@prodbeam/mcp 0.1.1 → 0.2.0

package/dist/auth/app-config.d.ts

@@ -0,0 +1,8 @@
+export declare const GITHUB_CLIENT_ID = "Iv23liR2346KoRqEUAyK";
+export declare const GITHUB_SCOPES: string[];
+export declare const JIRA_CLIENT_ID = "CpFTSfXTqJc5JYuMYxsf0KXgbCs8Aeg6";
+export declare const JIRA_CLIENT_SECRET = "ATOAnpwKOU-Nkq8jOd3TKEbYRSnXbB8pIuHNKc15ouBfmuimsywEvWIiGNdo4zbQQElI9ABDB926";
+export declare const JIRA_SCOPES: string[];
+export declare const JIRA_CALLBACK_PORT = 19274;
+export declare const JIRA_REDIRECT_URI = "http://localhost:19274/callback";
+//# sourceMappingURL=app-config.d.ts.map

package/dist/auth/app-config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"app-config.d.ts","sourceRoot":"","sources":["../../src/auth/app-config.ts"],"names":[],"mappings":"AAmBA,eAAO,MAAM,gBAAgB,yBAAyB,CAAC;AAGvD,eAAO,MAAM,aAAa,UAAoC,CAAC;AAK/D,eAAO,MAAM,cAAc,qCAAqC,CAAC;AAGjE,eAAO,MAAM,kBAAkB,iFACiD,CAAC;AAGjF,eAAO,MAAM,WAAW,UA2BvB,CAAC;AAGF,eAAO,MAAM,kBAAkB,QAAQ,CAAC;AAGxC,eAAO,MAAM,iBAAiB,oCAAoD,CAAC"}

package/dist/auth/app-config.js

@@ -0,0 +1,32 @@
+export const GITHUB_CLIENT_ID = 'Iv23liR2346KoRqEUAyK';
+export const GITHUB_SCOPES = ['repo', 'read:org', 'read:user'];
+export const JIRA_CLIENT_ID = 'CpFTSfXTqJc5JYuMYxsf0KXgbCs8Aeg6';
+export const JIRA_CLIENT_SECRET = 'ATOAnpwKOU-Nkq8jOd3TKEbYRSnXbB8pIuHNKc15ouBfmuimsywEvWIiGNdo4zbQQElI9ABDB926';
+export const JIRA_SCOPES = [
+    'read:jira-work',
+    'read:jira-user',
+    'offline_access',
+    'read:issue:jira',
+    'read:issue-details:jira',
+    'read:issue-status:jira',
+    'read:issue-type:jira',
+    'read:comment:jira',
+    'read:user:jira',
+    'read:email-address:jira',
+    'read:label:jira',
+    'read:project:jira',
+    'read:project.component:jira',
+    'read:project-type:jira',
+    'read:jql:jira',
+    'read:dashboard:jira',
+    'read:deployment-info:jira',
+    'read:dev-info:jira',
+    'read:board-scope:jira-software',
+    'read:sprint:jira-software',
+    'read:epic:jira-software',
+    'read:issue:jira-software',
+    'read:deployment:jira-software',
+];
+export const JIRA_CALLBACK_PORT = 19274;
+export const JIRA_REDIRECT_URI = `http://localhost:${JIRA_CALLBACK_PORT}/callback`;
+//# sourceMappingURL=app-config.js.map

package/dist/auth/app-config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"app-config.js","sourceRoot":"","sources":["../../src/auth/app-config.ts"],"names":[],"mappings":"AAmBA,MAAM,CAAC,MAAM,gBAAgB,GAAG,sBAAsB,CAAC;AAGvD,MAAM,CAAC,MAAM,aAAa,GAAG,CAAC,MAAM,EAAE,UAAU,EAAE,WAAW,CAAC,CAAC;AAK/D,MAAM,CAAC,MAAM,cAAc,GAAG,kCAAkC,CAAC;AAGjE,MAAM,CAAC,MAAM,kBAAkB,GAC7B,8EAA8E,CAAC;AAGjF,MAAM,CAAC,MAAM,WAAW,GAAG;IAEzB,gBAAgB;IAChB,gBAAgB;IAChB,gBAAgB;IAEhB,iBAAiB;IACjB,yBAAyB;IACzB,wBAAwB;IACxB,sBAAsB;IACtB,mBAAmB;IACnB,gBAAgB;IAChB,yBAAyB;IACzB,iBAAiB;IACjB,mBAAmB;IACnB,6BAA6B;IAC7B,wBAAwB;IACxB,eAAe;IACf,qBAAqB;IACrB,2BAA2B;IAC3B,oBAAoB;IAEpB,gCAAgC;IAChC,2BAA2B;IAC3B,yBAAyB;IACzB,0BAA0B;IAC1B,+BAA+B;CAChC,CAAC;AAGF,MAAM,CAAC,MAAM,kBAAkB,GAAG,KAAK,CAAC;AAGxC,MAAM,CAAC,MAAM,iBAAiB,GAAG,oBAAoB,kBAAkB,WAAW,CAAC"}

package/dist/auth/auth-provider.d.ts

@@ -0,0 +1,9 @@
+import type { ResolvedGitHubAuth, ResolvedJiraAuth, AuthStatus } from './types.js';
+export declare class AuthExpiredError extends Error {
+    service: 'github' | 'jira';
+    constructor(service: 'github' | 'jira');
+}
+export declare function resolveGitHubAuth(): Promise<ResolvedGitHubAuth | null>;
+export declare function resolveJiraAuth(): Promise<ResolvedJiraAuth | null>;
+export declare function getAuthStatuses(): AuthStatus[];
+//# sourceMappingURL=auth-provider.d.ts.map

package/dist/auth/auth-provider.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-provider.d.ts","sourceRoot":"","sources":["../../src/auth/auth-provider.ts"],"names":[],"mappings":"AAiCA,OAAO,KAAK,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,UAAU,EAAE,MAAM,YAAY,CAAC;AAOnF,qBAAa,gBAAiB,SAAQ,KAAK;IACtB,OAAO,EAAE,QAAQ,GAAG,MAAM;gBAA1B,OAAO,EAAE,QAAQ,GAAG,MAAM;CAO9C;AASD,wBAAsB,iBAAiB,IAAI,OAAO,CAAC,kBAAkB,GAAG,IAAI,CAAC,CA2C5E;AASD,wBAAsB,eAAe,IAAI,OAAO,CAAC,gBAAgB,GAAG,IAAI,CAAC,CAqExE;AAQD,wBAAgB,eAAe,IAAI,UAAU,EAAE,CAoE9C"}

package/dist/auth/auth-provider.js

@@ -0,0 +1,173 @@
+import { resolveGitHubCredentials, resolveJiraCredentials, isGitHubFromEnv, isJiraFromEnv, } from '../config/credentials.js';
+import { readGitHubOAuthTokens, readJiraOAuthTokens, writeGitHubOAuthTokens, writeJiraOAuthTokens, } from './token-store.js';
+import { refreshGitHubToken } from './github-device-flow.js';
+import { refreshJiraToken } from './jira-oauth-flow.js';
+import { GITHUB_CLIENT_ID, JIRA_CLIENT_ID, JIRA_CLIENT_SECRET } from './app-config.js';
+const REFRESH_BUFFER_MS = 5 * 60 * 1000;
+export class AuthExpiredError extends Error {
+    service;
+    constructor(service) {
+        super(`${service === 'github' ? 'GitHub' : 'Jira'} OAuth session expired. ` +
+            'Run "prodbeam auth login" to re-authenticate.');
+        this.service = service;
+        this.name = 'AuthExpiredError';
+    }
+}
+export async function resolveGitHubAuth() {
+    if (isGitHubFromEnv()) {
+        const creds = resolveGitHubCredentials();
+        if (creds) {
+            return { token: creds.token, method: 'pat' };
+        }
+    }
+    const oauthTokens = readGitHubOAuthTokens();
+    if (oauthTokens) {
+        const now = Date.now();
+        const accessExpiry = new Date(oauthTokens.accessTokenExpiresAt).getTime();
+        const refreshExpiry = new Date(oauthTokens.refreshTokenExpiresAt).getTime();
+        if (accessExpiry - now > REFRESH_BUFFER_MS) {
+            return { token: oauthTokens.accessToken, method: 'oauth' };
+        }
+        if (refreshExpiry > now) {
+            try {
+                const refreshed = await refreshGitHubToken(GITHUB_CLIENT_ID, oauthTokens.refreshToken);
+                writeGitHubOAuthTokens(refreshed);
+                return { token: refreshed.accessToken, method: 'oauth' };
+            }
+            catch {
+                throw new AuthExpiredError('github');
+            }
+        }
+        throw new AuthExpiredError('github');
+    }
+    const patCreds = resolveGitHubCredentials();
+    if (patCreds) {
+        return { token: patCreds.token, method: 'pat' };
+    }
+    return null;
+}
+export async function resolveJiraAuth() {
+    if (isJiraFromEnv()) {
+        const creds = resolveJiraCredentials();
+        if (creds) {
+            const baseUrl = creds.host.startsWith('https://') ? creds.host : `https://${creds.host}`;
+            const authHeader = `Basic ${Buffer.from(`${creds.email}:${creds.apiToken}`).toString('base64')}`;
+            return { baseUrl: baseUrl.replace(/\/$/, ''), authHeader, method: 'pat' };
+        }
+    }
+    const oauthTokens = readJiraOAuthTokens();
+    if (oauthTokens) {
+        const now = Date.now();
+        const accessExpiry = new Date(oauthTokens.accessTokenExpiresAt).getTime();
+        const refreshExpiry = new Date(oauthTokens.refreshTokenExpiresAt).getTime();
+        if (accessExpiry - now > REFRESH_BUFFER_MS) {
+            return {
+                baseUrl: oauthTokens.cloudUrl,
+                authHeader: `Bearer ${oauthTokens.accessToken}`,
+                method: 'oauth',
+            };
+        }
+        if (refreshExpiry > now) {
+            try {
+                const result = await refreshJiraToken(JIRA_CLIENT_ID, JIRA_CLIENT_SECRET, oauthTokens.refreshToken);
+                const refreshed = {
+                    ...oauthTokens,
+                    accessToken: result.accessToken,
+                    refreshToken: result.refreshToken,
+                    accessTokenExpiresAt: new Date(Date.now() + result.expiresIn * 1000).toISOString(),
+                    refreshTokenExpiresAt: new Date(Date.now() + 90 * 24 * 60 * 60 * 1000).toISOString(),
+                };
+                writeJiraOAuthTokens(refreshed);
+                return {
+                    baseUrl: refreshed.cloudUrl,
+                    authHeader: `Bearer ${refreshed.accessToken}`,
+                    method: 'oauth',
+                };
+            }
+            catch {
+                throw new AuthExpiredError('jira');
+            }
+        }
+        throw new AuthExpiredError('jira');
+    }
+    const patCreds = resolveJiraCredentials();
+    if (patCreds) {
+        const baseUrl = patCreds.host.startsWith('https://')
+            ? patCreds.host
+            : `https://${patCreds.host}`;
+        const authHeader = `Basic ${Buffer.from(`${patCreds.email}:${patCreds.apiToken}`).toString('base64')}`;
+        return { baseUrl: baseUrl.replace(/\/$/, ''), authHeader, method: 'pat' };
+    }
+    return null;
+}
+export function getAuthStatuses() {
+    const statuses = [];
+    if (isGitHubFromEnv()) {
+        statuses.push({ service: 'github', method: 'pat', valid: true });
+    }
+    else {
+        const oauthTokens = readGitHubOAuthTokens();
+        if (oauthTokens) {
+            const now = Date.now();
+            const refreshExpiry = new Date(oauthTokens.refreshTokenExpiresAt).getTime();
+            const valid = refreshExpiry > now;
+            statuses.push({
+                service: 'github',
+                method: 'oauth',
+                expiresAt: oauthTokens.accessTokenExpiresAt,
+                refreshExpiresAt: oauthTokens.refreshTokenExpiresAt,
+                valid,
+                error: valid ? undefined : 'Refresh token expired',
+            });
+        }
+        else {
+            const patCreds = resolveGitHubCredentials();
+            if (patCreds) {
+                statuses.push({ service: 'github', method: 'pat', valid: true });
+            }
+            else {
+                statuses.push({
+                    service: 'github',
+                    method: 'pat',
+                    valid: false,
+                    error: 'Not configured',
+                });
+            }
+        }
+    }
+    if (isJiraFromEnv()) {
+        statuses.push({ service: 'jira', method: 'pat', valid: true });
+    }
+    else {
+        const oauthTokens = readJiraOAuthTokens();
+        if (oauthTokens) {
+            const now = Date.now();
+            const refreshExpiry = new Date(oauthTokens.refreshTokenExpiresAt).getTime();
+            const valid = refreshExpiry > now;
+            statuses.push({
+                service: 'jira',
+                method: 'oauth',
+                expiresAt: oauthTokens.accessTokenExpiresAt,
+                refreshExpiresAt: oauthTokens.refreshTokenExpiresAt,
+                valid,
+                error: valid ? undefined : 'Refresh token expired',
+            });
+        }
+        else {
+            const patCreds = resolveJiraCredentials();
+            if (patCreds) {
+                statuses.push({ service: 'jira', method: 'pat', valid: true });
+            }
+            else {
+                statuses.push({
+                    service: 'jira',
+                    method: 'pat',
+                    valid: false,
+                    error: 'Not configured (optional)',
+                });
+            }
+        }
+    }
+    return statuses;
+}
+//# sourceMappingURL=auth-provider.js.map

package/dist/auth/auth-provider.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-provider.js","sourceRoot":"","sources":["../../src/auth/auth-provider.ts"],"names":[],"mappings":"AAkBA,OAAO,EACL,wBAAwB,EACxB,sBAAsB,EACtB,eAAe,EACf,aAAa,GACd,MAAM,0BAA0B,CAAC;AAClC,OAAO,EACL,qBAAqB,EACrB,mBAAmB,EACnB,sBAAsB,EACtB,oBAAoB,GACrB,MAAM,kBAAkB,CAAC;AAC1B,OAAO,EAAE,kBAAkB,EAAE,MAAM,yBAAyB,CAAC;AAC7D,OAAO,EAAE,gBAAgB,EAAE,MAAM,sBAAsB,CAAC;AACxD,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAC;AAIvF,MAAM,iBAAiB,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;AAIxC,MAAM,OAAO,gBAAiB,SAAQ,KAAK;IACtB;IAAnB,YAAmB,OAA0B;QAC3C,KAAK,CACH,GAAG,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,0BAA0B;YACnE,+CAA+C,CAClD,CAAC;QAJe,YAAO,GAAP,OAAO,CAAmB;QAK3C,IAAI,CAAC,IAAI,GAAG,kBAAkB,CAAC;IACjC,CAAC;CACF;AASD,MAAM,CAAC,KAAK,UAAU,iBAAiB;IAErC,IAAI,eAAe,EAAE,EAAE,CAAC;QACtB,MAAM,KAAK,GAAG,wBAAwB,EAAE,CAAC;QACzC,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;QAC/C,CAAC;IACH,CAAC;IAGD,MAAM,WAAW,GAAG,qBAAqB,EAAE,CAAC;IAC5C,IAAI,WAAW,EAAE,CAAC;QAChB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,YAAY,GAAG,IAAI,IAAI,CAAC,WAAW,CAAC,oBAAoB,CAAC,CAAC,OAAO,EAAE,CAAC;QAC1E,MAAM,aAAa,GAAG,IAAI,IAAI,CAAC,WAAW,CAAC,qBAAqB,CAAC,CAAC,OAAO,EAAE,CAAC;QAG5E,IAAI,YAAY,GAAG,GAAG,GAAG,iBAAiB,EAAE,CAAC;YAC3C,OAAO,EAAE,KAAK,EAAE,WAAW,CAAC,WAAW,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;QAC7D,CAAC;QAGD,IAAI,aAAa,GAAG,GAAG,EAAE,CAAC;YACxB,IAAI,CAAC;gBACH,MAAM,SAAS,GAAG,MAAM,kBAAkB,CAAC,gBAAgB,EAAE,WAAW,CAAC,YAAY,CAAC,CAAC;gBACvF,sBAAsB,CAAC,SAAS,CAAC,CAAC;gBAClC,OAAO,EAAE,KAAK,EAAE,SAAS,CAAC,WAAW,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;YAC3D,CAAC;YAAC,MAAM,CAAC;gBACP,MAAM,IAAI,gBAAgB,CAAC,QAAQ,CAAC,CAAC;YACvC,CAAC;QACH,CAAC;QAGD,MAAM,IAAI,gBAAgB,CAAC,QAAQ,CAAC,CAAC;IACvC,CAAC;IAGD,MAAM,QAAQ,GAAG,wBAAwB,EAAE,CAAC;IAC5C,IAAI,QAAQ,EAAE,CAAC;QACb,OAAO,EAAE,KAAK,EAAE,QAAQ,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;IAClD,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AASD,MAAM,CAAC,KAAK,UAAU,eAAe;IAEnC,IAAI,aAAa,EAAE,EAAE,CAAC;QACpB,MAAM,KAAK,GAAG,sBAAsB,EAAE,CAAC;QACvC,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,OAAO,GAAG,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,WAAW,KAAK,CAAC,IAAI,EAAE,CAAC;YACzF,MAAM,UAAU,GAAG,SAAS,MAAM,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,KAAK,IAAI,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;YACjG,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,EAAE,UAAU,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;QAC5E,CAAC;IACH,CAAC;IAGD,MAAM,WAAW,GAAG,mBAAmB,EAAE,CAAC;IAC1C,IAAI,WAAW,EAAE,CAAC;QAChB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,YAAY,GAAG,IAAI,IAAI,CAAC,WAAW,CAAC,oBAAoB,CAAC,CAAC,OAAO,EAAE,CAAC;QAC1E,MAAM,aAAa,GAAG,IAAI,IAAI,CAAC,WAAW,CAAC,qBAAqB,CAAC,CAAC,OAAO,EAAE,CAAC;QAG5E,IAAI,YAAY,GAAG,GAAG,GAAG,iBAAiB,EAAE,CAAC;YAC3C,OAAO;gBACL,OAAO,EAAE,WAAW,CAAC,QAAQ;gBAC7B,UAAU,EAAE,UAAU,WAAW,CAAC,WAAW,EAAE;gBAC/C,MAAM,EAAE,OAAO;aAChB,CAAC;QACJ,CAAC;QAGD,IAAI,aAAa,GAAG,GAAG,EAAE,CAAC;YACxB,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,MAAM,gBAAgB,CACnC,cAAc,EACd,kBAAkB,EAClB,WAAW,CAAC,YAAY,CACzB,CAAC;gBACF,MAAM,SAAS,GAAuB;oBACpC,GAAG,WAAW;oBACd,WAAW,EAAE,MAAM,CAAC,WAAW;oBAC/B,YAAY,EAAE,MAAM,CAAC,YAAY;oBACjC,oBAAoB,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE;oBAElF,qBAAqB,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE;iBACrF,CAAC;gBACF,oBAAoB,CAAC,SAAS,CAAC,CAAC;gBAChC,OAAO;oBACL,OAAO,EAAE,SAAS,CAAC,QAAQ;oBAC3B,UAAU,EAAE,UAAU,SAAS,CAAC,WAAW,EAAE;oBAC7C,MAAM,EAAE,OAAO;iBAChB,CAAC;YACJ,CAAC;YAAC,MAAM,CAAC;gBACP,MAAM,IAAI,gBAAgB,CAAC,MAAM,CAAC,CAAC;YACrC,CAAC;QACH,CAAC;QAGD,MAAM,IAAI,gBAAgB,CAAC,MAAM,CAAC,CAAC;IACrC,CAAC;IAGD,MAAM,QAAQ,GAAG,sBAAsB,EAAE,CAAC;IAC1C,IAAI,QAAQ,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,QAAQ,CAAC,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC;YAClD,CAAC,CAAC,QAAQ,CAAC,IAAI;YACf,CAAC,CAAC,WAAW,QAAQ,CAAC,IAAI,EAAE,CAAC;QAC/B,MAAM,UAAU,GAAG,SAAS,MAAM,CAAC,IAAI,CAAC,GAAG,QAAQ,CAAC,KAAK,IAAI,QAAQ,CAAC,QAAQ,EAAE,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,CAAC;QACvG,OAAO,EAAE,OAAO,EAAE,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,EAAE,UAAU,EAAE,MAAM,EAAE,KAAK,EAAE,CAAC;IAC5E,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAQD,MAAM,UAAU,eAAe;IAC7B,MAAM,QAAQ,GAAiB,EAAE,CAAC;IAGlC,IAAI,eAAe,EAAE,EAAE,CAAC;QACtB,QAAQ,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IACnE,CAAC;SAAM,CAAC;QACN,MAAM,WAAW,GAAG,qBAAqB,EAAE,CAAC;QAC5C,IAAI,WAAW,EAAE,CAAC;YAChB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YACvB,MAAM,aAAa,GAAG,IAAI,IAAI,CAAC,WAAW,CAAC,qBAAqB,CAAC,CAAC,OAAO,EAAE,CAAC;YAC5E,MAAM,KAAK,GAAG,aAAa,GAAG,GAAG,CAAC;YAClC,QAAQ,CAAC,IAAI,CAAC;gBACZ,OAAO,EAAE,QAAQ;gBACjB,MAAM,EAAE,OAAO;gBACf,SAAS,EAAE,WAAW,CAAC,oBAAoB;gBAC3C,gBAAgB,EAAE,WAAW,CAAC,qBAAqB;gBACnD,KAAK;gBACL,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,uBAAuB;aACnD,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,MAAM,QAAQ,GAAG,wBAAwB,EAAE,CAAC;YAC5C,IAAI,QAAQ,EAAE,CAAC;gBACb,QAAQ,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;YACnE,CAAC;iBAAM,CAAC;gBACN,QAAQ,CAAC,IAAI,CAAC;oBACZ,OAAO,EAAE,QAAQ;oBACjB,MAAM,EAAE,KAAK;oBACb,KAAK,EAAE,KAAK;oBACZ,KAAK,EAAE,gBAAgB;iBACxB,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAGD,IAAI,aAAa,EAAE,EAAE,CAAC;QACpB,QAAQ,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IACjE,CAAC;SAAM,CAAC;QACN,MAAM,WAAW,GAAG,mBAAmB,EAAE,CAAC;QAC1C,IAAI,WAAW,EAAE,CAAC;YAChB,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YACvB,MAAM,aAAa,GAAG,IAAI,IAAI,CAAC,WAAW,CAAC,qBAAqB,CAAC,CAAC,OAAO,EAAE,CAAC;YAC5E,MAAM,KAAK,GAAG,aAAa,GAAG,GAAG,CAAC;YAClC,QAAQ,CAAC,IAAI,CAAC;gBACZ,OAAO,EAAE,MAAM;gBACf,MAAM,EAAE,OAAO;gBACf,SAAS,EAAE,WAAW,CAAC,oBAAoB;gBAC3C,gBAAgB,EAAE,WAAW,CAAC,qBAAqB;gBACnD,KAAK;gBACL,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,uBAAuB;aACnD,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,MAAM,QAAQ,GAAG,sBAAsB,EAAE,CAAC;YAC1C,IAAI,QAAQ,EAAE,CAAC;gBACb,QAAQ,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;YACjE,CAAC;iBAAM,CAAC;gBACN,QAAQ,CAAC,IAAI,CAAC;oBACZ,OAAO,EAAE,MAAM;oBACf,MAAM,EAAE,KAAK;oBACb,KAAK,EAAE,KAAK;oBACZ,KAAK,EAAE,2BAA2B;iBACnC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/auth/github-device-flow.d.ts

@@ -0,0 +1,5 @@
+import type { GitHubDeviceCodeResponse, GitHubOAuthTokens } from './types.js';
+export declare function requestDeviceCode(clientId: string, scopes: string[]): Promise<GitHubDeviceCodeResponse>;
+export declare function pollForToken(clientId: string, deviceCode: string, interval: number, expiresIn: number): Promise<GitHubOAuthTokens>;
+export declare function refreshGitHubToken(clientId: string, refreshToken: string): Promise<GitHubOAuthTokens>;
+//# sourceMappingURL=github-device-flow.d.ts.map

package/dist/auth/github-device-flow.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"github-device-flow.d.ts","sourceRoot":"","sources":["../../src/auth/github-device-flow.ts"],"names":[],"mappings":"AAgBA,OAAO,KAAK,EAAE,wBAAwB,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAY9E,wBAAsB,iBAAiB,CACrC,QAAQ,EAAE,MAAM,EAChB,MAAM,EAAE,MAAM,EAAE,GACf,OAAO,CAAC,wBAAwB,CAAC,CAoCnC;AAUD,wBAAsB,YAAY,CAChC,QAAQ,EAAE,MAAM,EAChB,UAAU,EAAE,MAAM,EAClB,QAAQ,EAAE,MAAM,EAChB,SAAS,EAAE,MAAM,GAChB,OAAO,CAAC,iBAAiB,CAAC,CAwE5B;AAQD,wBAAsB,kBAAkB,CACtC,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC,iBAAiB,CAAC,CA6C5B"}

package/dist/auth/github-device-flow.js

@@ -0,0 +1,139 @@
+const DEVICE_CODE_URL = 'https://github.com/login/device/code';
+const ACCESS_TOKEN_URL = 'https://github.com/login/oauth/access_token';
+const DEFAULT_TIMEOUT_MS = 30_000;
+export async function requestDeviceCode(clientId, scopes) {
+    const controller = new AbortController();
+    const timeout = setTimeout(() => controller.abort(), DEFAULT_TIMEOUT_MS);
+    try {
+        const response = await fetch(DEVICE_CODE_URL, {
+            method: 'POST',
+            headers: {
+                Accept: 'application/json',
+                'Content-Type': 'application/json',
+            },
+            body: JSON.stringify({
+                client_id: clientId,
+                scope: scopes.join(' '),
+            }),
+            signal: controller.signal,
+        });
+        if (!response.ok) {
+            throw new Error(`GitHub device code request failed: ${response.status} ${response.statusText}`);
+        }
+        const data = (await response.json());
+        return {
+            deviceCode: data['device_code'],
+            userCode: data['user_code'],
+            verificationUri: data['verification_uri'],
+            interval: data['interval'] ?? 5,
+            expiresIn: data['expires_in'] ?? 900,
+        };
+    }
+    finally {
+        clearTimeout(timeout);
+    }
+}
+export async function pollForToken(clientId, deviceCode, interval, expiresIn) {
+    const deadline = Date.now() + expiresIn * 1000;
+    let pollInterval = interval;
+    while (Date.now() < deadline) {
+        await sleep(pollInterval * 1000);
+        const controller = new AbortController();
+        const timeout = setTimeout(() => controller.abort(), DEFAULT_TIMEOUT_MS);
+        try {
+            const response = await fetch(ACCESS_TOKEN_URL, {
+                method: 'POST',
+                headers: {
+                    Accept: 'application/json',
+                    'Content-Type': 'application/json',
+                },
+                body: JSON.stringify({
+                    client_id: clientId,
+                    device_code: deviceCode,
+                    grant_type: 'urn:ietf:params:oauth:grant-type:device_code',
+                }),
+                signal: controller.signal,
+            });
+            const data = (await response.json());
+            const error = data['error'];
+            if (error === 'authorization_pending') {
+                continue;
+            }
+            if (error === 'slow_down') {
+                pollInterval += 5;
+                continue;
+            }
+            if (error === 'expired_token') {
+                throw new Error('Device code expired. Please restart the authentication flow.');
+            }
+            if (error === 'access_denied') {
+                throw new Error('User denied the authorization request.');
+            }
+            if (error) {
+                throw new Error(`GitHub OAuth error: ${error}`);
+            }
+            const accessToken = data['access_token'];
+            const refreshToken = data['refresh_token'];
+            const expiresInSec = data['expires_in'] ?? 28800;
+            const refreshExpiresInSec = data['refresh_token_expires_in'] ?? 15811200;
+            const now = new Date();
+            return {
+                method: 'oauth',
+                accessToken,
+                refreshToken,
+                accessTokenExpiresAt: new Date(now.getTime() + expiresInSec * 1000).toISOString(),
+                refreshTokenExpiresAt: new Date(now.getTime() + refreshExpiresInSec * 1000).toISOString(),
+                scopes: (data['scope'] ?? '').split(',').filter(Boolean),
+                tokenType: 'bearer',
+            };
+        }
+        finally {
+            clearTimeout(timeout);
+        }
+    }
+    throw new Error('Device code expired. Please restart the authentication flow.');
+}
+export async function refreshGitHubToken(clientId, refreshToken) {
+    const controller = new AbortController();
+    const timeout = setTimeout(() => controller.abort(), DEFAULT_TIMEOUT_MS);
+    try {
+        const response = await fetch(ACCESS_TOKEN_URL, {
+            method: 'POST',
+            headers: {
+                Accept: 'application/json',
+                'Content-Type': 'application/json',
+            },
+            body: JSON.stringify({
+                client_id: clientId,
+                grant_type: 'refresh_token',
+                refresh_token: refreshToken,
+            }),
+            signal: controller.signal,
+        });
+        const data = (await response.json());
+        if (data['error']) {
+            throw new Error(`GitHub token refresh failed: ${String(data['error'])} — ${String(data['error_description'] ?? '')}`);
+        }
+        const accessToken = data['access_token'];
+        const newRefreshToken = data['refresh_token'];
+        const expiresInSec = data['expires_in'] ?? 28800;
+        const refreshExpiresInSec = data['refresh_token_expires_in'] ?? 15811200;
+        const now = new Date();
+        return {
+            method: 'oauth',
+            accessToken,
+            refreshToken: newRefreshToken,
+            accessTokenExpiresAt: new Date(now.getTime() + expiresInSec * 1000).toISOString(),
+            refreshTokenExpiresAt: new Date(now.getTime() + refreshExpiresInSec * 1000).toISOString(),
+            scopes: (data['scope'] ?? '').split(',').filter(Boolean),
+            tokenType: 'bearer',
+        };
+    }
+    finally {
+        clearTimeout(timeout);
+    }
+}
+function sleep(ms) {
+    return new Promise((resolve) => setTimeout(resolve, ms));
+}
+//# sourceMappingURL=github-device-flow.js.map

package/dist/auth/github-device-flow.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"github-device-flow.js","sourceRoot":"","sources":["../../src/auth/github-device-flow.ts"],"names":[],"mappings":"AAkBA,MAAM,eAAe,GAAG,sCAAsC,CAAC;AAC/D,MAAM,gBAAgB,GAAG,6CAA6C,CAAC;AACvE,MAAM,kBAAkB,GAAG,MAAM,CAAC;AAQlC,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,QAAgB,EAChB,MAAgB;IAEhB,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;IACzC,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,kBAAkB,CAAC,CAAC;IAEzE,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,eAAe,EAAE;YAC5C,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,MAAM,EAAE,kBAAkB;gBAC1B,cAAc,EAAE,kBAAkB;aACnC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,SAAS,EAAE,QAAQ;gBACnB,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC;aACxB,CAAC;YACF,MAAM,EAAE,UAAU,CAAC,MAAM;SAC1B,CAAC,CAAC;QAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;YACjB,MAAM,IAAI,KAAK,CACb,sCAAsC,QAAQ,CAAC,MAAM,IAAI,QAAQ,CAAC,UAAU,EAAE,CAC/E,CAAC;QACJ,CAAC;QAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAA4B,CAAC;QAEhE,OAAO;YACL,UAAU,EAAE,IAAI,CAAC,aAAa,CAAW;YACzC,QAAQ,EAAE,IAAI,CAAC,WAAW,CAAW;YACrC,eAAe,EAAE,IAAI,CAAC,kBAAkB,CAAW;YACnD,QAAQ,EAAG,IAAI,CAAC,UAAU,CAAY,IAAI,CAAC;YAC3C,SAAS,EAAG,IAAI,CAAC,YAAY,CAAY,IAAI,GAAG;SACjD,CAAC;IACJ,CAAC;YAAS,CAAC;QACT,YAAY,CAAC,OAAO,CAAC,CAAC;IACxB,CAAC;AACH,CAAC;AAUD,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,QAAgB,EAChB,UAAkB,EAClB,QAAgB,EAChB,SAAiB;IAEjB,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,GAAG,IAAI,CAAC;IAC/C,IAAI,YAAY,GAAG,QAAQ,CAAC;IAE5B,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,EAAE,CAAC;QAC7B,MAAM,KAAK,CAAC,YAAY,GAAG,IAAI,CAAC,CAAC;QAEjC,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;QACzC,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,kBAAkB,CAAC,CAAC;QAEzE,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,gBAAgB,EAAE;gBAC7C,MAAM,EAAE,MAAM;gBACd,OAAO,EAAE;oBACP,MAAM,EAAE,kBAAkB;oBAC1B,cAAc,EAAE,kBAAkB;iBACnC;gBACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;oBACnB,SAAS,EAAE,QAAQ;oBACnB,WAAW,EAAE,UAAU;oBACvB,UAAU,EAAE,8CAA8C;iBAC3D,CAAC;gBACF,MAAM,EAAE,UAAU,CAAC,MAAM;aAC1B,CAAC,CAAC;YAEH,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAA4B,CAAC;YAChE,MAAM,KAAK,GAAG,IAAI,CAAC,OAAO,CAAuB,CAAC;YAElD,IAAI,KAAK,KAAK,uBAAuB,EAAE,CAAC;gBACtC,SAAS;YACX,CAAC;YAED,IAAI,KAAK,KAAK,WAAW,EAAE,CAAC;gBAE1B,YAAY,IAAI,CAAC,CAAC;gBAClB,SAAS;YACX,CAAC;YAED,IAAI,KAAK,KAAK,eAAe,EAAE,CAAC;gBAC9B,MAAM,IAAI,KAAK,CAAC,8DAA8D,CAAC,CAAC;YAClF,CAAC;YAED,IAAI,KAAK,KAAK,eAAe,EAAE,CAAC;gBAC9B,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;YAC5D,CAAC;YAED,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,IAAI,KAAK,CAAC,uBAAuB,KAAK,EAAE,CAAC,CAAC;YAClD,CAAC;YAGD,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,CAAW,CAAC;YACnD,MAAM,YAAY,GAAG,IAAI,CAAC,eAAe,CAAW,CAAC;YACrD,MAAM,YAAY,GAAI,IAAI,CAAC,YAAY,CAAY,IAAI,KAAK,CAAC;YAC7D,MAAM,mBAAmB,GAAI,IAAI,CAAC,0BAA0B,CAAY,IAAI,QAAQ,CAAC;YAErF,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;YACvB,OAAO;gBACL,MAAM,EAAE,OAAO;gBACf,WAAW;gBACX,YAAY;gBACZ,oBAAoB,EAAE,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,YAAY,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE;gBACjF,qBAAqB,EAAE,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,mBAAmB,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE;gBACzF,MAAM,EAAE,CAAE,IAAI,CAAC,OAAO,CAAY,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC;gBACpE,SAAS,EAAE,QAAQ;aACpB,CAAC;QACJ,CAAC;gBAAS,CAAC;YACT,YAAY,CAAC,OAAO,CAAC,CAAC;QACxB,CAAC;IACH,CAAC;IAED,MAAM,IAAI,KAAK,CAAC,8DAA8D,CAAC,CAAC;AAClF,CAAC;AAQD,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,QAAgB,EAChB,YAAoB;IAEpB,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;IACzC,MAAM,OAAO,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,kBAAkB,CAAC,CAAC;IAEzE,IAAI,CAAC;QACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,gBAAgB,EAAE;YAC7C,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,MAAM,EAAE,kBAAkB;gBAC1B,cAAc,EAAE,kBAAkB;aACnC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,SAAS,EAAE,QAAQ;gBACnB,UAAU,EAAE,eAAe;gBAC3B,aAAa,EAAE,YAAY;aAC5B,CAAC;YACF,MAAM,EAAE,UAAU,CAAC,MAAM;SAC1B,CAAC,CAAC;QAEH,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAA4B,CAAC;QAEhE,IAAI,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YAClB,MAAM,IAAI,KAAK,CACb,gCAAgC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,IAAI,EAAE,CAAC,EAAE,CACrG,CAAC;QACJ,CAAC;QAED,MAAM,WAAW,GAAG,IAAI,CAAC,cAAc,CAAW,CAAC;QACnD,MAAM,eAAe,GAAG,IAAI,CAAC,eAAe,CAAW,CAAC;QACxD,MAAM,YAAY,GAAI,IAAI,CAAC,YAAY,CAAY,IAAI,KAAK,CAAC;QAC7D,MAAM,mBAAmB,GAAI,IAAI,CAAC,0BAA0B,CAAY,IAAI,QAAQ,CAAC;QAErF,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,OAAO;YACL,MAAM,EAAE,OAAO;YACf,WAAW;YACX,YAAY,EAAE,eAAe;YAC7B,oBAAoB,EAAE,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,YAAY,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE;YACjF,qBAAqB,EAAE,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,mBAAmB,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE;YACzF,MAAM,EAAE,CAAE,IAAI,CAAC,OAAO,CAAY,IAAI,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC;YACpE,SAAS,EAAE,QAAQ;SACpB,CAAC;IACJ,CAAC;YAAS,CAAC;QACT,YAAY,CAAC,OAAO,CAAC,CAAC;IACxB,CAAC;AACH,CAAC;AAID,SAAS,KAAK,CAAC,EAAU;IACvB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,CAAC;AAC3D,CAAC"}

package/dist/auth/jira-oauth-flow.d.ts

@@ -0,0 +1,19 @@
+import type { JiraOAuthTokens, JiraCloudResource } from './types.js';
+export declare function buildAuthorizationUrl(clientId: string, redirectUri: string, state: string, scopes: string[]): string;
+export declare function generateState(): string;
+export declare function waitForAuthCode(port: number, state: string, timeoutMs?: number): Promise<string>;
+export declare function exchangeCodeForTokens(clientId: string, clientSecret: string, code: string, redirectUri: string): Promise<{
+    accessToken: string;
+    refreshToken: string;
+    expiresIn: number;
+    scope: string;
+}>;
+export declare function discoverCloudResources(accessToken: string): Promise<JiraCloudResource[]>;
+export declare function refreshJiraToken(clientId: string, clientSecret: string, refreshToken: string): Promise<{
+    accessToken: string;
+    refreshToken: string;
+    expiresIn: number;
+    scope: string;
+}>;
+export declare function completeJiraOAuthFlow(clientId: string, clientSecret: string, code: string, redirectUri: string, scopes: string[]): Promise<JiraOAuthTokens>;
+//# sourceMappingURL=jira-oauth-flow.d.ts.map

package/dist/auth/jira-oauth-flow.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"jira-oauth-flow.d.ts","sourceRoot":"","sources":["../../src/auth/jira-oauth-flow.ts"],"names":[],"mappings":"AAmBA,OAAO,KAAK,EAAE,eAAe,EAAE,iBAAiB,EAAE,MAAM,YAAY,CAAC;AAarE,wBAAgB,qBAAqB,CACnC,QAAQ,EAAE,MAAM,EAChB,WAAW,EAAE,MAAM,EACnB,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,MAAM,EAAE,GACf,MAAM,CAYR;AAKD,wBAAgB,aAAa,IAAI,MAAM,CAEtC;AAaD,wBAAsB,eAAe,CACnC,IAAI,EAAE,MAAM,EACZ,KAAK,EAAE,MAAM,EACb,SAAS,SAAU,GAClB,OAAO,CAAC,MAAM,CAAC,CAoEjB;AAOD,wBAAsB,qBAAqB,CACzC,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,EACpB,IAAI,EAAE,MAAM,EACZ,WAAW,EAAE,MAAM,GAClB,OAAO,CAAC;IAAE,WAAW,EAAE,MAAM,CAAC;IAAC,YAAY,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CAAC,CAiC1F;AAQD,wBAAsB,sBAAsB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,EAAE,CAAC,CA0B9F;AAQD,wBAAsB,gBAAgB,CACpC,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,EACpB,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC;IAAE,WAAW,EAAE,MAAM,CAAC;IAAC,YAAY,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CAAC,CAgC1F;AASD,wBAAsB,qBAAqB,CACzC,QAAQ,EAAE,MAAM,EAChB,YAAY,EAAE,MAAM,EACpB,IAAI,EAAE,MAAM,EACZ,WAAW,EAAE,MAAM,EACnB,MAAM,EAAE,MAAM,EAAE,GACf,OAAO,CAAC,eAAe,CAAC,CA0B1B"}

package/dist/auth/jira-oauth-flow.js

@@ -0,0 +1,210 @@
+import { createServer } from 'node:http';
+import { randomBytes } from 'node:crypto';
+const AUTH_URL = 'https://auth.atlassian.com/authorize';
+const TOKEN_URL = 'https://auth.atlassian.com/oauth/token';
+const RESOURCES_URL = 'https://api.atlassian.com/oauth/token/accessible-resources';
+const DEFAULT_TIMEOUT_MS = 30_000;
+export function buildAuthorizationUrl(clientId, redirectUri, state, scopes) {
+    const params = new URLSearchParams({
+        audience: 'api.atlassian.com',
+        client_id: clientId,
+        scope: scopes.join(' '),
+        redirect_uri: redirectUri,
+        state,
+        response_type: 'code',
+        prompt: 'consent',
+    });
+    return `${AUTH_URL}?${params.toString()}`;
+}
+export function generateState() {
+    return randomBytes(16).toString('hex');
+}
+export async function waitForAuthCode(port, state, timeoutMs = 120_000) {
+    return new Promise((resolve, reject) => {
+        let server;
+        const timer = setTimeout(() => {
+            server?.close();
+            reject(new Error('OAuth callback timed out. Please try again.'));
+        }, timeoutMs);
+        server = createServer((req, res) => {
+            const url = new URL(req.url ?? '/', `http://localhost:${port}`);
+            if (url.pathname !== '/callback') {
+                res.writeHead(404, { 'Content-Type': 'text/plain' });
+                res.end('Not found');
+                return;
+            }
+            const code = url.searchParams.get('code');
+            const returnedState = url.searchParams.get('state');
+            const error = url.searchParams.get('error');
+            clearTimeout(timer);
+            if (error) {
+                res.writeHead(200, { 'Content-Type': 'text/html' });
+                res.end(errorHtml(error));
+                server.close();
+                reject(new Error(`Jira OAuth error: ${error}`));
+                return;
+            }
+            if (returnedState !== state) {
+                res.writeHead(200, { 'Content-Type': 'text/html' });
+                res.end(errorHtml('State mismatch — possible CSRF attack. Please try again.'));
+                server.close();
+                reject(new Error('OAuth state mismatch — possible CSRF attack.'));
+                return;
+            }
+            if (!code) {
+                res.writeHead(200, { 'Content-Type': 'text/html' });
+                res.end(errorHtml('No authorization code received.'));
+                server.close();
+                reject(new Error('No authorization code received from Jira.'));
+                return;
+            }
+            res.writeHead(200, { 'Content-Type': 'text/html' });
+            res.end(successHtml());
+            server.close();
+            resolve(code);
+        });
+        server.on('error', (err) => {
+            clearTimeout(timer);
+            if (err.code === 'EADDRINUSE') {
+                reject(new Error(`Port ${port} is already in use. Close the process using it and try again.`));
+            }
+            else {
+                reject(new Error(`Failed to start OAuth callback server: ${err.message}`));
+            }
+        });
+        server.listen(port, '127.0.0.1');
+    });
+}
+export async function exchangeCodeForTokens(clientId, clientSecret, code, redirectUri) {
+    const controller = new AbortController();
+    const timeout = setTimeout(() => controller.abort(), DEFAULT_TIMEOUT_MS);
+    try {
+        const response = await fetch(TOKEN_URL, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({
+                grant_type: 'authorization_code',
+                client_id: clientId,
+                client_secret: clientSecret,
+                code,
+                redirect_uri: redirectUri,
+            }),
+            signal: controller.signal,
+        });
+        if (!response.ok) {
+            const body = await response.text();
+            throw new Error(`Jira token exchange failed: ${response.status} — ${body}`);
+        }
+        const data = (await response.json());
+        return {
+            accessToken: data['access_token'],
+            refreshToken: data['refresh_token'],
+            expiresIn: data['expires_in'] ?? 3600,
+            scope: data['scope'] ?? '',
+        };
+    }
+    finally {
+        clearTimeout(timeout);
+    }
+}
+export async function discoverCloudResources(accessToken) {
+    const controller = new AbortController();
+    const timeout = setTimeout(() => controller.abort(), DEFAULT_TIMEOUT_MS);
+    try {
+        const response = await fetch(RESOURCES_URL, {
+            headers: {
+                Authorization: `Bearer ${accessToken}`,
+                Accept: 'application/json',
+            },
+            signal: controller.signal,
+        });
+        if (!response.ok) {
+            throw new Error(`Cloud resource discovery failed: ${response.status} ${response.statusText}`);
+        }
+        const data = (await response.json());
+        return data.map((resource) => ({
+            id: resource['id'],
+            url: resource['url'],
+            name: resource['name'],
+        }));
+    }
+    finally {
+        clearTimeout(timeout);
+    }
+}
+export async function refreshJiraToken(clientId, clientSecret, refreshToken) {
+    const controller = new AbortController();
+    const timeout = setTimeout(() => controller.abort(), DEFAULT_TIMEOUT_MS);
+    try {
+        const response = await fetch(TOKEN_URL, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({
+                grant_type: 'refresh_token',
+                client_id: clientId,
+                client_secret: clientSecret,
+                refresh_token: refreshToken,
+            }),
+            signal: controller.signal,
+        });
+        if (!response.ok) {
+            const body = await response.text();
+            throw new Error(`Jira token refresh failed: ${response.status} — ${body}`);
+        }
+        const data = (await response.json());
+        return {
+            accessToken: data['access_token'],
+            refreshToken: data['refresh_token'],
+            expiresIn: data['expires_in'] ?? 3600,
+            scope: data['scope'] ?? '',
+        };
+    }
+    finally {
+        clearTimeout(timeout);
+    }
+}
+export async function completeJiraOAuthFlow(clientId, clientSecret, code, redirectUri, scopes) {
+    const tokenResult = await exchangeCodeForTokens(clientId, clientSecret, code, redirectUri);
+    const resources = await discoverCloudResources(tokenResult.accessToken);
+    if (resources.length === 0) {
+        throw new Error('No accessible Jira Cloud sites found. Ensure you have access to at least one site.');
+    }
+    const cloud = resources[0];
+    const now = new Date();
+    return {
+        method: 'oauth',
+        accessToken: tokenResult.accessToken,
+        refreshToken: tokenResult.refreshToken,
+        accessTokenExpiresAt: new Date(now.getTime() + tokenResult.expiresIn * 1000).toISOString(),
+        refreshTokenExpiresAt: new Date(now.getTime() + 90 * 24 * 60 * 60 * 1000).toISOString(),
+        cloudId: cloud.id,
+        cloudUrl: `https://api.atlassian.com/ex/jira/${cloud.id}`,
+        scopes,
+        tokenType: 'bearer',
+    };
+}
+function successHtml() {
+    return `<!DOCTYPE html>
+<html><head><title>Prodbeam — Authorized</title></head>
+<body style="font-family:system-ui;text-align:center;padding:40px">
+<h2>Authorized</h2>
+<p>You can close this tab and return to the terminal.</p>
+</body></html>`;
+}
+function errorHtml(message) {
+    return `<!DOCTYPE html>
+<html><head><title>Prodbeam — Error</title></head>
+<body style="font-family:system-ui;text-align:center;padding:40px">
+<h2>Authorization Failed</h2>
+<p>${escapeHtml(message)}</p>
+<p>Please return to the terminal and try again.</p>
+</body></html>`;
+}
+function escapeHtml(str) {
+    return str
+        .replace(/&/g, '&amp;')
+        .replace(/</g, '&lt;')
+        .replace(/>/g, '&gt;')
+        .replace(/"/g, '&quot;');
+}
+//# sourceMappingURL=jira-oauth-flow.js.map