kontexted 0.1.5

package/dist/lib/logger.js

@@ -0,0 +1,76 @@
+import { appendFile, mkdir } from "node:fs/promises";
+import { homedir } from "node:os";
+import { join } from "node:path";
+const LOG_DIR = join(homedir(), ".kontexted");
+const LOG_FILE = join(LOG_DIR, "log.txt");
+let logEnabled = true;
+/**
+ * Set whether logging is enabled
+ */
+export function setLogEnabled(enabled) {
+    logEnabled = enabled;
+}
+/**
+ * Format a timestamp for log entries
+ */
+function formatTimestamp() {
+    return new Date().toISOString();
+}
+/**
+ * Write a log entry to the log file (fire-and-forget)
+ */
+function writeLog(level, message, data) {
+    if (!logEnabled)
+        return;
+    // Fire and forget - don't await, handle errors internally
+    (async () => {
+        try {
+            await mkdir(LOG_DIR, { recursive: true });
+            const timestamp = formatTimestamp();
+            let logLine = `[${timestamp}] [${level}] ${message}`;
+            if (data !== undefined) {
+                if (data instanceof Error) {
+                    logLine += ` | Error: ${data.message}\n${data.stack}`;
+                }
+                else {
+                    logLine += ` | ${JSON.stringify(data)}`;
+                }
+            }
+            logLine += "\n";
+            await appendFile(LOG_FILE, logLine, "utf-8");
+        }
+        catch {
+            // Silently fail if logging fails
+        }
+    })();
+}
+/**
+ * Log an info message (file only)
+ */
+export function logInfo(message, data) {
+    writeLog("INFO", message, data);
+}
+/**
+ * Log a debug message (file only)
+ */
+export function logDebug(message, data) {
+    writeLog("DEBUG", message, data);
+}
+/**
+ * Log a warning message (file only)
+ */
+export function logWarn(message, data) {
+    writeLog("WARN", message, data);
+}
+/**
+ * Log an error message (file only)
+ */
+export function logError(message, data) {
+    writeLog("ERROR", message, data);
+}
+/**
+ * Get the log file path
+ */
+export function getLogFilePath() {
+    return LOG_FILE;
+}

package/dist/lib/mcp-client.d.ts

@@ -0,0 +1,14 @@
+import { Client } from "@modelcontextprotocol/sdk/client/index.js";
+import { UnauthorizedError } from "@modelcontextprotocol/sdk/client/auth.js";
+import { StreamableHTTPClientTransport } from "@modelcontextprotocol/sdk/client/streamableHttp.js";
+import type { OAuthState } from "../types/index.js";
+/**
+ * Connect to remote MCP server with OAuth authentication
+ */
+export declare function connectRemoteClient(serverUrl: string, oauth: OAuthState, persist: () => Promise<void>, options: {
+    allowInteractive: boolean;
+}): Promise<{
+    client: Client;
+    transport: StreamableHTTPClientTransport;
+}>;
+export { UnauthorizedError };

package/dist/lib/mcp-client.js

@@ -0,0 +1,62 @@
+import { Client } from "@modelcontextprotocol/sdk/client/index.js";
+import { UnauthorizedError } from "@modelcontextprotocol/sdk/client/auth.js";
+import { StreamableHTTPClientTransport } from "@modelcontextprotocol/sdk/client/streamableHttp.js";
+import { URL } from "node:url";
+import { createOAuthProvider, waitForOAuthCallback, ensureValidTokens } from "../lib/oauth.js";
+import { logDebug, logWarn, logError } from "../lib/logger.js";
+/**
+ * Connect to remote MCP server with OAuth authentication
+ */
+export async function connectRemoteClient(serverUrl, oauth, persist, options) {
+    // Construct MCP URL from base server URL
+    const mcpUrl = `${serverUrl}/mcp`;
+    logDebug(`[MCP CLIENT] Connecting to MCP server: ${mcpUrl}`);
+    // Proactively refresh token if needed (non-interactive)
+    const tokensValid = await ensureValidTokens(oauth, persist, serverUrl);
+    if (!tokensValid) {
+        logWarn(`[MCP CLIENT] Token refresh failed or no tokens available`);
+        if (!options.allowInteractive) {
+            throw new Error("Authentication required. Run 'kontexted login' to authenticate.");
+        }
+        // Will fall through to interactive OAuth flow below
+    }
+    const oauthProvider = createOAuthProvider(oauth, persist, serverUrl);
+    const client = new Client({
+        name: "kontexted-cli",
+        version: "0.1.0",
+    });
+    const createTransport = () => new StreamableHTTPClientTransport(new URL(mcpUrl), {
+        authProvider: oauthProvider,
+    });
+    let transport = createTransport();
+    try {
+        logDebug(`[MCP CLIENT] Attempting initial connection...`);
+        await client.connect(transport);
+        logDebug(`[MCP CLIENT] Initial connection successful`);
+    }
+    catch (error) {
+        if (error instanceof UnauthorizedError) {
+            logWarn(`[MCP CLIENT] UnauthorizedError - authentication required`);
+            if (!options.allowInteractive) {
+                logError(`[MCP CLIENT] Interactive OAuth not allowed, throwing error`);
+                throw error;
+            }
+            // Interactive OAuth flow
+            logDebug(`[MCP CLIENT] Starting interactive OAuth flow...`);
+            const authCode = await waitForOAuthCallback();
+            await transport.finishAuth(authCode);
+            await transport.close();
+            // Reconnect with new tokens
+            logDebug(`[MCP CLIENT] Reconnecting with new OAuth tokens...`);
+            transport = createTransport();
+            await client.connect(transport);
+            logDebug(`[MCP CLIENT] Reconnection successful with OAuth tokens`);
+        }
+        else {
+            logError(`[MCP CLIENT] Connection error:`, error);
+            throw error;
+        }
+    }
+    return { client, transport };
+}
+export { UnauthorizedError };

package/dist/lib/oauth.d.ts

@@ -0,0 +1,42 @@
+import { URL } from "node:url";
+import type { OAuthState, OAuthTokens, OAuthClientInfo } from "../types/index.js";
+import type { OAuthClientMetadata } from "@modelcontextprotocol/sdk/shared/auth.js";
+/**
+ * Open the user's browser to the authorization URL
+ */
+export declare function openBrowser(url: string): void;
+/**
+ * Wait for OAuth callback on local server
+ */
+export declare function waitForOAuthCallback(): Promise<string>;
+/**
+ * OAuth provider that interfaces with MCP SDK
+ */
+export interface OAuthProvider {
+    readonly redirectUrl: string | URL;
+    readonly clientMetadata: OAuthClientMetadata;
+    clientInformation(): OAuthClientInfo | undefined | Promise<OAuthClientInfo | undefined>;
+    saveClientInformation?(clientInformation: OAuthClientInfo): void | Promise<void>;
+    tokens(): OAuthTokens | undefined | Promise<OAuthTokens | undefined>;
+    saveTokens(tokens: OAuthTokens): void | Promise<void>;
+    redirectToAuthorization(authorizationUrl: URL): void | Promise<void>;
+    saveCodeVerifier(codeVerifier: string): void | Promise<void>;
+    codeVerifier(): string | Promise<string>;
+    invalidateCredentials?(scope: "all" | "tokens" | "client" | "verifier"): void | Promise<void>;
+    getAuthorizationUrl(): Promise<URL>;
+    exchangeCodeForToken(authCode: string): Promise<OAuthTokens>;
+    refreshAccessToken(): Promise<OAuthTokens>;
+    registerClient(): Promise<OAuthClientInfo>;
+}
+/**
+ * Create an OAuth provider from stored state
+ */
+export declare function createOAuthProvider(oauth: OAuthState, persist: () => Promise<void>, serverUrl: string): OAuthProvider;
+/**
+ * Check if tokens need refresh and refresh them proactively
+ * Uses refresh token (non-interactive) - no browser popup
+ *
+ * @returns true if tokens are valid (either already valid or successfully refreshed)
+ */
+export declare function ensureValidTokens(oauth: OAuthState, persist: () => Promise<void>, serverUrl: string): Promise<boolean>;
+export declare function generateCodeVerifier(): string;

package/dist/lib/oauth.js

@@ -0,0 +1,383 @@
+import { createServer } from "node:http";
+import { exec } from "node:child_process";
+import process from "node:process";
+import { URL } from "node:url";
+import { logInfo, logDebug, logWarn, logError } from "../lib/logger.js";
+const CALLBACK_PORT = 8788;
+const CALLBACK_URL = `http://localhost:${CALLBACK_PORT}/callback`;
+const DEFAULT_CLIENT_METADATA = {
+    client_name: "Kontexted CLI",
+    redirect_uris: [CALLBACK_URL],
+    grant_types: ["authorization_code", "refresh_token"],
+    response_types: ["code"],
+    token_endpoint_auth_method: "none",
+};
+/**
+ * Open the user's browser to the authorization URL
+ */
+export function openBrowser(url) {
+    const platform = process.platform;
+    const command = platform === "darwin"
+        ? `open "${url}"`
+        : platform === "win32"
+            ? `start "" "${url}"`
+            : `xdg-open "${url}"`;
+    exec(command, async (error) => {
+        if (error) {
+            logError(`Failed to open browser: ${error.message}`);
+            console.error(`Open this URL manually: ${url}`);
+        }
+    });
+}
+/**
+ * Wait for OAuth callback on local server
+ */
+export function waitForOAuthCallback() {
+    return new Promise((resolve, reject) => {
+        const server = createServer((req, res) => {
+            if (req.url === "/favicon.ico") {
+                res.writeHead(404);
+                res.end();
+                return;
+            }
+            const parsedUrl = new URL(req.url ?? "", "http://localhost");
+            const code = parsedUrl.searchParams.get("code");
+            const error = parsedUrl.searchParams.get("error");
+            if (code) {
+                res.writeHead(200, { "Content-Type": "text/html" });
+                res.end("<p>Authorization complete. You can close this window.</p>");
+                setTimeout(() => {
+                    server.closeAllConnections();
+                    server.close(() => resolve(code));
+                }, 100);
+                return;
+            }
+            if (error) {
+                res.writeHead(400, { "Content-Type": "text/html" });
+                res.end(`<p>Authorization failed: ${error}</p>`);
+                setTimeout(() => {
+                    server.closeAllConnections();
+                    server.close(() => reject(new Error(`OAuth authorization failed: ${error}`)));
+                }, 100);
+                return;
+            }
+            res.writeHead(400, { "Content-Type": "text/plain" });
+            res.end("Missing authorization code.");
+            setTimeout(() => {
+                server.closeAllConnections();
+                server.close(() => reject(new Error("Missing authorization code.")));
+            }, 100);
+        });
+        server.listen(CALLBACK_PORT, () => {
+            console.log(`Waiting for OAuth callback on ${CALLBACK_URL}`);
+        });
+    });
+}
+/**
+ * Create an OAuth provider from stored state
+ */
+export function createOAuthProvider(oauth, persist, serverUrl) {
+    return {
+        get redirectUrl() {
+            return oauth?.redirectUrl ?? CALLBACK_URL;
+        },
+        get clientMetadata() {
+            return oauth?.clientMetadata ?? DEFAULT_CLIENT_METADATA;
+        },
+        clientInformation() {
+            return oauth?.clientInformation;
+        },
+        saveClientInformation: async (clientInformation) => {
+            oauth.clientInformation = clientInformation;
+            await persist();
+        },
+        tokens() {
+            return oauth?.tokens;
+        },
+        async saveTokens(tokens) {
+            logDebug("saveTokens called", {
+                expiresIn: tokens.expires_in,
+                expiresAt: tokens.expires_at,
+                hasRefreshToken: !!tokens.refresh_token,
+            });
+            // Calculate absolute expiry time if expires_in is provided
+            if (tokens.expires_in && !tokens.expires_at) {
+                tokens.expires_at = Math.floor(Date.now() / 1000) + tokens.expires_in;
+                logDebug("Calculated expires_at", { expiresAt: tokens.expires_at });
+            }
+            oauth.tokens = tokens;
+            oauth.serverUrl = serverUrl;
+            await persist();
+            logInfo("Tokens saved successfully");
+        },
+        redirectToAuthorization(authorizationUrl) {
+            logDebug(`[OAUTH] Opening browser for OAuth at: ${authorizationUrl.toString()}`);
+            openBrowser(authorizationUrl.toString());
+        },
+        async saveCodeVerifier(codeVerifier) {
+            oauth.codeVerifier = codeVerifier;
+            await persist();
+        },
+        codeVerifier() {
+            if (!oauth?.codeVerifier) {
+                throw new Error("Missing PKCE code verifier.");
+            }
+            return oauth.codeVerifier;
+        },
+        async invalidateCredentials(scope) {
+            if (!oauth)
+                return;
+            switch (scope) {
+                case "all":
+                case "tokens":
+                    delete oauth.tokens;
+                    if (scope === "tokens")
+                        break;
+                // fallthrough for 'all'
+                case "client":
+                    delete oauth.clientInformation;
+                    if (scope === "client")
+                        break;
+                // fallthrough for 'all'
+                case "verifier":
+                    delete oauth.codeVerifier;
+                    break;
+            }
+            await persist();
+        },
+        async getAuthorizationUrl() {
+            const state = generateState();
+            const verifier = generateCodeVerifier();
+            const challenge = await generateCodeChallenge(verifier);
+            // Store the code verifier for later token exchange
+            await this.saveCodeVerifier(verifier);
+            const baseUrl = new URL("/api/auth/oauth2/authorize", new URL(serverUrl).origin);
+            baseUrl.searchParams.set("response_type", "code");
+            baseUrl.searchParams.set("client_id", oauth.clientInformation?.client_id ?? "");
+            baseUrl.searchParams.set("redirect_uri", this.redirectUrl.toString());
+            baseUrl.searchParams.set("state", state);
+            baseUrl.searchParams.set("code_challenge", challenge);
+            baseUrl.searchParams.set("code_challenge_method", "S256");
+            baseUrl.searchParams.set("resource", serverUrl);
+            baseUrl.searchParams.set("scope", "openid profile email offline_access");
+            return baseUrl;
+        },
+        async exchangeCodeForToken(authCode) {
+            const verifier = await this.codeVerifier();
+            const tokenUrl = new URL("/api/auth/oauth2/token", new URL(serverUrl).origin);
+            logDebug(`[OAUTH] Exchanging code for token - URL: ${tokenUrl.toString()}`);
+            const response = await fetch(tokenUrl.toString(), {
+                method: "POST",
+                headers: {
+                    "Content-Type": "application/x-www-form-urlencoded",
+                },
+                body: new URLSearchParams({
+                    grant_type: "authorization_code",
+                    code: authCode,
+                    redirect_uri: this.redirectUrl.toString(),
+                    client_id: oauth.clientInformation?.client_id ?? "",
+                    client_secret: oauth.clientInformation?.client_secret ?? "",
+                    code_verifier: verifier,
+                    resource: serverUrl,
+                }),
+            });
+            logDebug(`[OAUTH] Token exchange response status: ${response.status}`);
+            if (!response.ok) {
+                const errorText = await response.text();
+                logError(`[OAUTH] Failed to exchange code for token - Status: ${response.status}, Error: ${errorText}`);
+                throw new Error(`Failed to exchange code for token: ${response.status} ${errorText}`);
+            }
+            const tokens = (await response.json());
+            logDebug("Token exchange response", {
+                hasAccessToken: !!tokens.access_token,
+                hasRefreshToken: !!tokens.refresh_token,
+                expiresIn: tokens.expires_in,
+                expiresAt: tokens.expires_at,
+                tokenType: tokens.token_type,
+                scope: tokens.scope,
+                fullResponse: JSON.stringify(tokens),
+            });
+            logDebug(`[OAUTH] Successfully exchanged code for token - Access token present: ${!!tokens.access_token}`);
+            await this.saveTokens(tokens);
+            return tokens;
+        },
+        async refreshAccessToken() {
+            const currentTokens = await this.tokens();
+            if (!currentTokens?.refresh_token) {
+                throw new Error("No refresh token available");
+            }
+            const tokenUrl = new URL("/api/auth/oauth2/token", new URL(serverUrl).origin);
+            logDebug(`[OAUTH] Refreshing access token - URL: ${tokenUrl.toString()}`);
+            const response = await fetch(tokenUrl.toString(), {
+                method: "POST",
+                headers: {
+                    "Content-Type": "application/x-www-form-urlencoded",
+                },
+                body: new URLSearchParams({
+                    grant_type: "refresh_token",
+                    refresh_token: currentTokens.refresh_token,
+                    client_id: oauth.clientInformation?.client_id ?? "",
+                    client_secret: oauth.clientInformation?.client_secret ?? "",
+                    resource: serverUrl,
+                }),
+            });
+            logDebug(`[OAUTH] Token refresh response status: ${response.status}`);
+            if (!response.ok) {
+                const errorText = await response.text();
+                logError(`[OAUTH] Failed to refresh access token - Status: ${response.status}, Error: ${errorText}`);
+                throw new Error(`Failed to refresh access token: ${response.status} ${errorText}`);
+            }
+            const tokens = (await response.json());
+            logDebug(`[OAUTH] Successfully refreshed access token`);
+            await this.saveTokens(tokens);
+            return tokens;
+        },
+        async registerClient() {
+            const registerUrl = new URL("/api/auth/oauth2/register", new URL(serverUrl).origin);
+            logDebug(`[OAUTH] Registering OAuth client - URL: ${registerUrl.toString()}`);
+            const response = await fetch(registerUrl.toString(), {
+                method: "POST",
+                headers: {
+                    "Content-Type": "application/json",
+                },
+                body: JSON.stringify(this.clientMetadata),
+            });
+            logDebug(`[OAUTH] Client registration response status: ${response.status}`);
+            if (!response.ok) {
+                const errorText = await response.text();
+                logError(`[OAUTH] Failed to register OAuth client - Status: ${response.status}, Error: ${errorText}`);
+                throw new Error(`Failed to register OAuth client: ${response.status} ${errorText}`);
+            }
+            const clientInfo = (await response.json());
+            logDebug(`[OAUTH] Successfully registered OAuth client - Client ID: ${clientInfo.client_id}`);
+            if (this.saveClientInformation) {
+                await this.saveClientInformation(clientInfo);
+            }
+            return clientInfo;
+        },
+    };
+}
+/**
+ * Buffer time in seconds before token is considered expired
+ * (refresh 5 minutes before actual expiry)
+ */
+const TOKEN_REFRESH_BUFFER_SECONDS = 30;
+/**
+ * Check if tokens need refresh and refresh them proactively
+ * Uses refresh token (non-interactive) - no browser popup
+ *
+ * @returns true if tokens are valid (either already valid or successfully refreshed)
+ */
+export async function ensureValidTokens(oauth, persist, serverUrl) {
+    const tokens = oauth.tokens;
+    logDebug("ensureValidTokens called", {
+        hasTokens: !!tokens,
+        hasAccessToken: !!tokens?.access_token,
+        hasRefreshToken: !!tokens?.refresh_token,
+        expiresAt: tokens?.expires_at,
+        expiresIn: tokens?.expires_in,
+        currentTime: Math.floor(Date.now() / 1000),
+        serverUrl,
+    });
+    // No tokens at all - need interactive login
+    if (!tokens?.access_token) {
+        logWarn("ensureValidTokens: No access token");
+        return false;
+    }
+    // Check if token is still valid (with buffer)
+    const now = Math.floor(Date.now() / 1000);
+    const bufferTime = now + TOKEN_REFRESH_BUFFER_SECONDS;
+    const isExpired = tokens.expires_at ? tokens.expires_at <= bufferTime : true;
+    logDebug("Token expiry check", {
+        expiresAt: tokens.expires_at,
+        currentTime: now,
+        bufferTime,
+        isExpired,
+    });
+    if (tokens.expires_at && !isExpired) {
+        logInfo("Access token still valid", {
+            expiresAt: tokens.expires_at,
+            remainingSeconds: tokens.expires_at - now
+        });
+        return true;
+    }
+    // Token is expired or expiring soon - try to refresh
+    if (!tokens.refresh_token) {
+        logWarn("ensureValidTokens: Token expired and no refresh token available");
+        return false;
+    }
+    logInfo("Access token expired or expiring soon, refreshing...", {
+        expiresAt: tokens.expires_at,
+        clientId: oauth.clientInformation?.client_id,
+    });
+    try {
+        const tokenUrl = new URL("/api/auth/oauth2/token", new URL(serverUrl).origin);
+        const requestBody = {
+            grant_type: "refresh_token",
+            refresh_token: tokens.refresh_token,
+            client_id: oauth.clientInformation?.client_id ?? "",
+            client_secret: oauth.clientInformation?.client_secret ?? "",
+            resource: serverUrl,
+        };
+        logDebug("Sending refresh token request", {
+            url: tokenUrl.toString(),
+            hasClientSecret: !!oauth.clientInformation?.client_secret,
+        });
+        const response = await fetch(tokenUrl.toString(), {
+            method: "POST",
+            headers: {
+                "Content-Type": "application/x-www-form-urlencoded",
+            },
+            body: new URLSearchParams(requestBody),
+        });
+        logDebug("Refresh token response", {
+            status: response.status,
+            statusText: response.statusText,
+        });
+        if (!response.ok) {
+            const errorText = await response.text();
+            logError("Token refresh failed", {
+                status: response.status,
+                error: errorText
+            });
+            return false;
+        }
+        const newTokens = (await response.json());
+        // Calculate absolute expiry time
+        if (newTokens.expires_in && !newTokens.expires_at) {
+            newTokens.expires_at = Math.floor(Date.now() / 1000) + newTokens.expires_in;
+        }
+        oauth.tokens = newTokens;
+        await persist();
+        logInfo("Token refresh successful", {
+            newExpiresAt: newTokens.expires_at,
+            newExpiresIn: newTokens.expires_in,
+        });
+        return true;
+    }
+    catch (error) {
+        logError("Error refreshing token", error);
+        return false;
+    }
+}
+function generateState() {
+    return Math.random().toString(36).substring(2, 15) +
+        Math.random().toString(36).substring(2, 15);
+}
+export function generateCodeVerifier() {
+    const array = new Uint8Array(32);
+    crypto.getRandomValues(array);
+    return btoa(String.fromCharCode(...array))
+        .replace(/\+/g, "-")
+        .replace(/\//g, "_")
+        .replace(/=/g, "");
+}
+async function generateCodeChallenge(verifier) {
+    const encoder = new TextEncoder();
+    const data = encoder.encode(verifier);
+    const hash = await crypto.subtle.digest("SHA-256", data);
+    return btoa(String.fromCharCode(...new Uint8Array(hash)))
+        .replace(/\+/g, "-")
+        .replace(/\//g, "_")
+        .replace(/=+$/, "");
+}

package/dist/lib/profile.d.ts

@@ -0,0 +1,37 @@
+import type { Config, Profile } from "../types/index.js";
+/**
+ * Get a profile by alias
+ * @param config - The configuration object
+ * @param alias - The profile alias to look up
+ * @returns The profile if found, null otherwise
+ */
+export declare function getProfile(config: Config, alias: string): Profile | null;
+/**
+ * Add or update a profile by alias
+ * @param config - The configuration object
+ * @param alias - The profile alias
+ * @param profile - The profile data to store
+ */
+export declare function addProfile(config: Config, alias: string, profile: Profile): void;
+/**
+ * Remove a profile by alias
+ * @param config - The configuration object
+ * @param alias - The profile alias to remove
+ */
+export declare function removeProfile(config: Config, alias: string): void;
+/**
+ * List all profiles with their aliases
+ * @param config - The configuration object
+ * @returns Array of profile entries with alias and profile data
+ */
+export declare function listProfiles(config: Config): Array<{
+    alias: string;
+    profile: Profile;
+}>;
+/**
+ * Check if a profile exists by alias
+ * @param config - The configuration object
+ * @param alias - The profile alias to check
+ * @returns True if the profile exists, false otherwise
+ */
+export declare function profileExists(config: Config, alias: string): boolean;

package/dist/lib/profile.js

@@ -0,0 +1,49 @@
+/**
+ * Get a profile by alias
+ * @param config - The configuration object
+ * @param alias - The profile alias to look up
+ * @returns The profile if found, null otherwise
+ */
+export function getProfile(config, alias) {
+    if (!config.profiles[alias]) {
+        return null;
+    }
+    return config.profiles[alias];
+}
+/**
+ * Add or update a profile by alias
+ * @param config - The configuration object
+ * @param alias - The profile alias
+ * @param profile - The profile data to store
+ */
+export function addProfile(config, alias, profile) {
+    config.profiles[alias] = profile;
+}
+/**
+ * Remove a profile by alias
+ * @param config - The configuration object
+ * @param alias - The profile alias to remove
+ */
+export function removeProfile(config, alias) {
+    delete config.profiles[alias];
+}
+/**
+ * List all profiles with their aliases
+ * @param config - The configuration object
+ * @returns Array of profile entries with alias and profile data
+ */
+export function listProfiles(config) {
+    return Object.entries(config.profiles).map(([alias, profile]) => ({
+        alias,
+        profile,
+    }));
+}
+/**
+ * Check if a profile exists by alias
+ * @param config - The configuration object
+ * @param alias - The profile alias to check
+ * @returns True if the profile exists, false otherwise
+ */
+export function profileExists(config, alias) {
+    return alias in config.profiles;
+}

package/dist/lib/proxy-server.d.ts

@@ -0,0 +1,12 @@
+import type { Client } from "@modelcontextprotocol/sdk/client/index.js";
+import type { McpTool } from "../types/index.js";
+export interface ProxyOptions {
+    client: Client;
+    workspaceSlug: string;
+    tools: McpTool[];
+    writeEnabled: boolean;
+}
+/**
+ * Start the MCP proxy server that bridges stdio to HTTP
+ */
+export declare function startProxyServer(options: ProxyOptions): Promise<void>;