borgmcp 0.2.0-beta.1

package/README.md

@@ -0,0 +1,250 @@
+# Borg MCP Client
+
+Local MCP client that syncs your `~/.claude/CLAUDE.md` file to the Borg MCP cloud service.
+
+## Features
+
+- **Automatic Sync**: Watches `~/.claude/CLAUDE.md` and auto-syncs changes to cloud
+- **Conflict Detection**: Never lose data - conflicts are detected and backed up for manual resolution
+- **Secure Storage**: OAuth tokens stored in OS keychain (macOS Keychain, Windows Credential Manager, Linux Secret Service)
+- **Offline Support**: Exponential backoff retry logic handles network failures gracefully
+- **Google OAuth**: Secure authentication via Google OAuth 2.0 device code flow
+
+## Prerequisites
+
+1. **Node.js 18+** with npm
+2. **Google OAuth Credentials** (required for authentication)
+   - Client ID
+   - Client Secret
+3. **Borg MCP Subscription** ($2/month with 7-day trial)
+
+## Installation
+
+### 1. Install Dependencies
+
+```bash
+cd client
+npm install
+```
+
+### 2. Build the Client
+
+```bash
+npm run build
+```
+
+### 3. Set Up Environment Variables
+
+Create a `.env` file or export these variables:
+
+```bash
+export GOOGLE_CLIENT_ID="your-client-id.apps.googleusercontent.com"
+export GOOGLE_CLIENT_SECRET="your-client-secret"
+```
+
+### 4. Configure Claude Code MCP Settings
+
+Add the client to your Claude Code MCP configuration file at `~/.config/claude/mcp_config.json`:
+
+```json
+{
+  "mcpServers": {
+    "borg-mcp": {
+      "command": "node",
+      "args": [
+        "/absolute/path/to/mcp-claude-md-storage/client/dist/index.js"
+      ],
+      "env": {
+        "GOOGLE_CLIENT_ID": "your-client-id.apps.googleusercontent.com",
+        "GOOGLE_CLIENT_SECRET": "your-client-secret"
+      }
+    }
+  }
+}
+```
+
+**Important**: Replace `/absolute/path/to/` with the actual path to your project directory.
+
+## First-Time Setup
+
+### Authentication Flow
+
+On first run, the client will prompt you to authenticate:
+
+```
+🔐 Borg MCP Authentication
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+📱 Please visit: https://www.google.com/device
+🔑 And enter code: XXXX-XXXX
+
+Waiting for authorization...
+```
+
+1. Visit the URL shown
+2. Enter the device code
+3. Authorize with your Google account
+4. Tokens are securely stored in your OS keychain
+
+### Subscription
+
+After authentication, create a subscription:
+
+```
+Tools available:
+- subscribe: Create Stripe checkout session ($2/month, 7-day trial)
+```
+
+Use the `subscribe` tool in Claude Code to get a checkout URL and complete payment.
+
+## How It Works
+
+### Initial Sync
+
+On startup, the client performs an initial sync:
+
+- If remote has content and local is empty → **pulls from cloud**
+- If local has content and remote is empty → **pushes to cloud**
+- If both exist and match → **no sync needed**
+- If both exist and differ → **conflict detection**
+
+### Automatic File Watching
+
+The client watches `~/.claude/CLAUDE.md` for changes:
+
+- **Debouncing**: 1 second delay to batch rapid edits
+- **Content Hashing**: Only syncs when content actually changes (ignores temp saves)
+- **Real-time Upload**: Changes auto-sync to cloud within seconds
+
+### Conflict Resolution
+
+If both local and remote files have been modified since last sync:
+
+```
+⚠️  SYNC CONFLICT DETECTED
+━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+Both local and remote CLAUDE.md have been modified.
+Local file:    ~/.claude/CLAUDE.md
+Remote backup: ~/.claude/CLAUDE.md.conflict
+
+Please resolve manually by choosing one version or merging them.
+Delete the .conflict file once resolved.
+```
+
+**Resolution Steps**:
+1. Compare `~/.claude/CLAUDE.md` (local) with `~/.claude/CLAUDE.md.conflict` (remote)
+2. Manually merge or choose one version
+3. Delete `.conflict` file when done
+
+## Available Tools
+
+Once configured, these tools are available in Claude Code:
+
+- **subscribe**: Create Stripe checkout session for $2/month (7-day free trial)
+- **get_claude_md**: Manually fetch CLAUDE.md from cloud
+- **set_claude_md**: Manually upload CLAUDE.md to cloud
+- **delete_claude_md**: Delete CLAUDE.md from cloud
+- **subscription_status**: Check your current subscription status
+- **export_data**: Export all your data (GDPR compliance)
+- **sync_now**: Force immediate sync with cloud
+
+## Troubleshooting
+
+### "Authentication required" Error
+
+Your OAuth token has expired. Re-run the client and follow the authentication flow again.
+
+```bash
+# Manually trigger re-auth by clearing tokens
+node dist/index.js
+```
+
+### Sync Conflicts Not Resolving
+
+1. Check that `.conflict` file exists at `~/.claude/CLAUDE.md.conflict`
+2. Manually merge changes between local and conflict file
+3. Delete `.conflict` file to clear the conflict state
+
+### File Watcher Not Detecting Changes
+
+- Verify `~/.claude/CLAUDE.md` path exists
+- Check file permissions (must be readable/writable)
+- Some editors use atomic writes (rename temp file) which may delay detection
+
+### Network Failures
+
+The client automatically retries with exponential backoff:
+- Retry 1: 1 second delay
+- Retry 2: 2 second delay
+- Retry 3: 4 second delay
+- Max retries: 3
+
+If network is down, edits are queued and will sync once connection is restored.
+
+## Security
+
+### Token Storage
+
+OAuth tokens are stored using platform-specific secure credential managers:
+
+- **macOS**: Keychain Access
+- **Windows**: Credential Manager
+- **Linux**: Secret Service API (libsecret)
+
+Tokens are **never** written to disk in plain text.
+
+### Authentication
+
+- Uses Google OAuth 2.0 device code flow (designed for CLI apps)
+- ID tokens are automatically refreshed when expired
+- Auth tokens are automatically injected into all remote API calls
+
+## Development
+
+### Running from Source
+
+```bash
+npm run dev
+```
+
+### Building
+
+```bash
+npm run build
+```
+
+### Testing
+
+```bash
+npm test
+```
+
+## Architecture
+
+```
+┌─────────────────┐
+│  Claude Code    │
+└────────┬────────┘
+         │ stdio MCP
+         │
+┌────────▼────────┐
+│  Borg MCP       │◄──┐
+│  Client         │   │ File Watcher
+└────────┬────────┘   │ (chokidar)
+         │            │
+         │         ┌──▼──────────────┐
+         │         │ ~/.claude/      │
+         │         │ CLAUDE.md       │
+         │         └─────────────────┘
+         │ HTTPS + Auth
+         │
+┌────────▼────────┐
+│ api.borgmcp.ai  │
+│ (Remote Server) │
+└─────────────────┘
+```
+
+## License
+
+MIT

package/dist/auth.d.ts

@@ -0,0 +1,24 @@
+/**
+ * Google OAuth 2.0 Authorization Code Flow with PKCE
+ * For Desktop/CLI applications
+ *
+ * Flow:
+ * 1. Generate PKCE code_verifier and code_challenge
+ * 2. Start local HTTP server for callback
+ * 3. Open browser to Google authorization URL
+ * 4. User authorizes in browser
+ * 5. Receive authorization code via localhost callback
+ * 6. Exchange code for tokens
+ * 7. Store tokens securely in OS keychain
+ */
+/**
+ * Perform complete OAuth authorization code flow with PKCE
+ * Opens browser for user authorization
+ * Stores tokens in OS keychain on success
+ */
+export declare function authenticateWithGoogle(): Promise<void>;
+/**
+ * Refresh ID token using refresh token
+ */
+export declare function refreshIdToken(refreshToken: string): Promise<void>;
+//# sourceMappingURL=auth.d.ts.map

package/dist/auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAsLH;;;;GAIG;AACH,wBAAsB,sBAAsB,IAAI,OAAO,CAAC,IAAI,CAAC,CA+C5D;AAED;;GAEG;AACH,wBAAsB,cAAc,CAClC,YAAY,EAAE,MAAM,GACnB,OAAO,CAAC,IAAI,CAAC,CAsBf"}

package/dist/auth.js

@@ -0,0 +1,223 @@
+/**
+ * Google OAuth 2.0 Authorization Code Flow with PKCE
+ * For Desktop/CLI applications
+ *
+ * Flow:
+ * 1. Generate PKCE code_verifier and code_challenge
+ * 2. Start local HTTP server for callback
+ * 3. Open browser to Google authorization URL
+ * 4. User authorizes in browser
+ * 5. Receive authorization code via localhost callback
+ * 6. Exchange code for tokens
+ * 7. Store tokens securely in OS keychain
+ */
+import { createServer } from 'http';
+import { URL } from 'url';
+import crypto from 'crypto';
+import open from 'open';
+import { storeIdToken, storeRefreshToken } from './config.js';
+// Google OAuth Client credentials for Borg MCP CLI (Desktop app)
+// Per Google's documentation: "the client secret is obviously not treated as a secret"
+// for installed/desktop applications. This follows industry standard (AWS CLI, gcloud, GitHub CLI)
+const GOOGLE_CLIENT_ID = '675073910799-41pbe12rfhqemidh64h09s4q3e0udpgp.apps.googleusercontent.com';
+const GOOGLE_CLIENT_SECRET = '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';
+const GOOGLE_AUTHORIZE_URL = 'https://accounts.google.com/o/oauth2/v2/auth';
+const GOOGLE_TOKEN_URL = 'https://oauth2.googleapis.com/token';
+const SCOPES = ['openid', 'email', 'profile'];
+// Port range for dynamic port selection (8000-9000)
+const PORT_RANGE_START = 8000;
+const PORT_RANGE_END = 9000;
+/**
+ * Generate PKCE code_verifier and code_challenge
+ * Uses SHA256 hashing per OAuth 2.0 PKCE spec (RFC 7636)
+ */
+function generatePKCE() {
+    // Generate random code_verifier (43-128 characters)
+    const verifier = crypto.randomBytes(32).toString('base64url');
+    // Generate code_challenge = BASE64URL(SHA256(code_verifier))
+    const challenge = crypto
+        .createHash('sha256')
+        .update(verifier)
+        .digest('base64url');
+    return { verifier, challenge };
+}
+/**
+ * Find an available port in the specified range
+ */
+async function findAvailablePort() {
+    return new Promise((resolve, reject) => {
+        // Try to bind to port 0 to let the OS assign a free port
+        const testServer = createServer();
+        testServer.listen(0, () => {
+            const address = testServer.address();
+            if (address && typeof address === 'object') {
+                const port = address.port;
+                testServer.close(() => resolve(port));
+            }
+            else {
+                testServer.close(() => reject(new Error('Failed to get assigned port')));
+            }
+        });
+        testServer.on('error', reject);
+    });
+}
+/**
+ * Start local HTTP server to receive OAuth callback
+ * Returns { server, port, codePromise }
+ */
+async function startCallbackServer() {
+    // Find available port first
+    const port = await findAvailablePort();
+    const codePromise = new Promise((resolve, reject) => {
+        const server = createServer((req, res) => {
+            const url = new URL(req.url, `http://localhost:${port}`);
+            if (url.pathname === '/callback') {
+                const code = url.searchParams.get('code');
+                const error = url.searchParams.get('error');
+                if (error) {
+                    res.writeHead(400, { 'Content-Type': 'text/html' });
+                    res.end(`
+            <html>
+              <body>
+                <h1>❌ Authentication Failed</h1>
+                <p>Error: ${error}</p>
+                <p>You can close this window.</p>
+              </body>
+            </html>
+          `);
+                    server.close();
+                    reject(new Error(`OAuth error: ${error}`));
+                    return;
+                }
+                if (code) {
+                    res.writeHead(200, { 'Content-Type': 'text/html' });
+                    res.end(`
+            <html>
+              <body>
+                <h1>✅ Authentication Successful!</h1>
+                <p>You can close this window and return to your terminal.</p>
+              </body>
+            </html>
+          `);
+                    server.close();
+                    resolve(code);
+                    return;
+                }
+                res.writeHead(400, { 'Content-Type': 'text/html' });
+                res.end(`
+          <html>
+            <body>
+              <h1>❌ Invalid Request</h1>
+              <p>Missing authorization code.</p>
+            </body>
+          </html>
+        `);
+                server.close();
+                reject(new Error('Missing authorization code'));
+            }
+        });
+        server.listen(port, () => {
+            console.error(`Callback server listening on http://localhost:${port}`);
+        });
+        // Timeout after 5 minutes
+        setTimeout(() => {
+            server.close();
+            reject(new Error('Authentication timeout - no response received'));
+        }, 5 * 60 * 1000);
+    });
+    return { port, codePromise };
+}
+/**
+ * Exchange authorization code for tokens
+ */
+async function exchangeCodeForTokens(code, codeVerifier, port) {
+    const redirectUri = `http://localhost:${port}/callback`;
+    const response = await fetch(GOOGLE_TOKEN_URL, {
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/x-www-form-urlencoded',
+        },
+        body: new URLSearchParams({
+            client_id: GOOGLE_CLIENT_ID,
+            client_secret: GOOGLE_CLIENT_SECRET,
+            code,
+            code_verifier: codeVerifier,
+            grant_type: 'authorization_code',
+            redirect_uri: redirectUri,
+        }),
+    });
+    if (!response.ok) {
+        const error = await response.text();
+        throw new Error(`Failed to exchange code for tokens: ${error}`);
+    }
+    return (await response.json());
+}
+/**
+ * Perform complete OAuth authorization code flow with PKCE
+ * Opens browser for user authorization
+ * Stores tokens in OS keychain on success
+ */
+export async function authenticateWithGoogle() {
+    console.error('\\n🔐 Borg MCP Authentication');
+    console.error('━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━\\n');
+    // Step 1: Generate PKCE pair
+    console.error('Generating PKCE challenge...');
+    const pkce = generatePKCE();
+    // Step 2: Start local callback server (gets dynamic port)
+    console.error('Starting local callback server...');
+    const { port, codePromise } = await startCallbackServer();
+    // Step 3: Build authorization URL with dynamic redirect URI
+    const redirectUri = `http://localhost:${port}/callback`;
+    const authUrl = new URL(GOOGLE_AUTHORIZE_URL);
+    authUrl.searchParams.set('client_id', GOOGLE_CLIENT_ID);
+    authUrl.searchParams.set('redirect_uri', redirectUri);
+    authUrl.searchParams.set('response_type', 'code');
+    authUrl.searchParams.set('scope', SCOPES.join(' '));
+    authUrl.searchParams.set('code_challenge', pkce.challenge);
+    authUrl.searchParams.set('code_challenge_method', 'S256');
+    authUrl.searchParams.set('access_type', 'offline'); // Request refresh token
+    authUrl.searchParams.set('prompt', 'consent'); // Force consent to get refresh token
+    // Step 4: Open browser
+    console.error('\\n📱 Opening browser for authorization...');
+    console.error('If browser does not open, visit:');
+    console.error(`${authUrl.toString()}\\n`);
+    await open(authUrl.toString());
+    // Step 5: Wait for authorization code
+    console.error('Waiting for authorization...');
+    const code = await codePromise;
+    // Step 6: Exchange code for tokens
+    console.error('Exchanging authorization code for tokens...');
+    const tokenData = await exchangeCodeForTokens(code, pkce.verifier, port);
+    // Step 7: Store tokens securely
+    const expiresAt = Date.now() + tokenData.expires_in * 1000;
+    await storeIdToken(tokenData.id_token, expiresAt);
+    if (tokenData.refresh_token) {
+        await storeRefreshToken(tokenData.refresh_token);
+    }
+    console.error('\\n✅ Authentication successful!\\n');
+}
+/**
+ * Refresh ID token using refresh token
+ */
+export async function refreshIdToken(refreshToken) {
+    const response = await fetch(GOOGLE_TOKEN_URL, {
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/x-www-form-urlencoded',
+        },
+        body: new URLSearchParams({
+            client_id: GOOGLE_CLIENT_ID,
+            client_secret: GOOGLE_CLIENT_SECRET,
+            refresh_token: refreshToken,
+            grant_type: 'refresh_token',
+        }),
+    });
+    if (!response.ok) {
+        const error = await response.text();
+        throw new Error(`Failed to refresh token: ${error}`);
+    }
+    const data = (await response.json());
+    const expiresAt = Date.now() + data.expires_in * 1000;
+    await storeIdToken(data.id_token, expiresAt);
+}
+//# sourceMappingURL=auth.js.map

package/dist/auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;GAYG;AAEH,OAAO,EAAE,YAAY,EAAmC,MAAM,MAAM,CAAC;AACrE,OAAO,EAAE,GAAG,EAAE,MAAM,KAAK,CAAC;AAC1B,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,YAAY,EAAE,iBAAiB,EAAE,MAAM,aAAa,CAAC;AAE9D,iEAAiE;AACjE,uFAAuF;AACvF,mGAAmG;AACnG,MAAM,gBAAgB,GAAG,0EAA0E,CAAC;AACpG,MAAM,oBAAoB,GAAG,qCAAqC,CAAC;AAEnE,MAAM,oBAAoB,GAAG,8CAA8C,CAAC;AAC5E,MAAM,gBAAgB,GAAG,qCAAqC,CAAC;AAC/D,MAAM,MAAM,GAAG,CAAC,QAAQ,EAAE,OAAO,EAAE,SAAS,CAAC,CAAC;AAE9C,oDAAoD;AACpD,MAAM,gBAAgB,GAAG,IAAI,CAAC;AAC9B,MAAM,cAAc,GAAG,IAAI,CAAC;AAc5B;;;GAGG;AACH,SAAS,YAAY;IACnB,oDAAoD;IACpD,MAAM,QAAQ,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;IAE9D,6DAA6D;IAC7D,MAAM,SAAS,GAAG,MAAM;SACrB,UAAU,CAAC,QAAQ,CAAC;SACpB,MAAM,CAAC,QAAQ,CAAC;SAChB,MAAM,CAAC,WAAW,CAAC,CAAC;IAEvB,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC;AACjC,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,iBAAiB;IAC9B,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,yDAAyD;QACzD,MAAM,UAAU,GAAG,YAAY,EAAE,CAAC;QAClC,UAAU,CAAC,MAAM,CAAC,CAAC,EAAE,GAAG,EAAE;YACxB,MAAM,OAAO,GAAG,UAAU,CAAC,OAAO,EAAE,CAAC;YACrC,IAAI,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;gBAC3C,MAAM,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;gBAC1B,UAAU,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;YACxC,CAAC;iBAAM,CAAC;gBACN,UAAU,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC,CAAC,CAAC;YAC3E,CAAC;QACH,CAAC,CAAC,CAAC;QACH,UAAU,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,mBAAmB;IAIhC,4BAA4B;IAC5B,MAAM,IAAI,GAAG,MAAM,iBAAiB,EAAE,CAAC;IAEvC,MAAM,WAAW,GAAG,IAAI,OAAO,CAAS,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QAC1D,MAAM,MAAM,GAAG,YAAY,CAAC,CAAC,GAAoB,EAAE,GAAmB,EAAE,EAAE;YACxE,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAI,EAAE,oBAAoB,IAAI,EAAE,CAAC,CAAC;YAE1D,IAAI,GAAG,CAAC,QAAQ,KAAK,WAAW,EAAE,CAAC;gBACjC,MAAM,IAAI,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;gBAC1C,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;gBAE5C,IAAI,KAAK,EAAE,CAAC;oBACV,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;oBACpD,GAAG,CAAC,GAAG,CAAC;;;;4BAIU,KAAK;;;;WAItB,CAAC,CAAC;oBACH,MAAM,CAAC,KAAK,EAAE,CAAC;oBACf,MAAM,CAAC,IAAI,KAAK,CAAC,gBAAgB,KAAK,EAAE,CAAC,CAAC,CAAC;oBAC3C,OAAO;gBACT,CAAC;gBAED,IAAI,IAAI,EAAE,CAAC;oBACT,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;oBACpD,GAAG,CAAC,GAAG,CAAC;;;;;;;WAOP,CAAC,CAAC;oBACH,MAAM,CAAC,KAAK,EAAE,CAAC;oBACf,OAAO,CAAC,IAAI,CAAC,CAAC;oBACd,OAAO;gBACT,CAAC;gBAED,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;gBACpD,GAAG,CAAC,GAAG,CAAC;;;;;;;SAOP,CAAC,CAAC;gBACH,MAAM,CAAC,KAAK,EAAE,CAAC;gBACf,MAAM,CAAC,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC,CAAC;YAClD,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,GAAG,EAAE;YACvB,OAAO,CAAC,KAAK,CAAC,iDAAiD,IAAI,EAAE,CAAC,CAAC;QACzE,CAAC,CAAC,CAAC;QAEH,0BAA0B;QAC1B,UAAU,CAAC,GAAG,EAAE;YACd,MAAM,CAAC,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC,CAAC;QACrE,CAAC,EAAE,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IACpB,CAAC,CAAC,CAAC;IAEH,OAAO,EAAE,IAAI,EAAE,WAAW,EAAE,CAAC;AAC/B,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,qBAAqB,CAClC,IAAY,EACZ,YAAoB,EACpB,IAAY;IAEZ,MAAM,WAAW,GAAG,oBAAoB,IAAI,WAAW,CAAC;IAExD,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,gBAAgB,EAAE;QAC7C,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,mCAAmC;SACpD;QACD,IAAI,EAAE,IAAI,eAAe,CAAC;YACxB,SAAS,EAAE,gBAAgB;YAC3B,aAAa,EAAE,oBAAoB;YACnC,IAAI;YACJ,aAAa,EAAE,YAAY;YAC3B,UAAU,EAAE,oBAAoB;YAChC,YAAY,EAAE,WAAW;SAC1B,CAAC;KACH,CAAC,CAAC;IAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACpC,MAAM,IAAI,KAAK,CAAC,uCAAuC,KAAK,EAAE,CAAC,CAAC;IAClE,CAAC;IAED,OAAO,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAkB,CAAC;AAClD,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,sBAAsB;IAC1C,OAAO,CAAC,KAAK,CAAC,+BAA+B,CAAC,CAAC;IAC/C,OAAO,CAAC,KAAK,CAAC,6CAA6C,CAAC,CAAC;IAE7D,6BAA6B;IAC7B,OAAO,CAAC,KAAK,CAAC,8BAA8B,CAAC,CAAC;IAC9C,MAAM,IAAI,GAAG,YAAY,EAAE,CAAC;IAE5B,0DAA0D;IAC1D,OAAO,CAAC,KAAK,CAAC,mCAAmC,CAAC,CAAC;IACnD,MAAM,EAAE,IAAI,EAAE,WAAW,EAAE,GAAG,MAAM,mBAAmB,EAAE,CAAC;IAE1D,4DAA4D;IAC5D,MAAM,WAAW,GAAG,oBAAoB,IAAI,WAAW,CAAC;IACxD,MAAM,OAAO,GAAG,IAAI,GAAG,CAAC,oBAAoB,CAAC,CAAC;IAC9C,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,WAAW,EAAE,gBAAgB,CAAC,CAAC;IACxD,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,cAAc,EAAE,WAAW,CAAC,CAAC;IACtD,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,eAAe,EAAE,MAAM,CAAC,CAAC;IAClD,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IACpD,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,gBAAgB,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;IAC3D,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,uBAAuB,EAAE,MAAM,CAAC,CAAC;IAC1D,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC,CAAC,wBAAwB;IAC5E,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC,CAAC,qCAAqC;IAEpF,uBAAuB;IACvB,OAAO,CAAC,KAAK,CAAC,4CAA4C,CAAC,CAAC;IAC5D,OAAO,CAAC,KAAK,CAAC,kCAAkC,CAAC,CAAC;IAClD,OAAO,CAAC,KAAK,CAAC,GAAG,OAAO,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;IAC1C,MAAM,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC;IAE/B,sCAAsC;IACtC,OAAO,CAAC,KAAK,CAAC,8BAA8B,CAAC,CAAC;IAC9C,MAAM,IAAI,GAAG,MAAM,WAAW,CAAC;IAE/B,mCAAmC;IACnC,OAAO,CAAC,KAAK,CAAC,6CAA6C,CAAC,CAAC;IAC7D,MAAM,SAAS,GAAG,MAAM,qBAAqB,CAAC,IAAI,EAAE,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;IAEzE,gCAAgC;IAChC,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC,UAAU,GAAG,IAAI,CAAC;IAC3D,MAAM,YAAY,CAAC,SAAS,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;IAElD,IAAI,SAAS,CAAC,aAAa,EAAE,CAAC;QAC5B,MAAM,iBAAiB,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC;IACnD,CAAC;IAED,OAAO,CAAC,KAAK,CAAC,oCAAoC,CAAC,CAAC;AACtD,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,YAAoB;IAEpB,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,gBAAgB,EAAE;QAC7C,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,mCAAmC;SACpD;QACD,IAAI,EAAE,IAAI,eAAe,CAAC;YACxB,SAAS,EAAE,gBAAgB;YAC3B,aAAa,EAAE,oBAAoB;YACnC,aAAa,EAAE,YAAY;YAC3B,UAAU,EAAE,eAAe;SAC5B,CAAC;KACH,CAAC,CAAC;IAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;QACjB,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;QACpC,MAAM,IAAI,KAAK,CAAC,4BAA4B,KAAK,EAAE,CAAC,CAAC;IACvD,CAAC;IAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAQ,CAAC;IAC5C,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;IACtD,MAAM,YAAY,CAAC,IAAI,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;AAC/C,CAAC"}

package/dist/config-utils.d.ts

@@ -0,0 +1,17 @@
+/**
+ * MCP Settings Configuration Utilities
+ *
+ * Handles adding borg-mcp to Claude Code via the claude CLI
+ */
+/**
+ * Get absolute path to borgmcp index.js
+ * Returns the actual index.js file, not the npm symlink
+ */
+export declare function getBinaryPath(): string;
+/**
+ * Add borgmcp MCP server to Claude Code using claude CLI
+ * First removes any existing borgmcp configuration, then adds fresh one
+ * Runs: claude mcp remove --scope user borgmcp && claude mcp add --scope user borgmcp node "<path-to-index.js>"
+ */
+export declare function addMcpServer(): void;
+//# sourceMappingURL=config-utils.d.ts.map

package/dist/config-utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config-utils.d.ts","sourceRoot":"","sources":["../src/config-utils.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAWH;;;GAGG;AACH,wBAAgB,aAAa,IAAI,MAAM,CAItC;AAED;;;;GAIG;AACH,wBAAgB,YAAY,IAAI,IAAI,CA2BnC"}

package/dist/config-utils.js

@@ -0,0 +1,54 @@
+/**
+ * MCP Settings Configuration Utilities
+ *
+ * Handles adding borg-mcp to Claude Code via the claude CLI
+ */
+import { execSync } from 'child_process';
+import path from 'path';
+import { fileURLToPath } from 'url';
+import { dirname } from 'path';
+// Get __dirname equivalent in ESM
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = dirname(__filename);
+/**
+ * Get absolute path to borgmcp index.js
+ * Returns the actual index.js file, not the npm symlink
+ */
+export function getBinaryPath() {
+    // In production: dist/index.js is in the same directory as this file
+    // In development: same
+    return path.join(__dirname, 'index.js');
+}
+/**
+ * Add borgmcp MCP server to Claude Code using claude CLI
+ * First removes any existing borgmcp configuration, then adds fresh one
+ * Runs: claude mcp remove --scope user borgmcp && claude mcp add --scope user borgmcp node "<path-to-index.js>"
+ */
+export function addMcpServer() {
+    const indexPath = getBinaryPath();
+    try {
+        // First, remove any existing borgmcp configuration (ignore errors if not found)
+        try {
+            execSync('claude mcp remove --scope user borgmcp', { stdio: 'ignore' });
+        }
+        catch {
+            // Ignore - server might not exist yet
+        }
+        // Run claude mcp add command
+        const command = `claude mcp add --scope user borgmcp node "${indexPath}"`;
+        execSync(command, {
+            stdio: 'inherit', // Show output to user
+            env: {
+                ...process.env,
+                BORG_API_URL: process.env.BORG_API_URL || 'https://api.borgmcp.ai'
+            }
+        });
+    }
+    catch (error) {
+        if (error.message?.includes('command not found')) {
+            throw new Error('Claude CLI not found. Please install Claude Code first.');
+        }
+        throw new Error(`Failed to add MCP server: ${error.message}`);
+    }
+}
+//# sourceMappingURL=config-utils.js.map

package/dist/config-utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config-utils.js","sourceRoot":"","sources":["../src/config-utils.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,QAAQ,EAAE,MAAM,eAAe,CAAC;AACzC,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,aAAa,EAAE,MAAM,KAAK,CAAC;AACpC,OAAO,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;AAE/B,kCAAkC;AAClC,MAAM,UAAU,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;AAClD,MAAM,SAAS,GAAG,OAAO,CAAC,UAAU,CAAC,CAAC;AAEtC;;;GAGG;AACH,MAAM,UAAU,aAAa;IAC3B,qEAAqE;IACrE,uBAAuB;IACvB,OAAO,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;AAC1C,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,YAAY;IAC1B,MAAM,SAAS,GAAG,aAAa,EAAE,CAAC;IAElC,IAAI,CAAC;QACH,gFAAgF;QAChF,IAAI,CAAC;YACH,QAAQ,CAAC,wCAAwC,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAC;QAC1E,CAAC;QAAC,MAAM,CAAC;YACP,sCAAsC;QACxC,CAAC;QAED,6BAA6B;QAC7B,MAAM,OAAO,GAAG,6CAA6C,SAAS,GAAG,CAAC;QAE1E,QAAQ,CAAC,OAAO,EAAE;YAChB,KAAK,EAAE,SAAS,EAAE,sBAAsB;YACxC,GAAG,EAAE;gBACH,GAAG,OAAO,CAAC,GAAG;gBACd,YAAY,EAAE,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,wBAAwB;aACnE;SACF,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,KAAU,EAAE,CAAC;QACpB,IAAI,KAAK,CAAC,OAAO,EAAE,QAAQ,CAAC,mBAAmB,CAAC,EAAE,CAAC;YACjD,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAC;QAC7E,CAAC;QACD,MAAM,IAAI,KAAK,CAAC,6BAA6B,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;IAChE,CAAC;AACH,CAAC"}

package/dist/config.d.ts

@@ -0,0 +1,33 @@
+/**
+ * Secure token storage using OS keychain
+ * Uses Keytar for cross-platform credential management
+ *
+ * Addresses consensus finding: Machine-specific encryption is insecure
+ * Solution: Use OS native keychains (macOS Keychain, Windows Credential Manager, Linux Secret Service)
+ */
+/**
+ * Store Google OAuth ID token securely in OS keychain
+ */
+export declare function storeIdToken(idToken: string, expiresAt: number): Promise<void>;
+/**
+ * Store Google OAuth refresh token securely in OS keychain
+ */
+export declare function storeRefreshToken(refreshToken: string): Promise<void>;
+/**
+ * Retrieve Google OAuth ID token from OS keychain
+ * Returns null if not found or expired
+ */
+export declare function getIdToken(): Promise<string | null>;
+/**
+ * Retrieve Google OAuth refresh token from OS keychain
+ */
+export declare function getRefreshToken(): Promise<string | null>;
+/**
+ * Clear all stored tokens from OS keychain
+ */
+export declare function clearTokens(): Promise<void>;
+/**
+ * Check if user has valid authentication
+ */
+export declare function isAuthenticated(): Promise<boolean>;
+//# sourceMappingURL=config.d.ts.map

package/dist/config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAUH;;GAEG;AACH,wBAAsB,YAAY,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAGpF;AAED;;GAEG;AACH,wBAAsB,iBAAiB,CAAC,YAAY,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAE3E;AAED;;;GAGG;AACH,wBAAsB,UAAU,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAiBzD;AAED;;GAEG;AACH,wBAAsB,eAAe,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAE9D;AAED;;GAEG;AACH,wBAAsB,WAAW,IAAI,OAAO,CAAC,IAAI,CAAC,CAIjD;AAED;;GAEG;AACH,wBAAsB,eAAe,IAAI,OAAO,CAAC,OAAO,CAAC,CAGxD"}