@atxp/client 0.2.21 → 0.3.0

package/dist/node_modules/@modelcontextprotocol/sdk/dist/esm/client/streamableHttp.js

@@ -0,0 +1,378 @@
+import { isJSONRPCRequest, isInitializedNotification, JSONRPCMessageSchema, isJSONRPCResponse } from '../types.js';
+import { UnauthorizedError, auth, extractResourceMetadataUrl } from './auth.js';
+import { EventSourceParserStream } from '../../../../../eventsource-parser/dist/stream.js';
+
+// Default reconnection options for StreamableHTTP connections
+const DEFAULT_STREAMABLE_HTTP_RECONNECTION_OPTIONS = {
+    initialReconnectionDelay: 1000,
+    maxReconnectionDelay: 30000,
+    reconnectionDelayGrowFactor: 1.5,
+    maxRetries: 2,
+};
+class StreamableHTTPError extends Error {
+    constructor(code, message) {
+        super(`Streamable HTTP error: ${message}`);
+        this.code = code;
+    }
+}
+/**
+ * Client transport for Streamable HTTP: this implements the MCP Streamable HTTP transport specification.
+ * It will connect to a server using HTTP POST for sending messages and HTTP GET with Server-Sent Events
+ * for receiving messages.
+ */
+class StreamableHTTPClientTransport {
+    constructor(url, opts) {
+        var _a;
+        this._url = url;
+        this._resourceMetadataUrl = undefined;
+        this._requestInit = opts === null || opts === void 0 ? void 0 : opts.requestInit;
+        this._authProvider = opts === null || opts === void 0 ? void 0 : opts.authProvider;
+        this._fetch = opts === null || opts === void 0 ? void 0 : opts.fetch;
+        this._sessionId = opts === null || opts === void 0 ? void 0 : opts.sessionId;
+        this._reconnectionOptions = (_a = opts === null || opts === void 0 ? void 0 : opts.reconnectionOptions) !== null && _a !== void 0 ? _a : DEFAULT_STREAMABLE_HTTP_RECONNECTION_OPTIONS;
+    }
+    async _authThenStart() {
+        var _a;
+        if (!this._authProvider) {
+            throw new UnauthorizedError("No auth provider");
+        }
+        let result;
+        try {
+            result = await auth(this._authProvider, { serverUrl: this._url, resourceMetadataUrl: this._resourceMetadataUrl });
+        }
+        catch (error) {
+            (_a = this.onerror) === null || _a === void 0 ? void 0 : _a.call(this, error);
+            throw error;
+        }
+        if (result !== "AUTHORIZED") {
+            throw new UnauthorizedError();
+        }
+        return await this._startOrAuthSse({ resumptionToken: undefined });
+    }
+    async _commonHeaders() {
+        var _a;
+        const headers = {};
+        if (this._authProvider) {
+            const tokens = await this._authProvider.tokens();
+            if (tokens) {
+                headers["Authorization"] = `Bearer ${tokens.access_token}`;
+            }
+        }
+        if (this._sessionId) {
+            headers["mcp-session-id"] = this._sessionId;
+        }
+        if (this._protocolVersion) {
+            headers["mcp-protocol-version"] = this._protocolVersion;
+        }
+        const extraHeaders = this._normalizeHeaders((_a = this._requestInit) === null || _a === void 0 ? void 0 : _a.headers);
+        return new Headers({
+            ...headers,
+            ...extraHeaders,
+        });
+    }
+    async _startOrAuthSse(options) {
+        var _a, _b, _c;
+        const { resumptionToken } = options;
+        try {
+            // Try to open an initial SSE stream with GET to listen for server messages
+            // This is optional according to the spec - server may not support it
+            const headers = await this._commonHeaders();
+            headers.set("Accept", "text/event-stream");
+            // Include Last-Event-ID header for resumable streams if provided
+            if (resumptionToken) {
+                headers.set("last-event-id", resumptionToken);
+            }
+            const response = await ((_a = this._fetch) !== null && _a !== void 0 ? _a : fetch)(this._url, {
+                method: "GET",
+                headers,
+                signal: (_b = this._abortController) === null || _b === void 0 ? void 0 : _b.signal,
+            });
+            if (!response.ok) {
+                if (response.status === 401 && this._authProvider) {
+                    // Need to authenticate
+                    return await this._authThenStart();
+                }
+                // 405 indicates that the server does not offer an SSE stream at GET endpoint
+                // This is an expected case that should not trigger an error
+                if (response.status === 405) {
+                    return;
+                }
+                throw new StreamableHTTPError(response.status, `Failed to open SSE stream: ${response.statusText}`);
+            }
+            this._handleSseStream(response.body, options);
+        }
+        catch (error) {
+            (_c = this.onerror) === null || _c === void 0 ? void 0 : _c.call(this, error);
+            throw error;
+        }
+    }
+    /**
+     * Calculates the next reconnection delay using  backoff algorithm
+     *
+     * @param attempt Current reconnection attempt count for the specific stream
+     * @returns Time to wait in milliseconds before next reconnection attempt
+     */
+    _getNextReconnectionDelay(attempt) {
+        // Access default values directly, ensuring they're never undefined
+        const initialDelay = this._reconnectionOptions.initialReconnectionDelay;
+        const growFactor = this._reconnectionOptions.reconnectionDelayGrowFactor;
+        const maxDelay = this._reconnectionOptions.maxReconnectionDelay;
+        // Cap at maximum delay
+        return Math.min(initialDelay * Math.pow(growFactor, attempt), maxDelay);
+    }
+    _normalizeHeaders(headers) {
+        if (!headers)
+            return {};
+        if (headers instanceof Headers) {
+            return Object.fromEntries(headers.entries());
+        }
+        if (Array.isArray(headers)) {
+            return Object.fromEntries(headers);
+        }
+        return { ...headers };
+    }
+    /**
+     * Schedule a reconnection attempt with exponential backoff
+     *
+     * @param lastEventId The ID of the last received event for resumability
+     * @param attemptCount Current reconnection attempt count for this specific stream
+     */
+    _scheduleReconnection(options, attemptCount = 0) {
+        var _a;
+        // Use provided options or default options
+        const maxRetries = this._reconnectionOptions.maxRetries;
+        // Check if we've exceeded maximum retry attempts
+        if (maxRetries > 0 && attemptCount >= maxRetries) {
+            (_a = this.onerror) === null || _a === void 0 ? void 0 : _a.call(this, new Error(`Maximum reconnection attempts (${maxRetries}) exceeded.`));
+            return;
+        }
+        // Calculate next delay based on current attempt count
+        const delay = this._getNextReconnectionDelay(attemptCount);
+        // Schedule the reconnection
+        setTimeout(() => {
+            // Use the last event ID to resume where we left off
+            this._startOrAuthSse(options).catch(error => {
+                var _a;
+                (_a = this.onerror) === null || _a === void 0 ? void 0 : _a.call(this, new Error(`Failed to reconnect SSE stream: ${error instanceof Error ? error.message : String(error)}`));
+                // Schedule another attempt if this one failed, incrementing the attempt counter
+                this._scheduleReconnection(options, attemptCount + 1);
+            });
+        }, delay);
+    }
+    _handleSseStream(stream, options) {
+        if (!stream) {
+            return;
+        }
+        const { onresumptiontoken, replayMessageId } = options;
+        let lastEventId;
+        const processStream = async () => {
+            var _a, _b, _c, _d;
+            // this is the closest we can get to trying to catch network errors
+            // if something happens reader will throw
+            try {
+                // Create a pipeline: binary stream -> text decoder -> SSE parser
+                const reader = stream
+                    .pipeThrough(new TextDecoderStream())
+                    .pipeThrough(new EventSourceParserStream())
+                    .getReader();
+                while (true) {
+                    const { value: event, done } = await reader.read();
+                    if (done) {
+                        break;
+                    }
+                    // Update last event ID if provided
+                    if (event.id) {
+                        lastEventId = event.id;
+                        onresumptiontoken === null || onresumptiontoken === void 0 ? void 0 : onresumptiontoken(event.id);
+                    }
+                    if (!event.event || event.event === "message") {
+                        try {
+                            const message = JSONRPCMessageSchema.parse(JSON.parse(event.data));
+                            if (replayMessageId !== undefined && isJSONRPCResponse(message)) {
+                                message.id = replayMessageId;
+                            }
+                            (_a = this.onmessage) === null || _a === void 0 ? void 0 : _a.call(this, message);
+                        }
+                        catch (error) {
+                            (_b = this.onerror) === null || _b === void 0 ? void 0 : _b.call(this, error);
+                        }
+                    }
+                }
+            }
+            catch (error) {
+                // Handle stream errors - likely a network disconnect
+                (_c = this.onerror) === null || _c === void 0 ? void 0 : _c.call(this, new Error(`SSE stream disconnected: ${error}`));
+                // Attempt to reconnect if the stream disconnects unexpectedly and we aren't closing
+                if (this._abortController && !this._abortController.signal.aborted) {
+                    // Use the exponential backoff reconnection strategy
+                    if (lastEventId !== undefined) {
+                        try {
+                            this._scheduleReconnection({
+                                resumptionToken: lastEventId,
+                                onresumptiontoken,
+                                replayMessageId
+                            }, 0);
+                        }
+                        catch (error) {
+                            (_d = this.onerror) === null || _d === void 0 ? void 0 : _d.call(this, new Error(`Failed to reconnect: ${error instanceof Error ? error.message : String(error)}`));
+                        }
+                    }
+                }
+            }
+        };
+        processStream();
+    }
+    async start() {
+        if (this._abortController) {
+            throw new Error("StreamableHTTPClientTransport already started! If using Client class, note that connect() calls start() automatically.");
+        }
+        this._abortController = new AbortController();
+    }
+    /**
+     * Call this method after the user has finished authorizing via their user agent and is redirected back to the MCP client application. This will exchange the authorization code for an access token, enabling the next connection attempt to successfully auth.
+     */
+    async finishAuth(authorizationCode) {
+        if (!this._authProvider) {
+            throw new UnauthorizedError("No auth provider");
+        }
+        const result = await auth(this._authProvider, { serverUrl: this._url, authorizationCode, resourceMetadataUrl: this._resourceMetadataUrl });
+        if (result !== "AUTHORIZED") {
+            throw new UnauthorizedError("Failed to authorize");
+        }
+    }
+    async close() {
+        var _a, _b;
+        // Abort any pending requests
+        (_a = this._abortController) === null || _a === void 0 ? void 0 : _a.abort();
+        (_b = this.onclose) === null || _b === void 0 ? void 0 : _b.call(this);
+    }
+    async send(message, options) {
+        var _a, _b, _c, _d;
+        try {
+            const { resumptionToken, onresumptiontoken } = options || {};
+            if (resumptionToken) {
+                // If we have at last event ID, we need to reconnect the SSE stream
+                this._startOrAuthSse({ resumptionToken, replayMessageId: isJSONRPCRequest(message) ? message.id : undefined }).catch(err => { var _a; return (_a = this.onerror) === null || _a === void 0 ? void 0 : _a.call(this, err); });
+                return;
+            }
+            const headers = await this._commonHeaders();
+            headers.set("content-type", "application/json");
+            headers.set("accept", "application/json, text/event-stream");
+            const init = {
+                ...this._requestInit,
+                method: "POST",
+                headers,
+                body: JSON.stringify(message),
+                signal: (_a = this._abortController) === null || _a === void 0 ? void 0 : _a.signal,
+            };
+            const response = await ((_b = this._fetch) !== null && _b !== void 0 ? _b : fetch)(this._url, init);
+            // Handle session ID received during initialization
+            const sessionId = response.headers.get("mcp-session-id");
+            if (sessionId) {
+                this._sessionId = sessionId;
+            }
+            if (!response.ok) {
+                if (response.status === 401 && this._authProvider) {
+                    this._resourceMetadataUrl = extractResourceMetadataUrl(response);
+                    const result = await auth(this._authProvider, { serverUrl: this._url, resourceMetadataUrl: this._resourceMetadataUrl });
+                    if (result !== "AUTHORIZED") {
+                        throw new UnauthorizedError();
+                    }
+                    // Purposely _not_ awaited, so we don't call onerror twice
+                    return this.send(message);
+                }
+                const text = await response.text().catch(() => null);
+                throw new Error(`Error POSTing to endpoint (HTTP ${response.status}): ${text}`);
+            }
+            // If the response is 202 Accepted, there's no body to process
+            if (response.status === 202) {
+                // if the accepted notification is initialized, we start the SSE stream
+                // if it's supported by the server
+                if (isInitializedNotification(message)) {
+                    // Start without a lastEventId since this is a fresh connection
+                    this._startOrAuthSse({ resumptionToken: undefined }).catch(err => { var _a; return (_a = this.onerror) === null || _a === void 0 ? void 0 : _a.call(this, err); });
+                }
+                return;
+            }
+            // Get original message(s) for detecting request IDs
+            const messages = Array.isArray(message) ? message : [message];
+            const hasRequests = messages.filter(msg => "method" in msg && "id" in msg && msg.id !== undefined).length > 0;
+            // Check the response type
+            const contentType = response.headers.get("content-type");
+            if (hasRequests) {
+                if (contentType === null || contentType === void 0 ? void 0 : contentType.includes("text/event-stream")) {
+                    // Handle SSE stream responses for requests
+                    // We use the same handler as standalone streams, which now supports
+                    // reconnection with the last event ID
+                    this._handleSseStream(response.body, { onresumptiontoken });
+                }
+                else if (contentType === null || contentType === void 0 ? void 0 : contentType.includes("application/json")) {
+                    // For non-streaming servers, we might get direct JSON responses
+                    const data = await response.json();
+                    const responseMessages = Array.isArray(data)
+                        ? data.map(msg => JSONRPCMessageSchema.parse(msg))
+                        : [JSONRPCMessageSchema.parse(data)];
+                    for (const msg of responseMessages) {
+                        (_c = this.onmessage) === null || _c === void 0 ? void 0 : _c.call(this, msg);
+                    }
+                }
+                else {
+                    throw new StreamableHTTPError(-1, `Unexpected content type: ${contentType}`);
+                }
+            }
+        }
+        catch (error) {
+            (_d = this.onerror) === null || _d === void 0 ? void 0 : _d.call(this, error);
+            throw error;
+        }
+    }
+    get sessionId() {
+        return this._sessionId;
+    }
+    /**
+     * Terminates the current session by sending a DELETE request to the server.
+     *
+     * Clients that no longer need a particular session
+     * (e.g., because the user is leaving the client application) SHOULD send an
+     * HTTP DELETE to the MCP endpoint with the Mcp-Session-Id header to explicitly
+     * terminate the session.
+     *
+     * The server MAY respond with HTTP 405 Method Not Allowed, indicating that
+     * the server does not allow clients to terminate sessions.
+     */
+    async terminateSession() {
+        var _a, _b, _c;
+        if (!this._sessionId) {
+            return; // No session to terminate
+        }
+        try {
+            const headers = await this._commonHeaders();
+            const init = {
+                ...this._requestInit,
+                method: "DELETE",
+                headers,
+                signal: (_a = this._abortController) === null || _a === void 0 ? void 0 : _a.signal,
+            };
+            const response = await ((_b = this._fetch) !== null && _b !== void 0 ? _b : fetch)(this._url, init);
+            // We specifically handle 405 as a valid response according to the spec,
+            // meaning the server does not support explicit session termination
+            if (!response.ok && response.status !== 405) {
+                throw new StreamableHTTPError(response.status, `Failed to terminate session: ${response.statusText}`);
+            }
+            this._sessionId = undefined;
+        }
+        catch (error) {
+            (_c = this.onerror) === null || _c === void 0 ? void 0 : _c.call(this, error);
+            throw error;
+        }
+    }
+    setProtocolVersion(version) {
+        this._protocolVersion = version;
+    }
+    get protocolVersion() {
+        return this._protocolVersion;
+    }
+}
+
+export { StreamableHTTPClientTransport, StreamableHTTPError };
+//# sourceMappingURL=streamableHttp.js.map

package/dist/node_modules/@modelcontextprotocol/sdk/dist/esm/client/streamableHttp.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"streamableHttp.js","sources":["../../../../../../../../../node_modules/@modelcontextprotocol/sdk/dist/esm/client/streamableHttp.js"],"sourcesContent":["import { isInitializedNotification, isJSONRPCRequest, isJSONRPCResponse, JSONRPCMessageSchema } from \"../types.js\";\nimport { auth, extractResourceMetadataUrl, UnauthorizedError } from \"./auth.js\";\nimport { EventSourceParserStream } from \"eventsource-parser/stream\";\n// Default reconnection options for StreamableHTTP connections\nconst DEFAULT_STREAMABLE_HTTP_RECONNECTION_OPTIONS = {\n    initialReconnectionDelay: 1000,\n    maxReconnectionDelay: 30000,\n    reconnectionDelayGrowFactor: 1.5,\n    maxRetries: 2,\n};\nexport class StreamableHTTPError extends Error {\n    constructor(code, message) {\n        super(`Streamable HTTP error: ${message}`);\n        this.code = code;\n    }\n}\n/**\n * Client transport for Streamable HTTP: this implements the MCP Streamable HTTP transport specification.\n * It will connect to a server using HTTP POST for sending messages and HTTP GET with Server-Sent Events\n * for receiving messages.\n */\nexport class StreamableHTTPClientTransport {\n    constructor(url, opts) {\n        var _a;\n        this._url = url;\n        this._resourceMetadataUrl = undefined;\n        this._requestInit = opts === null || opts === void 0 ? void 0 : opts.requestInit;\n        this._authProvider = opts === null || opts === void 0 ? void 0 : opts.authProvider;\n        this._fetch = opts === null || opts === void 0 ? void 0 : opts.fetch;\n        this._sessionId = opts === null || opts === void 0 ? void 0 : opts.sessionId;\n        this._reconnectionOptions = (_a = opts === null || opts === void 0 ? void 0 : opts.reconnectionOptions) !== null && _a !== void 0 ? _a : DEFAULT_STREAMABLE_HTTP_RECONNECTION_OPTIONS;\n    }\n    async _authThenStart() {\n        var _a;\n        if (!this._authProvider) {\n            throw new UnauthorizedError(\"No auth provider\");\n        }\n        let result;\n        try {\n            result = await auth(this._authProvider, { serverUrl: this._url, resourceMetadataUrl: this._resourceMetadataUrl });\n        }\n        catch (error) {\n            (_a = this.onerror) === null || _a === void 0 ? void 0 : _a.call(this, error);\n            throw error;\n        }\n        if (result !== \"AUTHORIZED\") {\n            throw new UnauthorizedError();\n        }\n        return await this._startOrAuthSse({ resumptionToken: undefined });\n    }\n    async _commonHeaders() {\n        var _a;\n        const headers = {};\n        if (this._authProvider) {\n            const tokens = await this._authProvider.tokens();\n            if (tokens) {\n                headers[\"Authorization\"] = `Bearer ${tokens.access_token}`;\n            }\n        }\n        if (this._sessionId) {\n            headers[\"mcp-session-id\"] = this._sessionId;\n        }\n        if (this._protocolVersion) {\n            headers[\"mcp-protocol-version\"] = this._protocolVersion;\n        }\n        const extraHeaders = this._normalizeHeaders((_a = this._requestInit) === null || _a === void 0 ? void 0 : _a.headers);\n        return new Headers({\n            ...headers,\n            ...extraHeaders,\n        });\n    }\n    async _startOrAuthSse(options) {\n        var _a, _b, _c;\n        const { resumptionToken } = options;\n        try {\n            // Try to open an initial SSE stream with GET to listen for server messages\n            // This is optional according to the spec - server may not support it\n            const headers = await this._commonHeaders();\n            headers.set(\"Accept\", \"text/event-stream\");\n            // Include Last-Event-ID header for resumable streams if provided\n            if (resumptionToken) {\n                headers.set(\"last-event-id\", resumptionToken);\n            }\n            const response = await ((_a = this._fetch) !== null && _a !== void 0 ? _a : fetch)(this._url, {\n                method: \"GET\",\n                headers,\n                signal: (_b = this._abortController) === null || _b === void 0 ? void 0 : _b.signal,\n            });\n            if (!response.ok) {\n                if (response.status === 401 && this._authProvider) {\n                    // Need to authenticate\n                    return await this._authThenStart();\n                }\n                // 405 indicates that the server does not offer an SSE stream at GET endpoint\n                // This is an expected case that should not trigger an error\n                if (response.status === 405) {\n                    return;\n                }\n                throw new StreamableHTTPError(response.status, `Failed to open SSE stream: ${response.statusText}`);\n            }\n            this._handleSseStream(response.body, options);\n        }\n        catch (error) {\n            (_c = this.onerror) === null || _c === void 0 ? void 0 : _c.call(this, error);\n            throw error;\n        }\n    }\n    /**\n     * Calculates the next reconnection delay using  backoff algorithm\n     *\n     * @param attempt Current reconnection attempt count for the specific stream\n     * @returns Time to wait in milliseconds before next reconnection attempt\n     */\n    _getNextReconnectionDelay(attempt) {\n        // Access default values directly, ensuring they're never undefined\n        const initialDelay = this._reconnectionOptions.initialReconnectionDelay;\n        const growFactor = this._reconnectionOptions.reconnectionDelayGrowFactor;\n        const maxDelay = this._reconnectionOptions.maxReconnectionDelay;\n        // Cap at maximum delay\n        return Math.min(initialDelay * Math.pow(growFactor, attempt), maxDelay);\n    }\n    _normalizeHeaders(headers) {\n        if (!headers)\n            return {};\n        if (headers instanceof Headers) {\n            return Object.fromEntries(headers.entries());\n        }\n        if (Array.isArray(headers)) {\n            return Object.fromEntries(headers);\n        }\n        return { ...headers };\n    }\n    /**\n     * Schedule a reconnection attempt with exponential backoff\n     *\n     * @param lastEventId The ID of the last received event for resumability\n     * @param attemptCount Current reconnection attempt count for this specific stream\n     */\n    _scheduleReconnection(options, attemptCount = 0) {\n        var _a;\n        // Use provided options or default options\n        const maxRetries = this._reconnectionOptions.maxRetries;\n        // Check if we've exceeded maximum retry attempts\n        if (maxRetries > 0 && attemptCount >= maxRetries) {\n            (_a = this.onerror) === null || _a === void 0 ? void 0 : _a.call(this, new Error(`Maximum reconnection attempts (${maxRetries}) exceeded.`));\n            return;\n        }\n        // Calculate next delay based on current attempt count\n        const delay = this._getNextReconnectionDelay(attemptCount);\n        // Schedule the reconnection\n        setTimeout(() => {\n            // Use the last event ID to resume where we left off\n            this._startOrAuthSse(options).catch(error => {\n                var _a;\n                (_a = this.onerror) === null || _a === void 0 ? void 0 : _a.call(this, new Error(`Failed to reconnect SSE stream: ${error instanceof Error ? error.message : String(error)}`));\n                // Schedule another attempt if this one failed, incrementing the attempt counter\n                this._scheduleReconnection(options, attemptCount + 1);\n            });\n        }, delay);\n    }\n    _handleSseStream(stream, options) {\n        if (!stream) {\n            return;\n        }\n        const { onresumptiontoken, replayMessageId } = options;\n        let lastEventId;\n        const processStream = async () => {\n            var _a, _b, _c, _d;\n            // this is the closest we can get to trying to catch network errors\n            // if something happens reader will throw\n            try {\n                // Create a pipeline: binary stream -> text decoder -> SSE parser\n                const reader = stream\n                    .pipeThrough(new TextDecoderStream())\n                    .pipeThrough(new EventSourceParserStream())\n                    .getReader();\n                while (true) {\n                    const { value: event, done } = await reader.read();\n                    if (done) {\n                        break;\n                    }\n                    // Update last event ID if provided\n                    if (event.id) {\n                        lastEventId = event.id;\n                        onresumptiontoken === null || onresumptiontoken === void 0 ? void 0 : onresumptiontoken(event.id);\n                    }\n                    if (!event.event || event.event === \"message\") {\n                        try {\n                            const message = JSONRPCMessageSchema.parse(JSON.parse(event.data));\n                            if (replayMessageId !== undefined && isJSONRPCResponse(message)) {\n                                message.id = replayMessageId;\n                            }\n                            (_a = this.onmessage) === null || _a === void 0 ? void 0 : _a.call(this, message);\n                        }\n                        catch (error) {\n                            (_b = this.onerror) === null || _b === void 0 ? void 0 : _b.call(this, error);\n                        }\n                    }\n                }\n            }\n            catch (error) {\n                // Handle stream errors - likely a network disconnect\n                (_c = this.onerror) === null || _c === void 0 ? void 0 : _c.call(this, new Error(`SSE stream disconnected: ${error}`));\n                // Attempt to reconnect if the stream disconnects unexpectedly and we aren't closing\n                if (this._abortController && !this._abortController.signal.aborted) {\n                    // Use the exponential backoff reconnection strategy\n                    if (lastEventId !== undefined) {\n                        try {\n                            this._scheduleReconnection({\n                                resumptionToken: lastEventId,\n                                onresumptiontoken,\n                                replayMessageId\n                            }, 0);\n                        }\n                        catch (error) {\n                            (_d = this.onerror) === null || _d === void 0 ? void 0 : _d.call(this, new Error(`Failed to reconnect: ${error instanceof Error ? error.message : String(error)}`));\n                        }\n                    }\n                }\n            }\n        };\n        processStream();\n    }\n    async start() {\n        if (this._abortController) {\n            throw new Error(\"StreamableHTTPClientTransport already started! If using Client class, note that connect() calls start() automatically.\");\n        }\n        this._abortController = new AbortController();\n    }\n    /**\n     * Call this method after the user has finished authorizing via their user agent and is redirected back to the MCP client application. This will exchange the authorization code for an access token, enabling the next connection attempt to successfully auth.\n     */\n    async finishAuth(authorizationCode) {\n        if (!this._authProvider) {\n            throw new UnauthorizedError(\"No auth provider\");\n        }\n        const result = await auth(this._authProvider, { serverUrl: this._url, authorizationCode, resourceMetadataUrl: this._resourceMetadataUrl });\n        if (result !== \"AUTHORIZED\") {\n            throw new UnauthorizedError(\"Failed to authorize\");\n        }\n    }\n    async close() {\n        var _a, _b;\n        // Abort any pending requests\n        (_a = this._abortController) === null || _a === void 0 ? void 0 : _a.abort();\n        (_b = this.onclose) === null || _b === void 0 ? void 0 : _b.call(this);\n    }\n    async send(message, options) {\n        var _a, _b, _c, _d;\n        try {\n            const { resumptionToken, onresumptiontoken } = options || {};\n            if (resumptionToken) {\n                // If we have at last event ID, we need to reconnect the SSE stream\n                this._startOrAuthSse({ resumptionToken, replayMessageId: isJSONRPCRequest(message) ? message.id : undefined }).catch(err => { var _a; return (_a = this.onerror) === null || _a === void 0 ? void 0 : _a.call(this, err); });\n                return;\n            }\n            const headers = await this._commonHeaders();\n            headers.set(\"content-type\", \"application/json\");\n            headers.set(\"accept\", \"application/json, text/event-stream\");\n            const init = {\n                ...this._requestInit,\n                method: \"POST\",\n                headers,\n                body: JSON.stringify(message),\n                signal: (_a = this._abortController) === null || _a === void 0 ? void 0 : _a.signal,\n            };\n            const response = await ((_b = this._fetch) !== null && _b !== void 0 ? _b : fetch)(this._url, init);\n            // Handle session ID received during initialization\n            const sessionId = response.headers.get(\"mcp-session-id\");\n            if (sessionId) {\n                this._sessionId = sessionId;\n            }\n            if (!response.ok) {\n                if (response.status === 401 && this._authProvider) {\n                    this._resourceMetadataUrl = extractResourceMetadataUrl(response);\n                    const result = await auth(this._authProvider, { serverUrl: this._url, resourceMetadataUrl: this._resourceMetadataUrl });\n                    if (result !== \"AUTHORIZED\") {\n                        throw new UnauthorizedError();\n                    }\n                    // Purposely _not_ awaited, so we don't call onerror twice\n                    return this.send(message);\n                }\n                const text = await response.text().catch(() => null);\n                throw new Error(`Error POSTing to endpoint (HTTP ${response.status}): ${text}`);\n            }\n            // If the response is 202 Accepted, there's no body to process\n            if (response.status === 202) {\n                // if the accepted notification is initialized, we start the SSE stream\n                // if it's supported by the server\n                if (isInitializedNotification(message)) {\n                    // Start without a lastEventId since this is a fresh connection\n                    this._startOrAuthSse({ resumptionToken: undefined }).catch(err => { var _a; return (_a = this.onerror) === null || _a === void 0 ? void 0 : _a.call(this, err); });\n                }\n                return;\n            }\n            // Get original message(s) for detecting request IDs\n            const messages = Array.isArray(message) ? message : [message];\n            const hasRequests = messages.filter(msg => \"method\" in msg && \"id\" in msg && msg.id !== undefined).length > 0;\n            // Check the response type\n            const contentType = response.headers.get(\"content-type\");\n            if (hasRequests) {\n                if (contentType === null || contentType === void 0 ? void 0 : contentType.includes(\"text/event-stream\")) {\n                    // Handle SSE stream responses for requests\n                    // We use the same handler as standalone streams, which now supports\n                    // reconnection with the last event ID\n                    this._handleSseStream(response.body, { onresumptiontoken });\n                }\n                else if (contentType === null || contentType === void 0 ? void 0 : contentType.includes(\"application/json\")) {\n                    // For non-streaming servers, we might get direct JSON responses\n                    const data = await response.json();\n                    const responseMessages = Array.isArray(data)\n                        ? data.map(msg => JSONRPCMessageSchema.parse(msg))\n                        : [JSONRPCMessageSchema.parse(data)];\n                    for (const msg of responseMessages) {\n                        (_c = this.onmessage) === null || _c === void 0 ? void 0 : _c.call(this, msg);\n                    }\n                }\n                else {\n                    throw new StreamableHTTPError(-1, `Unexpected content type: ${contentType}`);\n                }\n            }\n        }\n        catch (error) {\n            (_d = this.onerror) === null || _d === void 0 ? void 0 : _d.call(this, error);\n            throw error;\n        }\n    }\n    get sessionId() {\n        return this._sessionId;\n    }\n    /**\n     * Terminates the current session by sending a DELETE request to the server.\n     *\n     * Clients that no longer need a particular session\n     * (e.g., because the user is leaving the client application) SHOULD send an\n     * HTTP DELETE to the MCP endpoint with the Mcp-Session-Id header to explicitly\n     * terminate the session.\n     *\n     * The server MAY respond with HTTP 405 Method Not Allowed, indicating that\n     * the server does not allow clients to terminate sessions.\n     */\n    async terminateSession() {\n        var _a, _b, _c;\n        if (!this._sessionId) {\n            return; // No session to terminate\n        }\n        try {\n            const headers = await this._commonHeaders();\n            const init = {\n                ...this._requestInit,\n                method: \"DELETE\",\n                headers,\n                signal: (_a = this._abortController) === null || _a === void 0 ? void 0 : _a.signal,\n            };\n            const response = await ((_b = this._fetch) !== null && _b !== void 0 ? _b : fetch)(this._url, init);\n            // We specifically handle 405 as a valid response according to the spec,\n            // meaning the server does not support explicit session termination\n            if (!response.ok && response.status !== 405) {\n                throw new StreamableHTTPError(response.status, `Failed to terminate session: ${response.statusText}`);\n            }\n            this._sessionId = undefined;\n        }\n        catch (error) {\n            (_c = this.onerror) === null || _c === void 0 ? void 0 : _c.call(this, error);\n            throw error;\n        }\n    }\n    setProtocolVersion(version) {\n        this._protocolVersion = version;\n    }\n    get protocolVersion() {\n        return this._protocolVersion;\n    }\n}\n//# sourceMappingURL=streamableHttp.js.map"],"names":[],"mappings":";;;;AAGA;AACA,MAAM,4CAA4C,GAAG;AACrD,IAAI,wBAAwB,EAAE,IAAI;AAClC,IAAI,oBAAoB,EAAE,KAAK;AAC/B,IAAI,2BAA2B,EAAE,GAAG;AACpC,IAAI,UAAU,EAAE,CAAC;AACjB,CAAC;AACM,MAAM,mBAAmB,SAAS,KAAK,CAAC;AAC/C,IAAI,WAAW,CAAC,IAAI,EAAE,OAAO,EAAE;AAC/B,QAAQ,KAAK,CAAC,CAAC,uBAAuB,EAAE,OAAO,CAAC,CAAC,CAAC;AAClD,QAAQ,IAAI,CAAC,IAAI,GAAG,IAAI;AACxB,IAAI;AACJ;AACA;AACA;AACA;AACA;AACA;AACO,MAAM,6BAA6B,CAAC;AAC3C,IAAI,WAAW,CAAC,GAAG,EAAE,IAAI,EAAE;AAC3B,QAAQ,IAAI,EAAE;AACd,QAAQ,IAAI,CAAC,IAAI,GAAG,GAAG;AACvB,QAAQ,IAAI,CAAC,oBAAoB,GAAG,SAAS;AAC7C,QAAQ,IAAI,CAAC,YAAY,GAAG,IAAI,KAAK,IAAI,IAAI,IAAI,KAAK,MAAM,GAAG,MAAM,GAAG,IAAI,CAAC,WAAW;AACxF,QAAQ,IAAI,CAAC,aAAa,GAAG,IAAI,KAAK,IAAI,IAAI,IAAI,KAAK,MAAM,GAAG,MAAM,GAAG,IAAI,CAAC,YAAY;AAC1F,QAAQ,IAAI,CAAC,MAAM,GAAG,IAAI,KAAK,IAAI,IAAI,IAAI,KAAK,MAAM,GAAG,MAAM,GAAG,IAAI,CAAC,KAAK;AAC5E,QAAQ,IAAI,CAAC,UAAU,GAAG,IAAI,KAAK,IAAI,IAAI,IAAI,KAAK,MAAM,GAAG,MAAM,GAAG,IAAI,CAAC,SAAS;AACpF,QAAQ,IAAI,CAAC,oBAAoB,GAAG,CAAC,EAAE,GAAG,IAAI,KAAK,IAAI,IAAI,IAAI,KAAK,MAAM,GAAG,MAAM,GAAG,IAAI,CAAC,mBAAmB,MAAM,IAAI,IAAI,EAAE,KAAK,MAAM,GAAG,EAAE,GAAG,4CAA4C;AAC7L,IAAI;AACJ,IAAI,MAAM,cAAc,GAAG;AAC3B,QAAQ,IAAI,EAAE;AACd,QAAQ,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE;AACjC,YAAY,MAAM,IAAI,iBAAiB,CAAC,kBAAkB,CAAC;AAC3D,QAAQ;AACR,QAAQ,IAAI,MAAM;AAClB,QAAQ,IAAI;AACZ,YAAY,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,EAAE,SAAS,EAAE,IAAI,CAAC,IAAI,EAAE,mBAAmB,EAAE,IAAI,CAAC,oBAAoB,EAAE,CAAC;AAC7H,QAAQ;AACR,QAAQ,OAAO,KAAK,EAAE;AACtB,YAAY,CAAC,EAAE,GAAG,IAAI,CAAC,OAAO,MAAM,IAAI,IAAI,EAAE,KAAK,MAAM,GAAG,MAAM,GAAG,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC;AACzF,YAAY,MAAM,KAAK;AACvB,QAAQ;AACR,QAAQ,IAAI,MAAM,KAAK,YAAY,EAAE;AACrC,YAAY,MAAM,IAAI,iBAAiB,EAAE;AACzC,QAAQ;AACR,QAAQ,OAAO,MAAM,IAAI,CAAC,eAAe,CAAC,EAAE,eAAe,EAAE,SAAS,EAAE,CAAC;AACzE,IAAI;AACJ,IAAI,MAAM,cAAc,GAAG;AAC3B,QAAQ,IAAI,EAAE;AACd,QAAQ,MAAM,OAAO,GAAG,EAAE;AAC1B,QAAQ,IAAI,IAAI,CAAC,aAAa,EAAE;AAChC,YAAY,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE;AAC5D,YAAY,IAAI,MAAM,EAAE;AACxB,gBAAgB,OAAO,CAAC,eAAe,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,CAAC,YAAY,CAAC,CAAC;AAC1E,YAAY;AACZ,QAAQ;AACR,QAAQ,IAAI,IAAI,CAAC,UAAU,EAAE;AAC7B,YAAY,OAAO,CAAC,gBAAgB,CAAC,GAAG,IAAI,CAAC,UAAU;AACvD,QAAQ;AACR,QAAQ,IAAI,IAAI,CAAC,gBAAgB,EAAE;AACnC,YAAY,OAAO,CAAC,sBAAsB,CAAC,GAAG,IAAI,CAAC,gBAAgB;AACnE,QAAQ;AACR,QAAQ,MAAM,YAAY,GAAG,IAAI,CAAC,iBAAiB,CAAC,CAAC,EAAE,GAAG,IAAI,CAAC,YAAY,MAAM,IAAI,IAAI,EAAE,KAAK,MAAM,GAAG,MAAM,GAAG,EAAE,CAAC,OAAO,CAAC;AAC7H,QAAQ,OAAO,IAAI,OAAO,CAAC;AAC3B,YAAY,GAAG,OAAO;AACtB,YAAY,GAAG,YAAY;AAC3B,SAAS,CAAC;AACV,IAAI;AACJ,IAAI,MAAM,eAAe,CAAC,OAAO,EAAE;AACnC,QAAQ,IAAI,EAAE,EAAE,EAAE,EAAE,EAAE;AACtB,QAAQ,MAAM,EAAE,eAAe,EAAE,GAAG,OAAO;AAC3C,QAAQ,IAAI;AACZ;AACA;AACA,YAAY,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE;AACvD,YAAY,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,mBAAmB,CAAC;AACtD;AACA,YAAY,IAAI,eAAe,EAAE;AACjC,gBAAgB,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,eAAe,CAAC;AAC7D,YAAY;AACZ,YAAY,MAAM,QAAQ,GAAG,MAAM,CAAC,CAAC,EAAE,GAAG,IAAI,CAAC,MAAM,MAAM,IAAI,IAAI,EAAE,KAAK,KAAK,CAAC,GAAG,EAAE,GAAG,KAAK,EAAE,IAAI,CAAC,IAAI,EAAE;AAC1G,gBAAgB,MAAM,EAAE,KAAK;AAC7B,gBAAgB,OAAO;AACvB,gBAAgB,MAAM,EAAE,CAAC,EAAE,GAAG,IAAI,CAAC,gBAAgB,MAAM,IAAI,IAAI,EAAE,KAAK,KAAK,CAAC,GAAG,KAAK,CAAC,GAAG,EAAE,CAAC,MAAM;AACnG,aAAa,CAAC;AACd,YAAY,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE;AAC9B,gBAAgB,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,IAAI,CAAC,aAAa,EAAE;AACnE;AACA,oBAAoB,OAAO,MAAM,IAAI,CAAC,cAAc,EAAE;AACtD,gBAAgB;AAChB;AACA;AACA,gBAAgB,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE;AAC7C,oBAAoB;AACpB,gBAAgB;AAChB,gBAAgB,MAAM,IAAI,mBAAmB,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,2BAA2B,EAAE,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC;AACnH,YAAY;AACZ,YAAY,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC;AACzD,QAAQ;AACR,QAAQ,OAAO,KAAK,EAAE;AACtB,YAAY,CAAC,EAAE,GAAG,IAAI,CAAC,OAAO,MAAM,IAAI,IAAI,EAAE,KAAK,MAAM,GAAG,MAAM,GAAG,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC;AACzF,YAAY,MAAM,KAAK;AACvB,QAAQ;AACR,IAAI;AACJ;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,yBAAyB,CAAC,OAAO,EAAE;AACvC;AACA,QAAQ,MAAM,YAAY,GAAG,IAAI,CAAC,oBAAoB,CAAC,wBAAwB;AAC/E,QAAQ,MAAM,UAAU,GAAG,IAAI,CAAC,oBAAoB,CAAC,2BAA2B;AAChF,QAAQ,MAAM,QAAQ,GAAG,IAAI,CAAC,oBAAoB,CAAC,oBAAoB;AACvE;AACA,QAAQ,OAAO,IAAI,CAAC,GAAG,CAAC,YAAY,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,EAAE,OAAO,CAAC,EAAE,QAAQ,CAAC;AAC/E,IAAI;AACJ,IAAI,iBAAiB,CAAC,OAAO,EAAE;AAC/B,QAAQ,IAAI,CAAC,OAAO;AACpB,YAAY,OAAO,EAAE;AACrB,QAAQ,IAAI,OAAO,YAAY,OAAO,EAAE;AACxC,YAAY,OAAO,MAAM,CAAC,WAAW,CAAC,OAAO,CAAC,OAAO,EAAE,CAAC;AACxD,QAAQ;AACR,QAAQ,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE;AACpC,YAAY,OAAO,MAAM,CAAC,WAAW,CAAC,OAAO,CAAC;AAC9C,QAAQ;AACR,QAAQ,OAAO,EAAE,GAAG,OAAO,EAAE;AAC7B,IAAI;AACJ;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,qBAAqB,CAAC,OAAO,EAAE,YAAY,GAAG,CAAC,EAAE;AACrD,QAAQ,IAAI,EAAE;AACd;AACA,QAAQ,MAAM,UAAU,GAAG,IAAI,CAAC,oBAAoB,CAAC,UAAU;AAC/D;AACA,QAAQ,IAAI,UAAU,GAAG,CAAC,IAAI,YAAY,IAAI,UAAU,EAAE;AAC1D,YAAY,CAAC,EAAE,GAAG,IAAI,CAAC,OAAO,MAAM,IAAI,IAAI,EAAE,KAAK,MAAM,GAAG,MAAM,GAAG,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,KAAK,CAAC,CAAC,+BAA+B,EAAE,UAAU,CAAC,WAAW,CAAC,CAAC,CAAC;AACxJ,YAAY;AACZ,QAAQ;AACR;AACA,QAAQ,MAAM,KAAK,GAAG,IAAI,CAAC,yBAAyB,CAAC,YAAY,CAAC;AAClE;AACA,QAAQ,UAAU,CAAC,MAAM;AACzB;AACA,YAAY,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,KAAK,IAAI;AACzD,gBAAgB,IAAI,EAAE;AACtB,gBAAgB,CAAC,EAAE,GAAG,IAAI,CAAC,OAAO,MAAM,IAAI,IAAI,EAAE,KAAK,MAAM,GAAG,MAAM,GAAG,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,KAAK,CAAC,CAAC,gCAAgC,EAAE,KAAK,YAAY,KAAK,GAAG,KAAK,CAAC,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;AAC9L;AACA,gBAAgB,IAAI,CAAC,qBAAqB,CAAC,OAAO,EAAE,YAAY,GAAG,CAAC,CAAC;AACrE,YAAY,CAAC,CAAC;AACd,QAAQ,CAAC,EAAE,KAAK,CAAC;AACjB,IAAI;AACJ,IAAI,gBAAgB,CAAC,MAAM,EAAE,OAAO,EAAE;AACtC,QAAQ,IAAI,CAAC,MAAM,EAAE;AACrB,YAAY;AACZ,QAAQ;AACR,QAAQ,MAAM,EAAE,iBAAiB,EAAE,eAAe,EAAE,GAAG,OAAO;AAC9D,QAAQ,IAAI,WAAW;AACvB,QAAQ,MAAM,aAAa,GAAG,YAAY;AAC1C,YAAY,IAAI,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE;AAC9B;AACA;AACA,YAAY,IAAI;AAChB;AACA,gBAAgB,MAAM,MAAM,GAAG;AAC/B,qBAAqB,WAAW,CAAC,IAAI,iBAAiB,EAAE;AACxD,qBAAqB,WAAW,CAAC,IAAI,uBAAuB,EAAE;AAC9D,qBAAqB,SAAS,EAAE;AAChC,gBAAgB,OAAO,IAAI,EAAE;AAC7B,oBAAoB,MAAM,EAAE,KAAK,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,MAAM,MAAM,CAAC,IAAI,EAAE;AACtE,oBAAoB,IAAI,IAAI,EAAE;AAC9B,wBAAwB;AACxB,oBAAoB;AACpB;AACA,oBAAoB,IAAI,KAAK,CAAC,EAAE,EAAE;AAClC,wBAAwB,WAAW,GAAG,KAAK,CAAC,EAAE;AAC9C,wBAAwB,iBAAiB,KAAK,IAAI,IAAI,iBAAiB,KAAK,KAAK,CAAC,GAAG,KAAK,CAAC,GAAG,iBAAiB,CAAC,KAAK,CAAC,EAAE,CAAC;AACzH,oBAAoB;AACpB,oBAAoB,IAAI,CAAC,KAAK,CAAC,KAAK,IAAI,KAAK,CAAC,KAAK,KAAK,SAAS,EAAE;AACnE,wBAAwB,IAAI;AAC5B,4BAA4B,MAAM,OAAO,GAAG,oBAAoB,CAAC,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;AAC9F,4BAA4B,IAAI,eAAe,KAAK,SAAS,IAAI,iBAAiB,CAAC,OAAO,CAAC,EAAE;AAC7F,gCAAgC,OAAO,CAAC,EAAE,GAAG,eAAe;AAC5D,4BAA4B;AAC5B,4BAA4B,CAAC,EAAE,GAAG,IAAI,CAAC,SAAS,MAAM,IAAI,IAAI,EAAE,KAAK,KAAK,CAAC,GAAG,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC;AAC7G,wBAAwB;AACxB,wBAAwB,OAAO,KAAK,EAAE;AACtC,4BAA4B,CAAC,EAAE,GAAG,IAAI,CAAC,OAAO,MAAM,IAAI,IAAI,EAAE,KAAK,KAAK,CAAC,GAAG,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC;AACzG,wBAAwB;AACxB,oBAAoB;AACpB,gBAAgB;AAChB,YAAY;AACZ,YAAY,OAAO,KAAK,EAAE;AAC1B;AACA,gBAAgB,CAAC,EAAE,GAAG,IAAI,CAAC,OAAO,MAAM,IAAI,IAAI,EAAE,KAAK,MAAM,GAAG,MAAM,GAAG,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,KAAK,CAAC,CAAC,yBAAyB,EAAE,KAAK,CAAC,CAAC,CAAC,CAAC;AACtI;AACA,gBAAgB,IAAI,IAAI,CAAC,gBAAgB,IAAI,CAAC,IAAI,CAAC,gBAAgB,CAAC,MAAM,CAAC,OAAO,EAAE;AACpF;AACA,oBAAoB,IAAI,WAAW,KAAK,SAAS,EAAE;AACnD,wBAAwB,IAAI;AAC5B,4BAA4B,IAAI,CAAC,qBAAqB,CAAC;AACvD,gCAAgC,eAAe,EAAE,WAAW;AAC5D,gCAAgC,iBAAiB;AACjD,gCAAgC;AAChC,6BAA6B,EAAE,CAAC,CAAC;AACjC,wBAAwB;AACxB,wBAAwB,OAAO,KAAK,EAAE;AACtC,4BAA4B,CAAC,EAAE,GAAG,IAAI,CAAC,OAAO,MAAM,IAAI,IAAI,EAAE,KAAK,MAAM,GAAG,MAAM,GAAG,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,IAAI,KAAK,CAAC,CAAC,qBAAqB,EAAE,KAAK,YAAY,KAAK,GAAG,KAAK,CAAC,OAAO,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;AAC/L,wBAAwB;AACxB,oBAAoB;AACpB,gBAAgB;AAChB,YAAY;AACZ,QAAQ,CAAC;AACT,QAAQ,aAAa,EAAE;AACvB,IAAI;AACJ,IAAI,MAAM,KAAK,GAAG;AAClB,QAAQ,IAAI,IAAI,CAAC,gBAAgB,EAAE;AACnC,YAAY,MAAM,IAAI,KAAK,CAAC,wHAAwH,CAAC;AACrJ,QAAQ;AACR,QAAQ,IAAI,CAAC,gBAAgB,GAAG,IAAI,eAAe,EAAE;AACrD,IAAI;AACJ;AACA;AACA;AACA,IAAI,MAAM,UAAU,CAAC,iBAAiB,EAAE;AACxC,QAAQ,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE;AACjC,YAAY,MAAM,IAAI,iBAAiB,CAAC,kBAAkB,CAAC;AAC3D,QAAQ;AACR,QAAQ,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,EAAE,SAAS,EAAE,IAAI,CAAC,IAAI,EAAE,iBAAiB,EAAE,mBAAmB,EAAE,IAAI,CAAC,oBAAoB,EAAE,CAAC;AAClJ,QAAQ,IAAI,MAAM,KAAK,YAAY,EAAE;AACrC,YAAY,MAAM,IAAI,iBAAiB,CAAC,qBAAqB,CAAC;AAC9D,QAAQ;AACR,IAAI;AACJ,IAAI,MAAM,KAAK,GAAG;AAClB,QAAQ,IAAI,EAAE,EAAE,EAAE;AAClB;AACA,QAAQ,CAAC,EAAE,GAAG,IAAI,CAAC,gBAAgB,MAAM,IAAI,IAAI,EAAE,KAAK,MAAM,GAAG,MAAM,GAAG,EAAE,CAAC,KAAK,EAAE;AACpF,QAAQ,CAAC,EAAE,GAAG,IAAI,CAAC,OAAO,MAAM,IAAI,IAAI,EAAE,KAAK,MAAM,GAAG,MAAM,GAAG,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC;AAC9E,IAAI;AACJ,IAAI,MAAM,IAAI,CAAC,OAAO,EAAE,OAAO,EAAE;AACjC,QAAQ,IAAI,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE,EAAE;AAC1B,QAAQ,IAAI;AACZ,YAAY,MAAM,EAAE,eAAe,EAAE,iBAAiB,EAAE,GAAG,OAAO,IAAI,EAAE;AACxE,YAAY,IAAI,eAAe,EAAE;AACjC;AACA,gBAAgB,IAAI,CAAC,eAAe,CAAC,EAAE,eAAe,EAAE,eAAe,EAAE,gBAAgB,CAAC,OAAO,CAAC,GAAG,OAAO,CAAC,EAAE,GAAG,SAAS,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,EAAE,GAAG,IAAI,CAAC,OAAO,MAAM,IAAI,IAAI,EAAE,KAAK,KAAK,CAAC,GAAG,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;AAC5O,gBAAgB;AAChB,YAAY;AACZ,YAAY,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE;AACvD,YAAY,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,kBAAkB,CAAC;AAC3D,YAAY,OAAO,CAAC,GAAG,CAAC,QAAQ,EAAE,qCAAqC,CAAC;AACxE,YAAY,MAAM,IAAI,GAAG;AACzB,gBAAgB,GAAG,IAAI,CAAC,YAAY;AACpC,gBAAgB,MAAM,EAAE,MAAM;AAC9B,gBAAgB,OAAO;AACvB,gBAAgB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;AAC7C,gBAAgB,MAAM,EAAE,CAAC,EAAE,GAAG,IAAI,CAAC,gBAAgB,MAAM,IAAI,IAAI,EAAE,KAAK,KAAK,CAAC,GAAG,KAAK,CAAC,GAAG,EAAE,CAAC,MAAM;AACnG,aAAa;AACb,YAAY,MAAM,QAAQ,GAAG,MAAM,CAAC,CAAC,EAAE,GAAG,IAAI,CAAC,MAAM,MAAM,IAAI,IAAI,EAAE,KAAK,KAAK,CAAC,GAAG,EAAE,GAAG,KAAK,EAAE,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC;AAC/G;AACA,YAAY,MAAM,SAAS,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC;AACpE,YAAY,IAAI,SAAS,EAAE;AAC3B,gBAAgB,IAAI,CAAC,UAAU,GAAG,SAAS;AAC3C,YAAY;AACZ,YAAY,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE;AAC9B,gBAAgB,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,IAAI,CAAC,aAAa,EAAE;AACnE,oBAAoB,IAAI,CAAC,oBAAoB,GAAG,0BAA0B,CAAC,QAAQ,CAAC;AACpF,oBAAoB,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,EAAE,SAAS,EAAE,IAAI,CAAC,IAAI,EAAE,mBAAmB,EAAE,IAAI,CAAC,oBAAoB,EAAE,CAAC;AAC3I,oBAAoB,IAAI,MAAM,KAAK,YAAY,EAAE;AACjD,wBAAwB,MAAM,IAAI,iBAAiB,EAAE;AACrD,oBAAoB;AACpB;AACA,oBAAoB,OAAO,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC;AAC7C,gBAAgB;AAChB,gBAAgB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,MAAM,IAAI,CAAC;AACpE,gBAAgB,MAAM,IAAI,KAAK,CAAC,CAAC,gCAAgC,EAAE,QAAQ,CAAC,MAAM,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC,CAAC;AAC/F,YAAY;AACZ;AACA,YAAY,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE;AACzC;AACA;AACA,gBAAgB,IAAI,yBAAyB,CAAC,OAAO,CAAC,EAAE;AACxD;AACA,oBAAoB,IAAI,CAAC,eAAe,CAAC,EAAE,eAAe,EAAE,SAAS,EAAE,CAAC,CAAC,KAAK,CAAC,GAAG,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,OAAO,CAAC,EAAE,GAAG,IAAI,CAAC,OAAO,MAAM,IAAI,IAAI,EAAE,KAAK,KAAK,CAAC,GAAG,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;AACtL,gBAAgB;AAChB,gBAAgB;AAChB,YAAY;AACZ;AACA,YAAY,MAAM,QAAQ,GAAG,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,OAAO,GAAG,CAAC,OAAO,CAAC;AACzE,YAAY,MAAM,WAAW,GAAG,QAAQ,CAAC,MAAM,CAAC,GAAG,IAAI,QAAQ,IAAI,GAAG,IAAI,IAAI,IAAI,GAAG,IAAI,GAAG,CAAC,EAAE,KAAK,SAAS,CAAC,CAAC,MAAM,GAAG,CAAC;AACzH;AACA,YAAY,MAAM,WAAW,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC;AACpE,YAAY,IAAI,WAAW,EAAE;AAC7B,gBAAgB,IAAI,WAAW,KAAK,IAAI,IAAI,WAAW,KAAK,KAAK,CAAC,GAAG,KAAK,CAAC,GAAG,WAAW,CAAC,QAAQ,CAAC,mBAAmB,CAAC,EAAE;AACzH;AACA;AACA;AACA,oBAAoB,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,IAAI,EAAE,EAAE,iBAAiB,EAAE,CAAC;AAC/E,gBAAgB;AAChB,qBAAqB,IAAI,WAAW,KAAK,IAAI,IAAI,WAAW,KAAK,KAAK,CAAC,GAAG,KAAK,CAAC,GAAG,WAAW,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE;AAC7H;AACA,oBAAoB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE;AACtD,oBAAoB,MAAM,gBAAgB,GAAG,KAAK,CAAC,OAAO,CAAC,IAAI;AAC/D,0BAA0B,IAAI,CAAC,GAAG,CAAC,GAAG,IAAI,oBAAoB,CAAC,KAAK,CAAC,GAAG,CAAC;AACzE,0BAA0B,CAAC,oBAAoB,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;AAC5D,oBAAoB,KAAK,MAAM,GAAG,IAAI,gBAAgB,EAAE;AACxD,wBAAwB,CAAC,EAAE,GAAG,IAAI,CAAC,SAAS,MAAM,IAAI,IAAI,EAAE,KAAK,KAAK,CAAC,GAAG,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC;AACrG,oBAAoB;AACpB,gBAAgB;AAChB,qBAAqB;AACrB,oBAAoB,MAAM,IAAI,mBAAmB,CAAC,CAAC,CAAC,EAAE,CAAC,yBAAyB,EAAE,WAAW,CAAC,CAAC,CAAC;AAChG,gBAAgB;AAChB,YAAY;AACZ,QAAQ;AACR,QAAQ,OAAO,KAAK,EAAE;AACtB,YAAY,CAAC,EAAE,GAAG,IAAI,CAAC,OAAO,MAAM,IAAI,IAAI,EAAE,KAAK,MAAM,GAAG,MAAM,GAAG,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC;AACzF,YAAY,MAAM,KAAK;AACvB,QAAQ;AACR,IAAI;AACJ,IAAI,IAAI,SAAS,GAAG;AACpB,QAAQ,OAAO,IAAI,CAAC,UAAU;AAC9B,IAAI;AACJ;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,MAAM,gBAAgB,GAAG;AAC7B,QAAQ,IAAI,EAAE,EAAE,EAAE,EAAE,EAAE;AACtB,QAAQ,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE;AAC9B,YAAY,OAAO;AACnB,QAAQ;AACR,QAAQ,IAAI;AACZ,YAAY,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE;AACvD,YAAY,MAAM,IAAI,GAAG;AACzB,gBAAgB,GAAG,IAAI,CAAC,YAAY;AACpC,gBAAgB,MAAM,EAAE,QAAQ;AAChC,gBAAgB,OAAO;AACvB,gBAAgB,MAAM,EAAE,CAAC,EAAE,GAAG,IAAI,CAAC,gBAAgB,MAAM,IAAI,IAAI,EAAE,KAAK,KAAK,CAAC,GAAG,KAAK,CAAC,GAAG,EAAE,CAAC,MAAM;AACnG,aAAa;AACb,YAAY,MAAM,QAAQ,GAAG,MAAM,CAAC,CAAC,EAAE,GAAG,IAAI,CAAC,MAAM,MAAM,IAAI,IAAI,EAAE,KAAK,KAAK,CAAC,GAAG,EAAE,GAAG,KAAK,EAAE,IAAI,CAAC,IAAI,EAAE,IAAI,CAAC;AAC/G;AACA;AACA,YAAY,IAAI,CAAC,QAAQ,CAAC,EAAE,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE;AACzD,gBAAgB,MAAM,IAAI,mBAAmB,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,6BAA6B,EAAE,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC;AACrH,YAAY;AACZ,YAAY,IAAI,CAAC,UAAU,GAAG,SAAS;AACvC,QAAQ;AACR,QAAQ,OAAO,KAAK,EAAE;AACtB,YAAY,CAAC,EAAE,GAAG,IAAI,CAAC,OAAO,MAAM,IAAI,IAAI,EAAE,KAAK,MAAM,GAAG,MAAM,GAAG,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC;AACzF,YAAY,MAAM,KAAK;AACvB,QAAQ;AACR,IAAI;AACJ,IAAI,kBAAkB,CAAC,OAAO,EAAE;AAChC,QAAQ,IAAI,CAAC,gBAAgB,GAAG,OAAO;AACvC,IAAI;AACJ,IAAI,IAAI,eAAe,GAAG;AAC1B,QAAQ,OAAO,IAAI,CAAC,gBAAgB;AACpC,IAAI;AACJ;;;;","x_google_ignoreList":[0]}

package/dist/node_modules/@modelcontextprotocol/sdk/dist/esm/shared/auth-utils.js

@@ -0,0 +1,46 @@
+/**
+ * Utilities for handling OAuth resource URIs.
+ */
+/**
+ * Converts a server URL to a resource URL by removing the fragment.
+ * RFC 8707 section 2 states that resource URIs "MUST NOT include a fragment component".
+ * Keeps everything else unchanged (scheme, domain, port, path, query).
+ */
+function resourceUrlFromServerUrl(url) {
+    const resourceURL = typeof url === "string" ? new URL(url) : new URL(url.href);
+    resourceURL.hash = ''; // Remove fragment
+    return resourceURL;
+}
+/**
+ * Checks if a requested resource URL matches a configured resource URL.
+ * A requested resource matches if it has the same scheme, domain, port,
+ * and its path starts with the configured resource's path.
+ *
+ * @param requestedResource The resource URL being requested
+ * @param configuredResource The resource URL that has been configured
+ * @returns true if the requested resource matches the configured resource, false otherwise
+ */
+function checkResourceAllowed({ requestedResource, configuredResource }) {
+    const requested = typeof requestedResource === "string" ? new URL(requestedResource) : new URL(requestedResource.href);
+    const configured = typeof configuredResource === "string" ? new URL(configuredResource) : new URL(configuredResource.href);
+    // Compare the origin (scheme, domain, and port)
+    if (requested.origin !== configured.origin) {
+        return false;
+    }
+    // Handle cases like requested=/foo and configured=/foo/
+    if (requested.pathname.length < configured.pathname.length) {
+        return false;
+    }
+    // Check if the requested path starts with the configured path
+    // Ensure both paths end with / for proper comparison
+    // This ensures that if we have paths like "/api" and "/api/users",
+    // we properly detect that "/api/users" is a subpath of "/api"
+    // By adding a trailing slash if missing, we avoid false positives
+    // where paths like "/api123" would incorrectly match "/api"
+    const requestedPath = requested.pathname.endsWith('/') ? requested.pathname : requested.pathname + '/';
+    const configuredPath = configured.pathname.endsWith('/') ? configured.pathname : configured.pathname + '/';
+    return requestedPath.startsWith(configuredPath);
+}
+
+export { checkResourceAllowed, resourceUrlFromServerUrl };
+//# sourceMappingURL=auth-utils.js.map

package/dist/node_modules/@modelcontextprotocol/sdk/dist/esm/shared/auth-utils.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-utils.js","sources":["../../../../../../../../../node_modules/@modelcontextprotocol/sdk/dist/esm/shared/auth-utils.js"],"sourcesContent":["/**\n * Utilities for handling OAuth resource URIs.\n */\n/**\n * Converts a server URL to a resource URL by removing the fragment.\n * RFC 8707 section 2 states that resource URIs \"MUST NOT include a fragment component\".\n * Keeps everything else unchanged (scheme, domain, port, path, query).\n */\nexport function resourceUrlFromServerUrl(url) {\n    const resourceURL = typeof url === \"string\" ? new URL(url) : new URL(url.href);\n    resourceURL.hash = ''; // Remove fragment\n    return resourceURL;\n}\n/**\n * Checks if a requested resource URL matches a configured resource URL.\n * A requested resource matches if it has the same scheme, domain, port,\n * and its path starts with the configured resource's path.\n *\n * @param requestedResource The resource URL being requested\n * @param configuredResource The resource URL that has been configured\n * @returns true if the requested resource matches the configured resource, false otherwise\n */\nexport function checkResourceAllowed({ requestedResource, configuredResource }) {\n    const requested = typeof requestedResource === \"string\" ? new URL(requestedResource) : new URL(requestedResource.href);\n    const configured = typeof configuredResource === \"string\" ? new URL(configuredResource) : new URL(configuredResource.href);\n    // Compare the origin (scheme, domain, and port)\n    if (requested.origin !== configured.origin) {\n        return false;\n    }\n    // Handle cases like requested=/foo and configured=/foo/\n    if (requested.pathname.length < configured.pathname.length) {\n        return false;\n    }\n    // Check if the requested path starts with the configured path\n    // Ensure both paths end with / for proper comparison\n    // This ensures that if we have paths like \"/api\" and \"/api/users\",\n    // we properly detect that \"/api/users\" is a subpath of \"/api\"\n    // By adding a trailing slash if missing, we avoid false positives\n    // where paths like \"/api123\" would incorrectly match \"/api\"\n    const requestedPath = requested.pathname.endsWith('/') ? requested.pathname : requested.pathname + '/';\n    const configuredPath = configured.pathname.endsWith('/') ? configured.pathname : configured.pathname + '/';\n    return requestedPath.startsWith(configuredPath);\n}\n//# sourceMappingURL=auth-utils.js.map"],"names":[],"mappings":"AAAA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,SAAS,wBAAwB,CAAC,GAAG,EAAE;AAC9C,IAAI,MAAM,WAAW,GAAG,OAAO,GAAG,KAAK,QAAQ,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC;AAClF,IAAI,WAAW,CAAC,IAAI,GAAG,EAAE,CAAC;AAC1B,IAAI,OAAO,WAAW;AACtB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACO,SAAS,oBAAoB,CAAC,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,EAAE;AAChF,IAAI,MAAM,SAAS,GAAG,OAAO,iBAAiB,KAAK,QAAQ,GAAG,IAAI,GAAG,CAAC,iBAAiB,CAAC,GAAG,IAAI,GAAG,CAAC,iBAAiB,CAAC,IAAI,CAAC;AAC1H,IAAI,MAAM,UAAU,GAAG,OAAO,kBAAkB,KAAK,QAAQ,GAAG,IAAI,GAAG,CAAC,kBAAkB,CAAC,GAAG,IAAI,GAAG,CAAC,kBAAkB,CAAC,IAAI,CAAC;AAC9H;AACA,IAAI,IAAI,SAAS,CAAC,MAAM,KAAK,UAAU,CAAC,MAAM,EAAE;AAChD,QAAQ,OAAO,KAAK;AACpB,IAAI;AACJ;AACA,IAAI,IAAI,SAAS,CAAC,QAAQ,CAAC,MAAM,GAAG,UAAU,CAAC,QAAQ,CAAC,MAAM,EAAE;AAChE,QAAQ,OAAO,KAAK;AACpB,IAAI;AACJ;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,MAAM,aAAa,GAAG,SAAS,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,SAAS,CAAC,QAAQ,GAAG,SAAS,CAAC,QAAQ,GAAG,GAAG;AAC1G,IAAI,MAAM,cAAc,GAAG,UAAU,CAAC,QAAQ,CAAC,QAAQ,CAAC,GAAG,CAAC,GAAG,UAAU,CAAC,QAAQ,GAAG,UAAU,CAAC,QAAQ,GAAG,GAAG;AAC9G,IAAI,OAAO,aAAa,CAAC,UAAU,CAAC,cAAc,CAAC;AACnD;;;;","x_google_ignoreList":[0]}

package/dist/node_modules/@modelcontextprotocol/sdk/dist/esm/shared/auth.js

@@ -0,0 +1,120 @@
+import { object as objectType, boolean as booleanType, array as arrayType, string as stringType, number as numberType, any as anyType } from '../../../../../zod/dist/esm/v3/types.js';
+
+/**
+ * RFC 9728 OAuth Protected Resource Metadata
+ */
+const OAuthProtectedResourceMetadataSchema = objectType({
+    resource: stringType().url(),
+    authorization_servers: arrayType(stringType().url()).optional(),
+    jwks_uri: stringType().url().optional(),
+    scopes_supported: arrayType(stringType()).optional(),
+    bearer_methods_supported: arrayType(stringType()).optional(),
+    resource_signing_alg_values_supported: arrayType(stringType()).optional(),
+    resource_name: stringType().optional(),
+    resource_documentation: stringType().optional(),
+    resource_policy_uri: stringType().url().optional(),
+    resource_tos_uri: stringType().url().optional(),
+    tls_client_certificate_bound_access_tokens: booleanType().optional(),
+    authorization_details_types_supported: arrayType(stringType()).optional(),
+    dpop_signing_alg_values_supported: arrayType(stringType()).optional(),
+    dpop_bound_access_tokens_required: booleanType().optional(),
+})
+    .passthrough();
+/**
+ * RFC 8414 OAuth 2.0 Authorization Server Metadata
+ */
+const OAuthMetadataSchema = objectType({
+    issuer: stringType(),
+    authorization_endpoint: stringType(),
+    token_endpoint: stringType(),
+    registration_endpoint: stringType().optional(),
+    scopes_supported: arrayType(stringType()).optional(),
+    response_types_supported: arrayType(stringType()),
+    response_modes_supported: arrayType(stringType()).optional(),
+    grant_types_supported: arrayType(stringType()).optional(),
+    token_endpoint_auth_methods_supported: arrayType(stringType()).optional(),
+    token_endpoint_auth_signing_alg_values_supported: arrayType(stringType())
+        .optional(),
+    service_documentation: stringType().optional(),
+    revocation_endpoint: stringType().optional(),
+    revocation_endpoint_auth_methods_supported: arrayType(stringType()).optional(),
+    revocation_endpoint_auth_signing_alg_values_supported: arrayType(stringType())
+        .optional(),
+    introspection_endpoint: stringType().optional(),
+    introspection_endpoint_auth_methods_supported: arrayType(stringType())
+        .optional(),
+    introspection_endpoint_auth_signing_alg_values_supported: arrayType(stringType())
+        .optional(),
+    code_challenge_methods_supported: arrayType(stringType()).optional(),
+})
+    .passthrough();
+/**
+ * OAuth 2.1 token response
+ */
+const OAuthTokensSchema = objectType({
+    access_token: stringType(),
+    token_type: stringType(),
+    expires_in: numberType().optional(),
+    scope: stringType().optional(),
+    refresh_token: stringType().optional(),
+})
+    .strip();
+/**
+ * OAuth 2.1 error response
+ */
+objectType({
+    error: stringType(),
+    error_description: stringType().optional(),
+    error_uri: stringType().optional(),
+});
+/**
+ * RFC 7591 OAuth 2.0 Dynamic Client Registration metadata
+ */
+const OAuthClientMetadataSchema = objectType({
+    redirect_uris: arrayType(stringType()).refine((uris) => uris.every((uri) => URL.canParse(uri)), { message: "redirect_uris must contain valid URLs" }),
+    token_endpoint_auth_method: stringType().optional(),
+    grant_types: arrayType(stringType()).optional(),
+    response_types: arrayType(stringType()).optional(),
+    client_name: stringType().optional(),
+    client_uri: stringType().optional(),
+    logo_uri: stringType().optional(),
+    scope: stringType().optional(),
+    contacts: arrayType(stringType()).optional(),
+    tos_uri: stringType().optional(),
+    policy_uri: stringType().optional(),
+    jwks_uri: stringType().optional(),
+    jwks: anyType().optional(),
+    software_id: stringType().optional(),
+    software_version: stringType().optional(),
+    software_statement: stringType().optional(),
+}).strip();
+/**
+ * RFC 7591 OAuth 2.0 Dynamic Client Registration client information
+ */
+const OAuthClientInformationSchema = objectType({
+    client_id: stringType(),
+    client_secret: stringType().optional(),
+    client_id_issued_at: numberType().optional(),
+    client_secret_expires_at: numberType().optional(),
+}).strip();
+/**
+ * RFC 7591 OAuth 2.0 Dynamic Client Registration full response (client information plus metadata)
+ */
+const OAuthClientInformationFullSchema = OAuthClientMetadataSchema.merge(OAuthClientInformationSchema);
+/**
+ * RFC 7591 OAuth 2.0 Dynamic Client Registration error response
+ */
+objectType({
+    error: stringType(),
+    error_description: stringType().optional(),
+}).strip();
+/**
+ * RFC 7009 OAuth 2.0 Token Revocation request
+ */
+objectType({
+    token: stringType(),
+    token_type_hint: stringType().optional(),
+}).strip();
+
+export { OAuthClientInformationFullSchema, OAuthClientInformationSchema, OAuthClientMetadataSchema, OAuthMetadataSchema, OAuthProtectedResourceMetadataSchema, OAuthTokensSchema };
+//# sourceMappingURL=auth.js.map

package/dist/node_modules/@modelcontextprotocol/sdk/dist/esm/shared/auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.js","sources":["../../../../../../../../../node_modules/@modelcontextprotocol/sdk/dist/esm/shared/auth.js"],"sourcesContent":["import { z } from \"zod\";\n/**\n * RFC 9728 OAuth Protected Resource Metadata\n */\nexport const OAuthProtectedResourceMetadataSchema = z\n    .object({\n    resource: z.string().url(),\n    authorization_servers: z.array(z.string().url()).optional(),\n    jwks_uri: z.string().url().optional(),\n    scopes_supported: z.array(z.string()).optional(),\n    bearer_methods_supported: z.array(z.string()).optional(),\n    resource_signing_alg_values_supported: z.array(z.string()).optional(),\n    resource_name: z.string().optional(),\n    resource_documentation: z.string().optional(),\n    resource_policy_uri: z.string().url().optional(),\n    resource_tos_uri: z.string().url().optional(),\n    tls_client_certificate_bound_access_tokens: z.boolean().optional(),\n    authorization_details_types_supported: z.array(z.string()).optional(),\n    dpop_signing_alg_values_supported: z.array(z.string()).optional(),\n    dpop_bound_access_tokens_required: z.boolean().optional(),\n})\n    .passthrough();\n/**\n * RFC 8414 OAuth 2.0 Authorization Server Metadata\n */\nexport const OAuthMetadataSchema = z\n    .object({\n    issuer: z.string(),\n    authorization_endpoint: z.string(),\n    token_endpoint: z.string(),\n    registration_endpoint: z.string().optional(),\n    scopes_supported: z.array(z.string()).optional(),\n    response_types_supported: z.array(z.string()),\n    response_modes_supported: z.array(z.string()).optional(),\n    grant_types_supported: z.array(z.string()).optional(),\n    token_endpoint_auth_methods_supported: z.array(z.string()).optional(),\n    token_endpoint_auth_signing_alg_values_supported: z\n        .array(z.string())\n        .optional(),\n    service_documentation: z.string().optional(),\n    revocation_endpoint: z.string().optional(),\n    revocation_endpoint_auth_methods_supported: z.array(z.string()).optional(),\n    revocation_endpoint_auth_signing_alg_values_supported: z\n        .array(z.string())\n        .optional(),\n    introspection_endpoint: z.string().optional(),\n    introspection_endpoint_auth_methods_supported: z\n        .array(z.string())\n        .optional(),\n    introspection_endpoint_auth_signing_alg_values_supported: z\n        .array(z.string())\n        .optional(),\n    code_challenge_methods_supported: z.array(z.string()).optional(),\n})\n    .passthrough();\n/**\n * OAuth 2.1 token response\n */\nexport const OAuthTokensSchema = z\n    .object({\n    access_token: z.string(),\n    token_type: z.string(),\n    expires_in: z.number().optional(),\n    scope: z.string().optional(),\n    refresh_token: z.string().optional(),\n})\n    .strip();\n/**\n * OAuth 2.1 error response\n */\nexport const OAuthErrorResponseSchema = z\n    .object({\n    error: z.string(),\n    error_description: z.string().optional(),\n    error_uri: z.string().optional(),\n});\n/**\n * RFC 7591 OAuth 2.0 Dynamic Client Registration metadata\n */\nexport const OAuthClientMetadataSchema = z.object({\n    redirect_uris: z.array(z.string()).refine((uris) => uris.every((uri) => URL.canParse(uri)), { message: \"redirect_uris must contain valid URLs\" }),\n    token_endpoint_auth_method: z.string().optional(),\n    grant_types: z.array(z.string()).optional(),\n    response_types: z.array(z.string()).optional(),\n    client_name: z.string().optional(),\n    client_uri: z.string().optional(),\n    logo_uri: z.string().optional(),\n    scope: z.string().optional(),\n    contacts: z.array(z.string()).optional(),\n    tos_uri: z.string().optional(),\n    policy_uri: z.string().optional(),\n    jwks_uri: z.string().optional(),\n    jwks: z.any().optional(),\n    software_id: z.string().optional(),\n    software_version: z.string().optional(),\n    software_statement: z.string().optional(),\n}).strip();\n/**\n * RFC 7591 OAuth 2.0 Dynamic Client Registration client information\n */\nexport const OAuthClientInformationSchema = z.object({\n    client_id: z.string(),\n    client_secret: z.string().optional(),\n    client_id_issued_at: z.number().optional(),\n    client_secret_expires_at: z.number().optional(),\n}).strip();\n/**\n * RFC 7591 OAuth 2.0 Dynamic Client Registration full response (client information plus metadata)\n */\nexport const OAuthClientInformationFullSchema = OAuthClientMetadataSchema.merge(OAuthClientInformationSchema);\n/**\n * RFC 7591 OAuth 2.0 Dynamic Client Registration error response\n */\nexport const OAuthClientRegistrationErrorSchema = z.object({\n    error: z.string(),\n    error_description: z.string().optional(),\n}).strip();\n/**\n * RFC 7009 OAuth 2.0 Token Revocation request\n */\nexport const OAuthTokenRevocationRequestSchema = z.object({\n    token: z.string(),\n    token_type_hint: z.string().optional(),\n}).strip();\n//# sourceMappingURL=auth.js.map"],"names":["z\n    .object","z.string","z.array","z.boolean","z\n        .array","z.number","z.object","z.any"],"mappings":";;AACA;AACA;AACA;AACY,MAAC,oCAAoC,GAAGA,UACzC,CAAC;AACZ,IAAI,QAAQ,EAAEC,UAAQ,EAAE,CAAC,GAAG,EAAE;AAC9B,IAAI,qBAAqB,EAAEC,SAAO,CAACD,UAAQ,EAAE,CAAC,GAAG,EAAE,CAAC,CAAC,QAAQ,EAAE;AAC/D,IAAI,QAAQ,EAAEA,UAAQ,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;AACzC,IAAI,gBAAgB,EAAEC,SAAO,CAACD,UAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE;AACpD,IAAI,wBAAwB,EAAEC,SAAO,CAACD,UAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE;AAC5D,IAAI,qCAAqC,EAAEC,SAAO,CAACD,UAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE;AACzE,IAAI,aAAa,EAAEA,UAAQ,EAAE,CAAC,QAAQ,EAAE;AACxC,IAAI,sBAAsB,EAAEA,UAAQ,EAAE,CAAC,QAAQ,EAAE;AACjD,IAAI,mBAAmB,EAAEA,UAAQ,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;AACpD,IAAI,gBAAgB,EAAEA,UAAQ,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE;AACjD,IAAI,0CAA0C,EAAEE,WAAS,EAAE,CAAC,QAAQ,EAAE;AACtE,IAAI,qCAAqC,EAAED,SAAO,CAACD,UAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE;AACzE,IAAI,iCAAiC,EAAEC,SAAO,CAACD,UAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE;AACrE,IAAI,iCAAiC,EAAEE,WAAS,EAAE,CAAC,QAAQ,EAAE;AAC7D,CAAC;AACD,KAAK,WAAW;AAChB;AACA;AACA;AACY,MAAC,mBAAmB,GAAGH,UACxB,CAAC;AACZ,IAAI,MAAM,EAAEC,UAAQ,EAAE;AACtB,IAAI,sBAAsB,EAAEA,UAAQ,EAAE;AACtC,IAAI,cAAc,EAAEA,UAAQ,EAAE;AAC9B,IAAI,qBAAqB,EAAEA,UAAQ,EAAE,CAAC,QAAQ,EAAE;AAChD,IAAI,gBAAgB,EAAEC,SAAO,CAACD,UAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE;AACpD,IAAI,wBAAwB,EAAEC,SAAO,CAACD,UAAQ,EAAE,CAAC;AACjD,IAAI,wBAAwB,EAAEC,SAAO,CAACD,UAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE;AAC5D,IAAI,qBAAqB,EAAEC,SAAO,CAACD,UAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE;AACzD,IAAI,qCAAqC,EAAEC,SAAO,CAACD,UAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE;AACzE,IAAI,gDAAgD,EAAEG,SACxC,CAACH,UAAQ,EAAE;AACzB,SAAS,QAAQ,EAAE;AACnB,IAAI,qBAAqB,EAAEA,UAAQ,EAAE,CAAC,QAAQ,EAAE;AAChD,IAAI,mBAAmB,EAAEA,UAAQ,EAAE,CAAC,QAAQ,EAAE;AAC9C,IAAI,0CAA0C,EAAEC,SAAO,CAACD,UAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE;AAC9E,IAAI,qDAAqD,EAAEG,SAC7C,CAACH,UAAQ,EAAE;AACzB,SAAS,QAAQ,EAAE;AACnB,IAAI,sBAAsB,EAAEA,UAAQ,EAAE,CAAC,QAAQ,EAAE;AACjD,IAAI,6CAA6C,EAAEG,SACrC,CAACH,UAAQ,EAAE;AACzB,SAAS,QAAQ,EAAE;AACnB,IAAI,wDAAwD,EAAEG,SAChD,CAACH,UAAQ,EAAE;AACzB,SAAS,QAAQ,EAAE;AACnB,IAAI,gCAAgC,EAAEC,SAAO,CAACD,UAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE;AACpE,CAAC;AACD,KAAK,WAAW;AAChB;AACA;AACA;AACY,MAAC,iBAAiB,GAAGD,UACtB,CAAC;AACZ,IAAI,YAAY,EAAEC,UAAQ,EAAE;AAC5B,IAAI,UAAU,EAAEA,UAAQ,EAAE;AAC1B,IAAI,UAAU,EAAEI,UAAQ,EAAE,CAAC,QAAQ,EAAE;AACrC,IAAI,KAAK,EAAEJ,UAAQ,EAAE,CAAC,QAAQ,EAAE;AAChC,IAAI,aAAa,EAAEA,UAAQ,EAAE,CAAC,QAAQ,EAAE;AACxC,CAAC;AACD,KAAK,KAAK;AACV;AACA;AACA;AACwCD,UAC7B,CAAC;AACZ,IAAI,KAAK,EAAEC,UAAQ,EAAE;AACrB,IAAI,iBAAiB,EAAEA,UAAQ,EAAE,CAAC,QAAQ,EAAE;AAC5C,IAAI,SAAS,EAAEA,UAAQ,EAAE,CAAC,QAAQ,EAAE;AACpC,CAAC;AACD;AACA;AACA;AACY,MAAC,yBAAyB,GAAGK,UAAQ,CAAC;AAClD,IAAI,aAAa,EAAEJ,SAAO,CAACD,UAAQ,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,KAAK,CAAC,CAAC,GAAG,KAAK,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,EAAE,EAAE,OAAO,EAAE,uCAAuC,EAAE,CAAC;AACrJ,IAAI,0BAA0B,EAAEA,UAAQ,EAAE,CAAC,QAAQ,EAAE;AACrD,IAAI,WAAW,EAAEC,SAAO,CAACD,UAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE;AAC/C,IAAI,cAAc,EAAEC,SAAO,CAACD,UAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE;AAClD,IAAI,WAAW,EAAEA,UAAQ,EAAE,CAAC,QAAQ,EAAE;AACtC,IAAI,UAAU,EAAEA,UAAQ,EAAE,CAAC,QAAQ,EAAE;AACrC,IAAI,QAAQ,EAAEA,UAAQ,EAAE,CAAC,QAAQ,EAAE;AACnC,IAAI,KAAK,EAAEA,UAAQ,EAAE,CAAC,QAAQ,EAAE;AAChC,IAAI,QAAQ,EAAEC,SAAO,CAACD,UAAQ,EAAE,CAAC,CAAC,QAAQ,EAAE;AAC5C,IAAI,OAAO,EAAEA,UAAQ,EAAE,CAAC,QAAQ,EAAE;AAClC,IAAI,UAAU,EAAEA,UAAQ,EAAE,CAAC,QAAQ,EAAE;AACrC,IAAI,QAAQ,EAAEA,UAAQ,EAAE,CAAC,QAAQ,EAAE;AACnC,IAAI,IAAI,EAAEM,OAAK,EAAE,CAAC,QAAQ,EAAE;AAC5B,IAAI,WAAW,EAAEN,UAAQ,EAAE,CAAC,QAAQ,EAAE;AACtC,IAAI,gBAAgB,EAAEA,UAAQ,EAAE,CAAC,QAAQ,EAAE;AAC3C,IAAI,kBAAkB,EAAEA,UAAQ,EAAE,CAAC,QAAQ,EAAE;AAC7C,CAAC,CAAC,CAAC,KAAK;AACR;AACA;AACA;AACY,MAAC,4BAA4B,GAAGK,UAAQ,CAAC;AACrD,IAAI,SAAS,EAAEL,UAAQ,EAAE;AACzB,IAAI,aAAa,EAAEA,UAAQ,EAAE,CAAC,QAAQ,EAAE;AACxC,IAAI,mBAAmB,EAAEI,UAAQ,EAAE,CAAC,QAAQ,EAAE;AAC9C,IAAI,wBAAwB,EAAEA,UAAQ,EAAE,CAAC,QAAQ,EAAE;AACnD,CAAC,CAAC,CAAC,KAAK;AACR;AACA;AACA;AACY,MAAC,gCAAgC,GAAG,yBAAyB,CAAC,KAAK,CAAC,4BAA4B;AAC5G;AACA;AACA;AACkDC,UAAQ,CAAC;AAC3D,IAAI,KAAK,EAAEL,UAAQ,EAAE;AACrB,IAAI,iBAAiB,EAAEA,UAAQ,EAAE,CAAC,QAAQ,EAAE;AAC5C,CAAC,CAAC,CAAC,KAAK;AACR;AACA;AACA;AACiDK,UAAQ,CAAC;AAC1D,IAAI,KAAK,EAAEL,UAAQ,EAAE;AACrB,IAAI,eAAe,EAAEA,UAAQ,EAAE,CAAC,QAAQ,EAAE;AAC1C,CAAC,CAAC,CAAC,KAAK;;;;","x_google_ignoreList":[0]}