@ulinkly/mcp-server 0.1.4 → 0.1.6

package/dist/auth/__tests__/api-key.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/auth/__tests__/api-key.test.js

@@ -0,0 +1,15 @@
+import { describe, it, expect, beforeEach } from "vitest";
+import { getApiKey } from "../api-key.js";
+describe("getApiKey", () => {
+    beforeEach(() => {
+        delete process.env.ULINK_API_KEY;
+    });
+    it("returns the ULINK_API_KEY env var when set", () => {
+        process.env.ULINK_API_KEY = "test-key-123";
+        expect(getApiKey()).toBe("test-key-123");
+    });
+    it("returns undefined when ULINK_API_KEY is not set", () => {
+        expect(getApiKey()).toBeUndefined();
+    });
+});
+//# sourceMappingURL=api-key.test.js.map

package/dist/auth/__tests__/api-key.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"api-key.test.js","sourceRoot":"","sources":["../../../src/auth/__tests__/api-key.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAM,UAAU,EAAE,MAAM,QAAQ,CAAC;AAC9D,OAAO,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAE1C,QAAQ,CAAC,WAAW,EAAE,GAAG,EAAE;IACzB,UAAU,CAAC,GAAG,EAAE;QACd,OAAO,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC;IACnC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4CAA4C,EAAE,GAAG,EAAE;QACpD,OAAO,CAAC,GAAG,CAAC,aAAa,GAAG,cAAc,CAAC;QAC3C,MAAM,CAAC,SAAS,EAAE,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;IAC3C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iDAAiD,EAAE,GAAG,EAAE;QACzD,MAAM,CAAC,SAAS,EAAE,CAAC,CAAC,aAAa,EAAE,CAAC;IACtC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/auth/__tests__/oauth.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/auth/__tests__/oauth.test.js

@@ -0,0 +1,105 @@
+import { describe, it, expect, vi, beforeEach } from "vitest";
+describe("refreshAccessToken", () => {
+    const mockFetch = vi.fn();
+    beforeEach(() => {
+        vi.stubGlobal("fetch", mockFetch);
+        delete process.env.ULINK_SUPABASE_URL;
+        delete process.env.ULINK_SUPABASE_ANON_KEY;
+    });
+    // Dynamic import to get fresh module state
+    async function getRefreshAccessToken() {
+        const mod = await import("../oauth.js");
+        return mod.refreshAccessToken;
+    }
+    it("sends refresh token request and returns new tokens", async () => {
+        const refreshAccessToken = await getRefreshAccessToken();
+        mockFetch.mockResolvedValue({
+            ok: true,
+            json: async () => ({
+                access_token: "new-access",
+                refresh_token: "new-refresh",
+                expires_in: 3600,
+            }),
+        });
+        const now = Date.now();
+        const result = await refreshAccessToken("old-refresh-token");
+        expect(mockFetch).toHaveBeenCalledWith(expect.stringContaining("/auth/v1/token?grant_type=refresh_token"), expect.objectContaining({
+            method: "POST",
+            headers: expect.objectContaining({
+                "Content-Type": "application/json",
+                apikey: expect.any(String),
+            }),
+            body: JSON.stringify({ refresh_token: "old-refresh-token" }),
+        }));
+        expect(result.accessToken).toBe("new-access");
+        expect(result.refreshToken).toBe("new-refresh");
+        expect(result.expiresAt).toBeGreaterThanOrEqual(now + 3600 * 1000 - 100);
+    });
+    it("uses custom SUPABASE_URL when env is set", async () => {
+        process.env.ULINK_SUPABASE_URL = "https://custom.supabase.co";
+        // Must re-import to pick up env change at module level
+        vi.resetModules();
+        const mod = await import("../oauth.js");
+        mockFetch.mockResolvedValue({
+            ok: true,
+            json: async () => ({
+                access_token: "a",
+                refresh_token: "r",
+                expires_in: 60,
+            }),
+        });
+        await mod.refreshAccessToken("rt");
+        expect(mockFetch).toHaveBeenCalledWith("https://custom.supabase.co/auth/v1/token?grant_type=refresh_token", expect.any(Object));
+    });
+    it("uses custom anon key when env is set", async () => {
+        process.env.ULINK_SUPABASE_ANON_KEY = "custom-anon-key";
+        vi.resetModules();
+        const mod = await import("../oauth.js");
+        mockFetch.mockResolvedValue({
+            ok: true,
+            json: async () => ({
+                access_token: "a",
+                refresh_token: "r",
+                expires_in: 60,
+            }),
+        });
+        await mod.refreshAccessToken("rt");
+        expect(mockFetch).toHaveBeenCalledWith(expect.any(String), expect.objectContaining({
+            headers: expect.objectContaining({
+                apikey: "custom-anon-key",
+            }),
+        }));
+    });
+    it("throws on non-ok response", async () => {
+        const refreshAccessToken = await getRefreshAccessToken();
+        mockFetch.mockResolvedValue({
+            ok: false,
+            status: 401,
+            text: async () => "Unauthorized",
+        });
+        await expect(refreshAccessToken("bad-token")).rejects.toThrow("Token refresh failed (401): Unauthorized");
+    });
+    it("throws with status code in error message", async () => {
+        const refreshAccessToken = await getRefreshAccessToken();
+        mockFetch.mockResolvedValue({
+            ok: false,
+            status: 500,
+            text: async () => "Internal Server Error",
+        });
+        await expect(refreshAccessToken("rt")).rejects.toThrow("500");
+    });
+    it("uses default supabase URL when env not set", async () => {
+        const refreshAccessToken = await getRefreshAccessToken();
+        mockFetch.mockResolvedValue({
+            ok: true,
+            json: async () => ({
+                access_token: "a",
+                refresh_token: "r",
+                expires_in: 60,
+            }),
+        });
+        await refreshAccessToken("rt");
+        expect(mockFetch).toHaveBeenCalledWith(expect.stringContaining("cjgihassfsspxivjtgoi.supabase.co"), expect.any(Object));
+    });
+});
+//# sourceMappingURL=oauth.test.js.map

package/dist/auth/__tests__/oauth.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth.test.js","sourceRoot":"","sources":["../../../src/auth/__tests__/oauth.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAE9D,QAAQ,CAAC,oBAAoB,EAAE,GAAG,EAAE;IAClC,MAAM,SAAS,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;IAE1B,UAAU,CAAC,GAAG,EAAE;QACd,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;QAClC,OAAO,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC;QACtC,OAAO,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC;IAC7C,CAAC,CAAC,CAAC;IAEH,2CAA2C;IAC3C,KAAK,UAAU,qBAAqB;QAClC,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;QACxC,OAAO,GAAG,CAAC,kBAAkB,CAAC;IAChC,CAAC;IAED,EAAE,CAAC,oDAAoD,EAAE,KAAK,IAAI,EAAE;QAClE,MAAM,kBAAkB,GAAG,MAAM,qBAAqB,EAAE,CAAC;QAEzD,SAAS,CAAC,iBAAiB,CAAC;YAC1B,EAAE,EAAE,IAAI;YACR,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC;gBACjB,YAAY,EAAE,YAAY;gBAC1B,aAAa,EAAE,aAAa;gBAC5B,UAAU,EAAE,IAAI;aACjB,CAAC;SACH,CAAC,CAAC;QAEH,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,MAAM,GAAG,MAAM,kBAAkB,CAAC,mBAAmB,CAAC,CAAC;QAE7D,MAAM,CAAC,SAAS,CAAC,CAAC,oBAAoB,CACpC,MAAM,CAAC,gBAAgB,CAAC,yCAAyC,CAAC,EAClE,MAAM,CAAC,gBAAgB,CAAC;YACtB,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,MAAM,CAAC,gBAAgB,CAAC;gBAC/B,cAAc,EAAE,kBAAkB;gBAClC,MAAM,EAAE,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC;aAC3B,CAAC;YACF,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,aAAa,EAAE,mBAAmB,EAAE,CAAC;SAC7D,CAAC,CACH,CAAC;QAEF,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAC9C,MAAM,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QAChD,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,sBAAsB,CAAC,GAAG,GAAG,IAAI,GAAG,IAAI,GAAG,GAAG,CAAC,CAAC;IAC3E,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0CAA0C,EAAE,KAAK,IAAI,EAAE;QACxD,OAAO,CAAC,GAAG,CAAC,kBAAkB,GAAG,4BAA4B,CAAC;QAC9D,uDAAuD;QACvD,EAAE,CAAC,YAAY,EAAE,CAAC;QAClB,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;QAExC,SAAS,CAAC,iBAAiB,CAAC;YAC1B,EAAE,EAAE,IAAI;YACR,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC;gBACjB,YAAY,EAAE,GAAG;gBACjB,aAAa,EAAE,GAAG;gBAClB,UAAU,EAAE,EAAE;aACf,CAAC;SACH,CAAC,CAAC;QAEH,MAAM,GAAG,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC;QAEnC,MAAM,CAAC,SAAS,CAAC,CAAC,oBAAoB,CACpC,mEAAmE,EACnE,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CACnB,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sCAAsC,EAAE,KAAK,IAAI,EAAE;QACpD,OAAO,CAAC,GAAG,CAAC,uBAAuB,GAAG,iBAAiB,CAAC;QACxD,EAAE,CAAC,YAAY,EAAE,CAAC;QAClB,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAC;QAExC,SAAS,CAAC,iBAAiB,CAAC;YAC1B,EAAE,EAAE,IAAI;YACR,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC;gBACjB,YAAY,EAAE,GAAG;gBACjB,aAAa,EAAE,GAAG;gBAClB,UAAU,EAAE,EAAE;aACf,CAAC;SACH,CAAC,CAAC;QAEH,MAAM,GAAG,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC;QAEnC,MAAM,CAAC,SAAS,CAAC,CAAC,oBAAoB,CACpC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,EAClB,MAAM,CAAC,gBAAgB,CAAC;YACtB,OAAO,EAAE,MAAM,CAAC,gBAAgB,CAAC;gBAC/B,MAAM,EAAE,iBAAiB;aAC1B,CAAC;SACH,CAAC,CACH,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2BAA2B,EAAE,KAAK,IAAI,EAAE;QACzC,MAAM,kBAAkB,GAAG,MAAM,qBAAqB,EAAE,CAAC;QAEzD,SAAS,CAAC,iBAAiB,CAAC;YAC1B,EAAE,EAAE,KAAK;YACT,MAAM,EAAE,GAAG;YACX,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC,cAAc;SACjC,CAAC,CAAC;QAEH,MAAM,MAAM,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAC3D,0CAA0C,CAC3C,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0CAA0C,EAAE,KAAK,IAAI,EAAE;QACxD,MAAM,kBAAkB,GAAG,MAAM,qBAAqB,EAAE,CAAC;QAEzD,SAAS,CAAC,iBAAiB,CAAC;YAC1B,EAAE,EAAE,KAAK;YACT,MAAM,EAAE,GAAG;YACX,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC,uBAAuB;SAC1C,CAAC,CAAC;QAEH,MAAM,MAAM,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IAChE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4CAA4C,EAAE,KAAK,IAAI,EAAE;QAC1D,MAAM,kBAAkB,GAAG,MAAM,qBAAqB,EAAE,CAAC;QAEzD,SAAS,CAAC,iBAAiB,CAAC;YAC1B,EAAE,EAAE,IAAI;YACR,IAAI,EAAE,KAAK,IAAI,EAAE,CAAC,CAAC;gBACjB,YAAY,EAAE,GAAG;gBACjB,aAAa,EAAE,GAAG;gBAClB,UAAU,EAAE,EAAE;aACf,CAAC;SACH,CAAC,CAAC;QAEH,MAAM,kBAAkB,CAAC,IAAI,CAAC,CAAC;QAE/B,MAAM,CAAC,SAAS,CAAC,CAAC,oBAAoB,CACpC,MAAM,CAAC,gBAAgB,CAAC,kCAAkC,CAAC,EAC3D,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,CACnB,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/auth/__tests__/token-store.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/auth/__tests__/token-store.test.js

@@ -0,0 +1,165 @@
+import { describe, it, expect, vi } from "vitest";
+// Mock node:fs
+vi.mock("node:fs", () => ({
+    readFileSync: vi.fn(),
+    writeFileSync: vi.fn(),
+    mkdirSync: vi.fn(),
+    chmodSync: vi.fn(),
+}));
+// Mock node:os
+vi.mock("node:os", () => ({
+    homedir: vi.fn(() => "/mock-home"),
+}));
+import { readFileSync, writeFileSync, mkdirSync, chmodSync } from "node:fs";
+import { loadTokensFromDisk, saveTokensToDisk } from "../token-store.js";
+const mockedReadFileSync = vi.mocked(readFileSync);
+const mockedWriteFileSync = vi.mocked(writeFileSync);
+const mockedMkdirSync = vi.mocked(mkdirSync);
+const mockedChmodSync = vi.mocked(chmodSync);
+describe("loadTokensFromDisk", () => {
+    it("returns tokens when config.json has valid JWT auth", () => {
+        const futureDate = new Date(Date.now() + 3600_000).toISOString();
+        mockedReadFileSync.mockReturnValue(JSON.stringify({
+            auth: {
+                type: "jwt",
+                token: "access-token-1",
+                refreshToken: "refresh-token-1",
+                expiresAt: futureDate,
+            },
+        }));
+        const result = loadTokensFromDisk();
+        expect(result).toEqual({
+            accessToken: "access-token-1",
+            refreshToken: "refresh-token-1",
+            expiresAt: new Date(futureDate).getTime(),
+        });
+    });
+    it("returns undefined when file does not exist", () => {
+        mockedReadFileSync.mockImplementation(() => {
+            throw new Error("ENOENT");
+        });
+        expect(loadTokensFromDisk()).toBeUndefined();
+    });
+    it("returns undefined when JSON is invalid", () => {
+        mockedReadFileSync.mockReturnValue("not valid json{{{");
+        expect(loadTokensFromDisk()).toBeUndefined();
+    });
+    it("returns undefined when auth section is missing", () => {
+        mockedReadFileSync.mockReturnValue(JSON.stringify({ projects: [] }));
+        expect(loadTokensFromDisk()).toBeUndefined();
+    });
+    it("returns undefined when auth type is not jwt", () => {
+        mockedReadFileSync.mockReturnValue(JSON.stringify({
+            auth: {
+                type: "api-key",
+                token: "abc",
+                refreshToken: "def",
+                expiresAt: new Date(Date.now() + 3600_000).toISOString(),
+            },
+        }));
+        expect(loadTokensFromDisk()).toBeUndefined();
+    });
+    it("returns undefined when token is missing", () => {
+        mockedReadFileSync.mockReturnValue(JSON.stringify({
+            auth: {
+                type: "jwt",
+                token: "",
+                refreshToken: "refresh",
+                expiresAt: new Date(Date.now() + 3600_000).toISOString(),
+            },
+        }));
+        expect(loadTokensFromDisk()).toBeUndefined();
+    });
+    it("returns undefined when refreshToken is missing", () => {
+        mockedReadFileSync.mockReturnValue(JSON.stringify({
+            auth: {
+                type: "jwt",
+                token: "access",
+                refreshToken: "",
+                expiresAt: new Date(Date.now() + 3600_000).toISOString(),
+            },
+        }));
+        expect(loadTokensFromDisk()).toBeUndefined();
+    });
+    it("returns undefined when expiresAt is invalid", () => {
+        mockedReadFileSync.mockReturnValue(JSON.stringify({
+            auth: {
+                type: "jwt",
+                token: "access",
+                refreshToken: "refresh",
+                expiresAt: "not-a-date",
+            },
+        }));
+        expect(loadTokensFromDisk()).toBeUndefined();
+    });
+    it("returns undefined when token has expired", () => {
+        mockedReadFileSync.mockReturnValue(JSON.stringify({
+            auth: {
+                type: "jwt",
+                token: "access",
+                refreshToken: "refresh",
+                expiresAt: new Date(Date.now() - 1000).toISOString(),
+            },
+        }));
+        expect(loadTokensFromDisk()).toBeUndefined();
+    });
+});
+describe("saveTokensToDisk", () => {
+    const tokens = {
+        accessToken: "new-access",
+        refreshToken: "new-refresh",
+        expiresAt: 1700000000000,
+    };
+    it("creates config dir and writes config file", () => {
+        // No existing config file
+        mockedReadFileSync.mockImplementation(() => {
+            throw new Error("ENOENT");
+        });
+        saveTokensToDisk(tokens);
+        expect(mockedMkdirSync).toHaveBeenCalledWith(expect.stringContaining(".ulink"), { recursive: true });
+        expect(mockedWriteFileSync).toHaveBeenCalledWith(expect.stringContaining("config.json"), expect.any(String), "utf-8");
+        expect(mockedChmodSync).toHaveBeenCalledWith(expect.stringContaining("config.json"), 0o600);
+        const written = JSON.parse(mockedWriteFileSync.mock.calls[0][1]);
+        expect(written.auth).toEqual({
+            type: "jwt",
+            token: "new-access",
+            refreshToken: "new-refresh",
+            expiresAt: new Date(1700000000000).toISOString(),
+        });
+    });
+    it("merges into existing config preserving other fields", () => {
+        mockedReadFileSync.mockReturnValue(JSON.stringify({ projects: ["p1"], supabaseUrl: "https://example.com" }));
+        saveTokensToDisk(tokens);
+        const written = JSON.parse(mockedWriteFileSync.mock.calls[0][1]);
+        expect(written.projects).toEqual(["p1"]);
+        expect(written.supabaseUrl).toBe("https://example.com");
+        expect(written.auth.type).toBe("jwt");
+    });
+    it("overwrites existing auth section", () => {
+        mockedReadFileSync.mockReturnValue(JSON.stringify({
+            auth: { type: "jwt", token: "old", refreshToken: "old", expiresAt: "old" },
+        }));
+        saveTokensToDisk(tokens);
+        const written = JSON.parse(mockedWriteFileSync.mock.calls[0][1]);
+        expect(written.auth.token).toBe("new-access");
+    });
+    it("handles write errors gracefully by logging to stderr", () => {
+        mockedReadFileSync.mockImplementation(() => {
+            throw new Error("ENOENT");
+        });
+        mockedMkdirSync.mockImplementation(() => {
+            throw new Error("EACCES");
+        });
+        const spy = vi.spyOn(console, "error").mockImplementation(() => { });
+        saveTokensToDisk(tokens);
+        expect(spy).toHaveBeenCalledWith("Failed to save tokens to disk:", expect.any(Error));
+    });
+    it("handles invalid existing config file gracefully", () => {
+        mockedReadFileSync.mockReturnValue("not valid json");
+        saveTokensToDisk(tokens);
+        // Should still write successfully with just auth
+        const written = JSON.parse(mockedWriteFileSync.mock.calls[0][1]);
+        expect(written.auth.token).toBe("new-access");
+    });
+});
+//# sourceMappingURL=token-store.test.js.map

package/dist/auth/__tests__/token-store.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"token-store.test.js","sourceRoot":"","sources":["../../../src/auth/__tests__/token-store.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAc,MAAM,QAAQ,CAAC;AAG9D,eAAe;AACf,EAAE,CAAC,IAAI,CAAC,SAAS,EAAE,GAAG,EAAE,CAAC,CAAC;IACxB,YAAY,EAAE,EAAE,CAAC,EAAE,EAAE;IACrB,aAAa,EAAE,EAAE,CAAC,EAAE,EAAE;IACtB,SAAS,EAAE,EAAE,CAAC,EAAE,EAAE;IAClB,SAAS,EAAE,EAAE,CAAC,EAAE,EAAE;CACnB,CAAC,CAAC,CAAC;AAEJ,eAAe;AACf,EAAE,CAAC,IAAI,CAAC,SAAS,EAAE,GAAG,EAAE,CAAC,CAAC;IACxB,OAAO,EAAE,EAAE,CAAC,EAAE,CAAC,GAAG,EAAE,CAAC,YAAY,CAAC;CACnC,CAAC,CAAC,CAAC;AAEJ,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;AAC5E,OAAO,EAAE,kBAAkB,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AAEzE,MAAM,kBAAkB,GAAG,EAAE,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC;AACnD,MAAM,mBAAmB,GAAG,EAAE,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;AACrD,MAAM,eAAe,GAAG,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;AAC7C,MAAM,eAAe,GAAG,EAAE,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;AAE7C,QAAQ,CAAC,oBAAoB,EAAE,GAAG,EAAE;IAClC,EAAE,CAAC,oDAAoD,EAAE,GAAG,EAAE;QAC5D,MAAM,UAAU,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC;QACjE,kBAAkB,CAAC,eAAe,CAChC,IAAI,CAAC,SAAS,CAAC;YACb,IAAI,EAAE;gBACJ,IAAI,EAAE,KAAK;gBACX,KAAK,EAAE,gBAAgB;gBACvB,YAAY,EAAE,iBAAiB;gBAC/B,SAAS,EAAE,UAAU;aACtB;SACF,CAAC,CACH,CAAC;QAEF,MAAM,MAAM,GAAG,kBAAkB,EAAE,CAAC;QACpC,MAAM,CAAC,MAAM,CAAC,CAAC,OAAO,CAAC;YACrB,WAAW,EAAE,gBAAgB;YAC7B,YAAY,EAAE,iBAAiB;YAC/B,SAAS,EAAE,IAAI,IAAI,CAAC,UAAU,CAAC,CAAC,OAAO,EAAE;SAC1C,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4CAA4C,EAAE,GAAG,EAAE;QACpD,kBAAkB,CAAC,kBAAkB,CAAC,GAAG,EAAE;YACzC,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,CAAC;QAC5B,CAAC,CAAC,CAAC;QAEH,MAAM,CAAC,kBAAkB,EAAE,CAAC,CAAC,aAAa,EAAE,CAAC;IAC/C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wCAAwC,EAAE,GAAG,EAAE;QAChD,kBAAkB,CAAC,eAAe,CAAC,mBAAmB,CAAC,CAAC;QAExD,MAAM,CAAC,kBAAkB,EAAE,CAAC,CAAC,aAAa,EAAE,CAAC;IAC/C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gDAAgD,EAAE,GAAG,EAAE;QACxD,kBAAkB,CAAC,eAAe,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;QAErE,MAAM,CAAC,kBAAkB,EAAE,CAAC,CAAC,aAAa,EAAE,CAAC;IAC/C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6CAA6C,EAAE,GAAG,EAAE;QACrD,kBAAkB,CAAC,eAAe,CAChC,IAAI,CAAC,SAAS,CAAC;YACb,IAAI,EAAE;gBACJ,IAAI,EAAE,SAAS;gBACf,KAAK,EAAE,KAAK;gBACZ,YAAY,EAAE,KAAK;gBACnB,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC,CAAC,WAAW,EAAE;aACzD;SACF,CAAC,CACH,CAAC;QAEF,MAAM,CAAC,kBAAkB,EAAE,CAAC,CAAC,aAAa,EAAE,CAAC;IAC/C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yCAAyC,EAAE,GAAG,EAAE;QACjD,kBAAkB,CAAC,eAAe,CAChC,IAAI,CAAC,SAAS,CAAC;YACb,IAAI,EAAE;gBACJ,IAAI,EAAE,KAAK;gBACX,KAAK,EAAE,EAAE;gBACT,YAAY,EAAE,SAAS;gBACvB,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC,CAAC,WAAW,EAAE;aACzD;SACF,CAAC,CACH,CAAC;QAEF,MAAM,CAAC,kBAAkB,EAAE,CAAC,CAAC,aAAa,EAAE,CAAC;IAC/C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gDAAgD,EAAE,GAAG,EAAE;QACxD,kBAAkB,CAAC,eAAe,CAChC,IAAI,CAAC,SAAS,CAAC;YACb,IAAI,EAAE;gBACJ,IAAI,EAAE,KAAK;gBACX,KAAK,EAAE,QAAQ;gBACf,YAAY,EAAE,EAAE;gBAChB,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC,CAAC,WAAW,EAAE;aACzD;SACF,CAAC,CACH,CAAC;QAEF,MAAM,CAAC,kBAAkB,EAAE,CAAC,CAAC,aAAa,EAAE,CAAC;IAC/C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6CAA6C,EAAE,GAAG,EAAE;QACrD,kBAAkB,CAAC,eAAe,CAChC,IAAI,CAAC,SAAS,CAAC;YACb,IAAI,EAAE;gBACJ,IAAI,EAAE,KAAK;gBACX,KAAK,EAAE,QAAQ;gBACf,YAAY,EAAE,SAAS;gBACvB,SAAS,EAAE,YAAY;aACxB;SACF,CAAC,CACH,CAAC;QAEF,MAAM,CAAC,kBAAkB,EAAE,CAAC,CAAC,aAAa,EAAE,CAAC;IAC/C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0CAA0C,EAAE,GAAG,EAAE;QAClD,kBAAkB,CAAC,eAAe,CAChC,IAAI,CAAC,SAAS,CAAC;YACb,IAAI,EAAE;gBACJ,IAAI,EAAE,KAAK;gBACX,KAAK,EAAE,QAAQ;gBACf,YAAY,EAAE,SAAS;gBACvB,SAAS,EAAE,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE;aACrD;SACF,CAAC,CACH,CAAC;QAEF,MAAM,CAAC,kBAAkB,EAAE,CAAC,CAAC,aAAa,EAAE,CAAC;IAC/C,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,kBAAkB,EAAE,GAAG,EAAE;IAChC,MAAM,MAAM,GAAgB;QAC1B,WAAW,EAAE,YAAY;QACzB,YAAY,EAAE,aAAa;QAC3B,SAAS,EAAE,aAAa;KACzB,CAAC;IAEF,EAAE,CAAC,2CAA2C,EAAE,GAAG,EAAE;QACnD,0BAA0B;QAC1B,kBAAkB,CAAC,kBAAkB,CAAC,GAAG,EAAE;YACzC,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,CAAC;QAC5B,CAAC,CAAC,CAAC;QAEH,gBAAgB,CAAC,MAAM,CAAC,CAAC;QAEzB,MAAM,CAAC,eAAe,CAAC,CAAC,oBAAoB,CAC1C,MAAM,CAAC,gBAAgB,CAAC,QAAQ,CAAC,EACjC,EAAE,SAAS,EAAE,IAAI,EAAE,CACpB,CAAC;QACF,MAAM,CAAC,mBAAmB,CAAC,CAAC,oBAAoB,CAC9C,MAAM,CAAC,gBAAgB,CAAC,aAAa,CAAC,EACtC,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC,EAClB,OAAO,CACR,CAAC;QACF,MAAM,CAAC,eAAe,CAAC,CAAC,oBAAoB,CAC1C,MAAM,CAAC,gBAAgB,CAAC,aAAa,CAAC,EACtC,KAAK,CACN,CAAC;QAEF,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CACxB,mBAAmB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAW,CAC/C,CAAC;QACF,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC;YAC3B,IAAI,EAAE,KAAK;YACX,KAAK,EAAE,YAAY;YACnB,YAAY,EAAE,aAAa;YAC3B,SAAS,EAAE,IAAI,IAAI,CAAC,aAAa,CAAC,CAAC,WAAW,EAAE;SACjD,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qDAAqD,EAAE,GAAG,EAAE;QAC7D,kBAAkB,CAAC,eAAe,CAChC,IAAI,CAAC,SAAS,CAAC,EAAE,QAAQ,EAAE,CAAC,IAAI,CAAC,EAAE,WAAW,EAAE,qBAAqB,EAAE,CAAC,CACzE,CAAC;QAEF,gBAAgB,CAAC,MAAM,CAAC,CAAC;QAEzB,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CACxB,mBAAmB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAW,CAC/C,CAAC;QACF,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC;QACzC,MAAM,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC;QACxD,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACxC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;QAC1C,kBAAkB,CAAC,eAAe,CAChC,IAAI,CAAC,SAAS,CAAC;YACb,IAAI,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,YAAY,EAAE,KAAK,EAAE,SAAS,EAAE,KAAK,EAAE;SAC3E,CAAC,CACH,CAAC;QAEF,gBAAgB,CAAC,MAAM,CAAC,CAAC;QAEzB,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CACxB,mBAAmB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAW,CAC/C,CAAC;QACF,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAChD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sDAAsD,EAAE,GAAG,EAAE;QAC9D,kBAAkB,CAAC,kBAAkB,CAAC,GAAG,EAAE;YACzC,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,CAAC;QAC5B,CAAC,CAAC,CAAC;QACH,eAAe,CAAC,kBAAkB,CAAC,GAAG,EAAE;YACtC,MAAM,IAAI,KAAK,CAAC,QAAQ,CAAC,CAAC;QAC5B,CAAC,CAAC,CAAC;QAEH,MAAM,GAAG,GAAG,EAAE,CAAC,KAAK,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,kBAAkB,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;QACpE,gBAAgB,CAAC,MAAM,CAAC,CAAC;QACzB,MAAM,CAAC,GAAG,CAAC,CAAC,oBAAoB,CAC9B,gCAAgC,EAChC,MAAM,CAAC,GAAG,CAAC,KAAK,CAAC,CAClB,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iDAAiD,EAAE,GAAG,EAAE;QACzD,kBAAkB,CAAC,eAAe,CAAC,gBAAgB,CAAC,CAAC;QAErD,gBAAgB,CAAC,MAAM,CAAC,CAAC;QAEzB,iDAAiD;QACjD,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CACxB,mBAAmB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAW,CAC/C,CAAC;QACF,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;IAChD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/auth/oauth.js

@@ -40,14 +40,14 @@ export function openBrowser(url) {
     const platform = process.platform;
     try {
         if (platform === "darwin") {
-            execFileSync("open", [url]);
+            execFileSync("open", [url], { stdio: "ignore" });
         }
         else if (platform === "win32") {
-            execFileSync("cmd", ["/c", "start", "", url]);
+            execFileSync("cmd", ["/c", "start", "", url], { stdio: "ignore" });
         }
         else {
             // Linux / other
-            execFileSync("xdg-open", [url]);
+            execFileSync("xdg-open", [url], { stdio: "ignore" });
         }
     }
     catch {
@@ -63,6 +63,8 @@ export function browserOAuthFlow() {
         const codeVerifier = generateCodeVerifier();
         const codeChallenge = generateCodeChallenge(codeVerifier);
         let settled = false;
+        let callbackAttempts = 0;
+        const MAX_CALLBACK_ATTEMPTS = 5;
         const server = createServer((req, res) => {
             if (!req.url) {
                 res.writeHead(400);
@@ -75,6 +77,20 @@ export function browserOAuthFlow() {
                 res.end("Not found");
                 return;
             }
+            // Rate limit callback attempts
+            callbackAttempts++;
+            if (callbackAttempts > MAX_CALLBACK_ATTEMPTS) {
+                res.writeHead(429, { "Content-Type": "text/html" });
+                res.end(errorHtml("Too many callback attempts"));
+                return;
+            }
+            // Validate session ID to prevent CSRF
+            const returnedSession = parsed.searchParams.get("session");
+            if (returnedSession !== sessionId) {
+                res.writeHead(400, { "Content-Type": "text/html" });
+                res.end(errorHtml("Invalid session — possible CSRF attempt"));
+                return;
+            }
             const error = parsed.searchParams.get("error");
             if (error) {
                 const desc = parsed.searchParams.get("error_description") ?? "Unknown error";
@@ -122,7 +138,7 @@ export function browserOAuthFlow() {
                 `&code_challenge_method=S256` +
                 `&callback_port=${port}` +
                 `&source=mcp`;
-            console.error(`Opening browser for authentication...\n${authUrl}`);
+            console.error(`Opening browser for authentication on localhost:${port}...`);
             openBrowser(authUrl);
         });
         // 5-minute timeout

package/dist/auth/oauth.js.map

@@ -1 +1 @@
-{"version":3,"file":"oauth.js","sourceRoot":"","sources":["../../src/auth/oauth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAClE,OAAO,EAAE,YAAY,EAA6C,MAAM,WAAW,CAAC;AACpF,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,GAAG,EAAE,MAAM,UAAU,CAAC;AAQ/B,MAAM,YAAY,GAChB,OAAO,CAAC,GAAG,CAAC,kBAAkB,IAAI,kBAAkB,CAAC;AAEvD,MAAM,YAAY,GAChB,OAAO,CAAC,GAAG,CAAC,kBAAkB,IAAI,0CAA0C,CAAC;AAE/E,MAAM,UAAU,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,YAAY;AAE9C,8EAA8E;AAC9E,UAAU;AACV,8EAA8E;AAE9E,SAAS,SAAS,CAAC,GAAW;IAC5B,OAAO,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;AACnC,CAAC;AAED,SAAS,oBAAoB;IAC3B,OAAO,SAAS,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC;AACpC,CAAC;AAED,SAAS,qBAAqB,CAAC,QAAgB;IAC7C,OAAO,SAAS,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;AACnE,CAAC;AAED,SAAS,WAAW;IAClB,OAAO;;;;;gIAKuH,CAAC;AACjI,CAAC;AAED,SAAS,SAAS,CAAC,OAAe;IAChC,OAAO;;;;;0DAKiD,OAAO,0BAA0B,CAAC;AAC5F,CAAC;AAED,8EAA8E;AAC9E,iBAAiB;AACjB,8EAA8E;AAE9E,MAAM,UAAU,WAAW,CAAC,GAAW;IACrC,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IAClC,IAAI,CAAC;QACH,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;YAC1B,YAAY,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;QAC9B,CAAC;aAAM,IAAI,QAAQ,KAAK,OAAO,EAAE,CAAC;YAChC,YAAY,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,GAAG,CAAC,CAAC,CAAC;QAChD,CAAC;aAAM,CAAC;YACN,gBAAgB;YAChB,YAAY,CAAC,UAAU,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC;QAClC,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,KAAK,CAAC,0CAA0C,GAAG,EAAE,CAAC,CAAC;IACjE,CAAC;AACH,CAAC;AAED,8EAA8E;AAC9E,0BAA0B;AAC1B,8EAA8E;AAE9E,MAAM,UAAU,gBAAgB;IAC9B,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,SAAS,GAAG,UAAU,EAAE,CAAC;QAC/B,MAAM,YAAY,GAAG,oBAAoB,EAAE,CAAC;QAC5C,MAAM,aAAa,GAAG,qBAAqB,CAAC,YAAY,CAAC,CAAC;QAE1D,IAAI,OAAO,GAAG,KAAK,CAAC;QAEpB,MAAM,MAAM,GAAG,YAAY,CAAC,CAAC,GAAoB,EAAE,GAAmB,EAAE,EAAE;YACxE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC;gBACb,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;gBACnB,GAAG,CAAC,GAAG,EAAE,CAAC;gBACV,OAAO;YACT,CAAC;YAED,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAAC;YAEpD,IAAI,MAAM,CAAC,QAAQ,KAAK,WAAW,EAAE,CAAC;gBACpC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;gBACnB,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;gBACrB,OAAO;YACT,CAAC;YAED,MAAM,KAAK,GAAG,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YAC/C,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,IAAI,GACR,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,mBAAmB,CAAC,IAAI,eAAe,CAAC;gBAClE,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;gBACpD,GAAG,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;gBACzB,OAAO,GAAG,IAAI,CAAC;gBACf,MAAM,CAAC,KAAK,EAAE,CAAC;gBACf,MAAM,CAAC,IAAI,KAAK,CAAC,gBAAgB,KAAK,MAAM,IAAI,EAAE,CAAC,CAAC,CAAC;gBACrD,OAAO;YACT,CAAC;YAED,MAAM,WAAW,GAAG,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;YAC5D,MAAM,YAAY,GAAG,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;YAC9D,MAAM,SAAS,GAAG,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;YAExD,IAAI,CAAC,WAAW,IAAI,CAAC,YAAY,IAAI,CAAC,SAAS,EAAE,CAAC;gBAChD,MAAM,GAAG,GAAG,sCAAsC,CAAC;gBACnD,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;gBACpD,GAAG,CAAC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;gBACxB,OAAO,GAAG,IAAI,CAAC;gBACf,MAAM,CAAC,KAAK,EAAE,CAAC;gBACf,MAAM,CAAC,IAAI,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC;gBACvB,OAAO;YACT,CAAC;YAED,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;YACpD,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC;YAEvB,MAAM,MAAM,GAAgB;gBAC1B,WAAW;gBACX,YAAY;gBACZ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC,SAAS,EAAE,EAAE,CAAC,GAAG,IAAI;aACvD,CAAC;YAEF,OAAO,GAAG,IAAI,CAAC;YACf,MAAM,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,MAAM,CAAC,CAAC;QAClB,CAAC,CAAC,CAAC;QAEH,gDAAgD;QAChD,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,WAAW,EAAE,GAAG,EAAE;YACjC,MAAM,IAAI,GAAG,MAAM,CAAC,OAAO,EAAE,CAAC;YAC9B,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;gBACtC,MAAM,CAAC,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC,CAAC;gBACjD,OAAO;YACT,CAAC;YAED,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;YACvB,MAAM,OAAO,GACX,GAAG,YAAY,WAAW;gBAC1B,YAAY,kBAAkB,CAAC,SAAS,CAAC,EAAE;gBAC3C,mBAAmB,kBAAkB,CAAC,aAAa,CAAC,EAAE;gBACtD,6BAA6B;gBAC7B,kBAAkB,IAAI,EAAE;gBACxB,aAAa,CAAC;YAEhB,OAAO,CAAC,KAAK,CAAC,0CAA0C,OAAO,EAAE,CAAC,CAAC;YACnE,WAAW,CAAC,OAAO,CAAC,CAAC;QACvB,CAAC,CAAC,CAAC;QAEH,mBAAmB;QACnB,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;YAC5B,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO,GAAG,IAAI,CAAC;gBACf,MAAM,CAAC,KAAK,EAAE,CAAC;gBACf,MAAM,CAAC,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC,CAAC;YAC5D,CAAC;QACH,CAAC,EAAE,UAAU,CAAC,CAAC;QAEf,wEAAwE;QACxE,KAAK,CAAC,KAAK,EAAE,CAAC;IAChB,CAAC,CAAC,CAAC;AACL,CAAC;AAED,8EAA8E;AAC9E,gBAAgB;AAChB,8EAA8E;AAE9E,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,YAAoB;IAEpB,MAAM,iBAAiB,GACrB,kNAAkN,CAAC;IACrN,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB,IAAI,iBAAiB,CAAC;IAEzE,MAAM,GAAG,GAAG,GAAG,YAAY,yCAAyC,CAAC;IAErE,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;QAC3B,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,kBAAkB;YAClC,MAAM,EAAE,OAAO;SAChB;QACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,aAAa,EAAE,YAAY,EAAE,CAAC;KACtD,CAAC,CAAC;IAEH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QAC9B,MAAM,IAAI,KAAK,CAAC,yBAAyB,GAAG,CAAC,MAAM,MAAM,IAAI,EAAE,CAAC,CAAC;IACnE,CAAC;IAED,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAI7B,CAAC;IAEF,OAAO;QACL,WAAW,EAAE,IAAI,CAAC,YAAY;QAC9B,YAAY,EAAE,IAAI,CAAC,aAAa;QAChC,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI;KAC/C,CAAC;AACJ,CAAC"}
+{"version":3,"file":"oauth.js","sourceRoot":"","sources":["../../src/auth/oauth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AAClE,OAAO,EAAE,YAAY,EAA6C,MAAM,WAAW,CAAC;AACpF,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,EAAE,GAAG,EAAE,MAAM,UAAU,CAAC;AAQ/B,MAAM,YAAY,GAChB,OAAO,CAAC,GAAG,CAAC,kBAAkB,IAAI,kBAAkB,CAAC;AAEvD,MAAM,YAAY,GAChB,OAAO,CAAC,GAAG,CAAC,kBAAkB,IAAI,0CAA0C,CAAC;AAE/E,MAAM,UAAU,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,YAAY;AAE9C,8EAA8E;AAC9E,UAAU;AACV,8EAA8E;AAE9E,SAAS,SAAS,CAAC,GAAW;IAC5B,OAAO,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;AACnC,CAAC;AAED,SAAS,oBAAoB;IAC3B,OAAO,SAAS,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC;AACpC,CAAC;AAED,SAAS,qBAAqB,CAAC,QAAgB;IAC7C,OAAO,SAAS,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;AACnE,CAAC;AAED,SAAS,WAAW;IAClB,OAAO;;;;;gIAKuH,CAAC;AACjI,CAAC;AAED,SAAS,SAAS,CAAC,OAAe;IAChC,OAAO;;;;;0DAKiD,OAAO,0BAA0B,CAAC;AAC5F,CAAC;AAED,8EAA8E;AAC9E,iBAAiB;AACjB,8EAA8E;AAE9E,MAAM,UAAU,WAAW,CAAC,GAAW;IACrC,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,CAAC;IAClC,IAAI,CAAC;QACH,IAAI,QAAQ,KAAK,QAAQ,EAAE,CAAC;YAC1B,YAAY,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC;QACnD,CAAC;aAAM,IAAI,QAAQ,KAAK,OAAO,EAAE,CAAC;YAChC,YAAY,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,OAAO,EAAE,EAAE,EAAE,GAAG,CAAC,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC;QACrE,CAAC;aAAM,CAAC;YACN,gBAAgB;YAChB,YAAY,CAAC,UAAU,EAAE,CAAC,GAAG,CAAC,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC;QACvD,CAAC;IACH,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,CAAC,KAAK,CAAC,0CAA0C,GAAG,EAAE,CAAC,CAAC;IACjE,CAAC;AACH,CAAC;AAED,8EAA8E;AAC9E,0BAA0B;AAC1B,8EAA8E;AAE9E,MAAM,UAAU,gBAAgB;IAC9B,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,SAAS,GAAG,UAAU,EAAE,CAAC;QAC/B,MAAM,YAAY,GAAG,oBAAoB,EAAE,CAAC;QAC5C,MAAM,aAAa,GAAG,qBAAqB,CAAC,YAAY,CAAC,CAAC;QAE1D,IAAI,OAAO,GAAG,KAAK,CAAC;QAEpB,IAAI,gBAAgB,GAAG,CAAC,CAAC;QACzB,MAAM,qBAAqB,GAAG,CAAC,CAAC;QAEhC,MAAM,MAAM,GAAG,YAAY,CAAC,CAAC,GAAoB,EAAE,GAAmB,EAAE,EAAE;YACxE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC;gBACb,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;gBACnB,GAAG,CAAC,GAAG,EAAE,CAAC;gBACV,OAAO;YACT,CAAC;YAED,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAAC;YAEpD,IAAI,MAAM,CAAC,QAAQ,KAAK,WAAW,EAAE,CAAC;gBACpC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;gBACnB,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;gBACrB,OAAO;YACT,CAAC;YAED,+BAA+B;YAC/B,gBAAgB,EAAE,CAAC;YACnB,IAAI,gBAAgB,GAAG,qBAAqB,EAAE,CAAC;gBAC7C,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;gBACpD,GAAG,CAAC,GAAG,CAAC,SAAS,CAAC,4BAA4B,CAAC,CAAC,CAAC;gBACjD,OAAO;YACT,CAAC;YAED,sCAAsC;YACtC,MAAM,eAAe,GAAG,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;YAC3D,IAAI,eAAe,KAAK,SAAS,EAAE,CAAC;gBAClC,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;gBACpD,GAAG,CAAC,GAAG,CAAC,SAAS,CAAC,yCAAyC,CAAC,CAAC,CAAC;gBAC9D,OAAO;YACT,CAAC;YAED,MAAM,KAAK,GAAG,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;YAC/C,IAAI,KAAK,EAAE,CAAC;gBACV,MAAM,IAAI,GACR,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,mBAAmB,CAAC,IAAI,eAAe,CAAC;gBAClE,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;gBACpD,GAAG,CAAC,GAAG,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;gBACzB,OAAO,GAAG,IAAI,CAAC;gBACf,MAAM,CAAC,KAAK,EAAE,CAAC;gBACf,MAAM,CAAC,IAAI,KAAK,CAAC,gBAAgB,KAAK,MAAM,IAAI,EAAE,CAAC,CAAC,CAAC;gBACrD,OAAO;YACT,CAAC;YAED,MAAM,WAAW,GAAG,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;YAC5D,MAAM,YAAY,GAAG,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,CAAC,CAAC;YAC9D,MAAM,SAAS,GAAG,MAAM,CAAC,YAAY,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;YAExD,IAAI,CAAC,WAAW,IAAI,CAAC,YAAY,IAAI,CAAC,SAAS,EAAE,CAAC;gBAChD,MAAM,GAAG,GAAG,sCAAsC,CAAC;gBACnD,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;gBACpD,GAAG,CAAC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;gBACxB,OAAO,GAAG,IAAI,CAAC;gBACf,MAAM,CAAC,KAAK,EAAE,CAAC;gBACf,MAAM,CAAC,IAAI,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC;gBACvB,OAAO;YACT,CAAC;YAED,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;YACpD,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,CAAC;YAEvB,MAAM,MAAM,GAAgB;gBAC1B,WAAW;gBACX,YAAY;gBACZ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,QAAQ,CAAC,SAAS,EAAE,EAAE,CAAC,GAAG,IAAI;aACvD,CAAC;YAEF,OAAO,GAAG,IAAI,CAAC;YACf,MAAM,CAAC,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,MAAM,CAAC,CAAC;QAClB,CAAC,CAAC,CAAC;QAEH,gDAAgD;QAChD,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,WAAW,EAAE,GAAG,EAAE;YACjC,MAAM,IAAI,GAAG,MAAM,CAAC,OAAO,EAAE,CAAC;YAC9B,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;gBACtC,MAAM,CAAC,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC,CAAC;gBACjD,OAAO;YACT,CAAC;YAED,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC;YACvB,MAAM,OAAO,GACX,GAAG,YAAY,WAAW;gBAC1B,YAAY,kBAAkB,CAAC,SAAS,CAAC,EAAE;gBAC3C,mBAAmB,kBAAkB,CAAC,aAAa,CAAC,EAAE;gBACtD,6BAA6B;gBAC7B,kBAAkB,IAAI,EAAE;gBACxB,aAAa,CAAC;YAEhB,OAAO,CAAC,KAAK,CAAC,mDAAmD,IAAI,KAAK,CAAC,CAAC;YAC5E,WAAW,CAAC,OAAO,CAAC,CAAC;QACvB,CAAC,CAAC,CAAC;QAEH,mBAAmB;QACnB,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE;YAC5B,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO,GAAG,IAAI,CAAC;gBACf,MAAM,CAAC,KAAK,EAAE,CAAC;gBACf,MAAM,CAAC,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC,CAAC;YAC5D,CAAC;QACH,CAAC,EAAE,UAAU,CAAC,CAAC;QAEf,wEAAwE;QACxE,KAAK,CAAC,KAAK,EAAE,CAAC;IAChB,CAAC,CAAC,CAAC;AACL,CAAC;AAED,8EAA8E;AAC9E,gBAAgB;AAChB,8EAA8E;AAE9E,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,YAAoB;IAEpB,MAAM,iBAAiB,GACrB,kNAAkN,CAAC;IACrN,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,uBAAuB,IAAI,iBAAiB,CAAC;IAEzE,MAAM,GAAG,GAAG,GAAG,YAAY,yCAAyC,CAAC;IAErE,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,EAAE;QAC3B,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,kBAAkB;YAClC,MAAM,EAAE,OAAO;SAChB;QACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,aAAa,EAAE,YAAY,EAAE,CAAC;KACtD,CAAC,CAAC;IAEH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;QACZ,MAAM,IAAI,GAAG,MAAM,GAAG,CAAC,IAAI,EAAE,CAAC;QAC9B,MAAM,IAAI,KAAK,CAAC,yBAAyB,GAAG,CAAC,MAAM,MAAM,IAAI,EAAE,CAAC,CAAC;IACnE,CAAC;IAED,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAI7B,CAAC;IAEF,OAAO;QACL,WAAW,EAAE,IAAI,CAAC,YAAY;QAC9B,YAAY,EAAE,IAAI,CAAC,aAAa;QAChC,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI;KAC/C,CAAC;AACJ,CAAC"}

package/dist/client/__tests__/ulink-api.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/client/__tests__/ulink-api.test.js

@@ -0,0 +1,241 @@
+import { describe, it, expect, vi, beforeEach } from "vitest";
+// Mock auth modules
+vi.mock("../../auth/api-key.js", () => ({
+    getApiKey: vi.fn(),
+}));
+vi.mock("../../auth/oauth.js", () => ({
+    browserOAuthFlow: vi.fn(),
+    refreshAccessToken: vi.fn(),
+}));
+vi.mock("../../auth/token-store.js", () => ({
+    loadTokensFromDisk: vi.fn(),
+    saveTokensToDisk: vi.fn(),
+}));
+import { getApiKey } from "../../auth/api-key.js";
+import { browserOAuthFlow, refreshAccessToken } from "../../auth/oauth.js";
+import { loadTokensFromDisk, saveTokensToDisk } from "../../auth/token-store.js";
+const mockedGetApiKey = vi.mocked(getApiKey);
+const mockedBrowserOAuthFlow = vi.mocked(browserOAuthFlow);
+const mockedRefreshAccessToken = vi.mocked(refreshAccessToken);
+const mockedLoadTokensFromDisk = vi.mocked(loadTokensFromDisk);
+const mockedSaveTokensToDisk = vi.mocked(saveTokensToDisk);
+const mockFetch = vi.fn();
+describe("apiRequest", () => {
+    // We need to re-import the module for each test to reset the module-level
+    // oauthTokens singleton. Use vi.resetModules() + dynamic import().
+    let apiRequest;
+    let ApiError;
+    beforeEach(async () => {
+        vi.stubGlobal("fetch", mockFetch);
+        delete process.env.ULINK_API_URL;
+        // Reset module-level oauthTokens state
+        vi.resetModules();
+        // Re-mock after resetModules
+        vi.doMock("../../auth/api-key.js", () => ({
+            getApiKey: mockedGetApiKey,
+        }));
+        vi.doMock("../../auth/oauth.js", () => ({
+            browserOAuthFlow: mockedBrowserOAuthFlow,
+            refreshAccessToken: mockedRefreshAccessToken,
+        }));
+        vi.doMock("../../auth/token-store.js", () => ({
+            loadTokensFromDisk: mockedLoadTokensFromDisk,
+            saveTokensToDisk: mockedSaveTokensToDisk,
+        }));
+        const mod = await import("../ulink-api.js");
+        apiRequest = mod.apiRequest;
+        ApiError = mod.ApiError;
+    });
+    it("uses API key auth when ULINK_API_KEY is set", async () => {
+        mockedGetApiKey.mockReturnValue("my-api-key");
+        mockFetch.mockResolvedValue({
+            ok: true,
+            status: 200,
+            json: async () => ({ id: 1 }),
+        });
+        const result = await apiRequest("GET", "/projects");
+        expect(mockFetch).toHaveBeenCalledWith("https://api.ulink.ly/projects", expect.objectContaining({
+            method: "GET",
+            headers: expect.objectContaining({
+                "x-app-key": "my-api-key",
+            }),
+        }));
+        expect(result).toEqual({ id: 1 });
+    });
+    it("loads OAuth tokens from disk when no API key", async () => {
+        mockedGetApiKey.mockReturnValue(undefined);
+        const tokens = {
+            accessToken: "disk-token",
+            refreshToken: "disk-refresh",
+            expiresAt: Date.now() + 3600_000,
+        };
+        mockedLoadTokensFromDisk.mockReturnValue(tokens);
+        mockFetch.mockResolvedValue({
+            ok: true,
+            status: 200,
+            json: async () => ({ data: "test" }),
+        });
+        await apiRequest("GET", "/test");
+        expect(mockFetch).toHaveBeenCalledWith(expect.any(String), expect.objectContaining({
+            headers: expect.objectContaining({
+                Authorization: "Bearer disk-token",
+            }),
+        }));
+    });
+    it("triggers browser OAuth flow when no API key and no disk tokens", async () => {
+        mockedGetApiKey.mockReturnValue(undefined);
+        mockedLoadTokensFromDisk.mockReturnValue(undefined);
+        const freshTokens = {
+            accessToken: "browser-token",
+            refreshToken: "browser-refresh",
+            expiresAt: Date.now() + 3600_000,
+        };
+        mockedBrowserOAuthFlow.mockResolvedValue(freshTokens);
+        mockFetch.mockResolvedValue({
+            ok: true,
+            status: 200,
+            json: async () => ({}),
+        });
+        await apiRequest("GET", "/test");
+        expect(mockedBrowserOAuthFlow).toHaveBeenCalled();
+        expect(mockedSaveTokensToDisk).toHaveBeenCalledWith(freshTokens);
+        expect(mockFetch).toHaveBeenCalledWith(expect.any(String), expect.objectContaining({
+            headers: expect.objectContaining({
+                Authorization: "Bearer browser-token",
+            }),
+        }));
+    });
+    it("auto-refreshes tokens when near expiry", async () => {
+        mockedGetApiKey.mockReturnValue(undefined);
+        // Token expires in 10 seconds (< 30s buffer)
+        const nearExpiryTokens = {
+            accessToken: "old-token",
+            refreshToken: "old-refresh",
+            expiresAt: Date.now() + 10_000,
+        };
+        mockedLoadTokensFromDisk.mockReturnValue(nearExpiryTokens);
+        const refreshedTokens = {
+            accessToken: "refreshed-token",
+            refreshToken: "refreshed-refresh",
+            expiresAt: Date.now() + 3600_000,
+        };
+        mockedRefreshAccessToken.mockResolvedValue(refreshedTokens);
+        mockFetch.mockResolvedValue({
+            ok: true,
+            status: 200,
+            json: async () => ({}),
+        });
+        await apiRequest("GET", "/test");
+        expect(mockedRefreshAccessToken).toHaveBeenCalledWith("old-refresh");
+        expect(mockedSaveTokensToDisk).toHaveBeenCalledWith(refreshedTokens);
+        expect(mockFetch).toHaveBeenCalledWith(expect.any(String), expect.objectContaining({
+            headers: expect.objectContaining({
+                Authorization: "Bearer refreshed-token",
+            }),
+        }));
+    });
+    it("falls back to browser flow when refresh fails", async () => {
+        mockedGetApiKey.mockReturnValue(undefined);
+        const nearExpiryTokens = {
+            accessToken: "old",
+            refreshToken: "old-refresh",
+            expiresAt: Date.now() + 5_000,
+        };
+        mockedLoadTokensFromDisk.mockReturnValue(nearExpiryTokens);
+        mockedRefreshAccessToken.mockRejectedValue(new Error("refresh failed"));
+        const browserTokens = {
+            accessToken: "browser-fallback",
+            refreshToken: "browser-refresh-fallback",
+            expiresAt: Date.now() + 3600_000,
+        };
+        mockedBrowserOAuthFlow.mockResolvedValue(browserTokens);
+        mockFetch.mockResolvedValue({
+            ok: true,
+            status: 200,
+            json: async () => ({}),
+        });
+        // Suppress console.error for "Token refresh failed"
+        vi.spyOn(console, "error").mockImplementation(() => { });
+        await apiRequest("GET", "/test");
+        expect(mockedBrowserOAuthFlow).toHaveBeenCalled();
+        expect(mockFetch).toHaveBeenCalledWith(expect.any(String), expect.objectContaining({
+            headers: expect.objectContaining({
+                Authorization: "Bearer browser-fallback",
+            }),
+        }));
+    });
+    it("sends Content-Type header and body for POST requests", async () => {
+        mockedGetApiKey.mockReturnValue("key");
+        mockFetch.mockResolvedValue({
+            ok: true,
+            status: 200,
+            json: async () => ({ created: true }),
+        });
+        await apiRequest("POST", "/projects", { name: "Test" });
+        expect(mockFetch).toHaveBeenCalledWith(expect.any(String), expect.objectContaining({
+            method: "POST",
+            headers: expect.objectContaining({
+                "Content-Type": "application/json",
+            }),
+            body: JSON.stringify({ name: "Test" }),
+        }));
+    });
+    it("does not send Content-Type when no body", async () => {
+        mockedGetApiKey.mockReturnValue("key");
+        mockFetch.mockResolvedValue({
+            ok: true,
+            status: 200,
+            json: async () => ({}),
+        });
+        await apiRequest("GET", "/projects");
+        const callArgs = mockFetch.mock.calls[0][1];
+        expect(callArgs.headers).not.toHaveProperty("Content-Type");
+        expect(callArgs.body).toBeUndefined();
+    });
+    it("returns undefined for 204 No Content responses", async () => {
+        mockedGetApiKey.mockReturnValue("key");
+        mockFetch.mockResolvedValue({
+            ok: true,
+            status: 204,
+        });
+        const result = await apiRequest("DELETE", "/projects/123");
+        expect(result).toBeUndefined();
+    });
+    it("throws ApiError with message from response body", async () => {
+        mockedGetApiKey.mockReturnValue("key");
+        mockFetch.mockResolvedValue({
+            ok: false,
+            status: 404,
+            json: async () => ({ message: "Project not found" }),
+        });
+        await expect(apiRequest("GET", "/projects/999")).rejects.toThrow("Project not found");
+        try {
+            await apiRequest("GET", "/projects/999");
+        }
+        catch (err) {
+            expect(err).toBeInstanceOf(ApiError);
+            expect(err.status).toBe(404);
+        }
+    });
+    it("throws ApiError with default message when response body has no message", async () => {
+        mockedGetApiKey.mockReturnValue("key");
+        mockFetch.mockResolvedValue({
+            ok: false,
+            status: 500,
+            json: async () => ({}),
+        });
+        await expect(apiRequest("GET", "/test")).rejects.toThrow("API request failed: 500");
+    });
+    it("throws ApiError with default message when response body is not JSON", async () => {
+        mockedGetApiKey.mockReturnValue("key");
+        mockFetch.mockResolvedValue({
+            ok: false,
+            status: 502,
+            json: async () => {
+                throw new Error("not json");
+            },
+        });
+        await expect(apiRequest("GET", "/test")).rejects.toThrow("API request failed: 502");
+    });
+});
+//# sourceMappingURL=ulink-api.test.js.map