neozip-mcp 0.1.0-beta

package/dist/tools/token-service-account.js

@@ -0,0 +1,143 @@
+import { z } from "zod";
+import { getTokenServiceUrl, registerEmail, verifyEmailCode, } from "neozip-blockchain/token-service";
+import { maskEmail } from "../util/mask.js";
+import { successResult, errorResult } from "../types/index.js";
+const serverUrlOptions = z
+    .object({
+    serverUrl: z.string().optional(),
+})
+    .optional();
+function resolveServerUrl(config, serverUrl) {
+    return getTokenServiceUrl({
+        serverUrl: serverUrl || config.tokenServiceUrl || undefined,
+    });
+}
+function buildServiceOptions(config, serverUrl) {
+    const options = {
+        serverUrl: resolveServerUrl(config, serverUrl),
+    };
+    if (config.debug)
+        options.debug = true;
+    return options;
+}
+async function fetchEmailVerificationStatus(email, serverUrl) {
+    const base = serverUrl.replace(/\/+$/, "");
+    const url = `${base}/auth/email-status?email=${encodeURIComponent(email)}`;
+    const response = await fetch(url);
+    if (!response.ok) {
+        const body = await response.text();
+        return {
+            verified: false,
+            error: `HTTP ${response.status}: ${body.slice(0, 200)}`,
+        };
+    }
+    const data = (await response.json());
+    return { verified: Boolean(data.verified) };
+}
+export const tokenServiceStatusParameters = z.object({
+    email: z.string().optional(),
+    options: serverUrlOptions,
+});
+export async function executeTokenServiceStatus(args, resourceLimiter, config) {
+    try {
+        const email = (args.email || config.recipientEmail || "").trim();
+        if (!email) {
+            return errorResult("Email required. Pass email or run neozip-connect to configure an account.");
+        }
+        const serverUrl = resolveServerUrl(config, args.options?.serverUrl);
+        const result = await resourceLimiter.withTimeout(async () => {
+            const status = await fetchEmailVerificationStatus(email, serverUrl);
+            if (status.error) {
+                throw new Error(status.error);
+            }
+            const lines = [];
+            lines.push("NeoZip Token Service account status");
+            lines.push(`Service URL: ${serverUrl}`);
+            lines.push(`Email: ${maskEmail(email)}`);
+            lines.push(`Verified: ${status.verified ? "yes" : "no"}`);
+            if (status.verified) {
+                lines.push("");
+                lines.push("This email can be used for timestamping after neozip-connect verify and reload MCP.");
+            }
+            else {
+                lines.push("");
+                lines.push("Email is not verified. Use token_service_register to send a code, then token_service_verify with the 6-digit code from your email.");
+            }
+            return lines.join("\n");
+        }, "token_service_status");
+        return successResult(result);
+    }
+    catch (err) {
+        return errorResult(err instanceof Error ? err.message : String(err));
+    }
+}
+export const tokenServiceRegisterParameters = z.object({
+    email: z.string(),
+    options: serverUrlOptions,
+});
+export async function executeTokenServiceRegister(args, resourceLimiter, config) {
+    try {
+        const email = args.email.trim();
+        if (!email) {
+            return errorResult("Email address is required.");
+        }
+        const serviceOptions = buildServiceOptions(config, args.options?.serverUrl);
+        const result = await resourceLimiter.withTimeout(async () => {
+            const response = await registerEmail(email, serviceOptions);
+            if (!response.success) {
+                throw new Error(response.error || response.message || "Registration failed.");
+            }
+            const lines = [];
+            lines.push("Verification email sent.");
+            lines.push(`Service URL: ${serviceOptions.serverUrl}`);
+            lines.push(`Email: ${maskEmail(email)}`);
+            if (response.message)
+                lines.push(response.message);
+            lines.push("");
+            lines.push("Check your inbox for a 6-digit code, then call token_service_verify with the same email and code.");
+            return lines.join("\n");
+        }, "token_service_register");
+        return successResult(result);
+    }
+    catch (err) {
+        return errorResult(err instanceof Error ? err.message : String(err));
+    }
+}
+export const tokenServiceVerifyParameters = z.object({
+    email: z.string(),
+    code: z.string(),
+    options: serverUrlOptions,
+});
+export async function executeTokenServiceVerify(args, resourceLimiter, config) {
+    try {
+        const email = args.email.trim();
+        const code = args.code.trim();
+        if (!email) {
+            return errorResult("Email address is required.");
+        }
+        if (!code) {
+            return errorResult("Verification code is required.");
+        }
+        const serviceOptions = buildServiceOptions(config, args.options?.serverUrl);
+        const result = await resourceLimiter.withTimeout(async () => {
+            const response = await verifyEmailCode(email, code, serviceOptions);
+            if (!response.success) {
+                throw new Error(response.error || response.message || "Verification failed.");
+            }
+            const lines = [];
+            lines.push("Email verified successfully.");
+            lines.push(`Service URL: ${serviceOptions.serverUrl}`);
+            lines.push(`Email: ${maskEmail(email)}`);
+            if (response.message)
+                lines.push(response.message);
+            lines.push("");
+            lines.push("Run neozip-connect verify with this email and code to store credentials, reload MCP, then use compress with timestamp: true or stamp.");
+            return lines.join("\n");
+        }, "token_service_verify");
+        return successResult(result);
+    }
+    catch (err) {
+        return errorResult(err instanceof Error ? err.message : String(err));
+    }
+}
+//# sourceMappingURL=token-service-account.js.map

package/dist/tools/upgrade.js

@@ -0,0 +1,60 @@
+import { z } from "zod";
+import * as fs from "fs";
+import { upgradeTimestampArchive } from "../archive/embed-metadata.js";
+import { requireTokenServiceConfigured } from "../token-service/require-configured.js";
+import { successResult, errorResult } from "../types/index.js";
+export const upgradeTimestampedParameters = z.object({
+    input: z.string(),
+    output: z.string().optional(),
+    options: z
+        .object({
+        serverUrl: z.string().optional(),
+        wait: z.boolean().optional(),
+        overwrite: z.boolean().optional(),
+    })
+        .optional(),
+});
+export async function executeUpgradeTimestamped(args, sandbox, resourceLimiter, config) {
+    try {
+        const tsErr = requireTokenServiceConfigured("upgrade_timestamped", config);
+        if (tsErr)
+            return errorResult(tsErr);
+        const inputPath = await sandbox.validatePath(args.input);
+        await resourceLimiter.checkFileSize(inputPath);
+        const overwrite = args.options?.overwrite ?? false;
+        const outputPath = args.output
+            ? await sandbox.validatePath(args.output, true)
+            : inputPath.replace(/\.(nzip|zip)$/i, "-upgraded.$1");
+        if (fs.existsSync(outputPath) && !overwrite) {
+            return errorResult(`Output file ${outputPath} already exists. Set overwrite: true to overwrite.`);
+        }
+        const result = await resourceLimiter.withTimeout(async () => {
+            const upgraded = await upgradeTimestampArchive(inputPath, outputPath, config, {
+                serverUrl: args.options?.serverUrl,
+                wait: args.options?.wait,
+            });
+            const lines = [];
+            lines.push("Upgrade Timestamped archive completed.");
+            lines.push(`Input: ${upgraded.inputPath}`);
+            lines.push(`Output: ${upgraded.outputPath}`);
+            lines.push("Archive type: timestamped (META-INF/TIMESTAMP.NZIP embedded)");
+            lines.push(`Merkle root: ${upgraded.merkleRoot}`);
+            if (upgraded.transactionHash) {
+                lines.push(`Transaction: ${upgraded.transactionHash}`);
+            }
+            if (upgraded.network)
+                lines.push(`Network: ${upgraded.network}`);
+            if (upgraded.blockNumber != null) {
+                lines.push(`Block: ${upgraded.blockNumber}`);
+            }
+            if (upgraded.tokenId)
+                lines.push(`Token ID: ${upgraded.tokenId}`);
+            return lines.join("\n");
+        }, "upgrade_timestamped");
+        return successResult(result);
+    }
+    catch (err) {
+        return errorResult(err instanceof Error ? err.message : String(err));
+    }
+}
+//# sourceMappingURL=upgrade.js.map

package/dist/tools/verify.js

@@ -0,0 +1,75 @@
+import { z } from "zod";
+import neozipkit from "neozipkit";
+const { HashCalculator } = neozipkit;
+import { openArchive } from "../archive/open-archive.js";
+import { extractEntryToBuffer } from "../archive/extract-entry-buffer.js";
+import neoBlockchain from "neozip-blockchain";
+const { ZipkitVerifier, TOKENIZED_METADATA } = neoBlockchain;
+import { successResult, errorResult } from "../types/index.js";
+export const verifyParameters = z.object({
+    input: z.string(),
+    options: z
+        .object({
+        password: z.string().optional(),
+        network: z.string().optional(),
+        skipHash: z.boolean().optional(),
+    })
+        .optional(),
+});
+export async function executeVerify(args, sandbox, resourceLimiter, config) {
+    try {
+        const result = await resourceLimiter.withTimeout(async () => {
+            const { archivePath, zip, entries } = await openArchive(args.input, sandbox, resourceLimiter, config, { password: args.options?.password });
+            const tokenEntry = entries.find((e) => (e.fileName || e.filename) === TOKENIZED_METADATA);
+            if (!tokenEntry) {
+                return "No token metadata (TOKEN.NZIP) found in archive. This ZIP has not been tokenized.";
+            }
+            const tokenBuffer = await extractEntryToBuffer(zip, tokenEntry);
+            if (!tokenBuffer) {
+                return "Failed to extract token metadata from archive.";
+            }
+            const verifier = new ZipkitVerifier({
+                debug: false,
+                skipHash: args.options?.skipHash,
+            });
+            const metadataResult = await verifier.extractTokenMetadata(tokenBuffer);
+            if (!metadataResult || !metadataResult.success || !metadataResult.metadata) {
+                return "Failed to parse token metadata.";
+            }
+            // Compute merkle root from entries
+            let calculatedMerkleRoot;
+            const hashCalc = new HashCalculator({ enableAccumulation: true });
+            let hasHashes = false;
+            for (const entry of entries) {
+                const e = entry;
+                if ((e.fileName || e.filename) === TOKENIZED_METADATA)
+                    continue;
+                if (e.sha256) {
+                    hashCalc.addHash(Buffer.from(e.sha256, "hex"));
+                    hasHashes = true;
+                }
+            }
+            if (hasHashes) {
+                calculatedMerkleRoot = hashCalc.merkleRoot();
+            }
+            const verificationResult = await verifier.verifyToken(metadataResult.metadata, calculatedMerkleRoot ?? null, { debug: false, skipHash: args.options?.skipHash });
+            const lines = [];
+            lines.push(`Verification: ${archivePath}`);
+            lines.push(`Status: ${verificationResult.success ? "VERIFIED" : "FAILED"}`);
+            if (verificationResult.verificationDetails?.tokenId)
+                lines.push(`Token ID: ${verificationResult.verificationDetails.tokenId}`);
+            if (verificationResult.verificationDetails?.network)
+                lines.push(`Network: ${verificationResult.verificationDetails.network}`);
+            if (calculatedMerkleRoot)
+                lines.push(`Calculated merkle root: ${calculatedMerkleRoot}`);
+            if (verificationResult.message)
+                lines.push(`Message: ${verificationResult.message}`);
+            return lines.join("\n");
+        }, "verify");
+        return successResult(result);
+    }
+    catch (err) {
+        return errorResult(err instanceof Error ? err.message : String(err));
+    }
+}
+//# sourceMappingURL=verify.js.map

package/dist/tools/wallet-config-status.js

@@ -0,0 +1,119 @@
+import { z } from "zod";
+import { getTokenServiceUrl } from "neozip-blockchain/token-service";
+import { hasConfiguredIdentityKey } from "../archive/identity-key.js";
+import { getConnectionStorePath } from "../connection/credentials.js";
+import { computeConnectionPhase } from "../connection/phase.js";
+import { maskEmail } from "../util/mask.js";
+import { successResult, errorResult } from "../types/index.js";
+export const walletConfigStatusParameters = z.object({
+    options: z
+        .object({
+        format: z.enum(["text", "json"]).optional(),
+    })
+        .optional(),
+});
+export function buildWalletConfigStatusReport(config, auth) {
+    const tokenServiceUrl = getTokenServiceUrl({
+        serverUrl: config.tokenServiceUrl || undefined,
+    });
+    let recipientDecryptUnwrapPath = null;
+    if (config.identityPrivateKeyHex?.trim()) {
+        recipientDecryptUnwrapPath = "env-hex";
+    }
+    else if (config.tokenServiceAccessToken?.trim() &&
+        config.walletKey?.trim()) {
+        recipientDecryptUnwrapPath = "wallet+token";
+    }
+    return {
+        capabilities: config.capabilities,
+        capabilitiesMode: config.capabilitiesMode,
+        walletKey: {
+            configured: auth.hasWalletKey(),
+            source: config.walletKeySource,
+        },
+        network: {
+            value: config.network,
+            source: config.networkSource,
+        },
+        recipientEmail: {
+            configured: Boolean(config.recipientEmail?.trim()),
+            masked: config.recipientEmail
+                ? maskEmail(config.recipientEmail)
+                : null,
+            source: config.recipientEmailSource,
+        },
+        tokenServiceUrl,
+        flags: {
+            identityPrivateKeyHex: Boolean(config.identityPrivateKeyHex?.trim()),
+            tokenServiceAccessToken: Boolean(config.tokenServiceAccessToken?.trim()),
+            apiKey: Boolean(config.apiKey?.trim()),
+        },
+        connection: {
+            storePath: getConnectionStorePath(),
+            activeId: config.mcpProfileActiveId,
+            phase: computeConnectionPhase(),
+        },
+        readiness: {
+            mintReady: auth.hasWalletKey(),
+            tokenizeReady: auth.hasWalletKey(),
+            timestampReady: Boolean(config.recipientEmail?.trim()),
+            recipientDecryptConfigured: hasConfiguredIdentityKey(config),
+            recipientDecryptUnwrapPath,
+        },
+        relatedTools: ["wallet_info", "identity_status", "token_service_status"],
+    };
+}
+export function formatWalletConfigStatusText(report) {
+    const lines = [];
+    lines.push("Wallet & MCP configuration status");
+    lines.push("=================================");
+    const modeHint = report.capabilitiesMode === "auto" ? " (auto)" : "";
+    lines.push(`Capabilities: ${report.capabilities.join(", ")}${modeHint}`);
+    lines.push("");
+    lines.push("Sources: neozip-connect profile (~/.neozip/connection/)");
+    lines.push(`  EVM wallet key: ${report.walletKey.configured ? "configured" : "not configured"} (source: ${report.walletKey.source ?? "none"})`);
+    lines.push(`  Network: ${report.network.value} (source: ${report.network.source})`);
+    if (report.recipientEmail.configured) {
+        lines.push(`  Recipient email: ${report.recipientEmail.masked} (source: ${report.recipientEmail.source})`);
+    }
+    else {
+        lines.push("  Recipient email: not configured");
+    }
+    lines.push(`  Token Service URL: ${report.tokenServiceUrl}`);
+    lines.push("");
+    lines.push("Connection:");
+    lines.push(`  Store: ${report.connection.storePath}`);
+    lines.push(`  Active connection: ${report.connection.activeId ?? "none"}`);
+    lines.push(`  Phase: ${report.connection.phase}`);
+    lines.push("");
+    lines.push("Secret flags (values never shown):");
+    lines.push(`  NEOZIP_IDENTITY_PRIVATE_KEY_HEX: ${report.flags.identityPrivateKeyHex ? "set" : "not set"}`);
+    lines.push(`  Token Service access token (connect): ${report.flags.tokenServiceAccessToken ? "configured" : "not configured"}`);
+    lines.push(`  NEOZIP_MCP_API_KEY: ${report.flags.apiKey ? "set" : "not set"}`);
+    lines.push("");
+    lines.push("Readiness:");
+    lines.push(`  mint: ${report.readiness.mintReady ? "ready" : "needs neozip-connect wallet"}`);
+    lines.push(`  tokenize (compress): ${report.readiness.tokenizeReady ? "ready" : "needs neozip-connect wallet"}`);
+    lines.push(`  timestamp/stamp: ${report.readiness.timestampReady ? "ready" : "needs neozip-connect verified email"}`);
+    lines.push(`  recipient decrypt configured: ${report.readiness.recipientDecryptConfigured ? "yes" : "no"}`);
+    if (report.readiness.recipientDecryptUnwrapPath) {
+        lines.push(`  recipient decrypt path: ${report.readiness.recipientDecryptUnwrapPath}`);
+    }
+    lines.push("");
+    lines.push(`Related: ${report.relatedTools.join(", ")} (balance/address via wallet_info; Token Service crypto via identity_status)`);
+    return lines.join("\n");
+}
+export async function executeWalletConfigStatus(args, config, auth) {
+    try {
+        const report = buildWalletConfigStatusReport(config, auth);
+        const format = args.options?.format ?? "text";
+        if (format === "json") {
+            return successResult(JSON.stringify({ success: true, ...report }, null, 2));
+        }
+        return successResult(formatWalletConfigStatusText(report));
+    }
+    catch (err) {
+        return errorResult(err instanceof Error ? err.message : String(err));
+    }
+}
+//# sourceMappingURL=wallet-config-status.js.map

package/dist/tools/wallet-info.js

@@ -0,0 +1,64 @@
+import { z } from "zod";
+import { ethers } from "ethers";
+import neoBlockchain from "neozip-blockchain";
+const { getNetworkByName, getChainIdByName, getSupportedNetworkNames } = neoBlockchain;
+import { AuthGuard } from "../security/auth.js";
+import { successResult, errorResult } from "../types/index.js";
+export const walletInfoParameters = z.object({
+    options: z
+        .object({
+        network: z.string().optional(),
+    })
+        .optional(),
+});
+export async function executeWalletInfo(args, auth, resourceLimiter, defaultNetwork) {
+    try {
+        const result = await resourceLimiter.withTimeout(async () => {
+            const network = args.options?.network || defaultNetwork;
+            const lines = [];
+            lines.push("Wallet & Network Status");
+            lines.push("=======================");
+            lines.push(`Network: ${network}`);
+            const chainId = getChainIdByName(network);
+            if (chainId) {
+                lines.push(`Chain ID: ${chainId}`);
+            }
+            const contractConfig = getNetworkByName(network);
+            if (contractConfig) {
+                lines.push(`Contract: ${contractConfig.address}`);
+            }
+            if (auth.hasWalletKey()) {
+                const key = auth.getWalletKey();
+                lines.push(`Wallet key: ${AuthGuard.maskKey(key)}`);
+                try {
+                    const wallet = new ethers.Wallet(key);
+                    lines.push(`Address: ${wallet.address}`);
+                    if (contractConfig?.rpcUrls?.length) {
+                        try {
+                            const provider = new ethers.JsonRpcProvider(contractConfig.rpcUrls[0]);
+                            const balance = await provider.getBalance(wallet.address);
+                            lines.push(`Balance: ${ethers.formatEther(balance)} ETH`);
+                        }
+                        catch {
+                            lines.push("Balance: unable to fetch (RPC unavailable)");
+                        }
+                    }
+                }
+                catch {
+                    lines.push("Wallet: invalid key format");
+                }
+            }
+            else {
+                lines.push("Wallet key: not configured");
+            }
+            lines.push("");
+            lines.push(`Supported networks: ${getSupportedNetworkNames().join(", ")}`);
+            return lines.join("\n");
+        }, "wallet_info");
+        return successResult(result);
+    }
+    catch (err) {
+        return errorResult(err instanceof Error ? err.message : String(err));
+    }
+}
+//# sourceMappingURL=wallet-info.js.map

package/dist/translators/index.js

@@ -0,0 +1,106 @@
+export function translateText(content) {
+    return {
+        content,
+        format: "text",
+        mimeType: "text/plain",
+    };
+}
+export function translateJson(content, options) {
+    const maxChars = options?.maxChars ?? 50000;
+    try {
+        const parsed = JSON.parse(content);
+        const pretty = JSON.stringify(parsed, null, 2);
+        if (pretty.length <= maxChars) {
+            return {
+                content: pretty,
+                format: "json",
+                mimeType: "application/json",
+            };
+        }
+        const truncated = pretty.slice(0, maxChars);
+        return {
+            content: `${truncated}\n\n/* JSON truncated: ${pretty.length} characters total */`,
+            format: "json",
+            truncated: true,
+            mimeType: "application/json",
+        };
+    }
+    catch {
+        return {
+            content,
+            format: "json-invalid",
+            mimeType: "text/plain",
+        };
+    }
+}
+export function translateCsv(content, options) {
+    const maxChars = options?.maxChars ?? 20000;
+    const maxRows = 50;
+    const maxCols = 20;
+    const lines = content.split(/\r?\n/).filter((l) => l.length > 0);
+    if (lines.length === 0) {
+        return { content: "", format: "csv", mimeType: "text/markdown" };
+    }
+    const rows = lines.slice(0, maxRows + 1).map((line) => {
+        const cells = [];
+        let current = "";
+        let inQuotes = false;
+        for (let i = 0; i < line.length; i++) {
+            const ch = line[i];
+            if (ch === '"') {
+                inQuotes = !inQuotes;
+            }
+            else if (ch === "," && !inQuotes) {
+                cells.push(current.trim());
+                current = "";
+            }
+            else {
+                current += ch;
+            }
+        }
+        cells.push(current.trim());
+        return cells.slice(0, maxCols);
+    });
+    const colCount = Math.max(...rows.map((r) => r.length));
+    const header = rows[0] ?? [];
+    const dataRows = rows.slice(1);
+    const pad = (cells) => {
+        const padded = [...cells];
+        while (padded.length < colCount)
+            padded.push("");
+        return padded;
+    };
+    const mdLines = [];
+    mdLines.push(`| ${pad(header).join(" | ")} |`);
+    mdLines.push(`| ${Array(colCount).fill("---").join(" | ")} |`);
+    for (const row of dataRows) {
+        mdLines.push(`| ${pad(row).join(" | ")} |`);
+    }
+    let result = mdLines.join("\n");
+    let truncated = false;
+    if (lines.length > maxRows + 1) {
+        result += `\n\n/* CSV truncated: showing ${maxRows} of ${lines.length - 1} data rows */`;
+        truncated = true;
+    }
+    if (result.length > maxChars) {
+        result = result.slice(0, maxChars) + "\n\n/* CSV output truncated to fit character limit */";
+        truncated = true;
+    }
+    return {
+        content: result,
+        format: "csv-markdown",
+        truncated,
+        mimeType: "text/markdown",
+    };
+}
+export function translateContent(entryPath, content, options) {
+    const ext = entryPath.includes(".")
+        ? entryPath.slice(entryPath.lastIndexOf(".")).toLowerCase()
+        : "";
+    if (ext === ".json")
+        return translateJson(content, options);
+    if (ext === ".csv")
+        return translateCsv(content, options);
+    return translateText(content);
+}
+//# sourceMappingURL=index.js.map

package/dist/types/index.js

@@ -0,0 +1,7 @@
+export function successResult(text) {
+    return { content: [{ type: "text", text }] };
+}
+export function errorResult(text) {
+    return { content: [{ type: "text", text: `Error: ${text}` }] };
+}
+//# sourceMappingURL=index.js.map

package/dist/util/mask.js

@@ -0,0 +1,30 @@
+import { spkiBase64ToRawHex } from "../archive/recipient-lookup.js";
+export function maskEmail(email) {
+    const normalized = email.trim();
+    const at = normalized.indexOf("@");
+    if (at <= 0)
+        return "***";
+    const local = normalized.slice(0, at);
+    const domain = normalized.slice(at);
+    if (local.length <= 2)
+        return `${local[0] ?? ""}***${domain}`;
+    return `${local.slice(0, 2)}***${domain}`;
+}
+/** Short fingerprint for X25519 SPKI (base64) or 64-char raw hex. */
+export function maskPublicKey(spkiOrHex) {
+    const trimmed = spkiOrHex.trim();
+    let rawHex;
+    try {
+        if (/^[0-9a-fA-F]{64}$/.test(trimmed.replace(/^0x/i, ""))) {
+            rawHex = trimmed.replace(/^0x/i, "").toLowerCase();
+        }
+        else {
+            rawHex = spkiBase64ToRawHex(trimmed);
+        }
+    }
+    catch {
+        return "invalid";
+    }
+    return `${rawHex.slice(0, 8)}…`;
+}
+//# sourceMappingURL=mask.js.map

package/dist/util/token-service-fetch.js

@@ -0,0 +1,23 @@
+function fetchCauseCode(err) {
+    if (err == null || typeof err !== "object")
+        return null;
+    const cause = err.cause;
+    if (cause == null || typeof cause !== "object")
+        return null;
+    const code = cause.code;
+    return typeof code === "string" ? code : null;
+}
+/** User-facing message when Token Service HTTP calls fail (e.g. local server not running). */
+export function formatTokenServiceFetchError(baseUrl, err) {
+    const message = err instanceof Error ? err.message : String(err);
+    const causeCode = fetchCauseCode(err);
+    if (message === "fetch failed" ||
+        causeCode === "ECONNREFUSED" ||
+        causeCode === "ENOTFOUND" ||
+        causeCode === "ECONNRESET" ||
+        causeCode === "EHOSTUNREACH") {
+        return `Token Service unreachable at ${baseUrl}. Is it running?`;
+    }
+    return `Token Service request failed (${baseUrl}): ${message}`;
+}
+//# sourceMappingURL=token-service-fetch.js.map