@reaudit/mcp-server 1.0.0

package/dist/auth/oauth-client.js

@@ -0,0 +1,340 @@
+"use strict";
+/**
+ * OAuth Client
+ *
+ * Handles the OAuth 2.0 authorization code flow with PKCE
+ * for authenticating with the Reaudit API.
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.OAuthClient = void 0;
+const http = __importStar(require("http"));
+const crypto = __importStar(require("crypto"));
+const url = __importStar(require("url"));
+const child_process = __importStar(require("child_process"));
+const axios_1 = __importDefault(require("axios"));
+const token_store_js_1 = require("./token-store.js");
+/**
+ * Open URL in default browser (cross-platform)
+ */
+async function openBrowser(url) {
+    const platform = process.platform;
+    let command;
+    let args;
+    if (platform === 'darwin') {
+        command = 'open';
+        args = [url];
+    }
+    else if (platform === 'win32') {
+        command = 'cmd';
+        args = ['/c', 'start', '', url];
+    }
+    else {
+        // Linux and others
+        command = 'xdg-open';
+        args = [url];
+    }
+    return new Promise((resolve, reject) => {
+        const proc = child_process.spawn(command, args, {
+            detached: true,
+            stdio: 'ignore',
+        });
+        proc.unref();
+        proc.on('error', reject);
+        // Resolve immediately since we detached
+        setTimeout(resolve, 100);
+    });
+}
+const CALLBACK_PORT = 3847;
+const CLIENT_ID = process.env.REAUDIT_CLIENT_ID || 'reaudit-mcp-server';
+/**
+ * Generate PKCE code verifier
+ */
+function generateCodeVerifier() {
+    return crypto.randomBytes(32).toString('base64url');
+}
+/**
+ * Generate PKCE code challenge from verifier
+ */
+function generateCodeChallenge(verifier) {
+    return crypto.createHash('sha256').update(verifier).digest('base64url');
+}
+/**
+ * OAuth Client class
+ */
+class OAuthClient {
+    baseUrl;
+    tokenStore;
+    constructor(baseUrl) {
+        this.baseUrl = baseUrl;
+        this.tokenStore = new token_store_js_1.TokenStore(baseUrl);
+    }
+    /**
+     * Get a valid access token, refreshing if necessary
+     */
+    async getAccessToken() {
+        // Check for existing tokens
+        const tokens = this.tokenStore.loadTokens();
+        if (tokens) {
+            // Check if access token is still valid
+            if (!this.tokenStore.isAccessTokenExpired()) {
+                return tokens.accessToken;
+            }
+            // Try to refresh
+            try {
+                const newTokens = await this.refreshToken(tokens.refreshToken);
+                return newTokens.access_token;
+            }
+            catch (error) {
+                console.error('Token refresh failed, need to re-authenticate');
+                this.tokenStore.clearTokens();
+            }
+        }
+        // No valid tokens, need to authenticate
+        return this.authenticate();
+    }
+    /**
+     * Start the OAuth flow
+     */
+    async authenticate() {
+        return new Promise((resolve, reject) => {
+            const codeVerifier = generateCodeVerifier();
+            const codeChallenge = generateCodeChallenge(codeVerifier);
+            const state = crypto.randomBytes(16).toString('hex');
+            // Create local server to receive callback
+            const server = http.createServer(async (req, res) => {
+                const parsedUrl = url.parse(req.url || '', true);
+                if (parsedUrl.pathname === '/callback') {
+                    const code = parsedUrl.query.code;
+                    const returnedState = parsedUrl.query.state;
+                    const error = parsedUrl.query.error;
+                    if (error) {
+                        res.writeHead(400, { 'Content-Type': 'text/html; charset=utf-8' });
+                        res.end(this.getErrorPage('Authorization Denied', error === 'access_denied' ? 'You denied the authorization request.' : `Error: ${error}`));
+                        server.close();
+                        reject(new Error(`OAuth error: ${error}`));
+                        return;
+                    }
+                    if (returnedState !== state) {
+                        res.writeHead(400, { 'Content-Type': 'text/html; charset=utf-8' });
+                        res.end(this.getErrorPage('Security Error', 'State mismatch detected. This could be a security issue. Please try again.'));
+                        server.close();
+                        reject(new Error('State mismatch'));
+                        return;
+                    }
+                    try {
+                        // Exchange code for tokens
+                        const tokens = await this.exchangeCode(code, codeVerifier);
+                        // Save tokens
+                        this.tokenStore.saveTokens({
+                            accessToken: tokens.access_token,
+                            refreshToken: tokens.refresh_token,
+                            expiresAt: Math.floor(Date.now() / 1000) + tokens.expires_in,
+                            scope: tokens.scope,
+                        });
+                        res.writeHead(200, { 'Content-Type': 'text/html; charset=utf-8' });
+                        res.end(`
+              <!DOCTYPE html>
+              <html lang="en">
+                <head>
+                  <meta charset="UTF-8">
+                  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+                  <title>Authorization Successful - Reaudit</title>
+                  <link rel="icon" href="https://reaudit.io/favicon.ico">
+                </head>
+                <body style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif; padding: 40px; text-align: center; background: linear-gradient(135deg, #f5f7fa 0%, #e4e8ec 100%); min-height: 100vh; margin: 0; display: flex; flex-direction: column; align-items: center; justify-content: center;">
+                  <div style="background: white; padding: 48px; border-radius: 16px; box-shadow: 0 4px 24px rgba(0,0,0,0.1); max-width: 420px;">
+                    <img src="https://reaudit.io/reaudit-logo-light.svg" alt="Reaudit" style="height: 40px; margin-bottom: 24px;">
+                    <div style="width: 64px; height: 64px; background: #10b981; border-radius: 50%; display: flex; align-items: center; justify-content: center; margin: 0 auto 20px;">
+                      <svg width="32" height="32" viewBox="0 0 24 24" fill="none" stroke="white" stroke-width="3" stroke-linecap="round" stroke-linejoin="round">
+                        <polyline points="20 6 9 17 4 12"></polyline>
+                      </svg>
+                    </div>
+                    <h1 style="color: #10b981; margin: 0 0 12px; font-size: 24px; font-weight: 600;">Authorization Successful</h1>
+                    <p style="color: #64748b; margin: 0 0 24px; font-size: 15px;">You can close this window and return to your AI assistant.</p>
+                    <p style="color: #94a3b8; font-size: 13px; margin: 0;">This window will close automatically in 3 seconds...</p>
+                  </div>
+                  <p style="color: #94a3b8; font-size: 12px; margin-top: 24px;">
+                    <a href="https://reaudit.io/help/mcp" style="color: #231f20; text-decoration: none;">Need help?</a>
+                    &nbsp;&bull;&nbsp;
+                    <a href="https://reaudit.io" style="color: #231f20; text-decoration: none;">reaudit.io</a>
+                  </p>
+                  <script>setTimeout(() => window.close(), 3000);</script>
+                </body>
+              </html>
+            `);
+                        server.close();
+                        resolve(tokens.access_token);
+                    }
+                    catch (err) {
+                        console.error('Token exchange error:', err);
+                        res.writeHead(500, { 'Content-Type': 'text/html; charset=utf-8' });
+                        res.end(this.getErrorPage('Token Exchange Failed', 'Failed to complete authorization. Please try again or contact support.'));
+                        server.close();
+                        reject(err);
+                    }
+                }
+            });
+            server.listen(CALLBACK_PORT, () => {
+                // Build authorization URL
+                const authUrl = new URL(`${this.baseUrl}/api/oauth/authorize`);
+                authUrl.searchParams.set('client_id', CLIENT_ID);
+                authUrl.searchParams.set('redirect_uri', `http://localhost:${CALLBACK_PORT}/callback`);
+                authUrl.searchParams.set('response_type', 'code');
+                authUrl.searchParams.set('scope', 'full_access');
+                authUrl.searchParams.set('state', state);
+                authUrl.searchParams.set('code_challenge', codeChallenge);
+                authUrl.searchParams.set('code_challenge_method', 'S256');
+                console.error('\n🔐 Opening browser for authentication...');
+                console.error('If the browser doesn\'t open, visit this URL:');
+                console.error(authUrl.toString());
+                console.error('');
+                // Open browser
+                openBrowser(authUrl.toString()).catch(() => {
+                    console.error('Could not open browser automatically.');
+                });
+            });
+            // Timeout after 5 minutes
+            setTimeout(() => {
+                server.close();
+                reject(new Error('Authentication timeout'));
+            }, 5 * 60 * 1000);
+        });
+    }
+    /**
+     * Exchange authorization code for tokens
+     */
+    async exchangeCode(code, codeVerifier) {
+        const response = await axios_1.default.post(`${this.baseUrl}/api/oauth/token`, {
+            grant_type: 'authorization_code',
+            client_id: CLIENT_ID,
+            code,
+            redirect_uri: `http://localhost:${CALLBACK_PORT}/callback`,
+            code_verifier: codeVerifier,
+        }, {
+            headers: {
+                'Content-Type': 'application/json',
+            },
+        });
+        return response.data;
+    }
+    /**
+     * Refresh access token
+     */
+    async refreshToken(refreshToken) {
+        const response = await axios_1.default.post(`${this.baseUrl}/api/oauth/token`, {
+            grant_type: 'refresh_token',
+            client_id: CLIENT_ID,
+            refresh_token: refreshToken,
+        }, {
+            headers: {
+                'Content-Type': 'application/json',
+            },
+        });
+        // Save new tokens
+        this.tokenStore.saveTokens({
+            accessToken: response.data.access_token,
+            refreshToken: response.data.refresh_token,
+            expiresAt: Math.floor(Date.now() / 1000) + response.data.expires_in,
+            scope: response.data.scope,
+        });
+        return response.data;
+    }
+    /**
+     * Revoke tokens and clear local storage
+     */
+    async logout() {
+        const tokens = this.tokenStore.loadTokens();
+        if (tokens) {
+            try {
+                await axios_1.default.post(`${this.baseUrl}/api/oauth/revoke`, {
+                    token: tokens.refreshToken,
+                    token_type_hint: 'refresh_token',
+                });
+            }
+            catch (error) {
+                // Ignore errors during revocation
+            }
+        }
+        this.tokenStore.clearTokens();
+    }
+    /**
+     * Check if user is authenticated
+     */
+    isAuthenticated() {
+        const tokens = this.tokenStore.loadTokens();
+        return tokens !== null;
+    }
+    /**
+     * Generate branded error page HTML
+     */
+    getErrorPage(title, message) {
+        return `
+      <!DOCTYPE html>
+      <html lang="en">
+        <head>
+          <meta charset="UTF-8">
+          <meta name="viewport" content="width=device-width, initial-scale=1.0">
+          <title>${title} - Reaudit</title>
+          <link rel="icon" href="https://reaudit.io/favicon.ico">
+        </head>
+        <body style="font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif; padding: 40px; text-align: center; background: linear-gradient(135deg, #f5f7fa 0%, #e4e8ec 100%); min-height: 100vh; margin: 0; display: flex; flex-direction: column; align-items: center; justify-content: center;">
+          <div style="background: white; padding: 48px; border-radius: 16px; box-shadow: 0 4px 24px rgba(0,0,0,0.1); max-width: 420px;">
+            <img src="https://reaudit.io/reaudit-logo-light.svg" alt="Reaudit" style="height: 40px; margin-bottom: 24px;">
+            <div style="width: 64px; height: 64px; background: #ef4444; border-radius: 50%; display: flex; align-items: center; justify-content: center; margin: 0 auto 20px;">
+              <svg width="32" height="32" viewBox="0 0 24 24" fill="none" stroke="white" stroke-width="3" stroke-linecap="round" stroke-linejoin="round">
+                <line x1="18" y1="6" x2="6" y2="18"></line>
+                <line x1="6" y1="6" x2="18" y2="18"></line>
+              </svg>
+            </div>
+            <h1 style="color: #ef4444; margin: 0 0 12px; font-size: 24px; font-weight: 600;">${title}</h1>
+            <p style="color: #64748b; margin: 0 0 24px; font-size: 15px;">${message}</p>
+            <button onclick="window.close()" style="background: #231f20; color: white; border: none; padding: 12px 24px; border-radius: 8px; font-size: 14px; font-weight: 500; cursor: pointer;">Close Window</button>
+          </div>
+          <p style="color: #94a3b8; font-size: 12px; margin-top: 24px;">
+            <a href="https://reaudit.io/help/mcp" style="color: #231f20; text-decoration: none;">Need help?</a>
+            &nbsp;&bull;&nbsp;
+            <a href="https://reaudit.io" style="color: #231f20; text-decoration: none;">reaudit.io</a>
+          </p>
+        </body>
+      </html>
+    `;
+    }
+}
+exports.OAuthClient = OAuthClient;
+//# sourceMappingURL=oauth-client.js.map

package/dist/auth/oauth-client.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-client.js","sourceRoot":"","sources":["../../src/auth/oauth-client.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,2CAA6B;AAC7B,+CAAiC;AACjC,yCAA2B;AAC3B,6DAA+C;AAC/C,kDAA0B;AAC1B,qDAA8C;AAE9C;;GAEG;AACH,KAAK,UAAU,WAAW,CAAC,GAAW;IACpC,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IAClC,IAAI,OAAe,CAAC;IACpB,IAAI,IAAc,CAAC;IAEnB,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;QAC1B,OAAO,GAAG,MAAM,CAAC;QACjB,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IACf,CAAC;SAAM,IAAI,QAAQ,KAAK,OAAO,EAAE,CAAC;QAChC,OAAO,GAAG,KAAK,CAAC;QAChB,IAAI,GAAG,CAAC,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,GAAG,CAAC,CAAC;IAClC,CAAC;SAAM,CAAC;QACN,mBAAmB;QACnB,OAAO,GAAG,UAAU,CAAC;QACrB,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;IACf,CAAC;IAED,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,IAAI,GAAG,aAAa,CAAC,KAAK,CAAC,OAAO,EAAE,IAAI,EAAE;YAC9C,QAAQ,EAAE,IAAI;YACd,KAAK,EAAE,QAAQ;SAChB,CAAC,CAAC;QACH,IAAI,CAAC,KAAK,EAAE,CAAC;QACb,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QACzB,wCAAwC;QACxC,UAAU,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;IAC3B,CAAC,CAAC,CAAC;AACL,CAAC;AAED,MAAM,aAAa,GAAG,IAAI,CAAC;AAC3B,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,oBAAoB,CAAC;AAUxE;;GAEG;AACH,SAAS,oBAAoB;IAC3B,OAAO,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;AACtD,CAAC;AAED;;GAEG;AACH,SAAS,qBAAqB,CAAC,QAAgB;IAC7C,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;AAC1E,CAAC;AAED;;GAEG;AACH,MAAa,WAAW;IACd,OAAO,CAAS;IAChB,UAAU,CAAa;IAE/B,YAAY,OAAe;QACzB,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;QACvB,IAAI,CAAC,UAAU,GAAG,IAAI,2BAAU,CAAC,OAAO,CAAC,CAAC;IAC5C,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc;QAClB,4BAA4B;QAC5B,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE,CAAC;QAE5C,IAAI,MAAM,EAAE,CAAC;YACX,uCAAuC;YACvC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,oBAAoB,EAAE,EAAE,CAAC;gBAC5C,OAAO,MAAM,CAAC,WAAW,CAAC;YAC5B,CAAC;YAED,iBAAiB;YACjB,IAAI,CAAC;gBACH,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;gBAC/D,OAAO,SAAS,CAAC,YAAY,CAAC;YAChC,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,OAAO,CAAC,KAAK,CAAC,+CAA+C,CAAC,CAAC;gBAC/D,IAAI,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC;YAChC,CAAC;QACH,CAAC;QAED,wCAAwC;QACxC,OAAO,IAAI,CAAC,YAAY,EAAE,CAAC;IAC7B,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,YAAY;QAChB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,YAAY,GAAG,oBAAoB,EAAE,CAAC;YAC5C,MAAM,aAAa,GAAG,qBAAqB,CAAC,YAAY,CAAC,CAAC;YAC1D,MAAM,KAAK,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;YAErD,0CAA0C;YAC1C,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;gBAClD,MAAM,SAAS,GAAG,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,GAAG,IAAI,EAAE,EAAE,IAAI,CAAC,CAAC;gBAEjD,IAAI,SAAS,CAAC,QAAQ,KAAK,WAAW,EAAE,CAAC;oBACvC,MAAM,IAAI,GAAG,SAAS,CAAC,KAAK,CAAC,IAAc,CAAC;oBAC5C,MAAM,aAAa,GAAG,SAAS,CAAC,KAAK,CAAC,KAAe,CAAC;oBACtD,MAAM,KAAK,GAAG,SAAS,CAAC,KAAK,CAAC,KAAe,CAAC;oBAE9C,IAAI,KAAK,EAAE,CAAC;wBACV,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,0BAA0B,EAAE,CAAC,CAAC;wBACnE,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,sBAAsB,EAAE,KAAK,KAAK,eAAe,CAAC,CAAC,CAAC,uCAAuC,CAAC,CAAC,CAAC,UAAU,KAAK,EAAE,CAAC,CAAC,CAAC;wBAC5I,MAAM,CAAC,KAAK,EAAE,CAAC;wBACf,MAAM,CAAC,IAAI,KAAK,CAAC,gBAAgB,KAAK,EAAE,CAAC,CAAC,CAAC;wBAC3C,OAAO;oBACT,CAAC;oBAED,IAAI,aAAa,KAAK,KAAK,EAAE,CAAC;wBAC5B,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,0BAA0B,EAAE,CAAC,CAAC;wBACnE,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,gBAAgB,EAAE,4EAA4E,CAAC,CAAC,CAAC;wBAC3H,MAAM,CAAC,KAAK,EAAE,CAAC;wBACf,MAAM,CAAC,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAC,CAAC;wBACpC,OAAO;oBACT,CAAC;oBAED,IAAI,CAAC;wBACH,2BAA2B;wBAC3B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;wBAE3D,cAAc;wBACd,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC;4BACzB,WAAW,EAAE,MAAM,CAAC,YAAY;4BAChC,YAAY,EAAE,MAAM,CAAC,aAAa;4BAClC,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,MAAM,CAAC,UAAU;4BAC5D,KAAK,EAAE,MAAM,CAAC,KAAK;yBACpB,CAAC,CAAC;wBAEH,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,0BAA0B,EAAE,CAAC,CAAC;wBACnE,GAAG,CAAC,GAAG,CAAC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;aA6BP,CAAC,CAAC;wBAEH,MAAM,CAAC,KAAK,EAAE,CAAC;wBACf,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;oBAC/B,CAAC;oBAAC,OAAO,GAAG,EAAE,CAAC;wBACb,OAAO,CAAC,KAAK,CAAC,uBAAuB,EAAE,GAAG,CAAC,CAAC;wBAC5C,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,0BAA0B,EAAE,CAAC,CAAC;wBACnE,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,uBAAuB,EAAE,wEAAwE,CAAC,CAAC,CAAC;wBAC9H,MAAM,CAAC,KAAK,EAAE,CAAC;wBACf,MAAM,CAAC,GAAG,CAAC,CAAC;oBACd,CAAC;gBACH,CAAC;YACH,CAAC,CAAC,CAAC;YAEH,MAAM,CAAC,MAAM,CAAC,aAAa,EAAE,GAAG,EAAE;gBAChC,0BAA0B;gBAC1B,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,GAAG,IAAI,CAAC,OAAO,sBAAsB,CAAC,CAAC;gBAC/D,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;gBACjD,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,oBAAoB,aAAa,WAAW,CAAC,CAAC;gBACvF,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;gBAClD,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;gBACjD,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;gBACzC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,gBAAgB,EAAE,aAAa,CAAC,CAAC;gBAC1D,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,uBAAuB,EAAE,MAAM,CAAC,CAAC;gBAE1D,OAAO,CAAC,KAAK,CAAC,4CAA4C,CAAC,CAAC;gBAC5D,OAAO,CAAC,KAAK,CAAC,+CAA+C,CAAC,CAAC;gBAC/D,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC;gBAClC,OAAO,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;gBAElB,eAAe;gBACf,WAAW,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE;oBACzC,OAAO,CAAC,KAAK,CAAC,uCAAuC,CAAC,CAAC;gBACzD,CAAC,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;YAEH,0BAA0B;YAC1B,UAAU,CAAC,GAAG,EAAE;gBACd,MAAM,CAAC,KAAK,EAAE,CAAC;gBACf,MAAM,CAAC,IAAI,KAAK,CAAC,wBAAwB,CAAC,CAAC,CAAC;YAC9C,CAAC,EAAE,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QACpB,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,YAAY,CAAC,IAAY,EAAE,YAAoB;QAC3D,MAAM,QAAQ,GAAG,MAAM,eAAK,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,OAAO,kBAAkB,EAAE;YACnE,UAAU,EAAE,oBAAoB;YAChC,SAAS,EAAE,SAAS;YACpB,IAAI;YACJ,YAAY,EAAE,oBAAoB,aAAa,WAAW;YAC1D,aAAa,EAAE,YAAY;SAC5B,EAAE;YACD,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;aACnC;SACF,CAAC,CAAC;QAEH,OAAO,QAAQ,CAAC,IAAI,CAAC;IACvB,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,YAAY,CAAC,YAAoB;QAC7C,MAAM,QAAQ,GAAG,MAAM,eAAK,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,OAAO,kBAAkB,EAAE;YACnE,UAAU,EAAE,eAAe;YAC3B,SAAS,EAAE,SAAS;YACpB,aAAa,EAAE,YAAY;SAC5B,EAAE;YACD,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;aACnC;SACF,CAAC,CAAC;QAEH,kBAAkB;QAClB,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC;YACzB,WAAW,EAAE,QAAQ,CAAC,IAAI,CAAC,YAAY;YACvC,YAAY,EAAE,QAAQ,CAAC,IAAI,CAAC,aAAa;YACzC,SAAS,EAAE,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,QAAQ,CAAC,IAAI,CAAC,UAAU;YACnE,KAAK,EAAE,QAAQ,CAAC,IAAI,CAAC,KAAK;SAC3B,CAAC,CAAC;QAEH,OAAO,QAAQ,CAAC,IAAI,CAAC;IACvB,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,MAAM;QACV,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE,CAAC;QAE5C,IAAI,MAAM,EAAE,CAAC;YACX,IAAI,CAAC;gBACH,MAAM,eAAK,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC,OAAO,mBAAmB,EAAE;oBACnD,KAAK,EAAE,MAAM,CAAC,YAAY;oBAC1B,eAAe,EAAE,eAAe;iBACjC,CAAC,CAAC;YACL,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,kCAAkC;YACpC,CAAC;QACH,CAAC;QAED,IAAI,CAAC,UAAU,CAAC,WAAW,EAAE,CAAC;IAChC,CAAC;IAED;;OAEG;IACH,eAAe;QACb,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE,CAAC;QAC5C,OAAO,MAAM,KAAK,IAAI,CAAC;IACzB,CAAC;IAED;;OAEG;IACK,YAAY,CAAC,KAAa,EAAE,OAAe;QACjD,OAAO;;;;;;mBAMQ,KAAK;;;;;;;;;;;;+FAYuE,KAAK;4EACxB,OAAO;;;;;;;;;;KAU9E,CAAC;IACJ,CAAC;CACF;AAvQD,kCAuQC"}

package/dist/auth/token-store.d.ts

@@ -0,0 +1,41 @@
+/**
+ * Token Store
+ *
+ * Securely stores OAuth tokens on the user's local machine.
+ * Tokens are stored in ~/.reaudit/credentials.json
+ */
+interface StoredTokens {
+    accessToken: string;
+    refreshToken: string;
+    expiresAt: number;
+    scope: string;
+}
+/**
+ * Token Store class
+ */
+export declare class TokenStore {
+    private baseUrl;
+    constructor(baseUrl: string);
+    /**
+     * Save tokens to disk
+     */
+    saveTokens(tokens: StoredTokens): void;
+    /**
+     * Load tokens from disk
+     */
+    loadTokens(): StoredTokens | null;
+    /**
+     * Clear stored tokens
+     */
+    clearTokens(): void;
+    /**
+     * Check if access token is expired (with 5 minute buffer)
+     */
+    isAccessTokenExpired(): boolean;
+    /**
+     * Get the credentials file path (for display to user)
+     */
+    static getCredentialsPath(): string;
+}
+export {};
+//# sourceMappingURL=token-store.d.ts.map

package/dist/auth/token-store.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"token-store.d.ts","sourceRoot":"","sources":["../../src/auth/token-store.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAOH,UAAU,YAAY;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,MAAM,CAAC;CACf;AAuDD;;GAEG;AACH,qBAAa,UAAU;IACrB,OAAO,CAAC,OAAO,CAAS;gBAEZ,OAAO,EAAE,MAAM;IAI3B;;OAEG;IACH,UAAU,CAAC,MAAM,EAAE,YAAY,GAAG,IAAI;IAmBtC;;OAEG;IACH,UAAU,IAAI,YAAY,GAAG,IAAI;IA8BjC;;OAEG;IACH,WAAW,IAAI,IAAI;IAUnB;;OAEG;IACH,oBAAoB,IAAI,OAAO;IAQ/B;;OAEG;IACH,MAAM,CAAC,kBAAkB,IAAI,MAAM;CAGpC"}

package/dist/auth/token-store.js

@@ -0,0 +1,176 @@
+"use strict";
+/**
+ * Token Store
+ *
+ * Securely stores OAuth tokens on the user's local machine.
+ * Tokens are stored in ~/.reaudit/credentials.json
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TokenStore = void 0;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const os = __importStar(require("os"));
+const crypto = __importStar(require("crypto"));
+const CREDENTIALS_DIR = path.join(os.homedir(), '.reaudit');
+const CREDENTIALS_FILE = path.join(CREDENTIALS_DIR, 'credentials.json');
+const FILE_VERSION = 1;
+/**
+ * Ensure the credentials directory exists
+ */
+function ensureCredentialsDir() {
+    if (!fs.existsSync(CREDENTIALS_DIR)) {
+        fs.mkdirSync(CREDENTIALS_DIR, { mode: 0o700 });
+    }
+}
+/**
+ * Get a simple encryption key based on machine ID
+ * This provides basic obfuscation, not strong encryption
+ */
+function getEncryptionKey() {
+    const machineId = os.hostname() + os.userInfo().username;
+    return crypto.createHash('sha256').update(machineId).digest();
+}
+/**
+ * Simple encrypt for local storage
+ */
+function encrypt(text) {
+    const key = getEncryptionKey();
+    const iv = crypto.randomBytes(16);
+    const cipher = crypto.createCipheriv('aes-256-cbc', key, iv);
+    let encrypted = cipher.update(text, 'utf8', 'hex');
+    encrypted += cipher.final('hex');
+    return iv.toString('hex') + ':' + encrypted;
+}
+/**
+ * Simple decrypt for local storage
+ */
+function decrypt(text) {
+    const key = getEncryptionKey();
+    const [ivHex, encrypted] = text.split(':');
+    const iv = Buffer.from(ivHex, 'hex');
+    const decipher = crypto.createDecipheriv('aes-256-cbc', key, iv);
+    let decrypted = decipher.update(encrypted, 'hex', 'utf8');
+    decrypted += decipher.final('utf8');
+    return decrypted;
+}
+/**
+ * Token Store class
+ */
+class TokenStore {
+    baseUrl;
+    constructor(baseUrl) {
+        this.baseUrl = baseUrl;
+    }
+    /**
+     * Save tokens to disk
+     */
+    saveTokens(tokens) {
+        ensureCredentialsDir();
+        const data = {
+            version: FILE_VERSION,
+            tokens: {
+                accessToken: encrypt(tokens.accessToken),
+                refreshToken: encrypt(tokens.refreshToken),
+                expiresAt: tokens.expiresAt,
+                scope: tokens.scope,
+            },
+            baseUrl: this.baseUrl,
+        };
+        fs.writeFileSync(CREDENTIALS_FILE, JSON.stringify(data, null, 2), {
+            mode: 0o600,
+        });
+    }
+    /**
+     * Load tokens from disk
+     */
+    loadTokens() {
+        try {
+            if (!fs.existsSync(CREDENTIALS_FILE)) {
+                return null;
+            }
+            const content = fs.readFileSync(CREDENTIALS_FILE, 'utf8');
+            const data = JSON.parse(content);
+            // Check version and base URL
+            if (data.version !== FILE_VERSION || data.baseUrl !== this.baseUrl) {
+                return null;
+            }
+            if (!data.tokens) {
+                return null;
+            }
+            return {
+                accessToken: decrypt(data.tokens.accessToken),
+                refreshToken: decrypt(data.tokens.refreshToken),
+                expiresAt: data.tokens.expiresAt,
+                scope: data.tokens.scope,
+            };
+        }
+        catch (error) {
+            console.error('Error loading tokens:', error);
+            return null;
+        }
+    }
+    /**
+     * Clear stored tokens
+     */
+    clearTokens() {
+        try {
+            if (fs.existsSync(CREDENTIALS_FILE)) {
+                fs.unlinkSync(CREDENTIALS_FILE);
+            }
+        }
+        catch (error) {
+            console.error('Error clearing tokens:', error);
+        }
+    }
+    /**
+     * Check if access token is expired (with 5 minute buffer)
+     */
+    isAccessTokenExpired() {
+        const tokens = this.loadTokens();
+        if (!tokens)
+            return true;
+        const bufferMs = 5 * 60 * 1000; // 5 minutes
+        return Date.now() >= (tokens.expiresAt * 1000) - bufferMs;
+    }
+    /**
+     * Get the credentials file path (for display to user)
+     */
+    static getCredentialsPath() {
+        return CREDENTIALS_FILE;
+    }
+}
+exports.TokenStore = TokenStore;
+//# sourceMappingURL=token-store.js.map

package/dist/auth/token-store.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"token-store.js","sourceRoot":"","sources":["../../src/auth/token-store.ts"],"names":[],"mappings":";AAAA;;;;;GAKG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAEH,uCAAyB;AACzB,2CAA6B;AAC7B,uCAAyB;AACzB,+CAAiC;AAejC,MAAM,eAAe,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,UAAU,CAAC,CAAC;AAC5D,MAAM,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,kBAAkB,CAAC,CAAC;AACxE,MAAM,YAAY,GAAG,CAAC,CAAC;AAEvB;;GAEG;AACH,SAAS,oBAAoB;IAC3B,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,eAAe,CAAC,EAAE,CAAC;QACpC,EAAE,CAAC,SAAS,CAAC,eAAe,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACjD,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,SAAS,gBAAgB;IACvB,MAAM,SAAS,GAAG,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC;IACzD,OAAO,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,EAAE,CAAC;AAChE,CAAC;AAED;;GAEG;AACH,SAAS,OAAO,CAAC,IAAY;IAC3B,MAAM,GAAG,GAAG,gBAAgB,EAAE,CAAC;IAC/B,MAAM,EAAE,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC;IAClC,MAAM,MAAM,GAAG,MAAM,CAAC,cAAc,CAAC,aAAa,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;IAC7D,IAAI,SAAS,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;IACnD,SAAS,IAAI,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IACjC,OAAO,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,GAAG,GAAG,SAAS,CAAC;AAC9C,CAAC;AAED;;GAEG;AACH,SAAS,OAAO,CAAC,IAAY;IAC3B,MAAM,GAAG,GAAG,gBAAgB,EAAE,CAAC;IAC/B,MAAM,CAAC,KAAK,EAAE,SAAS,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC3C,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;IACrC,MAAM,QAAQ,GAAG,MAAM,CAAC,gBAAgB,CAAC,aAAa,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;IACjE,IAAI,SAAS,GAAG,QAAQ,CAAC,MAAM,CAAC,SAAS,EAAE,KAAK,EAAE,MAAM,CAAC,CAAC;IAC1D,SAAS,IAAI,QAAQ,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IACpC,OAAO,SAAS,CAAC;AACnB,CAAC;AAED;;GAEG;AACH,MAAa,UAAU;IACb,OAAO,CAAS;IAExB,YAAY,OAAe;QACzB,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IACzB,CAAC;IAED;;OAEG;IACH,UAAU,CAAC,MAAoB;QAC7B,oBAAoB,EAAE,CAAC;QAEvB,MAAM,IAAI,GAAc;YACtB,OAAO,EAAE,YAAY;YACrB,MAAM,EAAE;gBACN,WAAW,EAAE,OAAO,CAAC,MAAM,CAAC,WAAW,CAAC;gBACxC,YAAY,EAAE,OAAO,CAAC,MAAM,CAAC,YAAY,CAAC;gBAC1C,SAAS,EAAE,MAAM,CAAC,SAAS;gBAC3B,KAAK,EAAE,MAAM,CAAC,KAAK;aACpB;YACD,OAAO,EAAE,IAAI,CAAC,OAAO;SACtB,CAAC;QAEF,EAAE,CAAC,aAAa,CAAC,gBAAgB,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE;YAChE,IAAI,EAAE,KAAK;SACZ,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,UAAU;QACR,IAAI,CAAC;YACH,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,gBAAgB,CAAC,EAAE,CAAC;gBACrC,OAAO,IAAI,CAAC;YACd,CAAC;YAED,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,gBAAgB,EAAE,MAAM,CAAC,CAAC;YAC1D,MAAM,IAAI,GAAc,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YAE5C,6BAA6B;YAC7B,IAAI,IAAI,CAAC,OAAO,KAAK,YAAY,IAAI,IAAI,CAAC,OAAO,KAAK,IAAI,CAAC,OAAO,EAAE,CAAC;gBACnE,OAAO,IAAI,CAAC;YACd,CAAC;YAED,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;gBACjB,OAAO,IAAI,CAAC;YACd,CAAC;YAED,OAAO;gBACL,WAAW,EAAE,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,WAAW,CAAC;gBAC7C,YAAY,EAAE,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC;gBAC/C,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS;gBAChC,KAAK,EAAE,IAAI,CAAC,MAAM,CAAC,KAAK;aACzB,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,uBAAuB,EAAE,KAAK,CAAC,CAAC;YAC9C,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED;;OAEG;IACH,WAAW;QACT,IAAI,CAAC;YACH,IAAI,EAAE,CAAC,UAAU,CAAC,gBAAgB,CAAC,EAAE,CAAC;gBACpC,EAAE,CAAC,UAAU,CAAC,gBAAgB,CAAC,CAAC;YAClC,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,wBAAwB,EAAE,KAAK,CAAC,CAAC;QACjD,CAAC;IACH,CAAC;IAED;;OAEG;IACH,oBAAoB;QAClB,MAAM,MAAM,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;QACjC,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC;QAEzB,MAAM,QAAQ,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,YAAY;QAC5C,OAAO,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,MAAM,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,QAAQ,CAAC;IAC5D,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,kBAAkB;QACvB,OAAO,gBAAgB,CAAC;IAC1B,CAAC;CACF;AA5FD,gCA4FC"}

package/dist/index.d.ts

@@ -0,0 +1,11 @@
+#!/usr/bin/env node
+/**
+ * Reaudit MCP Server
+ *
+ * Model Context Protocol server for accessing Reaudit AI Visibility Platform
+ * from AI assistants like Claude Desktop and Cursor.
+ *
+ * @see https://reaudit.io/docs/mcp
+ */
+export {};
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA;;;;;;;GAOG"}