@vybestack/llxprt-code-core 0.5.0 → 0.6.0-nightly.251128.1049d5f2b

package/dist/src/mcp/oauth-token-storage.js.map

@@ -1 +1 @@
-{"version":3,"file":"oauth-token-storage.js","sourceRoot":"","sources":["../../../src/mcp/oauth-token-storage.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,cAAc,EAAE,MAAM,uBAAuB,CAAC;AACvD,OAAO,EACL,cAAc,GAGf,MAAM,kBAAkB,CAAC;AAK1B;;;;GAIG;AACH,MAAM,OAAO,oBAAoB;IACvB,MAAM,CAAC,UAAU,GAAmB,IAAI,cAAc,EAAE,CAAC;IAEjE;;;;;OAKG;IACH,MAAM,CAAC,aAAa,CAAC,KAAqB;QACxC,IAAI,CAAC,UAAU,GAAG,KAAK,CAAC;IAC1B,CAAC;IAED;;;;OAIG;IACH,MAAM,CAAC,aAAa;QAClB,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;IAED;;;;OAIG;IACH,MAAM,CAAC,KAAK,CAAC,UAAU;QACrB,OAAO,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE,CAAC;IACtC,CAAC;IAED;;;;;;;;OAQG;IACH,MAAM,CAAC,KAAK,CAAC,SAAS,CACpB,UAAkB,EAClB,KAAoB,EACpB,QAAiB,EACjB,QAAiB,EACjB,YAAqB;QAErB,OAAO,IAAI,CAAC,UAAU,CAAC,SAAS,CAC9B,UAAU,EACV,KAAK,EACL,QAAQ,EACR,QAAQ,EACR,YAAY,CACb,CAAC;IACJ,CAAC;IAED;;;;;OAKG;IACH,MAAM,CAAC,KAAK,CAAC,QAAQ,CACnB,UAAkB;QAElB,OAAO,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;IAC9C,CAAC;IAED;;;;OAIG;IACH,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,UAAkB;QACzC,OAAO,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;IACjD,CAAC;IAED;;;;;OAKG;IACH,MAAM,CAAC,cAAc,CAAC,KAAoB;QACxC,OAAO,cAAc,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;IAC9C,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,cAAc;QACzB,OAAO,IAAI,CAAC,UAAU,CAAC,cAAc,EAAE,CAAC;IAC1C,CAAC"}
+{"version":3,"file":"oauth-token-storage.js","sourceRoot":"","sources":["../../../src/mcp/oauth-token-storage.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,kBAAkB,EAAE,MAAM,yCAAyC,CAAC;AAU7E,MAAM,oBAAoB,GAAG,sBAAsB,CAAC;AACpD,MAAM,gBAAgB,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;AAEvC;;;;;GAKG;AACH,MAAM,OAAO,oBAAoB;IAMZ;IALX,MAAM,CAAC,UAAU,GAAiB,IAAI,kBAAkB,CAC9D,oBAAoB,CACrB,CAAC;IAEF,YACmB,UAAwB,oBAAoB,CAAC,UAAU;QAAvD,YAAO,GAAP,OAAO,CAAgD;IACvE,CAAC;IAEJ;;;OAGG;IACH,MAAM,CAAC,aAAa,CAAC,KAAmB;QACtC,IAAI,CAAC,UAAU,GAAG,KAAK,CAAC;IAC1B,CAAC;IAED,MAAM,CAAC,aAAa;QAClB,OAAO,IAAI,CAAC,UAAU,CAAC;IACzB,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,UAAU;QACrB,OAAO,CAAC,MAAM,IAAI,CAAC,UAAU,CAAC,iBAAiB,EAAE,CAGhD,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,SAAS,CACpB,UAAkB,EAClB,KAAoB,EACpB,QAAiB,EACjB,QAAiB,EACjB,YAAqB;QAErB,MAAM,WAAW,GAAG,IAAI,CAAC,iBAAiB,CACxC,UAAU,EACV,KAAK,EACL,QAAQ,EACR,QAAQ,EACR,YAAY,CACb,CAAC;QACF,MAAM,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC,WAAW,CAAC,CAAC;IACpD,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,QAAQ,CACnB,UAAkB;QAElB,IAAI,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;QACpC,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;QACrE,OAAO,WAAyC,CAAC;IACnD,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,WAAW,CAAC,UAAkB;QACzC,IAAI,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;QACpC,MAAM,IAAI,CAAC,UAAU,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAAC;IACtD,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,KAAK,CAAC,cAAc;QACzB,MAAM,IAAI,CAAC,UAAU,CAAC,QAAQ,EAAE,CAAC;IACnC,CAAC;IAED;;OAEG;IACH,MAAM,CAAC,cAAc,CAAC,KAAoB;QACxC,IAAI,CAAC,KAAK,CAAC,SAAS,EAAE,CAAC;YACrB,OAAO,KAAK,CAAC;QACf,CAAC;QACD,OAAO,IAAI,CAAC,GAAG,EAAE,GAAG,gBAAgB,IAAI,KAAK,CAAC,SAAS,CAAC;IAC1D,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,cAAc,CAAC,UAAkB;QACrC,oBAAoB,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;QACpD,OAAO,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;IACjD,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,WAA6B;QAChD,oBAAoB,CAAC,kBAAkB,CAAC,WAAW,CAAC,UAAU,CAAC,CAAC;QAChE,oBAAoB,CAAC,aAAa,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;QACtD,MAAM,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC;YAChC,GAAG,WAAW;YACd,SAAS,EAAE,WAAW,CAAC,SAAS,IAAI,IAAI,CAAC,GAAG,EAAE;SAC/C,CAAC,CAAC;IACL,CAAC;IAED,KAAK,CAAC,iBAAiB,CAAC,UAAkB;QACxC,oBAAoB,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;QACpD,MAAM,IAAI,CAAC,OAAO,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAAC;IACnD,CAAC;IAED,KAAK,CAAC,WAAW;QACf,OAAO,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;IACpC,CAAC;IAED,KAAK,CAAC,iBAAiB;QACrB,OAAO,IAAI,CAAC,OAAO,CAAC,iBAAiB,EAAE,CAAC;IAC1C,CAAC;IAED,KAAK,CAAC,QAAQ;QACZ,MAAM,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC;IAChC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,SAAS,CACb,UAAkB,EAClB,KAAoB,EACpB,QAAiB,EACjB,QAAiB,EACjB,YAAqB;QAErB,MAAM,WAAW,GAAG,oBAAoB,CAAC,iBAAiB,CACxD,UAAU,EACV,KAAK,EACL,QAAQ,EACR,QAAQ,EACR,YAAY,CACb,CAAC;QACF,MAAM,IAAI,CAAC,OAAO,CAAC,cAAc,CAAC,WAAW,CAAC,CAAC;IACjD,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,QAAQ,CAAC,UAAkB;QAC/B,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;QAC1D,OAAO,WAAyC,CAAC;IACnD,CAAC;IAED,KAAK,CAAC,WAAW,CAAC,UAAkB;QAClC,MAAM,IAAI,CAAC,iBAAiB,CAAC,UAAU,CAAC,CAAC;IAC3C,CAAC;IAED,KAAK,CAAC,UAAU;QACd,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,iBAAiB,EAAE,CAAC;QAC9C,OAAO,MAA0C,CAAC;IACpD,CAAC;IAEO,MAAM,CAAC,kBAAkB,CAAC,UAAkB;QAClD,IAAI,CAAC,UAAU,IAAI,OAAO,UAAU,KAAK,QAAQ,EAAE,CAAC;YAClD,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;QAC5D,CAAC;QACD,IAAI,UAAU,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACnC,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;QAC5D,CAAC;IACH,CAAC;IAEO,MAAM,CAAC,aAAa,CAAC,KAAiB;QAC5C,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;YACxC,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;QAClD,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,WAAW,IAAI,OAAO,KAAK,CAAC,WAAW,KAAK,QAAQ,EAAE,CAAC;YAChE,MAAM,IAAI,KAAK,CAAC,sCAAsC,CAAC,CAAC;QAC1D,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,SAAS,IAAI,OAAO,KAAK,CAAC,SAAS,KAAK,QAAQ,EAAE,CAAC;YAC5D,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAC;QACxD,CAAC;IACH,CAAC;IAEO,MAAM,CAAC,iBAAiB,CAC9B,UAAkB,EAClB,KAAiB,EACjB,QAAiB,EACjB,QAAiB,EACjB,YAAqB;QAErB,IAAI,CAAC,kBAAkB,CAAC,UAAU,CAAC,CAAC;QACpC,IAAI,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC;QAE1B,OAAO;YACL,UAAU;YACV,KAAK;YACL,QAAQ;YACR,QAAQ;YACR,YAAY;YACZ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;SACtB,CAAC;IACJ,CAAC"}

package/dist/src/mcp/oauth-utils.js

@@ -79,6 +79,7 @@ export class OAuthUtils {
             authorizationUrl: metadata.authorization_endpoint,
             tokenUrl: metadata.token_endpoint,
             scopes: metadata.scopes_supported || [],
+            registrationUrl: metadata.registration_endpoint,
         };
     }
     /**

package/dist/src/mcp/oauth-utils.js.map

@@ -1 +1 @@
-{"version":3,"file":"oauth-utils.js","sourceRoot":"","sources":["../../../src/mcp/oauth-utils.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAgCrD;;GAEG;AACH,MAAM,OAAO,UAAU;IACrB;;;;OAIG;IACH,MAAM,CAAC,kBAAkB,CAAC,OAAe,EAAE,iBAAiB,GAAG,KAAK;QAClE,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC;QACnC,MAAM,IAAI,GAAG,GAAG,SAAS,CAAC,QAAQ,KAAK,SAAS,CAAC,IAAI,EAAE,CAAC;QAExD,IAAI,CAAC,iBAAiB,EAAE,CAAC;YACvB,qDAAqD;YACrD,OAAO;gBACL,iBAAiB,EAAE,IAAI,GAAG,CACxB,uCAAuC,EACvC,IAAI,CACL,CAAC,QAAQ,EAAE;gBACZ,mBAAmB,EAAE,IAAI,GAAG,CAC1B,yCAAyC,EACzC,IAAI,CACL,CAAC,QAAQ,EAAE;aACb,CAAC;QACJ,CAAC;QAED,8DAA8D;QAC9D,MAAM,UAAU,GAAG,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,CAAC,wBAAwB;QAClF,OAAO;YACL,iBAAiB,EAAE,IAAI,GAAG,CACxB,wCAAwC,UAAU,EAAE,EACpD,IAAI,CACL,CAAC,QAAQ,EAAE;YACZ,mBAAmB,EAAE,IAAI,GAAG,CAC1B,0CAA0C,UAAU,EAAE,EACtD,IAAI,CACL,CAAC,QAAQ,EAAE;SACb,CAAC;IACJ,CAAC;IAED;;;;;OAKG;IACH,MAAM,CAAC,KAAK,CAAC,8BAA8B,CACzC,mBAA2B;QAE3B,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,mBAAmB,CAAC,CAAC;YAClD,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,OAAO,IAAI,CAAC;YACd,CAAC;YACD,OAAO,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAmC,CAAC;QACnE,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CACX,oDAAoD,mBAAmB,KAAK,eAAe,CAAC,KAAK,CAAC,EAAE,CACrG,CAAC;YACF,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACH,MAAM,CAAC,KAAK,CAAC,gCAAgC,CAC3C,qBAA6B;QAE7B,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,qBAAqB,CAAC,CAAC;YACpD,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,OAAO,IAAI,CAAC;YACd,CAAC;YACD,OAAO,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAqC,CAAC;QACrE,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CACX,sDAAsD,qBAAqB,KAAK,eAAe,CAAC,KAAK,CAAC,EAAE,CACzG,CAAC;YACF,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACH,MAAM,CAAC,qBAAqB,CAC1B,QAA0C;QAE1C,OAAO;YACL,gBAAgB,EAAE,QAAQ,CAAC,sBAAsB;YACjD,QAAQ,EAAE,QAAQ,CAAC,cAAc;YACjC,MAAM,EAAE,QAAQ,CAAC,gBAAgB,IAAI,EAAE;SACxC,CAAC;IACJ,CAAC;IAED;;;;;;OAMG;IACH,MAAM,CAAC,KAAK,CAAC,mCAAmC,CAC9C,aAAqB;QAErB,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,CAAC;QAChD,MAAM,IAAI,GAAG,GAAG,gBAAgB,CAAC,QAAQ,KAAK,gBAAgB,CAAC,IAAI,EAAE,CAAC;QAEtE,MAAM,cAAc,GAAa,EAAE,CAAC;QAEpC,sEAAsE;QACtE,sBAAsB;QACtB,IAAI,gBAAgB,CAAC,QAAQ,KAAK,GAAG,EAAE,CAAC;YACtC,iEAAiE;YACjE,cAAc,CAAC,IAAI,CACjB,IAAI,GAAG,CACL,0CAA0C,gBAAgB,CAAC,QAAQ,EAAE,EACrE,IAAI,CACL,CAAC,QAAQ,EAAE,CACb,CAAC;YAEF,sDAAsD;YACtD,cAAc,CAAC,IAAI,CACjB,IAAI,GAAG,CACL,oCAAoC,gBAAgB,CAAC,QAAQ,EAAE,EAC/D,IAAI,CACL,CAAC,QAAQ,EAAE,CACb,CAAC;YAEF,sDAAsD;YACtD,cAAc,CAAC,IAAI,CACjB,IAAI,GAAG,CACL,GAAG,gBAAgB,CAAC,QAAQ,mCAAmC,EAC/D,IAAI,CACL,CAAC,QAAQ,EAAE,CACb,CAAC;QACJ,CAAC;QAED,2EAA2E;QAC3E,gEAAgE;QAEhE,6CAA6C;QAC7C,cAAc,CAAC,IAAI,CACjB,IAAI,GAAG,CAAC,yCAAyC,EAAE,IAAI,CAAC,CAAC,QAAQ,EAAE,CACpE,CAAC;QAEF,kCAAkC;QAClC,cAAc,CAAC,IAAI,CACjB,IAAI,GAAG,CAAC,mCAAmC,EAAE,IAAI,CAAC,CAAC,QAAQ,EAAE,CAC9D,CAAC;QAEF,KAAK,MAAM,QAAQ,IAAI,cAAc,EAAE,CAAC;YACtC,MAAM,kBAAkB,GACtB,MAAM,IAAI,CAAC,gCAAgC,CAAC,QAAQ,CAAC,CAAC;YACxD,IAAI,kBAAkB,EAAE,CAAC;gBACvB,OAAO,kBAAkB,CAAC;YAC5B,CAAC;QACH,CAAC;QAED,OAAO,CAAC,KAAK,CACX,sDAAsD,aAAa,EAAE,CACtE,CAAC;QACF,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;;OAKG;IACH,MAAM,CAAC,KAAK,CAAC,mBAAmB,CAC9B,SAAiB;QAEjB,IAAI,CAAC;YACH,0CAA0C;YAC1C,MAAM,aAAa,GAAG,IAAI,CAAC,kBAAkB,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;YAEhE,qDAAqD;YACrD,IAAI,gBAAgB,GAAG,MAAM,IAAI,CAAC,8BAA8B,CAC9D,aAAa,CAAC,iBAAiB,CAChC,CAAC;YAEF,uEAAuE;YACvE,IAAI,CAAC,gBAAgB,EAAE,CAAC;gBACtB,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC;gBAC/B,IAAI,GAAG,CAAC,QAAQ,IAAI,GAAG,CAAC,QAAQ,KAAK,GAAG,EAAE,CAAC;oBACzC,MAAM,aAAa,GAAG,IAAI,CAAC,kBAAkB,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;oBAC/D,gBAAgB,GAAG,MAAM,IAAI,CAAC,8BAA8B,CAC1D,aAAa,CAAC,iBAAiB,CAChC,CAAC;gBACJ,CAAC;YACH,CAAC;YAED,IAAI,gBAAgB,EAAE,qBAAqB,EAAE,MAAM,EAAE,CAAC;gBACpD,qCAAqC;gBACrC,MAAM,aAAa,GAAG,gBAAgB,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;gBAChE,MAAM,kBAAkB,GACtB,MAAM,IAAI,CAAC,mCAAmC,CAAC,aAAa,CAAC,CAAC;gBAEhE,IAAI,kBAAkB,EAAE,CAAC;oBACvB,MAAM,MAAM,GAAG,IAAI,CAAC,qBAAqB,CAAC,kBAAkB,CAAC,CAAC;oBAC9D,IAAI,kBAAkB,CAAC,qBAAqB,EAAE,CAAC;wBAC7C,OAAO,CAAC,GAAG,CACT,8CAA8C,EAC9C,kBAAkB,CAAC,qBAAqB,CACzC,CAAC;oBACJ,CAAC;oBACD,OAAO,MAAM,CAAC;gBAChB,CAAC;YACH,CAAC;YAED,qDAAqD;YACrD,OAAO,CAAC,KAAK,CAAC,sCAAsC,SAAS,EAAE,CAAC,CAAC;YACjE,MAAM,kBAAkB,GACtB,MAAM,IAAI,CAAC,mCAAmC,CAAC,SAAS,CAAC,CAAC;YAE5D,IAAI,kBAAkB,EAAE,CAAC;gBACvB,MAAM,MAAM,GAAG,IAAI,CAAC,qBAAqB,CAAC,kBAAkB,CAAC,CAAC;gBAC9D,IAAI,kBAAkB,CAAC,qBAAqB,EAAE,CAAC;oBAC7C,OAAO,CAAC,GAAG,CACT,8CAA8C,EAC9C,kBAAkB,CAAC,qBAAqB,CACzC,CAAC;gBACJ,CAAC;gBACD,OAAO,MAAM,CAAC;YAChB,CAAC;YAED,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CACX,2CAA2C,eAAe,CAAC,KAAK,CAAC,EAAE,CACpE,CAAC;YACF,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACH,MAAM,CAAC,0BAA0B,CAAC,MAAc;QAC9C,2CAA2C;QAC3C,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,6BAA6B,CAAC,CAAC;QAC1D,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,KAAK,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;;OAKG;IACH,MAAM,CAAC,KAAK,CAAC,gCAAgC,CAC3C,eAAuB;QAEvB,MAAM,mBAAmB,GACvB,IAAI,CAAC,0BAA0B,CAAC,eAAe,CAAC,CAAC;QACnD,IAAI,CAAC,mBAAmB,EAAE,CAAC;YACzB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,gBAAgB,GACpB,MAAM,IAAI,CAAC,8BAA8B,CAAC,mBAAmB,CAAC,CAAC;QACjE,IAAI,CAAC,gBAAgB,EAAE,qBAAqB,EAAE,MAAM,EAAE,CAAC;YACrD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,aAAa,GAAG,gBAAgB,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;QAChE,MAAM,kBAAkB,GACtB,MAAM,IAAI,CAAC,mCAAmC,CAAC,aAAa,CAAC,CAAC;QAEhE,IAAI,kBAAkB,EAAE,CAAC;YACvB,OAAO,IAAI,CAAC,qBAAqB,CAAC,kBAAkB,CAAC,CAAC;QACxD,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;;OAKG;IACH,MAAM,CAAC,cAAc,CAAC,YAAoB;QACxC,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,CAAC;QACxC,OAAO,GAAG,SAAS,CAAC,QAAQ,KAAK,SAAS,CAAC,IAAI,EAAE,CAAC;IACpD,CAAC;IAED;;;;;OAKG;IACH,MAAM,CAAC,aAAa,CAAC,GAAW;QAC9B,OAAO,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IACvD,CAAC;IAED;;;;;OAKG;IACH,MAAM,CAAC,sBAAsB,CAAC,WAAmB;QAC/C,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC;QACjC,OAAO,GAAG,GAAG,CAAC,QAAQ,KAAK,GAAG,CAAC,IAAI,EAAE,CAAC;IACxC,CAAC;CACF"}
+{"version":3,"file":"oauth-utils.js","sourceRoot":"","sources":["../../../src/mcp/oauth-utils.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,EAAE,eAAe,EAAE,MAAM,oBAAoB,CAAC;AAgCrD;;GAEG;AACH,MAAM,OAAO,UAAU;IACrB;;;;OAIG;IACH,MAAM,CAAC,kBAAkB,CAAC,OAAe,EAAE,iBAAiB,GAAG,KAAK;QAClE,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,CAAC;QACnC,MAAM,IAAI,GAAG,GAAG,SAAS,CAAC,QAAQ,KAAK,SAAS,CAAC,IAAI,EAAE,CAAC;QAExD,IAAI,CAAC,iBAAiB,EAAE,CAAC;YACvB,qDAAqD;YACrD,OAAO;gBACL,iBAAiB,EAAE,IAAI,GAAG,CACxB,uCAAuC,EACvC,IAAI,CACL,CAAC,QAAQ,EAAE;gBACZ,mBAAmB,EAAE,IAAI,GAAG,CAC1B,yCAAyC,EACzC,IAAI,CACL,CAAC,QAAQ,EAAE;aACb,CAAC;QACJ,CAAC;QAED,8DAA8D;QAC9D,MAAM,UAAU,GAAG,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,CAAC,wBAAwB;QAClF,OAAO;YACL,iBAAiB,EAAE,IAAI,GAAG,CACxB,wCAAwC,UAAU,EAAE,EACpD,IAAI,CACL,CAAC,QAAQ,EAAE;YACZ,mBAAmB,EAAE,IAAI,GAAG,CAC1B,0CAA0C,UAAU,EAAE,EACtD,IAAI,CACL,CAAC,QAAQ,EAAE;SACb,CAAC;IACJ,CAAC;IAED;;;;;OAKG;IACH,MAAM,CAAC,KAAK,CAAC,8BAA8B,CACzC,mBAA2B;QAE3B,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,mBAAmB,CAAC,CAAC;YAClD,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,OAAO,IAAI,CAAC;YACd,CAAC;YACD,OAAO,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAmC,CAAC;QACnE,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CACX,oDAAoD,mBAAmB,KAAK,eAAe,CAAC,KAAK,CAAC,EAAE,CACrG,CAAC;YACF,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACH,MAAM,CAAC,KAAK,CAAC,gCAAgC,CAC3C,qBAA6B;QAE7B,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,qBAAqB,CAAC,CAAC;YACpD,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,OAAO,IAAI,CAAC;YACd,CAAC;YACD,OAAO,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAqC,CAAC;QACrE,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CACX,sDAAsD,qBAAqB,KAAK,eAAe,CAAC,KAAK,CAAC,EAAE,CACzG,CAAC;YACF,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACH,MAAM,CAAC,qBAAqB,CAC1B,QAA0C;QAE1C,OAAO;YACL,gBAAgB,EAAE,QAAQ,CAAC,sBAAsB;YACjD,QAAQ,EAAE,QAAQ,CAAC,cAAc;YACjC,MAAM,EAAE,QAAQ,CAAC,gBAAgB,IAAI,EAAE;YACvC,eAAe,EAAE,QAAQ,CAAC,qBAAqB;SAChD,CAAC;IACJ,CAAC;IAED;;;;;;OAMG;IACH,MAAM,CAAC,KAAK,CAAC,mCAAmC,CAC9C,aAAqB;QAErB,MAAM,gBAAgB,GAAG,IAAI,GAAG,CAAC,aAAa,CAAC,CAAC;QAChD,MAAM,IAAI,GAAG,GAAG,gBAAgB,CAAC,QAAQ,KAAK,gBAAgB,CAAC,IAAI,EAAE,CAAC;QAEtE,MAAM,cAAc,GAAa,EAAE,CAAC;QAEpC,sEAAsE;QACtE,sBAAsB;QACtB,IAAI,gBAAgB,CAAC,QAAQ,KAAK,GAAG,EAAE,CAAC;YACtC,iEAAiE;YACjE,cAAc,CAAC,IAAI,CACjB,IAAI,GAAG,CACL,0CAA0C,gBAAgB,CAAC,QAAQ,EAAE,EACrE,IAAI,CACL,CAAC,QAAQ,EAAE,CACb,CAAC;YAEF,sDAAsD;YACtD,cAAc,CAAC,IAAI,CACjB,IAAI,GAAG,CACL,oCAAoC,gBAAgB,CAAC,QAAQ,EAAE,EAC/D,IAAI,CACL,CAAC,QAAQ,EAAE,CACb,CAAC;YAEF,sDAAsD;YACtD,cAAc,CAAC,IAAI,CACjB,IAAI,GAAG,CACL,GAAG,gBAAgB,CAAC,QAAQ,mCAAmC,EAC/D,IAAI,CACL,CAAC,QAAQ,EAAE,CACb,CAAC;QACJ,CAAC;QAED,2EAA2E;QAC3E,gEAAgE;QAEhE,6CAA6C;QAC7C,cAAc,CAAC,IAAI,CACjB,IAAI,GAAG,CAAC,yCAAyC,EAAE,IAAI,CAAC,CAAC,QAAQ,EAAE,CACpE,CAAC;QAEF,kCAAkC;QAClC,cAAc,CAAC,IAAI,CACjB,IAAI,GAAG,CAAC,mCAAmC,EAAE,IAAI,CAAC,CAAC,QAAQ,EAAE,CAC9D,CAAC;QAEF,KAAK,MAAM,QAAQ,IAAI,cAAc,EAAE,CAAC;YACtC,MAAM,kBAAkB,GACtB,MAAM,IAAI,CAAC,gCAAgC,CAAC,QAAQ,CAAC,CAAC;YACxD,IAAI,kBAAkB,EAAE,CAAC;gBACvB,OAAO,kBAAkB,CAAC;YAC5B,CAAC;QACH,CAAC;QAED,OAAO,CAAC,KAAK,CACX,sDAAsD,aAAa,EAAE,CACtE,CAAC;QACF,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;;OAKG;IACH,MAAM,CAAC,KAAK,CAAC,mBAAmB,CAC9B,SAAiB;QAEjB,IAAI,CAAC;YACH,0CAA0C;YAC1C,MAAM,aAAa,GAAG,IAAI,CAAC,kBAAkB,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;YAEhE,qDAAqD;YACrD,IAAI,gBAAgB,GAAG,MAAM,IAAI,CAAC,8BAA8B,CAC9D,aAAa,CAAC,iBAAiB,CAChC,CAAC;YAEF,uEAAuE;YACvE,IAAI,CAAC,gBAAgB,EAAE,CAAC;gBACtB,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC;gBAC/B,IAAI,GAAG,CAAC,QAAQ,IAAI,GAAG,CAAC,QAAQ,KAAK,GAAG,EAAE,CAAC;oBACzC,MAAM,aAAa,GAAG,IAAI,CAAC,kBAAkB,CAAC,SAAS,EAAE,IAAI,CAAC,CAAC;oBAC/D,gBAAgB,GAAG,MAAM,IAAI,CAAC,8BAA8B,CAC1D,aAAa,CAAC,iBAAiB,CAChC,CAAC;gBACJ,CAAC;YACH,CAAC;YAED,IAAI,gBAAgB,EAAE,qBAAqB,EAAE,MAAM,EAAE,CAAC;gBACpD,qCAAqC;gBACrC,MAAM,aAAa,GAAG,gBAAgB,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;gBAChE,MAAM,kBAAkB,GACtB,MAAM,IAAI,CAAC,mCAAmC,CAAC,aAAa,CAAC,CAAC;gBAEhE,IAAI,kBAAkB,EAAE,CAAC;oBACvB,MAAM,MAAM,GAAG,IAAI,CAAC,qBAAqB,CAAC,kBAAkB,CAAC,CAAC;oBAC9D,IAAI,kBAAkB,CAAC,qBAAqB,EAAE,CAAC;wBAC7C,OAAO,CAAC,GAAG,CACT,8CAA8C,EAC9C,kBAAkB,CAAC,qBAAqB,CACzC,CAAC;oBACJ,CAAC;oBACD,OAAO,MAAM,CAAC;gBAChB,CAAC;YACH,CAAC;YAED,qDAAqD;YACrD,OAAO,CAAC,KAAK,CAAC,sCAAsC,SAAS,EAAE,CAAC,CAAC;YACjE,MAAM,kBAAkB,GACtB,MAAM,IAAI,CAAC,mCAAmC,CAAC,SAAS,CAAC,CAAC;YAE5D,IAAI,kBAAkB,EAAE,CAAC;gBACvB,MAAM,MAAM,GAAG,IAAI,CAAC,qBAAqB,CAAC,kBAAkB,CAAC,CAAC;gBAC9D,IAAI,kBAAkB,CAAC,qBAAqB,EAAE,CAAC;oBAC7C,OAAO,CAAC,GAAG,CACT,8CAA8C,EAC9C,kBAAkB,CAAC,qBAAqB,CACzC,CAAC;gBACJ,CAAC;gBACD,OAAO,MAAM,CAAC;YAChB,CAAC;YAED,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO,CAAC,KAAK,CACX,2CAA2C,eAAe,CAAC,KAAK,CAAC,EAAE,CACpE,CAAC;YACF,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED;;;;;OAKG;IACH,MAAM,CAAC,0BAA0B,CAAC,MAAc;QAC9C,2CAA2C;QAC3C,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,6BAA6B,CAAC,CAAC;QAC1D,IAAI,KAAK,EAAE,CAAC;YACV,OAAO,KAAK,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;;OAKG;IACH,MAAM,CAAC,KAAK,CAAC,gCAAgC,CAC3C,eAAuB;QAEvB,MAAM,mBAAmB,GACvB,IAAI,CAAC,0BAA0B,CAAC,eAAe,CAAC,CAAC;QACnD,IAAI,CAAC,mBAAmB,EAAE,CAAC;YACzB,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,gBAAgB,GACpB,MAAM,IAAI,CAAC,8BAA8B,CAAC,mBAAmB,CAAC,CAAC;QACjE,IAAI,CAAC,gBAAgB,EAAE,qBAAqB,EAAE,MAAM,EAAE,CAAC;YACrD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,aAAa,GAAG,gBAAgB,CAAC,qBAAqB,CAAC,CAAC,CAAC,CAAC;QAChE,MAAM,kBAAkB,GACtB,MAAM,IAAI,CAAC,mCAAmC,CAAC,aAAa,CAAC,CAAC;QAEhE,IAAI,kBAAkB,EAAE,CAAC;YACvB,OAAO,IAAI,CAAC,qBAAqB,CAAC,kBAAkB,CAAC,CAAC;QACxD,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;;;;OAKG;IACH,MAAM,CAAC,cAAc,CAAC,YAAoB;QACxC,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,YAAY,CAAC,CAAC;QACxC,OAAO,GAAG,SAAS,CAAC,QAAQ,KAAK,SAAS,CAAC,IAAI,EAAE,CAAC;IACpD,CAAC;IAED;;;;;OAKG;IACH,MAAM,CAAC,aAAa,CAAC,GAAW;QAC9B,OAAO,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;IACvD,CAAC;IAED;;;;;OAKG;IACH,MAAM,CAAC,sBAAsB,CAAC,WAAmB;QAC/C,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC;QACjC,OAAO,GAAG,GAAG,CAAC,QAAQ,KAAK,GAAG,CAAC,IAAI,EAAE,CAAC;IACxC,CAAC;CACF"}

package/dist/src/mcp/sa-impersonation-provider.d.ts

@@ -0,0 +1,33 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import type { OAuthClientInformation, OAuthClientInformationFull, OAuthClientMetadata, OAuthTokens } from '@modelcontextprotocol/sdk/shared/auth.js';
+import type { MCPServerConfig } from '../config/config.js';
+import type { OAuthClientProvider } from '@modelcontextprotocol/sdk/client/auth.js';
+export declare class ServiceAccountImpersonationProvider implements OAuthClientProvider {
+    private readonly config;
+    private readonly targetServiceAccount;
+    private readonly targetAudience;
+    private readonly auth;
+    private cachedToken?;
+    private tokenExpiryTime?;
+    readonly redirectUrl = "";
+    readonly clientMetadata: OAuthClientMetadata;
+    private _clientInformation?;
+    constructor(config: MCPServerConfig);
+    clientInformation(): OAuthClientInformation | undefined;
+    saveClientInformation(clientInformation: OAuthClientInformationFull): void;
+    tokens(): Promise<OAuthTokens | undefined>;
+    saveTokens(_tokens: OAuthTokens): void;
+    redirectToAuthorization(_authorizationUrl: URL): void;
+    saveCodeVerifier(_codeVerifier: string): void;
+    codeVerifier(): string;
+    /**
+     * Parses a JWT string to extract its expiry time.
+     * @param idToken The JWT ID token.
+     * @returns The expiry time in **milliseconds**, or undefined if parsing fails.
+     */
+    private parseTokenExpiry;
+}

package/dist/src/mcp/sa-impersonation-provider.js

@@ -0,0 +1,130 @@
+/**
+ * @license
+ * Copyright 2025 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+import { GoogleAuth } from 'google-auth-library';
+const fiveMinBufferMs = 5 * 60 * 1000;
+function createIamApiUrl(targetSA) {
+    return `https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/${encodeURIComponent(targetSA)}:generateIdToken`;
+}
+export class ServiceAccountImpersonationProvider {
+    config;
+    targetServiceAccount;
+    targetAudience; // OAuth Client Id
+    auth;
+    cachedToken;
+    tokenExpiryTime;
+    // Properties required by OAuthClientProvider, with no-op values
+    redirectUrl = '';
+    clientMetadata = {
+        client_name: 'Gemini CLI (Service Account Impersonation)',
+        redirect_uris: [],
+        grant_types: [],
+        response_types: [],
+        token_endpoint_auth_method: 'none',
+    };
+    _clientInformation;
+    constructor(config) {
+        this.config = config;
+        // This check is done in mcp-client.ts. This is just an additional check.
+        if (!this.config.httpUrl && !this.config.url) {
+            throw new Error('A url or httpUrl must be provided for the Service Account Impersonation provider');
+        }
+        if (!config.targetAudience) {
+            throw new Error('targetAudience must be provided for the Service Account Impersonation provider');
+        }
+        this.targetAudience = config.targetAudience;
+        if (!config.targetServiceAccount) {
+            throw new Error('targetServiceAccount must be provided for the Service Account Impersonation provider');
+        }
+        this.targetServiceAccount = config.targetServiceAccount;
+        this.auth = new GoogleAuth();
+    }
+    clientInformation() {
+        return this._clientInformation;
+    }
+    saveClientInformation(clientInformation) {
+        this._clientInformation = clientInformation;
+    }
+    async tokens() {
+        // 1. Check if we have a valid, non-expired cached token.
+        if (this.cachedToken &&
+            this.tokenExpiryTime &&
+            Date.now() < this.tokenExpiryTime - fiveMinBufferMs) {
+            return this.cachedToken;
+        }
+        // 2. Clear any invalid/expired cache.
+        this.cachedToken = undefined;
+        this.tokenExpiryTime = undefined;
+        // 3. Fetch a new ID token.
+        const client = await this.auth.getClient();
+        const url = createIamApiUrl(this.targetServiceAccount);
+        let idToken;
+        try {
+            const res = await client.request({
+                url,
+                method: 'POST',
+                data: {
+                    audience: this.targetAudience,
+                    includeEmail: true,
+                },
+            });
+            idToken = res.data.token;
+            if (!idToken || idToken.length === 0) {
+                console.error('Failed to get ID token from Google');
+                return undefined;
+            }
+        }
+        catch (e) {
+            console.error('Failed to fetch ID token from Google:', e);
+            return undefined;
+        }
+        const expiryTime = this.parseTokenExpiry(idToken);
+        // Note: We are placing the OIDC ID Token into the `access_token` field.
+        // This is because the CLI uses this field to construct the
+        // `Authorization: Bearer <token>` header, which is the correct way to
+        // present an ID token.
+        const newTokens = {
+            access_token: idToken,
+            token_type: 'Bearer',
+        };
+        if (expiryTime) {
+            this.tokenExpiryTime = expiryTime;
+            this.cachedToken = newTokens;
+        }
+        return newTokens;
+    }
+    saveTokens(_tokens) {
+        // No-op
+    }
+    redirectToAuthorization(_authorizationUrl) {
+        // No-op
+    }
+    saveCodeVerifier(_codeVerifier) {
+        // No-op
+    }
+    codeVerifier() {
+        // No-op
+        return '';
+    }
+    /**
+     * Parses a JWT string to extract its expiry time.
+     * @param idToken The JWT ID token.
+     * @returns The expiry time in **milliseconds**, or undefined if parsing fails.
+     */
+    parseTokenExpiry(idToken) {
+        try {
+            const payload = JSON.parse(Buffer.from(idToken.split('.')[1], 'base64').toString());
+            if (payload && typeof payload.exp === 'number') {
+                return payload.exp * 1000; // Convert seconds to milliseconds
+            }
+        }
+        catch (e) {
+            console.error('Failed to parse ID token for expiry time with error:', e);
+        }
+        // Return undefined if try block fails or 'exp' is missing/invalid
+        return undefined;
+    }
+}
+//# sourceMappingURL=sa-impersonation-provider.js.map

package/dist/src/mcp/sa-impersonation-provider.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sa-impersonation-provider.js","sourceRoot":"","sources":["../../../src/mcp/sa-impersonation-provider.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAQH,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AAIjD,MAAM,eAAe,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC;AAEtC,SAAS,eAAe,CAAC,QAAgB;IACvC,OAAO,uEAAuE,kBAAkB,CAAC,QAAQ,CAAC,kBAAkB,CAAC;AAC/H,CAAC;AAED,MAAM,OAAO,mCAAmC;IAoBjB;IAjBZ,oBAAoB,CAAS;IAC7B,cAAc,CAAS,CAAC,kBAAkB;IAC1C,IAAI,CAAa;IAC1B,WAAW,CAAe;IAC1B,eAAe,CAAU;IAEjC,gEAAgE;IACvD,WAAW,GAAG,EAAE,CAAC;IACjB,cAAc,GAAwB;QAC7C,WAAW,EAAE,4CAA4C;QACzD,aAAa,EAAE,EAAE;QACjB,WAAW,EAAE,EAAE;QACf,cAAc,EAAE,EAAE;QAClB,0BAA0B,EAAE,MAAM;KACnC,CAAC;IACM,kBAAkB,CAA8B;IAExD,YAA6B,MAAuB;QAAvB,WAAM,GAAN,MAAM,CAAiB;QAClD,yEAAyE;QACzE,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC;YAC7C,MAAM,IAAI,KAAK,CACb,kFAAkF,CACnF,CAAC;QACJ,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,cAAc,EAAE,CAAC;YAC3B,MAAM,IAAI,KAAK,CACb,gFAAgF,CACjF,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,cAAc,GAAG,MAAM,CAAC,cAAc,CAAC;QAE5C,IAAI,CAAC,MAAM,CAAC,oBAAoB,EAAE,CAAC;YACjC,MAAM,IAAI,KAAK,CACb,sFAAsF,CACvF,CAAC;QACJ,CAAC;QACD,IAAI,CAAC,oBAAoB,GAAG,MAAM,CAAC,oBAAoB,CAAC;QAExD,IAAI,CAAC,IAAI,GAAG,IAAI,UAAU,EAAE,CAAC;IAC/B,CAAC;IAED,iBAAiB;QACf,OAAO,IAAI,CAAC,kBAAkB,CAAC;IACjC,CAAC;IAED,qBAAqB,CAAC,iBAA6C;QACjE,IAAI,CAAC,kBAAkB,GAAG,iBAAiB,CAAC;IAC9C,CAAC;IAED,KAAK,CAAC,MAAM;QACV,yDAAyD;QACzD,IACE,IAAI,CAAC,WAAW;YAChB,IAAI,CAAC,eAAe;YACpB,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,eAAe,GAAG,eAAe,EACnD,CAAC;YACD,OAAO,IAAI,CAAC,WAAW,CAAC;QAC1B,CAAC;QAED,sCAAsC;QACtC,IAAI,CAAC,WAAW,GAAG,SAAS,CAAC;QAC7B,IAAI,CAAC,eAAe,GAAG,SAAS,CAAC;QAEjC,2BAA2B;QAC3B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC;QAC3C,MAAM,GAAG,GAAG,eAAe,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;QAEvD,IAAI,OAAe,CAAC;QACpB,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,OAAO,CAAoB;gBAClD,GAAG;gBACH,MAAM,EAAE,MAAM;gBACd,IAAI,EAAE;oBACJ,QAAQ,EAAE,IAAI,CAAC,cAAc;oBAC7B,YAAY,EAAE,IAAI;iBACnB;aACF,CAAC,CAAC;YACH,OAAO,GAAG,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC;YAEzB,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACrC,OAAO,CAAC,KAAK,CAAC,oCAAoC,CAAC,CAAC;gBACpD,OAAO,SAAS,CAAC;YACnB,CAAC;QACH,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO,CAAC,KAAK,CAAC,uCAAuC,EAAE,CAAC,CAAC,CAAC;YAC1D,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,MAAM,UAAU,GAAG,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;QAClD,wEAAwE;QACxE,2DAA2D;QAC3D,sEAAsE;QACtE,uBAAuB;QACvB,MAAM,SAAS,GAAgB;YAC7B,YAAY,EAAE,OAAO;YACrB,UAAU,EAAE,QAAQ;SACrB,CAAC;QAEF,IAAI,UAAU,EAAE,CAAC;YACf,IAAI,CAAC,eAAe,GAAG,UAAU,CAAC;YAClC,IAAI,CAAC,WAAW,GAAG,SAAS,CAAC;QAC/B,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,UAAU,CAAC,OAAoB;QAC7B,QAAQ;IACV,CAAC;IAED,uBAAuB,CAAC,iBAAsB;QAC5C,QAAQ;IACV,CAAC;IAED,gBAAgB,CAAC,aAAqB;QACpC,QAAQ;IACV,CAAC;IAED,YAAY;QACV,QAAQ;QACR,OAAO,EAAE,CAAC;IACZ,CAAC;IAED;;;;OAIG;IACK,gBAAgB,CAAC,OAAe;QACtC,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CACxB,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC,QAAQ,EAAE,CACxD,CAAC;YAEF,IAAI,OAAO,IAAI,OAAO,OAAO,CAAC,GAAG,KAAK,QAAQ,EAAE,CAAC;gBAC/C,OAAO,OAAO,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC,kCAAkC;YAC/D,CAAC;QACH,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO,CAAC,KAAK,CAAC,sDAAsD,EAAE,CAAC,CAAC,CAAC;QAC3E,CAAC;QAED,kEAAkE;QAClE,OAAO,SAAS,CAAC;IACnB,CAAC;CACF"}

package/dist/src/mcp/token-storage/hybrid-token-storage.js

@@ -6,7 +6,7 @@
 import { BaseTokenStorage } from './base-token-storage.js';
 import { FileTokenStorage } from './file-token-storage.js';
 import { TokenStorageType } from './types.js';
-const FORCE_FILE_STORAGE_ENV_VAR = 'GEMINI_FORCE_FILE_STORAGE';
+const FORCE_FILE_STORAGE_ENV_VAR = 'LLXPRT_FORCE_FILE_STORAGE';
 export class HybridTokenStorage extends BaseTokenStorage {
     storage = null;
     storageType = null;

package/dist/src/policy/config.d.ts

@@ -0,0 +1,51 @@
+/**
+ * Policy Configuration
+ *
+ * Creates PolicyEngineConfig by merging:
+ * 1. Default TOML policy files (read-only, write)
+ * 2. Legacy ApprovalMode migration rules
+ * 3. User-defined TOML policies (if provided)
+ * 4. Runtime rules (e.g., "Always Allow" UI selections)
+ *
+ * Implements legacy migration from ApprovalMode and --allowed-tools to policy rules.
+ */
+import { type PolicyRule, type PolicyEngineConfig } from './types.js';
+import { ApprovalMode } from '../config/config.js';
+/**
+ * Minimal Config interface for policy creation
+ * Avoids circular dependency by only requiring the methods we need
+ */
+export interface PolicyConfigSource {
+    getApprovalMode(): ApprovalMode;
+    getAllowedTools(): string[] | undefined;
+    getNonInteractive(): boolean;
+    getUserPolicyPath?(): string | undefined;
+}
+/**
+ * Converts legacy ApprovalMode and --allowed-tools to policy rules.
+ *
+ * Priority bands:
+ * - 1.999: YOLO mode allow-all (wildcard)
+ * - 1.015: AUTO_EDIT mode write tools
+ * - 2.3: --allowed-tools CLI flag
+ *
+ * @param config - Config object with approval mode and allowed tools
+ * @returns Array of PolicyRule objects representing legacy settings
+ */
+export declare function migrateLegacyApprovalMode(config: PolicyConfigSource): PolicyRule[];
+/**
+ * Creates the full PolicyEngineConfig by merging:
+ * 1. Default TOML policy files (read-only.toml, write.toml)
+ * 2. Legacy ApprovalMode migration rules
+ * 3. User-defined TOML policies (if userPolicyPath provided)
+ * 4. Runtime rules (can be added later via PolicyEngine.addRule)
+ *
+ * Rules are evaluated by priority (highest wins), so:
+ * - User policies (Tier 2: 2.xxx) override defaults (Tier 1: 1.xxx)
+ * - Legacy migration rules slot into appropriate priority bands
+ * - Admin policies (Tier 3: 3.xxx, if added later) override all
+ *
+ * @param config - Config object with policy settings
+ * @returns PolicyEngineConfig ready for PolicyEngine construction
+ */
+export declare function createPolicyEngineConfig(config: PolicyConfigSource): Promise<PolicyEngineConfig>;

package/dist/src/policy/config.js

@@ -0,0 +1,102 @@
+/**
+ * Policy Configuration
+ *
+ * Creates PolicyEngineConfig by merging:
+ * 1. Default TOML policy files (read-only, write)
+ * 2. Legacy ApprovalMode migration rules
+ * 3. User-defined TOML policies (if provided)
+ * 4. Runtime rules (e.g., "Always Allow" UI selections)
+ *
+ * Implements legacy migration from ApprovalMode and --allowed-tools to policy rules.
+ */
+import { PolicyDecision, } from './types.js';
+import { loadDefaultPolicies, loadPolicyFromToml } from './toml-loader.js';
+import { ApprovalMode } from '../config/config.js';
+/**
+ * Converts legacy ApprovalMode and --allowed-tools to policy rules.
+ *
+ * Priority bands:
+ * - 1.999: YOLO mode allow-all (wildcard)
+ * - 1.015: AUTO_EDIT mode write tools
+ * - 2.3: --allowed-tools CLI flag
+ *
+ * @param config - Config object with approval mode and allowed tools
+ * @returns Array of PolicyRule objects representing legacy settings
+ */
+export function migrateLegacyApprovalMode(config) {
+    const rules = [];
+    // Map ApprovalMode
+    const approvalMode = config.getApprovalMode();
+    if (approvalMode === ApprovalMode.YOLO) {
+        // YOLO mode: allow all tools with wildcard rule
+        rules.push({
+            // toolName: undefined means wildcard - matches all tools
+            decision: PolicyDecision.ALLOW,
+            priority: 1.999,
+        });
+    }
+    else if (approvalMode === ApprovalMode.AUTO_EDIT) {
+        // AUTO_EDIT mode: allow write tools at priority 1.015
+        const writeTools = ['edit', 'smart_edit', 'write_file', 'shell', 'memory'];
+        for (const tool of writeTools) {
+            rules.push({
+                toolName: tool,
+                decision: PolicyDecision.ALLOW,
+                priority: 1.015,
+            });
+        }
+    }
+    // ApprovalMode.DEFAULT doesn't add any rules - standard policy stack applies
+    // Map --allowed-tools
+    const allowedTools = config.getAllowedTools() ?? [];
+    for (const tool of allowedTools) {
+        rules.push({
+            toolName: tool,
+            decision: PolicyDecision.ALLOW,
+            priority: 2.3,
+        });
+    }
+    return rules;
+}
+/**
+ * Creates the full PolicyEngineConfig by merging:
+ * 1. Default TOML policy files (read-only.toml, write.toml)
+ * 2. Legacy ApprovalMode migration rules
+ * 3. User-defined TOML policies (if userPolicyPath provided)
+ * 4. Runtime rules (can be added later via PolicyEngine.addRule)
+ *
+ * Rules are evaluated by priority (highest wins), so:
+ * - User policies (Tier 2: 2.xxx) override defaults (Tier 1: 1.xxx)
+ * - Legacy migration rules slot into appropriate priority bands
+ * - Admin policies (Tier 3: 3.xxx, if added later) override all
+ *
+ * @param config - Config object with policy settings
+ * @returns PolicyEngineConfig ready for PolicyEngine construction
+ */
+export async function createPolicyEngineConfig(config) {
+    const rules = [];
+    // 1. Load default policies from TOML
+    const defaultRules = await loadDefaultPolicies();
+    rules.push(...defaultRules);
+    // 2. Migrate legacy settings (ApprovalMode, --allowed-tools)
+    const legacyRules = migrateLegacyApprovalMode(config);
+    rules.push(...legacyRules);
+    // 3. Load user-defined policies (if any)
+    const userPolicyPath = config.getUserPolicyPath?.();
+    if (userPolicyPath) {
+        try {
+            const userRules = await loadPolicyFromToml(userPolicyPath);
+            rules.push(...userRules);
+        }
+        catch (error) {
+            // Log warning but don't fail - user policies are optional
+            console.warn(`Failed to load user policy from ${userPolicyPath}:`, error);
+        }
+    }
+    return {
+        rules,
+        defaultDecision: PolicyDecision.ASK_USER,
+        nonInteractive: config.getNonInteractive(),
+    };
+}
+//# sourceMappingURL=config.js.map

package/dist/src/policy/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../../../src/policy/config.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EACL,cAAc,GAGf,MAAM,YAAY,CAAC;AACpB,OAAO,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,MAAM,kBAAkB,CAAC;AAC3E,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AAanD;;;;;;;;;;GAUG;AACH,MAAM,UAAU,yBAAyB,CACvC,MAA0B;IAE1B,MAAM,KAAK,GAAiB,EAAE,CAAC;IAE/B,mBAAmB;IACnB,MAAM,YAAY,GAAG,MAAM,CAAC,eAAe,EAAE,CAAC;IAE9C,IAAI,YAAY,KAAK,YAAY,CAAC,IAAI,EAAE,CAAC;QACvC,gDAAgD;QAChD,KAAK,CAAC,IAAI,CAAC;YACT,yDAAyD;YACzD,QAAQ,EAAE,cAAc,CAAC,KAAK;YAC9B,QAAQ,EAAE,KAAK;SAChB,CAAC,CAAC;IACL,CAAC;SAAM,IAAI,YAAY,KAAK,YAAY,CAAC,SAAS,EAAE,CAAC;QACnD,sDAAsD;QACtD,MAAM,UAAU,GAAG,CAAC,MAAM,EAAE,YAAY,EAAE,YAAY,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;QAC3E,KAAK,MAAM,IAAI,IAAI,UAAU,EAAE,CAAC;YAC9B,KAAK,CAAC,IAAI,CAAC;gBACT,QAAQ,EAAE,IAAI;gBACd,QAAQ,EAAE,cAAc,CAAC,KAAK;gBAC9B,QAAQ,EAAE,KAAK;aAChB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IACD,6EAA6E;IAE7E,sBAAsB;IACtB,MAAM,YAAY,GAAG,MAAM,CAAC,eAAe,EAAE,IAAI,EAAE,CAAC;IACpD,KAAK,MAAM,IAAI,IAAI,YAAY,EAAE,CAAC;QAChC,KAAK,CAAC,IAAI,CAAC;YACT,QAAQ,EAAE,IAAI;YACd,QAAQ,EAAE,cAAc,CAAC,KAAK;YAC9B,QAAQ,EAAE,GAAG;SACd,CAAC,CAAC;IACL,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;;;;;;;;;;GAcG;AACH,MAAM,CAAC,KAAK,UAAU,wBAAwB,CAC5C,MAA0B;IAE1B,MAAM,KAAK,GAAiB,EAAE,CAAC;IAE/B,qCAAqC;IACrC,MAAM,YAAY,GAAG,MAAM,mBAAmB,EAAE,CAAC;IACjD,KAAK,CAAC,IAAI,CAAC,GAAG,YAAY,CAAC,CAAC;IAE5B,6DAA6D;IAC7D,MAAM,WAAW,GAAG,yBAAyB,CAAC,MAAM,CAAC,CAAC;IACtD,KAAK,CAAC,IAAI,CAAC,GAAG,WAAW,CAAC,CAAC;IAE3B,yCAAyC;IACzC,MAAM,cAAc,GAAG,MAAM,CAAC,iBAAiB,EAAE,EAAE,CAAC;IACpD,IAAI,cAAc,EAAE,CAAC;QACnB,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,MAAM,kBAAkB,CAAC,cAAc,CAAC,CAAC;YAC3D,KAAK,CAAC,IAAI,CAAC,GAAG,SAAS,CAAC,CAAC;QAC3B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,0DAA0D;YAC1D,OAAO,CAAC,IAAI,CAAC,mCAAmC,cAAc,GAAG,EAAE,KAAK,CAAC,CAAC;QAC5E,CAAC;IACH,CAAC;IAED,OAAO;QACL,KAAK;QACL,eAAe,EAAE,cAAc,CAAC,QAAQ;QACxC,cAAc,EAAE,MAAM,CAAC,iBAAiB,EAAE;KAC3C,CAAC;AACJ,CAAC"}

package/dist/src/policy/index.d.ts

@@ -0,0 +1,5 @@
+export * from './types.js';
+export * from './policy-engine.js';
+export * from './stable-stringify.js';
+export * from './config.js';
+export * from './toml-loader.js';

package/dist/src/policy/index.js

@@ -0,0 +1,6 @@
+export * from './types.js';
+export * from './policy-engine.js';
+export * from './stable-stringify.js';
+export * from './config.js';
+export * from './toml-loader.js';
+//# sourceMappingURL=index.js.map

package/dist/src/policy/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/policy/index.ts"],"names":[],"mappings":"AAAA,cAAc,YAAY,CAAC;AAC3B,cAAc,oBAAoB,CAAC;AACnC,cAAc,uBAAuB,CAAC;AACtC,cAAc,aAAa,CAAC;AAC5B,cAAc,kBAAkB,CAAC"}

package/dist/src/policy/policies/discovered.toml

@@ -0,0 +1,9 @@
+# Default policy for discovered tools (MCP, extensions, etc.)
+# Priority band: 1.01 (Tier 1 - Default)
+# Discovered tools require user confirmation unless explicitly trusted
+
+[[rule]]
+# Match all discovered tools (tools with discovered_tool_ prefix will be added by ToolRegistry)
+toolName = "discovered_tool_"
+decision = "ask_user"
+priority = 1.01

package/dist/src/policy/policies/read-only.toml

@@ -0,0 +1,68 @@
+# Default read-only tool policy
+# Priority band: 1.05 (Tier 1 - Default)
+# These tools are considered safe for auto-approval
+
+[[rule]]
+toolName = "glob"
+decision = "allow"
+priority = 1.05
+
+[[rule]]
+toolName = "grep"
+decision = "allow"
+priority = 1.05
+
+[[rule]]
+toolName = "ls"
+decision = "allow"
+priority = 1.05
+
+[[rule]]
+toolName = "read_file"
+decision = "allow"
+priority = 1.05
+
+[[rule]]
+toolName = "read_many_files"
+decision = "allow"
+priority = 1.05
+
+[[rule]]
+toolName = "ripgrep"
+decision = "allow"
+priority = 1.05
+
+[[rule]]
+toolName = "web_search"
+decision = "allow"
+priority = 1.05
+
+[[rule]]
+toolName = "task"
+decision = "allow"
+priority = 1.05
+
+[[rule]]
+toolName = "write_todos"
+decision = "allow"
+priority = 1.05
+
+[[rule]]
+toolName = "list_subagents"
+decision = "allow"
+priority = 1.05
+
+[[rule]]
+toolName = "notebook_edit"
+decision = "allow"
+priority = 1.05
+
+[[rule]]
+toolName = "slash_command"
+decision = "allow"
+priority = 1.05
+
+[[rule]]
+toolName = "skill"
+decision = "allow"
+priority = 1.05

package/dist/src/policy/policies/write.toml

@@ -0,0 +1,69 @@
+# Default write tool policy
+# Priority band: 1.01 (Tier 1 - Default)
+# These tools require user confirmation by default
+
+[[rule]]
+toolName = "edit"
+decision = "ask_user"
+priority = 1.01
+
+[[rule]]
+toolName = "smart_edit"
+decision = "ask_user"
+priority = 1.01
+
+[[rule]]
+toolName = "write_file"
+decision = "ask_user"
+priority = 1.01
+
+[[rule]]
+toolName = "shell"
+decision = "ask_user"
+priority = 1.01
+
+[[rule]]
+toolName = "memory"
+decision = "ask_user"
+priority = 1.01
+
+[[rule]]
+toolName = "web_fetch"
+decision = "ask_user"
+priority = 1.01
+
+[[rule]]
+toolName = "mcp_tool"
+decision = "ask_user"
+priority = 1.01
+
+# Shell commands with dangerous patterns are denied
+[[rule]]
+toolName = "shell"
+argsPattern = "rm\\s+-rf\\s+/"
+decision = "deny"
+priority = 2.0
+
+[[rule]]
+toolName = "shell"
+argsPattern = "chmod\\s+777"
+decision = "deny"
+priority = 2.0
+
+[[rule]]
+toolName = "shell"
+argsPattern = "dd\\s+if="
+decision = "deny"
+priority = 2.0
+
+[[rule]]
+toolName = "shell"
+argsPattern = "mkfs\\."
+decision = "deny"
+priority = 2.0
+
+[[rule]]
+toolName = "shell"
+argsPattern = ":(){ :|:& };:"
+decision = "deny"
+priority = 2.0

package/dist/src/policy/policies/yolo.toml

@@ -0,0 +1,8 @@
+# YOLO mode policy - allow everything
+# Priority band: 1.999 (Tier 1 - Default, just below user settings)
+# WARNING: This disables all safety checks. Use only in trusted environments.
+
+[[rule]]
+# No toolName specified = wildcard (matches all tools)
+decision = "allow"
+priority = 1.999

package/dist/src/policy/policy-engine.d.ts

@@ -0,0 +1,55 @@
+import { PolicyDecision, type PolicyEngineConfig, type PolicyRule } from './types.js';
+/**
+ * PolicyEngine evaluates tool execution requests against configured rules.
+ * Rules are matched in priority order, with the highest priority rule winning.
+ */
+export declare class PolicyEngine {
+    private readonly rules;
+    private readonly defaultDecision;
+    private readonly nonInteractive;
+    constructor(config?: PolicyEngineConfig);
+    /**
+     * Evaluates a tool execution request and returns a policy decision.
+     *
+     * @param toolName - The name of the tool being executed
+     * @param args - The arguments passed to the tool
+     * @param serverName - Optional MCP server name (for spoofing prevention)
+     * @returns PolicyDecision (ALLOW, DENY, or ASK_USER)
+     */
+    evaluate(toolName: string, args: Record<string, unknown>, serverName?: string): PolicyDecision;
+    /**
+     * Finds the highest priority rule matching the tool and args.
+     *
+     * @param toolName - The name of the tool
+     * @param args - The tool arguments
+     * @returns The matching rule, or undefined if none match
+     */
+    private findMatchingRule;
+    /**
+     * Validates that a tool name matches its claimed server name.
+     * Returns null if spoofing is detected, otherwise returns the tool name.
+     *
+     * @param toolName - The tool name (may include server prefix)
+     * @param serverName - The claimed server name
+     * @returns The validated tool name, or null if spoofing detected
+     */
+    private validateServerName;
+    /**
+     * Returns all configured rules (for debugging/inspection).
+     *
+     * @returns Array of policy rules
+     */
+    getRules(): readonly PolicyRule[];
+    /**
+     * Returns the default decision used when no rules match.
+     *
+     * @returns PolicyDecision
+     */
+    getDefaultDecision(): PolicyDecision;
+    /**
+     * Returns whether the engine is in non-interactive mode.
+     *
+     * @returns boolean
+     */
+    isNonInteractive(): boolean;
+}