kontext-dev-sdk 0.2.1

# Kontext SDK (Rust)

Secure credentials for AI agents.

## Install

```toml
[dependencies]
kontext-dev-sdk = "0.2.0"
tokio = { version = "1", features = ["macros", "rt-multi-thread"] }
```

## Minimal Config (DX-first)

`KontextDevConfig.server` now defaults to `https://api.kontext.dev` during deserialization, so practical setup can be as small as `client_id + redirect_uri`.

```rust
use kontext_dev_sdk::KontextDevConfig;

let cfg: KontextDevConfig = serde_json::from_value(serde_json::json!({
  "client_id": "app_xxx",
  "redirect_uri": "http://localhost:3000/callback"
}))?;

assert_eq!(cfg.server, "https://api.kontext.dev");
```

## Quickstart (Orchestrator / Mixed Mode)

```rust
use kontext_dev_sdk::{
    create_kontext_orchestrator,
    KontextClientConfig,
};

#[tokio::main]
async fn main() -> Result<(), kontext_dev_sdk::KontextDevError> {
    let client = create_kontext_orchestrator(KontextClientConfig {
        client_session_id: "my-terminal-session-id".to_string(),
        client_id: "your-application-client-id".to_string(),
        redirect_uri: "http://localhost:3000/callback".to_string(),
        url: None,
        server_url: None, // defaults to https://api.kontext.dev
        client_secret: None,
        scope: Some("".to_string()),
        resource: Some("mcp-gateway".to_string()),
        integration_ui_url: Some("https://app.kontext.dev".to_string()),
        integration_return_to: None,
        auth_timeout_seconds: Some(300),
        token_cache_path: None,
    });

    client.connect().await?;
    let tools = client.tools_list().await?;
    println!("loaded {} tools", tools.len());
    Ok(())
}
```

## TS Surface Parity Modules

- `kontext_dev_sdk::client`
- `kontext_dev_sdk::orchestrator`
- `kontext_dev_sdk::mcp`
- `kontext_dev_sdk::oauth`
- `kontext_dev_sdk::management`
- `kontext_dev_sdk::server`
- `kontext_dev_sdk::verify`
- `kontext_dev_sdk::errors`

## Runtime/Behavior Notes (0.2.0)

- New-schema config only (`server`, `client_id`, optional `client_secret`, `scope`, `resource`, `server_name`, `auth_timeout_seconds`, `open_connect_page_on_login`, `integration_ui_url`, `integration_return_to`, `token_cache_path`, `redirect_uri`).
- Unknown config fields are rejected (`deny_unknown_fields`).
- Legacy URL/access-key compatibility paths remain removed.
- Mixed-mode orchestrator now merges gateway and internal integration tool inventories with deterministic routing semantics.
- Runtime integration `connectType` now supports `user_token` in addition to `oauth`, `credentials`, and `none`.