@stigmer/react 0.0.78 → 0.0.80

package/src/mcp-server/useMcpServerConnect.ts

@@ -6,6 +6,7 @@ import type { McpServer } from "@stigmer/protos/ai/stigmer/agentic/mcpserver/v1/
 import { ConnectInputSchema } from "@stigmer/protos/ai/stigmer/agentic/mcpserver/v1/io_pb";
 import type { EnvVarInput } from "@stigmer/sdk";
 import { useStigmer } from "../hooks";
+import { resolveSystemEnvVarValues } from "../environment/systemEnvVars";
 import { toError } from "../internal/toError";
 
 /** Return value of {@link useMcpServerConnect}. */
@@ -18,13 +19,15 @@ export interface UseMcpServerConnectReturn {
    * agent-runner. The RPC blocks until the workflow completes
    * (typically 5-15 seconds, ~30s timeout).
    *
-   * When `runtimeEnv` is provided, the values are sent directly to
-   * the backend as one-time credentials (not persisted to any
-   * environment). When omitted, the backend resolves credentials from
-   * the authenticated user's personal environment.
+   * Platform system env vars (`STIGMER_SERVER_ADDRESS`,
+   * `STIGMER_API_KEY`) are always injected automatically from
+   * the current SDK context. When `runtimeEnv` is also provided,
+   * those values are merged on top (caller values win). The backend
+   * merges the result on top of the user's personal environment so
+   * saved credentials (e.g., OAuth tokens) are still resolved.
    *
    * @param mcpServerId - System-generated ID of the MCP server (metadata.id).
-   * @param runtimeEnv - Optional one-time environment variables.
+   * @param runtimeEnv - Optional additional environment variables.
    * @returns The updated McpServer with populated status.discovered_capabilities
    *          and status.tool_approvals.
    */
@@ -48,13 +51,14 @@ export interface UseMcpServerConnectReturn {
  * server's tools and resource templates, then classifies each tool's
  * approval policy via a structured-output LLM call.
  *
- * Supports two credential modes:
- * - **Saved credentials** (default): Credentials are pre-saved to the
- *   user's personal environment, then `connect(id)` is called without
- *   `runtimeEnv`. The backend resolves them automatically.
- * - **One-time use**: `connect(id, runtimeEnv)` passes credentials
- *   directly to the backend. They are used for this connect only and
- *   not persisted.
+ * Platform system env vars (`STIGMER_SERVER_ADDRESS`,
+ * `STIGMER_API_KEY`) are always injected from the current SDK
+ * context. The backend merges these on top of the caller's personal
+ * environment, so saved credentials (e.g., OAuth tokens) are still
+ * resolved while platform addresses are always up to date.
+ *
+ * Additional one-time credentials can be passed via `runtimeEnv`
+ * and will override both system vars and personal env values.
  *
  * @example
  * ```tsx
@@ -90,21 +94,20 @@ export function useMcpServerConnect(): UseMcpServerConnectReturn {
       setError(null);
 
       try {
+        const systemEnv = await resolveSystemEnvVarValues(stigmer);
+        const mergedEnv = { ...systemEnv, ...(runtimeEnv ?? {}) };
+
         const runtimeEnvMap: Record<string, { value: string; isSecret: boolean }> = {};
-        if (runtimeEnv) {
-          for (const [key, input] of Object.entries(runtimeEnv)) {
-            runtimeEnvMap[key] = {
-              value: input.value,
-              isSecret: input.isSecret ?? false,
-            };
-          }
+        for (const [key, envInput] of Object.entries(mergedEnv)) {
+          runtimeEnvMap[key] = {
+            value: envInput.value,
+            isSecret: envInput.isSecret ?? false,
+          };
         }
 
         const input = create(ConnectInputSchema, {
           mcpServerId,
-          ...(Object.keys(runtimeEnvMap).length > 0 && {
-            runtimeEnv: runtimeEnvMap,
-          }),
+          runtimeEnv: runtimeEnvMap,
         });
 
         return await stigmer.mcpServer.connect(input);

package/src/mcp-server/useMcpServerCredentials.ts

@@ -4,9 +4,10 @@ import { useCallback, useMemo } from "react";
 import type { EnvVarInput } from "@stigmer/sdk";
 import type { McpServer } from "@stigmer/protos/ai/stigmer/agentic/mcpserver/v1/api_pb";
 import { usePersonalEnvironment } from "../environment/usePersonalEnvironment";
-import { diffEnvSpec } from "../environment/diffEnvSpec";
+import { diffEnv } from "../environment/diffEnv";
 import { SYSTEM_ENV_VAR_KEYS } from "../environment/systemEnvVars";
 import type { EnvVarFormVariable } from "../environment/EnvVarForm";
+import { useOAuthGrantStatus } from "./useOAuthGrantStatus";
 
 /**
  * Credential acquisition mode for an MCP server.
@@ -34,37 +35,50 @@ export interface UseMcpServerCredentialsReturn {
    */
   readonly oauthTargetEnvVar: string | null;
   /**
-   * `true` when the OAuth-managed env var exists in the personal
-   * environment. Always `false` when `authMode` is `"manual"`.
+   * `true` when the user has an active OAuth grant for this server.
+   * Derived from the `getOAuthGrantStatus` API, not from personal
+   * environment key presence. Always `false` when `authMode` is `"manual"`.
    */
   readonly isOAuthConnected: boolean;
+  /**
+   * When the OAuth access token expires (Unix timestamp seconds).
+   * `BigInt(0)` when no grant exists, `authMode` is `"manual"`, or the token
+   * does not expire. Useful for showing actual expiry in the UI.
+   */
+  readonly accessTokenExpiresAt: bigint;
   /**
    * Informational hint about expected token lifetime, or `null`.
    * Sourced from `spec.auth.token_lifetime_hint`.
    */
   readonly tokenLifetimeHint: string | null;
   /**
-   * Variables required by the MCP server that are missing from the
-   * user's personal environment. Empty when all variables are present
-   * or the server has no `env_spec`.
+   * Required variables (non-optional) missing from the user's personal
+   * environment. Empty when all required variables are present, the
+   * server has no `env` declarations, or all declarations are optional.
    *
    * When `authMode` is `"oauth"`, the OAuth-managed `target_env_var`
    * is excluded from this list — it is acquired via the OAuth flow,
-   * not via a manual form. Only additional non-OAuth vars appear here.
+   * not via a manual form. Only additional non-OAuth required vars
+   * appear here.
+   *
+   * Optional env vars are never included — they are discoverable in
+   * the read-only EnvSection but do not block connect.
    *
    * Suitable as direct input to {@link EnvVarForm}.
    */
   readonly missingVariables: EnvVarFormVariable[];
   /**
-   * `true` when all required credentials are available — both
-   * OAuth-managed and manual variables. For OAuth servers this means
-   * the OAuth token is in the personal env AND any additional manual
-   * vars are also present.
+   * `true` when all required (non-optional) credentials are available
+   * — both OAuth-managed and manual variables. For OAuth servers this
+   * means the OAuth grant is connected AND any additional required
+   * manual vars are present in the personal environment.
+   *
+   * Servers whose env vars are all optional are always ready.
    */
   readonly isReady: boolean;
-  /** `true` while the personal environment is being fetched. */
+  /** `true` while the personal environment or grant status is being fetched. */
   readonly isLoading: boolean;
-  /** Error from the personal environment fetch, or `null`. */
+  /** Error from the personal environment or grant status fetch, or `null`. */
   readonly error: Error | null;
   /**
    * Save the provided credentials to the user's personal environment.
@@ -81,7 +95,7 @@ export interface UseMcpServerCredentialsReturn {
 
 /**
  * Checks the user's personal environment against an MCP server's
- * `env_spec` and provides a mechanism to save missing credentials.
+ * `env` declarations and provides a mechanism to save missing credentials.
  *
  * Designed for the discovery flow on the MCP server detail page:
  * before triggering discovery, the UI needs to ensure all required
@@ -90,10 +104,12 @@ export interface UseMcpServerCredentialsReturn {
  * them.
  *
  * **Auth-mode-aware**: when `spec.auth` is configured, the hook
- * identifies the OAuth-managed variable (`target_env_var`) and
- * excludes it from `missingVariables` — that variable is acquired
- * via {@link useMcpServerOAuthConnect}, not a manual form. Additional
- * non-OAuth vars still appear in `missingVariables` (mixed mode).
+ * composes {@link useOAuthGrantStatus} to determine whether the
+ * OAuth-managed variable (`target_env_var`) is connected via an
+ * active grant. The OAuth variable is excluded from `missingVariables`
+ * — it is acquired via {@link useMcpServerOAuthConnect}, not a manual
+ * form. Additional non-OAuth vars still appear in `missingVariables`
+ * (mixed mode).
  *
  * Unlike {@link useMcpServerSetup} which manages multi-server setup
  * for session creation, this hook is scoped to a single server and
@@ -134,32 +150,43 @@ export function useMcpServerCredentials(
   const oauthTargetEnvVar = auth?.targetEnvVar || null;
   const tokenLifetimeHint = auth?.tokenLifetimeHint || null;
 
+  const grantStatus = useOAuthGrantStatus(
+    authMode === "oauth" ? (mcpServer?.metadata?.id ?? null) : null,
+    authMode === "oauth" ? org : null,
+  );
+
+  const isOAuthConnected = authMode === "oauth" && grantStatus.connected;
+
   const existingKeys = useMemo(
     () => new Set(Object.keys(personalEnv.environment?.spec?.data ?? {})),
     [personalEnv.environment],
   );
 
-  const isOAuthConnected = authMode === "oauth"
-    && oauthTargetEnvVar !== null
-    && existingKeys.has(oauthTargetEnvVar);
-
   const allMissingVariables = useMemo(() => {
     if (!mcpServer) return [];
-    const envSpecData = mcpServer.spec?.envSpec?.data;
-    if (!envSpecData || Object.keys(envSpecData).length === 0) return [];
+    const envDeclarations = mcpServer.spec?.env;
+    if (!envDeclarations || Object.keys(envDeclarations).length === 0) return [];
 
-    return diffEnvSpec(envSpecData, existingKeys).filter(
+    return diffEnv(envDeclarations, existingKeys).filter(
       (v) => !SYSTEM_ENV_VAR_KEYS.has(v.key),
     );
   }, [mcpServer, existingKeys]);
 
+  const requiredMissing = useMemo(
+    () => allMissingVariables.filter((v) => !v.optional),
+    [allMissingVariables],
+  );
+
   const missingVariables = useMemo(() => {
-    if (!oauthTargetEnvVar) return allMissingVariables;
-    return allMissingVariables.filter((v) => v.key !== oauthTargetEnvVar);
-  }, [allMissingVariables, oauthTargetEnvVar]);
+    if (!oauthTargetEnvVar) return requiredMissing;
+    return requiredMissing.filter((v) => v.key !== oauthTargetEnvVar);
+  }, [requiredMissing, oauthTargetEnvVar]);
 
   const isReady =
-    !personalEnv.isLoading && allMissingVariables.length === 0;
+    !personalEnv.isLoading &&
+    !grantStatus.isLoading &&
+    missingVariables.length === 0 &&
+    (authMode === "manual" || isOAuthConnected);
 
   const saveCredentials = useCallback(
     async (values: Record<string, EnvVarInput>): Promise<void> => {
@@ -169,17 +196,23 @@ export function useMcpServerCredentials(
     [personalEnv],
   );
 
+  const refetch = useCallback(() => {
+    personalEnv.refetch();
+    grantStatus.refetch();
+  }, [personalEnv, grantStatus]);
+
   return {
     authMode,
     oauthTargetEnvVar,
     isOAuthConnected,
+    accessTokenExpiresAt: grantStatus.accessTokenExpiresAt,
     tokenLifetimeHint,
     missingVariables,
     isReady,
-    isLoading: personalEnv.isLoading,
-    error: personalEnv.error,
+    isLoading: personalEnv.isLoading || grantStatus.isLoading,
+    error: personalEnv.error ?? grantStatus.error,
     saveCredentials,
     isSaving: personalEnv.isMutating,
-    refetch: personalEnv.refetch,
+    refetch,
   };
 }

package/src/mcp-server/useMcpServerOAuthConnect.ts

@@ -9,6 +9,7 @@ import {
   ConnectInputSchema,
 } from "@stigmer/protos/ai/stigmer/agentic/mcpserver/v1/io_pb";
 import { useStigmer } from "../hooks";
+import { resolveSystemEnvVarValues } from "../environment/systemEnvVars";
 import { toError } from "../internal/toError";
 
 /**
@@ -53,14 +54,15 @@ export interface UseMcpServerOAuthConnectReturn {
    * blockers.
    *
    * @param mcpServerId - System-generated ID (metadata.id) of the MCP server.
+   * @param org - Organization context for token storage (caller's active org).
    * @returns The updated McpServer after tool discovery completes.
    */
-  readonly startOAuth: (mcpServerId: string) => Promise<McpServer>;
+  readonly startOAuth: (mcpServerId: string, org: string) => Promise<McpServer>;
   /** `true` while any phase of the OAuth flow is in progress. */
   readonly isInProgress: boolean;
   /** Current phase of the OAuth flow. */
   readonly phase: OAuthConnectPhase;
-  /** Error from the most recent failed attempt, or `null`. */
+  /** Error from the most recent unsuccessful attempt, or `null`. */
   readonly error: Error | null;
   /** Reset the hook to idle state, clearing any error. */
   readonly clearError: () => void;
@@ -91,7 +93,7 @@ const POPUP_CALLBACK_TIMEOUT_MS = 120_000;
  *
  * async function handleSignIn() {
  *   try {
- *     await oauth.startOAuth(mcpServer.metadata.id);
+ *     await oauth.startOAuth(mcpServer.metadata.id, org);
  *     refetch();
  *   } catch {
  *     // error is available via oauth.error
@@ -123,7 +125,7 @@ export function useMcpServerOAuthConnect(): UseMcpServerOAuthConnectReturn {
   }, []);
 
   const startOAuth = useCallback(
-    async (mcpServerId: string): Promise<McpServer> => {
+    async (mcpServerId: string, org: string): Promise<McpServer> => {
       setPhase("initiating");
       setError(null);
 
@@ -151,7 +153,7 @@ export function useMcpServerOAuthConnect(): UseMcpServerOAuthConnectReturn {
 
       try {
         const initOutput = await stigmer.mcpServer.initiateOAuthConnect(
-          create(InitiateOAuthConnectInputSchema, { mcpServerId }),
+          create(InitiateOAuthConnectInputSchema, { mcpServerId, org }),
         );
 
         popup.location.href = initOutput.authorizationUrl;
@@ -177,8 +179,20 @@ export function useMcpServerOAuthConnect(): UseMcpServerOAuthConnectReturn {
 
         setPhase("connecting");
 
+        const systemEnv = await resolveSystemEnvVarValues(stigmer);
+        const runtimeEnvMap: Record<string, { value: string; isSecret: boolean }> = {};
+        for (const [key, envInput] of Object.entries(systemEnv)) {
+          runtimeEnvMap[key] = {
+            value: envInput.value,
+            isSecret: envInput.isSecret ?? false,
+          };
+        }
+
         const server = await stigmer.mcpServer.connect(
-          create(ConnectInputSchema, { mcpServerId }),
+          create(ConnectInputSchema, {
+            mcpServerId,
+            runtimeEnv: runtimeEnvMap,
+          }),
         );
 
         setPhase("done");

package/src/mcp-server/useMcpServerSetup.ts

@@ -2,12 +2,14 @@
 
 import { useCallback, useEffect, useMemo, useReducer, useRef } from "react";
 import type { EnvVarInput, McpServerUsageInput, ResourceRef } from "@stigmer/sdk";
+import { create } from "@bufbuild/protobuf";
 import type { McpServer } from "@stigmer/protos/ai/stigmer/agentic/mcpserver/v1/api_pb";
+import { GetOAuthGrantStatusInputSchema } from "@stigmer/protos/ai/stigmer/agentic/mcpserver/v1/io_pb";
 import type { DiscoveredTool } from "@stigmer/protos/ai/stigmer/agentic/mcpserver/v1/status_pb";
 import { ApiResourceKind } from "@stigmer/protos/ai/stigmer/commons/apiresource/apiresourcekind/api_resource_kind_pb";
 import { useStigmer } from "../hooks";
 import { usePersonalEnvironment } from "../environment/usePersonalEnvironment";
-import { diffEnvSpec } from "../environment/diffEnvSpec";
+import { diffEnv } from "../environment/diffEnv";
 import { toError } from "../internal/toError";
 import {
   mcpServerSetupReducer,
@@ -57,8 +59,8 @@ export interface UseMcpServerSetupReturn {
   /**
    * Add an MCP server to the setup flow.
    *
-   * Fetches the full server resource, checks `env_spec` against the
-   * personal environment, and resolves the entry to either `ready`
+   * Fetches the full server resource, checks `env` declarations against
+   * the personal environment, and resolves the entry to either `ready`
    * (no credentials needed or all present) or `needsSetup` (missing
    * variables). Also extracts discovered tools and approval policies
    * for the tool selector.
@@ -171,8 +173,8 @@ function computeDefaultEnabledTools(
  * MCP servers selected in the {@link McpServerPicker}.
  *
  * When a user toggles an MCP server ON, this hook fetches the server's
- * full resource, checks its `env_spec` against the personal environment
- * (via {@link diffEnvSpec}), and determines whether credentials are
+ * full resource, checks its `env` declarations against the personal
+ * environment (via {@link diffEnv}), and determines whether credentials are
  * needed. It also extracts discovered tools and approval policies for
  * the tool selector UI.
  *
@@ -198,7 +200,7 @@ function computeDefaultEnabledTools(
  * @param org - Organization slug. Pass `null` to disable.
  * @param poolKeys - Optional set of env-var keys already available
  *   from the session env pool (manual secrets, one-time env vars from
- *   other components). When provided, servers whose `env_spec` keys
+ *   other components). When provided, servers whose `env` keys
  *   are fully covered by `poolKeys` + personal env auto-resolve to
  *   `ready` without prompting. Reactive — when `poolKeys` changes,
  *   `needsSetup` entries are re-evaluated.
@@ -264,9 +266,9 @@ export function useMcpServerSetup(
         const discoveredTools =
           mcpServer.status?.discoveredCapabilities?.tools ?? [];
         const toolApprovals = mcpServer.spec?.pinnedToolApprovals ?? [];
-        const envSpecData = mcpServer.spec?.envSpec?.data;
+        const envDeclarations = mcpServer.spec?.env;
 
-        if (!envSpecData || Object.keys(envSpecData).length === 0) {
+        if (!envDeclarations || Object.keys(envDeclarations).length === 0) {
           dispatch({
             type: "RESOLVE_READY",
             key,
@@ -284,9 +286,29 @@ export function useMcpServerSetup(
         const existingKeys = new Set(
           Object.keys(personalEnv.environment?.spec?.data ?? {}),
         );
-        const missingVariables = diffEnvSpec(envSpecData, existingKeys, poolKeys);
 
-        if (missingVariables.length === 0) {
+        const auth = mcpServer.spec?.auth;
+        if (auth?.targetEnvVar && mcpServer.metadata?.id) {
+          try {
+            const grantStatus = await stigmer.mcpServer.getOAuthGrantStatus(
+              create(GetOAuthGrantStatusInputSchema, {
+                resourceId: mcpServer.metadata.id,
+                org,
+              }),
+            );
+            if (grantStatus.connected) {
+              existingKeys.add(auth.targetEnvVar);
+            }
+          } catch {
+            // Non-fatal: if grant status lookup fails, the OAuth var stays
+            // in missingVariables and the UI shows the sign-in button.
+          }
+        }
+
+        const allMissing = diffEnv(envDeclarations, existingKeys, poolKeys);
+        const requiredMissing = allMissing.filter((v) => !v.optional);
+
+        if (requiredMissing.length === 0) {
           dispatch({
             type: "RESOLVE_READY",
             key,
@@ -305,7 +327,7 @@ export function useMcpServerSetup(
           type: "RESOLVE_NEEDS_SETUP",
           key,
           mcpServer,
-          missingVariables,
+          missingVariables: requiredMissing,
           discoveredTools,
           toolApprovals,
         });
@@ -420,15 +442,16 @@ export function useMcpServerSetup(
     for (const [key, entry] of Object.entries(entriesRef.current)) {
       if (entry.status !== "needsSetup") continue;
 
-      const envSpecData = entry.mcpServer.spec?.envSpec?.data;
-      if (!envSpecData) continue;
+      const envDeclarations = entry.mcpServer.spec?.env;
+      if (!envDeclarations) continue;
 
-      const missingVariables = diffEnvSpec(envSpecData, personalKeys, poolKeys);
+      const allMissing = diffEnv(envDeclarations, personalKeys, poolKeys);
+      const requiredMissing = allMissing.filter((v) => !v.optional);
       const enabledTools = computeDefaultEnabledTools(
         entry.mcpServer,
         entry.discoveredTools,
       );
-      dispatch({ type: "POOL_RESOLVE", key, missingVariables, enabledTools });
+      dispatch({ type: "POOL_RESOLVE", key, missingVariables: requiredMissing, enabledTools });
     }
   }, [poolKeys, personalEnv.environment]);
 

package/src/mcp-server/useOAuthGrantStatus.ts

@@ -0,0 +1,125 @@
+"use client";
+
+import { useCallback, useEffect, useState } from "react";
+import { create } from "@bufbuild/protobuf";
+import { GetOAuthGrantStatusInputSchema } from "@stigmer/protos/ai/stigmer/agentic/mcpserver/v1/io_pb";
+import { useStigmer } from "../hooks";
+import { toError } from "../internal/toError";
+
+/** Return value of {@link useOAuthGrantStatus}. */
+export interface UseOAuthGrantStatusReturn {
+  /** Whether the user has an active OAuth grant for this resource + org. */
+  readonly connected: boolean;
+  /**
+   * When the access token expires (Unix timestamp seconds).
+   * `BigInt(0)` when no grant exists or the token does not expire.
+   */
+  readonly accessTokenExpiresAt: bigint;
+  /** The env var name managed by OAuth, or empty string when no grant exists. */
+  readonly targetEnvVar: string;
+  /** Auth method used (`"mcp_oauth"` or `"vendor_oauth"`), or empty string. */
+  readonly authMethod: string;
+  /** `true` while the grant status is being fetched. */
+  readonly isLoading: boolean;
+  /** Error from the last failed request, or `null` when healthy. */
+  readonly error: Error | null;
+  /** Discard cached data and re-fetch the grant status. */
+  readonly refetch: () => void;
+}
+
+const BIGINT_ZERO = BigInt(0);
+
+const IDLE: UseOAuthGrantStatusReturn = {
+  connected: false,
+  accessTokenExpiresAt: BIGINT_ZERO,
+  targetEnvVar: "",
+  authMethod: "",
+  isLoading: false,
+  error: null,
+  refetch: () => {},
+};
+
+/**
+ * Data hook that fetches the OAuth grant status for a single MCP server.
+ *
+ * Wraps `stigmer.mcpServer.getOAuthGrantStatus()` with loading, error,
+ * and idle state management. When `resourceId` or `org` changes, the
+ * previous in-flight request is discarded and a fresh fetch begins.
+ *
+ * Pass `null` for either parameter to skip fetching (stable no-op).
+ * This is useful when the MCP server resource has not loaded yet.
+ *
+ * @example
+ * ```tsx
+ * const grantStatus = useOAuthGrantStatus(mcpServer?.metadata?.id ?? null, org);
+ *
+ * if (grantStatus.isLoading) return <Spinner />;
+ * if (grantStatus.connected) return <span>Connected via OAuth</span>;
+ * return <button onClick={startOAuth}>Sign in</button>;
+ * ```
+ */
+export function useOAuthGrantStatus(
+  resourceId: string | null,
+  org: string | null,
+): UseOAuthGrantStatusReturn {
+  const stigmer = useStigmer();
+  const [connected, setConnected] = useState(false);
+  const [accessTokenExpiresAt, setAccessTokenExpiresAt] = useState(BIGINT_ZERO);
+  const [targetEnvVar, setTargetEnvVar] = useState("");
+  const [authMethod, setAuthMethod] = useState("");
+  const [isLoading, setIsLoading] = useState(false);
+  const [error, setError] = useState<Error | null>(null);
+  const [fetchKey, setFetchKey] = useState(0);
+
+  const refetch = useCallback(() => setFetchKey((k) => k + 1), []);
+
+  useEffect(() => {
+    if (!resourceId || !org) {
+      setConnected(false);
+      setAccessTokenExpiresAt(BIGINT_ZERO);
+      setTargetEnvVar("");
+      setAuthMethod("");
+      setIsLoading(false);
+      setError(null);
+      return;
+    }
+
+    const cancelled = { current: false };
+    setIsLoading(true);
+    setError(null);
+
+    stigmer.mcpServer
+      .getOAuthGrantStatus(create(GetOAuthGrantStatusInputSchema, { resourceId, org }))
+      .then(
+        (result) => {
+          if (cancelled.current) return;
+          setConnected(result.connected);
+          setAccessTokenExpiresAt(result.accessTokenExpiresAt);
+          setTargetEnvVar(result.targetEnvVar);
+          setAuthMethod(result.authMethod);
+          setIsLoading(false);
+        },
+        (err) => {
+          if (cancelled.current) return;
+          setError(toError(err));
+          setIsLoading(false);
+        },
+      );
+
+    return () => {
+      cancelled.current = true;
+    };
+  }, [resourceId, org, stigmer, fetchKey]);
+
+  if (!resourceId || !org) return { ...IDLE, refetch };
+
+  return {
+    connected,
+    accessTokenExpiresAt,
+    targetEnvVar,
+    authMethod,
+    isLoading,
+    error,
+    refetch,
+  };
+}

package/environment/diffEnvSpec.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"diffEnvSpec.d.ts","sourceRoot":"","sources":["../../src/environment/diffEnvSpec.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AAEvD;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,wBAAgB,WAAW,CACzB,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE;IAAE,QAAQ,EAAE,OAAO,CAAC;IAAC,WAAW,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,EACxE,YAAY,EAAE,GAAG,CAAC,MAAM,CAAC,EACzB,QAAQ,CAAC,EAAE,GAAG,CAAC,MAAM,CAAC,GACrB,kBAAkB,EAAE,CAetB"}

package/environment/diffEnvSpec.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"diffEnvSpec.js","sourceRoot":"","sources":["../../src/environment/diffEnvSpec.ts"],"names":[],"mappings":"AAEA;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,MAAM,UAAU,WAAW,CACzB,WAAwE,EACxE,YAAyB,EACzB,QAAsB;IAEtB,MAAM,OAAO,GAAyB,EAAE,CAAC;IAEzC,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,EAAE,CAAC;QACvD,IAAI,YAAY,CAAC,GAAG,CAAC,GAAG,CAAC;YAAE,SAAS;QACpC,IAAI,QAAQ,EAAE,GAAG,CAAC,GAAG,CAAC;YAAE,SAAS;QAEjC,OAAO,CAAC,IAAI,CAAC;YACX,GAAG;YACH,QAAQ,EAAE,KAAK,CAAC,QAAQ;YACxB,GAAG,CAAC,KAAK,CAAC,WAAW,IAAI,EAAE,WAAW,EAAE,KAAK,CAAC,WAAW,EAAE,CAAC;SAC7D,CAAC,CAAC;IACL,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC"}