npm - @padua/cli - Versions diffs - 1.13.0 → 2.0.0 - Mend

@padua/cli 1.13.0 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (272) hide show

package/README.md +164 -11
package/dist/commands/doctor/index.d.ts.map +1 -1
package/dist/commands/doctor/index.js +85 -0
package/dist/commands/doctor/index.js.map +1 -1
package/dist/commands/doctor/mcp-checks.d.ts +36 -0
package/dist/commands/doctor/mcp-checks.d.ts.map +1 -0
package/dist/commands/doctor/mcp-checks.js +235 -0
package/dist/commands/doctor/mcp-checks.js.map +1 -0
package/dist/commands/doctor/mcp-service-checks.d.ts +35 -0
package/dist/commands/doctor/mcp-service-checks.d.ts.map +1 -0
package/dist/commands/doctor/mcp-service-checks.js +146 -0
package/dist/commands/doctor/mcp-service-checks.js.map +1 -0
package/dist/commands/doctor/types.d.ts +4 -1
package/dist/commands/doctor/types.d.ts.map +1 -1
package/dist/commands/doctor/types.js +1 -0
package/dist/commands/doctor/types.js.map +1 -1
package/dist/commands/init/sso-discovery.d.ts.map +1 -1
package/dist/commands/init/sso-discovery.js +1 -0
package/dist/commands/init/sso-discovery.js.map +1 -1
package/dist/commands/login/index.d.ts +1 -1
package/dist/commands/login/index.d.ts.map +1 -1
package/dist/commands/login/index.js +44 -185
package/dist/commands/login/index.js.map +1 -1
package/dist/commands/login/mcp-steps.d.ts +38 -0
package/dist/commands/login/mcp-steps.d.ts.map +1 -0
package/dist/commands/login/mcp-steps.js +176 -0
package/dist/commands/login/mcp-steps.js.map +1 -0
package/dist/commands/login/npmrc.d.ts +10 -0
package/dist/commands/login/npmrc.d.ts.map +1 -1
package/dist/commands/login/npmrc.js +36 -3
package/dist/commands/login/npmrc.js.map +1 -1
package/dist/commands/login/orchestrator.d.ts +9 -0
package/dist/commands/login/orchestrator.d.ts.map +1 -0
package/dist/commands/login/orchestrator.js +251 -0
package/dist/commands/login/orchestrator.js.map +1 -0
package/dist/commands/login/types.d.ts +11 -0
package/dist/commands/login/types.d.ts.map +1 -1
package/dist/commands/login/types.js.map +1 -1
package/dist/commands/status/aws-checks.d.ts +14 -0
package/dist/commands/status/aws-checks.d.ts.map +1 -0
package/dist/commands/status/aws-checks.js +145 -0
package/dist/commands/status/aws-checks.js.map +1 -0
package/dist/commands/status/checks.d.ts +9 -25
package/dist/commands/status/checks.d.ts.map +1 -1
package/dist/commands/status/checks.js +52 -254
package/dist/commands/status/checks.js.map +1 -1
package/dist/commands/status/index.d.ts.map +1 -1
package/dist/commands/status/index.js +53 -1
package/dist/commands/status/index.js.map +1 -1
package/dist/commands/status/mcp-checks.d.ts +35 -0
package/dist/commands/status/mcp-checks.d.ts.map +1 -0
package/dist/commands/status/mcp-checks.js +175 -0
package/dist/commands/status/mcp-checks.js.map +1 -0
package/dist/commands/status/types.d.ts +34 -0
package/dist/commands/status/types.d.ts.map +1 -1
package/dist/mcp/config/index.d.ts +4 -0
package/dist/mcp/config/index.d.ts.map +1 -0
package/dist/mcp/config/index.js +14 -0
package/dist/mcp/config/index.js.map +1 -0
package/dist/mcp/config/loaders.d.ts +45 -0
package/dist/mcp/config/loaders.d.ts.map +1 -0
package/dist/mcp/config/loaders.js +149 -0
package/dist/mcp/config/loaders.js.map +1 -0
package/dist/mcp/config/types.d.ts +234 -0
package/dist/mcp/config/types.d.ts.map +1 -0
package/dist/mcp/config/types.js +45 -0
package/dist/mcp/config/types.js.map +1 -0
package/dist/mcp/daemon/entry-logic.d.ts +28 -0
package/dist/mcp/daemon/entry-logic.d.ts.map +1 -0
package/dist/mcp/daemon/entry-logic.js +82 -0
package/dist/mcp/daemon/entry-logic.js.map +1 -0
package/dist/mcp/daemon/entry.d.ts +8 -0
package/dist/mcp/daemon/entry.d.ts.map +1 -0
package/dist/mcp/daemon/entry.js +34 -0
package/dist/mcp/daemon/entry.js.map +1 -0
package/dist/mcp/daemon/fork.d.ts +21 -0
package/dist/mcp/daemon/fork.d.ts.map +1 -0
package/dist/mcp/daemon/fork.js +188 -0
package/dist/mcp/daemon/fork.js.map +1 -0
package/dist/mcp/daemon/health.d.ts +8 -0
package/dist/mcp/daemon/health.d.ts.map +1 -0
package/dist/mcp/daemon/health.js +50 -0
package/dist/mcp/daemon/health.js.map +1 -0
package/dist/mcp/daemon/index.d.ts +6 -0
package/dist/mcp/daemon/index.d.ts.map +1 -0
package/dist/mcp/daemon/index.js +22 -0
package/dist/mcp/daemon/index.js.map +1 -0
package/dist/mcp/daemon/types.d.ts +63 -0
package/dist/mcp/daemon/types.d.ts.map +1 -0
package/dist/mcp/daemon/types.js +18 -0
package/dist/mcp/daemon/types.js.map +1 -0
package/dist/mcp/errors/index.d.ts +3 -0
package/dist/mcp/errors/index.d.ts.map +1 -0
package/dist/mcp/errors/index.js +13 -0
package/dist/mcp/errors/index.js.map +1 -0
package/dist/mcp/errors/types.d.ts +83 -0
package/dist/mcp/errors/types.d.ts.map +1 -0
package/dist/mcp/errors/types.js +148 -0
package/dist/mcp/errors/types.js.map +1 -0
package/dist/mcp/providers/atlassian/auth.d.ts +34 -0
package/dist/mcp/providers/atlassian/auth.d.ts.map +1 -0
package/dist/mcp/providers/atlassian/auth.js +107 -0
package/dist/mcp/providers/atlassian/auth.js.map +1 -0
package/dist/mcp/providers/atlassian/client.d.ts +15 -0
package/dist/mcp/providers/atlassian/client.d.ts.map +1 -0
package/dist/mcp/providers/atlassian/client.js +38 -0
package/dist/mcp/providers/atlassian/client.js.map +1 -0
package/dist/mcp/providers/atlassian/index.d.ts +6 -0
package/dist/mcp/providers/atlassian/index.d.ts.map +1 -0
package/dist/mcp/providers/atlassian/index.js +11 -0
package/dist/mcp/providers/atlassian/index.js.map +1 -0
package/dist/mcp/providers/atlassian/markdown-to-adf/index.d.ts +17 -0
package/dist/mcp/providers/atlassian/markdown-to-adf/index.d.ts.map +1 -0
package/dist/mcp/providers/atlassian/markdown-to-adf/index.js +29 -0
package/dist/mcp/providers/atlassian/markdown-to-adf/index.js.map +1 -0
package/dist/mcp/providers/atlassian/markdown-to-adf/nodes.d.ts +43 -0
package/dist/mcp/providers/atlassian/markdown-to-adf/nodes.d.ts.map +1 -0
package/dist/mcp/providers/atlassian/markdown-to-adf/nodes.js +101 -0
package/dist/mcp/providers/atlassian/markdown-to-adf/nodes.js.map +1 -0
package/dist/mcp/providers/atlassian/markdown-to-adf/parser.d.ts +14 -0
package/dist/mcp/providers/atlassian/markdown-to-adf/parser.d.ts.map +1 -0
package/dist/mcp/providers/atlassian/markdown-to-adf/parser.js +250 -0
package/dist/mcp/providers/atlassian/markdown-to-adf/parser.js.map +1 -0
package/dist/mcp/providers/atlassian/provider.d.ts +38 -0
package/dist/mcp/providers/atlassian/provider.d.ts.map +1 -0
package/dist/mcp/providers/atlassian/provider.js +101 -0
package/dist/mcp/providers/atlassian/provider.js.map +1 -0
package/dist/mcp/providers/atlassian/resources.d.ts +4 -0
package/dist/mcp/providers/atlassian/resources.d.ts.map +1 -0
package/dist/mcp/providers/atlassian/resources.js +67 -0
package/dist/mcp/providers/atlassian/resources.js.map +1 -0
package/dist/mcp/providers/atlassian/tools/confluence.d.ts +4 -0
package/dist/mcp/providers/atlassian/tools/confluence.d.ts.map +1 -0
package/dist/mcp/providers/atlassian/tools/confluence.js +169 -0
package/dist/mcp/providers/atlassian/tools/confluence.js.map +1 -0
package/dist/mcp/providers/atlassian/tools/jira.d.ts +4 -0
package/dist/mcp/providers/atlassian/tools/jira.d.ts.map +1 -0
package/dist/mcp/providers/atlassian/tools/jira.js +274 -0
package/dist/mcp/providers/atlassian/tools/jira.js.map +1 -0
package/dist/mcp/providers/gitlab/auth.d.ts +10 -0
package/dist/mcp/providers/gitlab/auth.d.ts.map +1 -0
package/dist/mcp/providers/gitlab/auth.js +23 -0
package/dist/mcp/providers/gitlab/auth.js.map +1 -0
package/dist/mcp/providers/gitlab/client.d.ts +23 -0
package/dist/mcp/providers/gitlab/client.d.ts.map +1 -0
package/dist/mcp/providers/gitlab/client.js +17 -0
package/dist/mcp/providers/gitlab/client.js.map +1 -0
package/dist/mcp/providers/gitlab/index.d.ts +5 -0
package/dist/mcp/providers/gitlab/index.d.ts.map +1 -0
package/dist/mcp/providers/gitlab/index.js +10 -0
package/dist/mcp/providers/gitlab/index.js.map +1 -0
package/dist/mcp/providers/gitlab/provider.d.ts +25 -0
package/dist/mcp/providers/gitlab/provider.d.ts.map +1 -0
package/dist/mcp/providers/gitlab/provider.js +48 -0
package/dist/mcp/providers/gitlab/provider.js.map +1 -0
package/dist/mcp/providers/gitlab/resources.d.ts +11 -0
package/dist/mcp/providers/gitlab/resources.d.ts.map +1 -0
package/dist/mcp/providers/gitlab/resources.js +54 -0
package/dist/mcp/providers/gitlab/resources.js.map +1 -0
package/dist/mcp/providers/gitlab/tools/issues.d.ts +4 -0
package/dist/mcp/providers/gitlab/tools/issues.d.ts.map +1 -0
package/dist/mcp/providers/gitlab/tools/issues.js +120 -0
package/dist/mcp/providers/gitlab/tools/issues.js.map +1 -0
package/dist/mcp/providers/gitlab/tools/merge-requests.d.ts +11 -0
package/dist/mcp/providers/gitlab/tools/merge-requests.d.ts.map +1 -0
package/dist/mcp/providers/gitlab/tools/merge-requests.js +282 -0
package/dist/mcp/providers/gitlab/tools/merge-requests.js.map +1 -0
package/dist/mcp/providers/gitlab/tools/pipelines.d.ts +10 -0
package/dist/mcp/providers/gitlab/tools/pipelines.d.ts.map +1 -0
package/dist/mcp/providers/gitlab/tools/pipelines.js +173 -0
package/dist/mcp/providers/gitlab/tools/pipelines.js.map +1 -0
package/dist/mcp/providers/gitlab/tools/repository.d.ts +4 -0
package/dist/mcp/providers/gitlab/tools/repository.d.ts.map +1 -0
package/dist/mcp/providers/gitlab/tools/repository.js +191 -0
package/dist/mcp/providers/gitlab/tools/repository.js.map +1 -0
package/dist/mcp/providers/index.d.ts +4 -0
package/dist/mcp/providers/index.d.ts.map +1 -0
package/dist/mcp/providers/index.js +6 -0
package/dist/mcp/providers/index.js.map +1 -0
package/dist/mcp/providers/registry.d.ts +90 -0
package/dist/mcp/providers/registry.d.ts.map +1 -0
package/dist/mcp/providers/registry.js +128 -0
package/dist/mcp/providers/registry.js.map +1 -0
package/dist/mcp/providers/tool-helpers.d.ts +14 -0
package/dist/mcp/providers/tool-helpers.d.ts.map +1 -0
package/dist/mcp/providers/tool-helpers.js +12 -0
package/dist/mcp/providers/tool-helpers.js.map +1 -0
package/dist/mcp/providers/types.d.ts +80 -0
package/dist/mcp/providers/types.d.ts.map +1 -0
package/dist/mcp/providers/types.js +13 -0
package/dist/mcp/providers/types.js.map +1 -0
package/dist/mcp/server/auth.d.ts +8 -0
package/dist/mcp/server/auth.d.ts.map +1 -0
package/dist/mcp/server/auth.js +36 -0
package/dist/mcp/server/auth.js.map +1 -0
package/dist/mcp/server/health.d.ts +24 -0
package/dist/mcp/server/health.d.ts.map +1 -0
package/dist/mcp/server/health.js +37 -0
package/dist/mcp/server/health.js.map +1 -0
package/dist/mcp/server/index.d.ts +11 -0
package/dist/mcp/server/index.d.ts.map +1 -0
package/dist/mcp/server/index.js +27 -0
package/dist/mcp/server/index.js.map +1 -0
package/dist/mcp/server/logging.d.ts +46 -0
package/dist/mcp/server/logging.d.ts.map +1 -0
package/dist/mcp/server/logging.js +109 -0
package/dist/mcp/server/logging.js.map +1 -0
package/dist/mcp/server/ratelimit.d.ts +3 -0
package/dist/mcp/server/ratelimit.d.ts.map +1 -0
package/dist/mcp/server/ratelimit.js +70 -0
package/dist/mcp/server/ratelimit.js.map +1 -0
package/dist/mcp/server/routes.d.ts +3 -0
package/dist/mcp/server/routes.d.ts.map +1 -0
package/dist/mcp/server/routes.js +8 -0
package/dist/mcp/server/routes.js.map +1 -0
package/dist/mcp/server/server.d.ts +21 -0
package/dist/mcp/server/server.d.ts.map +1 -0
package/dist/mcp/server/server.js +114 -0
package/dist/mcp/server/server.js.map +1 -0
package/dist/mcp/server/validation.d.ts +22 -0
package/dist/mcp/server/validation.d.ts.map +1 -0
package/dist/mcp/server/validation.js +32 -0
package/dist/mcp/server/validation.js.map +1 -0
package/dist/mcp/store/encrypt.d.ts +22 -0
package/dist/mcp/store/encrypt.d.ts.map +1 -0
package/dist/mcp/store/encrypt.js +66 -0
package/dist/mcp/store/encrypt.js.map +1 -0
package/dist/mcp/store/index.d.ts +12 -0
package/dist/mcp/store/index.d.ts.map +1 -0
package/dist/mcp/store/index.js +16 -0
package/dist/mcp/store/index.js.map +1 -0
package/dist/mcp/store/migrate.d.ts +70 -0
package/dist/mcp/store/migrate.d.ts.map +1 -0
package/dist/mcp/store/migrate.js +211 -0
package/dist/mcp/store/migrate.js.map +1 -0
package/dist/mcp/store/null-token-store.d.ts +22 -0
package/dist/mcp/store/null-token-store.d.ts.map +1 -0
package/dist/mcp/store/null-token-store.js +40 -0
package/dist/mcp/store/null-token-store.js.map +1 -0
package/dist/mcp/store/sqlite.d.ts +27 -0
package/dist/mcp/store/sqlite.d.ts.map +1 -0
package/dist/mcp/store/sqlite.js +100 -0
package/dist/mcp/store/sqlite.js.map +1 -0
package/dist/mcp/store/types.d.ts +183 -0
package/dist/mcp/store/types.d.ts.map +1 -0
package/dist/mcp/store/types.js +13 -0
package/dist/mcp/store/types.js.map +1 -0
package/dist/mcp/token/http-client.d.ts +3 -0
package/dist/mcp/token/http-client.d.ts.map +1 -0
package/dist/mcp/token/http-client.js +186 -0
package/dist/mcp/token/http-client.js.map +1 -0
package/dist/mcp/token/index.d.ts +5 -0
package/dist/mcp/token/index.d.ts.map +1 -0
package/dist/mcp/token/index.js +15 -0
package/dist/mcp/token/index.js.map +1 -0
package/dist/mcp/token/manager.d.ts +54 -0
package/dist/mcp/token/manager.d.ts.map +1 -0
package/dist/mcp/token/manager.js +194 -0
package/dist/mcp/token/manager.js.map +1 -0
package/dist/mcp/token/null-token-manager.d.ts +19 -0
package/dist/mcp/token/null-token-manager.d.ts.map +1 -0
package/dist/mcp/token/null-token-manager.js +50 -0
package/dist/mcp/token/null-token-manager.js.map +1 -0
package/dist/mcp/token/oauth.d.ts +44 -0
package/dist/mcp/token/oauth.d.ts.map +1 -0
package/dist/mcp/token/oauth.js +257 -0
package/dist/mcp/token/oauth.js.map +1 -0
package/dist/mcp/token/types.d.ts +81 -0
package/dist/mcp/token/types.d.ts.map +1 -0
package/dist/mcp/token/types.js +6 -0
package/dist/mcp/token/types.js.map +1 -0
package/package.json +10 -3

package/dist/mcp/server/server.js ADDED Viewed

@@ -0,0 +1,114 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createMcpServer = createMcpServer;
+const node_http_1 = require("node:http");
+const node_crypto_1 = require("node:crypto");
+const mcp_js_1 = require("@modelcontextprotocol/sdk/server/mcp.js");
+const streamableHttp_js_1 = require("@modelcontextprotocol/sdk/server/streamableHttp.js");
+const auth_1 = require("./auth");
+const ratelimit_1 = require("./ratelimit");
+const health_1 = require("./health");
+const routes_1 = require("./routes");
+const logging_1 = require("./logging");
+function runMiddleware(req, res, middlewares, final) {
+    let index = 0;
+    function next() {
+        if (index >= middlewares.length) {
+            final();
+            return;
+        }
+        const mw = middlewares[index++];
+        mw(req, res, next);
+    }
+    next();
+}
+function isPayloadTooLarge(req, maxBodySize) {
+    if (req.method !== 'POST')
+        return false;
+    const contentLength = parseInt(req.headers['content-length'] ?? '0', 10);
+    return contentLength > maxBodySize;
+}
+function sendPayloadTooLarge(res) {
+    res.writeHead(413, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({
+        error: { code: 'PAYLOAD_TOO_LARGE', message: 'Request body exceeds 4MB limit' },
+    }));
+}
+function sendNotFound(res, url) {
+    res.writeHead(404, { 'Content-Type': 'application/json' });
+    res.end(JSON.stringify({ error: { code: 'NOT_FOUND', message: `Route not found: ${url}` } }));
+}
+function isMcpRoute(url) {
+    return url === '/mcp' || url.startsWith('/mcp?');
+}
+async function handleMcpRequest(req, res, transport, logger, correlationId) {
+    try {
+        await transport.handleRequest(req, res);
+    }
+    catch (err) {
+        logger.error('MCP handler error', { error: String(err), correlationId });
+        if (!res.headersSent) {
+            res.writeHead(500, { 'Content-Type': 'application/json' });
+            res.end(JSON.stringify({ error: { code: 'INTERNAL_ERROR', message: 'Internal server error' } }));
+        }
+    }
+}
+function buildRequestHandler(authMiddleware, rateLimiter, transport, healthHandler, logger, maxBodySize) {
+    return async (req, res) => {
+        const correlationId = (0, node_crypto_1.randomUUID)();
+        res.setHeader('X-Correlation-Id', correlationId);
+        const url = req.url ?? '';
+        if ((0, routes_1.isHealthRoute)(url)) {
+            healthHandler(req, res);
+            return;
+        }
+        if (isPayloadTooLarge(req, maxBodySize)) {
+            sendPayloadTooLarge(res);
+            return;
+        }
+        runMiddleware(req, res, [authMiddleware, rateLimiter], async () => {
+            if (isMcpRoute(url)) {
+                await handleMcpRequest(req, res, transport, logger, correlationId);
+                return;
+            }
+            sendNotFound(res, url);
+        });
+    };
+}
+function createMcpServer(config, getProviderStatuses) {
+    const logger = (0, logging_1.createLogger)(config.logDir);
+    const maxBodySize = config.maxBodySize ?? 4 * 1024 * 1024;
+    const startTime = Date.now();
+    const mcpServer = new mcp_js_1.McpServer({
+        name: 'padua-mcp',
+        version: config.version,
+    });
+    const transport = new streamableHttp_js_1.StreamableHTTPServerTransport({
+        sessionIdGenerator: () => (0, node_crypto_1.randomUUID)(),
+    });
+    const authMiddleware = (0, auth_1.createAuthMiddleware)(config.bearerToken);
+    const rateLimiter = (0, ratelimit_1.createRateLimiter)(config.rateLimit?.ratePerSec ?? 10, config.rateLimit?.burst ?? 20);
+    const healthDeps = {
+        version: config.version,
+        startTime,
+        getProviderStatuses: () => getProviderStatuses(),
+    };
+    const healthHandler = (0, health_1.createHealthHandler)(healthDeps);
+    const requestHandler = buildRequestHandler(authMiddleware, rateLimiter, transport, healthHandler, logger, maxBodySize);
+    const httpServer = (0, node_http_1.createServer)(requestHandler);
+    function start() {
+        return new Promise((resolve, reject) => {
+            mcpServer.connect(transport).then(() => {
+                httpServer.listen(config.port, '127.0.0.1', () => resolve());
+                httpServer.once('error', reject);
+            }).catch(reject);
+        });
+    }
+    function stop() {
+        return new Promise((resolve, reject) => {
+            httpServer.close((err) => (err ? reject(err) : resolve()));
+        });
+    }
+    return { httpServer, mcpServer, start, stop };
+}
+//# sourceMappingURL=server.js.map

package/dist/mcp/server/server.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"server.js","sourceRoot":"","sources":["../../../src/mcp/server/server.ts"],"names":[],"mappings":";;AA0HA,0CAyDC;AAnLD,yCAA6D;AAE7D,6CAAyC;AACzC,oEAAoE;AACpE,0FAAmG;AACnG,iCAA8C;AAE9C,2CAAgD;AAChD,qCAA+C;AAE/C,qCAAyC;AACzC,uCAAyC;AAmBzC,SAAS,aAAa,CACpB,GAAoB,EACpB,GAAmB,EACnB,WAA6B,EAC7B,KAAiB;IAEjB,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,SAAS,IAAI;QACX,IAAI,KAAK,IAAI,WAAW,CAAC,MAAM,EAAE,CAAC;YAChC,KAAK,EAAE,CAAC;YACR,OAAO;QACT,CAAC;QACD,MAAM,EAAE,GAAG,WAAW,CAAC,KAAK,EAAE,CAAC,CAAC;QAChC,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;IACrB,CAAC;IACD,IAAI,EAAE,CAAC;AACT,CAAC;AAED,SAAS,iBAAiB,CAAC,GAAoB,EAAE,WAAmB;IAClE,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM;QAAE,OAAO,KAAK,CAAC;IACxC,MAAM,aAAa,GAAG,QAAQ,CAAC,GAAG,CAAC,OAAO,CAAC,gBAAgB,CAAC,IAAI,GAAG,EAAE,EAAE,CAAC,CAAC;IACzE,OAAO,aAAa,GAAG,WAAW,CAAC;AACrC,CAAC;AAED,SAAS,mBAAmB,CAAC,GAAmB;IAC9C,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;IAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC;QACrB,KAAK,EAAE,EAAE,IAAI,EAAE,mBAAmB,EAAE,OAAO,EAAE,gCAAgC,EAAE;KAChF,CAAC,CAAC,CAAC;AACN,CAAC;AAED,SAAS,YAAY,CAAC,GAAmB,EAAE,GAAW;IACpD,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;IAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,oBAAoB,GAAG,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;AAChG,CAAC;AAED,SAAS,UAAU,CAAC,GAAW;IAC7B,OAAO,GAAG,KAAK,MAAM,IAAI,GAAG,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;AACnD,CAAC;AAED,KAAK,UAAU,gBAAgB,CAC7B,GAAoB,EACpB,GAAmB,EACnB,SAAwC,EACxC,MAAc,EACd,aAAqB;IAErB,IAAI,CAAC;QACH,MAAM,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;IAC1C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,CAAC,KAAK,CAAC,mBAAmB,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,aAAa,EAAE,CAAC,CAAC;QACzE,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;YACrB,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,CAAC,CAAC;YAC3D,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,gBAAgB,EAAE,OAAO,EAAE,uBAAuB,EAAE,EAAE,CAAC,CAAC,CAAC;QACnG,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,mBAAmB,CAC1B,cAA8B,EAC9B,WAA2B,EAC3B,SAAwC,EACxC,aAAqD,EACrD,MAAc,EACd,WAAmB;IAEnB,OAAO,KAAK,EAAE,GAAoB,EAAE,GAAmB,EAAiB,EAAE;QACxE,MAAM,aAAa,GAAG,IAAA,wBAAU,GAAE,CAAC;QACnC,GAAG,CAAC,SAAS,CAAC,kBAAkB,EAAE,aAAa,CAAC,CAAC;QAEjD,MAAM,GAAG,GAAG,GAAG,CAAC,GAAG,IAAI,EAAE,CAAC;QAE1B,IAAI,IAAA,sBAAa,EAAC,GAAG,CAAC,EAAE,CAAC;YACvB,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;YACxB,OAAO;QACT,CAAC;QAED,IAAI,iBAAiB,CAAC,GAAG,EAAE,WAAW,CAAC,EAAE,CAAC;YACxC,mBAAmB,CAAC,GAAG,CAAC,CAAC;YACzB,OAAO;QACT,CAAC;QAED,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,CAAC,cAAc,EAAE,WAAW,CAAC,EAAE,KAAK,IAAI,EAAE;YAChE,IAAI,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;gBACpB,MAAM,gBAAgB,CAAC,GAAG,EAAE,GAAG,EAAE,SAAS,EAAE,MAAM,EAAE,aAAa,CAAC,CAAC;gBACnE,OAAO;YACT,CAAC;YACD,YAAY,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QACzB,CAAC,CAAC,CAAC;IACL,CAAC,CAAC;AACJ,CAAC;AAED,SAAgB,eAAe,CAC7B,MAAuB,EACvB,mBAAiD;IAEjD,MAAM,MAAM,GAAG,IAAA,sBAAY,EAAC,MAAM,CAAC,MAAM,CAAC,CAAC;IAC3C,MAAM,WAAW,GAAG,MAAM,CAAC,WAAW,IAAI,CAAC,GAAG,IAAI,GAAG,IAAI,CAAC;IAC1D,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAE7B,MAAM,SAAS,GAAG,IAAI,kBAAS,CAAC;QAC9B,IAAI,EAAE,WAAW;QACjB,OAAO,EAAE,MAAM,CAAC,OAAO;KACxB,CAAC,CAAC;IAEH,MAAM,SAAS,GAAG,IAAI,iDAA6B,CAAC;QAClD,kBAAkB,EAAE,GAAG,EAAE,CAAC,IAAA,wBAAU,GAAE;KACvC,CAAC,CAAC;IAEH,MAAM,cAAc,GAAG,IAAA,2BAAoB,EAAC,MAAM,CAAC,WAAW,CAAC,CAAC;IAChE,MAAM,WAAW,GAAG,IAAA,6BAAiB,EACnC,MAAM,CAAC,SAAS,EAAE,UAAU,IAAI,EAAE,EAClC,MAAM,CAAC,SAAS,EAAE,KAAK,IAAI,EAAE,CAC9B,CAAC;IAEF,MAAM,UAAU,GAAuB;QACrC,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,SAAS;QACT,mBAAmB,EAAE,GAAG,EAAE,CAAC,mBAAmB,EAA0D;KACzG,CAAC;IACF,MAAM,aAAa,GAAG,IAAA,4BAAmB,EAAC,UAAU,CAAC,CAAC;IAEtD,MAAM,cAAc,GAAG,mBAAmB,CACxC,cAAc,EACd,WAAW,EACX,SAAS,EACT,aAAa,EACb,MAAM,EACN,WAAW,CACZ,CAAC;IAEF,MAAM,UAAU,GAAG,IAAA,wBAAgB,EAAC,cAAc,CAAC,CAAC;IAEpD,SAAS,KAAK;QACZ,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,SAAS,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE;gBACrC,UAAU,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,WAAW,EAAE,GAAG,EAAE,CAAC,OAAO,EAAE,CAAC,CAAC;gBAC7D,UAAU,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YACnC,CAAC,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACnB,CAAC,CAAC,CAAC;IACL,CAAC;IAED,SAAS,IAAI;QACX,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,UAAU,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;QAC7D,CAAC,CAAC,CAAC;IACL,CAAC;IAED,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC;AAChD,CAAC"}

package/dist/mcp/server/validation.d.ts ADDED Viewed

@@ -0,0 +1,22 @@
+import { z } from 'zod';
+/** Jira issue key: 2-10 char uppercase project key + dash + digits */
+export declare const JiraIssueKeySchema: z.ZodString;
+/** GitLab project ID: positive integer */
+export declare const GitLabProjectIdSchema: z.ZodNumber;
+/** Search query: 1-256 characters */
+export declare const SearchQuerySchema: z.ZodString;
+/** File path: no path traversal, no absolute paths, no null bytes */
+export declare const FilePathSchema: z.ZodEffects<z.ZodEffects<z.ZodEffects<z.ZodString, string, string>, string, string>, string, string>;
+/** Commit message: 1-10000 characters */
+export declare const CommitMessageSchema: z.ZodString;
+/** Pagination page number */
+export declare const PageSchema: z.ZodDefault<z.ZodNumber>;
+/** Pagination per-page count */
+export declare const PerPageSchema: z.ZodDefault<z.ZodNumber>;
+/** CQL query for Confluence search */
+export declare const CqlQuerySchema: z.ZodString;
+/** Confluence space key */
+export declare const SpaceKeySchema: z.ZodString;
+/** Branch name */
+export declare const BranchNameSchema: z.ZodString;
+//# sourceMappingURL=validation.d.ts.map

package/dist/mcp/server/validation.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"validation.d.ts","sourceRoot":"","sources":["../../../src/mcp/server/validation.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAGxB,sEAAsE;AACtE,eAAO,MAAM,kBAAkB,aAG9B,CAAC;AAEF,0CAA0C;AAC1C,eAAO,MAAM,qBAAqB,aAA8B,CAAC;AAEjE,qCAAqC;AACrC,eAAO,MAAM,iBAAiB,aAA6B,CAAC;AAE5D,qEAAqE;AACrE,eAAO,MAAM,cAAc,uGAGsC,CAAC;AAElE,yCAAyC;AACzC,eAAO,MAAM,mBAAmB,aAA+B,CAAC;AAEhE,6BAA6B;AAC7B,eAAO,MAAM,UAAU,2BAAqC,CAAC;AAE7D,gCAAgC;AAChC,eAAO,MAAM,aAAa,2BAA+C,CAAC;AAE1E,sCAAsC;AACtC,eAAO,MAAM,cAAc,aAA8B,CAAC;AAE1D,2BAA2B;AAC3B,eAAO,MAAM,cAAc,aAA6C,CAAC;AAEzE,kBAAkB;AAClB,eAAO,MAAM,gBAAgB,aAGlB,CAAC"}

package/dist/mcp/server/validation.js ADDED Viewed

@@ -0,0 +1,32 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.BranchNameSchema = exports.SpaceKeySchema = exports.CqlQuerySchema = exports.PerPageSchema = exports.PageSchema = exports.CommitMessageSchema = exports.FilePathSchema = exports.SearchQuerySchema = exports.GitLabProjectIdSchema = exports.JiraIssueKeySchema = void 0;
+const zod_1 = require("zod");
+const node_path_1 = require("node:path");
+/** Jira issue key: 2-10 char uppercase project key + dash + digits */
+exports.JiraIssueKeySchema = zod_1.z.string().regex(/^[A-Z][A-Z0-9]{1,9}-\d+$/, 'Invalid JIRA issue key format (e.g., PROJ-123)');
+/** GitLab project ID: positive integer */
+exports.GitLabProjectIdSchema = zod_1.z.number().int().positive();
+/** Search query: 1-256 characters */
+exports.SearchQuerySchema = zod_1.z.string().min(1).max(256);
+/** File path: no path traversal, no absolute paths, no null bytes */
+exports.FilePathSchema = zod_1.z.string().min(1).max(4096)
+    .refine((val) => !(0, node_path_1.isAbsolute)(val), 'Absolute paths not allowed')
+    .refine((val) => !val.includes('..'), 'Path traversal not allowed')
+    .refine((val) => !val.includes('\0'), 'Null bytes not allowed');
+/** Commit message: 1-10000 characters */
+exports.CommitMessageSchema = zod_1.z.string().min(1).max(10000);
+/** Pagination page number */
+exports.PageSchema = zod_1.z.number().int().min(1).default(1);
+/** Pagination per-page count */
+exports.PerPageSchema = zod_1.z.number().int().min(1).max(100).default(20);
+/** CQL query for Confluence search */
+exports.CqlQuerySchema = zod_1.z.string().min(1).max(1000);
+/** Confluence space key */
+exports.SpaceKeySchema = zod_1.z.string().regex(/^[A-Z][A-Z0-9]{0,254}$/);
+/** Branch name */
+exports.BranchNameSchema = zod_1.z
+    .string()
+    .regex(/^[a-zA-Z0-9/_.\\-]+$/, 'Invalid branch name')
+    .max(255);
+//# sourceMappingURL=validation.js.map

package/dist/mcp/server/validation.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"validation.js","sourceRoot":"","sources":["../../../src/mcp/server/validation.ts"],"names":[],"mappings":";;;AAAA,6BAAwB;AACxB,yCAAuC;AAEvC,sEAAsE;AACzD,QAAA,kBAAkB,GAAG,OAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAChD,0BAA0B,EAC1B,gDAAgD,CACjD,CAAC;AAEF,0CAA0C;AAC7B,QAAA,qBAAqB,GAAG,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC;AAEjE,qCAAqC;AACxB,QAAA,iBAAiB,GAAG,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;AAE5D,qEAAqE;AACxD,QAAA,cAAc,GAAG,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC;KACtD,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,IAAA,sBAAU,EAAC,GAAG,CAAC,EAAE,4BAA4B,CAAC;KAC/D,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,4BAA4B,CAAC;KAClE,MAAM,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,wBAAwB,CAAC,CAAC;AAElE,yCAAyC;AAC5B,QAAA,mBAAmB,GAAG,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;AAEhE,6BAA6B;AAChB,QAAA,UAAU,GAAG,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;AAE7D,gCAAgC;AACnB,QAAA,aAAa,GAAG,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;AAE1E,sCAAsC;AACzB,QAAA,cAAc,GAAG,OAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;AAE1D,2BAA2B;AACd,QAAA,cAAc,GAAG,OAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;AAEzE,kBAAkB;AACL,QAAA,gBAAgB,GAAG,OAAC;KAC9B,MAAM,EAAE;KACR,KAAK,CAAC,sBAAsB,EAAE,qBAAqB,CAAC;KACpD,GAAG,CAAC,GAAG,CAAC,CAAC"}

package/dist/mcp/store/encrypt.d.ts ADDED Viewed

@@ -0,0 +1,22 @@
+/**
+ * AES-256-GCM encryption module for the MCP token store.
+ *
+ * Wire format (Go-compatible):
+ *   [ nonce (12 bytes) ][ ciphertext (N bytes) ][ auth tag (16 bytes) ]
+ *
+ * This layout is byte-compatible with the Go implementation in
+ * padua-mcp/internal/store/encrypt.go.
+ */
+import type { Encryptor } from './types';
+type NonceSource = (size: number) => Buffer;
+/**
+ * Create an AES-256-GCM encryptor from a 64-character hex key (32 bytes).
+ *
+ * @param hexKey       - 64 hex-character string representing the 32-byte AES key.
+ * @param _nonceSource - @internal — injectable nonce source for deterministic testing only.
+ *                       Must not be set in production code.
+ * @throws StoreError(ENCRYPTION_KEY_UNAVAILABLE) when the key is invalid.
+ */
+export declare function createEncryptor(hexKey: string, _nonceSource?: NonceSource): Encryptor;
+export {};
+//# sourceMappingURL=encrypt.d.ts.map

package/dist/mcp/store/encrypt.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"encrypt.d.ts","sourceRoot":"","sources":["../../../src/mcp/store/encrypt.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAIH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;AAmBzC,KAAK,WAAW,GAAG,CAAC,IAAI,EAAE,MAAM,KAAK,MAAM,CAAC;AAkC5C;;;;;;;GAOG;AACH,wBAAgB,eAAe,CAAC,MAAM,EAAE,MAAM,EAAE,YAAY,CAAC,EAAE,WAAW,GAAG,SAAS,CAOrF"}

package/dist/mcp/store/encrypt.js ADDED Viewed

@@ -0,0 +1,66 @@
+"use strict";
+/**
+ * AES-256-GCM encryption module for the MCP token store.
+ *
+ * Wire format (Go-compatible):
+ *   [ nonce (12 bytes) ][ ciphertext (N bytes) ][ auth tag (16 bytes) ]
+ *
+ * This layout is byte-compatible with the Go implementation in
+ * padua-mcp/internal/store/encrypt.go.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createEncryptor = createEncryptor;
+const node_crypto_1 = require("node:crypto");
+const errors_1 = require("../errors");
+const ALGORITHM = 'aes-256-gcm';
+const NONCE_LEN = 12;
+const TAG_LEN = 16;
+const MIN_COMBINED_LEN = NONCE_LEN + TAG_LEN; // 28 bytes (nonce + empty ciphertext + tag)
+const KEY_HEX_LEN = 64; // 32 bytes expressed as hex
+const HEX_RE = /^[0-9a-fA-F]+$/;
+function validateKey(hexKey) {
+    if (hexKey.length !== KEY_HEX_LEN || !HEX_RE.test(hexKey)) {
+        throw new errors_1.StoreError(`Encryption key must be exactly ${KEY_HEX_LEN} hex characters (32 bytes)`, errors_1.ErrorCodes.ENCRYPTION_KEY_UNAVAILABLE);
+    }
+    return Buffer.from(hexKey, 'hex');
+}
+function encrypt(key, plaintext, nonceSource) {
+    const nonce = nonceSource(NONCE_LEN);
+    const cipher = (0, node_crypto_1.createCipheriv)(ALGORITHM, key, nonce);
+    const ciphertext = Buffer.concat([cipher.update(plaintext), cipher.final()]);
+    const tag = cipher.getAuthTag();
+    return Buffer.concat([nonce, ciphertext, tag]);
+}
+function decrypt(key, combined) {
+    if (combined.length < MIN_COMBINED_LEN) {
+        throw new errors_1.StoreError(`Combined buffer too short: expected at least ${MIN_COMBINED_LEN} bytes, got ${combined.length}`, errors_1.ErrorCodes.TOKEN_DECRYPTION_FAILED);
+    }
+    const nonce = combined.subarray(0, NONCE_LEN);
+    const tag = combined.subarray(combined.length - TAG_LEN);
+    const ciphertext = combined.subarray(NONCE_LEN, combined.length - TAG_LEN);
+    try {
+        const decipher = (0, node_crypto_1.createDecipheriv)(ALGORITHM, key, nonce);
+        decipher.setAuthTag(tag);
+        return Buffer.concat([decipher.update(ciphertext), decipher.final()]);
+    }
+    catch {
+        throw new errors_1.StoreError('AES-256-GCM authentication tag verification failed', errors_1.ErrorCodes.TOKEN_DECRYPTION_FAILED);
+    }
+}
+/**
+ * Create an AES-256-GCM encryptor from a 64-character hex key (32 bytes).
+ *
+ * @param hexKey       - 64 hex-character string representing the 32-byte AES key.
+ * @param _nonceSource - @internal — injectable nonce source for deterministic testing only.
+ *                       Must not be set in production code.
+ * @throws StoreError(ENCRYPTION_KEY_UNAVAILABLE) when the key is invalid.
+ */
+function createEncryptor(hexKey, _nonceSource) {
+    const key = validateKey(hexKey);
+    const nonceSource = _nonceSource ?? node_crypto_1.randomBytes;
+    return {
+        encrypt: (plaintext) => encrypt(key, plaintext, nonceSource),
+        decrypt: (combined) => decrypt(key, combined),
+    };
+}
+//# sourceMappingURL=encrypt.js.map

package/dist/mcp/store/encrypt.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"encrypt.js","sourceRoot":"","sources":["../../../src/mcp/store/encrypt.ts"],"names":[],"mappings":";AAAA;;;;;;;;GAQG;;AAiEH,0CAOC;AAtED,6CAA4E;AAC5E,sCAAmD;AAGnD,MAAM,SAAS,GAAG,aAAa,CAAC;AAChC,MAAM,SAAS,GAAG,EAAE,CAAC;AACrB,MAAM,OAAO,GAAG,EAAE,CAAC;AACnB,MAAM,gBAAgB,GAAG,SAAS,GAAG,OAAO,CAAC,CAAC,4CAA4C;AAC1F,MAAM,WAAW,GAAG,EAAE,CAAC,CAAC,4BAA4B;AACpD,MAAM,MAAM,GAAG,gBAAgB,CAAC;AAEhC,SAAS,WAAW,CAAC,MAAc;IACjC,IAAI,MAAM,CAAC,MAAM,KAAK,WAAW,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC;QAC1D,MAAM,IAAI,mBAAU,CAClB,kCAAkC,WAAW,4BAA4B,EACzE,mBAAU,CAAC,0BAA0B,CACtC,CAAC;IACJ,CAAC;IACD,OAAO,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;AACpC,CAAC;AAID,SAAS,OAAO,CAAC,GAAW,EAAE,SAAiB,EAAE,WAAwB;IACvE,MAAM,KAAK,GAAG,WAAW,CAAC,SAAS,CAAC,CAAC;IACrC,MAAM,MAAM,GAAG,IAAA,4BAAc,EAAC,SAAS,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;IACrD,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IAC7E,MAAM,GAAG,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;IAChC,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC,CAAC;AACjD,CAAC;AAED,SAAS,OAAO,CAAC,GAAW,EAAE,QAAgB;IAC5C,IAAI,QAAQ,CAAC,MAAM,GAAG,gBAAgB,EAAE,CAAC;QACvC,MAAM,IAAI,mBAAU,CAClB,gDAAgD,gBAAgB,eAAe,QAAQ,CAAC,MAAM,EAAE,EAChG,mBAAU,CAAC,uBAAuB,CACnC,CAAC;IACJ,CAAC;IAED,MAAM,KAAK,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC,EAAE,SAAS,CAAC,CAAC;IAC9C,MAAM,GAAG,GAAG,QAAQ,CAAC,QAAQ,CAAC,QAAQ,CAAC,MAAM,GAAG,OAAO,CAAC,CAAC;IACzD,MAAM,UAAU,GAAG,QAAQ,CAAC,QAAQ,CAAC,SAAS,EAAE,QAAQ,CAAC,MAAM,GAAG,OAAO,CAAC,CAAC;IAE3E,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,IAAA,8BAAgB,EAAC,SAAS,EAAE,GAAG,EAAE,KAAK,CAAC,CAAC;QACzD,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;QACzB,OAAO,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC,EAAE,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC;IACxE,CAAC;IAAC,MAAM,CAAC;QACP,MAAM,IAAI,mBAAU,CAClB,oDAAoD,EACpD,mBAAU,CAAC,uBAAuB,CACnC,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;;;;;GAOG;AACH,SAAgB,eAAe,CAAC,MAAc,EAAE,YAA0B;IACxE,MAAM,GAAG,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;IAChC,MAAM,WAAW,GAAgB,YAAY,IAAI,yBAAW,CAAC;IAC7D,OAAO;QACL,OAAO,EAAE,CAAC,SAAiB,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE,SAAS,EAAE,WAAW,CAAC;QACpE,OAAO,EAAE,CAAC,QAAgB,EAAE,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE,QAAQ,CAAC;KACtD,CAAC;AACJ,CAAC"}

package/dist/mcp/store/index.d.ts ADDED Viewed

@@ -0,0 +1,12 @@
+/**
+ * Public API for the store module.
+ *
+ * Re-exports all type definitions. Concrete implementations (SqliteTokenStore,
+ * createEncryptor, runMigrations) are exported from their own modules so
+ * callers that need only interfaces do not pull in better-sqlite3 or node:crypto
+ * at import time.
+ */
+export type { StoredToken, TokenStore, Encryptor, MigrationResult, ServiceName } from './types';
+export { NullTokenStore } from './null-token-store';
+export { SqliteTokenStore } from './sqlite';
+//# sourceMappingURL=index.d.ts.map

package/dist/mcp/store/index.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/mcp/store/index.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,YAAY,EAAE,WAAW,EAAE,UAAU,EAAE,SAAS,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAChG,OAAO,EAAE,cAAc,EAAE,MAAM,oBAAoB,CAAC;AACpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,UAAU,CAAC"}

package/dist/mcp/store/index.js ADDED Viewed

@@ -0,0 +1,16 @@
+"use strict";
+/**
+ * Public API for the store module.
+ *
+ * Re-exports all type definitions. Concrete implementations (SqliteTokenStore,
+ * createEncryptor, runMigrations) are exported from their own modules so
+ * callers that need only interfaces do not pull in better-sqlite3 or node:crypto
+ * at import time.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SqliteTokenStore = exports.NullTokenStore = void 0;
+var null_token_store_1 = require("./null-token-store");
+Object.defineProperty(exports, "NullTokenStore", { enumerable: true, get: function () { return null_token_store_1.NullTokenStore; } });
+var sqlite_1 = require("./sqlite");
+Object.defineProperty(exports, "SqliteTokenStore", { enumerable: true, get: function () { return sqlite_1.SqliteTokenStore; } });
+//# sourceMappingURL=index.js.map

package/dist/mcp/store/index.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/mcp/store/index.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;AAGH,uDAAoD;AAA3C,kHAAA,cAAc,OAAA;AACvB,mCAA4C;AAAnC,0GAAA,gBAAgB,OAAA"}

package/dist/mcp/store/migrate.d.ts ADDED Viewed

@@ -0,0 +1,70 @@
+/**
+ * SQLite schema migration module for the MCP token store.
+ *
+ * Applies versioned migrations to a better-sqlite3 database in a single
+ * transaction. Safe to call on every daemon startup — skips migrations that
+ * have already been applied.
+ *
+ * Also provides Go database migration: detectGoDatabase() and migrateFromGo()
+ * locate and migrate legacy padua-mcp SQLite token databases to the new
+ * tokens.db format. The wire format is byte-compatible between Go and TS.
+ */
+import Database from 'better-sqlite3';
+import type { MigrationResult } from './types';
+/**
+ * Apply any outstanding schema migrations to the given database.
+ *
+ * Wraps all migration statements in a single transaction. If any statement
+ * throws, the transaction is rolled back and no partial changes remain.
+ *
+ * @param db - An open better-sqlite3 database instance.
+ * @returns MigrationResult indicating whether migrations were applied.
+ * @throws StoreError(DB_WRITE_FAILED) if any database operation fails,
+ *         including introspection queries and migration statements.
+ */
+export declare function runMigrations(db: Database.Database): MigrationResult;
+/**
+ * Result returned by migrateFromGo.
+ *
+ * Distinct from MigrationResult so that tokensCount is always present on
+ * success and reason is always present on skip, giving callers a typed
+ * discriminated union instead of a bag of optionals.
+ */
+export interface GoMigrationResult {
+    /** Whether tokens were actually migrated. */
+    migrated: boolean;
+    /**
+     * Machine-readable skip reason. Only set when migrated is false.
+     *   'no-legacy-db-found'  — no Go database exists at any search path
+     *   'wal-files-present'   — WAL file exists; Go process may still hold a lock
+     *   'decryption-failed'   — provided key cannot decrypt the Go token data
+     */
+    reason?: string;
+    /** Number of token rows migrated. Set when migrated is true. */
+    tokensCount?: number;
+}
+export declare const LEGACY_DB_PATHS: readonly string[];
+/**
+ * Return the first path in searchPaths that resolves to an existing file,
+ * or null when none exist.
+ *
+ * @param searchPaths - Ordered list of candidate paths. Defaults to LEGACY_DB_PATHS.
+ */
+export declare function detectGoDatabase(searchPaths?: string[]): string | null;
+/**
+ * Migrate tokens from a legacy Go padua-mcp SQLite database to the new
+ * encrypted tokens.db.
+ *
+ * Steps:
+ *  1. Locate the Go database via detectGoDatabase.
+ *  2. Abort when a WAL file is present (Go process may still be running).
+ *  3. Open the Go database read-only and decrypt every row with the provided key.
+ *  4. Write all rows into the target store using SqliteTokenStore.
+ *  5. Rename the Go database to .bak so it is not migrated again.
+ *
+ * @param encryptionKey - 64-char hex AES-256 key (same key used by the Go app).
+ * @param targetDbPath  - Absolute path to the destination tokens.db file.
+ * @param searchPaths   - Override the default LEGACY_DB_PATHS (used in tests).
+ */
+export declare function migrateFromGo(encryptionKey: string, targetDbPath: string, searchPaths?: string[]): GoMigrationResult;
+//# sourceMappingURL=migrate.d.ts.map

package/dist/mcp/store/migrate.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"migrate.d.ts","sourceRoot":"","sources":["../../../src/mcp/store/migrate.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,QAAQ,MAAM,gBAAgB,CAAC;AAItC,OAAO,KAAK,EAAE,eAAe,EAAe,MAAM,SAAS,CAAC;AAyD5D;;;;;;;;;;GAUG;AACH,wBAAgB,aAAa,CAAC,EAAE,EAAE,QAAQ,CAAC,QAAQ,GAAG,eAAe,CAUpE;AAiCD;;;;;;GAMG;AACH,MAAM,WAAW,iBAAiB;IAChC,6CAA6C;IAC7C,QAAQ,EAAE,OAAO,CAAC;IAClB;;;;;OAKG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,gEAAgE;IAChE,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAkBD,eAAO,MAAM,eAAe,EAAE,SAAS,MAAM,EAG5C,CAAC;AAEF;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAAC,WAAW,GAAE,MAAM,EAAyB,GAAG,MAAM,GAAG,IAAI,CAK5F;AAED;;;;;;;;;;;;;;GAcG;AACH,wBAAgB,aAAa,CAC3B,aAAa,EAAE,MAAM,EACrB,YAAY,EAAE,MAAM,EACpB,WAAW,CAAC,EAAE,MAAM,EAAE,GACrB,iBAAiB,CAsEnB"}

package/dist/mcp/store/migrate.js ADDED Viewed

@@ -0,0 +1,211 @@
+"use strict";
+/**
+ * SQLite schema migration module for the MCP token store.
+ *
+ * Applies versioned migrations to a better-sqlite3 database in a single
+ * transaction. Safe to call on every daemon startup — skips migrations that
+ * have already been applied.
+ *
+ * Also provides Go database migration: detectGoDatabase() and migrateFromGo()
+ * locate and migrate legacy padua-mcp SQLite token databases to the new
+ * tokens.db format. The wire format is byte-compatible between Go and TS.
+ */
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.LEGACY_DB_PATHS = void 0;
+exports.runMigrations = runMigrations;
+exports.detectGoDatabase = detectGoDatabase;
+exports.migrateFromGo = migrateFromGo;
+const better_sqlite3_1 = __importDefault(require("better-sqlite3"));
+const node_fs_1 = require("node:fs");
+const node_path_1 = require("node:path");
+const node_os_1 = require("node:os");
+const errors_1 = require("../errors");
+const MIGRATIONS = [
+    {
+        version: 1,
+        description: 'Create tokens and schema_version tables',
+        up: [
+            `CREATE TABLE IF NOT EXISTS schema_version (
+        version INTEGER PRIMARY KEY,
+        applied_at TEXT NOT NULL DEFAULT (datetime('now'))
+      )`,
+            `CREATE TABLE IF NOT EXISTS tokens (
+        service TEXT PRIMARY KEY,
+        data BLOB NOT NULL,
+        updated_at TEXT NOT NULL DEFAULT (datetime('now'))
+      )`,
+        ],
+    },
+];
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+function schemaVersionTableExists(db) {
+    const row = db
+        .prepare(`SELECT name FROM sqlite_master WHERE type='table' AND name='schema_version'`)
+        .get();
+    return row !== undefined;
+}
+function getCurrentVersion(db) {
+    const row = db
+        .prepare(`SELECT MAX(version) as version FROM schema_version`)
+        .get();
+    return row.version ?? 0;
+}
+function pendingMigrations(currentVersion) {
+    return MIGRATIONS.filter((m) => m.version > currentVersion);
+}
+// ---------------------------------------------------------------------------
+// Public API
+// ---------------------------------------------------------------------------
+/**
+ * Apply any outstanding schema migrations to the given database.
+ *
+ * Wraps all migration statements in a single transaction. If any statement
+ * throws, the transaction is rolled back and no partial changes remain.
+ *
+ * @param db - An open better-sqlite3 database instance.
+ * @returns MigrationResult indicating whether migrations were applied.
+ * @throws StoreError(DB_WRITE_FAILED) if any database operation fails,
+ *         including introspection queries and migration statements.
+ */
+function runMigrations(db) {
+    try {
+        return applyMigrations(db);
+    }
+    catch (err) {
+        if (err instanceof errors_1.StoreError)
+            throw err;
+        throw new errors_1.StoreError(`Migration failed: ${err instanceof Error ? err.message : String(err)}`, errors_1.ErrorCodes.DB_WRITE_FAILED);
+    }
+}
+function applyMigrations(db) {
+    const alreadyInitialised = schemaVersionTableExists(db);
+    const currentVersion = alreadyInitialised ? getCurrentVersion(db) : 0;
+    const pending = pendingMigrations(currentVersion);
+    if (pending.length === 0) {
+        return {
+            migrated: false,
+            reason: `already at latest schema version (v${currentVersion})`,
+        };
+    }
+    const applyAll = db.transaction(() => {
+        for (const migration of pending) {
+            for (const sql of migration.up) {
+                db.prepare(sql).run();
+            }
+            db.prepare(`INSERT INTO schema_version (version) VALUES (?)`).run(migration.version);
+        }
+    });
+    applyAll();
+    return { migrated: true };
+}
+/**
+ * Legacy Go database paths checked by detectGoDatabase, in priority order.
+ * Exported for reference; tests override this via the searchPaths parameter.
+ */
+function isStoredToken(value) {
+    if (typeof value !== 'object' || value === null)
+        return false;
+    const obj = value;
+    return (typeof obj.accessToken === 'string' &&
+        typeof obj.refreshToken === 'string' &&
+        typeof obj.tokenType === 'string' &&
+        typeof obj.expiresAt === 'number' &&
+        Array.isArray(obj.scopes));
+}
+exports.LEGACY_DB_PATHS = [
+    (0, node_path_1.join)((0, node_os_1.homedir)(), '.config', 'padua-mcp', 'padua-mcp.db'),
+    (0, node_path_1.join)((0, node_os_1.homedir)(), '.padua', 'padua-mcp.db'),
+];
+/**
+ * Return the first path in searchPaths that resolves to an existing file,
+ * or null when none exist.
+ *
+ * @param searchPaths - Ordered list of candidate paths. Defaults to LEGACY_DB_PATHS.
+ */
+function detectGoDatabase(searchPaths = [...exports.LEGACY_DB_PATHS]) {
+    for (const p of searchPaths) {
+        if ((0, node_fs_1.existsSync)(p))
+            return p;
+    }
+    return null;
+}
+/**
+ * Migrate tokens from a legacy Go padua-mcp SQLite database to the new
+ * encrypted tokens.db.
+ *
+ * Steps:
+ *  1. Locate the Go database via detectGoDatabase.
+ *  2. Abort when a WAL file is present (Go process may still be running).
+ *  3. Open the Go database read-only and decrypt every row with the provided key.
+ *  4. Write all rows into the target store using SqliteTokenStore.
+ *  5. Rename the Go database to .bak so it is not migrated again.
+ *
+ * @param encryptionKey - 64-char hex AES-256 key (same key used by the Go app).
+ * @param targetDbPath  - Absolute path to the destination tokens.db file.
+ * @param searchPaths   - Override the default LEGACY_DB_PATHS (used in tests).
+ */
+function migrateFromGo(encryptionKey, targetDbPath, searchPaths) {
+    const goDbPath = detectGoDatabase(searchPaths);
+    if (!goDbPath) {
+        return { migrated: false, reason: 'no-legacy-db-found' };
+    }
+    if ((0, node_fs_1.existsSync)(goDbPath + '-wal')) {
+        return { migrated: false, reason: 'wal-files-present' };
+    }
+    // Import here to avoid circular dependency between migrate.ts and sqlite.ts.
+    // sqlite.ts imports migrate.ts (for runMigrations), so we must not import
+    // SqliteTokenStore at the module level in this file.
+    const { SqliteTokenStore } =
+    // eslint-disable-next-line @typescript-eslint/no-var-requires
+    require('./sqlite');
+    const { createEncryptor } =
+    // eslint-disable-next-line @typescript-eslint/no-var-requires
+    require('./encrypt');
+    const encryptor = createEncryptor(encryptionKey);
+    const goDb = new better_sqlite3_1.default(goDbPath, { readonly: true });
+    try {
+        const rows = goDb
+            .prepare(`SELECT service, data FROM tokens`)
+            .all();
+        // Attempt decryption of all rows before touching the target store.
+        // If any row fails, abort the entire migration.
+        let decryptedRows;
+        try {
+            decryptedRows = rows.map((row) => ({
+                service: row.service,
+                plaintext: encryptor.decrypt(Buffer.from(row.data)),
+            }));
+        }
+        catch {
+            return { migrated: false, reason: 'decryption-failed' };
+        }
+        const targetStore = SqliteTokenStore.create(targetDbPath, encryptor);
+        try {
+            for (const { service, plaintext } of decryptedRows) {
+                const parsed = JSON.parse(plaintext.toString('utf-8'));
+                if (!isStoredToken(parsed)) {
+                    throw new errors_1.StoreError(`Invalid token structure for service "${service}"`, errors_1.ErrorCodes.DB_WRITE_FAILED);
+                }
+                targetStore.upsert(service, parsed);
+            }
+        }
+        finally {
+            targetStore.close();
+        }
+        goDb.close();
+        (0, node_fs_1.renameSync)(goDbPath, goDbPath + '.bak');
+        return { migrated: true, tokensCount: rows.length };
+    }
+    catch (err) {
+        goDb.close();
+        if (err instanceof errors_1.StoreError)
+            throw err;
+        throw new errors_1.StoreError(`Go database migration failed: ${err instanceof Error ? err.message : String(err)}`, errors_1.ErrorCodes.DB_WRITE_FAILED);
+    }
+}
+//# sourceMappingURL=migrate.js.map

package/dist/mcp/store/migrate.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"migrate.js","sourceRoot":"","sources":["../../../src/mcp/store/migrate.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;GAUG;;;;;;AA0EH,sCAUC;AAiFD,4CAKC;AAiBD,sCA0EC;AAnQD,oEAAsC;AACtC,qCAAiD;AACjD,yCAAiC;AACjC,qCAAkC;AAElC,sCAAmD;AAYnD,MAAM,UAAU,GAAgB;IAC9B;QACE,OAAO,EAAE,CAAC;QACV,WAAW,EAAE,yCAAyC;QACtD,EAAE,EAAE;YACF;;;QAGE;YACF;;;;QAIE;SACH;KACF;CACF,CAAC;AAEF,8EAA8E;AAC9E,UAAU;AACV,8EAA8E;AAE9E,SAAS,wBAAwB,CAAC,EAAqB;IACrD,MAAM,GAAG,GAAG,EAAE;SACX,OAAO,CAAC,6EAA6E,CAAC;SACtF,GAAG,EAAkC,CAAC;IACzC,OAAO,GAAG,KAAK,SAAS,CAAC;AAC3B,CAAC;AAED,SAAS,iBAAiB,CAAC,EAAqB;IAC9C,MAAM,GAAG,GAAG,EAAE;SACX,OAAO,CAAC,oDAAoD,CAAC;SAC7D,GAAG,EAAgC,CAAC;IACvC,OAAO,GAAG,CAAC,OAAO,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,SAAS,iBAAiB,CAAC,cAAsB;IAC/C,OAAO,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,GAAG,cAAc,CAAC,CAAC;AAC9D,CAAC;AAED,8EAA8E;AAC9E,aAAa;AACb,8EAA8E;AAE9E;;;;;;;;;;GAUG;AACH,SAAgB,aAAa,CAAC,EAAqB;IACjD,IAAI,CAAC;QACH,OAAO,eAAe,CAAC,EAAE,CAAC,CAAC;IAC7B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,GAAG,YAAY,mBAAU;YAAE,MAAM,GAAG,CAAC;QACzC,MAAM,IAAI,mBAAU,CAClB,qBAAqB,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EACvE,mBAAU,CAAC,eAAe,CAC3B,CAAC;IACJ,CAAC;AACH,CAAC;AAED,SAAS,eAAe,CAAC,EAAqB;IAC5C,MAAM,kBAAkB,GAAG,wBAAwB,CAAC,EAAE,CAAC,CAAC;IACxD,MAAM,cAAc,GAAG,kBAAkB,CAAC,CAAC,CAAC,iBAAiB,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IACtE,MAAM,OAAO,GAAG,iBAAiB,CAAC,cAAc,CAAC,CAAC;IAElD,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO;YACL,QAAQ,EAAE,KAAK;YACf,MAAM,EAAE,sCAAsC,cAAc,GAAG;SAChE,CAAC;IACJ,CAAC;IAED,MAAM,QAAQ,GAAG,EAAE,CAAC,WAAW,CAAC,GAAG,EAAE;QACnC,KAAK,MAAM,SAAS,IAAI,OAAO,EAAE,CAAC;YAChC,KAAK,MAAM,GAAG,IAAI,SAAS,CAAC,EAAE,EAAE,CAAC;gBAC/B,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC;YACxB,CAAC;YACD,EAAE,CAAC,OAAO,CAAC,iDAAiD,CAAC,CAAC,GAAG,CAC/D,SAAS,CAAC,OAAO,CAClB,CAAC;QACJ,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,QAAQ,EAAE,CAAC;IACX,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;AAC5B,CAAC;AA2BD;;;GAGG;AACH,SAAS,aAAa,CAAC,KAAc;IACnC,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,IAAI;QAAE,OAAO,KAAK,CAAC;IAC9D,MAAM,GAAG,GAAG,KAAgC,CAAC;IAC7C,OAAO,CACL,OAAO,GAAG,CAAC,WAAW,KAAK,QAAQ;QACnC,OAAO,GAAG,CAAC,YAAY,KAAK,QAAQ;QACpC,OAAO,GAAG,CAAC,SAAS,KAAK,QAAQ;QACjC,OAAO,GAAG,CAAC,SAAS,KAAK,QAAQ;QACjC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,CAC1B,CAAC;AACJ,CAAC;AAEY,QAAA,eAAe,GAAsB;IAChD,IAAA,gBAAI,EAAC,IAAA,iBAAO,GAAE,EAAE,SAAS,EAAE,WAAW,EAAE,cAAc,CAAC;IACvD,IAAA,gBAAI,EAAC,IAAA,iBAAO,GAAE,EAAE,QAAQ,EAAE,cAAc,CAAC;CAC1C,CAAC;AAEF;;;;;GAKG;AACH,SAAgB,gBAAgB,CAAC,cAAwB,CAAC,GAAG,uBAAe,CAAC;IAC3E,KAAK,MAAM,CAAC,IAAI,WAAW,EAAE,CAAC;QAC5B,IAAI,IAAA,oBAAU,EAAC,CAAC,CAAC;YAAE,OAAO,CAAC,CAAC;IAC9B,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;;;;;;;;;;;GAcG;AACH,SAAgB,aAAa,CAC3B,aAAqB,EACrB,YAAoB,EACpB,WAAsB;IAEtB,MAAM,QAAQ,GAAG,gBAAgB,CAAC,WAAW,CAAC,CAAC;IAC/C,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,oBAAoB,EAAE,CAAC;IAC3D,CAAC;IAED,IAAI,IAAA,oBAAU,EAAC,QAAQ,GAAG,MAAM,CAAC,EAAE,CAAC;QAClC,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;IAC1D,CAAC;IAED,6EAA6E;IAC7E,0EAA0E;IAC1E,qDAAqD;IACrD,MAAM,EAAE,gBAAgB,EAAE;IACxB,8DAA8D;IAC9D,OAAO,CAAC,UAAU,CAA8B,CAAC;IACnD,MAAM,EAAE,eAAe,EAAE;IACvB,8DAA8D;IAC9D,OAAO,CAAC,WAAW,CAA+B,CAAC;IAErD,MAAM,SAAS,GAAG,eAAe,CAAC,aAAa,CAAC,CAAC;IAEjD,MAAM,IAAI,GAAG,IAAI,wBAAQ,CAAC,QAAQ,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;IACxD,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,IAAI;aACd,OAAO,CACN,kCAAkC,CACnC;aACA,GAAG,EAAE,CAAC;QAET,mEAAmE;QACnE,gDAAgD;QAChD,IAAI,aAA4D,CAAC;QACjE,IAAI,CAAC;YACH,aAAa,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;gBACjC,OAAO,EAAE,GAAG,CAAC,OAAO;gBACpB,SAAS,EAAE,SAAS,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;aACpD,CAAC,CAAC,CAAC;QACN,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;QAC1D,CAAC;QAED,MAAM,WAAW,GAAG,gBAAgB,CAAC,MAAM,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;QACrE,IAAI,CAAC;YACH,KAAK,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,IAAI,aAAa,EAAE,CAAC;gBACnD,MAAM,MAAM,GAAY,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC;gBAChE,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,EAAE,CAAC;oBAC3B,MAAM,IAAI,mBAAU,CAClB,wCAAwC,OAAO,GAAG,EAClD,mBAAU,CAAC,eAAe,CAC3B,CAAC;gBACJ,CAAC;gBACD,WAAW,CAAC,MAAM,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;YACtC,CAAC;QACH,CAAC;gBAAS,CAAC;YACT,WAAW,CAAC,KAAK,EAAE,CAAC;QACtB,CAAC;QAED,IAAI,CAAC,KAAK,EAAE,CAAC;QACb,IAAA,oBAAU,EAAC,QAAQ,EAAE,QAAQ,GAAG,MAAM,CAAC,CAAC;QAExC,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,WAAW,EAAE,IAAI,CAAC,MAAM,EAAE,CAAC;IACtD,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,CAAC,KAAK,EAAE,CAAC;QACb,IAAI,GAAG,YAAY,mBAAU;YAAE,MAAM,GAAG,CAAC;QACzC,MAAM,IAAI,mBAAU,CAClB,iCAAiC,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EACnF,mBAAU,CAAC,eAAe,CAC3B,CAAC;IACJ,CAAC;AACH,CAAC"}

package/dist/mcp/store/null-token-store.d.ts ADDED Viewed

@@ -0,0 +1,22 @@
+import type { TokenStore, StoredToken } from './types';
+/**
+ * In-memory TokenStore implementation used for testing and as a null-object
+ * fallback when no persistent store is configured.
+ *
+ * All operations are synchronous and operate on a plain Map. No I/O, no
+ * encryption, no external dependencies. Returned tokens are shallow-copied
+ * so callers cannot mutate internal store state through a returned reference.
+ */
+export declare class NullTokenStore implements TokenStore {
+    private readonly store;
+    static create(): NullTokenStore;
+    get(service: string): StoredToken | null;
+    upsert(service: string, token: StoredToken): void;
+    delete(service: string): void;
+    list(): Array<{
+        service: string;
+        updatedAt: string;
+    }>;
+    close(): void;
+}
+//# sourceMappingURL=null-token-store.d.ts.map

package/dist/mcp/store/null-token-store.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"null-token-store.d.ts","sourceRoot":"","sources":["../../../src/mcp/store/null-token-store.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,UAAU,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAEvD;;;;;;;GAOG;AACH,qBAAa,cAAe,YAAW,UAAU;IAC/C,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAgE;IAEtF,MAAM,CAAC,MAAM,IAAI,cAAc;IAI/B,GAAG,CAAC,OAAO,EAAE,MAAM,GAAG,WAAW,GAAG,IAAI;IAKxC,MAAM,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,WAAW,GAAG,IAAI;IAOjD,MAAM,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI;IAI7B,IAAI,IAAI,KAAK,CAAC;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE,CAAC;IAMrD,KAAK,IAAI,IAAI;CAGd"}