@openziti/ziti-mcp-server 0.1.0

package/dist/utils/controller-client/types.gen.js

@@ -0,0 +1,3 @@
+// This file is auto-generated by @hey-api/openapi-ts
+export {};
+//# sourceMappingURL=types.gen.js.map

package/dist/utils/controller-client/types.gen.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.gen.js","sourceRoot":"","sources":["../../../src/utils/controller-client/types.gen.ts"],"names":[],"mappings":"AAAA,qDAAqD"}

package/dist/utils/glob.d.ts

@@ -0,0 +1,75 @@
+/**
+ * A simple glob pattern matcher that supports * and ? wildcards.
+ * This class allows checking if strings match patterns containing wildcards:
+ * - * matches any sequence of characters (including empty string)
+ * - ? matches exactly one character
+ */
+export declare class Glob {
+    private readonly pattern;
+    /**
+     * Creates a new glob pattern for matching strings.
+     *
+     * @param pattern - The glob pattern to use (supports * and ? wildcards)
+     * @example
+     * // Match all strings starting with 'test'
+     * const glob = new Glob('test*');
+     *
+     * @example
+     * // Match 'file.js' or 'file.ts' but not 'file.jsx'
+     * const glob = new Glob('file.??');
+     */
+    constructor(pattern: string);
+    /**
+     * Tests if a string matches this glob pattern.
+     *
+     * @param str - The string to test against the pattern
+     * @returns True if the string matches the pattern, false otherwise
+     *
+     * @example
+     * const glob = new Glob('test*');
+     * glob.matches('testing');  // Returns true
+     * glob.matches('contest');  // Returns false
+     *
+     * @example
+     * const glob = new Glob('file.?s');
+     * glob.matches('file.js');  // Returns true
+     * glob.matches('file.ts');  // Returns true
+     * glob.matches('file.jsx'); // Returns false
+     */
+    matches(str: string): boolean;
+    /**
+     * Checks if this pattern contains wildcards (* or ?).
+     *
+     * @returns True if the pattern contains any wildcards
+     * @example
+     * const glob = new Glob('test*');
+     * console.log(glob.hasWildcards());  // Outputs: true
+     */
+    hasWildcards(): boolean;
+    /**
+     * Returns the original pattern string.
+     *
+     * @returns The glob pattern as a string
+     * @example
+     * const glob = new Glob('test*');
+     * console.log(glob.toString());  // Outputs: 'test*'
+     */
+    toString(): string;
+    /**
+     * Static helper to create a glob and match it in one operation.
+     * Useful for one-off pattern matching without keeping the Glob instance.
+     *
+     * @param str - The string to test against the pattern
+     * @param pattern - The glob pattern to use (supports * and ? wildcards)
+     * @returns True if the string matches the pattern, false otherwise
+     *
+     * @example
+     * // Check if a string matches a pattern
+     * Glob.matches('testing', 'test*');  // Returns true
+     *
+     * @example
+     * // Check if a filename matches a specific pattern
+     * Glob.matches('file.js', 'file.?s');  // Returns true
+     */
+    static matches(str: string, pattern: string): boolean;
+}

package/dist/utils/glob.js

@@ -0,0 +1,110 @@
+/**
+ * A simple glob pattern matcher that supports * and ? wildcards.
+ * This class allows checking if strings match patterns containing wildcards:
+ * - * matches any sequence of characters (including empty string)
+ * - ? matches exactly one character
+ */
+export class Glob {
+    pattern;
+    /**
+     * Creates a new glob pattern for matching strings.
+     *
+     * @param pattern - The glob pattern to use (supports * and ? wildcards)
+     * @example
+     * // Match all strings starting with 'test'
+     * const glob = new Glob('test*');
+     *
+     * @example
+     * // Match 'file.js' or 'file.ts' but not 'file.jsx'
+     * const glob = new Glob('file.??');
+     */
+    constructor(pattern) {
+        this.pattern = pattern.trim();
+    }
+    /**
+     * Tests if a string matches this glob pattern.
+     *
+     * @param str - The string to test against the pattern
+     * @returns True if the string matches the pattern, false otherwise
+     *
+     * @example
+     * const glob = new Glob('test*');
+     * glob.matches('testing');  // Returns true
+     * glob.matches('contest');  // Returns false
+     *
+     * @example
+     * const glob = new Glob('file.?s');
+     * glob.matches('file.js');  // Returns true
+     * glob.matches('file.ts');  // Returns true
+     * glob.matches('file.jsx'); // Returns false
+     */
+    matches(str) {
+        // Handle null/undefined
+        if (str === null || str === undefined)
+            return false;
+        const pattern = this.pattern;
+        // Empty pattern only matches empty string
+        if (pattern === '')
+            return str === '';
+        // Global wildcard matches anything
+        if (pattern === '*')
+            return true;
+        // No wildcards - just do exact match
+        if (!pattern.includes('*') && !pattern.includes('?')) {
+            return pattern === str;
+        }
+        // Convert glob pattern to a simple regex
+        const regexString = pattern
+            // Escape all special regex chars except * and ?
+            .replace(/[.+^${}()|[\]\\]/g, '\\$&')
+            // Convert * to .*
+            .replace(/\*/g, '.*')
+            // Convert ? to . (single character)
+            .replace(/\?/g, '.');
+        // Create regex that matches the entire string
+        const regex = new RegExp(`^${regexString}$`);
+        return regex.test(str);
+    }
+    /**
+     * Checks if this pattern contains wildcards (* or ?).
+     *
+     * @returns True if the pattern contains any wildcards
+     * @example
+     * const glob = new Glob('test*');
+     * console.log(glob.hasWildcards());  // Outputs: true
+     */
+    hasWildcards() {
+        return this.pattern.includes('*') || this.pattern.includes('?');
+    }
+    /**
+     * Returns the original pattern string.
+     *
+     * @returns The glob pattern as a string
+     * @example
+     * const glob = new Glob('test*');
+     * console.log(glob.toString());  // Outputs: 'test*'
+     */
+    toString() {
+        return this.pattern;
+    }
+    /**
+     * Static helper to create a glob and match it in one operation.
+     * Useful for one-off pattern matching without keeping the Glob instance.
+     *
+     * @param str - The string to test against the pattern
+     * @param pattern - The glob pattern to use (supports * and ? wildcards)
+     * @returns True if the string matches the pattern, false otherwise
+     *
+     * @example
+     * // Check if a string matches a pattern
+     * Glob.matches('testing', 'test*');  // Returns true
+     *
+     * @example
+     * // Check if a filename matches a specific pattern
+     * Glob.matches('file.js', 'file.?s');  // Returns true
+     */
+    static matches(str, pattern) {
+        return new Glob(pattern).matches(str);
+    }
+}
+//# sourceMappingURL=glob.js.map

package/dist/utils/glob.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"glob.js","sourceRoot":"","sources":["../../src/utils/glob.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AACH,MAAM,OAAO,IAAI;IACE,OAAO,CAAS;IAEjC;;;;;;;;;;;OAWG;IACH,YAAY,OAAe;QACzB,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC,IAAI,EAAE,CAAC;IAChC,CAAC;IAED;;;;;;;;;;;;;;;;OAgBG;IACH,OAAO,CAAC,GAAW;QACjB,wBAAwB;QACxB,IAAI,GAAG,KAAK,IAAI,IAAI,GAAG,KAAK,SAAS;YAAE,OAAO,KAAK,CAAC;QAEpD,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC;QAE7B,0CAA0C;QAC1C,IAAI,OAAO,KAAK,EAAE;YAAE,OAAO,GAAG,KAAK,EAAE,CAAC;QAEtC,mCAAmC;QACnC,IAAI,OAAO,KAAK,GAAG;YAAE,OAAO,IAAI,CAAC;QAEjC,qCAAqC;QACrC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;YACrD,OAAO,OAAO,KAAK,GAAG,CAAC;QACzB,CAAC;QAED,yCAAyC;QACzC,MAAM,WAAW,GAAG,OAAO;YACzB,gDAAgD;aAC/C,OAAO,CAAC,mBAAmB,EAAE,MAAM,CAAC;YACrC,kBAAkB;aACjB,OAAO,CAAC,KAAK,EAAE,IAAI,CAAC;YACrB,oCAAoC;aACnC,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC;QAEvB,8CAA8C;QAC9C,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,IAAI,WAAW,GAAG,CAAC,CAAC;QAC7C,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACzB,CAAC;IAED;;;;;;;OAOG;IACH,YAAY;QACV,OAAO,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;IAClE,CAAC;IAED;;;;;;;OAOG;IACH,QAAQ;QACN,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAED;;;;;;;;;;;;;;;OAeG;IACH,MAAM,CAAC,OAAO,CAAC,GAAW,EAAE,OAAe;QACzC,OAAO,IAAI,IAAI,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IACxC,CAAC;CACF"}

package/dist/utils/http-utility.d.ts

@@ -0,0 +1,5 @@
+import { HandlerResponse } from './types';
+export declare function handleNetworkError(error: any): string;
+export declare function formatDomain(domain: string): string;
+export declare function createSuccessResponse(result: object | Array<any>): HandlerResponse;
+export declare function createErrorResponse(errorString: string): HandlerResponse;

package/dist/utils/http-utility.js

@@ -0,0 +1,68 @@
+// Add network error handling utility
+export function handleNetworkError(error) {
+    if (error.name === 'AbortError') {
+        return 'request timed out. The Auth0 API did not respond in time.';
+    }
+    else if (error instanceof TypeError) {
+        return `network error: ${error.message || 'Failed to connect'}`;
+    }
+    else if (error.code === 'ENOTFOUND' || error.code === 'ECONNREFUSED') {
+        return `Connection failed: Unable to reach the Auth0 API (${error.code}). Check your network connection.`;
+    }
+    else if (error.code === 'ECONNRESET') {
+        return 'Connection was reset by the server. Try again later.';
+    }
+    else {
+        return `Error: ${error.message || error}`;
+    }
+}
+// Helper function to ensure domain is properly formatted
+export function formatDomain(domain) {
+    if (!domain)
+        return '';
+    // Remove protocol (http:// or https://)
+    let formattedDomain = domain.replace(/^https?:\/\//, '');
+    // Remove trailing slash
+    formattedDomain = formattedDomain.replace(/\/$/, '');
+    return formattedDomain.includes('.') ? formattedDomain : `${formattedDomain}.us.auth0.com`;
+}
+// Helper function to create success response
+export function createSuccessResponse(result) {
+    // Check if result is an array and has more than one item
+    if (Array.isArray(result) && result.length > 1) {
+        const mutiContent = result.map((item) => {
+            return {
+                type: 'text',
+                text: JSON.stringify(item, null, 2),
+            };
+        });
+        return {
+            content: mutiContent,
+            isError: false,
+        };
+    }
+    else {
+        return {
+            content: [
+                {
+                    type: 'text',
+                    text: JSON.stringify(result, null, 2),
+                },
+            ],
+            isError: false,
+        };
+    }
+}
+// Helper function to create error response
+export function createErrorResponse(errorString) {
+    return {
+        content: [
+            {
+                type: 'text',
+                text: errorString,
+            },
+        ],
+        isError: true,
+    };
+}
+//# sourceMappingURL=http-utility.js.map

package/dist/utils/http-utility.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"http-utility.js","sourceRoot":"","sources":["../../src/utils/http-utility.ts"],"names":[],"mappings":"AAEA,qCAAqC;AACrC,MAAM,UAAU,kBAAkB,CAAC,KAAU;IAC3C,IAAI,KAAK,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;QAChC,OAAO,2DAA2D,CAAC;IACrE,CAAC;SAAM,IAAI,KAAK,YAAY,SAAS,EAAE,CAAC;QACtC,OAAO,kBAAkB,KAAK,CAAC,OAAO,IAAI,mBAAmB,EAAE,CAAC;IAClE,CAAC;SAAM,IAAI,KAAK,CAAC,IAAI,KAAK,WAAW,IAAI,KAAK,CAAC,IAAI,KAAK,cAAc,EAAE,CAAC;QACvE,OAAO,qDAAqD,KAAK,CAAC,IAAI,mCAAmC,CAAC;IAC5G,CAAC;SAAM,IAAI,KAAK,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;QACvC,OAAO,sDAAsD,CAAC;IAChE,CAAC;SAAM,CAAC;QACN,OAAO,UAAU,KAAK,CAAC,OAAO,IAAI,KAAK,EAAE,CAAC;IAC5C,CAAC;AACH,CAAC;AAED,yDAAyD;AACzD,MAAM,UAAU,YAAY,CAAC,MAAc;IACzC,IAAI,CAAC,MAAM;QAAE,OAAO,EAAE,CAAC;IAEvB,wCAAwC;IACxC,IAAI,eAAe,GAAG,MAAM,CAAC,OAAO,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC;IAEzD,wBAAwB;IACxB,eAAe,GAAG,eAAe,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;IAErD,OAAO,eAAe,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,GAAG,eAAe,eAAe,CAAC;AAC7F,CAAC;AAED,6CAA6C;AAC7C,MAAM,UAAU,qBAAqB,CAAC,MAA2B;IAC/D,yDAAyD;IACzD,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,MAAM,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC/C,MAAM,WAAW,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE;YACtC,OAAO;gBACL,IAAI,EAAE,MAAM;gBACZ,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;aACpC,CAAC;QACJ,CAAC,CAAC,CAAC;QACH,OAAO;YACL,OAAO,EAAE,WAAW;YACpB,OAAO,EAAE,KAAK;SACf,CAAC;IACJ,CAAC;SAAM,CAAC;QACN,OAAO;YACL,OAAO,EAAE;gBACP;oBACE,IAAI,EAAE,MAAM;oBACZ,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;iBACtC;aACF;YACD,OAAO,EAAE,KAAK;SACf,CAAC;IACJ,CAAC;AACH,CAAC;AAED,2CAA2C;AAC3C,MAAM,UAAU,mBAAmB,CAAC,WAAmB;IACrD,OAAO;QACL,OAAO,EAAE;YACP;gBACE,IAAI,EAAE,MAAM;gBACZ,IAAI,EAAE,WAAW;aAClB;SACF;QACD,OAAO,EAAE,IAAI;KACd,CAAC;AACJ,CAAC"}

package/dist/utils/keychain.d.ts

@@ -0,0 +1,129 @@
+/**
+ * Service name used for keychain operations
+ */
+export declare const KEYCHAIN_SERVICE_NAME = "ziti-mcp";
+/**
+ * Keychain item keys for OpenZiti related tokens and configuration
+ * @readonly
+ * @enum {string}
+ */
+export declare const KeychainItem: {
+    /** Access token for OpenZiti Controller Management API */
+    readonly TOKEN: "OPENZITI_TOKEN";
+    /** OpenZiti Controller host */
+    readonly ZITI_CONTROLLER_HOST: "ZITI_CONTROLLER_HOST";
+    /** OpenZiti Controller host */
+    readonly DOMAIN: "OPENZITI_AUTH0_DOMAIN";
+    /** OAuth refresh token for obtaining new access tokens */
+    readonly REFRESH_TOKEN: "OPENZITI_REFRESH_TOKEN";
+    /** Timestamp when the current token expires */
+    readonly TOKEN_EXPIRES_AT: "OPENZITI_TOKEN_EXPIRES_AT";
+};
+/**
+ * Array of all keychain item keys for operations that need to process all items
+ * @type {string[]}
+ */
+export declare const ALL_KEYCHAIN_ITEMS: ("OPENZITI_TOKEN" | "ZITI_CONTROLLER_HOST" | "OPENZITI_AUTH0_DOMAIN" | "OPENZITI_REFRESH_TOKEN" | "OPENZITI_TOKEN_EXPIRES_AT")[];
+/**
+ * Type representing the result of a keychain operation
+ */
+export type KeychainOperationResult = {
+    item: string;
+    success: boolean;
+    error?: Error;
+};
+/**
+ * Keychain service for securely storing OpenZiti Controller credentials
+ * Provides type-safe methods for working with OpenZiti Controller tokens and settings
+ */
+declare class KeychainService {
+    private serviceName;
+    /**
+     * Creates a new KeychainService instance
+     * @param serviceName - The keychain service name to use
+     */
+    constructor(serviceName?: string);
+    /**
+     * Store the OpenZiti Controller access token in the keychain
+     * @param token - The access token to store
+     * @returns A promise that resolves to true if successful, false otherwise
+     */
+    setToken(token: string): Promise<boolean>;
+    /**
+     * Retrieve the OpenZiti Controller access token from the keychain
+     * @returns A promise that resolves to the access token or null if not found
+     */
+    getToken(): Promise<string | null>;
+    /**
+     * Store the OpenZiti Controller host in the keychain
+     * @param host - The host to store
+     * @returns A promise that resolves to true if successful, false otherwise
+     */
+    setZitiControllerHost(host: string): Promise<boolean>;
+    /**
+     * Retrieve the OpenZiti Controller host from the keychain
+     * @returns A promise that resolves to the host or null if not found
+     */
+    getZitiControllerHost(): Promise<string | null>;
+    /**
+     * Store the OpenZiti Controller host in the keychain
+     * @param host - The host to store
+     * @returns A promise that resolves to true if successful, false otherwise
+     */
+    setDomain(domain: string): Promise<boolean>;
+    /**
+     * Retrieve the OpenZiti Controller host from the keychain
+     * @returns A promise that resolves to the host or null if not found
+     */
+    getDomain(): Promise<string | null>;
+    /**
+     * Store the OpenZiti Controller refresh token in the keychain
+     * @param refreshToken - The refresh token to store
+     * @returns A promise that resolves to true if successful, false otherwise
+     */
+    setRefreshToken(refreshToken: string): Promise<boolean>;
+    /**
+     * Retrieve the OpenZiti Controller refresh token from the keychain
+     * @returns A promise that resolves to the refresh token or null if not found
+     */
+    getRefreshToken(): Promise<string | null>;
+    /**
+     * Store the token expiration timestamp in the keychain
+     * @param timestamp - The expiration timestamp in milliseconds since epoch
+     * @returns A promise that resolves to true if successful, false otherwise
+     */
+    setTokenExpiresAt(timestamp: number): Promise<boolean>;
+    /**
+     * Retrieve the token expiration timestamp from the keychain
+     * @returns A promise that resolves to the timestamp as a number or null if not found
+     */
+    getTokenExpiresAt(): Promise<number | null>;
+    /**
+     * Delete all OpenZiti Controller related items from the keychain
+     * @returns A promise that resolves to an array of results for each deletion operation
+     */
+    clearAll(): Promise<KeychainOperationResult[]>;
+    /**
+     * Delete a specific item from the keychain
+     * @param key - The key to delete
+     * @returns A promise that resolves to true if successful, false otherwise
+     */
+    delete(key: string): Promise<boolean>;
+    /**
+     * Internal method to store a value in the system keychain
+     * @param key - The key to store the value under
+     * @param value - The value to store
+     * @returns A promise that resolves to true if successful, false otherwise
+     * @private
+     */
+    private set;
+    /**
+     * Internal method to retrieve a value from the system keychain
+     * @param key - The key to retrieve
+     * @returns A promise that resolves to the stored value or null if not found
+     * @private
+     */
+    private get;
+}
+export declare const keychain: KeychainService;
+export {};

package/dist/utils/keychain.js

@@ -0,0 +1,193 @@
+import keytar from 'keytar';
+import { log } from './logger.js';
+/**
+ * Service name used for keychain operations
+ */
+export const KEYCHAIN_SERVICE_NAME = 'ziti-mcp';
+/**
+ * Keychain item keys for OpenZiti related tokens and configuration
+ * @readonly
+ * @enum {string}
+ */
+export const KeychainItem = {
+    /** Access token for OpenZiti Controller Management API */
+    TOKEN: 'OPENZITI_TOKEN',
+    /** OpenZiti Controller host */
+    ZITI_CONTROLLER_HOST: 'ZITI_CONTROLLER_HOST',
+    /** OpenZiti Controller host */
+    DOMAIN: 'OPENZITI_AUTH0_DOMAIN',
+    /** OAuth refresh token for obtaining new access tokens */
+    REFRESH_TOKEN: 'OPENZITI_REFRESH_TOKEN',
+    /** Timestamp when the current token expires */
+    TOKEN_EXPIRES_AT: 'OPENZITI_TOKEN_EXPIRES_AT',
+};
+/**
+ * Array of all keychain item keys for operations that need to process all items
+ * @type {string[]}
+ */
+export const ALL_KEYCHAIN_ITEMS = Object.values(KeychainItem);
+/**
+ * Keychain service for securely storing OpenZiti Controller credentials
+ * Provides type-safe methods for working with OpenZiti Controller tokens and settings
+ */
+class KeychainService {
+    serviceName;
+    /**
+     * Creates a new KeychainService instance
+     * @param serviceName - The keychain service name to use
+     */
+    constructor(serviceName = KEYCHAIN_SERVICE_NAME) {
+        this.serviceName = serviceName;
+    }
+    /**
+     * Store the OpenZiti Controller access token in the keychain
+     * @param token - The access token to store
+     * @returns A promise that resolves to true if successful, false otherwise
+     */
+    async setToken(token) {
+        return this.set(KeychainItem.TOKEN, token);
+    }
+    /**
+     * Retrieve the OpenZiti Controller access token from the keychain
+     * @returns A promise that resolves to the access token or null if not found
+     */
+    async getToken() {
+        return this.get(KeychainItem.TOKEN);
+    }
+    /**
+     * Store the OpenZiti Controller host in the keychain
+     * @param host - The host to store
+     * @returns A promise that resolves to true if successful, false otherwise
+     */
+    async setZitiControllerHost(host) {
+        return this.set(KeychainItem.ZITI_CONTROLLER_HOST, host);
+    }
+    /**
+     * Retrieve the OpenZiti Controller host from the keychain
+     * @returns A promise that resolves to the host or null if not found
+     */
+    async getZitiControllerHost() {
+        return this.get(KeychainItem.ZITI_CONTROLLER_HOST);
+    }
+    /**
+     * Store the OpenZiti Controller host in the keychain
+     * @param host - The host to store
+     * @returns A promise that resolves to true if successful, false otherwise
+     */
+    async setDomain(domain) {
+        return this.set(KeychainItem.DOMAIN, domain);
+    }
+    /**
+     * Retrieve the OpenZiti Controller host from the keychain
+     * @returns A promise that resolves to the host or null if not found
+     */
+    async getDomain() {
+        return this.get(KeychainItem.DOMAIN);
+    }
+    /**
+     * Store the OpenZiti Controller refresh token in the keychain
+     * @param refreshToken - The refresh token to store
+     * @returns A promise that resolves to true if successful, false otherwise
+     */
+    async setRefreshToken(refreshToken) {
+        return this.set(KeychainItem.REFRESH_TOKEN, refreshToken);
+    }
+    /**
+     * Retrieve the OpenZiti Controller refresh token from the keychain
+     * @returns A promise that resolves to the refresh token or null if not found
+     */
+    async getRefreshToken() {
+        return this.get(KeychainItem.REFRESH_TOKEN);
+    }
+    /**
+     * Store the token expiration timestamp in the keychain
+     * @param timestamp - The expiration timestamp in milliseconds since epoch
+     * @returns A promise that resolves to true if successful, false otherwise
+     */
+    async setTokenExpiresAt(timestamp) {
+        return this.set(KeychainItem.TOKEN_EXPIRES_AT, timestamp.toString());
+    }
+    /**
+     * Retrieve the token expiration timestamp from the keychain
+     * @returns A promise that resolves to the timestamp as a number or null if not found
+     */
+    async getTokenExpiresAt() {
+        const value = await this.get(KeychainItem.TOKEN_EXPIRES_AT);
+        return value ? parseInt(value, 10) : null;
+    }
+    /**
+     * Delete all OpenZiti Controller related items from the keychain
+     * @returns A promise that resolves to an array of results for each deletion operation
+     */
+    async clearAll() {
+        const results = await Promise.all(ALL_KEYCHAIN_ITEMS.map(async (item) => {
+            try {
+                const result = await keytar.deletePassword(this.serviceName, item);
+                log(`Deleted ${item} from keychain: ${result ? 'Success' : 'Not found'}`);
+                return { item, success: result };
+            }
+            catch (error) {
+                log(`Error deleting ${item} from keychain:`, error);
+                if (error instanceof Error) {
+                    return { item, success: false, error };
+                }
+                return { item, success: false, error: new Error(String(error)) };
+            }
+        }));
+        // Log a summary of the results
+        const successCount = results.filter((r) => r.success).length;
+        log(`Cleared ${successCount}/${ALL_KEYCHAIN_ITEMS.length} items from keychain`);
+        return results;
+    }
+    /**
+     * Delete a specific item from the keychain
+     * @param key - The key to delete
+     * @returns A promise that resolves to true if successful, false otherwise
+     */
+    async delete(key) {
+        try {
+            const result = await keytar.deletePassword(this.serviceName, key);
+            log(`Deleted ${key} from keychain: ${result ? 'Success' : 'Not found'}`);
+            return result;
+        }
+        catch (error) {
+            log(`Error deleting ${key} from keychain:`, error);
+            return false;
+        }
+    }
+    /**
+     * Internal method to store a value in the system keychain
+     * @param key - The key to store the value under
+     * @param value - The value to store
+     * @returns A promise that resolves to true if successful, false otherwise
+     * @private
+     */
+    async set(key, value) {
+        try {
+            await keytar.setPassword(this.serviceName, key, value);
+            log(`Successfully stored ${key} in keychain`);
+            return true;
+        }
+        catch (error) {
+            log(`Error storing ${key} in keychain:`, error);
+            return false;
+        }
+    }
+    /**
+     * Internal method to retrieve a value from the system keychain
+     * @param key - The key to retrieve
+     * @returns A promise that resolves to the stored value or null if not found
+     * @private
+     */
+    async get(key) {
+        try {
+            return await keytar.getPassword(this.serviceName, key);
+        }
+        catch (error) {
+            log(`Error retrieving ${key} from keychain:`, error);
+            return null;
+        }
+    }
+}
+export const keychain = new KeychainService(KEYCHAIN_SERVICE_NAME);
+//# sourceMappingURL=keychain.js.map

package/dist/utils/keychain.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"keychain.js","sourceRoot":"","sources":["../../src/utils/keychain.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,EAAE,GAAG,EAAE,MAAM,aAAa,CAAC;AAElC;;GAEG;AACH,MAAM,CAAC,MAAM,qBAAqB,GAAG,UAAU,CAAC;AAEhD;;;;GAIG;AACH,MAAM,CAAC,MAAM,YAAY,GAAG;IAC1B,0DAA0D;IAC1D,KAAK,EAAE,gBAAgB;IACvB,+BAA+B;IAC/B,oBAAoB,EAAE,sBAAsB;IAC5C,+BAA+B;IAC/B,MAAM,EAAE,uBAAuB;IAC/B,0DAA0D;IAC1D,aAAa,EAAE,wBAAwB;IACvC,+CAA+C;IAC/C,gBAAgB,EAAE,2BAA2B;CACrC,CAAC;AAEX;;;GAGG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;AAW9D;;;GAGG;AACH,MAAM,eAAe;IACX,WAAW,CAAS;IAE5B;;;OAGG;IACH,YAAY,cAAsB,qBAAqB;QACrD,IAAI,CAAC,WAAW,GAAG,WAAW,CAAC;IACjC,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,QAAQ,CAAC,KAAa;QAC1B,OAAO,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;IAC7C,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,QAAQ;QACZ,OAAO,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;IACtC,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,qBAAqB,CAAC,IAAY;QACtC,OAAO,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,oBAAoB,EAAE,IAAI,CAAC,CAAC;IAC3D,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,qBAAqB;QACzB,OAAO,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,oBAAoB,CAAC,CAAC;IACrD,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,SAAS,CAAC,MAAc;QAC5B,OAAO,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC/C,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,SAAS;QACb,OAAO,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,MAAM,CAAC,CAAC;IACvC,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,eAAe,CAAC,YAAoB;QACxC,OAAO,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,aAAa,EAAE,YAAY,CAAC,CAAC;IAC5D,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,eAAe;QACnB,OAAO,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,aAAa,CAAC,CAAC;IAC9C,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,iBAAiB,CAAC,SAAiB;QACvC,OAAO,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,gBAAgB,EAAE,SAAS,CAAC,QAAQ,EAAE,CAAC,CAAC;IACvE,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,iBAAiB;QACrB,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,YAAY,CAAC,gBAAgB,CAAC,CAAC;QAC5D,OAAO,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IAC5C,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,QAAQ;QACZ,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,GAAG,CAC/B,kBAAkB,CAAC,GAAG,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;YACpC,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,IAAI,CAAC,WAAW,EAAE,IAAI,CAAC,CAAC;gBACnE,GAAG,CAAC,WAAW,IAAI,mBAAmB,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;gBAC1E,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC;YACnC,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,GAAG,CAAC,kBAAkB,IAAI,iBAAiB,EAAE,KAAK,CAAC,CAAC;gBACpD,IAAI,KAAK,YAAY,KAAK,EAAE,CAAC;oBAC3B,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;gBACzC,CAAC;gBACD,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC;YACnE,CAAC;QACH,CAAC,CAAC,CACH,CAAC;QAEF,+BAA+B;QAC/B,MAAM,YAAY,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC;QAC7D,GAAG,CAAC,WAAW,YAAY,IAAI,kBAAkB,CAAC,MAAM,sBAAsB,CAAC,CAAC;QAEhF,OAAO,OAAO,CAAC;IACjB,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,MAAM,CAAC,GAAW;QACtB,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,cAAc,CAAC,IAAI,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC;YAClE,GAAG,CAAC,WAAW,GAAG,mBAAmB,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC;YACzE,OAAO,MAAM,CAAC;QAChB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,GAAG,CAAC,kBAAkB,GAAG,iBAAiB,EAAE,KAAK,CAAC,CAAC;YACnD,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED;;;;;;OAMG;IACK,KAAK,CAAC,GAAG,CAAC,GAAW,EAAE,KAAa;QAC1C,IAAI,CAAC;YACH,MAAM,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,WAAW,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;YACvD,GAAG,CAAC,uBAAuB,GAAG,cAAc,CAAC,CAAC;YAC9C,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,GAAG,CAAC,iBAAiB,GAAG,eAAe,EAAE,KAAK,CAAC,CAAC;YAChD,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACK,KAAK,CAAC,GAAG,CAAC,GAAW;QAC3B,IAAI,CAAC;YACH,OAAO,MAAM,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,WAAW,EAAE,GAAG,CAAC,CAAC;QACzD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,GAAG,CAAC,oBAAoB,GAAG,iBAAiB,EAAE,KAAK,CAAC,CAAC;YACrD,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;CACF;AAED,MAAM,CAAC,MAAM,QAAQ,GAAG,IAAI,eAAe,CAAC,qBAAqB,CAAC,CAAC"}

package/dist/utils/logger.d.ts

@@ -0,0 +1,4 @@
+import debug from 'debug';
+export declare const log: debug.Debugger;
+export declare const logInfo: (...args: any[]) => true | undefined;
+export declare const logError: (msg: string, error?: any) => boolean;

package/dist/utils/logger.js

@@ -0,0 +1,28 @@
+import debug from 'debug';
+// Set up debug logger
+export const log = debug('ziti-mcp');
+// Make sure debug output goes to stderr
+debug.log = (...args) => {
+    const msg = `[DEBUG:ziti-mcp] ${args.join(' ')}\n`;
+    process.stderr.write(msg);
+    return true;
+};
+export const logInfo = (...args) => {
+    if (process.env.DEBUG == 'ziti-mcp') {
+        return;
+    }
+    const msg = `[INFO:ziti-mcp] ${args.join(' ')}\n`;
+    process.stderr.write(msg);
+    return true;
+};
+export const logError = (msg, error = undefined) => {
+    const formattedMsg = `[ERROR:ziti-mcp] ${msg}`;
+    if (error) {
+        console.error(formattedMsg, error);
+    }
+    else {
+        console.error(formattedMsg);
+    }
+    return true;
+};
+//# sourceMappingURL=logger.js.map

package/dist/utils/logger.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"logger.js","sourceRoot":"","sources":["../../src/utils/logger.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,OAAO,CAAC;AAE1B,sBAAsB;AACtB,MAAM,CAAC,MAAM,GAAG,GAAG,KAAK,CAAC,UAAU,CAAC,CAAC;AAErC,wCAAwC;AACxC,KAAK,CAAC,GAAG,GAAG,CAAC,GAAG,IAAI,EAAE,EAAE;IACtB,MAAM,GAAG,GAAG,oBAAoB,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC;IACnD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC1B,OAAO,IAAI,CAAC;AACd,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,OAAO,GAAG,CAAC,GAAG,IAAW,EAAE,EAAE;IACxC,IAAI,OAAO,CAAC,GAAG,CAAC,KAAK,IAAI,UAAU,EAAE,CAAC;QACpC,OAAO;IACT,CAAC;IACD,MAAM,GAAG,GAAG,mBAAmB,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC;IAClD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC1B,OAAO,IAAI,CAAC;AACd,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,QAAQ,GAAG,CAAC,GAAW,EAAE,QAAa,SAAS,EAAE,EAAE;IAC9D,MAAM,YAAY,GAAG,oBAAoB,GAAG,EAAE,CAAC;IAC/C,IAAI,KAAK,EAAE,CAAC;QACV,OAAO,CAAC,KAAK,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC;IACrC,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;IAC9B,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC,CAAC"}

package/dist/utils/package.d.ts

@@ -0,0 +1,3 @@
+export declare const packageName: any;
+export declare const packageVersion: any;
+export declare const packageInfo: any;

package/dist/utils/package.js

@@ -0,0 +1,9 @@
+import { createRequire } from 'module';
+// For importing JSON files in ES modules
+const require = createRequire(import.meta.url);
+const packageJson = require('../../package.json');
+// Export package coordinates
+export const packageName = packageJson.name;
+export const packageVersion = packageJson.version;
+export const packageInfo = packageJson;
+//# sourceMappingURL=package.js.map

package/dist/utils/package.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"package.js","sourceRoot":"","sources":["../../src/utils/package.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,QAAQ,CAAC;AAEvC,yCAAyC;AACzC,MAAM,OAAO,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAC/C,MAAM,WAAW,GAAG,OAAO,CAAC,oBAAoB,CAAC,CAAC;AAElD,6BAA6B;AAC7B,MAAM,CAAC,MAAM,WAAW,GAAG,WAAW,CAAC,IAAI,CAAC;AAC5C,MAAM,CAAC,MAAM,cAAc,GAAG,WAAW,CAAC,OAAO,CAAC;AAClD,MAAM,CAAC,MAAM,WAAW,GAAG,WAAW,CAAC"}