broker` to enable only this package
-  - Example: `DEBUG=true npm test` or `DEBUG=auth-broker npm test`
+  - Or set to a string containing `broker` or `auth-broker` to enable only this package
+  - Example: `DEBUG=true npm test` or `DEBUG=broker npm test` or `DEBUG=auth-broker npm test`
 
 **Note**: For debugging related packages:
-- `DEBUG_AUTH_STORES` - Enable logging for `@mcp-abap-adt/auth-stores` package
-- `DEBUG_AUTH_PROVIDERS` - Enable logging for `@mcp-abap-adt/auth-providers` package
+- `DEBUG_STORES` (short) or `DEBUG_AUTH_STORES` (long) - Enable logging for `@mcp-abap-adt/auth-stores` package
+- `DEBUG_PROVIDER` (short) or `DEBUG_AUTH_PROVIDERS` (long) - Enable logging for `@mcp-abap-adt/auth-providers` package
+
+**Legacy Support**: `DEBUG_AUTH_LOG` is still supported for backward compatibility (equivalent to `DEBUG_BROKER=true LOG_LEVEL=debug`)
+
+### Logging Features
+
+When logging is enabled (via `DEBUG_BROKER=true` or `DEBUG_AUTH_BROKER=true`), the broker provides detailed structured logging:
+
+**What is logged:**
+- **Broker initialization**: Configuration details, stores, token provider, browser settings
+- **Token retrieval**: Session state checks, token presence, refresh token availability
+- **Token operations**: Token requests via provider, received tokens with expiration information
+- **Token persistence**: Saving tokens to session with formatted token values and expiration dates
+- **Error context**: Detailed error information with file paths, error codes, missing fields
+
+**Logging Features:**
+- **Token Formatting**: Tokens are logged in truncated format (first 25 and last 25 characters, skipping middle) for security and readability
+- **Date Formatting**: Expiration dates are logged in readable format (e.g., "2025-12-25 19:21:27 UTC") instead of raw timestamps
+- **Structured Logging**: Uses `DefaultLogger` from `@mcp-abap-adt/logger` for proper formatting with icons and level prefixes
+- **Log Levels**: Controlled via `LOG_LEVEL` or `AUTH_LOG_LEVEL` environment variable (error, warn, info, debug)
+
+Example output with `DEBUG_BROKER=true LOG_LEVEL=info`:
+```
+[INFO] ℹ️ [AUTH-BROKER] Broker initialized: hasServiceKeyStore(true), hasSessionStore(true), hasTokenProvider(true), browser(system), allowBrowserAuth(true)
+[INFO] ℹ️ [AUTH-BROKER] Getting token for destination: TRIAL
+[INFO] ℹ️ [AUTH-BROKER] Session check for TRIAL: hasToken(true), hasAuthConfig(true), hasServiceUrl(true), serviceUrl(https://...abap...), authorizationToken(eyJ0eXAiOiJKV1QiLCJqaWQiO...Q5ti7aYmEzItIDuLp7axNYo6w), hasRefreshToken(true)
+[INFO] ℹ️ [AUTH-BROKER] Requesting tokens for TRIAL via session
+[INFO] ℹ️ [AUTH-BROKER] Tokens received for TRIAL: authorizationToken(eyJ0eXAiOiJKV1QiLCJqaWQiO...Q5ti7aYmEzItIDuLp7axNYo6w), hasRefreshToken(true), authType(authorization_code), expiresIn(43199), expiresAt(2025-12-26 20:15:30 UTC)
+[INFO] ℹ️ [AUTH-BROKER] Saving tokens to session for TRIAL: serviceUrl(https://...abap...), authorizationToken(eyJ0eXAiOiJKV1QiLCJqaWQiO...Q5ti7aYmEzItIDuLp7axNYo6w), hasRefreshToken(true), expiresAt(2025-12-26 20:15:30 UTC)
+[INFO] ℹ️ [AUTH-BROKER] Token retrieved for TRIAL (via session): authorizationToken(eyJ0eXAiOiJKV1QiLCJqaWQiO...Q5ti7aYmEzItIDuLp7axNYo6w)
+```
 
-**Legacy Support**: `DEBUG_AUTH_LOG` is still supported for backward compatibility (equivalent to `DEBUG_AUTH_BROKER=true LOG_LEVEL=debug`)
+**Note**: Logging only works when a logger is explicitly provided to the broker constructor. The broker will not output anything to console if no logger is passed.
 
 ### File Structure
 

package/bin/mcp-auth.ts

@@ -486,7 +486,6 @@ async function main() {
     console.log(`✅ Token obtained successfully`);
 
     const connConfig = await sessionStore.getConnectionConfig(destination);
-    const authConfig = await sessionStore.getAuthorizationConfig(destination);
 
     if (!token) {
       throw new Error(

package/dist/AuthBroker.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"AuthBroker.d.ts","sourceRoot":"","sources":["../src/AuthBroker.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EACL,KAAK,OAAO,EACZ,KAAK,eAAe,EAGrB,MAAM,0BAA0B,CAAC;AAClC,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAClD,OAAO,KAAK,EACV,oBAAoB,EACpB,iBAAiB,EACjB,gBAAgB,EAChB,aAAa,EACd,MAAM,qBAAqB,CAAC;AA4C7B;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,mEAAmE;IACnE,YAAY,EAAE,aAAa,CAAC;IAC5B,uEAAuE;IACvE,eAAe,CAAC,EAAE,gBAAgB,CAAC;IACnC,4IAA4I;IAC5I,aAAa,EAAE,cAAc,CAAC;IAC9B;;;;OAIG;IACH,gBAAgB,CAAC,EAAE,OAAO,CAAC;CAC5B;AAED;;GAEG;AACH,qBAAa,UAAU;IACrB,OAAO,CAAC,OAAO,CAAqB;IACpC,OAAO,CAAC,MAAM,CAAU;IACxB,OAAO,CAAC,eAAe,CAA+B;IACtD,OAAO,CAAC,YAAY,CAAgB;IACpC,OAAO,CAAC,aAAa,CAAiB;IACtC,OAAO,CAAC,gBAAgB,CAAU;IAElC;;;;;;;;;;;OAWG;gBACS,MAAM,EAAE,gBAAgB,EAAE,OAAO,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,OAAO;IAkFxE;;OAEG;YACW,eAAe;IA0D7B;;OAEG;YACW,aAAa;IAoD3B;;OAEG;YACW,oCAAoC;IA4ClD;;OAEG;YACW,kBAAkB;YAkClB,aAAa;YA8Cb,kBAAkB;IAiChC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAuCG;IACG,QAAQ,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAsHpD;;;;;OAKG;IACG,YAAY,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IASxD;;;;OAIG;IACG,sBAAsB,CAC1B,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,oBAAoB,GAAG,IAAI,CAAC;IAoEvC;;;;OAIG;IACG,mBAAmB,CACvB,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,iBAAiB,GAAG,IAAI,CAAC;IA8DpC;;;;;;;;;;;;;;;;OAgBG;IACH,oBAAoB,CAAC,WAAW,EAAE,MAAM,GAAG,eAAe;CAqB3D"}
+{"version":3,"file":"AuthBroker.d.ts","sourceRoot":"","sources":["../src/AuthBroker.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EACL,KAAK,OAAO,EACZ,KAAK,eAAe,EAGrB,MAAM,0BAA0B,CAAC;AAClC,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAClD,OAAO,KAAK,EACV,oBAAoB,EACpB,iBAAiB,EACjB,gBAAgB,EAChB,aAAa,EACd,MAAM,qBAAqB,CAAC;AA6C7B;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,mEAAmE;IACnE,YAAY,EAAE,aAAa,CAAC;IAC5B,uEAAuE;IACvE,eAAe,CAAC,EAAE,gBAAgB,CAAC;IACnC,4IAA4I;IAC5I,aAAa,EAAE,cAAc,CAAC;IAC9B;;;;OAIG;IACH,gBAAgB,CAAC,EAAE,OAAO,CAAC;CAC5B;AAED;;GAEG;AACH,qBAAa,UAAU;IACrB,OAAO,CAAC,OAAO,CAAqB;IACpC,OAAO,CAAC,MAAM,CAAU;IACxB,OAAO,CAAC,eAAe,CAA+B;IACtD,OAAO,CAAC,YAAY,CAAgB;IACpC,OAAO,CAAC,aAAa,CAAiB;IACtC,OAAO,CAAC,gBAAgB,CAAU;IAElC;;;;;;;;;;;OAWG;gBACS,MAAM,EAAE,gBAAgB,EAAE,OAAO,CAAC,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,OAAO;IAsFxE;;OAEG;YACW,eAAe;IA0D7B;;OAEG;YACW,aAAa;IAoD3B;;OAEG;YACW,oCAAoC;IA4ClD;;OAEG;YACW,kBAAkB;YAkClB,aAAa;YA0Db,kBAAkB;IAgDhC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAuCG;IACG,QAAQ,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAkJpD;;;;;OAKG;IACG,YAAY,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IASxD;;;;OAIG;IACG,sBAAsB,CAC1B,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,oBAAoB,GAAG,IAAI,CAAC;IAoEvC;;;;OAIG;IACG,mBAAmB,CACvB,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC,iBAAiB,GAAG,IAAI,CAAC;IAgEpC;;;;;;;;;;;;;;;;OAgBG;IACH,oBAAoB,CAAC,WAAW,EAAE,MAAM,GAAG,eAAe;CAqB3D"}

package/dist/AuthBroker.js

@@ -5,6 +5,7 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.AuthBroker = void 0;
 const interfaces_1 = require("@mcp-abap-adt/interfaces");
+const formatting_1 = require("./utils/formatting");
 /**
  * No-op logger implementation for default fallback when logger is not provided
  */
@@ -108,7 +109,13 @@ class AuthBroker {
         this.allowBrowserAuth = config.allowBrowserAuth ?? true;
         // Log successful initialization
         const hasServiceKeyStore = !!this.serviceKeyStore;
-        this.logger?.debug(`AuthBroker initialized: sessionStore(ok), serviceKeyStore(${hasServiceKeyStore ? 'ok' : 'none'}), tokenProvider(ok)`);
+        this.logger?.info('[AuthBroker] Broker initialized', {
+            hasServiceKeyStore,
+            hasSessionStore: true,
+            hasTokenProvider: true,
+            browser: this.browser,
+            allowBrowserAuth: this.allowBrowserAuth,
+        });
     }
     /**
      * Load session data (connection and authorization configs)
@@ -246,13 +253,25 @@ class AuthBroker {
         }
     }
     async requestTokens(destination, sourceLabel) {
-        this.logger?.debug(`Requesting tokens for ${destination} via ${sourceLabel}`);
+        this.logger?.info(`[AuthBroker] Requesting tokens for ${destination} via ${sourceLabel}`);
         try {
             const getTokens = this.tokenProvider.getTokens;
             if (!getTokens) {
                 throw new Error('AuthBroker: tokenProvider.getTokens is required');
             }
-            return await getTokens.call(this.tokenProvider);
+            const tokenResult = await getTokens.call(this.tokenProvider);
+            const expiresAt = tokenResult.expiresIn
+                ? Date.now() + tokenResult.expiresIn * 1000
+                : undefined;
+            this.logger?.info(`[AuthBroker] Tokens received for ${destination}`, {
+                authorizationToken: (0, formatting_1.formatToken)(tokenResult.authorizationToken),
+                hasRefreshToken: !!tokenResult.refreshToken,
+                refreshToken: (0, formatting_1.formatToken)(tokenResult.refreshToken),
+                authType: tokenResult.authType,
+                expiresIn: tokenResult.expiresIn,
+                expiresAt: expiresAt ? (0, formatting_1.formatExpirationDate)(expiresAt) : undefined,
+            });
+            return tokenResult;
         }
         catch (error) {
             if (hasErrorCode(error)) {
@@ -289,6 +308,17 @@ class AuthBroker {
             ...authConfig,
             refreshToken: tokenResult.refreshToken ?? authConfig.refreshToken,
         };
+        const expiresAt = tokenResult.expiresIn
+            ? Date.now() + tokenResult.expiresIn * 1000
+            : undefined;
+        this.logger?.info(`[AuthBroker] Saving tokens to session for ${destination}`, {
+            serviceUrl,
+            authorizationToken: (0, formatting_1.formatToken)(token),
+            hasRefreshToken: !!authorizationConfig.refreshToken,
+            refreshToken: (0, formatting_1.formatToken)(authorizationConfig.refreshToken),
+            expiresIn: tokenResult.expiresIn,
+            expiresAt: expiresAt ? (0, formatting_1.formatExpirationDate)(expiresAt) : undefined,
+        });
         await this.saveTokenToSession(destination, connectionConfigWithServiceUrl, authorizationConfig);
     }
     /**
@@ -332,7 +362,7 @@ class AuthBroker {
      * @throws Error if session initialization fails or authentication failed
      */
     async getToken(destination) {
-        this.logger?.debug(`Getting token for destination: ${destination}`);
+        this.logger?.info(`[AuthBroker] Getting token for destination: ${destination}`);
         // Load session data
         const { connConfig, authConfig } = await this.loadSessionData(destination);
         // Get serviceUrl (required)
@@ -340,7 +370,15 @@ class AuthBroker {
         // Check if we have token or UAA credentials
         const hasToken = !!connConfig?.authorizationToken;
         const hasAuthConfig = !!authConfig;
-        this.logger?.debug(`Session check for ${destination}: hasToken(${hasToken}), hasAuthConfig(${hasAuthConfig}), serviceUrl(${serviceUrl ? 'yes' : 'no'})`);
+        this.logger?.info(`[AuthBroker] Session check for ${destination}`, {
+            hasToken,
+            hasAuthConfig,
+            hasServiceUrl: !!serviceUrl,
+            serviceUrl,
+            authorizationToken: (0, formatting_1.formatToken)(connConfig?.authorizationToken),
+            hasRefreshToken: !!authConfig?.refreshToken,
+            refreshToken: (0, formatting_1.formatToken)(authConfig?.refreshToken),
+        });
         // Step 0: Initialize Session with Token (if needed)
         if (!hasToken && !hasAuthConfig) {
             if (!this.allowBrowserAuth) {
@@ -353,6 +391,9 @@ class AuthBroker {
             const serviceKeyAuthConfig = await this.getAuthorizationConfigFromServiceKey(destination);
             const tokenResult = await this.requestTokens(destination, 'serviceKey');
             await this.persistTokenResult(destination, serviceUrl, connConfig, serviceKeyAuthConfig, tokenResult);
+            this.logger?.info(`[AuthBroker] Token retrieved for ${destination} (initialized from service key)`, {
+                authorizationToken: (0, formatting_1.formatToken)(tokenResult.authorizationToken),
+            });
             return tokenResult.authorizationToken;
         }
         // Step 1: Request tokens via provider (provider handles token lifecycle internally)
@@ -371,6 +412,9 @@ class AuthBroker {
             try {
                 const tokenResult = await this.requestTokens(destination, 'session');
                 await this.persistTokenResult(destination, serviceUrl, connConfig, authConfig, tokenResult);
+                this.logger?.info(`[AuthBroker] Token retrieved for ${destination} (via session)`, {
+                    authorizationToken: (0, formatting_1.formatToken)(tokenResult.authorizationToken),
+                });
                 return tokenResult.authorizationToken;
             }
             catch (error) {
@@ -394,6 +438,9 @@ class AuthBroker {
         const serviceKeyAuthConfig = await this.getAuthorizationConfigFromServiceKey(destination);
         const tokenResult = await this.requestTokens(destination, 'serviceKey');
         await this.persistTokenResult(destination, serviceUrl, connConfig, serviceKeyAuthConfig, tokenResult);
+        this.logger?.info(`[AuthBroker] Token retrieved for ${destination} (fallback to service key)`, {
+            authorizationToken: (0, formatting_1.formatToken)(tokenResult.authorizationToken),
+        });
         return tokenResult.authorizationToken;
     }
     /**
@@ -481,7 +528,9 @@ class AuthBroker {
             this.logger?.warn(`Failed to get connection config from session store for ${destination}: ${getErrorMessage(error)}`);
         }
         if (sessionConnConfig) {
-            this.logger?.debug(`Connection config from session for ${destination}: token(${sessionConnConfig.authorizationToken?.length || 0} chars), serviceUrl(${sessionConnConfig.serviceUrl ? 'yes' : 'no'})`);
+            const tokenLength = sessionConnConfig.authorizationToken?.length || 0;
+            const formattedToken = (0, formatting_1.formatToken)(sessionConnConfig.authorizationToken);
+            this.logger?.debug(`Connection config from session for ${destination}: token(${tokenLength} chars${formattedToken ? `, ${formattedToken}` : ''}), serviceUrl(${sessionConnConfig.serviceUrl ? 'yes' : 'no'})`);
             return sessionConnConfig;
         }
         // Fall back to service key store (has URLs but no tokens) if available

package/dist/__tests__/helpers/testLogger.d.ts

@@ -1,5 +1,6 @@
 /**
  * Test logger with environment variable control
+ * Uses DefaultLogger from @mcp-abap-adt/logger for proper formatting
  */
 import type { ILogger } from '@mcp-abap-adt/interfaces';
 export declare function createTestLogger(prefix?: string): ILogger;

package/dist/__tests__/helpers/testLogger.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"testLogger.d.ts","sourceRoot":"","sources":["../../../src/__tests__/helpers/testLogger.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,0BAA0B,CAAC;AAgBxD,wBAAgB,gBAAgB,CAAC,MAAM,GAAE,MAAe,GAAG,OAAO,CAkEjE"}
+{"version":3,"file":"testLogger.d.ts","sourceRoot":"","sources":["../../../src/__tests__/helpers/testLogger.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,0BAA0B,CAAC;AAGxD,wBAAgB,gBAAgB,CAAC,MAAM,GAAE,MAAe,GAAG,OAAO,CAmDjE"}

package/dist/__tests__/helpers/testLogger.js

@@ -1,80 +1,53 @@
 "use strict";
 /**
  * Test logger with environment variable control
+ * Uses DefaultLogger from @mcp-abap-adt/logger for proper formatting
  */
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.createTestLogger = createTestLogger;
-function getLogLevel() {
-    const level = process.env.LOG_LEVEL?.toLowerCase() || 'info';
-    const levels = ['debug', 'info', 'warn', 'error'];
-    return levels.includes(level) ? level : 'info';
-}
-function shouldLog(level) {
-    const currentLevel = getLogLevel();
-    const levels = ['debug', 'info', 'warn', 'error'];
-    return levels.indexOf(level) >= levels.indexOf(currentLevel);
-}
+const logger_1 = require("@mcp-abap-adt/logger");
 function createTestLogger(prefix = 'TEST') {
     // Check if logging is enabled - requires explicit enable
     const isEnabled = () => {
-        // Explicitly disabled
-        if (process.env.DEBUG_AUTH_BROKER === 'false') {
+        // Explicitly disabled (support both short and long names)
+        if (process.env.DEBUG_BROKER === 'false' ||
+            process.env.DEBUG_AUTH_BROKER === 'false') {
             return false;
         }
-        // Explicitly enabled
-        if (process.env.DEBUG_AUTH_BROKER === 'true' ||
+        // Explicitly enabled (support both short and long names)
+        if (process.env.DEBUG_BROKER === 'true' ||
+            process.env.DEBUG_AUTH_BROKER === 'true' ||
             process.env.DEBUG === 'true' ||
+            process.env.DEBUG?.includes('broker') === true ||
             process.env.DEBUG?.includes('auth-broker') === true) {
             return true;
         }
         // Do not enable by default - require explicit enable
         return false;
     };
-    // Format message and meta into single line
-    const formatMessage = (message, meta) => {
-        if (!meta || meta === '') {
-            return message;
-        }
-        // If meta is an object, format it concisely
-        if (typeof meta === 'object' && !Array.isArray(meta)) {
-            const parts = [];
-            for (const [key, value] of Object.entries(meta)) {
-                if (value !== undefined && value !== null) {
-                    if (typeof value === 'string' && value.length > 50) {
-                        parts.push(`${key}(${value.substring(0, 50)}...)`);
-                    }
-                    else if (typeof value === 'boolean') {
-                        parts.push(`${key}(${value})`);
-                    }
-                    else {
-                        parts.push(`${key}(${value})`);
-                    }
-                }
-            }
-            return parts.length > 0 ? `${message} ${parts.join(', ')}` : message;
-        }
-        // If meta is a string or other type, append it
-        return `${message} ${String(meta)}`;
-    };
+    // Create DefaultLogger with appropriate log level
+    // getLogLevel respects AUTH_LOG_LEVEL env var and defaults to INFO
+    const baseLogger = new logger_1.DefaultLogger((0, logger_1.getLogLevel)());
+    // Return wrapper that checks if logging is enabled
     return {
         debug: (message, meta) => {
-            if (isEnabled() && shouldLog('debug')) {
-                console.debug(`[${prefix}] [DEBUG] ${formatMessage(message, meta)}`);
+            if (isEnabled()) {
+                baseLogger.debug(`[${prefix}] ${message}`, meta);
             }
         },
         info: (message, meta) => {
-            if (isEnabled() && shouldLog('info')) {
-                console.info(`[${prefix}] ${formatMessage(message, meta)}`);
+            if (isEnabled()) {
+                baseLogger.info(`[${prefix}] ${message}`, meta);
             }
         },
         warn: (message, meta) => {
-            if (isEnabled() && shouldLog('warn')) {
-                console.warn(`[${prefix}] [WARN] ${formatMessage(message, meta)}`);
+            if (isEnabled()) {
+                baseLogger.warn(`[${prefix}] ${message}`, meta);
             }
         },
         error: (message, meta) => {
-            if (isEnabled() && shouldLog('error')) {
-                console.error(`[${prefix}] [ERROR] ${formatMessage(message, meta)}`);
+            if (isEnabled()) {
+                baseLogger.error(`[${prefix}] ${message}`, meta);
             }
         },
     };

package/dist/utils/formatting.d.ts

@@ -0,0 +1,16 @@
+/**
+ * Formatting utilities for logging
+ */
+/**
+ * Format token for logging (start...end)
+ * @param token Token string to format
+ * @returns Formatted token string or undefined if token is empty
+ */
+export declare function formatToken(token?: string): string | undefined;
+/**
+ * Format timestamp to readable date/time string
+ * @param timestamp Timestamp in milliseconds
+ * @returns Formatted date string (e.g., "2025-12-25 19:21:27 UTC")
+ */
+export declare function formatExpirationDate(timestamp: number): string;
+//# sourceMappingURL=formatting.d.ts.map

package/dist/utils/formatting.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"formatting.d.ts","sourceRoot":"","sources":["../../src/utils/formatting.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH;;;;GAIG;AACH,wBAAgB,WAAW,CAAC,KAAK,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAI9D;AAED;;;;GAIG;AACH,wBAAgB,oBAAoB,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,CAS9D"}

package/dist/utils/formatting.js

@@ -0,0 +1,34 @@
+"use strict";
+/**
+ * Formatting utilities for logging
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.formatToken = formatToken;
+exports.formatExpirationDate = formatExpirationDate;
+/**
+ * Format token for logging (start...end)
+ * @param token Token string to format
+ * @returns Formatted token string or undefined if token is empty
+ */
+function formatToken(token) {
+    if (!token)
+        return undefined;
+    if (token.length <= 50)
+        return token;
+    return `${token.substring(0, 25)}...${token.substring(token.length - 25)}`;
+}
+/**
+ * Format timestamp to readable date/time string
+ * @param timestamp Timestamp in milliseconds
+ * @returns Formatted date string (e.g., "2025-12-25 19:21:27 UTC")
+ */
+function formatExpirationDate(timestamp) {
+    const date = new Date(timestamp);
+    const year = date.getUTCFullYear();
+    const month = String(date.getUTCMonth() + 1).padStart(2, '0');
+    const day = String(date.getUTCDate()).padStart(2, '0');
+    const hours = String(date.getUTCHours()).padStart(2, '0');
+    const minutes = String(date.getUTCMinutes()).padStart(2, '0');
+    const seconds = String(date.getUTCSeconds()).padStart(2, '0');
+    return `${year}-${month}-${day} ${hours}:${minutes}:${seconds} UTC`;
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mcp-abap-adt/auth-broker",
-  "version": "0.2.13",
+  "version": "0.2.15",
   "description": "JWT authentication broker for MCP ABAP ADT - manages tokens based on destination headers",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -56,14 +56,15 @@
     "node": ">=18.0.0"
   },
   "dependencies": {
-    "@mcp-abap-adt/auth-providers": "^0.2.8",
-    "@mcp-abap-adt/auth-stores": "^0.2.9",
+    "@mcp-abap-adt/auth-providers": "^0.2.10",
+    "@mcp-abap-adt/auth-stores": "^0.2.10",
     "@mcp-abap-adt/interfaces": "^0.2.14",
     "axios": "^1.13.2",
     "tsx": "^4.21.0"
   },
   "devDependencies": {
     "@biomejs/biome": "^2.3.10",
+    "@mcp-abap-adt/logger": "^0.1.4",
     "@types/express": "^5.0.5",
     "@types/jest": "^30.0.0",
     "@types/js-yaml": "^4.0.9",
@@ -71,6 +72,8 @@
     "jest": "^30.2.0",
     "jest-util": "^30.2.0",
     "js-yaml": "^4.1.1",
+    "pino": "^10.1.0",
+    "pino-pretty": "^13.1.3",
     "ts-jest": "^29.2.5",
     "typescript": "^5.9.2"
   }