MCPcopy Index your code
hub / github.com/ChinaSiro/claude-code-sourcemap / _doRefresh

Method _doRefresh

package/cli.js:1787–1787  ·  view source on GitHub ↗
(q)

Source from the content-addressed store, hash-verified

1785[OUTPUT TRUNCATED - exceeded ${uy8()} token limit]
1786
1787The tool output was truncated. If this MCP server provides pagination or filtering tools, use them to retrieve specific portions of the data. If pagination is not available, inform the user that you are working with truncated output and results may be incomplete.`}function x$z(q,K){if(q.length<=K)return q;return q.slice(0,K)}async function I$z(q,K){let _=[],z=0;for(let Y of q)if(JL4(Y)){let $=K-z;if($<=0)break;if(Y.text.length<=$)_.push(Y),z+=Y.text.length;else{_.push({type:"text",text:Y.text.slice(0,$)});break}}else if(ML4(Y)){let $=HL4*4;if(z+$<=K)_.push(Y),z+=$;else{let A=K-z;if(A>0){let O=Math.floor(A*0.75);try{let w=await oX4(Y,O);if(_.push(w),w.source.type==="base64")z+=w.source.data.length;else z+=$}catch{}}}}else _.push(Y);return _}async function OB1(q){if(!q)return!1;if(ao6(q)<=uy8()*h$z)return!1;try{let z=await so6(typeof q==="string"?[{role:"user",content:q}]:[{role:"user",content:q}],[]);return!!(z&&z>uy8())}catch(_){return H6(_),!1}}async function u$z(q){if(!q)return q;let K=C$z(),_=b$z();if(typeof q==="string")return x$z(q,K)+_;else{let z=await I$z(q,K);return z.push({type:"text",text:_}),z}}async function wB1(q){if(!await OB1(q))return q;return await u$z(q)}var h$z=0.5,HL4=1600,S$z=25000;var jB1=y(()=>{o1();ON();RL();E8()});function PL4(q,{verbose:K}){if(Object.keys(q).length===0)return"";return Object.entries(q).map(([_,z])=>{let Y=g6(z);return`${_}: ${Y}`}).join(", ")}function WL4(q){let K=q.at(-1);if(!K?.data)return O5.createElement(s8,{height:1},O5.createElement(k,{dimColor:!0},"Running…"));let{progress:_,total:z,progressMessage:Y}=K.data;if(_===void 0)return O5.createElement(s8,{height:1},O5.createElement(k,{dimColor:!0},"Running…"));if(z!==void 0&&z>0){let $=Math.min(1,Math.max(0,_/z)),A=Math.round($*100);return O5.createElement(s8,null,O5.createElement(u,{flexDirection:"column"},Y&&O5.createElement(k,{dimColor:!0},Y),O5.createElement(u,{flexDirection:"row",gap:1},O5.createElement(oo6,{ratio:$,width:20}),O5.createElement(k,{dimColor:!0},A,"%"))))}return O5.createElement(s8,{height:1},O5.createElement(k,{dimColor:!0},Y??`Processing… ${_}`))}function my8(q,K,{verbose:_,input:z}){let Y=q;if(!_){let j=g$z(Y,z);if(j!==null)return O5.createElement(s8,{height:1},O5.createElement(k,null,"Sent a message to"," ",O5.createElement(B5,null,hq6(j.url,j.channel))))}let $=ao6(Y),O=$>m$z?`${t6.warning} Large MCP response (~${mK($)} tokens), this can fill up context quickly`:null,w;if(Array.isArray(Y)){let j=Y.map((H,J)=>{if(H.type==="image")return O5.createElement(u,{key:J,justifyContent:"space-between",overflowX:"hidden",width:"100%"},O5.createElement(s8,{height:1},O5.createElement(k,null,"[Image]")));let M=H.type==="text"&&"text"in H&&H.text!==null&&H.text!==void 0?String(H.text):"";return O5.createElement(uL,{key:J,content:M,verbose:_})});w=O5.createElement(u,{flexDirection:"column",width:"100%"},j)}else if(!Y)w=O5.createElement(u,{justifyContent:"space-between",overflowX:"hidden",width:"100%"},O5.createElement(s8,{height:1},O5.createElement(k,{dimColor:!0},"(No content)")));else w=O5.createElement(uL,{content:Y,verbose:_});if(O)return O5.createElement(u,{flexDirection:"column"},O5.createElement(s8,{height:1},O5.createElement(k,{color:"warning"},O)),w);return w}function p$z(q,{maxChars:K,maxKeys:_}){let z=q.trim();if(z.length===0||z.length>K||z[0]!=="{")return null;let Y;try{Y=r8(z)}catch{return null}if(Y===null||typeof Y!=="object"||Array.isArray(Y))return null;let $=Object.entries(Y);if($.length===0||$.length>_)return null;return $}function g$z(q,K){let _=q;if(Array.isArray(q)){let j=q.find((H)=>H.type==="text");_=j&&"text"in j?j.text:void 0}if(typeof _!=="string"||!_.includes('"message_link"'))return null;let Y=p$z(_,{maxChars:2000,maxKeys:6})?.find(([j])=>j==="message_link")?.[1];if(typeof Y!=="string")return null;let $=B$z.exec(Y);if(!$)return null;let A=K,O=A?.channel_id??A?.channel??$[1],w=typeof O==="string"&&O?O:"slack";return{channel:w.startsWith("#")?w:`#${w}`,url:Y}}var O5,m$z=1e4,B$z;var HB1=y(()=>{q8();bq();AB1();gK();Vw6();Q5();s6();U7();by8();jB1();l8();O5=O6(D6(),1);B$z=/^https:\/\/[a-z0-9-]+\.slack\.com\/archives\/([A-Z0-9]+)\/p\d+$/});var F$z,U$z,DL4;var fL4=y(()=>{x7();Bq();kw6();HB1();F$z=B6(()=>L.object({}).passthrough()),U$z=B6(()=>L.string().describe("MCP tool execution result")),DL4=sq({isMcp:!0,isOpenWorld(){return!1},name:"mcp",maxResultSizeChars:1e5,async description(){return wL4},async prompt(){return OL4},get inputSchema(){return F$z()},get outputSchema(){return U$z()},async call(){return{data:""}},async checkPermissions(){return{behavior:"passthrough",message:"MCPTool requires permission."}},renderToolUseMessage:PL4,userFacingName:()=>"mcp",renderToolUseProgressMessage:WL4,renderToolResultMessage:my8,isResultTruncated(q){return UC(q)},mapToolResultToToolResultBlockParam(q,K){return{tool_use_id:K,type:"tool_result",content:q}}})});function Q$z(q,K){return function(_,z){if(_==null)return _;if(!op(_))return q(_,z);var Y=_.length,$=K?Y:-1,A=Object(_);while(K?$--:++$<Y)if(z(A[$],$,A)===!1)break;return _}}var ZL4;var GL4=y(()=>{kX6();ZL4=Q$z});var d$z,py8;var JB1=y(()=>{lp1();GL4();d$z=ZL4(Dy8),py8=d$z});function c$z(q,K){var _=[];return py8(q,function(z,Y,$){if(K(z,Y,$))_.push(z)}),_}var TL4;var vL4=y(()=>{JB1();TL4=c$z});function n$z(q){if(typeof q!="function")throw TypeError(l$z);return function(){var K=arguments;switch(K.length){case 0:return!q.call(this);case 1:return!q.call(this,K[0]);case 2:return!q.call(this,K[0],K[1]);case 3:return!q.call(this,K[0],K[1],K[2])}return!q.apply(this,K)}}var l$z="Expected a function",kL4;var VL4=y(()=>{kL4=n$z});function i$z(q,K){var _=MA(q)?k58:TL4;return _(q,kL4(oR(K,3)))}var D0;var By8=y(()=>{Gn8();vL4();U36();yT();VL4();D0=i$z});var MB1=m((t$z)=>{function NL4(){var q={};return q["align-content"]=!1,q["align-items"]=!1,q["align-self"]=!1,q["alignment-adjust"]=!1,q["alignment-baseline"]=!1,q.all=!1,q["anchor-point"]=!1,q.animation=!1,q["animation-delay"]=!1,q["animation-direction"]=!1,q["animation-duration"]=!1,q["animation-fill-mode"]=!1,q["animation-iteration-count"]=!1,q["animation-name"]=!1,q["animation-play-state"]=!1,q["animation-timing-function"]=!1,q.azimuth=!1,q["backface-visibility"]=!1,q.background=!0,q["background-attachment"]=!0,q["background-clip"]=!0,q["background-color"]=!0,q["background-image"]=!0,q["background-origin"]=!0,q["background-position"]=!0,q["background-repeat"]=!0,q["background-size"]=!0,q["baseline-shift"]=!1,q.binding=!1,q.bleed=!1,q["bookmark-label"]=!1,q["bookmark-level"]=!1,q["bookmark-state"]=!1,q.border=!0,q["border-bottom"]=!0,q["border-bottom-color"]=!0,q["border-bottom-left-radius"]=!0,q["border-bottom-right-radius"]=!0,q["border-bottom-style"]=!0,q["border-bottom-width"]=!0,q["border-collapse"]=!0,q["border-color"]=!0,q["border-image"]=!0,q["border-image-outset"]=!0,q["border-image-repeat"]=!0,q["border-image-slice"]=!0,q["border-image-source"]=!0,q["border-image-width"]=!0,q["border-left"]=!0,q["border-left-color"]=!0,q["border-left-style"]=!0,q["border-left-width"]=!0,q["border-radius"]=!0,q["border-right"]=!0,q["border-right-color"]=!0,q["border-right-style"]=!0,q["border-right-width"]=!0,q["border-spacing"]=!0,q["border-style"]=!0,q["border-top"]=!0,q["border-top-color"]=!0,q["border-top-left-radius"]=!0,q["border-top-right-radius"]=!0,q["border-top-style"]=!0,q["border-top-width"]=!0,q["border-width"]=!0,q.bottom=!1,q["box-decoration-break"]=!0,q["box-shadow"]=!0,q["box-sizing"]=!0,q["box-snap"]=!0,q["box-suppress"]=!0,q["break-after"]=!0,q["break-before"]=!0,q["break-inside"]=!0,q["caption-side"]=!1,q.chains=!1,q.clear=!0,q.clip=!1,q["clip-path"]=!1,q["clip-rule"]=!1,q.color=!0,q["color-interpolation-filters"]=!0,q["column-count"]=!1,q["column-fill"]=!1,q["column-gap"]=!1,q["column-rule"]=!1,q["column-rule-color"]=!1,q["column-rule-style"]=!1,q["column-rule-width"]=!1,q["column-span"]=!1,q["column-width"]=!1,q.columns=!1,q.contain=!1,q.content=!1,q["counter-increment"]=!1,q["counter-reset"]=!1,q["counter-set"]=!1,q.crop=!1,q.cue=!1,q["cue-after"]=!1,q["cue-before"]=!1,q.cursor=!1,q.direction=!1,q.display=!0,q["display-inside"]=!0,q["display-list"]=!0,q["display-outside"]=!0,q["dominant-baseline"]=!1,q.elevation=!1,q["empty-cells"]=!1,q.filter=!1,q.flex=!1,q["flex-basis"]=!1,q["flex-direction"]=!1,q["flex-flow"]=!1,q["flex-grow"]=!1,q["flex-shrink"]=!1,q["flex-wrap"]=!1,q.float=!1,q["float-offset"]=!1,q["flood-color"]=!1,q["flood-opacity"]=!1,q["flow-from"]=!1,q["flow-into"]=!1,q.font=!0,q["font-family"]=!0,q["font-feature-settings"]=!0,q["font-kerning"]=!0,q["font-language-override"]=!0,q["font-size"]=!0,q["font-size-adjust"]=!0,q["font-stretch"]=!0,q["font-style"]=!0,q["font-synthesis"]=!0,q["font-variant"]=!0,q["font-variant-alternates"]=!0,q["font-variant-caps"]=!0,q["font-variant-east-asian"]=!0,q["font-variant-ligatures"]=!0,q["font-variant-numeric"]=!0,q["font-variant-position"]=!0,q["font-weight"]=!0,q.grid=!1,q["grid-area"]=!1,q["grid-auto-columns"]=!1,q["grid-auto-flow"]=!1,q["grid-auto-rows"]=!1,q["grid-column"]=!1,q["grid-column-end"]=!1,q["grid-column-start"]=!1,q["grid-row"]=!1,q["grid-row-end"]=!1,q["grid-row-start"]=!1,q["grid-template"]=!1,q["grid-template-areas"]=!1,q["grid-template-columns"]=!1,q["grid-template-rows"]=!1,q["hanging-punctuation"]=!1,q.height=!0,q.hyphens=!1,q.icon=!1,q["image-orientation"]=!1,q["image-resolution"]=!1,q["ime-mode"]=!1,q["initial-letters"]=!1,q["inline-box-align"]=!1,q["justify-content"]=!1,q["justify-items"]=!1,q["justify-self"]=!1,q.left=!1,q["letter-spacing"]=!0,q["lighting-color"]=!0,q["line-box-contain"]=!1,q["line-break"]=!1,q["line-grid"]=!1,q["line-height"]=!1,q["line-snap"]=!1,q["line-stacking"]=!1,q["line-stacking-ruby"]=!1,q["line-stacking-shift"]=!1,q["line-stacking-strategy"]=!1,q["list-style"]=!0,q["list-style-image"]=!0,q["list-style-position"]=!0,q["list-style-type"]=!0,q.margin=!0,q["margin-bottom"]=!0,q["margin-left"]=!0,q["margin-right"]=!0,q["margin-top"]=!0,q["marker-offset"]=!1,q["marker-side"]=!1,q.marks=!1,q.mask=!1,q["mask-box"]=!1,q["mask-box-outset"]=!1,q["mask-box-repeat"]=!1,q["mask-box-slice"]=!1,q["mask-box-source"]=!1,q["mask-box-width"]=!1,q["mask-clip"]=!1,q["mask-image"]=!1,q["mask-origin"]=!1,q["mask-position"]=!1,q["mask-repeat"]=!1,q["mask-size"]=!1,q["mask-source-type"]=!1,q["mask-type"]=!1,q["max-height"]=!0,q["max-lines"]=!1,q["max-width"]=!0,q["min-height"]=!0,q["min-width"]=!0,q["move-to"]=!1,q["nav-down"]=!1,q["nav-index"]=!1,q["nav-left"]=!1,q["nav-right"]=!1,q["nav-up"]=!1,q["object-fit"]=!1,q["object-position"]=!1,q.opacity=!1,q.order=!1,q.orphans=!1,q.outline=!1,q["outline-color"]=!1,q["outline-offset"]=!1,q["outline-style"]=!1,q["outline-width"]=!1,q.overflow=!1,q["overflow-wrap"]=!1,q["overflow-x"]=!1,q["overflow-y"]=!1,q.padding=!0,q["padding-bottom"]=!0,q["padding-left"]=!0,q["padding-right"]=!0,q["padding-top"]=!0,q.page=!1,q["page-break-after"]=!1,q["page-break-before"]=!1,q["page-break-inside"]=!1,q["page-policy"]=!1,q.pause=!1,q["pause-after"]=!1,q["pause-before"]=!1,q.perspective=!1,q["perspective-origin"]=!1,q.pitch=!1,q["pitch-range"]=!1,q["play-during"]=!1,q.position=!1,q["presentation-level"]=!1,q.quotes=!1,q["region-fragment"]=!1,q.resize=!1,q.rest=!1,q["rest-after"]=!1,q["rest-before"]=!1,q.richness=!1,q.right=!1,q.rotation=!1,q["rotation-point"]=!1,q["ruby-align"]=!1,q["ruby-merge"]=!1,q["ruby-position"]=!1,q["shape-image-threshold"]=!1,q["shape-outside"]=!1,q["shape-margin"]=!1,q.size=!1,q.speak=!1,q["speak-as"]=!1,q["speak-header"]=!1,q["speak-numeral"]=!1,q["speak-punctuation"]=!1,q["speech-rate"]=!1,q.stress=!1,q["string-set"]=!1,q["tab-size"]=!1,q["table-layout"]=!1,q["text-align"]=!0,q["text-align-last"]=!0,q["text-combine-upright"]=!0,q["text-decoration"]=!0,q["text-decoration-color"]=!0,q["text-decoration-line"]=!0,q["text-decoration-skip"]=!0,q["text-decoration-style"]=!0,q["text-emphasis"]=!0,q["text-emphasis-color"]=!0,q["text-emphasis-position"]=!0,q["text-emphasis-style"]=!0,q["text-height"]=!0,q["text-indent"]=!0,q["text-justify"]=!0,q["text-orientation"]=!0,q["text-overflow"]=!0,q["text-shadow"]=!0,q["text-space-collapse"]=!0,q["text-transform"]=!0,q["text-underline-position"]=!0,q["text-wrap"]=!0,q.top=!1,q.transform=!1,q["transform-origin"]=!1,q["transform-style"]=!1,q.transition=!1,q["transition-delay"]=!1,q["transition-duration"]=!1,q["transition-property"]=!1,q["transition-timing-function"]=!1,q["unicode-bidi"]=!1,q["vertical-align"]=!1,q.visibility=!1,q["voice-balance"]=!1,q["voice-duration"]=!1,q["voice-family"]=!1,q["voice-pitch"]=!1,q["voice-range"]=!1,q["voice-rate"]=!1,q["voice-stress"]=!1,q["voice-volume"]=!1,q.volume=!1,q["white-space"]=!1,q.widows=!1,q.width=!0,q["will-change"]=!1,q["word-break"]=!0,q["word-spacing"]=!0,q["word-wrap"]=!0,q["wrap-flow"]=!1,q["wrap-through"]=!1,q["writing-mode"]=!1,q["z-index"]=!1,q}function r$z(q,K,_){}function o$z(q,K,_){}var a$z=/javascript\s*\:/img;function s$z(q,K){if(a$z.test(K))return"";return K}t$z.whiteList=NL4();t$z.getDefaultWhiteList=NL4;t$z.onAttr=r$z;t$z.onIgnoreAttr=o$z;t$z.safeAttrValue=s$z});var XB1=m((MOO,yL4)=>{yL4.exports={indexOf:function(q,K){var _,z;if(Array.prototype.indexOf)return q.indexOf(K);for(_=0,z=q.length;_<z;_++)if(q[_]===K)return _;return-1},forEach:function(q,K,_){var z,Y;if(Array.prototype.forEach)return q.forEach(K,_);for(z=0,Y=q.length;z<Y;z++)K.call(_,q[z],z,q)},trim:function(q){if(String.prototype.trim)return q.trim();return q.replace(/(^\s*)|(\s*$)/g,"")},trimRight:function(q){if(String.prototype.trimRight)return q.trimRight();return q.replace(/(\s*$)/g,"")}}});var LL4=m((XOO,EL4)=>{var to6=XB1();function YAz(q,K){if(q=to6.trimRight(q),q[q.length-1]!==";")q+=";";var _=q.length,z=!1,Y=0,$=0,A="";function O(){if(!z){var H=to6.trim(q.slice(Y,$)),J=H.indexOf(":");if(J!==-1){var M=to6.trim(H.slice(0,J)),X=to6.trim(H.slice(J+1));if(M){var P=K(Y,A.length,M,X,H);if(P)A+=P+"; "}}}Y=$+1}for(;$<_;$++){var w=q[$];if(w==="/"&&q[$+1]==="*"){var j=q.indexOf("*/",$+2);if(j===-1)break;$=j+1,Y=$+1,z=!1}else if(w==="(")z=!0;else if(w===")")z=!1;else if(w===";")if(z);else O();else if(w===`
1788`)O()}return to6.trim(A)}EL4.exports=YAz});var CL4=m((WOO,SL4)=>{var gy8=MB1(),$Az=LL4(),POO=XB1();function RL4(q){return q===void 0||q===null}function AAz(q){var K={};for(var _ in q)K[_]=q[_];return K}function hL4(q){q=AAz(q||{}),q.whiteList=q.whiteList||gy8.whiteList,q.onAttr=q.onAttr||gy8.onAttr,q.onIgnoreAttr=q.onIgnoreAttr||gy8.onIgnoreAttr,q.safeAttrValue=q.safeAttrValue||gy8.safeAttrValue,this.options=q}hL4.prototype.process=function(q){if(q=q||"",q=q.toString(),!q)return"";var K=this,_=K.options,z=_.whiteList,Y=_.onAttr,$=_.onIgnoreAttr,A=_.safeAttrValue,O=$Az(q,function(w,j,H,J,M){var X=z[H],P=!1;if(X===!0)P=X;else if(typeof X==="function")P=X(J);else if(X instanceof RegExp)P=X.test(J);if(P!==!0)P=!1;if(J=A(H,J),!J)return;var W={position:j,sourcePosition:w,source:M,isWhite:P};if(P){var D=Y(H,J,W);if(RL4(D))return H+":"+J;else return D}else{var D=$(H,J,W);if(!RL4(D))return D}});return O};SL4.exports=hL4});var Qy8=m((Uy8,PB1)=>{var bL4=MB1(),xL4=CL4();function OAz(q,K){var _=new xL4(K);return _.process(q)}Uy8=PB1.exports=OAz;Uy8.FilterCSS=xL4;for(Fy8 in bL4)Uy8[Fy8]=bL4[Fy8];var Fy8;if(typeof window<"u")window.filterCSS=PB1.exports});var dy8=m((DOO,IL4)=>{IL4.exports={indexOf:function(q,K){var _,z;if(Array.prototype.indexOf)return q.indexOf(K);for(_=0,z=q.length;_<z;_++)if(q[_]===K)return _;return-1},forEach:function(q,K,_){var z,Y;if(Array.prototype.forEach)return q.forEach(K,_);for(z=0,Y=q.length;z<Y;z++)K.call(_,q[z],z,q)},trim:function(q){if(String.prototype.trim)return q.trim();return q.replace(/(^\s*)|(\s*$)/g,"")},spaceIndex:function(q){var K=/\s|\n|\t/,_=K.exec(q);return _?_.index:-1}}});var WB1=m((EAz)=>{var wAz=Qy8().FilterCSS,jAz=Qy8().getDefaultWhiteList,ly8=dy8();function pL4(){return{a:["target","href","title"],abbr:["title"],address:[],area:["shape","coords","href","alt"],article:[],aside:[],audio:["autoplay","controls","crossorigin","loop","muted","preload","src"],b:[],bdi:["dir"],bdo:["dir"],big:[],blockquote:["cite"],br:[],caption:[],center:[],cite:[],code:[],col:["align","valign","span","width"],colgroup:["align","valign","span","width"],dd:[],del:["datetime"],details:["open"],div:[],dl:[],dt:[],em:[],figcaption:[],figure:[],font:["color","size","face"],footer:[],h1:[],h2:[],h3:[],h4:[],h5:[],h6:[],header:[],hr:[],i:[],img:["src","alt","title","width","height","loading"],ins:["datetime"],kbd:[],li:[],mark:[],nav:[],ol:[],p:[],pre:[],s:[],section:[],small:[],span:[],sub:[],summary:[],sup:[],strong:[],strike:[],table:["width","border","align","valign"],tbody:["align","valign"],td:["width","rowspan","colspan","align","valign"],tfoot:["align","valign"],th:["width","rowspan","colspan","align","valign"],thead:["align","valign"],tr:["rowspan","align","valign"],tt:[],u:[],ul:[],video:["autoplay","controls","crossorigin","loop","muted","playsinline","poster","preload","src","height","width"]}}var BL4=new wAz;function HAz(q,K,_){}function JAz(q,K,_){}function MAz(q,K,_){}function XAz(q,K,_){}function gL4(q){return q.replace(WAz,"&lt;").replace(DAz,"&gt;")}function PAz(q,K,_,z){if(_=lL4(_),K==="href"||K==="src"){if(_=ly8.trim(_),_==="#")return"#";if(!(_.substr(0,7)==="http://"||_.substr(0,8)==="https://"||_.substr(0,7)==="mailto:"||_.substr(0,4)==="tel:"||_.substr(0,11)==="data:image/"||_.substr(0,6)==="ftp://"||_.substr(0,2)==="./"||_.substr(0,3)==="../"||_[0]==="#"||_[0]==="/"))return""}else if(K==="background"){if(cy8.lastIndex=0,cy8.test(_))return""}else if(K==="style"){if(uL4.lastIndex=0,uL4.test(_))return"";if(mL4.lastIndex=0,mL4.test(_)){if(cy8.lastIndex=0,cy8.test(_))return""}if(z!==!1)z=z||BL4,_=z.process(_)}return _=nL4(_),_}var WAz=/</g,DAz=/>/g,fAz=/"/g,ZAz=/&quot;/g,GAz=/&#([a-zA-Z0-9]*);?/gim,TAz=/&colon;?/gim,vAz=/&newline;?/gim,cy8=/((j\s*a\s*v\s*a|v\s*b|l\s*i\s*v\s*e)\s*s\s*c\s*r\s*i\s*p\s*t\s*|m\s*o\s*c\s*h\s*a):/gi,uL4=/e\s*x\s*p\s*r\s*e\s*s\s*s\s*i\s*o\s*n\s*\(.*/gi,mL4=/u\s*r\s*l\s*\(.*/gi;function FL4(q){return q.replace(fAz,"&quot;")}function UL4(q){return q.replace(ZAz,'"')}function QL4(q){return q.replace(GAz,function(_,z){return z[0]==="x"||z[0]==="X"?String.fromCharCode(parseInt(z.substr(1),16)):String.fromCharCode(parseInt(z,10))})}function dL4(q){return q.replace(TAz,":").replace(vAz," ")}function cL4(q){var K="";for(var _=0,z=q.length;_<z;_++)K+=q.charCodeAt(_)<32?" ":q.charAt(_);return ly8.trim(K)}function lL4(q){return q=UL4(q),q=QL4(q),q=dL4(q),q=cL4(q),q}function nL4(q){return q=FL4(q),q=gL4(q),q}function kAz(){return""}function VAz(q,K){if(typeof K!=="function")K=function(){};var _=!Array.isArray(q);function z(A){if(_)return!0;return ly8.indexOf(q,A)!==-1}var Y=[],$=!1;return{onIgnoreTag:function(A,O,w){if(z(A))if(w.isClosing){var j="[/removed]",H=w.position+j.length;return Y.push([$!==!1?$:w.position,H]),$=!1,j}else{if(!$)$=w.position;return"[removed]"}else return K(A,O,w)},remove:function(A){var O="",w=0;return ly8.forEach(Y,function(j){O+=A.slice(w,j[0]),w=j[1]}),O+=A.slice(w),O}}}function NAz(q){var K="",_=0;while(_<q.length){var z=q.indexOf("<!--",_);if(z===-1){K+=q.slice(_);break}K+=q.slice(_,z);var Y=q.indexOf("-->",z);if(Y===-1)break;_=Y+3}return K}function yAz(q){var K=q.split("");return K=K.filter(function(_){var z=_.charCodeAt(0);if(z===127)return!1;if(z<=31){if(z===10||z===13)return!0;return!1}return!0}),K.join("")}EAz.whiteList=pL4();EAz.getDefaultWhiteList=pL4;EAz.onTag=HAz;EAz.onIgnoreTag=JAz;EAz.onTagAttr=MAz;EAz.onIgnoreTagAttr=XAz;EAz.safeAttrValue=PAz;EAz.escapeHtml=gL4;EAz.escapeQuote=FL4;EAz.unescapeQuote=UL4;EAz.escapeHtmlEntities=QL4;EAz.escapeDangerHtml5Entities=dL4;EAz.clearNonPrintableCharacter=cL4;EAz.friendlyAttrValue=lL4;EAz.escapeAttrValue=nL4;EAz.onIgnoreTagStripAll=kAz;EAz.StripTagBody=VAz;EAz.stripCommentTag=NAz;EAz.stripBlankChar=yAz;EAz.attributeWrapSign='"';EAz.cssFilter=BL4;EAz.getDefaultCSSWhiteList=jAz});var DB1=m((YOz)=>{var Sq6=dy8();function oAz(q){var K=Sq6.spaceIndex(q),_;if(K===-1)_=q.slice(1,-1);else _=q.slice(1,K+1);if(_=Sq6.trim(_).toLowerCase(),_.slice(0,1)==="/")_=_.slice(1);if(_.slice(-1)==="/")_=_.slice(0,-1);return _}function aAz(q){return q.slice(0,2)==="</"}function sAz(q,K,_){var z="",Y=0,$=!1,A=!1,O=0,w=q.length,j="",H="";q:for(O=0;O<w;O++){var J=q.charAt(O);if($===!1){if(J==="<"){$=O;continue}}else if(A===!1){if(J==="<"){z+=_(q.slice(Y,O)),$=O,Y=O;continue}if(J===">"||O===w-1){z+=_(q.slice(Y,$)),H=q.slice($,O+1),j=oAz(H),z+=K($,z.length,j,H,aAz(H)),Y=O+1,$=!1;continue}if(J==='"'||J==="'"){var M=1,X=q.charAt(O-M);while(X.trim()===""||X==="="){if(X==="="){A=J;continue q}X=q.charAt(O-++M)}}}else if(J===A){A=!1;continue}}if(Y<w)z+=_(q.substr(Y));return z}var tAz=/[^a-zA-Z0-9\\_:.-]/gim;function eAz(q,K){var _=0,z=0,Y=[],$=!1,A=q.length;function O(M,X){if(M=Sq6.trim(M),M=M.replace(tAz,"").toLowerCase(),M.length<1)return;var P=K(M,X||"");if(P)Y.push(P)}for(var w=0;w<A;w++){var j=q.charAt(w),H,J;if($===!1&&j==="="){$=q.slice(_,w),_=w+1,z=q.charAt(_)==='"'||q.charAt(_)==="'"?_:KOz(q,w+1);continue}if($!==!1){if(w===z)if(J=q.indexOf(j,w+1),J===-1)break;else{H=Sq6.trim(q.slice(z+1,J)),O($,H),$=!1,w=J,_=w+1;continue}}if(/\s|\n|\t/.test(j))if(q=q.replace(/\s|\n|\t/g," "),$===!1)if(J=qOz(q,w),J===-1){H=Sq6.trim(q.slice(_,w)),O(H),$=!1,_=w+1;continue}else{w=J-1;continue}else if(J=_Oz(q,w-1),J===-1){H=Sq6.trim(q.slice(_,w)),H=iL4(H),O($,H),$=!1,_=w+1;continue}else continue}if(_<q.length)if($===!1)O(q.slice(_));else O($,iL4(Sq6.trim(q.slice(_))));return Sq6.trim(Y.join(" "))}function qOz(q,K){for(;K<q.length;K++){var _=q[K];if(_===" ")continue;if(_==="=")return K;return-1}}function KOz(q,K){for(;K<q.length;K++){var _=q[K];if(_===" ")continue;if(_==="'"||_==='"')return K;return-1}}function _Oz(q,K){for(;K>0;K--){var _=q[K];if(_===" ")continue;if(_==="=")return K;return-1}}function zOz(q){if(q[0]==='"'&&q[q.length-1]==='"'||q[0]==="'"&&q[q.length-1]==="'")return!0;else return!1}function iL4(q){if(zOz(q))return q.substr(1,q.length-2);else return q}YOz.parseTag=sAz;YOz.parseAttr=eAz});var sL4=m((GOO,aL4)=>{var OOz=Qy8().FilterCSS,QC=WB1(),rL4=DB1(),wOz=rL4.parseTag,jOz=rL4.parseAttr,iy8=dy8();function ny8(q){return q===void 0||q===null}function HOz(q){var K=iy8.spaceIndex(q);if(K===-1)return{html:"",closing:q[q.length-2]==="/"};q=iy8.trim(q.slice(K+1,-1));var _=q[q.length-1]==="/";if(_)q=iy8.trim(q.slice(0,-1));return{html:q,closing:_}}function JOz(q){var K={};for(var _ in q)K[_]=q[_];return K}function MOz(q){var K={};for(var _ in q)if(Array.isArray(q[_]))K[_.toLowerCase()]=q[_].map(function(z){return z.toLowerCase()});else K[_.toLowerCase()]=q[_];return K}function oL4(q){if(q=JOz(q||{}),q.stripIgnoreTag){if(q.onIgnoreTag)console.error('Notes: cannot use these two options "stripIgnoreTag" and "onIgnoreTag" at the same time');q.onIgnoreTag=QC.onIgnoreTagStripAll}if(q.whiteList||q.allowList)q.whiteList=MOz(q.whiteList||q.allowList);else q.whiteList=QC.whiteList;if(this.attributeWrapSign=q.singleQuotedAttributeValue===!0?"'":QC.attributeWrapSign,q.onTag=q.onTag||QC.onTag,q.onTagAttr=q.onTagAttr||QC.onTagAttr,q.onIgnoreTag=q.onIgnoreTag||QC.onIgnoreTag,q.onIgnoreTagAttr=q.onIgnoreTagAttr||QC.onIgnoreTagAttr,q.safeAttrValue=q.safeAttrValue||QC.safeAttrValue,q.escapeHtml=q.escapeHtml||QC.escapeHtml,this.options=q,q.css===!1)this.cssFilter=!1;else q.css=q.css||{},this.cssFilter=new OOz(q.css)}oL4.prototype.process=function(q){if(q=q||"",q=q.toString(),!q)return"";var K=this,_=K.options,z=_.whiteList,Y=_.onTag,$=_.onIgnoreTag,A=_.onTagAttr,O=_.onIgnoreTagAttr,w=_.safeAttrValue,j=_.escapeHtml,H=K.attributeWrapSign,J=K.cssFilter;if(_.stripBlankChar)q=QC.stripBlankChar(q);if(!_.allowCommentTag)q=QC.stripCommentTag(q);var M=!1;if(_.stripIgnoreTagBody)M=QC.StripTagBody(_.stripIgnoreTagBody,$),$=M.onIgnoreTag;var X=wOz(q,function(P,W,D,f,G){var Z={sourcePosition:P,position:W,isClosing:G,isWhite:Object.prototype.hasOwnProperty.call(z,D)},T=Y(D,f,Z);if(!ny8(T))return T;if(Z.isWhite){if(Z.isClosing)return"</"+D+">";var v=HOz(f),V=z[D],E=jOz(v.html,function(S,R){var x=iy8.indexOf(V,S)!==-1,I=A(D,S,R,x);if(!ny8(I))return I;if(x)if(R=w(D,S,R,J),R)return S+"="+H+R+H;else return S;else{if(I=O(D,S,R,x),!ny8(I))return I;return}});if(f="<"+D,E)f+=" "+E;if(v.closing)f+=" /";return f+=">",f}else{if(T=$(D,f,Z),!ny8(T))return T;return j(f)}},j);if(M)X=M.remove(X);return X};aL4.exports=oL4});var fB1=m((zN6,ry8)=>{var tL4=WB1(),eL4=DB1(),qR4=sL4();function KR4(q,K){var _=new qR4(K);return _.process(q)}zN6=ry8.exports=KR4;zN6.filterXSS=KR4;zN6.FilterXSS=qR4;(function(){for(var q in tL4)zN6[q]=tL4[q];for(var K in eL4)zN6[K]=eL4[K]})();if(typeof window<"u")window.filterXSS=ry8.exports;function XOz(){return typeof self<"u"&&typeof DedicatedWorkerGlobalScope<"u"&&self instanceof DedicatedWorkerGlobalScope}if(XOz())self.filterXSS=ry8.exports});function POz(q){let K;try{K=new URL(q)}catch(_){throw Error(`Invalid URL format: ${q}`)}if(K.protocol!=="http:"&&K.protocol!=="https:")throw Error(`Invalid URL protocol: must use http:// or https://, got ${K.protocol}`)}async function YN6(q){try{let K=process.platform;if(K==="win32"){let{code:Y}=await a8("explorer",[q]);return Y===0}let _=K==="darwin"?"open":"xdg-open",{code:z}=await a8(_,[q]);return z===0}catch(K){return!1}}async function m3(q){try{POz(q);let K=process.env.BROWSER,_=process.platform;if(_==="win32"){if(K){let{code:Y}=await a8(K,[`"${q}"`]);return Y===0}let{code:z}=await a8("rundll32",["url,OpenURL",q],{});return z===0}else{let z=K||(_==="darwin"?"open":"xdg-open"),{code:Y}=await a8(z,[q]);return Y===0}}catch(K){return!1}}var hH=y(()=>{XK()});import{createServer as _R4}from"http";function eo6(q=ZB1){return`http://localhost:${q}/callback`}function DOz(){let q=parseInt(process.env.MCP_OAUTH_CALLBACK_PORT||"",10);return q>0?q:void 0}async function oy8(){let q=DOz();if(q)return q;let{min:K,max:_}=WOz,z=_-K+1,Y=Math.min(z,100);for(let $=0;$<Y;$++){let A=K+Math.floor(Math.random()*z);try{return await new Promise((O,w)=>{let j=_R4();j.once("error",w),j.listen(A,()=>{j.close(()=>O())})}),A}catch{continue}}try{return await new Promise(($,A)=>{let O=_R4();O.once("error",A),O.listen(ZB1,()=>{O.close(()=>$())})}),ZB1}catch{throw Error("No available ports for OAuth redirect")}}var WOz,ZB1=3118;var GB1=y(()=>{vK();WOz=Z1()==="windows"?{min:39152,max:49151}:{min:49152,max:65535}});import{readdirSync as fOz}from"fs";import{stat as zR4}from"fs/promises";import{homedir as TB1,platform as YR4,tmpdir as ZOz,userInfo as GOz}from"os";import{join as dC}from"path";function $R4(){let q=Z1(),K=TB1(),_=[];for(let z of sy8){let Y=qa6[z],$;switch(q){case"macos":$=Y.macos.dataPath;break;case"linux":case"wsl":$=Y.linux.dataPath;break;case"windows":{if(Y.windows.dataPath.length>0){let A=Y.windows.useRoaming?dC(K,"AppData","Roaming"):dC(K,"AppData","Local");_.push({browser:z,path:dC(A,...Y.windows.dataPath)})}continue}}if($&&$.length>0)_.push({browser:z,path:dC(K,...$)})}return _}function AR4(){let q=Z1(),K=TB1(),_=[];for(let z of sy8){let Y=qa6[z];switch(q){case"macos":if(Y.macos.nativeMessagingPath.length>0)_.push({browser:z,path:dC(K,...Y.macos.nativeMessagingPath)});break;case"linux":case"wsl":if(Y.linux.nativeMessagingPath.length>0)_.push({browser:z,path:dC(K,...Y.linux.nativeMessagingPath)});break;case"windows":break}}return _}function OR4(){let q=[];for(let K of sy8){let _=qa6[K];if(_.windows.registryKey)q.push({browser:K,key:_.windows.registryKey})}return q}async function TOz(){let q=Z1();for(let K of sy8){let _=qa6[K];switch(q){case"macos":{let z=`/Applications/${_.macos.appName}.app`;try{if((await zR4(z)).isDirectory())return N(`[Claude in Chrome] Detected browser: ${_.name}`),K}catch(Y){if(!e3(Y))throw Y}break}case"wsl":case"linux":{for(let z of _.linux.binaries)if(await TO(z).catch(()=>null))return N(`[Claude in Chrome] Detected browser: ${_.name}`),K;break}case"windows":{let z=TB1();if(_.windows.dataPath.length>0){let Y=_.windows.useRoaming?dC(z,"AppData","Roaming"):dC(z,"AppData","Local"),$=dC(Y,..._.windows.dataPath);try{if((await zR4($)).isDirectory())return N(`[Claude in Chrome] Detected browser: ${_.name}`),K}catch(A){if(!e3(A))throw A}}break}}}return null}function yw6(q){return Z2(q)===yN}function wR4(q){if(ay8.size>=vOz&&!ay8.has(q))ay8.clear();ay8.add(q)}async function ty8(q){let K=Z1(),_=await TOz();if(!_)return N("[Claude in Chrome] No compatible browser found"),!1;let z=qa6[_];switch(K){case"macos":{let{code:Y}=await a8("open",["-a",z.macos.appName,q]);return Y===0}case"windows":{let{code:Y}=await a8("rundll32",["url,OpenURL",q]);return Y===0}case"wsl":case"linux":{for(let Y of z.linux.binaries){let{code:$}=await a8(Y,[q]);if($===0)return!0}return!1}default:return!1}}function Ka6(){return`/tmp/claude-mcp-browser-bridge-${vB1()}`}function ey8(){if(YR4()==="win32")return`\\\\.\\pipe\\${HR4()}`;return dC(Ka6(),`${process.pid}.sock`)}function jR4(){if(YR4()==="win32")return[`\\\\.\\pipe\\${HR4()}`];let q=[],K=Ka6();try{let $=fOz(K);for(let A of $)if(A.endsWith(".sock"))q.push(dC(K,A))}catch{}let _=`claude-mcp-browser-bridge-${vB1()}`,z=dC(ZOz(),_),Y=`/tmp/${_}`;if(!q.includes(z))q.push(z);if(z!==Y&&!q.includes(Y))q.push(Y);return q}function HR4(){return`claude-mcp-browser-bridge-${vB1()}`}function vB1(){try{return GOz().username||"default"}catch{return process.env.USER||process.env.USERNAME||"default"}}var yN="claude-in-chrome",qa6,sy8,vOz=200,ay8;var cC=y(()=>{_8();y8();XK();vK();rk();qa6={chrome:{name:"Google Chrome",macos:{appName:"Google Chrome",dataPath:["Library","Application Support","Google","Chrome"],nativeMessagingPath:["Library","Application Support","Google","Chrome","NativeMessagingHosts"]},linux:{binaries:["google-chrome","google-chrome-stable"],dataPath:[".config","google-chrome"],nativeMessagingPath:[".config","google-chrome","NativeMessagingHosts"]},windows:{dataPath:["Google","Chrome","User Data"],registryKey:"HKCU\\Software\\Google\\Chrome\\NativeMessagingHosts"}},brave:{name:"Brave",macos:{appName:"Brave Browser",dataPath:["Library","Application Support","BraveSoftware","Brave-Browser"],nativeMessagingPath:["Library","Application Support","BraveSoftware","Brave-Browser","NativeMessagingHosts"]},linux:{binaries:["brave-browser","brave"],dataPath:[".config","BraveSoftware","Brave-Browser"],nativeMessagingPath:[".config","BraveSoftware","Brave-Browser","NativeMessagingHosts"]},windows:{dataPath:["BraveSoftware","Brave-Browser","User Data"],registryKey:"HKCU\\Software\\BraveSoftware\\Brave-Browser\\NativeMessagingHosts"}},arc:{name:"Arc",macos:{appName:"Arc",dataPath:["Library","Application Support","Arc","User Data"],nativeMessagingPath:["Library","Application Support","Arc","User Data","NativeMessagingHosts"]},linux:{binaries:[],dataPath:[],nativeMessagingPath:[]},windows:{dataPath:["Arc","User Data"],registryKey:"HKCU\\Software\\ArcBrowser\\Arc\\NativeMessagingHosts"}},chromium:{name:"Chromium",macos:{appName:"Chromium",dataPath:["Library","Application Support","Chromium"],nativeMessagingPath:["Library","Application Support","Chromium","NativeMessagingHosts"]},linux:{binaries:["chromium","chromium-browser"],dataPath:[".config","chromium"],nativeMessagingPath:[".config","chromium","NativeMessagingHosts"]},windows:{dataPath:["Chromium","User Data"],registryKey:"HKCU\\Software\\Chromium\\NativeMessagingHosts"}},edge:{name:"Microsoft Edge",macos:{appName:"Microsoft Edge",dataPath:["Library","Application Support","Microsoft Edge"],nativeMessagingPath:["Library","Application Support","Microsoft Edge","NativeMessagingHosts"]},linux:{binaries:["microsoft-edge","microsoft-edge-stable"],dataPath:[".config","microsoft-edge"],nativeMessagingPath:[".config","microsoft-edge","NativeMessagingHosts"]},windows:{dataPath:["Microsoft","Edge","User Data"],registryKey:"HKCU\\Software\\Microsoft\\Edge\\NativeMessagingHosts"}},vivaldi:{name:"Vivaldi",macos:{appName:"Vivaldi",dataPath:["Library","Application Support","Vivaldi"],nativeMessagingPath:["Library","Application Support","Vivaldi","NativeMessagingHosts"]},linux:{binaries:["vivaldi","vivaldi-stable"],dataPath:[".config","vivaldi"],nativeMessagingPath:[".config","vivaldi","NativeMessagingHosts"]},windows:{dataPath:["Vivaldi","User Data"],registryKey:"HKCU\\Software\\Vivaldi\\NativeMessagingHosts"}},opera:{name:"Opera",macos:{appName:"Opera",dataPath:["Library","Application Support","com.operasoftware.Opera"],nativeMessagingPath:["Library","Application Support","com.operasoftware.Opera","NativeMessagingHosts"]},linux:{binaries:["opera"],dataPath:[".config","opera"],nativeMessagingPath:[".config","opera","NativeMessagingHosts"]},windows:{dataPath:["Opera Software","Opera Stable"],registryKey:"HKCU\\Software\\Opera Software\\Opera Stable\\NativeMessagingHosts",useRoaming:!0}}},sy8=["chrome","brave","arc","edge","chromium","vivaldi","opera"];ay8=new Set});function $N6(q){let K=[];return{expanded:q.replace(/\$\{([^}]+)\}/g,(z,Y)=>{let[$,A]=Y.split(":-",2),O=process.env[$];if(O!==void 0)return O;if(A!==void 0)return A;return K.push($),z}),missingVars:K}}import{join as kOz}from"path";async function JR4(q,K,_){try{N(`Loading MCP servers from MCPB: ${K}`);let z=q.repository,Y=await Bi6(K,q.path,z,(O)=>{N(`MCPB [${q.name}]: ${O}`)});if("status"in Y&&Y.status==="needs-config")return N(`MCPB ${K} requires user configuration. `+`User can configure via: /plugin → Manage plugins → ${q.name} → Configure`),null;let $=Y,A=$.manifest.name;return N(`Loaded MCP server "${A}" from MCPB (extracted to ${$.extractedPath})`),{[A]:$.mcpConfig}}catch(z){let Y=d6(z);N(`Failed to load MCPB ${K}: ${Y}`,{level:"error"});let $=`${q.name}@${q.repository}`;if(K.startsWith("http")&&(Y.includes("download")||Y.includes("network")))_.push({type:"mcpb-download-failed",source:$,plugin:q.name,url:K,reason:Y});else if(Y.includes("manifest")||Y.includes("user configuration"))_.push({type:"mcpb-invalid-manifest",source:$,plugin:q.name,mcpbPath:K,validationError:Y});else _.push({type:"mcpb-extract-failed",source:$,plugin:q.name,mcpbPath:K,reason:Y});return null}}async function Cq6(q,K=[]){let _={},z=await kB1(q.path,".mcp.json");if(z)_={..._,...z};if(q.manifest.mcpServers){let Y=q.manifest.mcpServers;if(typeof Y==="string")if(kC(Y)){let $=await JR4(q,Y,K);if($)_={..._,...$}}else{let $=await kB1(q.path,Y);if($)_={..._,...$}}else if(Array.isArray(Y)){let $=await Promise.all(Y.map(async(A)=>{try{if(typeof A==="string"){if(kC(A))return await JR4(q,A,K);return await kB1(q.path,A)}return A}catch(O){return N(`Failed to load MCP servers from spec for plugin ${q.name}: ${O}`,{level:"error"}),null}}));for(let A of $)if(A)_={..._,...A}}else _={..._,...Y}}return Object.keys(_).length>0?_:void 0}async function kB1(q,K){let _=X8(),z=kOz(q,K),Y;try{Y=await _.readFile(z,{encoding:"utf-8"})}catch($){if(_7($))return null;return N(`Failed to load MCP servers from ${z}: ${$}`,{level:"error"}),null}try{let $=r8(Y),A=$.mcpServers||$,O={};for(let[w,j]of Object.entries(A)){let H=hB().safeParse(j);if(H.success)O[w]=H.data;else N(`Invalid MCP server config for ${w} in ${z}: ${H.error.message}`,{level:"error"})}return O}catch($){return N(`Failed to load MCP servers from ${z}: ${$}`,{level:"error"}),null}}function MR4(q){let K=q.manifest.channels;if(!K||K.length===0)return[];let _=q.repository,z=[];for(let Y of K){if(!Y.userConfig||Object.keys(Y.userConfig).length===0)continue;let $=TO6(_,Y.server)??{};if(!vO6($,Y.userConfig).valid)z.push({server:Y.server,displayName:Y.displayName??Y.server,configSchema:Y.userConfig})}return z}function VOz(q,K){if(!q.manifest.channels?.find((z)=>z.server===K)?.userConfig)return;return TO6(q.repository,K)??void 0}function NOz(q,K,_){let z={};for(let[Y,$]of Object.entries(q)){let A=`plugin:${K}:${Y}`,O={...$,scope:"dynamic",pluginSource:_};z[A]=O}return z}function yOz(q,K){let _=q.manifest.userConfig?VG(Fi6(q)):void 0,z=VOz(q,K);if(!_&&!z)return;return{..._,...z}}function EOz(q,K,_,z,Y,$){let A=[],O=(j)=>{let H=dF(j,K);if(_)H=kk6(H,_);let{expanded:J,missingVars:M}=$N6(H);return A.push(...M),J},w;switch(q.type){case void 0:case"stdio":{let j={...q};if(j.command)j.command=O(j.command);if(j.args)j.args=j.args.map((J)=>O(J));let H={CLAUDE_PLUGIN_ROOT:K.path,CLAUDE_PLUGIN_DATA:ei(K.source),...j.env||{}};for(let[J,M]of Object.entries(H))if(J!=="CLAUDE_PLUGIN_ROOT"&&J!=="CLAUDE_PLUGIN_DATA")H[J]=O(M);j.env=H,w=j;break}case"sse":case"http":case"ws":{let j={...q};if(j.url)j.url=O(j.url);if(j.headers){let H={};for(let[J,M]of Object.entries(j.headers))H[J]=O(M);j.headers=H}w=j;break}case"sse-ide":case"ws-ide":case"sdk":case"claudeai-proxy":w=q;break}if(z&&A.length>0){let H=[...new Set(A)].join(", ");if(N(`Missing environment variables in plugin MCP config: ${H}`,{level:"warn"}),Y&&$)z.push({type:"mcp-config-invalid",source:`plugin:${Y}`,plugin:Y,serverName:$,validationError:`Missing environment variables: ${H}`})}return w}async function XR4(q,K=[]){if(!q.enabled)return;let _=q.mcpServers||await Cq6(q,K);if(!_)return;let z={};for(let[Y,$]of Object.entries(_)){let A=yOz(q,Y);try{z[Y]=EOz($,q,A,K,q.name,Y)}catch(O){K?.push({type:"generic-error",source:Y,plugin:q.name,error:d6(O)})}}return NOz(z,q.name,q.source)}var AN6=y(()=>{f_6();_8();y8();e7();l8();gi6();aV();mu()});function PR4(){Ew6.cache.clear?.(),qE8()}function VB1(q){b8((K)=>{let _=K.claudeAiMcpEverConnected??[];if(_.includes(q))return K;return{...K,claudeAiMcpEverConnected:[..._,q]}})}function NB1(q){return(j8().claudeAiMcpEverConnected??[]).includes(q)}var LOz=5000,ROz="mcp-servers-2025-12-04",Ew6;var ON6=y(()=>{CK();F4();H3();k8();G7();V1();_8();m8();PD();Ew6=_1(async()=>{try{if(k_(process.env.ENABLE_CLAUDEAI_MCP_SERVERS))return N("[claudeai-mcp] Disabled via env var"),d("tengu_claudeai_mcp_eligibility",{state:"disabled_env_var"}),{};let q=Kq();if(!q?.accessToken)return N("[claudeai-mcp] No access token"),d("tengu_claudeai_mcp_eligibility",{state:"no_oauth_token"}),{};if(!q.scopes?.includes("user:mcp_servers"))return N(`[claudeai-mcp] Missing user:mcp_servers scope (scopes=${q.scopes?.join(",")||"none"})`),d("tengu_claudeai_mcp_eligibility",{state:"missing_scope"}),{};let _=`${u7().BASE_API_URL}/v1/mcp_servers?limit=1000`;N(`[claudeai-mcp] Fetching from ${_}`);let z=await $1.get(_,{headers:{Authorization:`Bearer ${q.accessToken}`,"Content-Type":"application/json","anthropic-beta":ROz,"anthropic-version":"2023-06-01"},timeout:LOz}),Y={},$=new Set;for(let A of z.data.data){let O=`claude.ai ${A.display_name}`,w=O,j=Z2(w),H=1;while($.has(j))H++,w=`${O} (${H})`,j=Z2(w);$.add(j),Y[w]={type:"claudeai-proxy",url:A.url,id:A.id,scope:"claudeai"}}return N(`[claudeai-mcp] Fetched ${Object.keys(Y).length} servers`),d("tengu_claudeai_mcp_eligibility",{state:"eligible"}),Y}catch{return N("[claudeai-mcp] Fetch failed"),{}}})});import{chmod as SOz,open as COz,rename as bOz,stat as xOz,unlink as IOz}from"fs/promises";import{dirname as uOz,join as KE8,parse as mOz}from"path";function _E8(){return KE8(MP(),"managed-mcp.json")}function _a6(q,K){if(!q)return{};let _={};for(let[z,Y]of Object.entries(q))_[z]={...Y,scope:K};return _}async function fR4(q){let K=KE8(Z8(),".mcp.json"),_;try{_=(await xOz(K)).mode}catch($){if(s1($)!=="ENOENT")throw $}let z=`${K}.tmp.${process.pid}.${Date.now()}`,Y=await COz(z,"w",_??420);try{await Y.writeFile(g6(q,null,2),{encoding:"utf8"}),await Y.datasync()}finally{await Y.close()}try{if(_!==void 0)await SOz(z,_);await bOz(z,K)}catch($){try{await IOz(z)}catch{}throw $}}function LB1(q){if(q.type!==void 0&&q.type!=="stdio")return null;let K=q;return[K.command,...K.args??[]]}function ZR4(q,K){if(q.length!==K.length)return!1;return q.every((_,z)=>_===K[z])}function RB1(q){return"url"in q?q.url:null}function BOz(q){if(!pOz.some((K)=>q.includes(K)))return q;try{return new URL(q).searchParams.get("mcp_url")||q}catch{return q}}function Lw6(q){let K=LB1(q);if(K)return`stdio:${g6(K)}`;let _=RB1(q);if(_)return`url:${BOz(_)}`;return null}function gOz(q,K){let _=new Map;for(let[A,O]of Object.entries(K)){let w=Lw6(O);if(w&&!_.has(w))_.set(w,A)}let z={},Y=[],$=new Map;for(let[A,O]of Object.entries(q)){let w=Lw6(O);if(w===null){z[A]=O;continue}let j=_.get(w);if(j!==void 0){N(`Suppressing plugin MCP server "${A}": duplicates manually-configured "${j}"`),Y.push({name:A,duplicateOf:j});continue}let H=$.get(w);if(H!==void 0){N(`Suppressing plugin MCP server "${A}": duplicates earlier plugin server "${H}"`),Y.push({name:A,duplicateOf:H});continue}$.set(w,A),z[A]=O}return{servers:z,suppressed:Y}}function Ya6(q,K){let _=new Map;for(let[$,A]of Object.entries(K)){if(bG($))continue;let O=Lw6(A);if(O&&!_.has(O))_.set(O,$)}let z={},Y=[];for(let[$,A]of Object.entries(q)){let O=Lw6(A),w=O!==null?_.get(O):void 0;if(w!==void 0){N(`Suppressing claude.ai connector "${$}": duplicates manually-configured "${w}"`),Y.push({name:$,duplicateOf:w});continue}z[$]=A}return{servers:z,suppressed:Y}}function FOz(q){let _=q.replace(/[.+?^${}()|[\]\\]/g,"\\$&").replace(/\*/g,".*");return new RegExp(`^${_}$`)}function GR4(q,K){return FOz(K).test(q)}function UOz(){if(cOz())return v1("policySettings")??{};return N7()}function QOz(){return N7()}function TR4(q,K){let _=QOz();if(!_.deniedMcpServers)return!1;for(let z of _.deniedMcpServers)if(JD6(z)&&z.serverName===q)return!0;if(K){let z=LB1(K);if(z){for(let $ of _.deniedMcpServers)if(NA8($)&&ZR4($.serverCommand,z))return!0}let Y=RB1(K);if(Y){for(let $ of _.deniedMcpServers)if(yA8($)&&GR4(Y,$.serverUrl))return!0}}return!1}function wN6(q,K){if(TR4(q,K))return!1;let _=UOz();if(!_.allowedMcpServers)return!0;if(_.allowedMcpServers.length===0)return!1;let z=_.allowedMcpServers.some(NA8),Y=_.allowedMcpServers.some(yA8);if(K){let $=LB1(K),A=RB1(K);if($)if(z){for(let O of _.allowedMcpServers)if(NA8(O)&&ZR4(O.serverCommand,$))return!0;return!1}else{for(let O of _.allowedMcpServers)if(JD6(O)&&O.serverName===q)return!0;return!1}else if(A)if(Y){for(let O of _.allowedMcpServers)if(yA8(O)&&GR4(A,O.serverUrl))return!0;return!1}else{for(let O of _.allowedMcpServers)if(JD6(O)&&O.serverName===q)return!0;return!1}else{for(let O of _.allowedMcpServers)if(JD6(O)&&O.serverName===q)return!0;return!1}}for(let $ of _.allowedMcpServers)if(JD6($)&&$.serverName===q)return!0;return!1}function bq6(q){let K={},_=[];for(let[z,Y]of Object.entries(q)){let $=Y;if($.type==="sdk"||wN6(z,$))K[z]=Y;else _.push(z)}return{allowed:K,blocked:_}}function dOz(q){let K=[];function _(Y){let{expanded:$,missingVars:A}=$N6(Y);return K.push(...A),$}let z;switch(q.type){case void 0:case"stdio":{let Y=q;z={...Y,command:_(Y.command),args:Y.args.map(_),env:Y.env?NU(Y.env,_):void 0};break}case"sse":case"http":case"ws":{let Y=q;z={...Y,url:_(Y.url),headers:Y.headers?NU(Y.headers,_):void 0};break}case"sse-ide":case"ws-ide":z=q;break;case"sdk":z=q;break;case"claudeai-proxy":z=q;break}return{expanded:z,missingVars:[...new Set(K)]}}async function xq6(q,K,_){if(q.match(/[^a-zA-Z0-9_-]/))throw Error(`Invalid name ${q}. Names can only contain letters, numbers, hyphens, and underscores.`);if(yw6(q))throw Error(`Cannot add MCP server "${q}": this name is reserved.`);{let{isComputerUseMCPServer:$}=await Promise.resolve().then(() => (wi(),dG6));if($(q))throw Error(`Cannot add MCP server "${q}": this name is reserved.`)}if(uq6())throw Error("Cannot add MCP server: enterprise MCP configuration is active and has exclusive control over MCP servers");let z=hB().safeParse(K);if(!z.success){let $=z.error.issues.map((A)=>`${A.path.join(".")}: ${A.message}`).join(", ");throw Error(`Invalid configuration: ${$}`)}let Y=z.data;if(TR4(q,Y))throw Error(`Cannot add MCP server "${q}": server is explicitly blocked by enterprise policy`);if(!wN6(q,Y))throw Error(`Cannot add MCP server "${q}": not allowed by enterprise policy`);switch(_){case"project":{let{servers:$}=yB1();if($[q])throw Error(`MCP server ${q} already exists in .mcp.json`);break}case"user":{if(j8().mcpServers?.[q])throw Error(`MCP server ${q} already exists in user config`);break}case"local":{if(ww().mcpServers?.[q])throw Error(`MCP server ${q} already exists in local config`);break}case"dynamic":throw Error("Cannot add MCP server to scope: dynamic");case"enterprise":throw Error("Cannot add MCP server to scope: enterprise");case"claudeai":throw Error("Cannot add MCP server to scope: claudeai")}switch(_){case"project":{let{servers:$}=yB1(),A={};for(let[w,j]of Object.entries($)){let{scope:H,...J}=j;A[w]=J}A[q]=Y;let O={mcpServers:A};try{await fR4(O)}catch(w){throw Error(`Failed to write to .mcp.json: ${w}`)}break}case"user":{b8(($)=>({...$,mcpServers:{...$.mcpServers,[q]:Y}}));break}case"local":{jw(($)=>({...$,mcpServers:{...$.mcpServers,[q]:Y}}));break}default:throw Error(`Cannot add MCP server to scope: ${_}`)}}async function hB1(q,K){switch(K){case"project":{let{servers:_}=yB1();if(!_[q])throw Error(`No MCP server found with name: ${q} in .mcp.json`);let z={};for(let[$,A]of Object.entries(_))if($!==q){let{scope:O,...w}=A;z[$]=w}let Y={mcpServers:z};try{await fR4(Y)}catch($){throw Error(`Failed to remove from .mcp.json: ${$}`)}break}case"user":{if(!j8().mcpServers?.[q])throw Error(`No user-scoped MCP server found with name: ${q}`);b8((z)=>{let{[q]:Y,...$}=z.mcpServers??{};return{...z,mcpServers:$}});break}case"local":{if(!ww().mcpServers?.[q])throw Error(`No project-local MCP server found with name: ${q}`);jw((z)=>{let{[q]:Y,...$}=z.mcpServers??{};return{...z,mcpServers:$}});break}default:throw Error(`Cannot remove MCP server from scope: ${K}`)}}function yB1(){if(!$J("projectSettings"))return{servers:{},errors:[]};let q=KE8(Z8(),".mcp.json"),{config:K,errors:_}=jN6({filePath:q,expandVars:!0,scope:"project"});if(!K){let z=_.filter((Y)=>!Y.message.startsWith("MCP config file not found"));if(z.length>0)return N(`MCP config errors for ${q}: ${g6(z.map((Y)=>Y.message))}`,{level:"error"}),{servers:{},errors:z};return{servers:{},errors:[]}}return{servers:K.mcpServers?_a6(K.mcpServers,"project"):{},errors:_||[]}}function SH(q){let K={project:"projectSettings",user:"userSettings",local:"localSettings"};if(q in K&&!$J(K[q]))return{servers:{},errors:[]};switch(q){case"project":{let _={},z=[],Y=[],$=Z8();while($!==mOz($).root)Y.push($),$=uOz($);for(let A of Y.reverse()){let O=KE8(A,".mcp.json"),{config:w,errors:j}=jN6({filePath:O,expandVars:!0,scope:"project"});if(!w){let H=j.filter((J)=>!J.message.startsWith("MCP config file not found"));if(H.length>0)N(`MCP config errors for ${O}: ${g6(H.map((J)=>J.message))}`,{level:"error"}),z.push(...H);continue}if(w.mcpServers)Object.assign(_,_a6(w.mcpServers,q));if(j.length>0)z.push(...j)}return{servers:_,errors:z}}case"user":{let _=j8().mcpServers;if(!_)return{servers:{},errors:[]};let{config:z,errors:Y}=za6({configObject:{mcpServers:_},expandVars:!0,scope:"user"});return{servers:_a6(z?.mcpServers,q),errors:Y}}case"local":{let _=ww().mcpServers;if(!_)return{servers:{},errors:[]};let{config:z,errors:Y}=za6({configObject:{mcpServers:_},expandVars:!0,scope:"local"});return{servers:_a6(z?.mcpServers,q),errors:Y}}case"enterprise":{let _=_E8(),{config:z,errors:Y}=jN6({filePath:_,expandVars:!0,scope:"enterprise"});if(!z){let $=Y.filter((A)=>!A.message.startsWith("MCP config file not found"));if($.length>0)return N(`Enterprise MCP config errors for ${_}: ${g6($.map((A)=>A.message))}`,{level:"error"}),{servers:{},errors:$};return{servers:{},errors:[]}}return{servers:_a6(z.mcpServers,q),errors:Y}}}}function EN(q){let{servers:K}=SH("enterprise");if(fG("mcp"))return K[q]??null;let{servers:_}=SH("user"),{servers:z}=SH("project"),{servers:Y}=SH("local");if(K[q])return K[q];if(Y[q])return Y[q];if(z[q])return z[q];if(_[q])return _[q];return null}async function Rw6(q={},K=Promise.resolve({})){let{servers:_}=SH("enterprise");if(uq6()){let v={};for(let[V,E]of Object.entries(_)){if(!wN6(V,E))continue;v[V]=E}return{servers:v,errors:[]}}let z=fG("mcp"),Y={servers:{}},{servers:$}=z?Y:SH("user"),{servers:A}=z?Y:SH("project"),{servers:O}=z?Y:SH("local"),w={},j=await ZJ(),H=[];if(j.errors.length>0)for(let v of j.errors)if(v.type==="mcp-config-invalid"||v.type==="mcpb-download-failed"||v.type==="mcpb-extract-failed"||v.type==="mcpb-invalid-manifest"){let V=`Plugin MCP loading error - ${v.type}: ${$M(v)}`;H6(Error(V))}else{let V=v.type;N(`Plugin not available for MCP: ${v.source} - error type: ${V}`)}let J=await Promise.all(j.enabled.map((v)=>XR4(v,H)));for(let v of J)if(v)Object.assign(w,v);if(H.length>0)for(let v of H){let V=`Plugin MCP server error - ${v.type}: ${$M(v)}`;H6(Error(V))}let M={};for(let[v,V]of Object.entries(A))if(zE8(v)==="approved")M[v]=V;let X=await K,P={};for(let[v,V]of Object.entries({...$,...M,...O,...q,...X}))if(!bG(v)&&wN6(v,V))P[v]=V;let W={},D={};for(let[v,V]of Object.entries(w))if(bG(v)||!wN6(v,V))D[v]=V;else W[v]=V;let{servers:f,suppressed:G}=gOz(W,P);Object.assign(f,D);for(let{name:v,duplicateOf:V}of G){let E=v.split(":");if(E[0]!=="plugin"||E.length<3)continue;H.push({type:"mcp-server-suppressed-duplicate",source:v,plugin:E[1],serverName:E.slice(2).join(":"),duplicateOf:V})}let Z=Object.assign({},f,$,M,O),T={};for(let[v,V]of Object.entries(Z)){if(!wN6(v,V))continue;T[v]=V}return{servers:T,errors:H}}async function Iq6(){if(uq6())return Rw6();let q=Ew6(),{servers:K,errors:_}=await Rw6({},q),{allowed:z}=bq6(await q),{servers:Y}=Ya6(z,K);return{servers:Object.assign({},Y,K),errors:_}}function za6(q){let{configObject:K,expandVars:_,scope:z,filePath:Y}=q,$=ih7().safeParse(K);if(!$.success)return{config:null,errors:$.error.issues.map((w)=>({...Y&&{file:Y},path:w.path.join("."),message:"Does not adhere to MCP server configuration schema",mcpErrorMetadata:{scope:z,severity:"fatal"}}))};let A=[],O={};for(let[w,j]of Object.entries($.data.mcpServers)){let H=j;if(_){let{expanded:J,missingVars:M}=dOz(j);if(M.length>0)A.push({...Y&&{file:Y},path:`mcpServers.${w}`,message:`Missing environment variables: ${M.join(", ")}`,suggestion:`Set the following environment variables: ${M.join(", ")}`,mcpErrorMetadata:{scope:z,serverName:w,severity:"warning"}});H=J}if(Z1()==="windows"&&(!H.type||H.type==="stdio")&&(H.command==="npx"||H.command.endsWith("\\npx")||H.command.endsWith("/npx")))A.push({...Y&&{file:Y},path:`mcpServers.${w}`,message:"Windows requires 'cmd /c' wrapper to execute npx",suggestion:'Change command to "cmd" with args ["/c", "npx", ...]. See: https://code.claude.com/docs/en/mcp#configure-mcp-servers',mcpErrorMetadata:{scope:z,serverName:w,severity:"warning"}});O[w]=H}return{config:{mcpServers:O},errors:A}}function jN6(q){let{filePath:K,expandVars:_,scope:z}=q,Y=X8(),$;try{$=Y.readFileSync(K,{encoding:"utf8"})}catch(O){if(s1(O)==="ENOENT")return{config:null,errors:[{file:K,path:"",message:`MCP config file not found: ${K}`,suggestion:"Check that the file path is correct",mcpErrorMetadata:{scope:z,severity:"fatal"}}]};return N(`MCP config read error for ${K} (scope=${z}): ${O}`,{level:"error"}),{config:null,errors:[{file:K,path:"",message:`Failed to read file: ${O}`,suggestion:"Check file permissions and ensure the file exists",mcpErrorMetadata:{scope:z,severity:"fatal"}}]}}let A=m5($);if(!A)return N(`MCP config is not valid JSON: ${K} (scope=${z}, length=${$.length}, first100=${g6($.slice(0,100))})`,{level:"error"}),{config:null,errors:[{file:K,path:"",message:"MCP config is not a valid JSON",suggestion:"Fix the JSON syntax errors in the file",mcpErrorMetadata:{scope:z,severity:"fatal"}}]};return za6({configObject:A,expandVars:_,scope:z,filePath:K})}function cOz(){return v1("policySettings")?.allowManagedMcpServersOnly===!0}function vR4(q){return Object.values(q).every((K)=>K.type==="sdk"&&K.name==="claude-vscode")}function EB1(q){return WR4!==null&&q===WR4}function bG(q){let K=ww();if(EB1(q))return!(K.enabledMcpServers||[]).includes(q);return(K.disabledMcpServers||[]).includes(q)}function DR4(q,K,_){if(q.includes(K)===_)return q;return _?[...q,K]:q.filter((Y)=>Y!==K)}function HN6(q,K){let _=EB1(q)&&bG(q)===K;if(jw((z)=>{if(EB1(q)){let A=z.enabledMcpServers||[],O=DR4(A,q,K);if(O===A)return z;return{...z,enabledMcpServers:O}}let Y=z.disabledMcpServers||[],$=DR4(Y,q,!K);if($===Y)return z;return{...z,disabledMcpServers:$}}),_)d("tengu_builtin_mcp_toggle",{serverName:q,enabled:K})}var pOz,uq6,WR4;var f0=y(()=>{po6();F4();vK();cC();V1();I7();_8();y8();e7();vO();E8();AN6();bj();kO();qI();IA6();U1();vh();l8();k8();ON6();f_6();NJ();pOz=["/v2/session_ingress/shttp/mcp/","/v2/ccr-sessions/"];uq6=_1(()=>{let{config:q}=jN6({filePath:_E8(),expandVars:!0,scope:"enterprise"});return q!==null});WR4=(wi(),Eq(dG6)).COMPUTER_USE_MCP_SERVER_NAME});import{createHash as lOz}from"crypto";import{join as nOz}from"path";function EU(q,K){let _=`mcp__${Z2(K)}__`;return q.filter((z)=>z.name?.startsWith(_))}function LU(q,K){let _=Z2(K),z=q.name;if(!z)return!1;return z.startsWith(`mcp__${_}__`)||z.startsWith(`${_}:`)}function YE8(q,K){return q.filter((_)=>LU(_,K)&&!(_.type==="prompt"&&_.loadedFrom==="mcp"))}function $E8(q,K){let _=`mcp__${Z2(K)}__`;return q.filter((z)=>!z.name?.startsWith(_))}function JN6(q,K){return q.filter((_)=>!LU(_,K))}function MN6(q,K){let _={...q};return delete _[K],_}function kR4(q){let{scope:K,..._}=q,z=g6(_,(Y,$)=>{if($&&typeof $==="object"&&!Array.isArray($)){let A=$,O={};for(let w of Object.keys(A).sort())O[w]=A[w];return O}return $});return lOz("sha256").update(z).digest("hex").slice(0,16)}function VR4(q,K){let _=q.clients.filter((O)=>{let w=K[O.name];if(!w)return O.config.scope==="dynamic";return kR4(O.config)!==kR4(w)});if(_.length===0)return{...q,stale:[]};let{tools:z,commands:Y,resources:$}=q;for(let O of _)z=$E8(z,O.name),Y=JN6(Y,O.name),$=MN6($,O.name);let A=new Set(_.map((O)=>O.name));return{clients:q.clients.filter((O)=>!A.has(O.name)),tools:z,commands:Y,resources:$,stale:_}}function NR4(q,K){return nT(q)?.serverName===K}function ov(q){return q.name?.startsWith("mcp__")||q.isMcp===!0}function xG(q){switch(q){case"user":return XP();case"project":return nOz(Z8(),".mcp.json");case"local":return`${XP()} [project: ${Z8()}]`;case"dynamic":return"Dynamically configured";case"enterprise":return _E8();case"claudeai":return"claude.ai";default:return q}}function $a6(q){switch(q){case"local":return"Local config (private to you in this project)";case"project":return"Project config (shared via .mcp.json)";case"user":return"User config (available in all your projects)";case"dynamic":return"Dynamic config (from command line)";case"enterprise":return"Enterprise config (managed by your organization)";case"claudeai":return"claude.ai config";default:return q}}function XN6(q){if(!q)return"local";if(!KK1().options.includes(q))throw Error(`Invalid scope: ${q}. Must be one of: ${KK1().options.join(", ")}`);return q}function yR4(q){if(!q)return"stdio";if(q!=="stdio"&&q!=="sse"&&q!=="http")throw Error(`Invalid transport type: ${q}. Must be one of: stdio, sse, http`);return q}function SB1(q){let K={};for(let _ of q){let z=_.indexOf(":");if(z===-1)throw Error(`Invalid header format: "${_}". Expected format: "Header-Name: value"`);let Y=_.substring(0,z).trim(),$=_.substring(z+1).trim();if(!Y)throw Error(`Invalid header: "${_}". Header name cannot be empty.`);K[Y]=$}return K}function zE8(q){let K=Z7(),_=Z2(q);if(K?.disabledMcpjsonServers?.some((z)=>Z2(z)===_))return"rejected";if(K?.enabledMcpjsonServers?.some((z)=>Z2(z)===_)||K?.enableAllProjectMcpServers)return"approved";if(fD6()&&$J("projectSettings"))return"approved";if(i7()&&$J("projectSettings"))return"approved";return"pending"}function CB1(q){if(!ov({name:q}))return null;let K=nT(q);if(!K)return null;let _=EN(K.serverName);if(!_&&K.serverName.startsWith("claude_ai_"))return"claudeai";return _?.scope??null}function iOz(q){return q.type==="stdio"||q.type===void 0}function rOz(q){return q.type==="sse"}function oOz(q){return q.type==="http"}function aOz(q){return q.type==="ws"}function ER4(q){let K=new Map;for(let z of q){if(!z.mcpServers?.length)continue;for(let Y of z.mcpServers){if(typeof Y==="string")continue;let $=Object.entries(Y);if($.length!==1)continue;let[A,O]=$[0],w=K.get(A);if(w){if(!w.sourceAgents.includes(z.agentType))w.sourceAgents.push(z.agentType)}else K.set(A,{config:{...O,name:A},sourceAgents:[z.agentType]})}}let _=[];for(let[z,{config:Y,sourceAgents:$}]of K)if(iOz(Y))_.push({name:z,sourceAgents:$,transport:"stdio",command:Y.command,needsAuth:!1});else if(rOz(Y))_.push({name:z,sourceAgents:$,transport:"sse",url:Y.url,needsAuth:!0});else if(oOz(Y))_.push({name:z,sourceAgents:$,transport:"http",url:Y.url,needsAuth:!0});else if(aOz(Y))_.push({name:z,sourceAgents:$,transport:"ws",url:Y.url,needsAuth:!1});return _.sort((z,Y)=>z.name.localeCompare(Y.name))}function LN(q){if(!("url"in q)||typeof q.url!=="string")return;try{let K=new URL(q.url);return K.search="",K.toString().replace(/\/$/,"")}catch{return}}var NJ=y(()=>{v8();I7();y_();kO();U1();l8();f0();ok();f_6()});function hR4(q){return(K,_)=>{let z=AbortSignal.timeout(sOz),Y=q?AbortSignal.any([z,q]):z;return fetch(K,{..._,signal:Y})}}function AE8(q){try{return new URL(q).href.replace(/\/$/,"")}catch{return q.replace(/\/$/,"")}}function Aa6(q){return(typeof q==="string"?q:g6(q)).replace(qwz,(_,z)=>`"${z}":"[REDACTED]"`)}async function zwz(q,K){let _;try{_=await My8(q,void 0,K?.fetchFn??OE8)}catch(z){throw Error(`XAA: PRM discovery failed: ${z instanceof Error?z.message:String(z)}`)}if(!_.resource||!_.authorization_servers?.[0])throw Error("XAA: PRM discovery failed: PRM missing resource or authorization_servers");if(AE8(_.resource)!==AE8(q))throw Error(`XAA: PRM discovery failed: PRM resource mismatch: expected ${q}, got ${_.resource}`);return{resource:_.resource,authorization_servers:_.authorization_servers}}async function Ywz(q,K){let _=await Ww6(q,{fetchFn:K?.fetchFn??OE8});if(!_?.issuer||!_.token_endpoint)throw Error(`XAA: AS metadata discovery failed: no valid metadata at ${q}`);if(AE8(_.issuer)!==AE8(q))throw Error(`XAA: AS metadata discovery failed: issuer mismatch: expected ${q}, got ${_.issuer}`);if(new URL(_.token_endpoint).protocol!=="https:")throw Error(`XAA: refusing non-HTTPS token endpoint: ${_.token_endpoint}`);return{issuer:_.issuer,token_endpoint:_.token_endpoint,grant_types_supported:_.grant_types_supported,token_endpoint_auth_methods_supported:_.token_endpoint_auth_methods_supported}}async function $wz(q){let K=q.fetchFn??OE8,_=new URLSearchParams({grant_type:tOz,requested_token_type:LR4,audience:q.audience,resource:q.resource,subject_token:q.idToken,subject_token_type:eOz,client_id:q.clientId});if(q.clientSecret)_.set("client_secret",q.clientSecret);if(q.scope)_.set("scope",q.scope);let z=await K(q.tokenEndpoint,{method:"POST",headers:{"Content-Type":"application/x-www-form-urlencoded"},body:_});if(!z.ok){let O=Aa6(await z.text()).slice(0,200),w=z.status<500;throw new nr(`XAA: token exchange failed: HTTP ${z.status}: ${O}`,w)}let Y;try{Y=await z.json()}catch{throw new nr(`XAA: token exchange returned non-JSON (captive portal?) at ${q.tokenEndpoint}`,!1)}let $=Kwz().safeParse(Y);if(!$.success)throw new nr(`XAA: token exchange response did not match expected shape: ${Aa6(Y)}`,!0);let A=$.data;if(!A.access_token)throw new nr(`XAA: token exchange response missing access_token: ${Aa6(A)}`,!0);if(A.issued_token_type!==LR4)throw new nr(`XAA: token exchange returned unexpected issued_token_type: ${A.issued_token_type}`,!0);return{jwtAuthGrant:A.access_token,expiresIn:A.expires_in,scope:A.scope}}async function Awz(q){let K=q.fetchFn??OE8,_=q.authMethod??"client_secret_basic",z=new URLSearchParams({grant_type:RR4,assertion:q.assertion});if(q.scope)z.set("scope",q.scope);let Y={"Content-Type":"application/x-www-form-urlencoded"};if(_==="client_secret_basic"){let w=Buffer.from(`${encodeURIComponent(q.clientId)}:${encodeURIComponent(q.clientSecret)}`).toString("base64");Y.Authorization=`Basic ${w}`}else z.set("client_id",q.clientId),z.set("client_secret",q.clientSecret);let $=await K(q.tokenEndpoint,{method:"POST",headers:Y,body:z});if(!$.ok){let w=Aa6(await $.text()).slice(0,200);throw Error(`XAA: jwt-bearer grant failed: HTTP ${$.status}: ${w}`)}let A;try{A=await $.json()}catch{throw Error(`XAA: jwt-bearer grant returned non-JSON (captive portal?) at ${q.tokenEndpoint}`)}let O=_wz().safeParse(A);if(!O.success)throw Error(`XAA: jwt-bearer response did not match expected shape: ${Aa6(A)}`);return O.data}async function bB1(q,K,_="xaa",z){let Y=hR4(z);C8(_,`XAA: discovering PRM for ${q}`);let $=await zwz(q,{fetchFn:Y});C8(_,`XAA: discovered resource=${$.resource} ASes=[${$.authorization_servers.join(", ")}]`);let A,O=[];for(let M of $.authorization_servers){let X;try{X=await Ywz(M,{fetchFn:Y})}catch(P){if(z?.aborted)throw P;O.push(`${M}: ${P instanceof Error?P.message:String(P)}`);continue}if(X.grant_types_supported&&!X.grant_types_supported.includes(RR4)){O.push(`${M}: does not advertise jwt-bearer grant (supported: ${X.grant_types_supported.join(", ")})`);continue}A=X;break}if(!A)throw Error(`XAA: no authorization server supports jwt-bearer. Tried: ${O.join("; ")}`);let w=A.token_endpoint_auth_methods_supported,j=w&&!w.includes("client_secret_basic")&&w.includes("client_secret_post")?"client_secret_post":"client_secret_basic";C8(_,`XAA: AS issuer=${A.issuer} token_endpoint=${A.token_endpoint} auth_method=${j}`),C8(_,"XAA: exchanging id_token for ID-JAG at IdP");let H=await $wz({tokenEndpoint:K.idpTokenEndpoint,audience:A.issuer,resource:$.resource,idToken:K.idpIdToken,clientId:K.idpClientId,clientSecret:K.idpClientSecret,fetchFn:Y});C8(_,"XAA: ID-JAG obtained"),C8(_,"XAA: exchanging ID-JAG for access_token at AS");let J=await Awz({tokenEndpoint:A.token_endpoint,assertion:H.jwtAuthGrant,clientId:K.clientId,clientSecret:K.clientSecret,authMethod:j,fetchFn:Y});return C8(_,"XAA: access_token obtained"),{...J,authorizationServerUrl:A.issuer}}var sOz=30000,tOz="urn:ietf:params:oauth:grant-type:token-exchange",RR4="urn:ietf:params:oauth:grant-type:jwt-bearer",LR4="urn:ietf:params:oauth:token-type:id-jag",eOz="urn:ietf:params:oauth:token-type:id_token",OE8,nr,qwz,Kwz,_wz;var SR4=y(()=>{Dw6();x7();E8();l8();OE8=hR4();nr=class nr extends Error{shouldClearIdToken;constructor(q,K){super(q);this.name="XaaTokenExchangeError",this.shouldClearIdToken=K}};qwz=/"(access_token|refresh_token|id_token|assertion|subject_token|client_secret)"\s*:\s*"[^"]*"/g;Kwz=B6(()=>L.object({access_token:L.string().optional(),issued_token_type:L.string().optional(),expires_in:L.coerce.number().optional(),scope:L.string().optional()})),_wz=B6(()=>L.object({access_token:L.string().min(1),token_type:L.string().default("Bearer"),expires_in:L.coerce.number().optional(),scope:L.string().optional(),refresh_token:L.string().optional()}))});import{randomBytes as Owz}from"crypto";import{createServer as wwz}from"http";import{parse as jwz}from"url";function ir(){return i6(process.env.CLAUDE_CODE_ENABLE_XAA)}function RU(){return N7().xaaIdp}function rr(q){try{let K=new URL(q);return K.pathname=K.pathname.replace(/\/+$/,""),K.host=K.host.toLowerCase(),K.toString()}catch{return q.replace(/\/+$/,"")}}function hw6(q){let z=c3().read()?.mcpXaaIdp?.[rr(q)];if(!z)return;if(z.expiresAt-Date.now()<=Jwz*1000)return;return z.idToken}function bR4(q,K,_){let z=c3(),Y=z.read()||{};z.update({...Y,mcpXaaIdp:{...Y.mcpXaaIdp,[rr(q)]:{idToken:K,expiresAt:_}}})}function xR4(q,K){let _=uR4(K),z=_?_*1000:Date.now()+3600000;return bR4(q,K,z),z}function mq6(q){let K=c3(),_=K.read(),z=rr(q);if(!_?.mcpXaaIdp?.[z])return;delete _.mcpXaaIdp[z],K.update(_)}function IR4(q,K){let _=c3(),z=_.read()||{};return _.update({...z,mcpXaaIdpConfig:{...z.mcpXaaIdpConfig,[rr(q)]:{clientSecret:K}}})}function PN6(q){return c3().read()?.mcpXaaIdpConfig?.[rr(q)]?.clientSecret}function wE8(q){let K=c3(),_=K.read(),z=rr(q);if(!_?.mcpXaaIdpConfig?.[z])return;delete _.mcpXaaIdpConfig[z],K.update(_)}async function jE8(q){let K=q.endsWith("/")?q:q+"/",_=new URL(".well-known/openid-configuration",K),z=await fetch(_,{headers:{Accept:"application/json"},signal:AbortSignal.timeout(CR4)});if(!z.ok)throw Error(`XAA IdP: OIDC discovery failed: HTTP ${z.status} at ${_}`);let Y;try{Y=await z.json()}catch{throw Error(`XAA IdP: OIDC discovery returned non-JSON at ${_} (captive portal or proxy?)`)}let $=eN8.safeParse(Y);if(!$.success)throw Error(`XAA IdP: invalid OIDC metadata: ${$.error.message}`);if(new URL($.data.token_endpoint).protocol!=="https:")throw Error(`XAA IdP: refusing non-HTTPS token endpoint: ${$.data.token_endpoint}`);return $.data}function uR4(q){let K=q.split(".");if(K.length!==3)return;try{let _=r8(Buffer.from(K[1],"base64url").toString("utf-8"));return typeof _.exp==="number"?_.exp:void 0}catch{return}}function Mwz(q,K,_,z){let Y=null,$=null,A=null,O=()=>{if(Y?.removeAllListeners(),Y?.on("error",()=>{}),Y?.close(),Y=null,$)clearTimeout($),$=null;if(_&&A)_.removeEventListener("abort",A),A=null};return new Promise((w,j)=>{let H=!1,J=(X)=>{if(H)return;H=!0,O(),w(X)},M=(X)=>{if(H)return;H=!0,O(),j(X)};if(_){if(A=()=>M(Error("XAA IdP: login cancelled")),_.aborted){A();return}_.addEventListener("abort",A,{once:!0})}Y=wwz((X,P)=>{let W=jwz(X.url||"",!0);if(W.pathname!=="/callback"){P.writeHead(404),P.end();return}let D=W.query.code,f=W.query.state,G=W.query.error;if(G){let Z=W.query.error_description,T=xB1.default(G),v=Z?xB1.default(Z):"";P.writeHead(400,{"Content-Type":"text/html"}),P.end(`<html><body><h3>IdP login failed</h3><p>${T}</p><p>${v}</p></body></html>`),M(Error(`XAA IdP: ${G}${Z?` — ${Z}`:""}`));return}if(f!==K){P.writeHead(400,{"Content-Type":"text/html"}),P.end("<html><body><h3>State mismatch</h3></body></html>"),M(Error("XAA IdP: state mismatch (possible CSRF)"));return}if(!D){P.writeHead(400,{"Content-Type":"text/html"}),P.end("<html><body><h3>Missing code</h3></body></html>"),M(Error("XAA IdP: callback missing code"));return}P.writeHead(200,{"Content-Type":"text/html"}),P.end("<html><body><h3>IdP login complete — you can close this window.</h3></body></html>"),J(D)}),Y.on("error",(X)=>{if(X.code==="EADDRINUSE"){let P=Z1()==="windows"?`netstat -ano | findstr :${q}`:`lsof -ti:${q} -sTCP:LISTEN`;M(Error(`XAA IdP: callback port ${q} is already in use. Run \`${P}\` to find the holder.`))}else M(Error(`XAA IdP: callback server failed: ${X.message}`))}),Y.listen(q,"127.0.0.1",()=>{try{z()}catch(X){M(x1(X))}}),Y.unref(),$=setTimeout((X)=>X(Error("XAA IdP: login timed out")),Hwz,M),$.unref()})}async function HE8(q){let{idpIssuer:K,idpClientId:_}=q,z=hw6(K);if(z)return C8("xaa",`Using cached id_token for ${K}`),z;C8("xaa",`No cached id_token for ${K}; starting OIDC login`);let Y=await jE8(K),$=q.callbackPort??await oy8(),A=eo6($),O=Owz(32).toString("base64url"),w={client_id:_,...q.idpClientSecret?{client_secret:q.idpClientSecret}:{}},{authorizationUrl:j,codeVerifier:H}=await Fp1(K,{metadata:Y,clientInformation:w,redirectUrl:A,scope:"openid",state:O}),J=await Mwz($,O,q.abortSignal,()=>{if(q.onAuthorizationUrl)q.onAuthorizationUrl(j.toString());if(!q.skipBrowserOpen)C8("xaa","Opening browser to IdP authorization endpoint"),m3(j.toString())}),M=await XE4(K,{metadata:Y,clientInformation:w,authorizationCode:J,codeVerifier:H,redirectUri:A,fetchFn:(W,D)=>fetch(W,{...D,signal:AbortSignal.timeout(CR4)})});if(!M.id_token)throw Error("XAA IdP: token response missing id_token (check scope=openid)");let X=uR4(M.id_token),P=X?X*1000:Date.now()+(M.expires_in??3600)*1000;return bR4(K,M.id_token,P),C8("xaa",`Cached id_token for ${K} (expires ${new Date(P).toISOString()})`),M.id_token}var xB1,Hwz=300000,CR4=30000,Jwz=60;var Oa6=y(()=>{Dw6();mo6();hH();m8();y8();E8();vK();$16();U1();l8();GB1();xB1=O6(fB1(),1)});import{createHash as Xwz,randomBytes as Pwz,randomUUID as Wwz}from"crypto";import{mkdir as Dwz}from"fs/promises";import{createServer as fwz}from"http";import{join as Zwz}from"path";import{parse as Gwz}from"url";function mR4(q){try{let K=new URL(q);for(let _ of vwz)if(K.searchParams.has(_))K.searchParams.set(_,"[REDACTED]");return K.toString()}catch{return q}}async function pR4(q){if(!q.ok)return q;let K=await q.text(),_;try{_=r8(K)}catch{return new Response(K,q)}if(qy8.safeParse(_).success)return new Response(K,q);let z=Ky8.safeParse(_);if(!z.success)return new Response(K,q);let Y=kwz.has(z.data.error)?{error:"invalid_grant",error_description:z.data.error_description??`Server returned non-standard error code: ${z.data.error}`}:z.data;return new Response(g6(Y),{status:400,statusText:"Bad Request",headers:q.headers})}function gR4(){return async(q,K)=>{let _=AbortSignal.timeout(Twz),z=K?.method?.toUpperCase()==="POST";if(!K?.signal){let O=await fetch(q,{...K,signal:_});return z?pR4(O):O}let Y=new AbortController,$=()=>Y.abort();K.signal.addEventListener("abort",$),_.addEventListener("abort",$);let A=()=>{K.signal?.removeEventListener("abort",$),_.removeEventListener("abort",$)};if(K.signal.aborted)Y.abort();try{let O=await fetch(q,{...K,signal:Y.signal});return A(),z?pR4(O):O}catch(O){throw A(),O}}}async function JE8(q,K,_,z,Y){if(_){if(!_.startsWith("https://"))throw Error(`authServerMetadataUrl must use https:// (got: ${_})`);let O=await(z??gR4())(_,{headers:{Accept:"application/json"}});if(O.ok)return uo6.parse(await O.json());throw Error(`HTTP ${O.status} fetching configured auth server metadata from ${_}`)}try{let{authorizationServerMetadata:A}=await gp1(K,{...z&&{fetchFn:z},...Y&&{resourceMetadataUrl:Y}});if(A)return A}catch(A){C8(q,`RFC 9728 discovery failed, falling back: ${d6(A)}`)}let $=new URL(K);if($.pathname==="/")return;return Ww6($,{...z&&{fetchFn:z}})}function XM(q,K){let _=g6({type:K.type,url:K.url,headers:K.headers||{}}),z=Xwz("sha256").update(_).digest("hex").substring(0,16);return`${q}|${z}`}function FR4(q,K){if(ir()&&K.oauth?.xaa)return!1;let _=XM(q,K),z=c3().read()?.mcpOAuth?.[_];return z!==void 0&&!z.accessToken&&!z.refreshToken}async function BR4({serverName:q,endpoint:K,token:_,tokenTypeHint:z,clientId:Y,clientSecret:$,accessToken:A,authMethod:O="client_secret_basic"}){let w=new URLSearchParams;w.set("token",_),w.set("token_type_hint",z);let j={"Content-Type":"application/x-www-form-urlencoded"};if(Y&&$)if(O==="client_secret_post")w.set("client_id",Y),w.set("client_secret",$);else{let H=Buffer.from(`${encodeURIComponent(Y)}:${encodeURIComponent($)}`).toString("base64");j.Authorization=`Basic ${H}`}else if(Y)w.set("client_id",Y);else C8(q,`No client_id available for ${z} revocation - server may reject`);try{await $1.post(K,w,{headers:j}),C8(q,`Successfully revoked ${z}`)}catch(H){if($1.isAxiosError(H)&&H.response?.status===401&&A)C8(q,`Got 401, retrying ${z} revocation with Bearer auth`),w.delete("client_id"),w.delete("client_secret"),await $1.post(K,w,{headers:{...j,Authorization:`Bearer ${A}`}}),C8(q,`Successfully revoked ${z} with Bearer auth`);else throw H}}async function wa6(q,K,{preserveStepUpState:_=!1}={}){let z=c3(),Y=z.read();if(!Y?.mcpOAuth)return;let $=XM(q,K),A=Y.mcpOAuth[$];if(A?.accessToken||A?.refreshToken)try{let O=A.discoveryState?.authorizationServerUrl??K.url,w=await JE8(q,O,K.oauth?.authServerMetadataUrl);if(!w)C8(q,"No OAuth metadata found");else{let j="revocation_endpoint"in w?w.revocation_endpoint:null;if(!j)C8(q,"Server does not support token revocation");else{let H=String(j),J=("revocation_endpoint_auth_methods_supported"in w?w.revocation_endpoint_auth_methods_supported:void 0)??("token_endpoint_auth_methods_supported"in w?w.token_endpoint_auth_methods_supported:void 0),M=J&&!J.includes("client_secret_basic")&&J.includes("client_secret_post")?"client_secret_post":"client_secret_basic";if(C8(q,`Revoking tokens via ${H} (${M})`),A.refreshToken)try{await BR4({serverName:q,endpoint:H,token:A.refreshToken,tokenTypeHint:"refresh_token",clientId:A.clientId,clientSecret:A.clientSecret,accessToken:A.accessToken,authMethod:M})}catch(X){C8(q,`Failed to revoke refresh token: ${d6(X)}`)}if(A.accessToken)try{await BR4({serverName:q,endpoint:H,token:A.accessToken,tokenTypeHint:"access_token",clientId:A.clientId,clientSecret:A.clientSecret,accessToken:A.accessToken,authMethod:M})}catch(X){C8(q,`Failed to revoke access token: ${d6(X)}`)}}}}catch(O){C8(q,`Failed to revoke tokens: ${d6(O)}`)}else C8(q,"No tokens to revoke");if(ME8(q,K),_&&A&&(A.stepUpScope||A.discoveryState)){let O=z.read()||{},w={...O,mcpOAuth:{...O.mcpOAuth,[$]:{...O.mcpOAuth?.[$],serverName:q,serverUrl:K.url,accessToken:O.mcpOAuth?.[$]?.accessToken??"",expiresAt:O.mcpOAuth?.[$]?.expiresAt??0,...A.stepUpScope?{stepUpScope:A.stepUpScope}:{},...A.discoveryState?{discoveryState:{authorizationServerUrl:A.discoveryState.authorizationServerUrl,resourceMetadataUrl:A.discoveryState.resourceMetadataUrl}}:{}}}};z.update(w),C8(q,"Preserved step-up auth state across revocation")}}function ME8(q,K){let _=c3(),z=_.read();if(!z?.mcpOAuth)return;let Y=XM(q,K);if(z.mcpOAuth[Y])delete z.mcpOAuth[Y],_.update(z),C8(q,"Cleared stored tokens")}async function Vwz(q,K,_,z,Y){if(!K.oauth?.xaa)throw Error("XAA: oauth.xaa must be set");let $=RU();if(!$)throw Error("XAA: no IdP connection configured. Run 'claude mcp xaa setup --issuer <url> --client-id <id> --client-secret' to configure.");let A=K.oauth?.clientId;if(!A)throw Error(`XAA: server '${q}' needs an AS client_id. Re-add with --client-id.`);let w=Ja6(q,K)?.clientSecret;if(!w){let M=XM(q,K),X=Object.keys(c3().read()?.mcpOAuthClientConfig??{}),P=Object.fromEntries(Object.entries(K.headers??{}).map(([W,D])=>W.toLowerCase()==="authorization"?[W,"[REDACTED]"]:[W,D]));throw C8(q,`XAA: secret lookup miss. wanted=${M} have=[${X.join(", ")}] configHeaders=${g6(P)}`),Error(`XAA: AS client secret not found for '${q}'. Re-add with --client-secret.`)}C8(q,"XAA: starting cross-app access flow");let j=PN6($.issuer),H=hw6($.issuer)!==void 0,J="idp_login";try{let M;try{M=await HE8({idpIssuer:$.issuer,idpClientId:$.clientId,idpClientSecret:j,callbackPort:$.callbackPort,onAuthorizationUrl:_,skipBrowserOpen:Y,abortSignal:z})}catch(Z){if(z?.aborted)throw new hU;throw Z}J="discovery";let X=await jE8($.issuer);J="token_exchange";let P;try{P=await bB1(K.url,{clientId:A,clientSecret:w,idpClientId:$.clientId,idpClientSecret:j,idpIdToken:M,idpTokenEndpoint:X.token_endpoint},q,z)}catch(Z){if(z?.aborted)throw new hU;let T=d6(Z);if(Z instanceof nr){if(Z.shouldClearIdToken)mq6($.issuer),C8(q,"XAA: cleared cached id_token after token-exchange failure")}else if(T.includes("PRM discovery failed")||T.includes("AS metadata discovery failed")||T.includes("no authorization server supports jwt-bearer"))J="discovery";else if(T.includes("jwt-bearer"))J="jwt_bearer";throw Z}let W=c3(),D=W.read()||{},f=XM(q,K),G=D.mcpOAuth?.[f];W.update({...D,mcpOAuth:{...D.mcpOAuth,[f]:{...G,serverName:q,serverUrl:K.url,accessToken:P.access_token,refreshToken:P.refresh_token??G?.refreshToken,expiresAt:Date.now()+(P.expires_in||3600)*1000,scope:P.scope,clientId:A,clientSecret:w,discoveryState:{authorizationServerUrl:P.authorizationServerUrl}}}}),C8(q,"XAA: tokens saved"),d("tengu_mcp_oauth_flow_success",{authMethod:"xaa",idTokenCacheHit:H})}catch(M){if(M instanceof hU)throw M;throw d("tengu_mcp_oauth_flow_failure",{authMethod:"xaa",xaaFailureStage:J,idTokenCacheHit:H}),M}}async function pq6(q,K,_,z,Y){if(K.oauth?.xaa){if(!ir())throw Error(`XAA is not enabled (set CLAUDE_CODE_ENABLE_XAA=1). Remove 'oauth.xaa' from server '${q}' to use the standard consent flow.`);d("tengu_mcp_oauth_flow_start",{isOAuthFlow:!0,authMethod:"xaa",transportType:K.type,...LN(K)?{mcpServerBaseUrl:LN(K)}:{}}),await Vwz(q,K,_,z,Y?.skipBrowserOpen);return}let $=c3(),A=XM(q,K),O=$.read()?.mcpOAuth?.[A],w=O?.stepUpScope,j=O?.discoveryState?.resourceMetadataUrl;ME8(q,K);let H;if(j)try{H=new URL(j)}catch{C8(q,`Invalid cached resourceMetadataUrl: ${j}`)}let J={scope:w,resourceMetadataUrl:H},M=Wwz();d("tengu_mcp_oauth_flow_start",{flowAttemptId:M,isOAuthFlow:!0,transportType:K.type,...LN(K)?{mcpServerBaseUrl:LN(K)}:{}});let X=!1;try{let P=K.oauth?.callbackPort,W=P??await oy8(),D=eo6(W);C8(q,`Using redirect port: ${W}${P?" (from config)":""}`);let f=new Sw6(q,K,D,!0,_,Y?.skipBrowserOpen);try{let R=await JE8(q,K.url,K.oauth?.authServerMetadataUrl,void 0,J.resourceMetadataUrl);if(R)f.setMetadata(R),C8(q,`Fetched OAuth metadata with scope: ${mB1(R)||"NONE"}`)}catch(R){C8(q,`Failed to fetch OAuth metadata: ${d6(R)}`)}let G=await f.state(),Z=null,T=null,v=null,V=()=>{if(Z)Z.removeAllListeners(),Z.on("error",()=>{}),Z.close(),Z=null;if(T)clearTimeout(T),T=null;if(z&&v)z.removeEventListener("abort",v),v=null;C8(q,"MCP OAuth server cleaned up")},E=await new Promise((R,x)=>{let I=!1,B=(C)=>{if(I)return;I=!0,R(C)},p=(C)=>{if(I)return;I=!0,x(C)};if(z){if(v=()=>{V(),p(new hU)},z.aborted){v();return}z.addEventListener("abort",v)}if(Y?.onWaitingForCallback)Y.onWaitingForCallback((C)=>{try{let g=new URL(C),F=g.searchParams.get("code"),U=g.searchParams.get("state"),c=g.searchParams.get("error");if(c){let K6=g.searchParams.get("error_description")||"";V(),p(Error(`OAuth error: ${c} - ${K6}`));return}if(!F)return;if(U!==G){V(),p(Error("OAuth state mismatch - possible CSRF attack"));return}C8(q,"Received auth code via manual callback URL"),V(),B(F)}catch{}});Z=fwz((C,g)=>{let F=Gwz(C.url||"",!0);if(F.pathname==="/callback"){let U=F.query.code,c=F.query.state,K6=F.query.error,t=F.query.error_description,q6=F.query.error_uri;if(!K6&&c!==G){g.writeHead(400,{"Content-Type":"text/html"}),g.end("<h1>Authentication Error</h1><p>Invalid state parameter. Please try again.</p><p>You can close this window.</p>"),V(),p(Error("OAuth state mismatch - possible CSRF attack"));return}if(K6){g.writeHead(200,{"Content-Type":"text/html"});let e=uB1.default(String(K6)),i=t?uB1.default(String(t)):"";g.end(`<h1>Authentication Error</h1><p>${e}: ${i}</p><p>You can close this window.</p>`),V();let $6=`OAuth error: ${K6}`;if(t)$6+=` - ${t}`;if(q6)$6+=` (See: ${q6})`;p(Error($6));return}if(U)g.writeHead(200,{"Content-Type":"text/html"}),g.end("<h1>Authentication Successful</h1><p>You can close this window. Return to Claude Code.</p>"),V(),B(U)}}),Z.on("error",(C)=>{if(V(),C.code==="EADDRINUSE"){let g=Z1()==="windows"?`netstat -ano | findstr :${W}`:`lsof -ti:${W} -sTCP:LISTEN`;p(Error(`OAuth callback port ${W} is already in use — another process may be holding it. `+`Run \`${g}\` to find it.`))}else p(Error(`OAuth callback server failed: ${C.message}`))}),Z.listen(W,"127.0.0.1",async()=>{try{C8(q,"Starting SDK auth"),C8(q,`Server URL: ${K.url}`);let C=await gC(f,{serverUrl:K.url,scope:J.scope,resourceMetadataUrl:J.resourceMetadataUrl});if(C8(q,`Initial auth result: ${C}`),C!=="REDIRECT")C8(q,`Unexpected auth result, expected REDIRECT: ${C}`)}catch(C){C8(q,`SDK auth error: ${C}`),V(),p(Error(`SDK auth failed: ${d6(C)}`))}}),Z.unref(),T=setTimeout((C,g)=>{C(),g(Error("Authentication timeout"))},300000,V,p),T.unref()});X=!0,C8(q,"Completing auth flow with authorization code");let S=await gC(f,{serverUrl:K.url,authorizationCode:E,resourceMetadataUrl:J.resourceMetadataUrl});if(C8(q,`Auth result: ${S}`),S==="AUTHORIZED"){let R=await f.tokens();if(C8(q,`Tokens after auth: ${R?"Present":"Missing"}`),R)C8(q,`Token access_token length: ${R.access_token?.length}`),C8(q,`Token expires_in: ${R.expires_in}`);d("tengu_mcp_oauth_flow_success",{flowAttemptId:M,transportType:K.type,...LN(K)?{mcpServerBaseUrl:LN(K)}:{}})}else throw Error("Unexpected auth result: "+S)}catch(P){C8(q,`Error during auth completion: ${P}`);let W="unknown",D,f;if(P instanceof hU)W="cancelled";else if(X)W="token_exchange_failed";else{let G=d6(P);if(G.includes("Authentication timeout"))W="timeout";else if(G.includes("OAuth state mismatch"))W="state_mismatch";else if(G.includes("OAuth error:"))W="provider_denied";else if(G.includes("already in use")||G.includes("EADDRINUSE")||G.includes("callback server failed")||G.includes("No available port"))W="port_unavailable";else if(G.includes("SDK auth failed"))W="sdk_auth_failed"}if(P instanceof VJ){D=P.errorCode;let G=P.message.match(/^HTTP (\d{3}):/);if(G)f=Number(G[1]);if(P.errorCode==="invalid_client"&&P.message.includes("Client not found")){let Z=c3(),T=Z.read()||{},v=XM(q,K);if(T.mcpOAuth?.[v])delete T.mcpOAuth[v].clientId,delete T.mcpOAuth[v].clientSecret,Z.update(T)}}throw d("tengu_mcp_oauth_flow_error",{flowAttemptId:M,reason:W,error_code:D,http_status:f?.toString(),transportType:K.type,...LN(K)?{mcpServerBaseUrl:LN(K)}:{}}),P}}function pB1(q,K){return async(_,z)=>{let Y=await q(_,z);if(Y.status===403){let $=Y.headers.get("WWW-Authenticate");if($?.includes("insufficient_scope")){let A=$.match(/scope=(?:"([^"]+)"|([^\s,]+))/),O=A?.[1]??A?.[2];if(O)K.markStepUpPending(O)}}return Y}}class Sw6{serverName;serverConfig;redirectUri;handleRedirection;_codeVerifier;_authorizationUrl;_state;_scopes;_metadata;_refreshInProgress;_pendingStepUpScope;onAuthorizationUrlCallback;skipBrowserOpen;constructor(q,K,_=eo6(),z=!1,Y,$){this.serverName=q,this.serverConfig=K,this.redirectUri=_,this.handleRedirection=z,this.onAuthorizationUrlCallback=Y,this.skipBrowserOpen=$??!1}get redirectUrl(){return this.redirectUri}get authorizationUrl(){return this._authorizationUrl}get clientMetadata(){let q={client_name:`Claude Code (${this.serverName})`,redirect_uris:[this.redirectUri],grant_types:["authorization_code","refresh_token"],response_types:["code"],token_endpoint_auth_method:"none"},K=mB1(this._metadata);if(K)q.scope=K,C8(this.serverName,`Using scope from metadata: ${q.scope}`);return q}get clientMetadataUrl(){let q=process.env.MCP_OAUTH_CLIENT_METADATA_URL;if(q)return C8(this.serverName,`Using CIMD URL from env: ${q}`),q;return wq1}setMetadata(q){this._metadata=q}markStepUpPending(q){this._pendingStepUpScope=q,C8(this.serverName,`Marked step-up pending: ${q}`)}async state(){if(!this._state)this._state=Pwz(32).toString("base64url"),C8(this.serverName,"Generated new OAuth state");return this._state}async clientInformation(){let K=c3().read(),_=XM(this.serverName,this.serverConfig),z=K?.mcpOAuth?.[_];if(z?.clientId)return C8(this.serverName,"Found client info"),{client_id:z.clientId,client_secret:z.clientSecret};let Y=this.serverConfig.oauth?.clientId;if(Y){let $=K?.mcpOAuthClientConfig?.[_];return C8(this.serverName,"Using pre-configured client ID"),{client_id:Y,client_secret:$?.clientSecret}}C8(this.serverName,"No client info found");return}async saveClientInformation(q){let K=c3(),_=K.read()||{},z=XM(this.serverName,this.serverConfig),Y={..._,mcpOAuth:{..._.mcpOAuth,[z]:{..._.mcpOAuth?.[z],serverName:this.serverName,serverUrl:this.serverConfig.url,clientId:q.client_id,clientSecret:q.client_secret,accessToken:_.mcpOAuth?.[z]?.accessToken||"",expiresAt:_.mcpOAuth?.[z]?.expiresAt||0}}};K.update(Y)}async tokens(){let K=await c3().readAsync(),_=XM(this.serverName,this.serverConfig),z=K?.mcpOAuth?.[_];if(ir()&&this.serverConfig.oauth?.xaa&&!z?.refreshToken&&(!z?.accessToken||(z.expiresAt-Date.now())/1000<=300)){if(!this._refreshInProgress)C8(this.serverName,z?"XAA: access_token expiring, attempting silent exchange":"XAA: no access_token yet, attempting silent exchange"),this._refreshInProgress=this.xaaRefresh().finally(()=>{this._refreshInProgress=void 0});try{let w=await this._refreshInProgress;if(w)return w}catch(w){C8(this.serverName,`XAA silent exchange failed: ${d6(w)}`)}}if(!z){C8(this.serverName,"No token data found");return}let Y=(z.expiresAt-Date.now())/1000,$=z.scope?.split(" ")??[],A=this._pendingStepUpScope!==void 0&&this._pendingStepUpScope.split(" ").some((w)=>!$.includes(w));if(A)C8(this.serverName,`Step-up pending (${this._pendingStepUpScope}), omitting refresh_token`);if(Y<=0&&!z.refreshToken){C8(this.serverName,"Token expired without refresh token");return}if(Y<=300&&z.refreshToken&&!A){if(!this._refreshInProgress)C8(this.serverName,`Token expires in ${Math.floor(Y)}s, attempting proactive refresh`),this._refreshInProgress=this.refreshAuthorization(z.refreshToken).finally(()=>{this._refreshInProgress=void 0});else C8(this.serverName,"Token refresh already in progress, reusing existing promise");try{let w=await this._refreshInProgress;if(w)return C8(this.serverName,"Token refreshed successfully"),w;C8(this.serverName,"Token refresh failed, returning current tokens")}catch(w){C8(this.serverName,`Token refresh error: ${d6(w)}`)}}let O={access_token:z.accessToken,refresh_token:A?void 0:z.refreshToken,expires_in:Y,scope:z.scope,token_type:"Bearer"};return C8(this.serverName,"Returning tokens"),C8(this.serverName,`Token length: ${O.access_token?.length}`),C8(this.serverName,`Has refresh token: ${!!O.refresh_token}`),C8(this.serverName,`Expires in: ${Math.floor(Y)}s`),O}async saveTokens(q){this._pendingStepUpScope=void 0;let K=c3(),_=K.read()||{},z=XM(this.serverName,this.serverConfig);C8(this.serverName,"Saving tokens"),C8(this.serverName,`Token expires in: ${q.expires_in}`),C8(this.serverName,`Has refresh token: ${!!q.refresh_token}`);let Y={..._,mcpOAuth:{..._.mcpOAuth,[z]:{..._.mcpOAuth?.[z],serverName:this.serverName,serverUrl:this.serverConfig.url,accessToken:q.access_token,refreshToken:q.refresh_token,expiresAt:Date.now()+(q.expires_in||3600)*1000,scope:q.scope}}};K.update(Y)}async xaaRefresh(){let q=RU();if(!q)return;let K=hw6(q.issuer);if(!K){C8(this.serverName,"XAA: id_token not cached, needs interactive re-auth");return}let _=this.serverConfig.oauth?.clientId,z=Ja6(this.serverName,this.serverConfig);if(!_||!z?.clientSecret){C8(this.serverName,"XAA: missing clientId or clientSecret in config — skipping silent refresh");return}let Y=PN6(q.issuer),$;try{$=await jE8(q.issuer)}catch(A){C8(this.serverName,`XAA: OIDC discovery failed in silent refresh: ${d6(A)}`);return}try{let A=await bB1(this.serverConfig.url,{clientId:_,clientSecret:z.clientSecret,idpClientId:q.clientId,idpClientSecret:Y,idpIdToken:K,idpTokenEndpoint:$.token_endpoint},this.serverName),O=c3(),w=O.read()||{},j=XM(this.serverName,this.serverConfig),H=w.mcpOAuth?.[j];return O.update({...w,mcpOAuth:{...w.mcpOAuth,[j]:{...H,serverName:this.serverName,serverUrl:this.serverConfig.url,accessToken:A.access_token,refreshToken:A.refresh_token??H?.refreshToken,expiresAt:Date.now()+(A.expires_in||3600)*1000,scope:A.scope,clientId:_,clientSecret:z.clientSecret,discoveryState:{authorizationServerUrl:A.authorizationServerUrl}}}}),{access_token:A.access_token,token_type:"Bearer",expires_in:A.expires_in,scope:A.scope,refresh_token:A.refresh_token}}catch(A){if(A instanceof nr&&A.shouldClearIdToken)mq6(q.issuer),C8(this.serverName,"XAA: cleared id_token after exchange failure");throw A}}async redirectToAuthorization(q){this._authorizationUrl=q.toString();let K=q.searchParams.get("scope");if(C8(this.serverName,`Authorization URL: ${mR4(q.toString())}`),C8(this.serverName,`Scopes in URL: ${K||"NOT FOUND"}`),K)this._scopes=K,C8(this.serverName,`Captured scopes from authorization URL: ${K}`);else{let Y=mB1(this._metadata);if(Y)this._scopes=Y,C8(this.serverName,`Using scopes from metadata: ${Y}`);else C8(this.serverName,"No scopes available from URL or metadata")}if(this._scopes&&!this.handleRedirection){let Y=c3(),$=Y.read()||{},A=XM(this.serverName,this.serverConfig),O=$.mcpOAuth?.[A];if(O)O.stepUpScope=this._scopes,Y.update($),C8(this.serverName,`Persisted step-up scope: ${this._scopes}`)}if(!this.handleRedirection){C8(this.serverName,"Redirection handling is disabled, skipping redirect");return}let _=q.toString();if(!_.startsWith("http://")&&!_.startsWith("https://"))throw Error("Invalid authorization URL: must use http:// or https:// scheme");C8(this.serverName,"Redirecting to authorization URL");let z=mR4(_);if(C8(this.serverName,`Authorization URL: ${z}`),this.onAuthorizationUrlCallback)this.onAuthorizationUrlCallback(_);if(!this.skipBrowserOpen){if(C8(this.serverName,`Opening authorization URL: ${z}`),!await m3(_))C8(this.serverName,"Browser didn't open automatically. URL is shown in UI.")}else C8(this.serverName,`Skipping browser open (skipBrowserOpen=true). URL: ${z}`)}async saveCodeVerifier(q){C8(this.serverName,"Saving code verifier"),this._codeVerifier=q}async codeVerifier(){if(!this._codeVerifier)throw C8(this.serverName,"No code verifier saved"),Error("No code verifier saved");return C8(this.serverName,"Returning code verifier"),this._codeVerifier}async invalidateCredentials(q){let K=c3(),_=K.read();if(!_?.mcpOAuth)return;let z=XM(this.serverName,this.serverConfig),Y=_.mcpOAuth[z];if(!Y)return;switch(q){case"all":delete _.mcpOAuth[z];break;case"client":Y.clientId=void 0,Y.clientSecret=void 0;break;case"tokens":Y.accessToken="",Y.refreshToken=void 0,Y.expiresAt=0;break;case"verifier":this._codeVerifier=void 0;return;case"discovery":Y.discoveryState=void 0,Y.stepUpScope=void 0;break}K.update(_),C8(this.serverName,`Invalidated credentials (scope: ${q})`)}async saveDiscoveryState(q){let K=c3(),_=K.read()||{},z=XM(this.serverName,this.serverConfig);C8(this.serverName,`Saving discovery state (authServer: ${q.authorizationServerUrl})`);let Y={..._,mcpOAuth:{..._.mcpOAuth,[z]:{..._.mcpOAuth?.[z],serverName:this.serverName,serverUrl:this.serverConfig.url,accessToken:_.mcpOAuth?.[z]?.accessToken||"",expiresAt:_.mcpOAuth?.[z]?.expiresAt||0,discoveryState:{authorizationServerUrl:q.authorizationServerUrl,resourceMetadataUrl:q.resourceMetadataUrl}}}};K.update(Y)}async discoveryState(){let K=c3().read(),_=XM(this.serverName,this.serverConfig),z=K?.mcpOAuth?.[_]?.discoveryState;if(z?.authorizationServerUrl)return C8(this.serverName,`Returning cached discovery state (authServer: ${z.authorizationServerUrl})`),{authorizationServerUrl:z.authorizationServerUrl,resourceMetadataUrl:z.resourceMetadataUrl,resourceMetadata:z.resourceMetadata,authorizationServerMetadata:z.authorizationServerMetadata};let Y=this.serverConfig.oauth?.authServerMetadataUrl;if(Y){C8(this.serverName,`Fetching metadata from configured URL: ${Y}`);try{let $=await JE8(this.serverName,this.serverConfig.url,Y);if($)return{authorizationServerUrl:$.issuer,authorizationServerMetadata:$}}catch($){C8(this.serverName,`Failed to fetch from configured metadata URL: ${d6($)}`)}}return}async refreshAuthorization(q){let K=XM(this.serverName,this.serverConfig),_=c1();await Dwz(_,{recursive:!0});let z=K.replace(/[^a-zA-Z0-9]/g,"_"),Y=Zwz(_,`mcp-refresh-${z}.lock`),$;for(let A=0;A<IB1;A++)try{C8(this.serverName,`Acquiring refresh lock (attempt ${A+1})`),$=await PJ(Y,{realpath:!1,onCompromised:()=>{C8(this.serverName,"Refresh lock was compromised")}}),C8(this.serverName,"Acquired refresh lock");break}catch(O){let w=s1(O);if(w==="ELOCKED"){C8(this.serverName,`Refresh lock held by another process, waiting (attempt ${A+1}/${IB1})`),await R7(1000+Math.random()*1000);continue}C8(this.serverName,`Failed to acquire refresh lock: ${w}, proceeding without lock`);break}if(!$)C8(this.serverName,`Could not acquire refresh lock after ${IB1} retries, proceeding without lock`);try{ZV();let w=c3().read()?.mcpOAuth?.[K];if(w){let j=(w.expiresAt-Date.now())/1000;if(j>300)return C8(this.serverName,`Another process already refreshed tokens (expires in ${Math.floor(j)}s)`),{access_token:w.accessToken,refresh_token:w.refreshToken,expires_in:j,scope:w.scope,token_type:"Bearer"};if(w.refreshToken)q=w.refreshToken}return await this._doRefresh(q)}finally{if($)try{await $(),C8(this.serverName,"Released refresh lock")}catch{C8(this.serverName,"Failed to release refresh lock")}}}async _doRefresh(q){let _=LN(this.serverConfig),z=(Y,$)=>{d(Y==="success"?"tengu_mcp_oauth_refresh_success":"tengu_mcp_oauth_refresh_failure",{transportType:this.serverConfig.type,..._?{mcpServerBaseUrl:_}:{},...$?{reason:$}:{}})};for(let Y=1;Y<=3;Y++)try{C8(this.serverName,"Starting token refresh");let $=gR4(),A=this._metadata;if(!A){let j=await this.discoveryState();if(j?.authorizationServerMetadata)C8(this.serverName,"Using persisted auth server metadata for refresh"),A=j.authorizationServerMetadata;else if(j?.authorizationServerUrl)C8(this.serverName,`Re-discovering metadata from persisted auth server URL: ${j.authorizationServerUrl}`),A=await Ww6(j.authorizationServerUrl,{fetchFn:$})}if(!A)A=await JE8(this.serverName,this.serverConfig.url,this.serverConfig.oauth?.authServerMetadataUrl,$);if(!A){C8(this.serverName,"Failed to discover OAuth metadata"),z("failure","metadata_discovery_failed");return}this._metadata=A;let O=await this.clientInformation();if(!O){C8(this.serverName,"No client information available"),z("failure","no_client_info");return}let w=await Qp1(new URL(this.serverConfig.url),{metadata:A,clientInformation:O,refreshToken:q,resource:new URL(this.serverConfig.url),fetchFn:$});if(w)return C8(this.serverName,"Token refresh successful"),await this.saveTokens(w),z("success"),w;C8(this.serverName,"Token refresh returned no tokens"),z("failure","no_tokens_returned");return}catch($){if($ instanceof yq6){C8(this.serverName,`Token refresh failed with invalid_grant: ${$.message}`),ZV();let J=c3().read(),M=XM(this.serverName,this.serverConfig),X=J?.mcpOAuth?.[M];if(X){let P=(X.expiresAt-Date.now())/1000;if(P>300)return C8(this.serverName,"Another process refreshed tokens, using those"),{access_token:X.accessToken,refresh_token:X.refreshToken,expires_in:P,scope:X.scope,token_type:"Bearer"}}C8(this.serverName,"No valid tokens in storage, clearing stored tokens"),await this.invalidateCredentials("tokens"),z("failure","invalid_grant");return}let A=$ instanceof Error&&/timeout|timed out|etimedout|econnreset/i.test($.message),O=$ instanceof VU||$ instanceof iV6||$ instanceof rV6,w=A||O;if(!w||Y>=3){C8(this.serverName,`Token refresh failed: ${d6($)}`),z("failure",w?"transient_retries_exhausted":"request_failed");return}let j=1000*Math.pow(2,Y-1);C8(this.serverName,`Token refresh failed, retrying in ${j}ms (attempt ${Y}/3)`),await R7(j)}return}}async function ja6(){let q=process.env.MCP_CLIENT_SECRET;if(q)return q;if(!process.stdin.isTTY)throw Error("No TTY available to prompt for client secret. Set MCP_CLIENT_SECRET env var instead.");return new Promise((K,_)=>{process.stderr.write("Enter OAuth client secret: "),process.stdin.setRawMode?.(!0);let z="",Y=($)=>{let A=$.toString();if(A===`
1789`||A==="\r")process.stdin.setRawMode?.(!1),process.stdin.removeListener("data",Y),process.stderr.write(`
1790`),K(z);else if(A==="\x03")process.stdin.setRawMode?.(!1),process.stdin.removeListener("data",Y),_(Error("Cancelled"));else if(A===""||A==="\b")z=z.slice(0,-1);else z+=A};process.stdin.on("data",Y)})}function Ha6(q,K,_){let z=c3(),Y=z.read()||{},$=XM(q,K);z.update({...Y,mcpOAuthClientConfig:{...Y.mcpOAuthClientConfig,[$]:{clientSecret:_}}})}function UR4(q,K){let _=c3(),z=_.read();if(!z?.mcpOAuthClientConfig)return;let Y=XM(q,K);if(z.mcpOAuthClientConfig[Y])delete z.mcpOAuthClientConfig[Y],_.update(z)}function Ja6(q,K){let z=c3().read(),Y=XM(q,K);return z?.mcpOAuthClientConfig?.[Y]}function mB1(q){if(!q)return;if("scope"in q&&typeof q.scope==="string")return q.scope;if("default_scope"in q&&typeof q.default_scope==="string")return q.default_scope;if(q.scopes_supported&&Array.isArray(q.scopes_supported))return q.scopes_supported.join(" ");return}var uB1,Twz=30000,IB1=5,vwz,kwz,hU;var or=y(()=>{Dw6();xp1();mo6();CK();H3();hH();m8();y8();E8();vK();$16();xz6();l8();k8();GB1();NJ();SR4();Oa6();uB1=O6(fB1(),1),vwz=["state","nonce","code_challenge","code_verifier","code"];kwz=new Set(["invalid_refresh_token","expired_refresh_token","token_expired"]);hU=class hU extends Error{constructor(){super("Authentication was cancelled");this.name="AuthenticationCancelledError"}}});function ywz(q){if("url"in q)return q.url;return}function BB1(q,K){let _=ywz(K),z=K.type??"stdio",Y=_?`${z} at ${_}`:z,$=`The \`${q}\` MCP server (${Y}) is installed but requires authentication. `+"Call this tool to start the OAuth flow — you'll receive an authorization URL to share with the user. "+"Once the user completes authorization in their browser, the server's real tools will become available automatically.";return{name:G_6(q,"authenticate"),isMcp:!0,mcpInfo:{serverName:q,toolName:"authenticate"},isEnabled:()=>!0,isConcurrencySafe:()=>!1,isReadOnly:()=>!1,toAutoClassifierInput:()=>q,userFacingName:()=>`${q} - authenticate (MCP)`,maxResultSizeChars:1e4,renderToolUseMessage:()=>`Authenticate ${q} MCP server`,async description(){return $},async prompt(){return $},get inputSchema(){return Nwz()},async checkPermissions(A){return{behavior:"allow",updatedInput:A}},async call(A,O){if(K.type==="claudeai-proxy")return{data:{status:"unsupported",message:`This is a claude.ai MCP connector. Ask the user to run /mcp and select "${q}" to authenticate.`}};if(K.type!=="sse"&&K.type!=="http")return{data:{status:"unsupported",message:`Server "${q}" uses ${z} transport which does not support OAuth from this tool. Ask the user to run /mcp and authenticate manually.`}};let w=K,j,H=new Promise((P)=>{j=P}),J=new AbortController,{setAppState:M}=O,X=pq6(q,w,(P)=>j?.(P),J.signal,{skipBrowserOpen:!0});X.then(async()=>{qE8();let P=await qm(q,K),W=kE(q);M((D)=>({...D,mcp:{...D.mcp,clients:D.mcp.clients.map((f)=>f.name===q?P.client:f),tools:[...D0(D.mcp.tools,(f)=>f.name?.startsWith(W)),...P.tools],commands:[...D0(D.mcp.commands,(f)=>f.name?.startsWith(W)),...P.commands],resources:P.resources?{...D.mcp.resources,[q]:P.resources}:D.mcp.resources}})),C8(q,`OAuth complete, reconnected with ${P.tools.length} tool(s)`)}).catch((P)=>{Qz(q,`OAuth flow failed after tool-triggered start: ${d6(P)}`)});try{let P=await Promise.race([H,X.then(()=>null)]);if(P)return{data:{status:"auth_url",authUrl:P,message:`Ask the user to open this URL in their browser to authorize the ${q} MCP server:

Callers 1

refreshAuthorizationMethod · 0.95

Calls 15

discoveryStateMethod · 0.95
clientInformationMethod · 0.95
saveTokensMethod · 0.95
invalidateCredentialsMethod · 0.95
LNFunction · 0.85
C8Function · 0.85
gR4Function · 0.85
Ww6Function · 0.85
JE8Function · 0.85
Qp1Function · 0.85
ZVFunction · 0.85
c3Function · 0.85

Tested by

no test coverage detected