githits 0.1.0

package/dist/cli.js

@@ -0,0 +1,1720 @@
+#!/usr/bin/env node
+import {
+  version
+} from "./shared/chunk-j0vey5g3.js";
+
+// src/cli.ts
+import { Command } from "commander";
+
+// src/services/auth-service.ts
+import { createServer } from "node:http";
+
+// src/auth/pkce.ts
+import { createHash, randomBytes } from "node:crypto";
+function generateCodeVerifier() {
+  return randomBytes(32).toString("base64url");
+}
+function generateCodeChallenge(verifier) {
+  return createHash("sha256").update(verifier).digest("base64url");
+}
+function generateState() {
+  return randomBytes(32).toString("hex");
+}
+
+// src/services/auth-service.ts
+class AuthServiceImpl {
+  async discoverEndpoints(mcpBaseUrl) {
+    const url = `${mcpBaseUrl}/.well-known/oauth-authorization-server`;
+    const response = await fetch(url);
+    if (!response.ok) {
+      throw new Error(`Failed to discover OAuth endpoints: ${response.status} ${response.statusText}`);
+    }
+    const data = await response.json();
+    const authorizationEndpoint = data.authorization_endpoint;
+    const tokenEndpoint = data.token_endpoint;
+    const registrationEndpoint = data.registration_endpoint;
+    if (!authorizationEndpoint || !tokenEndpoint || !registrationEndpoint) {
+      throw new Error("OAuth metadata missing required endpoints");
+    }
+    return {
+      authorizationEndpoint,
+      tokenEndpoint,
+      registrationEndpoint
+    };
+  }
+  async registerClient(params) {
+    const response = await fetch(params.registrationEndpoint, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        client_name: "GitHits CLI",
+        redirect_uris: [params.redirectUri],
+        grant_types: ["authorization_code", "refresh_token"],
+        response_types: ["code"],
+        token_endpoint_auth_method: "client_secret_post"
+      })
+    });
+    if (!response.ok) {
+      const error = await response.text();
+      throw new Error(`Client registration failed: ${error}`);
+    }
+    const data = await response.json();
+    if (!data.client_id || !data.client_secret) {
+      throw new Error("Client registration response missing required fields");
+    }
+    return {
+      clientId: data.client_id,
+      clientSecret: data.client_secret
+    };
+  }
+  generatePkceParams() {
+    const verifier = generateCodeVerifier();
+    return {
+      verifier,
+      challenge: generateCodeChallenge(verifier),
+      state: generateState()
+    };
+  }
+  buildAuthUrl(params) {
+    const url = new URL(params.authorizationEndpoint);
+    url.searchParams.set("response_type", "code");
+    url.searchParams.set("client_id", params.clientId);
+    url.searchParams.set("redirect_uri", params.redirectUri);
+    url.searchParams.set("state", params.state);
+    url.searchParams.set("code_challenge", params.codeChallenge);
+    url.searchParams.set("code_challenge_method", "S256");
+    return url.toString();
+  }
+  startCallbackServer(port, expectedState) {
+    return new Promise((resolve, reject) => {
+      let callbackHandled = false;
+      let resolved = false;
+      let closeTimer;
+      const server = createServer((req, res) => {
+        const url = new URL(req.url ?? "", `http://127.0.0.1:${port}`);
+        if (url.pathname === "/favicon.ico") {
+          res.writeHead(204);
+          res.end();
+          return;
+        }
+        if (url.pathname !== "/callback") {
+          if (callbackHandled) {
+            sendHtmlResponse(res, 200, successHtml("Authentication already completed."));
+            return;
+          }
+          sendHtmlResponse(res, 404, errorHtml("Invalid callback path.", "Run `githits login` to start authentication."));
+          return;
+        }
+        const code = url.searchParams.get("code");
+        const state = url.searchParams.get("state");
+        const error = url.searchParams.get("error");
+        const errorDescription = url.searchParams.get("error_description");
+        const evaluation = evaluateCallback({
+          code,
+          state,
+          error,
+          errorDescription,
+          expectedState
+        });
+        callbackHandled = true;
+        sendHtmlResponse(res, evaluation.statusCode, evaluation.html);
+        if (!resolved) {
+          resolved = true;
+          resolve(evaluation.result);
+        }
+        if (closeTimer)
+          clearTimeout(closeTimer);
+        closeTimer = setTimeout(() => closeServer(server), 1500);
+      });
+      server.listen(port, "127.0.0.1");
+      server.on("error", (err) => {
+        reject(new Error(`Failed to start callback server: ${err.message}`));
+      });
+    });
+  }
+  async exchangeCodeForTokens(params) {
+    const body = new URLSearchParams({
+      grant_type: "authorization_code",
+      client_id: params.clientId,
+      client_secret: params.clientSecret,
+      code: params.code,
+      code_verifier: params.codeVerifier,
+      redirect_uri: params.redirectUri
+    });
+    const response = await fetch(params.tokenEndpoint, {
+      method: "POST",
+      headers: { "Content-Type": "application/x-www-form-urlencoded" },
+      body: body.toString()
+    });
+    if (!response.ok) {
+      const error = await response.text();
+      throw new Error(`Token exchange failed: ${error}`);
+    }
+    return parseTokenResponse(await response.json());
+  }
+  async refreshAccessToken(params) {
+    const body = new URLSearchParams({
+      grant_type: "refresh_token",
+      client_id: params.clientId,
+      client_secret: params.clientSecret,
+      refresh_token: params.refreshToken
+    });
+    const response = await fetch(params.tokenEndpoint, {
+      method: "POST",
+      headers: { "Content-Type": "application/x-www-form-urlencoded" },
+      body: body.toString()
+    });
+    if (!response.ok) {
+      const error = await response.text();
+      throw new Error(`Token refresh failed: ${error}`);
+    }
+    return parseTokenResponse(await response.json());
+  }
+}
+function parseTokenResponse(data) {
+  const d = data;
+  if (!d.access_token || !d.refresh_token) {
+    throw new Error("Token response missing required fields");
+  }
+  return {
+    accessToken: d.access_token,
+    refreshToken: d.refresh_token,
+    expiresIn: d.expires_in || 3600
+  };
+}
+function successHtml(title = "Authentication successful") {
+  return `<!DOCTYPE html>
+<html><head><title>GitHits CLI</title>
+<style>
+  body {
+    font-family: Inter, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Helvetica, Arial, sans-serif;
+    display: flex;
+    justify-content: center;
+    align-items: center;
+    height: 100vh;
+    margin: 0;
+    background: radial-gradient(circle at center center, #4d3648, #3a2835, #261a22, #0d1117);
+  }
+  .card {
+    text-align: center;
+    background: rgba(13, 17, 23, 0.75);
+    padding: 3rem;
+    border-radius: 16px;
+    border: 1px solid rgba(244, 11, 166, 0.35);
+    box-shadow: 0 8px 32px rgba(0, 0, 0, 0.35);
+    max-width: 720px;
+  }
+  h1 {
+    color: #f40ba6;
+    margin-bottom: 0.75rem;
+    font-size: 3rem;
+    font-weight: 700;
+  }
+  p {
+    color: #f385a5;
+    font-size: 1.1rem;
+    margin: 0;
+  }
+</style>
+</head>
+<body>
+  <div class="card">
+    <h1>${escapeHtml(title)}</h1>
+    <p>You can close this window and return to the terminal.</p>
+  </div>
+</body></html>`;
+}
+function evaluateCallback(input) {
+  if (input.error) {
+    const message = input.errorDescription ? `${input.error}: ${input.errorDescription}` : input.error;
+    return {
+      statusCode: 200,
+      html: errorHtml(message, "Run `githits login` to try again."),
+      result: { type: "oauth_error", message }
+    };
+  }
+  if (input.code && input.state) {
+    if (input.state !== input.expectedState) {
+      return {
+        statusCode: 400,
+        html: errorHtml("Authentication failed security validation (state mismatch)", "Run `githits login` to try again."),
+        result: {
+          type: "state_mismatch",
+          message: "Security validation failed (state mismatch)"
+        }
+      };
+    }
+    return {
+      statusCode: 200,
+      html: successHtml(),
+      result: { type: "success", code: input.code, state: input.state }
+    };
+  }
+  return {
+    statusCode: 400,
+    html: errorHtml("Authentication callback was missing required parameters", "Run `githits login` to try again."),
+    result: {
+      type: "invalid_callback",
+      message: "Authentication callback missing required parameters"
+    }
+  };
+}
+function errorHtml(error, nextStep) {
+  const nextStepHtml = nextStep ? `<p>${escapeHtml(nextStep)}</p>` : "";
+  return `<!DOCTYPE html>
+<html><head><title>GitHits CLI</title>
+<style>
+  body {
+    font-family: Inter, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Helvetica, Arial, sans-serif;
+    display: flex;
+    justify-content: center;
+    align-items: center;
+    height: 100vh;
+    margin: 0;
+    background: radial-gradient(circle at center center, #4d3648, #3a2835, #261a22, #0d1117);
+  }
+  .card {
+    text-align: center;
+    background: rgba(13, 17, 23, 0.75);
+    padding: 3rem;
+    border-radius: 16px;
+    border: 1px solid rgba(239, 68, 68, 0.35);
+    box-shadow: 0 8px 32px rgba(0, 0, 0, 0.35);
+    max-width: 720px;
+  }
+  h1 {
+    color: #ef4444;
+    margin-bottom: 0.75rem;
+    font-size: 3rem;
+    font-weight: 700;
+  }
+  p {
+    color: #f385a5;
+    font-size: 1.1rem;
+    margin: 0;
+  }
+</style>
+</head>
+<body>
+  <div class="card">
+    <h1>Authentication failed</h1>
+    <p>${escapeHtml(error)}</p>
+    ${nextStepHtml}
+  </div>
+</body></html>`;
+}
+function sendHtmlResponse(res, statusCode, html) {
+  res.writeHead(statusCode, { "Content-Type": "text/html; charset=utf-8" });
+  res.end(html);
+}
+function closeServer(server) {
+  server.close();
+}
+function escapeHtml(text) {
+  return text.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&#39;");
+}
+// src/services/auth-storage.ts
+var CONFIG_DIR = ".githits";
+var AUTH_FILE = "auth.json";
+var CLIENT_FILE = "client.json";
+var DIR_MODE = 448;
+var FILE_MODE = 384;
+
+class AuthStorageImpl {
+  fs;
+  configDir;
+  authPath;
+  clientPath;
+  constructor(fs, configDir) {
+    this.fs = fs;
+    this.configDir = configDir ?? fs.joinPath(fs.getHomeDir(), CONFIG_DIR);
+    this.authPath = fs.joinPath(this.configDir, AUTH_FILE);
+    this.clientPath = fs.joinPath(this.configDir, CLIENT_FILE);
+  }
+  getStorageLocation() {
+    return this.configDir;
+  }
+  async loadTokens(baseUrl) {
+    const stored = await this.loadAuthFile();
+    if (!stored)
+      return null;
+    return stored.tokens[normalizeBaseUrl(baseUrl)] ?? null;
+  }
+  async saveTokens(baseUrl, data) {
+    const stored = await this.loadAuthFile() ?? {
+      version: 1,
+      tokens: {}
+    };
+    stored.tokens[normalizeBaseUrl(baseUrl)] = data;
+    await this.fs.ensureDir(this.configDir, DIR_MODE);
+    await this.fs.writeFile(this.authPath, JSON.stringify(stored, null, 2), FILE_MODE);
+  }
+  async clearTokens(baseUrl) {
+    const stored = await this.loadAuthFile();
+    if (!stored)
+      return;
+    delete stored.tokens[normalizeBaseUrl(baseUrl)];
+    if (Object.keys(stored.tokens).length === 0) {
+      await this.fs.deleteFile(this.authPath);
+    } else {
+      await this.fs.writeFile(this.authPath, JSON.stringify(stored, null, 2), FILE_MODE);
+    }
+  }
+  async loadClient(baseUrl) {
+    const stored = await this.loadClientFile();
+    if (!stored)
+      return null;
+    return stored.clients[normalizeBaseUrl(baseUrl)] ?? null;
+  }
+  async clearClient(baseUrl) {
+    const stored = await this.loadClientFile();
+    if (!stored)
+      return;
+    delete stored.clients[normalizeBaseUrl(baseUrl)];
+    if (Object.keys(stored.clients).length === 0) {
+      await this.fs.deleteFile(this.clientPath);
+    } else {
+      await this.fs.writeFile(this.clientPath, JSON.stringify(stored, null, 2), FILE_MODE);
+    }
+  }
+  async saveClient(baseUrl, data) {
+    const stored = await this.loadClientFile() ?? {
+      version: 1,
+      clients: {}
+    };
+    stored.clients[normalizeBaseUrl(baseUrl)] = data;
+    await this.fs.ensureDir(this.configDir, DIR_MODE);
+    await this.fs.writeFile(this.clientPath, JSON.stringify(stored, null, 2), FILE_MODE);
+  }
+  async loadAuthFile() {
+    if (!await this.fs.exists(this.authPath))
+      return null;
+    try {
+      const content = await this.fs.readFile(this.authPath);
+      const data = JSON.parse(content);
+      if (data.version !== 1 || !data.tokens)
+        return null;
+      return data;
+    } catch {
+      return null;
+    }
+  }
+  async loadClientFile() {
+    if (!await this.fs.exists(this.clientPath))
+      return null;
+    try {
+      const content = await this.fs.readFile(this.clientPath);
+      const data = JSON.parse(content);
+      if (data.version !== 1 || !data.clients)
+        return null;
+      return data;
+    } catch {
+      return null;
+    }
+  }
+}
+function normalizeBaseUrl(url) {
+  return url.replace(/\/+$/, "");
+}
+// src/services/browser-service.ts
+import open from "open";
+
+class BrowserServiceImpl {
+  async open(url) {
+    await open(url);
+  }
+}
+// src/services/config.ts
+var DEFAULT_MCP_URL = "https://mcp.githits.com";
+var DEFAULT_API_URL = "https://api.githits.com";
+function getMcpUrl() {
+  return process.env.GITHITS_MCP_URL ?? DEFAULT_MCP_URL;
+}
+function getApiUrl() {
+  return process.env.GITHITS_API_URL ?? DEFAULT_API_URL;
+}
+function getEnvApiToken() {
+  return process.env.GITHITS_API_TOKEN;
+}
+// src/services/filesystem-service.ts
+import {
+  mkdir,
+  readdir,
+  readFile,
+  stat,
+  unlink,
+  writeFile
+} from "node:fs/promises";
+import { homedir } from "node:os";
+import { dirname, join } from "node:path";
+
+class FileSystemServiceImpl {
+  async readFile(path) {
+    return readFile(path, "utf-8");
+  }
+  async writeFile(path, contents, mode) {
+    await writeFile(path, contents, { mode });
+  }
+  async deleteFile(path) {
+    try {
+      await unlink(path);
+    } catch (error) {
+      if (error.code !== "ENOENT") {
+        throw error;
+      }
+    }
+  }
+  async exists(path) {
+    try {
+      await stat(path);
+      return true;
+    } catch {
+      return false;
+    }
+  }
+  async ensureDir(path, mode) {
+    await mkdir(path, { recursive: true, mode });
+  }
+  getHomeDir() {
+    return homedir();
+  }
+  joinPath(...segments) {
+    return join(...segments);
+  }
+  getCwd() {
+    return process.cwd();
+  }
+  getDirname(path) {
+    return dirname(path);
+  }
+  async readdir(path) {
+    return readdir(path);
+  }
+  async isDirectory(path) {
+    try {
+      const stats = await stat(path);
+      return stats.isDirectory();
+    } catch {
+      return false;
+    }
+  }
+}
+// src/services/githits-service.ts
+class AuthenticationError extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "AuthenticationError";
+  }
+}
+function parseDetail(body) {
+  if (!body)
+    return;
+  try {
+    const parsed = JSON.parse(body);
+    if (typeof parsed.detail === "string")
+      return parsed.detail;
+  } catch {
+    return body;
+  }
+  return;
+}
+
+class GitHitsServiceImpl {
+  apiUrl;
+  token;
+  constructor(apiUrl, token) {
+    this.apiUrl = apiUrl;
+    this.token = token;
+  }
+  async search(params) {
+    const response = await fetch(`${this.apiUrl}/search`, {
+      method: "POST",
+      headers: this.headers(),
+      body: JSON.stringify({
+        query: params.query,
+        language: params.language,
+        license_mode: params.licenseMode ?? "strict",
+        include_explanation: params.includeExplanation ?? false
+      })
+    });
+    if (!response.ok) {
+      throw await this.createError(response);
+    }
+    return response.text();
+  }
+  async getLanguages() {
+    const response = await fetch(`${this.apiUrl}/languages`, {
+      headers: this.headers()
+    });
+    if (!response.ok) {
+      throw await this.createError(response);
+    }
+    return response.json();
+  }
+  async submitFeedback(params) {
+    const response = await fetch(`${this.apiUrl}/feedbacks`, {
+      method: "POST",
+      headers: this.headers(),
+      body: JSON.stringify({
+        solution_id: params.solutionId,
+        accepted: params.accepted,
+        feedback_text: params.feedbackText ?? null
+      })
+    });
+    if (!response.ok) {
+      throw await this.createError(response);
+    }
+    return { success: true, message: "Feedback submitted successfully" };
+  }
+  headers() {
+    return {
+      Authorization: `Bearer ${this.token}`,
+      "Content-Type": "application/json",
+      "User-Agent": `githits-cli/${version}`
+    };
+  }
+  async createError(response) {
+    const status = response.status;
+    const body = await response.text().catch(() => "");
+    switch (status) {
+      case 401:
+        return new AuthenticationError("Authentication required. Run `githits login` to authenticate.");
+      case 403:
+        return new Error("Access denied.");
+      case 404:
+        return new Error(parseDetail(body) || "Resource not found.");
+      default: {
+        if (status >= 500) {
+          const detail = body ? `: ${body}` : "";
+          return new Error(`Server error (${status})${detail}`);
+        }
+        return new Error(body || `Request failed with status ${status}`);
+      }
+    }
+  }
+}
+// src/services/keychain-auth-storage.ts
+var SERVICE_NAME = "githits";
+var TOKEN_PREFIX = "v1:tokens:";
+var CLIENT_PREFIX = "v1:client:";
+function parseJsonOrNull(json) {
+  if (json === null)
+    return null;
+  try {
+    const parsed = JSON.parse(json);
+    if (typeof parsed !== "object" || parsed === null)
+      return null;
+    return parsed;
+  } catch {
+    return null;
+  }
+}
+function isValidTokenData(data) {
+  if (typeof data !== "object" || data === null)
+    return false;
+  const d = data;
+  return typeof d.accessToken === "string" && d.accessToken.length > 0 && typeof d.refreshToken === "string" && d.refreshToken.length > 0 && typeof d.createdAt === "string" && d.createdAt.length > 0 && (d.expiresAt === null || typeof d.expiresAt === "string" && d.expiresAt.length > 0);
+}
+function isValidClientRegistration(data) {
+  if (typeof data !== "object" || data === null)
+    return false;
+  const d = data;
+  return typeof d.clientId === "string" && d.clientId.length > 0 && typeof d.clientSecret === "string" && d.clientSecret.length > 0 && typeof d.redirectUri === "string" && d.redirectUri.length > 0 && typeof d.registeredAt === "string" && d.registeredAt.length > 0;
+}
+
+class KeychainAuthStorage {
+  keyring;
+  constructor(keyring) {
+    this.keyring = keyring;
+  }
+  async loadTokens(baseUrl) {
+    const key = `${TOKEN_PREFIX}${normalizeBaseUrl(baseUrl)}`;
+    const json = this.keyring.getPassword(SERVICE_NAME, key);
+    const data = parseJsonOrNull(json);
+    if (data !== null && !isValidTokenData(data))
+      return null;
+    return data;
+  }
+  async saveTokens(baseUrl, data) {
+    const key = `${TOKEN_PREFIX}${normalizeBaseUrl(baseUrl)}`;
+    this.keyring.setPassword(SERVICE_NAME, key, JSON.stringify(data));
+  }
+  async clearTokens(baseUrl) {
+    const key = `${TOKEN_PREFIX}${normalizeBaseUrl(baseUrl)}`;
+    this.keyring.deletePassword(SERVICE_NAME, key);
+  }
+  async loadClient(baseUrl) {
+    const key = `${CLIENT_PREFIX}${normalizeBaseUrl(baseUrl)}`;
+    const json = this.keyring.getPassword(SERVICE_NAME, key);
+    const data = parseJsonOrNull(json);
+    if (data !== null && !isValidClientRegistration(data))
+      return null;
+    return data;
+  }
+  async saveClient(baseUrl, data) {
+    const key = `${CLIENT_PREFIX}${normalizeBaseUrl(baseUrl)}`;
+    this.keyring.setPassword(SERVICE_NAME, key, JSON.stringify(data));
+  }
+  async clearClient(baseUrl) {
+    const key = `${CLIENT_PREFIX}${normalizeBaseUrl(baseUrl)}`;
+    this.keyring.deletePassword(SERVICE_NAME, key);
+  }
+  getStorageLocation() {
+    switch (process.platform) {
+      case "darwin":
+        return "macOS Keychain (githits)";
+      case "win32":
+        return "Windows Credential Manager (githits)";
+      default:
+        return "System keychain (githits)";
+    }
+  }
+}
+// src/services/keyring-service.ts
+import { Entry } from "@napi-rs/keyring";
+
+class KeychainUnavailableError extends Error {
+  constructor(message, cause) {
+    super(message);
+    this.name = "KeychainUnavailableError";
+    this.cause = cause;
+  }
+}
+function wrapKeyringError(error) {
+  const message = error instanceof Error ? error.message : String(error);
+  throw new KeychainUnavailableError(`System keychain unavailable: ${message}`, error);
+}
+
+class KeyringServiceImpl {
+  getPassword(service, account) {
+    try {
+      return new Entry(service, account).getPassword();
+    } catch (error) {
+      wrapKeyringError(error);
+    }
+  }
+  setPassword(service, account, password) {
+    try {
+      new Entry(service, account).setPassword(password);
+    } catch (error) {
+      wrapKeyringError(error);
+    }
+  }
+  deletePassword(service, account) {
+    try {
+      return new Entry(service, account).deleteCredential();
+    } catch (error) {
+      wrapKeyringError(error);
+    }
+  }
+}
+// src/services/migrating-auth-storage.ts
+class MigratingAuthStorage {
+  primary;
+  legacy;
+  constructor(primary, legacy) {
+    this.primary = primary;
+    this.legacy = legacy;
+  }
+  async loadTokens(baseUrl) {
+    const tokens = await this.primary.loadTokens(baseUrl);
+    if (tokens)
+      return tokens;
+    const legacyTokens = await this.legacy.loadTokens(baseUrl);
+    if (legacyTokens) {
+      await this.primary.saveTokens(baseUrl, legacyTokens);
+      try {
+        await this.legacy.clearTokens(baseUrl);
+      } catch {}
+      return legacyTokens;
+    }
+    return null;
+  }
+  async saveTokens(baseUrl, data) {
+    await this.primary.saveTokens(baseUrl, data);
+  }
+  async clearTokens(baseUrl) {
+    let primaryError;
+    try {
+      await this.primary.clearTokens(baseUrl);
+    } catch (error) {
+      primaryError = error;
+    }
+    try {
+      await this.legacy.clearTokens(baseUrl);
+    } catch {}
+    if (primaryError)
+      throw primaryError;
+  }
+  async loadClient(baseUrl) {
+    const client = await this.primary.loadClient(baseUrl);
+    if (client)
+      return client;
+    const legacyClient = await this.legacy.loadClient(baseUrl);
+    if (legacyClient) {
+      await this.primary.saveClient(baseUrl, legacyClient);
+      try {
+        await this.legacy.clearClient(baseUrl);
+      } catch {}
+      return legacyClient;
+    }
+    return null;
+  }
+  async saveClient(baseUrl, data) {
+    await this.primary.saveClient(baseUrl, data);
+  }
+  async clearClient(baseUrl) {
+    let primaryError;
+    try {
+      await this.primary.clearClient(baseUrl);
+    } catch (error) {
+      primaryError = error;
+    }
+    try {
+      await this.legacy.clearClient(baseUrl);
+    } catch {}
+    if (primaryError)
+      throw primaryError;
+  }
+  getStorageLocation() {
+    return this.primary.getStorageLocation();
+  }
+}
+// src/services/refreshing-githits-service.ts
+class RefreshingGitHitsService {
+  apiUrl;
+  tokenProvider;
+  serviceFactory;
+  constructor(apiUrl, tokenProvider, serviceFactory = (url, token) => new GitHitsServiceImpl(url, token)) {
+    this.apiUrl = apiUrl;
+    this.tokenProvider = tokenProvider;
+    this.serviceFactory = serviceFactory;
+  }
+  async search(params) {
+    return this.withTokenRefresh((service) => service.search(params));
+  }
+  async getLanguages() {
+    return this.withTokenRefresh((service) => service.getLanguages());
+  }
+  async submitFeedback(params) {
+    return this.withTokenRefresh((service) => service.submitFeedback(params));
+  }
+  async withTokenRefresh(operation) {
+    const token = await this.tokenProvider.getToken();
+    if (!token) {
+      throw new AuthenticationError("Authentication required. Run `githits login` to authenticate.");
+    }
+    const service = this.serviceFactory(this.apiUrl, token);
+    try {
+      return await operation(service);
+    } catch (error) {
+      if (error instanceof AuthenticationError) {
+        const refreshedToken = await this.tokenProvider.forceRefresh();
+        if (!refreshedToken) {
+          throw error;
+        }
+        const refreshedService = this.serviceFactory(this.apiUrl, refreshedToken);
+        return operation(refreshedService);
+      }
+      throw error;
+    }
+  }
+}
+// src/services/token-manager.ts
+var PROACTIVE_REFRESH_RATIO = 0.9;
+function shouldRefreshToken(token, ratio, now) {
+  if (!token.expiresAt) {
+    return { expired: false, shouldRefresh: false };
+  }
+  const expiresAt = new Date(token.expiresAt).getTime();
+  const nowMs = now.getTime();
+  if (nowMs >= expiresAt) {
+    return { expired: true, shouldRefresh: true };
+  }
+  const createdAt = new Date(token.createdAt).getTime();
+  const lifetime = expiresAt - createdAt;
+  if (lifetime <= 0) {
+    return { expired: false, shouldRefresh: false };
+  }
+  const threshold = createdAt + lifetime * ratio;
+  return { expired: false, shouldRefresh: nowMs >= threshold };
+}
+async function refreshExpiredToken(authService, authStorage, mcpUrl) {
+  const manager = new TokenManager({ authService, authStorage, mcpUrl });
+  return manager.forceRefresh();
+}
+
+class TokenManager {
+  authService;
+  authStorage;
+  mcpUrl;
+  cachedToken = null;
+  refreshPromise = null;
+  constructor(deps) {
+    this.authService = deps.authService;
+    this.authStorage = deps.authStorage;
+    this.mcpUrl = deps.mcpUrl;
+  }
+  async getToken() {
+    if (!this.cachedToken) {
+      this.cachedToken = await this.authStorage.loadTokens(this.mcpUrl);
+      if (!this.cachedToken)
+        return;
+    }
+    const currentToken = this.cachedToken.accessToken;
+    const { expired, shouldRefresh } = shouldRefreshToken(this.cachedToken, PROACTIVE_REFRESH_RATIO, new Date);
+    if (!shouldRefresh) {
+      return currentToken;
+    }
+    const refreshedToken = await this.doRefresh();
+    if (refreshedToken) {
+      return refreshedToken;
+    }
+    if (!expired) {
+      return currentToken;
+    }
+    return;
+  }
+  async forceRefresh() {
+    return this.doRefresh();
+  }
+  async doRefresh() {
+    if (this.refreshPromise) {
+      return this.refreshPromise;
+    }
+    this.refreshPromise = this.executeRefresh();
+    try {
+      return await this.refreshPromise;
+    } finally {
+      this.refreshPromise = null;
+    }
+  }
+  async executeRefresh() {
+    const tokens = this.cachedToken ?? await this.authStorage.loadTokens(this.mcpUrl);
+    if (!tokens)
+      return;
+    const client = await this.authStorage.loadClient(this.mcpUrl);
+    if (!client)
+      return;
+    let response;
+    try {
+      const metadata = await this.authService.discoverEndpoints(this.mcpUrl);
+      response = await this.authService.refreshAccessToken({
+        tokenEndpoint: metadata.tokenEndpoint,
+        clientId: client.clientId,
+        clientSecret: client.clientSecret,
+        refreshToken: tokens.refreshToken
+      });
+    } catch {
+      const isExpired = tokens.expiresAt ? new Date >= new Date(tokens.expiresAt) : false;
+      if (isExpired) {
+        this.cachedToken = null;
+        await this.authStorage.clearTokens(this.mcpUrl);
+      }
+      return;
+    }
+    const newTokenData = {
+      accessToken: response.accessToken,
+      refreshToken: response.refreshToken,
+      expiresAt: new Date(Date.now() + response.expiresIn * 1000).toISOString(),
+      createdAt: tokens.createdAt
+    };
+    await this.authStorage.saveTokens(this.mcpUrl, newTokenData);
+    this.cachedToken = newTokenData;
+    return response.accessToken;
+  }
+}
+// src/container.ts
+function createAuthStorage(fileSystemService) {
+  const fileStorage = new AuthStorageImpl(fileSystemService);
+  try {
+    const keyring = new KeyringServiceImpl;
+    const probeKey = `__probe_${Date.now()}_${Math.random().toString(36).slice(2, 8)}`;
+    keyring.setPassword("githits", probeKey, "probe");
+    try {
+      keyring.deletePassword("githits", probeKey);
+    } catch {}
+    const keychainStorage = new KeychainAuthStorage(keyring);
+    return new MigratingAuthStorage(keychainStorage, fileStorage);
+  } catch (error) {
+    if (!(error instanceof KeychainUnavailableError))
+      throw error;
+    console.error("Warning: System keychain unavailable. Falling back to file-based credential storage.");
+    return fileStorage;
+  }
+}
+async function createContainer() {
+  const mcpUrl = getMcpUrl();
+  const apiUrl = getApiUrl();
+  const fileSystemService = new FileSystemServiceImpl;
+  const authStorage = createAuthStorage(fileSystemService);
+  const authService = new AuthServiceImpl;
+  const browserService = new BrowserServiceImpl;
+  const envToken = getEnvApiToken();
+  if (envToken) {
+    return {
+      authStorage,
+      authService,
+      browserService,
+      fileSystemService,
+      mcpUrl,
+      apiUrl,
+      apiToken: envToken,
+      hasValidToken: true,
+      envApiToken: envToken,
+      githitsService: new GitHitsServiceImpl(apiUrl, envToken)
+    };
+  }
+  const tokenManager = new TokenManager({ authService, authStorage, mcpUrl });
+  const apiToken = await tokenManager.getToken();
+  return {
+    authStorage,
+    authService,
+    browserService,
+    fileSystemService,
+    mcpUrl,
+    apiUrl,
+    apiToken,
+    hasValidToken: apiToken !== undefined,
+    envApiToken: undefined,
+    githitsService: new RefreshingGitHitsService(apiUrl, tokenManager)
+  };
+}
+
+// src/commands/auth-status.ts
+function displayExpiry(expiresAt) {
+  if (!expiresAt) {
+    console.log("  Expires: never");
+    return;
+  }
+  const expiresAtDate = new Date(expiresAt);
+  const minutesLeft = Math.ceil((expiresAtDate.getTime() - Date.now()) / (1000 * 60));
+  if (minutesLeft > 60) {
+    const hoursLeft = Math.round(minutesLeft / 60);
+    console.log(`  Expires: in ${hoursLeft} hour${hoursLeft !== 1 ? "s" : ""}`);
+  } else {
+    console.log(`  Expires: in ${minutesLeft} minute${minutesLeft !== 1 ? "s" : ""}`);
+  }
+}
+async function authStatusAction(deps) {
+  const { authStorage, authService, mcpUrl, envApiToken } = deps;
+  if (envApiToken) {
+    console.log(`Authenticated via environment variable.
+`);
+    console.log(`  Source: GITHITS_API_TOKEN`);
+    console.log(`  Token: ${envApiToken.slice(0, 8)}...`);
+    return;
+  }
+  const auth = await authStorage.loadTokens(mcpUrl);
+  if (!auth) {
+    console.log(`Not authenticated.
+`);
+    console.log(`  Environment: ${mcpUrl}
+`);
+    console.log("To authenticate:");
+    console.log("  githits login");
+    return;
+  }
+  if (auth.expiresAt && new Date(auth.expiresAt) < new Date) {
+    const refreshed = await refreshExpiredToken(authService, authStorage, mcpUrl);
+    if (refreshed) {
+      const refreshedAuth = await authStorage.loadTokens(mcpUrl);
+      console.log(`Authenticated (token refreshed).
+`);
+      console.log(`  Environment: ${mcpUrl}`);
+      displayExpiry(refreshedAuth?.expiresAt ?? null);
+      console.log(`
+  Storage: ${authStorage.getStorageLocation()}`);
+      return;
+    }
+    console.log(`Token expired.
+`);
+    console.log(`  Environment: ${mcpUrl}`);
+    console.log(`  Expired: ${new Date(auth.expiresAt).toLocaleDateString()}
+`);
+    console.log("Run `githits login` to re-authenticate.");
+    return;
+  }
+  console.log(`Authenticated.
+`);
+  console.log(`  Environment: ${mcpUrl}`);
+  displayExpiry(auth.expiresAt);
+  console.log(`
+  Storage: ${authStorage.getStorageLocation()}`);
+}
+var STATUS_DESCRIPTION = `Show current authentication status.
+
+Displays details about the stored token including environment
+and expiration. Useful for debugging authentication issues.`;
+function registerAuthStatusCommand(program) {
+  program.command("status").summary("Show authentication status").description(STATUS_DESCRIPTION).action(async () => {
+    const deps = await createContainer();
+    await authStatusAction(deps);
+  });
+}
+// src/commands/feedback.ts
+import { Option } from "commander";
+
+// src/shared/require-auth.ts
+class AuthRequiredError extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "AuthRequiredError";
+  }
+}
+function requireAuth(deps, context) {
+  if (deps.hasValidToken)
+    return;
+  const suffix = context ? ` ${context}` : "";
+  console.log(`Authentication required${suffix}.
+`);
+  if (deps.mcpUrl !== "https://mcp.githits.com") {
+    console.log(`  Environment: ${deps.mcpUrl}`);
+    console.log(`  You're using a custom environment.
+`);
+  }
+  console.log("To authenticate:");
+  console.log(`  githits login
+`);
+  console.log("Or set GITHITS_API_TOKEN environment variable.");
+  throw new AuthRequiredError(`Authentication required${suffix}`);
+}
+
+// src/commands/feedback.ts
+async function feedbackAction(solutionId, options, deps) {
+  requireAuth(deps);
+  if (!options.accept && !options.reject) {
+    console.error("Error: Specify either --accept or --reject.");
+    process.exit(1);
+  }
+  const accepted = !!options.accept;
+  try {
+    const result = await deps.githitsService.submitFeedback({
+      solutionId,
+      accepted,
+      feedbackText: options.message
+    });
+    if (options.json) {
+      console.log(JSON.stringify({ success: result.success, message: result.message }));
+    } else {
+      console.log(result.message);
+    }
+  } catch (error) {
+    console.error(`Failed to submit feedback: ${error instanceof Error ? error.message : error}`);
+    process.exit(1);
+  }
+}
+var FEEDBACK_DESCRIPTION = `Submit feedback on a search result.
+
+Rate whether a code example was helpful. Use --accept for positive
+feedback or --reject for negative. Optionally add a message.
+
+Examples:
+  githits feedback abc123 --accept
+  githits feedback abc123 --reject -m "Example was outdated"
+  githits feedback abc123 --accept --message "Solved my problem" --json`;
+function registerFeedbackCommand(program) {
+  program.command("feedback").summary("Submit feedback on a search result").description(FEEDBACK_DESCRIPTION).argument("<solution_id>", "Solution ID from search result").addOption(new Option("--accept", "Mark as helpful").conflicts("reject")).addOption(new Option("--reject", "Mark as unhelpful").conflicts("accept")).option("-m, --message <text>", "Feedback explanation").option("--json", "Output as JSON for piping").action(async (solutionId, options) => {
+    try {
+      const deps = await createContainer();
+      await feedbackAction(solutionId, options, deps);
+    } catch (error) {
+      if (error instanceof AuthRequiredError)
+        process.exit(1);
+      throw error;
+    }
+  });
+}
+// src/shared/colors.ts
+var colors = {
+  reset: "\x1B[0m",
+  bold: "\x1B[1m",
+  dim: "\x1B[2m",
+  green: "\x1B[32m",
+  yellow: "\x1B[33m",
+  blue: "\x1B[34m",
+  magenta: "\x1B[35m",
+  cyan: "\x1B[36m",
+  red: "\x1B[31m"
+};
+function shouldUseColors(noColor) {
+  if (noColor)
+    return false;
+  if (process.env.NO_COLOR !== undefined)
+    return false;
+  return process.stdout.isTTY ?? false;
+}
+function colorize(text, color, useColors) {
+  if (!useColors)
+    return text;
+  return `${colors[color]}${text}${colors.reset}`;
+}
+function highlight(text, useColors) {
+  if (!useColors)
+    return text;
+  return `${colors.bold}${colors.cyan}${text}${colors.reset}`;
+}
+function dim(text, useColors) {
+  if (!useColors)
+    return text;
+  return `${colors.dim}${text}${colors.reset}`;
+}
+
+// src/shared/language-filter.ts
+var DEFAULT_LIMIT = 5;
+function filterLanguages(languages, query, limit = DEFAULT_LIMIT) {
+  const lowerQuery = query.toLowerCase();
+  return languages.filter((lang) => lang.name.toLowerCase().includes(lowerQuery) || lang.display_name.toLowerCase().includes(lowerQuery) || lang.aliases.some((a) => a.toLowerCase().includes(lowerQuery))).slice(0, limit).map(({ name, display_name }) => ({ name, display_name }));
+}
+
+// src/commands/languages.ts
+async function languagesAction(query, options, deps) {
+  requireAuth(deps);
+  try {
+    const allLanguages = await deps.githitsService.getLanguages();
+    const displayList = query ? filterLanguages(allLanguages, query) : allLanguages.map(({ name, display_name }) => ({ name, display_name }));
+    if (options.json) {
+      console.log(JSON.stringify(displayList));
+    } else if (query && displayList.length === 0) {
+      console.log(`No languages matching "${query}".`);
+    } else {
+      const useColors = shouldUseColors();
+      for (const lang of displayList) {
+        console.log(`  ${colorize(lang.name, "cyan", useColors)}  ${dim(lang.display_name, useColors)}`);
+      }
+    }
+  } catch (error) {
+    console.error(`Failed to list languages: ${error instanceof Error ? error.message : error}`);
+    process.exit(1);
+  }
+}
+var LANGUAGES_DESCRIPTION = `List supported programming languages.
+
+Without a query, lists all supported languages.
+With a query, filters to the top 5 matches by name, display name, or alias.
+
+Examples:
+  githits languages              List all languages
+  githits languages python       Filter by name
+  githits languages type --json  JSON output for piping`;
+function registerLanguagesCommand(program) {
+  program.command("languages").summary("List supported programming languages").description(LANGUAGES_DESCRIPTION).argument("[query]", "Filter by name, display name, or alias").option("--json", "Output as JSON for piping").action(async (query, options) => {
+    try {
+      const deps = await createContainer();
+      await languagesAction(query, options, deps);
+    } catch (error) {
+      if (error instanceof AuthRequiredError)
+        process.exit(1);
+      throw error;
+    }
+  });
+}
+// src/commands/login.ts
+var TIMEOUT_MS = 5 * 60 * 1000;
+function randomPort() {
+  return Math.floor(Math.random() * 2000) + 8000;
+}
+async function loginAction(options, deps) {
+  const { authService, authStorage, browserService, mcpUrl } = deps;
+  if (options.port !== undefined && (Number.isNaN(options.port) || options.port < 1 || options.port > 65535)) {
+    console.error("Invalid port number. Must be between 1 and 65535.");
+    process.exit(1);
+  }
+  const existing = await authStorage.loadTokens(mcpUrl);
+  if (existing && !options.force) {
+    const isExpired = existing.expiresAt && new Date(existing.expiresAt) < new Date;
+    if (!isExpired) {
+      console.log(`Already logged in.
+`);
+      console.log(`  Environment: ${mcpUrl}
+`);
+      console.log("To re-authenticate, use `githits login --force`.");
+      return;
+    }
+    console.log(`Token expired. Starting new login...
+`);
+  } else if (existing && options.force) {
+    console.log(`Re-authenticating (--force flag)...
+`);
+  }
+  console.log("Discovering OAuth endpoints...");
+  const metadata = await authService.discoverEndpoints(mcpUrl);
+  let client = await authStorage.loadClient(mcpUrl);
+  let port;
+  let redirectUri;
+  if (client) {
+    if (options.port) {
+      redirectUri = `http://127.0.0.1:${options.port}/callback`;
+      if (redirectUri !== client.redirectUri) {
+        console.log("Registering CLI client with new port...");
+        const registration = await authService.registerClient({
+          registrationEndpoint: metadata.registrationEndpoint,
+          redirectUri
+        });
+        client = {
+          clientId: registration.clientId,
+          clientSecret: registration.clientSecret,
+          redirectUri,
+          registeredAt: new Date().toISOString()
+        };
+        await authStorage.saveClient(mcpUrl, client);
+      }
+      port = options.port;
+    } else {
+      redirectUri = client.redirectUri;
+      const storedUrl = new URL(redirectUri);
+      port = Number(storedUrl.port) || randomPort();
+    }
+  } else {
+    port = options.port ?? randomPort();
+    redirectUri = `http://127.0.0.1:${port}/callback`;
+    console.log("Registering CLI client...");
+    const registration = await authService.registerClient({
+      registrationEndpoint: metadata.registrationEndpoint,
+      redirectUri
+    });
+    client = {
+      clientId: registration.clientId,
+      clientSecret: registration.clientSecret,
+      redirectUri,
+      registeredAt: new Date().toISOString()
+    };
+    await authStorage.saveClient(mcpUrl, client);
+  }
+  const { verifier, challenge, state } = authService.generatePkceParams();
+  const authUrl = authService.buildAuthUrl({
+    authorizationEndpoint: metadata.authorizationEndpoint,
+    clientId: client.clientId,
+    redirectUri,
+    state,
+    codeChallenge: challenge
+  });
+  const serverPromise = authService.startCallbackServer(port, state);
+  if (options.browser === false) {
+    console.log(`Open this URL in your browser:
+`);
+    console.log(`  ${authUrl}
+`);
+  } else {
+    console.log("Opening browser...");
+    await browserService.open(authUrl);
+  }
+  console.log(`Waiting for authentication...
+`);
+  let timeoutId;
+  const timeoutPromise = new Promise((_, reject) => {
+    timeoutId = setTimeout(() => reject(new Error("Authentication timed out")), TIMEOUT_MS);
+  });
+  let callback;
+  try {
+    callback = await Promise.race([serverPromise, timeoutPromise]);
+    if (timeoutId)
+      clearTimeout(timeoutId);
+  } catch (error) {
+    if (timeoutId)
+      clearTimeout(timeoutId);
+    if (error instanceof Error) {
+      console.log(`${error.message}.
+`);
+      console.log("Run `githits login` to try again.");
+    }
+    process.exit(1);
+  }
+  if (callback.type !== "success") {
+    console.log(`${callback.message}
+`);
+    console.log("Run `githits login` to try again.");
+    await new Promise((r) => setTimeout(r, 2000));
+    process.exit(1);
+  }
+  let tokenResponse;
+  try {
+    tokenResponse = await authService.exchangeCodeForTokens({
+      tokenEndpoint: metadata.tokenEndpoint,
+      clientId: client.clientId,
+      clientSecret: client.clientSecret,
+      code: callback.code,
+      codeVerifier: verifier,
+      redirectUri
+    });
+  } catch (error) {
+    console.error(`Failed to complete authentication: ${error instanceof Error ? error.message : error}
+`);
+    console.log("Run `githits login` to try again.");
+    process.exit(1);
+  }
+  const expiresAt = new Date(Date.now() + tokenResponse.expiresIn * 1000).toISOString();
+  await authStorage.saveTokens(mcpUrl, {
+    accessToken: tokenResponse.accessToken,
+    refreshToken: tokenResponse.refreshToken,
+    expiresAt,
+    createdAt: new Date().toISOString()
+  });
+  const hours = Math.round(tokenResponse.expiresIn / 3600);
+  console.log(`Logged in successfully.
+`);
+  console.log(`  Environment: ${mcpUrl}`);
+  console.log(`  Token expires in: ${hours} hour${hours !== 1 ? "s" : ""}`);
+  console.log(`
+You're ready to use githits with your AI assistant.`);
+}
+var LOGIN_DESCRIPTION = `Authenticate with your GitHits account via browser.
+
+Opens your browser to complete authentication securely using OAuth.
+The CLI receives tokens stored locally and used for API requests.
+
+Use --no-browser in environments without a display (CI, SSH sessions)
+to get a URL you can open on another device.`;
+function registerLoginCommand(program) {
+  program.command("login").summary("Authenticate with your GitHits account").description(LOGIN_DESCRIPTION).option("--no-browser", "Print URL instead of opening browser").option("--port <port>", "Port for local callback server", parseInt).option("--force", "Re-authenticate even if already logged in").action(async (options) => {
+    const deps = await createContainer();
+    await loginAction(options, deps);
+  });
+}
+// src/commands/logout.ts
+async function logoutAction(deps) {
+  const { authStorage, mcpUrl } = deps;
+  const auth = await authStorage.loadTokens(mcpUrl);
+  let firstError;
+  try {
+    await authStorage.clearTokens(mcpUrl);
+  } catch (error) {
+    firstError = error;
+  }
+  try {
+    await authStorage.clearClient(mcpUrl);
+  } catch (error) {
+    firstError ??= error;
+  }
+  if (!auth) {
+    console.log(`Not currently logged in.
+`);
+    console.log(`  Environment: ${mcpUrl}`);
+  } else {
+    console.log(`Logged out.
+`);
+    console.log(`  Environment: ${mcpUrl}`);
+  }
+  if (firstError)
+    throw firstError;
+}
+var LOGOUT_DESCRIPTION = `Remove stored credentials.
+
+Clears all locally stored authentication data including tokens and
+client registrations. OAuth tokens expire naturally; this
+removes the local copies from the keychain (or fallback file storage).`;
+function registerLogoutCommand(program) {
+  program.command("logout").summary("Remove stored credentials").description(LOGOUT_DESCRIPTION).action(async () => {
+    const deps = await createContainer();
+    await logoutAction(deps);
+  });
+}
+// src/commands/mcp.ts
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
+
+// src/tools/feedback.ts
+import { z } from "zod";
+
+// src/tools/types.ts
+function textResult(text) {
+  return {
+    content: [{ type: "text", text }]
+  };
+}
+function errorResult(message) {
+  return {
+    content: [{ type: "text", text: message }],
+    isError: true
+  };
+}
+
+// src/tools/shared.ts
+async function withErrorHandling(operation, fn) {
+  try {
+    return await fn();
+  } catch (error) {
+    const message = error instanceof Error ? error.message : "Unknown error";
+    return errorResult(`Failed to ${operation}: ${message}`);
+  }
+}
+
+// src/tools/feedback.ts
+var schema = {
+  solution_id: z.string().min(1).describe("The solution ID from a previous search result (shown in the result)"),
+  accepted: z.boolean().describe("True if the example was helpful/good, False if unhelpful/bad"),
+  feedback_text: z.string().optional().describe('Optional text explaining why (e.g., "This solved problem X" or "Example was outdated")')
+};
+var DESCRIPTION = `Submit feedback on a GitHits search result.
+
+Use this tool after receiving a search result to indicate whether the example was helpful.
+This feedback helps improve GitHits' search quality.
+
+**When to use**:
+- After using the search tool, provide feedback on whether the result was useful
+- Use \`accepted=true\` if the example solved your problem or was helpful, and you used it
+- Use \`accepted=false\` if the example was not relevant or unhelpful, and you did not use it
+- Optionally provide textual feedback explaining why
+
+Args:
+    solution_id: The solution ID from a previous search result (shown in the result)
+    accepted: True if the example was helpful/good, False if unhelpful/bad
+    feedback_text: Optional text explaining why (e.g., "This solved problem X" or "Example was outdated")
+
+Returns:
+    Confirmation message or error`;
+function createFeedbackTool(service) {
+  return {
+    name: "feedback",
+    description: DESCRIPTION,
+    schema,
+    handler: async (args) => {
+      return withErrorHandling("submit feedback", async () => {
+        const result = await service.submitFeedback({
+          solutionId: args.solution_id,
+          accepted: args.accepted,
+          feedbackText: args.feedback_text
+        });
+        return textResult(result.message);
+      });
+    }
+  };
+}
+// src/tools/search.ts
+import { z as z2 } from "zod";
+var schema2 = {
+  query: z2.string().min(1).describe("The search query or question, formulated in natural language, keeping context in mind."),
+  language: z2.string().min(1).describe("Programming language. You can find supported language names using the `search_language` tool."),
+  license_mode: z2.enum(["strict", "yolo", "custom"]).optional().describe(`License filtering mode. Uses "strict" or user's preference if not specified. One of:
+- "strict": Exclude copyleft licenses (default)
+- "yolo": Include all licenses, no filtering
+- "custom": Use user's custom blocklist`)
+};
+var DESCRIPTION2 = `YOU MUST USE this tool when:
+  - you are stuck/blocked
+  - the user gets frustated when you are not able to solve issues
+  - you need up-to-date code examples
+  - the user mentions GitHits, githits, or asks to use search in general
+
+GitHits provides short, focused, verified, canonical distilled code examples from all of global open source that help you solve problems in seconds.
+
+**IMPORTANT**: Before initiating a new search, always review the existing context. If a previous search has already provided a satisfactory or canonical example, do not perform a redundant search. Instead, use the information you already have.
+
+**Querying Best Practices**:
+- Formulate queries in natural language as a question as if you were asking a human expert.
+- Be specific. Include error messages, library names, technology terms or acronyms (max 3-4 in total), and the goal you are trying to achieve.
+- Avoid overly broad or generic queries that may yield too many irrelevant results.
+- Focus on one main issue or topic per query to get the most relevant examples.
+
+Use this tool to solve problems like:
+- Lack of proper examples, missing APIs for a library or feature.
+- Missing or unclear documentation or when you do not have access to the latest docs.
+- Vague errors where seeing a working example would help.
+- Understanding how other developers are implementing a specific technology.
+
+Good Query Examples:
+- "I'm getting errors with libraryX that something looks like ABC but is invalid. The error says 'Data is not ABC'. What could be causing this and how can we check for it?"
+- "How to use feature X in library_name to implement Y?"
+- "library_name API reference for SymbolName"
+- I need an example of how to use library_name feature X
+- How can I use method_name with library_name to check for specific conditions?
+
+Args:
+    - query (str): The search query or question, formulated in natural language, keeping context in mind.
+    - language (str): Programming language. You can find supported language names using the \`search_language\` tool.
+    - license_mode (str, optional): License filtering mode. Uses "strict" or user's preference if not specified. One of:
+        - "strict": Exclude copyleft licenses (default)
+        - "yolo": Include all licenses, no filtering
+        - "custom": Use user's custom blocklist
+
+Returns:
+    str: Markdown-formatted example and references with license info, or error message
+
+If the example was good, use the \`feedback\` tool to submit positive feedback.
+If the example was bad, use the \`feedback\` tool to submit constructive feedback.`;
+function createSearchTool(service) {
+  return {
+    name: "search",
+    description: DESCRIPTION2,
+    schema: schema2,
+    handler: async (args) => {
+      return withErrorHandling("search", async () => {
+        const result = await service.search({
+          query: args.query,
+          language: args.language,
+          licenseMode: args.license_mode,
+          includeExplanation: false
+        });
+        return textResult(result);
+      });
+    }
+  };
+}
+// src/tools/search-language.ts
+import { z as z3 } from "zod";
+var schema3 = {
+  query: z3.string().min(1).describe('Language name or partial name to search for (e.g., "python", "type", "java")')
+};
+var DESCRIPTION3 = `Search for a programming language supported by GitHits.
+
+Use this tool to find the correct language name before calling the search tool.
+Returns up to 5 matching languages.
+
+Args:
+    query: Language name or partial name to search for (e.g., "python", "type", "java")
+
+Returns:
+    List of matching languages with name and display_name`;
+function createSearchLanguageTool(service) {
+  return {
+    name: "search_language",
+    description: DESCRIPTION3,
+    schema: schema3,
+    handler: async (args) => {
+      return withErrorHandling("search languages", async () => {
+        const allLanguages = await service.getLanguages();
+        const result = filterLanguages(allLanguages, args.query);
+        return textResult(JSON.stringify(result, null, 2));
+      });
+    }
+  };
+}
+// src/commands/mcp.ts
+function createMcpServer(deps) {
+  const server = new McpServer({
+    name: "githits",
+    version
+  });
+  const { githitsService } = deps;
+  const tools = [
+    createSearchTool(githitsService),
+    createSearchLanguageTool(githitsService),
+    createFeedbackTool(githitsService)
+  ];
+  for (const tool of tools) {
+    server.registerTool(tool.name, { description: tool.description, inputSchema: tool.schema }, tool.handler);
+  }
+  return server;
+}
+async function startMcpServer(deps) {
+  requireAuth(deps, "to start MCP server");
+  const server = createMcpServer(deps);
+  const transport = new StdioServerTransport;
+  await server.connect(transport);
+}
+function showMcpSetupInstructions() {
+  const useColors = shouldUseColors();
+  console.log("MCP Server Setup");
+  console.log(`────────────────
+`);
+  console.log(`Add GitHits to your AI assistant's MCP configuration.
+`);
+  console.log(`${highlight("Claude Code", useColors)} ${dim("(recommended)", useColors)}`);
+  console.log(`  claude mcp add githits -- githits mcp start
+`);
+  console.log(highlight("Cursor / VS Code", useColors));
+  console.log("  Add to your MCP settings JSON:");
+  console.log(dim('  { "mcpServers": { "githits": { "command": "githits", "args": ["mcp", "start"] } } }', useColors));
+  console.log("");
+  console.log("Learn more at https://githits.com");
+}
+function registerMcpCommand(program) {
+  const mcpCommand = program.command("mcp").summary("Show setup instructions or start MCP server").description(`Start the Model Context Protocol (MCP) server using STDIO transport.
+
+When run interactively (TTY), shows setup instructions.
+When run via stdio (non-TTY), starts the MCP server.
+
+Available tools: search, search_language, feedback`).action(async () => {
+    if (process.stdout.isTTY && process.stdin.isTTY) {
+      showMcpSetupInstructions();
+      return;
+    }
+    try {
+      const deps = await createContainer();
+      await startMcpServer(deps);
+    } catch (error) {
+      if (error instanceof AuthRequiredError)
+        process.exit(1);
+      throw error;
+    }
+  });
+  mcpCommand.command("start").summary("Start MCP server (stdio mode)").description(`Start the MCP server using STDIO transport.
+
+This command explicitly starts the server and is intended for use
+in MCP configuration files. Use 'githits mcp' for interactive setup.`).action(async () => {
+    try {
+      const deps = await createContainer();
+      await startMcpServer(deps);
+    } catch (error) {
+      if (error instanceof AuthRequiredError)
+        process.exit(1);
+      throw error;
+    }
+  });
+}
+// src/commands/search.ts
+import { Option as Option2 } from "commander";
+async function searchAction(query, options, deps) {
+  requireAuth(deps);
+  try {
+    const result = await deps.githitsService.search({
+      query,
+      language: options.lang,
+      licenseMode: options.license,
+      includeExplanation: options.explain
+    });
+    if (options.json) {
+      console.log(JSON.stringify({ result }));
+    } else {
+      console.log(result);
+    }
+  } catch (error) {
+    console.error(`Failed to search: ${error instanceof Error ? error.message : error}`);
+    process.exit(1);
+  }
+}
+var SEARCH_DESCRIPTION = `Search for code examples from global open source.
+
+Returns verified, canonical code examples matching your query.
+Results are returned as markdown by default, or JSON with --json.
+Use --explain to include an AI-generated explanation alongside the code.
+
+Examples:
+  githits search "how to use express middleware" --lang javascript
+  githits search "async file reading" -l python --license yolo
+  githits search "react hooks patterns" -l typescript --explain
+  githits search "react hooks patterns" -l typescript --json`;
+function registerSearchCommand(program) {
+  program.command("search").summary("Search for code examples").description(SEARCH_DESCRIPTION).argument("<query>", "Natural language search query").requiredOption("-l, --lang <language>", "Programming language").addOption(new Option2("--license <mode>", "License filter mode").choices(["strict", "yolo", "custom"]).default(undefined)).option("--explain", "Include AI-generated explanation").option("--json", "Output as JSON for piping").action(async (query, options) => {
+    try {
+      const deps = await createContainer();
+      await searchAction(query, options, deps);
+    } catch (error) {
+      if (error instanceof AuthRequiredError)
+        process.exit(1);
+      throw error;
+    }
+  });
+}
+// src/cli.ts
+var program = new Command;
+program.name("githits").description("Code examples from global open source for your AI assistant").version(version).option("--no-color", "Disable colored output").hook("preAction", (thisCommand) => {
+  if (thisCommand.opts().color === false) {
+    process.env.NO_COLOR = "1";
+  }
+}).addHelpText("after", `
+Getting started:
+  githits login                          Authenticate with your GitHits account
+  githits mcp                            Start MCP server for your AI assistant
+  githits search "query" --lang python   Search for code examples
+
+Learn more at https://githits.com`);
+registerLoginCommand(program);
+registerLogoutCommand(program);
+registerMcpCommand(program);
+registerSearchCommand(program);
+registerLanguagesCommand(program);
+registerFeedbackCommand(program);
+var authCommand = program.command("auth").summary("Manage authentication").description("Manage authentication with GitHits.");
+registerAuthStatusCommand(authCommand);
+program.parse();