@frontmcp/sdk 0.11.2 → 0.11.3

package/index.js

@@ -411,6 +411,11 @@ var init_skill_tokens = __esm({
       hideFromDiscovery: tokenFactory.meta("skill:hideFromDiscovery"),
       toolValidation: tokenFactory.meta("skill:toolValidation"),
       visibility: tokenFactory.meta("skill:visibility"),
+      license: tokenFactory.meta("skill:license"),
+      compatibility: tokenFactory.meta("skill:compatibility"),
+      specMetadata: tokenFactory.meta("skill:specMetadata"),
+      allowedTools: tokenFactory.meta("skill:allowedTools"),
+      resources: tokenFactory.meta("skill:resources"),
       metadata: tokenFactory.meta("skill:metadata")
       // used in skill({}) construction
     };
@@ -2623,7 +2628,7 @@ function isFileInstructions(source) {
 function isUrlInstructions(source) {
   return typeof source === "object" && "url" in source;
 }
-var import_zod29, import_di3, import_utils5, skillToolRefSchema, skillToolRefWithClassSchema, skillToolInputSchema, skillParameterSchema, skillExampleSchema, skillInstructionSourceSchema, skillMetadataSchema;
+var import_zod29, import_di3, import_utils5, skillToolRefSchema, skillToolRefWithClassSchema, skillToolInputSchema, skillParameterSchema, skillExampleSchema, skillInstructionSourceSchema, skillResourcesSchema, skillMetadataSchema;
 var init_skill_metadata = __esm({
   "libs/sdk/src/common/metadata/skill.metadata.ts"() {
     "use strict";
@@ -2677,10 +2682,21 @@ var init_skill_metadata = __esm({
       }).strict()
       // URL
     ]);
+    skillResourcesSchema = import_zod29.z.object({
+      scripts: import_zod29.z.string().optional(),
+      references: import_zod29.z.string().optional(),
+      assets: import_zod29.z.string().optional()
+    });
     skillMetadataSchema = import_zod29.z.object({
       id: import_zod29.z.string().optional(),
-      name: import_zod29.z.string().min(1),
-      description: import_zod29.z.string().min(1),
+      name: import_zod29.z.string().min(1).max(64).regex(/^[a-z0-9]([a-z0-9-]*[a-z0-9])?$/, {
+        message: "Skill name must be kebab-case: lowercase letters, numbers, and hyphens only. Must not start/end with a hyphen."
+      }).refine((n) => !n.includes("--"), {
+        message: "Skill name must not contain consecutive hyphens."
+      }),
+      description: import_zod29.z.string().min(1).max(1024).refine((d) => !/<[a-zA-Z][^>]*>/.test(d), {
+        message: "Skill description must not contain XML/HTML tags (per Agent Skills spec)."
+      }),
       instructions: skillInstructionSourceSchema,
       tools: import_zod29.z.array(skillToolInputSchema).optional(),
       tags: import_zod29.z.array(import_zod29.z.string().min(1)).optional(),
@@ -2689,7 +2705,12 @@ var init_skill_metadata = __esm({
       priority: import_zod29.z.number().optional().default(0),
       hideFromDiscovery: import_zod29.z.boolean().optional().default(false),
       toolValidation: import_zod29.z.enum(["strict", "warn", "ignore"]).optional().default("warn"),
-      visibility: import_zod29.z.enum(["mcp", "http", "both"]).optional().default("both")
+      visibility: import_zod29.z.enum(["mcp", "http", "both"]).optional().default("both"),
+      license: import_zod29.z.string().optional(),
+      compatibility: import_zod29.z.string().max(500).optional(),
+      specMetadata: import_zod29.z.record(import_zod29.z.string(), import_zod29.z.string()).optional(),
+      allowedTools: import_zod29.z.string().optional(),
+      resources: skillResourcesSchema.optional()
     }).passthrough();
   }
 });
@@ -9283,7 +9304,11 @@ ${JSON.stringify(error.schema, null, 2)}
         this.logger.info("finalize: sending response", {
           tool: tool.metadata.name,
           hasContent: Array.isArray(result.content) && result.content.length > 0,
-          contentLength: Array.isArray(result.content) ? result.content.length : 0,
+          contentParts: Array.isArray(result.content) ? result.content.length : 0,
+          contentBytes: Array.isArray(result.content) ? result.content.reduce((sum, part) => {
+            const str = JSON.stringify(part);
+            return sum + (typeof Buffer !== "undefined" ? Buffer.byteLength(str, "utf8") : new TextEncoder().encode(str).byteLength);
+          }, 0) : 0,
           hasStructuredContent: result.structuredContent !== void 0,
           hasMeta: result._meta !== void 0,
           metaKeys: result._meta ? Object.keys(result._meta) : [],
@@ -13028,9 +13053,10 @@ var init_adapter_registry = __esm({
           const instance = new AdapterInstance(rec, deps, this.providers);
           this.instances.set(token, instance);
           readyArr.push(instance.ready);
+          this.logger?.verbose(`AdapterRegistry: initialized adapter '${rec.metadata.name}'`);
         }
         await Promise.all(readyArr);
-        this.logger?.debug("AdapterRegistry: initialization complete");
+        this.logger?.verbose(`AdapterRegistry: initialization complete (${this.instances.size} adapter(s))`);
       }
       getAdapters() {
         return [...this.instances.values()];
@@ -13168,6 +13194,44 @@ var init_skill_events = __esm({
   }
 });
 
+// libs/sdk/src/skill/skill-md-parser.ts
+function parseSkillMdFrontmatter(content) {
+  const trimmed = content.trimStart();
+  if (!trimmed.startsWith("---")) {
+    return { frontmatter: {}, body: content };
+  }
+  const closingIndex = trimmed.indexOf("\n---", 3);
+  if (closingIndex === -1) {
+    return { frontmatter: {}, body: content };
+  }
+  const yamlBlock = trimmed.substring(3, closingIndex).trim();
+  const afterClose = closingIndex + 4;
+  const bodyStart = trimmed[afterClose] === "\n" ? afterClose + 1 : afterClose;
+  const body = trimmed.substring(bodyStart);
+  let frontmatter = {};
+  try {
+    const parsed = yaml.load(yamlBlock);
+    if (typeof parsed === "object" && parsed !== null && !Array.isArray(parsed)) {
+      frontmatter = parsed;
+    }
+  } catch {
+    return { frontmatter: {}, body: content };
+  }
+  return { frontmatter, body };
+}
+function stripFrontmatter(content) {
+  const { body } = parseSkillMdFrontmatter(content);
+  return body;
+}
+var yaml, import_utils21;
+var init_skill_md_parser = __esm({
+  "libs/sdk/src/skill/skill-md-parser.ts"() {
+    "use strict";
+    yaml = __toESM(require("js-yaml"));
+    import_utils21 = require("@frontmcp/utils");
+  }
+});
+
 // libs/sdk/src/skill/skill.utils.ts
 function collectSkillMetadata(cls) {
   const extended = (0, import_di18.getMetadata)(extendedSkillMetadata, cls);
@@ -13234,7 +13298,8 @@ async function loadInstructions(source, basePath) {
   }
   if (isFileInstructions(source)) {
     const filePath = basePath ? `${basePath}/${source.file}` : source.file;
-    return (0, import_utils21.readFile)(filePath, "utf-8");
+    const content = await (0, import_utils22.readFile)(filePath, "utf-8");
+    return stripFrontmatter(content);
   }
   if (isUrlInstructions(source)) {
     const response = await fetch(source.url);
@@ -13253,7 +13318,12 @@ function buildSkillContent(metadata, instructions) {
     instructions,
     tools: normalizeToolRefs(metadata.tools),
     parameters: metadata.parameters,
-    examples: metadata.examples
+    examples: metadata.examples,
+    license: metadata.license,
+    compatibility: metadata.compatibility,
+    specMetadata: metadata.specMetadata,
+    allowedTools: metadata.allowedTools,
+    resources: metadata.resources
   };
 }
 function normalizeToolRefs(tools) {
@@ -13287,6 +13357,14 @@ function formatSkillForLLM(skill, availableTools, missingTools) {
   parts.push("");
   parts.push(skill.description);
   parts.push("");
+  if (skill.license) {
+    parts.push(`**License:** ${skill.license}`);
+    parts.push("");
+  }
+  if (skill.compatibility) {
+    parts.push(`**Compatibility:** ${skill.compatibility}`);
+    parts.push("");
+  }
   if (missingTools.length > 0) {
     parts.push("> **Warning:** Some tools referenced by this skill are not available:");
     parts.push(`> Missing: ${missingTools.join(", ")}`);
@@ -13356,14 +13434,15 @@ function generateSearchGuidance(skills, query) {
   }
   return `Found ${skills.length} skill(s), but some tools are missing. Try loadSkills({ skillIds: ["${topSkill.name}"] }) to see which tools are available. You may be able to partially execute the workflow.`;
 }
-var import_di18, import_utils21;
+var import_di18, import_utils22;
 var init_skill_utils = __esm({
   "libs/sdk/src/skill/skill.utils.ts"() {
     "use strict";
     import_di18 = require("@frontmcp/di");
     init_common();
-    import_utils21 = require("@frontmcp/utils");
+    import_utils22 = require("@frontmcp/utils");
     init_errors();
+    init_skill_md_parser();
   }
 });
 
@@ -14649,6 +14728,7 @@ var init_plugin_registry = __esm({
     init_hooks_utils();
     init_errors();
     init_context();
+    init_common();
     PluginRegistry = class _PluginRegistry extends RegistryAbstract {
       /** providers by token */
       pProviders = /* @__PURE__ */ new Map();
@@ -14667,15 +14747,29 @@ var init_plugin_registry = __esm({
       scope;
       scopeInfo;
       owner;
+      logger;
       constructor(providers, list, owner, scopeInfo) {
         super("PluginRegistry", providers, list);
         this.scope = providers.getActiveScope();
         this.scopeInfo = scopeInfo;
         this.owner = owner;
+        try {
+          this.logger = providers.get(FrontMcpLogger)?.child("PluginRegistry");
+        } catch (e) {
+          console.debug("PluginRegistry: logger initialization failed", e);
+        }
       }
       getPlugins() {
         return [...this.instances.values()];
       }
+      /**
+       * Returns the names of all registered plugins from their definition records.
+       * Unlike getPlugins().map(p => p.metadata.name), this is safe because
+       * raw plugin instances (e.g. DynamicPlugin subclasses) may not carry a .metadata property.
+       */
+      getPluginNames() {
+        return [...this.defs.values()].map((rec) => rec.metadata.name);
+      }
       buildMap(list) {
         const tokens = /* @__PURE__ */ new Set();
         const defs = /* @__PURE__ */ new Map();
@@ -14702,6 +14796,7 @@ var init_plugin_registry = __esm({
         }
       }
       async initialize() {
+        this.logger?.verbose(`PluginRegistry: initializing ${this.tokens.size} plugin(s)`);
         for (const token of this.tokens) {
           const rec = this.defs.get(token);
           const deps = this.graph.get(token);
@@ -14809,6 +14904,9 @@ var init_plugin_registry = __esm({
             }
           }
           this.instances.set(token, pluginInstance);
+          this.logger?.verbose(
+            `PluginRegistry: registered plugin '${rec.metadata.name}' (${hooks.length} hook(s), ${contextExtensions?.length ?? 0} context extension(s))`
+          );
         }
       }
     };
@@ -15972,13 +16070,13 @@ function parseEnvContent(content) {
 async function loadEnvFiles(basePath = process.cwd(), envPath = ".env", localEnvPath = ".env.local") {
   const result = {};
   const envFile = path.resolve(basePath, envPath);
-  if (await (0, import_utils22.fileExists)(envFile)) {
-    const content = await (0, import_utils22.readFile)(envFile);
+  if (await (0, import_utils23.fileExists)(envFile)) {
+    const content = await (0, import_utils23.readFile)(envFile);
     Object.assign(result, parseEnvContent(content));
   }
   const localFile = path.resolve(basePath, localEnvPath);
-  if (await (0, import_utils22.fileExists)(localFile)) {
-    const content = await (0, import_utils22.readFile)(localFile);
+  if (await (0, import_utils23.fileExists)(localFile)) {
+    const content = await (0, import_utils23.readFile)(localFile);
     Object.assign(result, parseEnvContent(content));
   }
   return result;
@@ -16088,11 +16186,11 @@ function mapEnvToNestedConfig(env, paths) {
   }
   return result;
 }
-var import_utils22, path, UNSAFE_KEYS;
+var import_utils23, path, UNSAFE_KEYS;
 var init_env_loader = __esm({
   "libs/sdk/src/builtin/config/providers/env-loader.ts"() {
     "use strict";
-    import_utils22 = require("@frontmcp/utils");
+    import_utils23 = require("@frontmcp/utils");
     path = __toESM(require("path"));
     UNSAFE_KEYS = /* @__PURE__ */ new Set(["__proto__", "constructor", "prototype"]);
   }
@@ -16140,9 +16238,9 @@ async function loadYamlConfig(basePath, configPath) {
   const baseName = configPath.replace(/\.(ya?ml)$/, "");
   for (const ext of extensions) {
     const fullPath = path2.resolve(basePath, baseName + ext);
-    if (await (0, import_utils23.fileExists)(fullPath)) {
-      const content = await (0, import_utils23.readFile)(fullPath);
-      const parsed = yaml.load(content);
+    if (await (0, import_utils24.fileExists)(fullPath)) {
+      const content = await (0, import_utils24.readFile)(fullPath);
+      const parsed = yaml2.load(content);
       if (parsed && typeof parsed === "object") {
         return parsed;
       }
@@ -16166,13 +16264,13 @@ function deepMerge(target, source) {
   }
   return result;
 }
-var yaml, path2, import_utils23;
+var yaml2, path2, import_utils24;
 var init_config_loader = __esm({
   "libs/sdk/src/builtin/config/providers/config-loader.ts"() {
     "use strict";
-    yaml = __toESM(require("js-yaml"));
+    yaml2 = __toESM(require("js-yaml"));
     path2 = __toESM(require("path"));
-    import_utils23 = require("@frontmcp/utils");
+    import_utils24 = require("@frontmcp/utils");
     init_env_loader();
     init_config_service();
   }
@@ -16592,7 +16690,7 @@ function parseTypedKey(k) {
     return { base: k.slice(6, 7).toLowerCase() + k.slice(7), type: "around" };
   return { base: k };
 }
-var import_reflect_metadata11, import_utils24, CAP, WILL, DID, AROUND, FlowInstance;
+var import_reflect_metadata11, import_utils25, CAP, WILL, DID, AROUND, FlowInstance;
 var init_flow_instance = __esm({
   "libs/sdk/src/flows/flow.instance.ts"() {
     "use strict";
@@ -16602,7 +16700,7 @@ var init_flow_instance = __esm({
     init_server_validation();
     init_context();
     init_errors();
-    import_utils24 = require("@frontmcp/utils");
+    import_utils25 = require("@frontmcp/utils");
     CAP = (s) => s ? s[0].toUpperCase() + s.slice(1) : s;
     WILL = (s) => `will${CAP(s)}`;
     DID = (s) => `did${CAP(s)}`;
@@ -16614,6 +16712,7 @@ var init_flow_instance = __esm({
       FlowClass;
       stages;
       hooks;
+      logger;
       constructor(scope, record, deps, globalProviders) {
         super(scope, record);
         this.deps = [...deps];
@@ -16622,6 +16721,7 @@ var init_flow_instance = __esm({
         this.ready = this.initialize();
         this.plan = this.record.metadata.plan;
         this.hooks = scope.providers.getHooksRegistry();
+        this.logger = scope.logger.child("FlowInstance");
       }
       async initialize() {
         const server = this.globalProviders.getActiveServer();
@@ -16656,7 +16756,8 @@ var init_flow_instance = __esm({
                     return writeHttpResponse(response, e.output);
                 }
               }
-              console.error("[FlowInstance] Unhandled error:", {
+              this.logger.error("Unhandled error in flow", {
+                flow: this.name,
                 name: e instanceof Error ? e.name : "UnknownError",
                 message: e instanceof Error ? e.message : String(e)
               });
@@ -16689,6 +16790,7 @@ var init_flow_instance = __esm({
         try {
           return this.globalProviders.get(FrontMcpContextStorage);
         } catch {
+          this.logger.verbose("getContextStorage: FrontMcpContextStorage not available");
           return void 0;
         }
       }
@@ -16708,7 +16810,7 @@ var init_flow_instance = __esm({
         }
         const headers = request.headers ?? {};
         const headerSessionId = typeof headers["mcp-session-id"] === "string" ? headers["mcp-session-id"].trim() : "";
-        const sessionId = headerSessionId.length > 0 ? headerSessionId : `anon:${(0, import_utils24.randomUUID)()}`;
+        const sessionId = headerSessionId.length > 0 ? headerSessionId : `anon:${(0, import_utils25.randomUUID)()}`;
         const scope = this.globalProviders.getActiveScope();
         return storage.runFromHeaders(
           headers,
@@ -16722,6 +16824,7 @@ var init_flow_instance = __esm({
         );
       }
       async run(input, deps) {
+        this.logger.verbose(`run: starting flow '${this.name}'`);
         const scope = this.globalProviders.getActiveScope();
         const { FlowClass, plan: plan32, name: name33 } = this;
         const contextStorage = this.getContextStorage();
@@ -16757,10 +16860,10 @@ var init_flow_instance = __esm({
             try {
               metas.push(h2.metadata);
             } catch (e) {
-              console.warn(
-                "[flow] Ignoring injected hook that failed to materialize:",
-                e instanceof Error ? e.message : "Unknown error"
-              );
+              this.logger.warn("Ignoring injected hook that failed to materialize", {
+                flow: this.name,
+                error: e instanceof Error ? e.message : "Unknown error"
+              });
             }
           }
           if (metas.length) {
@@ -16868,6 +16971,7 @@ var init_flow_instance = __esm({
         };
         {
           const pre = await runStageGroup(plan32.pre, true);
+          this.logger.verbose(`run: PRE completed, outcome=${pre.outcome}`);
           if (pre.outcome === "respond") {
             const post = await runStageGroup(plan32.post, false);
             if (post.outcome === "unknown_error" || post.outcome === "fail") {
@@ -16906,6 +17010,7 @@ var init_flow_instance = __esm({
         }
         if (!responded) {
           const exec = await runStageGroup(plan32.execute, true);
+          this.logger.verbose(`run: EXECUTE completed, outcome=${exec.outcome}`);
           if (exec.outcome === "respond") {
           } else if (exec.outcome === "unknown_error" || exec.outcome === "fail") {
             try {
@@ -16924,6 +17029,7 @@ var init_flow_instance = __esm({
         }
         {
           const post = await runStageGroup(plan32.post, false);
+          this.logger.verbose(`run: POST completed, outcome=${post.outcome}`);
           if (post.outcome === "unknown_error" || post.outcome === "fail") {
             try {
               await runErrorStage();
@@ -16948,7 +17054,7 @@ var init_flow_instance = __esm({
 });
 
 // libs/sdk/src/flows/flow.registry.ts
-var import_di22, import_utils25, FlowRegistry;
+var import_di22, import_utils26, FlowRegistry;
 var init_flow_registry = __esm({
   "libs/sdk/src/flows/flow.registry.ts"() {
     "use strict";
@@ -16958,7 +17064,7 @@ var init_flow_registry = __esm({
     init_flow_utils2();
     init_flow_instance();
     init_context();
-    import_utils25 = require("@frontmcp/utils");
+    import_utils26 = require("@frontmcp/utils");
     init_errors();
     FlowRegistry = class extends RegistryAbstract {
       constructor(providers, list) {
@@ -17037,7 +17143,7 @@ var init_flow_registry = __esm({
         const mcpCtx = input?.ctx;
         const authInfo = mcpCtx?.authInfo;
         const rawSessionId = authInfo?.sessionId;
-        const sessionId = typeof rawSessionId === "string" && rawSessionId.trim().length > 0 ? rawSessionId.trim() : `anon:${(0, import_utils25.randomUUID)()}`;
+        const sessionId = typeof rawSessionId === "string" && rawSessionId.trim().length > 0 ? rawSessionId.trim() : `anon:${(0, import_utils26.randomUUID)()}`;
         const scope = this.providers.getActiveScope();
         return Promise.resolve(
           contextStorage.run(
@@ -18388,12 +18494,12 @@ var init_agent_registry = __esm({
 });
 
 // libs/sdk/src/app/instances/app.local.instance.ts
-var import_utils26, AppLocalInstance;
+var import_utils27, AppLocalInstance;
 var init_app_local_instance = __esm({
   "libs/sdk/src/app/instances/app.local.instance.ts"() {
     "use strict";
     init_common();
-    import_utils26 = require("@frontmcp/utils");
+    import_utils27 = require("@frontmcp/utils");
     init_provider_registry();
     init_tool_registry();
     init_resource_registry();
@@ -18413,13 +18519,19 @@ var init_app_local_instance = __esm({
       appPrompts;
       appAgents;
       appSkills;
+      logger;
       constructor(record, scopeProviders) {
         super(record);
         this.scopeProviders = scopeProviders;
-        this.id = this.metadata.id ?? (0, import_utils26.idFromString)(this.metadata.name);
+        this.id = this.metadata.id ?? (0, import_utils27.idFromString)(this.metadata.name);
+        try {
+          this.logger = scopeProviders.get(FrontMcpLogger)?.child("AppLocalInstance");
+        } catch {
+        }
         this.ready = this.initialize();
       }
       async initialize() {
+        this.logger?.verbose(`Initializing app: ${this.metadata.name} (id: ${this.id})`);
         this.appProviders = new ProviderRegistry(this.metadata.providers ?? [], this.scopeProviders);
         await this.appProviders.ready;
         const appOwner = {
@@ -18435,15 +18547,37 @@ var init_app_local_instance = __esm({
         };
         this.appPlugins = new PluginRegistry(this.appProviders, this.metadata.plugins ?? [], appOwner, scopeInfo);
         await this.appPlugins.ready;
+        this.logger?.verbose(`App ${this.metadata.name}: ${this.appPlugins.getPlugins().length} plugin(s) registered`);
         this.appAdapters = new AdapterRegistry(this.appProviders, this.metadata.adapters ?? []);
         await this.appAdapters.ready;
+        this.logger?.verbose(`App ${this.metadata.name}: ${this.appAdapters.getAdapters().length} adapter(s) found`);
         this.appTools = new ToolRegistry(this.appProviders, this.metadata.tools ?? [], appOwner);
         await this.appTools.ready;
+        const toolNames = this.appTools.getTools(true).map((t) => t.metadata.name);
+        this.logger?.verbose(
+          `App ${this.metadata.name}: ${toolNames.length} tool(s) registered: [${toolNames.join(", ")}]`
+        );
         this.appResources = new ResourceRegistry(this.appProviders, this.metadata.resources ?? [], appOwner);
         this.appPrompts = new PromptRegistry(this.appProviders, this.metadata.prompts ?? [], appOwner);
         this.appAgents = new AgentRegistry(this.appProviders, this.metadata.agents ?? [], appOwner);
         this.appSkills = new SkillRegistry(this.appProviders, this.metadata.skills ?? [], appOwner);
         await Promise.all([this.appResources.ready, this.appPrompts.ready, this.appAgents.ready, this.appSkills.ready]);
+        this.logger?.verbose(
+          `App ${this.metadata.name}: ${this.appResources.getResources().length} resource(s) registered`
+        );
+        this.logger?.verbose(`App ${this.metadata.name}: ${this.appPrompts.getPrompts().length} prompt(s) registered`);
+        const parts = [];
+        const toolCount = this.appTools.getTools(true).length;
+        const resourceCount = this.appResources.getResources().length;
+        const promptCount = this.appPrompts.getPrompts().length;
+        const adapterCount = this.appAdapters.getAdapters().length;
+        const pluginCount = this.appPlugins.getPlugins().length;
+        if (toolCount > 0) parts.push(`${toolCount} tool${toolCount !== 1 ? "s" : ""}`);
+        if (resourceCount > 0) parts.push(`${resourceCount} resource${resourceCount !== 1 ? "s" : ""}`);
+        if (promptCount > 0) parts.push(`${promptCount} prompt${promptCount !== 1 ? "s" : ""}`);
+        if (adapterCount > 0) parts.push(`${adapterCount} adapter${adapterCount !== 1 ? "s" : ""}`);
+        if (pluginCount > 0) parts.push(`${pluginCount} plugin${pluginCount !== 1 ? "s" : ""}`);
+        this.logger?.info(`${this.metadata.name}: ${parts.length > 0 ? parts.join(", ") : "no entries"}`);
       }
       get providers() {
         return this.appProviders;
@@ -20093,12 +20227,12 @@ var init_remote_mcp = __esm({
 });
 
 // libs/sdk/src/app/instances/app.remote.instance.ts
-var import_utils27, EmptyPluginRegistry, EmptyAdapterRegistry, EmptySkillRegistry, AppRemoteInstance;
+var import_utils28, EmptyPluginRegistry, EmptyAdapterRegistry, EmptySkillRegistry, AppRemoteInstance;
 var init_app_remote_instance = __esm({
   "libs/sdk/src/app/instances/app.remote.instance.ts"() {
     "use strict";
     init_common();
-    import_utils27 = require("@frontmcp/utils");
+    import_utils28 = require("@frontmcp/utils");
     init_tool_registry();
     init_resource_registry();
     init_prompt_registry();
@@ -20109,6 +20243,9 @@ var init_app_remote_instance = __esm({
       getPlugins() {
         return [];
       }
+      getPluginNames() {
+        return [];
+      }
     };
     EmptyAdapterRegistry = class {
       getAdapters() {
@@ -20196,7 +20333,7 @@ var init_app_remote_instance = __esm({
       _unsubscribeCapability;
       constructor(record, scopeProviders) {
         super(record);
-        this.id = this.metadata.id ?? (0, import_utils27.idFromString)(this.metadata.name);
+        this.id = this.metadata.id ?? (0, import_utils28.idFromString)(this.metadata.name);
         this.scopeProviders = scopeProviders;
         this.appOwner = {
           kind: "app",
@@ -20489,15 +20626,21 @@ var init_app_registry = __esm({
     "use strict";
     import_reflect_metadata13 = require("reflect-metadata");
     import_di25 = require("@frontmcp/di");
+    init_common();
     init_app_utils();
     init_regsitry();
     init_instances();
     init_errors();
     AppRegistry = class extends RegistryAbstract {
       owner;
+      logger;
       constructor(globalProviders, list, owner) {
         super("AppRegistry", globalProviders, list);
         this.owner = owner;
+        try {
+          this.logger = globalProviders.get(FrontMcpLogger)?.child("AppRegistry");
+        } catch {
+        }
       }
       buildMap(list) {
         const tokens = /* @__PURE__ */ new Set();
@@ -20526,6 +20669,7 @@ var init_app_registry = __esm({
       }
       /** Instantiate adapters, run fetch/transform, and populate registries. */
       async initialize() {
+        this.logger?.verbose(`AppRegistry: initializing ${this.tokens.size} app(s)`);
         const readyArr = [];
         for (const token of this.tokens) {
           const rec = this.defs.get(token);
@@ -20539,8 +20683,10 @@ var init_app_registry = __esm({
           }
           this.instances.set(token, app);
           readyArr.push(app.ready);
+          this.logger?.verbose(`AppRegistry: registered ${rec.kind} app '${rec.metadata.name}'`);
         }
         await Promise.all(readyArr);
+        this.logger?.debug(`AppRegistry: initialization complete (${this.instances.size} app(s))`);
       }
       getApps() {
         return [...this.instances.values()];
@@ -20994,7 +21140,7 @@ function createSessionId(protocol, token, options) {
   const payload = {
     nodeId: (0, import_auth14.getMachineId)(),
     authSig,
-    uuid: (0, import_utils28.randomUUID)(),
+    uuid: (0, import_utils29.randomUUID)(),
     iat: nowSec(),
     protocol,
     platformType,
@@ -21021,11 +21167,11 @@ function updateSessionPayload(sessionId, updates) {
   }
   return false;
 }
-var import_utils28, import_auth13, import_auth14, cache;
+var import_utils29, import_auth13, import_auth14, cache;
 var init_session_id_utils = __esm({
   "libs/sdk/src/auth/session/utils/session-id.utils.ts"() {
     "use strict";
-    import_utils28 = require("@frontmcp/utils");
+    import_utils29 = require("@frontmcp/utils");
     import_auth13 = require("@frontmcp/auth");
     init_notification_service();
     import_auth14 = require("@frontmcp/auth");
@@ -21034,7 +21180,7 @@ var init_session_id_utils = __esm({
 });
 
 // libs/sdk/src/auth/flows/session.verify.flow.ts
-var import_reflect_metadata17, import_zod48, import_auth15, import_auth16, import_auth17, import_auth18, import_utils29, inputSchema14, stateSchema12, UnauthorizedSchema, AuthorizedSchema, sessionVerifyOutputSchema, plan12, name13, Stage13, SessionVerifyFlow;
+var import_reflect_metadata17, import_zod48, import_auth15, import_auth16, import_auth17, import_auth18, import_utils30, inputSchema14, stateSchema12, UnauthorizedSchema, AuthorizedSchema, sessionVerifyOutputSchema, plan12, name13, Stage13, SessionVerifyFlow;
 var init_session_verify_flow = __esm({
   "libs/sdk/src/auth/flows/session.verify.flow.ts"() {
     "use strict";
@@ -21046,7 +21192,7 @@ var init_session_verify_flow = __esm({
     init_session_id_utils();
     import_auth17 = require("@frontmcp/auth");
     import_auth18 = require("@frontmcp/auth");
-    import_utils29 = require("@frontmcp/utils");
+    import_utils30 = require("@frontmcp/utils");
     init_notification_service();
     inputSchema14 = httpRequestInputSchema;
     stateSchema12 = import_zod48.z.object({
@@ -21081,16 +21227,23 @@ var init_session_verify_flow = __esm({
     name13 = "session:verify";
     Stage13 = StageHookOf(name13);
     SessionVerifyFlow = class extends FlowBase {
+      logger = this.scopeLogger.child("SessionVerifyFlow");
+      maskSub(sub) {
+        if (!sub) return "***";
+        if (sub.length <= 10) return "***" + sub.slice(-4);
+        return sub.slice(0, 6) + "***" + sub.slice(-4);
+      }
       /**
        * Create an anonymous session with consistent structure for both public and transparent-anon modes.
        * Encapsulates the shared logic for session creation, payload encryption, and user derivation.
        */
       createAnonymousSession(options) {
         const { authMode, issuer, scopes = ["anonymous"], sessionIdHeader } = options;
+        this.logger.verbose("createAnonymousSession", { authMode, hasExistingSession: !!sessionIdHeader });
         const machineId = (0, import_auth18.getMachineId)();
         if (sessionIdHeader) {
           const existingPayload = decryptPublicSession(sessionIdHeader);
-          const user2 = existingPayload ? { sub: `anon:${existingPayload.iat * 1e3}`, iss: issuer, name: "Anonymous", scope: scopes.join(" ") } : { sub: `anon:${(0, import_utils29.randomUUID)()}`, iss: issuer, name: "Anonymous", scope: scopes.join(" ") };
+          const user2 = existingPayload ? { sub: `anon:${existingPayload.iat * 1e3}`, iss: issuer, name: "Anonymous", scope: scopes.join(" ") } : { sub: `anon:${(0, import_utils30.randomUUID)()}`, iss: issuer, name: "Anonymous", scope: scopes.join(" ") };
           const finalPayload = existingPayload && existingPayload.nodeId === machineId ? existingPayload : void 0;
           this.respond({
             kind: "authorized",
@@ -21107,12 +21260,12 @@ var init_session_verify_flow = __esm({
         }
         const now = Date.now();
         const user = {
-          sub: `anon:${(0, import_utils29.randomUUID)()}`,
+          sub: `anon:${(0, import_utils30.randomUUID)()}`,
           iss: issuer,
           name: "Anonymous",
           scope: scopes.join(" ")
         };
-        const uuid = (0, import_utils29.randomUUID)();
+        const uuid = (0, import_utils30.randomUUID)();
         const platformDetectionConfig = this.scope.metadata.transport?.platformDetection;
         const platformType = detectPlatformFromUserAgent(this.state.userAgent, platformDetectionConfig);
         const payload = {
@@ -21149,6 +21302,12 @@ var init_session_verify_flow = __esm({
         const userAgent = request.headers?.["user-agent"] ?? void 0;
         const prmMetadataPath = `/.well-known/oauth-protected-resource${entryPath}${routeBase}`;
         const prmMetadataHeader = `Bearer resource_metadata="${baseUrl}${prmMetadataPath}"`;
+        this.logger.verbose("parseInput", {
+          hasAuthHeader: !!authorizationHeader,
+          hasToken: !!token,
+          sessionProtocol,
+          hasSessionId: !!sessionIdHeader
+        });
         this.state.set({
           baseUrl,
           authorizationHeader,
@@ -21168,6 +21327,7 @@ var init_session_verify_flow = __esm({
         if (this.state.token) {
           return;
         }
+        this.logger.info("handlePublicMode: allowing anonymous access (public mode)");
         this.createAnonymousSession({
           authMode: "public",
           issuer: "public",
@@ -21176,6 +21336,7 @@ var init_session_verify_flow = __esm({
         });
       }
       async handleAnonymousFallback() {
+        this.logger.verbose("handleAnonymousFallback: creating anonymous session (transparent-anon)");
         const authOptions = this.scope.auth?.options;
         const scopes = authOptions?.anonymousScopes ?? ["anonymous"];
         this.createAnonymousSession({
@@ -21186,6 +21347,7 @@ var init_session_verify_flow = __esm({
         });
       }
       async requireAuthorizationOrChallenge() {
+        this.logger.verbose("requireAuthorizationOrChallenge: returning 401");
         this.respond({
           kind: "unauthorized",
           prmMetadataHeader: this.state.required.prmMetadataHeader
@@ -21195,6 +21357,7 @@ var init_session_verify_flow = __esm({
         const jwks = this.get(import_auth16.JwksService);
         const token = this.state.token;
         if (!token) {
+          this.logger.warn("verifyIfJwt: missing or empty bearer token, returning 401");
           this.respond({
             kind: "unauthorized",
             prmMetadataHeader: this.state.required.prmMetadataHeader
@@ -21202,6 +21365,7 @@ var init_session_verify_flow = __esm({
           return;
         }
         if (!(0, import_auth15.isJwt)(token)) {
+          this.logger.warn("verifyIfJwt: token is not a JWT, returning 401");
           this.respond({
             kind: "unauthorized",
             prmMetadataHeader: this.state.required.prmMetadataHeader
@@ -21210,6 +21374,7 @@ var init_session_verify_flow = __esm({
         }
         const auth = this.scope.auth;
         if (!auth) {
+          this.logger.warn("verifyIfJwt: auth registry not available, returning 401");
           this.respond({
             kind: "unauthorized",
             prmMetadataHeader: this.state.required.prmMetadataHeader
@@ -21218,6 +21383,8 @@ var init_session_verify_flow = __esm({
         }
         let verify;
         const authOptions = auth.options;
+        const mode = (0, import_auth10.isTransparentMode)(authOptions) ? "transparent" : "gateway";
+        this.logger.verbose(`verifyIfJwt: verifying using ${mode} mode`);
         if ((0, import_auth10.isTransparentMode)(authOptions)) {
           const primary = authOptions;
           const issuer = auth.issuer;
@@ -21238,6 +21405,7 @@ var init_session_verify_flow = __esm({
           this.state.set({ jwtPayload: result.payload });
           return;
         }
+        this.logger.warn("verifyIfJwt: JWT verification failed", { error: result.error });
         this.respond({
           kind: "unauthorized",
           prmMetadataHeader: this.state.required.prmMetadataHeader
@@ -21252,6 +21420,7 @@ var init_session_verify_flow = __esm({
           required: { token }
         } = this.state;
         const session = parseSessionHeader(sessionIdHeader, token);
+        this.logger.verbose("parseSessionHeader", { hasSessionId: !!sessionIdHeader, parsed: !!session });
         if (session) {
           this.state.set("session", session);
         }
@@ -21261,6 +21430,10 @@ var init_session_verify_flow = __esm({
           required: { token, user },
           session
         } = this.state;
+        this.logger.info("Session verified successfully", {
+          sub: this.maskSub(user.sub),
+          hasSession: !!session
+        });
         this.respond({
           kind: "authorized",
           authorization: {
@@ -22169,13 +22342,13 @@ var init_oauth_authorize_flow = __esm({
 });
 
 // libs/sdk/src/auth/flows/oauth.register.flow.ts
-var import_zod50, import_utils30, CLIENTS, inputSchema16, outputSchema14, registrationRequestSchema, stateSchema14, plan14, name15, Stage15, OauthRegisterFlow;
+var import_zod50, import_utils31, CLIENTS, inputSchema16, outputSchema14, registrationRequestSchema, stateSchema14, plan14, name15, Stage15, OauthRegisterFlow;
 var init_oauth_register_flow = __esm({
   "libs/sdk/src/auth/flows/oauth.register.flow.ts"() {
     "use strict";
     init_common();
     import_zod50 = require("zod");
-    import_utils30 = require("@frontmcp/utils");
+    import_utils31 = require("@frontmcp/utils");
     CLIENTS = /* @__PURE__ */ new Map();
     inputSchema16 = httpInputSchema;
     outputSchema14 = HttpJsonSchema;
@@ -22269,10 +22442,10 @@ var init_oauth_register_flow = __esm({
       async registerClient() {
         const now = Math.floor(Date.now() / 1e3);
         const { token_endpoint_auth_method, grant_types, response_types, redirect_uris, client_name, scope } = this.state.required.body;
-        const client_id = (0, import_utils30.randomUUID)();
+        const client_id = (0, import_utils31.randomUUID)();
         let client_secret;
         if (token_endpoint_auth_method === "client_secret_post" || token_endpoint_auth_method === "client_secret_basic") {
-          client_secret = (0, import_utils30.base64urlEncode)((0, import_utils30.randomBytes)(24));
+          client_secret = (0, import_utils31.base64urlEncode)((0, import_utils31.randomBytes)(24));
         }
         this.registered = {
           client_id,
@@ -22341,13 +22514,13 @@ var init_oauth_register_flow = __esm({
 });
 
 // libs/sdk/src/auth/flows/oauth.token.flow.ts
-var import_zod51, import_utils31, inputSchema17, pkceVerifierRegex, authorizationCodeGrant, refreshTokenGrant, anonymousGrant, tokenRequestSchema, stateSchema15, outputSchema15, plan15, name16, Stage16, OauthTokenFlow;
+var import_zod51, import_utils32, inputSchema17, pkceVerifierRegex, authorizationCodeGrant, refreshTokenGrant, anonymousGrant, tokenRequestSchema, stateSchema15, outputSchema15, plan15, name16, Stage16, OauthTokenFlow;
 var init_oauth_token_flow = __esm({
   "libs/sdk/src/auth/flows/oauth.token.flow.ts"() {
     "use strict";
     init_common();
     import_zod51 = require("zod");
-    import_utils31 = require("@frontmcp/utils");
+    import_utils32 = require("@frontmcp/utils");
     inputSchema17 = httpInputSchema;
     pkceVerifierRegex = /^[A-Za-z0-9_.~-]{43,128}$/;
     authorizationCodeGrant = import_zod51.z.object({
@@ -22454,7 +22627,7 @@ var init_oauth_token_flow = __esm({
             access_token: accessToken,
             token_type: "Bearer",
             expires_in: 86400,
-            refresh_token: (0, import_utils31.randomUUID)()
+            refresh_token: (0, import_utils32.randomUUID)()
           });
           return;
         }
@@ -22491,7 +22664,7 @@ var init_oauth_token_flow = __esm({
             access_token: accessToken,
             token_type: "Bearer",
             expires_in: 86400,
-            refresh_token: (0, import_utils31.randomUUID)()
+            refresh_token: (0, import_utils32.randomUUID)()
           });
           return;
         }
@@ -22525,7 +22698,7 @@ var init_oauth_token_flow = __esm({
           access_token: accessToken,
           token_type: "Bearer",
           expires_in: 86400,
-          refresh_token: (0, import_utils31.randomUUID)()
+          refresh_token: (0, import_utils32.randomUUID)()
         });
       }
       async buildTokenResponse() {
@@ -22592,13 +22765,13 @@ var init_oauth_token_flow = __esm({
 });
 
 // libs/sdk/src/auth/flows/oauth.callback.flow.ts
-var import_zod52, import_utils32, import_auth22, inputSchema18, stateSchema16, outputSchema16, plan16, name17, Stage17, OauthCallbackFlow;
+var import_zod52, import_utils33, import_auth22, inputSchema18, stateSchema16, outputSchema16, plan16, name17, Stage17, OauthCallbackFlow;
 var init_oauth_callback_flow = __esm({
   "libs/sdk/src/auth/flows/oauth.callback.flow.ts"() {
     "use strict";
     init_common();
     import_zod52 = require("zod");
-    import_utils32 = require("@frontmcp/utils");
+    import_utils33 = require("@frontmcp/utils");
     import_auth22 = require("@frontmcp/auth");
     inputSchema18 = httpInputSchema;
     stateSchema16 = import_zod52.z.object({
@@ -22810,7 +22983,7 @@ var init_oauth_callback_flow = __esm({
           return;
         }
         const federatedSession = (0, import_auth22.createFederatedAuthSession)({
-          pendingAuthId: this.state.required.pendingAuthId || (0, import_utils32.randomUUID)(),
+          pendingAuthId: this.state.required.pendingAuthId || (0, import_utils33.randomUUID)(),
           clientId,
           redirectUri,
           scopes: scopes ?? [],
@@ -22830,14 +23003,14 @@ var init_oauth_callback_flow = __esm({
         await sessionStore.store(federatedSession);
         this.logger.info(`Created federated session: ${federatedSession.id}`);
         const firstProviderId = selectedProviders[0];
-        const verifier = (0, import_utils32.generateCodeVerifier)();
-        const challenge = (0, import_utils32.sha256Base64url)(verifier);
+        const verifier = (0, import_utils33.generateCodeVerifier)();
+        const challenge = (0, import_utils33.sha256Base64url)(verifier);
         const pkce = {
           verifier,
           challenge,
           method: "S256"
         };
-        const providerState = `federated:${federatedSession.id}:${(0, import_utils32.randomUUID)()}`;
+        const providerState = `federated:${federatedSession.id}:${(0, import_utils33.randomUUID)()}`;
         (0, import_auth22.startNextProvider)(federatedSession, pkce, providerState);
         await sessionStore.update(federatedSession);
         const providerConfig = localAuth.getProviderConfig(firstProviderId);
@@ -22958,7 +23131,7 @@ var init_oauth_callback_flow = __esm({
        * In production, this would be the user's ID from the database
        */
       generateUserSub(email) {
-        const hash = (0, import_utils32.sha256Hex)(email.toLowerCase());
+        const hash = (0, import_utils33.sha256Hex)(email.toLowerCase());
         return `${hash.slice(0, 8)}-${hash.slice(8, 12)}-${hash.slice(12, 16)}-${hash.slice(16, 20)}-${hash.slice(20, 32)}`;
       }
       /**
@@ -23051,7 +23224,7 @@ var init_oauth_callback_flow = __esm({
 });
 
 // libs/sdk/src/auth/flows/oauth.provider-callback.flow.ts
-var import_zod53, import_auth23, import_utils33, inputSchema19, stateSchema17, outputSchema17, plan17, name18, Stage18, OauthProviderCallbackFlow;
+var import_zod53, import_auth23, import_utils34, inputSchema19, stateSchema17, outputSchema17, plan17, name18, Stage18, OauthProviderCallbackFlow;
 var init_oauth_provider_callback_flow = __esm({
   "libs/sdk/src/auth/flows/oauth.provider-callback.flow.ts"() {
     "use strict";
@@ -23059,7 +23232,7 @@ var init_oauth_provider_callback_flow = __esm({
     import_zod53 = require("zod");
     init_instance_local_primary_auth();
     import_auth23 = require("@frontmcp/auth");
-    import_utils33 = require("@frontmcp/utils");
+    import_utils34 = require("@frontmcp/utils");
     init_errors();
     inputSchema19 = httpInputSchema;
     stateSchema17 = import_zod53.z.object({
@@ -23315,14 +23488,14 @@ var init_oauth_provider_callback_flow = __esm({
         if (!nextProviderId) {
           return this.completeFederatedAuth(session);
         }
-        const verifier = (0, import_utils33.generateCodeVerifier)();
-        const challenge = (0, import_utils33.sha256Base64url)(verifier);
+        const verifier = (0, import_utils34.generateCodeVerifier)();
+        const challenge = (0, import_utils34.sha256Base64url)(verifier);
         const pkce = {
           verifier,
           challenge,
           method: "S256"
         };
-        const providerState = `federated:${session.id}:${(0, import_utils33.randomUUID)()}`;
+        const providerState = `federated:${session.id}:${(0, import_utils34.randomUUID)()}`;
         (0, import_auth23.startNextProvider)(session, pkce, providerState);
         const sessionStore = localAuth.federatedSessionStore;
         if (sessionStore) {
@@ -23389,9 +23562,9 @@ var init_oauth_provider_callback_flow = __esm({
        */
       generateUserSub(email) {
         if (!email) {
-          return `anon:${(0, import_utils33.randomUUID)()}`;
+          return `anon:${(0, import_utils34.randomUUID)()}`;
         }
-        const hash = (0, import_utils33.sha256Base64url)(email.toLowerCase());
+        const hash = (0, import_utils34.sha256Base64url)(email.toLowerCase());
         return `user:${hash.substring(0, 16)}`;
       }
       /**
@@ -23491,13 +23664,13 @@ var init_oauth_provider_callback_flow = __esm({
 });
 
 // libs/sdk/src/auth/instances/instance.local-primary-auth.ts
-var import_jose, import_url, import_utils34, import_auth25, import_auth26, DEFAULT_NO_AUTH_SECRET, LocalPrimaryAuth;
+var import_jose, import_url, import_utils35, import_auth25, import_auth26, DEFAULT_NO_AUTH_SECRET, LocalPrimaryAuth;
 var init_instance_local_primary_auth = __esm({
   "libs/sdk/src/auth/instances/instance.local-primary-auth.ts"() {
     "use strict";
     import_jose = require("jose");
     import_url = require("url");
-    import_utils34 = require("@frontmcp/utils");
+    import_utils35 = require("@frontmcp/utils");
     init_common();
     init_auth2();
     init_well_known_prm_flow();
@@ -23513,7 +23686,7 @@ var init_instance_local_primary_auth = __esm({
     import_auth26 = require("@frontmcp/auth");
     init_oauth_provider_callback_flow();
     init_auth_internal_errors();
-    DEFAULT_NO_AUTH_SECRET = (0, import_utils34.randomBytes)(32);
+    DEFAULT_NO_AUTH_SECRET = (0, import_utils35.randomBytes)(32);
     LocalPrimaryAuth = class extends FrontMcpAuth {
       constructor(scope, providers, options) {
         super(options);
@@ -23588,7 +23761,7 @@ var init_instance_local_primary_auth = __esm({
         return basePath;
       }
       async signAnonymousJwt() {
-        const sub = (0, import_utils34.randomUUID)();
+        const sub = (0, import_utils35.randomUUID)();
         return new import_jose.SignJWT({ sub, role: "user", anonymous: true }).setProtectedHeader({ alg: "HS256", typ: "JWT" }).setIssuedAt().setIssuer(this.issuer).setExpirationTime("1d").sign(this.secret);
       }
       /**
@@ -23618,7 +23791,7 @@ var init_instance_local_primary_auth = __esm({
             };
           }
         }
-        const jwt = new import_jose.SignJWT(claims).setProtectedHeader({ alg: "HS256", typ: "JWT" }).setIssuedAt().setIssuer(this.issuer).setExpirationTime(`${this.accessTokenTtlSeconds}s`).setJti((0, import_utils34.randomUUID)());
+        const jwt = new import_jose.SignJWT(claims).setProtectedHeader({ alg: "HS256", typ: "JWT" }).setIssuedAt().setIssuer(this.issuer).setExpirationTime(`${this.accessTokenTtlSeconds}s`).setJti((0, import_utils35.randomUUID)());
         if (audience) {
           jwt.setAudience(audience);
         }
@@ -23684,7 +23857,7 @@ var init_instance_local_primary_auth = __esm({
             const pendingAuthId = `pending:${codeRecord.pendingAuthId}`;
             const parts = accessToken.split(".");
             const signature = parts[2] || accessToken;
-            const newAuthId = (0, import_utils34.sha256Hex)(signature).substring(0, 16);
+            const newAuthId = (0, import_utils35.sha256Hex)(signature).substring(0, 16);
             await this.orchestratedTokenStore.migrateTokens(pendingAuthId, newAuthId);
             this.logger.info(`Migrated tokens from ${pendingAuthId} to ${newAuthId}`);
           } catch (err) {
@@ -24219,14 +24392,14 @@ var init_auth_registry = __esm({
 });
 
 // libs/sdk/src/scope/flows/http.request.flow.ts
-var import_zod54, import_utils35, plan18, httpRequestStateSchema, name19, Stage19, HttpRequestFlow;
+var import_zod54, import_utils36, plan18, httpRequestStateSchema, name19, Stage19, HttpRequestFlow;
 var init_http_request_flow = __esm({
   "libs/sdk/src/scope/flows/http.request.flow.ts"() {
     "use strict";
     init_common();
     import_zod54 = require("zod");
     init_session_verify_flow();
-    import_utils35 = require("@frontmcp/utils");
+    import_utils36 = require("@frontmcp/utils");
     init_errors();
     plan18 = {
       pre: [
@@ -24282,7 +24455,7 @@ var init_http_request_flow = __esm({
         const { request } = this.rawInput;
         this.requestStartTime = Date.now();
         const ctx = this.tryGetContext();
-        this.requestId = ctx?.requestId ?? `req-${(0, import_utils35.randomUUID)()}`;
+        this.requestId = ctx?.requestId ?? `req-${(0, import_utils36.randomUUID)()}`;
         const headers = request.headers ?? {};
         const body = request.body;
         const userAgent = headers["user-agent"];
@@ -24712,11 +24885,11 @@ var init_transport_remote = __esm({
 });
 
 // libs/sdk/src/transport/legacy/legacy.sse.tranporter.ts
-var import_utils36, import_raw_body, import_content_type, import_url2, import_types19, MAXIMUM_MESSAGE_SIZE, SSEServerTransport;
+var import_utils37, import_raw_body, import_content_type, import_url2, import_types19, MAXIMUM_MESSAGE_SIZE, SSEServerTransport;
 var init_legacy_sse_tranporter = __esm({
   "libs/sdk/src/transport/legacy/legacy.sse.tranporter.ts"() {
     "use strict";
-    import_utils36 = require("@frontmcp/utils");
+    import_utils37 = require("@frontmcp/utils");
     import_raw_body = __toESM(require("raw-body"));
     import_content_type = __toESM(require("content-type"));
     import_url2 = require("url");
@@ -24730,7 +24903,7 @@ var init_legacy_sse_tranporter = __esm({
       constructor(_endpoint, res, options) {
         this._endpoint = _endpoint;
         this.res = res;
-        this._sessionId = options?.sessionId ?? (0, import_utils36.randomUUID)();
+        this._sessionId = options?.sessionId ?? (0, import_utils37.randomUUID)();
         this._options = options || { enableDnsRebindingProtection: false };
       }
       _sseResponse;
@@ -25095,9 +25268,12 @@ function listToolsRequestHandler({
   return {
     requestSchema: import_types23.ListToolsRequestSchema,
     handler: async (request, ctx) => {
-      logger.verbose("tools/list: listing tools");
+      logger.verbose("tools/list requested");
+      const start = Date.now();
       try {
-        return await scope.runFlowForOutput("tools:list-tools", { request, ctx });
+        const result = await scope.runFlowForOutput("tools:list-tools", { request, ctx });
+        logger.verbose("tools/list completed", { durationMs: Date.now() - start });
+        return result;
       } catch (e) {
         logger.error("tools/list failed", {
           error: e instanceof Error ? { name: e.name, message: e.message, stack: e.stack } : e
@@ -25124,9 +25300,12 @@ function callToolRequestHandler({
     requestSchema: import_types24.CallToolRequestSchema,
     handler: async (request, ctx) => {
       const toolName = request.params?.name || "unknown";
-      logger.verbose(`tools/call: ${toolName}`);
+      logger.info(`tools/call: ${toolName}`);
+      const start = Date.now();
       try {
-        return await scope.runFlowForOutput("tools:call-tool", { request, ctx });
+        const result = await scope.runFlowForOutput("tools:call-tool", { request, ctx });
+        logger.verbose("tools/call completed", { tool: toolName, durationMs: Date.now() - start });
+        return result;
       } catch (e) {
         if (e instanceof FlowControl) {
           if (e.type === "respond") {
@@ -25170,9 +25349,12 @@ function listResourcesRequestHandler({
   return {
     requestSchema: import_types25.ListResourcesRequestSchema,
     handler: async (request, ctx) => {
-      logger.verbose("resources/list: listing resources");
+      logger.verbose("resources/list requested");
+      const start = Date.now();
       try {
-        return await scope.runFlowForOutput("resources:list-resources", { request, ctx });
+        const result = await scope.runFlowForOutput("resources:list-resources", { request, ctx });
+        logger.verbose("resources/list completed", { durationMs: Date.now() - start });
+        return result;
       } catch (e) {
         logger.error("resources/list failed", {
           error: e instanceof Error ? { name: e.name, message: e.message, stack: e.stack } : e
@@ -25198,9 +25380,12 @@ function listResourceTemplatesRequestHandler({
   return {
     requestSchema: import_types26.ListResourceTemplatesRequestSchema,
     handler: async (request, ctx) => {
-      logger.verbose("resources/listTemplates: listing resource templates");
+      logger.verbose("resources/listTemplates requested");
+      const start = Date.now();
       try {
-        return await scope.runFlowForOutput("resources:list-resource-templates", { request, ctx });
+        const result = await scope.runFlowForOutput("resources:list-resource-templates", { request, ctx });
+        logger.verbose("resources/listTemplates completed", { durationMs: Date.now() - start });
+        return result;
       } catch (e) {
         logger.error("resources/listTemplates failed", {
           error: e instanceof Error ? { name: e.name, message: e.message, stack: e.stack } : e
@@ -25227,9 +25412,12 @@ function readResourceRequestHandler({
     requestSchema: import_types27.ReadResourceRequestSchema,
     handler: async (request, ctx) => {
       const uri = request.params?.uri || "unknown";
-      logger.verbose(`resources/read: ${uri}`);
+      logger.info(`resources/read: ${uri}`);
+      const start = Date.now();
       try {
-        return await scope.runFlowForOutput("resources:read-resource", { request, ctx });
+        const result = await scope.runFlowForOutput("resources:read-resource", { request, ctx });
+        logger.verbose("resources/read completed", { uri, durationMs: Date.now() - start });
+        return result;
       } catch (e) {
         logger.error("resources/read failed", {
           uri,
@@ -25261,9 +25449,9 @@ function SubscribeRequestHandler({ scope }) {
       }
       const isNew = scope.notifications.subscribeResource(sessionId, uri);
       if (isNew) {
-        scope.logger.verbose(`resources/subscribe: Session ${sessionId.slice(0, 20)}... subscribed to ${uri}`);
+        scope.logger.info(`resources/subscribe: Session ${sessionId.slice(0, 20)}... subscribed to ${uri}`);
       } else {
-        scope.logger.verbose(`resources/subscribe: Session ${sessionId.slice(0, 20)}... already subscribed to ${uri}`);
+        scope.logger.debug(`resources/subscribe: Session ${sessionId.slice(0, 20)}... already subscribed to ${uri}`);
       }
       return {};
     }
@@ -25290,11 +25478,9 @@ function UnsubscribeRequestHandler({ scope }) {
       }
       const wasSubscribed = scope.notifications.unsubscribeResource(sessionId, uri);
       if (wasSubscribed) {
-        scope.logger.verbose(`resources/unsubscribe: Session ${sessionId.slice(0, 20)}... unsubscribed from ${uri}`);
+        scope.logger.info(`resources/unsubscribe: Session ${sessionId.slice(0, 20)}... unsubscribed from ${uri}`);
       } else {
-        scope.logger.verbose(
-          `resources/unsubscribe: Session ${sessionId.slice(0, 20)}... was not subscribed to ${uri}`
-        );
+        scope.logger.debug(`resources/unsubscribe: Session ${sessionId.slice(0, 20)}... was not subscribed to ${uri}`);
       }
       return {};
     }
@@ -25316,9 +25502,12 @@ function listPromptsRequestHandler({
   return {
     requestSchema: import_types30.ListPromptsRequestSchema,
     handler: async (request, ctx) => {
-      logger.verbose("prompts/list: listing prompts");
+      logger.verbose("prompts/list requested");
+      const start = Date.now();
       try {
-        return await scope.runFlowForOutput("prompts:list-prompts", { request, ctx });
+        const result = await scope.runFlowForOutput("prompts:list-prompts", { request, ctx });
+        logger.verbose("prompts/list completed", { durationMs: Date.now() - start });
+        return result;
       } catch (e) {
         logger.error("prompts/list failed", {
           error: e instanceof Error ? { name: e.name, message: e.message, stack: e.stack } : e
@@ -25345,9 +25534,12 @@ function getPromptRequestHandler({
     requestSchema: import_types31.GetPromptRequestSchema,
     handler: async (request, ctx) => {
       const promptName = request.params?.name || "unknown";
-      logger.verbose(`prompts/get: ${promptName}`);
+      logger.info(`prompts/get: ${promptName}`);
+      const start = Date.now();
       try {
-        return await scope.runFlowForOutput("prompts:get-prompt", { request, ctx });
+        const result = await scope.runFlowForOutput("prompts:get-prompt", { request, ctx });
+        logger.verbose("prompts/get completed", { prompt: promptName, durationMs: Date.now() - start });
+        return result;
       } catch (e) {
         logger.error("prompts/get failed", {
           prompt: promptName,
@@ -25374,9 +25566,12 @@ function completeRequestHandler({
   return {
     requestSchema: import_types32.CompleteRequestSchema,
     handler: async (request, ctx) => {
-      logger.verbose("completion/complete: completing");
+      logger.verbose("completion/complete requested");
+      const start = Date.now();
       try {
-        return await scope.runFlowForOutput("completion:complete", { request, ctx });
+        const result = await scope.runFlowForOutput("completion:complete", { request, ctx });
+        logger.verbose("completion/complete completed", { durationMs: Date.now() - start });
+        return result;
       } catch (e) {
         logger.error("completion/complete failed", {
           error: e instanceof Error ? { name: e.name, message: e.message, stack: e.stack } : e
@@ -25631,6 +25826,9 @@ function formatSkillsForLlmCompact(skills) {
     if (tags && tags.length > 0) {
       lines.push(`Tags: ${tags.join(", ")}`);
     }
+    if (skill.metadata.license) {
+      lines.push(`License: ${skill.metadata.license}`);
+    }
     parts.push(lines.join("\n"));
   }
   return parts.join("\n\n---\n\n");
@@ -25657,6 +25855,14 @@ function formatSkillForLLMWithSchemas(skill, availableTools, missingTools, toolR
   parts.push("");
   parts.push(skill.description);
   parts.push("");
+  if (skill.license) {
+    parts.push(`**License:** ${skill.license}`);
+    parts.push("");
+  }
+  if (skill.compatibility) {
+    parts.push(`**Compatibility:** ${skill.compatibility}`);
+    parts.push("");
+  }
   if (missingTools.length > 0) {
     parts.push("> **Warning:** Some tools are not available:");
     parts.push(`> Missing: ${missingTools.join(", ")}`);
@@ -25741,7 +25947,12 @@ function skillToApiResponse(skill, loadResult) {
       type: p.type ?? "string"
     })),
     priority: skill.metadata.priority ?? 0,
-    visibility: skill.metadata.visibility ?? "both"
+    visibility: skill.metadata.visibility ?? "both",
+    license: skill.metadata.license,
+    compatibility: skill.metadata.compatibility,
+    specMetadata: skill.metadata.specMetadata,
+    allowedTools: skill.metadata.allowedTools,
+    resources: skill.metadata.resources
   };
   if (loadResult) {
     result.availableTools = loadResult.availableTools;
@@ -26219,21 +26430,21 @@ var init_transport_local_adapter = __esm({
 });
 
 // libs/sdk/src/transport/transport.error.ts
-var import_utils37, JSON_RPC2, rpcError, rpcRequest;
+var import_utils38, JSON_RPC2, rpcError, rpcRequest;
 var init_transport_error = __esm({
   "libs/sdk/src/transport/transport.error.ts"() {
     "use strict";
-    import_utils37 = require("@frontmcp/utils");
+    import_utils38 = require("@frontmcp/utils");
     JSON_RPC2 = "2.0";
     rpcError = (message, requestId) => ({
       jsonrpc: JSON_RPC2,
       error: { code: -32e3, message },
-      id: requestId ?? (0, import_utils37.randomUUID)()
+      id: requestId ?? (0, import_utils38.randomUUID)()
       // change it to request id + random
     });
     rpcRequest = (requestId, method, params) => ({
       jsonrpc: JSON_RPC2,
-      id: requestId ?? (0, import_utils37.randomUUID)(),
+      id: requestId ?? (0, import_utils38.randomUUID)(),
       method,
       params
     });
@@ -26241,12 +26452,12 @@ var init_transport_error = __esm({
 });
 
 // libs/sdk/src/elicitation/store/storage-elicitation.store.ts
-var import_utils38, import_utils39, RESOLVED_RESULT_TTL_SECONDS, RESULT_CHANNEL_PREFIX, FALLBACK_RESULT_CHANNEL_PREFIX, StorageElicitationStore;
+var import_utils39, import_utils40, RESOLVED_RESULT_TTL_SECONDS, RESULT_CHANNEL_PREFIX, FALLBACK_RESULT_CHANNEL_PREFIX, StorageElicitationStore;
 var init_storage_elicitation_store = __esm({
   "libs/sdk/src/elicitation/store/storage-elicitation.store.ts"() {
     "use strict";
-    import_utils38 = require("@frontmcp/utils");
     import_utils39 = require("@frontmcp/utils");
+    import_utils40 = require("@frontmcp/utils");
     RESOLVED_RESULT_TTL_SECONDS = 300;
     RESULT_CHANNEL_PREFIX = "result:";
     FALLBACK_RESULT_CHANNEL_PREFIX = "fallback-result:";
@@ -26271,9 +26482,9 @@ var init_storage_elicitation_store = __esm({
       constructor(storage, logger) {
         this.storage = storage;
         this.logger = logger;
-        this.pending = new import_utils38.TypedStorage(storage.namespace("pending"));
-        this.fallback = new import_utils38.TypedStorage(storage.namespace("fallback"));
-        this.resolved = new import_utils38.TypedStorage(storage.namespace("resolved"));
+        this.pending = new import_utils39.TypedStorage(storage.namespace("pending"));
+        this.fallback = new import_utils39.TypedStorage(storage.namespace("fallback"));
+        this.resolved = new import_utils39.TypedStorage(storage.namespace("resolved"));
       }
       // ============================================
       // Pending Elicitation Methods
@@ -26283,7 +26494,7 @@ var init_storage_elicitation_store = __esm({
        */
       async setPending(record) {
         const { sessionId, expiresAt } = record;
-        const ttlSeconds = (0, import_utils39.expiresAtToTTL)(expiresAt);
+        const ttlSeconds = (0, import_utils40.expiresAtToTTL)(expiresAt);
         if (ttlSeconds <= 0) {
           this.logger?.warn("[StorageElicitationStore] Record already expired, not storing", {
             sessionId,
@@ -26461,7 +26672,7 @@ var init_storage_elicitation_store = __esm({
        */
       async setPendingFallback(record) {
         const { elicitId, expiresAt } = record;
-        const ttlSeconds = (0, import_utils39.expiresAtToTTL)(expiresAt);
+        const ttlSeconds = (0, import_utils40.expiresAtToTTL)(expiresAt);
         if (ttlSeconds <= 0) {
           this.logger?.warn("[StorageElicitationStore] Fallback record already expired, not storing", { elicitId });
           return;
@@ -26729,27 +26940,27 @@ async function deriveElicitationKey(sessionId, secret) {
   const ikm = textEncoder.encode(serverSecret + sessionId);
   const salt = textEncoder.encode(ELICITATION_SALT);
   const info = textEncoder.encode(`elicit:${sessionId}`);
-  return (0, import_utils40.hkdfSha256)(ikm, salt, info, 32);
+  return (0, import_utils41.hkdfSha256)(ikm, salt, info, 32);
 }
 async function encryptElicitationData(data, sessionId, secret) {
   const key = await deriveElicitationKey(sessionId, secret);
   const plaintext = textEncoder.encode(JSON.stringify(data));
-  const iv = (0, import_utils40.randomBytes)(12);
-  const { ciphertext, tag } = (0, import_utils40.encryptAesGcm)(key, plaintext, iv);
+  const iv = (0, import_utils41.randomBytes)(12);
+  const { ciphertext, tag } = (0, import_utils41.encryptAesGcm)(key, plaintext, iv);
   return {
     alg: "A256GCM",
-    iv: (0, import_utils40.base64urlEncode)(iv),
-    tag: (0, import_utils40.base64urlEncode)(tag),
-    data: (0, import_utils40.base64urlEncode)(ciphertext)
+    iv: (0, import_utils41.base64urlEncode)(iv),
+    tag: (0, import_utils41.base64urlEncode)(tag),
+    data: (0, import_utils41.base64urlEncode)(ciphertext)
   };
 }
 async function decryptElicitationData(blob, sessionId, secret) {
   try {
     const key = await deriveElicitationKey(sessionId, secret);
-    const iv = (0, import_utils40.base64urlDecode)(blob.iv);
-    const tag = (0, import_utils40.base64urlDecode)(blob.tag);
-    const ciphertext = (0, import_utils40.base64urlDecode)(blob.data);
-    const decrypted = (0, import_utils40.decryptAesGcm)(key, ciphertext, iv, tag);
+    const iv = (0, import_utils41.base64urlDecode)(blob.iv);
+    const tag = (0, import_utils41.base64urlDecode)(blob.tag);
+    const ciphertext = (0, import_utils41.base64urlDecode)(blob.data);
+    const decrypted = (0, import_utils41.decryptAesGcm)(key, ciphertext, iv, tag);
     return JSON.parse(textDecoder.decode(decrypted));
   } catch {
     return null;
@@ -26789,11 +27000,11 @@ async function tryDecryptStoredValue(value, sessionId, secret) {
   }
   return decryptElicitationData(value, sessionId, secret);
 }
-var import_utils40, ELICITATION_SALT, textEncoder, textDecoder;
+var import_utils41, ELICITATION_SALT, textEncoder, textDecoder;
 var init_elicitation_encryption = __esm({
   "libs/sdk/src/elicitation/store/elicitation-encryption.ts"() {
     "use strict";
-    import_utils40 = require("@frontmcp/utils");
+    import_utils41 = require("@frontmcp/utils");
     init_auth_internal_errors();
     ELICITATION_SALT = "elicitation-store-v1";
     textEncoder = new TextEncoder();
@@ -27262,7 +27473,7 @@ async function createElicitationStore(options = {}) {
       "Elicitation requires distributed storage when running on Edge runtime. Edge functions are stateless and cannot use in-memory elicitation. Configure Redis or Upstash storage."
     );
   }
-  const storage = await (0, import_utils41.createStorage)({
+  const storage = await (0, import_utils42.createStorage)({
     ...finalStorageConfig,
     prefix: keyPrefix,
     fallback: isEdgeRuntime ? "error" : "memory"
@@ -27300,7 +27511,7 @@ async function createElicitationStore(options = {}) {
 }
 function createMemoryElicitationStore(options = {}) {
   const { keyPrefix = "mcp:elicit:", logger, encryption } = options;
-  const storage = (0, import_utils41.createMemoryStorage)({ prefix: keyPrefix });
+  const storage = (0, import_utils42.createMemoryStorage)({ prefix: keyPrefix });
   let store = new StorageElicitationStore(storage, logger);
   const encryptionEnabled = encryption?.enabled ?? "auto";
   const encryptionSecret = encryption?.secret;
@@ -27344,11 +27555,11 @@ function createElicitationStoreFromStorage(storage, options = {}) {
   });
   return { store, type, storage, encrypted };
 }
-var import_utils41;
+var import_utils42;
 var init_elicitation_store_factory = __esm({
   "libs/sdk/src/elicitation/store/elicitation-store.factory.ts"() {
     "use strict";
-    import_utils41 = require("@frontmcp/utils");
+    import_utils42 = require("@frontmcp/utils");
     init_storage_elicitation_store();
     init_encrypted_elicitation_store();
     init_elicitation_encryption();
@@ -28352,10 +28563,12 @@ var init_handle_streamable_http_flow = __esm({
         const { request } = this.rawInput;
         const authorization = request[ServerRequestTokens.auth];
         const { token } = authorization;
+        const logger = this.scopeLogger.child("handle:streamable-http:parseInput");
         const raw = request.headers?.["mcp-session-id"];
         const rawMcpSessionHeader = typeof raw === "string" ? raw : void 0;
         const mcpSessionHeader = validateMcpSessionHeader(rawMcpSessionHeader);
         if (raw !== void 0 && !mcpSessionHeader) {
+          logger.warn("parseInput: invalid mcp-session-id header");
           this.respond(httpRespond.sessionNotFound("invalid session id"));
           return;
         }
@@ -28378,24 +28591,32 @@ var init_handle_streamable_http_flow = __esm({
           });
         }
         this.state.set(stateSchema18.parse({ token, session }));
+        logger.info("parseInput: session resolved", { sessionId: session.id?.slice(0, 20) });
       }
       async router() {
         const { request } = this.rawInput;
+        const logger = this.scopeLogger.child("handle:streamable-http:router");
         if (request.method.toUpperCase() === "GET") {
           this.state.set("requestType", "sseListener");
+          logger.info("router: requestType=sseListener, method=GET");
           return;
         }
         const body = request.body;
         const method = body?.method;
         if (method === "initialize") {
           this.state.set("requestType", "initialize");
+          logger.info("router: requestType=initialize, method=POST");
         } else if (typeof method === "string" && method.startsWith("ui/")) {
           this.state.set("requestType", "extApps");
+          logger.info(`router: requestType=extApps, method=${method}`);
         } else if (import_types36.ElicitResultSchema.safeParse(request.body?.result).success) {
           this.state.set("requestType", "elicitResult");
+          logger.info("router: requestType=elicitResult, method=POST");
         } else if (method && import_types36.RequestSchema.safeParse(request.body).success) {
           this.state.set("requestType", "message");
+          logger.info(`router: requestType=message, method=${method}`);
         } else {
+          logger.warn("router: invalid request, no valid method");
           this.respond(httpRespond.rpcError("Invalid Request"));
         }
       }
@@ -28405,7 +28626,7 @@ var init_handle_streamable_http_flow = __esm({
         const { request, response } = this.rawInput;
         const { token, session } = this.state.required;
         logger.info("onInitialize: creating transport", {
-          sessionId: session.id.slice(0, 30),
+          sessionId: session.id?.slice(0, 20),
           hasToken: !!token,
           tokenPrefix: token?.slice(0, 10)
         });
@@ -28438,12 +28659,12 @@ var init_handle_streamable_http_flow = __esm({
         let transport = await transportService.getTransporter("streamable-http", token, session.id);
         if (!transport) {
           try {
-            logger.info("onElicitResult: transport not in memory, checking stored session", {
+            logger.verbose("onElicitResult: transport not in memory, checking stored session", {
               sessionId: session.id?.slice(0, 20)
             });
             const storedSession = await transportService.getStoredSession("streamable-http", token, session.id);
             if (storedSession) {
-              logger.info("onElicitResult: recreating transport from stored session", {
+              logger.verbose("onElicitResult: recreating transport from stored session", {
                 sessionId: session.id?.slice(0, 20),
                 createdAt: storedSession.createdAt,
                 initialized: storedSession.initialized
@@ -28486,19 +28707,19 @@ var init_handle_streamable_http_flow = __esm({
           hasToken: !!token
         });
         let transport = await transportService.getTransporter("streamable-http", token, session.id);
-        logger.info("onMessage: getTransporter result", { found: !!transport });
+        logger.verbose("onMessage: getTransporter result", { found: !!transport });
         if (!transport) {
           try {
-            logger.info("onMessage: transport not in memory, checking Redis", {
+            logger.verbose("onMessage: transport not in memory, checking Redis", {
               sessionId: session.id?.slice(0, 20)
             });
             const storedSession = await transportService.getStoredSession("streamable-http", token, session.id);
-            logger.info("onMessage: getStoredSession result", {
+            logger.verbose("onMessage: getStoredSession result", {
               found: !!storedSession,
               initialized: storedSession?.initialized
             });
             if (storedSession) {
-              logger.info("Recreating transport from Redis session", {
+              logger.verbose("onMessage: recreating transport from stored session", {
                 sessionId: session.id?.slice(0, 20),
                 createdAt: storedSession.createdAt,
                 initialized: storedSession.initialized
@@ -28510,7 +28731,7 @@ var init_handle_streamable_http_flow = __esm({
                 storedSession,
                 response
               );
-              logger.info("onMessage: transport recreated successfully");
+              logger.verbose("onMessage: transport recreated successfully");
             }
           } catch (error) {
             logger.warn("Failed to recreate transport from stored session", {
@@ -28590,6 +28811,7 @@ var init_handle_streamable_http_flow = __esm({
           }
         }
         if (!transport) {
+          logger.warn("onSseListener: transport not found", { sessionId: session.id?.slice(0, 20) });
           this.respond(httpRespond.notFound("Session not found"));
           return;
         }
@@ -28608,12 +28830,12 @@ var init_handle_streamable_http_flow = __esm({
         let transport = await transportService.getTransporter("streamable-http", token, session.id);
         if (!transport) {
           try {
-            logger.info("onExtApps: transport not in memory, checking stored session", {
+            logger.verbose("onExtApps: transport not in memory, checking stored session", {
               sessionId: session.id?.slice(0, 20)
             });
             const storedSession = await transportService.getStoredSession("streamable-http", token, session.id);
             if (storedSession) {
-              logger.info("onExtApps: recreating transport from stored session", {
+              logger.verbose("onExtApps: recreating transport from stored session", {
                 sessionId: session.id?.slice(0, 20),
                 createdAt: storedSession.createdAt,
                 initialized: storedSession.initialized
@@ -28636,8 +28858,14 @@ var init_handle_streamable_http_flow = __esm({
         if (!transport) {
           const wasCreated = await transportService.wasSessionCreatedAsync("streamable-http", token, session.id);
           if (wasCreated) {
+            logger.info("onExtApps: session expired - client should re-initialize", {
+              sessionId: session.id?.slice(0, 20)
+            });
             this.respond(httpRespond.sessionExpired("session expired"));
           } else {
+            logger.warn("onExtApps: session not initialized - client attempted request without initializing", {
+              sessionId: session.id?.slice(0, 20)
+            });
             this.respond(httpRespond.sessionNotFound("session not initialized"));
           }
           return;
@@ -28922,9 +29150,11 @@ var init_handle_stateless_http_flow = __esm({
       name = name22;
       async parseInput() {
         const { request } = this.rawInput;
+        const logger = this.scope.logger.child("HandleStatelessHttpFlow");
         const auth = request[ServerRequestTokens.auth];
         const token = auth?.token;
         const isAuthenticated = !!token && token.length > 0;
+        logger.verbose("parseInput", { isAuthenticated, hasToken: !!token });
         this.state.set(
           stateSchema20.parse({
             token: token || void 0,
@@ -28934,28 +29164,44 @@ var init_handle_stateless_http_flow = __esm({
       }
       async router() {
         const { request } = this.rawInput;
+        const logger = this.scope.logger.child("HandleStatelessHttpFlow");
         const body = request.body;
         const method = body?.method;
         if (method === "initialize") {
           this.state.set("requestType", "initialize");
+          logger.info("router: requestType=initialize, method=POST");
         } else if (method && import_types37.RequestSchema.safeParse(request.body).success) {
           this.state.set("requestType", "message");
+          logger.info(`router: requestType=message, method=${method}`);
         } else {
+          logger.warn("router: invalid request, no valid method");
           this.respond(httpRespond.rpcError("Invalid Request"));
         }
       }
       async handleRequest() {
         const transportService = this.scope.transportService;
+        const logger = this.scope.logger.child("HandleStatelessHttpFlow");
         const { request, response } = this.rawInput;
         const { token, isAuthenticated, requestType } = this.state;
+        logger.info(`handleRequest: using ${isAuthenticated ? "authenticated" : "anonymous"} stateless transport`);
         const transport = isAuthenticated && token ? await transportService.getOrCreateAuthenticatedStatelessTransport("stateless-http", token, response) : await transportService.getOrCreateAnonymousStatelessTransport("stateless-http", response);
         if (!request.headers["mcp-session-id"]) {
           request.headers["mcp-session-id"] = "__stateless__";
+          logger.verbose("handleRequest: injected __stateless__ session ID");
         }
-        if (requestType === "initialize") {
-          await transport.initialize(request, response);
-        } else {
-          await transport.handleRequest(request, response);
+        logger.verbose(`handleRequest: requestType=${requestType}, forwarding to transport`);
+        try {
+          if (requestType === "initialize") {
+            await transport.initialize(request, response);
+          } else {
+            await transport.handleRequest(request, response);
+          }
+        } catch (error) {
+          logger.error("handleRequest: transport failed", {
+            requestType,
+            error: error instanceof Error ? { name: error.name, message: error.message } : String(error)
+          });
+          throw error;
         }
         this.handled();
       }
@@ -29021,21 +29267,21 @@ async function createVercelKvSessionStore(options, logger) {
   await store.connect();
   return store;
 }
-var import_utils42;
+var import_utils43;
 var init_session_store_factory = __esm({
   "libs/sdk/src/auth/session/session-store.factory.ts"() {
     "use strict";
-    import_utils42 = require("@frontmcp/utils");
+    import_utils43 = require("@frontmcp/utils");
     init_common();
   }
 });
 
 // libs/sdk/src/transport/transport.registry.ts
-var import_utils43, import_auth30, TransportService;
+var import_utils44, import_auth30, TransportService;
 var init_transport_registry = __esm({
   "libs/sdk/src/transport/transport.registry.ts"() {
     "use strict";
-    import_utils43 = require("@frontmcp/utils");
+    import_utils44 = require("@frontmcp/utils");
     init_transport_remote();
     init_transport_local();
     init_transport_errors();
@@ -29443,7 +29689,7 @@ var init_transport_registry = __esm({
       }
       /* --------------------------------- internals -------------------------------- */
       sha256(value) {
-        return (0, import_utils43.sha256Hex)(value);
+        return (0, import_utils44.sha256Hex)(value);
       }
       /**
        * Create a history key from components.
@@ -30008,11 +30254,11 @@ function createSkillHttpAuthValidator(skillsConfig, logger) {
   }
   return new SkillHttpAuthValidator({ skillsConfig, logger });
 }
-var import_utils44, SkillHttpAuthValidator;
+var import_utils45, SkillHttpAuthValidator;
 var init_skill_http_auth = __esm({
   "libs/sdk/src/skill/auth/skill-http-auth.ts"() {
     "use strict";
-    import_utils44 = require("@frontmcp/utils");
+    import_utils45 = require("@frontmcp/utils");
     SkillHttpAuthValidator = class {
       skillsConfig;
       logger;
@@ -30089,7 +30335,7 @@ var init_skill_http_auth = __esm({
           const keyBytes = encoder.encode(key);
           if (keyBytes.length === candidateBytes.length) {
             try {
-              if ((0, import_utils44.timingSafeEqual)(keyBytes, candidateBytes)) {
+              if ((0, import_utils45.timingSafeEqual)(keyBytes, candidateBytes)) {
                 found = true;
               }
             } catch {
@@ -32795,7 +33041,11 @@ var init_call_agent_flow = __esm({
         this.logger.info("finalize: sending response", {
           agent: agent.metadata.name,
           hasContent: Array.isArray(result.content) && result.content.length > 0,
-          contentLength: Array.isArray(result.content) ? result.content.length : 0,
+          contentParts: Array.isArray(result.content) ? result.content.length : 0,
+          contentBytes: Array.isArray(result.content) ? result.content.reduce((sum, part) => {
+            const str = JSON.stringify(part);
+            return sum + (typeof Buffer !== "undefined" ? Buffer.byteLength(str, "utf8") : new TextEncoder().encode(str).byteLength);
+          }, 0) : 0,
           hasStructuredContent: result.structuredContent !== void 0,
           hasMeta: result._meta !== void 0,
           metaKeys: result._meta ? Object.keys(result._meta) : [],
@@ -32854,13 +33104,13 @@ var init_call_agent_flow = __esm({
 });
 
 // libs/sdk/src/elicitation/flows/elicitation-request.flow.ts
-var import_zod69, import_utils45, inputSchema30, outputSchema28, stateSchema29, plan30, name31, Stage31, ElicitationRequestFlow;
+var import_zod69, import_utils46, inputSchema30, outputSchema28, stateSchema29, plan30, name31, Stage31, ElicitationRequestFlow;
 var init_elicitation_request_flow = __esm({
   "libs/sdk/src/elicitation/flows/elicitation-request.flow.ts"() {
     "use strict";
     init_common();
     import_zod69 = require("zod");
-    import_utils45 = require("@frontmcp/utils");
+    import_utils46 = require("@frontmcp/utils");
     init_errors();
     init_elicitation_types();
     inputSchema30 = import_zod69.z.object({
@@ -32942,7 +33192,7 @@ var init_elicitation_request_flow = __esm({
       async generateElicitId() {
         this.logger.verbose("generateElicitId:start");
         const { elicitationId, ttl } = this.state;
-        const elicitId = elicitationId ?? `elicit-${(0, import_utils45.randomUUID)()}`;
+        const elicitId = elicitationId ?? `elicit-${(0, import_utils46.randomUUID)()}`;
         const expiresAt = Date.now() + (ttl ?? DEFAULT_ELICIT_TTL);
         this.state.set({ elicitId, expiresAt });
         this.logger.verbose("generateElicitId:done", { elicitId });
@@ -33244,30 +33494,30 @@ var require_dist = __commonJS({
       sqliteStorageOptionsSchema: () => sqliteStorageOptionsSchema
     });
     module2.exports = __toCommonJS2(index_exports2);
-    var import_utils55 = require("@frontmcp/utils");
+    var import_utils56 = require("@frontmcp/utils");
     var HKDF_SALT = new TextEncoder().encode("frontmcp-sqlite-storage-v1");
     var HKDF_INFO = new TextEncoder().encode("aes-256-gcm-value-encryption");
     var KEY_LENGTH = 32;
     function deriveEncryptionKey(secret) {
       const ikm = new TextEncoder().encode(secret);
-      return (0, import_utils55.hkdfSha256)(ikm, HKDF_SALT, HKDF_INFO, KEY_LENGTH);
+      return (0, import_utils56.hkdfSha256)(ikm, HKDF_SALT, HKDF_INFO, KEY_LENGTH);
     }
     var SEPARATOR = ":";
     function encryptValue(key, plaintext) {
-      const iv = (0, import_utils55.randomBytes)(12);
+      const iv = (0, import_utils56.randomBytes)(12);
       const plaintextBytes = new TextEncoder().encode(plaintext);
-      const { ciphertext, tag } = (0, import_utils55.encryptAesGcm)(key, plaintextBytes, iv);
-      return [(0, import_utils55.base64urlEncode)(iv), (0, import_utils55.base64urlEncode)(tag), (0, import_utils55.base64urlEncode)(ciphertext)].join(SEPARATOR);
+      const { ciphertext, tag } = (0, import_utils56.encryptAesGcm)(key, plaintextBytes, iv);
+      return [(0, import_utils56.base64urlEncode)(iv), (0, import_utils56.base64urlEncode)(tag), (0, import_utils56.base64urlEncode)(ciphertext)].join(SEPARATOR);
     }
     function decryptValue(key, encrypted) {
       const parts = encrypted.split(SEPARATOR);
       if (parts.length !== 3) {
         throw new Error("Invalid encrypted value format");
       }
-      const iv = (0, import_utils55.base64urlDecode)(parts[0]);
-      const tag = (0, import_utils55.base64urlDecode)(parts[1]);
-      const ciphertext = (0, import_utils55.base64urlDecode)(parts[2]);
-      const plaintext = (0, import_utils55.decryptAesGcm)(key, ciphertext, iv, tag);
+      const iv = (0, import_utils56.base64urlDecode)(parts[0]);
+      const tag = (0, import_utils56.base64urlDecode)(parts[1]);
+      const ciphertext = (0, import_utils56.base64urlDecode)(parts[2]);
+      const plaintext = (0, import_utils56.decryptAesGcm)(key, ciphertext, iv, tag);
       return new TextDecoder().decode(plaintext);
     }
     var SqliteKvStore = class {
@@ -34145,10 +34395,13 @@ var init_scope_instance = __esm({
         const scopeProviders = this.scopeProviders;
         this.scopeHooks = new HookRegistry(scopeProviders, []);
         await this.scopeHooks.ready;
+        this.logger.verbose("HookRegistry initialized");
         this.scopeFlows = new FlowRegistry(scopeProviders, [HttpRequestFlow]);
         await this.scopeFlows.ready;
+        this.logger.verbose("FlowRegistry initialized");
         const transportConfig = this.metadata.transport;
         this.transportService = new TransportService(this, transportConfig?.persistence);
+        this.logger.verbose("TransportService initialized");
         const eventStoreConfig = transportConfig?.eventStore;
         if (eventStoreConfig?.enabled) {
           const { eventStore } = createEventStore(eventStoreConfig, this.logger);
@@ -34170,7 +34423,10 @@ var init_scope_instance = __esm({
         }
         this.scopeAuth = new AuthRegistry(this, scopeProviders, [], scopeRef, this.metadata.auth);
         await this.scopeAuth.ready;
+        this.logger.verbose("AuthRegistry initialized");
         this.scopeApps = new AppRegistry(this.scopeProviders, this.metadata.apps, scopeRef);
+        const appCount = this.metadata.apps.length;
+        this.logger.info(`Initializing ${appCount} app(s)...`);
         await this.scopeApps.ready;
         const serverPlugins = this.metadata.plugins ?? [];
         if (serverPlugins.length > 0) {
@@ -34182,15 +34438,20 @@ var init_scope_instance = __esm({
           };
           this.scopePlugins = new PluginRegistry(this.scopeProviders, serverPlugins, scopeRef, serverPluginScopeInfo);
           await this.scopePlugins.ready;
+          const pluginNames = this.scopePlugins.getPluginNames();
+          this.logger.verbose(`PluginRegistry initialized (${pluginNames.length} plugin(s): [${pluginNames.join(", ")}])`);
         }
         this.scopeTools = new ToolRegistry(this.scopeProviders, [], scopeRef);
         await this.scopeTools.ready;
+        const toolNames = this.scopeTools.getTools(true).map((t) => t.metadata.name);
+        this.logger.verbose(`ToolRegistry initialized with initial ${toolNames.length} tool(s): [${toolNames.join(", ")}]`);
         if (elicitationEnabled) {
           this.registerSendElicitationResultTool(scopeRef);
         }
         this.toolUIRegistry = new import_registry3.ToolUIRegistry();
         this.scopeResources = new ResourceRegistry(this.scopeProviders, [], scopeRef);
         await this.scopeResources.ready;
+        this.logger.verbose(`ResourceRegistry initialized (${this.scopeResources.getResources().length} resource(s))`);
         const toolsWithUI = this.scopeTools.getTools(true).filter((t) => (0, import_registry3.hasUIConfig)(t.metadata));
         if (toolsWithUI.length > 0) {
           this.scopeResources.registerDynamicResource(StaticWidgetResourceTemplate);
@@ -34296,10 +34557,13 @@ var init_scope_instance = __esm({
         }
         this.scopePrompts = new PromptRegistry(this.scopeProviders, [], scopeRef);
         await this.scopePrompts.ready;
+        this.logger.verbose(`PromptRegistry initialized (${this.scopePrompts.getPrompts().length} prompt(s))`);
         this.scopeAgents = new AgentRegistry(this.scopeProviders, [], scopeRef);
         await this.scopeAgents.ready;
+        this.logger.verbose(`AgentRegistry initialized (${this.scopeAgents.getAgents().length} agent(s))`);
         this.scopeSkills = new SkillRegistry(this.scopeProviders, this.metadata.skills ?? [], scopeRef);
         await this.scopeSkills.ready;
+        this.logger.verbose(`SkillRegistry initialized (${this.scopeSkills.getSkills().length} skill(s))`);
         if (this.scopeSkills.hasAny()) {
           const store = createSkillSessionStore({ type: "memory" });
           this._skillSession = new SkillSessionManager(
@@ -34356,6 +34620,7 @@ var init_scope_instance = __esm({
         });
         this.notificationService = new NotificationService(this);
         await this.notificationService.initialize();
+        this.logger.verbose("NotificationService initialized");
         await this.scopeFlows.registryFlows([
           SetLevelFlow,
           CompleteFlow,
@@ -34364,7 +34629,20 @@ var init_scope_instance = __esm({
           ElicitationResultFlow
         ]);
         await this.auth.ready;
-        this.logger.info("Initializing multi-app scope", this.metadata);
+        this.logger.info(`Scope ready \u2014 ${this.formatScopeSummary()}`);
+      }
+      formatScopeSummary() {
+        const entries = [];
+        const add = (count, label) => {
+          if (count > 0) entries.push(`${count} ${label}${count !== 1 ? "s" : ""}`);
+        };
+        add(this.scopeApps.getApps().length, "app");
+        add(this.scopeTools.getTools(true).length, "tool");
+        add(this.scopeResources.getResources().length, "resource");
+        add(this.scopePrompts.getPrompts().length, "prompt");
+        add(this.scopeAgents.getAgents().length, "agent");
+        add(this.scopeSkills.getSkills().length, "skill");
+        return entries.length > 0 ? entries.join(", ") : "empty";
       }
       get defaultScopeProviders() {
         return [
@@ -34604,6 +34882,7 @@ var init_scope_registry = __esm({
     "use strict";
     import_reflect_metadata20 = require("reflect-metadata");
     import_di29 = require("@frontmcp/di");
+    init_common();
     init_regsitry();
     init_front_mcp_tokens2();
     init_app_utils();
@@ -34611,9 +34890,11 @@ var init_scope_registry = __esm({
     init_scope_instance();
     init_errors();
     ScopeRegistry = class extends RegistryAbstract {
+      logger;
       constructor(globalProviders) {
         const metadata = globalProviders.get(FrontMcpConfig);
         super("ScopeRegistry", globalProviders, metadata);
+        this.logger = globalProviders.get(FrontMcpLogger)?.child("ScopeRegistry");
       }
       buildMap(metadata) {
         const tokens = /* @__PURE__ */ new Set();
@@ -34670,6 +34951,7 @@ var init_scope_registry = __esm({
         }
       }
       async initialize() {
+        this.logger?.verbose(`ScopeRegistry: initializing ${this.tokens.size} scope(s)`);
         for (const token of this.tokens) {
           const rec = this.defs.get(token);
           let scope;
@@ -34685,7 +34967,9 @@ var init_scope_registry = __esm({
           }
           await scope.ready;
           this.instances.set(token, scope);
+          this.logger?.verbose(`ScopeRegistry: initialized scope '${(0, import_di29.tokenName)(token)}'`);
         }
+        this.logger?.verbose(`ScopeRegistry: initialization complete (${this.instances.size} scope(s))`);
       }
       /**
        * Get all initialized scope instances.
@@ -34710,7 +34994,7 @@ var init_base_host_adapter = __esm({
 });
 
 // libs/sdk/src/server/adapters/express.host.adapter.ts
-var http, import_express, import_cors, import_utils46, ExpressHostAdapter;
+var http, import_express, import_cors, import_utils47, ExpressHostAdapter;
 var init_express_host_adapter = __esm({
   "libs/sdk/src/server/adapters/express.host.adapter.ts"() {
     "use strict";
@@ -34718,7 +35002,7 @@ var init_express_host_adapter = __esm({
     import_express = __toESM(require("express"));
     import_cors = __toESM(require("cors"));
     init_base_host_adapter();
-    import_utils46 = require("@frontmcp/utils");
+    import_utils47 = require("@frontmcp/utils");
     ExpressHostAdapter = class extends HostServerAdapter {
       app = (0, import_express.default)();
       router = import_express.default.Router();
@@ -34810,8 +35094,8 @@ var init_express_host_adapter = __esm({
       }
       async cleanupStaleSocket(socketPath) {
         try {
-          if (await (0, import_utils46.fileExists)(socketPath)) {
-            await (0, import_utils46.unlink)(socketPath);
+          if (await (0, import_utils47.fileExists)(socketPath)) {
+            await (0, import_utils47.unlink)(socketPath);
           }
         } catch {
         }
@@ -35376,7 +35660,7 @@ async function createInMemoryServer(scope, options) {
   const { InMemoryTransport } = await import("@modelcontextprotocol/sdk/inMemory.js");
   const { Server: McpServer2 } = await import("@modelcontextprotocol/sdk/server/index.js");
   const { createMcpHandlers: createMcpHandlers2 } = await Promise.resolve().then(() => (init_mcp_handlers(), mcp_handlers_exports));
-  const sessionId = options?.sessionId ?? `in-memory:${(0, import_utils47.randomUUID)()}`;
+  const sessionId = options?.sessionId ?? `in-memory:${(0, import_utils48.randomUUID)()}`;
   const [clientTransport, serverTransport] = InMemoryTransport.createLinkedPair();
   let currentAuthInfo = options?.authInfo ?? {};
   const hasRemoteApps = scope.apps?.getApps().some((app) => app.isRemote) ?? false;
@@ -35430,11 +35714,11 @@ async function createInMemoryServer(scope, options) {
     }
   };
 }
-var import_utils47;
+var import_utils48;
 var init_in_memory_server = __esm({
   "libs/sdk/src/transport/in-memory-server.ts"() {
     "use strict";
-    import_utils47 = require("@frontmcp/utils");
+    import_utils48 = require("@frontmcp/utils");
   }
 });
 
@@ -35443,13 +35727,13 @@ var direct_client_exports = {};
 __export(direct_client_exports, {
   DirectClientImpl: () => DirectClientImpl
 });
-var import_utils48, import_client2, DirectClientImpl;
+var import_utils49, import_client2, DirectClientImpl;
 var init_direct_client = __esm({
   "libs/sdk/src/direct/direct-client.ts"() {
     "use strict";
     init_llm_platform();
     init_errors();
-    import_utils48 = require("@frontmcp/utils");
+    import_utils49 = require("@frontmcp/utils");
     import_client2 = require("@modelcontextprotocol/sdk/client/index.js");
     DirectClientImpl = class _DirectClientImpl {
       // Use a flexible type to handle dynamic import type differences between ESM/CJS
@@ -35484,7 +35768,7 @@ var init_direct_client = __esm({
        */
       static async create(scope, options) {
         const { createInMemoryServer: createInMemoryServer2 } = await Promise.resolve().then(() => (init_in_memory_server(), in_memory_server_exports));
-        const sessionId = options?.session?.id ?? `direct:${(0, import_utils48.randomUUID)()}`;
+        const sessionId = options?.session?.id ?? `direct:${(0, import_utils49.randomUUID)()}`;
         const clientInfo = options?.clientInfo ?? { name: "mcp-client", version: "1.0.0" };
         const authInfo = {};
         if (options?.authToken) {
@@ -35844,7 +36128,7 @@ function buildAuthInfo(authContext, defaultSessionId) {
   if (!authContext && !defaultSessionId) {
     return void 0;
   }
-  const sessionId = authContext?.sessionId ?? defaultSessionId ?? `direct:${(0, import_utils49.randomUUID)()}`;
+  const sessionId = authContext?.sessionId ?? defaultSessionId ?? `direct:${(0, import_utils50.randomUUID)()}`;
   const user = authContext?.user ? { iss: "direct", sub: authContext.user.sub ?? "direct", ...authContext.user } : { iss: "direct", sub: "direct" };
   const clientId = user.sub ?? "direct";
   const authInfo = {
@@ -35859,11 +36143,11 @@ function buildAuthInfo(authContext, defaultSessionId) {
   }
   return authInfo;
 }
-var import_utils49, DirectMcpServerImpl;
+var import_utils50, DirectMcpServerImpl;
 var init_direct_server = __esm({
   "libs/sdk/src/direct/direct-server.ts"() {
     "use strict";
-    import_utils49 = require("@frontmcp/utils");
+    import_utils50 = require("@frontmcp/utils");
     init_common();
     init_errors();
     DirectMcpServerImpl = class {
@@ -35873,7 +36157,7 @@ var init_direct_server = __esm({
       defaultSessionId;
       constructor(scope) {
         this.scope = scope;
-        this.defaultSessionId = `direct:${(0, import_utils49.randomUUID)()}`;
+        this.defaultSessionId = `direct:${(0, import_utils50.randomUUID)()}`;
         this.ready = Promise.resolve();
       }
       /**
@@ -36104,7 +36388,7 @@ var front_mcp_exports = {};
 __export(front_mcp_exports, {
   FrontMcpInstance: () => FrontMcpInstance
 });
-var import_utils50, FrontMcpInstance;
+var import_utils51, FrontMcpInstance;
 var init_front_mcp = __esm({
   "libs/sdk/src/front-mcp/front-mcp.ts"() {
     "use strict";
@@ -36115,13 +36399,14 @@ var init_front_mcp = __esm({
     init_logger_registry();
     init_direct();
     init_errors();
-    import_utils50 = require("@frontmcp/utils");
+    import_utils51 = require("@frontmcp/utils");
     FrontMcpInstance = class _FrontMcpInstance2 {
       config;
       ready;
       logger;
       providers;
       scopes;
+      log;
       constructor(config) {
         this.config = config;
         this.ready = this.initialize();
@@ -36131,10 +36416,16 @@ var init_front_mcp = __esm({
         await this.providers.ready;
         this.logger = new LoggerRegistry(this.providers);
         await this.logger.ready;
+        this.log = this.providers.get(FrontMcpLogger);
+        const name33 = this.config.info?.name;
+        const version = this.config.info?.version;
+        const tag = [name33, version].filter(Boolean).join(" v");
+        this.log?.info(`Initializing FrontMCP${tag ? ` "${tag}"` : ""}...`);
         this.scopes = new ScopeRegistry(this.providers);
         await this.scopes.ready;
       }
       async start() {
+        this.log?.info("Starting FrontMCP server...");
         const server = this.providers.get(FrontMcpServer);
         if (!server) {
           throw new ServerNotFoundError();
@@ -36158,6 +36449,7 @@ var init_front_mcp = __esm({
         const frontMcp = new _FrontMcpInstance2(options);
         await frontMcp.ready;
         await frontMcp.start();
+        frontMcp.log?.info("FrontMCP bootstrap complete");
       }
       /**
        * Creates and initializes a FrontMCP instance without starting the HTTP server.
@@ -36178,6 +36470,7 @@ var init_front_mcp = __esm({
           throw new ServerNotFoundError();
         }
         server.prepare();
+        frontMcp.log?.info("FrontMCP handler created (serverless mode)");
         return server.getHandler();
       }
       /**
@@ -36237,6 +36530,7 @@ var init_front_mcp = __esm({
         if (scopes.length === 0) {
           throw new InternalMcpError("No scopes initialized. Ensure at least one app is configured.");
         }
+        frontMcp.log?.info("FrontMCP direct server created");
         return new DirectMcpServerImpl(scopes[0]);
       }
       /**
@@ -36304,11 +36598,11 @@ var init_front_mcp = __esm({
         const frontMcp = new _FrontMcpInstance2(parsedConfig);
         await frontMcp.ready;
         await frontMcp.start();
-        console.log(`MCP server listening on unix://${socketPath}`);
+        frontMcp.log?.info(`MCP server listening on unix://${socketPath}`);
         const cleanup = async () => {
           try {
-            if (await (0, import_utils50.fileExists)(socketPath)) {
-              await (0, import_utils50.unlink)(socketPath);
+            if (await (0, import_utils51.fileExists)(socketPath)) {
+              await (0, import_utils51.unlink)(socketPath);
             }
           } catch {
           }
@@ -36368,7 +36662,7 @@ var init_front_mcp = __esm({
           serverInfo: scope.metadata.info
         };
         const mcpServer = new McpServer2(scope.metadata.info, serverOptions);
-        const sessionId = `stdio:${(0, import_utils50.randomUUID)()}`;
+        const sessionId = `stdio:${(0, import_utils51.randomUUID)()}`;
         const handlers = createMcpHandlers2({ scope, serverOptions });
         for (const handler of handlers) {
           const originalHandler = handler.handler;
@@ -38695,11 +38989,11 @@ var init_decide_request_intent_utils = __esm({
 
 // libs/sdk/src/common/utils/path.utils.ts
 function normalizeEntryPrefix(entryPath) {
-  const t = (0, import_utils51.trimSlashes)(entryPath ?? "");
+  const t = (0, import_utils52.trimSlashes)(entryPath ?? "");
   return t ? `/${t}` : "";
 }
 function normalizeScopeBase(scopeBase) {
-  const t = (0, import_utils51.trimSlashes)(scopeBase ?? "");
+  const t = (0, import_utils52.trimSlashes)(scopeBase ?? "");
   return t ? `/${t}` : "";
 }
 function getRequestBaseUrl(req, entryPath) {
@@ -38720,22 +39014,22 @@ function computeResource(req, entryPath, scopeBase) {
 function urlToSafeId(url) {
   const u = new URL(url);
   const raw = (u.host + (u.pathname && u.pathname !== "/" ? u.pathname : "")).replace(/\/+$/, "");
-  return (0, import_utils51.trimSlashes)(raw).replace(/[^a-zA-Z0-9_-]/g, "-");
+  return (0, import_utils52.trimSlashes)(raw).replace(/[^a-zA-Z0-9_-]/g, "-");
 }
 function makeWellKnownPaths(name33, entryPrefix, scopeBase = "") {
   const prefix = normalizeEntryPrefix(entryPrefix);
   const scope = normalizeScopeBase(scopeBase);
-  const reversed = (0, import_utils51.joinPath)(".well-known", name33) + `${prefix}${scope}`;
-  const inPrefixRoot = `${prefix}${(0, import_utils51.joinPath)(".well-known", name33)}${scope}`;
-  const inPrefixScope = `${prefix}${scope}${(0, import_utils51.joinPath)(".well-known", name33)}`;
+  const reversed = (0, import_utils52.joinPath)(".well-known", name33) + `${prefix}${scope}`;
+  const inPrefixRoot = `${prefix}${(0, import_utils52.joinPath)(".well-known", name33)}${scope}`;
+  const inPrefixScope = `${prefix}${scope}${(0, import_utils52.joinPath)(".well-known", name33)}`;
   return /* @__PURE__ */ new Set([reversed, inPrefixRoot, inPrefixScope]);
 }
-var import_utils51, import_utils52;
+var import_utils52, import_utils53;
 var init_path_utils = __esm({
   "libs/sdk/src/common/utils/path.utils.ts"() {
     "use strict";
-    import_utils51 = require("@frontmcp/utils");
     import_utils52 = require("@frontmcp/utils");
+    import_utils53 = require("@frontmcp/utils");
   }
 });
 
@@ -39382,6 +39676,36 @@ var init_skill_entry = __esm({
       getPriority() {
         return this.metadata.priority ?? 0;
       }
+      /**
+       * Get the skill's license.
+       */
+      getLicense() {
+        return this.metadata.license;
+      }
+      /**
+       * Get the skill's compatibility notes.
+       */
+      getCompatibility() {
+        return this.metadata.compatibility;
+      }
+      /**
+       * Get the skill's spec metadata (arbitrary key-value pairs).
+       */
+      getSpecMetadata() {
+        return this.metadata.specMetadata;
+      }
+      /**
+       * Get the skill's allowed tools (space-delimited string).
+       */
+      getAllowedTools() {
+        return this.metadata.allowedTools;
+      }
+      /**
+       * Get the skill's bundled resource directories.
+       */
+      getResources() {
+        return this.metadata.resources;
+      }
     };
   }
 });
@@ -40177,7 +40501,7 @@ __export(index_exports, {
   isTransparentMode: () => import_auth10.isTransparentMode,
   isUrlInstructions: () => isUrlInstructions,
   isVercelKvProvider: () => isVercelKvProvider,
-  joinPath: () => import_utils52.joinPath,
+  joinPath: () => import_utils53.joinPath,
   jsonWebKeySetSchema: () => import_auth.jsonWebKeySetSchema,
   jwkParametersSchema: () => import_auth.jwkParametersSchema,
   jwkSchema: () => import_auth.jwkSchema,
@@ -40254,7 +40578,7 @@ __export(index_exports, {
   toolPaginationOptionsSchema: () => toolPaginationOptionsSchema,
   transparentAuthOptionsSchema: () => import_auth6.transparentAuthOptionsSchema,
   transportOptionsSchema: () => transportOptionsSchema,
-  trimSlashes: () => import_utils52.trimSlashes,
+  trimSlashes: () => import_utils53.trimSlashes,
   tryDecryptStoredValue: () => tryDecryptStoredValue,
   tryGetConfig: () => tryGetConfig,
   urlToSafeId: () => urlToSafeId,