@openziti/ziti-mcp-server 0.1.0

package/dist/auth/client-credentials-flow.d.ts

@@ -0,0 +1,21 @@
+/**
+ * Interface for client credentials configuration
+ */
+export interface ClientCredentialsConfig {
+    zitiControllerHost: string;
+    idpDomain: string;
+    idpClientId: string;
+    idpClientSecret: string;
+    audience?: string;
+    scopes?: string[];
+}
+/**
+ * Request authorization using client credentials flow
+ *
+ * This method is primarily designed for Private Cloud users who cannot use the
+ * device authorization flow. It uses client credentials flow to obtain an access token.
+ *
+ * @param {ClientCredentialsConfig} config - Configuration for client credentials flow
+ * @returns {Promise<void>}
+ */
+export declare function requestClientCredentialsAuthorization(config: ClientCredentialsConfig): Promise<void>;

package/dist/auth/client-credentials-flow.js

@@ -0,0 +1,63 @@
+import chalk from 'chalk';
+import { cliOutput } from '../utils/terminal.js';
+import { log, logError } from '../utils/logger.js';
+import { keychain } from '../utils/keychain.js';
+import { getAuthenticationClient } from '../utils/auth0-client.js';
+/**
+ * Request authorization using client credentials flow
+ *
+ * This method is primarily designed for Private Cloud users who cannot use the
+ * device authorization flow. It uses client credentials flow to obtain an access token.
+ *
+ * @param {ClientCredentialsConfig} config - Configuration for client credentials flow
+ * @returns {Promise<void>}
+ */
+export async function requestClientCredentialsAuthorization(config) {
+    log('Initiating client credentials flow authentication...');
+    try {
+        // Auth client
+        const authClient = await getAuthenticationClient(config.idpDomain, config.idpClientId, config.idpClientSecret);
+        // Set audience if provided, otherwise use a default based on the domain
+        const audience = config.audience || `https://${config.idpDomain}/api/v2/`;
+        // Make the token request
+        const { data: { access_token, expires_in }, } = await authClient.oauth.clientCredentialsGrant({
+            audience,
+        });
+        const tokenSet = { access_token, expires_in };
+        // Store the token information
+        await storeTokenInfo(tokenSet, config.zitiControllerHost, config.idpDomain);
+        cliOutput(`\n${chalk.green('✓')} Successfully authenticated to ${chalk.blue(config.idpDomain)} using client credentials.\n`);
+    }
+    catch (error) {
+        logError('Client credentials authentication error:', error);
+        cliOutput(`\n${chalk.red('✗')} Failed to authenticate with client credentials.\n`);
+        process.exit(1);
+    }
+}
+/**
+ * Store token information from client credentials flow
+ *
+ * @param {any} tokenSet - Token response from the server
+ * @param {string} domain - The domain used for authentication
+ */
+async function storeTokenInfo(tokenSet, zitiControllerHost, domain) {
+    // For client credentials flow, we use the provided domain directly,
+    // as the token may not contain tenant information in the same format as device flow
+    // Store access token
+    await keychain.setToken(tokenSet.access_token);
+    await keychain.setZitiControllerHost(zitiControllerHost);
+    await keychain.setDomain(domain);
+    // Client credentials flow typically doesn't return refresh tokens
+    // but we'll handle it just in case
+    if (tokenSet.refresh_token) {
+        await keychain.setRefreshToken(tokenSet.refresh_token);
+        log('Refresh token stored in keychain');
+    }
+    // Set token expiration
+    if (tokenSet.expires_in) {
+        const expiresAt = Date.now() + tokenSet.expires_in * 1000;
+        await keychain.setTokenExpiresAt(expiresAt);
+        log(`Token expires at: ${new Date(expiresAt).toISOString()}`);
+    }
+}
+//# sourceMappingURL=client-credentials-flow.js.map

package/dist/auth/client-credentials-flow.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"client-credentials-flow.js","sourceRoot":"","sources":["../../src/auth/client-credentials-flow.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAC;AACjD,OAAO,EAAE,GAAG,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AAChD,OAAO,EAAE,uBAAuB,EAAE,MAAM,0BAA0B,CAAC;AAcnE;;;;;;;;GAQG;AACH,MAAM,CAAC,KAAK,UAAU,qCAAqC,CACzD,MAA+B;IAE/B,GAAG,CAAC,sDAAsD,CAAC,CAAC;IAE5D,IAAI,CAAC;QACH,cAAc;QACd,MAAM,UAAU,GAAG,MAAM,uBAAuB,CAC9C,MAAM,CAAC,SAAS,EAChB,MAAM,CAAC,WAAW,EAClB,MAAM,CAAC,eAAe,CACvB,CAAC;QAEF,wEAAwE;QACxE,MAAM,QAAQ,GAAG,MAAM,CAAC,QAAQ,IAAI,WAAW,MAAM,CAAC,SAAS,UAAU,CAAC;QAE1E,yBAAyB;QACzB,MAAM,EACJ,IAAI,EAAE,EAAE,YAAY,EAAE,UAAU,EAAE,GACnC,GAAG,MAAM,UAAU,CAAC,KAAK,CAAC,sBAAsB,CAAC;YAChD,QAAQ;SACT,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,EAAE,YAAY,EAAE,UAAU,EAAE,CAAC;QAE9C,8BAA8B;QAC9B,MAAM,cAAc,CAAC,QAAQ,EAAE,MAAM,CAAC,kBAAkB,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC;QAE5E,SAAS,CACP,KAAK,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,kCAAkC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,8BAA8B,CAClH,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,QAAQ,CAAC,0CAA0C,EAAE,KAAK,CAAC,CAAC;QAC5D,SAAS,CAAC,KAAK,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,oDAAoD,CAAC,CAAC;QACnF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC;AAED;;;;;GAKG;AACH,KAAK,UAAU,cAAc,CAC3B,QAAa,EACb,kBAA0B,EAC1B,MAAc;IAEd,oEAAoE;IACpE,oFAAoF;IAEpF,qBAAqB;IACrB,MAAM,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;IAC/C,MAAM,QAAQ,CAAC,qBAAqB,CAAC,kBAAkB,CAAC,CAAC;IACzD,MAAM,QAAQ,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IAEjC,kEAAkE;IAClE,mCAAmC;IACnC,IAAI,QAAQ,CAAC,aAAa,EAAE,CAAC;QAC3B,MAAM,QAAQ,CAAC,eAAe,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QACvD,GAAG,CAAC,kCAAkC,CAAC,CAAC;IAC1C,CAAC;IAED,uBAAuB;IACvB,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC;QACxB,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC,UAAU,GAAG,IAAI,CAAC;QAC1D,MAAM,QAAQ,CAAC,iBAAiB,CAAC,SAAS,CAAC,CAAC;QAC5C,GAAG,CAAC,qBAAqB,IAAI,IAAI,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;IAChE,CAAC;AACH,CAAC"}

package/dist/auth/device-auth-flow.d.ts

@@ -0,0 +1,47 @@
+declare function requestAuthorization(selectedScopes?: string[]): Promise<void>;
+export declare function refreshAccessToken(selectedScopes?: string[]): Promise<string | null>;
+/**
+ * Revokes the refresh token that is previously set within keychain when offline_access is requested.
+ * Returns true if the call is successful or if the refresh token does not exist.
+ * @returns {Promise<boolean>}
+ */
+export declare function revokeRefreshToken(): Promise<boolean>;
+/**
+ * Determines if the current access token is expired or will expire soon.
+ *
+ * This security check is crucial for maintaining continuous authenticated access
+ * to Auth0 APIs. It includes a configurable buffer time to proactively detect
+ * tokens that will expire soon, preventing potential disruptions during operations
+ * that might span multiple API calls. This proactive approach allows the system to
+ * initiate refresh flows before actual expiration occurs.
+ *
+ * The function considers a token expired in the following cases:
+ * - No expiration time is found in the keychain via `keychain.getTokenExpiresAt()`
+ * - Current time + buffer exceeds the token's expiration time
+ * - Error occurs during expiration check (fails secure)
+ *
+ * This function is used both by `validateAuthorization()` in `run.ts` for user-friendly
+ * startup validation and by `validateConfig()` for continuous runtime validation.
+ *
+ * @param {number} bufferSeconds - Seconds before actual expiration to consider token expired (default: 300s/5min)
+ * @returns {Promise<boolean>} True if token is expired or will expire within the buffer period
+ */
+export declare function isTokenExpired(bufferSeconds?: number): Promise<boolean>;
+/**
+ * Retrieves a valid access token for OpenZiti Controller Management API operations.
+ *
+ * This function serves as the main entry point for credential retrieval,
+ * ensuring that only valid, non-expired tokens are provided to API operations.
+ * It implements a critical security checkpoint that prevents operations from
+ * proceeding with invalid authentication, which could lead to API failures
+ * or unpredictable behavior.
+ *
+ * The function performs these key security checks:
+ * 1. Verifies token expiration status using isTokenExpired
+ * 2. Provides clear guidance to users when re-authentication is needed
+ * 3. Handles errors gracefully with a fail-secure approach
+ *
+ * @returns {Promise<string|null>} A valid access token, or null if no valid token is available
+ */
+export declare function getValidAccessToken(): Promise<string | null>;
+export { requestAuthorization };

package/dist/auth/device-auth-flow.js

@@ -0,0 +1,291 @@
+import chalk from 'chalk';
+import open from 'open';
+import { startSpinner, stopSpinner, getTenantFromToken, cliOutput, promptForBrowserPermission, } from '../utils/terminal.js';
+import { log, logError } from '../utils/logger.js';
+import { keychain } from '../utils/keychain.js';
+import { DEFAULT_SCOPES } from '../utils/scopes.js';
+function getConfig(selectedScopes) {
+    // If selectedScopes is provided, use those scopes
+    // If not provided or empty, use DEFAULT_SCOPES (which is now empty by default)
+    const scopes = selectedScopes && selectedScopes.length > 0
+        ? selectedScopes.join(' ')
+        : DEFAULT_SCOPES.join(' ');
+    return {
+        tenant: 'auth0.auth0.com',
+        clientId: '2lhnuYMRQ8IpR5hNsOhDFQqrGQUQMRm5',
+        audience: 'https://*.auth0.com/api/v2/',
+        scopes,
+    };
+}
+async function requestAuthorization(selectedScopes) {
+    const config = getConfig(selectedScopes);
+    const body = {
+        client_id: config.clientId,
+    };
+    if (config.audience) {
+        body.audience = config.audience;
+    }
+    if (config.scopes.length) {
+        body.scope = config.scopes;
+    }
+    try {
+        const response = await fetch(`https://${config.tenant}/oauth/device/code`, {
+            method: 'POST',
+            body: new URLSearchParams(body),
+            headers: {
+                Accept: 'application/json',
+                'Content-Type': 'application/x-www-form-urlencoded',
+            },
+        });
+        const jsonRes = await response.json();
+        if (!jsonRes.error) {
+            cliOutput(`\nVerify this code on screen: ${chalk.bold.green(jsonRes.user_code)}\n`);
+            // Wait for user to press Enter to open browser
+            await promptForBrowserPermission();
+            openBrowser(jsonRes.verification_uri_complete);
+            await exchangeDeviceCodeForToken(jsonRes, selectedScopes);
+        }
+        else {
+            logError('Error', jsonRes);
+            process.exit(1);
+        }
+    }
+    catch (err) {
+        logError('Error', err);
+        process.exit(1);
+    }
+}
+function wait(ms) {
+    return new Promise((resolve) => setTimeout(resolve, ms));
+}
+function isValidUrl(url) {
+    try {
+        const parsedUrl = new URL(url);
+        // Check for safe protocols
+        return ['http:', 'https:'].includes(parsedUrl.protocol);
+    }
+    catch (error) {
+        logError('Error', error);
+        return false;
+    }
+}
+function openBrowser(url) {
+    if (!url || !isValidUrl(url)) {
+        logError('Invalid URL provided:', url);
+        return;
+    }
+    open(url)
+        .then(() => {
+        log('Browser opened successfully');
+    })
+        .catch((err) => {
+        logError('Failed to open browser:', err);
+    });
+}
+async function exchangeDeviceCodeForToken(deviceCode, selectedScopes) {
+    const config = getConfig(selectedScopes);
+    startSpinner('Waiting for authorization...');
+    while (true) {
+        try {
+            const response = await fetch(`https://${config.tenant}/oauth/token`, {
+                method: 'POST',
+                body: new URLSearchParams({
+                    client_id: config.clientId,
+                    device_code: deviceCode.device_code,
+                    grant_type: 'urn:ietf:params:oauth:grant-type:device_code',
+                }),
+                headers: {
+                    Accept: 'application/json',
+                    'Content-Type': 'application/x-www-form-urlencoded',
+                },
+            });
+            const jsonRes = await response.json();
+            if (!jsonRes.error) {
+                fetchUserInfo(jsonRes); // Success case
+                break; // Exit loop once successful
+            }
+            else if (['authorization_pending', 'slow_down'].includes(jsonRes.error)) {
+                await wait(5000); // Wait before polling again
+            }
+            else {
+                stopSpinner();
+                logError('Unexpected error:', jsonRes.error);
+                break; // Exit loop on unknown error
+            }
+        }
+        catch (err) {
+            stopSpinner();
+            logError('Error in token exchange:', err);
+            break; // Exit loop on fetch failure
+        }
+    }
+    stopSpinner();
+}
+async function fetchUserInfo(tokenSet) {
+    const tenantName = getTenantFromToken(tokenSet.access_token);
+    // Store tokens in keychain
+    await keychain.setToken(tokenSet.access_token);
+    await keychain.setDomain(tenantName);
+    if (tokenSet.refresh_token) {
+        await keychain.setRefreshToken(tokenSet.refresh_token);
+        log('Refresh token stored in keychain');
+    }
+    if (tokenSet.expires_in) {
+        const expiresAt = Date.now() + tokenSet.expires_in * 1000;
+        await keychain.setTokenExpiresAt(expiresAt);
+        log(`Token expires at: ${new Date(expiresAt).toISOString()}`);
+    }
+}
+export async function refreshAccessToken(selectedScopes) {
+    try {
+        log('Attempting to refresh access token');
+        const refreshToken = await keychain.getRefreshToken();
+        if (!refreshToken) {
+            log('No refresh token found in keychain');
+            return null;
+        }
+        const config = getConfig(selectedScopes);
+        const response = await fetch(`https://${config.tenant}/oauth/token`, {
+            method: 'POST',
+            body: new URLSearchParams({
+                grant_type: 'refresh_token',
+                client_id: config.clientId,
+                refresh_token: refreshToken,
+            }),
+            headers: {
+                'Content-Type': 'application/x-www-form-urlencoded',
+            },
+        });
+        const tokenSet = await response.json();
+        if (tokenSet.error) {
+            log(`Error refreshing token: ${tokenSet.error}`);
+            return null;
+        }
+        // Store new tokens
+        const tenantName = getTenantFromToken(tokenSet.access_token);
+        await keychain.setToken(tokenSet.access_token);
+        await keychain.setDomain(tenantName);
+        if (tokenSet.refresh_token) {
+            await keychain.setRefreshToken(tokenSet.refresh_token);
+        }
+        if (tokenSet.expires_in) {
+            const expiresAt = Date.now() + tokenSet.expires_in * 1000;
+            await keychain.setTokenExpiresAt(expiresAt);
+        }
+        log('Successfully refreshed access token');
+        return tokenSet.access_token;
+    }
+    catch (error) {
+        log('Error refreshing access token:', error);
+        return null;
+    }
+}
+/**
+ * Revokes the refresh token that is previously set within keychain when offline_access is requested.
+ * Returns true if the call is successful or if the refresh token does not exist.
+ * @returns {Promise<boolean>}
+ */
+export async function revokeRefreshToken() {
+    try {
+        log('Attempting to revoke refresh token');
+        const refreshToken = await keychain.getRefreshToken();
+        if (!refreshToken) {
+            log('No refresh token found in keychain');
+            return true;
+        }
+        const config = getConfig();
+        const response = await fetch(`https://${config.tenant}/oauth/revoke`, {
+            method: 'POST',
+            body: new URLSearchParams({
+                client_id: config.clientId,
+                token: refreshToken,
+            }),
+            headers: {
+                'Content-Type': 'application/x-www-form-urlencoded',
+            },
+        });
+        if (response.status === 200) {
+            log('Refresh token successfully revoked');
+            return true;
+        }
+        else {
+            log('Error calling revoke API: ', response.statusText);
+            return false;
+        }
+    }
+    catch (error) {
+        log('Error revoking refresh token:', error);
+        return false;
+    }
+}
+/**
+ * Determines if the current access token is expired or will expire soon.
+ *
+ * This security check is crucial for maintaining continuous authenticated access
+ * to Auth0 APIs. It includes a configurable buffer time to proactively detect
+ * tokens that will expire soon, preventing potential disruptions during operations
+ * that might span multiple API calls. This proactive approach allows the system to
+ * initiate refresh flows before actual expiration occurs.
+ *
+ * The function considers a token expired in the following cases:
+ * - No expiration time is found in the keychain via `keychain.getTokenExpiresAt()`
+ * - Current time + buffer exceeds the token's expiration time
+ * - Error occurs during expiration check (fails secure)
+ *
+ * This function is used both by `validateAuthorization()` in `run.ts` for user-friendly
+ * startup validation and by `validateConfig()` for continuous runtime validation.
+ *
+ * @param {number} bufferSeconds - Seconds before actual expiration to consider token expired (default: 300s/5min)
+ * @returns {Promise<boolean>} True if token is expired or will expire within the buffer period
+ */
+export async function isTokenExpired(bufferSeconds = 300) {
+    try {
+        const expiresAt = await keychain.getTokenExpiresAt();
+        if (!expiresAt) {
+            log('No token expiration time found');
+            return true;
+        }
+        const now = Date.now();
+        const isExpired = now + bufferSeconds * 1000 >= expiresAt;
+        if (isExpired) {
+            log(`Token is expired or will expire soon. Expires at: ${new Date(expiresAt).toISOString()}`);
+        }
+        return isExpired;
+    }
+    catch (error) {
+        log('Error checking token expiration:', error);
+        return true;
+    }
+}
+/**
+ * Retrieves a valid access token for OpenZiti Controller Management API operations.
+ *
+ * This function serves as the main entry point for credential retrieval,
+ * ensuring that only valid, non-expired tokens are provided to API operations.
+ * It implements a critical security checkpoint that prevents operations from
+ * proceeding with invalid authentication, which could lead to API failures
+ * or unpredictable behavior.
+ *
+ * The function performs these key security checks:
+ * 1. Verifies token expiration status using isTokenExpired
+ * 2. Provides clear guidance to users when re-authentication is needed
+ * 3. Handles errors gracefully with a fail-secure approach
+ *
+ * @returns {Promise<string|null>} A valid access token, or null if no valid token is available
+ */
+export async function getValidAccessToken() {
+    try {
+        const expired = await isTokenExpired();
+        if (expired) {
+            log('Token is expired. Please authenticate again using `npx @openziti/openziti-mcp-server init`');
+            return null;
+        }
+        return await keychain.getToken();
+    }
+    catch (error) {
+        log('Error getting valid access token:', error);
+        return null;
+    }
+}
+export { requestAuthorization };
+//# sourceMappingURL=device-auth-flow.js.map

package/dist/auth/device-auth-flow.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"device-auth-flow.js","sourceRoot":"","sources":["../../src/auth/device-auth-flow.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EACL,YAAY,EACZ,WAAW,EACX,kBAAkB,EAClB,SAAS,EACT,0BAA0B,GAC3B,MAAM,sBAAsB,CAAC;AAC9B,OAAO,EAAE,GAAG,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AACnD,OAAO,EAAE,QAAQ,EAAE,MAAM,sBAAsB,CAAC;AAChD,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AAEpD,SAAS,SAAS,CAAC,cAAyB;IAC1C,kDAAkD;IAClD,+EAA+E;IAC/E,MAAM,MAAM,GACV,cAAc,IAAI,cAAc,CAAC,MAAM,GAAG,CAAC;QACzC,CAAC,CAAC,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC;QAC1B,CAAC,CAAC,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAE/B,OAAO;QACL,MAAM,EAAE,iBAAiB;QACzB,QAAQ,EAAE,kCAAkC;QAC5C,QAAQ,EAAE,6BAA6B;QACvC,MAAM;KACP,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,oBAAoB,CAAC,cAAyB;IAC3D,MAAM,MAAM,GAAG,SAAS,CAAC,cAAc,CAAC,CAAC;IACzC,MAAM,IAAI,GAAQ;QAChB,SAAS,EAAE,MAAM,CAAC,QAAQ;KAC3B,CAAC;IAEF,IAAI,MAAM,CAAC,QAAQ,EAAE,CAAC;QACpB,IAAI,CAAC,QAAQ,GAAG,MAAM,CAAC,QAAQ,CAAC;IAClC,CAAC;IAED,IAAI,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QACzB,IAAI,CAAC,KAAK,GAAG,MAAM,CAAC,MAAM,CAAC;IAC7B,CAAC;IACD,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,WAAW,MAAM,CAAC,MAAM,oBAAoB,EAAE;YACzE,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,IAAI,eAAe,CAAC,IAAI,CAAC;YAC/B,OAAO,EAAE;gBACP,MAAM,EAAE,kBAAkB;gBAC1B,cAAc,EAAE,mCAAmC;aACpD;SACF,CAAC,CAAC;QAEH,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACtC,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;YACnB,SAAS,CAAC,iCAAiC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;YACpF,+CAA+C;YAC/C,MAAM,0BAA0B,EAAE,CAAC;YACnC,WAAW,CAAC,OAAO,CAAC,yBAAyB,CAAC,CAAC;YAC/C,MAAM,0BAA0B,CAAC,OAAO,EAAE,cAAc,CAAC,CAAC;QAC5D,CAAC;aAAM,CAAC;YACN,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;YAC3B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,QAAQ,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;QACvB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC;AAED,SAAS,IAAI,CAAC,EAAU;IACtB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC;AAC3D,CAAC;AAED,SAAS,UAAU,CAAC,GAAW;IAC7B,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;QAC/B,2BAA2B;QAC3B,OAAO,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;IAC1D,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,QAAQ,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;QACzB,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED,SAAS,WAAW,CAAC,GAAW;IAC9B,IAAI,CAAC,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QAC7B,QAAQ,CAAC,uBAAuB,EAAE,GAAG,CAAC,CAAC;QACvC,OAAO;IACT,CAAC;IAED,IAAI,CAAC,GAAG,CAAC;SACN,IAAI,CAAC,GAAG,EAAE;QACT,GAAG,CAAC,6BAA6B,CAAC,CAAC;IACrC,CAAC,CAAC;SACD,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;QACb,QAAQ,CAAC,yBAAyB,EAAE,GAAG,CAAC,CAAC;IAC3C,CAAC,CAAC,CAAC;AACP,CAAC;AAED,KAAK,UAAU,0BAA0B,CAAC,UAAe,EAAE,cAAyB;IAClF,MAAM,MAAM,GAAG,SAAS,CAAC,cAAc,CAAC,CAAC;IACzC,YAAY,CAAC,8BAA8B,CAAC,CAAC;IAC7C,OAAO,IAAI,EAAE,CAAC;QACZ,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,WAAW,MAAM,CAAC,MAAM,cAAc,EAAE;gBACnE,MAAM,EAAE,MAAM;gBACd,IAAI,EAAE,IAAI,eAAe,CAAC;oBACxB,SAAS,EAAE,MAAM,CAAC,QAAQ;oBAC1B,WAAW,EAAE,UAAU,CAAC,WAAW;oBACnC,UAAU,EAAE,8CAA8C;iBAC3D,CAAC;gBACF,OAAO,EAAE;oBACP,MAAM,EAAE,kBAAkB;oBAC1B,cAAc,EAAE,mCAAmC;iBACpD;aACF,CAAC,CAAC;YAEH,MAAM,OAAO,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YAEtC,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,CAAC;gBACnB,aAAa,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe;gBACvC,MAAM,CAAC,4BAA4B;YACrC,CAAC;iBAAM,IAAI,CAAC,uBAAuB,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC;gBAC1E,MAAM,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,4BAA4B;YAChD,CAAC;iBAAM,CAAC;gBACN,WAAW,EAAE,CAAC;gBACd,QAAQ,CAAC,mBAAmB,EAAE,OAAO,CAAC,KAAK,CAAC,CAAC;gBAC7C,MAAM,CAAC,6BAA6B;YACtC,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,WAAW,EAAE,CAAC;YACd,QAAQ,CAAC,0BAA0B,EAAE,GAAG,CAAC,CAAC;YAC1C,MAAM,CAAC,6BAA6B;QACtC,CAAC;IACH,CAAC;IACD,WAAW,EAAE,CAAC;AAChB,CAAC;AAED,KAAK,UAAU,aAAa,CAAC,QAAa;IACxC,MAAM,UAAU,GAAG,kBAAkB,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;IAE7D,2BAA2B;IAC3B,MAAM,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;IAC/C,MAAM,QAAQ,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;IAErC,IAAI,QAAQ,CAAC,aAAa,EAAE,CAAC;QAC3B,MAAM,QAAQ,CAAC,eAAe,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QACvD,GAAG,CAAC,kCAAkC,CAAC,CAAC;IAC1C,CAAC;IAED,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC;QACxB,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC,UAAU,GAAG,IAAI,CAAC;QAC1D,MAAM,QAAQ,CAAC,iBAAiB,CAAC,SAAS,CAAC,CAAC;QAC5C,GAAG,CAAC,qBAAqB,IAAI,IAAI,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;IAChE,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,cAAyB;IAChE,IAAI,CAAC;QACH,GAAG,CAAC,oCAAoC,CAAC,CAAC;QAE1C,MAAM,YAAY,GAAG,MAAM,QAAQ,CAAC,eAAe,EAAE,CAAC;QACtD,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,GAAG,CAAC,oCAAoC,CAAC,CAAC;YAC1C,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,MAAM,GAAG,SAAS,CAAC,cAAc,CAAC,CAAC;QACzC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,WAAW,MAAM,CAAC,MAAM,cAAc,EAAE;YACnE,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,IAAI,eAAe,CAAC;gBACxB,UAAU,EAAE,eAAe;gBAC3B,SAAS,EAAE,MAAM,CAAC,QAAQ;gBAC1B,aAAa,EAAE,YAAY;aAC5B,CAAC;YACF,OAAO,EAAE;gBACP,cAAc,EAAE,mCAAmC;aACpD;SACF,CAAC,CAAC;QAEH,MAAM,QAAQ,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QAEvC,IAAI,QAAQ,CAAC,KAAK,EAAE,CAAC;YACnB,GAAG,CAAC,2BAA2B,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC;YACjD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,mBAAmB;QACnB,MAAM,UAAU,GAAG,kBAAkB,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;QAC7D,MAAM,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;QAC/C,MAAM,QAAQ,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;QAErC,IAAI,QAAQ,CAAC,aAAa,EAAE,CAAC;YAC3B,MAAM,QAAQ,CAAC,eAAe,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QACzD,CAAC;QAED,IAAI,QAAQ,CAAC,UAAU,EAAE,CAAC;YACxB,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC,UAAU,GAAG,IAAI,CAAC;YAC1D,MAAM,QAAQ,CAAC,iBAAiB,CAAC,SAAS,CAAC,CAAC;QAC9C,CAAC;QAED,GAAG,CAAC,qCAAqC,CAAC,CAAC;QAC3C,OAAO,QAAQ,CAAC,YAAY,CAAC;IAC/B,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,GAAG,CAAC,gCAAgC,EAAE,KAAK,CAAC,CAAC;QAC7C,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB;IACtC,IAAI,CAAC;QACH,GAAG,CAAC,oCAAoC,CAAC,CAAC;QAE1C,MAAM,YAAY,GAAG,MAAM,QAAQ,CAAC,eAAe,EAAE,CAAC;QACtD,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,GAAG,CAAC,oCAAoC,CAAC,CAAC;YAC1C,OAAO,IAAI,CAAC;QACd,CAAC;QACD,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;QAC3B,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,WAAW,MAAM,CAAC,MAAM,eAAe,EAAE;YACpE,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,IAAI,eAAe,CAAC;gBACxB,SAAS,EAAE,MAAM,CAAC,QAAQ;gBAC1B,KAAK,EAAE,YAAY;aACpB,CAAC;YACF,OAAO,EAAE;gBACP,cAAc,EAAE,mCAAmC;aACpD;SACF,CAAC,CAAC;QAEH,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAC5B,GAAG,CAAC,oCAAoC,CAAC,CAAC;YAC1C,OAAO,IAAI,CAAC;QACd,CAAC;aAAM,CAAC;YACN,GAAG,CAAC,4BAA4B,EAAE,QAAQ,CAAC,UAAU,CAAC,CAAC;YACvD,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,GAAG,CAAC,+BAA+B,EAAE,KAAK,CAAC,CAAC;QAC5C,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,aAAa,GAAG,GAAG;IACtD,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,MAAM,QAAQ,CAAC,iBAAiB,EAAE,CAAC;QACrD,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,GAAG,CAAC,gCAAgC,CAAC,CAAC;YACtC,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,SAAS,GAAG,GAAG,GAAG,aAAa,GAAG,IAAI,IAAI,SAAS,CAAC;QAE1D,IAAI,SAAS,EAAE,CAAC;YACd,GAAG,CAAC,qDAAqD,IAAI,IAAI,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;QAChG,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,GAAG,CAAC,kCAAkC,EAAE,KAAK,CAAC,CAAC;QAC/C,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;;;;;;;;;;;;;GAeG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB;IACvC,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,MAAM,cAAc,EAAE,CAAC;QAEvC,IAAI,OAAO,EAAE,CAAC;YACZ,GAAG,CACD,4FAA4F,CAC7F,CAAC;YACF,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,MAAM,QAAQ,CAAC,QAAQ,EAAE,CAAC;IACnC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,GAAG,CAAC,mCAAmC,EAAE,KAAK,CAAC,CAAC;QAChD,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED,OAAO,EAAE,oBAAoB,EAAE,CAAC"}

package/dist/clients/base.d.ts

@@ -0,0 +1,74 @@
+import type { ClientOptions } from '../utils/types.js';
+import type { ServerConfig, ClientConfig, ClientManager, ClientType } from './types.js';
+/**
+ * Abstract base class providing common functionality for all supported MCP client managers.
+ *
+ * Subclasses should extend this class to handle client-specific configuration paths and custom behaviors.
+ */
+export declare abstract class BaseClientManager implements ClientManager {
+    protected readonly clientType: ClientType;
+    readonly displayName: string;
+    protected readonly capabilities?: string[];
+    /**
+     * Initializes a new BaseClientManager instance.
+     *
+     * @param options - Configuration options including client type, display name, and optional capabilities.
+     */
+    constructor(options: {
+        clientType: ClientType;
+        displayName: string;
+        capabilities?: string[];
+    });
+    /**
+     * Returns the absolute path to the client's configuration file.
+     *
+     * Subclasses must implement this method to provide client-specific path resolution.
+     * Implementations are responsible for ensuring any necessary directories exist.
+     *
+     * @returns The resolved configuration file path.
+     */
+    abstract getConfigPath(): string;
+    /**
+     * Updates the client’s configuration with OpenZiti MCP server settings.
+     *
+     * Loads the existing configuration, applies updates for the MCP server,
+     * and writes the updated configuration back to disk.
+     *
+     * @param options - Client configuration options such as enabled tools and read-only mode.
+     */
+    configure(options: ClientOptions): Promise<void>;
+    /**
+     * Creates an MCP server configuration entry based on the provided client options.
+     *
+     * This method transforms the user’s options into a command, arguments,
+     * environment variables, and optional capabilities that the client will use to start the MCP server.
+     *
+     * Subclasses may override this method if additional customization of the server config is needed.
+     *
+     * @param options - Options controlling server configuration, such as selected tools and read-only mode.
+     * @returns A fully-formed ServerConfig object.
+     * @protected
+     */
+    protected createServerConfig(options: ClientOptions): ServerConfig;
+    /**
+     * Loads the client’s configuration from disk.
+     *
+     * Attempts to read and parse the configuration file at the given path.
+     * Returns a default configuration object if the file is missing or cannot be read.
+     *
+     * @param configPath - Path to the client’s configuration file.
+     * @returns A parsed ClientConfig object.
+     * @protected
+     */
+    protected readConfig(configPath: string): ClientConfig;
+    /**
+     * Writes the provided configuration object to disk.
+     *
+     * Serializes the configuration to formatted JSON and saves it at the specified path.
+     *
+     * @param configPath - Path where the configuration should be saved.
+     * @param config - Configuration object to serialize and write.
+     * @protected
+     */
+    protected writeConfig(configPath: string, config: ClientConfig): void;
+}

package/dist/clients/base.js

@@ -0,0 +1,109 @@
+import * as fs from 'fs';
+import chalk from 'chalk';
+import { log } from '../utils/logger.js';
+import { cliOutput } from '../utils/terminal.js';
+import { packageName } from '../utils/package.js';
+import { MCP_SERVER_NAME } from '../utils/constants.js';
+/**
+ * Abstract base class providing common functionality for all supported MCP client managers.
+ *
+ * Subclasses should extend this class to handle client-specific configuration paths and custom behaviors.
+ */
+export class BaseClientManager {
+    clientType;
+    displayName;
+    capabilities;
+    /**
+     * Initializes a new BaseClientManager instance.
+     *
+     * @param options - Configuration options including client type, display name, and optional capabilities.
+     */
+    constructor(options) {
+        this.clientType = options.clientType;
+        this.displayName = options.displayName;
+        this.capabilities = options.capabilities;
+    }
+    /**
+     * Updates the client’s configuration with OpenZiti MCP server settings.
+     *
+     * Loads the existing configuration, applies updates for the MCP server,
+     * and writes the updated configuration back to disk.
+     *
+     * @param options - Client configuration options such as enabled tools and read-only mode.
+     */
+    async configure(options) {
+        const configPath = this.getConfigPath();
+        const config = this.readConfig(configPath);
+        const mcpServers = config.mcpServers || {};
+        const serverConfig = this.createServerConfig(options);
+        mcpServers[MCP_SERVER_NAME] = serverConfig;
+        config.mcpServers = mcpServers;
+        this.writeConfig(configPath, config);
+        log(`Updated ${this.displayName} config file at: ${configPath}`);
+        cliOutput(`\n${chalk.green('✓')} OpenZiti MCP server configured. ${chalk.yellow(`Restart ${this.displayName}`)} to apply changes.\n`);
+    }
+    /**
+     * Creates an MCP server configuration entry based on the provided client options.
+     *
+     * This method transforms the user’s options into a command, arguments,
+     * environment variables, and optional capabilities that the client will use to start the MCP server.
+     *
+     * Subclasses may override this method if additional customization of the server config is needed.
+     *
+     * @param options - Options controlling server configuration, such as selected tools and read-only mode.
+     * @returns A fully-formed ServerConfig object.
+     * @protected
+     */
+    createServerConfig(options) {
+        const args = ['-y', packageName, 'run', '--tools', `${options.tools.join(',')}`];
+        if (options.readOnly) {
+            args.push('--read-only');
+        }
+        const config = {
+            command: 'npx',
+            args,
+            env: {
+                DEBUG: 'ziti-mcp',
+            },
+        };
+        if (this.capabilities?.length) {
+            config.capabilities = this.capabilities;
+        }
+        return config;
+    }
+    /**
+     * Loads the client’s configuration from disk.
+     *
+     * Attempts to read and parse the configuration file at the given path.
+     * Returns a default configuration object if the file is missing or cannot be read.
+     *
+     * @param configPath - Path to the client’s configuration file.
+     * @returns A parsed ClientConfig object.
+     * @protected
+     */
+    readConfig(configPath) {
+        if (fs.existsSync(configPath)) {
+            try {
+                const data = fs.readFileSync(configPath, 'utf-8');
+                return JSON.parse(data);
+            }
+            catch (err) {
+                log(`Warning: Could not read config at ${configPath}: ${err}`);
+            }
+        }
+        return { mcpServers: {} };
+    }
+    /**
+     * Writes the provided configuration object to disk.
+     *
+     * Serializes the configuration to formatted JSON and saves it at the specified path.
+     *
+     * @param configPath - Path where the configuration should be saved.
+     * @param config - Configuration object to serialize and write.
+     * @protected
+     */
+    writeConfig(configPath, config) {
+        fs.writeFileSync(configPath, JSON.stringify(config, null, 2));
+    }
+}
+//# sourceMappingURL=base.js.map

package/dist/clients/base.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"base.js","sourceRoot":"","sources":["../../src/clients/base.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AACzB,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,GAAG,EAAE,MAAM,oBAAoB,CAAC;AACzC,OAAO,EAAE,SAAS,EAAE,MAAM,sBAAsB,CAAC;AACjD,OAAO,EAAE,WAAW,EAAE,MAAM,qBAAqB,CAAC;AAGlD,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAExD;;;;GAIG;AACH,MAAM,OAAgB,iBAAiB;IAClB,UAAU,CAAa;IAC1B,WAAW,CAAS;IACjB,YAAY,CAAY;IAE3C;;;;OAIG;IACH,YAAY,OAAiF;QAC3F,IAAI,CAAC,UAAU,GAAG,OAAO,CAAC,UAAU,CAAC;QACrC,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,CAAC;QACvC,IAAI,CAAC,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC;IAC3C,CAAC;IAYD;;;;;;;OAOG;IACH,KAAK,CAAC,SAAS,CAAC,OAAsB;QACpC,MAAM,UAAU,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;QACxC,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;QAC3C,MAAM,UAAU,GAAG,MAAM,CAAC,UAAU,IAAI,EAAE,CAAC;QAC3C,MAAM,YAAY,GAAG,IAAI,CAAC,kBAAkB,CAAC,OAAO,CAAC,CAAC;QAEtD,UAAU,CAAC,eAAe,CAAC,GAAG,YAAY,CAAC;QAC3C,MAAM,CAAC,UAAU,GAAG,UAAU,CAAC;QAE/B,IAAI,CAAC,WAAW,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;QACrC,GAAG,CAAC,WAAW,IAAI,CAAC,WAAW,oBAAoB,UAAU,EAAE,CAAC,CAAC;QAEjE,SAAS,CACP,KAAK,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,oCAAoC,KAAK,CAAC,MAAM,CACnE,WAAW,IAAI,CAAC,WAAW,EAAE,CAC9B,sBAAsB,CACxB,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;OAWG;IACO,kBAAkB,CAAC,OAAsB;QACjD,MAAM,IAAI,GAAG,CAAC,IAAI,EAAE,WAAW,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,OAAO,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAEjF,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;YACrB,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QAC3B,CAAC;QAED,MAAM,MAAM,GAAiB;YAC3B,OAAO,EAAE,KAAK;YACd,IAAI;YACJ,GAAG,EAAE;gBACH,KAAK,EAAE,UAAU;aAClB;SACF,CAAC;QAEF,IAAI,IAAI,CAAC,YAAY,EAAE,MAAM,EAAE,CAAC;YAC9B,MAAM,CAAC,YAAY,GAAG,IAAI,CAAC,YAAY,CAAC;QAC1C,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;;;;;;;;OASG;IACO,UAAU,CAAC,UAAkB;QACrC,IAAI,EAAE,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC9B,IAAI,CAAC;gBACH,MAAM,IAAI,GAAG,EAAE,CAAC,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAC;gBAClD,OAAO,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAC1B,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,GAAG,CAAC,qCAAqC,UAAU,KAAK,GAAG,EAAE,CAAC,CAAC;YACjE,CAAC;QACH,CAAC;QACD,OAAO,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;IAC5B,CAAC;IAED;;;;;;;;OAQG;IACO,WAAW,CAAC,UAAkB,EAAE,MAAoB;QAC5D,EAAE,CAAC,aAAa,CAAC,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC,CAAC;IAChE,CAAC;CACF"}

package/dist/clients/claude.d.ts

@@ -0,0 +1,22 @@
+import { BaseClientManager } from './base.js';
+/**
+ * Client manager implementation for Claude Desktop.
+ *
+ * Responsible for configuring and managing the MCP server integration
+ * for the Claude Desktop application.
+ *
+ * @see {@link https://claude.ai/download | Claude Desktop Download}
+ */
+export declare class ClaudeClientManager extends BaseClientManager {
+    constructor();
+    /**
+     * Returns the path to the Claude Desktop configuration file.
+     *
+     * Resolves the platform-specific configuration directory,
+     * ensures the directory exists on disk, and constructs the full path
+     * to the Claude Desktop configuration file.
+     *
+     * @returns The absolute path to the configuration file.
+     */
+    getConfigPath(): string;
+}