@mjquinlan2000/practicepanther-mcp 0.1.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Michael Quinlan
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,130 @@
+# @mjquinlan2000/practicepanther-mcp
+
+MCP server for the [PracticePanther](https://www.practicepanther.com/) legal practice management API. Exposes PracticePanther's REST API as MCP tools so AI assistants (Claude Desktop, etc.) can read data from PracticePanther accounts.
+
+## Installation
+
+```sh
+npm install @mjquinlan2000/practicepanther-mcp
+# or run directly
+npx @mjquinlan2000/practicepanther-mcp
+```
+
+## Setup
+
+### 1. Obtain API credentials
+
+Register an OAuth2 application in PracticePanther to get a client ID and secret.
+
+### 2. Set environment variables
+
+```sh
+export PP_CLIENT_ID=your_client_id
+export PP_CLIENT_SECRET=your_client_secret
+export PP_REDIRECT_URI=http://127.0.0.1:8080/callback
+```
+
+### 3. Authenticate
+
+```sh
+# Initial OAuth2 authorization (opens browser)
+yarn auth
+
+# Refresh an expired token
+yarn auth:refresh
+```
+
+Tokens are persisted to `~/.config/practicepanther-mcp/tokens.json` and auto-refresh when the server runs.
+
+Alternatively, set `PP_ACCESS_TOKEN` directly to skip the OAuth flow.
+
+## MCP Client Configuration
+
+Add to your MCP client config (e.g. Claude Desktop `claude_desktop_config.json`):
+
+```json
+{
+  "mcpServers": {
+    "practicepanther": {
+      "command": "npx",
+      "args": ["@mjquinlan2000/practicepanther-mcp"],
+      "env": {
+        "PP_CLIENT_ID": "your_client_id",
+        "PP_CLIENT_SECRET": "your_client_secret"
+      }
+    }
+  }
+}
+```
+
+For local development with `tsx`:
+
+```json
+{
+  "mcpServers": {
+    "practicepanther": {
+      "command": "tsx",
+      "args": ["src/server.ts"],
+      "env": {
+        "PP_CLIENT_ID": "${PP_CLIENT_ID}",
+        "PP_CLIENT_SECRET": "${PP_CLIENT_SECRET}"
+      }
+    }
+  }
+}
+```
+
+## Available Tools
+
+The server registers tools for the following PracticePanther entities. Each entity has a `get_<entity>` (by ID) and `list_<entities>` tool unless noted otherwise.
+
+| Entity | Tools |
+|--------|-------|
+| Accounts | `get_account`, `list_accounts` |
+| Bank Accounts | `get_bank_account`, `list_bank_accounts` |
+| Call Logs | `get_call_log`, `list_call_logs` |
+| Contacts | `get_contact`, `list_contacts` |
+| Custom Fields | `get_custom_field`, `list_custom_fields_for_company`, `list_custom_fields_for_matter`, `list_custom_fields_for_contact` |
+| Emails | `get_email`, `list_emails` |
+| Events | `get_event`, `list_events` |
+| Expense Categories | `get_expense_category`, `list_expense_categories` |
+| Expenses | `get_expense`, `list_expenses` |
+| Files | `get_file`, `download_file`, `list_files` |
+| Flat Fees | `get_flat_fee`, `list_flat_fees` |
+| Invoices | `get_invoice`, `list_invoices` |
+| Items | `get_item`, `list_items` |
+| Matters | `get_matter`, `list_matters` |
+| Messages | `list_messages` |
+| Notes | `get_note`, `list_notes` |
+| Payments | `get_payment`, `list_payments` |
+| Relationships | `get_relationship`, `list_relationships` |
+| Tags | `list_account_tags`, `list_matter_tags`, `list_activity_tags` |
+| Tasks | `get_task`, `list_tasks` |
+| Time Entries | `get_time_entry`, `list_time_entries` |
+| Users | `get_me`, `get_user`, `list_users` |
+
+## Development
+
+```sh
+yarn start          # Run server locally (stdio transport)
+yarn build          # Bundle with tsup
+yarn typecheck      # Type-check with tsc --noEmit
+yarn spec:generate  # Fetch Swagger spec, convert to OpenAPI 3, regenerate typed client
+```
+
+## Project Structure
+
+```
+src/
+├── server.ts       # MCP server entry point — registers all tools
+├── schemas.ts      # Zod schemas for shaping API responses
+├── auth.ts         # OAuth2 config (delegates to shared oauth utility)
+├── pp.ts           # Configures generated HTTP client with base URL + auth
+└── client/         # Auto-generated typed API client (do not edit)
+```
+
+## Adding a New Entity
+
+1. Import the SDK functions from `./client/index.js`
+2. Define a Zod schema in `schemas.ts`
+3. Register `get_` and `list_` tools in `server.ts`

package/dist/auth.d.ts

@@ -0,0 +1,4 @@
+declare const getAccessToken: () => Promise<string>;
+declare const runCli: (command?: string) => void;
+
+export { getAccessToken, runCli };

package/dist/auth.js

@@ -0,0 +1,9 @@
+import {
+  getAccessToken,
+  runCli
+} from "./chunk-A6QUURB5.js";
+export {
+  getAccessToken,
+  runCli
+};
+//# sourceMappingURL=auth.js.map

package/dist/auth.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/dist/chunk-A6QUURB5.js

@@ -0,0 +1,234 @@
+// ../shared/dist/oauth.js
+import { execSync } from "child_process";
+import { randomBytes } from "crypto";
+import { mkdir, readFile, writeFile } from "fs/promises";
+import { createServer } from "http";
+import { homedir } from "os";
+import { join } from "path";
+function isRefreshable(tokens) {
+  return "refresh_token" in tokens;
+}
+function createAuth(config) {
+  const configDir = join(homedir(), ".config", config.name);
+  const tokensPath = join(configDir, "tokens.json");
+  async function readTokens() {
+    try {
+      const data = await readFile(tokensPath, "utf-8");
+      return JSON.parse(data);
+    } catch {
+      return null;
+    }
+  }
+  async function writeTokens(tokens) {
+    await mkdir(configDir, { recursive: true });
+    await writeFile(tokensPath, JSON.stringify(tokens, null, 2), {
+      mode: 384
+    });
+  }
+  function openBrowser(url) {
+    const cmd = process.platform === "darwin" ? "open" : process.platform === "win32" ? "start" : "xdg-open";
+    execSync(`${cmd} '${url}'`);
+  }
+  async function exchangeCode(code, redirectUri, clientId, clientSecret) {
+    const res = await fetch(config.tokenUrl, {
+      method: "POST",
+      headers: { "Content-Type": "application/x-www-form-urlencoded" },
+      body: new URLSearchParams({
+        grant_type: "authorization_code",
+        code,
+        redirect_uri: redirectUri,
+        client_id: clientId,
+        client_secret: clientSecret
+      })
+    });
+    if (!res.ok) {
+      const text = await res.text();
+      throw new Error(`Token exchange failed (${res.status}): ${text}`);
+    }
+    if (config.supportsRefresh) {
+      const data2 = await res.json();
+      return {
+        access_token: data2.access_token,
+        refresh_token: data2.refresh_token,
+        expires_at: Date.now() + data2.expires_in * 1e3
+      };
+    }
+    const data = await res.json();
+    return { access_token: data.access_token };
+  }
+  async function refreshAccessToken(refreshToken, clientId, clientSecret) {
+    const res = await fetch(config.tokenUrl, {
+      method: "POST",
+      headers: { "Content-Type": "application/x-www-form-urlencoded" },
+      body: new URLSearchParams({
+        grant_type: "refresh_token",
+        refresh_token: refreshToken,
+        client_id: clientId,
+        client_secret: clientSecret
+      })
+    });
+    if (!res.ok) {
+      throw new Error("Run 'yarn auth' to re-authenticate.");
+    }
+    const data = await res.json();
+    return {
+      access_token: data.access_token,
+      refresh_token: data.refresh_token,
+      expires_at: Date.now() + data.expires_in * 1e3
+    };
+  }
+  async function getAccessToken2() {
+    const envToken = process.env[`${config.envPrefix}_ACCESS_TOKEN`];
+    if (envToken)
+      return envToken;
+    const tokens = await readTokens();
+    if (!tokens) {
+      throw new Error(`No access token available. Set ${config.envPrefix}_ACCESS_TOKEN or run 'yarn auth'.`);
+    }
+    if (config.supportsRefresh && isRefreshable(tokens)) {
+      const fiveMinutes = 5 * 60 * 1e3;
+      if (tokens.expires_at - Date.now() < fiveMinutes) {
+        const clientId = process.env[`${config.envPrefix}_CLIENT_ID`];
+        const clientSecret = process.env[`${config.envPrefix}_CLIENT_SECRET`];
+        if (!clientId || !clientSecret) {
+          throw new Error(`Token is expiring and ${config.envPrefix}_CLIENT_ID/${config.envPrefix}_CLIENT_SECRET are not set for refresh. Run 'yarn auth'.`);
+        }
+        const refreshed = await refreshAccessToken(tokens.refresh_token, clientId, clientSecret);
+        await writeTokens(refreshed);
+        return refreshed.access_token;
+      }
+    }
+    return tokens.access_token;
+  }
+  async function authorize() {
+    const clientId = process.env[`${config.envPrefix}_CLIENT_ID`];
+    const clientSecret = process.env[`${config.envPrefix}_CLIENT_SECRET`];
+    if (!clientId)
+      throw new Error(`${config.envPrefix}_CLIENT_ID environment variable is required.`);
+    if (!clientSecret)
+      throw new Error(`${config.envPrefix}_CLIENT_SECRET environment variable is required.`);
+    const redirectUri = process.env[`${config.envPrefix}_REDIRECT_URI`];
+    if (!redirectUri)
+      throw new Error(`${config.envPrefix}_REDIRECT_URI environment variable is required.`);
+    const redirectUrl = new URL(redirectUri);
+    const port = Number(redirectUrl.port) || (redirectUrl.protocol === "https:" ? 443 : 80);
+    const callbackPath = redirectUrl.pathname;
+    const state = randomBytes(16).toString("hex");
+    const { tokens } = await new Promise((resolve, reject) => {
+      const timeout = setTimeout(() => {
+        server.close();
+        reject(new Error("Authorization timed out after 120 seconds."));
+      }, 12e4);
+      const server = createServer(async (req, res) => {
+        const url = new URL(req.url ?? "/", `http://${req.headers.host}`);
+        if (url.pathname !== callbackPath) {
+          res.writeHead(404);
+          res.end("Not found");
+          return;
+        }
+        const returnedState = url.searchParams.get("state");
+        const code = url.searchParams.get("code");
+        const error = url.searchParams.get("error");
+        if (error) {
+          res.writeHead(400);
+          res.end(`Authorization error: ${error}`);
+          clearTimeout(timeout);
+          server.close();
+          reject(new Error(`Authorization denied: ${error}`));
+          return;
+        }
+        if (returnedState !== state) {
+          res.writeHead(400);
+          res.end("State mismatch \u2014 possible CSRF attack.");
+          return;
+        }
+        if (!code) {
+          res.writeHead(400);
+          res.end("Missing authorization code.");
+          return;
+        }
+        try {
+          const exchangedTokens = await exchangeCode(code, redirectUri, clientId, clientSecret);
+          res.writeHead(200, { "Content-Type": "text/html" });
+          res.end("<h1>Authorization successful!</h1><p>You can close this tab.</p>");
+          clearTimeout(timeout);
+          server.close();
+          resolve({ tokens: exchangedTokens });
+        } catch (err) {
+          res.writeHead(500);
+          res.end("Token exchange failed.");
+          clearTimeout(timeout);
+          server.close();
+          reject(err);
+        }
+      });
+      const params = {
+        response_type: "code",
+        client_id: clientId,
+        redirect_uri: redirectUri,
+        state
+      };
+      if (config.scope) {
+        params.scope = config.scope;
+      }
+      server.listen(port, "127.0.0.1", () => {
+        const authorizeUrl = `${config.authorizeUrl}?${new URLSearchParams(params)}`;
+        console.log("Opening browser for authorization...");
+        console.log(`If the browser doesn't open, visit:
+${authorizeUrl}
+`);
+        openBrowser(authorizeUrl);
+      });
+    });
+    await writeTokens(tokens);
+    console.log(`Tokens saved to ${tokensPath}`);
+  }
+  async function refresh() {
+    const clientId = process.env[`${config.envPrefix}_CLIENT_ID`];
+    const clientSecret = process.env[`${config.envPrefix}_CLIENT_SECRET`];
+    if (!clientId)
+      throw new Error(`${config.envPrefix}_CLIENT_ID environment variable is required.`);
+    if (!clientSecret)
+      throw new Error(`${config.envPrefix}_CLIENT_SECRET environment variable is required.`);
+    const tokens = await readTokens();
+    if (!tokens || !isRefreshable(tokens)) {
+      throw new Error("No tokens found. Run 'yarn auth' first to authenticate.");
+    }
+    const refreshed = await refreshAccessToken(tokens.refresh_token, clientId, clientSecret);
+    await writeTokens(refreshed);
+    console.log(`Tokens refreshed and saved to ${tokensPath}`);
+  }
+  function runCli2(command) {
+    const cmd = command ?? process.argv[2];
+    let run;
+    if (cmd === "refresh" && config.supportsRefresh) {
+      run = refresh;
+    } else {
+      run = authorize;
+    }
+    run().catch((err) => {
+      console.error(err.message ?? err);
+      process.exit(1);
+    });
+  }
+  return { getAccessToken: getAccessToken2, runCli: runCli2 };
+}
+
+// src/auth.ts
+var { getAccessToken, runCli } = createAuth({
+  name: "practicepanther-mcp",
+  authorizeUrl: "https://app.practicepanther.com/OAuth/Authorize",
+  tokenUrl: "https://app.practicepanther.com/OAuth/Token",
+  envPrefix: "PP",
+  scope: "full",
+  supportsRefresh: true
+});
+if (process.argv[1] && import.meta.filename === process.argv[1]) {
+  runCli();
+}
+
+export {
+  getAccessToken,
+  runCli
+};
+//# sourceMappingURL=chunk-A6QUURB5.js.map

package/dist/chunk-A6QUURB5.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../shared/src/oauth.ts","../src/auth.ts"],"sourcesContent":["import { execSync } from \"node:child_process\";\nimport { randomBytes } from \"node:crypto\";\nimport { mkdir, readFile, writeFile } from \"node:fs/promises\";\nimport {\n  createServer,\n  type IncomingMessage,\n  type ServerResponse,\n} from \"node:http\";\nimport { homedir } from \"node:os\";\nimport { join } from \"node:path\";\n\nexport interface OAuthConfig {\n  name: string;\n  authorizeUrl: string;\n  tokenUrl: string;\n  envPrefix: string;\n  scope?: string;\n  supportsRefresh: boolean;\n}\n\ninterface BaseTokens {\n  access_token: string;\n}\n\ninterface RefreshableTokens extends BaseTokens {\n  refresh_token: string;\n  expires_at: number;\n}\n\ntype StoredTokens = BaseTokens | RefreshableTokens;\n\nfunction isRefreshable(tokens: StoredTokens): tokens is RefreshableTokens {\n  return \"refresh_token\" in tokens;\n}\n\ninterface RefreshableTokenResponse {\n  access_token: string;\n  refresh_token: string;\n  expires_in: number;\n}\n\nexport function createAuth(config: OAuthConfig): {\n  getAccessToken: () => Promise<string>;\n  runCli: (command?: string) => void;\n} {\n  const configDir = join(homedir(), \".config\", config.name);\n  const tokensPath = join(configDir, \"tokens.json\");\n\n  async function readTokens(): Promise<StoredTokens | null> {\n    try {\n      const data = await readFile(tokensPath, \"utf-8\");\n      return JSON.parse(data) as StoredTokens;\n    } catch {\n      return null;\n    }\n  }\n\n  async function writeTokens(tokens: StoredTokens): Promise<void> {\n    await mkdir(configDir, { recursive: true });\n    await writeFile(tokensPath, JSON.stringify(tokens, null, 2), {\n      mode: 0o600,\n    });\n  }\n\n  function openBrowser(url: string): void {\n    const cmd =\n      process.platform === \"darwin\"\n        ? \"open\"\n        : process.platform === \"win32\"\n          ? \"start\"\n          : \"xdg-open\";\n    execSync(`${cmd} '${url}'`);\n  }\n\n  async function exchangeCode(\n    code: string,\n    redirectUri: string,\n    clientId: string,\n    clientSecret: string,\n  ): Promise<StoredTokens> {\n    const res = await fetch(config.tokenUrl, {\n      method: \"POST\",\n      headers: { \"Content-Type\": \"application/x-www-form-urlencoded\" },\n      body: new URLSearchParams({\n        grant_type: \"authorization_code\",\n        code,\n        redirect_uri: redirectUri,\n        client_id: clientId,\n        client_secret: clientSecret,\n      }),\n    });\n    if (!res.ok) {\n      const text = await res.text();\n      throw new Error(`Token exchange failed (${res.status}): ${text}`);\n    }\n    if (config.supportsRefresh) {\n      const data = (await res.json()) as RefreshableTokenResponse;\n      return {\n        access_token: data.access_token,\n        refresh_token: data.refresh_token,\n        expires_at: Date.now() + data.expires_in * 1000,\n      };\n    }\n    const data = (await res.json()) as { access_token: string };\n    return { access_token: data.access_token };\n  }\n\n  async function refreshAccessToken(\n    refreshToken: string,\n    clientId: string,\n    clientSecret: string,\n  ): Promise<RefreshableTokens> {\n    const res = await fetch(config.tokenUrl, {\n      method: \"POST\",\n      headers: { \"Content-Type\": \"application/x-www-form-urlencoded\" },\n      body: new URLSearchParams({\n        grant_type: \"refresh_token\",\n        refresh_token: refreshToken,\n        client_id: clientId,\n        client_secret: clientSecret,\n      }),\n    });\n    if (!res.ok) {\n      throw new Error(\"Run 'yarn auth' to re-authenticate.\");\n    }\n    const data = (await res.json()) as RefreshableTokenResponse;\n    return {\n      access_token: data.access_token,\n      refresh_token: data.refresh_token,\n      expires_at: Date.now() + data.expires_in * 1000,\n    };\n  }\n\n  async function getAccessToken(): Promise<string> {\n    const envToken = process.env[`${config.envPrefix}_ACCESS_TOKEN`];\n    if (envToken) return envToken;\n\n    const tokens = await readTokens();\n    if (!tokens) {\n      throw new Error(\n        `No access token available. Set ${config.envPrefix}_ACCESS_TOKEN or run 'yarn auth'.`,\n      );\n    }\n\n    if (config.supportsRefresh && isRefreshable(tokens)) {\n      const fiveMinutes = 5 * 60 * 1000;\n      if (tokens.expires_at - Date.now() < fiveMinutes) {\n        const clientId = process.env[`${config.envPrefix}_CLIENT_ID`];\n        const clientSecret = process.env[`${config.envPrefix}_CLIENT_SECRET`];\n        if (!clientId || !clientSecret) {\n          throw new Error(\n            `Token is expiring and ${config.envPrefix}_CLIENT_ID/${config.envPrefix}_CLIENT_SECRET are not set for refresh. Run 'yarn auth'.`,\n          );\n        }\n        const refreshed = await refreshAccessToken(\n          tokens.refresh_token,\n          clientId,\n          clientSecret,\n        );\n        await writeTokens(refreshed);\n        return refreshed.access_token;\n      }\n    }\n\n    return tokens.access_token;\n  }\n\n  async function authorize(): Promise<void> {\n    const clientId = process.env[`${config.envPrefix}_CLIENT_ID`];\n    const clientSecret = process.env[`${config.envPrefix}_CLIENT_SECRET`];\n    if (!clientId)\n      throw new Error(\n        `${config.envPrefix}_CLIENT_ID environment variable is required.`,\n      );\n    if (!clientSecret)\n      throw new Error(\n        `${config.envPrefix}_CLIENT_SECRET environment variable is required.`,\n      );\n\n    const redirectUri = process.env[`${config.envPrefix}_REDIRECT_URI`];\n    if (!redirectUri)\n      throw new Error(\n        `${config.envPrefix}_REDIRECT_URI environment variable is required.`,\n      );\n\n    const redirectUrl = new URL(redirectUri);\n    const port =\n      Number(redirectUrl.port) ||\n      (redirectUrl.protocol === \"https:\" ? 443 : 80);\n    const callbackPath = redirectUrl.pathname;\n    const state = randomBytes(16).toString(\"hex\");\n\n    const { tokens } = await new Promise<{\n      tokens: StoredTokens;\n    }>((resolve, reject) => {\n      const timeout = setTimeout(() => {\n        server.close();\n        reject(new Error(\"Authorization timed out after 120 seconds.\"));\n      }, 120_000);\n\n      const server = createServer(\n        async (req: IncomingMessage, res: ServerResponse) => {\n          const url = new URL(req.url ?? \"/\", `http://${req.headers.host}`);\n          if (url.pathname !== callbackPath) {\n            res.writeHead(404);\n            res.end(\"Not found\");\n            return;\n          }\n\n          const returnedState = url.searchParams.get(\"state\");\n          const code = url.searchParams.get(\"code\");\n          const error = url.searchParams.get(\"error\");\n\n          if (error) {\n            res.writeHead(400);\n            res.end(`Authorization error: ${error}`);\n            clearTimeout(timeout);\n            server.close();\n            reject(new Error(`Authorization denied: ${error}`));\n            return;\n          }\n\n          if (returnedState !== state) {\n            res.writeHead(400);\n            res.end(\"State mismatch — possible CSRF attack.\");\n            return;\n          }\n\n          if (!code) {\n            res.writeHead(400);\n            res.end(\"Missing authorization code.\");\n            return;\n          }\n\n          try {\n            const exchangedTokens = await exchangeCode(\n              code,\n              redirectUri,\n              clientId,\n              clientSecret,\n            );\n            res.writeHead(200, { \"Content-Type\": \"text/html\" });\n            res.end(\n              \"<h1>Authorization successful!</h1><p>You can close this tab.</p>\",\n            );\n            clearTimeout(timeout);\n            server.close();\n            resolve({ tokens: exchangedTokens });\n          } catch (err) {\n            res.writeHead(500);\n            res.end(\"Token exchange failed.\");\n            clearTimeout(timeout);\n            server.close();\n            reject(err);\n          }\n        },\n      );\n\n      const params: Record<string, string> = {\n        response_type: \"code\",\n        client_id: clientId,\n        redirect_uri: redirectUri,\n        state,\n      };\n      if (config.scope) {\n        params.scope = config.scope;\n      }\n\n      server.listen(port, \"127.0.0.1\", () => {\n        const authorizeUrl = `${config.authorizeUrl}?${new URLSearchParams(params)}`;\n\n        console.log(\"Opening browser for authorization...\");\n        console.log(`If the browser doesn't open, visit:\\n${authorizeUrl}\\n`);\n        openBrowser(authorizeUrl);\n      });\n    });\n\n    await writeTokens(tokens);\n    console.log(`Tokens saved to ${tokensPath}`);\n  }\n\n  async function refresh(): Promise<void> {\n    const clientId = process.env[`${config.envPrefix}_CLIENT_ID`];\n    const clientSecret = process.env[`${config.envPrefix}_CLIENT_SECRET`];\n    if (!clientId)\n      throw new Error(\n        `${config.envPrefix}_CLIENT_ID environment variable is required.`,\n      );\n    if (!clientSecret)\n      throw new Error(\n        `${config.envPrefix}_CLIENT_SECRET environment variable is required.`,\n      );\n\n    const tokens = await readTokens();\n    if (!tokens || !isRefreshable(tokens)) {\n      throw new Error(\n        \"No tokens found. Run 'yarn auth' first to authenticate.\",\n      );\n    }\n\n    const refreshed = await refreshAccessToken(\n      tokens.refresh_token,\n      clientId,\n      clientSecret,\n    );\n    await writeTokens(refreshed);\n    console.log(`Tokens refreshed and saved to ${tokensPath}`);\n  }\n\n  function runCli(command?: string): void {\n    const cmd = command ?? process.argv[2];\n    let run: () => Promise<void>;\n    if (cmd === \"refresh\" && config.supportsRefresh) {\n      run = refresh;\n    } else {\n      run = authorize;\n    }\n    run().catch((err) => {\n      console.error(err.message ?? err);\n      process.exit(1);\n    });\n  }\n\n  return { getAccessToken, runCli };\n}\n","import { createAuth } from \"@mjquinlan2000/shared/oauth.js\";\n\nconst { getAccessToken, runCli } = createAuth({\n  name: \"practicepanther-mcp\",\n  authorizeUrl: \"https://app.practicepanther.com/OAuth/Authorize\",\n  tokenUrl: \"https://app.practicepanther.com/OAuth/Token\",\n  envPrefix: \"PP\",\n  scope: \"full\",\n  supportsRefresh: true,\n});\n\nexport { getAccessToken, runCli };\n\nif (process.argv[1] && import.meta.filename === process.argv[1]) {\n  runCli();\n}\n"],"mappings":";AAAA,SAAS,gBAAgB;AACzB,SAAS,mBAAmB;AAC5B,SAAS,OAAO,UAAU,iBAAiB;AAC3C,SACE,oBAGK;AACP,SAAS,eAAe;AACxB,SAAS,YAAY;AAsBrB,SAAS,cAAc,QAAoB;AACzC,SAAO,mBAAmB;AAC5B;AAQM,SAAU,WAAW,QAAmB;AAI5C,QAAM,YAAY,KAAK,QAAO,GAAI,WAAW,OAAO,IAAI;AACxD,QAAM,aAAa,KAAK,WAAW,aAAa;AAEhD,iBAAe,aAAU;AACvB,QAAI;AACF,YAAM,OAAO,MAAM,SAAS,YAAY,OAAO;AAC/C,aAAO,KAAK,MAAM,IAAI;IACxB,QAAQ;AACN,aAAO;IACT;EACF;AAEA,iBAAe,YAAY,QAAoB;AAC7C,UAAM,MAAM,WAAW,EAAE,WAAW,KAAI,CAAE;AAC1C,UAAM,UAAU,YAAY,KAAK,UAAU,QAAQ,MAAM,CAAC,GAAG;MAC3D,MAAM;KACP;EACH;AAEA,WAAS,YAAY,KAAW;AAC9B,UAAM,MACJ,QAAQ,aAAa,WACjB,SACA,QAAQ,aAAa,UACnB,UACA;AACR,aAAS,GAAG,GAAG,KAAK,GAAG,GAAG;EAC5B;AAEA,iBAAe,aACb,MACA,aACA,UACA,cAAoB;AAEpB,UAAM,MAAM,MAAM,MAAM,OAAO,UAAU;MACvC,QAAQ;MACR,SAAS,EAAE,gBAAgB,oCAAmC;MAC9D,MAAM,IAAI,gBAAgB;QACxB,YAAY;QACZ;QACA,cAAc;QACd,WAAW;QACX,eAAe;OAChB;KACF;AACD,QAAI,CAAC,IAAI,IAAI;AACX,YAAM,OAAO,MAAM,IAAI,KAAI;AAC3B,YAAM,IAAI,MAAM,0BAA0B,IAAI,MAAM,MAAM,IAAI,EAAE;IAClE;AACA,QAAI,OAAO,iBAAiB;AAC1B,YAAMA,QAAQ,MAAM,IAAI,KAAI;AAC5B,aAAO;QACL,cAAcA,MAAK;QACnB,eAAeA,MAAK;QACpB,YAAY,KAAK,IAAG,IAAKA,MAAK,aAAa;;IAE/C;AACA,UAAM,OAAQ,MAAM,IAAI,KAAI;AAC5B,WAAO,EAAE,cAAc,KAAK,aAAY;EAC1C;AAEA,iBAAe,mBACb,cACA,UACA,cAAoB;AAEpB,UAAM,MAAM,MAAM,MAAM,OAAO,UAAU;MACvC,QAAQ;MACR,SAAS,EAAE,gBAAgB,oCAAmC;MAC9D,MAAM,IAAI,gBAAgB;QACxB,YAAY;QACZ,eAAe;QACf,WAAW;QACX,eAAe;OAChB;KACF;AACD,QAAI,CAAC,IAAI,IAAI;AACX,YAAM,IAAI,MAAM,qCAAqC;IACvD;AACA,UAAM,OAAQ,MAAM,IAAI,KAAI;AAC5B,WAAO;MACL,cAAc,KAAK;MACnB,eAAe,KAAK;MACpB,YAAY,KAAK,IAAG,IAAK,KAAK,aAAa;;EAE/C;AAEA,iBAAeC,kBAAc;AAC3B,UAAM,WAAW,QAAQ,IAAI,GAAG,OAAO,SAAS,eAAe;AAC/D,QAAI;AAAU,aAAO;AAErB,UAAM,SAAS,MAAM,WAAU;AAC/B,QAAI,CAAC,QAAQ;AACX,YAAM,IAAI,MACR,kCAAkC,OAAO,SAAS,mCAAmC;IAEzF;AAEA,QAAI,OAAO,mBAAmB,cAAc,MAAM,GAAG;AACnD,YAAM,cAAc,IAAI,KAAK;AAC7B,UAAI,OAAO,aAAa,KAAK,IAAG,IAAK,aAAa;AAChD,cAAM,WAAW,QAAQ,IAAI,GAAG,OAAO,SAAS,YAAY;AAC5D,cAAM,eAAe,QAAQ,IAAI,GAAG,OAAO,SAAS,gBAAgB;AACpE,YAAI,CAAC,YAAY,CAAC,cAAc;AAC9B,gBAAM,IAAI,MACR,yBAAyB,OAAO,SAAS,cAAc,OAAO,SAAS,0DAA0D;QAErI;AACA,cAAM,YAAY,MAAM,mBACtB,OAAO,eACP,UACA,YAAY;AAEd,cAAM,YAAY,SAAS;AAC3B,eAAO,UAAU;MACnB;IACF;AAEA,WAAO,OAAO;EAChB;AAEA,iBAAe,YAAS;AACtB,UAAM,WAAW,QAAQ,IAAI,GAAG,OAAO,SAAS,YAAY;AAC5D,UAAM,eAAe,QAAQ,IAAI,GAAG,OAAO,SAAS,gBAAgB;AACpE,QAAI,CAAC;AACH,YAAM,IAAI,MACR,GAAG,OAAO,SAAS,8CAA8C;AAErE,QAAI,CAAC;AACH,YAAM,IAAI,MACR,GAAG,OAAO,SAAS,kDAAkD;AAGzE,UAAM,cAAc,QAAQ,IAAI,GAAG,OAAO,SAAS,eAAe;AAClE,QAAI,CAAC;AACH,YAAM,IAAI,MACR,GAAG,OAAO,SAAS,iDAAiD;AAGxE,UAAM,cAAc,IAAI,IAAI,WAAW;AACvC,UAAM,OACJ,OAAO,YAAY,IAAI,MACtB,YAAY,aAAa,WAAW,MAAM;AAC7C,UAAM,eAAe,YAAY;AACjC,UAAM,QAAQ,YAAY,EAAE,EAAE,SAAS,KAAK;AAE5C,UAAM,EAAE,OAAM,IAAK,MAAM,IAAI,QAE1B,CAAC,SAAS,WAAU;AACrB,YAAM,UAAU,WAAW,MAAK;AAC9B,eAAO,MAAK;AACZ,eAAO,IAAI,MAAM,4CAA4C,CAAC;MAChE,GAAG,IAAO;AAEV,YAAM,SAAS,aACb,OAAO,KAAsB,QAAuB;AAClD,cAAM,MAAM,IAAI,IAAI,IAAI,OAAO,KAAK,UAAU,IAAI,QAAQ,IAAI,EAAE;AAChE,YAAI,IAAI,aAAa,cAAc;AACjC,cAAI,UAAU,GAAG;AACjB,cAAI,IAAI,WAAW;AACnB;QACF;AAEA,cAAM,gBAAgB,IAAI,aAAa,IAAI,OAAO;AAClD,cAAM,OAAO,IAAI,aAAa,IAAI,MAAM;AACxC,cAAM,QAAQ,IAAI,aAAa,IAAI,OAAO;AAE1C,YAAI,OAAO;AACT,cAAI,UAAU,GAAG;AACjB,cAAI,IAAI,wBAAwB,KAAK,EAAE;AACvC,uBAAa,OAAO;AACpB,iBAAO,MAAK;AACZ,iBAAO,IAAI,MAAM,yBAAyB,KAAK,EAAE,CAAC;AAClD;QACF;AAEA,YAAI,kBAAkB,OAAO;AAC3B,cAAI,UAAU,GAAG;AACjB,cAAI,IAAI,6CAAwC;AAChD;QACF;AAEA,YAAI,CAAC,MAAM;AACT,cAAI,UAAU,GAAG;AACjB,cAAI,IAAI,6BAA6B;AACrC;QACF;AAEA,YAAI;AACF,gBAAM,kBAAkB,MAAM,aAC5B,MACA,aACA,UACA,YAAY;AAEd,cAAI,UAAU,KAAK,EAAE,gBAAgB,YAAW,CAAE;AAClD,cAAI,IACF,kEAAkE;AAEpE,uBAAa,OAAO;AACpB,iBAAO,MAAK;AACZ,kBAAQ,EAAE,QAAQ,gBAAe,CAAE;QACrC,SAAS,KAAK;AACZ,cAAI,UAAU,GAAG;AACjB,cAAI,IAAI,wBAAwB;AAChC,uBAAa,OAAO;AACpB,iBAAO,MAAK;AACZ,iBAAO,GAAG;QACZ;MACF,CAAC;AAGH,YAAM,SAAiC;QACrC,eAAe;QACf,WAAW;QACX,cAAc;QACd;;AAEF,UAAI,OAAO,OAAO;AAChB,eAAO,QAAQ,OAAO;MACxB;AAEA,aAAO,OAAO,MAAM,aAAa,MAAK;AACpC,cAAM,eAAe,GAAG,OAAO,YAAY,IAAI,IAAI,gBAAgB,MAAM,CAAC;AAE1E,gBAAQ,IAAI,sCAAsC;AAClD,gBAAQ,IAAI;EAAwC,YAAY;CAAI;AACpE,oBAAY,YAAY;MAC1B,CAAC;IACH,CAAC;AAED,UAAM,YAAY,MAAM;AACxB,YAAQ,IAAI,mBAAmB,UAAU,EAAE;EAC7C;AAEA,iBAAe,UAAO;AACpB,UAAM,WAAW,QAAQ,IAAI,GAAG,OAAO,SAAS,YAAY;AAC5D,UAAM,eAAe,QAAQ,IAAI,GAAG,OAAO,SAAS,gBAAgB;AACpE,QAAI,CAAC;AACH,YAAM,IAAI,MACR,GAAG,OAAO,SAAS,8CAA8C;AAErE,QAAI,CAAC;AACH,YAAM,IAAI,MACR,GAAG,OAAO,SAAS,kDAAkD;AAGzE,UAAM,SAAS,MAAM,WAAU;AAC/B,QAAI,CAAC,UAAU,CAAC,cAAc,MAAM,GAAG;AACrC,YAAM,IAAI,MACR,yDAAyD;IAE7D;AAEA,UAAM,YAAY,MAAM,mBACtB,OAAO,eACP,UACA,YAAY;AAEd,UAAM,YAAY,SAAS;AAC3B,YAAQ,IAAI,iCAAiC,UAAU,EAAE;EAC3D;AAEA,WAASC,QAAO,SAAgB;AAC9B,UAAM,MAAM,WAAW,QAAQ,KAAK,CAAC;AACrC,QAAI;AACJ,QAAI,QAAQ,aAAa,OAAO,iBAAiB;AAC/C,YAAM;IACR,OAAO;AACL,YAAM;IACR;AACA,QAAG,EAAG,MAAM,CAAC,QAAO;AAClB,cAAQ,MAAM,IAAI,WAAW,GAAG;AAChC,cAAQ,KAAK,CAAC;IAChB,CAAC;EACH;AAEA,SAAO,EAAE,gBAAAD,iBAAgB,QAAAC,QAAM;AACjC;;;AClUA,IAAM,EAAE,gBAAgB,OAAO,IAAI,WAAW;AAAA,EAC5C,MAAM;AAAA,EACN,cAAc;AAAA,EACd,UAAU;AAAA,EACV,WAAW;AAAA,EACX,OAAO;AAAA,EACP,iBAAiB;AACnB,CAAC;AAID,IAAI,QAAQ,KAAK,CAAC,KAAK,YAAY,aAAa,QAAQ,KAAK,CAAC,GAAG;AAC/D,SAAO;AACT;","names":["data","getAccessToken","runCli"]}

package/dist/server.d.ts

@@ -0,0 +1 @@
+#!/usr/bin/env node