mcp-use 0.1.19 → 0.2.0

package/dist/src/logging.js

@@ -1,6 +1,19 @@
-import fs from 'node:fs';
-import path from 'node:path';
 import { createLogger, format, transports } from 'winston';
+// Conditional imports for Node.js-only modules
+async function getNodeModules() {
+    if (typeof process !== 'undefined' && process.platform) {
+        try {
+            // Use dynamic imports for Node.js environments
+            const fs = await import('node:fs');
+            const path = await import('node:path');
+            return { fs: fs.default, path: path.default };
+        }
+        catch {
+            return { fs: null, path: null };
+        }
+    }
+    return { fs: null, path: null };
+}
 const { combine, timestamp, label, printf, colorize, splat } = format;
 const DEFAULT_LOGGER_NAME = 'mcp-use';
 // Environment detection function (similar to telemetry)
@@ -19,8 +32,7 @@ function isNodeJSEnvironment() {
             && typeof process.platform !== 'undefined'
             && typeof __dirname !== 'undefined');
         // Check for Node.js modules
-        const hasNodeModules = (typeof fs !== 'undefined'
-            && typeof createLogger === 'function');
+        const hasNodeModules = (typeof createLogger === 'function');
         return hasNodeGlobals && hasNodeModules;
     }
     catch {
@@ -57,27 +69,27 @@ class SimpleConsoleLogger {
     }
     info(message) {
         if (this.shouldLog('info')) {
-            console.info(this.formatMessage('info', message)); // eslint-disable-line no-console
+            console.info(this.formatMessage('info', message));
         }
     }
     debug(message) {
         if (this.shouldLog('debug')) {
-            console.debug(this.formatMessage('debug', message)); // eslint-disable-line no-console
+            console.debug(this.formatMessage('debug', message));
         }
     }
     http(message) {
         if (this.shouldLog('http')) {
-            console.log(this.formatMessage('http', message)); // eslint-disable-line no-console
+            console.log(this.formatMessage('http', message));
         }
     }
     verbose(message) {
         if (this.shouldLog('verbose')) {
-            console.log(this.formatMessage('verbose', message)); // eslint-disable-line no-console
+            console.log(this.formatMessage('verbose', message));
         }
     }
     silly(message) {
         if (this.shouldLog('silly')) {
-            console.log(this.formatMessage('silly', message)); // eslint-disable-line no-console
+            console.log(this.formatMessage('silly', message));
         }
     }
     // Make it compatible with Winston interface
@@ -144,13 +156,15 @@ export class Logger {
                 return minimalFormatter;
         }
     }
-    static configure(options = {}) {
+    static async configure(options = {}) {
         const { level, console = true, file, format = 'minimal' } = options;
         const debugEnv = (typeof process !== 'undefined' && process.env?.DEBUG) || undefined;
         const resolvedLevel = level ?? resolveLevel(debugEnv);
         this.currentFormat = format;
         const root = this.get();
         root.level = resolvedLevel;
+        // Winston-specific configuration for Node.js environments
+        const winstonRoot = root;
         // For non-Node.js environments, just update the level
         if (!isNodeJSEnvironment()) {
             Object.values(this.simpleInstances).forEach((logger) => {
@@ -158,18 +172,19 @@ export class Logger {
             });
             return;
         }
-        // Winston-specific configuration for Node.js environments
-        const winstonRoot = root;
         winstonRoot.clear();
         if (console) {
             winstonRoot.add(new transports.Console());
         }
         if (file) {
-            const dir = path.dirname(path.resolve(file));
-            if (!fs.existsSync(dir)) {
-                fs.mkdirSync(dir, { recursive: true });
+            const { fs: nodeFs, path: nodePath } = await getNodeModules();
+            if (nodeFs && nodePath) {
+                const dir = nodePath.dirname(nodePath.resolve(file));
+                if (!nodeFs.existsSync(dir)) {
+                    nodeFs.mkdirSync(dir, { recursive: true });
+                }
+                winstonRoot.add(new transports.File({ filename: file }));
             }
-            winstonRoot.add(new transports.File({ filename: file }));
         }
         // Update all existing Winston loggers with new format
         Object.values(this.instances).forEach((logger) => {

package/dist/src/managers/server_manager.js

@@ -36,7 +36,7 @@ export class ServerManager {
             'Active': this.activeServer === name ? '✅' : '❌',
         }));
         logger.info(`Server Manager State: [${context}]`);
-        console.table(tableData); // eslint-disable-line no-console
+        console.table(tableData);
     }
     initialize() {
         const serverNames = this.client.getServerNames?.();

package/dist/src/oauth-helper.d.ts

@@ -0,0 +1,135 @@
+/**
+ * OAuth helper for browser-based MCP authentication
+ *
+ * This helper provides OAuth 2.0 authorization code flow support for MCP servers
+ * that require authentication, such as Linear's MCP server.
+ */
+export interface OAuthConfig {
+    clientId?: string;
+    redirectUri: string;
+    scope?: string;
+    state?: string;
+    clientName?: string;
+}
+export interface OAuthDiscovery {
+    issuer: string;
+    authorization_endpoint: string;
+    token_endpoint: string;
+    registration_endpoint?: string;
+    response_types_supported: string[];
+    grant_types_supported: string[];
+    code_challenge_methods_supported: string[];
+    token_endpoint_auth_methods_supported?: string[];
+}
+export interface ClientRegistration {
+    client_id: string;
+    client_secret?: string;
+    registration_access_token?: string;
+    registration_client_uri?: string;
+    client_id_issued_at?: number;
+    client_secret_expires_at?: number;
+}
+export interface OAuthResult {
+    access_token: string;
+    token_type: string;
+    expires_at?: number | null;
+    refresh_token?: string | null;
+    scope?: string | null;
+}
+export interface OAuthState {
+    isRequired: boolean;
+    isAuthenticated: boolean;
+    isAuthenticating: boolean;
+    isCompletingOAuth: boolean;
+    authError: string | null;
+    oauthTokens: OAuthResult | null;
+}
+export declare class OAuthHelper {
+    private config;
+    private discovery?;
+    private state;
+    private clientRegistration?;
+    private serverUrl?;
+    private storageKey;
+    constructor(config: OAuthConfig);
+    /**
+     * Get current OAuth state
+     */
+    getState(): OAuthState;
+    /**
+     * Load client registration from localStorage
+     */
+    private loadClientRegistration;
+    /**
+     * Save client registration to localStorage
+     */
+    private saveClientRegistration;
+    /**
+     * Check if a server requires authentication by pinging the URL
+     */
+    checkAuthRequired(serverUrl: string): Promise<boolean>;
+    /**
+     * Fallback heuristics for determining auth requirements when direct checking fails
+     */
+    private checkAuthByHeuristics;
+    /**
+     * Discover OAuth configuration from a server
+     */
+    discoverOAuthConfig(serverUrl: string): Promise<OAuthDiscovery>;
+    /**
+     * Register a new OAuth client dynamically
+     */
+    registerClient(serverUrl: string): Promise<ClientRegistration>;
+    /**
+     * Generate authorization URL for OAuth flow
+     */
+    generateAuthUrl(serverUrl: string, additionalParams?: Record<string, string>): string;
+    /**
+     * Exchange authorization code for access token
+     */
+    exchangeCodeForToken(serverUrl: string, code: string, codeVerifier?: string): Promise<OAuthResult>;
+    /**
+     * Handle OAuth callback and extract authorization code
+     */
+    handleCallback(): {
+        code: string;
+        state: string;
+    } | null;
+    /**
+     * Start OAuth flow by opening popup window (similar to your implementation)
+     */
+    startOAuthFlow(serverUrl: string): Promise<void>;
+    /**
+     * Complete OAuth flow by exchanging code for token
+     */
+    completeOAuthFlow(serverUrl: string, code: string): Promise<OAuthResult>;
+    /**
+     * Reset authentication state
+     */
+    resetAuth(): void;
+    /**
+     * Set OAuth state (internal method)
+     */
+    private setState;
+    /**
+     * Generate a random state parameter for CSRF protection
+     */
+    private generateState;
+}
+/**
+ * Linear-specific OAuth configuration
+ */
+export declare const LINEAR_OAUTH_CONFIG: OAuthConfig;
+/**
+ * Helper function to create OAuth-enabled MCP configuration
+ */
+export declare function createOAuthMCPConfig(serverUrl: string, accessToken: string): {
+    mcpServers: {
+        linear: {
+            url: string;
+            authToken: string;
+            transport: string;
+        };
+    };
+};
+//# sourceMappingURL=oauth-helper.d.ts.map

package/dist/src/oauth-helper.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"oauth-helper.d.ts","sourceRoot":"","sources":["../../src/oauth-helper.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,MAAM,WAAW,WAAW;IAC1B,QAAQ,CAAC,EAAE,MAAM,CAAA;IACjB,WAAW,EAAE,MAAM,CAAA;IACnB,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,UAAU,CAAC,EAAE,MAAM,CAAA;CACpB;AAED,MAAM,WAAW,cAAc;IAC7B,MAAM,EAAE,MAAM,CAAA;IACd,sBAAsB,EAAE,MAAM,CAAA;IAC9B,cAAc,EAAE,MAAM,CAAA;IACtB,qBAAqB,CAAC,EAAE,MAAM,CAAA;IAC9B,wBAAwB,EAAE,MAAM,EAAE,CAAA;IAClC,qBAAqB,EAAE,MAAM,EAAE,CAAA;IAC/B,gCAAgC,EAAE,MAAM,EAAE,CAAA;IAC1C,qCAAqC,CAAC,EAAE,MAAM,EAAE,CAAA;CACjD;AAED,MAAM,WAAW,kBAAkB;IACjC,SAAS,EAAE,MAAM,CAAA;IACjB,aAAa,CAAC,EAAE,MAAM,CAAA;IACtB,yBAAyB,CAAC,EAAE,MAAM,CAAA;IAClC,uBAAuB,CAAC,EAAE,MAAM,CAAA;IAChC,mBAAmB,CAAC,EAAE,MAAM,CAAA;IAC5B,wBAAwB,CAAC,EAAE,MAAM,CAAA;CAClC;AAED,MAAM,WAAW,WAAW;IAC1B,YAAY,EAAE,MAAM,CAAA;IACpB,UAAU,EAAE,MAAM,CAAA;IAClB,UAAU,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC1B,aAAa,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;IAC7B,KAAK,CAAC,EAAE,MAAM,GAAG,IAAI,CAAA;CACtB;AAED,MAAM,WAAW,UAAU;IACzB,UAAU,EAAE,OAAO,CAAA;IACnB,eAAe,EAAE,OAAO,CAAA;IACxB,gBAAgB,EAAE,OAAO,CAAA;IACzB,iBAAiB,EAAE,OAAO,CAAA;IAC1B,SAAS,EAAE,MAAM,GAAG,IAAI,CAAA;IACxB,WAAW,EAAE,WAAW,GAAG,IAAI,CAAA;CAChC;AAED,qBAAa,WAAW;IACtB,OAAO,CAAC,MAAM,CAAa;IAC3B,OAAO,CAAC,SAAS,CAAC,CAAgB;IAClC,OAAO,CAAC,KAAK,CAAY;IACzB,OAAO,CAAC,kBAAkB,CAAC,CAAoB;IAC/C,OAAO,CAAC,SAAS,CAAC,CAAQ;IAC1B,OAAO,CAAC,UAAU,CAAQ;gBAEd,MAAM,EAAE,WAAW;IAgB/B;;OAEG;IACH,QAAQ,IAAI,UAAU;IAItB;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAkB9B;;OAEG;IACH,OAAO,CAAC,sBAAsB;IAc9B;;OAEG;IACG,iBAAiB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAkD5D;;OAEG;IACH,OAAO,CAAC,qBAAqB;IA6C7B;;OAEG;IACG,mBAAmB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC;IAiBrE;;OAEG;IACG,cAAc,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,kBAAkB,CAAC;IAuDpE;;OAEG;IACH,eAAe,CAAC,SAAS,EAAE,MAAM,EAAE,gBAAgB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,MAAM;IAqBrF;;OAEG;IACG,oBAAoB,CACxB,SAAS,EAAE,MAAM,EACjB,IAAI,EAAE,MAAM,EACZ,YAAY,CAAC,EAAE,MAAM,GACpB,OAAO,CAAC,WAAW,CAAC;IAoCvB;;OAEG;IACH,cAAc,IAAI;QAAE,IAAI,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,GAAG,IAAI;IAkBxD;;OAEG;IACG,cAAc,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAyCtD;;OAEG;IACG,iBAAiB,CAAC,SAAS,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC;IA8C9E;;OAEG;IACH,SAAS,IAAI,IAAI;IAsBjB;;OAEG;IACH,OAAO,CAAC,QAAQ;IAIhB;;OAEG;IACH,OAAO,CAAC,aAAa;CAItB;AAED;;GAEG;AACH,eAAO,MAAM,mBAAmB,EAAE,WAKjC,CAAA;AAED;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,SAAS,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM;;;;;;;;EAU1E"}

package/dist/src/oauth-helper.js

@@ -0,0 +1,427 @@
+/**
+ * OAuth helper for browser-based MCP authentication
+ *
+ * This helper provides OAuth 2.0 authorization code flow support for MCP servers
+ * that require authentication, such as Linear's MCP server.
+ */
+export class OAuthHelper {
+    config;
+    discovery;
+    state;
+    clientRegistration;
+    serverUrl;
+    storageKey;
+    constructor(config) {
+        this.config = config;
+        this.storageKey = `mcp-oauth-${btoa(config.redirectUri)}`;
+        this.state = {
+            isRequired: false,
+            isAuthenticated: false,
+            isAuthenticating: false,
+            isCompletingOAuth: false,
+            authError: null,
+            oauthTokens: null,
+        };
+        // Load persisted client registration
+        this.loadClientRegistration();
+    }
+    /**
+     * Get current OAuth state
+     */
+    getState() {
+        return { ...this.state };
+    }
+    /**
+     * Load client registration from localStorage
+     */
+    loadClientRegistration() {
+        try {
+            const stored = localStorage.getItem(this.storageKey);
+            if (stored) {
+                const data = JSON.parse(stored);
+                this.clientRegistration = data.clientRegistration;
+                this.serverUrl = data.serverUrl;
+                console.log('🔄 [OAuthHelper] Loaded persisted client registration:', {
+                    client_id: this.clientRegistration?.client_id,
+                    server: this.serverUrl,
+                });
+            }
+        }
+        catch (error) {
+            console.warn('⚠️ [OAuthHelper] Failed to load client registration:', error);
+        }
+    }
+    /**
+     * Save client registration to localStorage
+     */
+    saveClientRegistration() {
+        try {
+            const data = {
+                clientRegistration: this.clientRegistration,
+                serverUrl: this.serverUrl,
+            };
+            localStorage.setItem(this.storageKey, JSON.stringify(data));
+            console.log('💾 [OAuthHelper] Saved client registration to localStorage');
+        }
+        catch (error) {
+            console.warn('⚠️ [OAuthHelper] Failed to save client registration:', error);
+        }
+    }
+    /**
+     * Check if a server requires authentication by pinging the URL
+     */
+    async checkAuthRequired(serverUrl) {
+        console.log('🔍 [OAuthHelper] Checking auth requirement for:', serverUrl);
+        try {
+            const response = await fetch(serverUrl, {
+                method: 'GET',
+                headers: {
+                    'Accept': 'text/event-stream',
+                    'Cache-Control': 'no-cache',
+                },
+                redirect: 'manual',
+                signal: AbortSignal.timeout(10000), // 10 second timeout
+            });
+            console.log('🔍 [OAuthHelper] Auth check response:', {
+                status: response.status,
+                statusText: response.statusText,
+                url: serverUrl,
+            });
+            // 401 Unauthorized, 403 Forbidden, or 400 Bad Request means auth is required
+            if (response.status === 401 || response.status === 403 || response.status === 400) {
+                console.log('🔐 [OAuthHelper] Authentication required for:', serverUrl);
+                return true;
+            }
+            // Any other response (200, 404, 500, etc.) means no auth required
+            console.log('✅ [OAuthHelper] No authentication required for:', serverUrl);
+            return false;
+        }
+        catch (error) {
+            console.warn('⚠️ [OAuthHelper] Could not check auth requirement for:', serverUrl, error);
+            // Handle specific error types
+            if (error.name === 'TypeError'
+                && (error.message?.includes('CORS') || error.message?.includes('Failed to fetch'))) {
+                console.log('🔍 [OAuthHelper] CORS blocked direct check, using heuristics for:', serverUrl);
+                return this.checkAuthByHeuristics(serverUrl);
+            }
+            if (error.name === 'AbortError') {
+                console.log('⏰ [OAuthHelper] Request timeout, assuming no auth required for:', serverUrl);
+                return false;
+            }
+            // If we can't reach the server at all, try heuristics
+            return this.checkAuthByHeuristics(serverUrl);
+        }
+    }
+    /**
+     * Fallback heuristics for determining auth requirements when direct checking fails
+     */
+    checkAuthByHeuristics(serverUrl) {
+        console.log('🔍 [OAuthHelper] Using heuristics to determine auth for:', serverUrl);
+        // Known patterns that typically require auth
+        const authRequiredPatterns = [
+            /api\.githubcopilot\.com/i, // GitHub Copilot
+            /api\.github\.com/i, // GitHub API
+            /.*\.googleapis\.com/i, // Google APIs
+            /api\.openai\.com/i, // OpenAI
+            /api\.anthropic\.com/i, // Anthropic
+            /.*\.atlassian\.net/i, // Atlassian (Jira, Confluence)
+            /.*\.slack\.com/i, // Slack
+            /api\.notion\.com/i, // Notion
+            /api\.linear\.app/i, // Linear
+        ];
+        // Known patterns that typically don't require auth (public MCP servers)
+        const noAuthPatterns = [
+            /localhost/i, // Local development
+            /127\.0\.0\.1/, // Local development
+            /\.local/i, // Local development
+            /mcp\..*\.com/i, // Generic MCP server pattern (often public)
+        ];
+        // Check no-auth patterns first
+        for (const pattern of noAuthPatterns) {
+            if (pattern.test(serverUrl)) {
+                console.log('✅ [OAuthHelper] Heuristic: No auth required (matches no-auth pattern):', serverUrl);
+                return false;
+            }
+        }
+        // Check auth-required patterns
+        for (const pattern of authRequiredPatterns) {
+            if (pattern.test(serverUrl)) {
+                console.log('🔐 [OAuthHelper] Heuristic: Auth required (matches auth pattern):', serverUrl);
+                return true;
+            }
+        }
+        // Default: assume no auth required for unknown patterns
+        console.log('❓ [OAuthHelper] Heuristic: Unknown pattern, assuming no auth required:', serverUrl);
+        return false;
+    }
+    /**
+     * Discover OAuth configuration from a server
+     */
+    async discoverOAuthConfig(serverUrl) {
+        try {
+            const discoveryUrl = `${serverUrl}/.well-known/oauth-authorization-server`;
+            const response = await fetch(discoveryUrl);
+            if (!response.ok) {
+                throw new Error(`OAuth discovery failed: ${response.status} ${response.statusText}`);
+            }
+            this.discovery = await response.json();
+            return this.discovery;
+        }
+        catch (error) {
+            throw new Error(`Failed to discover OAuth configuration: ${error}`);
+        }
+    }
+    /**
+     * Register a new OAuth client dynamically
+     */
+    async registerClient(serverUrl) {
+        if (!this.discovery) {
+            throw new Error('OAuth discovery not performed. Call discoverOAuthConfig first.');
+        }
+        if (!this.discovery.registration_endpoint) {
+            throw new Error('Server does not support dynamic client registration');
+        }
+        try {
+            const registrationData = {
+                client_name: this.config.clientName || 'MCP Use Example',
+                redirect_uris: [this.config.redirectUri],
+                grant_types: ['authorization_code'],
+                response_types: ['code'],
+                token_endpoint_auth_method: 'none', // Use public client (no secret)
+                scope: this.config.scope || 'read write',
+            };
+            console.log('🔐 [OAuthHelper] Registering OAuth client dynamically:', {
+                registration_endpoint: this.discovery.registration_endpoint,
+                client_name: registrationData.client_name,
+                redirect_uri: this.config.redirectUri,
+            });
+            const response = await fetch(this.discovery.registration_endpoint, {
+                method: 'POST',
+                headers: {
+                    'Content-Type': 'application/json',
+                },
+                body: JSON.stringify(registrationData),
+            });
+            if (!response.ok) {
+                const errorText = await response.text();
+                throw new Error(`Client registration failed: ${response.status} ${response.statusText} - ${errorText}`);
+            }
+            this.clientRegistration = await response.json();
+            this.serverUrl = serverUrl;
+            this.saveClientRegistration();
+            console.log('✅ [OAuthHelper] Client registered successfully:', {
+                client_id: this.clientRegistration.client_id,
+                client_secret: this.clientRegistration.client_secret ? '***' : 'none',
+            });
+            return this.clientRegistration;
+        }
+        catch (error) {
+            console.error('❌ [OAuthHelper] Client registration failed:', error);
+            throw new Error(`Failed to register OAuth client: ${error}`);
+        }
+    }
+    /**
+     * Generate authorization URL for OAuth flow
+     */
+    generateAuthUrl(serverUrl, additionalParams) {
+        if (!this.discovery) {
+            throw new Error('OAuth discovery not performed. Call discoverOAuthConfig first.');
+        }
+        if (!this.clientRegistration) {
+            throw new Error('Client not registered. Call registerClient first.');
+        }
+        const params = new URLSearchParams({
+            client_id: this.clientRegistration.client_id,
+            redirect_uri: this.config.redirectUri,
+            response_type: 'code',
+            scope: this.config.scope || 'read',
+            state: this.config.state || this.generateState(),
+            ...additionalParams,
+        });
+        return `${this.discovery.authorization_endpoint}?${params.toString()}`;
+    }
+    /**
+     * Exchange authorization code for access token
+     */
+    async exchangeCodeForToken(serverUrl, code, codeVerifier) {
+        if (!this.discovery) {
+            throw new Error('OAuth discovery not performed. Call discoverOAuthConfig first.');
+        }
+        if (!this.clientRegistration) {
+            throw new Error('Client not registered. Call registerClient first.');
+        }
+        const body = new URLSearchParams({
+            grant_type: 'authorization_code',
+            client_id: this.clientRegistration.client_id,
+            code,
+            redirect_uri: this.config.redirectUri,
+        });
+        if (codeVerifier) {
+            body.append('code_verifier', codeVerifier);
+        }
+        const response = await fetch(this.discovery.token_endpoint, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/x-www-form-urlencoded',
+            },
+            body: body.toString(),
+        });
+        if (!response.ok) {
+            const error = await response.text();
+            throw new Error(`Token exchange failed: ${response.status} ${response.statusText} - ${error}`);
+        }
+        return await response.json();
+    }
+    /**
+     * Handle OAuth callback and extract authorization code
+     */
+    handleCallback() {
+        const urlParams = new URLSearchParams(window.location.search);
+        const code = urlParams.get('code');
+        const state = urlParams.get('state');
+        if (!code || !state) {
+            return null;
+        }
+        // Clean up URL
+        const url = new URL(window.location.href);
+        url.searchParams.delete('code');
+        url.searchParams.delete('state');
+        window.history.replaceState({}, '', url.toString());
+        return { code, state };
+    }
+    /**
+     * Start OAuth flow by opening popup window (similar to your implementation)
+     */
+    async startOAuthFlow(serverUrl) {
+        this.setState({
+            isAuthenticating: true,
+            authError: null,
+        });
+        try {
+            // Step 1: Discover OAuth configuration
+            await this.discoverOAuthConfig(serverUrl);
+            // Step 2: Register client dynamically (if not already registered)
+            if (!this.clientRegistration) {
+                await this.registerClient(serverUrl);
+            }
+            // Step 3: Generate authorization URL
+            const authUrl = this.generateAuthUrl(serverUrl);
+            // Step 4: Open popup window for authentication
+            const authWindow = window.open(authUrl, 'mcp-oauth', 'width=500,height=600,scrollbars=yes,resizable=yes,status=yes,location=yes');
+            if (!authWindow) {
+                throw new Error('Failed to open authentication window. Please allow popups for this site and try again.');
+            }
+            console.log('✅ [OAuthHelper] OAuth popup opened successfully');
+        }
+        catch (error) {
+            console.error('❌ [OAuthHelper] Failed to start OAuth flow:', error);
+            this.setState({
+                isAuthenticating: false,
+                authError: error instanceof Error ? error.message : 'Failed to start authentication',
+            });
+            throw error;
+        }
+    }
+    /**
+     * Complete OAuth flow by exchanging code for token
+     */
+    async completeOAuthFlow(serverUrl, code) {
+        this.setState({
+            isCompletingOAuth: true,
+            authError: null,
+        });
+        try {
+            // If we don't have discovery data, re-discover it
+            if (!this.discovery) {
+                console.log('🔍 [OAuthHelper] Re-discovering OAuth configuration for callback');
+                await this.discoverOAuthConfig(serverUrl);
+            }
+            // Only re-register if we don't have a client registration for this server
+            if (!this.clientRegistration || this.serverUrl !== serverUrl) {
+                console.log('🔐 [OAuthHelper] Re-registering client for callback');
+                await this.registerClient(serverUrl);
+            }
+            else {
+                console.log('🔄 [OAuthHelper] Using existing client registration for callback');
+            }
+            const tokenResponse = await this.exchangeCodeForToken(serverUrl, code);
+            this.setState({
+                isAuthenticating: false,
+                isAuthenticated: true,
+                isCompletingOAuth: false,
+                authError: null,
+                oauthTokens: tokenResponse,
+            });
+            console.log('✅ [OAuthHelper] OAuth flow completed successfully');
+            return tokenResponse;
+        }
+        catch (error) {
+            console.error('❌ [OAuthHelper] Failed to complete OAuth flow:', error);
+            this.setState({
+                isAuthenticating: false,
+                isCompletingOAuth: false,
+                authError: error instanceof Error ? error.message : 'Failed to complete authentication',
+            });
+            throw error;
+        }
+    }
+    /**
+     * Reset authentication state
+     */
+    resetAuth() {
+        this.setState({
+            isRequired: false,
+            isAuthenticated: false,
+            isAuthenticating: false,
+            isCompletingOAuth: false,
+            authError: null,
+            oauthTokens: null,
+        });
+        // Clear stored client registration
+        this.clientRegistration = undefined;
+        this.serverUrl = undefined;
+        try {
+            localStorage.removeItem(this.storageKey);
+            console.log('🗑️ [OAuthHelper] Cleared stored client registration');
+        }
+        catch (error) {
+            console.warn('⚠️ [OAuthHelper] Failed to clear client registration:', error);
+        }
+    }
+    /**
+     * Set OAuth state (internal method)
+     */
+    setState(newState) {
+        this.state = { ...this.state, ...newState };
+    }
+    /**
+     * Generate a random state parameter for CSRF protection
+     */
+    generateState() {
+        return Math.random().toString(36).substring(2, 15)
+            + Math.random().toString(36).substring(2, 15);
+    }
+}
+/**
+ * Linear-specific OAuth configuration
+ */
+export const LINEAR_OAUTH_CONFIG = {
+    // No clientId needed - will use dynamic client registration
+    redirectUri: typeof window !== 'undefined' ? window.location.origin + window.location.pathname : 'http://localhost:5174',
+    scope: 'read write',
+    clientName: 'MCP Use Example',
+};
+/**
+ * Helper function to create OAuth-enabled MCP configuration
+ */
+export function createOAuthMCPConfig(serverUrl, accessToken) {
+    return {
+        mcpServers: {
+            linear: {
+                url: serverUrl,
+                authToken: accessToken,
+                transport: 'sse',
+            },
+        },
+    };
+}