Add web platform support and pana CI validation (#49)

- Fix dart:io dependency blocking web compilation
- Add platform-specific logging implementations (logging_io.dart, logging_web.dart)
- Use conditional imports for cross-platform compatibility
- Add comprehensive logging tests (5 new test cases)
- Integrate pana analysis in CI with 160/160 score requirement
- Use JSON output for reliable pana score parsing
- Format example files for consistency
- Version bump to 1.0.2

Fixes web support for all platforms (iOS, Android, Web, Windows, macOS, Linux)
Achieves perfect 160/160 pana score with WASM compatibility

Author: leehack

.github/workflows/test.yml

@@ -30,6 +30,24 @@ jobs:
       - name: Validate package for publishing
         run: dart pub publish --dry-run
 
+      - name: Run pana (package analysis)
+        run: |
+          dart pub global activate pana
+          dart pub global run pana --json --no-warning --exit-code-threshold 0 > pana_output.json
+          # Filter out log lines and extract scores from the summary
+          RESULT=$(cat pana_output.json | grep -v '^{"logName"')
+          SCORE=$(echo "$RESULT" | grep -o '"grantedPoints": *[0-9]*' | tail -1 | grep -o '[0-9]*$')
+          MAX_POINTS=$(echo "$RESULT" | grep -o '"maxPoints": *[0-9]*' | tail -1 | grep -o '[0-9]*$')
+          echo "Pana score: $SCORE/$MAX_POINTS"
+          if [ "$SCORE" != "160" ] || [ "$MAX_POINTS" != "160" ]; then
+            echo "Error: Package score is $SCORE/$MAX_POINTS. Required: 160/160"
+            echo ""
+            echo "Detailed report:"
+            dart pub global run pana --no-warning
+            exit 1
+          fi
+          echo "✓ Package achieves perfect 160/160 score"
+
       - name: Upload coverage to Codecov
         uses: codecov/codecov-action@v5
         with:

CHANGELOG.md

@@ -1,3 +1,8 @@
+## 1.0.2
+
+- Fix pana analysis issues
+- Fix Web support for StreamableHTTP client
+
 ## 1.0.1
 
 - Fix Documentation links in README.md

example/authentication/github_pat_example.dart

@@ -72,7 +72,8 @@ Future<void> main(List<String> args) async {
     print('  dart run example/authentication/github_pat_example.dart');
     print('');
     print('Method 2 - Command Line Argument:');
-    print('  dart run example/authentication/github_pat_example.dart your_token_here');
+    print(
+        '  dart run example/authentication/github_pat_example.dart your_token_here');
     print('');
     print('To create a GitHub PAT:');
     print('  1. Visit: https://github.com/settings/tokens');
@@ -191,13 +192,16 @@ Future<void> main(List<String> args) async {
       print('');
       print('Troubleshooting:');
       print('  1. Verify your token is correct');
-      print('  2. Check token has required scopes: repo, read:packages, read:org');
+      print(
+          '  2. Check token has required scopes: repo, read:packages, read:org');
       print('  3. Ensure token has not expired');
       print('  4. Create a new token at: https://github.com/settings/tokens');
-    } else if (e.toString().contains('404') || e.toString().contains('Not Found')) {
+    } else if (e.toString().contains('404') ||
+        e.toString().contains('Not Found')) {
       print('The GitHub MCP server endpoint may not be available.');
       print('Verify the URL: https://api.githubcopilot.com/mcp/');
-    } else if (e.toString().contains('network') || e.toString().contains('connection')) {
+    } else if (e.toString().contains('network') ||
+        e.toString().contains('connection')) {
       print('Network connection issue. Check your internet connection.');
     }
 

example/authentication/oauth_client_example.dart

@@ -28,6 +28,7 @@ class OAuthConfig {
   final Uri tokenEndpoint;
   final List<String> scopes;
   final Uri redirectUri;
+
   /// MCP server URI for resource parameter (audience validation)
   final String serverUri;
 
@@ -125,7 +126,8 @@ class OAuth2Provider implements OAuthClientProvider {
         'scope': config.scopes.join(' '),
         'state': state,
         'code_challenge': codeChallenge, // PKCE parameter
-        'code_challenge_method': 'plain', // Using plain for demo (use S256 in production)
+        'code_challenge_method':
+            'plain', // Using plain for demo (use S256 in production)
       },
     );
 
@@ -198,7 +200,8 @@ class OAuth2Provider implements OAuthClientProvider {
       // Retrieve stored code verifier
       final codeVerifier = await storage.getCodeVerifier();
       if (codeVerifier == null) {
-        throw Exception('Code verifier not found. Complete authorization flow first.');
+        throw Exception(
+            'Code verifier not found. Complete authorization flow first.');
       }
 
       final body = {

example/authentication/oauth_server_example.dart

@@ -114,11 +114,14 @@ class OAuthServerConfig {
   final Uri tokenEndpoint;
   final Uri userInfoEndpoint;
   final List<String> requiredScopes;
+
   /// Canonical server URI for resource parameter and audience validation
   /// Must be HTTPS and match the actual server URI
   final String serverUri;
+
   /// Authorization server metadata endpoint
   final Uri? authServerMetadataEndpoint;
+
   /// Allowed redirect URIs for validation
   final List<String> allowedRedirectUris;
 
@@ -168,8 +171,8 @@ class OAuthServerConfig {
           Uri.parse('https://www.googleapis.com/oauth2/v2/userinfo'),
       requiredScopes: requiredScopes,
       serverUri: serverUri,
-      authServerMetadataEndpoint:
-          Uri.parse('https://accounts.google.com/.well-known/openid-configuration'),
+      authServerMetadataEndpoint: Uri.parse(
+          'https://accounts.google.com/.well-known/openid-configuration'),
       allowedRedirectUris: allowedRedirectUris,
     );
   }
@@ -193,11 +196,13 @@ class OAuthTokenInfo {
 
   bool get isExpired => DateTime.now().isAfter(expiresAt);
 
-  String get userId => userInfo['id']?.toString() ?? userInfo['sub']?.toString() ?? 'unknown';
-  String get username => userInfo['login']?.toString() ??
-                        userInfo['name']?.toString() ??
-                        userInfo['email']?.toString() ??
-                        'unknown';
+  String get userId =>
+      userInfo['id']?.toString() ?? userInfo['sub']?.toString() ?? 'unknown';
+  String get username =>
+      userInfo['login']?.toString() ??
+      userInfo['name']?.toString() ??
+      userInfo['email']?.toString() ??
+      'unknown';
 }
 
 /// OAuth validator for MCP servers
@@ -362,7 +367,8 @@ class OAuthServerValidator {
         'redirect_uri': redirectUri,
         'grant_type': 'authorization_code',
         'code_verifier': codeVerifier, // PKCE requirement
-        'resource': config.serverUri, // MCP spec requirement for audience validation
+        'resource':
+            config.serverUri, // MCP spec requirement for audience validation
       };
 
       final response = await http.post(
@@ -574,7 +580,8 @@ class OAuthServerTransport implements Transport {
       _sessionTokens[sessionId] = tokenInfo;
     }
 
-    print('✓ Authenticated request from ${tokenInfo.username} (${tokenInfo.userId})');
+    print(
+        '✓ Authenticated request from ${tokenInfo.username} (${tokenInfo.userId})');
 
     // Forward to inner transport
     await _innerTransport.handleRequest(req, parsedBody);
@@ -839,7 +846,8 @@ Future<void> main(List<String> args) async {
       print('    -out server_cert.pem -days 365 -nodes \\');
       print('    -subj "/CN=localhost"');
       print('');
-      print('For production, use a reverse proxy with proper TLS certificates.');
+      print(
+          'For production, use a reverse proxy with proper TLS certificates.');
       print('Falling back to HTTP mode...');
       print('');
       httpServer = await HttpServer.bind(host, port);
@@ -857,12 +865,14 @@ Future<void> main(List<String> args) async {
   print('  ✅ Token audience validation');
   print('  ✅ Redirect URI validation');
   print('  ✅ OAuth metadata discovery');
-  print('  ${useHttps ? "✅" : "⚠️ "} HTTPS ${useHttps ? "enabled" : "not enabled (use --https)"}');
+  print(
+      '  ${useHttps ? "✅" : "⚠️ "} HTTPS ${useHttps ? "enabled" : "not enabled (use --https)"}');
   print('');
   print('Usage:');
   print('  1. Obtain OAuth access token from provider');
   print('  2. Make requests with: Authorization: Bearer <token>');
-  print('  3. Access metadata: GET $serverUri/.well-known/oauth-authorization-server');
+  print(
+      '  3. Access metadata: GET $serverUri/.well-known/oauth-authorization-server');
   print('');
   print('Server running. Press Ctrl+C to stop.\n');
 
@@ -971,8 +981,8 @@ Future<void> main(List<String> args) async {
     } catch (e) {
       print('Error handling request: $e');
       if (!request.response.headers.contentType
-              .toString()
-              .contains('event-stream')) {
+          .toString()
+          .contains('event-stream')) {
         request.response
           ..statusCode = HttpStatus.internalServerError
           ..write('Internal server error');

example/completions_capability_demo.dart

@@ -113,7 +113,12 @@ void main() async {
           def: CompletableDef(
             complete: (value) async {
               // Provide style completions
-              return ['concise', 'detailed', 'security-focused', 'performance-focused'];
+              return [
+                'concise',
+                'detailed',
+                'security-focused',
+                'performance-focused'
+              ];
             },
           ),
         ),
@@ -128,7 +133,8 @@ void main() async {
           PromptMessage(
             role: PromptMessageRole.user,
             content: TextContent(
-              text: 'Please provide a $style code review for $language code:\n\n'
+              text:
+                  'Please provide a $style code review for $language code:\n\n'
                   '(This is where the code would be inserted)',
             ),
           ),

example/elicitation_http_server.dart

@@ -236,7 +236,9 @@ Newsletter: ${newsletter ? 'Yes' : 'No'}''',
         );
 
         final description = descriptionResult.accepted &&
-                (descriptionResult.content?['description'] as String? ?? '').toLowerCase() != 'skip'
+                (descriptionResult.content?['description'] as String? ?? '')
+                        .toLowerCase() !=
+                    'skip'
             ? (descriptionResult.content?['description'] as String? ?? '')
             : '';
 
@@ -483,7 +485,9 @@ Duration: $duration minutes''',
         );
 
         final phone = phoneResult.accepted &&
-                (phoneResult.content?['phone'] as String? ?? '').toLowerCase() != 'skip'
+                (phoneResult.content?['phone'] as String? ?? '')
+                        .toLowerCase() !=
+                    'skip'
             ? (phoneResult.content?['phone'] as String? ?? '')
             : '';
 

lib/src/shared/logging.dart

@@ -1,4 +1,4 @@
-import 'dart:io';
+import 'logging_io.dart' if (dart.library.js_interop) 'logging_web.dart';
 
 enum LogLevel { debug, info, warn, error }
 
@@ -23,7 +23,7 @@ final class Logger {
     LogLevel level,
     String message,
   ) {
-    stderr.writeln("[${level.name.toUpperCase()}][$loggerName] $message");
+    writeLog("[${level.name.toUpperCase()}][$loggerName] $message");
   }
 
   void log(LogLevel level, String message) {

lib/src/shared/logging_io.dart

@@ -0,0 +1,5 @@
+import 'dart:io';
+
+void writeLog(String message) {
+  stderr.writeln(message);
+}

lib/src/shared/logging_web.dart

@@ -0,0 +1,6 @@
+// ignore_for_file: avoid_print
+
+void writeLog(String message) {
+  // Use print for web - it goes to console
+  print(message);
+}