@tunnelhub/mcp 1.0.0

package/CONTRIBUTING.md

@@ -0,0 +1,70 @@
+# Contributing
+
+Thanks for contributing to `@tunnelhub/mcp`.
+
+## Development setup
+
+```bash
+pnpm install
+pnpm typecheck
+pnpm build
+```
+
+For local development:
+
+```bash
+pnpm dev
+```
+
+## Before opening a PR
+
+Please run:
+
+```bash
+pnpm lint
+pnpm typecheck
+pnpm test
+pnpm build
+```
+
+Or run everything with:
+
+```bash
+pnpm check
+```
+
+## Contribution guidelines
+
+- Keep changes focused.
+- Follow existing project patterns.
+- Prefer improving MCP usability over exposing raw backend behavior.
+- Preserve REST-only integration. Do not add direct DynamoDB access.
+- Keep README user-facing and technical details in `docs/technical-overview.md`.
+
+## Reporting issues
+
+When reporting a bug, include:
+
+- MCP client used
+- operating system
+- Node.js version
+- steps to reproduce
+- expected behavior
+- actual behavior
+- relevant logs or tool outputs
+
+## Suggested PR format
+
+- short title
+- problem being solved
+- summary of changes
+- how it was tested
+
+## Release notes
+
+Package publication is validated with:
+
+```bash
+pnpm pack:check
+pnpm publish:dry-run
+```

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 TunnelHub
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,322 @@
+# TunnelHub MCP
+
+Conecte clientes MCP ao TunnelHub para investigar automações, execuções, logs e traces usando o mesmo fluxo de autenticação do frontend.
+
+Este MCP é especialmente útil para:
+
+- Acompanhar automações do TunnelHub
+- Localizar e resumir execuções
+- Imprimir logs e traces
+- Analisar falhas parciais e dependências externas
+- Trabalhar com ambientes da empresa atual
+
+## ✨ O que você pode fazer
+
+- Autenticar no TunnelHub pelo navegador
+- Listar ambientes disponíveis
+- Listar e inspecionar automações
+- Localizar execuções por intervalo de tempo
+- Resumir uma execução completa
+- Consultar logs e traces de uma execução
+- Ler informações básicas da empresa atual
+
+## 🚀 Comece em 2 minutos
+
+A forma principal de uso é via `npx`:
+
+```bash
+npx @tunnelhub/mcp
+```
+
+Se você estiver desenvolvendo localmente:
+
+```bash
+pnpm install
+pnpm build
+node dist/index.js
+```
+
+## ✅ Pré-requisitos
+
+Você vai precisar de:
+
+- Node.js 22+
+- Acesso a uma empresa do TunnelHub
+- Um cliente compatível com MCP via `stdio`
+
+Clientes recomendados:
+
+- OpenCode
+- Claude Desktop
+- Cursor
+- Outros clientes MCP compatíveis com `stdio`
+
+## ⚙️ Variáveis de ambiente
+
+Variáveis suportadas:
+
+- `OAUTH_CALLBACK_PORT` padrão `3333`
+- `TUNNELHUB_FRONTEND_URL` opcional
+- `TUNNELHUB_API_HOST` opcional; padrão `https://api.tunnelhub.io`
+
+Observações:
+
+- O login usa o fluxo do frontend do TunnelHub
+- Quando possível, o MCP reutiliza o domínio personalizado da empresa
+- A porta do callback OAuth prefere `3333` e procura outra livre se necessário
+
+## 🔌 Configuração oficial por cliente
+
+### OpenCode via CLI
+
+Depois da publicação, a forma recomendada será:
+
+```bash
+opencode mcp add tunnelhub -- npx @tunnelhub/mcp
+```
+
+Para desenvolvimento local:
+
+```bash
+opencode mcp add tunnelhub -- node /caminho/para/mcp/dist/index.js
+```
+
+Depois confirme:
+
+```bash
+opencode mcp list
+```
+
+### OpenCode via `opencode.json`
+
+Exemplo completo:
+
+```json
+{
+  "mcp": {
+    "tunnelhub": {
+      "type": "local",
+      "command": [
+        "npx",
+        "@tunnelhub/mcp"
+      ],
+      "enabled": true,
+      "environment": {
+        "OAUTH_CALLBACK_PORT": "3333"
+      }
+    }
+  }
+}
+```
+
+Exemplo usando build local:
+
+```json
+{
+  "mcp": {
+    "tunnelhub": {
+      "type": "local",
+      "command": [
+        "node",
+        "/caminho/para/mcp/dist/index.js"
+      ],
+      "enabled": true,
+      "environment": {
+        "OAUTH_CALLBACK_PORT": "3333"
+      }
+    }
+  }
+}
+```
+
+### Claude Desktop
+
+Exemplo de configuração no `claude_desktop_config.json`:
+
+```json
+{
+  "mcpServers": {
+    "tunnelhub": {
+      "command": "npx",
+      "args": ["@tunnelhub/mcp"],
+      "env": {
+        "OAUTH_CALLBACK_PORT": "3333"
+      }
+    }
+  }
+}
+```
+
+Exemplo usando build local:
+
+```json
+{
+  "mcpServers": {
+    "tunnelhub": {
+      "command": "node",
+      "args": ["/caminho/para/mcp/dist/index.js"],
+      "env": {
+        "OAUTH_CALLBACK_PORT": "3333"
+      }
+    }
+  }
+}
+```
+
+### Cursor
+
+Use o mesmo comando `stdio` do cliente MCP:
+
+```json
+{
+  "mcpServers": {
+    "tunnelhub": {
+      "command": "npx",
+      "args": ["@tunnelhub/mcp"],
+      "env": {
+        "OAUTH_CALLBACK_PORT": "3333"
+      }
+    }
+  }
+}
+```
+
+Exemplo usando build local:
+
+```json
+{
+  "mcpServers": {
+    "tunnelhub": {
+      "command": "node",
+      "args": ["/caminho/para/mcp/dist/index.js"],
+      "env": {
+        "OAUTH_CALLBACK_PORT": "3333"
+      }
+    }
+  }
+}
+```
+
+### Outros clientes MCP compatíveis com `stdio`
+
+Se o cliente aceitar um comando local, use:
+
+```bash
+npx @tunnelhub/mcp
+```
+
+Ou, em desenvolvimento:
+
+```bash
+node /caminho/para/mcp/dist/index.js
+```
+
+## 🔐 Como funciona o login
+
+No primeiro uso, chame a ferramenta de login do MCP.
+
+Fluxo esperado:
+
+1. O cliente chama `login_tunnelhub`
+2. O MCP abre o navegador local
+3. Você faz login no TunnelHub
+4. A sessão fica salva localmente
+5. As próximas ferramentas passam a usar a empresa e o ambiente ativos
+
+Ferramentas básicas de sessão:
+
+- `login_tunnelhub`
+- `current_session_tunnelhub`
+- `list_sessions_tunnelhub`
+- `list_environments_tunnelhub`
+- `switch_environment_tunnelhub`
+- `logout_tunnelhub`
+
+## 💬 Exemplos de perguntas
+
+Você pode pedir coisas como:
+
+- `Qual sessão está ativa?`
+- `Liste os ambientes disponíveis`
+- `Liste as automações ativas`
+- `Ache a execução 9b696080439f no dia 2026-03-13`
+- `Resuma a execução 019ce7f3-2707-740c-8692-9b696080439f`
+- `Me mostre os traces com ERROR dessa execução`
+- `Me mostre os logs dessa execução`
+- `Essa execução teve sucesso degradado?`
+- `Quais dependências externas falharam nessa execução?`
+- `Só usando o MCP, me diga o que precisa ser corrigido nessa automação`
+
+## 🧰 Principais ferramentas disponíveis
+
+### Sessão
+
+- `login_tunnelhub`
+- `current_session_tunnelhub`
+- `list_sessions_tunnelhub`
+- `list_environments_tunnelhub`
+- `switch_environment_tunnelhub`
+- `logout_tunnelhub`
+
+### Empresas
+
+- `list_tenants_tunnelhub`
+- `get_tenant_tunnelhub`
+
+### Automações
+
+- `list_automations_tunnelhub`
+- `get_automation_tunnelhub`
+- `list_automation_deploys_tunnelhub`
+- `get_automation_action_logs_tunnelhub`
+- `execute_automation_tunnelhub`
+
+### Monitoramento
+
+- `list_automation_executions_tunnelhub`
+- `find_execution_tunnelhub`
+- `get_execution_tunnelhub`
+- `summarize_execution_tunnelhub`
+- `get_execution_traces_tunnelhub`
+- `get_execution_logs_tunnelhub`
+
+## 🧭 Dicas de uso
+
+- Ao procurar uma execução, informe sempre a data ou um intervalo de tempo
+- Quando já souber `automationId`, `executionId` e `executionPeriod`, use direto as ferramentas de detalhe
+- Para diagnóstico rápido, prefira `summarize_execution_tunnelhub`
+- Para investigação detalhada, consulte traces e logs em seguida
+
+## ⚠️ Limitações atuais
+
+- O foco atual está em automações e monitoramento
+- Algumas APIs do backend têm comportamentos específicos de filtro e paginação
+- A listagem de execuções depende de intervalo de tempo obrigatório
+
+## 🛠️ Desenvolvimento local
+
+Comandos úteis:
+
+```bash
+pnpm install
+pnpm typecheck
+pnpm build
+pnpm dev
+```
+
+## 🤝 Contribuições
+
+Feedback, sugestões e contribuições são bem-vindos.
+
+Se você estiver evoluindo o MCP internamente, vale sempre validar:
+
+- Experiência de uso no cliente MCP
+- Clareza das respostas textuais
+- Consistência dos filtros
+- Qualidade dos exemplos do README
+
+## 📚 Documentação técnica
+
+Detalhes técnicos, arquitetura e comportamento interno estão documentados em inglês:
+
+- `docs/technical-overview.md`

package/dist/auth/browser-auth.d.ts

@@ -0,0 +1,16 @@
+export interface BrowserAuthTokens {
+    idToken: string;
+    accessToken: string;
+    refreshToken: string;
+    expiresIn: number;
+}
+export declare class BrowserAuthFlow {
+    private port;
+    private readonly server;
+    private readonly sessionId;
+    constructor(port?: number);
+    authenticate(frontendUrl: string, tenantId?: string): Promise<BrowserAuthTokens>;
+    private resolveCallbackPort;
+    private isPortFree;
+}
+//# sourceMappingURL=browser-auth.d.ts.map

package/dist/auth/browser-auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"browser-auth.d.ts","sourceRoot":"","sources":["../../src/auth/browser-auth.ts"],"names":[],"mappings":"AAMA,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC;IACpB,YAAY,EAAE,MAAM,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,qBAAa,eAAe;IAC1B,OAAO,CAAC,IAAI,CAAS;IAErB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAkB;IAEzC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAS;gBAEvB,IAAI,SAAkD;IAqB5D,YAAY,CAAC,WAAW,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,CAAC;YA6GxE,mBAAmB;YAenB,UAAU;CAezB"}

package/dist/auth/browser-auth.js

@@ -0,0 +1,144 @@
+import express from 'express';
+import { v4 as uuidv4 } from 'uuid';
+import open from 'open';
+import net from 'node:net';
+export class BrowserAuthFlow {
+    port;
+    server;
+    sessionId;
+    constructor(port = Number(process.env.OAUTH_CALLBACK_PORT || 3333)) {
+        this.port = port;
+        this.sessionId = uuidv4();
+        this.server = express();
+        this.server.use((req, res, next) => {
+            res.header('Access-Control-Allow-Origin', '*');
+            res.header('Access-Control-Allow-Methods', 'GET, POST, OPTIONS');
+            res.header('Access-Control-Allow-Headers', 'Origin, X-Requested-With, Content-Type, Accept');
+            if (req.method === 'OPTIONS') {
+                res.sendStatus(200);
+                return;
+            }
+            next();
+        });
+        this.server.use(express.json());
+    }
+    async authenticate(frontendUrl, tenantId) {
+        this.port = await this.resolveCallbackPort(this.port);
+        return new Promise((resolve, reject) => {
+            const cleanup = () => {
+                if (timeoutHandle) {
+                    clearTimeout(timeoutHandle);
+                }
+                if (httpServer) {
+                    httpServer.close();
+                }
+            };
+            this.server.post('/auth/callback', (req, res) => {
+                const { idToken, accessToken, refreshToken, expiresIn } = req.body;
+                if (!idToken || !accessToken || !refreshToken || !expiresIn) {
+                    res.status(400).json({ success: false, message: 'Tokens not received' });
+                    cleanup();
+                    reject(new Error('Tokens not received from frontend auth flow.'));
+                    return;
+                }
+                res.json({ success: true });
+                setTimeout(() => {
+                    cleanup();
+                    resolve({
+                        idToken,
+                        accessToken,
+                        refreshToken,
+                        expiresIn: Number(expiresIn),
+                    });
+                }, 500);
+            });
+            this.server.get('/', (_req, res) => {
+                const redirectUri = `http://localhost:${this.port}/auth/callback`;
+                const authCliUrl = new URL(`${frontendUrl.replace(/\/$/, '')}/#/auth-cli`);
+                const searchParams = new URLSearchParams({
+                    sessionId: this.sessionId,
+                    redirect_uri: redirectUri,
+                });
+                if (tenantId) {
+                    searchParams.set('tenantId', tenantId);
+                }
+                res.send(`<!DOCTYPE html>
+<html>
+  <head>
+    <title>TunnelHub MCP Authentication</title>
+    <style>
+      body { font-family: Arial, sans-serif; text-align: center; padding: 40px; }
+      .container { max-width: 600px; margin: 0 auto; }
+      .spinner { border: 4px solid rgba(0, 0, 0, 0.1); width: 36px; height: 36px; border-radius: 50%; border-left-color: #09f; animation: spin 1s linear infinite; margin: 20px auto; }
+      @keyframes spin { 0% { transform: rotate(0deg); } 100% { transform: rotate(360deg); } }
+    </style>
+  </head>
+  <body>
+    <div class="container">
+      <h1>TunnelHub MCP Authentication</h1>
+      <p>You will be redirected to the TunnelHub login page.</p>
+      <div class="spinner"></div>
+      <p>Redirecting...</p>
+    </div>
+    <script>
+      setTimeout(() => {
+        window.location.href = ${JSON.stringify(`${authCliUrl.toString()}?${searchParams.toString()}`)};
+      }, 1200);
+    </script>
+  </body>
+</html>`);
+            });
+            this.server.get('/status', (_req, res) => {
+                res.json({ status: 'running', sessionId: this.sessionId });
+            });
+            const timeoutHandle = setTimeout(() => {
+                cleanup();
+                reject(new Error('Authentication timed out after 5 minutes.'));
+            }, 5 * 60 * 1000);
+            const httpServer = this.server.listen(this.port, async () => {
+                const localUrl = `http://localhost:${this.port}`;
+                console.log('\nStarting TunnelHub MCP authentication...');
+                console.log(`If browser does not open, visit:\n${localUrl}\n`);
+                try {
+                    await open(localUrl);
+                }
+                catch (error) {
+                    console.error('Failed to open browser automatically:', error);
+                }
+            });
+            httpServer.on('error', (error) => {
+                cleanup();
+                if (error.code === 'EADDRINUSE') {
+                    reject(new Error(`OAuth callback port ${this.port} already in use.`));
+                    return;
+                }
+                reject(error);
+            });
+        });
+    }
+    async resolveCallbackPort(preferredPort) {
+        if (await this.isPortFree(preferredPort)) {
+            return preferredPort;
+        }
+        for (let port = preferredPort + 1; port <= preferredPort + 20; port += 1) {
+            if (await this.isPortFree(port)) {
+                console.log(`OAuth callback port ${preferredPort} busy. Using ${port}.`);
+                return port;
+            }
+        }
+        throw new Error(`No free OAuth callback port found from ${preferredPort} to ${preferredPort + 20}.`);
+    }
+    async isPortFree(port) {
+        return new Promise((resolve) => {
+            const tester = net.createServer();
+            tester.once('error', () => {
+                resolve(false);
+            });
+            tester.once('listening', () => {
+                tester.close(() => resolve(true));
+            });
+            tester.listen(port, '127.0.0.1');
+        });
+    }
+}
+//# sourceMappingURL=browser-auth.js.map

package/dist/auth/browser-auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"browser-auth.js","sourceRoot":"","sources":["../../src/auth/browser-auth.ts"],"names":[],"mappings":"AAAA,OAAO,OAAO,MAAM,SAAS,CAAC;AAC9B,OAAO,EAAE,EAAE,IAAI,MAAM,EAAE,MAAM,MAAM,CAAC;AACpC,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,GAAG,MAAM,UAAU,CAAC;AAU3B,MAAM,OAAO,eAAe;IAClB,IAAI,CAAS;IAEJ,MAAM,CAAkB;IAExB,SAAS,CAAS;IAEnC,YAAY,IAAI,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,IAAI,CAAC;QAChE,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;QACjB,IAAI,CAAC,SAAS,GAAG,MAAM,EAAE,CAAC;QAC1B,IAAI,CAAC,MAAM,GAAG,OAAO,EAAE,CAAC;QAExB,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;YACjC,GAAG,CAAC,MAAM,CAAC,6BAA6B,EAAE,GAAG,CAAC,CAAC;YAC/C,GAAG,CAAC,MAAM,CAAC,8BAA8B,EAAE,oBAAoB,CAAC,CAAC;YACjE,GAAG,CAAC,MAAM,CAAC,8BAA8B,EAAE,gDAAgD,CAAC,CAAC;YAE7F,IAAI,GAAG,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;gBAC7B,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;gBACpB,OAAO;YACT,CAAC;YAED,IAAI,EAAE,CAAC;QACT,CAAC,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;IAClC,CAAC;IAED,KAAK,CAAC,YAAY,CAAC,WAAmB,EAAE,QAAiB;QACvD,IAAI,CAAC,IAAI,GAAG,MAAM,IAAI,CAAC,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAEtD,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,OAAO,GAAG,GAAS,EAAE;gBACzB,IAAI,aAAa,EAAE,CAAC;oBAClB,YAAY,CAAC,aAAa,CAAC,CAAC;gBAC9B,CAAC;gBAED,IAAI,UAAU,EAAE,CAAC;oBACf,UAAU,CAAC,KAAK,EAAE,CAAC;gBACrB,CAAC;YACH,CAAC,CAAC;YAEF,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,gBAAgB,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;gBAC9C,MAAM,EAAE,OAAO,EAAE,WAAW,EAAE,YAAY,EAAE,SAAS,EAAE,GAAG,GAAG,CAAC,IAAkC,CAAC;gBAEjG,IAAI,CAAC,OAAO,IAAI,CAAC,WAAW,IAAI,CAAC,YAAY,IAAI,CAAC,SAAS,EAAE,CAAC;oBAC5D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,qBAAqB,EAAE,CAAC,CAAC;oBACzE,OAAO,EAAE,CAAC;oBACV,MAAM,CAAC,IAAI,KAAK,CAAC,8CAA8C,CAAC,CAAC,CAAC;oBAClE,OAAO;gBACT,CAAC;gBAED,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;gBAE5B,UAAU,CAAC,GAAG,EAAE;oBACd,OAAO,EAAE,CAAC;oBACV,OAAO,CAAC;wBACN,OAAO;wBACP,WAAW;wBACX,YAAY;wBACZ,SAAS,EAAE,MAAM,CAAC,SAAS,CAAC;qBAC7B,CAAC,CAAC;gBACL,CAAC,EAAE,GAAG,CAAC,CAAC;YACV,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;gBACjC,MAAM,WAAW,GAAG,oBAAoB,IAAI,CAAC,IAAI,gBAAgB,CAAC;gBAClE,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,GAAG,WAAW,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,aAAa,CAAC,CAAC;gBAC3E,MAAM,YAAY,GAAG,IAAI,eAAe,CAAC;oBACvC,SAAS,EAAE,IAAI,CAAC,SAAS;oBACzB,YAAY,EAAE,WAAW;iBAC1B,CAAC,CAAC;gBAEH,IAAI,QAAQ,EAAE,CAAC;oBACb,YAAY,CAAC,GAAG,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;gBACzC,CAAC;gBAED,GAAG,CAAC,IAAI,CAAC;;;;;;;;;;;;;;;;;;;;iCAoBgB,IAAI,CAAC,SAAS,CAAC,GAAG,UAAU,CAAC,QAAQ,EAAE,IAAI,YAAY,CAAC,QAAQ,EAAE,EAAE,CAAC;;;;QAI9F,CAAC,CAAC;YACJ,CAAC,CAAC,CAAC;YAEH,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;gBACvC,GAAG,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC;YAC7D,CAAC,CAAC,CAAC;YAEH,MAAM,aAAa,GAAG,UAAU,CAAC,GAAG,EAAE;gBACpC,OAAO,EAAE,CAAC;gBACV,MAAM,CAAC,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC,CAAC;YACjE,CAAC,EAAE,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;YAElB,MAAM,UAAU,GAAW,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,IAAI,EAAE;gBAClE,MAAM,QAAQ,GAAG,oBAAoB,IAAI,CAAC,IAAI,EAAE,CAAC;gBACjD,OAAO,CAAC,GAAG,CAAC,4CAA4C,CAAC,CAAC;gBAC1D,OAAO,CAAC,GAAG,CAAC,qCAAqC,QAAQ,IAAI,CAAC,CAAC;gBAE/D,IAAI,CAAC;oBACH,MAAM,IAAI,CAAC,QAAQ,CAAC,CAAC;gBACvB,CAAC;gBAAC,OAAO,KAAK,EAAE,CAAC;oBACf,OAAO,CAAC,KAAK,CAAC,uCAAuC,EAAE,KAAK,CAAC,CAAC;gBAChE,CAAC;YACH,CAAC,CAAC,CAAC;YAEH,UAAU,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,KAA4B,EAAE,EAAE;gBACtD,OAAO,EAAE,CAAC;gBACV,IAAI,KAAK,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;oBAChC,MAAM,CAAC,IAAI,KAAK,CAAC,uBAAuB,IAAI,CAAC,IAAI,kBAAkB,CAAC,CAAC,CAAC;oBACtE,OAAO;gBACT,CAAC;gBAED,MAAM,CAAC,KAAK,CAAC,CAAC;YAChB,CAAC,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,KAAK,CAAC,mBAAmB,CAAC,aAAqB;QACrD,IAAI,MAAM,IAAI,CAAC,UAAU,CAAC,aAAa,CAAC,EAAE,CAAC;YACzC,OAAO,aAAa,CAAC;QACvB,CAAC;QAED,KAAK,IAAI,IAAI,GAAG,aAAa,GAAG,CAAC,EAAE,IAAI,IAAI,aAAa,GAAG,EAAE,EAAE,IAAI,IAAI,CAAC,EAAE,CAAC;YACzE,IAAI,MAAM,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC;gBAChC,OAAO,CAAC,GAAG,CAAC,uBAAuB,aAAa,gBAAgB,IAAI,GAAG,CAAC,CAAC;gBACzE,OAAO,IAAI,CAAC;YACd,CAAC;QACH,CAAC;QAED,MAAM,IAAI,KAAK,CAAC,0CAA0C,aAAa,OAAO,aAAa,GAAG,EAAE,GAAG,CAAC,CAAC;IACvG,CAAC;IAEO,KAAK,CAAC,UAAU,CAAC,IAAY;QACnC,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,EAAE;YAC7B,MAAM,MAAM,GAAG,GAAG,CAAC,YAAY,EAAE,CAAC;YAElC,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,GAAG,EAAE;gBACxB,OAAO,CAAC,KAAK,CAAC,CAAC;YACjB,CAAC,CAAC,CAAC;YAEH,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,GAAG,EAAE;gBAC5B,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;YACpC,CAAC,CAAC,CAAC;YAEH,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;QACnC,CAAC,CAAC,CAAC;IACL,CAAC;CACF"}

package/dist/auth/cognito-client.d.ts

@@ -0,0 +1,14 @@
+import type { BrowserAuthTokens } from './browser-auth.js';
+export declare class CognitoClient {
+    private client;
+    constructor();
+    /**
+     * Refresh tokens using refresh token
+     */
+    refreshTokens(clientId: string, refreshToken: string): Promise<BrowserAuthTokens>;
+    /**
+     * Initiate password auth (for future use if needed)
+     */
+    authenticateWithPassword(clientId: string, username: string, password: string): Promise<BrowserAuthTokens>;
+}
+//# sourceMappingURL=cognito-client.d.ts.map

package/dist/auth/cognito-client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"cognito-client.d.ts","sourceRoot":"","sources":["../../src/auth/cognito-client.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAE3D,qBAAa,aAAa;IACxB,OAAO,CAAC,MAAM,CAAgC;;IAQ9C;;OAEG;IACG,aAAa,CAAC,QAAQ,EAAE,MAAM,EAAE,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,iBAAiB,CAAC;IA6BvF;;OAEG;IACG,wBAAwB,CAC5B,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,iBAAiB,CAAC;CA6B9B"}

package/dist/auth/cognito-client.js

@@ -0,0 +1,69 @@
+import { CognitoIdentityProviderClient, InitiateAuthCommand, } from '@aws-sdk/client-cognito-identity-provider';
+export class CognitoClient {
+    client;
+    constructor() {
+        this.client = new CognitoIdentityProviderClient({
+            region: 'us-east-1'
+        });
+    }
+    /**
+     * Refresh tokens using refresh token
+     */
+    async refreshTokens(clientId, refreshToken) {
+        const input = {
+            AuthFlow: 'REFRESH_TOKEN_AUTH',
+            ClientId: clientId,
+            AuthParameters: {
+                REFRESH_TOKEN: refreshToken,
+            },
+        };
+        try {
+            const command = new InitiateAuthCommand(input);
+            const response = await this.client.send(command);
+            if (!response.AuthenticationResult) {
+                throw new Error('No authentication result received');
+            }
+            return {
+                idToken: response.AuthenticationResult.IdToken,
+                accessToken: response.AuthenticationResult.AccessToken,
+                refreshToken: refreshToken, // Refresh token doesn't change
+                expiresIn: response.AuthenticationResult.ExpiresIn,
+            };
+        }
+        catch (error) {
+            console.error('Failed to refresh tokens:', error);
+            throw error;
+        }
+    }
+    /**
+     * Initiate password auth (for future use if needed)
+     */
+    async authenticateWithPassword(clientId, username, password) {
+        const input = {
+            AuthFlow: 'USER_PASSWORD_AUTH',
+            ClientId: clientId,
+            AuthParameters: {
+                USERNAME: username,
+                PASSWORD: password,
+            },
+        };
+        try {
+            const command = new InitiateAuthCommand(input);
+            const response = await this.client.send(command);
+            if (!response.AuthenticationResult) {
+                throw new Error('No authentication result received');
+            }
+            return {
+                idToken: response.AuthenticationResult.IdToken,
+                accessToken: response.AuthenticationResult.AccessToken,
+                refreshToken: response.AuthenticationResult.RefreshToken,
+                expiresIn: response.AuthenticationResult.ExpiresIn,
+            };
+        }
+        catch (error) {
+            console.error('Failed to authenticate:', error);
+            throw error;
+        }
+    }
+}
+//# sourceMappingURL=cognito-client.js.map

package/dist/auth/cognito-client.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"cognito-client.js","sourceRoot":"","sources":["../../src/auth/cognito-client.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,6BAA6B,EAC7B,mBAAmB,GAEpB,MAAM,2CAA2C,CAAC;AAGnD,MAAM,OAAO,aAAa;IAChB,MAAM,CAAgC;IAE9C;QACE,IAAI,CAAC,MAAM,GAAG,IAAI,6BAA6B,CAAC;YAC9C,MAAM,EAAE,WAAW;SACpB,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,aAAa,CAAC,QAAgB,EAAE,YAAoB;QACxD,MAAM,KAAK,GAA6B;YACtC,QAAQ,EAAE,oBAAoB;YAC9B,QAAQ,EAAE,QAAQ;YAClB,cAAc,EAAE;gBACd,aAAa,EAAE,YAAY;aAC5B;SACF,CAAC;QAEF,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,IAAI,mBAAmB,CAAC,KAAK,CAAC,CAAC;YAC/C,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAEjD,IAAI,CAAC,QAAQ,CAAC,oBAAoB,EAAE,CAAC;gBACnC,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;YACvD,CAAC;YAED,OAAO;gBACL,OAAO,EAAE,QAAQ,CAAC,oBAAoB,CAAC,OAAQ;gBAC/C,WAAW,EAAE,QAAQ,CAAC,oBAAoB,CAAC,WAAY;gBACvD,YAAY,EAAE,YAAY,EAAE,+BAA+B;gBAC3D,SAAS,EAAE,QAAQ,CAAC,oBAAoB,CAAC,SAAU;aACpD,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,2BAA2B,EAAE,KAAK,CAAC,CAAC;YAClD,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,wBAAwB,CAC5B,QAAgB,EAChB,QAAgB,EAChB,QAAgB;QAEhB,MAAM,KAAK,GAA6B;YACtC,QAAQ,EAAE,oBAAoB;YAC9B,QAAQ,EAAE,QAAQ;YAClB,cAAc,EAAE;gBACd,QAAQ,EAAE,QAAQ;gBAClB,QAAQ,EAAE,QAAQ;aACnB;SACF,CAAC;QAEF,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,IAAI,mBAAmB,CAAC,KAAK,CAAC,CAAC;YAC/C,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;YAEjD,IAAI,CAAC,QAAQ,CAAC,oBAAoB,EAAE,CAAC;gBACnC,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;YACvD,CAAC;YAED,OAAO;gBACL,OAAO,EAAE,QAAQ,CAAC,oBAAoB,CAAC,OAAQ;gBAC/C,WAAW,EAAE,QAAQ,CAAC,oBAAoB,CAAC,WAAY;gBACvD,YAAY,EAAE,QAAQ,CAAC,oBAAoB,CAAC,YAAa;gBACzD,SAAS,EAAE,QAAQ,CAAC,oBAAoB,CAAC,SAAU;aACpD,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CAAC,yBAAyB,EAAE,KAAK,CAAC,CAAC;YAChD,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;CACF"}