@mcp-z/client 1.0.0

package/AGENTS.md

@@ -0,0 +1,159 @@
+# MCP Examples for AI Agents
+
+Quick-start examples for building scripts with MCP servers using `@mcp-z/client`.
+
+## Install
+
+```bash
+npm install @mcp-z/client
+```
+
+## Quick Peek
+
+```javascript
+import { createServerRegistry } from '@mcp-z/client';
+
+const registry = createServerRegistry({ todoist: { url: 'https://ai.todoist.net/mcp' } });
+const client = await registry.connect('todoist');
+await client.callTool('add-tasks', { tasks: [{ content: 'My task', priority: 4 }] });
+await registry.close();
+```
+
+## Full Example: Todoist Task Management
+
+```javascript
+/**
+ * This example shows how to use @mcp-z/client to manage tasks via Todoist.
+ * Copy this and modify it for your needs!
+ *
+ * PREREQUISITES:
+ *   npm install @mcp-z/client                     # the client library for typescript / javascript
+ *   npm install @mcp-z/cli                        # the cli command is "mcpz". Run "mcpz --help" for a full list of commands
+ *
+ * DISCOVERY (find tools before writing code):
+ *   npx @mcp-z/cli search "add task"              # Find the tool you need
+ *   npx @mcp-z/cli inspect --servers todoist      # See all available tools
+ *   npx @mcp-z/cli call-tool todoist add-tasks '{}' # Test it works
+ *
+ * TIP: Or load your own .mcp.json file instead of inline config:
+ *   const config = JSON.parse(fs.readFileSync('.mcp.json', 'utf-8'));
+ *   const registry = createServerRegistry(config.mcpServers);
+ */
+
+import { createServerRegistry } from '@mcp-z/client';
+
+// Configure your MCP servers (inline, or load from .mcp.json file)
+const servers = {
+  todoist: {
+    url: 'https://ai.todoist.net/mcp'
+  }
+};
+
+async function main() {
+  const registry = createServerRegistry(servers);
+
+  try {
+    console.log('🚀 Connecting to Todoist...');
+    const client = await registry.connect('todoist');
+
+    console.log('✅ Connected! Adding task...');
+
+    // Add a task to Todoist
+    // See available tools: npx @mcp-z/cli inspect --servers todoist
+    await client.callTool('add-tasks', {
+      tasks: [
+        {
+          content: 'Learn MCP with @mcp-z/client',
+          projectId: undefined, // Optional: add to specific project
+          priority: 4           // 1-4, where 4 is highest
+        }
+      ]
+    });
+
+    console.log('✅ Task added successfully!');
+
+    // List tasks (discovery first: npx @mcp-z/cli inspect --servers todoist)
+    console.log('\n📋 Fetching tasks...');
+    const findResponse = await client.callTool('find-tasks', {
+      searchText: 'Learn MCP'
+    });
+
+    console.log('✅ Tasks found:', findResponse.json());
+
+  } catch (error) {
+    console.error('❌ Error:', error.message);
+    process.exit(1);
+  } finally {
+    console.log('🔒 Closing connection...');
+    await registry.close();
+    console.log('✅ Done!');
+  }
+}
+
+main();
+```
+
+## The Pattern
+
+Once you understand this example, you understand them all:
+
+```javascript
+import { createServerRegistry } from '@mcp-z/client';
+
+const registry = createServerRegistry(servers);  // Configure servers
+try {
+  const client = await registry.connect('server-name');  // Connect
+  await client.callTool('tool-name', { /* args */ });    // Use tools
+} finally {
+  await registry.close();  // Always cleanup
+}
+```
+
+**Configure servers inline or from `.mcp.json`:**
+```javascript
+// Inline config
+const servers = { todoist: { url: '...' } };
+
+// Or load from file
+const config = JSON.parse(fs.readFileSync('.mcp.json', 'utf-8'));
+const servers = config.mcpServers;
+```
+
+## Discovery Workflow
+
+**Before writing code, discover what's available:**
+
+1. **Search for tools:**
+   ```bash
+   npx @mcp-z/cli search "add task"
+   ```
+
+2. **Inspect a server:**
+   ```bash
+   npx @mcp-z/cli inspect --servers todoist
+   ```
+
+3. **Test a tool:**
+   ```bash
+   npx @mcp-z/cli call-tool todoist add-tasks '{"tasks":[{"content":"Test"}]}'
+   ```
+
+4. **Write your script** using `@mcp-z/client`
+
+## Available Public Servers
+
+These servers don't need special setup - just use their URLs:
+
+- **Todoist**: `https://ai.todoist.net/mcp`
+- **Notion**: `https://mcp.notion.com/mcp`
+
+Private servers (require authentication):
+- Google Sheets, Drive, Gmail, Outlook, PDF (contact us for access)
+
+## Need Help?
+
+1. **Discover tools**: `npx @mcp-z/cli search <query>`
+2. **See all tools**: `npx @mcp-z/cli inspect --servers <server>`
+3. **Test first**: `npx @mcp-z/cli call-tool <server> <tool> '{}'`
+
+Once you know a tool works via CLI, use it in your script with `@mcp-z/client`!

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Kevin Malakoff
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,90 @@
+# @mcp-z/client
+
+Docs: https://mcp-z.github.io/client
+Programmatic MCP client for spawning, connecting to, and calling MCP servers.
+
+## Common uses
+
+- Run MCP tools from scripts
+- Connect to multiple servers in one process
+- Integration tests for MCP servers
+
+## Install
+
+```bash
+npm install --save-dev @mcp-z/client
+```
+
+Requires Node.js >= 22.
+
+## Quick start
+
+```ts
+import { createServerRegistry } from '@mcp-z/client';
+
+const registry = createServerRegistry({
+  todoist: { url: 'https://ai.todoist.net/mcp', type: 'http' }
+});
+
+const client = await registry.connect('todoist');
+await client.callTool('add-tasks', {
+  tasks: [{ content: 'Learn MCP', priority: 4 }]
+});
+
+await registry.close();
+```
+
+## Configuration
+
+MCP supports stdio and HTTP.
+
+**Stdio**
+```ts
+{
+  echo: {
+    command: 'node',
+    args: ['server.js'],
+    env: { LOG_LEVEL: 'info' }
+  }
+}
+```
+
+**HTTP**
+```ts
+{
+  todoist: {
+    type: 'http',
+    url: 'https://ai.todoist.net/mcp',
+    headers: { Authorization: 'Bearer token' }
+  }
+}
+```
+
+## API basics
+
+- `createServerRegistry(config, options?)`
+- `registry.connect(name)`
+- `client.callTool(name, args)`
+- `client.listTools()` / `client.listResources()` / `client.listPrompts()`
+- `registry.close()`
+
+## OAuth (DCR)
+
+If an HTTP server supports DCR, pass a token store:
+
+```ts
+import Keyv from 'keyv';
+import { createServerRegistry } from '@mcp-z/client';
+
+const registry = createServerRegistry({
+  todoist: { type: 'http', url: 'https://ai.todoist.net/mcp' }
+});
+
+const client = await registry.connect('todoist', {
+  dcrAuthenticator: { tokenStore: new Keyv() }
+});
+```
+
+## Requirements
+
+- Node.js >= 22

package/dist/cjs/auth/capability-discovery.d.cts

@@ -0,0 +1,25 @@
+/**
+ * OAuth Server Capability Discovery
+ * Probes RFC 9728 (Protected Resource) and RFC 8414 (Authorization Server) metadata
+ */
+import type { AuthCapabilities } from './types.js';
+/**
+ * Probe OAuth server capabilities using RFC 9728 → RFC 8414 discovery chain
+ * Returns capabilities including DCR support detection
+ *
+ * Discovery Strategy:
+ * 1. Try RFC 9728 Protected Resource Metadata (supports cross-domain OAuth)
+ * 2. If found, use first authorization_server to discover RFC 8414 Authorization Server Metadata
+ * 3. Fall back to direct RFC 8414 discovery at resource origin
+ *
+ * @param baseUrl - Base URL of the protected resource (e.g., https://ai.todoist.net/mcp)
+ * @returns AuthCapabilities object with discovered endpoints and features
+ *
+ * @example
+ * // Todoist case: MCP at ai.todoist.net/mcp, OAuth at todoist.com
+ * const caps = await probeAuthCapabilities('https://ai.todoist.net/mcp');
+ * if (caps.supportsDcr) {
+ *   console.log('Registration endpoint:', caps.registrationEndpoint);
+ * }
+ */
+export declare function probeAuthCapabilities(baseUrl: string): Promise<AuthCapabilities>;

package/dist/cjs/auth/capability-discovery.d.ts

@@ -0,0 +1,25 @@
+/**
+ * OAuth Server Capability Discovery
+ * Probes RFC 9728 (Protected Resource) and RFC 8414 (Authorization Server) metadata
+ */
+import type { AuthCapabilities } from './types.js';
+/**
+ * Probe OAuth server capabilities using RFC 9728 → RFC 8414 discovery chain
+ * Returns capabilities including DCR support detection
+ *
+ * Discovery Strategy:
+ * 1. Try RFC 9728 Protected Resource Metadata (supports cross-domain OAuth)
+ * 2. If found, use first authorization_server to discover RFC 8414 Authorization Server Metadata
+ * 3. Fall back to direct RFC 8414 discovery at resource origin
+ *
+ * @param baseUrl - Base URL of the protected resource (e.g., https://ai.todoist.net/mcp)
+ * @returns AuthCapabilities object with discovered endpoints and features
+ *
+ * @example
+ * // Todoist case: MCP at ai.todoist.net/mcp, OAuth at todoist.com
+ * const caps = await probeAuthCapabilities('https://ai.todoist.net/mcp');
+ * if (caps.supportsDcr) {
+ *   console.log('Registration endpoint:', caps.registrationEndpoint);
+ * }
+ */
+export declare function probeAuthCapabilities(baseUrl: string): Promise<AuthCapabilities>;

package/dist/cjs/auth/capability-discovery.js

@@ -0,0 +1,280 @@
+/**
+ * OAuth Server Capability Discovery
+ * Probes RFC 9728 (Protected Resource) and RFC 8414 (Authorization Server) metadata
+ */ "use strict";
+Object.defineProperty(exports, "__esModule", {
+    value: true
+});
+Object.defineProperty(exports, "probeAuthCapabilities", {
+    enumerable: true,
+    get: function() {
+        return probeAuthCapabilities;
+    }
+});
+var _rfc9728discoveryts = require("./rfc9728-discovery.js");
+function asyncGeneratorStep(gen, resolve, reject, _next, _throw, key, arg) {
+    try {
+        var info = gen[key](arg);
+        var value = info.value;
+    } catch (error) {
+        reject(error);
+        return;
+    }
+    if (info.done) {
+        resolve(value);
+    } else {
+        Promise.resolve(value).then(_next, _throw);
+    }
+}
+function _async_to_generator(fn) {
+    return function() {
+        var self = this, args = arguments;
+        return new Promise(function(resolve, reject) {
+            var gen = fn.apply(self, args);
+            function _next(value) {
+                asyncGeneratorStep(gen, resolve, reject, _next, _throw, "next", value);
+            }
+            function _throw(err) {
+                asyncGeneratorStep(gen, resolve, reject, _next, _throw, "throw", err);
+            }
+            _next(undefined);
+        });
+    };
+}
+function _ts_generator(thisArg, body) {
+    var f, y, t, _ = {
+        label: 0,
+        sent: function() {
+            if (t[0] & 1) throw t[1];
+            return t[1];
+        },
+        trys: [],
+        ops: []
+    }, g = Object.create((typeof Iterator === "function" ? Iterator : Object).prototype), d = Object.defineProperty;
+    return d(g, "next", {
+        value: verb(0)
+    }), d(g, "throw", {
+        value: verb(1)
+    }), d(g, "return", {
+        value: verb(2)
+    }), typeof Symbol === "function" && d(g, Symbol.iterator, {
+        value: function() {
+            return this;
+        }
+    }), g;
+    function verb(n) {
+        return function(v) {
+            return step([
+                n,
+                v
+            ]);
+        };
+    }
+    function step(op) {
+        if (f) throw new TypeError("Generator is already executing.");
+        while(g && (g = 0, op[0] && (_ = 0)), _)try {
+            if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
+            if (y = 0, t) op = [
+                op[0] & 2,
+                t.value
+            ];
+            switch(op[0]){
+                case 0:
+                case 1:
+                    t = op;
+                    break;
+                case 4:
+                    _.label++;
+                    return {
+                        value: op[1],
+                        done: false
+                    };
+                case 5:
+                    _.label++;
+                    y = op[1];
+                    op = [
+                        0
+                    ];
+                    continue;
+                case 7:
+                    op = _.ops.pop();
+                    _.trys.pop();
+                    continue;
+                default:
+                    if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) {
+                        _ = 0;
+                        continue;
+                    }
+                    if (op[0] === 3 && (!t || op[1] > t[0] && op[1] < t[3])) {
+                        _.label = op[1];
+                        break;
+                    }
+                    if (op[0] === 6 && _.label < t[1]) {
+                        _.label = t[1];
+                        t = op;
+                        break;
+                    }
+                    if (t && _.label < t[2]) {
+                        _.label = t[2];
+                        _.ops.push(op);
+                        break;
+                    }
+                    if (t[2]) _.ops.pop();
+                    _.trys.pop();
+                    continue;
+            }
+            op = body.call(thisArg, _);
+        } catch (e) {
+            op = [
+                6,
+                e
+            ];
+            y = 0;
+        } finally{
+            f = t = 0;
+        }
+        if (op[0] & 5) throw op[1];
+        return {
+            value: op[0] ? op[1] : void 0,
+            done: true
+        };
+    }
+}
+/**
+ * Extract origin (protocol + host) from a URL
+ * @param url - Full URL that may include a path
+ * @returns Origin (e.g., "https://example.com") or original string if invalid URL
+ *
+ * @example
+ * getOrigin('https://example.com/mcp') // → 'https://example.com'
+ * getOrigin('http://localhost:9999/api/v1/mcp') // → 'http://localhost:9999'
+ */ function getOrigin(url) {
+    try {
+        return new URL(url).origin;
+    } catch (unused) {
+        // Invalid URL - return as-is for graceful degradation
+        return url;
+    }
+}
+function probeAuthCapabilities(baseUrl) {
+    return _async_to_generator(function() {
+        var resourceMetadata, authServerUrl, authServerMetadata, supportsDcr, capabilities, scopes, origin, authServerMetadata1, supportsDcr1, capabilities1, _error;
+        return _ts_generator(this, function(_state) {
+            switch(_state.label){
+                case 0:
+                    _state.trys.push([
+                        0,
+                        5,
+                        ,
+                        6
+                    ]);
+                    return [
+                        4,
+                        (0, _rfc9728discoveryts.discoverProtectedResourceMetadata)(baseUrl)
+                    ];
+                case 1:
+                    resourceMetadata = _state.sent();
+                    if (!(resourceMetadata && resourceMetadata.authorization_servers.length > 0)) return [
+                        3,
+                        3
+                    ];
+                    // Found protected resource metadata with authorization servers
+                    // Discover the authorization server's metadata (RFC 8414)
+                    authServerUrl = resourceMetadata.authorization_servers[0];
+                    if (!authServerUrl) {
+                        // Array has length > 0 but first element is undefined/null - skip this path
+                        return [
+                            2,
+                            {
+                                supportsDcr: false
+                            }
+                        ];
+                    }
+                    return [
+                        4,
+                        (0, _rfc9728discoveryts.discoverAuthorizationServerMetadata)(authServerUrl)
+                    ];
+                case 2:
+                    authServerMetadata = _state.sent();
+                    if (authServerMetadata) {
+                        // Successfully discovered full OAuth metadata via RFC 9728 → RFC 8414 chain
+                        supportsDcr = !!authServerMetadata.registration_endpoint;
+                        capabilities = {
+                            supportsDcr: supportsDcr
+                        };
+                        if (authServerMetadata.registration_endpoint) {
+                            capabilities.registrationEndpoint = authServerMetadata.registration_endpoint;
+                        }
+                        if (authServerMetadata.authorization_endpoint) {
+                            capabilities.authorizationEndpoint = authServerMetadata.authorization_endpoint;
+                        }
+                        if (authServerMetadata.token_endpoint) capabilities.tokenEndpoint = authServerMetadata.token_endpoint;
+                        if (authServerMetadata.introspection_endpoint) {
+                            capabilities.introspectionEndpoint = authServerMetadata.introspection_endpoint;
+                        }
+                        // Prefer resource scopes over auth server scopes
+                        scopes = resourceMetadata.scopes_supported || authServerMetadata.scopes_supported;
+                        if (scopes) capabilities.scopes = scopes;
+                        return [
+                            2,
+                            capabilities
+                        ];
+                    }
+                    _state.label = 3;
+                case 3:
+                    // Strategy 2: Fall back to direct RFC 8414 discovery at resource origin
+                    // This handles same-domain OAuth (traditional setup)
+                    origin = getOrigin(baseUrl);
+                    return [
+                        4,
+                        (0, _rfc9728discoveryts.discoverAuthorizationServerMetadata)(origin)
+                    ];
+                case 4:
+                    authServerMetadata1 = _state.sent();
+                    if (authServerMetadata1) {
+                        supportsDcr1 = !!authServerMetadata1.registration_endpoint;
+                        capabilities1 = {
+                            supportsDcr: supportsDcr1
+                        };
+                        if (authServerMetadata1.registration_endpoint) {
+                            capabilities1.registrationEndpoint = authServerMetadata1.registration_endpoint;
+                        }
+                        if (authServerMetadata1.authorization_endpoint) {
+                            capabilities1.authorizationEndpoint = authServerMetadata1.authorization_endpoint;
+                        }
+                        if (authServerMetadata1.token_endpoint) capabilities1.tokenEndpoint = authServerMetadata1.token_endpoint;
+                        if (authServerMetadata1.introspection_endpoint) {
+                            capabilities1.introspectionEndpoint = authServerMetadata1.introspection_endpoint;
+                        }
+                        if (authServerMetadata1.scopes_supported) capabilities1.scopes = authServerMetadata1.scopes_supported;
+                        return [
+                            2,
+                            capabilities1
+                        ];
+                    }
+                    // No OAuth metadata found
+                    return [
+                        2,
+                        {
+                            supportsDcr: false
+                        }
+                    ];
+                case 5:
+                    _error = _state.sent();
+                    // Network error, invalid JSON, or other fetch failure
+                    // Gracefully degrade - assume no DCR support
+                    return [
+                        2,
+                        {
+                            supportsDcr: false
+                        }
+                    ];
+                case 6:
+                    return [
+                        2
+                    ];
+            }
+        });
+    })();
+}
+/* CJS INTEROP */ if (exports.__esModule && exports.default) { try { Object.defineProperty(exports.default, '__esModule', { value: true }); for (var key in exports) { exports.default[key] = exports[key]; } } catch (_) {}; module.exports = exports.default; }

package/dist/cjs/auth/capability-discovery.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["/Users/kevin/Dev/Projects/ai/mcp-z/libs/client/src/auth/capability-discovery.ts"],"sourcesContent":["/**\n * OAuth Server Capability Discovery\n * Probes RFC 9728 (Protected Resource) and RFC 8414 (Authorization Server) metadata\n */\n\nimport { discoverAuthorizationServerMetadata, discoverProtectedResourceMetadata } from './rfc9728-discovery.ts';\nimport type { AuthCapabilities } from './types.ts';\n\n/**\n * Extract origin (protocol + host) from a URL\n * @param url - Full URL that may include a path\n * @returns Origin (e.g., \"https://example.com\") or original string if invalid URL\n *\n * @example\n * getOrigin('https://example.com/mcp') // → 'https://example.com'\n * getOrigin('http://localhost:9999/api/v1/mcp') // → 'http://localhost:9999'\n */\nfunction getOrigin(url: string): string {\n  try {\n    return new URL(url).origin;\n  } catch {\n    // Invalid URL - return as-is for graceful degradation\n    return url;\n  }\n}\n\n/**\n * Probe OAuth server capabilities using RFC 9728 → RFC 8414 discovery chain\n * Returns capabilities including DCR support detection\n *\n * Discovery Strategy:\n * 1. Try RFC 9728 Protected Resource Metadata (supports cross-domain OAuth)\n * 2. If found, use first authorization_server to discover RFC 8414 Authorization Server Metadata\n * 3. Fall back to direct RFC 8414 discovery at resource origin\n *\n * @param baseUrl - Base URL of the protected resource (e.g., https://ai.todoist.net/mcp)\n * @returns AuthCapabilities object with discovered endpoints and features\n *\n * @example\n * // Todoist case: MCP at ai.todoist.net/mcp, OAuth at todoist.com\n * const caps = await probeAuthCapabilities('https://ai.todoist.net/mcp');\n * if (caps.supportsDcr) {\n *   console.log('Registration endpoint:', caps.registrationEndpoint);\n * }\n */\nexport async function probeAuthCapabilities(baseUrl: string): Promise<AuthCapabilities> {\n  try {\n    // Strategy 1: Try RFC 9728 Protected Resource Metadata discovery\n    // This handles cross-domain OAuth (e.g., Todoist: ai.todoist.net/mcp → todoist.com)\n    const resourceMetadata = await discoverProtectedResourceMetadata(baseUrl);\n\n    if (resourceMetadata && resourceMetadata.authorization_servers.length > 0) {\n      // Found protected resource metadata with authorization servers\n      // Discover the authorization server's metadata (RFC 8414)\n      const authServerUrl = resourceMetadata.authorization_servers[0];\n      if (!authServerUrl) {\n        // Array has length > 0 but first element is undefined/null - skip this path\n        return { supportsDcr: false };\n      }\n      const authServerMetadata = await discoverAuthorizationServerMetadata(authServerUrl);\n\n      if (authServerMetadata) {\n        // Successfully discovered full OAuth metadata via RFC 9728 → RFC 8414 chain\n        const supportsDcr = !!authServerMetadata.registration_endpoint;\n        const capabilities: AuthCapabilities = { supportsDcr };\n\n        if (authServerMetadata.registration_endpoint) {\n          capabilities.registrationEndpoint = authServerMetadata.registration_endpoint;\n        }\n        if (authServerMetadata.authorization_endpoint) {\n          capabilities.authorizationEndpoint = authServerMetadata.authorization_endpoint;\n        }\n        if (authServerMetadata.token_endpoint) capabilities.tokenEndpoint = authServerMetadata.token_endpoint;\n        if (authServerMetadata.introspection_endpoint) {\n          capabilities.introspectionEndpoint = authServerMetadata.introspection_endpoint;\n        }\n\n        // Prefer resource scopes over auth server scopes\n        const scopes = resourceMetadata.scopes_supported || authServerMetadata.scopes_supported;\n        if (scopes) capabilities.scopes = scopes;\n\n        return capabilities;\n      }\n    }\n\n    // Strategy 2: Fall back to direct RFC 8414 discovery at resource origin\n    // This handles same-domain OAuth (traditional setup)\n    const origin = getOrigin(baseUrl);\n    const authServerMetadata = await discoverAuthorizationServerMetadata(origin);\n\n    if (authServerMetadata) {\n      const supportsDcr = !!authServerMetadata.registration_endpoint;\n      const capabilities: AuthCapabilities = { supportsDcr };\n\n      if (authServerMetadata.registration_endpoint) {\n        capabilities.registrationEndpoint = authServerMetadata.registration_endpoint;\n      }\n      if (authServerMetadata.authorization_endpoint) {\n        capabilities.authorizationEndpoint = authServerMetadata.authorization_endpoint;\n      }\n      if (authServerMetadata.token_endpoint) capabilities.tokenEndpoint = authServerMetadata.token_endpoint;\n      if (authServerMetadata.introspection_endpoint) {\n        capabilities.introspectionEndpoint = authServerMetadata.introspection_endpoint;\n      }\n      if (authServerMetadata.scopes_supported) capabilities.scopes = authServerMetadata.scopes_supported;\n\n      return capabilities;\n    }\n\n    // No OAuth metadata found\n    return { supportsDcr: false };\n  } catch (_error) {\n    // Network error, invalid JSON, or other fetch failure\n    // Gracefully degrade - assume no DCR support\n    return { supportsDcr: false };\n  }\n}\n"],"names":["probeAuthCapabilities","getOrigin","url","URL","origin","baseUrl","resourceMetadata","authServerUrl","authServerMetadata","supportsDcr","capabilities","scopes","_error","discoverProtectedResourceMetadata","authorization_servers","length","discoverAuthorizationServerMetadata","registration_endpoint","registrationEndpoint","authorization_endpoint","authorizationEndpoint","token_endpoint","tokenEndpoint","introspection_endpoint","introspectionEndpoint","scopes_supported"],"mappings":"AAAA;;;CAGC;;;;+BA0CqBA;;;eAAAA;;;kCAxCiE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAGvF;;;;;;;;CAQC,GACD,SAASC,UAAUC,GAAW;IAC5B,IAAI;QACF,OAAO,IAAIC,IAAID,KAAKE,MAAM;IAC5B,EAAE,eAAM;QACN,sDAAsD;QACtD,OAAOF;IACT;AACF;AAqBO,SAAeF,sBAAsBK,OAAe;;YAIjDC,kBAKEC,eAKAC,oBAIEC,aACAC,cAcAC,QASJP,QACAI,qBAGEC,cACAC,eAmBDE;;;;;;;;;;oBA9DkB;;wBAAMC,IAAAA,qDAAiC,EAACR;;;oBAA3DC,mBAAmB;yBAErBA,CAAAA,oBAAoBA,iBAAiBQ,qBAAqB,CAACC,MAAM,GAAG,CAAA,GAApET;;;;oBACF,+DAA+D;oBAC/D,0DAA0D;oBACpDC,gBAAgBD,iBAAiBQ,qBAAqB,CAAC,EAAE;oBAC/D,IAAI,CAACP,eAAe;wBAClB,4EAA4E;wBAC5E;;4BAAO;gCAAEE,aAAa;4BAAM;;oBAC9B;oBAC2B;;wBAAMO,IAAAA,uDAAmC,EAACT;;;oBAA/DC,qBAAqB;oBAE3B,IAAIA,oBAAoB;wBACtB,4EAA4E;wBACtEC,cAAc,CAAC,CAACD,mBAAmBS,qBAAqB;wBACxDP,eAAiC;4BAAED,aAAAA;wBAAY;wBAErD,IAAID,mBAAmBS,qBAAqB,EAAE;4BAC5CP,aAAaQ,oBAAoB,GAAGV,mBAAmBS,qBAAqB;wBAC9E;wBACA,IAAIT,mBAAmBW,sBAAsB,EAAE;4BAC7CT,aAAaU,qBAAqB,GAAGZ,mBAAmBW,sBAAsB;wBAChF;wBACA,IAAIX,mBAAmBa,cAAc,EAAEX,aAAaY,aAAa,GAAGd,mBAAmBa,cAAc;wBACrG,IAAIb,mBAAmBe,sBAAsB,EAAE;4BAC7Cb,aAAac,qBAAqB,GAAGhB,mBAAmBe,sBAAsB;wBAChF;wBAEA,iDAAiD;wBAC3CZ,SAASL,iBAAiBmB,gBAAgB,IAAIjB,mBAAmBiB,gBAAgB;wBACvF,IAAId,QAAQD,aAAaC,MAAM,GAAGA;wBAElC;;4BAAOD;;oBACT;;;oBAGF,wEAAwE;oBACxE,qDAAqD;oBAC/CN,SAASH,UAAUI;oBACE;;wBAAMW,IAAAA,uDAAmC,EAACZ;;;oBAA/DI,sBAAqB;oBAE3B,IAAIA,qBAAoB;wBAChBC,eAAc,CAAC,CAACD,oBAAmBS,qBAAqB;wBACxDP,gBAAiC;4BAAED,aAAAA;wBAAY;wBAErD,IAAID,oBAAmBS,qBAAqB,EAAE;4BAC5CP,cAAaQ,oBAAoB,GAAGV,oBAAmBS,qBAAqB;wBAC9E;wBACA,IAAIT,oBAAmBW,sBAAsB,EAAE;4BAC7CT,cAAaU,qBAAqB,GAAGZ,oBAAmBW,sBAAsB;wBAChF;wBACA,IAAIX,oBAAmBa,cAAc,EAAEX,cAAaY,aAAa,GAAGd,oBAAmBa,cAAc;wBACrG,IAAIb,oBAAmBe,sBAAsB,EAAE;4BAC7Cb,cAAac,qBAAqB,GAAGhB,oBAAmBe,sBAAsB;wBAChF;wBACA,IAAIf,oBAAmBiB,gBAAgB,EAAEf,cAAaC,MAAM,GAAGH,oBAAmBiB,gBAAgB;wBAElG;;4BAAOf;;oBACT;oBAEA,0BAA0B;oBAC1B;;wBAAO;4BAAED,aAAa;wBAAM;;;oBACrBG;oBACP,sDAAsD;oBACtD,6CAA6C;oBAC7C;;wBAAO;4BAAEH,aAAa;wBAAM;;;;;;;;IAEhC"}

package/dist/cjs/auth/index.d.cts

@@ -0,0 +1,9 @@
+/**
+ * Authentication Module
+ * Exports public API for OAuth authentication only (DCR moved to ../dcr/)
+ */
+export { probeAuthCapabilities } from './capability-discovery.js';
+export { InteractiveOAuthFlow } from './interactive-oauth-flow.js';
+export type { OAuthCallbackListenerOptions } from './oauth-callback-listener.js';
+export { OAuthCallbackListener } from './oauth-callback-listener.js';
+export type { AuthCapabilities, CallbackResult, OAuthFlowOptions, TokenSet } from './types.js';

package/dist/cjs/auth/index.d.ts

@@ -0,0 +1,9 @@
+/**
+ * Authentication Module
+ * Exports public API for OAuth authentication only (DCR moved to ../dcr/)
+ */
+export { probeAuthCapabilities } from './capability-discovery.js';
+export { InteractiveOAuthFlow } from './interactive-oauth-flow.js';
+export type { OAuthCallbackListenerOptions } from './oauth-callback-listener.js';
+export { OAuthCallbackListener } from './oauth-callback-listener.js';
+export type { AuthCapabilities, CallbackResult, OAuthFlowOptions, TokenSet } from './types.js';

package/dist/cjs/auth/index.js

@@ -0,0 +1,28 @@
+/**
+ * Authentication Module
+ * Exports public API for OAuth authentication only (DCR moved to ../dcr/)
+ */ "use strict";
+Object.defineProperty(exports, "__esModule", {
+    value: true
+});
+function _export(target, all) {
+    for(var name in all)Object.defineProperty(target, name, {
+        enumerable: true,
+        get: Object.getOwnPropertyDescriptor(all, name).get
+    });
+}
+_export(exports, {
+    get InteractiveOAuthFlow () {
+        return _interactiveoauthflowts.InteractiveOAuthFlow;
+    },
+    get OAuthCallbackListener () {
+        return _oauthcallbacklistenerts.OAuthCallbackListener;
+    },
+    get probeAuthCapabilities () {
+        return _capabilitydiscoveryts.probeAuthCapabilities;
+    }
+});
+var _capabilitydiscoveryts = require("./capability-discovery.js");
+var _interactiveoauthflowts = require("./interactive-oauth-flow.js");
+var _oauthcallbacklistenerts = require("./oauth-callback-listener.js");
+/* CJS INTEROP */ if (exports.__esModule && exports.default) { try { Object.defineProperty(exports.default, '__esModule', { value: true }); for (var key in exports) { exports.default[key] = exports[key]; } } catch (_) {}; module.exports = exports.default; }

package/dist/cjs/auth/index.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["/Users/kevin/Dev/Projects/ai/mcp-z/libs/client/src/auth/index.ts"],"sourcesContent":["/**\n * Authentication Module\n * Exports public API for OAuth authentication only (DCR moved to ../dcr/)\n */\n\nexport { probeAuthCapabilities } from './capability-discovery.ts';\nexport { InteractiveOAuthFlow } from './interactive-oauth-flow.ts';\nexport type { OAuthCallbackListenerOptions } from './oauth-callback-listener.ts';\nexport { OAuthCallbackListener } from './oauth-callback-listener.ts';\nexport type { AuthCapabilities, CallbackResult, OAuthFlowOptions, TokenSet } from './types.ts';\n"],"names":["InteractiveOAuthFlow","OAuthCallbackListener","probeAuthCapabilities"],"mappings":"AAAA;;;CAGC;;;;;;;;;;;QAGQA;eAAAA,4CAAoB;;QAEpBC;eAAAA,8CAAqB;;QAHrBC;eAAAA,4CAAqB;;;qCAAQ;sCACD;uCAEC"}