From f70b70d035620416aafb64349531fd2a20dee3cb Mon Sep 17 00:00:00 2001
From: "victor.delarosa" <1938685+vdlr@users.noreply.github.com>
Date: Fri, 13 Feb 2026 11:01:01 +0100
Subject: [PATCH 1/2] release 1.2.4 update MCP Setup
 xygeni/product-backlog#4222

---
 .github/workflows/build-test-publish.yml |   2 +-
 CHANGELOG.md                             |   5 +
 README.md                                |   1 +
 package.json                             |   2 +-
 src/xygeni/common/commands.ts            |   7 +-
 src/xygeni/service/installer.ts          |   6 +-
 src/xygeni/views/mcp-setup-view.ts       | 166 +++++++++++++++--------
 7 files changed, 121 insertions(+), 68 deletions(-)

diff --git a/.github/workflows/build-test-publish.yml b/.github/workflows/build-test-publish.yml
index c2b3b84..3d2303b 100644
--- a/.github/workflows/build-test-publish.yml
+++ b/.github/workflows/build-test-publish.yml
@@ -31,7 +31,7 @@ jobs:
       - name: Upload extension artifact
         uses: actions/upload-artifact@v4
         with:
-          name: extension-vsix
+          name: xygeni-scanner-vscode
           path: "*.vsix"
 
       - uses: trstringer/manual-approval@v1
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 37ee265..f79cf0f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -26,3 +26,8 @@
 ## [1.2.3]
 
 - Fix scanner compatibility with asdf CLI manager
+- Remove deprecate install.sh usage
+
+## [1.2.4]
+
+- Update MCP Setup to use current XYGENI_TOKEN
\ No newline at end of file
diff --git a/README.md b/README.md
index 83166f1..342e1bd 100644
--- a/README.md
+++ b/README.md
@@ -22,6 +22,7 @@ Xygeni Security Scanner is a powerful extension that brings comprehensive securi
 - **In-Editor Issue Highlighting:** View security findings directly in your code, making it easy to pinpoint and fix issues.
 - **Detailed Vulnerability Information:** Get rich details for each identified issue, including severity, description, and remediation guidance.
 - **Proxy Support:** Configure the extension to work with your corporate proxy.
+- **MCP Setup:** Generate ready-to-use MCP server configuration from the extension to connect Xygeni security tools to MCP-compatible AI assistants.
 
 ## Installation
 
diff --git a/package.json b/package.json
index a44b0d6..00e068d 100644
--- a/package.json
+++ b/package.json
@@ -5,7 +5,7 @@
   "publisher": "xygeni-security",
   "license": "MIT",
   "icon": "media/images/logo_xy.png",
-  "version": "1.2.3",
+  "version": "1.2.4",
   "engines": {
     "vscode": "^1.99.2"
   },
diff --git a/src/xygeni/common/commands.ts b/src/xygeni/common/commands.ts
index 6e60cea..0c844a1 100644
--- a/src/xygeni/common/commands.ts
+++ b/src/xygeni/common/commands.ts
@@ -201,8 +201,11 @@ export class CommandsImpl implements Commands, ScanViewEmitter, IssueViewEmitter
       this.connectionReady();
 
       if (!override && await InstallerService.getInstance().isScannerInstalled()) {
-        Logger.log('=== Xygeni Scanner already installed ===');
+        Logger.log('=== Xygeni Scanner already installed. ===');
         this.installerOk();
+        this.setMcpLibraryInstalled();
+        Logger.log(`=== MCP Library is ready. Check Xygeni MCP Setup to configure it. ===`);
+        
         return Promise.resolve();
       }
 
@@ -413,7 +416,7 @@ export class CommandsImpl implements Commands, ScanViewEmitter, IssueViewEmitter
   }
 
   showMcpSetupView() {
-    McpSetupView.showMcpSetup(this);
+    void McpSetupView.showMcpSetup(this);
   }
 
   openDiffViewCommand(uri: string, tempFile: string): void {
diff --git a/src/xygeni/service/installer.ts b/src/xygeni/service/installer.ts
index c26926a..d8afea0 100644
--- a/src/xygeni/service/installer.ts
+++ b/src/xygeni/service/installer.ts
@@ -190,10 +190,8 @@ export default class InstallerService {
 
         // remove installPath if exists, force fresh install
         if (fs.existsSync(this.mcpLibraryPath)) {
-            this.logger.log(`  MCP Library already exist at: ${installMcpPath}`);
-            this.logger.log(`   Check Xygeni MCP Setup to configure it.`);
-            this.logger.log("============================================================");
-            return Promise.resolve();
+            this.logger.log(`  Removing existing installation at: ${this.mcpLibraryPath}`);
+            fs.rmSync(this.mcpLibraryPath, { recursive: true, force: true });
         }
         // create folder if not yet
         if (!fs.existsSync(installMcpPath)){
diff --git a/src/xygeni/views/mcp-setup-view.ts b/src/xygeni/views/mcp-setup-view.ts
index 767058b..4301269 100644
--- a/src/xygeni/views/mcp-setup-view.ts
+++ b/src/xygeni/views/mcp-setup-view.ts
@@ -1,6 +1,7 @@
+import * as fs from 'fs';
+import * as path from 'path';
 import * as vscode from 'vscode';
-import { Commands } from "../common/interfaces";
-import path from 'path';
+import { Commands } from '../common/interfaces';
 import { Logger } from '../common/logger';
 
 export class McpSetupView {
@@ -8,7 +9,7 @@ export class McpSetupView {
 
   private static panel: vscode.WebviewPanel | undefined;
 
-  public static showMcpSetup(commands: Commands): void {
+  public static async showMcpSetup(commands: Commands): Promise<void> {
     if (this.panel) {
       this.panel.reveal(vscode.ViewColumn.Two);
     } else {
@@ -32,12 +33,49 @@ export class McpSetupView {
       };
     }
 
+    const panel = this.panel;
+    if (!panel) {
+      return;
+    }
+
     const nonce = this.getNonce();
-    const mcpLibraryPath = commands.getMcpLibraryPath();
+    const configuredMcpLibraryPath = commands.getMcpLibraryPath();
+    const fallbackMcpLibraryPath = path.join(commands.getExtensionPath(), '.xygeni-mcp', 'xygeni-mcp-server.jar');
+    const mcpLibraryPath = configuredMcpLibraryPath || (fs.existsSync(fallbackMcpLibraryPath) ? fallbackMcpLibraryPath : undefined);
     const isMcpLibraryInstalled = mcpLibraryPath !== undefined;
     const scannerInstallDirectory = commands.getScannerInstallationDir();
     const scannerInstalled = commands.isInstallReady();
     const javaHome = process.env.JAVA_HOME || '$JAVA_HOME';
+    const savedToken = await commands.getToken();
+    if (this.panel !== panel) {
+      return;
+    }
+    const xygeniToken = savedToken || '$XYGENI_TOKEN';
+
+    const serverName = 'xygeni-mcp-server';
+    const jarPath = mcpLibraryPath || '$XYGENI_MCP_SERVER_JAR';
+    const scannerPathArg = `--scannerPath=${scannerInstallDirectory}`;
+
+    const jsonConfig = JSON.stringify({
+      servers: {
+        [serverName]: {
+          timeout: 60,
+          type: 'stdio',
+          command: 'java',
+          args: [
+            '-jar',
+            jarPath,
+            scannerPathArg
+          ],
+          env: {
+            JAVA_HOME: javaHome,
+            XYGENI_TOKEN: xygeniToken
+          }
+        }
+      }
+    }, null, 2);
+
+    const tomlConfig = this.buildTomlConfig(serverName, jarPath, scannerPathArg, javaHome, xygeniToken);
 
     // Auto-import the MCP documentation
     this.loadMcpDocumentation();
@@ -48,7 +86,7 @@ export class McpSetupView {
         <meta charset="UTF-8">
         <meta name="viewport" content="width=device-width, initial-scale=1.0">
         <title>Xygeni MCP Server Setup Guide</title>
-        <meta http-equiv="Content-Security-Policy" content="default-src 'none'; script-src 'nonce-${nonce}'; img-src ${this.panel.webview.cspSource}; style-src 'nonce-${nonce}'; font-src https://fonts.gstatic.com;">
+        <meta http-equiv="Content-Security-Policy" content="default-src 'none'; script-src 'nonce-${nonce}'; img-src ${panel.webview.cspSource}; style-src 'nonce-${nonce}'; font-src https://fonts.gstatic.com;">
         <style nonce="${nonce}">
             body {
                 font-family: var(--vscode-font-family);
@@ -178,31 +216,23 @@ export class McpSetupView {
                 <strong>Note:</strong> The Xygeni scanner JAR is automatically downloaded when you install the scanner.
             </div>
 
+            <div class="warning">
+                ${savedToken
+                  ? '<strong>Security note:</strong> The following examples include your current <code>XYGENI_TOKEN</code> in clear text under <code>servers.env</code>. Keep this file private.'
+                  : '<strong>Warning:</strong> No token is currently stored in Xygeni settings. Replace <code>$XYGENI_TOKEN</code> with your real token before using the config.'}
+            </div>
+
             <div class="step">
                 <div class="step-number">Step 1: Create MCP Server Configuration</div>
-                <p>Create a new MCP server configuration file. Here's an example configuration:</p>
-
-                <div class="code-block"><pre>
-{
-  "servers": {
-    "xygeni-mcp-server": {
-      "timeout": 60,
-      "type": "stdio",
-      "command": "java",
-      "args": [
-        "-jar",
-        "${mcpLibraryPath}",
-        "--scannerPath=${scannerInstallDirectory}"
-      ],
-      "env": {
-        "JAVA_HOME": "${javaHome}"
-      }
-    }
-  }
-}
-  </pre>
-                </div>
-                <button class="copy-button" onclick="copyToClipboard(this.previousElementSibling.textContent)">Copy Config</button>
+                <p>Create a new MCP server configuration file. Use JSON or TOML depending on your MCP client:</p>
+
+                <h3>JSON</h3>
+                <div class="code-block"><pre>${this.escapeHtml(jsonConfig)}</pre></div>
+                <button class="copy-button" onclick="copyToClipboard(this.previousElementSibling.textContent)">Copy JSON Config</button>
+
+                <h3>TOML</h3>
+                <div class="code-block"><pre>${this.escapeHtml(tomlConfig)}</pre></div>
+                <button class="copy-button" onclick="copyToClipboard(this.previousElementSibling.textContent)">Copy TOML Config</button>
             </div>
 
             <div class="step">
@@ -211,31 +241,14 @@ export class McpSetupView {
 
                 <h3>For MCP-compatible AI Assistants:</h3>
                 <ol>
-                    <li>Locate your MCP configuration file (usually <code>mcp.json</code> or <code>.mcp/config.json</code>)</li>
+                    <li>Locate your MCP configuration file (usually <code>mcp.json</code>, <code>.mcp/config.json</code>, or client-specific <code>mcp.toml</code>)</li>
                     <li>Add the Xygeni server configuration as shown above</li>
                     <li>Restart your MCP client or reload the configuration</li>
                 </ol>
             </div>
             ` : ''}
-            ${scannerInstalled ? '<h2>Available Tools</h2>' : '<h2>Next Steps</h2>'}
-            ${scannerInstalled ? `
-            <p>Once configured, the Xygeni MCP server provides the following tools:</p>
-
-            <div class="code-block"><pre>
-Available tools:
-├── xygeni_malware_scan - Executes malware analysis over the directory passed as parameter
-├── xygeni_inventory_scan - Executes inventory analysis over the directory passed as parameter
-├── xygeni_secrets_scan - Executes secrets analysis over the directory passed as parameter
-├── xygeni_iac_scan - Executes IaC analysis over the directory passed as parameter
-├── xygeni_codetamper_scan - Executes code tampering analysis over the directory passed as parameter
-├── xygeni_sca_scan - Executes SCA analysis over the directory passed as parameter
-├── xygeni_compliance_scan - Executes compliance analysis over the directory passed as parameter
-├── xygeni_sast_scan - Executes SAST analysis over the directory passed as parameter
-└── xygeni_suspectdeps_scan - Executes suspect dependencies analysis over the directory passed as parameter
-
-
-            </pre></div>
-            ` : '<p>Please install the Xygeni scanner first to access MCP server setup instructions and available tools.</p>'}
+            ${scannerInstalled ? '' : 
+                `<p>Please install the Xygeni scanner first to access MCP server setup instructions and available tools.</p>`}
 
             <h2>Get Help</h2>
             <p>For more information and support:</p>
@@ -246,17 +259,9 @@ Available tools:
         </div>
 
         <script nonce="${nonce}">
-            function copyToClipboard(command, args) {
-                let textToCopy = args || command;
-
-                // If command is a vscode command reference
-                if (command.startsWith('command:')) {
-                    textToCopy = args || command;
-                }
-
-                navigator.clipboard.writeText(textToCopy).then(() => {
-                    // Could show a toast notification here
-                    console.log('Copied to clipboard:', textToCopy);
+            function copyToClipboard(text) {
+                navigator.clipboard.writeText(text).then(() => {
+                    console.log('Copied to clipboard:', text);
                 }).catch(err => {
                     console.error('Failed to copy:', err);
                 });
@@ -268,7 +273,9 @@ Available tools:
     </body>
     </html>`;
 
-    this.panel.webview.html = html;
+    if (this.panel === panel) {
+      panel.webview.html = html;
+    }
   }
 
   private static getNonce() {
@@ -280,6 +287,45 @@ Available tools:
     return text;
   }
 
+  private static buildTomlConfig(
+    serverName: string,
+    jarPath: string,
+    scannerPathArg: string,
+    javaHome: string,
+    xygeniToken: string
+  ): string {
+    const quotedServerName = this.tomlQuote(serverName);
+    const quotedJarPath = this.tomlQuote(jarPath);
+    const quotedScannerPathArg = this.tomlQuote(scannerPathArg);
+    const quotedJavaHome = this.tomlQuote(javaHome);
+    const quotedXygeniToken = this.tomlQuote(xygeniToken);
+
+    return `[servers.${quotedServerName}]
+timeout = 60
+type = "stdio"
+command = "java"
+args = [
+  "-jar",
+  ${quotedJarPath},
+  ${quotedScannerPathArg}
+]
+
+[servers.${quotedServerName}.env]
+JAVA_HOME = ${quotedJavaHome}
+XYGENI_TOKEN = ${quotedXygeniToken}`;
+  }
+
+  private static tomlQuote(value: string): string {
+    return `"${value.replace(/\\/g, '\\\\').replace(/"/g, '\\"')}"`;
+  }
+
+  private static escapeHtml(value: string): string {
+    return value
+      .replace(/&/g, '&amp;')
+      .replace(/</g, '&lt;')
+      .replace(/>/g, '&gt;');
+  }
+
   private static async loadMcpDocumentation() {
     // This would load MCP documentation if needed
     // For now, the documentation is embedded in the HTML

From 43bc4b87194a455b4ead06d640b0c2b2d98ebb38 Mon Sep 17 00:00:00 2001
From: "victor.delarosa" <1938685+vdlr@users.noreply.github.com>
Date: Fri, 13 Feb 2026 12:36:16 +0100
Subject: [PATCH 2/2] download CLI from non-production API Url
 xygeni/product-backlog#4225

---
 CHANGELOG.md                    |  3 +-
 src/test/unit/installer.test.ts | 67 +++++++++++++++++++++++++++++++
 src/xygeni/service/installer.ts | 71 +++++++++++++++++++++++++--------
 3 files changed, 124 insertions(+), 17 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index f79cf0f..b766cf1 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -30,4 +30,5 @@
 
 ## [1.2.4]
 
-- Update MCP Setup to use current XYGENI_TOKEN
\ No newline at end of file
+- Update MCP Setup to use current XYGENI_TOKEN
+- Allow download scanner CLI from non-production Xygeni API Url (e.g. on-premise environments)
\ No newline at end of file
diff --git a/src/test/unit/installer.test.ts b/src/test/unit/installer.test.ts
index 2cfe88e..c6c61fe 100644
--- a/src/test/unit/installer.test.ts
+++ b/src/test/unit/installer.test.ts
@@ -323,6 +323,73 @@ suite('Installer Test Suite', () => {
             assert.strictEqual(callCount, 3);
         });
 
+        test('should use API releases endpoint and bearer token for custom API URL', async () => {
+            // Arrange
+            sandbox.stub(Platform, 'get').returns('linux');
+
+            const downloadFileStub = sandbox.stub(installer as any, 'downloadFile').callsFake(
+                (url: any, targetDir: any, name: any, authToken?: any) => {
+                    const filePath = path.join(targetDir, name);
+                    fs.writeFileSync(filePath, 'matching-hash');
+                    return Promise.resolve(filePath);
+                }
+            );
+            sandbox.stub(installer as any, 'calculateChecksum').resolves('matching-hash');
+            sandbox.stub(installer as any, 'unzip').callsFake((zip: any, dest: any) => {
+                const root = path.join(dest, 'xygeni_scanner');
+                if (!fs.existsSync(root)) { fs.mkdirSync(root, { recursive: true }); }
+                return Promise.resolve();
+            });
+            sandbox.stub(installer as any, 'copyDirectoryContents').returns(undefined);
+            sandbox.stub(installer as any, 'makeBinaryExecutable').resolves();
+
+            // Act
+            await installer.install('https://onprem.xygeni.local/api', 'test-token');
+
+            // Assert
+            assert.strictEqual(downloadFileStub.callCount, 1);
+            assert.strictEqual(downloadFileStub.firstCall.args[0], 'https://onprem.xygeni.local/api/scan/releases/');
+            assert.strictEqual(downloadFileStub.firstCall.args[3], 'test-token');
+        });
+
+        test('should use public scanner URL without bearer token for default API URL', async () => {
+            // Arrange
+            sandbox.stub(Platform, 'get').returns('linux');
+
+            const downloadFileStub = sandbox.stub(installer as any, 'downloadFile').callsFake(
+                (url: any, targetDir: any, name: any, authToken?: any) => {
+                    const filePath = path.join(targetDir, name);
+                    fs.writeFileSync(filePath, 'matching-hash');
+                    return Promise.resolve(filePath);
+                }
+            );
+            sandbox.stub(installer as any, 'calculateChecksum').resolves('matching-hash');
+            sandbox.stub(installer as any, 'unzip').callsFake((zip: any, dest: any) => {
+                const root = path.join(dest, 'xygeni_scanner');
+                if (!fs.existsSync(root)) { fs.mkdirSync(root, { recursive: true }); }
+                return Promise.resolve();
+            });
+            sandbox.stub(installer as any, 'copyDirectoryContents').returns(undefined);
+            sandbox.stub(installer as any, 'makeBinaryExecutable').resolves();
+
+            // Act
+            await installer.install('https://api.xygeni.io/', 'test-token');
+
+            // Assert
+            assert.strictEqual(downloadFileStub.callCount, 2);
+            assert.strictEqual(downloadFileStub.firstCall.args[0], 'https://get.xygeni.io/latest/scanner/xygeni_scanner.zip');
+            assert.strictEqual(downloadFileStub.firstCall.args[3], undefined);
+            assert.strictEqual(downloadFileStub.secondCall.args[0], 'https://get.xygeni.io/latest/scanner/xygeni_scanner.zip.sha256');
+            assert.strictEqual(downloadFileStub.secondCall.args[3], undefined);
+        });
+
+        test('should require token for custom API URL scanner download', async () => {
+            await assert.rejects(
+                installer.install('https://onprem.xygeni.local/api'),
+                /Xygeni token is required to download scanner from custom API URL/
+            );
+        });
+
         test('should install successfully', async () => {
             // Arrange
             sandbox.stub(Platform, 'get').returns('linux');
diff --git a/src/xygeni/service/installer.ts b/src/xygeni/service/installer.ts
index d8afea0..4d88014 100644
--- a/src/xygeni/service/installer.ts
+++ b/src/xygeni/service/installer.ts
@@ -21,9 +21,10 @@ export default class InstallerService {
     private readonly tempDir: string;
 
     private readonly xygeniGetScannerUrl = 'https://get.xygeni.io/latest/scanner/';    
+    private readonly xygeniDefaultApiUrl = 'https://api.xygeni.io';
+    private readonly xygeniApiScannerReleasesPath = 'scan/releases';
     private readonly xygeniScannerZipName = 'xygeni_scanner.zip';
     private readonly xygeniScannerZipRootFolder = 'xygeni_scanner';
-    private readonly xygeniScannerChecksumUrl = 'https://raw.githubusercontent.com/xygeni/xygeni/main/checksum/latest/xygeni-release.zip.sha256';
 
     private readonly xygeniMCPLibraryUrl = 'https://get.xygeni.io/latest/mcp-server/xygeni-mcp-server.jar';
     private readonly xygeniMCPLibraryName = 'xygeni-mcp-server.jar';
@@ -111,23 +112,44 @@ export default class InstallerService {
             }
 
             const zipPath = path.join(tempDirPath, this.xygeniScannerZipName);
-            const scannerUrl = `${this.xygeniGetScannerUrl}${this.xygeniScannerZipName}`;
-            const checksumUrl = `${scannerUrl}.sha256`;
+            const useApiReleasesUrl = this.shouldUseApiReleasesUrl(apiUrl);
+            
+            let scannerUrl = `${this.xygeniGetScannerUrl}${this.xygeniScannerZipName}`;
+            const scannerAuthToken = useApiReleasesUrl ? token : undefined;
+            
+            if (useApiReleasesUrl) {
+                if (!token) {
+                    throw new Error('Xygeni token is required to download scanner from custom API URL');
+                }                
+                scannerUrl = this.buildUrlWithPath(apiUrl!, this.xygeniApiScannerReleasesPath);
+            }            
 
             try {
-                this.logger.log("    Downloading Xygeni Scanner...");
-                await this.downloadFile(scannerUrl, tempDirPath, this.xygeniScannerZipName);
-
-                this.logger.log("    Validating Xygeni Scanner checksum...");
-                await this.downloadFile(this.xygeniScannerChecksumUrl, tempDirPath, this.xygeniScannerZipName + '.sha256');
+                if (useApiReleasesUrl) {
+                    this.logger.log(`    Downloading Xygeni Scanner from API URL: ${apiUrl}`);
+                }
+                else {
+                    this.logger.log("    Downloading Xygeni Scanner...");
+                }
                 
-                const downloadedChecksum = fs.readFileSync(path.join(tempDirPath, this.xygeniScannerZipName + '.sha256'), 'utf8').trim().split(/\s+/)[0];
-                const fileChecksum = await this.calculateChecksum(zipPath);
+                await this.downloadFile(scannerUrl, tempDirPath, this.xygeniScannerZipName, scannerAuthToken);
+
+                if (!useApiReleasesUrl) {
+                    const checksumUrl = `${scannerUrl}.sha256`;
+                    // when downloading from xygeni cloud api - validate scanner zip checksum
+                    this.logger.log("    Validating Xygeni Scanner checksum...");
+                    await this.downloadFile(checksumUrl, tempDirPath, this.xygeniScannerZipName + '.sha256', scannerAuthToken);
+
+                    const downloadedChecksum = fs.readFileSync(path.join(tempDirPath, this.xygeniScannerZipName + '.sha256'), 'utf8').trim().split(/\s+/)[0];
+                    const fileChecksum = await this.calculateChecksum(zipPath);
 
-                if (downloadedChecksum.toLowerCase() !== fileChecksum.toLowerCase()) {
-                    throw new Error(`Checksum validation failed. Expected: ${downloadedChecksum}, Got: ${fileChecksum}`);
+                    if (downloadedChecksum.toLowerCase() !== fileChecksum.toLowerCase()) {
+                        throw new Error(`Checksum validation failed. Expected: ${downloadedChecksum}, Got: ${fileChecksum}`);
+                    }
+                    this.logger.log("    Checksum validation successful.");
                 }
-                this.logger.log("    Checksum validation successful.");
+                
+                
 
                 this.logger.log("    Extracting Xygeni Scanner...");
                 await this.unzip(zipPath, tempDirPath);
@@ -255,7 +277,7 @@ export default class InstallerService {
 
     }
 
-    private async downloadFile(scriptUrl: string, targetDir: string, installName: string): Promise<string> {
+    private async downloadFile(scriptUrl: string, targetDir: string, installName: string, authToken?: string): Promise<string> {
         return new Promise((resolve, reject) => {
 
             // local path            
@@ -265,6 +287,9 @@ export default class InstallerService {
             //this.logger.log(`  Downloading install script from: ${scriptUrl}`);
 
             const client = this.commands.getHttpClient(scriptUrl);
+            if (authToken) {
+                client.setAuthToken(authToken);
+            }
 
             const request = client.get(scriptUrl, (response) => {
                 // Handle redirects
@@ -273,7 +298,7 @@ export default class InstallerService {
                     if (redirectUrl) {
                         file.close();
                         fs.unlinkSync(filePath);
-                        this.downloadFile(redirectUrl, targetDir, installName).then(resolve).catch(reject);
+                        this.downloadFile(redirectUrl, targetDir, installName, authToken).then(resolve).catch(reject);
                         return;
                     }
                 }
@@ -320,6 +345,21 @@ export default class InstallerService {
         });
     }
 
+    private shouldUseApiReleasesUrl(apiUrl?: string): boolean {
+        if (!apiUrl) {
+            return false;
+        }
+        return this.normalizeUrl(apiUrl) !== this.normalizeUrl(this.xygeniDefaultApiUrl);
+    }
+
+    private normalizeUrl(url: string): string {
+        return url.trim().replace(/\/+$/, '');
+    }
+
+    private buildUrlWithPath(baseUrl: string, pathSuffix: string): string {
+        return `${this.normalizeUrl(baseUrl)}/${pathSuffix}/`;
+    }
+
     private async unzip(zipPath: string, destination: string): Promise<void> {
         return new Promise((resolve, reject) => {
             yauzl.open(zipPath, { lazyEntries: true }, (err, zipfile) => {
@@ -455,4 +495,3 @@ export default class InstallerService {
 
 
 }
-