@mcp-consultant-tools/powerplatform 32.0.0-beta.4 → 33.0.0

package/build/auth/index.js

@@ -1,39 +0,0 @@
-/**
- * Authentication module for PowerPlatform MCP Server
- *
- * Supports two authentication modes:
- * 1. Service Principal (ConfidentialClientApplication) - when client_secret is provided
- * 2. Interactive User Auth (PublicClientApplication) - when no client_secret is provided
- */
-import { ServicePrincipalAuth } from './service-principal-auth.js';
-import { InteractiveAuth } from './interactive-auth.js';
-/**
- * Create an appropriate auth provider based on configuration
- *
- * If clientSecret is provided → ServicePrincipalAuth (existing behavior)
- * If no clientSecret → InteractiveAuth (browser-based SSO)
- *
- * @param config - PowerPlatform authentication configuration
- * @returns Auth provider instance
- */
-export function createAuthProvider(config) {
-    if (config.clientSecret) {
-        // Service Principal mode (existing behavior)
-        return new ServicePrincipalAuth({
-            organizationUrl: config.organizationUrl,
-            clientId: config.clientId,
-            clientSecret: config.clientSecret,
-            tenantId: config.tenantId,
-        });
-    }
-    // Interactive User Auth mode (new behavior)
-    return new InteractiveAuth({
-        organizationUrl: config.organizationUrl,
-        clientId: config.clientId,
-        tenantId: config.tenantId,
-    });
-}
-export { ServicePrincipalAuth } from './service-principal-auth.js';
-export { InteractiveAuth } from './interactive-auth.js';
-export { TokenCache } from './token-cache.js';
-//# sourceMappingURL=index.js.map

package/build/auth/index.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/auth/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AA8CxD;;;;;;;;GAQG;AACH,MAAM,UAAU,kBAAkB,CAAC,MAA+B;IAChE,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;QACxB,6CAA6C;QAC7C,OAAO,IAAI,oBAAoB,CAAC;YAC9B,eAAe,EAAE,MAAM,CAAC,eAAe;YACvC,QAAQ,EAAE,MAAM,CAAC,QAAQ;YACzB,YAAY,EAAE,MAAM,CAAC,YAAY;YACjC,QAAQ,EAAE,MAAM,CAAC,QAAQ;SAC1B,CAAC,CAAC;IACL,CAAC;IAED,4CAA4C;IAC5C,OAAO,IAAI,eAAe,CAAC;QACzB,eAAe,EAAE,MAAM,CAAC,eAAe;QACvC,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,QAAQ,EAAE,MAAM,CAAC,QAAQ;KAC1B,CAAC,CAAC;AACL,CAAC;AAED,OAAO,EAAE,oBAAoB,EAAE,MAAM,6BAA6B,CAAC;AACnE,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AACxD,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC"}

package/build/auth/interactive-auth.d.ts

@@ -1,60 +0,0 @@
-/**
- * Interactive Authentication Provider
- *
- * Uses PublicClientApplication (authorization code flow with PKCE)
- * for browser-based SSO authentication.
- *
- * Flow:
- * 1. Try silent auth using cached tokens
- * 2. If no cached token or token expired, open browser for login
- * 3. User authenticates via Microsoft Entra ID (SSO if already signed in)
- * 4. Receive authorization code via localhost redirect
- * 5. Exchange code for tokens
- * 6. Cache tokens for future use
- */
-import type { AuthProvider } from './index.js';
-export interface InteractiveAuthConfig {
-    organizationUrl: string;
-    clientId: string;
-    tenantId: string;
-}
-export declare class InteractiveAuth implements AuthProvider {
-    private config;
-    private pca;
-    private tokenCache;
-    private cachedAccount;
-    constructor(config: InteractiveAuthConfig);
-    getAuthMode(): 'service-principal' | 'interactive';
-    getAccessToken(resource: string): Promise<string>;
-    getUserInfo(): Promise<{
-        name: string;
-        email: string;
-        oid: string;
-    } | null>;
-    clearCache(): Promise<void>;
-    /**
-     * Acquire token via browser-based interactive flow
-     */
-    private acquireTokenInteractive;
-    /**
-     * Find an available port for the callback server
-     */
-    private findFreePort;
-    /**
-     * HTML page shown after successful authentication
-     */
-    private getSuccessHtml;
-    /**
-     * HTML page shown when authentication fails
-     */
-    private getErrorHtml;
-    /**
-     * HTML page shown while waiting for callback
-     */
-    private getWaitingHtml;
-    /**
-     * Escape HTML to prevent XSS
-     */
-    private escapeHtml;
-}
-//# sourceMappingURL=interactive-auth.d.ts.map

package/build/auth/interactive-auth.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"interactive-auth.d.ts","sourceRoot":"","sources":["../../src/auth/interactive-auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAUH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAG/C,MAAM,WAAW,qBAAqB;IACpC,eAAe,EAAE,MAAM,CAAC;IACxB,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,qBAAa,eAAgB,YAAW,YAAY;IAClD,OAAO,CAAC,MAAM,CAAwB;IACtC,OAAO,CAAC,GAAG,CAA0B;IACrC,OAAO,CAAC,UAAU,CAAa;IAC/B,OAAO,CAAC,aAAa,CAA4B;gBAErC,MAAM,EAAE,qBAAqB;IAezC,WAAW,IAAI,mBAAmB,GAAG,aAAa;IAI5C,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAyBjD,WAAW,IAAI,OAAO,CAAC;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAC;QAAC,GAAG,EAAE,MAAM,CAAA;KAAE,GAAG,IAAI,CAAC;IAiB3E,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAKjC;;OAEG;YACW,uBAAuB;IA2GrC;;OAEG;YACW,YAAY;IAgB1B;;OAEG;IACH,OAAO,CAAC,cAAc;IAiFtB;;OAEG;IACH,OAAO,CAAC,YAAY;IA0EpB;;OAEG;IACH,OAAO,CAAC,cAAc;IAyDtB;;OAEG;IACH,OAAO,CAAC,UAAU;CAUnB"}

package/build/auth/interactive-auth.js

@@ -1,429 +0,0 @@
-/**
- * Interactive Authentication Provider
- *
- * Uses PublicClientApplication (authorization code flow with PKCE)
- * for browser-based SSO authentication.
- *
- * Flow:
- * 1. Try silent auth using cached tokens
- * 2. If no cached token or token expired, open browser for login
- * 3. User authenticates via Microsoft Entra ID (SSO if already signed in)
- * 4. Receive authorization code via localhost redirect
- * 5. Exchange code for tokens
- * 6. Cache tokens for future use
- */
-import { PublicClientApplication, InteractionRequiredAuthError, } from '@azure/msal-node';
-import http from 'node:http';
-import open from 'open';
-import { TokenCache } from './token-cache.js';
-export class InteractiveAuth {
-    config;
-    pca;
-    tokenCache;
-    cachedAccount = null;
-    constructor(config) {
-        this.config = config;
-        this.tokenCache = new TokenCache(config.clientId);
-        this.pca = new PublicClientApplication({
-            auth: {
-                clientId: config.clientId,
-                authority: `https://login.microsoftonline.com/${config.tenantId}`,
-            },
-            cache: {
-                cachePlugin: this.tokenCache.createPlugin(),
-            },
-        });
-    }
-    getAuthMode() {
-        return 'interactive';
-    }
-    async getAccessToken(resource) {
-        // Try silent auth first (uses cached tokens)
-        const accounts = await this.pca.getTokenCache().getAllAccounts();
-        if (accounts.length > 0) {
-            try {
-                const result = await this.pca.acquireTokenSilent({
-                    account: accounts[0],
-                    scopes: [`${resource}/.default`],
-                });
-                this.cachedAccount = accounts[0];
-                return result.accessToken;
-            }
-            catch (error) {
-                if (!(error instanceof InteractionRequiredAuthError)) {
-                    throw error;
-                }
-                // Token expired or revoked, need interactive auth
-                console.error('Cached token expired, re-authenticating...');
-            }
-        }
-        // Interactive auth required
-        return this.acquireTokenInteractive(resource);
-    }
-    async getUserInfo() {
-        if (!this.cachedAccount) {
-            const accounts = await this.pca.getTokenCache().getAllAccounts();
-            this.cachedAccount = accounts[0] || null;
-        }
-        if (!this.cachedAccount) {
-            return null;
-        }
-        return {
-            name: this.cachedAccount.name || 'Unknown',
-            email: this.cachedAccount.username || 'Unknown',
-            oid: this.cachedAccount.localAccountId || '',
-        };
-    }
-    async clearCache() {
-        this.tokenCache.clear();
-        this.cachedAccount = null;
-    }
-    /**
-     * Acquire token via browser-based interactive flow
-     */
-    async acquireTokenInteractive(resource) {
-        const port = await this.findFreePort();
-        const redirectUri = `http://localhost:${port}`;
-        return new Promise((resolve, reject) => {
-            let serverClosed = false;
-            const server = http.createServer(async (req, res) => {
-                if (serverClosed)
-                    return;
-                try {
-                    const url = new URL(req.url, `http://localhost:${port}`);
-                    if (url.pathname === '/') {
-                        const code = url.searchParams.get('code');
-                        const error = url.searchParams.get('error');
-                        const errorDescription = url.searchParams.get('error_description');
-                        if (error) {
-                            res.writeHead(400, { 'Content-Type': 'text/html; charset=utf-8' });
-                            res.end(this.getErrorHtml(error, errorDescription || 'Unknown error'));
-                            serverClosed = true;
-                            server.close();
-                            reject(new Error(`Authentication failed: ${error} - ${errorDescription}`));
-                            return;
-                        }
-                        if (code) {
-                            try {
-                                const result = await this.pca.acquireTokenByCode({
-                                    code,
-                                    scopes: [`${resource}/.default`, 'offline_access'],
-                                    redirectUri,
-                                });
-                                this.cachedAccount = result.account;
-                                res.writeHead(200, { 'Content-Type': 'text/html; charset=utf-8' });
-                                res.end(this.getSuccessHtml(result));
-                                serverClosed = true;
-                                server.close();
-                                resolve(result.accessToken);
-                            }
-                            catch (err) {
-                                res.writeHead(500, { 'Content-Type': 'text/html; charset=utf-8' });
-                                res.end(this.getErrorHtml('token_exchange_failed', err.message));
-                                serverClosed = true;
-                                server.close();
-                                reject(err);
-                            }
-                            return;
-                        }
-                        // No code or error, show waiting page
-                        res.writeHead(200, { 'Content-Type': 'text/html; charset=utf-8' });
-                        res.end(this.getWaitingHtml());
-                    }
-                }
-                catch (err) {
-                    console.error('Error handling callback:', err);
-                    if (!serverClosed) {
-                        serverClosed = true;
-                        server.close();
-                        reject(err);
-                    }
-                }
-            });
-            server.on('error', (err) => {
-                reject(new Error(`Failed to start callback server: ${err.message}`));
-            });
-            server.listen(port, async () => {
-                try {
-                    const authUrl = await this.pca.getAuthCodeUrl({
-                        scopes: [`${resource}/.default`, 'offline_access', 'openid'],
-                        redirectUri,
-                    });
-                    console.error('');
-                    console.error('🔐 Authentication required');
-                    console.error('   Opening browser for sign-in...');
-                    console.error(`   If browser doesn't open, visit: ${authUrl.substring(0, 80)}...`);
-                    console.error('');
-                    await open(authUrl);
-                }
-                catch (err) {
-                    serverClosed = true;
-                    server.close();
-                    reject(err);
-                }
-            });
-            // Timeout after 5 minutes
-            const timeout = setTimeout(() => {
-                if (!serverClosed) {
-                    serverClosed = true;
-                    server.close();
-                    reject(new Error('Authentication timed out after 5 minutes'));
-                }
-            }, 5 * 60 * 1000);
-            server.on('close', () => {
-                clearTimeout(timeout);
-            });
-        });
-    }
-    /**
-     * Find an available port for the callback server
-     */
-    async findFreePort() {
-        return new Promise((resolve, reject) => {
-            const server = http.createServer();
-            server.on('error', reject);
-            server.listen(0, () => {
-                const address = server.address();
-                if (address && typeof address === 'object') {
-                    const port = address.port;
-                    server.close(() => resolve(port));
-                }
-                else {
-                    reject(new Error('Failed to get port'));
-                }
-            });
-        });
-    }
-    /**
-     * HTML page shown after successful authentication
-     */
-    getSuccessHtml(result) {
-        const userName = result.account?.name || 'User';
-        return `<!DOCTYPE html>
-<html>
-<head>
-  <meta charset="utf-8">
-  <title>Authentication Successful</title>
-  <style>
-    body {
-      font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, sans-serif;
-      display: flex;
-      justify-content: center;
-      align-items: center;
-      min-height: 100vh;
-      margin: 0;
-      background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
-    }
-    .container {
-      background: white;
-      padding: 3rem;
-      border-radius: 16px;
-      box-shadow: 0 25px 50px -12px rgba(0, 0, 0, 0.25);
-      text-align: center;
-      max-width: 400px;
-    }
-    .checkmark {
-      width: 80px;
-      height: 80px;
-      border-radius: 50%;
-      background: #10b981;
-      display: flex;
-      justify-content: center;
-      align-items: center;
-      margin: 0 auto 1.5rem;
-    }
-    .checkmark svg {
-      width: 40px;
-      height: 40px;
-      fill: white;
-    }
-    h1 {
-      color: #1f2937;
-      margin: 0 0 0.5rem;
-      font-size: 1.5rem;
-    }
-    p {
-      color: #6b7280;
-      margin: 0.5rem 0;
-    }
-    .user {
-      color: #374151;
-      font-weight: 600;
-    }
-    .close-note {
-      margin-top: 1.5rem;
-      padding: 1rem;
-      background: #f3f4f6;
-      border-radius: 8px;
-      font-size: 0.875rem;
-    }
-  </style>
-</head>
-<body>
-  <div class="container">
-    <div class="checkmark">
-      <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24">
-        <path d="M9 16.17L4.83 12l-1.42 1.41L9 19 21 7l-1.41-1.41z"/>
-      </svg>
-    </div>
-    <h1>Authentication Successful</h1>
-    <p>Welcome, <span class="user">${this.escapeHtml(userName)}</span>!</p>
-    <p>You are now connected to PowerPlatform.</p>
-    <div class="close-note">
-      You can close this window and return to your application.
-    </div>
-  </div>
-  <script>setTimeout(() => window.close(), 3000);</script>
-</body>
-</html>`;
-    }
-    /**
-     * HTML page shown when authentication fails
-     */
-    getErrorHtml(error, description) {
-        return `<!DOCTYPE html>
-<html>
-<head>
-  <meta charset="utf-8">
-  <title>Authentication Failed</title>
-  <style>
-    body {
-      font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, sans-serif;
-      display: flex;
-      justify-content: center;
-      align-items: center;
-      min-height: 100vh;
-      margin: 0;
-      background: linear-gradient(135deg, #ef4444 0%, #dc2626 100%);
-    }
-    .container {
-      background: white;
-      padding: 3rem;
-      border-radius: 16px;
-      box-shadow: 0 25px 50px -12px rgba(0, 0, 0, 0.25);
-      text-align: center;
-      max-width: 500px;
-    }
-    .error-icon {
-      width: 80px;
-      height: 80px;
-      border-radius: 50%;
-      background: #ef4444;
-      display: flex;
-      justify-content: center;
-      align-items: center;
-      margin: 0 auto 1.5rem;
-    }
-    .error-icon svg {
-      width: 40px;
-      height: 40px;
-      fill: white;
-    }
-    h1 {
-      color: #1f2937;
-      margin: 0 0 1rem;
-      font-size: 1.5rem;
-    }
-    .error-code {
-      background: #fef2f2;
-      color: #991b1b;
-      padding: 0.5rem 1rem;
-      border-radius: 8px;
-      font-family: monospace;
-      margin-bottom: 1rem;
-    }
-    p {
-      color: #6b7280;
-      margin: 0.5rem 0;
-    }
-  </style>
-</head>
-<body>
-  <div class="container">
-    <div class="error-icon">
-      <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24">
-        <path d="M19 6.41L17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12z"/>
-      </svg>
-    </div>
-    <h1>Authentication Failed</h1>
-    <div class="error-code">${this.escapeHtml(error)}</div>
-    <p>${this.escapeHtml(description)}</p>
-    <p style="margin-top: 1.5rem;">Please close this window and try again.</p>
-  </div>
-</body>
-</html>`;
-    }
-    /**
-     * HTML page shown while waiting for callback
-     */
-    getWaitingHtml() {
-        return `<!DOCTYPE html>
-<html>
-<head>
-  <meta charset="utf-8">
-  <title>Authenticating...</title>
-  <style>
-    body {
-      font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, sans-serif;
-      display: flex;
-      justify-content: center;
-      align-items: center;
-      min-height: 100vh;
-      margin: 0;
-      background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
-    }
-    .container {
-      background: white;
-      padding: 3rem;
-      border-radius: 16px;
-      box-shadow: 0 25px 50px -12px rgba(0, 0, 0, 0.25);
-      text-align: center;
-    }
-    .spinner {
-      width: 60px;
-      height: 60px;
-      border: 4px solid #e5e7eb;
-      border-top: 4px solid #667eea;
-      border-radius: 50%;
-      animation: spin 1s linear infinite;
-      margin: 0 auto 1.5rem;
-    }
-    @keyframes spin {
-      0% { transform: rotate(0deg); }
-      100% { transform: rotate(360deg); }
-    }
-    h1 {
-      color: #1f2937;
-      margin: 0 0 0.5rem;
-      font-size: 1.5rem;
-    }
-    p {
-      color: #6b7280;
-      margin: 0;
-    }
-  </style>
-</head>
-<body>
-  <div class="container">
-    <div class="spinner"></div>
-    <h1>Authenticating...</h1>
-    <p>Please complete sign-in in the browser window.</p>
-  </div>
-</body>
-</html>`;
-    }
-    /**
-     * Escape HTML to prevent XSS
-     */
-    escapeHtml(text) {
-        const map = {
-            '&': '&amp;',
-            '<': '&lt;',
-            '>': '&gt;',
-            '"': '&quot;',
-            "'": '&#039;',
-        };
-        return text.replace(/[&<>"']/g, (m) => map[m]);
-    }
-}
-//# sourceMappingURL=interactive-auth.js.map

package/build/auth/interactive-auth.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"interactive-auth.js","sourceRoot":"","sources":["../../src/auth/interactive-auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAEH,OAAO,EACL,uBAAuB,EACvB,4BAA4B,GAG7B,MAAM,kBAAkB,CAAC;AAC1B,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,IAAI,MAAM,MAAM,CAAC;AAExB,OAAO,EAAE,UAAU,EAAE,MAAM,kBAAkB,CAAC;AAQ9C,MAAM,OAAO,eAAe;IAClB,MAAM,CAAwB;IAC9B,GAAG,CAA0B;IAC7B,UAAU,CAAa;IACvB,aAAa,GAAuB,IAAI,CAAC;IAEjD,YAAY,MAA6B;QACvC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,UAAU,GAAG,IAAI,UAAU,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QAElD,IAAI,CAAC,GAAG,GAAG,IAAI,uBAAuB,CAAC;YACrC,IAAI,EAAE;gBACJ,QAAQ,EAAE,MAAM,CAAC,QAAQ;gBACzB,SAAS,EAAE,qCAAqC,MAAM,CAAC,QAAQ,EAAE;aAClE;YACD,KAAK,EAAE;gBACL,WAAW,EAAE,IAAI,CAAC,UAAU,CAAC,YAAY,EAAE;aAC5C;SACF,CAAC,CAAC;IACL,CAAC;IAED,WAAW;QACT,OAAO,aAAa,CAAC;IACvB,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,QAAgB;QACnC,6CAA6C;QAC7C,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,aAAa,EAAE,CAAC,cAAc,EAAE,CAAC;QAEjE,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACxB,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,kBAAkB,CAAC;oBAC/C,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC;oBACpB,MAAM,EAAE,CAAC,GAAG,QAAQ,WAAW,CAAC;iBACjC,CAAC,CAAC;gBACH,IAAI,CAAC,aAAa,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;gBACjC,OAAO,MAAM,CAAC,WAAW,CAAC;YAC5B,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,IAAI,CAAC,CAAC,KAAK,YAAY,4BAA4B,CAAC,EAAE,CAAC;oBACrD,MAAM,KAAK,CAAC;gBACd,CAAC;gBACD,kDAAkD;gBAClD,OAAO,CAAC,KAAK,CAAC,4CAA4C,CAAC,CAAC;YAC9D,CAAC;QACH,CAAC;QAED,4BAA4B;QAC5B,OAAO,IAAI,CAAC,uBAAuB,CAAC,QAAQ,CAAC,CAAC;IAChD,CAAC;IAED,KAAK,CAAC,WAAW;QACf,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;YACxB,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,aAAa,EAAE,CAAC,cAAc,EAAE,CAAC;YACjE,IAAI,CAAC,aAAa,GAAG,QAAQ,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC;QAC3C,CAAC;QAED,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;YACxB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO;YACL,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,IAAI,IAAI,SAAS;YAC1C,KAAK,EAAE,IAAI,CAAC,aAAa,CAAC,QAAQ,IAAI,SAAS;YAC/C,GAAG,EAAE,IAAI,CAAC,aAAa,CAAC,cAAc,IAAI,EAAE;SAC7C,CAAC;IACJ,CAAC;IAED,KAAK,CAAC,UAAU;QACd,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;QACxB,IAAI,CAAC,aAAa,GAAG,IAAI,CAAC;IAC5B,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,uBAAuB,CAAC,QAAgB;QACpD,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;QACvC,MAAM,WAAW,GAAG,oBAAoB,IAAI,EAAE,CAAC;QAE/C,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,IAAI,YAAY,GAAG,KAAK,CAAC;YAEzB,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;gBAClD,IAAI,YAAY;oBAAE,OAAO;gBAEzB,IAAI,CAAC;oBACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAI,EAAE,oBAAoB,IAAI,EAAE,CAAC,CAAC;oBAE1D,IAAI,GAAG,CAAC,QAAQ,KAAK,GAAG,EAAE,CAAC;wBACzB,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;wBAC1C,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;wBAC5C,MAAM,gBAAgB,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;wBAEnE,IAAI,KAAK,EAAE,CAAC;4BACV,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,0BAA0B,EAAE,CAAC,CAAC;4BACnE,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,gBAAgB,IAAI,eAAe,CAAC,CAAC,CAAC;4BACvE,YAAY,GAAG,IAAI,CAAC;4BACpB,MAAM,CAAC,KAAK,EAAE,CAAC;4BACf,MAAM,CAAC,IAAI,KAAK,CAAC,0BAA0B,KAAK,MAAM,gBAAgB,EAAE,CAAC,CAAC,CAAC;4BAC3E,OAAO;wBACT,CAAC;wBAED,IAAI,IAAI,EAAE,CAAC;4BACT,IAAI,CAAC;gCACH,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,kBAAkB,CAAC;oCAC/C,IAAI;oCACJ,MAAM,EAAE,CAAC,GAAG,QAAQ,WAAW,EAAE,gBAAgB,CAAC;oCAClD,WAAW;iCACZ,CAAC,CAAC;gCAEH,IAAI,CAAC,aAAa,GAAG,MAAM,CAAC,OAAO,CAAC;gCAEpC,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,0BAA0B,EAAE,CAAC,CAAC;gCACnE,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,CAAC,CAAC;gCAErC,YAAY,GAAG,IAAI,CAAC;gCACpB,MAAM,CAAC,KAAK,EAAE,CAAC;gCACf,OAAO,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;4BAC9B,CAAC;4BAAC,OAAO,GAAG,EAAE,CAAC;gCACb,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,0BAA0B,EAAE,CAAC,CAAC;gCACnE,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,uBAAuB,EAAG,GAAa,CAAC,OAAO,CAAC,CAAC,CAAC;gCAC5E,YAAY,GAAG,IAAI,CAAC;gCACpB,MAAM,CAAC,KAAK,EAAE,CAAC;gCACf,MAAM,CAAC,GAAG,CAAC,CAAC;4BACd,CAAC;4BACD,OAAO;wBACT,CAAC;wBAED,sCAAsC;wBACtC,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,0BAA0B,EAAE,CAAC,CAAC;wBACnE,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,cAAc,EAAE,CAAC,CAAC;oBACjC,CAAC;gBACH,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,OAAO,CAAC,KAAK,CAAC,0BAA0B,EAAE,GAAG,CAAC,CAAC;oBAC/C,IAAI,CAAC,YAAY,EAAE,CAAC;wBAClB,YAAY,GAAG,IAAI,CAAC;wBACpB,MAAM,CAAC,KAAK,EAAE,CAAC;wBACf,MAAM,CAAC,GAAG,CAAC,CAAC;oBACd,CAAC;gBACH,CAAC;YACH,CAAC,CAAC,CAAC;YAEH,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;gBACzB,MAAM,CAAC,IAAI,KAAK,CAAC,oCAAoC,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;YACvE,CAAC,CAAC,CAAC;YAEH,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,KAAK,IAAI,EAAE;gBAC7B,IAAI,CAAC;oBACH,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,cAAc,CAAC;wBAC5C,MAAM,EAAE,CAAC,GAAG,QAAQ,WAAW,EAAE,gBAAgB,EAAE,QAAQ,CAAC;wBAC5D,WAAW;qBACZ,CAAC,CAAC;oBAEH,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;oBAClB,OAAO,CAAC,KAAK,CAAC,4BAA4B,CAAC,CAAC;oBAC5C,OAAO,CAAC,KAAK,CAAC,mCAAmC,CAAC,CAAC;oBACnD,OAAO,CAAC,KAAK,CAAC,sCAAsC,OAAO,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC;oBACnF,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;oBAElB,MAAM,IAAI,CAAC,OAAO,CAAC,CAAC;gBACtB,CAAC;gBAAC,OAAO,GAAG,EAAE,CAAC;oBACb,YAAY,GAAG,IAAI,CAAC;oBACpB,MAAM,CAAC,KAAK,EAAE,CAAC;oBACf,MAAM,CAAC,GAAG,CAAC,CAAC;gBACd,CAAC;YACH,CAAC,CAAC,CAAC;YAEH,0BAA0B;YAC1B,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,EAAE;gBAC9B,IAAI,CAAC,YAAY,EAAE,CAAC;oBAClB,YAAY,GAAG,IAAI,CAAC;oBACpB,MAAM,CAAC,KAAK,EAAE,CAAC;oBACf,MAAM,CAAC,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAC,CAAC;gBAChE,CAAC;YACH,CAAC,EAAE,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;YAElB,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;gBACtB,YAAY,CAAC,OAAO,CAAC,CAAC;YACxB,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,YAAY;QACxB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC;YACnC,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YAC3B,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,GAAG,EAAE;gBACpB,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,EAAE,CAAC;gBACjC,IAAI,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;oBAC3C,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;oBAC1B,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;gBACpC,CAAC;qBAAM,CAAC;oBACN,MAAM,CAAC,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC,CAAC;gBAC1C,CAAC;YACH,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACK,cAAc,CAAC,MAA4B;QACjD,MAAM,QAAQ,GAAG,MAAM,CAAC,OAAO,EAAE,IAAI,IAAI,MAAM,CAAC;QAChD,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;qCAoE0B,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC;;;;;;;;QAQtD,CAAC;IACP,CAAC;IAED;;OAEG;IACK,YAAY,CAAC,KAAa,EAAE,WAAmB;QACrD,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;8BAiEmB,IAAI,CAAC,UAAU,CAAC,KAAK,CAAC;SAC3C,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC;;;;QAI7B,CAAC;IACP,CAAC;IAED;;OAEG;IACK,cAAc;QACpB,OAAO;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;QAqDH,CAAC;IACP,CAAC;IAED;;OAEG;IACK,UAAU,CAAC,IAAY;QAC7B,MAAM,GAAG,GAA2B;YAClC,GAAG,EAAE,OAAO;YACZ,GAAG,EAAE,MAAM;YACX,GAAG,EAAE,MAAM;YACX,GAAG,EAAE,QAAQ;YACb,GAAG,EAAE,QAAQ;SACd,CAAC;QACF,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;IACjD,CAAC;CACF"}

package/build/auth/service-principal-auth.d.ts

@@ -1,26 +0,0 @@
-/**
- * Service Principal Authentication Provider
- *
- * Uses ConfidentialClientApplication (client credentials flow)
- * for app-to-app authentication with client_id + client_secret.
- *
- * This is the existing authentication mechanism, refactored into the auth module.
- */
-import type { AuthProvider } from './index.js';
-export interface ServicePrincipalConfig {
-    organizationUrl: string;
-    clientId: string;
-    clientSecret: string;
-    tenantId: string;
-}
-export declare class ServicePrincipalAuth implements AuthProvider {
-    private config;
-    private msalClient;
-    private accessToken;
-    private tokenExpirationTime;
-    constructor(config: ServicePrincipalConfig);
-    getAuthMode(): 'service-principal' | 'interactive';
-    getAccessToken(resource: string): Promise<string>;
-    getUserInfo(): Promise<null>;
-}
-//# sourceMappingURL=service-principal-auth.d.ts.map

package/build/auth/service-principal-auth.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"service-principal-auth.d.ts","sourceRoot":"","sources":["../../src/auth/service-principal-auth.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAGH,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAE/C,MAAM,WAAW,sBAAsB;IACrC,eAAe,EAAE,MAAM,CAAC;IACxB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,qBAAa,oBAAqB,YAAW,YAAY;IACvD,OAAO,CAAC,MAAM,CAAyB;IACvC,OAAO,CAAC,UAAU,CAAgC;IAClD,OAAO,CAAC,WAAW,CAAuB;IAC1C,OAAO,CAAC,mBAAmB,CAAa;gBAE5B,MAAM,EAAE,sBAAsB;IAY1C,WAAW,IAAI,mBAAmB,GAAG,aAAa;IAI5C,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAiCjD,WAAW,IAAI,OAAO,CAAC,IAAI,CAAC;CAInC"}

package/build/auth/service-principal-auth.js

@@ -1,60 +0,0 @@
-/**
- * Service Principal Authentication Provider
- *
- * Uses ConfidentialClientApplication (client credentials flow)
- * for app-to-app authentication with client_id + client_secret.
- *
- * This is the existing authentication mechanism, refactored into the auth module.
- */
-import { ConfidentialClientApplication } from '@azure/msal-node';
-export class ServicePrincipalAuth {
-    config;
-    msalClient;
-    accessToken = null;
-    tokenExpirationTime = 0;
-    constructor(config) {
-        this.config = config;
-        this.msalClient = new ConfidentialClientApplication({
-            auth: {
-                clientId: this.config.clientId,
-                clientSecret: this.config.clientSecret,
-                authority: `https://login.microsoftonline.com/${this.config.tenantId}`,
-            },
-        });
-    }
-    getAuthMode() {
-        return 'service-principal';
-    }
-    async getAccessToken(resource) {
-        const currentTime = Date.now();
-        // If we have a token that isn't expired, return it
-        if (this.accessToken && this.tokenExpirationTime > currentTime) {
-            return this.accessToken;
-        }
-        try {
-            // Get a new token using client credentials flow
-            const result = await this.msalClient.acquireTokenByClientCredential({
-                scopes: [`${resource}/.default`],
-            });
-            if (!result || !result.accessToken) {
-                throw new Error('Failed to acquire access token');
-            }
-            this.accessToken = result.accessToken;
-            // Set expiration time (subtract 5 minutes to refresh early)
-            if (result.expiresOn) {
-                this.tokenExpirationTime = result.expiresOn.getTime() - 5 * 60 * 1000;
-            }
-            return this.accessToken;
-        }
-        catch (error) {
-            const errorMessage = error.message || 'Unknown error';
-            console.error('Service Principal authentication failed:', errorMessage);
-            throw new Error(`Service Principal authentication failed: ${errorMessage}`);
-        }
-    }
-    async getUserInfo() {
-        // Service principal doesn't have user info
-        return null;
-    }
-}
-//# sourceMappingURL=service-principal-auth.js.map

package/build/auth/service-principal-auth.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"service-principal-auth.js","sourceRoot":"","sources":["../../src/auth/service-principal-auth.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,6BAA6B,EAAE,MAAM,kBAAkB,CAAC;AAUjE,MAAM,OAAO,oBAAoB;IACvB,MAAM,CAAyB;IAC/B,UAAU,CAAgC;IAC1C,WAAW,GAAkB,IAAI,CAAC;IAClC,mBAAmB,GAAW,CAAC,CAAC;IAExC,YAAY,MAA8B;QACxC,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QAErB,IAAI,CAAC,UAAU,GAAG,IAAI,6BAA6B,CAAC;YAClD,IAAI,EAAE;gBACJ,QAAQ,EAAE,IAAI,CAAC,MAAM,CAAC,QAAQ;gBAC9B,YAAY,EAAE,IAAI,CAAC,MAAM,CAAC,YAAY;gBACtC,SAAS,EAAE,qCAAqC,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE;aACvE;SACF,CAAC,CAAC;IACL,CAAC;IAED,WAAW;QACT,OAAO,mBAAmB,CAAC;IAC7B,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,QAAgB;QACnC,MAAM,WAAW,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QAE/B,mDAAmD;QACnD,IAAI,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,mBAAmB,GAAG,WAAW,EAAE,CAAC;YAC/D,OAAO,IAAI,CAAC,WAAW,CAAC;QAC1B,CAAC;QAED,IAAI,CAAC;YACH,gDAAgD;YAChD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,8BAA8B,CAAC;gBAClE,MAAM,EAAE,CAAC,GAAG,QAAQ,WAAW,CAAC;aACjC,CAAC,CAAC;YAEH,IAAI,CAAC,MAAM,IAAI,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC;gBACnC,MAAM,IAAI,KAAK,CAAC,gCAAgC,CAAC,CAAC;YACpD,CAAC;YAED,IAAI,CAAC,WAAW,GAAG,MAAM,CAAC,WAAW,CAAC;YAEtC,4DAA4D;YAC5D,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;gBACrB,IAAI,CAAC,mBAAmB,GAAG,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;YACxE,CAAC;YAED,OAAO,IAAI,CAAC,WAAW,CAAC;QAC1B,CAAC;QAAC,OAAO,KAAU,EAAE,CAAC;YACpB,MAAM,YAAY,GAAG,KAAK,CAAC,OAAO,IAAI,eAAe,CAAC;YACtD,OAAO,CAAC,KAAK,CAAC,0CAA0C,EAAE,YAAY,CAAC,CAAC;YACxE,MAAM,IAAI,KAAK,CAAC,4CAA4C,YAAY,EAAE,CAAC,CAAC;QAC9E,CAAC;IACH,CAAC;IAED,KAAK,CAAC,WAAW;QACf,2CAA2C;QAC3C,OAAO,IAAI,CAAC;IACd,CAAC;CACF"}