@mcp-abap-adt/auth-stores 0.1.0

package/dist/parsers/xsuaa/XsuaaServiceKeyParser.js

@@ -0,0 +1,72 @@
+"use strict";
+/**
+ * XSUAA Service Key Parser
+ *
+ * Parses direct XSUAA service key format from BTP (without nested uaa object):
+ * {
+ *   "url": "https://...authentication...hana.ondemand.com",
+ *   "clientid": "...",
+ *   "clientsecret": "...",
+ *   "tenantmode": "shared",
+ *   ...
+ * }
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.XsuaaServiceKeyParser = void 0;
+/**
+ * Parser for direct XSUAA service key format from BTP
+ */
+class XsuaaServiceKeyParser {
+    /**
+     * Check if this parser can handle the given raw service key data
+     * @param rawData Raw JSON data from service key file
+     * @returns true if data has direct XSUAA fields (url, clientid, clientsecret) without nested uaa object
+     */
+    canParse(rawData) {
+        if (!rawData || typeof rawData !== 'object' || Array.isArray(rawData)) {
+            return false;
+        }
+        // Check for nested uaa object (ABAP format) - should not have it
+        if (rawData.uaa) {
+            return false;
+        }
+        // Check for required XSUAA fields at root level
+        return (typeof rawData.url === 'string' &&
+            typeof rawData.clientid === 'string' &&
+            typeof rawData.clientsecret === 'string' &&
+            rawData.url.length > 0 &&
+            rawData.clientid.length > 0 &&
+            rawData.clientsecret.length > 0);
+    }
+    /**
+     * Parse raw service key data
+     * @param rawData Raw JSON data from service key file
+     * @returns Parsed service key object (normalized format)
+     * @throws Error if data cannot be parsed or is invalid
+     */
+    parse(rawData) {
+        if (!this.canParse(rawData)) {
+            throw new Error('Service key does not match XSUAA format (missing url, clientid, or clientsecret at root level)');
+        }
+        // Normalize to standard format
+        // Prioritize apiurl over url for UAA authorization (if present)
+        const uaaUrl = rawData.apiurl || rawData.url;
+        return {
+            uaa: {
+                url: uaaUrl,
+                clientid: rawData.clientid,
+                clientsecret: rawData.clientsecret,
+            },
+            // Preserve abap.url if present
+            abap: rawData.abap,
+            // Preserve other optional fields
+            url: rawData.url, // UAA URL
+            apiurl: rawData.apiurl, // API URL (prioritized for UAA)
+            sap_url: rawData.sap_url,
+            client: rawData.client,
+            sap_client: rawData.sap_client,
+            language: rawData.language,
+        };
+    }
+}
+exports.XsuaaServiceKeyParser = XsuaaServiceKeyParser;

package/dist/storage/abap/envLoader.d.ts

@@ -0,0 +1,21 @@
+/**
+ * Environment file loader - loads .env files by destination name for ABAP
+ */
+interface EnvConfig {
+    sapUrl: string;
+    sapClient?: string;
+    jwtToken: string;
+    refreshToken?: string;
+    uaaUrl?: string;
+    uaaClientId?: string;
+    uaaClientSecret?: string;
+    language?: string;
+}
+/**
+ * Load environment configuration from {destination}.env file
+ * @param destination Destination name
+ * @param searchPaths Array of paths to search for the file
+ * @returns EnvConfig object or null if file not found
+ */
+export declare function loadEnvFile(destination: string, searchPaths: string[]): Promise<EnvConfig | null>;
+export {};

package/dist/storage/abap/envLoader.js

@@ -0,0 +1,94 @@
+"use strict";
+/**
+ * Environment file loader - loads .env files by destination name for ABAP
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.loadEnvFile = loadEnvFile;
+const fs = __importStar(require("fs"));
+const dotenv = __importStar(require("dotenv"));
+const pathResolver_1 = require("../../utils/pathResolver");
+const constants_1 = require("../../utils/constants");
+/**
+ * Load environment configuration from {destination}.env file
+ * @param destination Destination name
+ * @param searchPaths Array of paths to search for the file
+ * @returns EnvConfig object or null if file not found
+ */
+async function loadEnvFile(destination, searchPaths) {
+    const fileName = `${destination}.env`;
+    const envFilePath = (0, pathResolver_1.findFileInPaths)(fileName, searchPaths);
+    if (!envFilePath) {
+        return null;
+    }
+    try {
+        // Read and parse .env file
+        const envContent = fs.readFileSync(envFilePath, 'utf8');
+        const parsed = dotenv.parse(envContent);
+        // Extract required fields
+        const sapUrl = parsed[constants_1.ABAP_CONNECTION_VARS.SERVICE_URL];
+        const jwtToken = parsed[constants_1.ABAP_CONNECTION_VARS.AUTHORIZATION_TOKEN];
+        if (!sapUrl || !jwtToken) {
+            return null;
+        }
+        const config = {
+            sapUrl: sapUrl.trim(),
+            jwtToken: jwtToken.trim(),
+        };
+        // Optional fields
+        if (parsed[constants_1.ABAP_CONNECTION_VARS.SAP_CLIENT]) {
+            config.sapClient = parsed[constants_1.ABAP_CONNECTION_VARS.SAP_CLIENT].trim();
+        }
+        if (parsed[constants_1.ABAP_AUTHORIZATION_VARS.REFRESH_TOKEN]) {
+            config.refreshToken = parsed[constants_1.ABAP_AUTHORIZATION_VARS.REFRESH_TOKEN].trim();
+        }
+        if (parsed[constants_1.ABAP_AUTHORIZATION_VARS.UAA_URL]) {
+            config.uaaUrl = parsed[constants_1.ABAP_AUTHORIZATION_VARS.UAA_URL].trim();
+        }
+        if (parsed[constants_1.ABAP_AUTHORIZATION_VARS.UAA_CLIENT_ID]) {
+            config.uaaClientId = parsed[constants_1.ABAP_AUTHORIZATION_VARS.UAA_CLIENT_ID].trim();
+        }
+        if (parsed[constants_1.ABAP_AUTHORIZATION_VARS.UAA_CLIENT_SECRET]) {
+            config.uaaClientSecret = parsed[constants_1.ABAP_AUTHORIZATION_VARS.UAA_CLIENT_SECRET].trim();
+        }
+        if (parsed[constants_1.ABAP_CONNECTION_VARS.SAP_LANGUAGE]) {
+            config.language = parsed[constants_1.ABAP_CONNECTION_VARS.SAP_LANGUAGE].trim();
+        }
+        return config;
+    }
+    catch (error) {
+        throw new Error(`Failed to load environment file for destination "${destination}": ${error instanceof Error ? error.message : String(error)}`);
+    }
+}

package/dist/storage/abap/tokenStorage.d.ts

@@ -0,0 +1,24 @@
+/**
+ * Token storage - saves tokens to .env files for ABAP
+ */
+interface EnvConfig {
+    sapUrl: string;
+    sapClient?: string;
+    jwtToken: string;
+    refreshToken?: string;
+    uaaUrl?: string;
+    uaaClientId?: string;
+    uaaClientSecret?: string;
+    language?: string;
+}
+/**
+ * Save token to {destination}.env file
+ * @param destination Destination name
+ * @param savePath Path where to save the file
+ * @param config Configuration to save
+ */
+export declare function saveTokenToEnv(destination: string, savePath: string, config: Partial<EnvConfig> & {
+    sapUrl?: string;
+    jwtToken: string;
+}): Promise<void>;
+export {};

package/dist/storage/abap/tokenStorage.js

@@ -0,0 +1,113 @@
+"use strict";
+/**
+ * Token storage - saves tokens to .env files for ABAP
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.saveTokenToEnv = saveTokenToEnv;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const constants_1 = require("../../utils/constants");
+/**
+ * Save token to {destination}.env file
+ * @param destination Destination name
+ * @param savePath Path where to save the file
+ * @param config Configuration to save
+ */
+async function saveTokenToEnv(destination, savePath, config) {
+    // Ensure directory exists
+    if (!fs.existsSync(savePath)) {
+        fs.mkdirSync(savePath, { recursive: true });
+    }
+    const envFilePath = path.join(savePath, `${destination}.env`);
+    const tempFilePath = `${envFilePath}.tmp`;
+    // Read existing .env file if it exists
+    let existingContent = '';
+    if (fs.existsSync(envFilePath)) {
+        existingContent = fs.readFileSync(envFilePath, 'utf8');
+    }
+    // Parse existing content to preserve other values
+    const lines = existingContent.split('\n');
+    const existingVars = new Map();
+    for (const line of lines) {
+        const trimmed = line.trim();
+        if (!trimmed || trimmed.startsWith('#')) {
+            continue;
+        }
+        const match = trimmed.match(/^([^=]+)=(.*)$/);
+        if (match) {
+            const key = match[1].trim();
+            const value = match[2].trim().replace(/^["']|["']$/g, ''); // Remove quotes
+            existingVars.set(key, value);
+        }
+    }
+    // Update with new values
+    if (config.sapUrl) {
+        existingVars.set(constants_1.ABAP_CONNECTION_VARS.SERVICE_URL, config.sapUrl);
+    }
+    existingVars.set(constants_1.ABAP_CONNECTION_VARS.AUTHORIZATION_TOKEN, config.jwtToken);
+    if (config.sapClient) {
+        existingVars.set(constants_1.ABAP_CONNECTION_VARS.SAP_CLIENT, config.sapClient);
+    }
+    if (config.language) {
+        existingVars.set(constants_1.ABAP_CONNECTION_VARS.SAP_LANGUAGE, config.language);
+    }
+    if (config.refreshToken) {
+        existingVars.set(constants_1.ABAP_AUTHORIZATION_VARS.REFRESH_TOKEN, config.refreshToken);
+    }
+    if (config.uaaUrl) {
+        existingVars.set(constants_1.ABAP_AUTHORIZATION_VARS.UAA_URL, config.uaaUrl);
+    }
+    if (config.uaaClientId) {
+        existingVars.set(constants_1.ABAP_AUTHORIZATION_VARS.UAA_CLIENT_ID, config.uaaClientId);
+    }
+    if (config.uaaClientSecret) {
+        existingVars.set(constants_1.ABAP_AUTHORIZATION_VARS.UAA_CLIENT_SECRET, config.uaaClientSecret);
+    }
+    // Write to temporary file first (atomic write)
+    const envLines = [];
+    for (const [key, value] of existingVars.entries()) {
+        // Escape value if it contains spaces or special characters
+        const escapedValue = value.includes(' ') || value.includes('=') || value.includes('#')
+            ? `"${value.replace(/"/g, '\\"')}"`
+            : value;
+        envLines.push(`${key}=${escapedValue}`);
+    }
+    const envContent = envLines.join('\n') + '\n';
+    // Write to temp file
+    fs.writeFileSync(tempFilePath, envContent, 'utf8');
+    // Atomic rename
+    fs.renameSync(tempFilePath, envFilePath);
+}

package/dist/storage/xsuaa/xsuaaEnvLoader.d.ts

@@ -0,0 +1,20 @@
+/**
+ * XSUAA Environment file loader - loads .env files with XSUAA_* variables for XSUAA
+ */
+interface XsuaaSessionConfig {
+    mcpUrl?: string;
+    jwtToken: string;
+    refreshToken?: string;
+    uaaUrl?: string;
+    uaaClientId?: string;
+    uaaClientSecret?: string;
+}
+/**
+ * Load XSUAA environment configuration from {destination}.env file
+ * Reads XSUAA_* variables instead of SAP_* variables
+ * @param destination Destination name
+ * @param searchPaths Array of paths to search for the file
+ * @returns XsuaaSessionConfig object or null if file not found
+ */
+export declare function loadXsuaaEnvFile(destination: string, searchPaths: string[]): Promise<XsuaaSessionConfig | null>;
+export {};

package/dist/storage/xsuaa/xsuaaEnvLoader.js

@@ -0,0 +1,91 @@
+"use strict";
+/**
+ * XSUAA Environment file loader - loads .env files with XSUAA_* variables for XSUAA
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.loadXsuaaEnvFile = loadXsuaaEnvFile;
+const fs = __importStar(require("fs"));
+const dotenv = __importStar(require("dotenv"));
+const pathResolver_1 = require("../../utils/pathResolver");
+const constants_1 = require("../../utils/constants");
+/**
+ * Load XSUAA environment configuration from {destination}.env file
+ * Reads XSUAA_* variables instead of SAP_* variables
+ * @param destination Destination name
+ * @param searchPaths Array of paths to search for the file
+ * @returns XsuaaSessionConfig object or null if file not found
+ */
+async function loadXsuaaEnvFile(destination, searchPaths) {
+    const fileName = `${destination}.env`;
+    const envFilePath = (0, pathResolver_1.findFileInPaths)(fileName, searchPaths);
+    if (!envFilePath) {
+        return null;
+    }
+    try {
+        // Read and parse .env file
+        const envContent = fs.readFileSync(envFilePath, 'utf8');
+        const parsed = dotenv.parse(envContent);
+        // Extract required fields (XSUAA_* variables)
+        const jwtToken = parsed[constants_1.XSUAA_CONNECTION_VARS.AUTHORIZATION_TOKEN];
+        if (!jwtToken) {
+            return null;
+        }
+        const config = {
+            jwtToken: jwtToken.trim(),
+        };
+        // mcpUrl can be loaded from .env file as additional variable (not part of CONNECTION_VARS, but can be stored)
+        // URL comes from elsewhere (YAML config, parameter, or request header), but can be stored in .env
+        if (parsed['XSUAA_MCP_URL']) {
+            config.mcpUrl = parsed['XSUAA_MCP_URL'].trim();
+        }
+        if (parsed[constants_1.XSUAA_AUTHORIZATION_VARS.REFRESH_TOKEN]) {
+            config.refreshToken = parsed[constants_1.XSUAA_AUTHORIZATION_VARS.REFRESH_TOKEN].trim();
+        }
+        if (parsed[constants_1.XSUAA_AUTHORIZATION_VARS.UAA_URL]) {
+            config.uaaUrl = parsed[constants_1.XSUAA_AUTHORIZATION_VARS.UAA_URL].trim();
+        }
+        if (parsed[constants_1.XSUAA_AUTHORIZATION_VARS.UAA_CLIENT_ID]) {
+            config.uaaClientId = parsed[constants_1.XSUAA_AUTHORIZATION_VARS.UAA_CLIENT_ID].trim();
+        }
+        if (parsed[constants_1.XSUAA_AUTHORIZATION_VARS.UAA_CLIENT_SECRET]) {
+            config.uaaClientSecret = parsed[constants_1.XSUAA_AUTHORIZATION_VARS.UAA_CLIENT_SECRET].trim();
+        }
+        return config;
+    }
+    catch (error) {
+        throw new Error(`Failed to load XSUAA environment file for destination "${destination}": ${error instanceof Error ? error.message : String(error)}`);
+    }
+}

package/dist/storage/xsuaa/xsuaaTokenStorage.d.ts

@@ -0,0 +1,19 @@
+/**
+ * XSUAA Token storage - saves tokens to .env files with XSUAA_* variables
+ */
+interface XsuaaSessionConfig {
+    mcpUrl?: string;
+    jwtToken: string;
+    refreshToken?: string;
+    uaaUrl?: string;
+    uaaClientId?: string;
+    uaaClientSecret?: string;
+}
+/**
+ * Save XSUAA token to {destination}.env file using XSUAA_* variables
+ * @param destination Destination name
+ * @param savePath Path where to save the file
+ * @param config XSUAA session configuration to save
+ */
+export declare function saveXsuaaTokenToEnv(destination: string, savePath: string, config: XsuaaSessionConfig): Promise<void>;
+export {};

package/dist/storage/xsuaa/xsuaaTokenStorage.js

@@ -0,0 +1,115 @@
+"use strict";
+/**
+ * XSUAA Token storage - saves tokens to .env files with XSUAA_* variables
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.saveXsuaaTokenToEnv = saveXsuaaTokenToEnv;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const constants_1 = require("../../utils/constants");
+/**
+ * Save XSUAA token to {destination}.env file using XSUAA_* variables
+ * @param destination Destination name
+ * @param savePath Path where to save the file
+ * @param config XSUAA session configuration to save
+ */
+async function saveXsuaaTokenToEnv(destination, savePath, config) {
+    // Ensure directory exists
+    if (!fs.existsSync(savePath)) {
+        fs.mkdirSync(savePath, { recursive: true });
+    }
+    const envFilePath = path.join(savePath, `${destination}.env`);
+    const tempFilePath = `${envFilePath}.tmp`;
+    // Read existing .env file if it exists
+    let existingContent = '';
+    if (fs.existsSync(envFilePath)) {
+        existingContent = fs.readFileSync(envFilePath, 'utf8');
+    }
+    // Parse existing content to preserve other values
+    // Remove old SAP_* variables for XSUAA (use XSUAA_* instead)
+    const lines = existingContent.split('\n');
+    const existingVars = new Map();
+    for (const line of lines) {
+        const trimmed = line.trim();
+        if (!trimmed || trimmed.startsWith('#')) {
+            continue;
+        }
+        const match = trimmed.match(/^([^=]+)=(.*)$/);
+        if (match) {
+            const key = match[1].trim();
+            // Skip old SAP_* variables for XSUAA (we use XSUAA_* now)
+            if (key.startsWith('SAP_') && (key === 'SAP_URL' || key === 'SAP_JWT_TOKEN' || key === 'SAP_REFRESH_TOKEN' ||
+                key === 'SAP_UAA_URL' || key === 'SAP_UAA_CLIENT_ID' || key === 'SAP_UAA_CLIENT_SECRET')) {
+                continue; // Don't preserve old SAP_* variables
+            }
+            const value = match[2].trim().replace(/^["']|["']$/g, ''); // Remove quotes
+            existingVars.set(key, value);
+        }
+    }
+    // Update with new values (XSUAA_* variables)
+    // mcpUrl can be saved as additional variable (not part of CONNECTION_VARS, but can be stored for convenience)
+    // URL comes from elsewhere (YAML config, parameter, or request header), but can be stored in .env
+    if (config.mcpUrl) {
+        existingVars.set('XSUAA_MCP_URL', config.mcpUrl); // Store as additional variable (not in CONNECTION_VARS)
+    }
+    existingVars.set(constants_1.XSUAA_CONNECTION_VARS.AUTHORIZATION_TOKEN, config.jwtToken);
+    if (config.refreshToken) {
+        existingVars.set(constants_1.XSUAA_AUTHORIZATION_VARS.REFRESH_TOKEN, config.refreshToken);
+    }
+    if (config.uaaUrl) {
+        existingVars.set(constants_1.XSUAA_AUTHORIZATION_VARS.UAA_URL, config.uaaUrl);
+    }
+    if (config.uaaClientId) {
+        existingVars.set(constants_1.XSUAA_AUTHORIZATION_VARS.UAA_CLIENT_ID, config.uaaClientId);
+    }
+    if (config.uaaClientSecret) {
+        existingVars.set(constants_1.XSUAA_AUTHORIZATION_VARS.UAA_CLIENT_SECRET, config.uaaClientSecret);
+    }
+    // Write to temporary file first (atomic write)
+    const envLines = [];
+    for (const [key, value] of existingVars.entries()) {
+        // Escape value if it contains spaces or special characters
+        const escapedValue = value.includes(' ') || value.includes('=') || value.includes('#')
+            ? `"${value.replace(/"/g, '\\"')}"`
+            : value;
+        envLines.push(`${key}=${escapedValue}`);
+    }
+    const envContent = envLines.join('\n') + '\n';
+    // Write to temp file
+    fs.writeFileSync(tempFilePath, envContent, 'utf8');
+    // Atomic rename
+    fs.renameSync(tempFilePath, envFilePath);
+}

package/dist/stores/abap/AbapServiceKeyStore.d.ts

@@ -0,0 +1,34 @@
+/**
+ * ABAP Service key store - reads ABAP service keys from {destination}.json files
+ *
+ * Uses AbstractServiceKeyStore for file I/O and AbapServiceKeyParser for parsing.
+ * This extends base BTP by supporting ABAP service key format with nested uaa object.
+ */
+import type { IServiceKeyStore } from '@mcp-abap-adt/auth-broker';
+import { AbstractServiceKeyStore } from '../abstract/AbstractServiceKeyStore';
+/**
+ * ABAP Service key store implementation
+ *
+ * Uses AbstractServiceKeyStore for file operations and AbapServiceKeyParser for parsing.
+ * Search paths priority:
+ * 1. Constructor parameter (highest)
+ * 2. AUTH_BROKER_PATH environment variable
+ * 3. Current working directory (lowest)
+ */
+export declare class AbapServiceKeyStore extends AbstractServiceKeyStore implements IServiceKeyStore {
+    private parser;
+    /**
+     * Create a new AbapServiceKeyStore instance
+     * @param searchPaths Optional search paths for .json files.
+     *                    Can be a single path (string) or array of paths.
+     *                    If not provided, uses AUTH_BROKER_PATH env var or current working directory.
+     */
+    constructor(searchPaths?: string | string[]);
+    /**
+     * Parse raw JSON data using AbapServiceKeyParser
+     * @param rawData Raw JSON data from service key file
+     * @returns Parsed service key object
+     * @throws Error if data cannot be parsed or is invalid
+     */
+    protected parse(rawData: any): unknown;
+}

package/dist/stores/abap/AbapServiceKeyStore.js

@@ -0,0 +1,43 @@
+"use strict";
+/**
+ * ABAP Service key store - reads ABAP service keys from {destination}.json files
+ *
+ * Uses AbstractServiceKeyStore for file I/O and AbapServiceKeyParser for parsing.
+ * This extends base BTP by supporting ABAP service key format with nested uaa object.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.AbapServiceKeyStore = void 0;
+const AbstractServiceKeyStore_1 = require("../abstract/AbstractServiceKeyStore");
+const AbapServiceKeyParser_1 = require("../../parsers/abap/AbapServiceKeyParser");
+/**
+ * ABAP Service key store implementation
+ *
+ * Uses AbstractServiceKeyStore for file operations and AbapServiceKeyParser for parsing.
+ * Search paths priority:
+ * 1. Constructor parameter (highest)
+ * 2. AUTH_BROKER_PATH environment variable
+ * 3. Current working directory (lowest)
+ */
+class AbapServiceKeyStore extends AbstractServiceKeyStore_1.AbstractServiceKeyStore {
+    parser;
+    /**
+     * Create a new AbapServiceKeyStore instance
+     * @param searchPaths Optional search paths for .json files.
+     *                    Can be a single path (string) or array of paths.
+     *                    If not provided, uses AUTH_BROKER_PATH env var or current working directory.
+     */
+    constructor(searchPaths) {
+        super(searchPaths);
+        this.parser = new AbapServiceKeyParser_1.AbapServiceKeyParser();
+    }
+    /**
+     * Parse raw JSON data using AbapServiceKeyParser
+     * @param rawData Raw JSON data from service key file
+     * @returns Parsed service key object
+     * @throws Error if data cannot be parsed or is invalid
+     */
+    parse(rawData) {
+        return this.parser.parse(rawData);
+    }
+}
+exports.AbapServiceKeyStore = AbapServiceKeyStore;