@frontmcp/sdk 0.4.0 → 0.5.0

package/src/transport/adapters/transport.local.adapter.js.map

@@ -1 +1 @@
-{"version":3,"file":"transport.local.adapter.js","sourceRoot":"","sources":["../../../../src/transport/adapters/transport.local.adapter.ts"],"names":[],"mappings":";;;AAEA,wEAA8E;AAC9E,iEAAkH;AAClH,oEAA4D;AAK5D,yCAAiF;AAEjF,kDAAkD;AAElD,MAAsB,qBAAqB;IAWpB;IACA;IACA;IAZX,MAAM,CAAiB;IACvB,SAAS,CAAI;IACb,UAAU,GAAG,IAAI,0CAAkB,EAAE,CAAC;IACtC,aAAa,GACrB,SAAS,CAAC;IACZ,UAAU,GAAG,CAAC,CAAC;IACf,KAAK,CAAgB;IACrB,MAAM,CAAY;IAElB,YACqB,KAAY,EACZ,GAAiB,EACjB,SAAqB,EACxC,GAAmB;QAHA,UAAK,GAAL,KAAK,CAAO;QACZ,QAAG,GAAH,GAAG,CAAc;QACjB,cAAS,GAAT,SAAS,CAAY;QAGxC,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC;QAC1D,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;QAC1D,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;IACpC,CAAC;IAcD,aAAa;QACX,MAAM,EAAC,IAAI,EAAC,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC;QAEnC,0CAA0C;QAC1C,MAAM,aAAa,GAAG;YACpB,YAAY,EAAE,EAAE;YAChB,YAAY,EAAE;gBACZ,KAAK,EAAE;oBACL,SAAS,EAAE,IAAI;oBACf,WAAW,EAAE,IAAI;iBAClB;aACF;YACD,UAAU,EAAE,IAAI;SACjB,CAAC;QACF,IAAI,CAAC,MAAM,GAAG,IAAI,iBAAS,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC;QACjD,MAAM,QAAQ,GAAG,IAAA,gCAAiB,EAAC;YACjC,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,aAAa;SACd,CAAC,CAAC;QAEH,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,OAAO,CAAC,aAAa,EAAE,OAAO,CAAC,OAAc,CAAC,CAAC;QAC/E,CAAC;QACD,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAC7C,CAAC;IAED,IAAI,YAAY;QACd,OAAO,IAAI,CAAC,UAAU,EAAE,CAAC;IAC3B,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,MAAe;QAC3B,OAAO,CAAC,GAAG,CAAC,iCAAiC,EAAE,MAAM,CAAC,CAAC;QAEvD,IAAI,CAAC;YACH,8BAA8B;YAC9B,4BAA4B;YAC5B,IAAI;QACN,CAAC;QAAC,MAAM,CAAC;YACP,WAAW;QACb,CAAC;QACD,IAAI,MAAM,EAAE,CAAC;YACX,OAAO,CAAC,IAAI,CAAC,2BAA2B,MAAM,EAAE,CAAC,CAAC;QACpD,CAAC;aAAM,CAAC;YACN,IAAI,CAAC;gBACH,IAAI,CAAC,SAAS,EAAE,EAAE,CAAC;YACrB,CAAC;YAAC,MAAM,CAAC;gBACP,WAAW;YACb,CAAC;QACH,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,IAAI,CAAC,SAAS,GAAG,MAAM;QAC3B,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,KAAK,CAAC,CAAC,sCAAsC;YACxD,oCAAoC;YACpC,kDAAkD;YAElD,6CAA6C;YAC7C,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,EAAC,MAAM,EAAE,MAAM,EAAC,EAAE,4BAAiB,EAAE,EAAC,OAAO,EAAE,SAAS,EAAC,CAAC,CAAC;YACrF,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAES,cAAc,CAAC,GAA+B,EAAE,SAAmC;QAC3F,MAAM,EAAC,KAAK,EAAE,IAAI,EAAE,OAAO,EAAC,GAAG,GAAG,CAAC,4BAAmB,CAAC,IAAI,CAAC,CAAC;QAC7D,GAAG,CAAC,IAAI,GAAG;YACT,KAAK;YACL,IAAI;YACJ,SAAS,EAAE,OAAQ,CAAC,EAAE;YACtB,gBAAgB,EAAE,OAAQ,CAAC,OAAO;YAClC,MAAM,EAAE,EAAE;YACV,QAAQ,EAAE,IAAI,CAAC,GAAG,IAAI,EAAE;YACxB,SAAS;SACS,CAAC;QACrB,OAAO,GAAG,CAAC,IAAI,CAAC;IAClB,CAAC;IAED,oBAAoB,CAAC,GAA+B;QAElD,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;YACxB,OAAO,KAAK,CAAC;QACf,CAAC;QACD,IAAI,GAAG,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;YACnB,MAAM,EAAC,IAAI,EAAE,OAAO,EAAC,GAAG,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC;YACvC,IAAI,IAAI,KAAK,CAAC,KAAK,IAAI,OAAO,KAAK,2BAA2B,EAAE,CAAC;gBAC/D,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBAC1C,OAAO,IAAI,CAAC;YACd,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,MAAM,GAAG,6BAAkB,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAC9D,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACnB,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YACxC,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;CACF;AAzID,sDAyIC","sourcesContent":["import {AuthenticatedServerRequest} from '../../server/server.types';\nimport {TransportKey, TypedElicitResult} from '../transport.types';\nimport {Server as McpServer} from '@modelcontextprotocol/sdk/server/index.js';\nimport {EmptyResultSchema, ElicitResult, RequestId, ElicitResultSchema} from '@modelcontextprotocol/sdk/types.js';\nimport {InMemoryEventStore} from '../transport.event-store';\nimport {AuthInfo} from '@modelcontextprotocol/sdk/server/auth/types.js';\nimport {StreamableHTTPServerTransport} from '@modelcontextprotocol/sdk/server/streamableHttp.js';\nimport {SSEServerTransport} from '../legacy/legacy.sse.tranporter';\nimport {ZodObject} from 'zod';\nimport {FrontMcpLogger, ServerRequestTokens, ServerResponse} from '../../common';\nimport {Scope} from '../../scope';\nimport {createMcpHandlers} from '../mcp-handlers';\n\nexport abstract class LocalTransportAdapter<T extends StreamableHTTPServerTransport | SSEServerTransport> {\n  protected logger: FrontMcpLogger;\n  protected transport: T;\n  protected eventStore = new InMemoryEventStore();\n  protected elicitHandler: { resolve: (result: ElicitResult) => void; reject: (err: unknown) => void } | undefined =\n    undefined;\n  #requestId = 1;\n  ready: Promise<void>;\n  server: McpServer;\n\n  constructor(\n    protected readonly scope: Scope,\n    protected readonly key: TransportKey,\n    protected readonly onDispose: () => void,\n    res: ServerResponse,\n  ) {\n    this.logger = scope.logger.child('LocalTransportAdapter');\n    this.transport = this.createTransport(key.sessionId, res);\n    this.ready = this.connectServer();\n  }\n\n  abstract createTransport(sessionId: string, response: ServerResponse): T;\n\n  abstract initialize(req: AuthenticatedServerRequest, res: ServerResponse): Promise<void>;\n\n  abstract sendElicitRequest<T extends ZodObject<any>>(\n    relatedRequestId: RequestId,\n    message: string,\n    requestedSchema: T,\n  ): Promise<TypedElicitResult<T>>;\n\n  abstract handleRequest(req: AuthenticatedServerRequest, res: ServerResponse): Promise<void>;\n\n  connectServer() {\n    const {info} = this.scope.metadata;\n\n    // TODO: collect server options from scope\n    const serverOptions = {\n      instructions: '',\n      capabilities: {\n        tools: {\n          subscribe: true,\n          listChanged: true,\n        },\n      },\n      serverInfo: info,\n    };\n    this.server = new McpServer(info, serverOptions);\n    const handlers = createMcpHandlers({\n      scope: this.scope,\n      serverOptions,\n    });\n\n    for (const handler of handlers) {\n      this.server.setRequestHandler(handler.requestSchema, handler.handler as any);\n    }\n    return this.server.connect(this.transport);\n  }\n\n  get newRequestId(): RequestId {\n    return this.#requestId++;\n  }\n\n  async destroy(reason?: string): Promise<void> {\n    console.log('destroying transporter, reason:', reason);\n\n    try {\n      // if(!this.transport.closed){\n      //   this.transport.close();\n      // }\n    } catch {\n      /* empty */\n    }\n    if (reason) {\n      console.warn(`Destroying transporter: ${reason}`);\n    } else {\n      try {\n        this.onDispose?.();\n      } catch {\n        /* empty */\n      }\n    }\n  }\n\n  /**\n   * Ping the connected client for this transport.\n   * Returns true on success, false on timeout/error.\n   */\n  async ping(timeoutMs = 10_000): Promise<boolean> {\n    try {\n      await this.ready; // ensure server.connect(...) finished\n      // Preferred if your SDK exposes it:\n      // await this.server.ping({ timeout: timeoutMs });\n\n      // Works on all versions (low-level request):\n      await this.server.request({method: 'ping'}, EmptyResultSchema, {timeout: timeoutMs});\n      return true;\n    } catch {\n      return false;\n    }\n  }\n\n  protected ensureAuthInfo(req: AuthenticatedServerRequest, transport: LocalTransportAdapter<T>) {\n    const {token, user, session} = req[ServerRequestTokens.auth];\n    req.auth = {\n      token,\n      user,\n      sessionId: session!.id,\n      sessionIdPayload: session!.payload,\n      scopes: [],\n      clientId: user.sub ?? '',\n      transport,\n    } satisfies AuthInfo;\n    return req.auth;\n  }\n\n  handleIfElicitResult(req: AuthenticatedServerRequest): boolean {\n\n    if (!this.elicitHandler) {\n      return false;\n    }\n    if (req.body.error) {\n      const {code, message} = req.body.error;\n      if (code === -32600 && message === 'Elicitation not supported') {\n        this.elicitHandler.reject(req.body.error);\n        return true;\n      }\n      return false;\n    }\n\n    const parsed = ElicitResultSchema.safeParse(req.body?.result);\n    if (parsed.success) {\n      this.elicitHandler.resolve(parsed.data);\n      return true;\n    }\n    return false;\n  }\n}\n"]}
+{"version":3,"file":"transport.local.adapter.js","sourceRoot":"","sources":["../../../../src/transport/adapters/transport.local.adapter.ts"],"names":[],"mappings":";;;AAEA,wEAAgF;AAChF,iEAAoH;AACpH,oEAA8D;AAK9D,yCAAmF;AAEnF,kDAAoD;AAEpD,MAAsB,qBAAqB;IAWpB;IACA;IACA;IAZX,MAAM,CAAiB;IACvB,SAAS,CAAI;IACb,UAAU,GAAG,IAAI,0CAAkB,EAAE,CAAC;IACtC,aAAa,GACrB,SAAS,CAAC;IACZ,UAAU,GAAG,CAAC,CAAC;IACf,KAAK,CAAgB;IACrB,MAAM,CAAY;IAElB,YACqB,KAAY,EACZ,GAAiB,EACjB,SAAqB,EACxC,GAAmB;QAHA,UAAK,GAAL,KAAK,CAAO;QACZ,QAAG,GAAH,GAAG,CAAc;QACjB,cAAS,GAAT,SAAS,CAAY;QAGxC,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC;QAC1D,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;QAC1D,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;IACpC,CAAC;IAcD,aAAa;QACX,MAAM,EAAE,IAAI,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC;QAErC,4FAA4F;QAC5F,MAAM,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC;QAC/C,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,EAAE,CAAC;QACnD,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC;QAC3C,MAAM,qBAAqB,GAAG,UAAU,IAAI,YAAY,CAAC,CAAC,CAAC,EAAE,WAAW,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAEpF,MAAM,aAAa,GAAG;YACpB,YAAY,EAAE,EAAE;YAChB,YAAY,EAAE;gBACZ,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,eAAe,EAAE;gBACrC,GAAG,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,eAAe,EAAE;gBACzC,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,eAAe,EAAE;gBACvC,GAAG,qBAAqB;gBACxB,sFAAsF;gBACtF,OAAO,EAAE,EAAE;aACZ;YACD,UAAU,EAAE,IAAI;SACjB,CAAC;QAEF,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,yCAAyC,EAAE;YAC1D,QAAQ;YACR,YAAY;YACZ,UAAU;YACV,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,YAAY,CAAC;YACxD,UAAU,EAAE,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,UAAU,CAAC;SACrD,CAAC,CAAC;QAEH,IAAI,CAAC,MAAM,GAAG,IAAI,iBAAS,CAAC,IAAI,EAAE,aAAa,CAAC,CAAC;QACjD,MAAM,QAAQ,GAAG,IAAA,gCAAiB,EAAC;YACjC,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,aAAa;SACd,CAAC,CAAC;QAEH,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE,CAAC;YAC/B,IAAI,CAAC,MAAM,CAAC,iBAAiB,CAAC,OAAO,CAAC,aAAa,EAAE,OAAO,CAAC,OAAc,CAAC,CAAC;QAC/E,CAAC;QAED,4EAA4E;QAC5E,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,CAAC;QAEzE,OAAO,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;IAC7C,CAAC;IAED,IAAI,YAAY;QACd,OAAO,IAAI,CAAC,UAAU,EAAE,CAAC;IAC3B,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,MAAe;QAC3B,OAAO,CAAC,GAAG,CAAC,iCAAiC,EAAE,MAAM,CAAC,CAAC;QAEvD,8CAA8C;QAC9C,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,gBAAgB,CAAC,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAE9D,IAAI,CAAC;YACH,8BAA8B;YAC9B,4BAA4B;YAC5B,IAAI;QACN,CAAC;QAAC,MAAM,CAAC;YACP,WAAW;QACb,CAAC;QACD,IAAI,MAAM,EAAE,CAAC;YACX,OAAO,CAAC,IAAI,CAAC,2BAA2B,MAAM,EAAE,CAAC,CAAC;QACpD,CAAC;aAAM,CAAC;YACN,IAAI,CAAC;gBACH,IAAI,CAAC,SAAS,EAAE,EAAE,CAAC;YACrB,CAAC;YAAC,MAAM,CAAC;gBACP,WAAW;YACb,CAAC;QACH,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,IAAI,CAAC,SAAS,GAAG,MAAM;QAC3B,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,KAAK,CAAC,CAAC,sCAAsC;YACxD,oCAAoC;YACpC,kDAAkD;YAElD,6CAA6C;YAC7C,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,EAAE,4BAAiB,EAAE,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC,CAAC;YACzF,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IAES,cAAc,CAAC,GAA+B,EAAE,SAAmC;QAC3F,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,GAAG,CAAC,4BAAmB,CAAC,IAAI,CAAC,CAAC;QAE/D,8EAA8E;QAC9E,qEAAqE;QACrE,MAAM,SAAS,GAAG,OAAO,EAAE,EAAE,IAAI,YAAY,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;QAC1D,MAAM,cAAc,GAAG,OAAO,EAAE,OAAO,IAAI,EAAE,QAAQ,EAAE,iBAA0B,EAAE,CAAC;QAEpF,GAAG,CAAC,IAAI,GAAG;YACT,KAAK;YACL,IAAI;YACJ,SAAS;YACT,gBAAgB,EAAE,cAAc;YAChC,MAAM,EAAE,EAAE;YACV,QAAQ,EAAE,IAAI,CAAC,GAAG,IAAI,EAAE;YACxB,SAAS;SACS,CAAC;QACrB,OAAO,GAAG,CAAC,IAAI,CAAC;IAClB,CAAC;IAED,oBAAoB,CAAC,GAA+B;QAClD,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,CAAC;YACxB,OAAO,KAAK,CAAC;QACf,CAAC;QACD,IAAI,GAAG,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;YACnB,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC;YACzC,IAAI,IAAI,KAAK,CAAC,KAAK,IAAI,OAAO,KAAK,2BAA2B,EAAE,CAAC;gBAC/D,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;gBAC1C,OAAO,IAAI,CAAC;YACd,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,MAAM,GAAG,6BAAkB,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAC9D,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;YACnB,IAAI,CAAC,aAAa,CAAC,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;YACxC,OAAO,IAAI,CAAC;QACd,CAAC;QACD,OAAO,KAAK,CAAC;IACf,CAAC;CACF;AArKD,sDAqKC","sourcesContent":["import { AuthenticatedServerRequest } from '../../server/server.types';\nimport { TransportKey, TypedElicitResult } from '../transport.types';\nimport { Server as McpServer } from '@modelcontextprotocol/sdk/server/index.js';\nimport { EmptyResultSchema, ElicitResult, RequestId, ElicitResultSchema } from '@modelcontextprotocol/sdk/types.js';\nimport { InMemoryEventStore } from '../transport.event-store';\nimport { AuthInfo } from '@modelcontextprotocol/sdk/server/auth/types.js';\nimport { StreamableHTTPServerTransport } from '@modelcontextprotocol/sdk/server/streamableHttp.js';\nimport { SSEServerTransport } from '../legacy/legacy.sse.tranporter';\nimport { ZodType } from 'zod';\nimport { FrontMcpLogger, ServerRequestTokens, ServerResponse } from '../../common';\nimport { Scope } from '../../scope';\nimport { createMcpHandlers } from '../mcp-handlers';\n\nexport abstract class LocalTransportAdapter<T extends StreamableHTTPServerTransport | SSEServerTransport> {\n  protected logger: FrontMcpLogger;\n  protected transport: T;\n  protected eventStore = new InMemoryEventStore();\n  protected elicitHandler: { resolve: (result: ElicitResult) => void; reject: (err: unknown) => void } | undefined =\n    undefined;\n  #requestId = 1;\n  ready: Promise<void>;\n  server: McpServer;\n\n  constructor(\n    protected readonly scope: Scope,\n    protected readonly key: TransportKey,\n    protected readonly onDispose: () => void,\n    res: ServerResponse,\n  ) {\n    this.logger = scope.logger.child('LocalTransportAdapter');\n    this.transport = this.createTransport(key.sessionId, res);\n    this.ready = this.connectServer();\n  }\n\n  abstract createTransport(sessionId: string, response: ServerResponse): T;\n\n  abstract initialize(req: AuthenticatedServerRequest, res: ServerResponse): Promise<void>;\n\n  abstract sendElicitRequest<T extends ZodType>(\n    relatedRequestId: RequestId,\n    message: string,\n    requestedSchema: T,\n  ): Promise<TypedElicitResult<T>>;\n\n  abstract handleRequest(req: AuthenticatedServerRequest, res: ServerResponse): Promise<void>;\n\n  connectServer() {\n    const { info } = this.scope.metadata;\n\n    // Check if completions capability should be enabled (when prompts or resources are present)\n    const hasPrompts = this.scope.prompts.hasAny();\n    const hasResources = this.scope.resources.hasAny();\n    const hasTools = this.scope.tools.hasAny();\n    const completionsCapability = hasPrompts || hasResources ? { completions: {} } : {};\n\n    const serverOptions = {\n      instructions: '',\n      capabilities: {\n        ...this.scope.tools.getCapabilities(),\n        ...this.scope.resources.getCapabilities(),\n        ...this.scope.prompts.getCapabilities(),\n        ...completionsCapability,\n        // MCP logging protocol support - allows clients to set log level via logging/setLevel\n        logging: {},\n      },\n      serverInfo: info,\n    };\n\n    this.logger.info('connectServer: advertising capabilities', {\n      hasTools,\n      hasResources,\n      hasPrompts,\n      capabilities: JSON.stringify(serverOptions.capabilities),\n      serverInfo: JSON.stringify(serverOptions.serverInfo),\n    });\n\n    this.server = new McpServer(info, serverOptions);\n    const handlers = createMcpHandlers({\n      scope: this.scope,\n      serverOptions,\n    });\n\n    for (const handler of handlers) {\n      this.server.setRequestHandler(handler.requestSchema, handler.handler as any);\n    }\n\n    // Register server with notification service for server→client notifications\n    this.scope.notifications.registerServer(this.key.sessionId, this.server);\n\n    return this.server.connect(this.transport);\n  }\n\n  get newRequestId(): RequestId {\n    return this.#requestId++;\n  }\n\n  async destroy(reason?: string): Promise<void> {\n    console.log('destroying transporter, reason:', reason);\n\n    // Unregister server from notification service\n    this.scope.notifications.unregisterServer(this.key.sessionId);\n\n    try {\n      // if(!this.transport.closed){\n      //   this.transport.close();\n      // }\n    } catch {\n      /* empty */\n    }\n    if (reason) {\n      console.warn(`Destroying transporter: ${reason}`);\n    } else {\n      try {\n        this.onDispose?.();\n      } catch {\n        /* empty */\n      }\n    }\n  }\n\n  /**\n   * Ping the connected client for this transport.\n   * Returns true on success, false on timeout/error.\n   */\n  async ping(timeoutMs = 10_000): Promise<boolean> {\n    try {\n      await this.ready; // ensure server.connect(...) finished\n      // Preferred if your SDK exposes it:\n      // await this.server.ping({ timeout: timeoutMs });\n\n      // Works on all versions (low-level request):\n      await this.server.request({ method: 'ping' }, EmptyResultSchema, { timeout: timeoutMs });\n      return true;\n    } catch {\n      return false;\n    }\n  }\n\n  protected ensureAuthInfo(req: AuthenticatedServerRequest, transport: LocalTransportAdapter<T>) {\n    const { token, user, session } = req[ServerRequestTokens.auth];\n\n    // Session should always exist now (created in session.verify for public mode)\n    // But add defensive fallback for safety in case session is undefined\n    const sessionId = session?.id ?? `fallback:${Date.now()}`;\n    const sessionPayload = session?.payload ?? { protocol: 'streamable-http' as const };\n\n    req.auth = {\n      token,\n      user,\n      sessionId,\n      sessionIdPayload: sessionPayload,\n      scopes: [],\n      clientId: user.sub ?? '',\n      transport,\n    } satisfies AuthInfo;\n    return req.auth;\n  }\n\n  handleIfElicitResult(req: AuthenticatedServerRequest): boolean {\n    if (!this.elicitHandler) {\n      return false;\n    }\n    if (req.body.error) {\n      const { code, message } = req.body.error;\n      if (code === -32600 && message === 'Elicitation not supported') {\n        this.elicitHandler.reject(req.body.error);\n        return true;\n      }\n      return false;\n    }\n\n    const parsed = ElicitResultSchema.safeParse(req.body?.result);\n    if (parsed.success) {\n      this.elicitHandler.resolve(parsed.data);\n      return true;\n    }\n    return false;\n  }\n}\n"]}

package/src/transport/adapters/transport.sse.adapter.d.ts

@@ -3,12 +3,12 @@ import { TypedElicitResult } from '../transport.types';
 import { SSEServerTransport } from '../legacy/legacy.sse.tranporter';
 import { LocalTransportAdapter } from './transport.local.adapter';
 import { RequestId } from '@modelcontextprotocol/sdk/types.js';
-import { ZodObject } from 'node_modules/zod/v3/types.cjs';
+import { ZodType } from 'zod';
 import { ServerResponse } from '../../common';
 export declare class TransportSSEAdapter extends LocalTransportAdapter<SSEServerTransport> {
     sessionId: string;
     createTransport(sessionId: string, res: ServerResponse): SSEServerTransport;
     initialize(req: AuthenticatedServerRequest, res: ServerResponse): Promise<void>;
     handleRequest(req: AuthenticatedServerRequest, res: ServerResponse): Promise<void>;
-    sendElicitRequest<T extends ZodObject<any>>(relatedRequestId: RequestId, message: string, requestedSchema: T): Promise<TypedElicitResult<T>>;
+    sendElicitRequest<T extends ZodType>(relatedRequestId: RequestId, message: string, requestedSchema: T): Promise<TypedElicitResult<T>>;
 }

package/src/transport/adapters/transport.sse.adapter.js

@@ -3,8 +3,8 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.TransportSSEAdapter = void 0;
 const legacy_sse_tranporter_1 = require("../legacy/legacy.sse.tranporter");
 const transport_local_adapter_1 = require("./transport.local.adapter");
+const v4_1 = require("zod/v4");
 const transport_error_1 = require("../transport.error");
-const zod_to_json_schema_1 = require("zod-to-json-schema");
 class TransportSSEAdapter extends transport_local_adapter_1.LocalTransportAdapter {
     sessionId;
     createTransport(sessionId, res) {
@@ -15,7 +15,8 @@ class TransportSSEAdapter extends transport_local_adapter_1.LocalTransportAdapte
             sessionId: sessionId,
         });
         transport.onerror = (error) => {
-            console.error('SSE error:', error);
+            // Use safe logging to avoid Node.js 24 util.inspect bug with Zod errors
+            console.error('SSE error:', error instanceof Error ? error.message : 'Unknown error');
         };
         transport.onclose = this.destroy.bind(this);
         return transport;
@@ -44,7 +45,7 @@ class TransportSSEAdapter extends transport_local_adapter_1.LocalTransportAdapte
         console.log('sendElicitRequest', { relatedRequestId });
         await this.transport.send((0, transport_error_1.rpcRequest)(this.newRequestId, 'elicitation/create', {
             message,
-            requestedSchema: (0, zod_to_json_schema_1.zodToJsonSchema)(requestedSchema),
+            requestedSchema: (0, v4_1.toJSONSchema)(requestedSchema),
         }));
         return new Promise((resolve, reject) => {
             this.elicitHandler = {

package/src/transport/adapters/transport.sse.adapter.js.map

@@ -1 +1 @@
-{"version":3,"file":"transport.sse.adapter.js","sourceRoot":"","sources":["../../../../src/transport/adapters/transport.sse.adapter.ts"],"names":[],"mappings":";;;AAEA,2EAAqE;AACrE,uEAAkE;AAGlE,wDAAgD;AAChD,2DAAqD;AAGrD,MAAa,mBAAoB,SAAQ,+CAAyC;IAChF,SAAS,CAAS;IAET,eAAe,CAAC,SAAiB,EAAE,GAAmB;QAC7D,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;QAC3B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,0BAA0B,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC;QACrE,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC;QACtC,MAAM,SAAS,GAAG,IAAI,0CAAkB,CAAC,GAAG,SAAS,UAAU,EAAE,GAAG,EAAE;YACpE,SAAS,EAAE,SAAS;SACrB,CAAC,CAAC;QACH,SAAS,CAAC,OAAO,GAAG,CAAC,KAAK,EAAE,EAAE;YAC5B,OAAO,CAAC,KAAK,CAAC,YAAY,EAAE,KAAK,CAAC,CAAC;QACrC,CAAC,CAAC;QACF,SAAS,CAAC,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC5C,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,UAAU,CAAC,GAA+B,EAAE,GAAmB;QAC7D,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,SAAS,6BAA6B,CAAC,CAAC;QACrE,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QAC/B,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;IAC3B,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,GAA+B,EAAE,GAAmB;QACtE,MAAM,QAAQ,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QAEhD,IAAI,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,EAAE,CAAC;YACnC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,SAAS,sBAAsB,CAAC,CAAC;YAC9D,OAAO;QACT,CAAC;QACD,IAAI,GAAG,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;YACzB,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,SAAS,sBAAsB,CAAC,CAAC;YAC9D,OAAO,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,WAAW,EAAE,GAAG,EAAE,QAAQ,EAAE,CAAC,CAAC;QAChF,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,SAAS,uBAAuB,CAAC,CAAC;YAC/D,OAAO,IAAI,CAAC,SAAS,CAAC,iBAAiB,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;QAC9D,CAAC;IACH,CAAC;IAED,KAAK,CAAC,iBAAiB,CACrB,gBAA2B,EAC3B,OAAe,EACf,eAAkB;QAElB,OAAO,CAAC,GAAG,CAAC,mBAAmB,EAAE,EAAE,gBAAgB,EAAE,CAAC,CAAC;QACvD,MAAM,IAAI,CAAC,SAAS,CAAC,IAAI,CACvB,IAAA,4BAAU,EAAC,IAAI,CAAC,YAAY,EAAE,oBAAoB,EAAE;YAClD,OAAO;YACP,eAAe,EAAE,IAAA,oCAAe,EAAC,eAAsB,CAAC;SACzD,CAAC,CACH,CAAC;QAEF,OAAO,IAAI,OAAO,CAAuB,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAC3D,IAAI,CAAC,aAAa,GAAG;gBACnB,OAAO,EAAE,CAAC,MAAM,EAAE,EAAE;oBAClB,OAAO,CAAC,MAA8B,CAAC,CAAC;oBACxC,IAAI,CAAC,aAAa,GAAG,SAAS,CAAC;gBACjC,CAAC;gBACD,MAAM,EAAE,CAAC,GAAG,EAAE,EAAE;oBACd,MAAM,CAAC,GAAG,CAAC,CAAC;oBACZ,IAAI,CAAC,aAAa,GAAG,SAAS,CAAC;gBACjC,CAAC;aACF,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AAjED,kDAiEC","sourcesContent":["import { AuthenticatedServerRequest } from '../../server/server.types';\nimport { TypedElicitResult } from '../transport.types';\nimport { SSEServerTransport } from '../legacy/legacy.sse.tranporter';\nimport { LocalTransportAdapter } from './transport.local.adapter';\nimport { RequestId } from '@modelcontextprotocol/sdk/types.js';\nimport { ZodObject } from 'node_modules/zod/v3/types.cjs';\nimport { rpcRequest } from '../transport.error';\nimport { zodToJsonSchema } from 'zod-to-json-schema';\nimport { ServerResponse } from '../../common';\n\nexport class TransportSSEAdapter extends LocalTransportAdapter<SSEServerTransport> {\n  sessionId: string;\n\n  override createTransport(sessionId: string, res: ServerResponse): SSEServerTransport {\n    this.sessionId = sessionId;\n    this.logger.info(`new transport session: ${sessionId.slice(0, 40)}`);\n    const scopePath = this.scope.fullPath;\n    const transport = new SSEServerTransport(`${scopePath}/message`, res, {\n      sessionId: sessionId,\n    });\n    transport.onerror = (error) => {\n      console.error('SSE error:', error);\n    };\n    transport.onclose = this.destroy.bind(this);\n    return transport;\n  }\n\n  initialize(req: AuthenticatedServerRequest, res: ServerResponse): Promise<void> {\n    this.logger.verbose(`[${this.sessionId}] handle initialize request`);\n    this.ensureAuthInfo(req, this);\n    return Promise.resolve();\n  }\n\n  async handleRequest(req: AuthenticatedServerRequest, res: ServerResponse): Promise<void> {\n    const authInfo = this.ensureAuthInfo(req, this);\n\n    if (this.handleIfElicitResult(req)) {\n      this.logger.verbose(`[${this.sessionId}] handle get request`);\n      return;\n    }\n    if (req.method === 'GET') {\n      this.logger.verbose(`[${this.sessionId}] handle get request`);\n      return this.transport.handleMessage(req.body, { requestInfo: req, authInfo });\n    } else {\n      this.logger.verbose(`[${this.sessionId}] handle post request`);\n      return this.transport.handlePostMessage(req, res, req.body);\n    }\n  }\n\n  async sendElicitRequest<T extends ZodObject<any>>(\n    relatedRequestId: RequestId,\n    message: string,\n    requestedSchema: T,\n  ): Promise<TypedElicitResult<T>> {\n    console.log('sendElicitRequest', { relatedRequestId });\n    await this.transport.send(\n      rpcRequest(this.newRequestId, 'elicitation/create', {\n        message,\n        requestedSchema: zodToJsonSchema(requestedSchema as any),\n      }),\n    );\n\n    return new Promise<TypedElicitResult<T>>((resolve, reject) => {\n      this.elicitHandler = {\n        resolve: (result) => {\n          resolve(result as TypedElicitResult<T>);\n          this.elicitHandler = undefined;\n        },\n        reject: (err) => {\n          reject(err);\n          this.elicitHandler = undefined;\n        },\n      };\n    });\n  }\n}\n"]}
+{"version":3,"file":"transport.sse.adapter.js","sourceRoot":"","sources":["../../../../src/transport/adapters/transport.sse.adapter.ts"],"names":[],"mappings":";;;AAEA,2EAAqE;AACrE,uEAAkE;AAGlE,+BAAsC;AACtC,wDAAgD;AAGhD,MAAa,mBAAoB,SAAQ,+CAAyC;IAChF,SAAS,CAAS;IAET,eAAe,CAAC,SAAiB,EAAE,GAAmB;QAC7D,IAAI,CAAC,SAAS,GAAG,SAAS,CAAC;QAC3B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,0BAA0B,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC;QACrE,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC;QACtC,MAAM,SAAS,GAAG,IAAI,0CAAkB,CAAC,GAAG,SAAS,UAAU,EAAE,GAAG,EAAE;YACpE,SAAS,EAAE,SAAS;SACrB,CAAC,CAAC;QACH,SAAS,CAAC,OAAO,GAAG,CAAC,KAAK,EAAE,EAAE;YAC5B,wEAAwE;YACxE,OAAO,CAAC,KAAK,CAAC,YAAY,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC;QACxF,CAAC,CAAC;QACF,SAAS,CAAC,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC5C,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,UAAU,CAAC,GAA+B,EAAE,GAAmB;QAC7D,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,SAAS,6BAA6B,CAAC,CAAC;QACrE,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QAC/B,OAAO,OAAO,CAAC,OAAO,EAAE,CAAC;IAC3B,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,GAA+B,EAAE,GAAmB;QACtE,MAAM,QAAQ,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QAEhD,IAAI,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,EAAE,CAAC;YACnC,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,SAAS,sBAAsB,CAAC,CAAC;YAC9D,OAAO;QACT,CAAC;QACD,IAAI,GAAG,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;YACzB,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,SAAS,sBAAsB,CAAC,CAAC;YAC9D,OAAO,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,EAAE,EAAE,WAAW,EAAE,GAAG,EAAE,QAAQ,EAAE,CAAC,CAAC;QAChF,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,SAAS,uBAAuB,CAAC,CAAC;YAC/D,OAAO,IAAI,CAAC,SAAS,CAAC,iBAAiB,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;QAC9D,CAAC;IACH,CAAC;IAED,KAAK,CAAC,iBAAiB,CACrB,gBAA2B,EAC3B,OAAe,EACf,eAAkB;QAElB,OAAO,CAAC,GAAG,CAAC,mBAAmB,EAAE,EAAE,gBAAgB,EAAE,CAAC,CAAC;QACvD,MAAM,IAAI,CAAC,SAAS,CAAC,IAAI,CACvB,IAAA,4BAAU,EAAC,IAAI,CAAC,YAAY,EAAE,oBAAoB,EAAE;YAClD,OAAO;YACP,eAAe,EAAE,IAAA,iBAAY,EAAC,eAAsB,CAAC;SACtD,CAAC,CACH,CAAC;QAEF,OAAO,IAAI,OAAO,CAAuB,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAC3D,IAAI,CAAC,aAAa,GAAG;gBACnB,OAAO,EAAE,CAAC,MAAM,EAAE,EAAE;oBAClB,OAAO,CAAC,MAA8B,CAAC,CAAC;oBACxC,IAAI,CAAC,aAAa,GAAG,SAAS,CAAC;gBACjC,CAAC;gBACD,MAAM,EAAE,CAAC,GAAG,EAAE,EAAE;oBACd,MAAM,CAAC,GAAG,CAAC,CAAC;oBACZ,IAAI,CAAC,aAAa,GAAG,SAAS,CAAC;gBACjC,CAAC;aACF,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AAlED,kDAkEC","sourcesContent":["import { AuthenticatedServerRequest } from '../../server/server.types';\nimport { TypedElicitResult } from '../transport.types';\nimport { SSEServerTransport } from '../legacy/legacy.sse.tranporter';\nimport { LocalTransportAdapter } from './transport.local.adapter';\nimport { RequestId } from '@modelcontextprotocol/sdk/types.js';\nimport { ZodType } from 'zod';\nimport { toJSONSchema } from 'zod/v4';\nimport { rpcRequest } from '../transport.error';\nimport { ServerResponse } from '../../common';\n\nexport class TransportSSEAdapter extends LocalTransportAdapter<SSEServerTransport> {\n  sessionId: string;\n\n  override createTransport(sessionId: string, res: ServerResponse): SSEServerTransport {\n    this.sessionId = sessionId;\n    this.logger.info(`new transport session: ${sessionId.slice(0, 40)}`);\n    const scopePath = this.scope.fullPath;\n    const transport = new SSEServerTransport(`${scopePath}/message`, res, {\n      sessionId: sessionId,\n    });\n    transport.onerror = (error) => {\n      // Use safe logging to avoid Node.js 24 util.inspect bug with Zod errors\n      console.error('SSE error:', error instanceof Error ? error.message : 'Unknown error');\n    };\n    transport.onclose = this.destroy.bind(this);\n    return transport;\n  }\n\n  initialize(req: AuthenticatedServerRequest, res: ServerResponse): Promise<void> {\n    this.logger.verbose(`[${this.sessionId}] handle initialize request`);\n    this.ensureAuthInfo(req, this);\n    return Promise.resolve();\n  }\n\n  async handleRequest(req: AuthenticatedServerRequest, res: ServerResponse): Promise<void> {\n    const authInfo = this.ensureAuthInfo(req, this);\n\n    if (this.handleIfElicitResult(req)) {\n      this.logger.verbose(`[${this.sessionId}] handle get request`);\n      return;\n    }\n    if (req.method === 'GET') {\n      this.logger.verbose(`[${this.sessionId}] handle get request`);\n      return this.transport.handleMessage(req.body, { requestInfo: req, authInfo });\n    } else {\n      this.logger.verbose(`[${this.sessionId}] handle post request`);\n      return this.transport.handlePostMessage(req, res, req.body);\n    }\n  }\n\n  async sendElicitRequest<T extends ZodType>(\n    relatedRequestId: RequestId,\n    message: string,\n    requestedSchema: T,\n  ): Promise<TypedElicitResult<T>> {\n    console.log('sendElicitRequest', { relatedRequestId });\n    await this.transport.send(\n      rpcRequest(this.newRequestId, 'elicitation/create', {\n        message,\n        requestedSchema: toJSONSchema(requestedSchema as any),\n      }),\n    );\n\n    return new Promise<TypedElicitResult<T>>((resolve, reject) => {\n      this.elicitHandler = {\n        resolve: (result) => {\n          resolve(result as TypedElicitResult<T>);\n          this.elicitHandler = undefined;\n        },\n        reject: (err) => {\n          reject(err);\n          this.elicitHandler = undefined;\n        },\n      };\n    });\n  }\n}\n"]}

package/src/transport/adapters/transport.streamable-http.adapter.d.ts

@@ -1,13 +1,20 @@
 import { StreamableHTTPServerTransport } from '@modelcontextprotocol/sdk/server/streamableHttp.js';
-import { TypedElicitResult } from '../transport.types';
+import { TransportType, TypedElicitResult } from '../transport.types';
 import { AuthenticatedServerRequest } from '../../server/server.types';
 import { LocalTransportAdapter } from './transport.local.adapter';
 import { RequestId } from '@modelcontextprotocol/sdk/types.js';
-import { ZodObject } from 'zod';
+import { ZodType } from 'zod';
 import { ServerResponse } from '../../common';
+/**
+ * Stateless HTTP requests must be able to send multiple initialize calls without
+ * tripping the MCP transport's "already initialized" guard. The upstream SDK
+ * treats any transport with a session ID generator as stateful, so we disable
+ * session generation entirely for stateless transports.
+ */
+export declare const resolveSessionIdGenerator: (transportType: TransportType, sessionId: string) => (() => string) | undefined;
 export declare class TransportStreamableHttpAdapter extends LocalTransportAdapter<StreamableHTTPServerTransport> {
     createTransport(sessionId: string, response: ServerResponse): StreamableHTTPServerTransport;
     initialize(req: AuthenticatedServerRequest, res: ServerResponse): Promise<void>;
     handleRequest(req: AuthenticatedServerRequest, res: ServerResponse): Promise<void>;
-    sendElicitRequest<T extends ZodObject<any>>(relatedRequestId: RequestId, message: string, requestedSchema: T): Promise<TypedElicitResult<T>>;
+    sendElicitRequest<T extends ZodType>(relatedRequestId: RequestId, message: string, requestedSchema: T): Promise<TypedElicitResult<T>>;
 }

package/src/transport/adapters/transport.streamable-http.adapter.js

@@ -1,27 +1,73 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.TransportStreamableHttpAdapter = void 0;
+exports.TransportStreamableHttpAdapter = exports.resolveSessionIdGenerator = void 0;
 const streamableHttp_js_1 = require("@modelcontextprotocol/sdk/server/streamableHttp.js");
 const transport_local_adapter_1 = require("./transport.local.adapter");
-const zod_to_json_schema_1 = require("zod-to-json-schema");
+const v4_1 = require("zod/v4");
 const transport_error_1 = require("../transport.error");
+/**
+ * Stateless HTTP requests must be able to send multiple initialize calls without
+ * tripping the MCP transport's "already initialized" guard. The upstream SDK
+ * treats any transport with a session ID generator as stateful, so we disable
+ * session generation entirely for stateless transports.
+ */
+const resolveSessionIdGenerator = (transportType, sessionId) => {
+    return transportType === 'stateless-http' ? undefined : () => sessionId;
+};
+exports.resolveSessionIdGenerator = resolveSessionIdGenerator;
 class TransportStreamableHttpAdapter extends transport_local_adapter_1.LocalTransportAdapter {
     createTransport(sessionId, response) {
+        const sessionIdGenerator = (0, exports.resolveSessionIdGenerator)(this.key.type, sessionId);
         return new streamableHttp_js_1.StreamableHTTPServerTransport({
-            sessionIdGenerator: () => {
-                return sessionId;
-            },
+            sessionIdGenerator,
             onsessionclosed: () => {
                 // this.destroy();
             },
             onsessioninitialized: (sessionId) => {
-                console.log(`session initialized: ${sessionId.slice(0, 40)}`);
+                if (sessionId) {
+                    console.log(`session initialized: ${sessionId.slice(0, 40)}`);
+                }
+                else {
+                    console.log(`stateless session initialized`);
+                }
             },
-            eventStore: this.eventStore,
+            // Disable eventStore to prevent priming events - Claude.ai's client doesn't handle them
+            // The priming event has empty data with no `event:` type, which violates MCP spec
+            // ("Event types MUST be message") and confuses some clients
+            eventStore: undefined,
         });
     }
     initialize(req, res) {
         this.ensureAuthInfo(req, this);
+        this.logger.info('[StreamableHttpAdapter] initialize() called', {
+            method: req.method,
+            sessionId: this.key.sessionId.slice(0, 30),
+            bodyMethod: req.body?.method,
+        });
+        // Intercept response to log what gets sent back to client
+        const originalWrite = res.write.bind(res);
+        const originalEnd = res.end.bind(res);
+        let responseBody = '';
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any
+        res.write = function (chunk, encodingOrCb, cb) {
+            if (chunk) {
+                responseBody += typeof chunk === 'string' ? chunk : Buffer.isBuffer(chunk) ? chunk.toString() : String(chunk);
+            }
+            return originalWrite.call(this, chunk, encodingOrCb, cb);
+        };
+        const adapter = this;
+        // eslint-disable-next-line @typescript-eslint/no-explicit-any
+        res.end = function (chunk, encodingOrCb, cb) {
+            if (chunk) {
+                responseBody += typeof chunk === 'string' ? chunk : Buffer.isBuffer(chunk) ? chunk.toString() : String(chunk);
+            }
+            adapter.logger.info('[StreamableHttpAdapter] initialize response', {
+                statusCode: res.statusCode,
+                headers: res.getHeaders?.() ?? {},
+                bodyPreview: responseBody.slice(0, 1000),
+            });
+            return originalEnd.call(this, chunk, encodingOrCb, cb);
+        };
         return this.transport.handleRequest(req, res, req.body);
     }
     async handleRequest(req, res) {
@@ -45,7 +91,7 @@ class TransportStreamableHttpAdapter extends transport_local_adapter_1.LocalTran
     async sendElicitRequest(relatedRequestId, message, requestedSchema) {
         await this.transport.send((0, transport_error_1.rpcRequest)(this.newRequestId, 'elicitation/create', {
             message,
-            requestedSchema: (0, zod_to_json_schema_1.zodToJsonSchema)(requestedSchema),
+            requestedSchema: (0, v4_1.toJSONSchema)(requestedSchema),
         }), { relatedRequestId });
         return new Promise((resolve, reject) => {
             this.elicitHandler = {

package/src/transport/adapters/transport.streamable-http.adapter.js.map

@@ -1 +1 @@
-{"version":3,"file":"transport.streamable-http.adapter.js","sourceRoot":"","sources":["../../../../src/transport/adapters/transport.streamable-http.adapter.ts"],"names":[],"mappings":";;;AAAA,0FAAmG;AAGnG,uEAAkE;AAElE,2DAAqD;AAErD,wDAAgD;AAGhD,MAAa,8BAA+B,SAAQ,+CAAoD;IAE7F,eAAe,CAAC,SAAiB,EAAE,QAAwB;QAChE,OAAO,IAAI,iDAA6B,CAAC;YACvC,kBAAkB,EAAE,GAAG,EAAE;gBACvB,OAAO,SAAS,CAAA;YAClB,CAAC;YACD,eAAe,EAAE,GAAG,EAAE;gBACpB,kBAAkB;YACpB,CAAC;YACD,oBAAoB,EAAE,CAAC,SAAS,EAAE,EAAE;gBAClC,OAAO,CAAC,GAAG,CAAC,wBAAwB,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC;YAChE,CAAC;YACD,UAAU,EAAE,IAAI,CAAC,UAAU;SAC5B,CAAC,CAAA;IACN,CAAC;IAED,UAAU,CAAC,GAA+B,EAAE,GAAmB;QAC7D,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QAC/B,OAAO,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;IAC1D,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,GAA+B,EAAE,GAAmB;QACtE,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QAC/B,EAAE;QACF,qEAAqE;QACrE,kCAAkC;QAClC,uFAAuF;QACvF,sBAAsB;QACtB,IAAI;QAEJ,IAAI,GAAG,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;YACzB,OAAO,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QAChD,CAAC;aAAM,CAAC;YACN,IAAI,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,EAAE,CAAC;gBACnC,OAAO;YACT,CAAC;YACD,OAAO,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;QAC1D,CAAC;IACH,CAAC;IAED,KAAK,CAAC,iBAAiB,CACrB,gBAA2B,EAC3B,OAAe,EACf,eAAkB;QAElB,MAAM,IAAI,CAAC,SAAS,CAAC,IAAI,CACvB,IAAA,4BAAU,EAAC,IAAI,CAAC,YAAY,EAAE,oBAAoB,EAAE;YAClD,OAAO;YACP,eAAe,EAAE,IAAA,oCAAe,EAAC,eAAsB,CAAC;SACzD,CAAC,EACF,EAAE,gBAAgB,EAAE,CACrB,CAAC;QAEF,OAAO,IAAI,OAAO,CAAuB,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAC3D,IAAI,CAAC,aAAa,GAAG;gBACnB,OAAO,EAAE,CAAC,MAAM,EAAE,EAAE;oBAClB,OAAO,CAAC,MAA8B,CAAC,CAAC;oBACxC,IAAI,CAAC,aAAa,GAAG,SAAS,CAAC;gBACjC,CAAC;gBACD,MAAM,EAAE,CAAC,GAAG,EAAE,EAAE;oBACd,MAAM,CAAC,GAAG,CAAC,CAAC;oBACZ,IAAI,CAAC,aAAa,GAAG,SAAS,CAAC;gBACjC,CAAC;aACF,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC;CAEF;AApED,wEAoEC","sourcesContent":["import { StreamableHTTPServerTransport } from '@modelcontextprotocol/sdk/server/streamableHttp.js';\nimport { TypedElicitResult } from '../transport.types';\nimport { AuthenticatedServerRequest } from '../../server/server.types';\nimport { LocalTransportAdapter } from './transport.local.adapter';\nimport { RequestId } from '@modelcontextprotocol/sdk/types.js';\nimport { zodToJsonSchema } from 'zod-to-json-schema';\nimport { ZodObject } from 'zod';\nimport { rpcRequest } from '../transport.error';\nimport { ServerResponse } from '../../common';\n\nexport class TransportStreamableHttpAdapter extends LocalTransportAdapter<StreamableHTTPServerTransport> {\n\n  override createTransport(sessionId: string, response: ServerResponse): StreamableHTTPServerTransport {\n      return new StreamableHTTPServerTransport({\n        sessionIdGenerator: () => {\n          return sessionId\n        },\n        onsessionclosed: () => {\n          // this.destroy();\n        },\n        onsessioninitialized: (sessionId) => {\n          console.log(`session initialized: ${sessionId.slice(0, 40)}`);\n        },\n        eventStore: this.eventStore,\n      })\n  }\n\n  initialize(req: AuthenticatedServerRequest, res: ServerResponse): Promise<void> {\n    this.ensureAuthInfo(req, this);\n    return this.transport.handleRequest(req, res, req.body);\n  }\n\n  async handleRequest(req: AuthenticatedServerRequest, res: ServerResponse): Promise<void> {\n    this.ensureAuthInfo(req, this);\n    //\n    // if ((await this.isInitialized) && isInitializeRequest(req.body)) {\n    //   await this.transport.close();\n    //   this.isInitialized = this.connectStreamableTransport(req.authSession.session!.id);\n    //   await this.ready;\n    // }\n\n    if (req.method === 'GET') {\n      return this.transport.handleRequest(req, res);\n    } else {\n      if (this.handleIfElicitResult(req)) {\n        return;\n      }\n      return this.transport.handleRequest(req, res, req.body);\n    }\n  }\n\n  async sendElicitRequest<T extends ZodObject<any>>(\n    relatedRequestId: RequestId,\n    message: string,\n    requestedSchema: T,\n  ): Promise<TypedElicitResult<T>> {\n    await this.transport.send(\n      rpcRequest(this.newRequestId, 'elicitation/create', {\n        message,\n        requestedSchema: zodToJsonSchema(requestedSchema as any),\n      }),\n      { relatedRequestId },\n    );\n\n    return new Promise<TypedElicitResult<T>>((resolve, reject) => {\n      this.elicitHandler = {\n        resolve: (result) => {\n          resolve(result as TypedElicitResult<T>);\n          this.elicitHandler = undefined;\n        },\n        reject: (err) => {\n          reject(err);\n          this.elicitHandler = undefined;\n        },\n      };\n    });\n  }\n\n}\n"]}
+{"version":3,"file":"transport.streamable-http.adapter.js","sourceRoot":"","sources":["../../../../src/transport/adapters/transport.streamable-http.adapter.ts"],"names":[],"mappings":";;;AAAA,0FAAmG;AAGnG,uEAAkE;AAGlE,+BAAsC;AACtC,wDAAgD;AAGhD;;;;;GAKG;AACI,MAAM,yBAAyB,GAAG,CACvC,aAA4B,EAC5B,SAAiB,EACW,EAAE;IAC9B,OAAO,aAAa,KAAK,gBAAgB,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC;AAC1E,CAAC,CAAC;AALW,QAAA,yBAAyB,6BAKpC;AAEF,MAAa,8BAA+B,SAAQ,+CAAoD;IAC7F,eAAe,CAAC,SAAiB,EAAE,QAAwB;QAClE,MAAM,kBAAkB,GAAG,IAAA,iCAAyB,EAAC,IAAI,CAAC,GAAG,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;QAE/E,OAAO,IAAI,iDAA6B,CAAC;YACvC,kBAAkB;YAClB,eAAe,EAAE,GAAG,EAAE;gBACpB,kBAAkB;YACpB,CAAC;YACD,oBAAoB,EAAE,CAAC,SAAS,EAAE,EAAE;gBAClC,IAAI,SAAS,EAAE,CAAC;oBACd,OAAO,CAAC,GAAG,CAAC,wBAAwB,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC;gBAChE,CAAC;qBAAM,CAAC;oBACN,OAAO,CAAC,GAAG,CAAC,+BAA+B,CAAC,CAAC;gBAC/C,CAAC;YACH,CAAC;YACD,wFAAwF;YACxF,kFAAkF;YAClF,4DAA4D;YAC5D,UAAU,EAAE,SAAS;SACtB,CAAC,CAAC;IACL,CAAC;IAED,UAAU,CAAC,GAA+B,EAAE,GAAmB;QAC7D,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QAE/B,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,6CAA6C,EAAE;YAC9D,MAAM,EAAE,GAAG,CAAC,MAAM;YAClB,SAAS,EAAE,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;YAC1C,UAAU,EAAG,GAAG,CAAC,IAA4B,EAAE,MAAM;SACtD,CAAC,CAAC;QAEH,0DAA0D;QAC1D,MAAM,aAAa,GAAG,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAqB,CAAC;QAC9D,MAAM,WAAW,GAAG,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAmB,CAAC;QACxD,IAAI,YAAY,GAAG,EAAE,CAAC;QAEtB,8DAA8D;QAC9D,GAAG,CAAC,KAAK,GAAG,UAAgC,KAAU,EAAE,YAAkB,EAAE,EAAQ;YAClF,IAAI,KAAK,EAAE,CAAC;gBACV,YAAY,IAAI,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAChH,CAAC;YACD,OAAO,aAAa,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,CAAC,CAAC;QAC3D,CAAqB,CAAC;QAEtB,MAAM,OAAO,GAAG,IAAI,CAAC;QACrB,8DAA8D;QAC9D,GAAG,CAAC,GAAG,GAAG,UAAgC,KAAW,EAAE,YAAkB,EAAE,EAAQ;YACjF,IAAI,KAAK,EAAE,CAAC;gBACV,YAAY,IAAI,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAChH,CAAC;YACD,OAAO,CAAC,MAAM,CAAC,IAAI,CAAC,6CAA6C,EAAE;gBACjE,UAAU,EAAE,GAAG,CAAC,UAAU;gBAC1B,OAAO,EAAE,GAAG,CAAC,UAAU,EAAE,EAAE,IAAI,EAAE;gBACjC,WAAW,EAAE,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC;aACzC,CAAC,CAAC;YACH,OAAO,WAAW,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,CAAC,CAAC;QACzD,CAAmB,CAAC;QAEpB,OAAO,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;IAC1D,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,GAA+B,EAAE,GAAmB;QACtE,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QAC/B,EAAE;QACF,qEAAqE;QACrE,kCAAkC;QAClC,uFAAuF;QACvF,sBAAsB;QACtB,IAAI;QAEJ,IAAI,GAAG,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;YACzB,OAAO,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QAChD,CAAC;aAAM,CAAC;YACN,IAAI,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,EAAE,CAAC;gBACnC,OAAO;YACT,CAAC;YACD,OAAO,IAAI,CAAC,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;QAC1D,CAAC;IACH,CAAC;IAED,KAAK,CAAC,iBAAiB,CACrB,gBAA2B,EAC3B,OAAe,EACf,eAAkB;QAElB,MAAM,IAAI,CAAC,SAAS,CAAC,IAAI,CACvB,IAAA,4BAAU,EAAC,IAAI,CAAC,YAAY,EAAE,oBAAoB,EAAE;YAClD,OAAO;YACP,eAAe,EAAE,IAAA,iBAAY,EAAC,eAAsB,CAAC;SACtD,CAAC,EACF,EAAE,gBAAgB,EAAE,CACrB,CAAC;QAEF,OAAO,IAAI,OAAO,CAAuB,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YAC3D,IAAI,CAAC,aAAa,GAAG;gBACnB,OAAO,EAAE,CAAC,MAAM,EAAE,EAAE;oBAClB,OAAO,CAAC,MAA8B,CAAC,CAAC;oBACxC,IAAI,CAAC,aAAa,GAAG,SAAS,CAAC;gBACjC,CAAC;gBACD,MAAM,EAAE,CAAC,GAAG,EAAE,EAAE;oBACd,MAAM,CAAC,GAAG,CAAC,CAAC;oBACZ,IAAI,CAAC,aAAa,GAAG,SAAS,CAAC;gBACjC,CAAC;aACF,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC;CACF;AA3GD,wEA2GC","sourcesContent":["import { StreamableHTTPServerTransport } from '@modelcontextprotocol/sdk/server/streamableHttp.js';\nimport { TransportType, TypedElicitResult } from '../transport.types';\nimport { AuthenticatedServerRequest } from '../../server/server.types';\nimport { LocalTransportAdapter } from './transport.local.adapter';\nimport { RequestId } from '@modelcontextprotocol/sdk/types.js';\nimport { ZodType } from 'zod';\nimport { toJSONSchema } from 'zod/v4';\nimport { rpcRequest } from '../transport.error';\nimport { ServerResponse } from '../../common';\n\n/**\n * Stateless HTTP requests must be able to send multiple initialize calls without\n * tripping the MCP transport's \"already initialized\" guard. The upstream SDK\n * treats any transport with a session ID generator as stateful, so we disable\n * session generation entirely for stateless transports.\n */\nexport const resolveSessionIdGenerator = (\n  transportType: TransportType,\n  sessionId: string,\n): (() => string) | undefined => {\n  return transportType === 'stateless-http' ? undefined : () => sessionId;\n};\n\nexport class TransportStreamableHttpAdapter extends LocalTransportAdapter<StreamableHTTPServerTransport> {\n  override createTransport(sessionId: string, response: ServerResponse): StreamableHTTPServerTransport {\n    const sessionIdGenerator = resolveSessionIdGenerator(this.key.type, sessionId);\n\n    return new StreamableHTTPServerTransport({\n      sessionIdGenerator,\n      onsessionclosed: () => {\n        // this.destroy();\n      },\n      onsessioninitialized: (sessionId) => {\n        if (sessionId) {\n          console.log(`session initialized: ${sessionId.slice(0, 40)}`);\n        } else {\n          console.log(`stateless session initialized`);\n        }\n      },\n      // Disable eventStore to prevent priming events - Claude.ai's client doesn't handle them\n      // The priming event has empty data with no `event:` type, which violates MCP spec\n      // (\"Event types MUST be message\") and confuses some clients\n      eventStore: undefined,\n    });\n  }\n\n  initialize(req: AuthenticatedServerRequest, res: ServerResponse): Promise<void> {\n    this.ensureAuthInfo(req, this);\n\n    this.logger.info('[StreamableHttpAdapter] initialize() called', {\n      method: req.method,\n      sessionId: this.key.sessionId.slice(0, 30),\n      bodyMethod: (req.body as { method?: string })?.method,\n    });\n\n    // Intercept response to log what gets sent back to client\n    const originalWrite = res.write.bind(res) as typeof res.write;\n    const originalEnd = res.end.bind(res) as typeof res.end;\n    let responseBody = '';\n\n    // eslint-disable-next-line @typescript-eslint/no-explicit-any\n    res.write = function (this: ServerResponse, chunk: any, encodingOrCb?: any, cb?: any): boolean {\n      if (chunk) {\n        responseBody += typeof chunk === 'string' ? chunk : Buffer.isBuffer(chunk) ? chunk.toString() : String(chunk);\n      }\n      return originalWrite.call(this, chunk, encodingOrCb, cb);\n    } as typeof res.write;\n\n    const adapter = this;\n    // eslint-disable-next-line @typescript-eslint/no-explicit-any\n    res.end = function (this: ServerResponse, chunk?: any, encodingOrCb?: any, cb?: any): ServerResponse {\n      if (chunk) {\n        responseBody += typeof chunk === 'string' ? chunk : Buffer.isBuffer(chunk) ? chunk.toString() : String(chunk);\n      }\n      adapter.logger.info('[StreamableHttpAdapter] initialize response', {\n        statusCode: res.statusCode,\n        headers: res.getHeaders?.() ?? {},\n        bodyPreview: responseBody.slice(0, 1000),\n      });\n      return originalEnd.call(this, chunk, encodingOrCb, cb);\n    } as typeof res.end;\n\n    return this.transport.handleRequest(req, res, req.body);\n  }\n\n  async handleRequest(req: AuthenticatedServerRequest, res: ServerResponse): Promise<void> {\n    this.ensureAuthInfo(req, this);\n    //\n    // if ((await this.isInitialized) && isInitializeRequest(req.body)) {\n    //   await this.transport.close();\n    //   this.isInitialized = this.connectStreamableTransport(req.authSession.session!.id);\n    //   await this.ready;\n    // }\n\n    if (req.method === 'GET') {\n      return this.transport.handleRequest(req, res);\n    } else {\n      if (this.handleIfElicitResult(req)) {\n        return;\n      }\n      return this.transport.handleRequest(req, res, req.body);\n    }\n  }\n\n  async sendElicitRequest<T extends ZodType>(\n    relatedRequestId: RequestId,\n    message: string,\n    requestedSchema: T,\n  ): Promise<TypedElicitResult<T>> {\n    await this.transport.send(\n      rpcRequest(this.newRequestId, 'elicitation/create', {\n        message,\n        requestedSchema: toJSONSchema(requestedSchema as any),\n      }),\n      { relatedRequestId },\n    );\n\n    return new Promise<TypedElicitResult<T>>((resolve, reject) => {\n      this.elicitHandler = {\n        resolve: (result) => {\n          resolve(result as TypedElicitResult<T>);\n          this.elicitHandler = undefined;\n        },\n        reject: (err) => {\n          reject(err);\n          this.elicitHandler = undefined;\n        },\n      };\n    });\n  }\n}\n"]}

package/src/transport/flows/handle.sse.flow.d.ts

@@ -10,72 +10,38 @@ export declare const stateSchema: z.ZodObject<{
     token: z.ZodString;
     session: z.ZodObject<{
         id: z.ZodString;
-        payload: z.ZodObject<{
+        payload: z.ZodOptional<z.ZodObject<{
             nodeId: z.ZodString;
             authSig: z.ZodString;
             uuid: z.ZodString;
             iat: z.ZodNumber;
-            protocol: z.ZodEnum<["legacy-sse", "sse", "streamable-http", "stateful-http", "stateless-http"]>;
-        }, "strip", z.ZodTypeAny, {
-            uuid: string;
-            nodeId: string;
-            authSig: string;
-            iat: number;
-            protocol: "sse" | "legacy-sse" | "streamable-http" | "stateful-http" | "stateless-http";
-        }, {
-            uuid: string;
-            nodeId: string;
-            authSig: string;
-            iat: number;
-            protocol: "sse" | "legacy-sse" | "streamable-http" | "stateful-http" | "stateless-http";
-        }>;
-    }, "strip", z.ZodTypeAny, {
-        id: string;
-        payload: {
-            uuid: string;
-            nodeId: string;
-            authSig: string;
-            iat: number;
-            protocol: "sse" | "legacy-sse" | "streamable-http" | "stateful-http" | "stateless-http";
-        };
-    }, {
-        id: string;
-        payload: {
-            uuid: string;
-            nodeId: string;
-            authSig: string;
-            iat: number;
-            protocol: "sse" | "legacy-sse" | "streamable-http" | "stateful-http" | "stateless-http";
-        };
-    }>;
-    requestType: z.ZodOptional<z.ZodEnum<["initialize", "message", "elicitResult"]>>;
-}, "strip", z.ZodTypeAny, {
-    session: {
-        id: string;
-        payload: {
-            uuid: string;
-            nodeId: string;
-            authSig: string;
-            iat: number;
-            protocol: "sse" | "legacy-sse" | "streamable-http" | "stateful-http" | "stateless-http";
-        };
-    };
-    token: string;
-    requestType?: "message" | "initialize" | "elicitResult" | undefined;
-}, {
-    session: {
-        id: string;
-        payload: {
-            uuid: string;
-            nodeId: string;
-            authSig: string;
-            iat: number;
-            protocol: "sse" | "legacy-sse" | "streamable-http" | "stateful-http" | "stateless-http";
-        };
-    };
-    token: string;
-    requestType?: "message" | "initialize" | "elicitResult" | undefined;
-}>;
+            protocol: z.ZodOptional<z.ZodEnum<{
+                "legacy-sse": "legacy-sse";
+                sse: "sse";
+                "streamable-http": "streamable-http";
+                "stateful-http": "stateful-http";
+                "stateless-http": "stateless-http";
+            }>>;
+            isPublic: z.ZodOptional<z.ZodBoolean>;
+            platformType: z.ZodOptional<z.ZodEnum<{
+                unknown: "unknown";
+                continue: "continue";
+                openai: "openai";
+                claude: "claude";
+                gemini: "gemini";
+                cursor: "cursor";
+                cody: "cody";
+                "generic-mcp": "generic-mcp";
+                "ext-apps": "ext-apps";
+            }>>;
+        }, z.core.$strip>>;
+    }, z.core.$strip>;
+    requestType: z.ZodOptional<z.ZodEnum<{
+        message: "message";
+        initialize: "initialize";
+        elicitResult: "elicitResult";
+    }>>;
+}, z.core.$strip>;
 declare const name: "handle:legacy-sse";
 declare global {
     interface ExtendFlows {
@@ -83,7 +49,7 @@ declare global {
     }
 }
 export default class HandleSseFlow extends FlowBase<typeof name> {
-    paseInput(): Promise<void>;
+    parseInput(): Promise<void>;
     router(): Promise<void>;
     onInitialize(): Promise<void>;
     onElicitResult(): Promise<void>;

package/src/transport/flows/handle.sse.flow.js

@@ -11,22 +11,65 @@ exports.plan = {
     post: [],
     finalize: ['cleanup'],
 };
+// Relaxed session schema for state - payload is optional when using mcp-session-id header directly
+const stateSessionSchema = zod_1.z.object({
+    id: zod_1.z.string(),
+    payload: zod_1.z
+        .object({
+        nodeId: zod_1.z.string(),
+        authSig: zod_1.z.string(),
+        uuid: zod_1.z.string().uuid(),
+        iat: zod_1.z.number(),
+        protocol: zod_1.z.enum(['legacy-sse', 'sse', 'streamable-http', 'stateful-http', 'stateless-http']).optional(),
+        isPublic: zod_1.z.boolean().optional(),
+        platformType: zod_1.z
+            .enum(['openai', 'claude', 'gemini', 'cursor', 'continue', 'cody', 'generic-mcp', 'ext-apps', 'unknown'])
+            .optional(),
+    })
+        .optional(),
+});
 exports.stateSchema = zod_1.z.object({
     token: zod_1.z.string(),
-    session: common_1.sessionIdSchema,
+    session: stateSessionSchema,
     requestType: zod_1.z.enum(['initialize', 'message', 'elicitResult']).optional(),
 });
 const name = 'handle:legacy-sse';
 const { Stage } = (0, common_1.FlowHooksOf)(name);
 let HandleSseFlow = class HandleSseFlow extends common_1.FlowBase {
-    async paseInput() {
+    async parseInput() {
         const { request } = this.rawInput;
         const authorization = request[common_1.ServerRequestTokens.auth];
         const { token } = authorization;
-        let { session } = authorization;
-        if (!session) {
-            session = (0, session_id_utils_1.createSessionId)('legacy-sse', token);
-            request[common_1.ServerRequestTokens.auth].session = session;
+        // CRITICAL: The mcp-session-id header is the client's reference to their session.
+        // We MUST use this exact ID for transport registry lookup.
+        //
+        // Priority 1: Use mcp-session-id header if present (client's session ID for lookup)
+        //             This is the ID the client received from initialize and is referencing.
+        // Priority 2: Use session from authorization if header matches or is absent
+        // Priority 3: Create new session (first request - no header, no authorization.session)
+        const mcpSessionHeader = request.headers?.['mcp-session-id'];
+        let session;
+        if (mcpSessionHeader) {
+            // Client sent session ID - ALWAYS use it for transport lookup
+            // If authorization.session exists and matches, use its payload for protocol detection
+            // If authorization.session differs or is missing, still use header ID (payload may be undefined)
+            if (authorization.session?.id === mcpSessionHeader) {
+                session = authorization.session;
+            }
+            else {
+                session = { id: mcpSessionHeader };
+            }
+        }
+        else if (authorization.session) {
+            // No header but authorization has session - use it (shouldn't happen in normal flow)
+            session = authorization.session;
+        }
+        else {
+            // No session - create new one (initialize request)
+            session = (0, session_id_utils_1.createSessionId)('legacy-sse', token, {
+                userAgent: request.headers?.['user-agent'],
+                platformDetectionConfig: this.scope.metadata?.session?.platformDetection,
+            });
         }
         this.state.set(exports.stateSchema.parse({ token, session }));
     }
@@ -36,10 +79,11 @@ let HandleSseFlow = class HandleSseFlow extends common_1.FlowBase {
         const requestPath = (0, common_1.normalizeEntryPrefix)(request.path);
         const prefix = (0, common_1.normalizeEntryPrefix)(scope.entryPath);
         const scopePath = (0, common_1.normalizeScopeBase)(scope.routeBase);
-        if (requestPath === `${prefix}${scopePath}`) {
+        const basePath = `${prefix}${scopePath}`;
+        if (requestPath === `${basePath}/sse`) {
             this.state.set('requestType', 'initialize');
         }
-        else if (requestPath === `${prefix}${scopePath}/message`) {
+        else if (requestPath === `${basePath}/message`) {
             this.state.set('requestType', 'message');
         }
     }
@@ -62,11 +106,35 @@ let HandleSseFlow = class HandleSseFlow extends common_1.FlowBase {
     }
     async onMessage() {
         const transportService = this.scope.transportService;
+        const logger = this.scopeLogger.child('handle:legacy-sse:onMessage');
         const { request, response } = this.rawInput;
         const { token, session } = this.state.required;
         const transport = await transportService.getTransporter('sse', token, session.id);
         if (!transport) {
-            this.respond(common_1.httpRespond.rpcError('session not initialized'));
+            // Check if session was ever created to differentiate error types per MCP Spec 2025-11-25
+            const wasCreated = transportService.wasSessionCreated('sse', token, session.id);
+            const body = request.body;
+            if (wasCreated) {
+                // Session existed but was terminated/evicted → HTTP 404 (client should re-initialize)
+                logger.info('Session expired - client should re-initialize', {
+                    sessionId: session.id?.slice(0, 20),
+                    tokenHash: token.slice(0, 8),
+                    method: body?.['method'],
+                    requestId: body?.['id'],
+                });
+                this.respond(common_1.httpRespond.sessionExpired('session expired'));
+            }
+            else {
+                // Session was never created → HTTP 404 (per user requirement: invalid/missing session = 404)
+                logger.warn('Session not initialized - client attempted request without initializing', {
+                    sessionId: session.id?.slice(0, 20),
+                    tokenHash: token.slice(0, 8),
+                    method: body?.['method'],
+                    requestId: body?.['id'],
+                    userAgent: request.headers?.['user-agent']?.slice(0, 50),
+                });
+                this.respond(common_1.httpRespond.sessionNotFound('session not initialized'));
+            }
             return;
         }
         await transport.handleRequest(request, response);
@@ -78,7 +146,7 @@ tslib_1.__decorate([
     tslib_1.__metadata("design:type", Function),
     tslib_1.__metadata("design:paramtypes", []),
     tslib_1.__metadata("design:returntype", Promise)
-], HandleSseFlow.prototype, "paseInput", null);
+], HandleSseFlow.prototype, "parseInput", null);
 tslib_1.__decorate([
     Stage('router'),
     tslib_1.__metadata("design:type", Function),

package/src/transport/flows/handle.sse.flow.js.map

@@ -1 +1 @@
-{"version":3,"file":"handle.sse.flow.js","sourceRoot":"","sources":["../../../../src/transport/flows/handle.sse.flow.ts"],"names":[],"mappings":";;;;AAAA,yCAcsB;AACtB,6BAAwB;AAExB,gFAA4E;AAE/D,QAAA,IAAI,GAAG;IAClB,GAAG,EAAE,CAAC,YAAY,EAAE,QAAQ,CAAC;IAC7B,OAAO,EAAE,CAAC,cAAc,EAAE,WAAW,EAAE,gBAAgB,CAAC;IACxD,IAAI,EAAE,EAAE;IACR,QAAQ,EAAE,CAAC,SAAS,CAAC;CACc,CAAC;AAEzB,QAAA,WAAW,GAAG,OAAC,CAAC,MAAM,CAAC;IAClC,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE;IACjB,OAAO,EAAE,wBAAe;IACxB,WAAW,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,YAAY,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC,CAAC,QAAQ,EAAE;CAC1E,CAAC,CAAC;AAEH,MAAM,IAAI,GAAG,mBAA4B,CAAC;AAC1C,MAAM,EAAE,KAAK,EAAE,GAAG,IAAA,oBAAW,EAAC,IAAI,CAAC,CAAC;AAqBrB,IAAM,aAAa,GAAnB,MAAM,aAAc,SAAQ,iBAAqB;IAExD,AAAN,KAAK,CAAC,SAAS;QACb,MAAM,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC;QAElC,MAAM,aAAa,GAAG,OAAO,CAAC,4BAAmB,CAAC,IAAI,CAAkB,CAAC;QACzE,MAAM,EAAE,KAAK,EAAE,GAAG,aAAa,CAAC;QAChC,IAAI,EAAE,OAAO,EAAE,GAAG,aAAa,CAAC;QAEhC,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,GAAG,IAAA,kCAAe,EAAC,YAAY,EAAE,KAAK,CAAC,CAAC;YAC/C,OAAO,CAAC,4BAAmB,CAAC,IAAI,CAAC,CAAC,OAAO,GAAG,OAAO,CAAC;QACtD,CAAC;QACD,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,mBAAW,CAAC,KAAK,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC;IACxD,CAAC;IAGK,AAAN,KAAK,CAAC,MAAM;QACV,MAAM,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC;QAClC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAc,CAAC;QAClC,MAAM,WAAW,GAAG,IAAA,6BAAoB,EAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACvD,MAAM,MAAM,GAAG,IAAA,6BAAoB,EAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QACrD,MAAM,SAAS,GAAG,IAAA,2BAAkB,EAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QACtD,IAAI,WAAW,KAAK,GAAG,MAAM,GAAG,SAAS,EAAE,EAAE,CAAC;YAC5C,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,aAAa,EAAE,YAAY,CAAC,CAAC;QAC9C,CAAC;aAAM,IAAI,WAAW,KAAK,GAAG,MAAM,GAAG,SAAS,UAAU,EAAE,CAAC;YAC3D,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC;QAC3C,CAAC;IACH,CAAC;IAKK,AAAN,KAAK,CAAC,YAAY;QAChB,MAAM,gBAAgB,GAAI,IAAI,CAAC,KAAe,CAAC,gBAAgB,CAAC;QAEhE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC;QAC5C,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC;QAC/C,MAAM,SAAS,GAAG,MAAM,gBAAgB,CAAC,iBAAiB,CAAC,KAAK,EAAE,KAAK,EAAE,OAAO,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC;QAC/F,MAAM,SAAS,CAAC,UAAU,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAC9C,IAAI,CAAC,OAAO,EAAE,CAAC;IACjB,CAAC;IAKK,AAAN,KAAK,CAAC,cAAc;QAClB,qFAAqF;QACrF,oBAAoB;QACpB,mEAAmE;QACnE,YAAY;QACZ,IAAI;QACJ,oDAAoD;QACpD,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC,CAAC;IAC1C,CAAC;IAKK,AAAN,KAAK,CAAC,SAAS;QACb,MAAM,gBAAgB,GAAI,IAAI,CAAC,KAAe,CAAC,gBAAgB,CAAC;QAEhE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC;QAC5C,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC;QAC/C,MAAM,SAAS,GAAG,MAAM,gBAAgB,CAAC,cAAc,CAAC,KAAK,EAAE,KAAK,EAAE,OAAO,CAAC,EAAE,CAAC,CAAC;QAClF,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,IAAI,CAAC,OAAO,CAAC,oBAAW,CAAC,QAAQ,CAAC,yBAAyB,CAAC,CAAC,CAAC;YAC9D,OAAO;QACT,CAAC;QACD,MAAM,SAAS,CAAC,aAAa,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QACjD,IAAI,CAAC,OAAO,EAAE,CAAC;IACjB,CAAC;CACF,CAAA;AAtEO;IADL,KAAK,CAAC,YAAY,CAAC;;;;8CAanB;AAGK;IADL,KAAK,CAAC,QAAQ,CAAC;;;;2CAYf;AAKK;IAHL,KAAK,CAAC,cAAc,EAAE;QACrB,MAAM,EAAE,CAAC,EAAE,KAAK,EAAE,EAAE,WAAW,EAAE,EAAE,EAAE,EAAE,CAAC,WAAW,KAAK,YAAY;KACrE,CAAC;;;;iDASD;AAKK;IAHL,KAAK,CAAC,gBAAgB,EAAE;QACvB,MAAM,EAAE,CAAC,EAAE,KAAK,EAAE,EAAE,WAAW,EAAE,EAAE,EAAE,EAAE,CAAC,WAAW,KAAK,cAAc;KACvE,CAAC;;;;mDASD;AAKK;IAHL,KAAK,CAAC,WAAW,EAAE;QAClB,MAAM,EAAE,CAAC,EAAE,KAAK,EAAE,EAAE,WAAW,EAAE,EAAE,EAAE,EAAE,CAAC,WAAW,KAAK,SAAS;KAClE,CAAC;;;;8CAaD;AAvEkB,aAAa;IAPjC,IAAA,aAAI,EAAC;QACJ,IAAI;QACJ,MAAM,EAAE,YAAY;QACpB,WAAW,EAAE,wBAAe;QAC5B,YAAY,EAAE,yBAAgB;QAC9B,IAAI,EAAJ,YAAI;KACL,CAAC;GACmB,aAAa,CAwEjC;kBAxEoB,aAAa","sourcesContent":["import {\n  Flow,\n  httpInputSchema,\n  FlowRunOptions,\n  httpOutputSchema,\n  FlowPlan,\n  FlowBase,\n  FlowHooksOf,\n  sessionIdSchema,\n  httpRespond,\n  ServerRequestTokens,\n  Authorization,\n  normalizeEntryPrefix,\n  normalizeScopeBase,\n} from '../../common';\nimport { z } from 'zod';\nimport { Scope } from '../../scope';\nimport { createSessionId } from '../../auth/session/utils/session-id.utils';\n\nexport const plan = {\n  pre: ['parseInput', 'router'],\n  execute: ['onInitialize', 'onMessage', 'onElicitResult'],\n  post: [],\n  finalize: ['cleanup'],\n} as const satisfies FlowPlan<string>;\n\nexport const stateSchema = z.object({\n  token: z.string(),\n  session: sessionIdSchema,\n  requestType: z.enum(['initialize', 'message', 'elicitResult']).optional(),\n});\n\nconst name = 'handle:legacy-sse' as const;\nconst { Stage } = FlowHooksOf(name);\n\ndeclare global {\n  interface ExtendFlows {\n    'handle:legacy-sse': FlowRunOptions<\n      HandleSseFlow,\n      typeof plan,\n      typeof httpInputSchema,\n      typeof httpOutputSchema,\n      typeof stateSchema\n    >;\n  }\n}\n\n@Flow({\n  name,\n  access: 'authorized',\n  inputSchema: httpInputSchema,\n  outputSchema: httpOutputSchema,\n  plan,\n})\nexport default class HandleSseFlow extends FlowBase<typeof name> {\n  @Stage('parseInput')\n  async paseInput() {\n    const { request } = this.rawInput;\n\n    const authorization = request[ServerRequestTokens.auth] as Authorization;\n    const { token } = authorization;\n    let { session } = authorization;\n\n    if (!session) {\n      session = createSessionId('legacy-sse', token);\n      request[ServerRequestTokens.auth].session = session;\n    }\n    this.state.set(stateSchema.parse({ token, session }));\n  }\n\n  @Stage('router')\n  async router() {\n    const { request } = this.rawInput;\n    const scope = this.scope as Scope;\n    const requestPath = normalizeEntryPrefix(request.path);\n    const prefix = normalizeEntryPrefix(scope.entryPath);\n    const scopePath = normalizeScopeBase(scope.routeBase);\n    if (requestPath === `${prefix}${scopePath}`) {\n      this.state.set('requestType', 'initialize');\n    } else if (requestPath === `${prefix}${scopePath}/message`) {\n      this.state.set('requestType', 'message');\n    }\n  }\n\n  @Stage('onInitialize', {\n    filter: ({ state: { requestType } }) => requestType === 'initialize',\n  })\n  async onInitialize() {\n    const transportService = (this.scope as Scope).transportService;\n\n    const { request, response } = this.rawInput;\n    const { token, session } = this.state.required;\n    const transport = await transportService.createTransporter('sse', token, session.id, response);\n    await transport.initialize(request, response);\n    this.handled();\n  }\n\n  @Stage('onElicitResult', {\n    filter: ({ state: { requestType } }) => requestType === 'elicitResult',\n  })\n  async onElicitResult() {\n    // const transport = await transportService.getTransporter('sse', token, session.id);\n    // if (!transport) {\n    //   this.respond(httpRespond.rpcError('session not initialized'));\n    //   return;\n    // }\n    // await transport.handleRequest(request, response);\n    this.fail(new Error('Not implemented'));\n  }\n\n  @Stage('onMessage', {\n    filter: ({ state: { requestType } }) => requestType === 'message',\n  })\n  async onMessage() {\n    const transportService = (this.scope as Scope).transportService;\n\n    const { request, response } = this.rawInput;\n    const { token, session } = this.state.required;\n    const transport = await transportService.getTransporter('sse', token, session.id);\n    if (!transport) {\n      this.respond(httpRespond.rpcError('session not initialized'));\n      return;\n    }\n    await transport.handleRequest(request, response);\n    this.handled();\n  }\n}\n"]}
+{"version":3,"file":"handle.sse.flow.js","sourceRoot":"","sources":["../../../../src/transport/flows/handle.sse.flow.ts"],"names":[],"mappings":";;;;AAAA,yCAcsB;AACtB,6BAAwB;AAExB,gFAA4E;AAE/D,QAAA,IAAI,GAAG;IAClB,GAAG,EAAE,CAAC,YAAY,EAAE,QAAQ,CAAC;IAC7B,OAAO,EAAE,CAAC,cAAc,EAAE,WAAW,EAAE,gBAAgB,CAAC;IACxD,IAAI,EAAE,EAAE;IACR,QAAQ,EAAE,CAAC,SAAS,CAAC;CACc,CAAC;AAEtC,mGAAmG;AACnG,MAAM,kBAAkB,GAAG,OAAC,CAAC,MAAM,CAAC;IAClC,EAAE,EAAE,OAAC,CAAC,MAAM,EAAE;IACd,OAAO,EAAE,OAAC;SACP,MAAM,CAAC;QACN,MAAM,EAAE,OAAC,CAAC,MAAM,EAAE;QAClB,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE;QACnB,IAAI,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE;QACvB,GAAG,EAAE,OAAC,CAAC,MAAM,EAAE;QACf,QAAQ,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,YAAY,EAAE,KAAK,EAAE,iBAAiB,EAAE,eAAe,EAAE,gBAAgB,CAAC,CAAC,CAAC,QAAQ,EAAE;QACxG,QAAQ,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;QAChC,YAAY,EAAE,OAAC;aACZ,IAAI,CAAC,CAAC,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,QAAQ,EAAE,UAAU,EAAE,MAAM,EAAE,aAAa,EAAE,UAAU,EAAE,SAAS,CAAC,CAAC;aACxG,QAAQ,EAAE;KACd,CAAC;SACD,QAAQ,EAAE;CACd,CAAC,CAAC;AAEU,QAAA,WAAW,GAAG,OAAC,CAAC,MAAM,CAAC;IAClC,KAAK,EAAE,OAAC,CAAC,MAAM,EAAE;IACjB,OAAO,EAAE,kBAAkB;IAC3B,WAAW,EAAE,OAAC,CAAC,IAAI,CAAC,CAAC,YAAY,EAAE,SAAS,EAAE,cAAc,CAAC,CAAC,CAAC,QAAQ,EAAE;CAC1E,CAAC,CAAC;AAEH,MAAM,IAAI,GAAG,mBAA4B,CAAC;AAC1C,MAAM,EAAE,KAAK,EAAE,GAAG,IAAA,oBAAW,EAAC,IAAI,CAAC,CAAC;AAqBrB,IAAM,aAAa,GAAnB,MAAM,aAAc,SAAQ,iBAAqB;IAExD,AAAN,KAAK,CAAC,UAAU;QACd,MAAM,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC;QAElC,MAAM,aAAa,GAAG,OAAO,CAAC,4BAAmB,CAAC,IAAI,CAAkB,CAAC;QACzE,MAAM,EAAE,KAAK,EAAE,GAAG,aAAa,CAAC;QAEhC,kFAAkF;QAClF,2DAA2D;QAC3D,EAAE;QACF,oFAAoF;QACpF,qFAAqF;QACrF,4EAA4E;QAC5E,uFAAuF;QACvF,MAAM,gBAAgB,GAAG,OAAO,CAAC,OAAO,EAAE,CAAC,gBAAgB,CAAuB,CAAC;QAEnF,IAAI,OAAoF,CAAC;QAEzF,IAAI,gBAAgB,EAAE,CAAC;YACrB,8DAA8D;YAC9D,sFAAsF;YACtF,iGAAiG;YACjG,IAAI,aAAa,CAAC,OAAO,EAAE,EAAE,KAAK,gBAAgB,EAAE,CAAC;gBACnD,OAAO,GAAG,aAAa,CAAC,OAAO,CAAC;YAClC,CAAC;iBAAM,CAAC;gBACN,OAAO,GAAG,EAAE,EAAE,EAAE,gBAAgB,EAAE,CAAC;YACrC,CAAC;QACH,CAAC;aAAM,IAAI,aAAa,CAAC,OAAO,EAAE,CAAC;YACjC,qFAAqF;YACrF,OAAO,GAAG,aAAa,CAAC,OAAO,CAAC;QAClC,CAAC;aAAM,CAAC;YACN,mDAAmD;YACnD,OAAO,GAAG,IAAA,kCAAe,EAAC,YAAY,EAAE,KAAK,EAAE;gBAC7C,SAAS,EAAE,OAAO,CAAC,OAAO,EAAE,CAAC,YAAY,CAAuB;gBAChE,uBAAuB,EAAG,IAAI,CAAC,KAAe,CAAC,QAAQ,EAAE,OAAO,EAAE,iBAAiB;aACpF,CAAC,CAAC;QACL,CAAC;QAED,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,mBAAW,CAAC,KAAK,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC;IACxD,CAAC;IAGK,AAAN,KAAK,CAAC,MAAM;QACV,MAAM,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC;QAClC,MAAM,KAAK,GAAG,IAAI,CAAC,KAAc,CAAC;QAClC,MAAM,WAAW,GAAG,IAAA,6BAAoB,EAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACvD,MAAM,MAAM,GAAG,IAAA,6BAAoB,EAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QACrD,MAAM,SAAS,GAAG,IAAA,2BAAkB,EAAC,KAAK,CAAC,SAAS,CAAC,CAAC;QACtD,MAAM,QAAQ,GAAG,GAAG,MAAM,GAAG,SAAS,EAAE,CAAC;QAEzC,IAAI,WAAW,KAAK,GAAG,QAAQ,MAAM,EAAE,CAAC;YACtC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,aAAa,EAAE,YAAY,CAAC,CAAC;QAC9C,CAAC;aAAM,IAAI,WAAW,KAAK,GAAG,QAAQ,UAAU,EAAE,CAAC;YACjD,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC;QAC3C,CAAC;IACH,CAAC;IAKK,AAAN,KAAK,CAAC,YAAY;QAChB,MAAM,gBAAgB,GAAI,IAAI,CAAC,KAAe,CAAC,gBAAgB,CAAC;QAEhE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC;QAC5C,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC;QAC/C,MAAM,SAAS,GAAG,MAAM,gBAAgB,CAAC,iBAAiB,CAAC,KAAK,EAAE,KAAK,EAAE,OAAO,CAAC,EAAE,EAAE,QAAQ,CAAC,CAAC;QAC/F,MAAM,SAAS,CAAC,UAAU,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QAC9C,IAAI,CAAC,OAAO,EAAE,CAAC;IACjB,CAAC;IAKK,AAAN,KAAK,CAAC,cAAc;QAClB,qFAAqF;QACrF,oBAAoB;QACpB,mEAAmE;QACnE,YAAY;QACZ,IAAI;QACJ,oDAAoD;QACpD,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC,CAAC;IAC1C,CAAC;IAKK,AAAN,KAAK,CAAC,SAAS;QACb,MAAM,gBAAgB,GAAI,IAAI,CAAC,KAAe,CAAC,gBAAgB,CAAC;QAChE,MAAM,MAAM,GAAG,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,6BAA6B,CAAC,CAAC;QAErE,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,GAAG,IAAI,CAAC,QAAQ,CAAC;QAC5C,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC;QAC/C,MAAM,SAAS,GAAG,MAAM,gBAAgB,CAAC,cAAc,CAAC,KAAK,EAAE,KAAK,EAAE,OAAO,CAAC,EAAE,CAAC,CAAC;QAClF,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,yFAAyF;YACzF,MAAM,UAAU,GAAG,gBAAgB,CAAC,iBAAiB,CAAC,KAAK,EAAE,KAAK,EAAE,OAAO,CAAC,EAAE,CAAC,CAAC;YAChF,MAAM,IAAI,GAAG,OAAO,CAAC,IAA2C,CAAC;YAEjE,IAAI,UAAU,EAAE,CAAC;gBACf,sFAAsF;gBACtF,MAAM,CAAC,IAAI,CAAC,+CAA+C,EAAE;oBAC3D,SAAS,EAAE,OAAO,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;oBACnC,SAAS,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;oBAC5B,MAAM,EAAE,IAAI,EAAE,CAAC,QAAQ,CAAC;oBACxB,SAAS,EAAE,IAAI,EAAE,CAAC,IAAI,CAAC;iBACxB,CAAC,CAAC;gBACH,IAAI,CAAC,OAAO,CAAC,oBAAW,CAAC,cAAc,CAAC,iBAAiB,CAAC,CAAC,CAAC;YAC9D,CAAC;iBAAM,CAAC;gBACN,6FAA6F;gBAC7F,MAAM,CAAC,IAAI,CAAC,yEAAyE,EAAE;oBACrF,SAAS,EAAE,OAAO,CAAC,EAAE,EAAE,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;oBACnC,SAAS,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;oBAC5B,MAAM,EAAE,IAAI,EAAE,CAAC,QAAQ,CAAC;oBACxB,SAAS,EAAE,IAAI,EAAE,CAAC,IAAI,CAAC;oBACvB,SAAS,EAAG,OAAO,CAAC,OAAO,EAAE,CAAC,YAAY,CAAwB,EAAE,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;iBACjF,CAAC,CAAC;gBACH,IAAI,CAAC,OAAO,CAAC,oBAAW,CAAC,eAAe,CAAC,yBAAyB,CAAC,CAAC,CAAC;YACvE,CAAC;YACD,OAAO;QACT,CAAC;QACD,MAAM,SAAS,CAAC,aAAa,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;QACjD,IAAI,CAAC,OAAO,EAAE,CAAC;IACjB,CAAC;CACF,CAAA;AA1HO;IADL,KAAK,CAAC,YAAY,CAAC;;;;+CAuCnB;AAGK;IADL,KAAK,CAAC,QAAQ,CAAC;;;;2CAcf;AAKK;IAHL,KAAK,CAAC,cAAc,EAAE;QACrB,MAAM,EAAE,CAAC,EAAE,KAAK,EAAE,EAAE,WAAW,EAAE,EAAE,EAAE,EAAE,CAAC,WAAW,KAAK,YAAY;KACrE,CAAC;;;;iDASD;AAKK;IAHL,KAAK,CAAC,gBAAgB,EAAE;QACvB,MAAM,EAAE,CAAC,EAAE,KAAK,EAAE,EAAE,WAAW,EAAE,EAAE,EAAE,EAAE,CAAC,WAAW,KAAK,cAAc;KACvE,CAAC;;;;mDASD;AAKK;IAHL,KAAK,CAAC,WAAW,EAAE;QAClB,MAAM,EAAE,CAAC,EAAE,KAAK,EAAE,EAAE,WAAW,EAAE,EAAE,EAAE,EAAE,CAAC,WAAW,KAAK,SAAS;KAClE,CAAC;;;;8CAqCD;AA3HkB,aAAa;IAPjC,IAAA,aAAI,EAAC;QACJ,IAAI;QACJ,MAAM,EAAE,YAAY;QACpB,WAAW,EAAE,wBAAe;QAC5B,YAAY,EAAE,yBAAgB;QAC9B,IAAI,EAAJ,YAAI;KACL,CAAC;GACmB,aAAa,CA4HjC;kBA5HoB,aAAa","sourcesContent":["import {\n  Flow,\n  httpInputSchema,\n  FlowRunOptions,\n  httpOutputSchema,\n  FlowPlan,\n  FlowBase,\n  FlowHooksOf,\n  sessionIdSchema,\n  httpRespond,\n  ServerRequestTokens,\n  Authorization,\n  normalizeEntryPrefix,\n  normalizeScopeBase,\n} from '../../common';\nimport { z } from 'zod';\nimport { Scope } from '../../scope';\nimport { createSessionId } from '../../auth/session/utils/session-id.utils';\n\nexport const plan = {\n  pre: ['parseInput', 'router'],\n  execute: ['onInitialize', 'onMessage', 'onElicitResult'],\n  post: [],\n  finalize: ['cleanup'],\n} as const satisfies FlowPlan<string>;\n\n// Relaxed session schema for state - payload is optional when using mcp-session-id header directly\nconst stateSessionSchema = z.object({\n  id: z.string(),\n  payload: z\n    .object({\n      nodeId: z.string(),\n      authSig: z.string(),\n      uuid: z.string().uuid(),\n      iat: z.number(),\n      protocol: z.enum(['legacy-sse', 'sse', 'streamable-http', 'stateful-http', 'stateless-http']).optional(),\n      isPublic: z.boolean().optional(),\n      platformType: z\n        .enum(['openai', 'claude', 'gemini', 'cursor', 'continue', 'cody', 'generic-mcp', 'ext-apps', 'unknown'])\n        .optional(),\n    })\n    .optional(),\n});\n\nexport const stateSchema = z.object({\n  token: z.string(),\n  session: stateSessionSchema,\n  requestType: z.enum(['initialize', 'message', 'elicitResult']).optional(),\n});\n\nconst name = 'handle:legacy-sse' as const;\nconst { Stage } = FlowHooksOf(name);\n\ndeclare global {\n  interface ExtendFlows {\n    'handle:legacy-sse': FlowRunOptions<\n      HandleSseFlow,\n      typeof plan,\n      typeof httpInputSchema,\n      typeof httpOutputSchema,\n      typeof stateSchema\n    >;\n  }\n}\n\n@Flow({\n  name,\n  access: 'authorized',\n  inputSchema: httpInputSchema,\n  outputSchema: httpOutputSchema,\n  plan,\n})\nexport default class HandleSseFlow extends FlowBase<typeof name> {\n  @Stage('parseInput')\n  async parseInput() {\n    const { request } = this.rawInput;\n\n    const authorization = request[ServerRequestTokens.auth] as Authorization;\n    const { token } = authorization;\n\n    // CRITICAL: The mcp-session-id header is the client's reference to their session.\n    // We MUST use this exact ID for transport registry lookup.\n    //\n    // Priority 1: Use mcp-session-id header if present (client's session ID for lookup)\n    //             This is the ID the client received from initialize and is referencing.\n    // Priority 2: Use session from authorization if header matches or is absent\n    // Priority 3: Create new session (first request - no header, no authorization.session)\n    const mcpSessionHeader = request.headers?.['mcp-session-id'] as string | undefined;\n\n    let session: { id: string; payload?: z.infer<typeof stateSchema>['session']['payload'] };\n\n    if (mcpSessionHeader) {\n      // Client sent session ID - ALWAYS use it for transport lookup\n      // If authorization.session exists and matches, use its payload for protocol detection\n      // If authorization.session differs or is missing, still use header ID (payload may be undefined)\n      if (authorization.session?.id === mcpSessionHeader) {\n        session = authorization.session;\n      } else {\n        session = { id: mcpSessionHeader };\n      }\n    } else if (authorization.session) {\n      // No header but authorization has session - use it (shouldn't happen in normal flow)\n      session = authorization.session;\n    } else {\n      // No session - create new one (initialize request)\n      session = createSessionId('legacy-sse', token, {\n        userAgent: request.headers?.['user-agent'] as string | undefined,\n        platformDetectionConfig: (this.scope as Scope).metadata?.session?.platformDetection,\n      });\n    }\n\n    this.state.set(stateSchema.parse({ token, session }));\n  }\n\n  @Stage('router')\n  async router() {\n    const { request } = this.rawInput;\n    const scope = this.scope as Scope;\n    const requestPath = normalizeEntryPrefix(request.path);\n    const prefix = normalizeEntryPrefix(scope.entryPath);\n    const scopePath = normalizeScopeBase(scope.routeBase);\n    const basePath = `${prefix}${scopePath}`;\n\n    if (requestPath === `${basePath}/sse`) {\n      this.state.set('requestType', 'initialize');\n    } else if (requestPath === `${basePath}/message`) {\n      this.state.set('requestType', 'message');\n    }\n  }\n\n  @Stage('onInitialize', {\n    filter: ({ state: { requestType } }) => requestType === 'initialize',\n  })\n  async onInitialize() {\n    const transportService = (this.scope as Scope).transportService;\n\n    const { request, response } = this.rawInput;\n    const { token, session } = this.state.required;\n    const transport = await transportService.createTransporter('sse', token, session.id, response);\n    await transport.initialize(request, response);\n    this.handled();\n  }\n\n  @Stage('onElicitResult', {\n    filter: ({ state: { requestType } }) => requestType === 'elicitResult',\n  })\n  async onElicitResult() {\n    // const transport = await transportService.getTransporter('sse', token, session.id);\n    // if (!transport) {\n    //   this.respond(httpRespond.rpcError('session not initialized'));\n    //   return;\n    // }\n    // await transport.handleRequest(request, response);\n    this.fail(new Error('Not implemented'));\n  }\n\n  @Stage('onMessage', {\n    filter: ({ state: { requestType } }) => requestType === 'message',\n  })\n  async onMessage() {\n    const transportService = (this.scope as Scope).transportService;\n    const logger = this.scopeLogger.child('handle:legacy-sse:onMessage');\n\n    const { request, response } = this.rawInput;\n    const { token, session } = this.state.required;\n    const transport = await transportService.getTransporter('sse', token, session.id);\n    if (!transport) {\n      // Check if session was ever created to differentiate error types per MCP Spec 2025-11-25\n      const wasCreated = transportService.wasSessionCreated('sse', token, session.id);\n      const body = request.body as Record<string, unknown> | undefined;\n\n      if (wasCreated) {\n        // Session existed but was terminated/evicted → HTTP 404 (client should re-initialize)\n        logger.info('Session expired - client should re-initialize', {\n          sessionId: session.id?.slice(0, 20),\n          tokenHash: token.slice(0, 8),\n          method: body?.['method'],\n          requestId: body?.['id'],\n        });\n        this.respond(httpRespond.sessionExpired('session expired'));\n      } else {\n        // Session was never created → HTTP 404 (per user requirement: invalid/missing session = 404)\n        logger.warn('Session not initialized - client attempted request without initializing', {\n          sessionId: session.id?.slice(0, 20),\n          tokenHash: token.slice(0, 8),\n          method: body?.['method'],\n          requestId: body?.['id'],\n          userAgent: (request.headers?.['user-agent'] as string | undefined)?.slice(0, 50),\n        });\n        this.respond(httpRespond.sessionNotFound('session not initialized'));\n      }\n      return;\n    }\n    await transport.handleRequest(request, response);\n    this.handled();\n  }\n}\n"]}

package/src/transport/flows/handle.stateless-http.flow.d.ts

@@ -0,0 +1,29 @@
+import { httpInputSchema, FlowRunOptions, httpOutputSchema, FlowBase } from '../../common';
+import { z } from 'zod';
+export declare const plan: {
+    readonly pre: ["parseInput", "router"];
+    readonly execute: ["handleRequest"];
+    readonly post: [];
+    readonly finalize: ["cleanup"];
+};
+export declare const stateSchema: z.ZodObject<{
+    token: z.ZodOptional<z.ZodString>;
+    isAuthenticated: z.ZodBoolean;
+    requestType: z.ZodOptional<z.ZodEnum<{
+        message: "message";
+        initialize: "initialize";
+    }>>;
+}, z.core.$strip>;
+declare const name: "handle:stateless-http";
+declare global {
+    interface ExtendFlows {
+        'handle:stateless-http': FlowRunOptions<HandleStatelessHttpFlow, typeof plan, typeof httpInputSchema, typeof httpOutputSchema, typeof stateSchema>;
+    }
+}
+export default class HandleStatelessHttpFlow extends FlowBase<typeof name> {
+    name: "handle:stateless-http";
+    parseInput(): Promise<void>;
+    router(): Promise<void>;
+    handleRequest(): Promise<void>;
+}
+export {};