npm - @rubytech/create-maxy - Versions diffs - 1.0.763 → 1.0.765 - Mend

@rubytech/create-maxy 1.0.763 → 1.0.765

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (88) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@rubytech/create-maxy",
-  "version": "1.0.763",
+  "version": "1.0.765",
   "description": "Install Maxy — AI for Productive People",
   "bin": {
     "create-maxy": "./dist/index.js"

package/payload/platform/package-lock.json CHANGED Viewed

@@ -207,6 +207,10 @@
       "resolved": "plugins/telegram/mcp",
       "link": true
     },
+    "node_modules/@maxy/outlook": {
+      "resolved": "plugins/outlook/mcp",
+      "link": true
+    },
     "node_modules/@maxy/replicate": {
       "resolved": "plugins/replicate/mcp",
       "link": true
@@ -231,6 +235,33 @@
       "resolved": "plugins/workflows/mcp",
       "link": true
     },
+    "node_modules/@microsoft/microsoft-graph-client": {
+      "version": "3.0.7",
+      "resolved": "https://registry.npmjs.org/@microsoft/microsoft-graph-client/-/microsoft-graph-client-3.0.7.tgz",
+      "integrity": "sha512-/AazAV/F+HK4LIywF9C+NYHcJo038zEnWkteilcxC1FM/uK/4NVGDKGrxx7nNq1ybspAroRKT4I1FHfxQzxkUw==",
+      "license": "MIT",
+      "dependencies": {
+        "@babel/runtime": "^7.12.5",
+        "tslib": "^2.2.0"
+      },
+      "engines": {
+        "node": ">=12.0.0"
+      },
+      "peerDependenciesMeta": {
+        "@azure/identity": {
+          "optional": true
+        },
+        "@azure/msal-browser": {
+          "optional": true
+        },
+        "buffer": {
+          "optional": true
+        },
+        "stream-browserify": {
+          "optional": true
+        }
+      }
+    },
     "node_modules/@modelcontextprotocol/sdk": {
       "version": "1.27.1",
       "resolved": "https://registry.npmjs.org/@modelcontextprotocol/sdk/-/sdk-1.27.1.tgz",
@@ -3485,11 +3516,34 @@
         "@modelcontextprotocol/sdk": "^1.12.1",
         "neo4j-driver": "^5.28.1"
       },
+      "devDependencies": {
+        "@types/node": "^22.0.0",
+        "typescript": "^5.7.0",
+        "vitest": "^4.1.2"
+      }
+    },
+    "plugins/outlook/mcp": {
+      "name": "@maxy/outlook",
+      "version": "0.1.0",
+      "dependencies": {
+        "@microsoft/microsoft-graph-client": "^3.0.7",
+        "@modelcontextprotocol/sdk": "^1.12.1",
+        "zod": "^3.24.0"
+      },
       "devDependencies": {
         "@types/node": "^22.0.0",
         "typescript": "^5.7.0"
       }
     },
+    "plugins/outlook/mcp/node_modules/zod": {
+      "version": "3.25.76",
+      "resolved": "https://registry.npmjs.org/zod/-/zod-3.25.76.tgz",
+      "integrity": "sha512-gzUt/qt81nXsFGKIFcC3YnfEAx5NkunCfnDlvuBSSFS02bcXu4Lmea0AFIUwbLWxWPx3d9p8S5QoaujKcNQxcQ==",
+      "license": "MIT",
+      "funding": {
+        "url": "https://github.com/sponsors/colinhacks"
+      }
+    },
     "plugins/replicate/mcp": {
       "name": "@maxy/replicate",
       "version": "0.1.0",
@@ -3524,7 +3578,8 @@
       },
       "devDependencies": {
         "@types/node": "^22.0.0",
-        "typescript": "^5.7.0"
+        "typescript": "^5.7.0",
+        "vitest": "^4.1.2"
       }
     },
     "plugins/scheduling/mcp/node_modules/zod": {

package/payload/platform/package.json CHANGED Viewed

@@ -15,6 +15,7 @@
     "build:cloudflare": "tsc -p plugins/cloudflare/mcp/tsconfig.json",
     "build:tasks": "tsc -p plugins/tasks/mcp/tsconfig.json",
     "build:email": "tsc -p plugins/email/mcp/tsconfig.json",
+    "build:outlook": "tsc -p plugins/outlook/mcp/tsconfig.json",
     "build:workflows": "tsc -p plugins/workflows/mcp/tsconfig.json",
     "build:stubs": "tsc -p plugins/scheduling/mcp/tsconfig.json",
     "build:replicate": "tsc -p plugins/replicate/mcp/tsconfig.json"

package/payload/platform/plugins/docs/references/outlook-guide.md ADDED Viewed

@@ -0,0 +1,69 @@
+# Outlook Plugin — Operator Guide
+The `outlook` plugin gives the admin agent read-only access to Microsoft 365 / Outlook.com via Microsoft Graph. Per-account OAuth (Auth Code + PKCE), encrypted token storage, automatic refresh.
+## Quickstart
+1. **Register an Entra app once per Maxy install** — see `platform/plugins/outlook/references/auth.md` for full steps. Set `OUTLOOK_CLIENT_ID` (and `OUTLOOK_TENANT_ID`, default `common`) in the operator's environment.
+2. **Per account: register the Outlook account** — in admin chat, ask the agent to "register my Outlook account". The agent runs `outlook-account-register`, which prints an authorization URL.
+3. **Open the URL in the VNC browser** — sign in to your Microsoft account, consent to the requested scopes (`offline_access`, `User.Read`, `Mail.Read`, `Calendars.Read`, `Contacts.Read`).
+4. **Done.** Subsequent tool calls (mail, calendar, contacts) use the persisted refresh token transparently.
+## Tools
+| Tool | Purpose |
+|------|---------|
+| `outlook-account-register` | Run the PKCE flow for this account. One-time per account; re-run if tokens expire (90 days) or consent is revoked. |
+| `outlook-mail-list` | Recent mail. Default top=25, folder=Inbox. |
+| `outlook-mail-search` | Microsoft Graph `$search` over the mailbox. |
+| `outlook-calendar-list` | Calendar events in next rangeDays days (default 7, max 365). |
+| `outlook-calendar-event` | Full detail of a single event by id. |
+| `outlook-contacts-list` | Top contacts. Default top=50. |
+| `outlook-mailbox-info` | Health probe — auth state, refresh-window, folder count. |
+## Observability
+All log lines start with `[outlook-mcp]` and write to `server.log`. They are key=value, account-scoped:
+| Event | Line shape |
+|-------|------------|
+| Auth init | `auth-init account=<id> codeChallenge=<sha256-prefix-8> redirectPath=<callback-path>` |
+| Auth callback | `auth-callback account=<id> elapsedMs=<N>` |
+| Auth ok | `auth-ok account=<id> graphUserId=<id> scopes=<csv> tokenExpSec=<N>` |
+| Token refreshed | `token-refreshed account=<id> oldExpSec=<N> newExpSec=<N>` |
+| Refresh failed | `token-refresh-failed account=<id> reason=<err>` (terminal) |
+| Mail list | `mail-list account=<id> folder=<id-or-Inbox> count=<N> elapsedMs=<N>` |
+| Mail search | `mail-search account=<id> query=<trunc-32> count=<N> elapsedMs=<N>` |
+| Calendar list | `calendar-list account=<id> rangeDays=<N> count=<N> elapsedMs=<N>` |
+| Calendar event | `calendar-event account=<id> eventId=<trunc-12> elapsedMs=<N>` |
+| Contacts list | `contacts-list account=<id> count=<N> elapsedMs=<N>` |
+| Mailbox info | `mailbox-info account=<id> tokenWithinRefreshWindow=<bool> folderCount=<N>` |
+| Graph error | `graph-error account=<id> status=<N> code=<graphErrorCode> retryAfterMs=<N-or-null>` |
+| On-prem rejected | `on-prem-rejected account=<id> mailServer=<host>` (terminal) |
+## Diagnostic paths
+```bash
+# All outlook lines for one account, last 50
+ssh laptop 'grep -E "^\[outlook-mcp\]" ~/.maxy/logs/server.log | grep "account=<id>" | tail -50'
+# Token-leak audit — must always return zero
+grep -rn -iE "Bearer |access_token=" ~/.maxy/logs/server.log | head
+```
+Latency triage: `mail-list count=0 elapsedMs<200` consistent → permissions issue; `elapsedMs > 5000` → Graph slowness or DNS.
+## Failure modes
+| Operator-visible message | Cause | Fix |
+|---|---|---|
+| `Outlook not connected for account=X; run outlook-account-register` | Tokens never saved | Run register tool |
+| `Outlook refresh token expired for account=X; run outlook-account-register` | >90 days since last refresh, or consent revoked | Run register tool |
+| `Outlook token refresh failed for account=X; re-auth required` | Network down at refresh time, or refresh token invalidated | Verify network; re-register |
+| `Outlook auth expired for account=X; run outlook-account-register` | Refresh-then-retry still got 401 | Re-register |
+| `Outlook rate-limited without Retry-After hint` | Graph 429 with no backoff guidance | Wait + retry; if persistent, file bug |
+| `Microsoft Graph does not support on-premises Exchange. Use Task 769 (IMAP).` | Mailbox is on hybrid Exchange | Use the `email` plugin |
+## Out of scope
+Write tools (send, draft, move, flag), OneDrive / Files, push notifications, on-premises Exchange, M365 admin scopes (`User.Read.All`, `AuditLog.Read.All`), public-agent exposure, multi-tenant federation. See `platform/plugins/outlook/PLUGIN.md` for the full out-of-scope list.

package/payload/platform/plugins/docs/references/platform.md CHANGED Viewed

@@ -65,7 +65,7 @@ There is no dashboard, no settings panel, no menus. Everything is done through c
 The chat input auto-grows as you type — it expands to fit your message and shrinks back when you delete text. You can also drag the resize handle above the input to set a custom height.
-The admin interface is a three-pane layout: a sidebar on the left with your brand mark, navigation (Chat, Projects, Artefacts), and your recent conversations; the chat in the middle; and an artefact pane on the right that opens when you select a document or open Browser, Data, or Graph from the menu — holding the surface side-by-side with the conversation so the chat stays live while you work in it. The sidebar's nav rows swap the list view in place — Chat shows recent conversations, Projects shows your active work projects, and Artefacts lists every document the agent has created or ingested. Click an artefact row to open it in the right pane. The chat / artefact divider is drag-resizable — drag the line between the columns to make either side wider; double-click it to reset. Your chosen width is remembered across reloads. On wider screens (>1280px) all three panes are visible. The sidebar narrows at 1280px, the artefact pane hides at 1080px (Browser, Data, and Graph then open as full-window pages instead), and the sidebar collapses to a 56px icon rail at 820px. On phones (<640px) the sidebar slides in as a drawer from the left when you tap the menu icon in the chat header.
+The admin interface is a three-pane layout: a sidebar on the left with your brand mark, navigation (Chat, Projects, Artefacts), and your recent conversations; the chat in the middle; and an artefact pane on the right that opens when you select a document, click a project, or open Browser, Data, or Graph from the menu — holding the surface side-by-side with the conversation so the chat stays live while you work in it. The sidebar's nav rows swap the list view in place — Chat shows recent conversations, Projects shows your active work projects, and Artefacts lists every KnowledgeDocument plus this account's agent templates (your admin agent's IDENTITY, SOUL, and KNOWLEDGE files plus one entry per enabled specialist), all rendered read-only. Click an artefact row to open the document; click a project row to open the Graph view focused on that project's neighbourhood — clicking a second project swaps the focus rather than stacking on top. The chat / artefact divider is drag-resizable — drag the line between the columns to make either side wider; double-click it to reset to half of the available width (viewport minus sidebar), clamped to the chat / artefact min-width floors. Your chosen width is remembered across reloads. On wider screens (>1280px) all three panes are visible. The sidebar narrows at 1280px, the artefact pane hides at 1080px (Browser, Data, and Graph then open as full-window pages instead), and the sidebar collapses to a 56px icon rail at 820px. On phones (<640px) the sidebar slides in as a drawer from the left when you tap the menu icon in the chat header.
 Page titles are brand-aware: the browser tab shows your product name (e.g. `Real Agent` instead of `Maxy`) on every shell — chat, graph, and data — so a non-default brand never leaks the default name in tab strips or browser history.

package/payload/platform/plugins/outlook/PLUGIN.md ADDED Viewed

@@ -0,0 +1,48 @@
+---
+name: outlook
+description: Microsoft 365 / Outlook.com via Microsoft Graph (read-only first cut). Per-account OAuth Auth Code + PKCE; no client secret. Tools — outlook-account-register: PKCE register; outlook-mail-list / outlook-mail-search: inbox; outlook-calendar-list / outlook-calendar-event: calendar; outlook-contacts-list: contacts; outlook-mailbox-info: auth state + folder count.
+tools:
+  - outlook-account-register
+  - outlook-mail-list
+  - outlook-mail-search
+  - outlook-calendar-list
+  - outlook-calendar-event
+  - outlook-contacts-list
+  - outlook-mailbox-info
+always: false
+embed: ["admin"]
+metadata: {"platform":{"optional":true}}
+---
+# Outlook
+Read-only Microsoft Graph access for Outlook.com / Microsoft 365 mailboxes. Admin agent only — public agent surface is explicitly excluded.
+## Capabilities
+- **Register:** `outlook-account-register` — initiates OAuth Auth Code + PKCE flow against the operator's Entra app. Returns an authorization URL the operator opens in the VNC browser to consent. Tokens persist per-account, encrypted on disk (AES-256-CBC).
+- **Mail (read-only):** `outlook-mail-list` returns recent messages; `outlook-mail-search` runs a Graph `$search` query.
+- **Calendar (read-only):** `outlook-calendar-list` returns events in a future range; `outlook-calendar-event` returns a single event with full body + attendees.
+- **Contacts (read-only):** `outlook-contacts-list` returns contacts.
+- **Health:** `outlook-mailbox-info` reports auth state, refresh-window status, and top-level folder count. Use this to answer "did account X auth?" without grepping logs.
+## Out of scope
+- Send / draft / move / flag — write surfaces are deferred to a follow-up task.
+- OneDrive, Files, Sites — separate plugin; different endpoints.
+- Push notifications via `/subscriptions` — first cut polls.
+- On-premises Exchange — Microsoft Graph deprecated hybrid REST 2023-07. The plugin detects on-prem mailboxes and routes the operator to the IMAP path (`email` plugin).
+- M365 admin scopes (`User.Read.All`, `AuditLog.Read.All`) — separate plugin.
+## References
+| Reference | Topics |
+|-----------|--------|
+| [auth.md](references/auth.md) | Entra app registration, PKCE flow, vendored upstream SHA, re-vendor procedure |
+| [graph-surfaces.md](references/graph-surfaces.md) | Graph endpoint and response shape per tool |
+## Skills
+| Skill | Purpose |
+|-------|---------|
+| [outlook](skills/outlook/SKILL.md) | When to activate; how to register a new Outlook account |

package/payload/platform/plugins/outlook/mcp/dist/__tests__/graph-client.test.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export {};
2	+ //# sourceMappingURL=graph-client.test.d.ts.map

package/payload/platform/plugins/outlook/mcp/dist/__tests__/graph-client.test.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"graph-client.test.d.ts","sourceRoot":"","sources":["../../src/__tests__/graph-client.test.ts"],"names":[],"mappings":""}

package/payload/platform/plugins/outlook/mcp/dist/__tests__/graph-client.test.js ADDED Viewed

@@ -0,0 +1,94 @@
+import test from "node:test";
+import assert from "node:assert/strict";
+import { classifyGraphError } from "../lib/graph-client.js";
+test("classifyGraphError 401 → auth", () => {
+    const cls = classifyGraphError({
+        statusCode: 401,
+        code: "InvalidAuthenticationToken",
+        body: '{"error":{"code":"InvalidAuthenticationToken"}}',
+    });
+    assert.equal(cls.kind, "auth");
+    assert.equal(cls.statusCode, 401);
+});
+test("classifyGraphError 429 with Retry-After → rate-limit-recoverable", () => {
+    const cls = classifyGraphError({
+        statusCode: 429,
+        headers: { "Retry-After": "30" },
+    });
+    assert.equal(cls.kind, "rate-limit-recoverable");
+    if (cls.kind === "rate-limit-recoverable") {
+        assert.equal(cls.retryAfterMs, 30000);
+    }
+});
+test("classifyGraphError 429 lowercase Retry-After header still parsed", () => {
+    const cls = classifyGraphError({
+        statusCode: 429,
+        headers: { "retry-after": "5" },
+    });
+    assert.equal(cls.kind, "rate-limit-recoverable");
+    if (cls.kind === "rate-limit-recoverable") {
+        assert.equal(cls.retryAfterMs, 5000);
+    }
+});
+test("classifyGraphError 429 without Retry-After → rate-limit-terminal", () => {
+    const cls = classifyGraphError({
+        statusCode: 429,
+        headers: {},
+    });
+    assert.equal(cls.kind, "rate-limit-terminal");
+});
+test("classifyGraphError 503 + MailboxNotEnabledForRESTAPI → on-prem", () => {
+    const cls = classifyGraphError({
+        statusCode: 503,
+        code: "MailboxNotEnabledForRESTAPI",
+        body: '{"error":{"code":"MailboxNotEnabledForRESTAPI","message":"REST API is not yet supported for this mailbox."}}',
+        headers: { "x-mailbox-server": "ex2019.acme.local" },
+    });
+    assert.equal(cls.kind, "on-prem");
+    if (cls.kind === "on-prem") {
+        assert.equal(cls.statusCode, 503);
+        assert.equal(cls.mailServer, "ex2019.acme.local");
+    }
+});
+test("classifyGraphError 503 without MailboxNotEnabledForRESTAPI → 5xx (NOT on-prem)", () => {
+    // Critical: on-prem detection keys off the structured code field, not body
+    // prose. A generic 503 must NOT be misclassified as on-prem.
+    const cls = classifyGraphError({
+        statusCode: 503,
+        code: "ServiceUnavailable",
+        body: '{"error":{"code":"ServiceUnavailable","message":"REST API on-premises mailboxes are temporarily unavailable for everyone, somehow"}}',
+    });
+    assert.equal(cls.kind, "5xx", "must not infer on-prem from prose body");
+});
+test("classifyGraphError parses code from body when not on top-level", () => {
+    const cls = classifyGraphError({
+        statusCode: 503,
+        body: '{"error":{"code":"MailboxNotEnabledForRESTAPI","message":"foo"}}',
+    });
+    assert.equal(cls.kind, "on-prem");
+});
+test("classifyGraphError 500 → 5xx", () => {
+    const cls = classifyGraphError({ statusCode: 500, code: "InternalServerError" });
+    assert.equal(cls.kind, "5xx");
+});
+test("classifyGraphError 404 → other", () => {
+    const cls = classifyGraphError({ statusCode: 404, code: "ItemNotFound" });
+    assert.equal(cls.kind, "other");
+    if (cls.kind === "other") {
+        assert.equal(cls.statusCode, 404);
+        assert.equal(cls.code, "ItemNotFound");
+    }
+});
+test("classifyGraphError reads Retry-After via fetch-style response.headers.get", () => {
+    const cls = classifyGraphError({
+        statusCode: 429,
+        response: {
+            headers: { get: (h) => (h.toLowerCase() === "retry-after" ? "10" : null) },
+        },
+    });
+    assert.equal(cls.kind, "rate-limit-recoverable");
+    if (cls.kind === "rate-limit-recoverable") {
+        assert.equal(cls.retryAfterMs, 10000);
+    }
+});
+//# sourceMappingURL=graph-client.test.js.map

package/payload/platform/plugins/outlook/mcp/dist/__tests__/graph-client.test.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"graph-client.test.js","sourceRoot":"","sources":["../../src/__tests__/graph-client.test.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,MAAM,MAAM,oBAAoB,CAAC;AACxC,OAAO,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAC;AAE5D,IAAI,CAAC,+BAA+B,EAAE,GAAG,EAAE;IACzC,MAAM,GAAG,GAAG,kBAAkB,CAAC;QAC7B,UAAU,EAAE,GAAG;QACf,IAAI,EAAE,4BAA4B;QAClC,IAAI,EAAE,iDAAiD;KACxD,CAAC,CAAC;IACH,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;IAC/B,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;AACpC,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,kEAAkE,EAAE,GAAG,EAAE;IAC5E,MAAM,GAAG,GAAG,kBAAkB,CAAC;QAC7B,UAAU,EAAE,GAAG;QACf,OAAO,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE;KACjC,CAAC,CAAC;IACH,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,wBAAwB,CAAC,CAAC;IACjD,IAAI,GAAG,CAAC,IAAI,KAAK,wBAAwB,EAAE,CAAC;QAC1C,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC;IACxC,CAAC;AACH,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,kEAAkE,EAAE,GAAG,EAAE;IAC5E,MAAM,GAAG,GAAG,kBAAkB,CAAC;QAC7B,UAAU,EAAE,GAAG;QACf,OAAO,EAAE,EAAE,aAAa,EAAE,GAAG,EAAE;KAChC,CAAC,CAAC;IACH,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,wBAAwB,CAAC,CAAC;IACjD,IAAI,GAAG,CAAC,IAAI,KAAK,wBAAwB,EAAE,CAAC;QAC1C,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,YAAY,EAAE,IAAI,CAAC,CAAC;IACvC,CAAC;AACH,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,kEAAkE,EAAE,GAAG,EAAE;IAC5E,MAAM,GAAG,GAAG,kBAAkB,CAAC;QAC7B,UAAU,EAAE,GAAG;QACf,OAAO,EAAE,EAAE;KACZ,CAAC,CAAC;IACH,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,qBAAqB,CAAC,CAAC;AAChD,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,gEAAgE,EAAE,GAAG,EAAE;IAC1E,MAAM,GAAG,GAAG,kBAAkB,CAAC;QAC7B,UAAU,EAAE,GAAG;QACf,IAAI,EAAE,6BAA6B;QACnC,IAAI,EAAE,8GAA8G;QACpH,OAAO,EAAE,EAAE,kBAAkB,EAAE,mBAAmB,EAAE;KACrD,CAAC,CAAC;IACH,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;IAClC,IAAI,GAAG,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;QAC3B,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;QAClC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,UAAU,EAAE,mBAAmB,CAAC,CAAC;IACpD,CAAC;AACH,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,gFAAgF,EAAE,GAAG,EAAE;IAC1F,2EAA2E;IAC3E,6DAA6D;IAC7D,MAAM,GAAG,GAAG,kBAAkB,CAAC;QAC7B,UAAU,EAAE,GAAG;QACf,IAAI,EAAE,oBAAoB;QAC1B,IAAI,EAAE,sIAAsI;KAC7I,CAAC,CAAC;IACH,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,KAAK,EAAE,wCAAwC,CAAC,CAAC;AAC1E,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,gEAAgE,EAAE,GAAG,EAAE;IAC1E,MAAM,GAAG,GAAG,kBAAkB,CAAC;QAC7B,UAAU,EAAE,GAAG;QACf,IAAI,EAAE,kEAAkE;KACzE,CAAC,CAAC;IACH,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;AACpC,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,8BAA8B,EAAE,GAAG,EAAE;IACxC,MAAM,GAAG,GAAG,kBAAkB,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,IAAI,EAAE,qBAAqB,EAAE,CAAC,CAAC;IACjF,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;AAChC,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,gCAAgC,EAAE,GAAG,EAAE;IAC1C,MAAM,GAAG,GAAG,kBAAkB,CAAC,EAAE,UAAU,EAAE,GAAG,EAAE,IAAI,EAAE,cAAc,EAAE,CAAC,CAAC;IAC1E,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;IAChC,IAAI,GAAG,CAAC,IAAI,KAAK,OAAO,EAAE,CAAC;QACzB,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,UAAU,EAAE,GAAG,CAAC,CAAC;QAClC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC;IACzC,CAAC;AACH,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,2EAA2E,EAAE,GAAG,EAAE;IACrF,MAAM,GAAG,GAAG,kBAAkB,CAAC;QAC7B,UAAU,EAAE,GAAG;QACf,QAAQ,EAAE;YACR,OAAO,EAAE,EAAE,GAAG,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,WAAW,EAAE,KAAK,aAAa,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE;SACnF;KACF,CAAC,CAAC;IACH,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,EAAE,wBAAwB,CAAC,CAAC;IACjD,IAAI,GAAG,CAAC,IAAI,KAAK,wBAAwB,EAAE,CAAC;QAC1C,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC;IACxC,CAAC;AACH,CAAC,CAAC,CAAC"}

package/payload/platform/plugins/outlook/mcp/dist/__tests__/log.test.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export {};
2	+ //# sourceMappingURL=log.test.d.ts.map

package/payload/platform/plugins/outlook/mcp/dist/__tests__/log.test.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"log.test.d.ts","sourceRoot":"","sources":["../../src/__tests__/log.test.ts"],"names":[],"mappings":""}

package/payload/platform/plugins/outlook/mcp/dist/__tests__/log.test.js ADDED Viewed

@@ -0,0 +1,31 @@
+import test from "node:test";
+import assert from "node:assert/strict";
+import { redact, trunc } from "../lib/log.js";
+test("redact masks Bearer tokens", () => {
+    const input = "Authorization: Bearer eyJhbGciOiJIUzI1NiJ9.payload.signature";
+    assert.match(redact(input), /Bearer <REDACTED>/);
+    assert.doesNotMatch(redact(input), /eyJhbGciOiJIUzI1NiJ9/);
+});
+test("redact masks access_token query strings", () => {
+    const input = "https://login.microsoftonline.com/cb?access_token=abc123_secret&state=xyz";
+    const out = redact(input);
+    assert.match(out, /access_token=<REDACTED>/);
+    assert.doesNotMatch(out, /abc123_secret/);
+    // Other query params survive.
+    assert.match(out, /state=xyz/);
+});
+test("redact is a no-op on safe text", () => {
+    assert.equal(redact("user logged in account=abc count=5"), "user logged in account=abc count=5");
+});
+test("redact handles multiple Bearer tokens in one string", () => {
+    const input = "first Bearer aaaaa second Bearer bbbbb";
+    const out = redact(input);
+    assert.match(out, /first Bearer <REDACTED> second Bearer <REDACTED>/);
+});
+test("trunc preserves short values verbatim", () => {
+    assert.equal(trunc("short", 10), "short");
+});
+test("trunc shortens long values with ellipsis", () => {
+    assert.equal(trunc("abcdefghijklmnop", 10), "abcdefghi…");
+});
+//# sourceMappingURL=log.test.js.map

package/payload/platform/plugins/outlook/mcp/dist/__tests__/log.test.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"log.test.js","sourceRoot":"","sources":["../../src/__tests__/log.test.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,MAAM,MAAM,oBAAoB,CAAC;AACxC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,eAAe,CAAC;AAE9C,IAAI,CAAC,4BAA4B,EAAE,GAAG,EAAE;IACtC,MAAM,KAAK,GAAG,8DAA8D,CAAC;IAC7E,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,mBAAmB,CAAC,CAAC;IACjD,MAAM,CAAC,YAAY,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,sBAAsB,CAAC,CAAC;AAC7D,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,yCAAyC,EAAE,GAAG,EAAE;IACnD,MAAM,KAAK,GAAG,2EAA2E,CAAC;IAC1F,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;IAC1B,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,yBAAyB,CAAC,CAAC;IAC7C,MAAM,CAAC,YAAY,CAAC,GAAG,EAAE,eAAe,CAAC,CAAC;IAC1C,8BAA8B;IAC9B,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;AACjC,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,gCAAgC,EAAE,GAAG,EAAE;IAC1C,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,oCAAoC,CAAC,EAAE,oCAAoC,CAAC,CAAC;AACnG,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,qDAAqD,EAAE,GAAG,EAAE;IAC/D,MAAM,KAAK,GAAG,wCAAwC,CAAC;IACvD,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;IAC1B,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,kDAAkD,CAAC,CAAC;AACxE,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,uCAAuC,EAAE,GAAG,EAAE;IACjD,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,OAAO,EAAE,EAAE,CAAC,EAAE,OAAO,CAAC,CAAC;AAC5C,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,0CAA0C,EAAE,GAAG,EAAE;IACpD,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,kBAAkB,EAAE,EAAE,CAAC,EAAE,YAAY,CAAC,CAAC;AAC5D,CAAC,CAAC,CAAC"}

package/payload/platform/plugins/outlook/mcp/dist/__tests__/pkce-flow.test.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export {};
2	+ //# sourceMappingURL=pkce-flow.test.d.ts.map

package/payload/platform/plugins/outlook/mcp/dist/__tests__/pkce-flow.test.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"pkce-flow.test.d.ts","sourceRoot":"","sources":["../../src/__tests__/pkce-flow.test.ts"],"names":[],"mappings":""}

package/payload/platform/plugins/outlook/mcp/dist/__tests__/pkce-flow.test.js ADDED Viewed

@@ -0,0 +1,213 @@
+import test from "node:test";
+import assert from "node:assert/strict";
+import { _internals, startPkceFlow } from "../auth/pkce-flow.js";
+const { sameLengthEqual } = _internals;
+// ---------------------------------------------------------------------------
+// sameLengthEqual: timing-safe state comparison
+// ---------------------------------------------------------------------------
+test("sameLengthEqual matches identical strings", () => {
+    assert.equal(sameLengthEqual("abcdef0123456789", "abcdef0123456789"), true);
+});
+test("sameLengthEqual rejects different equal-length strings", () => {
+    assert.equal(sameLengthEqual("abcdef0123456789", "abcdef0123456780"), false);
+});
+test("sameLengthEqual rejects length mismatch without throwing", () => {
+    assert.equal(sameLengthEqual("short", "longerstring"), false);
+});
+function mockFetch(handler) {
+    const calls = [];
+    const original = globalThis.fetch;
+    globalThis.fetch = (async (url, init) => {
+        const urlStr = typeof url === "string" ? url : url instanceof URL ? url.toString() : url.url;
+        // Pass loopback callbacks through to the real fetch — only the upstream
+        // token endpoint is intercepted. Otherwise the test's own callback
+        // request would loop back into the mock and never reach the bound server.
+        if (urlStr.startsWith("http://127.0.0.1:") || urlStr.startsWith("http://localhost:")) {
+            return original(url, init);
+        }
+        calls.push({ url: urlStr, init });
+        return handler(urlStr, init);
+    });
+    return {
+        calls,
+        restore: () => {
+            globalThis.fetch = original;
+        },
+    };
+}
+function tokenSuccess() {
+    return new Response(JSON.stringify({
+        access_token: "test-access",
+        refresh_token: "test-refresh",
+        expires_in: 3600,
+        token_type: "Bearer",
+        scope: "offline_access User.Read Mail.Read Calendars.Read Contacts.Read",
+    }), { status: 200, headers: { "Content-Type": "application/json" } });
+}
+function extractStateFromAuthUrl(authUrl) {
+    const url = new URL(authUrl);
+    const state = url.searchParams.get("state");
+    assert.ok(state, "auth URL must include state param");
+    return state;
+}
+function extractRedirectUriPort(redirectUri) {
+    const url = new URL(redirectUri);
+    return Number(url.port);
+}
+test("PKCE happy path: state matches → tokens exchanged", async () => {
+    const fetchMock = mockFetch(() => tokenSuccess());
+    try {
+        const flow = await startPkceFlow({
+            clientId: "test-client",
+            tenantId: "common",
+            accountId: "acct-pkce-1",
+        });
+        const state = extractStateFromAuthUrl(flow.authUrl);
+        const port = extractRedirectUriPort(flow.redirectUri);
+        // Drive the callback synthetically, as Microsoft would after consent.
+        const callbackResp = await fetch(`http://127.0.0.1:${port}/callback?code=fake-code&state=${state}`);
+        assert.equal(callbackResp.status, 200);
+        const result = await flow.result;
+        assert.equal(result.tokenResponse.access_token, "test-access");
+        assert.equal(result.tokenResponse.refresh_token, "test-refresh");
+        assert.deepEqual(result.scopes.sort(), [
+            "Calendars.Read",
+            "Contacts.Read",
+            "Mail.Read",
+            "User.Read",
+            "offline_access",
+        ].sort());
+        // Token endpoint was called with code + verifier + redirect_uri.
+        assert.equal(fetchMock.calls.length, 1);
+        const body = String(fetchMock.calls[0].init?.body ?? "");
+        assert.match(body, /code=fake-code/);
+        assert.match(body, /code_verifier=/);
+        assert.match(body, /grant_type=authorization_code/);
+    }
+    finally {
+        fetchMock.restore();
+    }
+});
+test("PKCE state mismatch → flow rejects, token endpoint NOT called", async () => {
+    const fetchMock = mockFetch(() => {
+        throw new Error("token endpoint should not be called on state mismatch");
+    });
+    try {
+        const flow = await startPkceFlow({
+            clientId: "test-client",
+            tenantId: "common",
+            accountId: "acct-pkce-2",
+        });
+        // Subscribe BEFORE driving the callback — otherwise the rejection lands
+        // before any handler is attached and Node flags it as unhandled.
+        const rejection = assert.rejects(flow.result, /State mismatch/i);
+        const port = extractRedirectUriPort(flow.redirectUri);
+        const cbResp = await fetch(`http://127.0.0.1:${port}/callback?code=fake-code&state=wrong-state-value`);
+        assert.equal(cbResp.status, 400);
+        await rejection;
+        assert.equal(fetchMock.calls.length, 0, "token endpoint must not be called");
+    }
+    finally {
+        fetchMock.restore();
+    }
+});
+test("PKCE OAuth error in callback → flow rejects, no token call", async () => {
+    const fetchMock = mockFetch(() => {
+        throw new Error("token endpoint should not be called on OAuth error");
+    });
+    try {
+        const flow = await startPkceFlow({
+            clientId: "test-client",
+            tenantId: "common",
+            accountId: "acct-pkce-3",
+        });
+        const rejection = assert.rejects(flow.result, /OAuth error: access_denied/);
+        const state = extractStateFromAuthUrl(flow.authUrl);
+        const port = extractRedirectUriPort(flow.redirectUri);
+        const cbResp = await fetch(`http://127.0.0.1:${port}/callback?error=access_denied&error_description=user%20cancelled&state=${state}`);
+        assert.equal(cbResp.status, 400);
+        await rejection;
+        assert.equal(fetchMock.calls.length, 0);
+    }
+    finally {
+        fetchMock.restore();
+    }
+});
+test("PKCE callback missing code → flow rejects", async () => {
+    const fetchMock = mockFetch(() => {
+        throw new Error("token endpoint should not be called");
+    });
+    try {
+        const flow = await startPkceFlow({
+            clientId: "test-client",
+            tenantId: "common",
+            accountId: "acct-pkce-4",
+        });
+        const rejection = assert.rejects(flow.result, /No authorization code received/);
+        const state = extractStateFromAuthUrl(flow.authUrl);
+        const port = extractRedirectUriPort(flow.redirectUri);
+        const cbResp = await fetch(`http://127.0.0.1:${port}/callback?state=${state}`);
+        assert.equal(cbResp.status, 400);
+        await rejection;
+        assert.equal(fetchMock.calls.length, 0);
+    }
+    finally {
+        fetchMock.restore();
+    }
+});
+test("PKCE auth URL has S256 challenge + correct scopes + prompt=select_account", async () => {
+    // No mock needed — we assert URL structure and abort the flow without
+    // exchanging tokens. Sending an OAuth error in the callback closes the
+    // server and rejects flow.result loudly; we catch it explicitly.
+    const flow = await startPkceFlow({
+        clientId: "client-X",
+        tenantId: "common",
+        accountId: "acct-pkce-5",
+    });
+    const expectedRejection = assert.rejects(flow.result, /OAuth error/);
+    try {
+        const url = new URL(flow.authUrl);
+        assert.equal(url.searchParams.get("client_id"), "client-X");
+        assert.equal(url.searchParams.get("response_type"), "code");
+        assert.equal(url.searchParams.get("code_challenge_method"), "S256");
+        assert.equal(url.searchParams.get("prompt"), "select_account");
+        const challenge = url.searchParams.get("code_challenge");
+        assert.ok(challenge && challenge.length > 30, "challenge should be base64url-encoded SHA-256");
+        const scope = url.searchParams.get("scope") ?? "";
+        assert.match(scope, /offline_access/);
+        assert.match(scope, /User\.Read/);
+        assert.match(scope, /Mail\.Read/);
+        assert.match(scope, /Calendars\.Read/);
+        assert.match(scope, /Contacts\.Read/);
+        // Abort the flow by sending an OAuth error. Server closes; result rejects.
+        const port = extractRedirectUriPort(flow.redirectUri);
+        const state = url.searchParams.get("state");
+        await fetch(`http://127.0.0.1:${port}/callback?error=access_denied&state=${state}`);
+    }
+    finally {
+        await expectedRejection;
+    }
+});
+test("PKCE redirect URI uses ephemeral loopback port (not fixed 49152)", async () => {
+    // No token-exchange mock — abort each flow with an OAuth error so the
+    // server closes without invoking exchangeCode.
+    const flow1 = await startPkceFlow({ clientId: "c", tenantId: "common", accountId: "a1" });
+    const flow2 = await startPkceFlow({ clientId: "c", tenantId: "common", accountId: "a2" });
+    const r1 = assert.rejects(flow1.result, /OAuth error/);
+    const r2 = assert.rejects(flow2.result, /OAuth error/);
+    try {
+        const port1 = extractRedirectUriPort(flow1.redirectUri);
+        const port2 = extractRedirectUriPort(flow2.redirectUri);
+        assert.ok(port1 > 0 && port1 < 65536);
+        assert.ok(port2 > 0 && port2 < 65536);
+        assert.notEqual(port1, port2, "two parallel flows must allocate different ephemeral ports");
+        const s1 = extractStateFromAuthUrl(flow1.authUrl);
+        const s2 = extractStateFromAuthUrl(flow2.authUrl);
+        await fetch(`http://127.0.0.1:${port1}/callback?error=access_denied&state=${s1}`);
+        await fetch(`http://127.0.0.1:${port2}/callback?error=access_denied&state=${s2}`);
+    }
+    finally {
+        await Promise.all([r1, r2]);
+    }
+});
+//# sourceMappingURL=pkce-flow.test.js.map

package/payload/platform/plugins/outlook/mcp/dist/__tests__/pkce-flow.test.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"pkce-flow.test.js","sourceRoot":"","sources":["../../src/__tests__/pkce-flow.test.ts"],"names":[],"mappings":"AAAA,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,MAAM,MAAM,oBAAoB,CAAC;AACxC,OAAO,EAAE,UAAU,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAEjE,MAAM,EAAE,eAAe,EAAE,GAAG,UAAU,CAAC;AAEvC,8EAA8E;AAC9E,gDAAgD;AAChD,8EAA8E;AAE9E,IAAI,CAAC,2CAA2C,EAAE,GAAG,EAAE;IACrD,MAAM,CAAC,KAAK,CAAC,eAAe,CAAC,kBAAkB,EAAE,kBAAkB,CAAC,EAAE,IAAI,CAAC,CAAC;AAC9E,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,wDAAwD,EAAE,GAAG,EAAE;IAClE,MAAM,CAAC,KAAK,CAAC,eAAe,CAAC,kBAAkB,EAAE,kBAAkB,CAAC,EAAE,KAAK,CAAC,CAAC;AAC/E,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,0DAA0D,EAAE,GAAG,EAAE;IACpE,MAAM,CAAC,KAAK,CAAC,eAAe,CAAC,OAAO,EAAE,cAAc,CAAC,EAAE,KAAK,CAAC,CAAC;AAChE,CAAC,CAAC,CAAC;AAiBH,SAAS,SAAS,CAAC,OAA0E;IAI3F,MAAM,KAAK,GAAwB,EAAE,CAAC;IACtC,MAAM,QAAQ,GAAG,UAAU,CAAC,KAAK,CAAC;IAClC,UAAU,CAAC,KAAK,GAAG,CAAC,KAAK,EAAE,GAA2B,EAAE,IAAkB,EAAE,EAAE;QAC5E,MAAM,MAAM,GAAG,OAAO,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,YAAY,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC;QAC7F,wEAAwE;QACxE,mEAAmE;QACnE,0EAA0E;QAC1E,IAAI,MAAM,CAAC,UAAU,CAAC,mBAAmB,CAAC,IAAI,MAAM,CAAC,UAAU,CAAC,mBAAmB,CAAC,EAAE,CAAC;YACrF,OAAO,QAAQ,CAAC,GAAqC,EAAE,IAAI,CAAC,CAAC;QAC/D,CAAC;QACD,KAAK,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;QAClC,OAAO,OAAO,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IAC/B,CAAC,CAAiB,CAAC;IACnB,OAAO;QACL,KAAK;QACL,OAAO,EAAE,GAAG,EAAE;YACZ,UAAU,CAAC,KAAK,GAAG,QAAQ,CAAC;QAC9B,CAAC;KACF,CAAC;AACJ,CAAC;AAED,SAAS,YAAY;IACnB,OAAO,IAAI,QAAQ,CACjB,IAAI,CAAC,SAAS,CAAC;QACb,YAAY,EAAE,aAAa;QAC3B,aAAa,EAAE,cAAc;QAC7B,UAAU,EAAE,IAAI;QAChB,UAAU,EAAE,QAAQ;QACpB,KAAK,EAAE,iEAAiE;KACzE,CAAC,EACF,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE,EAAE,CACjE,CAAC;AACJ,CAAC;AAED,SAAS,uBAAuB,CAAC,OAAe;IAC9C,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC;IAC7B,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IAC5C,MAAM,CAAC,EAAE,CAAC,KAAK,EAAE,mCAAmC,CAAC,CAAC;IACtD,OAAO,KAAM,CAAC;AAChB,CAAC;AAED,SAAS,sBAAsB,CAAC,WAAmB;IACjD,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC;IACjC,OAAO,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,IAAI,CAAC,mDAAmD,EAAE,KAAK,IAAI,EAAE;IACnE,MAAM,SAAS,GAAG,SAAS,CAAC,GAAG,EAAE,CAAC,YAAY,EAAE,CAAC,CAAC;IAClD,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC;YAC/B,QAAQ,EAAE,aAAa;YACvB,QAAQ,EAAE,QAAQ;YAClB,SAAS,EAAE,aAAa;SACzB,CAAC,CAAC;QACH,MAAM,KAAK,GAAG,uBAAuB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACpD,MAAM,IAAI,GAAG,sBAAsB,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAEtD,sEAAsE;QACtE,MAAM,YAAY,GAAG,MAAM,KAAK,CAC9B,oBAAoB,IAAI,kCAAkC,KAAK,EAAE,CAClE,CAAC;QACF,MAAM,CAAC,KAAK,CAAC,YAAY,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QAEvC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC;QACjC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,aAAa,CAAC,YAAY,EAAE,aAAa,CAAC,CAAC;QAC/D,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,aAAa,CAAC,aAAa,EAAE,cAAc,CAAC,CAAC;QACjE,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE;YACrC,gBAAgB;YAChB,eAAe;YACf,WAAW;YACX,WAAW;YACX,gBAAgB;SACjB,CAAC,IAAI,EAAE,CAAC,CAAC;QAEV,iEAAiE;QACjE,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;QACxC,MAAM,IAAI,GAAG,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,IAAI,IAAI,EAAE,CAAC,CAAC;QACzD,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,gBAAgB,CAAC,CAAC;QACrC,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,gBAAgB,CAAC,CAAC;QACrC,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,+BAA+B,CAAC,CAAC;IACtD,CAAC;YAAS,CAAC;QACT,SAAS,CAAC,OAAO,EAAE,CAAC;IACtB,CAAC;AACH,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,+DAA+D,EAAE,KAAK,IAAI,EAAE;IAC/E,MAAM,SAAS,GAAG,SAAS,CAAC,GAAG,EAAE;QAC/B,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;IAC3E,CAAC,CAAC,CAAC;IACH,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC;YAC/B,QAAQ,EAAE,aAAa;YACvB,QAAQ,EAAE,QAAQ;YAClB,SAAS,EAAE,aAAa;SACzB,CAAC,CAAC;QACH,wEAAwE;QACxE,iEAAiE;QACjE,MAAM,SAAS,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,EAAE,iBAAiB,CAAC,CAAC;QACjE,MAAM,IAAI,GAAG,sBAAsB,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACtD,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,oBAAoB,IAAI,kDAAkD,CAAC,CAAC;QACvG,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QACjC,MAAM,SAAS,CAAC;QAChB,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,EAAE,mCAAmC,CAAC,CAAC;IAC/E,CAAC;YAAS,CAAC;QACT,SAAS,CAAC,OAAO,EAAE,CAAC;IACtB,CAAC;AACH,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,4DAA4D,EAAE,KAAK,IAAI,EAAE;IAC5E,MAAM,SAAS,GAAG,SAAS,CAAC,GAAG,EAAE;QAC/B,MAAM,IAAI,KAAK,CAAC,oDAAoD,CAAC,CAAC;IACxE,CAAC,CAAC,CAAC;IACH,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC;YAC/B,QAAQ,EAAE,aAAa;YACvB,QAAQ,EAAE,QAAQ;YAClB,SAAS,EAAE,aAAa;SACzB,CAAC,CAAC;QACH,MAAM,SAAS,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,EAAE,4BAA4B,CAAC,CAAC;QAC5E,MAAM,KAAK,GAAG,uBAAuB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACpD,MAAM,IAAI,GAAG,sBAAsB,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACtD,MAAM,MAAM,GAAG,MAAM,KAAK,CACxB,oBAAoB,IAAI,0EAA0E,KAAK,EAAE,CAC1G,CAAC;QACF,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QACjC,MAAM,SAAS,CAAC;QAChB,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IAC1C,CAAC;YAAS,CAAC;QACT,SAAS,CAAC,OAAO,EAAE,CAAC;IACtB,CAAC;AACH,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,2CAA2C,EAAE,KAAK,IAAI,EAAE;IAC3D,MAAM,SAAS,GAAG,SAAS,CAAC,GAAG,EAAE;QAC/B,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;IACzD,CAAC,CAAC,CAAC;IACH,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC;YAC/B,QAAQ,EAAE,aAAa;YACvB,QAAQ,EAAE,QAAQ;YAClB,SAAS,EAAE,aAAa;SACzB,CAAC,CAAC;QACH,MAAM,SAAS,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,EAAE,gCAAgC,CAAC,CAAC;QAChF,MAAM,KAAK,GAAG,uBAAuB,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACpD,MAAM,IAAI,GAAG,sBAAsB,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACtD,MAAM,MAAM,GAAG,MAAM,KAAK,CAAC,oBAAoB,IAAI,mBAAmB,KAAK,EAAE,CAAC,CAAC;QAC/E,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QACjC,MAAM,SAAS,CAAC;QAChB,MAAM,CAAC,KAAK,CAAC,SAAS,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IAC1C,CAAC;YAAS,CAAC;QACT,SAAS,CAAC,OAAO,EAAE,CAAC;IACtB,CAAC;AACH,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,2EAA2E,EAAE,KAAK,IAAI,EAAE;IAC3F,sEAAsE;IACtE,uEAAuE;IACvE,iEAAiE;IACjE,MAAM,IAAI,GAAG,MAAM,aAAa,CAAC;QAC/B,QAAQ,EAAE,UAAU;QACpB,QAAQ,EAAE,QAAQ;QAClB,SAAS,EAAE,aAAa;KACzB,CAAC,CAAC;IACH,MAAM,iBAAiB,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;IACrE,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QAClC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,UAAU,CAAC,CAAC;QAC5D,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,CAAC,EAAE,MAAM,CAAC,CAAC;QAC5D,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,uBAAuB,CAAC,EAAE,MAAM,CAAC,CAAC;QACpE,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,CAAC,EAAE,gBAAgB,CAAC,CAAC;QAC/D,MAAM,SAAS,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;QACzD,MAAM,CAAC,EAAE,CAAC,SAAS,IAAI,SAAS,CAAC,MAAM,GAAG,EAAE,EAAE,+CAA+C,CAAC,CAAC;QAC/F,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC;QAClD,MAAM,CAAC,KAAK,CAAC,KAAK,EAAE,gBAAgB,CAAC,CAAC;QACtC,MAAM,CAAC,KAAK,CAAC,KAAK,EAAE,YAAY,CAAC,CAAC;QAClC,MAAM,CAAC,KAAK,CAAC,KAAK,EAAE,YAAY,CAAC,CAAC;QAClC,MAAM,CAAC,KAAK,CAAC,KAAK,EAAE,iBAAiB,CAAC,CAAC;QACvC,MAAM,CAAC,KAAK,CAAC,KAAK,EAAE,gBAAgB,CAAC,CAAC;QAEtC,2EAA2E;QAC3E,MAAM,IAAI,GAAG,sBAAsB,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QACtD,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAE,CAAC;QAC7C,MAAM,KAAK,CAAC,oBAAoB,IAAI,uCAAuC,KAAK,EAAE,CAAC,CAAC;IACtF,CAAC;YAAS,CAAC;QACT,MAAM,iBAAiB,CAAC;IAC1B,CAAC;AACH,CAAC,CAAC,CAAC;AAEH,IAAI,CAAC,kEAAkE,EAAE,KAAK,IAAI,EAAE;IAClF,sEAAsE;IACtE,+CAA+C;IAC/C,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC1F,MAAM,KAAK,GAAG,MAAM,aAAa,CAAC,EAAE,QAAQ,EAAE,GAAG,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC1F,MAAM,EAAE,GAAG,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;IACvD,MAAM,EAAE,GAAG,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;IACvD,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,sBAAsB,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QACxD,MAAM,KAAK,GAAG,sBAAsB,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QACxD,MAAM,CAAC,EAAE,CAAC,KAAK,GAAG,CAAC,IAAI,KAAK,GAAG,KAAK,CAAC,CAAC;QACtC,MAAM,CAAC,EAAE,CAAC,KAAK,GAAG,CAAC,IAAI,KAAK,GAAG,KAAK,CAAC,CAAC;QACtC,MAAM,CAAC,QAAQ,CAAC,KAAK,EAAE,KAAK,EAAE,4DAA4D,CAAC,CAAC;QAE5F,MAAM,EAAE,GAAG,uBAAuB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAClD,MAAM,EAAE,GAAG,uBAAuB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAClD,MAAM,KAAK,CAAC,oBAAoB,KAAK,uCAAuC,EAAE,EAAE,CAAC,CAAC;QAClF,MAAM,KAAK,CAAC,oBAAoB,KAAK,uCAAuC,EAAE,EAAE,CAAC,CAAC;IACpF,CAAC;YAAS,CAAC;QACT,MAAM,OAAO,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;IAC9B,CAAC;AACH,CAAC,CAAC,CAAC"}

package/payload/platform/plugins/outlook/mcp/dist/__tests__/token-store.test.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export {};
2	+ //# sourceMappingURL=token-store.test.d.ts.map

package/payload/platform/plugins/outlook/mcp/dist/__tests__/token-store.test.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"token-store.test.d.ts","sourceRoot":"","sources":["../../src/__tests__/token-store.test.ts"],"names":[],"mappings":""}