npm - @padua/cli - Versions diffs - 1.13.1 → 2.0.1 - Mend

@padua/cli 1.13.1 → 2.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (265) hide show

package/README.md +121 -6
package/dist/commands/doctor/index.d.ts.map +1 -1
package/dist/commands/doctor/index.js +85 -0
package/dist/commands/doctor/index.js.map +1 -1
package/dist/commands/doctor/mcp-checks.d.ts +36 -0
package/dist/commands/doctor/mcp-checks.d.ts.map +1 -0
package/dist/commands/doctor/mcp-checks.js +235 -0
package/dist/commands/doctor/mcp-checks.js.map +1 -0
package/dist/commands/doctor/mcp-service-checks.d.ts +35 -0
package/dist/commands/doctor/mcp-service-checks.d.ts.map +1 -0
package/dist/commands/doctor/mcp-service-checks.js +146 -0
package/dist/commands/doctor/mcp-service-checks.js.map +1 -0
package/dist/commands/doctor/types.d.ts +4 -1
package/dist/commands/doctor/types.d.ts.map +1 -1
package/dist/commands/doctor/types.js +1 -0
package/dist/commands/doctor/types.js.map +1 -1
package/dist/commands/login/index.d.ts +1 -1
package/dist/commands/login/index.d.ts.map +1 -1
package/dist/commands/login/index.js +44 -185
package/dist/commands/login/index.js.map +1 -1
package/dist/commands/login/mcp-steps.d.ts +38 -0
package/dist/commands/login/mcp-steps.d.ts.map +1 -0
package/dist/commands/login/mcp-steps.js +176 -0
package/dist/commands/login/mcp-steps.js.map +1 -0
package/dist/commands/login/orchestrator.d.ts +9 -0
package/dist/commands/login/orchestrator.d.ts.map +1 -0
package/dist/commands/login/orchestrator.js +251 -0
package/dist/commands/login/orchestrator.js.map +1 -0
package/dist/commands/login/types.d.ts +11 -0
package/dist/commands/login/types.d.ts.map +1 -1
package/dist/commands/login/types.js.map +1 -1
package/dist/commands/status/aws-checks.d.ts +14 -0
package/dist/commands/status/aws-checks.d.ts.map +1 -0
package/dist/commands/status/aws-checks.js +145 -0
package/dist/commands/status/aws-checks.js.map +1 -0
package/dist/commands/status/checks.d.ts +9 -25
package/dist/commands/status/checks.d.ts.map +1 -1
package/dist/commands/status/checks.js +52 -254
package/dist/commands/status/checks.js.map +1 -1
package/dist/commands/status/index.d.ts.map +1 -1
package/dist/commands/status/index.js +53 -1
package/dist/commands/status/index.js.map +1 -1
package/dist/commands/status/mcp-checks.d.ts +35 -0
package/dist/commands/status/mcp-checks.d.ts.map +1 -0
package/dist/commands/status/mcp-checks.js +175 -0
package/dist/commands/status/mcp-checks.js.map +1 -0
package/dist/commands/status/types.d.ts +34 -0
package/dist/commands/status/types.d.ts.map +1 -1
package/dist/mcp/config/index.d.ts +4 -0
package/dist/mcp/config/index.d.ts.map +1 -0
package/dist/mcp/config/index.js +14 -0
package/dist/mcp/config/index.js.map +1 -0
package/dist/mcp/config/loaders.d.ts +45 -0
package/dist/mcp/config/loaders.d.ts.map +1 -0
package/dist/mcp/config/loaders.js +149 -0
package/dist/mcp/config/loaders.js.map +1 -0
package/dist/mcp/config/types.d.ts +234 -0
package/dist/mcp/config/types.d.ts.map +1 -0
package/dist/mcp/config/types.js +45 -0
package/dist/mcp/config/types.js.map +1 -0
package/dist/mcp/daemon/entry-logic.d.ts +28 -0
package/dist/mcp/daemon/entry-logic.d.ts.map +1 -0
package/dist/mcp/daemon/entry-logic.js +82 -0
package/dist/mcp/daemon/entry-logic.js.map +1 -0
package/dist/mcp/daemon/entry.d.ts +8 -0
package/dist/mcp/daemon/entry.d.ts.map +1 -0
package/dist/mcp/daemon/entry.js +34 -0
package/dist/mcp/daemon/entry.js.map +1 -0
package/dist/mcp/daemon/fork.d.ts +21 -0
package/dist/mcp/daemon/fork.d.ts.map +1 -0
package/dist/mcp/daemon/fork.js +188 -0
package/dist/mcp/daemon/fork.js.map +1 -0
package/dist/mcp/daemon/health.d.ts +8 -0
package/dist/mcp/daemon/health.d.ts.map +1 -0
package/dist/mcp/daemon/health.js +50 -0
package/dist/mcp/daemon/health.js.map +1 -0
package/dist/mcp/daemon/index.d.ts +6 -0
package/dist/mcp/daemon/index.d.ts.map +1 -0
package/dist/mcp/daemon/index.js +22 -0
package/dist/mcp/daemon/index.js.map +1 -0
package/dist/mcp/daemon/types.d.ts +63 -0
package/dist/mcp/daemon/types.d.ts.map +1 -0
package/dist/mcp/daemon/types.js +18 -0
package/dist/mcp/daemon/types.js.map +1 -0
package/dist/mcp/errors/index.d.ts +3 -0
package/dist/mcp/errors/index.d.ts.map +1 -0
package/dist/mcp/errors/index.js +13 -0
package/dist/mcp/errors/index.js.map +1 -0
package/dist/mcp/errors/types.d.ts +83 -0
package/dist/mcp/errors/types.d.ts.map +1 -0
package/dist/mcp/errors/types.js +148 -0
package/dist/mcp/errors/types.js.map +1 -0
package/dist/mcp/providers/atlassian/auth.d.ts +34 -0
package/dist/mcp/providers/atlassian/auth.d.ts.map +1 -0
package/dist/mcp/providers/atlassian/auth.js +107 -0
package/dist/mcp/providers/atlassian/auth.js.map +1 -0
package/dist/mcp/providers/atlassian/client.d.ts +15 -0
package/dist/mcp/providers/atlassian/client.d.ts.map +1 -0
package/dist/mcp/providers/atlassian/client.js +38 -0
package/dist/mcp/providers/atlassian/client.js.map +1 -0
package/dist/mcp/providers/atlassian/index.d.ts +6 -0
package/dist/mcp/providers/atlassian/index.d.ts.map +1 -0
package/dist/mcp/providers/atlassian/index.js +11 -0
package/dist/mcp/providers/atlassian/index.js.map +1 -0
package/dist/mcp/providers/atlassian/markdown-to-adf/index.d.ts +17 -0
package/dist/mcp/providers/atlassian/markdown-to-adf/index.d.ts.map +1 -0
package/dist/mcp/providers/atlassian/markdown-to-adf/index.js +29 -0
package/dist/mcp/providers/atlassian/markdown-to-adf/index.js.map +1 -0
package/dist/mcp/providers/atlassian/markdown-to-adf/nodes.d.ts +43 -0
package/dist/mcp/providers/atlassian/markdown-to-adf/nodes.d.ts.map +1 -0
package/dist/mcp/providers/atlassian/markdown-to-adf/nodes.js +101 -0
package/dist/mcp/providers/atlassian/markdown-to-adf/nodes.js.map +1 -0
package/dist/mcp/providers/atlassian/markdown-to-adf/parser.d.ts +14 -0
package/dist/mcp/providers/atlassian/markdown-to-adf/parser.d.ts.map +1 -0
package/dist/mcp/providers/atlassian/markdown-to-adf/parser.js +250 -0
package/dist/mcp/providers/atlassian/markdown-to-adf/parser.js.map +1 -0
package/dist/mcp/providers/atlassian/provider.d.ts +38 -0
package/dist/mcp/providers/atlassian/provider.d.ts.map +1 -0
package/dist/mcp/providers/atlassian/provider.js +101 -0
package/dist/mcp/providers/atlassian/provider.js.map +1 -0
package/dist/mcp/providers/atlassian/resources.d.ts +4 -0
package/dist/mcp/providers/atlassian/resources.d.ts.map +1 -0
package/dist/mcp/providers/atlassian/resources.js +67 -0
package/dist/mcp/providers/atlassian/resources.js.map +1 -0
package/dist/mcp/providers/atlassian/tools/confluence.d.ts +4 -0
package/dist/mcp/providers/atlassian/tools/confluence.d.ts.map +1 -0
package/dist/mcp/providers/atlassian/tools/confluence.js +169 -0
package/dist/mcp/providers/atlassian/tools/confluence.js.map +1 -0
package/dist/mcp/providers/atlassian/tools/jira.d.ts +4 -0
package/dist/mcp/providers/atlassian/tools/jira.d.ts.map +1 -0
package/dist/mcp/providers/atlassian/tools/jira.js +274 -0
package/dist/mcp/providers/atlassian/tools/jira.js.map +1 -0
package/dist/mcp/providers/gitlab/auth.d.ts +10 -0
package/dist/mcp/providers/gitlab/auth.d.ts.map +1 -0
package/dist/mcp/providers/gitlab/auth.js +23 -0
package/dist/mcp/providers/gitlab/auth.js.map +1 -0
package/dist/mcp/providers/gitlab/client.d.ts +23 -0
package/dist/mcp/providers/gitlab/client.d.ts.map +1 -0
package/dist/mcp/providers/gitlab/client.js +17 -0
package/dist/mcp/providers/gitlab/client.js.map +1 -0
package/dist/mcp/providers/gitlab/index.d.ts +5 -0
package/dist/mcp/providers/gitlab/index.d.ts.map +1 -0
package/dist/mcp/providers/gitlab/index.js +10 -0
package/dist/mcp/providers/gitlab/index.js.map +1 -0
package/dist/mcp/providers/gitlab/provider.d.ts +25 -0
package/dist/mcp/providers/gitlab/provider.d.ts.map +1 -0
package/dist/mcp/providers/gitlab/provider.js +48 -0
package/dist/mcp/providers/gitlab/provider.js.map +1 -0
package/dist/mcp/providers/gitlab/resources.d.ts +11 -0
package/dist/mcp/providers/gitlab/resources.d.ts.map +1 -0
package/dist/mcp/providers/gitlab/resources.js +54 -0
package/dist/mcp/providers/gitlab/resources.js.map +1 -0
package/dist/mcp/providers/gitlab/tools/issues.d.ts +4 -0
package/dist/mcp/providers/gitlab/tools/issues.d.ts.map +1 -0
package/dist/mcp/providers/gitlab/tools/issues.js +120 -0
package/dist/mcp/providers/gitlab/tools/issues.js.map +1 -0
package/dist/mcp/providers/gitlab/tools/merge-requests.d.ts +11 -0
package/dist/mcp/providers/gitlab/tools/merge-requests.d.ts.map +1 -0
package/dist/mcp/providers/gitlab/tools/merge-requests.js +282 -0
package/dist/mcp/providers/gitlab/tools/merge-requests.js.map +1 -0
package/dist/mcp/providers/gitlab/tools/pipelines.d.ts +10 -0
package/dist/mcp/providers/gitlab/tools/pipelines.d.ts.map +1 -0
package/dist/mcp/providers/gitlab/tools/pipelines.js +173 -0
package/dist/mcp/providers/gitlab/tools/pipelines.js.map +1 -0
package/dist/mcp/providers/gitlab/tools/repository.d.ts +4 -0
package/dist/mcp/providers/gitlab/tools/repository.d.ts.map +1 -0
package/dist/mcp/providers/gitlab/tools/repository.js +191 -0
package/dist/mcp/providers/gitlab/tools/repository.js.map +1 -0
package/dist/mcp/providers/index.d.ts +4 -0
package/dist/mcp/providers/index.d.ts.map +1 -0
package/dist/mcp/providers/index.js +6 -0
package/dist/mcp/providers/index.js.map +1 -0
package/dist/mcp/providers/registry.d.ts +90 -0
package/dist/mcp/providers/registry.d.ts.map +1 -0
package/dist/mcp/providers/registry.js +128 -0
package/dist/mcp/providers/registry.js.map +1 -0
package/dist/mcp/providers/tool-helpers.d.ts +14 -0
package/dist/mcp/providers/tool-helpers.d.ts.map +1 -0
package/dist/mcp/providers/tool-helpers.js +12 -0
package/dist/mcp/providers/tool-helpers.js.map +1 -0
package/dist/mcp/providers/types.d.ts +80 -0
package/dist/mcp/providers/types.d.ts.map +1 -0
package/dist/mcp/providers/types.js +13 -0
package/dist/mcp/providers/types.js.map +1 -0
package/dist/mcp/server/auth.d.ts +8 -0
package/dist/mcp/server/auth.d.ts.map +1 -0
package/dist/mcp/server/auth.js +36 -0
package/dist/mcp/server/auth.js.map +1 -0
package/dist/mcp/server/health.d.ts +24 -0
package/dist/mcp/server/health.d.ts.map +1 -0
package/dist/mcp/server/health.js +37 -0
package/dist/mcp/server/health.js.map +1 -0
package/dist/mcp/server/index.d.ts +11 -0
package/dist/mcp/server/index.d.ts.map +1 -0
package/dist/mcp/server/index.js +27 -0
package/dist/mcp/server/index.js.map +1 -0
package/dist/mcp/server/logging.d.ts +46 -0
package/dist/mcp/server/logging.d.ts.map +1 -0
package/dist/mcp/server/logging.js +109 -0
package/dist/mcp/server/logging.js.map +1 -0
package/dist/mcp/server/ratelimit.d.ts +3 -0
package/dist/mcp/server/ratelimit.d.ts.map +1 -0
package/dist/mcp/server/ratelimit.js +70 -0
package/dist/mcp/server/ratelimit.js.map +1 -0
package/dist/mcp/server/routes.d.ts +3 -0
package/dist/mcp/server/routes.d.ts.map +1 -0
package/dist/mcp/server/routes.js +8 -0
package/dist/mcp/server/routes.js.map +1 -0
package/dist/mcp/server/server.d.ts +21 -0
package/dist/mcp/server/server.d.ts.map +1 -0
package/dist/mcp/server/server.js +114 -0
package/dist/mcp/server/server.js.map +1 -0
package/dist/mcp/server/validation.d.ts +22 -0
package/dist/mcp/server/validation.d.ts.map +1 -0
package/dist/mcp/server/validation.js +32 -0
package/dist/mcp/server/validation.js.map +1 -0
package/dist/mcp/store/encrypt.d.ts +22 -0
package/dist/mcp/store/encrypt.d.ts.map +1 -0
package/dist/mcp/store/encrypt.js +66 -0
package/dist/mcp/store/encrypt.js.map +1 -0
package/dist/mcp/store/index.d.ts +12 -0
package/dist/mcp/store/index.d.ts.map +1 -0
package/dist/mcp/store/index.js +16 -0
package/dist/mcp/store/index.js.map +1 -0
package/dist/mcp/store/migrate.d.ts +70 -0
package/dist/mcp/store/migrate.d.ts.map +1 -0
package/dist/mcp/store/migrate.js +211 -0
package/dist/mcp/store/migrate.js.map +1 -0
package/dist/mcp/store/null-token-store.d.ts +22 -0
package/dist/mcp/store/null-token-store.d.ts.map +1 -0
package/dist/mcp/store/null-token-store.js +40 -0
package/dist/mcp/store/null-token-store.js.map +1 -0
package/dist/mcp/store/sqlite.d.ts +27 -0
package/dist/mcp/store/sqlite.d.ts.map +1 -0
package/dist/mcp/store/sqlite.js +100 -0
package/dist/mcp/store/sqlite.js.map +1 -0
package/dist/mcp/store/types.d.ts +183 -0
package/dist/mcp/store/types.d.ts.map +1 -0
package/dist/mcp/store/types.js +13 -0
package/dist/mcp/store/types.js.map +1 -0
package/dist/mcp/token/http-client.d.ts +3 -0
package/dist/mcp/token/http-client.d.ts.map +1 -0
package/dist/mcp/token/http-client.js +186 -0
package/dist/mcp/token/http-client.js.map +1 -0
package/dist/mcp/token/index.d.ts +5 -0
package/dist/mcp/token/index.d.ts.map +1 -0
package/dist/mcp/token/index.js +15 -0
package/dist/mcp/token/index.js.map +1 -0
package/dist/mcp/token/manager.d.ts +54 -0
package/dist/mcp/token/manager.d.ts.map +1 -0
package/dist/mcp/token/manager.js +194 -0
package/dist/mcp/token/manager.js.map +1 -0
package/dist/mcp/token/null-token-manager.d.ts +19 -0
package/dist/mcp/token/null-token-manager.d.ts.map +1 -0
package/dist/mcp/token/null-token-manager.js +50 -0
package/dist/mcp/token/null-token-manager.js.map +1 -0
package/dist/mcp/token/oauth.d.ts +44 -0
package/dist/mcp/token/oauth.d.ts.map +1 -0
package/dist/mcp/token/oauth.js +257 -0
package/dist/mcp/token/oauth.js.map +1 -0
package/dist/mcp/token/types.d.ts +81 -0
package/dist/mcp/token/types.d.ts.map +1 -0
package/dist/mcp/token/types.js +6 -0
package/dist/mcp/token/types.js.map +1 -0
package/package.json +10 -3

package/dist/mcp/store/null-token-store.js ADDED Viewed

@@ -0,0 +1,40 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.NullTokenStore = void 0;
+/**
+ * In-memory TokenStore implementation used for testing and as a null-object
+ * fallback when no persistent store is configured.
+ *
+ * All operations are synchronous and operate on a plain Map. No I/O, no
+ * encryption, no external dependencies. Returned tokens are shallow-copied
+ * so callers cannot mutate internal store state through a returned reference.
+ */
+class NullTokenStore {
+    store = new Map();
+    static create() {
+        return new NullTokenStore();
+    }
+    get(service) {
+        const entry = this.store.get(service);
+        return entry ? { ...entry.token } : null;
+    }
+    upsert(service, token) {
+        this.store.set(service, {
+            token: { ...token },
+            updatedAt: new Date().toISOString(),
+        });
+    }
+    delete(service) {
+        this.store.delete(service);
+    }
+    list() {
+        return Array.from(this.store.entries())
+            .map(([service, entry]) => ({ service, updatedAt: entry.updatedAt }))
+            .sort((a, b) => a.service.localeCompare(b.service));
+    }
+    close() {
+        this.store.clear();
+    }
+}
+exports.NullTokenStore = NullTokenStore;
+//# sourceMappingURL=null-token-store.js.map

package/dist/mcp/store/null-token-store.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"null-token-store.js","sourceRoot":"","sources":["../../../src/mcp/store/null-token-store.ts"],"names":[],"mappings":";;;AAEA;;;;;;;GAOG;AACH,MAAa,cAAc;IACR,KAAK,GAAG,IAAI,GAAG,EAAqD,CAAC;IAEtF,MAAM,CAAC,MAAM;QACX,OAAO,IAAI,cAAc,EAAE,CAAC;IAC9B,CAAC;IAED,GAAG,CAAC,OAAe;QACjB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;QACtC,OAAO,KAAK,CAAC,CAAC,CAAC,EAAE,GAAG,KAAK,CAAC,KAAK,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;IAC3C,CAAC;IAED,MAAM,CAAC,OAAe,EAAE,KAAkB;QACxC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,EAAE;YACtB,KAAK,EAAE,EAAE,GAAG,KAAK,EAAE;YACnB,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC,CAAC;IACL,CAAC;IAED,MAAM,CAAC,OAAe;QACpB,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAC7B,CAAC;IAED,IAAI;QACF,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,CAAC;aACpC,GAAG,CAAC,CAAC,CAAC,OAAO,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,SAAS,EAAE,KAAK,CAAC,SAAS,EAAE,CAAC,CAAC;aACpE,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,aAAa,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;IACxD,CAAC;IAED,KAAK;QACH,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;IACrB,CAAC;CACF;AAhCD,wCAgCC"}

package/dist/mcp/store/sqlite.d.ts ADDED Viewed

@@ -0,0 +1,27 @@
+/**
+ * SQLite-backed encrypted token store for the MCP server integration.
+ *
+ * All token data is serialised to JSON, encrypted with AES-256-GCM, then
+ * written to the `tokens` table as a BLOB. The Encryptor interface decouples
+ * the encryption algorithm from the store so tests can inject deterministic
+ * doubles without touching real crypto.
+ *
+ * Wire format for the `data` column:
+ *   nonce (12 bytes) || ciphertext (N bytes) || auth tag (16 bytes)
+ */
+import type { TokenStore, StoredToken, Encryptor } from './types';
+export declare class SqliteTokenStore implements TokenStore {
+    private readonly db;
+    private readonly encryptor;
+    private constructor();
+    static create(dbPath: string, encryptor: Encryptor): SqliteTokenStore;
+    get(service: string): StoredToken | null;
+    upsert(service: string, token: StoredToken): void;
+    delete(service: string): void;
+    list(): Array<{
+        service: string;
+        updatedAt: string;
+    }>;
+    close(): void;
+}
+//# sourceMappingURL=sqlite.d.ts.map

package/dist/mcp/store/sqlite.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"sqlite.d.ts","sourceRoot":"","sources":["../../../src/mcp/store/sqlite.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAMH,OAAO,KAAK,EAAE,UAAU,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;AAOlE,qBAAa,gBAAiB,YAAW,UAAU;IACjD,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAoB;IACvC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAY;IAEtC,OAAO;IA2BP,MAAM,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,GAAG,gBAAgB;IAIrE,GAAG,CAAC,OAAO,EAAE,MAAM,GAAG,WAAW,GAAG,IAAI;IAqBxC,MAAM,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,WAAW,GAAG,IAAI;IAkBjD,MAAM,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI;IAM7B,IAAI,IAAI,KAAK,CAAC;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE,CAAC;IAUrD,KAAK,IAAI,IAAI;CAGd"}

package/dist/mcp/store/sqlite.js ADDED Viewed

@@ -0,0 +1,100 @@
+"use strict";
+/**
+ * SQLite-backed encrypted token store for the MCP server integration.
+ *
+ * All token data is serialised to JSON, encrypted with AES-256-GCM, then
+ * written to the `tokens` table as a BLOB. The Encryptor interface decouples
+ * the encryption algorithm from the store so tests can inject deterministic
+ * doubles without touching real crypto.
+ *
+ * Wire format for the `data` column:
+ *   nonce (12 bytes) || ciphertext (N bytes) || auth tag (16 bytes)
+ */
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SqliteTokenStore = void 0;
+const better_sqlite3_1 = __importDefault(require("better-sqlite3"));
+const node_fs_1 = require("node:fs");
+const node_path_1 = require("node:path");
+const errors_1 = require("../errors");
+const migrate_1 = require("./migrate");
+// ---------------------------------------------------------------------------
+// SqliteTokenStore
+// ---------------------------------------------------------------------------
+class SqliteTokenStore {
+    db;
+    encryptor;
+    constructor(dbPath, encryptor) {
+        try {
+            (0, node_fs_1.mkdirSync)((0, node_path_1.dirname)(dbPath), { recursive: true });
+            this.db = new better_sqlite3_1.default(dbPath);
+            this.db.pragma('journal_mode=WAL');
+            this.db.pragma('synchronous=NORMAL');
+            this.db.pragma('foreign_keys=ON');
+            this.db.pragma('busy_timeout=5000');
+            (0, migrate_1.runMigrations)(this.db);
+            if (dbPath !== ':memory:' && (0, node_fs_1.existsSync)(dbPath)) {
+                (0, node_fs_1.chmodSync)(dbPath, 0o600);
+            }
+            this.encryptor = encryptor;
+        }
+        catch (err) {
+            if (err instanceof errors_1.StoreError)
+                throw err;
+            throw new errors_1.StoreError(`Failed to open database at ${dbPath}: ${err instanceof Error ? err.message : String(err)}`, errors_1.ErrorCodes.DB_OPEN_FAILED);
+        }
+    }
+    static create(dbPath, encryptor) {
+        return new SqliteTokenStore(dbPath, encryptor);
+    }
+    get(service) {
+        const row = this.db
+            .prepare(`SELECT data FROM tokens WHERE service = ?`)
+            .get(service);
+        if (!row)
+            return null;
+        try {
+            const plaintext = this.encryptor.decrypt(Buffer.from(row.data));
+            return JSON.parse(plaintext.toString('utf-8'));
+        }
+        catch (err) {
+            if (err instanceof errors_1.StoreError)
+                throw err;
+            throw new errors_1.StoreError(`Failed to decrypt token for service '${service}'. ` +
+                `Check that the encryption key matches the one used when the token was stored. ` +
+                `Error: ${err instanceof Error ? err.message : String(err)}`, errors_1.ErrorCodes.TOKEN_DECRYPTION_FAILED);
+        }
+    }
+    upsert(service, token) {
+        try {
+            const serialized = Buffer.from(JSON.stringify(token), 'utf-8');
+            const encrypted = this.encryptor.encrypt(serialized);
+            this.db
+                .prepare(`INSERT OR REPLACE INTO tokens (service, data) VALUES (?, ?)`)
+                .run(service, encrypted);
+        }
+        catch (err) {
+            if (err instanceof errors_1.StoreError)
+                throw err;
+            throw new errors_1.StoreError(`Failed to write token for service '${service}': ${err instanceof Error ? err.message : String(err)}`, errors_1.ErrorCodes.DB_WRITE_FAILED);
+        }
+    }
+    delete(service) {
+        this.db
+            .prepare(`DELETE FROM tokens WHERE service = ?`)
+            .run(service);
+    }
+    list() {
+        const rows = this.db
+            .prepare(`SELECT service, updated_at FROM tokens ORDER BY service`)
+            .all();
+        return rows.map((row) => ({ service: row.service, updatedAt: row.updated_at }));
+    }
+    close() {
+        this.db.close();
+    }
+}
+exports.SqliteTokenStore = SqliteTokenStore;
+//# sourceMappingURL=sqlite.js.map

package/dist/mcp/store/sqlite.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"sqlite.js","sourceRoot":"","sources":["../../../src/mcp/store/sqlite.ts"],"names":[],"mappings":";AAAA;;;;;;;;;;GAUG;;;;;;AAEH,oEAAsC;AACtC,qCAA2D;AAC3D,yCAAoC;AACpC,sCAAmD;AAEnD,uCAA0C;AAE1C,8EAA8E;AAC9E,mBAAmB;AACnB,8EAA8E;AAE9E,MAAa,gBAAgB;IACV,EAAE,CAAoB;IACtB,SAAS,CAAY;IAEtC,YAAoB,MAAc,EAAE,SAAoB;QACtD,IAAI,CAAC;YACH,IAAA,mBAAS,EAAC,IAAA,mBAAO,EAAC,MAAM,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YAEhD,IAAI,CAAC,EAAE,GAAG,IAAI,wBAAQ,CAAC,MAAM,CAAC,CAAC;YAE/B,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,kBAAkB,CAAC,CAAC;YACnC,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAC;YACrC,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;YAClC,IAAI,CAAC,EAAE,CAAC,MAAM,CAAC,mBAAmB,CAAC,CAAC;YAEpC,IAAA,uBAAa,EAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAEvB,IAAI,MAAM,KAAK,UAAU,IAAI,IAAA,oBAAU,EAAC,MAAM,CAAC,EAAE,CAAC;gBAChD,IAAA,mBAAS,EAAC,MAAM,EAAE,KAAK,CAAC,CAAC;YAC3B,CAAC;YAED,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;QAC7B,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,mBAAU;gBAAE,MAAM,GAAG,CAAC;YACzC,MAAM,IAAI,mBAAU,CAClB,8BAA8B,MAAM,KAAK,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EAC3F,mBAAU,CAAC,cAAc,CAC1B,CAAC;QACJ,CAAC;IACH,CAAC;IAED,MAAM,CAAC,MAAM,CAAC,MAAc,EAAE,SAAoB;QAChD,OAAO,IAAI,gBAAgB,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IACjD,CAAC;IAED,GAAG,CAAC,OAAe;QACjB,MAAM,GAAG,GAAG,IAAI,CAAC,EAAE;aAChB,OAAO,CAA6B,2CAA2C,CAAC;aAChF,GAAG,CAAC,OAAO,CAAC,CAAC;QAEhB,IAAI,CAAC,GAAG;YAAE,OAAO,IAAI,CAAC;QAEtB,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC;YAChE,OAAO,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAgB,CAAC;QAChE,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,mBAAU;gBAAE,MAAM,GAAG,CAAC;YACzC,MAAM,IAAI,mBAAU,CAClB,wCAAwC,OAAO,KAAK;gBAClD,gFAAgF;gBAChF,UAAU,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EAC9D,mBAAU,CAAC,uBAAuB,CACnC,CAAC;QACJ,CAAC;IACH,CAAC;IAED,MAAM,CAAC,OAAe,EAAE,KAAkB;QACxC,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,OAAO,CAAC,CAAC;YAC/D,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;YACrD,IAAI,CAAC,EAAE;iBACJ,OAAO,CACN,6DAA6D,CAC9D;iBACA,GAAG,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;QAC7B,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,mBAAU;gBAAE,MAAM,GAAG,CAAC;YACzC,MAAM,IAAI,mBAAU,CAClB,sCAAsC,OAAO,MAAM,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,EACrG,mBAAU,CAAC,eAAe,CAC3B,CAAC;QACJ,CAAC;IACH,CAAC;IAED,MAAM,CAAC,OAAe;QACpB,IAAI,CAAC,EAAE;aACJ,OAAO,CAAW,sCAAsC,CAAC;aACzD,GAAG,CAAC,OAAO,CAAC,CAAC;IAClB,CAAC;IAED,IAAI;QACF,MAAM,IAAI,GAAG,IAAI,CAAC,EAAE;aACjB,OAAO,CACN,yDAAyD,CAC1D;aACA,GAAG,EAAE,CAAC;QAET,OAAO,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,SAAS,EAAE,GAAG,CAAC,UAAU,EAAE,CAAC,CAAC,CAAC;IAClF,CAAC;IAED,KAAK;QACH,IAAI,CAAC,EAAE,CAAC,KAAK,EAAE,CAAC;IAClB,CAAC;CACF;AA7FD,4CA6FC"}

package/dist/mcp/store/types.d.ts ADDED Viewed

@@ -0,0 +1,183 @@
+/**
+ * Token store type definitions for the MCP server integration.
+ *
+ * Defines the core interfaces that the AES-256-GCM encryption module and
+ * the SQLite-backed token store implement. No implementation details, no
+ * external dependencies — pure TypeScript interfaces.
+ *
+ * Wire format for AES-256-GCM (Go-compatible):
+ *   [ nonce (12 bytes) ][ ciphertext (N bytes) ][ auth tag (16 bytes) ]
+ */
+/**
+ * Strict union of supported OAuth service identifiers.
+ *
+ * Maps directly to the PRIMARY KEY values in the `tokens` SQLite table.
+ * Extend this union when adding a new provider in Phase 5/6.
+ */
+export type ServiceName = 'gitlab' | 'atlassian';
+/**
+ * Decrypted token data persisted per service in the `tokens` table.
+ *
+ * Serialised to JSON and encrypted with AES-256-GCM before being written to
+ * the `data` BLOB column. The shape must remain byte-compatible with the Go
+ * implementation in `padua-mcp/internal/store/sqlite.go`.
+ *
+ * `cloudId` and `cloudUrl` are Atlassian-specific and are omitted for GitLab
+ * tokens. They are present when the Atlassian OAuth flow completes and the
+ * cloud site resource ID has been resolved.
+ */
+export interface StoredToken {
+    /** OAuth2 access token. Passed as Bearer in Authorization headers. */
+    accessToken: string;
+    /** OAuth2 refresh token. Used to obtain a new access token on expiry. */
+    refreshToken: string;
+    /**
+     * Token type returned by the provider's token endpoint.
+     * Always "Bearer" in practice for both GitLab and Atlassian.
+     */
+    tokenType: string;
+    /**
+     * Absolute expiry time as a Unix timestamp in seconds.
+     * Compare against `Math.floor(Date.now() / 1000)` to detect expiry.
+     */
+    expiresAt: number;
+    /** OAuth2 scopes granted for this token. */
+    scopes: string[];
+    /**
+     * Atlassian cloud site resource ID.
+     * Required for Atlassian API calls; undefined for GitLab tokens.
+     */
+    cloudId?: string;
+    /**
+     * Base URL of the Atlassian cloud site (e.g. https://myorg.atlassian.net).
+     * Stored alongside cloudId for human-readable diagnostics.
+     * Undefined for GitLab tokens.
+     */
+    cloudUrl?: string;
+}
+/**
+ * Port interface for the encrypted SQLite token store.
+ *
+ * Implemented by `SqliteTokenStore` in `sqlite.ts`. The synchronous method
+ * signatures are intentional — `better-sqlite3` is synchronous by design,
+ * which avoids async overhead for short-lived in-process operations and
+ * keeps the caller-side code free of unnecessary `await` chains.
+ *
+ * Callers that require an async-compatible abstraction should wrap this
+ * interface in a thin async adapter rather than changing the signatures here.
+ */
+export interface TokenStore {
+    /**
+     * Retrieve the decrypted token for a service.
+     *
+     * @param service - Service identifier (e.g. 'gitlab', 'atlassian')
+     * @returns The decrypted StoredToken, or null if no token is stored.
+     * @throws StoreError(TOKEN_DECRYPTION_FAILED) when the stored ciphertext
+     *         fails GCM authentication — indicates key mismatch or data tampering.
+     */
+    get(service: string): StoredToken | null;
+    /**
+     * Insert or update the token for a service (upsert semantics).
+     *
+     * Serialises the token to JSON, encrypts it, then writes to the `tokens`
+     * table using INSERT OR REPLACE. The `updated_at` column is refreshed
+     * automatically by the SQL default expression.
+     *
+     * @param service - Service identifier
+     * @param token   - Token data to persist
+     * @throws StoreError(DB_WRITE_FAILED) on SQLite write failure.
+     */
+    upsert(service: string, token: StoredToken): void;
+    /**
+     * Remove the token for a service.
+     *
+     * No-op when no token exists for the given service.
+     *
+     * @param service - Service identifier to remove
+     */
+    delete(service: string): void;
+    /**
+     * List all services that have a stored token.
+     *
+     * Does not decrypt any token data — reads only the `service` and
+     * `updated_at` columns from the `tokens` table.
+     *
+     * @returns Array of entries, each with the service name and last-updated
+     *          timestamp as an ISO 8601 string.
+     */
+    list(): Array<{
+        service: string;
+        updatedAt: string;
+    }>;
+    /**
+     * Close the underlying database connection.
+     *
+     * Must be called when the token store is no longer needed (e.g. on daemon
+     * shutdown) to release the file lock and flush WAL frames. After calling
+     * `close()`, any subsequent call to `get`, `upsert`, `delete`, or `list`
+     * is undefined behaviour.
+     */
+    close(): void;
+}
+/**
+ * Port interface for AES-256-GCM encryption.
+ *
+ * Implemented by `createEncryptor` in `encrypt.ts`. The Buffer-in / Buffer-out
+ * contract keeps the interface free of Node.js crypto internals so test doubles
+ * can implement it without the full crypto pipeline.
+ *
+ * Wire format: `nonce (12 bytes) || ciphertext (N bytes) || auth tag (16 bytes)`.
+ * This layout is byte-compatible with the Go implementation in
+ * `padua-mcp/internal/store/encrypt.go`.
+ */
+export interface Encryptor {
+    /**
+     * Encrypt plaintext using AES-256-GCM.
+     *
+     * Generates a fresh 12-byte random nonce per call (nonce reuse is a
+     * catastrophic failure for GCM — never pass a nonce as an argument).
+     *
+     * @param plaintext - Raw bytes to encrypt
+     * @returns Combined buffer: nonce (12) || ciphertext (N) || auth tag (16)
+     */
+    encrypt(plaintext: Buffer): Buffer;
+    /**
+     * Decrypt a combined AES-256-GCM buffer produced by `encrypt`.
+     *
+     * Slices the nonce from bytes 0–11, the auth tag from the final 16 bytes,
+     * and the ciphertext from everything in between. Calls `setAuthTag` before
+     * `final()` so Node.js crypto verifies the GCM authentication tag.
+     *
+     * @param ciphertext - Combined buffer: nonce (12) || ciphertext (N) || tag (16)
+     * @returns Decrypted plaintext bytes
+     * @throws StoreError(TOKEN_DECRYPTION_FAILED) — never a generic Error —
+     *         when the GCM authentication tag check fails. Indicates either a
+     *         wrong encryption key or data tampering.
+     */
+    decrypt(ciphertext: Buffer): Buffer;
+}
+/**
+ * Result returned by store migration utilities.
+ *
+ * Used by `runMigrations` in `migrate.ts` and by any future migration helper
+ * that moves tokens from a legacy format (e.g. plain-text JSON files) to the
+ * encrypted SQLite store.
+ */
+export interface MigrationResult {
+    /**
+     * Whether a migration was actually performed.
+     * `true` when schema changes were applied; `false` when already up to date.
+     */
+    migrated: boolean;
+    /**
+     * Human-readable explanation of why migration was skipped or what happened.
+     * Present when `migrated` is false and a non-trivial skip condition exists.
+     */
+    reason?: string;
+    /**
+     * Number of token rows affected or created during the migration.
+     * Populated when a data migration (not just schema migration) was performed.
+     */
+    tokensCount?: number;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/mcp/store/types.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/mcp/store/types.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAMH;;;;;GAKG;AACH,MAAM,MAAM,WAAW,GAAG,QAAQ,GAAG,WAAW,CAAC;AAMjD;;;;;;;;;;GAUG;AACH,MAAM,WAAW,WAAW;IAC1B,sEAAsE;IACtE,WAAW,EAAE,MAAM,CAAC;IAEpB,yEAAyE;IACzE,YAAY,EAAE,MAAM,CAAC;IAErB;;;OAGG;IACH,SAAS,EAAE,MAAM,CAAC;IAElB;;;OAGG;IACH,SAAS,EAAE,MAAM,CAAC;IAElB,4CAA4C;IAC5C,MAAM,EAAE,MAAM,EAAE,CAAC;IAEjB;;;OAGG;IACH,OAAO,CAAC,EAAE,MAAM,CAAC;IAEjB;;;;OAIG;IACH,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAMD;;;;;;;;;;GAUG;AACH,MAAM,WAAW,UAAU;IACzB;;;;;;;OAOG;IACH,GAAG,CAAC,OAAO,EAAE,MAAM,GAAG,WAAW,GAAG,IAAI,CAAC;IAEzC;;;;;;;;;;OAUG;IACH,MAAM,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,WAAW,GAAG,IAAI,CAAC;IAElD;;;;;;OAMG;IACH,MAAM,CAAC,OAAO,EAAE,MAAM,GAAG,IAAI,CAAC;IAE9B;;;;;;;;OAQG;IACH,IAAI,IAAI,KAAK,CAAC;QAAE,OAAO,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;IAEtD;;;;;;;OAOG;IACH,KAAK,IAAI,IAAI,CAAC;CACf;AAMD;;;;;;;;;;GAUG;AACH,MAAM,WAAW,SAAS;IACxB;;;;;;;;OAQG;IACH,OAAO,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,CAAC;IAEnC;;;;;;;;;;;;OAYG;IACH,OAAO,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,CAAC;CACrC;AAMD;;;;;;GAMG;AACH,MAAM,WAAW,eAAe;IAC9B;;;OAGG;IACH,QAAQ,EAAE,OAAO,CAAC;IAElB;;;OAGG;IACH,MAAM,CAAC,EAAE,MAAM,CAAC;IAEhB;;;OAGG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB"}

package/dist/mcp/store/types.js ADDED Viewed

@@ -0,0 +1,13 @@
+"use strict";
+/**
+ * Token store type definitions for the MCP server integration.
+ *
+ * Defines the core interfaces that the AES-256-GCM encryption module and
+ * the SQLite-backed token store implement. No implementation details, no
+ * external dependencies — pure TypeScript interfaces.
+ *
+ * Wire format for AES-256-GCM (Go-compatible):
+ *   [ nonce (12 bytes) ][ ciphertext (N bytes) ][ auth tag (16 bytes) ]
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=types.js.map

package/dist/mcp/store/types.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"types.js","sourceRoot":"","sources":["../../../src/mcp/store/types.ts"],"names":[],"mappings":";AAAA;;;;;;;;;GASG"}

package/dist/mcp/token/http-client.d.ts ADDED Viewed

@@ -0,0 +1,3 @@
+import type { TokenManager, ApiClient, ApiClientOptions } from './types';
+export declare function createApiClient(options: ApiClientOptions, tokenManager: TokenManager): ApiClient;
+//# sourceMappingURL=http-client.d.ts.map

package/dist/mcp/token/http-client.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"http-client.d.ts","sourceRoot":"","sources":["../../../src/mcp/token/http-client.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,YAAY,EAAE,SAAS,EAAE,gBAAgB,EAAe,MAAM,SAAS,CAAC;AAiLtF,wBAAgB,eAAe,CAAC,OAAO,EAAE,gBAAgB,EAAE,YAAY,EAAE,YAAY,GAAG,SAAS,CAgEhG"}

package/dist/mcp/token/http-client.js ADDED Viewed

@@ -0,0 +1,186 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createApiClient = createApiClient;
+const node_https_1 = require("node:https");
+const node_http_1 = require("node:http");
+const node_url_1 = require("node:url");
+const errors_1 = require("../errors");
+const DEFAULT_TIMEOUT_MS = 30_000;
+const MAX_PAGES = 100;
+const PROVIDER = 'http-client';
+// ---------------------------------------------------------------------------
+// Low-level request
+// ---------------------------------------------------------------------------
+function buildUrl(baseUrl, path, params) {
+    const url = new node_url_1.URL(path, baseUrl);
+    if (params) {
+        for (const [key, value] of Object.entries(params)) {
+            url.searchParams.set(key, value);
+        }
+    }
+    return url.toString();
+}
+function collectBody(chunks) {
+    return Buffer.concat(chunks).toString('utf8');
+}
+function parseJsonBody(raw) {
+    if (!raw)
+        return null;
+    try {
+        return JSON.parse(raw);
+    }
+    catch {
+        return raw;
+    }
+}
+function handleErrorStatus(status, body, headers) {
+    if (status === 401) {
+        throw new errors_1.ProviderError('API request unauthorized (401)', errors_1.ErrorCodes.API_UNAUTHORIZED, PROVIDER);
+    }
+    if (status === 429) {
+        const retryAfter = headers['retry-after'];
+        const suffix = retryAfter ? ` Retry-After: ${retryAfter}` : '';
+        throw new errors_1.ProviderError(`API rate limited (429).${suffix}`, errors_1.ErrorCodes.API_RATE_LIMITED, PROVIDER);
+    }
+    throw new errors_1.ProviderError(`API request failed with status ${status}: ${body}`, `HTTP_${status}`, PROVIDER);
+}
+async function makeRequest(options, tokenManager, method, url, body) {
+    const token = await tokenManager.getAccessToken();
+    const parsed = new node_url_1.URL(url);
+    const isHttps = parsed.protocol === 'https:';
+    const requestFn = isHttps ? node_https_1.request : node_http_1.request;
+    const timeoutMs = options.timeout ?? DEFAULT_TIMEOUT_MS;
+    const bodyStr = body !== undefined ? JSON.stringify(body) : undefined;
+    const reqOptions = {
+        hostname: parsed.hostname,
+        port: parsed.port || (isHttps ? 443 : 80),
+        path: parsed.pathname + parsed.search,
+        method,
+        headers: {
+            Authorization: `Bearer ${token}`,
+            Accept: 'application/json',
+            'User-Agent': 'padua-cli',
+            ...(bodyStr !== undefined
+                ? { 'Content-Type': 'application/json', 'Content-Length': Buffer.byteLength(bodyStr) }
+                : {}),
+        },
+    };
+    return new Promise((resolve, reject) => {
+        const req = requestFn(reqOptions, (res) => {
+            const chunks = [];
+            res.on('data', (chunk) => chunks.push(chunk));
+            res.on('end', () => {
+                const rawBody = collectBody(chunks);
+                const status = res.statusCode ?? 0;
+                const headers = {};
+                for (const [key, value] of Object.entries(res.headers)) {
+                    if (value !== undefined) {
+                        headers[key.toLowerCase()] = Array.isArray(value) ? value.join(', ') : value;
+                    }
+                }
+                if (status < 200 || status > 299) {
+                    try {
+                        handleErrorStatus(status, rawBody, headers);
+                    }
+                    catch (err) {
+                        reject(err);
+                    }
+                    return;
+                }
+                resolve({ status, headers, body: parseJsonBody(rawBody) });
+            });
+        });
+        const timer = setTimeout(() => {
+            req.destroy();
+            reject(new errors_1.ProviderError(`API request timed out after ${timeoutMs}ms`, errors_1.ErrorCodes.API_TIMEOUT, PROVIDER));
+        }, timeoutMs);
+        req.on('error', (err) => {
+            clearTimeout(timer);
+            // destroy fires an error event too — avoid double-reject after timeout
+            if (err.code === 'ECONNRESET') {
+                // already rejected by timeout handler
+                return;
+            }
+            reject(new errors_1.ProviderError(`Request error: ${err.message}`, errors_1.ErrorCodes.API_TIMEOUT, PROVIDER));
+        });
+        req.on('close', () => clearTimeout(timer));
+        if (bodyStr !== undefined) {
+            req.write(bodyStr);
+        }
+        req.end();
+    });
+}
+// ---------------------------------------------------------------------------
+// Pagination helpers
+// ---------------------------------------------------------------------------
+function gitlabNextPage(headers) {
+    const next = headers['x-next-page'];
+    return next && next.trim() ? next.trim() : null;
+}
+function atlassianNextUrl(body) {
+    if (body && typeof body === 'object') {
+        const page = body;
+        const next = page._links?.next;
+        return next && typeof next === 'string' ? next : null;
+    }
+    return null;
+}
+// ---------------------------------------------------------------------------
+// Public factory
+// ---------------------------------------------------------------------------
+function createApiClient(options, tokenManager) {
+    async function get(path, params) {
+        const url = buildUrl(options.baseUrl, path, params);
+        return makeRequest(options, tokenManager, 'GET', url);
+    }
+    async function post(path, body) {
+        const url = buildUrl(options.baseUrl, path);
+        return makeRequest(options, tokenManager, 'POST', url, body);
+    }
+    async function put(path, body) {
+        const url = buildUrl(options.baseUrl, path);
+        return makeRequest(options, tokenManager, 'PUT', url, body);
+    }
+    async function del(path) {
+        const url = buildUrl(options.baseUrl, path);
+        return makeRequest(options, tokenManager, 'DELETE', url);
+    }
+    async function getAllPages(path, params) {
+        const accumulated = [];
+        let pageNum = 1;
+        let nextUrl = null;
+        for (let i = 0; i < MAX_PAGES; i++) {
+            let response;
+            if (nextUrl) {
+                response = await makeRequest(options, tokenManager, 'GET', nextUrl);
+            }
+            else {
+                const pageParams = pageNum === 1 ? params : { ...params, page: String(pageNum) };
+                response = await get(path, pageParams);
+            }
+            if (Array.isArray(response.body)) {
+                accumulated.push(...response.body);
+            }
+            else {
+                accumulated.push(response.body);
+            }
+            // GitLab pagination takes priority
+            const gitlabNext = gitlabNextPage(response.headers);
+            if (gitlabNext) {
+                pageNum = parseInt(gitlabNext, 10);
+                nextUrl = null;
+                continue;
+            }
+            // Atlassian pagination
+            const atlassianNext = atlassianNextUrl(response.body);
+            if (atlassianNext) {
+                nextUrl = atlassianNext;
+                continue;
+            }
+            break;
+        }
+        return accumulated;
+    }
+    return { get, post, put, delete: del, getAllPages };
+}
+//# sourceMappingURL=http-client.js.map

package/dist/mcp/token/http-client.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"http-client.js","sourceRoot":"","sources":["../../../src/mcp/token/http-client.ts"],"names":[],"mappings":";;AAqLA,0CAgEC;AArPD,2CAAqD;AACrD,yCAAmD;AACnD,uCAA+B;AAC/B,sCAAsD;AAGtD,MAAM,kBAAkB,GAAG,MAAM,CAAC;AAClC,MAAM,SAAS,GAAG,GAAG,CAAC;AACtB,MAAM,QAAQ,GAAG,aAAa,CAAC;AAa/B,8EAA8E;AAC9E,oBAAoB;AACpB,8EAA8E;AAE9E,SAAS,QAAQ,CAAC,OAAe,EAAE,IAAY,EAAE,MAA+B;IAC9E,MAAM,GAAG,GAAG,IAAI,cAAG,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IACnC,IAAI,MAAM,EAAE,CAAC;QACX,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YAClD,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QACnC,CAAC;IACH,CAAC;IACD,OAAO,GAAG,CAAC,QAAQ,EAAE,CAAC;AACxB,CAAC;AAED,SAAS,WAAW,CAAC,MAAgB;IACnC,OAAO,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;AAChD,CAAC;AAED,SAAS,aAAa,CAAC,GAAW;IAChC,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,CAAC;IACtB,IAAI,CAAC;QACH,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAY,CAAC;IACpC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,GAAG,CAAC;IACb,CAAC;AACH,CAAC;AAED,SAAS,iBAAiB,CAAC,MAAc,EAAE,IAAY,EAAE,OAA+B;IACtF,IAAI,MAAM,KAAK,GAAG,EAAE,CAAC;QACnB,MAAM,IAAI,sBAAa,CAAC,gCAAgC,EAAE,mBAAU,CAAC,gBAAgB,EAAE,QAAQ,CAAC,CAAC;IACnG,CAAC;IAED,IAAI,MAAM,KAAK,GAAG,EAAE,CAAC;QACnB,MAAM,UAAU,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC;QAC1C,MAAM,MAAM,GAAG,UAAU,CAAC,CAAC,CAAC,iBAAiB,UAAU,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAC/D,MAAM,IAAI,sBAAa,CACrB,0BAA0B,MAAM,EAAE,EAClC,mBAAU,CAAC,gBAAgB,EAC3B,QAAQ,CACT,CAAC;IACJ,CAAC;IAED,MAAM,IAAI,sBAAa,CACrB,kCAAkC,MAAM,KAAK,IAAI,EAAE,EACnD,QAAQ,MAAM,EAAE,EAChB,QAAQ,CACT,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,WAAW,CACxB,OAAyB,EACzB,YAA0B,EAC1B,MAAkB,EAClB,GAAW,EACX,IAAc;IAEd,MAAM,KAAK,GAAG,MAAM,YAAY,CAAC,cAAc,EAAE,CAAC;IAClD,MAAM,MAAM,GAAG,IAAI,cAAG,CAAC,GAAG,CAAC,CAAC;IAC5B,MAAM,OAAO,GAAG,MAAM,CAAC,QAAQ,KAAK,QAAQ,CAAC;IAC7C,MAAM,SAAS,GAAG,OAAO,CAAC,CAAC,CAAC,oBAAY,CAAC,CAAC,CAAC,mBAAW,CAAC;IACvD,MAAM,SAAS,GAAG,OAAO,CAAC,OAAO,IAAI,kBAAkB,CAAC;IAExD,MAAM,OAAO,GAAG,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;IAEtE,MAAM,UAAU,GAAG;QACjB,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,IAAI,EAAE,MAAM,CAAC,IAAI,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC;QACzC,IAAI,EAAE,MAAM,CAAC,QAAQ,GAAG,MAAM,CAAC,MAAM;QACrC,MAAM;QACN,OAAO,EAAE;YACP,aAAa,EAAE,UAAU,KAAK,EAAE;YAChC,MAAM,EAAE,kBAAkB;YAC1B,YAAY,EAAE,WAAW;YACzB,GAAG,CAAC,OAAO,KAAK,SAAS;gBACvB,CAAC,CAAC,EAAE,cAAc,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,MAAM,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE;gBACtF,CAAC,CAAC,EAAE,CAAC;SACR;KACF,CAAC;IAEF,OAAO,IAAI,OAAO,CAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrD,MAAM,GAAG,GAAG,SAAS,CAAC,UAAU,EAAE,CAAC,GAAG,EAAE,EAAE;YACxC,MAAM,MAAM,GAAa,EAAE,CAAC;YAC5B,GAAG,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;YACtD,GAAG,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE;gBACjB,MAAM,OAAO,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;gBACpC,MAAM,MAAM,GAAG,GAAG,CAAC,UAAU,IAAI,CAAC,CAAC;gBAEnC,MAAM,OAAO,GAA2B,EAAE,CAAC;gBAC3C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC;oBACvD,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;wBACxB,OAAO,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,GAAG,KAAK,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;oBAC/E,CAAC;gBACH,CAAC;gBAED,IAAI,MAAM,GAAG,GAAG,IAAI,MAAM,GAAG,GAAG,EAAE,CAAC;oBACjC,IAAI,CAAC;wBACH,iBAAiB,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;oBAC9C,CAAC;oBAAC,OAAO,GAAG,EAAE,CAAC;wBACb,MAAM,CAAC,GAAG,CAAC,CAAC;oBACd,CAAC;oBACD,OAAO;gBACT,CAAC;gBAED,OAAO,CAAC,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,aAAa,CAAC,OAAO,CAAM,EAAE,CAAC,CAAC;YAClE,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;YAC5B,GAAG,CAAC,OAAO,EAAE,CAAC;YACd,MAAM,CACJ,IAAI,sBAAa,CACf,+BAA+B,SAAS,IAAI,EAC5C,mBAAU,CAAC,WAAW,EACtB,QAAQ,CACT,CACF,CAAC;QACJ,CAAC,EAAE,SAAS,CAAC,CAAC;QAEd,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAU,EAAE,EAAE;YAC7B,YAAY,CAAC,KAAK,CAAC,CAAC;YACpB,uEAAuE;YACvE,IAAK,GAA6B,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBACzD,sCAAsC;gBACtC,OAAO;YACT,CAAC;YACD,MAAM,CAAC,IAAI,sBAAa,CAAC,kBAAkB,GAAG,CAAC,OAAO,EAAE,EAAE,mBAAU,CAAC,WAAW,EAAE,QAAQ,CAAC,CAAC,CAAC;QAC/F,CAAC,CAAC,CAAC;QAEH,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,CAAC;QAE3C,IAAI,OAAO,KAAK,SAAS,EAAE,CAAC;YAC1B,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACrB,CAAC;QAED,GAAG,CAAC,GAAG,EAAE,CAAC;IACZ,CAAC,CAAC,CAAC;AACL,CAAC;AAED,8EAA8E;AAC9E,qBAAqB;AACrB,8EAA8E;AAE9E,SAAS,cAAc,CAAC,OAA+B;IACrD,MAAM,IAAI,GAAG,OAAO,CAAC,aAAa,CAAC,CAAC;IACpC,OAAO,IAAI,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;AAClD,CAAC;AAED,SAAS,gBAAgB,CAAC,IAAa;IACrC,IAAI,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QACrC,MAAM,IAAI,GAAG,IAAqB,CAAC;QACnC,MAAM,IAAI,GAAG,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC;QAC/B,OAAO,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;IACxD,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,8EAA8E;AAC9E,iBAAiB;AACjB,8EAA8E;AAE9E,SAAgB,eAAe,CAAC,OAAyB,EAAE,YAA0B;IACnF,KAAK,UAAU,GAAG,CAAI,IAAY,EAAE,MAA+B;QACjE,MAAM,GAAG,GAAG,QAAQ,CAAC,OAAO,CAAC,OAAO,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;QACpD,OAAO,WAAW,CAAI,OAAO,EAAE,YAAY,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC;IAC3D,CAAC;IAED,KAAK,UAAU,IAAI,CAAI,IAAY,EAAE,IAAc;QACjD,MAAM,GAAG,GAAG,QAAQ,CAAC,OAAO,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;QAC5C,OAAO,WAAW,CAAI,OAAO,EAAE,YAAY,EAAE,MAAM,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;IAClE,CAAC;IAED,KAAK,UAAU,GAAG,CAAI,IAAY,EAAE,IAAc;QAChD,MAAM,GAAG,GAAG,QAAQ,CAAC,OAAO,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;QAC5C,OAAO,WAAW,CAAI,OAAO,EAAE,YAAY,EAAE,KAAK,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;IACjE,CAAC;IAED,KAAK,UAAU,GAAG,CAAI,IAAY;QAChC,MAAM,GAAG,GAAG,QAAQ,CAAC,OAAO,CAAC,OAAO,EAAE,IAAI,CAAC,CAAC;QAC5C,OAAO,WAAW,CAAI,OAAO,EAAE,YAAY,EAAE,QAAQ,EAAE,GAAG,CAAC,CAAC;IAC9D,CAAC;IAED,KAAK,UAAU,WAAW,CAAI,IAAY,EAAE,MAA+B;QACzE,MAAM,WAAW,GAAQ,EAAE,CAAC;QAC5B,IAAI,OAAO,GAAG,CAAC,CAAC;QAChB,IAAI,OAAO,GAAkB,IAAI,CAAC;QAElC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,SAAS,EAAE,CAAC,EAAE,EAAE,CAAC;YACnC,IAAI,QAA8B,CAAC;YAEnC,IAAI,OAAO,EAAE,CAAC;gBACZ,QAAQ,GAAG,MAAM,WAAW,CAAC,OAAO,EAAE,YAAY,EAAE,KAAK,EAAE,OAAO,CAAC,CAAC;YACtE,CAAC;iBAAM,CAAC;gBACN,MAAM,UAAU,GAAG,OAAO,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,GAAG,MAAM,EAAE,IAAI,EAAE,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;gBACjF,QAAQ,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;YACzC,CAAC;YAED,IAAI,KAAK,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;gBACjC,WAAW,CAAC,IAAI,CAAC,GAAI,QAAQ,CAAC,IAAY,CAAC,CAAC;YAC9C,CAAC;iBAAM,CAAC;gBACN,WAAW,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAS,CAAC,CAAC;YACvC,CAAC;YAED,mCAAmC;YACnC,MAAM,UAAU,GAAG,cAAc,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;YACpD,IAAI,UAAU,EAAE,CAAC;gBACf,OAAO,GAAG,QAAQ,CAAC,UAAU,EAAE,EAAE,CAAC,CAAC;gBACnC,OAAO,GAAG,IAAI,CAAC;gBACf,SAAS;YACX,CAAC;YAED,uBAAuB;YACvB,MAAM,aAAa,GAAG,gBAAgB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YACtD,IAAI,aAAa,EAAE,CAAC;gBAClB,OAAO,GAAG,aAAa,CAAC;gBACxB,SAAS;YACX,CAAC;YAED,MAAM;QACR,CAAC;QAED,OAAO,WAAW,CAAC;IACrB,CAAC;IAED,OAAO,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,MAAM,EAAE,GAAG,EAAE,WAAW,EAAE,CAAC;AACtD,CAAC"}

package/dist/mcp/token/index.d.ts ADDED Viewed

@@ -0,0 +1,5 @@
+export type { OAuthConfig, TokenResult, TokenManager, TokenStatus, ApiClient, ApiClientOptions, ApiResponse, PKCEPair, } from './types';
+export { NullTokenManager } from './null-token-manager';
+export { OAuthTokenManager } from './manager';
+export { generatePKCE, buildAuthUrl, exchangeCode, refreshToken, startCallbackServer, openBrowser } from './oauth';
+//# sourceMappingURL=index.d.ts.map

package/dist/mcp/token/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/mcp/token/index.ts"],"names":[],"mappings":"AAAA,YAAY,EACV,WAAW,EACX,WAAW,EACX,YAAY,EACZ,WAAW,EACX,SAAS,EACT,gBAAgB,EAChB,WAAW,EACX,QAAQ,GACT,MAAM,SAAS,CAAC;AACjB,OAAO,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AACxD,OAAO,EAAE,iBAAiB,EAAE,MAAM,WAAW,CAAC;AAC9C,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,YAAY,EAAE,YAAY,EAAE,mBAAmB,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC"}

package/dist/mcp/token/index.js ADDED Viewed

@@ -0,0 +1,15 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.openBrowser = exports.startCallbackServer = exports.refreshToken = exports.exchangeCode = exports.buildAuthUrl = exports.generatePKCE = exports.OAuthTokenManager = exports.NullTokenManager = void 0;
+var null_token_manager_1 = require("./null-token-manager");
+Object.defineProperty(exports, "NullTokenManager", { enumerable: true, get: function () { return null_token_manager_1.NullTokenManager; } });
+var manager_1 = require("./manager");
+Object.defineProperty(exports, "OAuthTokenManager", { enumerable: true, get: function () { return manager_1.OAuthTokenManager; } });
+var oauth_1 = require("./oauth");
+Object.defineProperty(exports, "generatePKCE", { enumerable: true, get: function () { return oauth_1.generatePKCE; } });
+Object.defineProperty(exports, "buildAuthUrl", { enumerable: true, get: function () { return oauth_1.buildAuthUrl; } });
+Object.defineProperty(exports, "exchangeCode", { enumerable: true, get: function () { return oauth_1.exchangeCode; } });
+Object.defineProperty(exports, "refreshToken", { enumerable: true, get: function () { return oauth_1.refreshToken; } });
+Object.defineProperty(exports, "startCallbackServer", { enumerable: true, get: function () { return oauth_1.startCallbackServer; } });
+Object.defineProperty(exports, "openBrowser", { enumerable: true, get: function () { return oauth_1.openBrowser; } });
+//# sourceMappingURL=index.js.map

package/dist/mcp/token/index.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/mcp/token/index.ts"],"names":[],"mappings":";;;AAUA,2DAAwD;AAA/C,sHAAA,gBAAgB,OAAA;AACzB,qCAA8C;AAArC,4GAAA,iBAAiB,OAAA;AAC1B,iCAAmH;AAA1G,qGAAA,YAAY,OAAA;AAAE,qGAAA,YAAY,OAAA;AAAE,qGAAA,YAAY,OAAA;AAAE,qGAAA,YAAY,OAAA;AAAE,4GAAA,mBAAmB,OAAA;AAAE,oGAAA,WAAW,OAAA"}