@mcp-abap-adt/connection 0.1.12 → 0.1.14

package/README.md

@@ -46,6 +46,58 @@ The package uses a clean separation of concerns:
   - Permission vs auth error detection
   - Suitable for SAP BTP ABAP Environment
 
+## Responsibilities and Design Principles
+
+### Core Development Principle
+
+**Interface-Only Communication**: This package follows a fundamental development principle: **all interactions with external dependencies happen ONLY through interfaces**. The code knows **NOTHING beyond what is defined in the interfaces**.
+
+This means:
+- Does not know about concrete implementation classes from other packages
+- Does not know about internal data structures or methods not defined in interfaces
+- Does not make assumptions about implementation behavior beyond interface contracts
+- Does not access properties or methods not explicitly defined in interfaces
+
+This principle ensures:
+- **Loose coupling**: Connection classes are decoupled from concrete implementations in other packages
+- **Flexibility**: New implementations can be added without modifying connection classes
+- **Testability**: Easy to mock dependencies for testing
+- **Maintainability**: Changes to implementations don't affect connection classes
+
+### Package Responsibilities
+
+This package is responsible for:
+
+1. **HTTP communication with SAP systems**: Makes HTTP requests to SAP ABAP systems via ADT protocol
+2. **Authentication handling**: Supports Basic Auth and JWT/OAuth2 authentication methods
+3. **Session management**: Manages cookies, CSRF tokens, and session state
+4. **Token refresh**: Automatically refreshes expired JWT tokens (for `JwtAbapConnection`)
+5. **Error handling**: Distinguishes between authentication errors and permission errors
+
+#### What This Package Does
+
+- **Provides connection abstraction**: `AbapConnection` interface for interacting with SAP systems
+- **Handles HTTP requests**: Makes requests to SAP ADT endpoints with proper headers and authentication
+- **Manages sessions**: Handles cookies, CSRF tokens, and session state persistence
+- **Refreshes tokens**: Automatically refreshes expired JWT tokens when detected
+- **Validates tokens**: Detects expired tokens by analyzing HTTP response codes (401/403)
+
+#### What This Package Does NOT Do
+
+- **Does NOT obtain tokens**: Token acquisition is handled by `@mcp-abap-adt/auth-providers` and `@mcp-abap-adt/auth-broker`
+- **Does NOT store tokens**: Token storage is handled by `@mcp-abap-adt/auth-stores`
+- **Does NOT orchestrate authentication**: Token lifecycle management is handled by `@mcp-abap-adt/auth-broker`
+- **Does NOT know about destinations**: Destination-based authentication is handled by consumers
+- **Does NOT handle OAuth2 flows**: OAuth2 flows are handled by token providers
+
+### External Dependencies
+
+This package interacts with external packages **ONLY through interfaces**:
+
+- **Logger interface**: Uses `ILogger` interface for logging - does not know about concrete logger implementation
+- **Session storage interface**: Uses `ISessionStorage` interface for session persistence - does not know about concrete storage implementation
+- **No direct dependencies on auth packages**: All token-related operations are handled through configuration (`SapConfig`) passed by consumers
+
 ## Documentation
 
 - 📦 **[Installation Guide](./docs/INSTALLATION.md)** - Setup and installation instructions
@@ -371,6 +423,66 @@ function createAbapConnection(
 ): AbapConnection;
 ```
 
+#### `CSRF_CONFIG` and `CSRF_ERROR_MESSAGES`
+
+**New in 0.1.13+:** Exported constants for consistent CSRF token handling across different connection implementations.
+
+```typescript
+import { CSRF_CONFIG, CSRF_ERROR_MESSAGES } from '@mcp-abap-adt/connection';
+
+// CSRF_CONFIG contains:
+// - RETRY_COUNT: number (default: 3)
+// - RETRY_DELAY: number (default: 1000ms)
+// - ENDPOINT: string (default: '/sap/bc/adt/core/discovery')
+// - REQUIRED_HEADERS: { 'x-csrf-token': 'fetch', 'Accept': 'application/atomsvc+xml' }
+
+// CSRF_ERROR_MESSAGES contains:
+// - FETCH_FAILED(attempts: number, cause: string): string
+// - NOT_IN_HEADERS: string
+// - REQUIRED_FOR_MUTATION: string
+```
+
+**Use case:** When implementing custom connection classes (e.g., Cloud SDK-based), you can use these constants to ensure consistent CSRF token handling:
+
+```typescript
+import { CSRF_CONFIG, CSRF_ERROR_MESSAGES } from '@mcp-abap-adt/connection';
+
+async function fetchCsrfToken(baseUrl: string): Promise<string> {
+  const csrfUrl = `${baseUrl}${CSRF_CONFIG.ENDPOINT}`;
+  
+  for (let attempt = 0; attempt <= CSRF_CONFIG.RETRY_COUNT; attempt++) {
+    try {
+      const response = await yourHttpClient.get(csrfUrl, {
+        headers: CSRF_CONFIG.REQUIRED_HEADERS
+      });
+      
+      const token = response.headers['x-csrf-token'];
+      if (!token) {
+        if (attempt < CSRF_CONFIG.RETRY_COUNT) {
+          await new Promise(resolve => setTimeout(resolve, CSRF_CONFIG.RETRY_DELAY));
+          continue;
+        }
+        throw new Error(CSRF_ERROR_MESSAGES.NOT_IN_HEADERS);
+      }
+      
+      return token;
+    } catch (error) {
+      if (attempt >= CSRF_CONFIG.RETRY_COUNT) {
+        throw new Error(
+          CSRF_ERROR_MESSAGES.FETCH_FAILED(
+            CSRF_CONFIG.RETRY_COUNT + 1,
+            error instanceof Error ? error.message : String(error)
+          )
+        );
+      }
+      await new Promise(resolve => setTimeout(resolve, CSRF_CONFIG.RETRY_DELAY));
+    }
+  }
+}
+```
+
+See [PR Proposal](./PR_PROPOSAL_CSRF_CONFIG.md) for more details.
+
 ## Requirements
 
 - Node.js >= 18.0.0
@@ -380,11 +492,10 @@ function createAbapConnection(
 
 See [CHANGELOG.md](./CHANGELOG.md) for detailed version history and breaking changes.
 
-**Latest version: 0.1.9**
-- Comprehensive documentation updates
-- Enhanced README with new API methods documentation
-- Complete version history in CHANGELOG
-- Fixed documentation structure and links
+**Latest version: 0.1.13**
+- Added `CSRF_CONFIG` and `CSRF_ERROR_MESSAGES` exports for consistent CSRF token handling
+- Updated CSRF token endpoint to `/sap/bc/adt/core/discovery` (lighter response, available on all systems)
+- See [CHANGELOG.md](./CHANGELOG.md) for full details
 
 ## Documentation
 

package/dist/config/sapConfig.d.ts

@@ -1,15 +1,5 @@
-export type SapAuthType = "basic" | "jwt";
-export interface SapConfig {
-    url: string;
-    client?: string;
-    authType: SapAuthType;
-    username?: string;
-    password?: string;
-    jwtToken?: string;
-    refreshToken?: string;
-    uaaUrl?: string;
-    uaaClientId?: string;
-    uaaClientSecret?: string;
-}
-export declare function sapConfigSignature(config: SapConfig): string;
+import type { ISapConfig, SapAuthType } from '@mcp-abap-adt/interfaces';
+export type { SapAuthType };
+export type SapConfig = ISapConfig;
+export declare function sapConfigSignature(config: ISapConfig): string;
 //# sourceMappingURL=sapConfig.d.ts.map

package/dist/config/sapConfig.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"sapConfig.d.ts","sourceRoot":"","sources":["../../src/config/sapConfig.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,WAAW,GAAG,OAAO,GAAG,KAAK,CAAC;AAE1C,MAAM,WAAW,SAAS;IACxB,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,WAAW,CAAC;IACtB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,eAAe,CAAC,EAAE,MAAM,CAAC;CAC1B;AAED,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,SAAS,GAAG,MAAM,CAmB5D"}
+{"version":3,"file":"sapConfig.d.ts","sourceRoot":"","sources":["../../src/config/sapConfig.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAGxE,YAAY,EAAE,WAAW,EAAE,CAAC;AAC5B,MAAM,MAAM,SAAS,GAAG,UAAU,CAAC;AAEnC,wBAAgB,kBAAkB,CAAC,MAAM,EAAE,UAAU,GAAG,MAAM,CAmB7D"}

package/dist/connection/AbapConnection.d.ts

@@ -1,24 +1,4 @@
-import { AxiosResponse } from "axios";
-import { SapConfig } from "../config/sapConfig.js";
-import { SessionState } from "../logger.js";
-export interface AbapRequestOptions {
-    url: string;
-    method: string;
-    timeout: number;
-    data?: any;
-    params?: any;
-    headers?: Record<string, string>;
-}
-export interface AbapConnection {
-    getConfig(): SapConfig;
-    getBaseUrl(): Promise<string>;
-    getAuthHeaders(): Promise<Record<string, string>>;
-    getSessionId(): string | null;
-    setSessionType(type: "stateful" | "stateless"): void;
-    makeAdtRequest(options: AbapRequestOptions): Promise<AxiosResponse>;
-    connect(): Promise<void>;
-    reset(): void;
-    getSessionState(): SessionState | null;
-    setSessionState(state: SessionState): void;
-}
+import type { IAbapRequestOptions, IAbapConnection } from '@mcp-abap-adt/interfaces';
+export type AbapRequestOptions = IAbapRequestOptions;
+export type AbapConnection = IAbapConnection;
 //# sourceMappingURL=AbapConnection.d.ts.map

package/dist/connection/AbapConnection.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"AbapConnection.d.ts","sourceRoot":"","sources":["../../src/connection/AbapConnection.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,OAAO,CAAC;AACtC,OAAO,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AACnD,OAAO,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAE5C,MAAM,WAAW,kBAAkB;IACjC,GAAG,EAAE,MAAM,CAAC;IACZ,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,CAAC,EAAE,GAAG,CAAC;IACX,MAAM,CAAC,EAAE,GAAG,CAAC;IACb,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CAClC;AAED,MAAM,WAAW,cAAc;IAC7B,SAAS,IAAI,SAAS,CAAC;IACvB,UAAU,IAAI,OAAO,CAAC,MAAM,CAAC,CAAC;IAC9B,cAAc,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;IAClD,YAAY,IAAI,MAAM,GAAG,IAAI,CAAC;IAC9B,cAAc,CAAC,IAAI,EAAE,UAAU,GAAG,WAAW,GAAG,IAAI,CAAC;IACrD,cAAc,CAAC,OAAO,EAAE,kBAAkB,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC;IACpE,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;IACzB,KAAK,IAAI,IAAI,CAAC;IACd,eAAe,IAAI,YAAY,GAAG,IAAI,CAAC;IACvC,eAAe,CAAC,KAAK,EAAE,YAAY,GAAG,IAAI,CAAC;CAC5C"}
+{"version":3,"file":"AbapConnection.d.ts","sourceRoot":"","sources":["../../src/connection/AbapConnection.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EAAE,mBAAmB,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAGrF,MAAM,MAAM,kBAAkB,GAAG,mBAAmB,CAAC;AACrD,MAAM,MAAM,cAAc,GAAG,eAAe,CAAC"}

package/dist/connection/AbstractAbapConnection.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"AbstractAbapConnection.d.ts","sourceRoot":"","sources":["../../src/connection/AbstractAbapConnection.ts"],"names":[],"mappings":"AAAA,OAAc,EAAiD,aAAa,EAAE,MAAM,OAAO,CAAC;AAG5F,OAAO,EAAE,OAAO,EAAE,eAAe,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAEtE,OAAO,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AACnD,OAAO,EAAE,cAAc,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AAEzE,uBAAe,sBAAuB,YAAW,cAAc;IAW3D,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,SAAS,CAAC,QAAQ,CAAC,MAAM,EAAE,OAAO;IAXpC,OAAO,CAAC,aAAa,CAA8B;IACnD,OAAO,CAAC,SAAS,CAAuB;IACxC,OAAO,CAAC,OAAO,CAAuB;IACtC,OAAO,CAAC,WAAW,CAAkC;IACrD,OAAO,CAAC,OAAO,CAAS;IACxB,OAAO,CAAC,SAAS,CAAuB;IACxC,OAAO,CAAC,cAAc,CAAgC;IACtD,OAAO,CAAC,WAAW,CAAyC;IAE5D,SAAS,aACU,MAAM,EAAE,SAAS,EACf,MAAM,EAAE,OAAO,EAClC,cAAc,CAAC,EAAE,eAAe,EAChC,SAAS,CAAC,EAAE,MAAM;IAmBpB;;;;;OAKG;IACH,cAAc,CAAC,IAAI,EAAE,UAAU,GAAG,WAAW,GAAG,IAAI;IAQpD;;;;;OAKG;IACH,qBAAqB,IAAI,IAAI;IAI7B;;;;OAIG;IACG,sBAAsB,CAAC,iBAAiB,GAAE,OAAe,GAAG,OAAO,CAAC,IAAI,CAAC;IAgB/E;;OAEG;IACH,cAAc,IAAI,WAAW,GAAG,UAAU;IAI1C;;;;OAIG;IACH,YAAY,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI;IASrC;;OAEG;IACH,YAAY,IAAI,MAAM,GAAG,IAAI;IAI7B;;;OAGG;IACG,iBAAiB,CAAC,OAAO,EAAE,eAAe,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;IAcvE;;OAEG;IACH,iBAAiB,IAAI,eAAe,GAAG,IAAI;IAI3C;;OAEG;IACG,gBAAgB,IAAI,OAAO,CAAC,IAAI,CAAC;IAyBvC;;;OAGG;IACG,gBAAgB,IAAI,OAAO,CAAC,IAAI,CAAC;IAyBvC;;;;OAIG;IACH,eAAe,IAAI,YAAY,GAAG,IAAI;IAYtC;;;;OAIG;IACH,eAAe,CAAC,KAAK,EAAE,YAAY,GAAG,IAAI;IAY1C;;OAEG;IACG,iBAAiB,IAAI,OAAO,CAAC,IAAI,CAAC;IAkBxC,SAAS,IAAI,SAAS;IAItB,KAAK,IAAI,IAAI;IAYP,UAAU,IAAI,OAAO,CAAC,MAAM,CAAC;IAI7B,cAAc,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAevD;;;;;;;;OAQG;IACH,QAAQ,CAAC,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAE3B,cAAc,CAAC,OAAO,EAAE,kBAAkB,GAAG,OAAO,CAAC,aAAa,CAAC;IAsNzE,SAAS,CAAC,QAAQ,CAAC,wBAAwB,IAAI,MAAM;IAErD;;;OAGG;cACa,cAAc,CAAC,GAAG,EAAE,MAAM,EAAE,UAAU,SAAI,EAAE,UAAU,SAAO,GAAG,OAAO,CAAC,MAAM,CAAC;IAgL/F;;OAEG;IACH,SAAS,CAAC,YAAY,IAAI,MAAM,GAAG,IAAI;IAIvC;;OAEG;IACH,SAAS,CAAC,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,GAAG,IAAI;IAIlD;;OAEG;IACH,SAAS,CAAC,UAAU,IAAI,MAAM,GAAG,IAAI;IAIrC,OAAO,CAAC,yBAAyB;IAuDjC,OAAO,CAAC,gBAAgB;YAqBV,oBAAoB;IAwBlC,OAAO,CAAC,eAAe;CAyBxB;AAGD,OAAO,EAAE,sBAAsB,EAAE,CAAC"}
+{"version":3,"file":"AbstractAbapConnection.d.ts","sourceRoot":"","sources":["../../src/connection/AbstractAbapConnection.ts"],"names":[],"mappings":"AAAA,OAAc,EAAiD,aAAa,EAAE,MAAM,OAAO,CAAC;AAG5F,OAAO,EAAE,OAAO,EAAE,eAAe,EAAE,YAAY,EAAE,MAAM,cAAc,CAAC;AAEtE,OAAO,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AACnD,OAAO,EAAE,cAAc,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AAGzE,uBAAe,sBAAuB,YAAW,cAAc;IAW3D,OAAO,CAAC,QAAQ,CAAC,MAAM;IACvB,SAAS,CAAC,QAAQ,CAAC,MAAM,EAAE,OAAO;IAXpC,OAAO,CAAC,aAAa,CAA8B;IACnD,OAAO,CAAC,SAAS,CAAuB;IACxC,OAAO,CAAC,OAAO,CAAuB;IACtC,OAAO,CAAC,WAAW,CAAkC;IACrD,OAAO,CAAC,OAAO,CAAS;IACxB,OAAO,CAAC,SAAS,CAAuB;IACxC,OAAO,CAAC,cAAc,CAAgC;IACtD,OAAO,CAAC,WAAW,CAAyC;IAE5D,SAAS,aACU,MAAM,EAAE,SAAS,EACf,MAAM,EAAE,OAAO,EAClC,cAAc,CAAC,EAAE,eAAe,EAChC,SAAS,CAAC,EAAE,MAAM;IAmBpB;;;;;OAKG;IACH,cAAc,CAAC,IAAI,EAAE,UAAU,GAAG,WAAW,GAAG,IAAI;IAQpD;;;;;OAKG;IACH,qBAAqB,IAAI,IAAI;IAI7B;;;;OAIG;IACG,sBAAsB,CAAC,iBAAiB,GAAE,OAAe,GAAG,OAAO,CAAC,IAAI,CAAC;IAgB/E;;OAEG;IACH,cAAc,IAAI,WAAW,GAAG,UAAU;IAI1C;;;;OAIG;IACH,YAAY,CAAC,SAAS,EAAE,MAAM,GAAG,IAAI;IASrC;;OAEG;IACH,YAAY,IAAI,MAAM,GAAG,IAAI;IAI7B;;;OAGG;IACG,iBAAiB,CAAC,OAAO,EAAE,eAAe,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;IAcvE;;OAEG;IACH,iBAAiB,IAAI,eAAe,GAAG,IAAI;IAI3C;;OAEG;IACG,gBAAgB,IAAI,OAAO,CAAC,IAAI,CAAC;IAyBvC;;;OAGG;IACG,gBAAgB,IAAI,OAAO,CAAC,IAAI,CAAC;IAyBvC;;;;OAIG;IACH,eAAe,IAAI,YAAY,GAAG,IAAI;IAYtC;;;;OAIG;IACH,eAAe,CAAC,KAAK,EAAE,YAAY,GAAG,IAAI;IAY1C;;OAEG;IACG,iBAAiB,IAAI,OAAO,CAAC,IAAI,CAAC;IAkBxC,SAAS,IAAI,SAAS;IAItB,KAAK,IAAI,IAAI;IAYP,UAAU,IAAI,OAAO,CAAC,MAAM,CAAC;IAI7B,cAAc,IAAI,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAevD;;;;;;;;OAQG;IACH,QAAQ,CAAC,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IAE3B,cAAc,CAAC,OAAO,EAAE,kBAAkB,GAAG,OAAO,CAAC,aAAa,CAAC;IAsNzE,SAAS,CAAC,QAAQ,CAAC,wBAAwB,IAAI,MAAM;IAErD;;;OAGG;cACa,cAAc,CAC5B,GAAG,EAAE,MAAM,EACX,UAAU,GAAE,MAAgC,EAC5C,UAAU,GAAE,MAAgC,GAC3C,OAAO,CAAC,MAAM,CAAC;IAoLlB;;OAEG;IACH,SAAS,CAAC,YAAY,IAAI,MAAM,GAAG,IAAI;IAIvC;;OAEG;IACH,SAAS,CAAC,YAAY,CAAC,KAAK,EAAE,MAAM,GAAG,IAAI,GAAG,IAAI;IAIlD;;OAEG;IACH,SAAS,CAAC,UAAU,IAAI,MAAM,GAAG,IAAI;IAIrC,OAAO,CAAC,yBAAyB;IAuDjC,OAAO,CAAC,gBAAgB;YAqBV,oBAAoB;IAwBlC,OAAO,CAAC,eAAe;CAyBxB;AAGD,OAAO,EAAE,sBAAsB,EAAE,CAAC"}

package/dist/connection/AbstractAbapConnection.js

@@ -38,6 +38,7 @@ const axios_1 = __importStar(require("axios"));
 const https_1 = require("https");
 const crypto_1 = require("crypto");
 const timeouts_js_1 = require("../utils/timeouts.js");
+const csrfConfig_js_1 = require("./csrfConfig.js");
 class AbstractAbapConnection {
     config;
     logger;
@@ -464,15 +465,19 @@ class AbstractAbapConnection {
      * Fetch CSRF token from SAP system
      * Protected method for use by concrete implementations in their connect() method
      */
-    async fetchCsrfToken(url, retryCount = 3, retryDelay = 1000) {
+    async fetchCsrfToken(url, retryCount = csrfConfig_js_1.CSRF_CONFIG.RETRY_COUNT, retryDelay = csrfConfig_js_1.CSRF_CONFIG.RETRY_DELAY) {
         let csrfUrl = url;
+        // Build CSRF endpoint URL from base URL
         if (!url.includes("/sap/bc/adt/")) {
-            csrfUrl = url.endsWith("/") ? `${url}sap/bc/adt/discovery` : `${url}/sap/bc/adt/discovery`;
+            // If URL doesn't contain ADT path, append endpoint
+            csrfUrl = url.endsWith("/") ? `${url}${csrfConfig_js_1.CSRF_CONFIG.ENDPOINT.slice(1)}` : `${url}${csrfConfig_js_1.CSRF_CONFIG.ENDPOINT}`;
         }
-        else if (!url.includes("/sap/bc/adt/discovery")) {
+        else if (!url.includes(csrfConfig_js_1.CSRF_CONFIG.ENDPOINT)) {
+            // If URL contains ADT path but not our endpoint, extract base and append endpoint
             const base = url.split("/sap/bc/adt")[0];
-            csrfUrl = `${base}/sap/bc/adt/discovery`;
+            csrfUrl = `${base}${csrfConfig_js_1.CSRF_CONFIG.ENDPOINT}`;
         }
+        // If URL already contains the endpoint, use it as is
         if (this.logger.csrfToken) {
             this.logger.csrfToken("fetch", `Fetching CSRF token from: ${csrfUrl}`);
         }
@@ -484,8 +489,7 @@ class AbstractAbapConnection {
                 const authHeaders = await this.getAuthHeaders();
                 const headers = {
                     ...authHeaders,
-                    "x-csrf-token": "fetch",
-                    Accept: "application/atomsvc+xml"
+                    ...csrfConfig_js_1.CSRF_CONFIG.REQUIRED_HEADERS
                 };
                 // Always add cookies if available - they are needed for session continuity
                 // Even on first attempt, if we have cookies from previous session or error response, use them
@@ -517,7 +521,7 @@ class AbstractAbapConnection {
                         await new Promise((resolve) => setTimeout(resolve, retryDelay));
                         continue;
                     }
-                    throw new Error("No CSRF token in response headers");
+                    throw new Error(csrfConfig_js_1.CSRF_ERROR_MESSAGES.NOT_IN_HEADERS);
                 }
                 if (response.headers["set-cookie"]) {
                     this.updateCookiesFromResponse(response.headers);
@@ -606,7 +610,7 @@ class AbstractAbapConnection {
                     // Re-throw the original AxiosError to preserve response information
                     throw error;
                 }
-                throw new Error(`Failed to fetch CSRF token after ${retryCount + 1} attempts: ${error instanceof Error ? error.message : String(error)}`);
+                throw new Error(csrfConfig_js_1.CSRF_ERROR_MESSAGES.FETCH_FAILED(retryCount + 1, error instanceof Error ? error.message : String(error)));
             }
         }
         throw new Error("CSRF token fetch failed unexpectedly");
@@ -699,7 +703,7 @@ class AbstractAbapConnection {
         catch (error) {
             // fetchCsrfToken already handles auth errors and auto-refresh
             // Just re-throw the error with minimal logging to avoid duplicate error messages
-            const errorMsg = error instanceof Error ? error.message : "CSRF token is required for POST/PUT requests but could not be fetched";
+            const errorMsg = error instanceof Error ? error.message : csrfConfig_js_1.CSRF_ERROR_MESSAGES.REQUIRED_FOR_MUTATION;
             // Only log at DEBUG level to avoid duplicate error messages
             // (fetchCsrfToken already logged the error at ERROR level if auth failed)
             this.logger.debug(`[DEBUG] BaseAbapConnection - ensureFreshCsrfToken failed: ${errorMsg}`);

package/dist/connection/csrfConfig.d.ts

@@ -0,0 +1,40 @@
+/**
+ * CSRF Token Configuration
+ *
+ * Centralized constants for CSRF token fetching to ensure consistency
+ * across different connection implementations.
+ */
+export declare const CSRF_CONFIG: {
+    /**
+     * Number of retry attempts for CSRF token fetch
+     * Default: 3 attempts (total of 4 requests: initial + 3 retries)
+     */
+    readonly RETRY_COUNT: 3;
+    /**
+     * Delay between retry attempts (milliseconds)
+     * Default: 1000ms (1 second)
+     */
+    readonly RETRY_DELAY: 1000;
+    /**
+     * CSRF token endpoint path
+     * Standard SAP ADT core discovery endpoint (available on all systems, returns smaller response)
+     */
+    readonly ENDPOINT: "/sap/bc/adt/core/discovery";
+    /**
+     * Required headers for CSRF token fetch
+     */
+    readonly REQUIRED_HEADERS: {
+        readonly 'x-csrf-token': "fetch";
+        readonly Accept: "application/atomsvc+xml";
+    };
+};
+/**
+ * CSRF token error messages
+ * Standardized error messages for consistent error reporting
+ */
+export declare const CSRF_ERROR_MESSAGES: {
+    readonly FETCH_FAILED: (attempts: number, cause: string) => string;
+    readonly NOT_IN_HEADERS: "No CSRF token in response headers";
+    readonly REQUIRED_FOR_MUTATION: "CSRF token is required for POST/PUT requests but could not be fetched";
+};
+//# sourceMappingURL=csrfConfig.d.ts.map

package/dist/connection/csrfConfig.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"csrfConfig.d.ts","sourceRoot":"","sources":["../../src/connection/csrfConfig.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,eAAO,MAAM,WAAW;IACtB;;;OAGG;;IAGH;;;OAGG;;IAGH;;;OAGG;;IAGH;;OAEG;;;;;CAKK,CAAC;AAEX;;;GAGG;AACH,eAAO,MAAM,mBAAmB;sCACL,MAAM,SAAS,MAAM;;;CAMtC,CAAC"}

package/dist/connection/csrfConfig.js

@@ -0,0 +1,42 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CSRF_ERROR_MESSAGES = exports.CSRF_CONFIG = void 0;
+/**
+ * CSRF Token Configuration
+ *
+ * Centralized constants for CSRF token fetching to ensure consistency
+ * across different connection implementations.
+ */
+exports.CSRF_CONFIG = {
+    /**
+     * Number of retry attempts for CSRF token fetch
+     * Default: 3 attempts (total of 4 requests: initial + 3 retries)
+     */
+    RETRY_COUNT: 3,
+    /**
+     * Delay between retry attempts (milliseconds)
+     * Default: 1000ms (1 second)
+     */
+    RETRY_DELAY: 1000,
+    /**
+     * CSRF token endpoint path
+     * Standard SAP ADT core discovery endpoint (available on all systems, returns smaller response)
+     */
+    ENDPOINT: '/sap/bc/adt/core/discovery',
+    /**
+     * Required headers for CSRF token fetch
+     */
+    REQUIRED_HEADERS: {
+        'x-csrf-token': 'fetch',
+        'Accept': 'application/atomsvc+xml'
+    }
+};
+/**
+ * CSRF token error messages
+ * Standardized error messages for consistent error reporting
+ */
+exports.CSRF_ERROR_MESSAGES = {
+    FETCH_FAILED: (attempts, cause) => `Failed to fetch CSRF token after ${attempts} attempts: ${cause}`,
+    NOT_IN_HEADERS: 'No CSRF token in response headers',
+    REQUIRED_FOR_MUTATION: 'CSRF token is required for POST/PUT requests but could not be fetched'
+};

package/dist/index.d.ts

@@ -10,4 +10,5 @@ export { JwtAbapConnection as CloudAbapConnection } from "./connection/JwtAbapCo
 export { createAbapConnection } from "./connection/connectionFactory.js";
 export { sapConfigSignature } from "./config/sapConfig.js";
 export { getTimeout, getTimeoutConfig, type TimeoutConfig } from "./utils/timeouts.js";
+export { CSRF_CONFIG, CSRF_ERROR_MESSAGES } from "./connection/csrfConfig.js";
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,YAAY,EACV,SAAS,EACT,WAAW,GACZ,MAAM,uBAAuB,CAAC;AAC/B,YAAY,EAAE,kBAAkB,EAAE,MAAM,gCAAgC,CAAC;AAGzE,OAAO,EAAE,KAAK,cAAc,EAAE,MAAM,gCAAgC,CAAC;AACrE,YAAY,EAAE,OAAO,EAAE,YAAY,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAG1E,OAAO,EAAE,kBAAkB,EAAE,KAAK,yBAAyB,EAAE,MAAM,+BAA+B,CAAC;AAGnG,OAAO,EAAE,kBAAkB,EAAE,MAAM,oCAAoC,CAAC;AACxE,OAAO,EAAE,iBAAiB,EAAE,MAAM,mCAAmC,CAAC;AAGtE,OAAO,EAAE,kBAAkB,IAAI,oBAAoB,EAAE,MAAM,oCAAoC,CAAC;AAChG,OAAO,EAAE,iBAAiB,IAAI,mBAAmB,EAAE,MAAM,mCAAmC,CAAC;AAG7F,OAAO,EAAE,oBAAoB,EAAE,MAAM,mCAAmC,CAAC;AAGzE,OAAO,EAAE,kBAAkB,EAAE,MAAM,uBAAuB,CAAC;AAG3D,OAAO,EAAE,UAAU,EAAE,gBAAgB,EAAE,KAAK,aAAa,EAAE,MAAM,qBAAqB,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AACA,YAAY,EACV,SAAS,EACT,WAAW,GACZ,MAAM,uBAAuB,CAAC;AAC/B,YAAY,EAAE,kBAAkB,EAAE,MAAM,gCAAgC,CAAC;AAGzE,OAAO,EAAE,KAAK,cAAc,EAAE,MAAM,gCAAgC,CAAC;AACrE,YAAY,EAAE,OAAO,EAAE,YAAY,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAG1E,OAAO,EAAE,kBAAkB,EAAE,KAAK,yBAAyB,EAAE,MAAM,+BAA+B,CAAC;AAGnG,OAAO,EAAE,kBAAkB,EAAE,MAAM,oCAAoC,CAAC;AACxE,OAAO,EAAE,iBAAiB,EAAE,MAAM,mCAAmC,CAAC;AAGtE,OAAO,EAAE,kBAAkB,IAAI,oBAAoB,EAAE,MAAM,oCAAoC,CAAC;AAChG,OAAO,EAAE,iBAAiB,IAAI,mBAAmB,EAAE,MAAM,mCAAmC,CAAC;AAG7F,OAAO,EAAE,oBAAoB,EAAE,MAAM,mCAAmC,CAAC;AAGzE,OAAO,EAAE,kBAAkB,EAAE,MAAM,uBAAuB,CAAC;AAG3D,OAAO,EAAE,UAAU,EAAE,gBAAgB,EAAE,KAAK,aAAa,EAAE,MAAM,qBAAqB,CAAC;AAGvF,OAAO,EAAE,WAAW,EAAE,mBAAmB,EAAE,MAAM,4BAA4B,CAAC"}

package/dist/index.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getTimeoutConfig = exports.getTimeout = exports.sapConfigSignature = exports.createAbapConnection = exports.CloudAbapConnection = exports.OnPremAbapConnection = exports.JwtAbapConnection = exports.BaseAbapConnection = exports.FileSessionStorage = void 0;
+exports.CSRF_ERROR_MESSAGES = exports.CSRF_CONFIG = exports.getTimeoutConfig = exports.getTimeout = exports.sapConfigSignature = exports.createAbapConnection = exports.CloudAbapConnection = exports.OnPremAbapConnection = exports.JwtAbapConnection = exports.BaseAbapConnection = exports.FileSessionStorage = void 0;
 // Session storage implementations
 var FileSessionStorage_js_1 = require("./utils/FileSessionStorage.js");
 Object.defineProperty(exports, "FileSessionStorage", { enumerable: true, get: function () { return FileSessionStorage_js_1.FileSessionStorage; } });
@@ -24,3 +24,7 @@ Object.defineProperty(exports, "sapConfigSignature", { enumerable: true, get: fu
 var timeouts_js_1 = require("./utils/timeouts.js");
 Object.defineProperty(exports, "getTimeout", { enumerable: true, get: function () { return timeouts_js_1.getTimeout; } });
 Object.defineProperty(exports, "getTimeoutConfig", { enumerable: true, get: function () { return timeouts_js_1.getTimeoutConfig; } });
+// CSRF configuration
+var csrfConfig_js_1 = require("./connection/csrfConfig.js");
+Object.defineProperty(exports, "CSRF_CONFIG", { enumerable: true, get: function () { return csrfConfig_js_1.CSRF_CONFIG; } });
+Object.defineProperty(exports, "CSRF_ERROR_MESSAGES", { enumerable: true, get: function () { return csrfConfig_js_1.CSRF_ERROR_MESSAGES; } });

package/dist/logger.d.ts

@@ -1,67 +1,4 @@
-/**
- * Logger interface for connection layer
- * Allows connection layer to be independent of specific logger implementation
- */
-export interface ILogger {
-    /**
-     * Log informational message
-     */
-    info(message: string, meta?: any): void;
-    /**
-     * Log error message
-     */
-    error(message: string, meta?: any): void;
-    /**
-     * Log warning message
-     */
-    warn(message: string, meta?: any): void;
-    /**
-     * Log debug message
-     */
-    debug(message: string, meta?: any): void;
-    /**
-     * Log CSRF token operations
-     * @param action - Type of CSRF operation: "fetch", "retry", "success", or "error"
-     * @param message - Log message
-     * @param meta - Additional metadata
-     */
-    csrfToken?(action: "fetch" | "retry" | "success" | "error", message: string, meta?: any): void;
-    /**
-     * Log TLS configuration
-     * @param rejectUnauthorized - Whether TLS certificate validation is enabled
-     */
-    tlsConfig?(rejectUnauthorized: boolean): void;
-}
-/**
- * Session state interface for stateful connections
- * Contains cookies and CSRF token that need to be preserved across requests
- */
-export interface SessionState {
-    cookies: string | null;
-    csrfToken: string | null;
-    cookieStore: Record<string, string>;
-}
-/**
- * Interface for storing and retrieving session state
- * Allows connection layer to persist session state (cookies, CSRF token) externally
- */
-export interface ISessionStorage {
-    /**
-     * Save session state for a given session ID
-     * @param sessionId - Unique session identifier
-     * @param state - Session state to save
-     */
-    save(sessionId: string, state: SessionState): Promise<void>;
-    /**
-     * Load session state for a given session ID
-     * @param sessionId - Unique session identifier
-     * @returns Session state or null if not found
-     */
-    load(sessionId: string): Promise<SessionState | null>;
-    /**
-     * Delete session state for a given session ID
-     * @param sessionId - Unique session identifier
-     */
-    delete(sessionId: string): Promise<void>;
-}
+import type { ILogger, ISessionStorage, ISessionState } from '@mcp-abap-adt/interfaces';
+export type { ILogger, ISessionStorage };
+export type SessionState = ISessionState;
 //# sourceMappingURL=logger.d.ts.map

package/dist/logger.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"logger.d.ts","sourceRoot":"","sources":["../src/logger.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,MAAM,WAAW,OAAO;IACtB;;OAEG;IACH,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,GAAG,GAAG,IAAI,CAAC;IAExC;;OAEG;IACH,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,GAAG,GAAG,IAAI,CAAC;IAEzC;;OAEG;IACH,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,GAAG,GAAG,IAAI,CAAC;IAExC;;OAEG;IACH,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,GAAG,GAAG,IAAI,CAAC;IAEzC;;;;;OAKG;IACH,SAAS,CAAC,CACR,MAAM,EAAE,OAAO,GAAG,OAAO,GAAG,SAAS,GAAG,OAAO,EAC/C,OAAO,EAAE,MAAM,EACf,IAAI,CAAC,EAAE,GAAG,GACT,IAAI,CAAC;IAER;;;OAGG;IACH,SAAS,CAAC,CAAC,kBAAkB,EAAE,OAAO,GAAG,IAAI,CAAC;CAC/C;AAED;;;GAGG;AACH,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IACvB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;CACrC;AAED;;;GAGG;AACH,MAAM,WAAW,eAAe;IAC9B;;;;OAIG;IACH,IAAI,CAAC,SAAS,EAAE,MAAM,EAAE,KAAK,EAAE,YAAY,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE5D;;;;OAIG;IACH,IAAI,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC,CAAC;IAEtD;;;OAGG;IACH,MAAM,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAC1C"}
+{"version":3,"file":"logger.d.ts","sourceRoot":"","sources":["../src/logger.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,OAAO,EAAE,eAAe,EAAE,aAAa,EAAE,MAAM,0BAA0B,CAAC;AAGxF,YAAY,EAAE,OAAO,EAAE,eAAe,EAAE,CAAC;AACzC,MAAM,MAAM,YAAY,GAAG,aAAa,CAAC"}

package/dist/utils/timeouts.d.ts

@@ -1,8 +1,5 @@
-export interface TimeoutConfig {
-    default: number;
-    csrf: number;
-    long: number;
-}
-export declare function getTimeoutConfig(): TimeoutConfig;
+import type { ITimeoutConfig } from '@mcp-abap-adt/interfaces';
+export type TimeoutConfig = ITimeoutConfig;
+export declare function getTimeoutConfig(): ITimeoutConfig;
 export declare function getTimeout(type?: "default" | "csrf" | "long" | number): number;
 //# sourceMappingURL=timeouts.d.ts.map

package/dist/utils/timeouts.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"timeouts.d.ts","sourceRoot":"","sources":["../../src/utils/timeouts.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;CACd;AAED,wBAAgB,gBAAgB,IAAI,aAAa,CAUhD;AAED,wBAAgB,UAAU,CAAC,IAAI,GAAE,SAAS,GAAG,MAAM,GAAG,MAAM,GAAG,MAAkB,GAAG,MAAM,CAOzF"}
+{"version":3,"file":"timeouts.d.ts","sourceRoot":"","sources":["../../src/utils/timeouts.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAG/D,MAAM,MAAM,aAAa,GAAG,cAAc,CAAC;AAE3C,wBAAgB,gBAAgB,IAAI,cAAc,CAUjD;AAED,wBAAgB,UAAU,CAAC,IAAI,GAAE,SAAS,GAAG,MAAM,GAAG,MAAM,GAAG,MAAkB,GAAG,MAAM,CAOzF"}

package/dist/utils/tokenRefresh.d.ts

@@ -1,10 +1,8 @@
 /**
  * Token refresh utilities for JWT authentication
  */
-export interface TokenRefreshResult {
-    accessToken: string;
-    refreshToken?: string;
-}
+import type { ITokenRefreshResult } from '@mcp-abap-adt/interfaces';
+export type TokenRefreshResult = ITokenRefreshResult;
 /**
  * Refreshes the access token using refresh token
  * @param refreshToken Refresh token
@@ -13,5 +11,5 @@ export interface TokenRefreshResult {
  * @param clientSecret UAA client secret
  * @returns Promise that resolves to new tokens
  */
-export declare function refreshJwtToken(refreshToken: string, uaaUrl: string, clientId: string, clientSecret: string): Promise<TokenRefreshResult>;
+export declare function refreshJwtToken(refreshToken: string, uaaUrl: string, clientId: string, clientSecret: string): Promise<ITokenRefreshResult>;
 //# sourceMappingURL=tokenRefresh.d.ts.map

package/dist/utils/tokenRefresh.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"tokenRefresh.d.ts","sourceRoot":"","sources":["../../src/utils/tokenRefresh.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,MAAM,WAAW,kBAAkB;IACjC,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,CAAC,EAAE,MAAM,CAAC;CACvB;AAED;;;;;;;GAOG;AACH,wBAAsB,eAAe,CACnC,YAAY,EAAE,MAAM,EACpB,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC,kBAAkB,CAAC,CAqC7B"}
+{"version":3,"file":"tokenRefresh.d.ts","sourceRoot":"","sources":["../../src/utils/tokenRefresh.ts"],"names":[],"mappings":"AAAA;;GAEG;AAGH,OAAO,KAAK,EAAE,mBAAmB,EAAE,MAAM,0BAA0B,CAAC;AAGpE,MAAM,MAAM,kBAAkB,GAAG,mBAAmB,CAAC;AAErD;;;;;;;GAOG;AACH,wBAAsB,eAAe,CACnC,YAAY,EAAE,MAAM,EACpB,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC,mBAAmB,CAAC,CAqC9B"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mcp-abap-adt/connection",
-  "version": "0.1.12",
+  "version": "0.1.14",
   "description": "ABAP connection layer for MCP ABAP ADT server",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -43,6 +43,7 @@
     "node": ">=18.0.0"
   },
   "dependencies": {
+    "@mcp-abap-adt/interfaces": "^0.1.0",
     "axios": "^1.11.0",
     "commander": "^14.0.2",
     "express": "^5.1.0",