@stackable-labs/mcp-app-extension 0.10.1 → 0.11.0

package/dist/{auth-37BRWM34.js → auth-5Z7FU2KG.js}

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
-import { writeAuthState, STANDALONE_CLIENT_AUTH_FILE } from './chunk-J3MNH4OK.js';
+import { deriveClientId, STANDALONE_CLIENT, getNonce, writeAuthState, STANDALONE_CLIENT_AUTH_FILE, getVerifier, getDigest } from './chunk-BDOVEKRM.js';
 import { createServer } from 'http';
-import process6 from 'process';
+import process5 from 'process';
 import { Buffer as Buffer$1 } from 'buffer';
 import path from 'path';
 import { fileURLToPath } from 'url';
@@ -53,7 +53,7 @@ function isInsideContainer() {
 
 // ../../../node_modules/.pnpm/is-wsl@3.1.1/node_modules/is-wsl/index.js
 var isWsl = () => {
-  if (process6.platform !== "linux") {
+  if (process5.platform !== "linux") {
     return false;
   }
   if (os.release().toLowerCase().includes("microsoft")) {
@@ -73,7 +73,7 @@ var isWsl = () => {
   }
   return false;
 };
-var is_wsl_default = process6.env.__IS_WSL_TEST__ ? isWsl : isWsl();
+var is_wsl_default = process5.env.__IS_WSL_TEST__ ? isWsl : isWsl();
 
 // ../../../node_modules/.pnpm/wsl-utils@0.1.0/node_modules/wsl-utils/index.js
 var wslDrivesMountPoint = /* @__PURE__ */ (() => {
@@ -111,7 +111,7 @@ var powerShellPath = async () => {
   if (is_wsl_default) {
     return powerShellPathFromWsl();
   }
-  return `${process6.env.SYSTEMROOT || process6.env.windir || String.raw`C:\Windows`}\\System32\\WindowsPowerShell\\v1.0\\powershell.exe`;
+  return `${process5.env.SYSTEMROOT || process5.env.windir || String.raw`C:\Windows`}\\System32\\WindowsPowerShell\\v1.0\\powershell.exe`;
 };
 
 // ../../../node_modules/.pnpm/define-lazy-prop@3.0.0/node_modules/define-lazy-prop/index.js
@@ -133,7 +133,7 @@ function defineLazyProperty(object, propertyName, valueGetter) {
 }
 var execFileAsync = promisify(execFile);
 async function defaultBrowserId() {
-  if (process6.platform !== "darwin") {
+  if (process5.platform !== "darwin") {
     throw new Error("macOS only");
   }
   const { stdout } = await execFileAsync("defaults", ["read", "com.apple.LaunchServices/com.apple.launchservices.secure", "LSHandlers"]);
@@ -146,7 +146,7 @@ async function defaultBrowserId() {
 }
 var execFileAsync2 = promisify(execFile);
 async function runAppleScript(script, { humanReadableOutput = true, signal } = {}) {
-  if (process6.platform !== "darwin") {
+  if (process5.platform !== "darwin") {
     throw new Error("macOS only");
   }
   const outputArguments = humanReadableOutput ? [] : ["-ss"];
@@ -209,18 +209,18 @@ async function defaultBrowser(_execFileAsync = execFileAsync3) {
 var execFileAsync4 = promisify(execFile);
 var titleize = (string) => string.toLowerCase().replaceAll(/(?:^|\s|-)\S/g, (x) => x.toUpperCase());
 async function defaultBrowser2() {
-  if (process6.platform === "darwin") {
+  if (process5.platform === "darwin") {
     const id = await defaultBrowserId();
     const name = await bundleName(id);
     return { name, id };
   }
-  if (process6.platform === "linux") {
+  if (process5.platform === "linux") {
     const { stdout } = await execFileAsync4("xdg-mime", ["query", "default", "x-scheme-handler/http"]);
     const id = stdout.trim();
     const name = titleize(id.replace(/.desktop$/, "").replace("-", " "));
     return { name, id };
   }
-  if (process6.platform === "win32") {
+  if (process5.platform === "win32") {
     return defaultBrowser();
   }
   throw new Error("Only macOS, Linux, and Windows are supported");
@@ -230,7 +230,7 @@ async function defaultBrowser2() {
 var execFile5 = promisify(childProcess.execFile);
 var __dirname$1 = path.dirname(fileURLToPath(import.meta.url));
 var localXdgOpenPath = path.join(__dirname$1, "xdg-open");
-var { platform, arch } = process6;
+var { platform, arch } = process5;
 async function getWindowsDefaultBrowserFromWsl() {
   const powershellPath = await powerShellPath();
   const rawCommand = String.raw`(Get-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice").ProgId`;
@@ -383,7 +383,7 @@ var baseOpen = async (options) => {
         exeLocalXdgOpen = true;
       } catch {
       }
-      const useSystemXdgOpen = process6.versions.electron ?? (platform === "android" || isBundled || !exeLocalXdgOpen);
+      const useSystemXdgOpen = process5.versions.electron ?? (platform === "android" || isBundled || !exeLocalXdgOpen);
       command = useSystemXdgOpen ? "xdg-open" : localXdgOpenPath;
     }
     if (appArguments.length > 0) {
@@ -483,45 +483,6 @@ defineLazyProperty(apps, "browser", () => "browser");
 defineLazyProperty(apps, "browserPrivate", () => "browserPrivate");
 var open_default = open;
 
-// ../../lib/utils-js/src/crypto.ts
-var getCrypto = () => {
-  if (typeof globalThis !== "undefined" && globalThis.crypto) {
-    return globalThis.crypto;
-  }
-  throw new Error("Web Crypto API not available \u2014 requires Node.js 22+ or a modern browser");
-};
-var getSubtle = () => {
-  const crypto = getCrypto();
-  if (crypto.subtle) {
-    return crypto.subtle;
-  }
-  throw new Error("SubtleCrypto not available \u2014 requires a secure context (HTTPS) or Node.js 22+");
-};
-var encodeBytes = (bytes, encoding) => {
-  if (encoding === "hex") {
-    return [...bytes].map((b) => b.toString(16).padStart(2, "0")).join("");
-  }
-  const base64 = btoa(String.fromCharCode(...bytes));
-  if (encoding === "base64url") {
-    return base64.replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
-  }
-  return base64;
-};
-var getRandomBytes = (length, encoding = "base64") => {
-  const bytes = new Uint8Array(length);
-  getCrypto().getRandomValues(bytes);
-  return encodeBytes(bytes, encoding);
-};
-var getDigest = async (input, encoding = "hex") => {
-  const digest = await getSubtle().digest(
-    "SHA-256",
-    new TextEncoder().encode(input)
-  );
-  return encodeBytes(new Uint8Array(digest), encoding);
-};
-var getNonce = () => getRandomBytes(16, "base64url");
-var getVerifier = () => getRandomBytes(32, "base64url");
-
 // src/auth.ts
 var LOGIN_TIMEOUT_MS = 5 * 60 * 1e3;
 var generatePKCE = async () => {
@@ -541,7 +502,7 @@ var registerClient = async (registrationEndpoint) => {
     method: "POST",
     headers: { "content-type": "application/json" },
     body: JSON.stringify({
-      client_name: "@stackable-labs/mcp-app-extension",
+      client_name: STANDALONE_CLIENT.MCP,
       redirect_uris: ["http://127.0.0.1/callback"]
     })
   });
@@ -578,7 +539,7 @@ var decodeJwtPayload = (token) => {
 };
 var performOAuthFlow = async (discoveryUrl) => {
   const discovery = await fetchDiscovery(discoveryUrl);
-  let clientId = "mcp-app-extension";
+  let clientId = await deriveClientId(STANDALONE_CLIENT.MCP);
   if (discovery.registration_endpoint) {
     clientId = await registerClient(discovery.registration_endpoint);
   }

package/dist/{auth-7GIVRWDG.js → auth-7BRIJUR5.js}

@@ -1,6 +1,6 @@
-import { writeAuthState, STANDALONE_CLIENT_AUTH_FILE } from './chunk-FIIWPDHX.js';
+import { deriveClientId, STANDALONE_CLIENT, getNonce, writeAuthState, STANDALONE_CLIENT_AUTH_FILE, getVerifier, getDigest } from './chunk-HLVEV5OH.js';
 import { createServer } from 'http';
-import process6 from 'process';
+import process5 from 'process';
 import { Buffer as Buffer$1 } from 'buffer';
 import path from 'path';
 import { fileURLToPath } from 'url';
@@ -52,7 +52,7 @@ function isInsideContainer() {
 
 // ../../../node_modules/.pnpm/is-wsl@3.1.1/node_modules/is-wsl/index.js
 var isWsl = () => {
-  if (process6.platform !== "linux") {
+  if (process5.platform !== "linux") {
     return false;
   }
   if (os.release().toLowerCase().includes("microsoft")) {
@@ -72,7 +72,7 @@ var isWsl = () => {
   }
   return false;
 };
-var is_wsl_default = process6.env.__IS_WSL_TEST__ ? isWsl : isWsl();
+var is_wsl_default = process5.env.__IS_WSL_TEST__ ? isWsl : isWsl();
 
 // ../../../node_modules/.pnpm/wsl-utils@0.1.0/node_modules/wsl-utils/index.js
 var wslDrivesMountPoint = /* @__PURE__ */ (() => {
@@ -110,7 +110,7 @@ var powerShellPath = async () => {
   if (is_wsl_default) {
     return powerShellPathFromWsl();
   }
-  return `${process6.env.SYSTEMROOT || process6.env.windir || String.raw`C:\Windows`}\\System32\\WindowsPowerShell\\v1.0\\powershell.exe`;
+  return `${process5.env.SYSTEMROOT || process5.env.windir || String.raw`C:\Windows`}\\System32\\WindowsPowerShell\\v1.0\\powershell.exe`;
 };
 
 // ../../../node_modules/.pnpm/define-lazy-prop@3.0.0/node_modules/define-lazy-prop/index.js
@@ -132,7 +132,7 @@ function defineLazyProperty(object, propertyName, valueGetter) {
 }
 var execFileAsync = promisify(execFile);
 async function defaultBrowserId() {
-  if (process6.platform !== "darwin") {
+  if (process5.platform !== "darwin") {
     throw new Error("macOS only");
   }
   const { stdout } = await execFileAsync("defaults", ["read", "com.apple.LaunchServices/com.apple.launchservices.secure", "LSHandlers"]);
@@ -145,7 +145,7 @@ async function defaultBrowserId() {
 }
 var execFileAsync2 = promisify(execFile);
 async function runAppleScript(script, { humanReadableOutput = true, signal } = {}) {
-  if (process6.platform !== "darwin") {
+  if (process5.platform !== "darwin") {
     throw new Error("macOS only");
   }
   const outputArguments = humanReadableOutput ? [] : ["-ss"];
@@ -208,18 +208,18 @@ async function defaultBrowser(_execFileAsync = execFileAsync3) {
 var execFileAsync4 = promisify(execFile);
 var titleize = (string) => string.toLowerCase().replaceAll(/(?:^|\s|-)\S/g, (x) => x.toUpperCase());
 async function defaultBrowser2() {
-  if (process6.platform === "darwin") {
+  if (process5.platform === "darwin") {
     const id = await defaultBrowserId();
     const name = await bundleName(id);
     return { name, id };
   }
-  if (process6.platform === "linux") {
+  if (process5.platform === "linux") {
     const { stdout } = await execFileAsync4("xdg-mime", ["query", "default", "x-scheme-handler/http"]);
     const id = stdout.trim();
     const name = titleize(id.replace(/.desktop$/, "").replace("-", " "));
     return { name, id };
   }
-  if (process6.platform === "win32") {
+  if (process5.platform === "win32") {
     return defaultBrowser();
   }
   throw new Error("Only macOS, Linux, and Windows are supported");
@@ -229,7 +229,7 @@ async function defaultBrowser2() {
 var execFile5 = promisify(childProcess.execFile);
 var __dirname$1 = path.dirname(fileURLToPath(import.meta.url));
 var localXdgOpenPath = path.join(__dirname$1, "xdg-open");
-var { platform, arch } = process6;
+var { platform, arch } = process5;
 async function getWindowsDefaultBrowserFromWsl() {
   const powershellPath = await powerShellPath();
   const rawCommand = String.raw`(Get-ItemProperty -Path "HKCU:\Software\Microsoft\Windows\Shell\Associations\UrlAssociations\http\UserChoice").ProgId`;
@@ -382,7 +382,7 @@ var baseOpen = async (options) => {
         exeLocalXdgOpen = true;
       } catch {
       }
-      const useSystemXdgOpen = process6.versions.electron ?? (platform === "android" || isBundled || !exeLocalXdgOpen);
+      const useSystemXdgOpen = process5.versions.electron ?? (platform === "android" || isBundled || !exeLocalXdgOpen);
       command = useSystemXdgOpen ? "xdg-open" : localXdgOpenPath;
     }
     if (appArguments.length > 0) {
@@ -482,45 +482,6 @@ defineLazyProperty(apps, "browser", () => "browser");
 defineLazyProperty(apps, "browserPrivate", () => "browserPrivate");
 var open_default = open;
 
-// ../../lib/utils-js/src/crypto.ts
-var getCrypto = () => {
-  if (typeof globalThis !== "undefined" && globalThis.crypto) {
-    return globalThis.crypto;
-  }
-  throw new Error("Web Crypto API not available \u2014 requires Node.js 22+ or a modern browser");
-};
-var getSubtle = () => {
-  const crypto = getCrypto();
-  if (crypto.subtle) {
-    return crypto.subtle;
-  }
-  throw new Error("SubtleCrypto not available \u2014 requires a secure context (HTTPS) or Node.js 22+");
-};
-var encodeBytes = (bytes, encoding) => {
-  if (encoding === "hex") {
-    return [...bytes].map((b) => b.toString(16).padStart(2, "0")).join("");
-  }
-  const base64 = btoa(String.fromCharCode(...bytes));
-  if (encoding === "base64url") {
-    return base64.replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
-  }
-  return base64;
-};
-var getRandomBytes = (length, encoding = "base64") => {
-  const bytes = new Uint8Array(length);
-  getCrypto().getRandomValues(bytes);
-  return encodeBytes(bytes, encoding);
-};
-var getDigest = async (input, encoding = "hex") => {
-  const digest = await getSubtle().digest(
-    "SHA-256",
-    new TextEncoder().encode(input)
-  );
-  return encodeBytes(new Uint8Array(digest), encoding);
-};
-var getNonce = () => getRandomBytes(16, "base64url");
-var getVerifier = () => getRandomBytes(32, "base64url");
-
 // src/auth.ts
 var LOGIN_TIMEOUT_MS = 5 * 60 * 1e3;
 var generatePKCE = async () => {
@@ -540,7 +501,7 @@ var registerClient = async (registrationEndpoint) => {
     method: "POST",
     headers: { "content-type": "application/json" },
     body: JSON.stringify({
-      client_name: "@stackable-labs/mcp-app-extension",
+      client_name: STANDALONE_CLIENT.MCP,
       redirect_uris: ["http://127.0.0.1/callback"]
     })
   });
@@ -577,7 +538,7 @@ var decodeJwtPayload = (token) => {
 };
 var performOAuthFlow = async (discoveryUrl) => {
   const discovery = await fetchDiscovery(discoveryUrl);
-  let clientId = "mcp-app-extension";
+  let clientId = await deriveClientId(STANDALONE_CLIENT.MCP);
   if (discovery.registration_endpoint) {
     clientId = await registerClient(discovery.registration_endpoint);
   }

package/dist/{chunk-J3MNH4OK.js → chunk-BDOVEKRM.js}

@@ -3,9 +3,48 @@ import { mkdir, writeFile, readFile } from 'fs/promises';
 import { join } from 'path';
 import { homedir } from 'os';
 
+// ../../lib/utils-js/src/crypto.ts
+var getCrypto = () => {
+  if (typeof globalThis !== "undefined" && globalThis.crypto) {
+    return globalThis.crypto;
+  }
+  throw new Error("Web Crypto API not available \u2014 requires Node.js 22+ or a modern browser");
+};
+var getSubtle = () => {
+  const crypto = getCrypto();
+  if (crypto.subtle) {
+    return crypto.subtle;
+  }
+  throw new Error("SubtleCrypto not available \u2014 requires a secure context (HTTPS) or Node.js 22+");
+};
+var encodeBytes = (bytes, encoding) => {
+  if (encoding === "hex") {
+    return [...bytes].map((b) => b.toString(16).padStart(2, "0")).join("");
+  }
+  const base64 = btoa(String.fromCharCode(...bytes));
+  if (encoding === "base64url") {
+    return base64.replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+  }
+  return base64;
+};
+var getRandomBytes = (length, encoding = "base64") => {
+  const bytes = new Uint8Array(length);
+  getCrypto().getRandomValues(bytes);
+  return encodeBytes(bytes, encoding);
+};
+var getDigest = async (input, encoding = "hex") => {
+  const digest = await getSubtle().digest(
+    "SHA-256",
+    new TextEncoder().encode(input)
+  );
+  return encodeBytes(new Uint8Array(digest), encoding);
+};
+var getNonce = () => getRandomBytes(16, "base64url");
+var getVerifier = () => getRandomBytes(32, "base64url");
+
 // ../../lib/utils-auth/src/constants.ts
 var STANDALONE_CLIENT_DATA = {
-  CLI: { name: "@stackable-labs/cli-app-extension", authFile: "auth.json" },
+  CLI: { name: "@stackable-labs/cli-app-extension", authFile: "cli-auth.json" },
   MCP: { name: "@stackable-labs/mcp-app-extension", authFile: "mcp-auth.json" }
 };
 var STANDALONE_CLIENT = Object.fromEntries(
@@ -34,6 +73,7 @@ var EDITOR_ROLES = [
 ];
 
 // ../../lib/utils-auth/src/index.ts
+var deriveClientId = async (clientName) => (await getDigest(clientName)).slice(0, 32);
 var AUTH_DIR = join(homedir(), ".stackable");
 join(AUTH_DIR, STANDALONE_CLIENT_AUTH_FILE.CLI);
 var MCP_AUTH_FILE = join(AUTH_DIR, STANDALONE_CLIENT_AUTH_FILE.MCP);
@@ -76,4 +116,4 @@ var getToken = async (filename) => {
   return state.token;
 };
 
-export { MCP_AUTH_FILE, STANDALONE_CLIENT, STANDALONE_CLIENT_AUTH_FILE, getToken, writeAuthState };
+export { MCP_AUTH_FILE, STANDALONE_CLIENT, STANDALONE_CLIENT_AUTH_FILE, deriveClientId, getDigest, getNonce, getToken, getVerifier, writeAuthState };

package/dist/{chunk-FIIWPDHX.js → chunk-HLVEV5OH.js}

@@ -2,9 +2,48 @@ import { mkdir, writeFile, readFile } from 'fs/promises';
 import { join } from 'path';
 import { homedir } from 'os';
 
+// ../../lib/utils-js/src/crypto.ts
+var getCrypto = () => {
+  if (typeof globalThis !== "undefined" && globalThis.crypto) {
+    return globalThis.crypto;
+  }
+  throw new Error("Web Crypto API not available \u2014 requires Node.js 22+ or a modern browser");
+};
+var getSubtle = () => {
+  const crypto = getCrypto();
+  if (crypto.subtle) {
+    return crypto.subtle;
+  }
+  throw new Error("SubtleCrypto not available \u2014 requires a secure context (HTTPS) or Node.js 22+");
+};
+var encodeBytes = (bytes, encoding) => {
+  if (encoding === "hex") {
+    return [...bytes].map((b) => b.toString(16).padStart(2, "0")).join("");
+  }
+  const base64 = btoa(String.fromCharCode(...bytes));
+  if (encoding === "base64url") {
+    return base64.replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+  }
+  return base64;
+};
+var getRandomBytes = (length, encoding = "base64") => {
+  const bytes = new Uint8Array(length);
+  getCrypto().getRandomValues(bytes);
+  return encodeBytes(bytes, encoding);
+};
+var getDigest = async (input, encoding = "hex") => {
+  const digest = await getSubtle().digest(
+    "SHA-256",
+    new TextEncoder().encode(input)
+  );
+  return encodeBytes(new Uint8Array(digest), encoding);
+};
+var getNonce = () => getRandomBytes(16, "base64url");
+var getVerifier = () => getRandomBytes(32, "base64url");
+
 // ../../lib/utils-auth/src/constants.ts
 var STANDALONE_CLIENT_DATA = {
-  CLI: { name: "@stackable-labs/cli-app-extension", authFile: "auth.json" },
+  CLI: { name: "@stackable-labs/cli-app-extension", authFile: "cli-auth.json" },
   MCP: { name: "@stackable-labs/mcp-app-extension", authFile: "mcp-auth.json" }
 };
 var STANDALONE_CLIENT = Object.fromEntries(
@@ -33,6 +72,7 @@ var EDITOR_ROLES = [
 ];
 
 // ../../lib/utils-auth/src/index.ts
+var deriveClientId = async (clientName) => (await getDigest(clientName)).slice(0, 32);
 var AUTH_DIR = join(homedir(), ".stackable");
 join(AUTH_DIR, STANDALONE_CLIENT_AUTH_FILE.CLI);
 var MCP_AUTH_FILE = join(AUTH_DIR, STANDALONE_CLIENT_AUTH_FILE.MCP);
@@ -75,4 +115,4 @@ var getToken = async (filename) => {
   return state.token;
 };
 
-export { MCP_AUTH_FILE, STANDALONE_CLIENT, STANDALONE_CLIENT_AUTH_FILE, getToken, writeAuthState };
+export { MCP_AUTH_FILE, STANDALONE_CLIENT, STANDALONE_CLIENT_AUTH_FILE, deriveClientId, getDigest, getNonce, getToken, getVerifier, writeAuthState };

package/dist/index.js

@@ -1,5 +1,5 @@
 #!/usr/bin/env node
-import { STANDALONE_CLIENT, MCP_AUTH_FILE, getToken, STANDALONE_CLIENT_AUTH_FILE } from './chunk-J3MNH4OK.js';
+import { STANDALONE_CLIENT, MCP_AUTH_FILE, getToken, STANDALONE_CLIENT_AUTH_FILE } from './chunk-BDOVEKRM.js';
 import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
 import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
 import { IDENTITY_EVENT, ACTIVITY_EVENT, SURFACE_TARGET, PERMISSIONS, CAPABILITY_PERMISSION_MAP, ALLOWED_ICONS, UI_TAGS, UI_TAG_ATTRIBUTES, tagToComponentName } from '@stackable-labs/sdk-extension-contracts';
@@ -43,13 +43,15 @@ export const appStore = createStore<AppState>({
   {
     path: "surfaces/Content.tsx",
     title: "Content Surface with Loading State",
-    code: `import { ui, useStore, useContextData, useSettings, Surface } from '@stackable-labs/sdk-extension-react'
+    code: `import { ui, useStore, useContextData, Surface } from '@stackable-labs/sdk-extension-react'
 import { appStore } from '../store'
 
 export function Content() {
   const viewState = useStore(appStore, (s) => s.viewState)
   const { loading } = useContextData()
-  const settings = useSettings() // Non-secret settings from settingsSchema
+  // Non-secret settings from settingsSchema (add settingsSchema to manifest.json to use). Ex:
+  // const settings = useSettings()
+  // const apiEndpoint = settings.apiEndpoint as string
 
   if (loading) {
     return (
@@ -197,13 +199,15 @@ export const appStore = createStore<AppState>({
   {
     path: "surfaces/Content.tsx",
     title: "Current Content Surface",
-    code: `import { ui, useStore, useContextData, useSettings, Surface } from '@stackable-labs/sdk-extension-react'
+    code: `import { ui, useStore, useContextData, Surface } from '@stackable-labs/sdk-extension-react'
 import { appStore } from '../store'
 
 export function Content() {
   const viewState = useStore(appStore, (s) => s.viewState)
   const { loading } = useContextData()
-  const settings = useSettings() // Non-secret settings from settingsSchema
+  // Non-secret settings from settingsSchema (add settingsSchema to manifest.json to use). Ex:
+  // const settings = useSettings()
+  // const apiEndpoint = settings.apiEndpoint as string
 
   if (loading) {
     return (
@@ -3849,7 +3853,7 @@ var createMcpServer = (options = {}) => {
       return await getToken(STANDALONE_CLIENT_AUTH_FILE.MCP);
     } catch {
     }
-    const { performOAuthFlow } = await import('./auth-37BRWM34.js');
+    const { performOAuthFlow } = await import('./auth-5Z7FU2KG.js');
     const MCP_API_BASE_URL = process.env.MCP_API_BASE_URL ?? DEFAULT_MCP_API_BASE_URL;
     return performOAuthFlow(`${MCP_API_BASE_URL}/.well-known/oauth-authorization-server`);
   };

package/dist/server.js

@@ -1,4 +1,4 @@
-import { STANDALONE_CLIENT, MCP_AUTH_FILE, getToken, STANDALONE_CLIENT_AUTH_FILE } from './chunk-FIIWPDHX.js';
+import { STANDALONE_CLIENT, MCP_AUTH_FILE, getToken, STANDALONE_CLIENT_AUTH_FILE } from './chunk-HLVEV5OH.js';
 import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
 import { IDENTITY_EVENT, ACTIVITY_EVENT, SURFACE_TARGET, PERMISSIONS, CAPABILITY_PERMISSION_MAP, ALLOWED_ICONS, UI_TAGS, UI_TAG_ATTRIBUTES, tagToComponentName } from '@stackable-labs/sdk-extension-contracts';
 import { z } from 'zod';
@@ -41,13 +41,15 @@ export const appStore = createStore<AppState>({
   {
     path: "surfaces/Content.tsx",
     title: "Content Surface with Loading State",
-    code: `import { ui, useStore, useContextData, useSettings, Surface } from '@stackable-labs/sdk-extension-react'
+    code: `import { ui, useStore, useContextData, Surface } from '@stackable-labs/sdk-extension-react'
 import { appStore } from '../store'
 
 export function Content() {
   const viewState = useStore(appStore, (s) => s.viewState)
   const { loading } = useContextData()
-  const settings = useSettings() // Non-secret settings from settingsSchema
+  // Non-secret settings from settingsSchema (add settingsSchema to manifest.json to use). Ex:
+  // const settings = useSettings()
+  // const apiEndpoint = settings.apiEndpoint as string
 
   if (loading) {
     return (
@@ -195,13 +197,15 @@ export const appStore = createStore<AppState>({
   {
     path: "surfaces/Content.tsx",
     title: "Current Content Surface",
-    code: `import { ui, useStore, useContextData, useSettings, Surface } from '@stackable-labs/sdk-extension-react'
+    code: `import { ui, useStore, useContextData, Surface } from '@stackable-labs/sdk-extension-react'
 import { appStore } from '../store'
 
 export function Content() {
   const viewState = useStore(appStore, (s) => s.viewState)
   const { loading } = useContextData()
-  const settings = useSettings() // Non-secret settings from settingsSchema
+  // Non-secret settings from settingsSchema (add settingsSchema to manifest.json to use). Ex:
+  // const settings = useSettings()
+  // const apiEndpoint = settings.apiEndpoint as string
 
   if (loading) {
     return (
@@ -3847,7 +3851,7 @@ var createMcpServer = (options = {}) => {
       return await getToken(STANDALONE_CLIENT_AUTH_FILE.MCP);
     } catch {
     }
-    const { performOAuthFlow } = await import('./auth-7GIVRWDG.js');
+    const { performOAuthFlow } = await import('./auth-7BRIJUR5.js');
     const MCP_API_BASE_URL = process.env.MCP_API_BASE_URL ?? DEFAULT_MCP_API_BASE_URL;
     return performOAuthFlow(`${MCP_API_BASE_URL}/.well-known/oauth-authorization-server`);
   };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@stackable-labs/mcp-app-extension",
-  "version": "0.10.1",
+  "version": "0.11.0",
   "type": "module",
   "bin": {
     "mcp-app-extension": "./dist/index.js"
@@ -23,7 +23,6 @@
   "dependencies": {
     "@modelcontextprotocol/sdk": "1.x",
     "@stackable-labs/sdk-extension-contracts": "latest",
-    "oauth4webapi": "3.x",
     "open": "10.x",
     "zod": "3.x"
   },