npm - @elliotding/ai-agent-mcp - Versions diffs - 0.1.24 → 0.1.26 - Mend

@elliotding/ai-agent-mcp 0.1.24 → 0.1.26

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (233) hide show

package/README.md +27 -0
package/package.json +4 -1
package/.prompt-cache/cmd-cmd-client-sdk-ai-hub-generate-testcase.md +0 -101
package/.prompt-cache/cmd-cmd-client-sdk-ai-hub-submit_zct_job.md +0 -158
package/.prompt-cache/skill-skill-client-sdk-ai-hub-analyze-conf-status.md +0 -311
package/.prompt-cache/skill-skill-client-sdk-ai-hub-analyze-sdk-log.md +0 -64
package/.prompt-cache/skill-skill-client-sdk-ai-hub-analyze-zmb-log-errors.md +0 -84
package/ai-resource-telemetry.json +0 -40
package/dist/api/cached-client.d.ts +0 -48
package/dist/api/cached-client.d.ts.map +0 -1
package/dist/api/cached-client.js +0 -126
package/dist/api/cached-client.js.map +0 -1
package/dist/api/client.d.ts +0 -281
package/dist/api/client.d.ts.map +0 -1
package/dist/api/client.js +0 -371
package/dist/api/client.js.map +0 -1
package/dist/auth/index.d.ts +0 -8
package/dist/auth/index.d.ts.map +0 -1
package/dist/auth/index.js +0 -26
package/dist/auth/index.js.map +0 -1
package/dist/auth/middleware.d.ts +0 -36
package/dist/auth/middleware.d.ts.map +0 -1
package/dist/auth/middleware.js +0 -194
package/dist/auth/middleware.js.map +0 -1
package/dist/auth/permissions.d.ts +0 -60
package/dist/auth/permissions.d.ts.map +0 -1
package/dist/auth/permissions.js +0 -262
package/dist/auth/permissions.js.map +0 -1
package/dist/auth/token-validator.d.ts +0 -52
package/dist/auth/token-validator.d.ts.map +0 -1
package/dist/auth/token-validator.js +0 -215
package/dist/auth/token-validator.js.map +0 -1
package/dist/cache/cache-manager.d.ts +0 -49
package/dist/cache/cache-manager.d.ts.map +0 -1
package/dist/cache/cache-manager.js +0 -191
package/dist/cache/cache-manager.js.map +0 -1
package/dist/cache/index.d.ts +0 -6
package/dist/cache/index.d.ts.map +0 -1
package/dist/cache/index.js +0 -12
package/dist/cache/index.js.map +0 -1
package/dist/cache/redis-client.d.ts +0 -45
package/dist/cache/redis-client.d.ts.map +0 -1
package/dist/cache/redis-client.js +0 -210
package/dist/cache/redis-client.js.map +0 -1
package/dist/config/constants.d.ts +0 -28
package/dist/config/constants.d.ts.map +0 -1
package/dist/config/constants.js +0 -31
package/dist/config/constants.js.map +0 -1
package/dist/config/index.d.ts +0 -71
package/dist/config/index.d.ts.map +0 -1
package/dist/config/index.js +0 -190
package/dist/config/index.js.map +0 -1
package/dist/filesystem/manager.d.ts +0 -45
package/dist/filesystem/manager.d.ts.map +0 -1
package/dist/filesystem/manager.js +0 -246
package/dist/filesystem/manager.js.map +0 -1
package/dist/git/multi-source-manager.d.ts +0 -78
package/dist/git/multi-source-manager.d.ts.map +0 -1
package/dist/git/multi-source-manager.js +0 -577
package/dist/git/multi-source-manager.js.map +0 -1
package/dist/git/operations.d.ts +0 -27
package/dist/git/operations.d.ts.map +0 -1
package/dist/git/operations.js +0 -83
package/dist/git/operations.js.map +0 -1
package/dist/index.d.ts +0 -6
package/dist/index.d.ts.map +0 -1
package/dist/index.js +0 -122
package/dist/index.js.map +0 -1
package/dist/monitoring/health.d.ts +0 -35
package/dist/monitoring/health.d.ts.map +0 -1
package/dist/monitoring/health.js +0 -105
package/dist/monitoring/health.js.map +0 -1
package/dist/prompts/cache.d.ts +0 -69
package/dist/prompts/cache.d.ts.map +0 -1
package/dist/prompts/cache.js +0 -163
package/dist/prompts/cache.js.map +0 -1
package/dist/prompts/generator.d.ts +0 -49
package/dist/prompts/generator.d.ts.map +0 -1
package/dist/prompts/generator.js +0 -160
package/dist/prompts/generator.js.map +0 -1
package/dist/prompts/index.d.ts +0 -13
package/dist/prompts/index.d.ts.map +0 -1
package/dist/prompts/index.js +0 -24
package/dist/prompts/index.js.map +0 -1
package/dist/prompts/manager.d.ts +0 -169
package/dist/prompts/manager.d.ts.map +0 -1
package/dist/prompts/manager.js +0 -488
package/dist/prompts/manager.js.map +0 -1
package/dist/resources/index.d.ts +0 -6
package/dist/resources/index.d.ts.map +0 -1
package/dist/resources/index.js +0 -10
package/dist/resources/index.js.map +0 -1
package/dist/resources/loader.d.ts +0 -88
package/dist/resources/loader.d.ts.map +0 -1
package/dist/resources/loader.js +0 -492
package/dist/resources/loader.js.map +0 -1
package/dist/server/http.d.ts +0 -57
package/dist/server/http.d.ts.map +0 -1
package/dist/server/http.js +0 -435
package/dist/server/http.js.map +0 -1
package/dist/server.d.ts +0 -13
package/dist/server.d.ts.map +0 -1
package/dist/server.js +0 -200
package/dist/server.js.map +0 -1
package/dist/session/manager.d.ts +0 -91
package/dist/session/manager.d.ts.map +0 -1
package/dist/session/manager.js +0 -251
package/dist/session/manager.js.map +0 -1
package/dist/telemetry/index.d.ts +0 -3
package/dist/telemetry/index.d.ts.map +0 -1
package/dist/telemetry/index.js +0 -7
package/dist/telemetry/index.js.map +0 -1
package/dist/telemetry/manager.d.ts +0 -151
package/dist/telemetry/manager.d.ts.map +0 -1
package/dist/telemetry/manager.js +0 -367
package/dist/telemetry/manager.js.map +0 -1
package/dist/tools/index.d.ts +0 -12
package/dist/tools/index.d.ts.map +0 -1
package/dist/tools/index.js +0 -28
package/dist/tools/index.js.map +0 -1
package/dist/tools/manage-subscription.d.ts +0 -47
package/dist/tools/manage-subscription.d.ts.map +0 -1
package/dist/tools/manage-subscription.js +0 -314
package/dist/tools/manage-subscription.js.map +0 -1
package/dist/tools/registry.d.ts +0 -40
package/dist/tools/registry.d.ts.map +0 -1
package/dist/tools/registry.js +0 -85
package/dist/tools/registry.js.map +0 -1
package/dist/tools/search-resources.d.ts +0 -35
package/dist/tools/search-resources.d.ts.map +0 -1
package/dist/tools/search-resources.js +0 -159
package/dist/tools/search-resources.js.map +0 -1
package/dist/tools/sync-resources.d.ts +0 -54
package/dist/tools/sync-resources.d.ts.map +0 -1
package/dist/tools/sync-resources.js +0 -733
package/dist/tools/sync-resources.js.map +0 -1
package/dist/tools/track-usage.d.ts +0 -63
package/dist/tools/track-usage.d.ts.map +0 -1
package/dist/tools/track-usage.js +0 -90
package/dist/tools/track-usage.js.map +0 -1
package/dist/tools/uninstall-resource.d.ts +0 -30
package/dist/tools/uninstall-resource.d.ts.map +0 -1
package/dist/tools/uninstall-resource.js +0 -174
package/dist/tools/uninstall-resource.js.map +0 -1
package/dist/tools/upload-resource.d.ts +0 -81
package/dist/tools/upload-resource.d.ts.map +0 -1
package/dist/tools/upload-resource.js +0 -393
package/dist/tools/upload-resource.js.map +0 -1
package/dist/transport/sse.d.ts +0 -29
package/dist/transport/sse.d.ts.map +0 -1
package/dist/transport/sse.js +0 -271
package/dist/transport/sse.js.map +0 -1
package/dist/types/errors.d.ts +0 -60
package/dist/types/errors.d.ts.map +0 -1
package/dist/types/errors.js +0 -112
package/dist/types/errors.js.map +0 -1
package/dist/types/index.d.ts +0 -7
package/dist/types/index.d.ts.map +0 -1
package/dist/types/index.js +0 -23
package/dist/types/index.js.map +0 -1
package/dist/types/mcp.d.ts +0 -50
package/dist/types/mcp.d.ts.map +0 -1
package/dist/types/mcp.js +0 -6
package/dist/types/mcp.js.map +0 -1
package/dist/types/resources.d.ts +0 -109
package/dist/types/resources.d.ts.map +0 -1
package/dist/types/resources.js +0 -7
package/dist/types/resources.js.map +0 -1
package/dist/types/tools.d.ts +0 -235
package/dist/types/tools.d.ts.map +0 -1
package/dist/types/tools.js +0 -6
package/dist/types/tools.js.map +0 -1
package/dist/utils/cursor-paths.d.ts +0 -84
package/dist/utils/cursor-paths.d.ts.map +0 -1
package/dist/utils/cursor-paths.js +0 -166
package/dist/utils/cursor-paths.js.map +0 -1
package/dist/utils/log-cleaner.d.ts +0 -18
package/dist/utils/log-cleaner.d.ts.map +0 -1
package/dist/utils/log-cleaner.js +0 -112
package/dist/utils/log-cleaner.js.map +0 -1
package/dist/utils/logger.d.ts +0 -59
package/dist/utils/logger.d.ts.map +0 -1
package/dist/utils/logger.js +0 -292
package/dist/utils/logger.js.map +0 -1
package/dist/utils/validation.d.ts +0 -58
package/dist/utils/validation.d.ts.map +0 -1
package/dist/utils/validation.js +0 -214
package/dist/utils/validation.js.map +0 -1
package/src/api/cached-client.ts +0 -144
package/src/api/client.ts +0 -697
package/src/auth/index.ts +0 -11
package/src/auth/middleware.ts +0 -244
package/src/auth/permissions.ts +0 -323
package/src/auth/token-validator.ts +0 -292
package/src/cache/cache-manager.ts +0 -243
package/src/cache/index.ts +0 -6
package/src/cache/redis-client.ts +0 -249
package/src/config/constants.ts +0 -33
package/src/config/index.ts +0 -269
package/src/filesystem/manager.ts +0 -235
package/src/git/multi-source-manager.ts +0 -654
package/src/git/operations.ts +0 -93
package/src/index.ts +0 -157
package/src/monitoring/health.ts +0 -132
package/src/prompts/cache.ts +0 -140
package/src/prompts/generator.ts +0 -143
package/src/prompts/index.ts +0 -20
package/src/prompts/manager.ts +0 -613
package/src/resources/index.ts +0 -13
package/src/resources/loader.ts +0 -563
package/src/server/http.ts +0 -549
package/src/server.ts +0 -204
package/src/session/manager.ts +0 -296
package/src/telemetry/index.ts +0 -10
package/src/telemetry/manager.ts +0 -419
package/src/tools/index.ts +0 -12
package/src/tools/manage-subscription.ts +0 -385
package/src/tools/registry.ts +0 -97
package/src/tools/search-resources.ts +0 -185
package/src/tools/sync-resources.ts +0 -827
package/src/tools/track-usage.ts +0 -113
package/src/tools/uninstall-resource.ts +0 -199
package/src/tools/upload-resource.ts +0 -431
package/src/transport/sse.ts +0 -308
package/src/types/errors.ts +0 -146
package/src/types/index.ts +0 -7
package/src/types/mcp.ts +0 -61
package/src/types/resources.ts +0 -141
package/src/types/tools.ts +0 -284
package/src/utils/cursor-paths.ts +0 -135
package/src/utils/log-cleaner.ts +0 -92
package/src/utils/logger.ts +0 -333
package/src/utils/validation.ts +0 -262

package/src/server/http.ts DELETED Viewed

@@ -1,549 +0,0 @@
-/**
- * HTTP Server with SSE Support
- * Uses SDK SSEServerTransport for standard MCP-over-SSE protocol,
- * matching the same pattern as the ACM MCP server.
- */
-import Fastify, { FastifyInstance, FastifyRequest, FastifyReply } from 'fastify';
-import cors from '@fastify/cors';
-import helmet from '@fastify/helmet';
-import { Server } from '@modelcontextprotocol/sdk/server/index.js';
-import { SSEServerTransport } from '@modelcontextprotocol/sdk/server/sse.js';
-import {
-  CallToolRequestSchema,
-  ListToolsRequestSchema,
-} from '@modelcontextprotocol/sdk/types.js';
-import { syncResources } from '../tools/sync-resources.js';
-import { telemetry } from '../telemetry/index.js';
-import { promptManager } from '../prompts/index.js';
-import { config } from '../config';
-import { logger } from '../utils/logger';
-import { sessionManager } from '../session/manager';
-import { toolRegistry } from '../tools/registry';
-import {
-  tokenAuthOrLegacyMiddleware,
-  checkToolCallPermission,
-  type AuthenticatedRequest,
-} from '../auth/middleware';
-import { HealthChecker, type HealthStatus as MonitoringHealthStatus } from '../monitoring/health.js';
-import { CacheManager } from '../cache/cache-manager.js';
-export interface HealthStatus {
-  status: 'healthy' | 'unhealthy';
-  uptime: number;
-  memory: {
-    used: number;
-    total: number;
-    percentage: number;
-  };
-  sessions: {
-    active: number;
-    total: number;
-  };
-  services: MonitoringHealthStatus['services'];
-  details?: MonitoringHealthStatus['details'];
-  timestamp: string;
-}
-export class HTTPServer {
-  private fastify: FastifyInstance;
-  private startTime: number = Date.now();
-  private healthChecker: HealthChecker | null = null;
-  /** Active SDK SSE transports keyed by sessionId */
-  private sseTransports: Map<string, SSEServerTransport> = new Map();
-  constructor(cacheManager?: CacheManager) {
-    this.fastify = Fastify({
-      logger: false,
-      bodyLimit: 10 * 1024 * 1024, // 10MB
-    });
-    if (cacheManager) {
-      this.healthChecker = new HealthChecker(cacheManager);
-    }
-    this.setupMiddleware();
-    this.setupRoutes();
-  }
-  // ─────────────────────────────────────────────────────────────────────────
-  // Middleware
-  // ─────────────────────────────────────────────────────────────────────────
-  private setupMiddleware(): void {
-    this.fastify.register(cors, {
-      origin: true,
-      credentials: true,
-    });
-    this.fastify.register(helmet, {
-      contentSecurityPolicy: false, // Disable for SSE
-    });
-    this.fastify.addHook('onRequest', async (request) => {
-      logger.debug(
-        { method: request.method, url: request.url, ip: request.ip },
-        'HTTP request received'
-      );
-    });
-    this.fastify.addHook('onResponse', async (request) => {
-      logger.debug(
-        {
-          method: request.method,
-          url: request.url,
-          statusCode: (request.raw as { statusCode?: number }).statusCode || 200,
-        },
-        'HTTP response sent'
-      );
-    });
-  }
-  // ─────────────────────────────────────────────────────────────────────────
-  // Routes
-  // ─────────────────────────────────────────────────────────────────────────
-  private setupRoutes(): void {
-    const basePath = config.http?.basePath ?? '';
-    // Health check
-    this.fastify.get(`${basePath}/health`, this.handleHealth.bind(this));
-    // SSE connection — GET establishes the stream (SDK standard)
-    this.fastify.get(`${basePath}/sse`, {
-      preHandler: tokenAuthOrLegacyMiddleware,
-      handler: this.handleSSEConnection.bind(this),
-    });
-    // Message endpoint — POST delivers JSON-RPC messages, sessionId in query
-    this.fastify.post(`${basePath}/message`, this.handleMessage.bind(this));
-    // OAuth discovery — return 404 so Cursor skips OAuth handshake
-    this.fastify.get('/.well-known/oauth-authorization-server', async (_req, reply) => {
-      reply.code(404).send({ error: 'OAuth not supported' });
-    });
-    // Root info
-    this.fastify.get('/', async () => ({
-      server: 'CSP AI Agent MCP Server',
-      version: '1.0.0',
-      transport: 'sse',
-      basePath: basePath || '(none)',
-      endpoints: {
-        health:  `GET ${basePath}/health`,
-        sse:     `GET ${basePath}/sse`,
-        message: `POST ${basePath}/message?sessionId=<id>`,
-      },
-    }));
-  }
-  // ─────────────────────────────────────────────────────────────────────────
-  // MCP Server factory
-  // ─────────────────────────────────────────────────────────────────────────
-  /**
-   * Creates a new SDK Server instance and registers all tools from toolRegistry.
-   * A fresh instance is created per SSE connection so that each session is
-   * isolated (matching ACM's createMCPServer-per-connection pattern).
-   */
-  private createMcpServer(userId?: string, email?: string, groups?: string[], userToken?: string): Server {
-    const server = new Server(
-      { name: 'csp-ai-agent-mcp', version: '0.2.0' },
-      // Declare prompts, tools, and logging capabilities only.
-      // REMOVED resources capability to align with async-pilot's working implementation.
-      // Cursor should use standard prompts/get instead of probing prompt:// as resources.
-      { capabilities: { tools: {}, prompts: {}, logging: {} } }
-    );
-    // Install Prompt list/get handlers synchronously on this Server instance.
-    // Pass userToken so GetPrompt can attribute telemetry to the correct user.
-    promptManager.installHandlers(server, userToken);
-    // tools/list
-    server.setRequestHandler(ListToolsRequestSchema, () => ({
-      tools: toolRegistry.getMCPToolDefinitions(),
-    }));
-    // Auto-sync subscribed resources once the MCP handshake is fully complete.
-    // Runs in the background so it never blocks the connection setup.
-    server.oninitialized = () => {
-      logger.info({ userId }, 'MCP initialized — triggering background sync_resources');
-      // Flush any pending telemetry immediately on (re)connect so events from
-      // before a disconnect are not held until the next 10-second tick.
-      telemetry.flushOnReconnect();
-      syncResources({ mode: 'incremental', scope: 'global', user_token: userToken }).then(async (result) => {
-        if (result.success) {
-          logger.info(
-            { userId, synced: result.data?.summary?.synced, cached: result.data?.summary?.cached },
-            'Auto sync_resources on connect completed'
-          );
-          // If the sync result includes local_actions_required (Rule files /
-          // MCP entries that must be written on the user's local machine),
-          // cache them in PromptManager.  They will be embedded directly into
-          // the csp-ai-agent-setup prompt content the next time the AI calls
-          // GetPrompt for that prompt, so the AI receives them without needing
-          // to call sync_resources again and without relying on sendLoggingMessage
-          // (which is unreliable — the connection may already be closed by then).
-          const actions = result.data?.local_actions_required;
-          if (actions && actions.length > 0) {
-            promptManager.storeSyncActions(userToken ?? '', actions);
-          }
-        } else {
-          logger.warn({ userId, error: result.error }, 'Auto sync_resources on connect failed');
-        }
-      }).catch((err) => {
-        logger.error({ userId, err }, 'Auto sync_resources on connect threw an error');
-      });
-    };
-    // tools/call
-    server.setRequestHandler(CallToolRequestSchema, async (request) => {
-      const { name, arguments: args = {} } = request.params;
-      // Permission check when user context is available
-      if (userId && groups && groups.length > 0) {
-        const permCheck = checkToolCallPermission(name, { userId, email: email ?? '', groups });
-        if (!permCheck.allowed) {
-          return {
-            content: [{ type: 'text' as const, text: `Permission denied: ${permCheck.reason}` }],
-            isError: true,
-          };
-        }
-      }
-      // Inject the authenticated token so every tool can call the CSP API without
-      // requiring the AI to know about or pass user_token explicitly.
-      // The AI-supplied user_token (if any) takes precedence; otherwise we fall back
-      // to the token from the SSE connection that created this session.
-      const enrichedArgs: Record<string, unknown> = {
-        user_token: userToken,
-        ...args,
-      };
-      try {
-        const result = await toolRegistry.callTool(name, enrichedArgs);
-        const text = typeof result === 'string' ? result : JSON.stringify(result, null, 2);
-        return { content: [{ type: 'text' as const, text }] };
-      } catch (err) {
-        const msg = err instanceof Error ? err.message : String(err);
-        logger.error({ toolName: name, err }, 'Tool execution failed');
-        return {
-          content: [{ type: 'text' as const, text: `Error: ${msg}` }],
-          isError: true,
-        };
-      }
-    });
-    return server;
-  }
-  // ─────────────────────────────────────────────────────────────────────────
-  // Handlers
-  // ─────────────────────────────────────────────────────────────────────────
-  /**
-   * GET /sse — establish SSE stream using SDK SSEServerTransport.
-   * Auth is validated via preHandler; user context is forwarded to the MCP server.
-   */
-  private async handleSSEConnection(
-    request: AuthenticatedRequest,
-    reply: FastifyReply
-  ): Promise<void> {
-    logger.info({ ip: request.ip }, 'SSE connection request received');
-    const authHeader = request.headers.authorization;
-    const token = authHeader?.replace(/^Bearer\s+/i, '');
-    if (!token) {
-      reply.code(401).send({ error: 'Unauthorized', message: 'Bearer token required' });
-      return;
-    }
-    // Register the authenticated token so flush() can report telemetry for this user.
-    // The token comes from the SSE Authorization header and is the single source of truth.
-    telemetry.setUserToken(token);
-    try {
-      // Keep our session manager in sync for health/monitoring endpoints
-      const sessionOptions = request.user
-        ? { userId: request.user.userId, email: request.user.email, groups: request.user.groups }
-        : undefined;
-      const session = await sessionManager.createSession(token, request.ip ?? '', sessionOptions);
-      logger.info(
-        { sessionId: session.id, userId: session.userId, email: session.email },
-        'Session created'
-      );
-      // Heartbeat to keep proxies/load-balancers from dropping idle SSE streams
-      const heartbeat = setInterval(() => {
-        if (!reply.raw.destroyed) {
-          try {
-            reply.raw.write('event: heartbeat\ndata: {}\n\n');
-          } catch {
-            clearInterval(heartbeat);
-          }
-        } else {
-          clearInterval(heartbeat);
-        }
-      }, 30_000);
-      // Build the absolute message URL for the SSE endpoint event.
-      // Cursor (and other MCP clients) use this URL to POST all subsequent
-      // JSON-RPC messages (tools/call, prompts/get, etc.).
-      //
-      // publicOrigin is resolved at startup from (in priority order):
-      //   1. PUBLIC_URL env var
-      //   2. Origin extracted from CSP_API_BASE_URL (same host as the API)
-      //   3. http://HTTP_HOST:HTTP_PORT (safe for local dev)
-      // See config/index.ts for details.
-      const basePath = config.http?.basePath ?? '';
-      const publicOrigin = config.http?.publicOrigin ?? `http://127.0.0.1:${config.http?.port ?? 3000}`;
-      const messagePath = `${basePath}/message`;
-      // The MCP SDK SSEServerTransport.start() emits an `endpoint` SSE event
-      // whose data is a *relative* path (pathname + ?sessionId=...), stripping
-      // the origin.  When deployed behind nginx, Cursor resolves this relative
-      // path against whatever origin it used to open the SSE connection, which
-      // may differ from our public API origin.  The result is that GetPrompt /
-      // tools/call POST requests go to the wrong address and never arrive.
-      //
-      // Fix: intercept the raw response stream's write() method.  When the SDK
-      // emits the relative endpoint event we replace it on-the-fly with the
-      // full absolute URL so Cursor always uses the correct public address.
-      // Only ONE endpoint event is ever written to the wire this way.
-      const rawRes = reply.raw;
-      const originalWrite = rawRes.write.bind(rawRes);
-      (rawRes as NodeJS.WritableStream & { write: typeof originalWrite }).write = (
-        chunk: unknown,
-        encodingOrCb?: unknown,
-        cb?: unknown,
-      ): boolean => {
-        if (typeof chunk === 'string' && chunk.startsWith('event: endpoint\ndata:')) {
-          // The SDK wrote a relative endpoint event — replace with absolute URL.
-          // We know the sessionId from transport.sessionId (read after construction).
-          // Use a placeholder here; replaced below once we have the transport.
-          // (This interceptor is set before connect(), so the write happens during
-          //  connect() → transport.start().)
-          chunk = chunk.replace(
-            /^(event: endpoint\ndata:).*/,
-            `$1 ${publicOrigin}${messagePath}?sessionId=__SESSION_ID__`,
-          );
-        }
-        if (typeof encodingOrCb === 'function') {
-          return originalWrite(chunk as string, encodingOrCb as () => void);
-        }
-        if (typeof cb === 'function') {
-          return originalWrite(chunk as string, encodingOrCb as BufferEncoding, cb as () => void);
-        }
-        return originalWrite(chunk as string);
-      };
-      const transport = new SSEServerTransport(messagePath, rawRes);
-      const sdkSessionId = transport.sessionId;
-      // Now patch the placeholder with the real sessionId that the SDK assigned.
-      // The write interceptor is still active during connect() → start(), so we
-      // swap it out for a version that knows the actual sessionId.
-      (rawRes as NodeJS.WritableStream & { write: typeof originalWrite }).write = (
-        chunk: unknown,
-        encodingOrCb?: unknown,
-        cb?: unknown,
-      ): boolean => {
-        if (typeof chunk === 'string' && chunk.startsWith('event: endpoint\ndata:')) {
-          chunk = `event: endpoint\ndata: ${publicOrigin}${messagePath}?sessionId=${sdkSessionId}\n\n`;
-        }
-        if (typeof encodingOrCb === 'function') {
-          return originalWrite(chunk as string, encodingOrCb as () => void);
-        }
-        if (typeof cb === 'function') {
-          return originalWrite(chunk as string, encodingOrCb as BufferEncoding, cb as () => void);
-        }
-        return originalWrite(chunk as string);
-      };
-      this.sseTransports.set(sdkSessionId, transport);
-      transport.onclose = () => {
-        logger.info({ sdkSessionId, sessionId: session.id }, 'SSE transport closed');
-        clearInterval(heartbeat);
-        this.sseTransports.delete(sdkSessionId);
-        sessionManager.closeSession(session.id);
-      };
-      transport.onerror = (err: Error) => {
-        logger.warn({ sdkSessionId, error: err.message }, 'SSE transport error');
-      };
-      const mcpServer = this.createMcpServer(
-        request.user?.userId,
-        request.user?.email,
-        request.user?.groups,
-        token,
-      );
-      // connect() calls transport.start() which triggers the intercepted write()
-      // above — emitting exactly ONE absolute endpoint event to the wire.
-      await mcpServer.connect(transport);
-      const absoluteMessageUrl = `${publicOrigin}${messagePath}?sessionId=${sdkSessionId}`;
-      logger.info(
-        { sdkSessionId, absoluteMessageUrl, publicOrigin },
-        'SSE stream established — absolute endpoint URL intercepted and sent',
-      );
-      // Handle client disconnect
-      request.raw.on('close', () => {
-        clearInterval(heartbeat);
-        transport.close().catch(() => {/* already logged via onclose */});
-      });
-    } catch (error) {
-      logger.error({ error }, 'Failed to establish SSE connection');
-      if (!reply.raw.headersSent) {
-        reply.code(500).send({ error: 'Internal Server Error', message: 'Failed to establish connection' });
-      }
-    }
-  }
-  /**
-   * POST /message?sessionId=<id> — deliver JSON-RPC message to the correct transport.
-   * The SDK transport's handlePostMessage handles parsing and routing internally.
-   */
-  private async handleMessage(request: FastifyRequest, reply: FastifyReply): Promise<void> {
-    const sessionId = (request.query as Record<string, string>)['sessionId'];
-    if (!sessionId) {
-      reply.code(400).send({ error: 'Bad Request', message: 'Missing sessionId query parameter' });
-      return;
-    }
-    const transport = this.sseTransports.get(sessionId);
-    if (!transport) {
-      logger.warn({ sessionId }, 'No active transport found for sessionId');
-      reply.code(404).send({
-        error: 'Not Found',
-        message: 'Session not found or expired',
-        details: { sessionId, suggestion: 'Reconnect via GET /sse' },
-      });
-      return;
-    }
-    logger.debug({ sessionId }, 'Forwarding message to SDK transport');
-    try {
-      await transport.handlePostMessage(request.raw, reply.raw, request.body);
-    } catch (error) {
-      logger.error({ error, sessionId }, 'Failed to handle message');
-      if (!reply.raw.headersSent) {
-        reply.code(500).send({ error: 'Internal Server Error', message: 'Failed to process message' });
-      }
-    }
-  }
-  // ─────────────────────────────────────────────────────────────────────────
-  // Health check
-  // ─────────────────────────────────────────────────────────────────────────
-  private async handleHealth(): Promise<HealthStatus> {
-    const uptime = Math.floor((Date.now() - this.startTime) / 1000);
-    const memUsage = process.memoryUsage();
-    let servicesHealth: MonitoringHealthStatus | null = null;
-    if (this.healthChecker) {
-      try {
-        servicesHealth = await this.healthChecker.check();
-      } catch (error) {
-        logger.error({ error }, 'Health check failed');
-      }
-    }
-    const health: HealthStatus = {
-      status: servicesHealth?.status || 'healthy',
-      uptime,
-      memory: {
-        used: Math.round(memUsage.heapUsed / 1024 / 1024),
-        total: Math.round(memUsage.heapTotal / 1024 / 1024),
-        percentage: Math.round((memUsage.heapUsed / memUsage.heapTotal) * 100),
-      },
-      sessions: {
-        active: sessionManager.getActiveSessionCount(),
-        total: sessionManager.getTotalSessionCount(),
-      },
-      services: servicesHealth?.services || {
-        http: 'up',
-        redis: 'not_configured',
-        cache: 'down',
-      },
-      timestamp: new Date().toISOString(),
-    };
-    if (servicesHealth?.details) {
-      health.details = servicesHealth.details;
-    }
-    logger.info({ health }, 'Health check requested');
-    return health;
-  }
-  // ─────────────────────────────────────────────────────────────────────────
-  // Lifecycle
-  // ─────────────────────────────────────────────────────────────────────────
-  async start(): Promise<void> {
-    try {
-      const host = config.http?.host || '0.0.0.0';
-      const port = config.http?.port || 3000;
-      const basePath = config.http?.basePath ?? '';
-      await this.fastify.listen({ host, port });
-      const publicOrigin = config.http?.publicOrigin ?? `http://${host}:${port}`;
-      logger.info({ host, port, basePath, publicOrigin }, 'HTTP server started');
-      // Internal listen address (for ops/infra):
-      logger.info(`Listening on: http://${host}:${port}${basePath}`);
-      // Public-facing addresses (what Cursor clients will use):
-      logger.info(`[Public] Health check:    ${publicOrigin}${basePath}/health`);
-      logger.info(`[Public] SSE endpoint:    ${publicOrigin}${basePath}/sse`);
-      logger.info(`[Public] Message endpoint: ${publicOrigin}${basePath}/message?sessionId=<id>`);
-    } catch (error) {
-      logger.error({ error }, 'Failed to start HTTP server');
-      throw error;
-    }
-  }
-  async stop(): Promise<void> {
-    try {
-      logger.info('Stopping HTTP server gracefully...');
-      // Close all SDK SSE transports
-      for (const [id, transport] of this.sseTransports.entries()) {
-        logger.info({ id }, 'Closing SDK SSE transport');
-        await transport.close().catch(() => {});
-      }
-      this.sseTransports.clear();
-      sessionManager.closeAllSessions();
-      await new Promise(resolve => setTimeout(resolve, 500));
-      await this.fastify.close();
-      logger.info('HTTP server stopped gracefully');
-    } catch (error) {
-      logger.error({ error }, 'Error stopping HTTP server');
-      throw error;
-    }
-  }
-  getFastify(): FastifyInstance {
-    return this.fastify;
-  }
-  setCacheManager(cacheManager: CacheManager): void {
-    this.healthChecker = new HealthChecker(cacheManager);
-    logger.info('Health checker initialized with cache manager');
-  }
-}
-// Singleton instance (initialized without cache manager initially)
-export const httpServer = new HTTPServer();