@frontmcp/sdk 0.4.0 → 0.5.0

package/src/transport/mcp-handlers/logging-set-level-request.handler.d.ts

@@ -0,0 +1,46 @@
+import { SetLevelRequest, EmptyResult } from '@modelcontextprotocol/sdk/types.js';
+import { McpHandlerOptions } from './mcp-handlers.types';
+/**
+ * Handler for the logging/setLevel MCP request.
+ * Per MCP 2025-11-25 spec, this allows clients to set the minimum log level
+ * for log messages sent via notifications/message.
+ */
+export default function LoggingSetLevelRequestHandler({ scope }: McpHandlerOptions): {
+    requestSchema: import("zod").ZodObject<{
+        method: import("zod").ZodLiteral<"logging/setLevel">;
+        params: import("zod").ZodObject<{
+            _meta: import("zod").ZodOptional<import("zod").ZodObject<{
+                progressToken: import("zod").ZodOptional<import("zod").ZodUnion<readonly [import("zod").ZodString, import("zod").ZodNumber]>>;
+            }, import("zod/v4/core").$loose>>;
+            level: import("zod").ZodEnum<{
+                error: "error";
+                debug: "debug";
+                info: "info";
+                notice: "notice";
+                warning: "warning";
+                critical: "critical";
+                alert: "alert";
+                emergency: "emergency";
+            }>;
+        }, import("zod/v4/core").$loose>;
+    }, import("zod/v4/core").$strip>;
+    handler: (request: SetLevelRequest, ctx: import("./mcp-handlers.types").McpRequestHandler<{
+        method: "logging/setLevel";
+        params: {
+            [x: string]: unknown;
+            level: "error" | "debug" | "info" | "warning" | "notice" | "critical" | "alert" | "emergency";
+            _meta?: {
+                [x: string]: unknown;
+                progressToken?: string | number | undefined;
+            } | undefined;
+        };
+    }, {
+        method: string;
+        params?: {
+            [x: string]: unknown;
+            _meta?: {
+                [x: string]: unknown;
+            } | undefined;
+        } | undefined;
+    }>) => Promise<EmptyResult>;
+};

package/src/transport/mcp-handlers/logging-set-level-request.handler.js

@@ -0,0 +1,34 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.default = LoggingSetLevelRequestHandler;
+const types_js_1 = require("@modelcontextprotocol/sdk/types.js");
+/**
+ * Handler for the logging/setLevel MCP request.
+ * Per MCP 2025-11-25 spec, this allows clients to set the minimum log level
+ * for log messages sent via notifications/message.
+ */
+function LoggingSetLevelRequestHandler({ scope }) {
+    return {
+        requestSchema: types_js_1.SetLevelRequestSchema,
+        handler: async (request, ctx) => {
+            const { level } = request.params;
+            // Get session ID from auth context
+            const sessionId = ctx.authInfo?.sessionId;
+            if (!sessionId) {
+                scope.logger.warn('logging/setLevel: No session ID found in request context');
+                return {};
+            }
+            // Set the log level for this session
+            const success = scope.notifications.setLogLevel(sessionId, level);
+            if (!success) {
+                scope.logger.warn(`logging/setLevel: Failed to set log level for session ${sessionId.slice(0, 20)}...`);
+            }
+            else {
+                scope.logger.verbose(`logging/setLevel: Set level to '${level}' for session ${sessionId.slice(0, 20)}...`);
+            }
+            // Per MCP spec, return empty result
+            return {};
+        },
+    };
+}
+//# sourceMappingURL=logging-set-level-request.handler.js.map

package/src/transport/mcp-handlers/logging-set-level-request.handler.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"logging-set-level-request.handler.js","sourceRoot":"","sources":["../../../../src/transport/mcp-handlers/logging-set-level-request.handler.ts"],"names":[],"mappings":";;AAQA,gDA0BC;AAlCD,iEAAyG;AAGzG;;;;GAIG;AACH,SAAwB,6BAA6B,CAAC,EAAE,KAAK,EAAqB;IAChF,OAAO;QACL,aAAa,EAAE,gCAAqB;QACpC,OAAO,EAAE,KAAK,EAAE,OAAwB,EAAE,GAAG,EAAwB,EAAE;YACrE,MAAM,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC;YAEjC,mCAAmC;YACnC,MAAM,SAAS,GAAG,GAAG,CAAC,QAAQ,EAAE,SAAS,CAAC;YAC1C,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,0DAA0D,CAAC,CAAC;gBAC9E,OAAO,EAAE,CAAC;YACZ,CAAC;YAED,qCAAqC;YACrC,MAAM,OAAO,GAAG,KAAK,CAAC,aAAa,CAAC,WAAW,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;YAElE,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,yDAAyD,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC;YAC1G,CAAC;iBAAM,CAAC;gBACN,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,mCAAmC,KAAK,iBAAiB,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,CAAC;YAC7G,CAAC;YAED,oCAAoC;YACpC,OAAO,EAAE,CAAC;QACZ,CAAC;KACiD,CAAC;AACvD,CAAC","sourcesContent":["import { SetLevelRequestSchema, SetLevelRequest, EmptyResult } from '@modelcontextprotocol/sdk/types.js';\nimport { McpHandler, McpHandlerOptions } from './mcp-handlers.types';\n\n/**\n * Handler for the logging/setLevel MCP request.\n * Per MCP 2025-11-25 spec, this allows clients to set the minimum log level\n * for log messages sent via notifications/message.\n */\nexport default function LoggingSetLevelRequestHandler({ scope }: McpHandlerOptions) {\n  return {\n    requestSchema: SetLevelRequestSchema,\n    handler: async (request: SetLevelRequest, ctx): Promise<EmptyResult> => {\n      const { level } = request.params;\n\n      // Get session ID from auth context\n      const sessionId = ctx.authInfo?.sessionId;\n      if (!sessionId) {\n        scope.logger.warn('logging/setLevel: No session ID found in request context');\n        return {};\n      }\n\n      // Set the log level for this session\n      const success = scope.notifications.setLogLevel(sessionId, level);\n\n      if (!success) {\n        scope.logger.warn(`logging/setLevel: Failed to set log level for session ${sessionId.slice(0, 20)}...`);\n      } else {\n        scope.logger.verbose(`logging/setLevel: Set level to '${level}' for session ${sessionId.slice(0, 20)}...`);\n      }\n\n      // Per MCP spec, return empty result\n      return {};\n    },\n  } satisfies McpHandler<SetLevelRequest, EmptyResult>;\n}\n"]}

package/src/transport/mcp-handlers/mcp-handlers.types.d.ts

@@ -1,4 +1,4 @@
-import { z, ZodTypeAny, ZodObject, ZodLiteral } from 'zod';
+import { z, ZodType } from 'zod';
 import { Notification, Request, Result } from '@modelcontextprotocol/sdk/types.js';
 import { RequestHandlerExtra } from '@modelcontextprotocol/sdk/shared/protocol.js';
 import { ServerOptions } from '@modelcontextprotocol/sdk/server/index.js';
@@ -10,12 +10,8 @@ type Primitive = string | number | boolean | bigint | null | undefined;
 type Flatten<T> = T extends Primitive ? T : T extends Array<infer U> ? Array<Flatten<U>> : T extends Set<infer U> ? Set<Flatten<U>> : T extends Map<infer K, infer V> ? Map<Flatten<K>, Flatten<V>> : T extends object ? {
     [K in keyof T]: Flatten<T[K]>;
 } : T;
-type Infer<Schema extends ZodTypeAny> = Flatten<z.infer<Schema>>;
-export interface McpHandler<HandlerRequest extends Request = Request, HandlerResult extends Result = Result, In extends ZodObject<{
-    method: ZodLiteral<string>;
-}> = ZodObject<{
-    method: ZodLiteral<string>;
-}>, Out extends ZodObject<any> = ZodObject<any>, HandlerNotification extends Notification = Notification> {
+type Infer<Schema extends ZodType> = Flatten<z.infer<Schema>>;
+export interface McpHandler<HandlerRequest extends Request = Request, HandlerResult extends Result = Result, In extends z.ZodObject<any> = z.ZodObject<any>, Out extends z.ZodObject<any> = z.ZodObject<any>, HandlerNotification extends Notification = Notification> {
     when?: (request: Infer<In>) => boolean;
     requestSchema: In;
     responseSchema?: Out;

package/src/transport/mcp-handlers/mcp-handlers.types.js.map

@@ -1 +1 @@
-{"version":3,"file":"mcp-handlers.types.js","sourceRoot":"","sources":["../../../../src/transport/mcp-handlers/mcp-handlers.types.ts"],"names":[],"mappings":"","sourcesContent":["import { z, ZodTypeAny, ZodObject, ZodLiteral } from 'zod';\nimport { Notification, Request, Result } from '@modelcontextprotocol/sdk/types.js';\nimport { RequestHandlerExtra } from '@modelcontextprotocol/sdk/shared/protocol.js';\nimport { ServerOptions } from '@modelcontextprotocol/sdk/server/index.js';\nimport { AuthInfo } from '@modelcontextprotocol/sdk/server/auth/types.js';\nimport { LocalTransporter } from '../transport.local';\nimport { Authorization } from '../../common';\nimport { Scope } from '../../scope';\n\ntype Primitive = string | number | boolean | bigint | null | undefined;\ntype Flatten<T> = T extends Primitive\n  ? T\n  : T extends Array<infer U>\n  ? Array<Flatten<U>>\n  : T extends Set<infer U>\n  ? Set<Flatten<U>>\n  : T extends Map<infer K, infer V>\n  ? Map<Flatten<K>, Flatten<V>>\n  : T extends object\n  ? {\n      [K in keyof T]: Flatten<T[K]>;\n    }\n  : T;\ntype Infer<Schema extends ZodTypeAny> = Flatten<z.infer<Schema>>;\n\nexport interface McpHandler<\n  HandlerRequest extends Request = Request,\n  HandlerResult extends Result = Result,\n  In extends ZodObject<{ method: ZodLiteral<string> }> = ZodObject<{ method: ZodLiteral<string> }>,\n  Out extends ZodObject<any> = ZodObject<any>,\n  HandlerNotification extends Notification = Notification,\n> {\n  when?: (request: Infer<In>) => boolean;\n  requestSchema: In;\n  responseSchema?: Out;\n\n  handler: (\n    request: HandlerRequest,\n    ctx: McpRequestHandler<HandlerRequest, HandlerNotification>,\n  ) => Promise<HandlerResult> | HandlerResult;\n}\n\nexport type McpHandlerOptions = {\n  scope: Scope;\n  serverOptions: ServerOptions;\n};\n\nexport type McpRequestHandler<\n  SendRequestT extends Request,\n  SendNotificationT extends Notification,\n> = RequestHandlerExtra<SendRequestT, SendNotificationT> & {\n  authInfo?: AuthInfo & {\n    extra?: {\n      [key: string]: unknown;\n      transport: LocalTransporter;\n      authSession: Authorization;\n    };\n  };\n};\n"]}
+{"version":3,"file":"mcp-handlers.types.js","sourceRoot":"","sources":["../../../../src/transport/mcp-handlers/mcp-handlers.types.ts"],"names":[],"mappings":"","sourcesContent":["import { z, ZodType, ZodLiteral } from 'zod';\nimport { Notification, Request, Result } from '@modelcontextprotocol/sdk/types.js';\nimport { RequestHandlerExtra } from '@modelcontextprotocol/sdk/shared/protocol.js';\nimport { ServerOptions } from '@modelcontextprotocol/sdk/server/index.js';\nimport { AuthInfo } from '@modelcontextprotocol/sdk/server/auth/types.js';\nimport { LocalTransporter } from '../transport.local';\nimport { Authorization } from '../../common';\nimport { Scope } from '../../scope';\n\ntype Primitive = string | number | boolean | bigint | null | undefined;\ntype Flatten<T> = T extends Primitive\n  ? T\n  : T extends Array<infer U>\n  ? Array<Flatten<U>>\n  : T extends Set<infer U>\n  ? Set<Flatten<U>>\n  : T extends Map<infer K, infer V>\n  ? Map<Flatten<K>, Flatten<V>>\n  : T extends object\n  ? {\n      [K in keyof T]: Flatten<T[K]>;\n    }\n  : T;\ntype Infer<Schema extends ZodType> = Flatten<z.infer<Schema>>;\n\nexport interface McpHandler<\n  HandlerRequest extends Request = Request,\n  HandlerResult extends Result = Result,\n  In extends z.ZodObject<any> = z.ZodObject<any>,\n  Out extends z.ZodObject<any> = z.ZodObject<any>,\n  HandlerNotification extends Notification = Notification,\n> {\n  when?: (request: Infer<In>) => boolean;\n  requestSchema: In;\n  responseSchema?: Out;\n\n  handler: (\n    request: HandlerRequest,\n    ctx: McpRequestHandler<HandlerRequest, HandlerNotification>,\n  ) => Promise<HandlerResult> | HandlerResult;\n}\n\nexport type McpHandlerOptions = {\n  scope: Scope;\n  serverOptions: ServerOptions;\n};\n\nexport type McpRequestHandler<\n  SendRequestT extends Request,\n  SendNotificationT extends Notification,\n> = RequestHandlerExtra<SendRequestT, SendNotificationT> & {\n  authInfo?: AuthInfo & {\n    extra?: {\n      [key: string]: unknown;\n      transport: LocalTransporter;\n      authSession: Authorization;\n    };\n  };\n};\n"]}

package/src/transport/mcp-handlers/read-resource-request.handler.d.ts

@@ -0,0 +1,46 @@
+import { ReadResourceRequest } from '@modelcontextprotocol/sdk/types.js';
+import { McpHandlerOptions } from './mcp-handlers.types';
+export default function readResourceRequestHandler({ scope }: McpHandlerOptions): {
+    requestSchema: import("zod").ZodObject<{
+        method: import("zod").ZodLiteral<"resources/read">;
+        params: import("zod").ZodObject<{
+            _meta: import("zod").ZodOptional<import("zod").ZodObject<{
+                progressToken: import("zod").ZodOptional<import("zod").ZodUnion<readonly [import("zod").ZodString, import("zod").ZodNumber]>>;
+            }, import("zod/v4/core").$loose>>;
+            uri: import("zod").ZodString;
+        }, import("zod/v4/core").$loose>;
+    }, import("zod/v4/core").$strip>;
+    handler: (request: ReadResourceRequest, ctx: import("./mcp-handlers.types").McpRequestHandler<{
+        method: "resources/read";
+        params: {
+            [x: string]: unknown;
+            uri: string;
+            _meta?: {
+                [x: string]: unknown;
+                progressToken?: string | number | undefined;
+            } | undefined;
+        };
+    }, {
+        method: string;
+        params?: {
+            [x: string]: unknown;
+            _meta?: {
+                [x: string]: unknown;
+            } | undefined;
+        } | undefined;
+    }>) => Promise<{
+        [x: string]: unknown;
+        contents: ({
+            uri: string;
+            text: string;
+            mimeType?: string | undefined;
+            _meta?: Record<string, unknown> | undefined;
+        } | {
+            uri: string;
+            blob: string;
+            mimeType?: string | undefined;
+            _meta?: Record<string, unknown> | undefined;
+        })[];
+        _meta?: Record<string, unknown> | undefined;
+    }>;
+};

package/src/transport/mcp-handlers/read-resource-request.handler.js

@@ -0,0 +1,12 @@
+"use strict";
+// file: libs/sdk/src/transport/mcp-handlers/read-resource-request.handler.ts
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.default = readResourceRequestHandler;
+const types_js_1 = require("@modelcontextprotocol/sdk/types.js");
+function readResourceRequestHandler({ scope }) {
+    return {
+        requestSchema: types_js_1.ReadResourceRequestSchema,
+        handler: (request, ctx) => scope.runFlowForOutput('resources:read-resource', { request, ctx }),
+    };
+}
+//# sourceMappingURL=read-resource-request.handler.js.map

package/src/transport/mcp-handlers/read-resource-request.handler.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"read-resource-request.handler.js","sourceRoot":"","sources":["../../../../src/transport/mcp-handlers/read-resource-request.handler.ts"],"names":[],"mappings":";AAAA,6EAA6E;;AAK7E,6CAKC;AARD,iEAAwH;AAGxH,SAAwB,0BAA0B,CAAC,EAAE,KAAK,EAAqB;IAC7E,OAAO;QACL,aAAa,EAAE,oCAAyB;QACxC,OAAO,EAAE,CAAC,OAA4B,EAAE,GAAG,EAAE,EAAE,CAAC,KAAK,CAAC,gBAAgB,CAAC,yBAAyB,EAAE,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC;KACtD,CAAC;AAClE,CAAC","sourcesContent":["// file: libs/sdk/src/transport/mcp-handlers/read-resource-request.handler.ts\n\nimport { ReadResourceRequestSchema, ReadResourceRequest, ReadResourceResult } from '@modelcontextprotocol/sdk/types.js';\nimport { McpHandler, McpHandlerOptions } from './mcp-handlers.types';\n\nexport default function readResourceRequestHandler({ scope }: McpHandlerOptions) {\n  return {\n    requestSchema: ReadResourceRequestSchema,\n    handler: (request: ReadResourceRequest, ctx) => scope.runFlowForOutput('resources:read-resource', { request, ctx }),\n  } satisfies McpHandler<ReadResourceRequest, ReadResourceResult>;\n}\n"]}

package/src/transport/mcp-handlers/roots-list-changed-notification.handler.d.ts

@@ -0,0 +1,11 @@
+import { Result } from '@modelcontextprotocol/sdk/types.js';
+import { McpHandler, McpHandlerOptions } from './mcp-handlers.types';
+import type { RootsListChangedNotification } from '@modelcontextprotocol/sdk/types.js';
+/**
+ * Handler for `notifications/roots/list_changed` notification from the client.
+ *
+ * Per MCP 2025-11-25 spec, this notification is sent by clients that support
+ * roots to indicate that the list of roots has changed. When received, the
+ * server should invalidate any cached roots and optionally re-fetch them.
+ */
+export default function rootsListChangedNotificationHandler({ scope, }: McpHandlerOptions): McpHandler<RootsListChangedNotification, Result>;

package/src/transport/mcp-handlers/roots-list-changed-notification.handler.js

@@ -0,0 +1,26 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.default = rootsListChangedNotificationHandler;
+const types_js_1 = require("@modelcontextprotocol/sdk/types.js");
+/**
+ * Handler for `notifications/roots/list_changed` notification from the client.
+ *
+ * Per MCP 2025-11-25 spec, this notification is sent by clients that support
+ * roots to indicate that the list of roots has changed. When received, the
+ * server should invalidate any cached roots and optionally re-fetch them.
+ */
+function rootsListChangedNotificationHandler({ scope, }) {
+    return {
+        requestSchema: types_js_1.RootsListChangedNotificationSchema,
+        handler: async (request, ctx) => {
+            const sessionId = ctx.authInfo?.sessionId;
+            if (sessionId) {
+                // Invalidate cached roots for this session
+                scope.notifications.invalidateRootsCache(sessionId);
+            }
+            // Notifications don't return a response body
+            return {};
+        },
+    };
+}
+//# sourceMappingURL=roots-list-changed-notification.handler.js.map

package/src/transport/mcp-handlers/roots-list-changed-notification.handler.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"roots-list-changed-notification.handler.js","sourceRoot":"","sources":["../../../../src/transport/mcp-handlers/roots-list-changed-notification.handler.ts"],"names":[],"mappings":";;AAWA,sDAeC;AA1BD,iEAAgG;AAIhG;;;;;;GAMG;AACH,SAAwB,mCAAmC,CAAC,EAC1D,KAAK,GACa;IAClB,OAAO;QACL,aAAa,EAAE,6CAAkC;QACjD,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,GAAG,EAAmB,EAAE;YAC/C,MAAM,SAAS,GAAG,GAAG,CAAC,QAAQ,EAAE,SAAS,CAAC;YAC1C,IAAI,SAAS,EAAE,CAAC;gBACd,2CAA2C;gBAC3C,KAAK,CAAC,aAAa,CAAC,oBAAoB,CAAC,SAAS,CAAC,CAAC;YACtD,CAAC;YACD,6CAA6C;YAC7C,OAAO,EAAE,CAAC;QACZ,CAAC;KACF,CAAC;AACJ,CAAC","sourcesContent":["import { RootsListChangedNotificationSchema, Result } from '@modelcontextprotocol/sdk/types.js';\nimport { McpHandler, McpHandlerOptions } from './mcp-handlers.types';\nimport type { RootsListChangedNotification } from '@modelcontextprotocol/sdk/types.js';\n\n/**\n * Handler for `notifications/roots/list_changed` notification from the client.\n *\n * Per MCP 2025-11-25 spec, this notification is sent by clients that support\n * roots to indicate that the list of roots has changed. When received, the\n * server should invalidate any cached roots and optionally re-fetch them.\n */\nexport default function rootsListChangedNotificationHandler({\n  scope,\n}: McpHandlerOptions): McpHandler<RootsListChangedNotification, Result> {\n  return {\n    requestSchema: RootsListChangedNotificationSchema,\n    handler: async (request, ctx): Promise<Result> => {\n      const sessionId = ctx.authInfo?.sessionId;\n      if (sessionId) {\n        // Invalidate cached roots for this session\n        scope.notifications.invalidateRootsCache(sessionId);\n      }\n      // Notifications don't return a response body\n      return {};\n    },\n  };\n}\n"]}

package/src/transport/mcp-handlers/subscribe-request.handler.d.ts

@@ -0,0 +1,37 @@
+import { SubscribeRequest, EmptyResult } from '@modelcontextprotocol/sdk/types.js';
+import { McpHandlerOptions } from './mcp-handlers.types';
+/**
+ * Handler for the resources/subscribe MCP request.
+ * Per MCP 2025-11-25 spec, this allows clients to subscribe to receive
+ * notifications when a specific resource changes.
+ */
+export default function SubscribeRequestHandler({ scope }: McpHandlerOptions): {
+    requestSchema: import("zod").ZodObject<{
+        method: import("zod").ZodLiteral<"resources/subscribe">;
+        params: import("zod").ZodObject<{
+            _meta: import("zod").ZodOptional<import("zod").ZodObject<{
+                progressToken: import("zod").ZodOptional<import("zod").ZodUnion<readonly [import("zod").ZodString, import("zod").ZodNumber]>>;
+            }, import("zod/v4/core").$loose>>;
+            uri: import("zod").ZodString;
+        }, import("zod/v4/core").$loose>;
+    }, import("zod/v4/core").$strip>;
+    handler: (request: SubscribeRequest, ctx: import("./mcp-handlers.types").McpRequestHandler<{
+        method: "resources/subscribe";
+        params: {
+            [x: string]: unknown;
+            uri: string;
+            _meta?: {
+                [x: string]: unknown;
+                progressToken?: string | number | undefined;
+            } | undefined;
+        };
+    }, {
+        method: string;
+        params?: {
+            [x: string]: unknown;
+            _meta?: {
+                [x: string]: unknown;
+            } | undefined;
+        } | undefined;
+    }>) => Promise<EmptyResult>;
+};

package/src/transport/mcp-handlers/subscribe-request.handler.js

@@ -0,0 +1,34 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.default = SubscribeRequestHandler;
+const types_js_1 = require("@modelcontextprotocol/sdk/types.js");
+/**
+ * Handler for the resources/subscribe MCP request.
+ * Per MCP 2025-11-25 spec, this allows clients to subscribe to receive
+ * notifications when a specific resource changes.
+ */
+function SubscribeRequestHandler({ scope }) {
+    return {
+        requestSchema: types_js_1.SubscribeRequestSchema,
+        handler: async (request, ctx) => {
+            const { uri } = request.params;
+            // Get session ID from auth context
+            const sessionId = ctx.authInfo?.sessionId;
+            if (!sessionId) {
+                scope.logger.warn('resources/subscribe: No session ID found in request context');
+                return {};
+            }
+            // Subscribe the session to the resource
+            const isNew = scope.notifications.subscribeResource(sessionId, uri);
+            if (isNew) {
+                scope.logger.verbose(`resources/subscribe: Session ${sessionId.slice(0, 20)}... subscribed to ${uri}`);
+            }
+            else {
+                scope.logger.verbose(`resources/subscribe: Session ${sessionId.slice(0, 20)}... already subscribed to ${uri}`);
+            }
+            // Per MCP spec, return empty result
+            return {};
+        },
+    };
+}
+//# sourceMappingURL=subscribe-request.handler.js.map

package/src/transport/mcp-handlers/subscribe-request.handler.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"subscribe-request.handler.js","sourceRoot":"","sources":["../../../../src/transport/mcp-handlers/subscribe-request.handler.ts"],"names":[],"mappings":";;AAQA,0CA0BC;AAlCD,iEAA2G;AAG3G;;;;GAIG;AACH,SAAwB,uBAAuB,CAAC,EAAE,KAAK,EAAqB;IAC1E,OAAO;QACL,aAAa,EAAE,iCAAsB;QACrC,OAAO,EAAE,KAAK,EAAE,OAAyB,EAAE,GAAG,EAAwB,EAAE;YACtE,MAAM,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC;YAE/B,mCAAmC;YACnC,MAAM,SAAS,GAAG,GAAG,CAAC,QAAQ,EAAE,SAAS,CAAC;YAC1C,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,6DAA6D,CAAC,CAAC;gBACjF,OAAO,EAAE,CAAC;YACZ,CAAC;YAED,wCAAwC;YACxC,MAAM,KAAK,GAAG,KAAK,CAAC,aAAa,CAAC,iBAAiB,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;YAEpE,IAAI,KAAK,EAAE,CAAC;gBACV,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,gCAAgC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,qBAAqB,GAAG,EAAE,CAAC,CAAC;YACzG,CAAC;iBAAM,CAAC;gBACN,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,gCAAgC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,6BAA6B,GAAG,EAAE,CAAC,CAAC;YACjH,CAAC;YAED,oCAAoC;YACpC,OAAO,EAAE,CAAC;QACZ,CAAC;KACkD,CAAC;AACxD,CAAC","sourcesContent":["import { SubscribeRequestSchema, SubscribeRequest, EmptyResult } from '@modelcontextprotocol/sdk/types.js';\nimport { McpHandler, McpHandlerOptions } from './mcp-handlers.types';\n\n/**\n * Handler for the resources/subscribe MCP request.\n * Per MCP 2025-11-25 spec, this allows clients to subscribe to receive\n * notifications when a specific resource changes.\n */\nexport default function SubscribeRequestHandler({ scope }: McpHandlerOptions) {\n  return {\n    requestSchema: SubscribeRequestSchema,\n    handler: async (request: SubscribeRequest, ctx): Promise<EmptyResult> => {\n      const { uri } = request.params;\n\n      // Get session ID from auth context\n      const sessionId = ctx.authInfo?.sessionId;\n      if (!sessionId) {\n        scope.logger.warn('resources/subscribe: No session ID found in request context');\n        return {};\n      }\n\n      // Subscribe the session to the resource\n      const isNew = scope.notifications.subscribeResource(sessionId, uri);\n\n      if (isNew) {\n        scope.logger.verbose(`resources/subscribe: Session ${sessionId.slice(0, 20)}... subscribed to ${uri}`);\n      } else {\n        scope.logger.verbose(`resources/subscribe: Session ${sessionId.slice(0, 20)}... already subscribed to ${uri}`);\n      }\n\n      // Per MCP spec, return empty result\n      return {};\n    },\n  } satisfies McpHandler<SubscribeRequest, EmptyResult>;\n}\n"]}

package/src/transport/mcp-handlers/unsubscribe-request.handler.d.ts

@@ -0,0 +1,37 @@
+import { UnsubscribeRequest, EmptyResult } from '@modelcontextprotocol/sdk/types.js';
+import { McpHandlerOptions } from './mcp-handlers.types';
+/**
+ * Handler for the resources/unsubscribe MCP request.
+ * Per MCP 2025-11-25 spec, this allows clients to unsubscribe from
+ * receiving notifications about a specific resource.
+ */
+export default function UnsubscribeRequestHandler({ scope }: McpHandlerOptions): {
+    requestSchema: import("zod").ZodObject<{
+        method: import("zod").ZodLiteral<"resources/unsubscribe">;
+        params: import("zod").ZodObject<{
+            _meta: import("zod").ZodOptional<import("zod").ZodObject<{
+                progressToken: import("zod").ZodOptional<import("zod").ZodUnion<readonly [import("zod").ZodString, import("zod").ZodNumber]>>;
+            }, import("zod/v4/core").$loose>>;
+            uri: import("zod").ZodString;
+        }, import("zod/v4/core").$loose>;
+    }, import("zod/v4/core").$strip>;
+    handler: (request: UnsubscribeRequest, ctx: import("./mcp-handlers.types").McpRequestHandler<{
+        method: "resources/unsubscribe";
+        params: {
+            [x: string]: unknown;
+            uri: string;
+            _meta?: {
+                [x: string]: unknown;
+                progressToken?: string | number | undefined;
+            } | undefined;
+        };
+    }, {
+        method: string;
+        params?: {
+            [x: string]: unknown;
+            _meta?: {
+                [x: string]: unknown;
+            } | undefined;
+        } | undefined;
+    }>) => Promise<EmptyResult>;
+};

package/src/transport/mcp-handlers/unsubscribe-request.handler.js

@@ -0,0 +1,34 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.default = UnsubscribeRequestHandler;
+const types_js_1 = require("@modelcontextprotocol/sdk/types.js");
+/**
+ * Handler for the resources/unsubscribe MCP request.
+ * Per MCP 2025-11-25 spec, this allows clients to unsubscribe from
+ * receiving notifications about a specific resource.
+ */
+function UnsubscribeRequestHandler({ scope }) {
+    return {
+        requestSchema: types_js_1.UnsubscribeRequestSchema,
+        handler: async (request, ctx) => {
+            const { uri } = request.params;
+            // Get session ID from auth context
+            const sessionId = ctx.authInfo?.sessionId;
+            if (!sessionId) {
+                scope.logger.warn('resources/unsubscribe: No session ID found in request context');
+                return {};
+            }
+            // Unsubscribe the session from the resource
+            const wasSubscribed = scope.notifications.unsubscribeResource(sessionId, uri);
+            if (wasSubscribed) {
+                scope.logger.verbose(`resources/unsubscribe: Session ${sessionId.slice(0, 20)}... unsubscribed from ${uri}`);
+            }
+            else {
+                scope.logger.verbose(`resources/unsubscribe: Session ${sessionId.slice(0, 20)}... was not subscribed to ${uri}`);
+            }
+            // Per MCP spec, return empty result
+            return {};
+        },
+    };
+}
+//# sourceMappingURL=unsubscribe-request.handler.js.map

package/src/transport/mcp-handlers/unsubscribe-request.handler.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"unsubscribe-request.handler.js","sourceRoot":"","sources":["../../../../src/transport/mcp-handlers/unsubscribe-request.handler.ts"],"names":[],"mappings":";;AAQA,4CA4BC;AApCD,iEAA+G;AAG/G;;;;GAIG;AACH,SAAwB,yBAAyB,CAAC,EAAE,KAAK,EAAqB;IAC5E,OAAO;QACL,aAAa,EAAE,mCAAwB;QACvC,OAAO,EAAE,KAAK,EAAE,OAA2B,EAAE,GAAG,EAAwB,EAAE;YACxE,MAAM,EAAE,GAAG,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC;YAE/B,mCAAmC;YACnC,MAAM,SAAS,GAAG,GAAG,CAAC,QAAQ,EAAE,SAAS,CAAC;YAC1C,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,+DAA+D,CAAC,CAAC;gBACnF,OAAO,EAAE,CAAC;YACZ,CAAC;YAED,4CAA4C;YAC5C,MAAM,aAAa,GAAG,KAAK,CAAC,aAAa,CAAC,mBAAmB,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC;YAE9E,IAAI,aAAa,EAAE,CAAC;gBAClB,KAAK,CAAC,MAAM,CAAC,OAAO,CAAC,kCAAkC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,yBAAyB,GAAG,EAAE,CAAC,CAAC;YAC/G,CAAC;iBAAM,CAAC;gBACN,KAAK,CAAC,MAAM,CAAC,OAAO,CAClB,kCAAkC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,6BAA6B,GAAG,EAAE,CAC3F,CAAC;YACJ,CAAC;YAED,oCAAoC;YACpC,OAAO,EAAE,CAAC;QACZ,CAAC;KACoD,CAAC;AAC1D,CAAC","sourcesContent":["import { UnsubscribeRequestSchema, UnsubscribeRequest, EmptyResult } from '@modelcontextprotocol/sdk/types.js';\nimport { McpHandler, McpHandlerOptions } from './mcp-handlers.types';\n\n/**\n * Handler for the resources/unsubscribe MCP request.\n * Per MCP 2025-11-25 spec, this allows clients to unsubscribe from\n * receiving notifications about a specific resource.\n */\nexport default function UnsubscribeRequestHandler({ scope }: McpHandlerOptions) {\n  return {\n    requestSchema: UnsubscribeRequestSchema,\n    handler: async (request: UnsubscribeRequest, ctx): Promise<EmptyResult> => {\n      const { uri } = request.params;\n\n      // Get session ID from auth context\n      const sessionId = ctx.authInfo?.sessionId;\n      if (!sessionId) {\n        scope.logger.warn('resources/unsubscribe: No session ID found in request context');\n        return {};\n      }\n\n      // Unsubscribe the session from the resource\n      const wasSubscribed = scope.notifications.unsubscribeResource(sessionId, uri);\n\n      if (wasSubscribed) {\n        scope.logger.verbose(`resources/unsubscribe: Session ${sessionId.slice(0, 20)}... unsubscribed from ${uri}`);\n      } else {\n        scope.logger.verbose(\n          `resources/unsubscribe: Session ${sessionId.slice(0, 20)}... was not subscribed to ${uri}`,\n        );\n      }\n\n      // Per MCP spec, return empty result\n      return {};\n    },\n  } satisfies McpHandler<UnsubscribeRequest, EmptyResult>;\n}\n"]}

package/src/transport/transport.local.js

@@ -22,6 +22,9 @@ class LocalTransporter {
                 this.adapter = new transport_sse_adapter_1.TransportSSEAdapter(scope, key, onDispose ?? defaultOnDispose, res);
                 break;
             case 'streamable-http':
+            case 'stateless-http':
+                // Both streamable-http and stateless-http use the same underlying adapter
+                // The difference is in how the transport is managed (singleton vs per-session)
                 this.adapter = new transport_streamable_http_adapter_1.TransportStreamableHttpAdapter(scope, key, onDispose ?? defaultOnDispose, res);
                 break;
             default:
@@ -36,7 +39,8 @@ class LocalTransporter {
             await this.adapter.handleRequest(req, res);
         }
         catch (err) {
-            console.error('MCP POST error:', err);
+            // Use safe logging to avoid Node.js 24 util.inspect bug with Zod errors
+            console.error('MCP POST error:', err instanceof Error ? err.message : 'Unknown error');
             res.status(500).json((0, transport_error_1.rpcError)('Internal error'));
         }
     }
@@ -49,7 +53,8 @@ class LocalTransporter {
             return this.adapter.initialize(req, res);
         }
         catch (err) {
-            console.error('MCP POST error:', err);
+            // Use safe logging to avoid Node.js 24 util.inspect bug with Zod errors
+            console.error('MCP POST error:', err instanceof Error ? err.message : 'Unknown error');
             res.status(500).json((0, transport_error_1.rpcError)('Internal error'));
         }
     }

package/src/transport/transport.local.js.map

@@ -1 +1 @@
-{"version":3,"file":"transport.local.js","sourceRoot":"","sources":["../../../src/transport/transport.local.ts"],"names":[],"mappings":";;;AAEA,4EAAuE;AACvE,oGAA8F;AAC9F,uDAA6C;AAO7C,MAAa,gBAAgB;IAOwD;IAN1E,IAAI,CAAgB;IACpB,SAAS,CAAS;IAClB,SAAS,CAAS;IAEnB,OAAO,CAA4E;IAE3F,YAAY,KAAY,EAAE,GAAiB,EAAE,GAAmB,EAAmB,SAAsB;QAAtB,cAAS,GAAT,SAAS,CAAa;QACvG,IAAI,CAAC,IAAI,GAAG,GAAG,CAAC,IAAI,CAAC;QACrB,IAAI,CAAC,SAAS,GAAG,GAAG,CAAC,SAAS,CAAC;QAE/B,MAAM,gBAAgB,GAAG,GAAG,EAAE;YAC5B,WAAW;QACb,CAAC,CAAC;QAEF,QAAQ,IAAI,CAAC,IAAI,EAAE,CAAC;YAClB,KAAK,KAAK;gBACR,IAAI,CAAC,OAAO,GAAG,IAAI,2CAAmB,CAAC,KAAK,EAAE,GAAG,EAAE,SAAS,IAAI,gBAAgB,EAAE,GAAG,CAAC,CAAC;gBACvF,MAAM;YACR,KAAK,iBAAiB;gBACpB,IAAI,CAAC,OAAO,GAAG,IAAI,kEAA8B,CAAC,KAAK,EAAE,GAAG,EAAE,SAAS,IAAI,gBAAgB,EAAE,GAAG,CAAC,CAAC;gBAClG,MAAM;YACR;gBACE,MAAM,IAAI,KAAK,CAAC,+BAA+B,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;QAChE,CAAC;IACH,CAAC;IAED,IAAI,CAAC,SAAkB;QACrB,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;IAC7C,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,GAA+B,EAAE,GAAmB;QACtE,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QAC7C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,KAAK,CAAC,iBAAiB,EAAE,GAAG,CAAC,CAAC;YACtC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAA,0BAAQ,EAAC,gBAAgB,CAAC,CAAC,CAAC;QACnD,CAAC;IACH,CAAC;IAED,KAAK,CAAC,KAAK;QACT,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC;IAC5B,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,GAA+B,EAAE,GAAmB;QACnE,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC;YACzB,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QAC3C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,OAAO,CAAC,KAAK,CAAC,iBAAiB,EAAE,GAAG,CAAC,CAAC;YACtC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAA,0BAAQ,EAAC,gBAAgB,CAAC,CAAC,CAAC;QACnD,CAAC;IACH,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,MAAc;QAC1B,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACrC,CAAC;gBAAS,CAAC;YACT,IAAI,CAAC,SAAS,EAAE,EAAE,CAAC;QACrB,CAAC;IACH,CAAC;CACF;AA7DD,4CA6DC","sourcesContent":["import { Transporter, TransportKey, TransportType } from './transport.types';\nimport { AuthenticatedServerRequest } from '../server/server.types';\nimport { TransportSSEAdapter } from './adapters/transport.sse.adapter';\nimport { TransportStreamableHttpAdapter } from './adapters/transport.streamable-http.adapter';\nimport { rpcError } from './transport.error';\nimport { LocalTransportAdapter } from './adapters/transport.local.adapter';\nimport { StreamableHTTPServerTransport } from '@modelcontextprotocol/sdk/server/streamableHttp.js';\nimport { SSEServerTransport } from './legacy/legacy.sse.tranporter';\nimport { ServerResponse } from '../common';\nimport { Scope } from '../scope';\n\nexport class LocalTransporter implements Transporter {\n  readonly type: TransportType;\n  readonly tokenHash: string;\n  readonly sessionId: string;\n\n  private adapter: LocalTransportAdapter<StreamableHTTPServerTransport | SSEServerTransport>;\n\n  constructor(scope: Scope, key: TransportKey, res: ServerResponse, private readonly onDispose?: () => void) {\n    this.type = key.type;\n    this.tokenHash = key.tokenHash;\n\n    const defaultOnDispose = () => {\n      /* empty */\n    };\n\n    switch (this.type) {\n      case 'sse':\n        this.adapter = new TransportSSEAdapter(scope, key, onDispose ?? defaultOnDispose, res);\n        break;\n      case 'streamable-http':\n        this.adapter = new TransportStreamableHttpAdapter(scope, key, onDispose ?? defaultOnDispose, res);\n        break;\n      default:\n        throw new Error(`Unsupported transport type: ${this.type}`);\n    }\n  }\n\n  ping(timeoutMs?: number): Promise<boolean> {\n    throw new Error('Method not implemented.');\n  }\n\n  async handleRequest(req: AuthenticatedServerRequest, res: ServerResponse): Promise<void> {\n    try {\n      await this.adapter.handleRequest(req, res);\n    } catch (err) {\n      console.error('MCP POST error:', err);\n      res.status(500).json(rpcError('Internal error'));\n    }\n  }\n\n  async ready(): Promise<void> {\n    return this.adapter.ready;\n  }\n\n  async initialize(req: AuthenticatedServerRequest, res: ServerResponse): Promise<void> {\n    try {\n      await this.adapter.ready;\n      return this.adapter.initialize(req, res);\n    } catch (err) {\n      console.error('MCP POST error:', err);\n      res.status(500).json(rpcError('Internal error'));\n    }\n  }\n\n  async destroy(reason: string): Promise<void> {\n    try {\n      await this.adapter.destroy(reason);\n    } finally {\n      this.onDispose?.();\n    }\n  }\n}\n"]}
+{"version":3,"file":"transport.local.js","sourceRoot":"","sources":["../../../src/transport/transport.local.ts"],"names":[],"mappings":";;;AAEA,4EAAuE;AACvE,oGAA8F;AAC9F,uDAA6C;AAO7C,MAAa,gBAAgB;IAOwD;IAN1E,IAAI,CAAgB;IACpB,SAAS,CAAS;IAClB,SAAS,CAAS;IAEnB,OAAO,CAA4E;IAE3F,YAAY,KAAY,EAAE,GAAiB,EAAE,GAAmB,EAAmB,SAAsB;QAAtB,cAAS,GAAT,SAAS,CAAa;QACvG,IAAI,CAAC,IAAI,GAAG,GAAG,CAAC,IAAI,CAAC;QACrB,IAAI,CAAC,SAAS,GAAG,GAAG,CAAC,SAAS,CAAC;QAE/B,MAAM,gBAAgB,GAAG,GAAG,EAAE;YAC5B,WAAW;QACb,CAAC,CAAC;QAEF,QAAQ,IAAI,CAAC,IAAI,EAAE,CAAC;YAClB,KAAK,KAAK;gBACR,IAAI,CAAC,OAAO,GAAG,IAAI,2CAAmB,CAAC,KAAK,EAAE,GAAG,EAAE,SAAS,IAAI,gBAAgB,EAAE,GAAG,CAAC,CAAC;gBACvF,MAAM;YACR,KAAK,iBAAiB,CAAC;YACvB,KAAK,gBAAgB;gBACnB,0EAA0E;gBAC1E,+EAA+E;gBAC/E,IAAI,CAAC,OAAO,GAAG,IAAI,kEAA8B,CAAC,KAAK,EAAE,GAAG,EAAE,SAAS,IAAI,gBAAgB,EAAE,GAAG,CAAC,CAAC;gBAClG,MAAM;YACR;gBACE,MAAM,IAAI,KAAK,CAAC,+BAA+B,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;QAChE,CAAC;IACH,CAAC;IAED,IAAI,CAAC,SAAkB;QACrB,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAC;IAC7C,CAAC;IAED,KAAK,CAAC,aAAa,CAAC,GAA+B,EAAE,GAAmB;QACtE,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,OAAO,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QAC7C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,wEAAwE;YACxE,OAAO,CAAC,KAAK,CAAC,iBAAiB,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC;YACvF,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAA,0BAAQ,EAAC,gBAAgB,CAAC,CAAC,CAAC;QACnD,CAAC;IACH,CAAC;IAED,KAAK,CAAC,KAAK;QACT,OAAO,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC;IAC5B,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,GAA+B,EAAE,GAAmB;QACnE,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC;YACzB,OAAO,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;QAC3C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,wEAAwE;YACxE,OAAO,CAAC,KAAK,CAAC,iBAAiB,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC;YACvF,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,IAAA,0BAAQ,EAAC,gBAAgB,CAAC,CAAC,CAAC;QACnD,CAAC;IACH,CAAC;IAED,KAAK,CAAC,OAAO,CAAC,MAAc;QAC1B,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACrC,CAAC;gBAAS,CAAC;YACT,IAAI,CAAC,SAAS,EAAE,EAAE,CAAC;QACrB,CAAC;IACH,CAAC;CACF;AAlED,4CAkEC","sourcesContent":["import { Transporter, TransportKey, TransportType } from './transport.types';\nimport { AuthenticatedServerRequest } from '../server/server.types';\nimport { TransportSSEAdapter } from './adapters/transport.sse.adapter';\nimport { TransportStreamableHttpAdapter } from './adapters/transport.streamable-http.adapter';\nimport { rpcError } from './transport.error';\nimport { LocalTransportAdapter } from './adapters/transport.local.adapter';\nimport { StreamableHTTPServerTransport } from '@modelcontextprotocol/sdk/server/streamableHttp.js';\nimport { SSEServerTransport } from './legacy/legacy.sse.tranporter';\nimport { ServerResponse } from '../common';\nimport { Scope } from '../scope';\n\nexport class LocalTransporter implements Transporter {\n  readonly type: TransportType;\n  readonly tokenHash: string;\n  readonly sessionId: string;\n\n  private adapter: LocalTransportAdapter<StreamableHTTPServerTransport | SSEServerTransport>;\n\n  constructor(scope: Scope, key: TransportKey, res: ServerResponse, private readonly onDispose?: () => void) {\n    this.type = key.type;\n    this.tokenHash = key.tokenHash;\n\n    const defaultOnDispose = () => {\n      /* empty */\n    };\n\n    switch (this.type) {\n      case 'sse':\n        this.adapter = new TransportSSEAdapter(scope, key, onDispose ?? defaultOnDispose, res);\n        break;\n      case 'streamable-http':\n      case 'stateless-http':\n        // Both streamable-http and stateless-http use the same underlying adapter\n        // The difference is in how the transport is managed (singleton vs per-session)\n        this.adapter = new TransportStreamableHttpAdapter(scope, key, onDispose ?? defaultOnDispose, res);\n        break;\n      default:\n        throw new Error(`Unsupported transport type: ${this.type}`);\n    }\n  }\n\n  ping(timeoutMs?: number): Promise<boolean> {\n    throw new Error('Method not implemented.');\n  }\n\n  async handleRequest(req: AuthenticatedServerRequest, res: ServerResponse): Promise<void> {\n    try {\n      await this.adapter.handleRequest(req, res);\n    } catch (err) {\n      // Use safe logging to avoid Node.js 24 util.inspect bug with Zod errors\n      console.error('MCP POST error:', err instanceof Error ? err.message : 'Unknown error');\n      res.status(500).json(rpcError('Internal error'));\n    }\n  }\n\n  async ready(): Promise<void> {\n    return this.adapter.ready;\n  }\n\n  async initialize(req: AuthenticatedServerRequest, res: ServerResponse): Promise<void> {\n    try {\n      await this.adapter.ready;\n      return this.adapter.initialize(req, res);\n    } catch (err) {\n      // Use safe logging to avoid Node.js 24 util.inspect bug with Zod errors\n      console.error('MCP POST error:', err instanceof Error ? err.message : 'Unknown error');\n      res.status(500).json(rpcError('Internal error'));\n    }\n  }\n\n  async destroy(reason: string): Promise<void> {\n    try {\n      await this.adapter.destroy(reason);\n    } finally {\n      this.onDispose?.();\n    }\n  }\n}\n"]}

package/src/transport/transport.registry.d.ts

@@ -7,12 +7,42 @@ export declare class TransportService {
     private readonly distributed;
     private readonly bus?;
     private readonly scope;
+    /**
+     * Session history cache for tracking if sessions were ever created.
+     * Used to differentiate between "session never initialized" (HTTP 400) and
+     * "session expired/terminated" (HTTP 404) per MCP Spec 2025-11-25.
+     *
+     * Key: "type:tokenHash:sessionId", Value: creation timestamp
+     */
+    private readonly sessionHistory;
+    private readonly MAX_SESSION_HISTORY;
     constructor(scope: Scope);
     private initialize;
     destroy(): Promise<void>;
     getTransporter(type: TransportType, token: string, sessionId: string): Promise<Transporter | undefined>;
     createTransporter(type: TransportType, token: string, sessionId: string, res: ServerResponse): Promise<Transporter>;
     destroyTransporter(type: TransportType, token: string, sessionId: string, reason?: string): Promise<void>;
+    /**
+     * Get or create a shared singleton transport for anonymous stateless requests.
+     * All anonymous requests share the same transport instance.
+     */
+    getOrCreateAnonymousStatelessTransport(type: TransportType, res: ServerResponse): Promise<Transporter>;
+    /**
+     * Get or create a singleton transport for authenticated stateless requests.
+     * Each unique token gets its own singleton transport.
+     */
+    getOrCreateAuthenticatedStatelessTransport(type: TransportType, token: string, res: ServerResponse): Promise<Transporter>;
+    /**
+     * Check if a session was ever created (even if it's been terminated/evicted).
+     * Used to differentiate between "session never initialized" (HTTP 400) and
+     * "session expired/terminated" (HTTP 404) per MCP Spec 2025-11-25.
+     *
+     * @param type - Transport type (e.g., 'streamable-http', 'sse')
+     * @param token - The authorization token
+     * @param sessionId - The session ID to check
+     * @returns true if session was ever created, false otherwise
+     */
+    wasSessionCreated(type: TransportType, token: string, sessionId: string): boolean;
     private sha256;
     private keyOf;
     private ensureTypeBucket;

package/src/transport/transport.registry.js

@@ -8,12 +8,22 @@ const transport_remote_1 = require("./transport.remote");
 const transport_local_1 = require("./transport.local");
 const handle_streamable_http_flow_1 = tslib_1.__importDefault(require("./flows/handle.streamable-http.flow"));
 const handle_sse_flow_1 = tslib_1.__importDefault(require("./flows/handle.sse.flow"));
+const handle_stateless_http_flow_1 = tslib_1.__importDefault(require("./flows/handle.stateless-http.flow"));
 class TransportService {
     ready;
     byType = new Map();
     distributed;
     bus;
     scope;
+    /**
+     * Session history cache for tracking if sessions were ever created.
+     * Used to differentiate between "session never initialized" (HTTP 400) and
+     * "session expired/terminated" (HTTP 404) per MCP Spec 2025-11-25.
+     *
+     * Key: "type:tokenHash:sessionId", Value: creation timestamp
+     */
+    sessionHistory = new Map();
+    MAX_SESSION_HISTORY = 10000;
     constructor(scope) {
         this.scope = scope;
         this.distributed = false; // get from scope metadata
@@ -24,7 +34,7 @@ class TransportService {
         this.ready = this.initialize();
     }
     async initialize() {
-        await this.scope.registryFlows(handle_streamable_http_flow_1.default, handle_sse_flow_1.default);
+        await this.scope.registryFlows(handle_streamable_http_flow_1.default, handle_sse_flow_1.default, handle_stateless_http_flow_1.default);
     }
     async destroy() {
         /* empty */
@@ -77,6 +87,67 @@ class TransportService {
         }
         throw new Error('Invalid session: cannot destroy non-existent transporter.');
     }
+    /**
+     * Get or create a shared singleton transport for anonymous stateless requests.
+     * All anonymous requests share the same transport instance.
+     */
+    async getOrCreateAnonymousStatelessTransport(type, res) {
+        const key = this.keyOf(type, '__anonymous__', '__stateless__');
+        const existing = this.lookupLocal(key);
+        if (existing)
+            return existing;
+        // Create shared transport for all anonymous requests
+        const transporter = new transport_local_1.LocalTransporter(this.scope, key, res, () => {
+            this.evictLocal(key);
+            if (this.distributed && this.bus) {
+                this.bus.revoke(key).catch(() => void 0);
+            }
+        });
+        await transporter.ready();
+        this.insertLocal(key, transporter);
+        if (this.distributed && this.bus) {
+            await this.bus.advertise(key);
+        }
+        return transporter;
+    }
+    /**
+     * Get or create a singleton transport for authenticated stateless requests.
+     * Each unique token gets its own singleton transport.
+     */
+    async getOrCreateAuthenticatedStatelessTransport(type, token, res) {
+        const key = this.keyOf(type, token, '__stateless__');
+        const existing = this.lookupLocal(key);
+        if (existing)
+            return existing;
+        // Create singleton transport for this token
+        const transporter = new transport_local_1.LocalTransporter(this.scope, key, res, () => {
+            this.evictLocal(key);
+            if (this.distributed && this.bus) {
+                this.bus.revoke(key).catch(() => void 0);
+            }
+        });
+        await transporter.ready();
+        this.insertLocal(key, transporter);
+        if (this.distributed && this.bus) {
+            await this.bus.advertise(key);
+        }
+        return transporter;
+    }
+    /**
+     * Check if a session was ever created (even if it's been terminated/evicted).
+     * Used to differentiate between "session never initialized" (HTTP 400) and
+     * "session expired/terminated" (HTTP 404) per MCP Spec 2025-11-25.
+     *
+     * @param type - Transport type (e.g., 'streamable-http', 'sse')
+     * @param token - The authorization token
+     * @param sessionId - The session ID to check
+     * @returns true if session was ever created, false otherwise
+     */
+    wasSessionCreated(type, token, sessionId) {
+        const tokenHash = this.sha256(token);
+        const historyKey = `${type}:${tokenHash}:${sessionId}`;
+        return this.sessionHistory.has(historyKey);
+    }
     /* --------------------------------- internals -------------------------------- */
     sha256(value) {
         return (0, crypto_1.createHash)('sha256').update(value, 'utf8').digest('hex');
@@ -119,6 +190,18 @@ class TransportService {
         const typeBucket = this.ensureTypeBucket(key.type);
         const tokenBucket = this.ensureTokenBucket(typeBucket, key.tokenHash);
         tokenBucket.set(key.sessionId, t);
+        // Record session creation in history for HTTP 404 detection
+        const historyKey = `${key.type}:${key.tokenHash}:${key.sessionId}`;
+        this.sessionHistory.set(historyKey, Date.now());
+        // Evict oldest entries if cache exceeds max size (LRU-like eviction)
+        if (this.sessionHistory.size > this.MAX_SESSION_HISTORY) {
+            const entries = [...this.sessionHistory.entries()].sort((a, b) => a[1] - b[1]);
+            // Remove oldest 10% of entries
+            const toEvict = Math.ceil(this.MAX_SESSION_HISTORY * 0.1);
+            for (let i = 0; i < toEvict && i < entries.length; i++) {
+                this.sessionHistory.delete(entries[i][0]);
+            }
+        }
     }
     evictLocal(key) {
         const typeBucket = this.byType.get(key.type);