@mcp-abap-adt/auth-stores 0.2.1 → 0.2.5

package/CHANGELOG.md

@@ -7,6 +7,52 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [0.2.5] - 2025-12-19
+
+### Fixed
+- **Version Correction**: This release corrects the version numbering issue. The typed error classes and service key store updates that were documented in 0.2.4 were released after 0.2.4 was already published. This version properly documents those changes.
+
+## [0.2.4] - 2025-12-19
+
+### Added
+- **Typed Error Classes**: Added typed error classes for better error handling in auth-broker
+  - `StoreError` - Base error class with error code
+  - `FileNotFoundError` - File not found errors (includes filePath)
+  - `ParseError` - JSON/YAML parsing errors (includes filePath and cause)
+  - `InvalidConfigError` - Missing required config fields (includes missingFields array)
+  - `StorageError` - File write/permission errors (includes operation and cause)
+
+### Changed
+- **Service Key Stores**: Now throw typed errors instead of generic Error
+  - `FileNotFoundError` when service key file not found (returns null)
+  - `ParseError` when JSON parsing fails or format is invalid
+  - `InvalidConfigError` when required UAA fields are missing (returns null)
+- **Dependency**: Updated `@mcp-abap-adt/interfaces` to `^0.2.3` for STORE_ERROR_CODES
+
+## [0.2.3] - 2025-12-16
+
+### Changed
+- Dependency bump: `@mcp-abap-adt/interfaces` to `^0.1.17` for basic auth support
+
+### Added
+- **Basic Authentication Support for On-Premise Systems**: Added support for basic auth (username/password) in addition to JWT tokens
+  - **envLoader.ts**: Now loads `SAP_USERNAME` and `SAP_PASSWORD` from `.env` files
+    - Automatically detects auth type: if username/password present and no JWT token, uses basic auth
+    - If JWT token present, uses JWT auth
+  - **AbapSessionStore.getConnectionConfig()**: Returns basic auth config when username/password are present
+    - Returns `IConnectionConfig` with `username`, `password`, and `authType: 'basic'` for on-premise systems
+    - Returns `IConnectionConfig` with `authorizationToken` and `authType: 'jwt'` for cloud systems
+  - **tokenStorage.ts**: Now saves `SAP_USERNAME` and `SAP_PASSWORD` to `.env` files
+    - Handles both JWT and basic auth configurations
+    - Clears username/password when JWT auth is used, and vice versa
+  - **constants.ts**: Added `USERNAME: 'SAP_USERNAME'` and `PASSWORD: 'SAP_PASSWORD'` to `ABAP_CONNECTION_VARS`
+  - This enables on-premise systems to use `--mcp` parameter with basic auth instead of requiring JWT tokens
+
+## [0.2.2] - 2025-12-13
+
+### Changed
+- Dependency bump: `@mcp-abap-adt/interfaces` to `^0.1.16` for alignment with latest interfaces docs
+
 ## [0.2.1] - 2025-12-12
 
 ### Changed

package/README.md

@@ -198,6 +198,58 @@ The `defaultServiceUrl` is used when creating new sessions via `setConnectionCon
 
 ## File Handlers
 
+This package provides utility classes for safe file operations:
+
+### Error Handling
+
+All service key stores throw typed errors for better error handling:
+
+```typescript
+import { 
+  BtpServiceKeyStore,
+  FileNotFoundError,
+  ParseError,
+  InvalidConfigError 
+} from '@mcp-abap-adt/auth-stores';
+import { STORE_ERROR_CODES } from '@mcp-abap-adt/interfaces';
+
+const serviceKeyStore = new BtpServiceKeyStore('/path/to/keys');
+
+try {
+  const authConfig = await serviceKeyStore.getAuthorizationConfig('TRIAL');
+  console.log('Auth config loaded:', authConfig);
+} catch (error: any) {
+  if (error.code === STORE_ERROR_CODES.FILE_NOT_FOUND) {
+    // File not found - returns null instead of throwing
+    console.error('Service key file not found:', error.filePath);
+  } else if (error.code === STORE_ERROR_CODES.PARSE_ERROR) {
+    // JSON parsing failed or invalid format
+    console.error('Failed to parse service key:', error.filePath);
+    console.error('Cause:', error.cause);
+  } else if (error.code === STORE_ERROR_CODES.INVALID_CONFIG) {
+    // Required UAA fields missing - returns null instead of throwing
+    console.error('Invalid config:', error.missingFields);
+  } else if (error.code === STORE_ERROR_CODES.STORAGE_ERROR) {
+    // File write/permission error
+    console.error('Storage operation failed:', error.operation);
+    console.error('Cause:', error.cause);
+  } else {
+    // Generic error
+    console.error('Unexpected error:', error.message);
+  }
+}
+```
+
+**Error Types:**
+- **`FileNotFoundError`** - Service key file not found (includes `filePath`)
+- **`ParseError`** - JSON parsing failed or invalid format (includes `filePath` and `cause`)
+- **`InvalidConfigError`** - Required configuration fields missing (includes `missingFields` array)
+- **`StorageError`** - File write or permission error (includes `operation` and `cause`)
+
+**Note**: Most errors result in `null` return values rather than exceptions. Only fatal errors (like JSON parsing failures) throw exceptions.
+
+## File Handlers
+
 Utility classes for working with files:
 
 ### JsonFileHandler

package/dist/errors/StoreErrors.d.ts

@@ -0,0 +1,41 @@
+/**
+ * Store error codes and typed error classes
+ */
+import { type StoreErrorCode } from '@mcp-abap-adt/interfaces';
+/**
+ * Base error class for all store errors
+ */
+export declare class StoreError extends Error {
+    readonly code: StoreErrorCode;
+    constructor(message: string, code: StoreErrorCode);
+}
+/**
+ * Error thrown when a file is not found
+ */
+export declare class FileNotFoundError extends StoreError {
+    readonly filePath: string;
+    constructor(filePath: string, message?: string);
+}
+/**
+ * Error thrown when a file cannot be parsed (invalid JSON, YAML, etc.)
+ */
+export declare class ParseError extends StoreError {
+    readonly filePath?: string;
+    readonly cause?: Error;
+    constructor(message: string, filePath?: string, cause?: Error);
+}
+/**
+ * Error thrown when required configuration fields are missing
+ */
+export declare class InvalidConfigError extends StoreError {
+    readonly missingFields: string[];
+    constructor(message: string, missingFields?: string[]);
+}
+/**
+ * Error thrown when storage operations fail (file write, permission denied, etc.)
+ */
+export declare class StorageError extends StoreError {
+    readonly operation: string;
+    readonly cause?: Error;
+    constructor(operation: string, message: string, cause?: Error);
+}

package/dist/errors/StoreErrors.js

@@ -0,0 +1,76 @@
+"use strict";
+/**
+ * Store error codes and typed error classes
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.StorageError = exports.InvalidConfigError = exports.ParseError = exports.FileNotFoundError = exports.StoreError = void 0;
+const interfaces_1 = require("@mcp-abap-adt/interfaces");
+/**
+ * Base error class for all store errors
+ */
+class StoreError extends Error {
+    code;
+    constructor(message, code) {
+        super(message);
+        this.name = 'StoreError';
+        this.code = code;
+        Object.setPrototypeOf(this, StoreError.prototype);
+    }
+}
+exports.StoreError = StoreError;
+/**
+ * Error thrown when a file is not found
+ */
+class FileNotFoundError extends StoreError {
+    filePath;
+    constructor(filePath, message) {
+        super(message || `File not found: ${filePath}`, interfaces_1.STORE_ERROR_CODES.FILE_NOT_FOUND);
+        this.name = 'FileNotFoundError';
+        this.filePath = filePath;
+        Object.setPrototypeOf(this, FileNotFoundError.prototype);
+    }
+}
+exports.FileNotFoundError = FileNotFoundError;
+/**
+ * Error thrown when a file cannot be parsed (invalid JSON, YAML, etc.)
+ */
+class ParseError extends StoreError {
+    filePath;
+    cause;
+    constructor(message, filePath, cause) {
+        super(message, interfaces_1.STORE_ERROR_CODES.PARSE_ERROR);
+        this.name = 'ParseError';
+        this.filePath = filePath;
+        this.cause = cause;
+        Object.setPrototypeOf(this, ParseError.prototype);
+    }
+}
+exports.ParseError = ParseError;
+/**
+ * Error thrown when required configuration fields are missing
+ */
+class InvalidConfigError extends StoreError {
+    missingFields;
+    constructor(message, missingFields = []) {
+        super(message, interfaces_1.STORE_ERROR_CODES.INVALID_CONFIG);
+        this.name = 'InvalidConfigError';
+        this.missingFields = missingFields;
+        Object.setPrototypeOf(this, InvalidConfigError.prototype);
+    }
+}
+exports.InvalidConfigError = InvalidConfigError;
+/**
+ * Error thrown when storage operations fail (file write, permission denied, etc.)
+ */
+class StorageError extends StoreError {
+    operation;
+    cause;
+    constructor(operation, message, cause) {
+        super(message, interfaces_1.STORE_ERROR_CODES.STORAGE_ERROR);
+        this.name = 'StorageError';
+        this.operation = operation;
+        this.cause = cause;
+        Object.setPrototypeOf(this, StorageError.prototype);
+    }
+}
+exports.StorageError = StorageError;

package/dist/index.d.ts

@@ -13,6 +13,7 @@ export { AbapServiceKeyStore } from './stores/abap/AbapServiceKeyStore';
 export { XsuaaSessionStore } from './stores/xsuaa/XsuaaSessionStore';
 export { SafeXsuaaSessionStore } from './stores/xsuaa/SafeXsuaaSessionStore';
 export { XsuaaServiceKeyStore } from './stores/xsuaa/XsuaaServiceKeyStore';
+export { StoreError, FileNotFoundError, ParseError, InvalidConfigError, StorageError } from './errors/StoreErrors';
 export { resolveSearchPaths, findFileInPaths } from './utils/pathResolver';
 export { JsonFileHandler } from './utils/JsonFileHandler';
 export { EnvFileHandler } from './utils/EnvFileHandler';

package/dist/index.js

@@ -6,7 +6,7 @@
  * Provides BTP, ABAP, and XSUAA store implementations
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.loadXSUAAServiceKey = exports.loadServiceKey = exports.XSUAA_CONNECTION_VARS = exports.XSUAA_AUTHORIZATION_VARS = exports.BTP_CONNECTION_VARS = exports.BTP_AUTHORIZATION_VARS = exports.ABAP_CONNECTION_VARS = exports.ABAP_AUTHORIZATION_VARS = exports.EnvFileHandler = exports.JsonFileHandler = exports.findFileInPaths = exports.resolveSearchPaths = exports.XsuaaServiceKeyStore = exports.SafeXsuaaSessionStore = exports.XsuaaSessionStore = exports.AbapServiceKeyStore = exports.SafeAbapSessionStore = exports.AbapSessionStore = exports.BtpServiceKeyStore = exports.SafeBtpSessionStore = exports.BtpSessionStore = void 0;
+exports.loadXSUAAServiceKey = exports.loadServiceKey = exports.XSUAA_CONNECTION_VARS = exports.XSUAA_AUTHORIZATION_VARS = exports.BTP_CONNECTION_VARS = exports.BTP_AUTHORIZATION_VARS = exports.ABAP_CONNECTION_VARS = exports.ABAP_AUTHORIZATION_VARS = exports.EnvFileHandler = exports.JsonFileHandler = exports.findFileInPaths = exports.resolveSearchPaths = exports.StorageError = exports.InvalidConfigError = exports.ParseError = exports.FileNotFoundError = exports.StoreError = exports.XsuaaServiceKeyStore = exports.SafeXsuaaSessionStore = exports.XsuaaSessionStore = exports.AbapServiceKeyStore = exports.SafeAbapSessionStore = exports.AbapSessionStore = exports.BtpServiceKeyStore = exports.SafeBtpSessionStore = exports.BtpSessionStore = void 0;
 // BTP stores (base BTP without sapUrl)
 var BtpSessionStore_1 = require("./stores/btp/BtpSessionStore");
 Object.defineProperty(exports, "BtpSessionStore", { enumerable: true, get: function () { return BtpSessionStore_1.BtpSessionStore; } });
@@ -28,6 +28,13 @@ var SafeXsuaaSessionStore_1 = require("./stores/xsuaa/SafeXsuaaSessionStore");
 Object.defineProperty(exports, "SafeXsuaaSessionStore", { enumerable: true, get: function () { return SafeXsuaaSessionStore_1.SafeXsuaaSessionStore; } });
 var XsuaaServiceKeyStore_1 = require("./stores/xsuaa/XsuaaServiceKeyStore");
 Object.defineProperty(exports, "XsuaaServiceKeyStore", { enumerable: true, get: function () { return XsuaaServiceKeyStore_1.XsuaaServiceKeyStore; } });
+// Error classes
+var StoreErrors_1 = require("./errors/StoreErrors");
+Object.defineProperty(exports, "StoreError", { enumerable: true, get: function () { return StoreErrors_1.StoreError; } });
+Object.defineProperty(exports, "FileNotFoundError", { enumerable: true, get: function () { return StoreErrors_1.FileNotFoundError; } });
+Object.defineProperty(exports, "ParseError", { enumerable: true, get: function () { return StoreErrors_1.ParseError; } });
+Object.defineProperty(exports, "InvalidConfigError", { enumerable: true, get: function () { return StoreErrors_1.InvalidConfigError; } });
+Object.defineProperty(exports, "StorageError", { enumerable: true, get: function () { return StoreErrors_1.StorageError; } });
 // Utils
 var pathResolver_1 = require("./utils/pathResolver");
 Object.defineProperty(exports, "resolveSearchPaths", { enumerable: true, get: function () { return pathResolver_1.resolveSearchPaths; } });

package/dist/storage/abap/envLoader.d.ts

@@ -5,7 +5,10 @@ import type { ILogger } from '@mcp-abap-adt/interfaces';
 interface EnvConfig {
     sapUrl: string;
     sapClient?: string;
-    jwtToken: string;
+    jwtToken?: string;
+    username?: string;
+    password?: string;
+    authType?: 'basic' | 'jwt';
     refreshToken?: string;
     uaaUrl?: string;
     uaaClientId?: string;

package/dist/storage/abap/envLoader.js

@@ -65,16 +65,38 @@ async function loadEnvFile(destination, directory, log) {
         // Extract required fields
         const sapUrl = parsed[constants_1.ABAP_CONNECTION_VARS.SERVICE_URL];
         const jwtToken = parsed[constants_1.ABAP_CONNECTION_VARS.AUTHORIZATION_TOKEN];
-        log?.debug(`Extracted fields: hasSapUrl(${!!sapUrl}), hasJwtToken(${jwtToken !== undefined && jwtToken !== null})`);
-        // sapUrl is required, jwtToken can be empty string (for authorization-only sessions)
-        if (!sapUrl || jwtToken === undefined || jwtToken === null) {
-            log?.warn(`Env file missing required fields: sapUrl(${!!sapUrl}), jwtToken(${jwtToken !== undefined && jwtToken !== null})`);
+        const username = parsed[constants_1.ABAP_CONNECTION_VARS.USERNAME];
+        const password = parsed[constants_1.ABAP_CONNECTION_VARS.PASSWORD];
+        log?.debug(`Extracted fields: hasSapUrl(${!!sapUrl}), hasJwtToken(${jwtToken !== undefined && jwtToken !== null}), hasUsername(${!!username}), hasPassword(${!!password})`);
+        // sapUrl is always required
+        if (!sapUrl) {
+            log?.warn(`Env file missing required field: sapUrl`);
             return null;
         }
+        // Determine auth type: if username/password present and no jwtToken, use basic auth
+        // If jwtToken present, use JWT auth
+        // If neither is present, it's OK - auth can be set later (e.g., via setAuthorizationConfig)
+        const isBasicAuth = !!(username && password) && (!jwtToken || jwtToken.trim() === '');
+        const isJwtAuth = !!(jwtToken && jwtToken.trim() !== '');
+        const hasNoAuth = !isBasicAuth && !isJwtAuth;
         const config = {
             sapUrl: sapUrl.trim(),
-            jwtToken: jwtToken.trim(), // Can be empty string for authorization-only sessions
         };
+        // Set authentication fields based on type
+        if (isBasicAuth) {
+            config.username = username.trim();
+            config.password = password.trim();
+            config.authType = 'basic';
+        }
+        else if (isJwtAuth) {
+            config.jwtToken = jwtToken.trim();
+            config.authType = 'jwt';
+        }
+        else {
+            // No auth yet - will be set later (e.g., via setAuthorizationConfig)
+            config.jwtToken = jwtToken || '';
+            config.authType = undefined;
+        }
         // Optional fields
         if (parsed[constants_1.ABAP_CONNECTION_VARS.SAP_CLIENT]) {
             config.sapClient = parsed[constants_1.ABAP_CONNECTION_VARS.SAP_CLIENT].trim();
@@ -94,7 +116,11 @@ async function loadEnvFile(destination, directory, log) {
         if (parsed[constants_1.ABAP_CONNECTION_VARS.SAP_LANGUAGE]) {
             config.language = parsed[constants_1.ABAP_CONNECTION_VARS.SAP_LANGUAGE].trim();
         }
-        log?.info(`Env config loaded from ${envFilePath}: sapUrl(${config.sapUrl.substring(0, 50)}...), token(${config.jwtToken.length} chars), hasRefreshToken(${!!config.refreshToken}), hasUaaUrl(${!!config.uaaUrl})`);
+        const tokenLength = config.jwtToken?.length || 0;
+        const authInfo = config.authType === 'basic'
+            ? `basic auth (username: ${config.username})`
+            : `JWT token(${tokenLength} chars)`;
+        log?.info(`Env config loaded from ${envFilePath}: sapUrl(${config.sapUrl.substring(0, 50)}...), ${authInfo}, hasRefreshToken(${!!config.refreshToken}), hasUaaUrl(${!!config.uaaUrl})`);
         return config;
     }
     catch (error) {

package/dist/storage/abap/tokenStorage.d.ts

@@ -5,7 +5,10 @@ import type { ILogger } from '@mcp-abap-adt/interfaces';
 interface EnvConfig {
     sapUrl: string;
     sapClient?: string;
-    jwtToken: string;
+    jwtToken?: string;
+    username?: string;
+    password?: string;
+    authType?: 'basic' | 'jwt';
     refreshToken?: string;
     uaaUrl?: string;
     uaaClientId?: string;
@@ -20,7 +23,7 @@ interface EnvConfig {
  * @param log Optional logger for logging operations
  */
 export declare function saveTokenToEnv(destination: string, savePath: string, config: Partial<EnvConfig> & {
-    sapUrl?: string;
-    jwtToken: string;
+    sapUrl: string;
+    jwtToken?: string;
 }, log?: ILogger): Promise<void>;
 export {};

package/dist/storage/abap/tokenStorage.js

@@ -51,7 +51,9 @@ async function saveTokenToEnv(destination, savePath, config, log) {
     const envFilePath = path.join(savePath, `${destination}.env`);
     const tempFilePath = `${envFilePath}.tmp`;
     log?.debug(`Saving token to env file: ${envFilePath}`);
-    log?.debug(`Config to save: hasSapUrl(${!!config.sapUrl}), token(${config.jwtToken.length} chars), hasRefreshToken(${!!config.refreshToken}), hasUaaUrl(${!!config.uaaUrl})`);
+    const tokenLength = config.jwtToken?.length || 0;
+    const hasBasicAuth = !!(config.username && config.password);
+    log?.debug(`Config to save: hasSapUrl(${!!config.sapUrl}), token(${tokenLength} chars), hasBasicAuth(${hasBasicAuth}), hasRefreshToken(${!!config.refreshToken}), hasUaaUrl(${!!config.uaaUrl})`);
     // Ensure directory exists
     if (!fs.existsSync(savePath)) {
         log?.debug(`Creating directory: ${savePath}`);
@@ -83,10 +85,25 @@ async function saveTokenToEnv(destination, savePath, config, log) {
     }
     log?.debug(`Preserved ${existingVars.size} existing variables from env file`);
     // Update with new values
-    if (config.sapUrl) {
-        existingVars.set(constants_1.ABAP_CONNECTION_VARS.SERVICE_URL, config.sapUrl);
+    // sapUrl is required - always save it
+    existingVars.set(constants_1.ABAP_CONNECTION_VARS.SERVICE_URL, config.sapUrl);
+    // Handle authentication: JWT or basic auth
+    if (config.username && config.password) {
+        // Basic auth - save username/password
+        existingVars.set(constants_1.ABAP_CONNECTION_VARS.USERNAME, config.username);
+        existingVars.set(constants_1.ABAP_CONNECTION_VARS.PASSWORD, config.password);
+        // Clear JWT token if basic auth is used
+        if (config.jwtToken) {
+            existingVars.set(constants_1.ABAP_CONNECTION_VARS.AUTHORIZATION_TOKEN, '');
+        }
+    }
+    else if (config.jwtToken) {
+        // JWT auth - save token
+        existingVars.set(constants_1.ABAP_CONNECTION_VARS.AUTHORIZATION_TOKEN, config.jwtToken);
+        // Clear username/password if JWT auth is used
+        existingVars.delete(constants_1.ABAP_CONNECTION_VARS.USERNAME);
+        existingVars.delete(constants_1.ABAP_CONNECTION_VARS.PASSWORD);
     }
-    existingVars.set(constants_1.ABAP_CONNECTION_VARS.AUTHORIZATION_TOKEN, config.jwtToken);
     if (config.sapClient) {
         existingVars.set(constants_1.ABAP_CONNECTION_VARS.SAP_CLIENT, config.sapClient);
     }
@@ -120,5 +137,8 @@ async function saveTokenToEnv(destination, savePath, config, log) {
     fs.writeFileSync(tempFilePath, envContent, 'utf8');
     // Atomic rename
     fs.renameSync(tempFilePath, envFilePath);
-    log?.info(`Token saved to ${envFilePath}: token(${config.jwtToken.length} chars), sapUrl(${config.sapUrl ? config.sapUrl.substring(0, 50) + '...' : 'none'}), variables(${envLines.length})`);
+    const authInfo = hasBasicAuth
+        ? `basic auth (username: ${config.username})`
+        : `JWT token(${tokenLength} chars)`;
+    log?.info(`Token saved to ${envFilePath}: ${authInfo}, sapUrl(${config.sapUrl ? config.sapUrl.substring(0, 50) + '...' : 'none'}), variables(${envLines.length})`);
 }

package/dist/stores/abap/AbapServiceKeyStore.js

@@ -39,6 +39,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.AbapServiceKeyStore = void 0;
 const JsonFileHandler_1 = require("../../utils/JsonFileHandler");
 const AbapServiceKeyParser_1 = require("../../parsers/abap/AbapServiceKeyParser");
+const StoreErrors_1 = require("../../errors/StoreErrors");
 const path = __importStar(require("path"));
 /**
  * ABAP Service key store implementation
@@ -112,7 +113,7 @@ class AbapServiceKeyStore {
         }
         catch (error) {
             this.log?.error(`Failed to parse service key from ${filePath}: ${error instanceof Error ? error.message : String(error)}`);
-            throw new Error(`Failed to parse service key for destination "${destination}": ${error instanceof Error ? error.message : String(error)}`);
+            throw new StoreErrors_1.ParseError(`Failed to parse service key for destination "${destination}"`, filePath, error instanceof Error ? error : undefined);
         }
     }
     /**

package/dist/stores/abap/AbapSessionStore.js

@@ -94,9 +94,8 @@ class AbapSessionStore {
     convertToInternalFormat(config) {
         const obj = config;
         // Convert IConfig format (serviceUrl, authorizationToken) to internal format (sapUrl, jwtToken)
-        return {
+        const result = {
             sapUrl: (obj.serviceUrl || obj.sapUrl),
-            jwtToken: (obj.authorizationToken || obj.jwtToken || ''), // Ensure jwtToken is always a string
             refreshToken: obj.refreshToken,
             uaaUrl: obj.uaaUrl,
             uaaClientId: obj.uaaClientId,
@@ -104,6 +103,20 @@ class AbapSessionStore {
             sapClient: obj.sapClient,
             language: obj.language,
         };
+        // Handle authentication: JWT or basic auth
+        if (obj.username && obj.password) {
+            // Basic auth
+            result.username = obj.username;
+            result.password = obj.password;
+            result.authType = 'basic';
+            result.jwtToken = obj.authorizationToken || obj.jwtToken || '';
+        }
+        else {
+            // JWT auth
+            result.jwtToken = (obj.authorizationToken || obj.jwtToken || '');
+            result.authType = 'jwt';
+        }
+        return result;
     }
     /**
      * Save session to ENV file
@@ -125,6 +138,9 @@ class AbapSessionStore {
         await (0, tokenStorage_1.saveTokenToEnv)(destination, savePath, {
             sapUrl: abapConfig.sapUrl,
             jwtToken: abapConfig.jwtToken,
+            username: abapConfig.username,
+            password: abapConfig.password,
+            authType: abapConfig.authType,
             refreshToken: abapConfig.refreshToken,
             uaaUrl: abapConfig.uaaUrl,
             uaaClientId: abapConfig.uaaClientId,
@@ -193,6 +209,16 @@ class AbapSessionStore {
         if (rawSession.jwtToken !== undefined) {
             result.authorizationToken = rawSession.jwtToken;
         }
+        // Basic auth fields (if present)
+        if (rawSession.username) {
+            result.username = rawSession.username;
+        }
+        if (rawSession.password) {
+            result.password = rawSession.password;
+        }
+        if (rawSession.authType) {
+            result.authType = rawSession.authType;
+        }
         if (rawSession.sapClient) {
             result.sapClient = rawSession.sapClient;
         }
@@ -230,7 +256,7 @@ class AbapSessionStore {
         try {
             const raw = await this.loadFromFile(sessionPath);
             if (!raw || !isEnvConfig(raw)) {
-                this.log?.debug(`Invalid session format for ${destination}: missing required fields (sapUrl, jwtToken)`);
+                this.log?.debug(`Invalid session format for ${destination}: missing required field (sapUrl)`);
                 return null;
             }
             return raw;
@@ -276,14 +302,38 @@ class AbapSessionStore {
             this.log?.debug(`Connection config not found for ${destination}`);
             return null;
         }
-        if (!sessionConfig.jwtToken || !sessionConfig.sapUrl) {
-            this.log?.warn(`Connection config for ${destination} missing required fields: jwtToken(${!!sessionConfig.jwtToken}), sapUrl(${!!sessionConfig.sapUrl})`);
+        if (!sessionConfig.sapUrl) {
+            this.log?.warn(`Connection config for ${destination} missing required field: sapUrl`);
             return null;
         }
-        this.log?.debug(`Connection config loaded for ${destination}: token(${sessionConfig.jwtToken.length} chars), sapUrl(${sessionConfig.sapUrl.substring(0, 40)}...)`);
+        // Check for basic auth: if username/password present and no jwtToken, use basic auth
+        const isBasicAuth = sessionConfig.authType === 'basic' ||
+            (!sessionConfig.jwtToken && sessionConfig.username && sessionConfig.password);
+        if (isBasicAuth) {
+            if (!sessionConfig.username || !sessionConfig.password) {
+                this.log?.warn(`Connection config for ${destination} missing required fields for basic auth: username(${!!sessionConfig.username}), password(${!!sessionConfig.password})`);
+                return null;
+            }
+            this.log?.debug(`Connection config loaded for ${destination} (basic auth): username(${sessionConfig.username}), sapUrl(${sessionConfig.sapUrl.substring(0, 40)}...)`);
+            return {
+                serviceUrl: sessionConfig.sapUrl,
+                username: sessionConfig.username,
+                password: sessionConfig.password,
+                authType: 'basic',
+                sapClient: sessionConfig.sapClient,
+                language: sessionConfig.language,
+            };
+        }
+        // JWT auth: check jwtToken
+        if (!sessionConfig.jwtToken) {
+            this.log?.warn(`Connection config for ${destination} missing required field for JWT auth: jwtToken`);
+            return null;
+        }
+        this.log?.debug(`Connection config loaded for ${destination} (JWT auth): token(${sessionConfig.jwtToken.length} chars), sapUrl(${sessionConfig.sapUrl.substring(0, 40)}...)`);
         return {
             serviceUrl: sessionConfig.sapUrl,
             authorizationToken: sessionConfig.jwtToken,
+            authType: 'jwt',
             sapClient: sessionConfig.sapClient,
             language: sessionConfig.language,
         };
@@ -298,10 +348,27 @@ class AbapSessionStore {
     async setAuthorizationConfig(destination, config) {
         const current = await this.loadRawSession(destination);
         if (!current) {
-            // Session doesn't exist - try to get serviceUrl from connection config or use defaultServiceUrl
+            // Session doesn't exist - try to get serviceUrl from existing session file or use defaultServiceUrl
             // For ABAP, we need sapUrl to create session
-            const connConfig = await this.getConnectionConfig(destination);
-            const sapUrl = connConfig?.serviceUrl || this.defaultServiceUrl;
+            let sapUrl = this.defaultServiceUrl;
+            let existingAuthToken = '';
+            let existingUsername;
+            let existingPassword;
+            let existingAuthType;
+            // Try to load existing session file to get serviceUrl and auth info
+            try {
+                const existingSession = await this.loadSession(destination);
+                if (existingSession?.serviceUrl) {
+                    sapUrl = existingSession.serviceUrl;
+                    existingAuthToken = existingSession.authorizationToken || '';
+                    existingUsername = existingSession?.username;
+                    existingPassword = existingSession?.password;
+                    existingAuthType = existingSession?.authType;
+                }
+            }
+            catch {
+                // Ignore errors when loading session - will use defaultServiceUrl
+            }
             if (!sapUrl) {
                 this.log?.error(`Cannot set authorization config for ${destination}: session does not exist and serviceUrl is required. Missing defaultServiceUrl in constructor.`);
                 throw new Error(`Cannot set authorization config for destination "${destination}": session does not exist and serviceUrl is required for ABAP sessions. Call setConnectionConfig first or provide defaultServiceUrl in constructor.`);
@@ -309,7 +376,10 @@ class AbapSessionStore {
             this.log?.debug(`Creating new session for ${destination} via setAuthorizationConfig: sapUrl(${sapUrl.substring(0, 40)}...)`);
             const newSession = {
                 serviceUrl: sapUrl,
-                authorizationToken: connConfig?.authorizationToken || '', // Use token from connection config if available
+                authorizationToken: existingAuthToken,
+                username: existingUsername,
+                password: existingPassword,
+                authType: existingAuthType,
                 uaaUrl: config.uaaUrl,
                 uaaClientId: config.uaaClientId,
                 uaaClientSecret: config.uaaClientSecret,
@@ -387,5 +457,6 @@ function isEnvConfig(config) {
     if (!config || typeof config !== 'object')
         return false;
     const obj = config;
-    return 'sapUrl' in obj && 'jwtToken' in obj;
+    // Must have sapUrl (authentication fields are optional - can be set later)
+    return 'sapUrl' in obj;
 }

package/dist/stores/abap/SafeAbapSessionStore.js

@@ -55,6 +55,9 @@ class SafeAbapSessionStore {
         const internal = {
             sapUrl: (obj.serviceUrl || obj.sapUrl),
             jwtToken: (obj.authorizationToken || obj.jwtToken),
+            username: obj.username,
+            password: obj.password,
+            authType: obj.authType,
             refreshToken: obj.refreshToken,
             uaaUrl: obj.uaaUrl,
             uaaClientId: obj.uaaClientId,
@@ -130,14 +133,38 @@ class SafeAbapSessionStore {
             this.log?.debug(`Connection config not found for ${destination}`);
             return null;
         }
-        if (!sessionConfig.jwtToken || !sessionConfig.sapUrl) {
-            this.log?.warn(`Connection config for ${destination} missing required fields: jwtToken(${!!sessionConfig.jwtToken}), sapUrl(${!!sessionConfig.sapUrl})`);
+        if (!sessionConfig.sapUrl) {
+            this.log?.warn(`Connection config for ${destination} missing required field: sapUrl`);
             return null;
         }
-        this.log?.debug(`Connection config loaded for ${destination}: token(${sessionConfig.jwtToken.length} chars), sapUrl(${sessionConfig.sapUrl.substring(0, 40)}...)`);
+        // Check for basic auth: if username/password present and no jwtToken, use basic auth
+        const isBasicAuth = sessionConfig.authType === 'basic' ||
+            (!sessionConfig.jwtToken && sessionConfig.username && sessionConfig.password);
+        if (isBasicAuth) {
+            if (!sessionConfig.username || !sessionConfig.password) {
+                this.log?.warn(`Connection config for ${destination} missing required fields for basic auth: username(${!!sessionConfig.username}), password(${!!sessionConfig.password})`);
+                return null;
+            }
+            this.log?.debug(`Connection config loaded for ${destination} (basic auth): username(${sessionConfig.username}), sapUrl(${sessionConfig.sapUrl.substring(0, 40)}...)`);
+            return {
+                serviceUrl: sessionConfig.sapUrl,
+                username: sessionConfig.username,
+                password: sessionConfig.password,
+                authType: 'basic',
+                sapClient: sessionConfig.sapClient,
+                language: sessionConfig.language,
+            };
+        }
+        // JWT auth: check jwtToken
+        if (!sessionConfig.jwtToken) {
+            this.log?.warn(`Connection config for ${destination} missing required field for JWT auth: jwtToken`);
+            return null;
+        }
+        this.log?.debug(`Connection config loaded for ${destination} (JWT auth): token(${sessionConfig.jwtToken.length} chars), sapUrl(${sessionConfig.sapUrl.substring(0, 40)}...)`);
         return {
             serviceUrl: sessionConfig.sapUrl,
             authorizationToken: sessionConfig.jwtToken,
+            authType: 'jwt',
             sapClient: sessionConfig.sapClient,
             language: sessionConfig.language,
         };
@@ -155,7 +182,10 @@ class SafeAbapSessionStore {
             this.log?.debug(`Creating new session for ${destination} via setConnectionConfig: serviceUrl(${serviceUrl.substring(0, 40)}...), token(${config.authorizationToken?.length || 0} chars)`);
             const newSession = {
                 sapUrl: serviceUrl,
-                jwtToken: config.authorizationToken || '',
+                jwtToken: config.authorizationToken,
+                username: config.username,
+                password: config.password,
+                authType: config.authType,
                 sapClient: config.sapClient,
                 language: config.language,
             };
@@ -168,7 +198,10 @@ class SafeAbapSessionStore {
         const updated = {
             ...current,
             sapUrl: config.serviceUrl || current.sapUrl,
-            jwtToken: config.authorizationToken,
+            jwtToken: config.authorizationToken || current.jwtToken || '',
+            username: config.username !== undefined ? config.username : current.username,
+            password: config.password !== undefined ? config.password : current.password,
+            authType: config.authType !== undefined ? config.authType : current.authType,
             sapClient: config.sapClient !== undefined ? config.sapClient : current.sapClient,
             language: config.language !== undefined ? config.language : current.language,
         };

package/dist/stores/btp/BtpServiceKeyStore.js

@@ -6,6 +6,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.BtpServiceKeyStore = void 0;
 const JsonFileHandler_1 = require("../../utils/JsonFileHandler");
 const XsuaaServiceKeyParser_1 = require("../../parsers/xsuaa/XsuaaServiceKeyParser");
+const StoreErrors_1 = require("../../errors/StoreErrors");
 /**
  * Base BTP Service key store implementation
  *
@@ -73,7 +74,7 @@ class BtpServiceKeyStore {
         }
         catch (error) {
             this.log?.error(`Failed to parse service key for ${destination}: ${error instanceof Error ? error.message : String(error)}`);
-            throw new Error(`Failed to parse service key for destination "${destination}": ${error instanceof Error ? error.message : String(error)}`);
+            throw new StoreErrors_1.ParseError(`Failed to parse service key for destination "${destination}"`, `${destination}.json`, error instanceof Error ? error : undefined);
         }
     }
     /**

package/dist/stores/xsuaa/XsuaaServiceKeyStore.js

@@ -6,6 +6,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.XsuaaServiceKeyStore = void 0;
 const JsonFileHandler_1 = require("../../utils/JsonFileHandler");
 const XsuaaServiceKeyParser_1 = require("../../parsers/xsuaa/XsuaaServiceKeyParser");
+const StoreErrors_1 = require("../../errors/StoreErrors");
 /**
  * XSUAA Service key store implementation
  *
@@ -73,7 +74,7 @@ class XsuaaServiceKeyStore {
         }
         catch (error) {
             this.log?.error(`Failed to parse service key for ${destination}: ${error instanceof Error ? error.message : String(error)}`);
-            throw new Error(`Failed to parse service key for destination "${destination}": ${error instanceof Error ? error.message : String(error)}`);
+            throw new StoreErrors_1.ParseError(`Failed to parse service key for destination "${destination}"`, `${destination}.json`, error instanceof Error ? error : undefined);
         }
     }
     /**
@@ -107,7 +108,7 @@ class XsuaaServiceKeyStore {
         }
         catch (error) {
             this.log?.error(`Failed to parse service key for ${destination}: ${error instanceof Error ? error.message : String(error)}`);
-            throw new Error(`Failed to parse service key for destination "${destination}": ${error instanceof Error ? error.message : String(error)}`);
+            throw new StoreErrors_1.ParseError(`Failed to parse service key for destination "${destination}"`, `${destination}.json`, error instanceof Error ? error : undefined);
         }
     }
 }

package/dist/utils/constants.d.ts

@@ -48,6 +48,10 @@ export declare const ABAP_CONNECTION_VARS: {
     readonly SERVICE_URL: "SAP_URL";
     /** Authorization token (JWT token) */
     readonly AUTHORIZATION_TOKEN: "SAP_JWT_TOKEN";
+    /** Username for basic authentication (on-premise systems) */
+    readonly USERNAME: "SAP_USERNAME";
+    /** Password for basic authentication (on-premise systems) */
+    readonly PASSWORD: "SAP_PASSWORD";
     /** SAP client number (optional) */
     readonly SAP_CLIENT: "SAP_CLIENT";
     /** Language (optional) */

package/dist/utils/constants.js

@@ -51,6 +51,10 @@ exports.ABAP_CONNECTION_VARS = {
     SERVICE_URL: 'SAP_URL',
     /** Authorization token (JWT token) */
     AUTHORIZATION_TOKEN: 'SAP_JWT_TOKEN',
+    /** Username for basic authentication (on-premise systems) */
+    USERNAME: 'SAP_USERNAME',
+    /** Password for basic authentication (on-premise systems) */
+    PASSWORD: 'SAP_PASSWORD',
     /** SAP client number (optional) */
     SAP_CLIENT: 'SAP_CLIENT',
     /** Language (optional) */

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mcp-abap-adt/auth-stores",
-  "version": "0.2.1",
+  "version": "0.2.5",
   "description": "Stores for MCP ABAP ADT auth-broker - BTP, ABAP, and XSUAA implementations",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -49,7 +49,7 @@
     "node": ">=18.0.0"
   },
   "dependencies": {
-    "@mcp-abap-adt/interfaces": "^0.1.6",
+    "@mcp-abap-adt/interfaces": "^0.2.3",
     "dotenv": "^17.2.1"
   },
   "devDependencies": {