@mcp-abap-adt/auth-stores 0.1.7 → 0.2.0

package/CHANGELOG.md

@@ -7,6 +7,106 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.2.0] - 2025-12-08
+
+### Breaking Changes
+
+- **XsuaaSessionStore Constructor**: `defaultServiceUrl` is now a **required** parameter (second parameter)
+  - **Before**: `new XsuaaSessionStore(directory, log?, defaultServiceUrl?)`
+  - **After**: `new XsuaaSessionStore(directory, defaultServiceUrl, log?)`
+  - **Reason**: `serviceUrl` cannot be obtained from XSUAA service keys, so it must be provided via constructor
+  - **Migration**: Update all `XsuaaSessionStore` instantiations to provide `defaultServiceUrl` as second parameter
+
+- **SafeXsuaaSessionStore Constructor**: `defaultServiceUrl` is now a **required** parameter (first parameter)
+  - **Before**: `new SafeXsuaaSessionStore(log?, defaultServiceUrl?)`
+  - **After**: `new SafeXsuaaSessionStore(defaultServiceUrl, log?)`
+  - **Migration**: Update all `SafeXsuaaSessionStore` instantiations to provide `defaultServiceUrl` as first parameter
+
+- **BtpSessionStore Constructor**: `defaultServiceUrl` is now a **required** parameter (second parameter)
+  - **Before**: `new BtpSessionStore(directory, log?, defaultServiceUrl?)`
+  - **After**: `new BtpSessionStore(directory, defaultServiceUrl, log?)`
+  - **Reason**: `serviceUrl` cannot be obtained from BTP service keys, so it must be provided via constructor
+  - **Migration**: Update all `BtpSessionStore` instantiations to provide `defaultServiceUrl` as second parameter
+
+- **SafeBtpSessionStore Constructor**: `defaultServiceUrl` is now a **required** parameter (first parameter)
+  - **Before**: `new SafeBtpSessionStore(log?, defaultServiceUrl?)`
+  - **After**: `new SafeBtpSessionStore(defaultServiceUrl, log?)`
+  - **Migration**: Update all `SafeBtpSessionStore` instantiations to provide `defaultServiceUrl` as first parameter
+
+### Changed
+
+- **AbapSessionStore Constructor**: `defaultServiceUrl` remains **optional** (third parameter)
+  - **Reason**: `serviceUrl` can be obtained from ABAP service keys, so it's optional
+  - **Signature**: `new AbapSessionStore(directory, log?, defaultServiceUrl?)`
+  - No migration needed for `AbapSessionStore`
+
+- **SafeAbapSessionStore Constructor**: `defaultServiceUrl` remains **optional** (second parameter)
+  - **Signature**: `new SafeAbapSessionStore(log?, defaultServiceUrl?)`
+  - No migration needed for `SafeAbapSessionStore`
+
+- **Session Creation Logic**: Updated to use `defaultServiceUrl` when creating new sessions
+  - When `setConnectionConfig` or `setAuthorizationConfig` creates a new session, `defaultServiceUrl` is used if `config.serviceUrl` is not provided
+  - For XSUAA/BTP stores: `defaultServiceUrl` is always used (required parameter)
+  - For ABAP stores: `defaultServiceUrl` is used only if provided and `config.serviceUrl` is not provided
+
+- **Session Update Logic**: Fixed to not use `defaultServiceUrl` when updating existing sessions
+  - When updating an existing session, only `config.serviceUrl` is used if explicitly provided
+  - `defaultServiceUrl` is never used to modify `mcpUrl`/`serviceUrl` during updates
+
+### Added
+
+- **Comprehensive Logging**: Added detailed logging throughout all session stores using `ILogger` with optional chaining
+  - All critical operations now log via `logger?.info()`, `logger?.debug()`, `logger?.warn()`, `logger?.error()`
+  - Logging covers: session creation, updates, deletions, loading, validation errors, file operations
+  - Logging provides critical information for analysis: serviceUrl, token lengths, UAA parameters, operation results
+  - Logging is optional - stores work without logger (no-op when logger is not provided)
+
+### Fixed
+
+- **loadEnvFile**: Fixed validation to allow empty string for `jwtToken`
+  - **Before**: Rejected empty string `''` as invalid (treated as falsy)
+  - **After**: Only rejects `undefined` or `null` - empty string is valid
+  - **Reason**: Sessions created via `setAuthorizationConfig` may have empty `jwtToken` initially (set later via `setConnectionConfig`)
+  - This fix allows loading sessions with empty tokens, which is valid for authorization-only sessions
+
+### Migration Guide
+
+#### XsuaaSessionStore and SafeXsuaaSessionStore
+
+**Before:**
+```typescript
+const store = new XsuaaSessionStore('/path/to/sessions', logger, 'https://default.mcp.com');
+const safeStore = new SafeXsuaaSessionStore(logger, 'https://default.mcp.com');
+```
+
+**After:**
+```typescript
+const store = new XsuaaSessionStore('/path/to/sessions', 'https://default.mcp.com', logger);
+const safeStore = new SafeXsuaaSessionStore('https://default.mcp.com', logger);
+```
+
+#### BtpSessionStore and SafeBtpSessionStore
+
+**Before:**
+```typescript
+const store = new BtpSessionStore('/path/to/sessions', logger, 'https://default.mcp.com');
+const safeStore = new SafeBtpSessionStore(logger, 'https://default.mcp.com');
+```
+
+**After:**
+```typescript
+const store = new BtpSessionStore('/path/to/sessions', 'https://default.mcp.com', logger);
+const safeStore = new SafeBtpSessionStore('https://default.mcp.com', logger);
+```
+
+#### AbapSessionStore and SafeAbapSessionStore
+
+No changes needed - `defaultServiceUrl` remains optional:
+```typescript
+const store = new AbapSessionStore('/path/to/sessions', logger, 'https://default.sap.com'); // Optional
+const safeStore = new SafeAbapSessionStore(logger, 'https://default.sap.com'); // Optional
+```
+
 ## [0.1.7] - 2025-12-08
 
 ### Added

package/README.md

@@ -12,7 +12,7 @@ npm install @mcp-abap-adt/auth-stores
 
 ## Overview
 
-This package implements the `IServiceKeyStore` and `ISessionStore` interfaces from `@mcp-abap-adt/auth-broker`:
+This package implements the `IServiceKeyStore` and `ISessionStore` interfaces from `@mcp-abap-adt/interfaces`:
 
 - **Service Key Stores**: Read service key JSON files from a specified directory
 - **Session Stores**: Read/write session data from/to `.env` files or in-memory storage
@@ -40,7 +40,7 @@ This principle ensures:
 
 This package is responsible for:
 
-1. **Implementing storage interfaces**: Provides concrete implementations of `IServiceKeyStore` and `ISessionStore` interfaces defined in `@mcp-abap-adt/auth-broker`
+1. **Implementing storage interfaces**: Provides concrete implementations of `IServiceKeyStore` and `ISessionStore` interfaces defined in `@mcp-abap-adt/interfaces`
 2. **File I/O operations**: Handles reading and writing service key JSON files and session `.env` files
 3. **Data format conversion**: Converts between interface types (`IConfig`, `IConnectionConfig`, `IAuthorizationConfig`) and internal storage formats
 4. **Platform-specific handling**: Provides different store implementations for ABAP, BTP, and XSUAA with their specific data formats
@@ -63,7 +63,7 @@ This package is responsible for:
 
 This package interacts with external packages **ONLY through interfaces**:
 
-- **`@mcp-abap-adt/auth-broker`**: Uses interfaces (`IServiceKeyStore`, `ISessionStore`, `IConfig`, `IConnectionConfig`, `IAuthorizationConfig`) - does not know about `AuthBroker` implementation
+- **`@mcp-abap-adt/interfaces`**: Uses interfaces (`IServiceKeyStore`, `ISessionStore`, `IConfig`, `IConnectionConfig`, `IAuthorizationConfig`, `ILogger`) - does not know about concrete implementations in other packages
 - **No direct dependencies on other packages**: All interactions happen through well-defined interfaces
 
 ## Store Types
@@ -101,10 +101,12 @@ import { BtpServiceKeyStore, BtpSessionStore, SafeBtpSessionStore } from '@mcp-a
 const serviceKeyStore = new BtpServiceKeyStore('/path/to/service-keys');
 
 // File-based session store - reads/writes {destination}.env files
-const sessionStore = new BtpSessionStore('/path/to/sessions');
+// defaultServiceUrl is REQUIRED (cannot be obtained from service key)
+const sessionStore = new BtpSessionStore('/path/to/sessions', 'https://default.mcp.com', logger);
 
 // In-memory session store (non-persistent)
-const safeSessionStore = new SafeBtpSessionStore();
+// defaultServiceUrl is REQUIRED (cannot be obtained from service key)
+const safeSessionStore = new SafeBtpSessionStore('https://default.mcp.com', logger);
 ```
 
 ### ABAP Stores (with sapUrl)
@@ -131,10 +133,12 @@ import { XsuaaServiceKeyStore, XsuaaSessionStore, SafeXsuaaSessionStore } from '
 const serviceKeyStore = new XsuaaServiceKeyStore('/path/to/service-keys');
 
 // File-based session store - stores XSUAA sessions
-const sessionStore = new XsuaaSessionStore('/path/to/sessions');
+// defaultServiceUrl is REQUIRED (cannot be obtained from service key)
+const sessionStore = new XsuaaSessionStore('/path/to/sessions', 'https://default.mcp.com', logger);
 
 // In-memory session store
-const safeSessionStore = new SafeXsuaaSessionStore();
+// defaultServiceUrl is REQUIRED (cannot be obtained from service key)
+const safeSessionStore = new SafeXsuaaSessionStore('https://default.mcp.com', logger);
 ```
 
 ### Directory Configuration
@@ -151,6 +155,20 @@ const sessionStore = new AbapSessionStore('/path/to/sessions'); // Directory cre
 
 **Note**: File-based session stores (`AbapSessionStore`, `BtpSessionStore`, `XsuaaSessionStore`) automatically create the directory in the constructor if it doesn't exist. Stores are ready to use immediately after construction.
 
+### Default Service URL Configuration
+
+**For XSUAA and BTP stores**: `defaultServiceUrl` is **required** in the constructor because `serviceUrl` cannot be obtained from service keys:
+- `XsuaaSessionStore(directory, defaultServiceUrl, log?)` - `defaultServiceUrl` is required
+- `SafeXsuaaSessionStore(defaultServiceUrl, log?)` - `defaultServiceUrl` is required
+- `BtpSessionStore(directory, defaultServiceUrl, log?)` - `defaultServiceUrl` is required
+- `SafeBtpSessionStore(defaultServiceUrl, log?)` - `defaultServiceUrl` is required
+
+**For ABAP stores**: `defaultServiceUrl` is **optional** because `serviceUrl` can be obtained from ABAP service keys:
+- `AbapSessionStore(directory, log?, defaultServiceUrl?)` - `defaultServiceUrl` is optional
+- `SafeAbapSessionStore(log?, defaultServiceUrl?)` - `defaultServiceUrl` is optional
+
+The `defaultServiceUrl` is used when creating new sessions via `setConnectionConfig` or `setAuthorizationConfig` if `config.serviceUrl` is not provided. It is never used to modify existing sessions.
+
 ### Service Key Format
 
 **ABAP Service Key** (with nested `uaa` object):
@@ -354,7 +372,7 @@ Integration tests will skip if `test-config.yaml` is not configured or contains
 
 ### Store Implementation
 
-- All stores implement `IServiceKeyStore` or `ISessionStore` interfaces from `@mcp-abap-adt/auth-broker`
+- All stores implement `IServiceKeyStore` or `ISessionStore` interfaces from `@mcp-abap-adt/interfaces`
 - Stores accept a single directory path in constructor
 - File-based session stores automatically create directories in constructor if they don't exist
 - Session stores automatically create sessions when calling `setConnectionConfig` or `setAuthorizationConfig` (no need to call `saveSession` first)
@@ -366,13 +384,14 @@ Session stores are designed to work seamlessly with `AuthBroker`:
 
 - **Ready after construction**: File-based stores create directory automatically, stores are ready to use immediately
 - **Automatic session creation**: Calling `setConnectionConfig` or `setAuthorizationConfig` on an empty store creates a new session
-- **ABAP stores**: Require `serviceUrl` when creating new session via `setConnectionConfig` or `setAuthorizationConfig`
-- **BTP/XSUAA stores**: `mcpUrl` is optional - can create session with authorization config first, then add connection config
+- **ABAP stores**: Require `serviceUrl` when creating new session (from config or `defaultServiceUrl` parameter)
+- **BTP/XSUAA stores**: Require `defaultServiceUrl` in constructor (cannot be obtained from service key), used when creating new sessions if `config.serviceUrl` is not provided
 - **Token updates**: `setConnectionConfig` updates token if provided, preserves existing token if not provided
+- **Session updates**: When updating existing sessions, only `config.serviceUrl` is used if explicitly provided; `defaultServiceUrl` is never used to modify existing sessions
 
 ## Dependencies
 
-- `@mcp-abap-adt/interfaces` (^0.1.3) - Interface definitions (`IServiceKeyStore`, `ISessionStore`, `IConfig`, `IConnectionConfig`, `IAuthorizationConfig`, `ILogger`)
+- `@mcp-abap-adt/interfaces` (^0.1.4) - Interface definitions (`IServiceKeyStore`, `ISessionStore`, `IConfig`, `IConnectionConfig`, `IAuthorizationConfig`, `ILogger`)
 - `dotenv` - Environment variable parsing
 
 ## License

package/dist/storage/abap/envLoader.js

@@ -65,14 +65,15 @@ async function loadEnvFile(destination, directory, log) {
         // Extract required fields
         const sapUrl = parsed[constants_1.ABAP_CONNECTION_VARS.SERVICE_URL];
         const jwtToken = parsed[constants_1.ABAP_CONNECTION_VARS.AUTHORIZATION_TOKEN];
-        log?.debug(`Extracted fields: hasSapUrl(${!!sapUrl}), hasJwtToken(${!!jwtToken})`);
-        if (!sapUrl || !jwtToken) {
-            log?.warn(`Env file missing required fields: sapUrl(${!!sapUrl}), jwtToken(${!!jwtToken})`);
+        log?.debug(`Extracted fields: hasSapUrl(${!!sapUrl}), hasJwtToken(${jwtToken !== undefined && jwtToken !== null})`);
+        // sapUrl is required, jwtToken can be empty string (for authorization-only sessions)
+        if (!sapUrl || jwtToken === undefined || jwtToken === null) {
+            log?.warn(`Env file missing required fields: sapUrl(${!!sapUrl}), jwtToken(${jwtToken !== undefined && jwtToken !== null})`);
             return null;
         }
         const config = {
             sapUrl: sapUrl.trim(),
-            jwtToken: jwtToken.trim(),
+            jwtToken: jwtToken.trim(), // Can be empty string for authorization-only sessions
         };
         // Optional fields
         if (parsed[constants_1.ABAP_CONNECTION_VARS.SAP_CLIENT]) {

package/dist/stores/abap/AbapSessionStore.d.ts

@@ -19,12 +19,14 @@ import type { IAuthorizationConfig, IConnectionConfig, ISessionStore, IConfig, I
 export declare class AbapSessionStore implements ISessionStore {
     protected directory: string;
     private log?;
+    private defaultServiceUrl?;
     /**
      * Create a new AbapSessionStore instance
      * @param directory Directory where session .env files are located
      * @param log Optional logger for logging operations
+     * @param defaultServiceUrl Optional default service URL to use when serviceUrl is not provided in config
      */
-    constructor(directory: string, log?: ILogger);
+    constructor(directory: string, log?: ILogger, defaultServiceUrl?: string);
     /**
      * Load session from file
      * @param filePath Path to session file

package/dist/stores/abap/AbapSessionStore.js

@@ -58,14 +58,17 @@ const path = __importStar(require("path"));
 class AbapSessionStore {
     directory;
     log;
+    defaultServiceUrl;
     /**
      * Create a new AbapSessionStore instance
      * @param directory Directory where session .env files are located
      * @param log Optional logger for logging operations
+     * @param defaultServiceUrl Optional default service URL to use when serviceUrl is not provided in config
      */
-    constructor(directory, log) {
+    constructor(directory, log, defaultServiceUrl) {
         this.directory = directory;
         this.log = log;
+        this.defaultServiceUrl = defaultServiceUrl;
         // Ensure directory exists - create if it doesn't
         if (!fs.existsSync(directory)) {
             fs.mkdirSync(directory, { recursive: true });
@@ -93,7 +96,7 @@ class AbapSessionStore {
         // Convert IConfig format (serviceUrl, authorizationToken) to internal format (sapUrl, jwtToken)
         return {
             sapUrl: (obj.serviceUrl || obj.sapUrl),
-            jwtToken: (obj.authorizationToken || obj.jwtToken),
+            jwtToken: (obj.authorizationToken || obj.jwtToken || ''), // Ensure jwtToken is always a string
             refreshToken: obj.refreshToken,
             uaaUrl: obj.uaaUrl,
             uaaClientId: obj.uaaClientId,
@@ -110,6 +113,7 @@ class AbapSessionStore {
     async saveToFile(filePath, config) {
         // Type guard - ensure it's EnvConfig (has sapUrl)
         if (!config || typeof config !== 'object' || !('sapUrl' in config)) {
+            this.log?.error(`Invalid config format for AbapSessionStore: missing sapUrl`);
             throw new Error('AbapSessionStore can only store ABAP sessions (with sapUrl)');
         }
         // Extract destination from file path
@@ -159,7 +163,12 @@ class AbapSessionStore {
         const fileName = `${destination}.env`;
         const filePath = path.join(this.directory, fileName);
         if (fs.existsSync(filePath)) {
+            this.log?.debug(`Deleting session for destination: ${destination}`);
             fs.unlinkSync(filePath);
+            this.log?.info(`Session deleted for destination: ${destination}`);
+        }
+        else {
+            this.log?.debug(`Session file not found for deletion: ${destination}`);
         }
     }
     /**
@@ -170,20 +179,43 @@ class AbapSessionStore {
      */
     async loadSession(destination) {
         this.log?.debug(`Loading session for destination: ${destination}`);
-        const authConfig = await this.getAuthorizationConfig(destination);
-        const connConfig = await this.getConnectionConfig(destination);
-        // Return null if both are null, otherwise return composition (even if one is null)
-        if (!authConfig && !connConfig) {
+        const rawSession = await this.loadRawSession(destination);
+        if (!rawSession) {
             this.log?.debug(`Session not found for destination: ${destination}`);
             return null;
         }
-        const tokenLength = connConfig?.authorizationToken?.length || 0;
-        const hasRefreshToken = !!authConfig?.refreshToken;
-        this.log?.info(`Session loaded for ${destination}: token(${tokenLength} chars), hasRefreshToken(${hasRefreshToken}), sapUrl(${connConfig?.serviceUrl ? connConfig.serviceUrl.substring(0, 40) + '...' : 'none'})`);
-        return {
-            ...(authConfig || {}),
-            ...(connConfig || {}),
-        };
+        // Convert internal format to IConfig format
+        const result = {};
+        // Connection config fields
+        if (rawSession.sapUrl) {
+            result.serviceUrl = rawSession.sapUrl;
+        }
+        if (rawSession.jwtToken !== undefined) {
+            result.authorizationToken = rawSession.jwtToken;
+        }
+        if (rawSession.sapClient) {
+            result.sapClient = rawSession.sapClient;
+        }
+        if (rawSession.language) {
+            result.language = rawSession.language;
+        }
+        // Authorization config fields
+        if (rawSession.uaaUrl) {
+            result.uaaUrl = rawSession.uaaUrl;
+        }
+        if (rawSession.uaaClientId) {
+            result.uaaClientId = rawSession.uaaClientId;
+        }
+        if (rawSession.uaaClientSecret) {
+            result.uaaClientSecret = rawSession.uaaClientSecret;
+        }
+        if (rawSession.refreshToken) {
+            result.refreshToken = rawSession.refreshToken;
+        }
+        const tokenLength = rawSession.jwtToken?.length || 0;
+        const hasRefreshToken = !!rawSession.refreshToken;
+        this.log?.info(`Session loaded for ${destination}: token(${tokenLength} chars), hasRefreshToken(${hasRefreshToken}), sapUrl(${rawSession.sapUrl ? rawSession.sapUrl.substring(0, 40) + '...' : 'none'})`);
+        return result;
     }
     /**
      * Load raw session data (internal representation)
@@ -198,11 +230,13 @@ class AbapSessionStore {
         try {
             const raw = await this.loadFromFile(sessionPath);
             if (!raw || !isEnvConfig(raw)) {
+                this.log?.debug(`Invalid session format for ${destination}: missing required fields (sapUrl, jwtToken)`);
                 return null;
             }
             return raw;
         }
         catch (error) {
+            this.log?.error(`Error loading session for ${destination}: ${error instanceof Error ? error.message : String(error)}`);
             return null;
         }
     }
@@ -264,34 +298,41 @@ class AbapSessionStore {
     async setAuthorizationConfig(destination, config) {
         const current = await this.loadRawSession(destination);
         if (!current) {
-            // Session doesn't exist - try to get serviceUrl from connection config
+            // Session doesn't exist - try to get serviceUrl from connection config or use defaultServiceUrl
             // For ABAP, we need sapUrl to create session
             const connConfig = await this.getConnectionConfig(destination);
-            const sapUrl = connConfig?.serviceUrl;
+            const sapUrl = connConfig?.serviceUrl || this.defaultServiceUrl;
             if (!sapUrl) {
-                throw new Error(`Cannot set authorization config for destination "${destination}": session does not exist and serviceUrl is required for ABAP sessions. Call setConnectionConfig first.`);
+                this.log?.error(`Cannot set authorization config for ${destination}: session does not exist and serviceUrl is required. Missing defaultServiceUrl in constructor.`);
+                throw new Error(`Cannot set authorization config for destination "${destination}": session does not exist and serviceUrl is required for ABAP sessions. Call setConnectionConfig first or provide defaultServiceUrl in constructor.`);
             }
             this.log?.debug(`Creating new session for ${destination} via setAuthorizationConfig: sapUrl(${sapUrl.substring(0, 40)}...)`);
             const newSession = {
-                sapUrl,
-                jwtToken: connConfig?.authorizationToken || '', // Use token from connection config if available
+                serviceUrl: sapUrl,
+                authorizationToken: connConfig?.authorizationToken || '', // Use token from connection config if available
                 uaaUrl: config.uaaUrl,
                 uaaClientId: config.uaaClientId,
                 uaaClientSecret: config.uaaClientSecret,
                 refreshToken: config.refreshToken,
             };
             await this.saveSession(destination, newSession);
+            this.log?.info(`New session created for ${destination} via setAuthorizationConfig: uaaUrl(${config.uaaUrl.substring(0, 30)}...), hasRefreshToken(${!!config.refreshToken})`);
             return;
         }
-        // Update authorization fields
+        // Update authorization fields - convert internal format to IConfig
+        this.log?.debug(`Updating authorization config for existing session ${destination}: uaaUrl(${config.uaaUrl.substring(0, 30)}...), hasRefreshToken(${!!config.refreshToken})`);
         const updated = {
-            ...current,
+            serviceUrl: current.sapUrl,
+            authorizationToken: current.jwtToken,
+            sapClient: current.sapClient,
+            language: current.language,
             uaaUrl: config.uaaUrl,
             uaaClientId: config.uaaClientId,
             uaaClientSecret: config.uaaClientSecret,
             refreshToken: config.refreshToken || current.refreshToken,
         };
         await this.saveSession(destination, updated);
+        this.log?.info(`Authorization config updated for ${destination}: uaaUrl(${config.uaaUrl.substring(0, 30)}...), hasRefreshToken(${!!config.refreshToken})`);
     }
     /**
      * Set connection configuration
@@ -304,30 +345,38 @@ class AbapSessionStore {
         const current = await this.loadRawSession(destination);
         if (!current) {
             // Session doesn't exist - create new one
-            // For ABAP, serviceUrl is required
-            if (!config.serviceUrl) {
-                throw new Error(`Cannot create session for destination "${destination}": serviceUrl is required for ABAP sessions`);
+            // For ABAP, serviceUrl is required - use from config, defaultServiceUrl, or throw error
+            const serviceUrl = config.serviceUrl || this.defaultServiceUrl;
+            if (!serviceUrl) {
+                this.log?.error(`Cannot create session for ${destination}: serviceUrl is required. Missing in config and defaultServiceUrl in constructor.`);
+                throw new Error(`Cannot create session for destination "${destination}": serviceUrl is required for ABAP sessions. Provide it in config or constructor.`);
             }
-            this.log?.debug(`Creating new session for ${destination} via setConnectionConfig: serviceUrl(${config.serviceUrl.substring(0, 40)}...), token(${config.authorizationToken?.length || 0} chars)`);
+            this.log?.debug(`Creating new session for ${destination} via setConnectionConfig: serviceUrl(${serviceUrl.substring(0, 40)}...), token(${config.authorizationToken?.length || 0} chars)`);
             const newSession = {
-                sapUrl: config.serviceUrl,
-                jwtToken: config.authorizationToken || '',
+                serviceUrl: serviceUrl,
+                authorizationToken: config.authorizationToken || '',
                 sapClient: config.sapClient,
                 language: config.language,
             };
             await this.saveSession(destination, newSession);
-            this.log?.info(`Session created for ${destination}: serviceUrl(${config.serviceUrl.substring(0, 40)}...), token(${config.authorizationToken?.length || 0} chars)`);
+            this.log?.info(`Session created for ${destination}: serviceUrl(${serviceUrl.substring(0, 40)}...), token(${config.authorizationToken?.length || 0} chars)`);
             return;
         }
-        // Update connection fields
+        // Update connection fields - convert internal format to IConfig
+        this.log?.debug(`Updating connection config for existing session ${destination}: serviceUrl(${config.serviceUrl ? config.serviceUrl.substring(0, 40) + '...' : 'unchanged'}), token(${config.authorizationToken?.length || 0} chars)`);
         const updated = {
-            ...current,
-            sapUrl: config.serviceUrl || current.sapUrl,
-            jwtToken: config.authorizationToken,
+            serviceUrl: config.serviceUrl || current.sapUrl,
+            authorizationToken: config.authorizationToken,
             sapClient: config.sapClient !== undefined ? config.sapClient : current.sapClient,
             language: config.language !== undefined ? config.language : current.language,
+            uaaUrl: current.uaaUrl,
+            uaaClientId: current.uaaClientId,
+            uaaClientSecret: current.uaaClientSecret,
+            refreshToken: current.refreshToken,
         };
         await this.saveSession(destination, updated);
+        const finalServiceUrl = updated.serviceUrl || current.sapUrl;
+        this.log?.info(`Connection config updated for ${destination}: serviceUrl(${finalServiceUrl ? finalServiceUrl.substring(0, 40) + '...' : 'none'}), token(${config.authorizationToken?.length || 0} chars)`);
     }
 }
 exports.AbapSessionStore = AbapSessionStore;

package/dist/stores/abap/SafeAbapSessionStore.d.ts

@@ -14,11 +14,13 @@ import type { ISessionStore, IConnectionConfig, IAuthorizationConfig, IConfig, I
 export declare class SafeAbapSessionStore implements ISessionStore {
     private sessions;
     private log?;
+    private defaultServiceUrl?;
     /**
      * Create a new SafeAbapSessionStore instance
      * @param log Optional logger for logging operations
+     * @param defaultServiceUrl Optional default service URL to use when serviceUrl is not provided in config
      */
-    constructor(log?: ILogger);
+    constructor(log?: ILogger, defaultServiceUrl?: string);
     private loadRawSession;
     private validateSessionConfig;
     private convertToInternalFormat;

package/dist/stores/abap/SafeAbapSessionStore.js

@@ -16,27 +16,33 @@ exports.SafeAbapSessionStore = void 0;
 class SafeAbapSessionStore {
     sessions = new Map();
     log;
+    defaultServiceUrl;
     /**
      * Create a new SafeAbapSessionStore instance
      * @param log Optional logger for logging operations
+     * @param defaultServiceUrl Optional default service URL to use when serviceUrl is not provided in config
      */
-    constructor(log) {
+    constructor(log, defaultServiceUrl) {
         this.log = log;
+        this.defaultServiceUrl = defaultServiceUrl;
     }
     loadRawSession(destination) {
         return this.sessions.get(destination) || null;
     }
     validateSessionConfig(config) {
         if (!config || typeof config !== 'object') {
+            this.log?.error(`Invalid config format: not an object`);
             throw new Error('SafeAbapSessionStore can only store ABAP sessions (with sapUrl)');
         }
         const obj = config;
         // Accept IConfig format (has serviceUrl) or internal format (has sapUrl)
         const serviceUrl = obj.serviceUrl || obj.sapUrl;
         if (!serviceUrl) {
+            this.log?.error(`Validation failed: missing required field serviceUrl or sapUrl`);
             throw new Error('ABAP session config missing required field: serviceUrl or sapUrl');
         }
         if (!obj.authorizationToken && !obj.jwtToken) {
+            this.log?.error(`Validation failed: missing required field authorizationToken or jwtToken`);
             throw new Error('ABAP session config missing required field: authorizationToken or jwtToken');
         }
     }
@@ -60,19 +66,43 @@ class SafeAbapSessionStore {
     }
     async loadSession(destination) {
         this.log?.debug(`Loading session for destination: ${destination}`);
-        const authConfig = await this.getAuthorizationConfig(destination);
-        const connConfig = await this.getConnectionConfig(destination);
-        if (!authConfig && !connConfig) {
+        const rawSession = this.loadRawSession(destination);
+        if (!rawSession) {
             this.log?.debug(`Session not found for destination: ${destination}`);
             return null;
         }
-        const tokenLength = connConfig?.authorizationToken?.length || 0;
-        const hasRefreshToken = !!authConfig?.refreshToken;
-        this.log?.info(`Session loaded for ${destination}: token(${tokenLength} chars), hasRefreshToken(${hasRefreshToken}), sapUrl(${connConfig?.serviceUrl ? connConfig.serviceUrl.substring(0, 40) + '...' : 'none'})`);
-        return {
-            ...(authConfig || {}),
-            ...(connConfig || {}),
-        };
+        // Convert internal format to IConfig format
+        const result = {};
+        // Connection config fields
+        if (rawSession.sapUrl) {
+            result.serviceUrl = rawSession.sapUrl;
+        }
+        if (rawSession.jwtToken !== undefined) {
+            result.authorizationToken = rawSession.jwtToken;
+        }
+        if (rawSession.sapClient) {
+            result.sapClient = rawSession.sapClient;
+        }
+        if (rawSession.language) {
+            result.language = rawSession.language;
+        }
+        // Authorization config fields
+        if (rawSession.uaaUrl) {
+            result.uaaUrl = rawSession.uaaUrl;
+        }
+        if (rawSession.uaaClientId) {
+            result.uaaClientId = rawSession.uaaClientId;
+        }
+        if (rawSession.uaaClientSecret) {
+            result.uaaClientSecret = rawSession.uaaClientSecret;
+        }
+        if (rawSession.refreshToken) {
+            result.refreshToken = rawSession.refreshToken;
+        }
+        const tokenLength = rawSession.jwtToken?.length || 0;
+        const hasRefreshToken = !!rawSession.refreshToken;
+        this.log?.info(`Session loaded for ${destination}: token(${tokenLength} chars), hasRefreshToken(${hasRefreshToken}), sapUrl(${rawSession.sapUrl ? rawSession.sapUrl.substring(0, 40) + '...' : 'none'})`);
+        return result;
     }
     async saveSession(destination, config) {
         this.log?.debug(`Saving session for destination: ${destination}`);
@@ -85,16 +115,26 @@ class SafeAbapSessionStore {
         this.sessions.set(destination, internalConfig);
     }
     async deleteSession(destination) {
-        this.sessions.delete(destination);
+        if (this.sessions.has(destination)) {
+            this.log?.debug(`Deleting session for destination: ${destination}`);
+            this.sessions.delete(destination);
+            this.log?.info(`Session deleted for destination: ${destination}`);
+        }
+        else {
+            this.log?.debug(`Session not found for deletion: ${destination}`);
+        }
     }
     async getConnectionConfig(destination) {
         const sessionConfig = this.loadRawSession(destination);
         if (!sessionConfig) {
+            this.log?.debug(`Connection config not found for ${destination}`);
             return null;
         }
         if (!sessionConfig.jwtToken || !sessionConfig.sapUrl) {
+            this.log?.warn(`Connection config for ${destination} missing required fields: jwtToken(${!!sessionConfig.jwtToken}), sapUrl(${!!sessionConfig.sapUrl})`);
             return null;
         }
+        this.log?.debug(`Connection config loaded for ${destination}: token(${sessionConfig.jwtToken.length} chars), sapUrl(${sessionConfig.sapUrl.substring(0, 40)}...)`);
         return {
             serviceUrl: sessionConfig.sapUrl,
             authorizationToken: sessionConfig.jwtToken,
@@ -106,22 +146,25 @@ class SafeAbapSessionStore {
         const current = this.loadRawSession(destination);
         if (!current) {
             // Session doesn't exist - create new one
-            // For ABAP, serviceUrl is required
-            if (!config.serviceUrl) {
-                throw new Error(`Cannot create session for destination "${destination}": serviceUrl is required for ABAP sessions`);
+            // For ABAP, serviceUrl is required - use from config, defaultServiceUrl, or throw error
+            const serviceUrl = config.serviceUrl || this.defaultServiceUrl;
+            if (!serviceUrl) {
+                this.log?.error(`Cannot create session for ${destination}: serviceUrl is required. Missing in config and defaultServiceUrl in constructor.`);
+                throw new Error(`Cannot create session for destination "${destination}": serviceUrl is required for ABAP sessions. Provide it in config or constructor.`);
             }
-            this.log?.debug(`Creating new session for ${destination} via setConnectionConfig: serviceUrl(${config.serviceUrl.substring(0, 40)}...), token(${config.authorizationToken?.length || 0} chars)`);
+            this.log?.debug(`Creating new session for ${destination} via setConnectionConfig: serviceUrl(${serviceUrl.substring(0, 40)}...), token(${config.authorizationToken?.length || 0} chars)`);
             const newSession = {
-                sapUrl: config.serviceUrl,
+                sapUrl: serviceUrl,
                 jwtToken: config.authorizationToken || '',
                 sapClient: config.sapClient,
                 language: config.language,
             };
             // Save directly to Map (internal format)
             this.sessions.set(destination, newSession);
-            this.log?.info(`Session created for ${destination}: serviceUrl(${config.serviceUrl.substring(0, 40)}...), token(${config.authorizationToken?.length || 0} chars)`);
+            this.log?.info(`Session created for ${destination}: serviceUrl(${serviceUrl.substring(0, 40)}...), token(${config.authorizationToken?.length || 0} chars)`);
             return;
         }
+        this.log?.debug(`Updating connection config for existing session ${destination}: serviceUrl(${config.serviceUrl ? config.serviceUrl.substring(0, 40) + '...' : 'unchanged'}), token(${config.authorizationToken?.length || 0} chars)`);
         const updated = {
             ...current,
             sapUrl: config.serviceUrl || current.sapUrl,
@@ -131,15 +174,19 @@ class SafeAbapSessionStore {
         };
         // Save directly to Map (internal format)
         this.sessions.set(destination, updated);
+        this.log?.info(`Connection config updated for ${destination}: serviceUrl(${updated.sapUrl.substring(0, 40)}...), token(${config.authorizationToken?.length || 0} chars)`);
     }
     async getAuthorizationConfig(destination) {
         const sessionConfig = this.loadRawSession(destination);
         if (!sessionConfig) {
+            this.log?.debug(`Authorization config not found for ${destination}`);
             return null;
         }
         if (!sessionConfig.uaaUrl || !sessionConfig.uaaClientId || !sessionConfig.uaaClientSecret) {
+            this.log?.warn(`Authorization config for ${destination} missing required UAA fields`);
             return null;
         }
+        this.log?.debug(`Authorization config loaded for ${destination}: uaaUrl(${sessionConfig.uaaUrl.substring(0, 30)}...), hasRefreshToken(${!!sessionConfig.refreshToken})`);
         return {
             uaaUrl: sessionConfig.uaaUrl,
             uaaClientId: sessionConfig.uaaClientId,
@@ -150,12 +197,13 @@ class SafeAbapSessionStore {
     async setAuthorizationConfig(destination, config) {
         const current = this.loadRawSession(destination);
         if (!current) {
-            // Session doesn't exist - try to get serviceUrl from connection config
+            // Session doesn't exist - try to get serviceUrl from connection config or use defaultServiceUrl
             // For ABAP, we need sapUrl to create session
             const connConfig = await this.getConnectionConfig(destination);
-            const sapUrl = connConfig?.serviceUrl;
+            const sapUrl = connConfig?.serviceUrl || this.defaultServiceUrl;
             if (!sapUrl) {
-                throw new Error(`Cannot set authorization config for destination "${destination}": session does not exist and serviceUrl is required for ABAP sessions. Call setConnectionConfig first.`);
+                this.log?.error(`Cannot set authorization config for ${destination}: session does not exist and serviceUrl is required. Missing defaultServiceUrl in constructor.`);
+                throw new Error(`Cannot set authorization config for destination "${destination}": session does not exist and serviceUrl is required for ABAP sessions. Call setConnectionConfig first or provide defaultServiceUrl in constructor.`);
             }
             this.log?.debug(`Creating new session for ${destination} via setAuthorizationConfig: sapUrl(${sapUrl.substring(0, 40)}...)`);
             const newSession = {
@@ -168,8 +216,10 @@ class SafeAbapSessionStore {
             };
             // Save directly to Map (internal format)
             this.sessions.set(destination, newSession);
+            this.log?.info(`New session created for ${destination} via setAuthorizationConfig: uaaUrl(${config.uaaUrl.substring(0, 30)}...), hasRefreshToken(${!!config.refreshToken})`);
             return;
         }
+        this.log?.debug(`Updating authorization config for existing session ${destination}: uaaUrl(${config.uaaUrl.substring(0, 30)}...), hasRefreshToken(${!!config.refreshToken})`);
         const updated = {
             ...current,
             uaaUrl: config.uaaUrl,
@@ -179,6 +229,7 @@ class SafeAbapSessionStore {
         };
         // Save directly to Map (internal format)
         this.sessions.set(destination, updated);
+        this.log?.info(`Authorization config updated for ${destination}: uaaUrl(${config.uaaUrl.substring(0, 30)}...), hasRefreshToken(${!!config.refreshToken})`);
     }
 }
 exports.SafeAbapSessionStore = SafeAbapSessionStore;

package/dist/stores/btp/BtpSessionStore.d.ts

@@ -17,12 +17,14 @@ import type { IAuthorizationConfig, IConnectionConfig, ISessionStore, IConfig, I
 export declare class BtpSessionStore implements ISessionStore {
     protected directory: string;
     private log?;
+    private defaultServiceUrl;
     /**
      * Create a new BtpSessionStore instance
      * @param directory Directory where session .env files are located
+     * @param defaultServiceUrl Default service URL (required for BTP/XSUAA - cannot be obtained from service key)
      * @param log Optional logger for logging operations
      */
-    constructor(directory: string, log?: ILogger);
+    constructor(directory: string, defaultServiceUrl: string, log?: ILogger);
     /**
      * Load session from file
      * @param filePath Path to session file

package/dist/stores/btp/BtpSessionStore.js

@@ -56,13 +56,16 @@ const path = __importStar(require("path"));
 class BtpSessionStore {
     directory;
     log;
+    defaultServiceUrl;
     /**
      * Create a new BtpSessionStore instance
      * @param directory Directory where session .env files are located
+     * @param defaultServiceUrl Default service URL (required for BTP/XSUAA - cannot be obtained from service key)
      * @param log Optional logger for logging operations
      */
-    constructor(directory, log) {
+    constructor(directory, defaultServiceUrl, log) {
         this.directory = directory;
+        this.defaultServiceUrl = defaultServiceUrl;
         this.log = log;
         // Ensure directory exists - create if it doesn't
         if (!fs.existsSync(directory)) {
@@ -164,7 +167,12 @@ class BtpSessionStore {
         const fileName = `${destination}.env`;
         const filePath = path.join(this.directory, fileName);
         if (fs.existsSync(filePath)) {
+            this.log?.debug(`Deleting session for destination: ${destination}`);
             fs.unlinkSync(filePath);
+            this.log?.info(`Session deleted for destination: ${destination}`);
+        }
+        else {
+            this.log?.debug(`Session file not found for deletion: ${destination}`);
         }
     }
     /**
@@ -203,11 +211,13 @@ class BtpSessionStore {
         try {
             const raw = await this.loadFromFile(sessionPath);
             if (!raw || !isBtpBaseSessionConfig(raw)) {
+                this.log?.debug(`Invalid session format for ${destination}: missing required fields (jwtToken)`);
                 return null;
             }
             return raw;
         }
         catch (error) {
+            this.log?.error(`Error loading session for ${destination}: ${error instanceof Error ? error.message : String(error)}`);
             return null;
         }
     }
@@ -269,10 +279,10 @@ class BtpSessionStore {
         const current = await this.loadRawSession(destination);
         if (!current) {
             // Session doesn't exist - create new one
-            // For BTP, mcpUrl is optional, so we can create session without it
-            this.log?.debug(`Creating new session for ${destination} via setAuthorizationConfig`);
+            // For BTP, use defaultServiceUrl (required - cannot be obtained from service key)
+            this.log?.debug(`Creating new session for ${destination} via setAuthorizationConfig: mcpUrl(${this.defaultServiceUrl.substring(0, 40)}...)`);
             const newSession = {
-                mcpUrl: undefined, // Will be set when connection config is set
+                mcpUrl: this.defaultServiceUrl,
                 jwtToken: '', // Will be set when connection config is set
                 uaaUrl: config.uaaUrl,
                 uaaClientId: config.uaaClientId,
@@ -280,9 +290,11 @@ class BtpSessionStore {
                 refreshToken: config.refreshToken,
             };
             await this.saveSession(destination, newSession);
+            this.log?.info(`New session created for ${destination} via setAuthorizationConfig: uaaUrl(${config.uaaUrl.substring(0, 30)}...), hasRefreshToken(${!!config.refreshToken})`);
             return;
         }
         // Update authorization fields
+        this.log?.debug(`Updating authorization config for existing session ${destination}: uaaUrl(${config.uaaUrl.substring(0, 30)}...), hasRefreshToken(${!!config.refreshToken})`);
         const updated = {
             ...current,
             uaaUrl: config.uaaUrl,
@@ -291,6 +303,7 @@ class BtpSessionStore {
             refreshToken: config.refreshToken || current.refreshToken,
         };
         await this.saveSession(destination, updated);
+        this.log?.info(`Authorization config updated for ${destination}: uaaUrl(${config.uaaUrl.substring(0, 30)}...), hasRefreshToken(${!!config.refreshToken})`);
     }
     /**
      * Set connection configuration
@@ -302,23 +315,26 @@ class BtpSessionStore {
         const current = await this.loadRawSession(destination);
         if (!current) {
             // Session doesn't exist - create new one
-            // For BTP, mcpUrl is optional
-            this.log?.debug(`Creating new session for ${destination} via setConnectionConfig: mcpUrl(${config.serviceUrl ? config.serviceUrl.substring(0, 40) + '...' : 'none'}), token(${config.authorizationToken?.length || 0} chars)`);
+            // For BTP, use config.serviceUrl if provided, otherwise use defaultServiceUrl (required)
+            const serviceUrl = config.serviceUrl || this.defaultServiceUrl;
+            this.log?.debug(`Creating new session for ${destination} via setConnectionConfig: mcpUrl(${serviceUrl.substring(0, 40)}...), token(${config.authorizationToken?.length || 0} chars)`);
             const newSession = {
-                mcpUrl: config.serviceUrl,
+                mcpUrl: serviceUrl,
                 jwtToken: config.authorizationToken || '',
             };
             await this.saveSession(destination, newSession);
-            this.log?.info(`Session created for ${destination}: mcpUrl(${config.serviceUrl ? config.serviceUrl.substring(0, 40) + '...' : 'none'}), token(${config.authorizationToken?.length || 0} chars)`);
+            this.log?.info(`Session created for ${destination}: mcpUrl(${serviceUrl.substring(0, 40)}...), token(${config.authorizationToken?.length || 0} chars)`);
             return;
         }
         // Update connection fields
+        this.log?.debug(`Updating connection config for existing session ${destination}: serviceUrl(${config.serviceUrl ? config.serviceUrl.substring(0, 40) + '...' : 'unchanged'}), token(${config.authorizationToken?.length || 0} chars)`);
         const updated = {
             ...current,
             mcpUrl: config.serviceUrl !== undefined ? config.serviceUrl : current.mcpUrl,
             jwtToken: config.authorizationToken !== undefined ? config.authorizationToken : current.jwtToken,
         };
         await this.saveSession(destination, updated);
+        this.log?.info(`Connection config updated for ${destination}: serviceUrl(${updated.mcpUrl ? updated.mcpUrl.substring(0, 40) + '...' : 'none'}), token(${config.authorizationToken?.length || 0} chars)`);
     }
 }
 exports.BtpSessionStore = BtpSessionStore;

package/dist/stores/btp/SafeBtpSessionStore.d.ts

@@ -14,11 +14,13 @@ import type { IConnectionConfig, ISessionStore, IAuthorizationConfig, IConfig, I
 export declare class SafeBtpSessionStore implements ISessionStore {
     private sessions;
     private log?;
+    private defaultServiceUrl;
     /**
      * Create a new SafeBtpSessionStore instance
+     * @param defaultServiceUrl Default service URL (required for BTP/XSUAA - cannot be obtained from service key)
      * @param log Optional logger for logging operations
      */
-    constructor(log?: ILogger);
+    constructor(defaultServiceUrl: string, log?: ILogger);
     private loadRawSession;
     private validateSessionConfig;
     private convertToInternalFormat;

package/dist/stores/btp/SafeBtpSessionStore.js

@@ -16,11 +16,14 @@ exports.SafeBtpSessionStore = void 0;
 class SafeBtpSessionStore {
     sessions = new Map();
     log;
+    defaultServiceUrl;
     /**
      * Create a new SafeBtpSessionStore instance
+     * @param defaultServiceUrl Default service URL (required for BTP/XSUAA - cannot be obtained from service key)
      * @param log Optional logger for logging operations
      */
-    constructor(log) {
+    constructor(defaultServiceUrl, log) {
+        this.defaultServiceUrl = defaultServiceUrl;
         this.log = log;
     }
     loadRawSession(destination) {
@@ -90,17 +93,27 @@ class SafeBtpSessionStore {
         this.sessions.set(destination, internalConfig);
     }
     async deleteSession(destination) {
-        this.sessions.delete(destination);
+        if (this.sessions.has(destination)) {
+            this.log?.debug(`Deleting session for destination: ${destination}`);
+            this.sessions.delete(destination);
+            this.log?.info(`Session deleted for destination: ${destination}`);
+        }
+        else {
+            this.log?.debug(`Session not found for deletion: ${destination}`);
+        }
     }
     async getConnectionConfig(destination) {
         const sessionConfig = this.loadRawSession(destination);
         if (!sessionConfig) {
+            this.log?.debug(`Connection config not found for ${destination}`);
             return null;
         }
         // Return null if jwtToken is undefined or null (but allow empty string)
         if (sessionConfig.jwtToken === undefined || sessionConfig.jwtToken === null) {
+            this.log?.warn(`Connection config for ${destination} missing required field: jwtToken`);
             return null;
         }
+        this.log?.debug(`Connection config loaded for ${destination}: token(${sessionConfig.jwtToken.length} chars), serviceUrl(${sessionConfig.mcpUrl ? sessionConfig.mcpUrl.substring(0, 40) + '...' : 'none'})`);
         return {
             serviceUrl: sessionConfig.mcpUrl, // May be undefined for base BTP
             authorizationToken: sessionConfig.jwtToken,
@@ -110,17 +123,19 @@ class SafeBtpSessionStore {
         const current = this.loadRawSession(destination);
         if (!current) {
             // Session doesn't exist - create new one
-            // For BTP, mcpUrl is optional
-            this.log?.debug(`Creating new session for ${destination} via setConnectionConfig: mcpUrl(${config.serviceUrl ? config.serviceUrl.substring(0, 40) + '...' : 'none'}), token(${config.authorizationToken?.length || 0} chars)`);
+            // For BTP, use config.serviceUrl if provided, otherwise use defaultServiceUrl (required)
+            const serviceUrl = config.serviceUrl || this.defaultServiceUrl;
+            this.log?.debug(`Creating new session for ${destination} via setConnectionConfig: mcpUrl(${serviceUrl.substring(0, 40)}...), token(${config.authorizationToken?.length || 0} chars)`);
             const newSession = {
-                mcpUrl: config.serviceUrl,
+                mcpUrl: serviceUrl,
                 jwtToken: config.authorizationToken || '',
             };
             // Save directly to Map (internal format)
             this.sessions.set(destination, newSession);
-            this.log?.info(`Session created for ${destination}: mcpUrl(${config.serviceUrl ? config.serviceUrl.substring(0, 40) + '...' : 'none'}), token(${config.authorizationToken?.length || 0} chars)`);
+            this.log?.info(`Session created for ${destination}: mcpUrl(${serviceUrl.substring(0, 40)}...), token(${config.authorizationToken?.length || 0} chars)`);
             return;
         }
+        this.log?.debug(`Updating connection config for existing session ${destination}: serviceUrl(${config.serviceUrl ? config.serviceUrl.substring(0, 40) + '...' : 'unchanged'}), token(${config.authorizationToken?.length || 0} chars)`);
         const updated = {
             ...current,
             mcpUrl: config.serviceUrl !== undefined ? config.serviceUrl : current.mcpUrl,
@@ -128,15 +143,19 @@ class SafeBtpSessionStore {
         };
         // Save directly to Map (internal format)
         this.sessions.set(destination, updated);
+        this.log?.info(`Connection config updated for ${destination}: serviceUrl(${updated.mcpUrl ? updated.mcpUrl.substring(0, 40) + '...' : 'none'}), token(${config.authorizationToken?.length || 0} chars)`);
     }
     async getAuthorizationConfig(destination) {
         const sessionConfig = this.loadRawSession(destination);
         if (!sessionConfig) {
+            this.log?.debug(`Authorization config not found for ${destination}`);
             return null;
         }
         if (!sessionConfig.uaaUrl || !sessionConfig.uaaClientId || !sessionConfig.uaaClientSecret) {
+            this.log?.warn(`Authorization config for ${destination} missing required UAA fields`);
             return null;
         }
+        this.log?.debug(`Authorization config loaded for ${destination}: uaaUrl(${sessionConfig.uaaUrl.substring(0, 30)}...), hasRefreshToken(${!!sessionConfig.refreshToken})`);
         return {
             uaaUrl: sessionConfig.uaaUrl,
             uaaClientId: sessionConfig.uaaClientId,
@@ -148,10 +167,10 @@ class SafeBtpSessionStore {
         const current = this.loadRawSession(destination);
         if (!current) {
             // Session doesn't exist - create new one
-            // For BTP, mcpUrl is optional, so we can create session without it
-            this.log?.debug(`Creating new session for ${destination} via setAuthorizationConfig`);
+            // For BTP, use defaultServiceUrl (required - cannot be obtained from service key)
+            this.log?.debug(`Creating new session for ${destination} via setAuthorizationConfig: mcpUrl(${this.defaultServiceUrl.substring(0, 40)}...)`);
             const newSession = {
-                mcpUrl: undefined, // Will be set when connection config is set
+                mcpUrl: this.defaultServiceUrl,
                 jwtToken: '', // Will be set when connection config is set
                 uaaUrl: config.uaaUrl,
                 uaaClientId: config.uaaClientId,
@@ -160,8 +179,10 @@ class SafeBtpSessionStore {
             };
             // Save directly to Map (internal format)
             this.sessions.set(destination, newSession);
+            this.log?.info(`New session created for ${destination} via setAuthorizationConfig: uaaUrl(${config.uaaUrl.substring(0, 30)}...), hasRefreshToken(${!!config.refreshToken})`);
             return;
         }
+        this.log?.debug(`Updating authorization config for existing session ${destination}: uaaUrl(${config.uaaUrl.substring(0, 30)}...), hasRefreshToken(${!!config.refreshToken})`);
         const updated = {
             ...current,
             uaaUrl: config.uaaUrl,
@@ -171,6 +192,7 @@ class SafeBtpSessionStore {
         };
         // Save directly to Map (internal format)
         this.sessions.set(destination, updated);
+        this.log?.info(`Authorization config updated for ${destination}: uaaUrl(${config.uaaUrl.substring(0, 30)}...), hasRefreshToken(${!!config.refreshToken})`);
     }
 }
 exports.SafeBtpSessionStore = SafeBtpSessionStore;

package/dist/stores/xsuaa/SafeXsuaaSessionStore.d.ts

@@ -14,11 +14,13 @@ import type { IConnectionConfig, ISessionStore, IAuthorizationConfig, IConfig, I
 export declare class SafeXsuaaSessionStore implements ISessionStore {
     private sessions;
     private log?;
+    private defaultServiceUrl;
     /**
      * Create a new SafeXsuaaSessionStore instance
+     * @param defaultServiceUrl Default service URL (required for XSUAA - cannot be obtained from service key)
      * @param log Optional logger for logging operations
      */
-    constructor(log?: ILogger);
+    constructor(defaultServiceUrl: string, log?: ILogger);
     private loadRawSession;
     private validateSessionConfig;
     private convertToInternalFormat;

package/dist/stores/xsuaa/SafeXsuaaSessionStore.js

@@ -16,11 +16,14 @@ exports.SafeXsuaaSessionStore = void 0;
 class SafeXsuaaSessionStore {
     sessions = new Map();
     log;
+    defaultServiceUrl;
     /**
      * Create a new SafeXsuaaSessionStore instance
+     * @param defaultServiceUrl Default service URL (required for XSUAA - cannot be obtained from service key)
      * @param log Optional logger for logging operations
      */
-    constructor(log) {
+    constructor(defaultServiceUrl, log) {
+        this.defaultServiceUrl = defaultServiceUrl;
         this.log = log;
     }
     loadRawSession(destination) {
@@ -90,7 +93,14 @@ class SafeXsuaaSessionStore {
         this.sessions.set(destination, internalConfig);
     }
     async deleteSession(destination) {
-        this.sessions.delete(destination);
+        if (this.sessions.has(destination)) {
+            this.log?.debug(`Deleting session for destination: ${destination}`);
+            this.sessions.delete(destination);
+            this.log?.info(`Session deleted for destination: ${destination}`);
+        }
+        else {
+            this.log?.debug(`Session not found for deletion: ${destination}`);
+        }
     }
     async getConnectionConfig(destination) {
         const sessionConfig = this.loadRawSession(destination);
@@ -110,17 +120,19 @@ class SafeXsuaaSessionStore {
         const current = this.loadRawSession(destination);
         if (!current) {
             // Session doesn't exist - create new one
-            // For XSUAA, mcpUrl is optional
-            this.log?.debug(`Creating new session for ${destination} via setConnectionConfig: mcpUrl(${config.serviceUrl ? config.serviceUrl.substring(0, 40) + '...' : 'none'}), token(${config.authorizationToken?.length || 0} chars)`);
+            // For XSUAA, use config.serviceUrl if provided, otherwise use defaultServiceUrl (required)
+            const serviceUrl = config.serviceUrl || this.defaultServiceUrl;
+            this.log?.debug(`Creating new session for ${destination} via setConnectionConfig: mcpUrl(${serviceUrl.substring(0, 40)}...), token(${config.authorizationToken?.length || 0} chars)`);
             const newSession = {
-                mcpUrl: config.serviceUrl,
+                mcpUrl: serviceUrl,
                 jwtToken: config.authorizationToken || '',
             };
             // Save directly to Map (internal format)
             this.sessions.set(destination, newSession);
-            this.log?.info(`Session created for ${destination}: mcpUrl(${config.serviceUrl ? config.serviceUrl.substring(0, 40) + '...' : 'none'}), token(${config.authorizationToken?.length || 0} chars)`);
+            this.log?.info(`Session created for ${destination}: mcpUrl(${serviceUrl.substring(0, 40)}...), token(${config.authorizationToken?.length || 0} chars)`);
             return;
         }
+        this.log?.debug(`Updating connection config for existing session ${destination}: serviceUrl(${config.serviceUrl ? config.serviceUrl.substring(0, 40) + '...' : 'unchanged'}), token(${config.authorizationToken?.length || 0} chars)`);
         const updated = {
             ...current,
             mcpUrl: config.serviceUrl !== undefined ? config.serviceUrl : current.mcpUrl,
@@ -128,15 +140,19 @@ class SafeXsuaaSessionStore {
         };
         // Save directly to Map (internal format)
         this.sessions.set(destination, updated);
+        this.log?.info(`Connection config updated for ${destination}: serviceUrl(${updated.mcpUrl ? updated.mcpUrl.substring(0, 40) + '...' : 'none'}), token(${config.authorizationToken?.length || 0} chars)`);
     }
     async getAuthorizationConfig(destination) {
         const sessionConfig = this.loadRawSession(destination);
         if (!sessionConfig) {
+            this.log?.debug(`Authorization config not found for ${destination}`);
             return null;
         }
         if (!sessionConfig.uaaUrl || !sessionConfig.uaaClientId || !sessionConfig.uaaClientSecret) {
+            this.log?.warn(`Authorization config for ${destination} missing required UAA fields`);
             return null;
         }
+        this.log?.debug(`Authorization config loaded for ${destination}: uaaUrl(${sessionConfig.uaaUrl.substring(0, 30)}...), hasRefreshToken(${!!sessionConfig.refreshToken})`);
         return {
             uaaUrl: sessionConfig.uaaUrl,
             uaaClientId: sessionConfig.uaaClientId,
@@ -148,10 +164,10 @@ class SafeXsuaaSessionStore {
         const current = this.loadRawSession(destination);
         if (!current) {
             // Session doesn't exist - create new one
-            // For XSUAA, mcpUrl is optional, so we can create session without it
-            this.log?.debug(`Creating new session for ${destination} via setAuthorizationConfig`);
+            // For XSUAA, use defaultServiceUrl (required - cannot be obtained from service key)
+            this.log?.debug(`Creating new session for ${destination} via setAuthorizationConfig: mcpUrl(${this.defaultServiceUrl.substring(0, 40)}...)`);
             const newSession = {
-                mcpUrl: undefined, // Will be set when connection config is set
+                mcpUrl: this.defaultServiceUrl,
                 jwtToken: '', // Will be set when connection config is set
                 uaaUrl: config.uaaUrl,
                 uaaClientId: config.uaaClientId,
@@ -160,8 +176,10 @@ class SafeXsuaaSessionStore {
             };
             // Save directly to Map (internal format)
             this.sessions.set(destination, newSession);
+            this.log?.info(`New session created for ${destination} via setAuthorizationConfig: uaaUrl(${config.uaaUrl.substring(0, 30)}...), hasRefreshToken(${!!config.refreshToken})`);
             return;
         }
+        this.log?.debug(`Updating authorization config for existing session ${destination}: uaaUrl(${config.uaaUrl.substring(0, 30)}...), hasRefreshToken(${!!config.refreshToken})`);
         const updated = {
             ...current,
             uaaUrl: config.uaaUrl,
@@ -171,6 +189,7 @@ class SafeXsuaaSessionStore {
         };
         // Save directly to Map (internal format)
         this.sessions.set(destination, updated);
+        this.log?.info(`Authorization config updated for ${destination}: uaaUrl(${config.uaaUrl.substring(0, 30)}...), hasRefreshToken(${!!config.refreshToken})`);
     }
 }
 exports.SafeXsuaaSessionStore = SafeXsuaaSessionStore;

package/dist/stores/xsuaa/XsuaaSessionStore.d.ts

@@ -17,12 +17,14 @@ import type { IAuthorizationConfig, IConnectionConfig, ISessionStore, IConfig, I
 export declare class XsuaaSessionStore implements ISessionStore {
     protected directory: string;
     private log?;
+    private defaultServiceUrl;
     /**
      * Create a new XsuaaSessionStore instance
      * @param directory Directory where session .env files are located
+     * @param defaultServiceUrl Default service URL (required for XSUAA - cannot be obtained from service key)
      * @param log Optional logger for logging operations
      */
-    constructor(directory: string, log?: ILogger);
+    constructor(directory: string, defaultServiceUrl: string, log?: ILogger);
     /**
      * Get file name for destination
      * @param destination Destination name

package/dist/stores/xsuaa/XsuaaSessionStore.js

@@ -56,13 +56,16 @@ const path = __importStar(require("path"));
 class XsuaaSessionStore {
     directory;
     log;
+    defaultServiceUrl;
     /**
      * Create a new XsuaaSessionStore instance
      * @param directory Directory where session .env files are located
+     * @param defaultServiceUrl Default service URL (required for XSUAA - cannot be obtained from service key)
      * @param log Optional logger for logging operations
      */
-    constructor(directory, log) {
+    constructor(directory, defaultServiceUrl, log) {
         this.directory = directory;
+        this.defaultServiceUrl = defaultServiceUrl;
         this.log = log;
         // Ensure directory exists - create if it doesn't
         if (!fs.existsSync(directory)) {
@@ -172,7 +175,12 @@ class XsuaaSessionStore {
         const fileName = `${destination}.env`;
         const filePath = path.join(this.directory, fileName);
         if (fs.existsSync(filePath)) {
+            this.log?.debug(`Deleting session for destination: ${destination}`);
             fs.unlinkSync(filePath);
+            this.log?.info(`Session deleted for destination: ${destination}`);
+        }
+        else {
+            this.log?.debug(`Session file not found for deletion: ${destination}`);
         }
     }
     /**
@@ -211,11 +219,13 @@ class XsuaaSessionStore {
         try {
             const raw = await this.loadFromFile(sessionPath);
             if (!raw || !isXsuaaSessionConfig(raw)) {
+                this.log?.debug(`Invalid session format for ${destination}: missing required fields (jwtToken)`);
                 return null;
             }
             return raw;
         }
         catch (error) {
+            this.log?.error(`Error loading session for ${destination}: ${error instanceof Error ? error.message : String(error)}`);
             return null;
         }
     }
@@ -240,23 +250,26 @@ class XsuaaSessionStore {
         const current = await this.loadRawSession(destination);
         if (!current) {
             // Session doesn't exist - create new one
-            // For XSUAA, mcpUrl is optional
-            this.log?.debug(`Creating new session for ${destination} via setConnectionConfig: mcpUrl(${config.serviceUrl ? config.serviceUrl.substring(0, 40) + '...' : 'none'}), token(${config.authorizationToken?.length || 0} chars)`);
+            // For XSUAA, use config.serviceUrl if provided, otherwise use defaultServiceUrl (required)
+            const serviceUrl = config.serviceUrl || this.defaultServiceUrl;
+            this.log?.debug(`Creating new session for ${destination} via setConnectionConfig: mcpUrl(${serviceUrl.substring(0, 40)}...), token(${config.authorizationToken?.length || 0} chars)`);
             const newSession = {
-                mcpUrl: config.serviceUrl,
+                mcpUrl: serviceUrl,
                 jwtToken: config.authorizationToken || '',
             };
             await this.saveSession(destination, newSession);
-            this.log?.info(`Session created for ${destination}: mcpUrl(${config.serviceUrl ? config.serviceUrl.substring(0, 40) + '...' : 'none'}), token(${config.authorizationToken?.length || 0} chars)`);
+            this.log?.info(`Session created for ${destination}: mcpUrl(${serviceUrl.substring(0, 40)}...), token(${config.authorizationToken?.length || 0} chars)`);
             return;
         }
         // Update connection fields
+        this.log?.debug(`Updating connection config for existing session ${destination}: serviceUrl(${config.serviceUrl ? config.serviceUrl.substring(0, 40) + '...' : 'unchanged'}), token(${config.authorizationToken?.length || 0} chars)`);
         const updated = {
             ...current,
             mcpUrl: config.serviceUrl !== undefined ? config.serviceUrl : current.mcpUrl,
             jwtToken: config.authorizationToken !== undefined ? config.authorizationToken : current.jwtToken,
         };
         await this.saveSession(destination, updated);
+        this.log?.info(`Connection config updated for ${destination}: serviceUrl(${updated.mcpUrl ? updated.mcpUrl.substring(0, 40) + '...' : 'none'}), token(${config.authorizationToken?.length || 0} chars)`);
     }
     async getAuthorizationConfig(destination) {
         const sessionConfig = await this.loadRawSession(destination);
@@ -280,10 +293,10 @@ class XsuaaSessionStore {
         const current = await this.loadRawSession(destination);
         if (!current) {
             // Session doesn't exist - create new one
-            // For XSUAA, mcpUrl is optional, so we can create session without it
-            this.log?.debug(`Creating new session for ${destination} via setAuthorizationConfig`);
+            // For XSUAA, use defaultServiceUrl (required - cannot be obtained from service key)
+            this.log?.debug(`Creating new session for ${destination} via setAuthorizationConfig: mcpUrl(${this.defaultServiceUrl.substring(0, 40)}...)`);
             const newSession = {
-                mcpUrl: undefined, // Will be set when connection config is set
+                mcpUrl: this.defaultServiceUrl,
                 jwtToken: '', // Will be set when connection config is set
                 uaaUrl: config.uaaUrl,
                 uaaClientId: config.uaaClientId,
@@ -291,9 +304,11 @@ class XsuaaSessionStore {
                 refreshToken: config.refreshToken,
             };
             await this.saveSession(destination, newSession);
+            this.log?.info(`New session created for ${destination} via setAuthorizationConfig: uaaUrl(${config.uaaUrl.substring(0, 30)}...), hasRefreshToken(${!!config.refreshToken})`);
             return;
         }
         // Update authorization fields
+        this.log?.debug(`Updating authorization config for existing session ${destination}: uaaUrl(${config.uaaUrl.substring(0, 30)}...), hasRefreshToken(${!!config.refreshToken})`);
         const updated = {
             ...current,
             uaaUrl: config.uaaUrl,
@@ -302,6 +317,7 @@ class XsuaaSessionStore {
             refreshToken: config.refreshToken || current.refreshToken,
         };
         await this.saveSession(destination, updated);
+        this.log?.info(`Authorization config updated for ${destination}: uaaUrl(${config.uaaUrl.substring(0, 30)}...), hasRefreshToken(${!!config.refreshToken})`);
     }
 }
 exports.XsuaaSessionStore = XsuaaSessionStore;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mcp-abap-adt/auth-stores",
-  "version": "0.1.7",
+  "version": "0.2.0",
   "description": "Stores for MCP ABAP ADT auth-broker - BTP, ABAP, and XSUAA implementations",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -49,7 +49,7 @@
     "node": ">=18.0.0"
   },
   "dependencies": {
-    "@mcp-abap-adt/interfaces": "^0.1.3",
+    "@mcp-abap-adt/interfaces": "^0.1.4",
     "dotenv": "^17.2.1"
   },
   "devDependencies": {