@phantom/mcp-server 0.1.0

package/dist/index.js

@@ -0,0 +1,1448 @@
+#!/usr/bin/env node
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/index.ts
+var src_exports = {};
+__export(src_exports, {
+  SessionManager: () => SessionManager
+});
+module.exports = __toCommonJS(src_exports);
+
+// src/server.ts
+var import_server = require("@modelcontextprotocol/sdk/server/index.js");
+var import_stdio = require("@modelcontextprotocol/sdk/server/stdio.js");
+var import_types = require("@modelcontextprotocol/sdk/types.js");
+
+// src/session/manager.ts
+var import_client = require("@phantom/client");
+var import_api_key_stamper = require("@phantom/api-key-stamper");
+
+// src/session/storage.ts
+var fs = __toESM(require("fs"));
+var path = __toESM(require("path"));
+var os = __toESM(require("os"));
+var SessionStorage = class {
+  constructor(sessionDir) {
+    this.sessionDir = sessionDir || path.join(os.homedir(), ".phantom-mcp");
+    this.sessionFile = path.join(this.sessionDir, "session.json");
+  }
+  /**
+   * Ensures session directory exists with secure permissions (0o700)
+   */
+  ensureSessionDir() {
+    try {
+      fs.mkdirSync(this.sessionDir, { mode: 448, recursive: true });
+    } catch (error) {
+      const err = error;
+      if (err.code !== "EEXIST") {
+        throw error;
+      }
+    }
+    try {
+      fs.chmodSync(this.sessionDir, 448);
+    } catch {
+    }
+  }
+  /**
+   * Loads session data from disk
+   * @returns SessionData if exists and valid, null otherwise
+   */
+  load() {
+    try {
+      if (!fs.existsSync(this.sessionFile)) {
+        return null;
+      }
+      const data = fs.readFileSync(this.sessionFile, "utf-8");
+      const session = JSON.parse(data);
+      if (typeof session.walletId !== "string" || typeof session.organizationId !== "string" || typeof session.authUserId !== "string" || typeof session.stamperKeys?.publicKey !== "string" || typeof session.stamperKeys?.secretKey !== "string" || typeof session.createdAt !== "number" || typeof session.updatedAt !== "number") {
+        return null;
+      }
+      return session;
+    } catch (error) {
+      return null;
+    }
+  }
+  /**
+   * Saves session data to disk with secure permissions (0o600)
+   * @param session Session data to save
+   */
+  save(session) {
+    this.ensureSessionDir();
+    const data = JSON.stringify(session, null, 2);
+    fs.writeFileSync(this.sessionFile, data, { mode: 384 });
+  }
+  /**
+   * Deletes the session file from disk
+   */
+  delete() {
+    try {
+      if (fs.existsSync(this.sessionFile)) {
+        fs.unlinkSync(this.sessionFile);
+      }
+    } catch (error) {
+    }
+  }
+  /**
+   * Checks if a session is expired
+   * @param session Session data to check
+   * @returns false - SSO sessions don't expire (stamper keys are permanent)
+   */
+  isExpired(_session) {
+    return false;
+  }
+};
+
+// src/auth/oauth.ts
+var crypto = __toESM(require("crypto"));
+var import_axios2 = __toESM(require("axios"));
+var import_open = __toESM(require("open"));
+
+// src/utils/logger.ts
+var Logger = class {
+  constructor(context = "MCP") {
+    this.context = context;
+  }
+  /**
+   * Private method to write to stderr with proper formatting
+   */
+  log(level, message) {
+    const timestamp = (/* @__PURE__ */ new Date()).toISOString();
+    const logMessage = `[${timestamp}] [${level}] [${this.context}] ${message}
+`;
+    process.stderr.write(logMessage);
+  }
+  /**
+   * Log info message
+   */
+  info(message) {
+    this.log("INFO", message);
+  }
+  /**
+   * Log error message
+   */
+  error(message) {
+    this.log("ERROR", message);
+  }
+  /**
+   * Log warning message
+   */
+  warn(message) {
+    this.log("WARN", message);
+  }
+  /**
+   * Log debug message (only if DEBUG or PHANTOM_MCP_DEBUG env var is set)
+   */
+  debug(message) {
+    if (process.env.DEBUG || process.env.PHANTOM_MCP_DEBUG) {
+      this.log("DEBUG", message);
+    }
+  }
+  /**
+   * Create a child logger with combined context
+   * Example: parent context "MCP" + child "Transport" = "MCP:Transport"
+   */
+  child(childContext) {
+    return new Logger(`${this.context}:${childContext}`);
+  }
+};
+var logger = new Logger();
+
+// src/auth/dcr.ts
+var import_axios = __toESM(require("axios"));
+var DCRClient = class {
+  /**
+   * Creates a new DCR client
+   *
+   * @param authBaseUrl - Base URL of the authorization server (default: https://auth.phantom.app or PHANTOM_AUTH_BASE_URL env var)
+   * @param appId - Application identifier prefix (default: phantom-mcp)
+   */
+  constructor(authBaseUrl = process.env.PHANTOM_AUTH_BASE_URL ?? "https://auth.phantom.app", appId = "phantom-mcp") {
+    this.authBaseUrl = authBaseUrl;
+    this.appId = appId;
+    this.logger = new Logger("DCR");
+  }
+  /**
+   * Registers a new OAuth client dynamically with the authorization server
+   *
+   * @param redirectUri - The redirect URI where the authorization server will send callbacks
+   * @returns Promise resolving to the client configuration (client_id, client_secret, etc.)
+   * @throws Error if registration fails
+   */
+  async register(redirectUri) {
+    const registrationEndpoint = `${this.authBaseUrl}/oauth/register`;
+    const clientName = `${this.appId}-${Date.now()}`;
+    const payload = {
+      client_name: clientName,
+      redirect_uris: [redirectUri],
+      grant_types: ["authorization_code", "refresh_token"],
+      response_types: ["code"],
+      application_type: "native",
+      token_endpoint_auth_method: "client_secret_basic"
+    };
+    this.logger.info(`Registering OAuth client: ${clientName}`);
+    this.logger.debug(`Registration endpoint: ${registrationEndpoint}`);
+    this.logger.debug(`Redirect URI: ${redirectUri}`);
+    try {
+      const response = await import_axios.default.post(registrationEndpoint, payload, {
+        headers: {
+          "Content-Type": "application/json"
+        }
+      });
+      this.logger.info(`Successfully registered client: ${response.data.client_id}`);
+      return {
+        client_id: response.data.client_id,
+        client_secret: response.data.client_secret,
+        client_id_issued_at: response.data.client_id_issued_at
+      };
+    } catch (error) {
+      const axiosError = error;
+      const errorMessage = axiosError.response?.data ? JSON.stringify(axiosError.response.data) : axiosError.message;
+      this.logger.error(`Failed to register OAuth client: ${errorMessage}`);
+      throw new Error(`Dynamic Client Registration failed: ${errorMessage}`);
+    }
+  }
+};
+
+// src/auth/callback-server.ts
+var http = __toESM(require("http"));
+var import_url = require("url");
+var CallbackServer = class {
+  /**
+   * Creates a new callback server
+   *
+   * @param options - Server configuration options
+   * @param options.port - Port to listen on (default: 8080)
+   * @param options.host - Host to bind to (default: localhost)
+   * @param options.path - Callback path (default: /callback)
+   * @param options.timeoutMs - Timeout in milliseconds (default: 300000 = 5 minutes)
+   */
+  constructor(options = {}) {
+    this.server = null;
+    this.listeningPromise = null;
+    this.listeningResolve = null;
+    this.listeningReject = null;
+    this.port = options.port ?? 8080;
+    this.host = options.host ?? "localhost";
+    this.path = options.path ?? "/callback";
+    this.timeoutMs = options.timeoutMs ?? 3e5;
+    this.logger = new Logger("CallbackServer");
+  }
+  /**
+   * Gets the callback URL that should be used in OAuth authorization requests
+   *
+   * @returns The callback URL (e.g., http://localhost:8080/callback)
+   */
+  getCallbackUrl() {
+    return `http://${this.host}:${this.port}${this.path}`;
+  }
+  /**
+   * Starts the server and waits for an OAuth callback
+   *
+   * This method:
+   * 1. Starts an HTTP server on the configured host/port
+   * 2. Waits for a GET request to /callback
+   * 3. Validates the state parameter (CSRF protection)
+   * 4. Extracts OAuth parameters from the query string
+   * 5. Sends an HTML response to the browser
+   * 6. Closes the server
+   * 7. Returns the callback parameters
+   *
+   * @param expectedState - The expected state parameter value (for CSRF protection)
+   * @returns Promise resolving to the OAuth callback parameters
+   * @throws Error if the callback times out, state validation fails, or parameters are missing
+   */
+  async waitForCallback(expectedState) {
+    return new Promise((resolve, reject) => {
+      let timeoutId = null;
+      let hasResponded = false;
+      this.listeningPromise = new Promise((listeningResolve, listeningReject) => {
+        this.listeningResolve = listeningResolve;
+        this.listeningReject = listeningReject;
+      });
+      this.server = http.createServer((req, res) => {
+        if (req.url?.includes("favicon.ico")) {
+          res.writeHead(404);
+          res.end();
+          return;
+        }
+        if (req.method !== "GET" || !req.url) {
+          res.writeHead(404, { "Content-Type": "text/html" });
+          res.end(this.getErrorPage("Invalid endpoint"));
+          return;
+        }
+        let url;
+        try {
+          url = new import_url.URL(req.url, `http://${this.host}:${this.port}`);
+        } catch {
+          res.writeHead(404, { "Content-Type": "text/html" });
+          res.end(this.getErrorPage("Invalid endpoint"));
+          return;
+        }
+        if (url.pathname !== this.path) {
+          res.writeHead(404, { "Content-Type": "text/html" });
+          res.end(this.getErrorPage("Invalid endpoint"));
+          return;
+        }
+        if (hasResponded) {
+          return;
+        }
+        hasResponded = true;
+        try {
+          const response_type = url.searchParams.get("response_type");
+          const session_id = url.searchParams.get("session_id");
+          const wallet_id = url.searchParams.get("wallet_id");
+          const organization_id = url.searchParams.get("organization_id");
+          const auth_user_id = url.searchParams.get("auth_user_id");
+          this.logger.info("Received SSO callback");
+          this.logger.debug(`Session ID: ${session_id}`);
+          this.logger.debug(`Response type: ${response_type}`);
+          if (!session_id || session_id !== expectedState) {
+            const error = "Invalid session_id parameter";
+            this.logger.error(error);
+            res.writeHead(400, { "Content-Type": "text/html" });
+            res.end(this.getErrorPage("Authorization failed: Invalid session_id"));
+            this.cleanup(timeoutId);
+            reject(new Error(error));
+            return;
+          }
+          if (response_type !== "success") {
+            const error = `SSO flow failed with response_type: ${response_type}`;
+            this.logger.error(error);
+            res.writeHead(400, { "Content-Type": "text/html" });
+            res.end(this.getErrorPage(`Authorization failed: ${response_type}`));
+            this.cleanup(timeoutId);
+            reject(new Error(error));
+            return;
+          }
+          if (!wallet_id) {
+            const error = "Missing wallet_id parameter";
+            this.logger.error(error);
+            res.writeHead(400, { "Content-Type": "text/html" });
+            res.end(this.getErrorPage("Authorization failed: Missing wallet_id"));
+            this.cleanup(timeoutId);
+            reject(new Error(error));
+            return;
+          }
+          if (!organization_id) {
+            const error = "Missing organization_id parameter";
+            this.logger.error(error);
+            res.writeHead(400, { "Content-Type": "text/html" });
+            res.end(this.getErrorPage("Authorization failed: Missing organization_id"));
+            this.cleanup(timeoutId);
+            reject(new Error(error));
+            return;
+          }
+          if (!auth_user_id) {
+            const error = "Missing auth_user_id parameter";
+            this.logger.error(error);
+            res.writeHead(400, { "Content-Type": "text/html" });
+            res.end(this.getErrorPage("Authorization failed: Missing auth_user_id"));
+            this.cleanup(timeoutId);
+            reject(new Error(error));
+            return;
+          }
+          this.logger.info("SSO callback successful");
+          res.writeHead(200, { "Content-Type": "text/html" });
+          res.end(this.getSuccessPage());
+          this.cleanup(timeoutId);
+          resolve({
+            session_id,
+            wallet_id,
+            organization_id,
+            auth_user_id
+          });
+        } catch (error) {
+          const errorMessage = error instanceof Error ? error.message : "Unknown error";
+          this.logger.error(`Failed to process callback: ${errorMessage}`);
+          res.writeHead(500, { "Content-Type": "text/html" });
+          res.end(this.getErrorPage("Internal server error"));
+          this.cleanup(timeoutId);
+          reject(new Error(`Failed to process callback: ${errorMessage}`));
+        }
+      });
+      this.server.listen(this.port, this.host, () => {
+        this.logger.info(`Callback server listening on ${this.getCallbackUrl()}`);
+        this.listeningResolve?.();
+        this.listeningResolve = null;
+        this.listeningReject = null;
+      });
+      this.server.on("error", (error) => {
+        this.logger.error(`Server error: ${error.message}`);
+        this.listeningReject?.(error);
+        this.listeningResolve = null;
+        this.listeningReject = null;
+        this.cleanup(timeoutId);
+        reject(new Error(`Server error: ${error.message}`));
+      });
+      timeoutId = setTimeout(() => {
+        if (!hasResponded) {
+          hasResponded = true;
+          this.logger.error("Callback timeout");
+          this.cleanup(null);
+          reject(new Error("OAuth callback timeout"));
+        }
+      }, this.timeoutMs);
+    });
+  }
+  /**
+   * Cleans up the server and timeout
+   *
+   * @param timeoutId - The timeout ID to clear, or null
+   */
+  cleanup(timeoutId) {
+    if (timeoutId) {
+      clearTimeout(timeoutId);
+    }
+    if (this.server) {
+      this.server.close(() => {
+        this.logger.info("Callback server closed");
+      });
+      this.server = null;
+    }
+    this.listeningPromise = null;
+    this.listeningResolve = null;
+    this.listeningReject = null;
+  }
+  /**
+   * Waits until the callback server is listening for requests
+   *
+   * @returns Promise resolving when the server is listening
+   */
+  async waitForListening() {
+    if (this.server?.listening) {
+      return;
+    }
+    if (!this.listeningPromise) {
+      throw new Error("Callback server has not been started");
+    }
+    return this.listeningPromise;
+  }
+  /**
+   * Generates an HTML success page
+   *
+   * @returns HTML string
+   */
+  getSuccessPage() {
+    return `<!DOCTYPE html>
+<html>
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>Authorization Successful</title>
+  <style>
+    body {
+      font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, sans-serif;
+      display: flex;
+      justify-content: center;
+      align-items: center;
+      min-height: 100vh;
+      margin: 0;
+      background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
+    }
+    .container {
+      background: white;
+      padding: 3rem;
+      border-radius: 1rem;
+      box-shadow: 0 20px 60px rgba(0, 0, 0, 0.3);
+      text-align: center;
+      max-width: 500px;
+    }
+    .checkmark {
+      width: 80px;
+      height: 80px;
+      border-radius: 50%;
+      display: block;
+      stroke-width: 2;
+      stroke: #4CAF50;
+      stroke-miterlimit: 10;
+      margin: 0 auto 2rem;
+      box-shadow: inset 0px 0px 0px #4CAF50;
+      animation: fill .4s ease-in-out .4s forwards, scale .3s ease-in-out .9s both;
+    }
+    .checkmark__circle {
+      stroke-dasharray: 166;
+      stroke-dashoffset: 166;
+      stroke-width: 2;
+      stroke-miterlimit: 10;
+      stroke: #4CAF50;
+      fill: none;
+      animation: stroke 0.6s cubic-bezier(0.65, 0, 0.45, 1) forwards;
+    }
+    .checkmark__check {
+      transform-origin: 50% 50%;
+      stroke-dasharray: 48;
+      stroke-dashoffset: 48;
+      animation: stroke 0.3s cubic-bezier(0.65, 0, 0.45, 1) 0.8s forwards;
+    }
+    @keyframes stroke {
+      100% {
+        stroke-dashoffset: 0;
+      }
+    }
+    @keyframes scale {
+      0%, 100% {
+        transform: none;
+      }
+      50% {
+        transform: scale3d(1.1, 1.1, 1);
+      }
+    }
+    @keyframes fill {
+      100% {
+        box-shadow: inset 0px 0px 0px 30px #4CAF50;
+      }
+    }
+    h1 {
+      color: #333;
+      margin-bottom: 1rem;
+    }
+    p {
+      color: #666;
+      line-height: 1.6;
+    }
+  </style>
+</head>
+<body>
+  <div class="container">
+    <svg class="checkmark" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 52 52">
+      <circle class="checkmark__circle" cx="26" cy="26" r="25" fill="none"/>
+      <path class="checkmark__check" fill="none" d="M14.1 27.2l7.1 7.2 16.7-16.8"/>
+    </svg>
+    <h1>Authorization Successful!</h1>
+    <p>You have successfully connected your Phantom wallet.</p>
+    <p>You can close this window and return to your application.</p>
+  </div>
+</body>
+</html>`;
+  }
+  /**
+   * Generates an HTML error page
+   *
+   * @param message - Error message to display
+   * @returns HTML string
+   */
+  getErrorPage(message) {
+    return `<!DOCTYPE html>
+<html>
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>Authorization Failed</title>
+  <style>
+    body {
+      font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, sans-serif;
+      display: flex;
+      justify-content: center;
+      align-items: center;
+      min-height: 100vh;
+      margin: 0;
+      background: linear-gradient(135deg, #f093fb 0%, #f5576c 100%);
+    }
+    .container {
+      background: white;
+      padding: 3rem;
+      border-radius: 1rem;
+      box-shadow: 0 20px 60px rgba(0, 0, 0, 0.3);
+      text-align: center;
+      max-width: 500px;
+    }
+    .error-icon {
+      width: 80px;
+      height: 80px;
+      border-radius: 50%;
+      display: block;
+      stroke-width: 2;
+      stroke: #f44336;
+      stroke-miterlimit: 10;
+      margin: 0 auto 2rem;
+      box-shadow: inset 0px 0px 0px #f44336;
+      animation: fill .4s ease-in-out .4s forwards, scale .3s ease-in-out .9s both;
+    }
+    .error-icon__circle {
+      stroke-dasharray: 166;
+      stroke-dashoffset: 166;
+      stroke-width: 2;
+      stroke-miterlimit: 10;
+      stroke: #f44336;
+      fill: none;
+      animation: stroke 0.6s cubic-bezier(0.65, 0, 0.45, 1) forwards;
+    }
+    .error-icon__cross {
+      transform-origin: 50% 50%;
+      stroke-dasharray: 48;
+      stroke-dashoffset: 48;
+      animation: stroke 0.3s cubic-bezier(0.65, 0, 0.45, 1) 0.8s forwards;
+    }
+    @keyframes stroke {
+      100% {
+        stroke-dashoffset: 0;
+      }
+    }
+    @keyframes scale {
+      0%, 100% {
+        transform: none;
+      }
+      50% {
+        transform: scale3d(1.1, 1.1, 1);
+      }
+    }
+    @keyframes fill {
+      100% {
+        box-shadow: inset 0px 0px 0px 30px #f44336;
+      }
+    }
+    h1 {
+      color: #333;
+      margin-bottom: 1rem;
+    }
+    p {
+      color: #666;
+      line-height: 1.6;
+    }
+    .error-message {
+      color: #f44336;
+      font-weight: 500;
+    }
+  </style>
+</head>
+<body>
+  <div class="container">
+    <svg class="error-icon" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 52 52">
+      <circle class="error-icon__circle" cx="26" cy="26" r="25" fill="none"/>
+      <path class="error-icon__cross" fill="none" d="M16 16 36 36 M36 16 16 36"/>
+    </svg>
+    <h1>Authorization Failed</h1>
+    <p class="error-message">${this.escapeHtml(message)}</p>
+    <p>Please close this window and try again.</p>
+  </div>
+</body>
+</html>`;
+  }
+  /**
+   * Escapes HTML special characters
+   *
+   * @param text - Text to escape
+   * @returns Escaped text
+   */
+  escapeHtml(text) {
+    const map = {
+      "&": "&amp;",
+      "<": "&lt;",
+      ">": "&gt;",
+      '"': "&quot;",
+      "'": "&#039;"
+    };
+    return text.replace(/[&<>"']/g, (char) => map[char]);
+  }
+};
+
+// src/auth/oauth.ts
+var OAuthFlow = class {
+  /**
+   * Creates a new OAuth flow
+   *
+   * @param options - OAuth flow configuration
+   * @param options.authBaseUrl - Base URL of the authorization server (default: https://auth.phantom.app or PHANTOM_AUTH_BASE_URL env var)
+   * @param options.connectBaseUrl - Base URL of Phantom Connect (default: https://connect.phantom.app or PHANTOM_CONNECT_BASE_URL env var)
+   * @param options.callbackPort - Port for the local callback server (default: 8080 or PHANTOM_CALLBACK_PORT env var)
+   * @param options.callbackPath - Path for the OAuth callback (default: /callback or PHANTOM_CALLBACK_PATH env var)
+   * @param options.appId - Application identifier prefix (default: phantom-mcp)
+   * @param options.provider - SSO provider (default: google or PHANTOM_SSO_PROVIDER env var)
+   */
+  constructor(options = {}) {
+    this.authBaseUrl = options.authBaseUrl ?? process.env.PHANTOM_AUTH_BASE_URL ?? "https://auth.phantom.app";
+    this.connectBaseUrl = options.connectBaseUrl ?? process.env.PHANTOM_CONNECT_BASE_URL ?? "https://connect.phantom.app";
+    const envPort = process.env.PHANTOM_CALLBACK_PORT?.trim();
+    const defaultPort = 8080;
+    if (options.callbackPort !== void 0) {
+      const port = options.callbackPort;
+      if (!Number.isInteger(port) || port <= 0 || port > 65535) {
+        throw new Error(`Invalid callbackPort: "${port}". Must be a valid port number between 1 and 65535.`);
+      }
+      this.callbackPort = port;
+    } else if (envPort !== void 0) {
+      const port = parseInt(envPort, 10);
+      if (isNaN(port) || port <= 0 || port > 65535) {
+        throw new Error(
+          `Invalid PHANTOM_CALLBACK_PORT: "${envPort}". Must be a valid port number between 1 and 65535.`
+        );
+      }
+      this.callbackPort = port;
+    } else {
+      this.callbackPort = defaultPort;
+    }
+    this.callbackPath = options.callbackPath ?? process.env.PHANTOM_CALLBACK_PATH ?? "/callback";
+    this.appId = options.appId ?? "phantom-mcp";
+    const provider = options.provider ?? process.env.PHANTOM_SSO_PROVIDER ?? "google";
+    if (!["google", "apple", "phantom"].includes(provider)) {
+      throw new Error(`Unsupported SSO provider: ${provider}`);
+    }
+    this.provider = provider;
+    this.logger = new Logger("OAuthFlow");
+  }
+  /**
+   * Executes the complete SSO authentication flow
+   *
+   * @returns Promise resolving to tokens, wallet/org IDs, client config, and stamper public key
+   * @throws Error if any step of the flow fails
+   */
+  async authenticate() {
+    this.logger.info("Starting SSO authentication flow");
+    const callbackServer = new CallbackServer({
+      port: this.callbackPort,
+      path: this.callbackPath
+    });
+    const redirectUri = callbackServer.getCallbackUrl();
+    let clientConfig;
+    const envClientId = (process.env.PHANTOM_APP_ID || process.env.PHANTOM_CLIENT_ID)?.trim();
+    const envClientSecret = process.env.PHANTOM_CLIENT_SECRET?.trim();
+    const hasClientId = envClientId && envClientId.length > 0;
+    const hasClientSecret = envClientSecret && envClientSecret.length > 0;
+    if (hasClientId) {
+      this.logger.info("Step 1: Using client credentials from environment variables");
+      const clientType = hasClientSecret ? "confidential" : "public";
+      this.logger.info(`Client type: ${clientType}`);
+      clientConfig = {
+        client_id: envClientId,
+        client_secret: envClientSecret || "",
+        // Empty string for public clients
+        client_id_issued_at: Math.floor(Date.now() / 1e3)
+      };
+      this.logger.info(`Using app ID: ${clientConfig.client_id}`);
+    } else {
+      this.logger.info("Step 1: Registering OAuth client via DCR");
+      this.logger.warn(
+        "DCR is not currently supported by auth.phantom.app - you should provide PHANTOM_APP_ID or PHANTOM_CLIENT_ID"
+      );
+      const dcrClient = new DCRClient(this.authBaseUrl, this.appId);
+      clientConfig = await dcrClient.register(redirectUri);
+      this.logger.info(`Client registered with ID: ${clientConfig.client_id}`);
+    }
+    this.logger.info("Step 2: Generating stamper keypair");
+    const { generateKeyPair } = await import("@phantom/crypto");
+    const stamperKeys = generateKeyPair();
+    this.logger.info(`Stamper public key: ${stamperKeys.publicKey}`);
+    this.logger.info("Step 3: Generating session ID");
+    const sessionId = this.generateSessionId();
+    this.logger.debug(`Session ID: ${sessionId}`);
+    this.logger.info("Step 4: Building SSO authorization URL");
+    const authUrl = this.buildAuthorizationUrl(clientConfig.client_id, redirectUri, stamperKeys.publicKey, sessionId);
+    this.logger.debug(`Authorization URL: ${authUrl}`);
+    this.logger.info("Step 5: Starting callback server");
+    const callbackPromise = callbackServer.waitForCallback(sessionId);
+    await callbackServer.waitForListening();
+    this.logger.info(`Step 6: Opening browser for ${this.provider} authentication`);
+    try {
+      await (0, import_open.default)(authUrl);
+    } catch (error) {
+      const errorMessage = error instanceof Error ? error.message : String(error);
+      this.logger.error(`Failed to automatically open browser for ${this.provider} authentication: ${errorMessage}`);
+      this.logger.error(`Auth URL: ${authUrl}`);
+      this.logger.info("Please open the following URL manually in your browser to complete authentication:");
+      this.logger.info(authUrl);
+    }
+    this.logger.info("Step 7: Waiting for SSO callback");
+    const callbackParams = await callbackPromise;
+    this.logger.info("Callback received successfully");
+    this.logger.debug(`Wallet ID: ${callbackParams.wallet_id}`);
+    this.logger.debug(`Organization ID: ${callbackParams.organization_id}`);
+    this.logger.debug(`Auth User ID: ${callbackParams.auth_user_id}`);
+    return {
+      walletId: callbackParams.wallet_id,
+      organizationId: callbackParams.organization_id,
+      authUserId: callbackParams.auth_user_id,
+      clientConfig,
+      stamperKeys
+    };
+  }
+  /**
+   * Refreshes an access token using a refresh token
+   *
+   * Note: Not used in SSO flow, kept for future OAuth compatibility.
+   *
+   * @param refreshToken - The refresh token
+   * @param clientConfig - The OAuth client configuration
+   * @returns Promise resolving to new tokens
+   * @throws Error if token refresh fails
+   */
+  async refreshToken(refreshToken, clientConfig) {
+    this.logger.info("Refreshing access token");
+    const tokenEndpoint = `${this.authBaseUrl}/oauth2/token`;
+    const isPublicClient = !clientConfig.client_secret || clientConfig.client_secret.length === 0;
+    const params = {
+      grant_type: "refresh_token",
+      refresh_token: refreshToken
+    };
+    if (isPublicClient) {
+      params.client_id = clientConfig.client_id;
+    }
+    const headers = {
+      "Content-Type": "application/x-www-form-urlencoded"
+    };
+    if (!isPublicClient) {
+      const basicAuth = Buffer.from(`${clientConfig.client_id}:${clientConfig.client_secret}`).toString("base64");
+      headers.Authorization = `Basic ${basicAuth}`;
+    }
+    try {
+      const response = await import_axios2.default.post(tokenEndpoint, new URLSearchParams(params).toString(), {
+        headers,
+        timeout: 3e4
+      });
+      this.logger.info("Token refresh successful");
+      return {
+        access_token: response.data.access_token,
+        refresh_token: response.data.refresh_token,
+        expires_in: response.data.expires_in
+      };
+    } catch (error) {
+      const axiosError = error;
+      const errorMessage = axiosError.response?.data ? JSON.stringify(axiosError.response.data) : axiosError.message;
+      this.logger.error(`Token refresh failed: ${errorMessage}`);
+      throw new Error(`Token refresh failed: ${errorMessage}`);
+    }
+  }
+  /**
+   * Generates a random session ID for SSO flow
+   *
+   * @returns Random session ID string
+   */
+  generateSessionId() {
+    return this.base64URLEncode(crypto.randomBytes(32));
+  }
+  /**
+   * Encodes a buffer to base64url format (RFC 4648)
+   * Base64url encoding is base64 with URL-safe characters:
+   * - Replace + with -
+   * - Replace / with _
+   * - Remove padding =
+   *
+   * @param buffer - Buffer to encode
+   * @returns Base64url encoded string
+   */
+  base64URLEncode(buffer) {
+    return buffer.toString("base64").replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
+  }
+  /**
+   * Builds the SSO authorization URL
+   *
+   * @param appId - Application ID
+   * @param redirectUri - Callback redirect URI
+   * @param publicKey - Stamper public key
+   * @param sessionId - Session ID for correlation
+   * @returns Authorization URL
+   */
+  buildAuthorizationUrl(appId, redirectUri, publicKey, sessionId) {
+    const params = new URLSearchParams({
+      provider: this.provider,
+      app_id: appId,
+      redirect_uri: redirectUri,
+      public_key: publicKey,
+      session_id: sessionId,
+      sdk_version: "1.0.0",
+      sdk_type: "mcp-server"
+    });
+    return `${this.connectBaseUrl}/login?${params.toString()}`;
+  }
+  /**
+   * Exchanges an authorization code for access and refresh tokens
+   *
+   * Note: Not used in SSO flow, kept for future OAuth compatibility.
+   *
+   * @param code - Authorization code
+   * @param redirectUri - Callback redirect URI (must match the one used in authorization)
+   * @param clientConfig - OAuth client configuration
+   * @returns Promise resolving to tokens
+   * @throws Error if token exchange fails
+   */
+  // @ts-expect-error - Unused in SSO flow, kept for future OAuth support
+  async exchangeCodeForTokens(code, redirectUri, clientConfig) {
+    const tokenEndpoint = `${this.authBaseUrl}/oauth2/token`;
+    const isPublicClient = !clientConfig.client_secret || clientConfig.client_secret.length === 0;
+    const params = {
+      grant_type: "authorization_code",
+      code,
+      redirect_uri: redirectUri
+    };
+    if (isPublicClient) {
+      params.client_id = clientConfig.client_id;
+    }
+    const headers = {
+      "Content-Type": "application/x-www-form-urlencoded"
+    };
+    if (!isPublicClient) {
+      const basicAuth = Buffer.from(`${clientConfig.client_id}:${clientConfig.client_secret}`).toString("base64");
+      headers.Authorization = `Basic ${basicAuth}`;
+    }
+    try {
+      const response = await import_axios2.default.post(tokenEndpoint, new URLSearchParams(params).toString(), {
+        headers,
+        timeout: 3e4
+      });
+      return {
+        access_token: response.data.access_token,
+        refresh_token: response.data.refresh_token,
+        expires_in: response.data.expires_in
+      };
+    } catch (error) {
+      const axiosError = error;
+      const errorMessage = axiosError.response?.data ? JSON.stringify(axiosError.response.data) : axiosError.message;
+      this.logger.error(`Token exchange failed: ${errorMessage}`);
+      throw new Error(`Token exchange failed: ${errorMessage}`);
+    }
+  }
+};
+
+// src/session/manager.ts
+var SessionManager = class {
+  /**
+   * Creates a new SessionManager
+   *
+   * @param options - Configuration options
+   */
+  constructor(options = {}) {
+    this.session = null;
+    this.client = null;
+    this.logger = new Logger("SessionManager");
+    this.authBaseUrl = options.authBaseUrl ?? process.env.PHANTOM_AUTH_BASE_URL ?? "https://auth.phantom.app";
+    this.connectBaseUrl = options.connectBaseUrl;
+    this.apiBaseUrl = options.apiBaseUrl ?? process.env.PHANTOM_API_BASE_URL ?? "https://api.phantom.app/v1/wallets";
+    const defaultPort = 8080;
+    const parseEnvPort = (value) => {
+      const parsed = Number.parseInt(value, 10);
+      if (!Number.isInteger(parsed) || parsed <= 0 || parsed > 65535) {
+        return null;
+      }
+      return parsed;
+    };
+    if (options.callbackPort !== void 0) {
+      if (!Number.isInteger(options.callbackPort) || options.callbackPort <= 0 || options.callbackPort > 65535) {
+        throw new Error(
+          `Invalid callbackPort: "${options.callbackPort}". Must be a valid port number between 1 and 65535.`
+        );
+      }
+      this.callbackPort = options.callbackPort;
+    } else {
+      const envPort = process.env.PHANTOM_CALLBACK_PORT?.trim();
+      const parsedEnvPort = envPort ? parseEnvPort(envPort) : null;
+      if (envPort && parsedEnvPort === null) {
+        this.logger.warn(`Invalid PHANTOM_CALLBACK_PORT "${envPort}". Falling back to ${defaultPort}.`);
+        this.callbackPort = defaultPort;
+      } else {
+        this.callbackPort = parsedEnvPort ?? defaultPort;
+      }
+    }
+    this.callbackPath = options.callbackPath ?? process.env.PHANTOM_CALLBACK_PATH ?? "/callback";
+    this.appId = options.appId ?? "phantom-mcp";
+    this.storage = new SessionStorage(options.sessionDir);
+  }
+  /**
+   * Initializes the session manager
+   * Loads existing session or authenticates if needed
+   *
+   * @throws Error if authentication fails
+   */
+  async initialize() {
+    this.logger.info("Initializing session manager");
+    const existingSession = this.storage.load();
+    if (existingSession && !this.storage.isExpired(existingSession)) {
+      this.logger.info("Loaded valid session from storage");
+      this.session = existingSession;
+      this.createClient();
+      return;
+    }
+    if (existingSession) {
+      this.logger.info("Session expired, re-authenticating");
+    } else {
+      this.logger.info("No session found, authenticating");
+    }
+    await this.authenticate();
+  }
+  /**
+   * Returns the initialized PhantomClient
+   *
+   * @returns PhantomClient instance
+   * @throws Error if not initialized
+   */
+  getClient() {
+    if (!this.client) {
+      throw new Error("SessionManager not initialized. Call initialize() first.");
+    }
+    return this.client;
+  }
+  /**
+   * Returns the current session data
+   *
+   * @returns Current session data
+   * @throws Error if not initialized
+   */
+  getSession() {
+    if (!this.session) {
+      throw new Error("SessionManager not initialized. Call initialize() first.");
+    }
+    return this.session;
+  }
+  /**
+   * Resets the session by clearing stored data and re-authenticating
+   *
+   * @throws Error if authentication fails
+   */
+  async resetSession() {
+    this.logger.info("Resetting session");
+    this.storage.delete();
+    this.session = null;
+    this.client = null;
+    await this.authenticate();
+  }
+  /**
+   * Executes the SSO flow and creates a new session
+   * Steps:
+   * 1. Execute SSO flow to get wallet/org IDs and stamper keypair
+   * 2. Create SessionData with SSO result and stamper keys
+   * 3. Save to storage
+   * 4. Create PhantomClient
+   *
+   * Note: Stamper keypair is generated during SSO flow and public key is sent to auth server
+   *
+   * @throws Error if SSO flow fails
+   */
+  async authenticate() {
+    this.logger.info("Starting authentication");
+    const oauthFlow = new OAuthFlow({
+      authBaseUrl: this.authBaseUrl,
+      connectBaseUrl: this.connectBaseUrl,
+      callbackPort: this.callbackPort,
+      callbackPath: this.callbackPath,
+      appId: this.appId
+    });
+    const oauthResult = await oauthFlow.authenticate();
+    this.logger.info("SSO flow completed successfully");
+    const now = Math.floor(Date.now() / 1e3);
+    this.session = {
+      walletId: oauthResult.walletId,
+      organizationId: oauthResult.organizationId,
+      authUserId: oauthResult.authUserId,
+      stamperKeys: oauthResult.stamperKeys,
+      createdAt: now,
+      updatedAt: now
+    };
+    this.storage.save(this.session);
+    this.logger.info("Session saved to storage");
+    this.createClient();
+  }
+  /**
+   * Creates a PhantomClient instance from the current session
+   * Steps:
+   * 1. Create ApiKeyStamper with session keypair
+   * 2. Create PhantomClient with stamper, organizationId, and app headers
+   * 3. Set walletType to 'user-wallet'
+   *
+   * @throws Error if session is not available
+   */
+  createClient() {
+    if (!this.session) {
+      throw new Error("Cannot create client without session");
+    }
+    this.logger.info("Creating PhantomClient");
+    const stamper = new import_api_key_stamper.ApiKeyStamper({
+      apiSecretKey: this.session.stamperKeys.secretKey
+    });
+    const appId = process.env.PHANTOM_APP_ID || process.env.PHANTOM_CLIENT_ID || this.appId;
+    this.client = new import_client.PhantomClient(
+      {
+        apiBaseUrl: this.apiBaseUrl,
+        organizationId: this.session.organizationId,
+        walletType: "user-wallet",
+        headers: {
+          "X-App-Id": appId
+        }
+        // Type assertion needed as X-App-Id is not in SdkAnalyticsHeaders
+      },
+      stamper
+    );
+    this.logger.info("PhantomClient created successfully");
+  }
+};
+
+// src/tools/get-wallet-addresses.ts
+var getWalletAddressesTool = {
+  name: "get_wallet_addresses",
+  description: "Gets all blockchain addresses for the authenticated embedded wallet (Solana, Ethereum, Bitcoin, Sui)",
+  inputSchema: {
+    type: "object",
+    properties: {
+      derivationIndex: {
+        type: "number",
+        description: "Optional derivation index for the addresses",
+        minimum: 0
+      }
+    }
+  },
+  handler: async (params, context) => {
+    const { client, session, logger: logger2 } = context;
+    const derivationIndex = typeof params.derivationIndex === "number" ? params.derivationIndex : void 0;
+    logger2.info("Getting addresses for wallet");
+    try {
+      const addresses = await client.getWalletAddresses(
+        session.walletId,
+        void 0,
+        // Use default derivation paths (Solana, Ethereum, Bitcoin, Sui)
+        derivationIndex
+      );
+      logger2.info(`Successfully retrieved ${addresses.length} addresses`);
+      return {
+        walletId: session.walletId,
+        organizationId: session.organizationId,
+        addresses: addresses.map((addr) => ({
+          addressType: addr.addressType,
+          address: addr.address
+        }))
+      };
+    } catch (error) {
+      const errorMessage = error instanceof Error ? error.message : String(error);
+      logger2.error(`Failed to get wallet addresses: ${errorMessage}`);
+      throw new Error(`Failed to get wallet addresses: ${errorMessage}`);
+    }
+  }
+};
+
+// src/tools/sign-transaction.ts
+var signTransactionTool = {
+  name: "sign_transaction",
+  description: "Signs a transaction using the authenticated embedded wallet. Supports Solana, Ethereum, Bitcoin, and other chains.",
+  inputSchema: {
+    type: "object",
+    properties: {
+      walletId: {
+        type: "string",
+        description: "Optional wallet ID to use for signing (defaults to authenticated wallet)"
+      },
+      transaction: {
+        type: "string",
+        description: "The transaction to sign (format depends on chain: base64url for Solana, RLP-encoded hex for Ethereum)"
+      },
+      networkId: {
+        type: "string",
+        description: 'Network identifier (e.g., "eip155:1" for Ethereum mainnet, "solana:mainnet" for Solana)'
+      },
+      derivationIndex: {
+        type: "number",
+        description: "Optional derivation index for the account (default: 0)",
+        minimum: 0
+      },
+      account: {
+        type: "string",
+        description: "Optional specific account address to use for simulation/signing"
+      }
+    },
+    required: ["transaction", "networkId"]
+  },
+  handler: async (params, context) => {
+    const { client, session, logger: logger2 } = context;
+    if (typeof params.transaction !== "string") {
+      throw new Error("transaction must be a string");
+    }
+    if (typeof params.networkId !== "string") {
+      throw new Error("networkId must be a string");
+    }
+    const walletId = typeof params.walletId === "string" ? params.walletId : session.walletId;
+    if (!walletId) {
+      throw new Error("walletId is required (missing from session and not provided)");
+    }
+    if (params.derivationIndex !== void 0 && params.derivationIndex !== null) {
+      const derivIdx = params.derivationIndex;
+      if (!Number.isInteger(derivIdx) || derivIdx < 0) {
+        throw new Error("derivationIndex must be a non-negative integer");
+      }
+    }
+    if (params.account !== void 0 && typeof params.account !== "string") {
+      throw new Error("account must be a string");
+    }
+    const transaction = params.transaction;
+    const networkId = params.networkId;
+    const derivationIndex = typeof params.derivationIndex === "number" ? params.derivationIndex : void 0;
+    const account = typeof params.account === "string" ? params.account : void 0;
+    logger2.info(`Signing transaction for wallet ${walletId} on network ${networkId}`);
+    try {
+      const result = await client.signTransaction({
+        walletId,
+        transaction,
+        networkId,
+        derivationIndex,
+        account
+      });
+      logger2.info(`Successfully signed transaction for wallet ${walletId}`);
+      return {
+        signedTransaction: result.rawTransaction
+      };
+    } catch (error) {
+      const errorMessage = error instanceof Error ? error.message : String(error);
+      logger2.error(`Failed to sign transaction: ${errorMessage}`);
+      throw new Error(`Failed to sign transaction: ${errorMessage}`);
+    }
+  }
+};
+
+// src/tools/sign-message.ts
+var import_utils = require("@phantom/utils");
+var import_base64url = require("@phantom/base64url");
+var signMessageTool = {
+  name: "sign_message",
+  description: "Signs a UTF-8 message using the authenticated embedded wallet. Automatically routes to the correct signing method based on the network (Ethereum vs other chains).",
+  inputSchema: {
+    type: "object",
+    properties: {
+      walletId: {
+        type: "string",
+        description: "Optional wallet ID to use for signing (defaults to authenticated wallet)"
+      },
+      message: {
+        type: "string",
+        description: "The UTF-8 message to sign"
+      },
+      networkId: {
+        type: "string",
+        description: 'Network identifier (e.g., "eip155:1" for Ethereum mainnet, "solana:mainnet" for Solana)'
+      },
+      derivationIndex: {
+        type: "integer",
+        description: "Optional derivation index for the account (default: 0)",
+        minimum: 0
+      }
+    },
+    required: ["message", "networkId"]
+  },
+  handler: async (params, context) => {
+    const { client, session, logger: logger2 } = context;
+    if (typeof params.message !== "string") {
+      throw new Error("message must be a string");
+    }
+    if (typeof params.networkId !== "string") {
+      throw new Error("networkId must be a string");
+    }
+    const walletId = typeof params.walletId === "string" ? params.walletId : session.walletId;
+    if (!walletId) {
+      throw new Error("walletId is required (missing from session and not provided)");
+    }
+    if (params.derivationIndex !== void 0 && params.derivationIndex !== null) {
+      const derivIdx = params.derivationIndex;
+      if (!Number.isInteger(derivIdx) || derivIdx < 0) {
+        throw new Error("derivationIndex must be a non-negative integer");
+      }
+    }
+    const message = params.message;
+    const networkId = params.networkId;
+    const derivationIndex = typeof params.derivationIndex === "number" ? params.derivationIndex : void 0;
+    logger2.info(`Signing message for wallet ${walletId} on network ${networkId}`);
+    try {
+      let signature;
+      if ((0, import_utils.isEthereumChain)(networkId)) {
+        const base64Message = (0, import_base64url.stringToBase64url)(message);
+        logger2.debug("Using Ethereum message signing");
+        signature = await client.ethereumSignMessage({
+          walletId,
+          message: base64Message,
+          networkId,
+          derivationIndex
+        });
+      } else {
+        logger2.debug("Using UTF-8 message signing");
+        signature = await client.signUtf8Message({
+          walletId,
+          message,
+          networkId,
+          derivationIndex
+        });
+      }
+      logger2.info(`Successfully signed message for wallet ${walletId}`);
+      return {
+        signature
+      };
+    } catch (error) {
+      const errorMessage = error instanceof Error ? error.message : String(error);
+      logger2.error(`Failed to sign message: ${errorMessage}`);
+      throw new Error(`Failed to sign message: ${errorMessage}`);
+    }
+  }
+};
+
+// src/tools/index.ts
+var tools = [getWalletAddressesTool, signTransactionTool, signMessageTool];
+function getTool(name) {
+  return tools.find((tool) => tool.name === name);
+}
+
+// src/server.ts
+var PhantomMCPServer = class {
+  /**
+   * Creates a new PhantomMCPServer instance
+   *
+   * @param options - Configuration options
+   */
+  constructor(options = {}) {
+    this.logger = new Logger("PhantomMCPServer");
+    this.server = new import_server.Server(
+      {
+        name: "phantom-mcp-server",
+        version: "1.0.0"
+      },
+      {
+        capabilities: {
+          tools: {}
+        }
+      }
+    );
+    this.sessionManager = new SessionManager(options.session);
+    this.setupHandlers();
+    this.logger.info("PhantomMCPServer initialized");
+  }
+  /**
+   * Sets up MCP request handlers
+   */
+  setupHandlers() {
+    this.server.setRequestHandler(import_types.ListToolsRequestSchema, () => {
+      this.logger.info("Handling tools/list request");
+      try {
+        const toolDefinitions = tools.map((tool) => ({
+          name: tool.name,
+          description: tool.description,
+          inputSchema: tool.inputSchema
+        }));
+        this.logger.info(`Returning ${toolDefinitions.length} tool definitions`);
+        return {
+          tools: toolDefinitions
+        };
+      } catch (error) {
+        const errorMessage = error instanceof Error ? error.message : String(error);
+        this.logger.error(`Failed to list tools: ${errorMessage}`);
+        throw error;
+      }
+    });
+    this.server.setRequestHandler(import_types.CallToolRequestSchema, async (request) => {
+      const toolName = request.params.name;
+      this.logger.info(`Handling tools/call request for: ${toolName}`);
+      try {
+        const tool = getTool(toolName);
+        if (!tool) {
+          const error = `Unknown tool: ${toolName}`;
+          this.logger.error(error);
+          return {
+            content: [
+              {
+                type: "text",
+                text: JSON.stringify({ error }, null, 2)
+              }
+            ],
+            isError: true
+          };
+        }
+        const client = this.sessionManager.getClient();
+        const session = this.sessionManager.getSession();
+        const context = {
+          client,
+          session,
+          logger: this.logger.child(toolName)
+        };
+        this.logger.info(`Executing tool: ${toolName}`);
+        const result = await tool.handler(request.params.arguments ?? {}, context);
+        this.logger.info(`Tool execution successful: ${toolName}`);
+        return {
+          content: [
+            {
+              type: "text",
+              text: JSON.stringify(result, null, 2)
+            }
+          ]
+        };
+      } catch (error) {
+        const errorMessage = error instanceof Error ? error.message : String(error);
+        this.logger.error(`Tool execution failed for ${toolName}: ${errorMessage}`);
+        if (error instanceof Error && error.stack) {
+          this.logger.debug(`Stack trace: ${error.stack}`);
+        }
+        return {
+          content: [
+            {
+              type: "text",
+              text: JSON.stringify(
+                {
+                  error: errorMessage
+                },
+                null,
+                2
+              )
+            }
+          ],
+          isError: true
+        };
+      }
+    });
+    this.logger.info("Request handlers registered");
+  }
+  /**
+   * Starts the MCP server
+   * - Initializes session (loads or authenticates)
+   * - Connects stdio transport
+   * - Begins listening for requests
+   *
+   * @throws Error if initialization or startup fails
+   */
+  async start() {
+    this.logger.info("Starting PhantomMCPServer");
+    try {
+      this.logger.info("Initializing session");
+      await this.sessionManager.initialize();
+      this.logger.info("Session initialized successfully");
+      this.logger.info("Connecting stdio transport");
+      const transport = new import_stdio.StdioServerTransport();
+      await this.server.connect(transport);
+      this.logger.info("Server connected and ready to accept requests");
+    } catch (error) {
+      const errorMessage = error instanceof Error ? error.message : String(error);
+      this.logger.error(`Failed to start server: ${errorMessage}`);
+      throw error;
+    }
+  }
+};
+
+// src/index.ts
+async function main() {
+  const server = new PhantomMCPServer();
+  await server.start();
+}
+if (require.main === module) {
+  main().catch((error) => {
+    console.error("Fatal error:", error);
+    process.exit(1);
+  });
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  SessionManager
+});