@adapt-toolkit/a2adapt 0.2.0 → 0.3.0

package/dist/index.js

@@ -1317,11 +1317,11 @@ var require_errors = __commonJS({
       gen.code((0, codegen_1._)`${names_1.default.errors}++`);
     }
     function returnErrors(it, errs) {
-      const { gen, validateName, schemaEnv } = it;
+      const { gen, validateName: validateName2, schemaEnv } = it;
       if (schemaEnv.$async) {
         gen.throw((0, codegen_1._)`new ${it.ValidationError}(${errs})`);
       } else {
-        gen.assign((0, codegen_1._)`${validateName}.errors`, errs);
+        gen.assign((0, codegen_1._)`${validateName2}.errors`, errs);
         gen.return(false);
       }
     }
@@ -1390,13 +1390,13 @@ var require_boolSchema = __commonJS({
       message: "boolean schema is false"
     };
     function topBoolOrEmptySchema(it) {
-      const { gen, schema, validateName } = it;
+      const { gen, schema, validateName: validateName2 } = it;
       if (schema === false) {
         falseSchemaError(it, false);
       } else if (typeof schema == "object" && schema.$async === true) {
         gen.return(names_1.default.data);
       } else {
-        gen.assign((0, codegen_1._)`${validateName}.errors`, null);
+        gen.assign((0, codegen_1._)`${validateName2}.errors`, null);
         gen.return(true);
       }
     }
@@ -2345,15 +2345,15 @@ var require_validate = __commonJS({
       validateFunction(it, () => (0, boolSchema_1.topBoolOrEmptySchema)(it));
     }
     exports.validateFunctionCode = validateFunctionCode;
-    function validateFunction({ gen, validateName, schema, schemaEnv, opts }, body) {
+    function validateFunction({ gen, validateName: validateName2, schema, schemaEnv, opts }, body) {
       if (opts.code.es5) {
-        gen.func(validateName, (0, codegen_1._)`${names_1.default.data}, ${names_1.default.valCxt}`, schemaEnv.$async, () => {
+        gen.func(validateName2, (0, codegen_1._)`${names_1.default.data}, ${names_1.default.valCxt}`, schemaEnv.$async, () => {
           gen.code((0, codegen_1._)`"use strict"; ${funcSourceUrl(schema, opts)}`);
           destructureValCxtES5(gen, opts);
           gen.code(body);
         });
       } else {
-        gen.func(validateName, (0, codegen_1._)`${names_1.default.data}, ${destructureValCxt(opts)}`, schemaEnv.$async, () => gen.code(funcSourceUrl(schema, opts)).code(body));
+        gen.func(validateName2, (0, codegen_1._)`${names_1.default.data}, ${destructureValCxt(opts)}`, schemaEnv.$async, () => gen.code(funcSourceUrl(schema, opts)).code(body));
       }
     }
     function destructureValCxt(opts) {
@@ -2392,8 +2392,8 @@ var require_validate = __commonJS({
       return;
     }
     function resetEvaluated(it) {
-      const { gen, validateName } = it;
-      it.evaluated = gen.const("evaluated", (0, codegen_1._)`${validateName}.evaluated`);
+      const { gen, validateName: validateName2 } = it;
+      it.evaluated = gen.const("evaluated", (0, codegen_1._)`${validateName2}.evaluated`);
       gen.if((0, codegen_1._)`${it.evaluated}.dynamicProps`, () => gen.assign((0, codegen_1._)`${it.evaluated}.props`, (0, codegen_1._)`undefined`));
       gen.if((0, codegen_1._)`${it.evaluated}.dynamicItems`, () => gen.assign((0, codegen_1._)`${it.evaluated}.items`, (0, codegen_1._)`undefined`));
     }
@@ -2475,11 +2475,11 @@ var require_validate = __commonJS({
       }
     }
     function returnResults(it) {
-      const { gen, schemaEnv, validateName, ValidationError, opts } = it;
+      const { gen, schemaEnv, validateName: validateName2, ValidationError, opts } = it;
       if (schemaEnv.$async) {
         gen.if((0, codegen_1._)`${names_1.default.errors} === 0`, () => gen.return(names_1.default.data), () => gen.throw((0, codegen_1._)`new ${ValidationError}(${names_1.default.vErrors})`));
       } else {
-        gen.assign((0, codegen_1._)`${validateName}.errors`, names_1.default.vErrors);
+        gen.assign((0, codegen_1._)`${validateName2}.errors`, names_1.default.vErrors);
         if (opts.unevaluated)
           assignEvaluated(it);
         gen.return((0, codegen_1._)`${names_1.default.errors} === 0`);
@@ -2904,8 +2904,8 @@ var require_compile = __commonJS({
           code: (0, codegen_1._)`require("ajv/dist/runtime/validation_error").default`
         });
       }
-      const validateName = gen.scopeName("validate");
-      sch.validateName = validateName;
+      const validateName2 = gen.scopeName("validate");
+      sch.validateName = validateName2;
       const schemaCxt = {
         gen,
         allErrors: this.opts.allErrors,
@@ -2919,7 +2919,7 @@ var require_compile = __commonJS({
         dataTypes: [],
         definedProperties: /* @__PURE__ */ new Set(),
         topSchemaRef: gen.scopeValue("schema", this.opts.code.source === true ? { ref: sch.schema, code: (0, codegen_1.stringify)(sch.schema) } : { ref: sch.schema }),
-        validateName,
+        validateName: validateName2,
         ValidationError: _ValidationError,
         schema: sch.schema,
         schemaEnv: sch,
@@ -2942,14 +2942,14 @@ var require_compile = __commonJS({
           sourceCode = this.opts.code.process(sourceCode, sch);
         const makeValidate = new Function(`${names_1.default.self}`, `${names_1.default.scope}`, sourceCode);
         const validate = makeValidate(this, this.scope.get());
-        this.scope.value(validateName, { ref: validate });
+        this.scope.value(validateName2, { ref: validate });
         validate.errors = null;
         validate.schema = sch.schema;
         validate.schemaEnv = sch;
         if (sch.$async)
           validate.$async = true;
         if (this.opts.code.source === true) {
-          validate.source = { validateName, validateCode, scopeValues: gen._values };
+          validate.source = { validateName: validateName2, validateCode, scopeValues: gen._values };
         }
         if (this.opts.unevaluated) {
           const { props, items } = schemaCxt;
@@ -4235,8 +4235,8 @@ var require_core = __commonJS({
             return this;
           }
           case "object": {
-            const cacheKey = schemaKeyRef;
-            this._cache.delete(cacheKey);
+            const cacheKey2 = schemaKeyRef;
+            this._cache.delete(cacheKey2);
             let id = schemaKeyRef[this.opts.schemaId];
             if (id) {
               id = (0, resolve_1.normalizeId)(id);
@@ -4401,11 +4401,11 @@ var require_core = __commonJS({
     Ajv2.ValidationError = validation_error_1.default;
     Ajv2.MissingRefError = ref_error_1.default;
     exports.default = Ajv2;
-    function checkOptions(checkOpts, options, msg, log = "error") {
+    function checkOptions(checkOpts, options, msg, log2 = "error") {
       for (const key in checkOpts) {
         const opt = key;
         if (opt in options)
-          this.logger[log](`${msg}: option ${key}. ${checkOpts[opt]}`);
+          this.logger[log2](`${msg}: option ${key}. ${checkOpts[opt]}`);
       }
     }
     function getSchEnv(keyRef) {
@@ -4563,7 +4563,7 @@ var require_ref = __commonJS({
       schemaType: "string",
       code(cxt) {
         const { gen, schema: $ref, it } = cxt;
-        const { baseId, schemaEnv: env, validateName, opts, self } = it;
+        const { baseId, schemaEnv: env, validateName: validateName2, opts, self } = it;
         const { root } = env;
         if (($ref === "#" || $ref === "#/") && baseId === root.baseId)
           return callRootRef();
@@ -4575,7 +4575,7 @@ var require_ref = __commonJS({
         return inlineRefSchema(schOrEnv);
         function callRootRef() {
           if (env === root)
-            return callRef(cxt, validateName, env, env.$async);
+            return callRef(cxt, validateName2, env, env.$async);
           const rootName = gen.scopeValue("root", { ref: root });
           return callRef(cxt, (0, codegen_1._)`${rootName}.validate`, root, root.$async);
         }
@@ -6873,12 +6873,12 @@ var require_dist = __commonJS({
         throw new Error(`Unknown format "${name}"`);
       return f;
     };
-    function addFormats(ajv, list, fs, exportName) {
+    function addFormats(ajv, list, fs2, exportName) {
       var _a;
       var _b;
       (_a = (_b = ajv.opts.code).formats) !== null && _a !== void 0 ? _a : _b.formats = (0, codegen_1._)`require("ajv-formats/dist/formats").${exportName}`;
       for (const f of list)
-        ajv.addFormat(f, fs[f]);
+        ajv.addFormat(f, fs2[f]);
     }
     module.exports = exports = formatsPlugin;
     Object.defineProperty(exports, "__esModule", { value: true });
@@ -15620,6 +15620,7 @@ config(en_default2());
 
 // ../node_modules/@modelcontextprotocol/sdk/dist/esm/types.js
 var LATEST_PROTOCOL_VERSION = "2025-11-25";
+var DEFAULT_NEGOTIATED_PROTOCOL_VERSION = "2025-03-26";
 var SUPPORTED_PROTOCOL_VERSIONS = [LATEST_PROTOCOL_VERSION, "2025-06-18", "2025-03-26", "2024-11-05", "2024-10-07"];
 var RELATED_TASK_META_KEY = "io.modelcontextprotocol/related-task";
 var JSONRPC_VERSION = "2.0";
@@ -15948,6 +15949,7 @@ var InitializeRequestSchema = RequestSchema.extend({
   method: literal("initialize"),
   params: InitializeRequestParamsSchema
 });
+var isInitializeRequest = (value) => InitializeRequestSchema.safeParse(value).success;
 var ServerCapabilitiesSchema = object2({
   /**
    * Experimental, non-standard capabilities that the server supports.
@@ -21099,81 +21101,2040 @@ var StdioServerTransport = class {
   }
 };
 
+// ../node_modules/@hono/node-server/dist/index.mjs
+import { Http2ServerRequest as Http2ServerRequest2, constants as h2constants } from "http2";
+import { Http2ServerRequest } from "http2";
+import { Readable } from "stream";
+import crypto2 from "crypto";
+var RequestError = class extends Error {
+  constructor(message, options) {
+    super(message, options);
+    this.name = "RequestError";
+  }
+};
+var toRequestError = (e) => {
+  if (e instanceof RequestError) {
+    return e;
+  }
+  return new RequestError(e.message, { cause: e });
+};
+var GlobalRequest = global.Request;
+var Request = class extends GlobalRequest {
+  constructor(input, options) {
+    if (typeof input === "object" && getRequestCache in input) {
+      input = input[getRequestCache]();
+    }
+    if (typeof options?.body?.getReader !== "undefined") {
+      ;
+      options.duplex ??= "half";
+    }
+    super(input, options);
+  }
+};
+var newHeadersFromIncoming = (incoming) => {
+  const headerRecord = [];
+  const rawHeaders = incoming.rawHeaders;
+  for (let i = 0; i < rawHeaders.length; i += 2) {
+    const { [i]: key, [i + 1]: value } = rawHeaders;
+    if (key.charCodeAt(0) !== /*:*/
+    58) {
+      headerRecord.push([key, value]);
+    }
+  }
+  return new Headers(headerRecord);
+};
+var wrapBodyStream = Symbol("wrapBodyStream");
+var newRequestFromIncoming = (method, url, headers, incoming, abortController) => {
+  const init = {
+    method,
+    headers,
+    signal: abortController.signal
+  };
+  if (method === "TRACE") {
+    init.method = "GET";
+    const req = new Request(url, init);
+    Object.defineProperty(req, "method", {
+      get() {
+        return "TRACE";
+      }
+    });
+    return req;
+  }
+  if (!(method === "GET" || method === "HEAD")) {
+    if ("rawBody" in incoming && incoming.rawBody instanceof Buffer) {
+      init.body = new ReadableStream({
+        start(controller) {
+          controller.enqueue(incoming.rawBody);
+          controller.close();
+        }
+      });
+    } else if (incoming[wrapBodyStream]) {
+      let reader;
+      init.body = new ReadableStream({
+        async pull(controller) {
+          try {
+            reader ||= Readable.toWeb(incoming).getReader();
+            const { done, value } = await reader.read();
+            if (done) {
+              controller.close();
+            } else {
+              controller.enqueue(value);
+            }
+          } catch (error2) {
+            controller.error(error2);
+          }
+        }
+      });
+    } else {
+      init.body = Readable.toWeb(incoming);
+    }
+  }
+  return new Request(url, init);
+};
+var getRequestCache = Symbol("getRequestCache");
+var requestCache = Symbol("requestCache");
+var incomingKey = Symbol("incomingKey");
+var urlKey = Symbol("urlKey");
+var headersKey = Symbol("headersKey");
+var abortControllerKey = Symbol("abortControllerKey");
+var getAbortController = Symbol("getAbortController");
+var requestPrototype = {
+  get method() {
+    return this[incomingKey].method || "GET";
+  },
+  get url() {
+    return this[urlKey];
+  },
+  get headers() {
+    return this[headersKey] ||= newHeadersFromIncoming(this[incomingKey]);
+  },
+  [getAbortController]() {
+    this[getRequestCache]();
+    return this[abortControllerKey];
+  },
+  [getRequestCache]() {
+    this[abortControllerKey] ||= new AbortController();
+    return this[requestCache] ||= newRequestFromIncoming(
+      this.method,
+      this[urlKey],
+      this.headers,
+      this[incomingKey],
+      this[abortControllerKey]
+    );
+  }
+};
+[
+  "body",
+  "bodyUsed",
+  "cache",
+  "credentials",
+  "destination",
+  "integrity",
+  "mode",
+  "redirect",
+  "referrer",
+  "referrerPolicy",
+  "signal",
+  "keepalive"
+].forEach((k) => {
+  Object.defineProperty(requestPrototype, k, {
+    get() {
+      return this[getRequestCache]()[k];
+    }
+  });
+});
+["arrayBuffer", "blob", "clone", "formData", "json", "text"].forEach((k) => {
+  Object.defineProperty(requestPrototype, k, {
+    value: function() {
+      return this[getRequestCache]()[k]();
+    }
+  });
+});
+Object.defineProperty(requestPrototype, Symbol.for("nodejs.util.inspect.custom"), {
+  value: function(depth, options, inspectFn) {
+    const props = {
+      method: this.method,
+      url: this.url,
+      headers: this.headers,
+      nativeRequest: this[requestCache]
+    };
+    return `Request (lightweight) ${inspectFn(props, { ...options, depth: depth == null ? null : depth - 1 })}`;
+  }
+});
+Object.setPrototypeOf(requestPrototype, Request.prototype);
+var newRequest = (incoming, defaultHostname) => {
+  const req = Object.create(requestPrototype);
+  req[incomingKey] = incoming;
+  const incomingUrl = incoming.url || "";
+  if (incomingUrl[0] !== "/" && // short-circuit for performance. most requests are relative URL.
+  (incomingUrl.startsWith("http://") || incomingUrl.startsWith("https://"))) {
+    if (incoming instanceof Http2ServerRequest) {
+      throw new RequestError("Absolute URL for :path is not allowed in HTTP/2");
+    }
+    try {
+      const url2 = new URL(incomingUrl);
+      req[urlKey] = url2.href;
+    } catch (e) {
+      throw new RequestError("Invalid absolute URL", { cause: e });
+    }
+    return req;
+  }
+  const host = (incoming instanceof Http2ServerRequest ? incoming.authority : incoming.headers.host) || defaultHostname;
+  if (!host) {
+    throw new RequestError("Missing host header");
+  }
+  let scheme;
+  if (incoming instanceof Http2ServerRequest) {
+    scheme = incoming.scheme;
+    if (!(scheme === "http" || scheme === "https")) {
+      throw new RequestError("Unsupported scheme");
+    }
+  } else {
+    scheme = incoming.socket && incoming.socket.encrypted ? "https" : "http";
+  }
+  const url = new URL(`${scheme}://${host}${incomingUrl}`);
+  if (url.hostname.length !== host.length && url.hostname !== host.replace(/:\d+$/, "")) {
+    throw new RequestError("Invalid host header");
+  }
+  req[urlKey] = url.href;
+  return req;
+};
+var responseCache = Symbol("responseCache");
+var getResponseCache = Symbol("getResponseCache");
+var cacheKey = Symbol("cache");
+var GlobalResponse = global.Response;
+var Response2 = class _Response {
+  #body;
+  #init;
+  [getResponseCache]() {
+    delete this[cacheKey];
+    return this[responseCache] ||= new GlobalResponse(this.#body, this.#init);
+  }
+  constructor(body, init) {
+    let headers;
+    this.#body = body;
+    if (init instanceof _Response) {
+      const cachedGlobalResponse = init[responseCache];
+      if (cachedGlobalResponse) {
+        this.#init = cachedGlobalResponse;
+        this[getResponseCache]();
+        return;
+      } else {
+        this.#init = init.#init;
+        headers = new Headers(init.#init.headers);
+      }
+    } else {
+      this.#init = init;
+    }
+    if (typeof body === "string" || typeof body?.getReader !== "undefined" || body instanceof Blob || body instanceof Uint8Array) {
+      ;
+      this[cacheKey] = [init?.status || 200, body, headers || init?.headers];
+    }
+  }
+  get headers() {
+    const cache = this[cacheKey];
+    if (cache) {
+      if (!(cache[2] instanceof Headers)) {
+        cache[2] = new Headers(
+          cache[2] || { "content-type": "text/plain; charset=UTF-8" }
+        );
+      }
+      return cache[2];
+    }
+    return this[getResponseCache]().headers;
+  }
+  get status() {
+    return this[cacheKey]?.[0] ?? this[getResponseCache]().status;
+  }
+  get ok() {
+    const status = this.status;
+    return status >= 200 && status < 300;
+  }
+};
+["body", "bodyUsed", "redirected", "statusText", "trailers", "type", "url"].forEach((k) => {
+  Object.defineProperty(Response2.prototype, k, {
+    get() {
+      return this[getResponseCache]()[k];
+    }
+  });
+});
+["arrayBuffer", "blob", "clone", "formData", "json", "text"].forEach((k) => {
+  Object.defineProperty(Response2.prototype, k, {
+    value: function() {
+      return this[getResponseCache]()[k]();
+    }
+  });
+});
+Object.defineProperty(Response2.prototype, Symbol.for("nodejs.util.inspect.custom"), {
+  value: function(depth, options, inspectFn) {
+    const props = {
+      status: this.status,
+      headers: this.headers,
+      ok: this.ok,
+      nativeResponse: this[responseCache]
+    };
+    return `Response (lightweight) ${inspectFn(props, { ...options, depth: depth == null ? null : depth - 1 })}`;
+  }
+});
+Object.setPrototypeOf(Response2, GlobalResponse);
+Object.setPrototypeOf(Response2.prototype, GlobalResponse.prototype);
+async function readWithoutBlocking(readPromise) {
+  return Promise.race([readPromise, Promise.resolve().then(() => Promise.resolve(void 0))]);
+}
+function writeFromReadableStreamDefaultReader(reader, writable, currentReadPromise) {
+  const cancel = (error2) => {
+    reader.cancel(error2).catch(() => {
+    });
+  };
+  writable.on("close", cancel);
+  writable.on("error", cancel);
+  (currentReadPromise ?? reader.read()).then(flow, handleStreamError);
+  return reader.closed.finally(() => {
+    writable.off("close", cancel);
+    writable.off("error", cancel);
+  });
+  function handleStreamError(error2) {
+    if (error2) {
+      writable.destroy(error2);
+    }
+  }
+  function onDrain() {
+    reader.read().then(flow, handleStreamError);
+  }
+  function flow({ done, value }) {
+    try {
+      if (done) {
+        writable.end();
+      } else if (!writable.write(value)) {
+        writable.once("drain", onDrain);
+      } else {
+        return reader.read().then(flow, handleStreamError);
+      }
+    } catch (e) {
+      handleStreamError(e);
+    }
+  }
+}
+function writeFromReadableStream(stream, writable) {
+  if (stream.locked) {
+    throw new TypeError("ReadableStream is locked.");
+  } else if (writable.destroyed) {
+    return;
+  }
+  return writeFromReadableStreamDefaultReader(stream.getReader(), writable);
+}
+var buildOutgoingHttpHeaders = (headers) => {
+  const res = {};
+  if (!(headers instanceof Headers)) {
+    headers = new Headers(headers ?? void 0);
+  }
+  const cookies = [];
+  for (const [k, v] of headers) {
+    if (k === "set-cookie") {
+      cookies.push(v);
+    } else {
+      res[k] = v;
+    }
+  }
+  if (cookies.length > 0) {
+    res["set-cookie"] = cookies;
+  }
+  res["content-type"] ??= "text/plain; charset=UTF-8";
+  return res;
+};
+var X_ALREADY_SENT = "x-hono-already-sent";
+if (typeof global.crypto === "undefined") {
+  global.crypto = crypto2;
+}
+var outgoingEnded = Symbol("outgoingEnded");
+var incomingDraining = Symbol("incomingDraining");
+var DRAIN_TIMEOUT_MS = 500;
+var MAX_DRAIN_BYTES = 64 * 1024 * 1024;
+var drainIncoming = (incoming) => {
+  const incomingWithDrainState = incoming;
+  if (incoming.destroyed || incomingWithDrainState[incomingDraining]) {
+    return;
+  }
+  incomingWithDrainState[incomingDraining] = true;
+  if (incoming instanceof Http2ServerRequest2) {
+    try {
+      ;
+      incoming.stream?.close?.(h2constants.NGHTTP2_NO_ERROR);
+    } catch {
+    }
+    return;
+  }
+  let bytesRead = 0;
+  const cleanup = () => {
+    clearTimeout(timer);
+    incoming.off("data", onData);
+    incoming.off("end", cleanup);
+    incoming.off("error", cleanup);
+  };
+  const forceClose = () => {
+    cleanup();
+    const socket = incoming.socket;
+    if (socket && !socket.destroyed) {
+      socket.destroySoon();
+    }
+  };
+  const timer = setTimeout(forceClose, DRAIN_TIMEOUT_MS);
+  timer.unref?.();
+  const onData = (chunk) => {
+    bytesRead += chunk.length;
+    if (bytesRead > MAX_DRAIN_BYTES) {
+      forceClose();
+    }
+  };
+  incoming.on("data", onData);
+  incoming.on("end", cleanup);
+  incoming.on("error", cleanup);
+  incoming.resume();
+};
+var handleRequestError = () => new Response(null, {
+  status: 400
+});
+var handleFetchError = (e) => new Response(null, {
+  status: e instanceof Error && (e.name === "TimeoutError" || e.constructor.name === "TimeoutError") ? 504 : 500
+});
+var handleResponseError = (e, outgoing) => {
+  const err = e instanceof Error ? e : new Error("unknown error", { cause: e });
+  if (err.code === "ERR_STREAM_PREMATURE_CLOSE") {
+    console.info("The user aborted a request.");
+  } else {
+    console.error(e);
+    if (!outgoing.headersSent) {
+      outgoing.writeHead(500, { "Content-Type": "text/plain" });
+    }
+    outgoing.end(`Error: ${err.message}`);
+    outgoing.destroy(err);
+  }
+};
+var flushHeaders = (outgoing) => {
+  if ("flushHeaders" in outgoing && outgoing.writable) {
+    outgoing.flushHeaders();
+  }
+};
+var responseViaCache = async (res, outgoing) => {
+  let [status, body, header] = res[cacheKey];
+  let hasContentLength = false;
+  if (!header) {
+    header = { "content-type": "text/plain; charset=UTF-8" };
+  } else if (header instanceof Headers) {
+    hasContentLength = header.has("content-length");
+    header = buildOutgoingHttpHeaders(header);
+  } else if (Array.isArray(header)) {
+    const headerObj = new Headers(header);
+    hasContentLength = headerObj.has("content-length");
+    header = buildOutgoingHttpHeaders(headerObj);
+  } else {
+    for (const key in header) {
+      if (key.length === 14 && key.toLowerCase() === "content-length") {
+        hasContentLength = true;
+        break;
+      }
+    }
+  }
+  if (!hasContentLength) {
+    if (typeof body === "string") {
+      header["Content-Length"] = Buffer.byteLength(body);
+    } else if (body instanceof Uint8Array) {
+      header["Content-Length"] = body.byteLength;
+    } else if (body instanceof Blob) {
+      header["Content-Length"] = body.size;
+    }
+  }
+  outgoing.writeHead(status, header);
+  if (typeof body === "string" || body instanceof Uint8Array) {
+    outgoing.end(body);
+  } else if (body instanceof Blob) {
+    outgoing.end(new Uint8Array(await body.arrayBuffer()));
+  } else {
+    flushHeaders(outgoing);
+    await writeFromReadableStream(body, outgoing)?.catch(
+      (e) => handleResponseError(e, outgoing)
+    );
+  }
+  ;
+  outgoing[outgoingEnded]?.();
+};
+var isPromise = (res) => typeof res.then === "function";
+var responseViaResponseObject = async (res, outgoing, options = {}) => {
+  if (isPromise(res)) {
+    if (options.errorHandler) {
+      try {
+        res = await res;
+      } catch (err) {
+        const errRes = await options.errorHandler(err);
+        if (!errRes) {
+          return;
+        }
+        res = errRes;
+      }
+    } else {
+      res = await res.catch(handleFetchError);
+    }
+  }
+  if (cacheKey in res) {
+    return responseViaCache(res, outgoing);
+  }
+  const resHeaderRecord = buildOutgoingHttpHeaders(res.headers);
+  if (res.body) {
+    const reader = res.body.getReader();
+    const values = [];
+    let done = false;
+    let currentReadPromise = void 0;
+    if (resHeaderRecord["transfer-encoding"] !== "chunked") {
+      let maxReadCount = 2;
+      for (let i = 0; i < maxReadCount; i++) {
+        currentReadPromise ||= reader.read();
+        const chunk = await readWithoutBlocking(currentReadPromise).catch((e) => {
+          console.error(e);
+          done = true;
+        });
+        if (!chunk) {
+          if (i === 1) {
+            await new Promise((resolve2) => setTimeout(resolve2));
+            maxReadCount = 3;
+            continue;
+          }
+          break;
+        }
+        currentReadPromise = void 0;
+        if (chunk.value) {
+          values.push(chunk.value);
+        }
+        if (chunk.done) {
+          done = true;
+          break;
+        }
+      }
+      if (done && !("content-length" in resHeaderRecord)) {
+        resHeaderRecord["content-length"] = values.reduce((acc, value) => acc + value.length, 0);
+      }
+    }
+    outgoing.writeHead(res.status, resHeaderRecord);
+    values.forEach((value) => {
+      ;
+      outgoing.write(value);
+    });
+    if (done) {
+      outgoing.end();
+    } else {
+      if (values.length === 0) {
+        flushHeaders(outgoing);
+      }
+      await writeFromReadableStreamDefaultReader(reader, outgoing, currentReadPromise);
+    }
+  } else if (resHeaderRecord[X_ALREADY_SENT]) {
+  } else {
+    outgoing.writeHead(res.status, resHeaderRecord);
+    outgoing.end();
+  }
+  ;
+  outgoing[outgoingEnded]?.();
+};
+var getRequestListener = (fetchCallback, options = {}) => {
+  const autoCleanupIncoming = options.autoCleanupIncoming ?? true;
+  if (options.overrideGlobalObjects !== false && global.Request !== Request) {
+    Object.defineProperty(global, "Request", {
+      value: Request
+    });
+    Object.defineProperty(global, "Response", {
+      value: Response2
+    });
+  }
+  return async (incoming, outgoing) => {
+    let res, req;
+    try {
+      req = newRequest(incoming, options.hostname);
+      let incomingEnded = !autoCleanupIncoming || incoming.method === "GET" || incoming.method === "HEAD";
+      if (!incomingEnded) {
+        ;
+        incoming[wrapBodyStream] = true;
+        incoming.on("end", () => {
+          incomingEnded = true;
+        });
+        if (incoming instanceof Http2ServerRequest2) {
+          ;
+          outgoing[outgoingEnded] = () => {
+            if (!incomingEnded) {
+              setTimeout(() => {
+                if (!incomingEnded) {
+                  setTimeout(() => {
+                    drainIncoming(incoming);
+                  });
+                }
+              });
+            }
+          };
+        }
+        outgoing.on("finish", () => {
+          if (!incomingEnded) {
+            drainIncoming(incoming);
+          }
+        });
+      }
+      outgoing.on("close", () => {
+        const abortController = req[abortControllerKey];
+        if (abortController) {
+          if (incoming.errored) {
+            req[abortControllerKey].abort(incoming.errored.toString());
+          } else if (!outgoing.writableFinished) {
+            req[abortControllerKey].abort("Client connection prematurely closed.");
+          }
+        }
+        if (!incomingEnded) {
+          setTimeout(() => {
+            if (!incomingEnded) {
+              setTimeout(() => {
+                drainIncoming(incoming);
+              });
+            }
+          });
+        }
+      });
+      res = fetchCallback(req, { incoming, outgoing });
+      if (cacheKey in res) {
+        return responseViaCache(res, outgoing);
+      }
+    } catch (e) {
+      if (!res) {
+        if (options.errorHandler) {
+          res = await options.errorHandler(req ? e : toRequestError(e));
+          if (!res) {
+            return;
+          }
+        } else if (!req) {
+          res = handleRequestError();
+        } else {
+          res = handleFetchError(e);
+        }
+      } else {
+        return handleResponseError(e, outgoing);
+      }
+    }
+    try {
+      return await responseViaResponseObject(res, outgoing, options);
+    } catch (e) {
+      return handleResponseError(e, outgoing);
+    }
+  };
+};
+
+// ../node_modules/@modelcontextprotocol/sdk/dist/esm/server/webStandardStreamableHttp.js
+var WebStandardStreamableHTTPServerTransport = class {
+  constructor(options = {}) {
+    this._started = false;
+    this._hasHandledRequest = false;
+    this._streamMapping = /* @__PURE__ */ new Map();
+    this._requestToStreamMapping = /* @__PURE__ */ new Map();
+    this._requestResponseMap = /* @__PURE__ */ new Map();
+    this._initialized = false;
+    this._enableJsonResponse = false;
+    this._standaloneSseStreamId = "_GET_stream";
+    this.sessionIdGenerator = options.sessionIdGenerator;
+    this._enableJsonResponse = options.enableJsonResponse ?? false;
+    this._eventStore = options.eventStore;
+    this._onsessioninitialized = options.onsessioninitialized;
+    this._onsessionclosed = options.onsessionclosed;
+    this._allowedHosts = options.allowedHosts;
+    this._allowedOrigins = options.allowedOrigins;
+    this._enableDnsRebindingProtection = options.enableDnsRebindingProtection ?? false;
+    this._retryInterval = options.retryInterval;
+  }
+  /**
+   * Starts the transport. This is required by the Transport interface but is a no-op
+   * for the Streamable HTTP transport as connections are managed per-request.
+   */
+  async start() {
+    if (this._started) {
+      throw new Error("Transport already started");
+    }
+    this._started = true;
+  }
+  /**
+   * Helper to create a JSON error response
+   */
+  createJsonErrorResponse(status, code, message, options) {
+    const error2 = { code, message };
+    if (options?.data !== void 0) {
+      error2.data = options.data;
+    }
+    return new Response(JSON.stringify({
+      jsonrpc: "2.0",
+      error: error2,
+      id: null
+    }), {
+      status,
+      headers: {
+        "Content-Type": "application/json",
+        ...options?.headers
+      }
+    });
+  }
+  /**
+   * Validates request headers for DNS rebinding protection.
+   * @returns Error response if validation fails, undefined if validation passes.
+   */
+  validateRequestHeaders(req) {
+    if (!this._enableDnsRebindingProtection) {
+      return void 0;
+    }
+    if (this._allowedHosts && this._allowedHosts.length > 0) {
+      const hostHeader = req.headers.get("host");
+      if (!hostHeader || !this._allowedHosts.includes(hostHeader)) {
+        const error2 = `Invalid Host header: ${hostHeader}`;
+        this.onerror?.(new Error(error2));
+        return this.createJsonErrorResponse(403, -32e3, error2);
+      }
+    }
+    if (this._allowedOrigins && this._allowedOrigins.length > 0) {
+      const originHeader = req.headers.get("origin");
+      if (originHeader && !this._allowedOrigins.includes(originHeader)) {
+        const error2 = `Invalid Origin header: ${originHeader}`;
+        this.onerror?.(new Error(error2));
+        return this.createJsonErrorResponse(403, -32e3, error2);
+      }
+    }
+    return void 0;
+  }
+  /**
+   * Handles an incoming HTTP request, whether GET, POST, or DELETE
+   * Returns a Response object (Web Standard)
+   */
+  async handleRequest(req, options) {
+    if (!this.sessionIdGenerator && this._hasHandledRequest) {
+      throw new Error("Stateless transport cannot be reused across requests. Create a new transport per request.");
+    }
+    this._hasHandledRequest = true;
+    const validationError = this.validateRequestHeaders(req);
+    if (validationError) {
+      return validationError;
+    }
+    switch (req.method) {
+      case "POST":
+        return this.handlePostRequest(req, options);
+      case "GET":
+        return this.handleGetRequest(req);
+      case "DELETE":
+        return this.handleDeleteRequest(req);
+      default:
+        return this.handleUnsupportedRequest();
+    }
+  }
+  /**
+   * Writes a priming event to establish resumption capability.
+   * Only sends if eventStore is configured (opt-in for resumability) and
+   * the client's protocol version supports empty SSE data (>= 2025-11-25).
+   */
+  async writePrimingEvent(controller, encoder, streamId, protocolVersion) {
+    if (!this._eventStore) {
+      return;
+    }
+    if (protocolVersion < "2025-11-25") {
+      return;
+    }
+    const primingEventId = await this._eventStore.storeEvent(streamId, {});
+    let primingEvent = `id: ${primingEventId}
+data: 
+
+`;
+    if (this._retryInterval !== void 0) {
+      primingEvent = `id: ${primingEventId}
+retry: ${this._retryInterval}
+data: 
+
+`;
+    }
+    controller.enqueue(encoder.encode(primingEvent));
+  }
+  /**
+   * Handles GET requests for SSE stream
+   */
+  async handleGetRequest(req) {
+    const acceptHeader = req.headers.get("accept");
+    if (!acceptHeader?.includes("text/event-stream")) {
+      this.onerror?.(new Error("Not Acceptable: Client must accept text/event-stream"));
+      return this.createJsonErrorResponse(406, -32e3, "Not Acceptable: Client must accept text/event-stream");
+    }
+    const sessionError = this.validateSession(req);
+    if (sessionError) {
+      return sessionError;
+    }
+    const protocolError = this.validateProtocolVersion(req);
+    if (protocolError) {
+      return protocolError;
+    }
+    if (this._eventStore) {
+      const lastEventId = req.headers.get("last-event-id");
+      if (lastEventId) {
+        return this.replayEvents(lastEventId);
+      }
+    }
+    if (this._streamMapping.get(this._standaloneSseStreamId) !== void 0) {
+      this.onerror?.(new Error("Conflict: Only one SSE stream is allowed per session"));
+      return this.createJsonErrorResponse(409, -32e3, "Conflict: Only one SSE stream is allowed per session");
+    }
+    const encoder = new TextEncoder();
+    let streamController;
+    const readable = new ReadableStream({
+      start: (controller) => {
+        streamController = controller;
+      },
+      cancel: () => {
+        this._streamMapping.delete(this._standaloneSseStreamId);
+      }
+    });
+    const headers = {
+      "Content-Type": "text/event-stream",
+      "Cache-Control": "no-cache, no-transform",
+      Connection: "keep-alive"
+    };
+    if (this.sessionId !== void 0) {
+      headers["mcp-session-id"] = this.sessionId;
+    }
+    this._streamMapping.set(this._standaloneSseStreamId, {
+      controller: streamController,
+      encoder,
+      cleanup: () => {
+        this._streamMapping.delete(this._standaloneSseStreamId);
+        try {
+          streamController.close();
+        } catch {
+        }
+      }
+    });
+    return new Response(readable, { headers });
+  }
+  /**
+   * Replays events that would have been sent after the specified event ID
+   * Only used when resumability is enabled
+   */
+  async replayEvents(lastEventId) {
+    if (!this._eventStore) {
+      this.onerror?.(new Error("Event store not configured"));
+      return this.createJsonErrorResponse(400, -32e3, "Event store not configured");
+    }
+    try {
+      let streamId;
+      if (this._eventStore.getStreamIdForEventId) {
+        streamId = await this._eventStore.getStreamIdForEventId(lastEventId);
+        if (!streamId) {
+          this.onerror?.(new Error("Invalid event ID format"));
+          return this.createJsonErrorResponse(400, -32e3, "Invalid event ID format");
+        }
+        if (this._streamMapping.get(streamId) !== void 0) {
+          this.onerror?.(new Error("Conflict: Stream already has an active connection"));
+          return this.createJsonErrorResponse(409, -32e3, "Conflict: Stream already has an active connection");
+        }
+      }
+      const headers = {
+        "Content-Type": "text/event-stream",
+        "Cache-Control": "no-cache, no-transform",
+        Connection: "keep-alive"
+      };
+      if (this.sessionId !== void 0) {
+        headers["mcp-session-id"] = this.sessionId;
+      }
+      const encoder = new TextEncoder();
+      let streamController;
+      const readable = new ReadableStream({
+        start: (controller) => {
+          streamController = controller;
+        },
+        cancel: () => {
+        }
+      });
+      const replayedStreamId = await this._eventStore.replayEventsAfter(lastEventId, {
+        send: async (eventId, message) => {
+          const success = this.writeSSEEvent(streamController, encoder, message, eventId);
+          if (!success) {
+            this.onerror?.(new Error("Failed replay events"));
+            try {
+              streamController.close();
+            } catch {
+            }
+          }
+        }
+      });
+      this._streamMapping.set(replayedStreamId, {
+        controller: streamController,
+        encoder,
+        cleanup: () => {
+          this._streamMapping.delete(replayedStreamId);
+          try {
+            streamController.close();
+          } catch {
+          }
+        }
+      });
+      return new Response(readable, { headers });
+    } catch (error2) {
+      this.onerror?.(error2);
+      return this.createJsonErrorResponse(500, -32e3, "Error replaying events");
+    }
+  }
+  /**
+   * Writes an event to an SSE stream via controller with proper formatting
+   */
+  writeSSEEvent(controller, encoder, message, eventId) {
+    try {
+      let eventData = `event: message
+`;
+      if (eventId) {
+        eventData += `id: ${eventId}
+`;
+      }
+      eventData += `data: ${JSON.stringify(message)}
+
+`;
+      controller.enqueue(encoder.encode(eventData));
+      return true;
+    } catch (error2) {
+      this.onerror?.(error2);
+      return false;
+    }
+  }
+  /**
+   * Handles unsupported requests (PUT, PATCH, etc.)
+   */
+  handleUnsupportedRequest() {
+    this.onerror?.(new Error("Method not allowed."));
+    return new Response(JSON.stringify({
+      jsonrpc: "2.0",
+      error: {
+        code: -32e3,
+        message: "Method not allowed."
+      },
+      id: null
+    }), {
+      status: 405,
+      headers: {
+        Allow: "GET, POST, DELETE",
+        "Content-Type": "application/json"
+      }
+    });
+  }
+  /**
+   * Handles POST requests containing JSON-RPC messages
+   */
+  async handlePostRequest(req, options) {
+    try {
+      const acceptHeader = req.headers.get("accept");
+      if (!acceptHeader?.includes("application/json") || !acceptHeader.includes("text/event-stream")) {
+        this.onerror?.(new Error("Not Acceptable: Client must accept both application/json and text/event-stream"));
+        return this.createJsonErrorResponse(406, -32e3, "Not Acceptable: Client must accept both application/json and text/event-stream");
+      }
+      const ct = req.headers.get("content-type");
+      if (!ct || !ct.includes("application/json")) {
+        this.onerror?.(new Error("Unsupported Media Type: Content-Type must be application/json"));
+        return this.createJsonErrorResponse(415, -32e3, "Unsupported Media Type: Content-Type must be application/json");
+      }
+      const requestInfo = {
+        headers: Object.fromEntries(req.headers.entries()),
+        url: new URL(req.url)
+      };
+      let rawMessage;
+      if (options?.parsedBody !== void 0) {
+        rawMessage = options.parsedBody;
+      } else {
+        try {
+          rawMessage = await req.json();
+        } catch {
+          this.onerror?.(new Error("Parse error: Invalid JSON"));
+          return this.createJsonErrorResponse(400, -32700, "Parse error: Invalid JSON");
+        }
+      }
+      let messages;
+      try {
+        if (Array.isArray(rawMessage)) {
+          messages = rawMessage.map((msg) => JSONRPCMessageSchema.parse(msg));
+        } else {
+          messages = [JSONRPCMessageSchema.parse(rawMessage)];
+        }
+      } catch {
+        this.onerror?.(new Error("Parse error: Invalid JSON-RPC message"));
+        return this.createJsonErrorResponse(400, -32700, "Parse error: Invalid JSON-RPC message");
+      }
+      const isInitializationRequest = messages.some(isInitializeRequest);
+      if (isInitializationRequest) {
+        if (this._initialized && this.sessionId !== void 0) {
+          this.onerror?.(new Error("Invalid Request: Server already initialized"));
+          return this.createJsonErrorResponse(400, -32600, "Invalid Request: Server already initialized");
+        }
+        if (messages.length > 1) {
+          this.onerror?.(new Error("Invalid Request: Only one initialization request is allowed"));
+          return this.createJsonErrorResponse(400, -32600, "Invalid Request: Only one initialization request is allowed");
+        }
+        this.sessionId = this.sessionIdGenerator?.();
+        this._initialized = true;
+        if (this.sessionId && this._onsessioninitialized) {
+          await Promise.resolve(this._onsessioninitialized(this.sessionId));
+        }
+      }
+      if (!isInitializationRequest) {
+        const sessionError = this.validateSession(req);
+        if (sessionError) {
+          return sessionError;
+        }
+        const protocolError = this.validateProtocolVersion(req);
+        if (protocolError) {
+          return protocolError;
+        }
+      }
+      const hasRequests = messages.some(isJSONRPCRequest);
+      if (!hasRequests) {
+        for (const message of messages) {
+          this.onmessage?.(message, { authInfo: options?.authInfo, requestInfo });
+        }
+        return new Response(null, { status: 202 });
+      }
+      const streamId = crypto.randomUUID();
+      const initRequest = messages.find((m) => isInitializeRequest(m));
+      const clientProtocolVersion = initRequest ? initRequest.params.protocolVersion : req.headers.get("mcp-protocol-version") ?? DEFAULT_NEGOTIATED_PROTOCOL_VERSION;
+      if (this._enableJsonResponse) {
+        return new Promise((resolve2) => {
+          this._streamMapping.set(streamId, {
+            resolveJson: resolve2,
+            cleanup: () => {
+              this._streamMapping.delete(streamId);
+            }
+          });
+          for (const message of messages) {
+            if (isJSONRPCRequest(message)) {
+              this._requestToStreamMapping.set(message.id, streamId);
+            }
+          }
+          for (const message of messages) {
+            this.onmessage?.(message, { authInfo: options?.authInfo, requestInfo });
+          }
+        });
+      }
+      const encoder = new TextEncoder();
+      let streamController;
+      const readable = new ReadableStream({
+        start: (controller) => {
+          streamController = controller;
+        },
+        cancel: () => {
+          this._streamMapping.delete(streamId);
+        }
+      });
+      const headers = {
+        "Content-Type": "text/event-stream",
+        "Cache-Control": "no-cache",
+        Connection: "keep-alive"
+      };
+      if (this.sessionId !== void 0) {
+        headers["mcp-session-id"] = this.sessionId;
+      }
+      for (const message of messages) {
+        if (isJSONRPCRequest(message)) {
+          this._streamMapping.set(streamId, {
+            controller: streamController,
+            encoder,
+            cleanup: () => {
+              this._streamMapping.delete(streamId);
+              try {
+                streamController.close();
+              } catch {
+              }
+            }
+          });
+          this._requestToStreamMapping.set(message.id, streamId);
+        }
+      }
+      await this.writePrimingEvent(streamController, encoder, streamId, clientProtocolVersion);
+      for (const message of messages) {
+        let closeSSEStream;
+        let closeStandaloneSSEStream;
+        if (isJSONRPCRequest(message) && this._eventStore && clientProtocolVersion >= "2025-11-25") {
+          closeSSEStream = () => {
+            this.closeSSEStream(message.id);
+          };
+          closeStandaloneSSEStream = () => {
+            this.closeStandaloneSSEStream();
+          };
+        }
+        this.onmessage?.(message, { authInfo: options?.authInfo, requestInfo, closeSSEStream, closeStandaloneSSEStream });
+      }
+      return new Response(readable, { status: 200, headers });
+    } catch (error2) {
+      this.onerror?.(error2);
+      return this.createJsonErrorResponse(400, -32700, "Parse error", { data: String(error2) });
+    }
+  }
+  /**
+   * Handles DELETE requests to terminate sessions
+   */
+  async handleDeleteRequest(req) {
+    const sessionError = this.validateSession(req);
+    if (sessionError) {
+      return sessionError;
+    }
+    const protocolError = this.validateProtocolVersion(req);
+    if (protocolError) {
+      return protocolError;
+    }
+    await Promise.resolve(this._onsessionclosed?.(this.sessionId));
+    await this.close();
+    return new Response(null, { status: 200 });
+  }
+  /**
+   * Validates session ID for non-initialization requests.
+   * Returns Response error if invalid, undefined otherwise
+   */
+  validateSession(req) {
+    if (this.sessionIdGenerator === void 0) {
+      return void 0;
+    }
+    if (!this._initialized) {
+      this.onerror?.(new Error("Bad Request: Server not initialized"));
+      return this.createJsonErrorResponse(400, -32e3, "Bad Request: Server not initialized");
+    }
+    const sessionId = req.headers.get("mcp-session-id");
+    if (!sessionId) {
+      this.onerror?.(new Error("Bad Request: Mcp-Session-Id header is required"));
+      return this.createJsonErrorResponse(400, -32e3, "Bad Request: Mcp-Session-Id header is required");
+    }
+    if (sessionId !== this.sessionId) {
+      this.onerror?.(new Error("Session not found"));
+      return this.createJsonErrorResponse(404, -32001, "Session not found");
+    }
+    return void 0;
+  }
+  /**
+   * Validates the MCP-Protocol-Version header on incoming requests.
+   *
+   * For initialization: Version negotiation handles unknown versions gracefully
+   * (server responds with its supported version).
+   *
+   * For subsequent requests with MCP-Protocol-Version header:
+   * - Accept if in supported list
+   * - 400 if unsupported
+   *
+   * For HTTP requests without the MCP-Protocol-Version header:
+   * - Accept and default to the version negotiated at initialization
+   */
+  validateProtocolVersion(req) {
+    const protocolVersion = req.headers.get("mcp-protocol-version");
+    if (protocolVersion !== null && !SUPPORTED_PROTOCOL_VERSIONS.includes(protocolVersion)) {
+      this.onerror?.(new Error(`Bad Request: Unsupported protocol version: ${protocolVersion} (supported versions: ${SUPPORTED_PROTOCOL_VERSIONS.join(", ")})`));
+      return this.createJsonErrorResponse(400, -32e3, `Bad Request: Unsupported protocol version: ${protocolVersion} (supported versions: ${SUPPORTED_PROTOCOL_VERSIONS.join(", ")})`);
+    }
+    return void 0;
+  }
+  async close() {
+    this._streamMapping.forEach(({ cleanup }) => {
+      cleanup();
+    });
+    this._streamMapping.clear();
+    this._requestResponseMap.clear();
+    this.onclose?.();
+  }
+  /**
+   * Close an SSE stream for a specific request, triggering client reconnection.
+   * Use this to implement polling behavior during long-running operations -
+   * client will reconnect after the retry interval specified in the priming event.
+   */
+  closeSSEStream(requestId) {
+    const streamId = this._requestToStreamMapping.get(requestId);
+    if (!streamId)
+      return;
+    const stream = this._streamMapping.get(streamId);
+    if (stream) {
+      stream.cleanup();
+    }
+  }
+  /**
+   * Close the standalone GET SSE stream, triggering client reconnection.
+   * Use this to implement polling behavior for server-initiated notifications.
+   */
+  closeStandaloneSSEStream() {
+    const stream = this._streamMapping.get(this._standaloneSseStreamId);
+    if (stream) {
+      stream.cleanup();
+    }
+  }
+  async send(message, options) {
+    let requestId = options?.relatedRequestId;
+    if (isJSONRPCResultResponse(message) || isJSONRPCErrorResponse(message)) {
+      requestId = message.id;
+    }
+    if (requestId === void 0) {
+      if (isJSONRPCResultResponse(message) || isJSONRPCErrorResponse(message)) {
+        throw new Error("Cannot send a response on a standalone SSE stream unless resuming a previous client request");
+      }
+      let eventId;
+      if (this._eventStore) {
+        eventId = await this._eventStore.storeEvent(this._standaloneSseStreamId, message);
+      }
+      const standaloneSse = this._streamMapping.get(this._standaloneSseStreamId);
+      if (standaloneSse === void 0) {
+        return;
+      }
+      if (standaloneSse.controller && standaloneSse.encoder) {
+        this.writeSSEEvent(standaloneSse.controller, standaloneSse.encoder, message, eventId);
+      }
+      return;
+    }
+    const streamId = this._requestToStreamMapping.get(requestId);
+    if (!streamId) {
+      throw new Error(`No connection established for request ID: ${String(requestId)}`);
+    }
+    const stream = this._streamMapping.get(streamId);
+    if (!this._enableJsonResponse && stream?.controller && stream?.encoder) {
+      let eventId;
+      if (this._eventStore) {
+        eventId = await this._eventStore.storeEvent(streamId, message);
+      }
+      this.writeSSEEvent(stream.controller, stream.encoder, message, eventId);
+    }
+    if (isJSONRPCResultResponse(message) || isJSONRPCErrorResponse(message)) {
+      this._requestResponseMap.set(requestId, message);
+      const relatedIds = Array.from(this._requestToStreamMapping.entries()).filter(([_, sid]) => sid === streamId).map(([id]) => id);
+      const allResponsesReady = relatedIds.every((id) => this._requestResponseMap.has(id));
+      if (allResponsesReady) {
+        if (!stream) {
+          throw new Error(`No connection established for request ID: ${String(requestId)}`);
+        }
+        if (this._enableJsonResponse && stream.resolveJson) {
+          const headers = {
+            "Content-Type": "application/json"
+          };
+          if (this.sessionId !== void 0) {
+            headers["mcp-session-id"] = this.sessionId;
+          }
+          const responses = relatedIds.map((id) => this._requestResponseMap.get(id));
+          if (responses.length === 1) {
+            stream.resolveJson(new Response(JSON.stringify(responses[0]), { status: 200, headers }));
+          } else {
+            stream.resolveJson(new Response(JSON.stringify(responses), { status: 200, headers }));
+          }
+        } else {
+          stream.cleanup();
+        }
+        for (const id of relatedIds) {
+          this._requestResponseMap.delete(id);
+          this._requestToStreamMapping.delete(id);
+        }
+      }
+    }
+  }
+};
+
+// ../node_modules/@modelcontextprotocol/sdk/dist/esm/server/streamableHttp.js
+var StreamableHTTPServerTransport = class {
+  constructor(options = {}) {
+    this._requestContext = /* @__PURE__ */ new WeakMap();
+    this._webStandardTransport = new WebStandardStreamableHTTPServerTransport(options);
+    this._requestListener = getRequestListener(async (webRequest) => {
+      const context = this._requestContext.get(webRequest);
+      return this._webStandardTransport.handleRequest(webRequest, {
+        authInfo: context?.authInfo,
+        parsedBody: context?.parsedBody
+      });
+    }, { overrideGlobalObjects: false });
+  }
+  /**
+   * Gets the session ID for this transport instance.
+   */
+  get sessionId() {
+    return this._webStandardTransport.sessionId;
+  }
+  /**
+   * Sets callback for when the transport is closed.
+   */
+  set onclose(handler) {
+    this._webStandardTransport.onclose = handler;
+  }
+  get onclose() {
+    return this._webStandardTransport.onclose;
+  }
+  /**
+   * Sets callback for transport errors.
+   */
+  set onerror(handler) {
+    this._webStandardTransport.onerror = handler;
+  }
+  get onerror() {
+    return this._webStandardTransport.onerror;
+  }
+  /**
+   * Sets callback for incoming messages.
+   */
+  set onmessage(handler) {
+    this._webStandardTransport.onmessage = handler;
+  }
+  get onmessage() {
+    return this._webStandardTransport.onmessage;
+  }
+  /**
+   * Starts the transport. This is required by the Transport interface but is a no-op
+   * for the Streamable HTTP transport as connections are managed per-request.
+   */
+  async start() {
+    return this._webStandardTransport.start();
+  }
+  /**
+   * Closes the transport and all active connections.
+   */
+  async close() {
+    return this._webStandardTransport.close();
+  }
+  /**
+   * Sends a JSON-RPC message through the transport.
+   */
+  async send(message, options) {
+    return this._webStandardTransport.send(message, options);
+  }
+  /**
+   * Handles an incoming HTTP request, whether GET or POST.
+   *
+   * This method converts Node.js HTTP objects to Web Standard Request/Response
+   * and delegates to the underlying WebStandardStreamableHTTPServerTransport.
+   *
+   * @param req - Node.js IncomingMessage, optionally with auth property from middleware
+   * @param res - Node.js ServerResponse
+   * @param parsedBody - Optional pre-parsed body from body-parser middleware
+   */
+  async handleRequest(req, res, parsedBody) {
+    const authInfo = req.auth;
+    const handler = getRequestListener(async (webRequest) => {
+      return this._webStandardTransport.handleRequest(webRequest, {
+        authInfo,
+        parsedBody
+      });
+    }, { overrideGlobalObjects: false });
+    await handler(req, res);
+  }
+  /**
+   * Close an SSE stream for a specific request, triggering client reconnection.
+   * Use this to implement polling behavior during long-running operations -
+   * client will reconnect after the retry interval specified in the priming event.
+   */
+  closeSSEStream(requestId) {
+    this._webStandardTransport.closeSSEStream(requestId);
+  }
+  /**
+   * Close the standalone GET SSE stream, triggering client reconnection.
+   * Use this to implement polling behavior for server-initiated notifications.
+   */
+  closeStandaloneSSEStream() {
+    this._webStandardTransport.closeStandaloneSSEStream();
+  }
+};
+
 // src/index.ts
 import { homedir } from "node:os";
-import { resolve } from "node:path";
-var VERSION = true ? "0.2.0" : "0.0.0-dev";
-var STATE_DIR = resolve(process.env.A2ADAPT_STATE_DIR ?? resolve(homedir(), ".a2adapt"));
-var BROKER_URL = process.env.A2ADAPT_BROKER_URL ?? "ws://localhost:9000";
+import { resolve, join, dirname } from "node:path";
+import { fileURLToPath } from "node:url";
+import { randomBytes, randomUUID } from "node:crypto";
+import { createServer as createHttpServer } from "node:http";
+import * as fs from "node:fs";
+import { adapt_wrapper } from "@adapt-toolkit/sdk/executables";
+import { PacketWrapperConfigurator } from "@adapt-toolkit/sdk/wrappers";
+import { object_to_adapt_value } from "@adapt-toolkit/sdk/wrapper";
+var VERSION = true ? "0.3.0" : "0.0.0-dev";
+var STATE_DIR = resolve(
+  process.env.A2ADAPT_STATE_DIR ?? resolve(homedir(), ".a2adapt")
+);
+var BROKER_URL = process.env.A2ADAPT_BROKER_URL ?? "wss://a2adapt.adaptframework.solutions/broker";
+var TRANSPORT = process.env.A2ADAPT_TRANSPORT ?? "http";
+var PORT = parseInt(process.env.A2ADAPT_PORT ?? "3030", 10);
+var log = (...parts) => process.stderr.write(`a2adapt: ${parts.join(" ")}
+`);
+var NAME_RE = /^[A-Za-z0-9 _.-]{1,64}$/;
+function validateName(name) {
+  if (!NAME_RE.test(name)) {
+    return "name must be 1-64 chars of letters, digits, space, _ . or -";
+  }
+  if (name === "." || name === ".." || name.includes("/") || name.includes("\\")) {
+    return "invalid name";
+  }
+  return null;
+}
+function locateUnit() {
+  const here = dirname(fileURLToPath(import.meta.url));
+  const override = process.env.A2ADAPT_UNIT_DIR;
+  const candidates = override ? [resolve(override)] : [join(here, "mufl_code"), join(here, "..", "mufl_code")];
+  for (const dir of candidates) {
+    if (!fs.existsSync(dir)) continue;
+    const muflo = fs.readdirSync(dir).find((f) => f.endsWith(".muflo"));
+    if (muflo) {
+      const hash = muflo.slice(0, -".muflo".length);
+      const contents = new Uint8Array(fs.readFileSync(join(dir, muflo)));
+      return { dir, hash, contents };
+    }
+  }
+  throw new Error(
+    `no compiled .muflo packet found (looked in: ${candidates.join(", ")})`
+  );
+}
+var UNIT;
+var wrapper;
+var identities = /* @__PURE__ */ new Map();
+var sessionBinding = /* @__PURE__ */ new Map();
+var bindingOwner = /* @__PURE__ */ new Map();
+var evictedSessions = /* @__PURE__ */ new Set();
+var identityDir = (name) => join(STATE_DIR, name);
+var seedPath = (dir) => join(dir, "identity.seed");
+var dataPath = (dir) => join(dir, "state_data.bin");
+var cursorPath = (dir) => join(dir, "inbox_cursor");
+var inboxLogPath = (dir) => join(dir, "inbox.log");
+function listPersistedNames() {
+  if (!fs.existsSync(STATE_DIR)) return [];
+  return fs.readdirSync(STATE_DIR, { withFileTypes: true }).filter((d) => d.isDirectory() && fs.existsSync(seedPath(join(STATE_DIR, d.name)))).map((d) => d.name);
+}
+function hasSavedState(dir) {
+  try {
+    return fs.existsSync(dataPath(dir)) && fs.statSync(dataPath(dir)).size > 0;
+  } catch {
+    return false;
+  }
+}
+function saveState(id) {
+  try {
+    const exported = id.pw.packet.ExecuteTransaction(
+      object_to_adapt_value({ name: "::actor::export_state", targ: void 0 })
+    );
+    const bytes = Buffer.from(exported.Serialize());
+    fs.mkdirSync(id.dir, { recursive: true });
+    const tmp = `${dataPath(id.dir)}.tmp`;
+    fs.writeFileSync(tmp, bytes);
+    fs.renameSync(tmp, dataPath(id.dir));
+  } catch (err) {
+    log(`[${id.name}] failed to save state:`, String(err));
+  }
+}
+function readCursor(dir) {
+  try {
+    return parseInt(fs.readFileSync(cursorPath(dir), "utf8").trim(), 10) || 0;
+  } catch {
+    return 0;
+  }
+}
+function writeCursor(dir, n) {
+  try {
+    fs.mkdirSync(dir, { recursive: true });
+    fs.writeFileSync(cursorPath(dir), String(n));
+  } catch {
+  }
+}
+function appendInboxLog(id, sender, text, date3) {
+  try {
+    fs.mkdirSync(id.dir, { recursive: true });
+    const line = JSON.stringify({ sender, text, date: date3 }) + "\n";
+    fs.appendFileSync(inboxLogPath(id.dir), line);
+  } catch (err) {
+    log(`[${id.name}] failed to append inbox.log:`, String(err));
+  }
+}
+var activeMcpServers = /* @__PURE__ */ new Set();
+var inboxResourceUri = (name) => `a2adapt://inbox/${encodeURIComponent(name)}`;
+function pushNotification(identityName, summary) {
+  log(`[${identityName}] notify:`, summary);
+  for (const server of activeMcpServers) {
+    try {
+      server.sendLoggingMessage({ level: "info", logger: "a2adapt", data: summary });
+    } catch (e) {
+      log("sendLoggingMessage failed:", String(e));
+    }
+    try {
+      server.server.sendResourceUpdated({ uri: inboxResourceUri(identityName) });
+    } catch {
+    }
+  }
+}
+function readonlyTx(id, name) {
+  return id.pw.packet.ExecuteTransaction(
+    object_to_adapt_value({ name, targ: void 0 })
+  );
+}
+async function withLock(id, fn) {
+  const prev = id.lock;
+  let release;
+  id.lock = new Promise((r) => release = r);
+  await prev;
+  try {
+    return await fn();
+  } finally {
+    release();
+  }
+}
+function enqueueMutation(id, envelope, timeoutMs = 25e3) {
+  return new Promise((res, rej) => {
+    const timer = setTimeout(() => {
+      const i = id.pending.findIndex((p) => p.timer === timer);
+      if (i >= 0) id.pending.splice(i, 1);
+      rej(new Error("timed out waiting for the transaction result"));
+    }, timeoutMs);
+    id.pending.push({ resolve: res, reject: rej, timer });
+    id.pw.add_client_message(envelope);
+  });
+}
+function mutatingTx(id, name, targ, timeoutMs) {
+  const envelope = object_to_adapt_value({ name, targ });
+  return withLock(id, () => enqueueMutation(id, envelope, timeoutMs));
+}
+function wireHandlers(id) {
+  id.pw.on_return_data = (data) => {
+    const kind = data.Reduce("kind").Visualize();
+    if (kind === "save_state") {
+      saveState(id);
+      return;
+    }
+    if (kind === "notify_agent") {
+      const payload = data.Reduce("payload");
+      const event = payload.Reduce("event").Visualize();
+      if (event === "message_received") {
+        const sender = payload.Reduce("sender_name").Visualize();
+        const text = payload.Reduce("text").Visualize();
+        const date3 = payload.Reduce("date").Visualize();
+        appendInboxLog(id, sender, text, date3);
+        process.nextTick(
+          () => pushNotification(id.name, `[${id.name}] new message from ${sender}: ${text}  (${date3})`)
+        );
+      } else if (event === "contact_accepted") {
+        const name = payload.Reduce("name").Visualize();
+        const cid = payload.Reduce("container_id").Visualize();
+        process.nextTick(
+          () => pushNotification(id.name, `[${id.name}] contact "${name}" (${cid}) accepted your invite.`)
+        );
+      }
+      return;
+    }
+    const p = id.pending.shift();
+    if (!p) return;
+    clearTimeout(p.timer);
+    p.resolve(data.Reduce("payload"));
+  };
+  id.pw.on_transaction_failure = (message) => {
+    const p = id.pending.shift();
+    if (p) {
+      clearTimeout(p.timer);
+      p.reject(new Error(message));
+    } else {
+      log(`[${id.name}] inbound transaction rejected:`, message);
+    }
+  };
+}
+function createPacket(name, seed, dir) {
+  const config2 = new PacketWrapperConfigurator();
+  config2.process_arguments([
+    "--unit_hash",
+    UNIT.hash,
+    "--seed_phrase",
+    seed,
+    "--unit_dir_path",
+    UNIT.dir
+  ]);
+  return new Promise((resolveCreate, rejectCreate) => {
+    const timer = setTimeout(
+      () => rejectCreate(new Error(`packet creation for "${name}" timed out`)),
+      3e4
+    );
+    wrapper.packet_manager.create_packet(
+      config2,
+      (pw) => {
+        clearTimeout(timer);
+        const id = {
+          name,
+          seed,
+          cid: pw.packet.GetContainerID().Visualize(),
+          pw,
+          dir,
+          pending: [],
+          lock: Promise.resolve()
+        };
+        wireHandlers(id);
+        identities.set(name, id);
+        log(`[${name}] packet created \u2014 container id ${id.cid}`);
+        resolveCreate(id);
+      },
+      UNIT.contents
+    );
+  });
+}
+async function provisionIdentity(name) {
+  const dir = identityDir(name);
+  fs.mkdirSync(dir, { recursive: true });
+  const seed = randomBytes(24).toString("hex");
+  fs.writeFileSync(seedPath(dir), seed, { mode: 384 });
+  const id = await createPacket(name, seed, dir);
+  await mutatingTx(id, "::actor::set_my_name", { name });
+  saveState(id);
+  return id;
+}
+async function restoreIdentity(name) {
+  const dir = identityDir(name);
+  const seed = fs.readFileSync(seedPath(dir), "utf8").trim();
+  const id = await createPacket(name, seed, dir);
+  if (hasSavedState(dir)) {
+    try {
+      const buf = fs.readFileSync(dataPath(dir));
+      const adaptData = id.pw.packet.ParseValue(new Uint8Array(buf));
+      await mutatingTx(id, "::actor::import_state", adaptData);
+    } catch (err) {
+      log(`[${name}] failed to import saved state (continuing fresh):`, String(err));
+    }
+  }
+  return id;
+}
+async function bootWrapper() {
+  UNIT = locateUnit();
+  const argv = [
+    "--broker_address",
+    BROKER_URL,
+    "--test_mode",
+    "--logger_config",
+    "--level",
+    "INFO",
+    "--stdout",
+    "stderr",
+    "--logger_config_end"
+  ];
+  log(`booting wrapper (unit ${UNIT.hash.slice(0, 12)}\u2026, broker ${BROKER_URL})`);
+  wrapper = await adapt_wrapper.start(argv);
+  wrapper.on_packet_created_cb = (cid) => log(`wrapper: packet ready ${cid.slice(0, 12)}\u2026`);
+  wrapper.start();
+  const names = listPersistedNames();
+  if (names.length === 0) {
+    log("no persisted identities \u2014 start with create_identity");
+  } else {
+    log(`restoring ${names.length} identit${names.length === 1 ? "y" : "ies"}: ${names.join(", ")}`);
+    for (const name of names) {
+      try {
+        await restoreIdentity(name);
+      } catch (err) {
+        log(`failed to restore "${name}":`, String(err));
+      }
+    }
+  }
+}
+function resolveBound(sessionId) {
+  if (evictedSessions.has(sessionId)) {
+    return { error: "Your identity binding was reassigned to another session. Call choose_identity again to continue." };
+  }
+  const name = sessionBinding.get(sessionId);
+  if (!name) {
+    return { error: "No identity bound to this session. Call choose_identity (or create_identity) first." };
+  }
+  const id = identities.get(name);
+  if (!id) {
+    sessionBinding.delete(sessionId);
+    bindingOwner.delete(name);
+    return { error: `The bound identity "${name}" no longer exists. Choose another with choose_identity.` };
+  }
+  return { id };
+}
+function bindSession(sessionId, name) {
+  const prev = sessionBinding.get(sessionId);
+  if (prev && prev !== name && bindingOwner.get(prev) === sessionId) {
+    bindingOwner.delete(prev);
+  }
+  sessionBinding.set(sessionId, name);
+  bindingOwner.set(name, sessionId);
+  evictedSessions.delete(sessionId);
+}
+function renderContacts(v) {
+  const out = [];
+  if (v.IsNil()) return out;
+  for (const key of v.GetKeys()) {
+    const c = v.Reduce(key);
+    if (c.IsNil()) continue;
+    out.push({
+      name: c.Reduce("name").Visualize(),
+      container_id: c.Reduce("container_id").Visualize()
+    });
+  }
+  return out;
+}
+function renderInbox(v) {
+  const out = [];
+  if (v.IsNil()) return out;
+  for (let i = 0; ; i++) {
+    const m = v.Reduce(i);
+    if (m.IsNil()) break;
+    out.push({
+      sender_id: m.Reduce("sender_id").Visualize(),
+      sender_name: m.Reduce("sender_name").Visualize(),
+      text: m.Reduce("text").Visualize(),
+      date: m.Reduce("date").Visualize()
+    });
+  }
+  return out;
+}
 function textResult(text, isError = false) {
   return { content: [{ type: "text", text }], isError };
 }
-function nodeNotWiredYet(tool) {
-  return textResult(
-    `a2adapt: the ADAPT node is not wired up yet, so \`${tool}\` cannot run.
-
-This is the v0 scaffold \u2014 the tool surface is registered but the native
-ADAPT wrapper (packet bootstrap + state persistence + broker transport)
-is implemented in workspace task "4. MCP server = native ADAPT wrapper".
+function createMcpServer(getSessionId) {
+  const server = new McpServer(
+    { name: "a2adapt", version: VERSION },
+    { capabilities: { logging: {}, resources: {} } }
+  );
+  activeMcpServers.add(server);
+  const boundOr = () => {
+    const b = resolveBound(getSessionId());
+    return "error" in b ? { err: textResult(b.error, true) } : { id: b.id };
+  };
+  server.tool(
+    "create_identity",
+    "Create a new self-sovereign identity (an ADAPT node) with the given display name and bind it to this session. The name is what peers see for you in invites. Persisted permanently; reject if the name already exists.",
+    { name: external_exports.string().min(1).describe('Display name for the new identity, e.g. "Alice".') },
+    async ({ name }) => {
+      const bad = validateName(name);
+      if (bad) return textResult(`create_identity failed: ${bad}`, true);
+      if (identities.has(name)) return textResult(`create_identity failed: an identity named "${name}" already exists.`, true);
+      try {
+        const id = await provisionIdentity(name);
+        bindSession(getSessionId(), name);
+        return textResult(`Created identity "${name}" (${id.cid}) and bound it to this session.`);
+      } catch (err) {
+        return textResult(`create_identity failed: ${String(err)}`, true);
+      }
+    }
+  );
+  server.tool(
+    "choose_identity",
+    "Bind an existing identity to this session so the messaging tools act as it. Binding is exclusive: if the identity is already in use by another session, this is declined unless force=true, which evicts the other session.",
+    {
+      name: external_exports.string().min(1).describe("Name of the identity to bind."),
+      force: external_exports.boolean().default(false).describe("Evict another session that holds this identity.")
+    },
+    async ({ name, force }) => {
+      if (!identities.has(name)) {
+        return textResult(`choose_identity failed: no identity named "${name}". Create it with create_identity.`, true);
+      }
+      const sid = getSessionId();
+      const holder = bindingOwner.get(name);
+      if (holder && holder !== sid) {
+        if (!force) {
+          return textResult(`choose_identity failed: "${name}" is currently bound to another session. Retry with force=true to take it over.`, true);
+        }
+        evictedSessions.add(holder);
+        sessionBinding.delete(holder);
+        bindingOwner.delete(name);
+      }
+      bindSession(sid, name);
+      const id = identities.get(name);
+      return textResult(`Bound to identity "${name}" (${id.cid}).`);
+    }
+  );
+  server.tool(
+    "list_identities",
+    "List all identities hosted by this node (name + container id), marking which one is bound to this session and which are in use elsewhere.",
+    {},
+    async () => {
+      if (identities.size === 0) return textResult("No identities yet. Create one with create_identity.");
+      const sid = getSessionId();
+      const mine = sessionBinding.get(sid);
+      const lines = [...identities.values()].map((id) => {
+        const holder = bindingOwner.get(id.name);
+        const tag = id.name === mine ? "  \u2190 this session" : holder ? "  (in use by another session)" : "";
+        return `\u2022 ${id.name} \u2014 ${id.cid}${tag}`;
+      });
+      return textResult(`Identities (${identities.size}):
+${lines.join("\n")}`);
+    }
+  );
+  server.tool(
+    "current_identity",
+    "Report the identity currently bound to this session (if any).",
+    {},
+    async () => {
+      const b = resolveBound(getSessionId());
+      if ("error" in b) return textResult(b.error);
+      return textResult(`Bound to "${b.id.name}" (${b.id.cid}).`);
+    }
+  );
+  server.tool(
+    "remove_identity",
+    "Permanently delete a persisted identity \u2014 its packet and all on-disk state. This cannot be undone.",
+    { name: external_exports.string().min(1).describe("Name of the identity to delete.") },
+    async ({ name }) => {
+      const id = identities.get(name);
+      if (!id) return textResult(`remove_identity failed: no identity named "${name}".`, true);
+      try {
+        wrapper.remove_packet(id.cid);
+      } catch (err) {
+        log(`remove_packet(${id.cid}) failed:`, String(err));
+      }
+      identities.delete(name);
+      const holder = bindingOwner.get(name);
+      if (holder) {
+        bindingOwner.delete(name);
+        sessionBinding.delete(holder);
+      }
+      try {
+        fs.rmSync(id.dir, { recursive: true, force: true });
+      } catch (err) {
+        return textResult(`Identity "${name}" removed from memory, but deleting ${id.dir} failed: ${String(err)}`, true);
+      }
+      return textResult(`Removed identity "${name}" and its state.`);
+    }
+  );
+  server.resource(
+    "inbox",
+    "a2adapt://inbox",
+    { description: "Decrypted incoming messages for the bound identity \u2014 auto-notifies on new arrivals." },
+    async () => {
+      const { id, err } = boundOr();
+      const uri = id ? inboxResourceUri(id.name) : "a2adapt://inbox";
+      if (err || !id) return { contents: [{ uri, mimeType: "text/plain", text: "No identity bound to this session." }] };
+      const inbox = renderInbox(readonlyTx(id, "::actor::list_incoming_messages"));
+      const text = inbox.length === 0 ? "Inbox is empty." : `Inbox (${inbox.length}):
+${inbox.map((m, i) => `${i + 1}. [${m.sender_name}] ${m.text}  (${m.date})`).join("\n")}`;
+      return { contents: [{ uri, mimeType: "text/plain", text }] };
+    }
+  );
+  server.tool(
+    "generate_invite",
+    "Generate a named invite to share out-of-band with another agent. The invite carries your identity and display name; whoever redeems it is registered under the name you pass here. Requires a bound identity.",
+    { name: external_exports.string().min(1).describe('Name to register the peer who redeems this invite, e.g. "Bob".') },
+    async ({ name }) => {
+      const { id, err } = boundOr();
+      if (err) return err;
+      try {
+        const data = await mutatingTx(id, "::actor::generate_invite", { name });
+        const blob = Buffer.from(data.Reduce("invite").GetBinary()).toString("base64");
+        return textResult(
+          `Invite for "${name}" created. Share this blob out-of-band (they paste it into add_contact):
 
-State dir:  ${STATE_DIR}
-Broker URL: ${BROKER_URL}`,
-    true
+${blob}`
+        );
+      } catch (e) {
+        return textResult(`generate_invite failed: ${String(e)}`, true);
+      }
+    }
+  );
+  server.tool(
+    "add_contact",
+    "Add a contact from an invite blob produced by another agent's generate_invite. If no name is given, the inviter's embedded display name is used. Also replies to the inviter so they register you back. Requires a bound identity.",
+    {
+      invite: external_exports.string().min(1).describe("The base64 invite blob to redeem."),
+      name: external_exports.string().min(1).optional().describe("Optional custom name for the inviter; defaults to their own name.")
+    },
+    async ({ invite, name }) => {
+      const { id, err } = boundOr();
+      if (err) return err;
+      let buf;
+      try {
+        buf = Buffer.from(invite.trim(), "base64");
+        if (buf.length === 0) throw new Error("empty");
+      } catch {
+        return textResult("add_contact failed: the invite blob is not valid base64.", true);
+      }
+      try {
+        const blobValue = id.pw.packet.NewBinaryFromBuffer(buf);
+        const targ = { invite: blobValue };
+        if (name) targ.name = name;
+        const data = await mutatingTx(id, "::actor::add_contact", targ);
+        const added = data.Reduce("added").Visualize();
+        const cid = data.Reduce("container_id").Visualize();
+        return textResult(`Added contact "${added}" (${cid}).`);
+      } catch (e) {
+        return textResult(`add_contact failed: ${String(e)}`, true);
+      }
+    }
   );
+  server.tool(
+    "list_contacts",
+    "List the contacts the bound identity knows about (name + container id).",
+    {},
+    async () => {
+      const { id, err } = boundOr();
+      if (err) return err;
+      try {
+        const contacts = renderContacts(readonlyTx(id, "::actor::list_contacts"));
+        if (contacts.length === 0) return textResult("No contacts yet.");
+        return textResult(`Contacts (${contacts.length}):
+${contacts.map((c) => `\u2022 ${c.name} \u2014 ${c.container_id}`).join("\n")}`);
+      } catch (e) {
+        return textResult(`list_contacts failed: ${String(e)}`, true);
+      }
+    }
+  );
+  server.tool(
+    "send_message",
+    "Send an end-to-end-encrypted message to a known contact (by name or container id). Requires a bound identity.",
+    {
+      contact: external_exports.string().min(1).describe("Contact name or container id to send to."),
+      text: external_exports.string().min(1).describe("The message text.")
+    },
+    async ({ contact, text }) => {
+      const { id, err } = boundOr();
+      if (err) return err;
+      try {
+        await mutatingTx(id, "::actor::send_message", { contact, text });
+        return textResult(`Message sent to "${contact}".`);
+      } catch (e) {
+        return textResult(`send_message failed: ${String(e)}`, true);
+      }
+    }
+  );
+  server.tool(
+    "list_incoming_messages",
+    "List all received messages in the bound identity's inbox (decrypted, with sender).",
+    {},
+    async () => {
+      const { id, err } = boundOr();
+      if (err) return err;
+      try {
+        const inbox = renderInbox(readonlyTx(id, "::actor::list_incoming_messages"));
+        if (inbox.length === 0) return textResult("Inbox is empty.");
+        return textResult(`Inbox (${inbox.length}):
+${inbox.map((m, i) => `${i + 1}. [${m.sender_name}] ${m.text}  (${m.date})`).join("\n")}`);
+      } catch (e) {
+        return textResult(`list_incoming_messages failed: ${String(e)}`, true);
+      }
+    }
+  );
+  server.tool(
+    "process_incoming_message",
+    "Surface messages that have arrived for the bound identity since the last check, and mark them processed (non-blocking \u2014 use to poll for new mail).",
+    {},
+    async () => {
+      const { id, err } = boundOr();
+      if (err) return err;
+      try {
+        const inbox = renderInbox(readonlyTx(id, "::actor::list_incoming_messages"));
+        const cursor = readCursor(id.dir);
+        const fresh = inbox.slice(cursor);
+        writeCursor(id.dir, inbox.length);
+        if (fresh.length === 0) return textResult("No new messages.");
+        return textResult(`${fresh.length} new message(s):
+${fresh.map((m) => `\u2022 [${m.sender_name}] ${m.text}  (${m.date})`).join("\n")}`);
+      } catch (e) {
+        return textResult(`process_incoming_message failed: ${String(e)}`, true);
+      }
+    }
+  );
+  return server;
+}
+function readBody(req) {
+  return new Promise((resolve2, reject) => {
+    let data = "";
+    req.on("data", (chunk) => data += chunk);
+    req.on("end", () => {
+      try {
+        resolve2(JSON.parse(data));
+      } catch (e) {
+        reject(e);
+      }
+    });
+    req.on("error", reject);
+  });
 }
-var server = new McpServer({ name: "a2adapt", version: VERSION });
-server.tool(
-  "generate_invite",
-  "Generate a named invite to share with another agent out-of-band. The invite carries your public identity and a default display name; the receiver adds it with add_contact and may keep that name or set their own.",
-  {
-    name: external_exports.string().min(1).describe('The contact name to associate with this invite, e.g. "Alex".')
-  },
-  async (_args) => nodeNotWiredYet("generate_invite")
-);
-server.tool(
-  "add_contact",
-  "Add a contact from an invite blob produced by another agent's generate_invite. If no name is given, the invite's embedded default name is used.",
-  {
-    invite: external_exports.string().min(1).describe("The invite blob (copy-pasted string) to add."),
-    name: external_exports.string().min(1).optional().describe("Optional custom name; defaults to the name embedded in the invite.")
-  },
-  async (_args) => nodeNotWiredYet("add_contact")
-);
-server.tool(
-  "list_contacts",
-  "List the contacts this node knows about (name + container id).",
-  {},
-  async () => nodeNotWiredYet("list_contacts")
-);
-server.tool(
-  "send_message",
-  "Send an end-to-end-encrypted message to a known contact.",
-  {
-    contact: external_exports.string().min(1).describe("Contact name or container id to send to."),
-    text: external_exports.string().min(1).describe("The message text.")
-  },
-  async (_args) => nodeNotWiredYet("send_message")
-);
-server.tool(
-  "process_incoming_message",
-  "Drain newly-arrived inbound messages from the broker, apply them to the node, and surface the decrypted contents with sender attribution.",
-  {},
-  async () => nodeNotWiredYet("process_incoming_message")
-);
-server.tool(
-  "list_incoming_messages",
-  "List received messages currently held in the node inbox (decrypted, with sender).",
-  {},
-  async () => nodeNotWiredYet("list_incoming_messages")
-);
 async function main() {
-  const transport = new StdioServerTransport();
-  await server.connect(transport);
-  process.stderr.write(`a2adapt MCP server v${VERSION} ready (state=${STATE_DIR}, broker=${BROKER_URL})
-`);
+  if (TRANSPORT === "stdio") {
+    const server = createMcpServer(() => "stdio");
+    const transport = new StdioServerTransport();
+    await server.connect(transport);
+    log("MCP stdio transport connected, booting wrapper\u2026");
+    await bootWrapper();
+    log(`MCP server v${VERSION} ready (transport=stdio, identities=${identities.size}, state=${STATE_DIR}, broker=${BROKER_URL})`);
+    const flush = () => {
+      for (const id of identities.values()) saveState(id);
+      process.exit(0);
+    };
+    process.on("SIGINT", flush);
+    process.on("SIGTERM", flush);
+    return;
+  }
+  log("booting wrapper\u2026");
+  await bootWrapper();
+  log(`wrapper ready (identities=${identities.size}), starting HTTP server\u2026`);
+  const transports = {};
+  const httpServer = createHttpServer(async (req, res) => {
+    const url = new URL(req.url, `http://localhost:${PORT}`);
+    if (url.pathname !== "/mcp") {
+      res.writeHead(404, { "Content-Type": "text/plain" });
+      res.end("Not found");
+      return;
+    }
+    try {
+      if (req.method === "POST") {
+        const body = await readBody(req);
+        const sessionId = req.headers["mcp-session-id"];
+        if (sessionId && transports[sessionId]) {
+          await transports[sessionId].handleRequest(req, res, body);
+        } else if (!sessionId && isInitializeRequest(body)) {
+          const transport = new StreamableHTTPServerTransport({
+            sessionIdGenerator: () => randomUUID(),
+            onsessioninitialized: (sid) => {
+              transports[sid] = transport;
+              log(`session ${sid.slice(0, 8)}\u2026 initialized`);
+            }
+          });
+          const server = createMcpServer(() => transport.sessionId ?? "pending");
+          transport.onclose = () => {
+            const sid = transport.sessionId;
+            if (sid) {
+              delete transports[sid];
+              const name = sessionBinding.get(sid);
+              if (name && bindingOwner.get(name) === sid) bindingOwner.delete(name);
+              sessionBinding.delete(sid);
+              evictedSessions.delete(sid);
+              log(`session ${sid.slice(0, 8)}\u2026 closed`);
+            }
+            activeMcpServers.delete(server);
+          };
+          await server.connect(transport);
+          await transport.handleRequest(req, res, body);
+        } else {
+          res.writeHead(400, { "Content-Type": "application/json" });
+          res.end(JSON.stringify({ jsonrpc: "2.0", error: { code: -32e3, message: "Bad Request: No valid session ID" }, id: null }));
+        }
+      } else if (req.method === "GET") {
+        const sessionId = req.headers["mcp-session-id"];
+        if (!sessionId || !transports[sessionId]) {
+          res.writeHead(400, { "Content-Type": "text/plain" });
+          res.end("Invalid or missing session ID");
+          return;
+        }
+        await transports[sessionId].handleRequest(req, res);
+      } else if (req.method === "DELETE") {
+        const sessionId = req.headers["mcp-session-id"];
+        if (!sessionId || !transports[sessionId]) {
+          res.writeHead(400, { "Content-Type": "text/plain" });
+          res.end("Invalid or missing session ID");
+          return;
+        }
+        await transports[sessionId].handleRequest(req, res);
+      } else {
+        res.writeHead(405, { "Content-Type": "text/plain" });
+        res.end("Method not allowed");
+      }
+    } catch (err) {
+      log("HTTP handler error:", String(err));
+      if (!res.headersSent) {
+        res.writeHead(500, { "Content-Type": "application/json" });
+        res.end(JSON.stringify({ jsonrpc: "2.0", error: { code: -32603, message: "Internal server error" }, id: null }));
+      }
+    }
+  });
+  httpServer.listen(PORT, () => {
+    log(`MCP server v${VERSION} ready (transport=http, port=${PORT}, identities=${identities.size}, state=${STATE_DIR}, broker=${BROKER_URL})`);
+  });
+  const shutdown = async () => {
+    log("shutting down\u2026");
+    for (const sid of Object.keys(transports)) {
+      try {
+        await transports[sid].close();
+      } catch {
+      }
+      delete transports[sid];
+    }
+    for (const id of identities.values()) saveState(id);
+    httpServer.close();
+    process.exit(0);
+  };
+  process.on("SIGINT", shutdown);
+  process.on("SIGTERM", shutdown);
 }
 main().catch((err) => {
-  process.stderr.write(`a2adapt: fatal startup error: ${err?.stack ?? err}
-`);
+  log(`fatal startup error: ${err?.stack ?? err}`);
   process.exit(1);
 });