@mcp-abap-adt/auth-broker 0.2.6 → 0.2.7

package/CHANGELOG.md

@@ -11,6 +11,21 @@ Thank you to all contributors! See [CONTRIBUTORS.md](CONTRIBUTORS.md) for the co
 
 ## [Unreleased]
 
+## [0.2.7] - 2025-12-21
+
+### Added
+- **Headless Browser Mode**: Added `browser: 'headless'` option for SSH and remote sessions
+  - Logs authentication URL and waits for manual callback
+  - Ideal for environments without display (SSH, Docker, CI/CD)
+  - Differs from `'none'` which rejects immediately (for automated tests)
+
+### Changed
+- **Documentation Update**: Updated browser option documentation to clarify `headless` vs `none` modes
+
+### Dependencies
+- Updated `@mcp-abap-adt/interfaces` to `^0.2.4` for headless browser mode support
+- Updated `@mcp-abap-adt/auth-providers` to `^0.2.3` (devDependency, tests only) for headless mode implementation
+
 ## [0.2.5] - 2025-12-20
 
 ### Added

package/README.md

@@ -368,7 +368,9 @@ new AuthBroker(
   - `sessionStore` - **Required** - Store for session data. Must contain initial session with `serviceUrl`
   - `serviceKeyStore` - **Optional** - Store for service keys. Only needed for initializing sessions from service keys
   - `tokenProvider` - **Optional** - Token provider for token acquisition. Only needed for browser authentication or when direct UAA requests fail
-- `browser` - Optional browser name for authentication (`chrome`, `edge`, `firefox`, `system`, `none`). Default: `system`
+- `browser` - Optional browser name for authentication (`chrome`, `edge`, `firefox`, `system`, `headless`, `none`). Default: `system`
+  - Use `'headless'` for SSH/remote sessions - logs URL and waits for manual callback
+  - Use `'none'` for automated tests - logs URL and rejects immediately
   - For XSUAA, browser is not used (client_credentials grant type) - use `'none'`
 - `logger` - Optional logger instance. If not provided, uses no-op logger
 
@@ -456,6 +458,13 @@ try {
 - `BROWSER_AUTH_ERROR` - Browser authentication failed or cancelled (logged, throws)
 - `REFRESH_ERROR` - Token refresh failed at UAA server (logged, throws)
 
+**4. Browser Auth Disabled Errors** (when `allowBrowserAuth: false`):
+- `BROWSER_AUTH_REQUIRED` - Browser authentication is required but disabled. Thrown when:
+  - **Step 0**: No token and no UAA credentials in session, service key exists but browser auth needed
+  - **Step 2b**: Refresh token expired/invalid and browser auth needed for new token
+  - Error includes `destination` property for context
+  - Use case: Non-interactive environments (MCP stdio, Cline) where browser cannot open
+
 **Defensive Design Principles:**
 - **All external operations wrapped in try-catch**: Files may be missing/corrupted, network may fail
 - **Graceful degradation**: Store errors trigger fallback mechanisms (serviceKey → session → provider)

package/dist/AuthBroker.d.ts

@@ -37,9 +37,10 @@ export declare class AuthBroker {
      *               - sessionStore: Store for session data (required)
      *               - serviceKeyStore: Store for service keys (optional)
      *               - tokenProvider: Token provider implementing ITokenProvider interface (required) - handles browser-based authorization
-     * @param browser Optional browser name for authentication (chrome, edge, firefox, system, none).
+     * @param browser Optional browser name for authentication (chrome, edge, firefox, system, headless, none).
      *                Default: 'system' (system default browser).
-     *                Use 'none' to print URL instead of opening browser.
+     *                Use 'headless' for SSH/remote sessions - logs URL and waits for manual callback.
+     *                Use 'none' for automated tests - logs URL and rejects immediately.
      * @param logger Optional logger instance implementing ILogger interface. If not provided, uses no-op logger.
      */
     constructor(config: AuthBrokerConfig, browser?: string, logger?: ILogger);

package/dist/AuthBroker.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"AuthBroker.d.ts","sourceRoot":"","sources":["../src/AuthBroker.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,OAAO,EAA8C,MAAM,0BAA0B,CAAC;AAC/F,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AAC/G,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAa7C;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,mEAAmE;IACnE,YAAY,EAAE,aAAa,CAAC;IAC5B,uEAAuE;IACvE,eAAe,CAAC,EAAE,gBAAgB,CAAC;IACnC,4IAA4I;IAC5I,aAAa,EAAE,cAAc,CAAC;IAC9B;;;;OAIG;IACH,gBAAgB,CAAC,EAAE,OAAO,CAAC;CAC5B;AAED;;GAEG;AACH,qBAAa,UAAU;IACrB,OAAO,CAAC,OAAO,CAAqB;IACpC,OAAO,CAAC,MAAM,CAAU;IACxB,OAAO,CAAC,eAAe,CAA+B;IACtD,OAAO,CAAC,YAAY,CAAgB;IACpC,OAAO,CAAC,aAAa,CAAiB;IACtC,OAAO,CAAC,gBAAgB,CAAU;IAElC;;;;;;;;;;OAUG;gBAED,MAAM,EAAE,gBAAgB,EACxB,OAAO,CAAC,EAAE,MAAM,EAChB,MAAM,CAAC,EAAE,OAAO;IAuElB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAuCG;IACG,QAAQ,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAgYpD;;;;;OAKG;IACG,YAAY,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAOxD;;;;OAIG;IACG,sBAAsB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,oBAAoB,GAAG,IAAI,CAAC;IA4CvF;;;;OAIG;IACG,mBAAmB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,GAAG,IAAI,CAAC;CA0ClF"}
+{"version":3,"file":"AuthBroker.d.ts","sourceRoot":"","sources":["../src/AuthBroker.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,OAAO,EAA8C,MAAM,0BAA0B,CAAC;AAC/F,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,oBAAoB,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAC;AAC/G,OAAO,EAAE,cAAc,EAAE,MAAM,aAAa,CAAC;AAa7C;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAC/B,mEAAmE;IACnE,YAAY,EAAE,aAAa,CAAC;IAC5B,uEAAuE;IACvE,eAAe,CAAC,EAAE,gBAAgB,CAAC;IACnC,4IAA4I;IAC5I,aAAa,EAAE,cAAc,CAAC;IAC9B;;;;OAIG;IACH,gBAAgB,CAAC,EAAE,OAAO,CAAC;CAC5B;AAED;;GAEG;AACH,qBAAa,UAAU;IACrB,OAAO,CAAC,OAAO,CAAqB;IACpC,OAAO,CAAC,MAAM,CAAU;IACxB,OAAO,CAAC,eAAe,CAA+B;IACtD,OAAO,CAAC,YAAY,CAAgB;IACpC,OAAO,CAAC,aAAa,CAAiB;IACtC,OAAO,CAAC,gBAAgB,CAAU;IAElC;;;;;;;;;;;OAWG;gBAED,MAAM,EAAE,gBAAgB,EACxB,OAAO,CAAC,EAAE,MAAM,EAChB,MAAM,CAAC,EAAE,OAAO;IAuElB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAuCG;IACG,QAAQ,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAgYpD;;;;;OAKG;IACG,YAAY,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAOxD;;;;OAIG;IACG,sBAAsB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,oBAAoB,GAAG,IAAI,CAAC;IA4CvF;;;;OAIG;IACG,mBAAmB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,GAAG,IAAI,CAAC;CA0ClF"}

package/dist/AuthBroker.js

@@ -30,9 +30,10 @@ class AuthBroker {
      *               - sessionStore: Store for session data (required)
      *               - serviceKeyStore: Store for service keys (optional)
      *               - tokenProvider: Token provider implementing ITokenProvider interface (required) - handles browser-based authorization
-     * @param browser Optional browser name for authentication (chrome, edge, firefox, system, none).
+     * @param browser Optional browser name for authentication (chrome, edge, firefox, system, headless, none).
      *                Default: 'system' (system default browser).
-     *                Use 'none' to print URL instead of opening browser.
+     *                Use 'headless' for SSH/remote sessions - logs URL and waits for manual callback.
+     *                Use 'none' for automated tests - logs URL and rejects immediately.
      * @param logger Optional logger instance implementing ILogger interface. If not provided, uses no-op logger.
      */
     constructor(config, browser, logger) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mcp-abap-adt/auth-broker",
-  "version": "0.2.6",
+  "version": "0.2.7",
   "description": "JWT authentication broker for MCP ABAP ADT - manages tokens based on destination headers",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -51,11 +51,11 @@
     "node": ">=18.0.0"
   },
   "dependencies": {
-    "@mcp-abap-adt/interfaces": "^0.2.3",
+    "@mcp-abap-adt/interfaces": "^0.2.4",
     "axios": "^1.13.2"
   },
   "devDependencies": {
-    "@mcp-abap-adt/auth-providers": "^0.2.2",
+    "@mcp-abap-adt/auth-providers": "^0.2.3",
     "@mcp-abap-adt/auth-stores": "^0.2.5",
     "@types/express": "^5.0.5",
     "@types/jest": "^30.0.0",