npm - @frontmcp/sdk - Versions diffs - 0.5.0 → 0.6.0 - Mend

@frontmcp/sdk 0.5.0 → 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (226) hide show

package/README.md +3 -3
package/package.json +8 -19
package/src/adapter/adapter.instance.js +5 -0
package/src/adapter/adapter.instance.js.map +1 -1
package/src/auth/authorization/authorization.class.d.ts +1 -4
package/src/auth/authorization/authorization.class.js +6 -13
package/src/auth/authorization/authorization.class.js.map +1 -1
package/src/auth/flows/session.verify.flow.d.ts +1 -0
package/src/auth/flows/session.verify.flow.js +11 -1
package/src/auth/flows/session.verify.flow.js.map +1 -1
package/src/auth/flows/well-known.jwks.flow.js +2 -2
package/src/auth/flows/well-known.jwks.flow.js.map +1 -1
package/src/auth/jwks/dev-key-persistence.d.ts +63 -0
package/src/auth/jwks/dev-key-persistence.js +219 -0
package/src/auth/jwks/dev-key-persistence.js.map +1 -0
package/src/auth/jwks/index.d.ts +1 -0
package/src/auth/jwks/index.js +1 -0
package/src/auth/jwks/index.js.map +1 -1
package/src/auth/jwks/jwks.service.d.ts +7 -4
package/src/auth/jwks/jwks.service.js +81 -12
package/src/auth/jwks/jwks.service.js.map +1 -1
package/src/auth/jwks/jwks.types.d.ts +7 -0
package/src/auth/jwks/jwks.types.js.map +1 -1
package/src/auth/machine-id.d.ts +5 -0
package/src/auth/machine-id.js +32 -0
package/src/auth/machine-id.js.map +1 -0
package/src/auth/session/index.d.ts +1 -0
package/src/auth/session/index.js +3 -1
package/src/auth/session/index.js.map +1 -1
package/src/auth/session/record/session.base.js +5 -3
package/src/auth/session/record/session.base.js.map +1 -1
package/src/auth/session/record/session.stateless.d.ts +2 -2
package/src/auth/session/record/session.stateless.js +5 -3
package/src/auth/session/record/session.stateless.js.map +1 -1
package/src/auth/session/redis-session.store.d.ts +64 -0
package/src/auth/session/redis-session.store.js +204 -0
package/src/auth/session/redis-session.store.js.map +1 -0
package/src/auth/session/session.service.d.ts +0 -2
package/src/auth/session/session.service.js +1 -7
package/src/auth/session/session.service.js.map +1 -1
package/src/auth/session/transport-session.manager.js +3 -5
package/src/auth/session/transport-session.manager.js.map +1 -1
package/src/auth/session/transport-session.types.d.ts +4 -0
package/src/auth/session/transport-session.types.js +4 -3
package/src/auth/session/transport-session.types.js.map +1 -1
package/src/auth/session/utils/session-id.utils.d.ts +12 -1
package/src/auth/session/utils/session-id.utils.js +48 -9
package/src/auth/session/utils/session-id.utils.js.map +1 -1
package/src/auth/ui/base-layout.d.ts +0 -8
package/src/auth/ui/base-layout.js +1 -14
package/src/auth/ui/base-layout.js.map +1 -1
package/src/auth/ui/index.d.ts +3 -4
package/src/auth/ui/index.js +10 -11
package/src/auth/ui/index.js.map +1 -1
package/src/auth/ui/{htmx-templates.d.ts → templates.d.ts} +5 -6
package/src/auth/ui/{htmx-templates.js → templates.js} +8 -15
package/src/auth/ui/templates.js.map +1 -0
package/src/common/decorators/decorator-utils.js.map +1 -1
package/src/common/decorators/front-mcp.decorator.js +28 -2
package/src/common/decorators/front-mcp.decorator.js.map +1 -1
package/src/common/index.d.ts +0 -1
package/src/common/index.js +0 -1
package/src/common/index.js.map +1 -1
package/src/common/interfaces/adapter.interface.d.ts +6 -0
package/src/common/interfaces/adapter.interface.js.map +1 -1
package/src/common/interfaces/execution-context.interface.d.ts +52 -3
package/src/common/interfaces/execution-context.interface.js +88 -3
package/src/common/interfaces/execution-context.interface.js.map +1 -1
package/src/common/interfaces/flow.interface.d.ts +13 -0
package/src/common/interfaces/flow.interface.js +24 -0
package/src/common/interfaces/flow.interface.js.map +1 -1
package/src/common/interfaces/server.interface.d.ts +9 -0
package/src/common/interfaces/server.interface.js.map +1 -1
package/src/common/metadata/app.metadata.d.ts +108 -0
package/src/common/metadata/front-mcp.metadata.d.ts +659 -2
package/src/common/metadata/front-mcp.metadata.js +3 -1
package/src/common/metadata/front-mcp.metadata.js.map +1 -1
package/src/common/metadata/provider.metadata.d.ts +14 -0
package/src/common/metadata/provider.metadata.js +18 -2
package/src/common/metadata/provider.metadata.js.map +1 -1
package/src/common/metadata/tool.metadata.d.ts +33 -1
package/src/common/metadata/tool.metadata.js.map +1 -1
package/src/common/migrate/auth-transport.migrate.d.ts +62 -0
package/src/common/migrate/auth-transport.migrate.js +140 -0
package/src/common/migrate/auth-transport.migrate.js.map +1 -0
package/src/common/migrate/index.d.ts +1 -0
package/src/common/migrate/index.js +6 -0
package/src/common/migrate/index.js.map +1 -0
package/src/common/schemas/http-output.schema.d.ts +10 -2
package/src/common/schemas/index.d.ts +1 -0
package/src/common/schemas/index.js +1 -0
package/src/common/schemas/index.js.map +1 -1
package/src/common/schemas/session-header.schema.d.ts +16 -0
package/src/common/schemas/session-header.schema.js +42 -0
package/src/common/schemas/session-header.schema.js.map +1 -0
package/src/common/tokens/front-mcp.tokens.js +3 -1
package/src/common/tokens/front-mcp.tokens.js.map +1 -1
package/src/common/types/options/auth.options.d.ts +233 -3
package/src/common/types/options/auth.options.js +29 -40
package/src/common/types/options/auth.options.js.map +1 -1
package/src/common/types/options/index.d.ts +2 -0
package/src/common/types/options/index.js +2 -0
package/src/common/types/options/index.js.map +1 -1
package/src/common/types/options/redis.options.d.ts +22 -0
package/src/common/types/options/redis.options.js +45 -0
package/src/common/types/options/redis.options.js.map +1 -0
package/src/common/types/options/transport.options.d.ts +84 -0
package/src/common/types/options/transport.options.js +121 -0
package/src/common/types/options/transport.options.js.map +1 -0
package/src/completion/flows/complete.flow.d.ts +17 -2
package/src/context/frontmcp-context-storage.d.ts +94 -0
package/src/context/frontmcp-context-storage.js +183 -0
package/src/context/frontmcp-context-storage.js.map +1 -0
package/src/context/frontmcp-context.d.ts +269 -0
package/src/context/frontmcp-context.js +360 -0
package/src/context/frontmcp-context.js.map +1 -0
package/src/context/frontmcp-context.provider.d.ts +43 -0
package/src/context/frontmcp-context.provider.js +61 -0
package/src/context/frontmcp-context.provider.js.map +1 -0
package/src/context/index.d.ts +34 -0
package/src/context/index.js +64 -0
package/src/context/index.js.map +1 -0
package/src/context/request-context-storage.d.ts +89 -0
package/src/context/request-context-storage.js +183 -0
package/src/context/request-context-storage.js.map +1 -0
package/src/context/request-context.d.ts +184 -0
package/src/context/request-context.js +209 -0
package/src/context/request-context.js.map +1 -0
package/src/context/request-context.provider.d.ts +37 -0
package/src/context/request-context.provider.js +51 -0
package/src/context/request-context.provider.js.map +1 -0
package/src/context/session-key.provider.d.ts +45 -0
package/src/context/session-key.provider.js +65 -0
package/src/context/session-key.provider.js.map +1 -0
package/src/context/trace-context.d.ts +43 -0
package/src/context/trace-context.js +142 -0
package/src/context/trace-context.js.map +1 -0
package/src/errors/index.d.ts +1 -1
package/src/errors/index.js +3 -1
package/src/errors/index.js.map +1 -1
package/src/errors/mcp.error.d.ts +7 -0
package/src/errors/mcp.error.js +11 -1
package/src/errors/mcp.error.js.map +1 -1
package/src/flows/flow.instance.d.ts +16 -0
package/src/flows/flow.instance.js +166 -80
package/src/flows/flow.instance.js.map +1 -1
package/src/flows/flow.registry.d.ts +5 -0
package/src/flows/flow.registry.js +45 -3
package/src/flows/flow.registry.js.map +1 -1
package/src/front-mcp/front-mcp.d.ts +12 -0
package/src/front-mcp/front-mcp.js +22 -3
package/src/front-mcp/front-mcp.js.map +1 -1
package/src/front-mcp/front-mcp.providers.d.ts +266 -1
package/src/front-mcp/front-mcp.providers.js +2 -1
package/src/front-mcp/front-mcp.providers.js.map +1 -1
package/src/front-mcp/serverless-handler.d.ts +28 -0
package/src/front-mcp/serverless-handler.js +61 -0
package/src/front-mcp/serverless-handler.js.map +1 -0
package/src/hooks/hooks.utils.d.ts +1 -1
package/src/hooks/hooks.utils.js +10 -3
package/src/hooks/hooks.utils.js.map +1 -1
package/src/index.d.ts +8 -4
package/src/index.js +20 -1
package/src/index.js.map +1 -1
package/src/logger/instances/instance.logger.js +0 -1
package/src/logger/instances/instance.logger.js.map +1 -1
package/src/logging/flows/set-level.flow.d.ts +17 -2
package/src/notification/notification.service.js +5 -1
package/src/notification/notification.service.js.map +1 -1
package/src/prompt/flows/get-prompt.flow.d.ts +97 -2
package/src/prompt/flows/prompts-list.flow.d.ts +12 -1
package/src/provider/provider.registry.d.ts +97 -5
package/src/provider/provider.registry.js +306 -9
package/src/provider/provider.registry.js.map +1 -1
package/src/provider/provider.types.d.ts +21 -3
package/src/provider/provider.types.js.map +1 -1
package/src/resource/flows/read-resource.flow.d.ts +22 -3
package/src/resource/flows/resource-templates-list.flow.d.ts +20 -1
package/src/resource/flows/resources-list.flow.d.ts +20 -1
package/src/resource/flows/subscribe-resource.flow.d.ts +17 -2
package/src/resource/flows/unsubscribe-resource.flow.d.ts +17 -2
package/src/scope/flows/http.request.flow.js +43 -7
package/src/scope/flows/http.request.flow.js.map +1 -1
package/src/scope/scope.instance.js +12 -5
package/src/scope/scope.instance.js.map +1 -1
package/src/server/adapters/base.host.adapter.d.ts +9 -0
package/src/server/adapters/base.host.adapter.js.map +1 -1
package/src/server/adapters/express.host.adapter.d.ts +12 -0
package/src/server/adapters/express.host.adapter.js +21 -1
package/src/server/adapters/express.host.adapter.js.map +1 -1
package/src/server/server.instance.d.ts +3 -0
package/src/server/server.instance.js +14 -7
package/src/server/server.instance.js.map +1 -1
package/src/tool/flows/call-tool.flow.d.ts +118 -13
package/src/tool/flows/call-tool.flow.js +240 -194
package/src/tool/flows/call-tool.flow.js.map +1 -1
package/src/tool/flows/tools-list.flow.d.ts +25 -11
package/src/tool/flows/tools-list.flow.js +82 -31
package/src/tool/flows/tools-list.flow.js.map +1 -1
package/src/tool/tool.instance.d.ts +1 -4
package/src/transport/adapters/transport.streamable-http.adapter.js +1 -0
package/src/transport/adapters/transport.streamable-http.adapter.js.map +1 -1
package/src/transport/flows/handle.sse.flow.js +9 -2
package/src/transport/flows/handle.sse.flow.js.map +1 -1
package/src/transport/flows/handle.streamable-http.flow.js +63 -6
package/src/transport/flows/handle.streamable-http.flow.js.map +1 -1
package/src/transport/mcp-handlers/complete-request.handler.d.ts +27 -1
package/src/transport/mcp-handlers/get-prompt-request.handler.d.ts +52 -1
package/src/transport/mcp-handlers/index.d.ts +413 -7
package/src/transport/mcp-handlers/initialize-request.handler.js +12 -2
package/src/transport/mcp-handlers/initialize-request.handler.js.map +1 -1
package/src/transport/mcp-handlers/list-prompts-request.handler.d.ts +27 -1
package/src/transport/mcp-handlers/list-resource-templates-request.handler.d.ts +32 -1
package/src/transport/mcp-handlers/list-resources-request.handler.d.ts +32 -1
package/src/transport/mcp-handlers/list-tools-request.handler.d.ts +30 -1
package/src/transport/mcp-handlers/logging-set-level-request.handler.d.ts +20 -0
package/src/transport/mcp-handlers/read-resource-request.handler.d.ts +27 -1
package/src/transport/mcp-handlers/subscribe-request.handler.d.ts +20 -0
package/src/transport/mcp-handlers/unsubscribe-request.handler.d.ts +20 -0
package/src/transport/transport.registry.d.ts +68 -4
package/src/transport/transport.registry.js +313 -11
package/src/transport/transport.registry.js.map +1 -1
package/src/auth/ui/htmx-templates.js.map +0 -1
package/src/common/providers/session.provider.d.ts +0 -13
package/src/common/providers/session.provider.js +0 -27
package/src/common/providers/session.provider.js.map +0 -1

package/src/transport/transport.registry.d.ts CHANGED Viewed

@@ -1,6 +1,7 @@
 import { Transporter, TransportType } from './transport.types';
-import { ServerResponse } from '../common';
+import { ServerResponse, TransportPersistenceConfigInput } from '../common';
 import { Scope } from '../scope';
+import { StoredSession } from '../auth/session';
 export declare class TransportService {
     readonly ready: Promise<void>;
     private readonly byType;
@@ -12,15 +13,60 @@ export declare class TransportService {
      * Used to differentiate between "session never initialized" (HTTP 400) and
      * "session expired/terminated" (HTTP 404) per MCP Spec 2025-11-25.
      *
-     * Key: "type:tokenHash:sessionId", Value: creation timestamp
+     * Key: JSON-encoded {type, tokenHash, sessionId}, Value: creation timestamp
+     * Note: We use JSON instead of colon-delimiter because sessionId can contain colons.
      */
     private readonly sessionHistory;
     private readonly MAX_SESSION_HISTORY;
-    constructor(scope: Scope);
+    /**
+     * Redis session store for transport persistence
+     * Used to persist session metadata across server restarts
+     */
+    private sessionStore?;
+    /**
+     * Transport persistence configuration
+     */
+    private persistenceConfig?;
+    /**
+     * Mutex map for preventing concurrent transport creation for the same key.
+     * Key: JSON-encoded {t: type, h: tokenHash, s: sessionId}, Value: Promise that resolves when creation completes
+     */
+    private readonly creationMutex;
+    constructor(scope: Scope, persistenceConfig?: TransportPersistenceConfigInput);
     private initialize;
     destroy(): Promise<void>;
     getTransporter(type: TransportType, token: string, sessionId: string): Promise<Transporter | undefined>;
+    /**
+     * Get stored session from Redis (without creating a transport).
+     * Used by flows to check if session exists and can be recreated.
+     *
+     * @param type - Transport type
+     * @param token - Authorization token
+     * @param sessionId - Session ID
+     * @returns Stored session data if exists and token matches, undefined otherwise
+     */
+    getStoredSession(type: TransportType, token: string, sessionId: string): Promise<StoredSession | undefined>;
+    /**
+     * Recreate a transport from stored session data.
+     * Must be called with a valid response object to create the actual transport.
+     *
+     * @param type - Transport type
+     * @param token - Authorization token
+     * @param sessionId - Session ID
+     * @param storedSession - Previously stored session data
+     * @param res - Server response object for the new transport
+     * @returns The recreated transport
+     */
+    recreateTransporter(type: TransportType, token: string, sessionId: string, storedSession: StoredSession, res: ServerResponse): Promise<Transporter>;
+    /**
+     * Internal method to actually recreate the transport (called with mutex protection)
+     */
+    private doRecreateTransporter;
     createTransporter(type: TransportType, token: string, sessionId: string, res: ServerResponse): Promise<Transporter>;
+    /**
+     * Internal method to actually create the transport (called with mutex protection)
+     */
+    private doCreateTransporter;
     destroyTransporter(type: TransportType, token: string, sessionId: string, reason?: string): Promise<void>;
     /**
      * Get or create a shared singleton transport for anonymous stateless requests.
@@ -37,13 +83,31 @@ export declare class TransportService {
      * Used to differentiate between "session never initialized" (HTTP 400) and
      * "session expired/terminated" (HTTP 404) per MCP Spec 2025-11-25.
      *
+     * Note: This is synchronous and only checks local history. For async Redis check,
+     * use wasSessionCreatedAsync.
+     *
      * @param type - Transport type (e.g., 'streamable-http', 'sse')
      * @param token - The authorization token
      * @param sessionId - The session ID to check
-     * @returns true if session was ever created, false otherwise
+     * @returns true if session was ever created locally, false otherwise
      */
     wasSessionCreated(type: TransportType, token: string, sessionId: string): boolean;
+    /**
+     * Async version that also checks Redis for session existence.
+     * Used when we need to check if session was ever created across server restarts.
+     */
+    wasSessionCreatedAsync(type: TransportType, token: string, sessionId: string): Promise<boolean>;
     private sha256;
+    /**
+     * Create a history key from components.
+     * Uses JSON encoding to handle sessionIds that contain special characters.
+     */
+    private makeHistoryKey;
+    /**
+     * Parse a history key back into components.
+     * Returns undefined if the key is malformed.
+     */
+    private parseHistoryKey;
     private keyOf;
     private ensureTypeBucket;
     private ensureTokenBucket;

package/src/transport/transport.registry.js CHANGED Viewed

@@ -9,6 +9,8 @@ const transport_local_1 = require("./transport.local");
 const handle_streamable_http_flow_1 = tslib_1.__importDefault(require("./flows/handle.streamable-http.flow"));
 const handle_sse_flow_1 = tslib_1.__importDefault(require("./flows/handle.sse.flow"));
 const handle_stateless_http_flow_1 = tslib_1.__importDefault(require("./flows/handle.stateless-http.flow"));
+const session_1 = require("../auth/session");
+const authorization_class_1 = require("../auth/authorization/authorization.class");
 class TransportService {
     ready;
     byType = new Map();
@@ -20,52 +22,280 @@ class TransportService {
      * Used to differentiate between "session never initialized" (HTTP 400) and
      * "session expired/terminated" (HTTP 404) per MCP Spec 2025-11-25.
      *
-     * Key: "type:tokenHash:sessionId", Value: creation timestamp
+     * Key: JSON-encoded {type, tokenHash, sessionId}, Value: creation timestamp
+     * Note: We use JSON instead of colon-delimiter because sessionId can contain colons.
      */
     sessionHistory = new Map();
     MAX_SESSION_HISTORY = 10000;
-    constructor(scope) {
+    /**
+     * Redis session store for transport persistence
+     * Used to persist session metadata across server restarts
+     */
+    sessionStore;
+    /**
+     * Transport persistence configuration
+     */
+    persistenceConfig;
+    /**
+     * Mutex map for preventing concurrent transport creation for the same key.
+     * Key: JSON-encoded {t: type, h: tokenHash, s: sessionId}, Value: Promise that resolves when creation completes
+     */
+    creationMutex = new Map();
+    constructor(scope, persistenceConfig) {
         this.scope = scope;
+        this.persistenceConfig = persistenceConfig;
         this.distributed = false; // get from scope metadata
         this.bus = undefined; // get from scope metadata
         if (this.distributed && !this.bus) {
             throw new Error('TransportRegistry: distributed=true requires a TransportBus implementation.');
         }
+        // Initialize Redis session store if persistence is enabled
+        if (persistenceConfig?.enabled && persistenceConfig.redis) {
+            this.sessionStore = new session_1.RedisSessionStore({
+                host: persistenceConfig.redis.host,
+                port: persistenceConfig.redis.port,
+                password: persistenceConfig.redis.password,
+                db: persistenceConfig.redis.db,
+                tls: persistenceConfig.redis.tls,
+                // Note: Uses 'mcp:transport:' prefix (not 'mcp:session:') to separate transport
+                // persistence data from authentication session data in the auth module
+                keyPrefix: persistenceConfig.redis.keyPrefix ?? 'mcp:transport:',
+                defaultTtlMs: persistenceConfig.defaultTtlMs ?? 3600000, // 1 hour default
+            }, this.scope.logger.child('RedisSessionStore'));
+            this.scope.logger.info('[TransportService] Redis session store initialized for transport persistence');
+        }
         this.ready = this.initialize();
     }
     async initialize() {
+        // Validate Redis connection if session store is configured
+        if (this.sessionStore) {
+            const isConnected = await this.sessionStore.ping();
+            if (!isConnected) {
+                this.scope.logger.error('[TransportService] Failed to connect to Redis - session persistence disabled');
+                // Nullify sessionStore to prevent silent failures on all subsequent operations
+                // This ensures clean graceful degradation - sessions will only persist in memory
+                await this.sessionStore.disconnect().catch(() => void 0);
+                this.sessionStore = undefined;
+            }
+            else {
+                this.scope.logger.info('[TransportService] Redis connection validated successfully');
+            }
+        }
         await this.scope.registryFlows(handle_streamable_http_flow_1.default, handle_sse_flow_1.default, handle_stateless_http_flow_1.default);
     }
     async destroy() {
-        /* empty */
+        // Close Redis connection if it was created
+        if (this.sessionStore) {
+            await this.sessionStore.disconnect();
+            this.scope.logger.info('[TransportService] Redis session store disconnected');
+        }
     }
     async getTransporter(type, token, sessionId) {
         const key = this.keyOf(type, token, sessionId);
+        // 1. Check local in-memory cache first
         const local = this.lookupLocal(key);
         if (local)
             return local;
+        // 2. Check distributed bus (if enabled)
         if (this.distributed && this.bus) {
             const location = await this.bus.lookup(key);
             if (location) {
                 return new transport_remote_1.RemoteTransporter(key, this.bus);
             }
         }
+        // Note: Redis-stored sessions require recreation via recreateTransporter()
+        // Flows should use getStoredSession() to check if session exists in Redis,
+        // then call recreateTransporter() with the response object.
         return undefined;
     }
+    /**
+     * Get stored session from Redis (without creating a transport).
+     * Used by flows to check if session exists and can be recreated.
+     *
+     * @param type - Transport type
+     * @param token - Authorization token
+     * @param sessionId - Session ID
+     * @returns Stored session data if exists and token matches, undefined otherwise
+     */
+    async getStoredSession(type, token, sessionId) {
+        if (!this.sessionStore || type !== 'streamable-http')
+            return undefined;
+        const tokenHash = this.sha256(token);
+        const stored = await this.sessionStore.get(sessionId);
+        if (!stored)
+            return undefined;
+        // Verify the token hash matches
+        if (stored.authorizationId !== tokenHash) {
+            this.scope.logger.warn('[TransportService] Session token mismatch during lookup', {
+                sessionId: sessionId.slice(0, 20),
+                storedTokenHash: stored.authorizationId.slice(0, 8),
+                requestTokenHash: tokenHash.slice(0, 8),
+            });
+            return undefined;
+        }
+        return stored;
+    }
+    /**
+     * Recreate a transport from stored session data.
+     * Must be called with a valid response object to create the actual transport.
+     *
+     * @param type - Transport type
+     * @param token - Authorization token
+     * @param sessionId - Session ID
+     * @param storedSession - Previously stored session data
+     * @param res - Server response object for the new transport
+     * @returns The recreated transport
+     */
+    async recreateTransporter(type, token, sessionId, storedSession, res) {
+        const key = this.keyOf(type, token, sessionId);
+        // Check if already recreated in memory
+        const existing = this.lookupLocal(key);
+        if (existing)
+            return existing;
+        // Use mutex to prevent concurrent recreation of the same transport
+        // Use JSON encoding for mutex key (consistent with history key format, handles colons in sessionId)
+        const mutexKey = JSON.stringify({ t: type, h: key.tokenHash, s: sessionId });
+        const pendingCreation = this.creationMutex.get(mutexKey);
+        if (pendingCreation) {
+            // Another request is already recreating this transport - wait for it
+            return pendingCreation;
+        }
+        // Recreate the transport with mutex protection
+        const recreationPromise = this.doRecreateTransporter(key, sessionId, storedSession, res);
+        this.creationMutex.set(mutexKey, recreationPromise);
+        try {
+            return await recreationPromise;
+        }
+        catch (error) {
+            // Log recreation errors for debugging
+            this.scope.logger.error('[TransportService] Failed to recreate transport from stored session', {
+                sessionId: sessionId.slice(0, 20),
+                error: error instanceof Error ? { name: error.name, message: error.message } : String(error),
+            });
+            throw error;
+        }
+        finally {
+            this.creationMutex.delete(mutexKey);
+        }
+    }
+    /**
+     * Internal method to actually recreate the transport (called with mutex protection)
+     */
+    async doRecreateTransporter(key, sessionId, storedSession, res) {
+        // Double-check in case another request completed while we were waiting
+        const existing = this.lookupLocal(key);
+        if (existing)
+            return existing;
+        this.scope.logger.info('[TransportService] Recreating transport from stored session', {
+            sessionId: sessionId.slice(0, 20),
+            protocol: storedSession.session.protocol,
+            createdAt: storedSession.createdAt,
+        });
+        // Mark session as recreated in history
+        const historyKey = this.makeHistoryKey(key.type, key.tokenHash, sessionId);
+        this.sessionHistory.set(historyKey, storedSession.createdAt);
+        const sessionStore = this.sessionStore;
+        const persistenceConfig = this.persistenceConfig;
+        // Create new transport
+        const transporter = new transport_local_1.LocalTransporter(this.scope, key, res, () => {
+            key.sessionId = sessionId;
+            this.evictLocal(key);
+            if (this.distributed && this.bus) {
+                this.bus.revoke(key).catch(() => void 0);
+            }
+            // Remove from Redis on dispose
+            if (sessionStore) {
+                sessionStore.delete(sessionId).catch(() => void 0);
+            }
+        });
+        await transporter.ready();
+        this.insertLocal(key, transporter);
+        // Update session access time in Redis
+        if (sessionStore) {
+            const updatedSession = {
+                ...storedSession,
+                lastAccessedAt: Date.now(),
+            };
+            sessionStore.set(sessionId, updatedSession, persistenceConfig?.defaultTtlMs).catch((err) => {
+                this.scope.logger.warn('[TransportService] Failed to update session in Redis', {
+                    sessionId: sessionId.slice(0, 20),
+                    error: err instanceof Error ? err.message : String(err),
+                });
+            });
+        }
+        if (this.distributed && this.bus) {
+            await this.bus.advertise(key);
+        }
+        return transporter;
+    }
     async createTransporter(type, token, sessionId, res) {
         const key = this.keyOf(type, token, sessionId);
+        // Check if already exists
+        const existing = this.lookupLocal(key);
+        if (existing)
+            return existing;
+        // Use mutex to prevent concurrent creation of the same transport
+        // Use JSON encoding for mutex key (consistent with history key format, handles colons in sessionId)
+        const mutexKey = JSON.stringify({ t: type, h: key.tokenHash, s: sessionId });
+        const pendingCreation = this.creationMutex.get(mutexKey);
+        if (pendingCreation) {
+            // Another request is already creating this transport - wait for it
+            return pendingCreation;
+        }
+        // Create the transport with mutex protection
+        const creationPromise = this.doCreateTransporter(key, sessionId, res, type);
+        this.creationMutex.set(mutexKey, creationPromise);
+        try {
+            return await creationPromise;
+        }
+        finally {
+            this.creationMutex.delete(mutexKey);
+        }
+    }
+    /**
+     * Internal method to actually create the transport (called with mutex protection)
+     */
+    async doCreateTransporter(key, sessionId, res, type) {
+        // Double-check in case another request completed while we were waiting
         const existing = this.lookupLocal(key);
         if (existing)
             return existing;
+        const sessionStore = this.sessionStore;
+        const persistenceConfig = this.persistenceConfig;
         const transporter = new transport_local_1.LocalTransporter(this.scope, key, res, () => {
             key.sessionId = sessionId;
             this.evictLocal(key);
             if (this.distributed && this.bus) {
                 this.bus.revoke(key).catch(() => void 0);
             }
+            // Remove from Redis on dispose
+            if (sessionStore) {
+                sessionStore.delete(sessionId).catch(() => void 0);
+            }
         });
         await transporter.ready();
         this.insertLocal(key, transporter);
+        // Persist session to Redis (streamable-http only for now)
+        if (sessionStore && type === 'streamable-http') {
+            const storedSession = {
+                session: {
+                    id: sessionId,
+                    authorizationId: key.tokenHash,
+                    protocol: 'streamable-http',
+                    createdAt: Date.now(),
+                    nodeId: (0, authorization_class_1.getMachineId)(),
+                },
+                authorizationId: key.tokenHash,
+                createdAt: Date.now(),
+                lastAccessedAt: Date.now(),
+            };
+            sessionStore.set(sessionId, storedSession, persistenceConfig?.defaultTtlMs).catch((err) => {
+                this.scope.logger.warn('[TransportService] Failed to persist session to Redis', {
+                    sessionId: sessionId.slice(0, 20),
+                    error: err instanceof Error ? err.message : String(err),
+                });
+            });
+        }
         if (this.distributed && this.bus) {
             await this.bus.advertise(key);
         }
@@ -138,20 +368,63 @@ class TransportService {
      * Used to differentiate between "session never initialized" (HTTP 400) and
      * "session expired/terminated" (HTTP 404) per MCP Spec 2025-11-25.
      *
+     * Note: This is synchronous and only checks local history. For async Redis check,
+     * use wasSessionCreatedAsync.
+     *
      * @param type - Transport type (e.g., 'streamable-http', 'sse')
      * @param token - The authorization token
      * @param sessionId - The session ID to check
-     * @returns true if session was ever created, false otherwise
+     * @returns true if session was ever created locally, false otherwise
      */
     wasSessionCreated(type, token, sessionId) {
         const tokenHash = this.sha256(token);
-        const historyKey = `${type}:${tokenHash}:${sessionId}`;
+        const historyKey = this.makeHistoryKey(type, tokenHash, sessionId);
         return this.sessionHistory.has(historyKey);
     }
+    /**
+     * Async version that also checks Redis for session existence.
+     * Used when we need to check if session was ever created across server restarts.
+     */
+    async wasSessionCreatedAsync(type, token, sessionId) {
+        // Check local history first (fast path)
+        if (this.wasSessionCreated(type, token, sessionId)) {
+            return true;
+        }
+        // Check Redis if available - use getStoredSession() to verify token hash
+        // (sessionStore.exists() would leak session existence to unauthorized callers)
+        if (this.sessionStore && type === 'streamable-http') {
+            const stored = await this.getStoredSession(type, token, sessionId);
+            return stored !== undefined;
+        }
+        return false;
+    }
     /* --------------------------------- internals -------------------------------- */
     sha256(value) {
         return (0, crypto_1.createHash)('sha256').update(value, 'utf8').digest('hex');
     }
+    /**
+     * Create a history key from components.
+     * Uses JSON encoding to handle sessionIds that contain special characters.
+     */
+    makeHistoryKey(type, tokenHash, sessionId) {
+        return JSON.stringify({ t: type, h: tokenHash, s: sessionId });
+    }
+    /**
+     * Parse a history key back into components.
+     * Returns undefined if the key is malformed.
+     */
+    parseHistoryKey(key) {
+        try {
+            const parsed = JSON.parse(key);
+            if (typeof parsed.t === 'string' && typeof parsed.h === 'string' && typeof parsed.s === 'string') {
+                return { type: parsed.t, tokenHash: parsed.h, sessionId: parsed.s };
+            }
+            return undefined;
+        }
+        catch {
+            return undefined;
+        }
+    }
     keyOf(type, token, sessionId, sessionIdSse) {
         return {
             type,
@@ -191,15 +464,44 @@ class TransportService {
         const tokenBucket = this.ensureTokenBucket(typeBucket, key.tokenHash);
         tokenBucket.set(key.sessionId, t);
         // Record session creation in history for HTTP 404 detection
-        const historyKey = `${key.type}:${key.tokenHash}:${key.sessionId}`;
+        const historyKey = this.makeHistoryKey(key.type, key.tokenHash, key.sessionId);
         this.sessionHistory.set(historyKey, Date.now());
-        // Evict oldest entries if cache exceeds max size (LRU-like eviction)
+        // Evict oldest entries if cache exceeds max size
+        // Only evict entries that don't have active transports (to avoid inconsistent state)
         if (this.sessionHistory.size > this.MAX_SESSION_HISTORY) {
             const entries = [...this.sessionHistory.entries()].sort((a, b) => a[1] - b[1]);
-            // Remove oldest 10% of entries
-            const toEvict = Math.ceil(this.MAX_SESSION_HISTORY * 0.1);
-            for (let i = 0; i < toEvict && i < entries.length; i++) {
-                this.sessionHistory.delete(entries[i][0]);
+            // Try to remove oldest 10% of entries (skip those with active transports)
+            const targetEvictions = Math.ceil(this.MAX_SESSION_HISTORY * 0.1);
+            let evicted = 0;
+            for (const [histKey] of entries) {
+                if (evicted >= targetEvictions)
+                    break;
+                // Parse history key to check if transport still exists
+                const parsed = this.parseHistoryKey(histKey);
+                if (!parsed) {
+                    // Invalid key format - safe to evict
+                    this.sessionHistory.delete(histKey);
+                    evicted++;
+                    continue;
+                }
+                const { type, tokenHash, sessionId } = parsed;
+                const typeBucket = this.byType.get(type);
+                const tokenBucket = typeBucket?.get(tokenHash);
+                const hasActiveTransport = tokenBucket?.has(sessionId) ?? false;
+                // Only evict if there's no active transport for this session
+                if (!hasActiveTransport) {
+                    this.sessionHistory.delete(histKey);
+                    evicted++;
+                }
+            }
+            // Log warning if we couldn't evict enough entries (all have active transports)
+            if (evicted < targetEvictions) {
+                this.scope.logger.warn('[TransportService] Session history eviction: unable to free target memory', {
+                    targetEvictions,
+                    actualEvictions: evicted,
+                    currentSize: this.sessionHistory.size,
+                    maxSize: this.MAX_SESSION_HISTORY,
+                });
             }
         }
     }

package/src/transport/transport.registry.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"transport.registry.js","sourceRoot":"","sources":["../../../src/transport/transport.registry.ts"],"names":[],"mappings":";;;;AAAA,yCAAyC;AACzC,mCAAoC;AAUpC,yDAAuD;AACvD,uDAAqD;AAGrD,8GAA2E;AAC3E,sFAAoD;AACpD,4GAAyE;AAEzE,MAAa,gBAAgB;IAClB,KAAK,CAAgB;IACb,MAAM,GAA4B,IAAI,GAAG,EAAE,CAAC;IAC5C,WAAW,CAAU;IACrB,GAAG,CAAgB;IACnB,KAAK,CAAQ;IAE9B;;;;;;OAMG;IACc,cAAc,GAAwB,IAAI,GAAG,EAAE,CAAC;IAChD,mBAAmB,GAAG,KAAK,CAAC;IAE7C,YAAY,KAAY;QACtB,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACnB,IAAI,CAAC,WAAW,GAAG,KAAK,CAAC,CAAC,0BAA0B;QACpD,IAAI,CAAC,GAAG,GAAG,SAAS,CAAC,CAAC,0BAA0B;QAChD,IAAI,IAAI,CAAC,WAAW,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;YAClC,MAAM,IAAI,KAAK,CAAC,6EAA6E,CAAC,CAAC;QACjG,CAAC;QAED,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;IACjC,CAAC;IAEO,KAAK,CAAC,UAAU;QACtB,MAAM,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,qCAAwB,EAAE,yBAAa,EAAE,oCAAuB,CAAC,CAAC;IACnG,CAAC;IAED,KAAK,CAAC,OAAO;QACX,WAAW;IACb,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,IAAmB,EAAE,KAAa,EAAE,SAAiB;QACxE,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,EAAE,SAAS,CAAC,CAAC;QAE/C,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;QACpC,IAAI,KAAK;YAAE,OAAO,KAAK,CAAC;QAExB,IAAI,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;YACjC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAC5C,IAAI,QAAQ,EAAE,CAAC;gBACb,OAAO,IAAI,oCAAiB,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;YAC9C,CAAC;QACH,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,KAAK,CAAC,iBAAiB,CACrB,IAAmB,EACnB,KAAa,EACb,SAAiB,EACjB,GAAmB;QAEnB,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,EAAE,SAAS,CAAC,CAAC;QAC/C,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;QACvC,IAAI,QAAQ;YAAE,OAAO,QAAQ,CAAC;QAE9B,MAAM,WAAW,GAAG,IAAI,kCAAgB,CAAC,IAAI,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE;YAClE,GAAG,CAAC,SAAS,GAAG,SAAS,CAAC;YAC1B,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;YACrB,IAAI,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;gBACjC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC;YAC3C,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,MAAM,WAAW,CAAC,KAAK,EAAE,CAAC;QAE1B,IAAI,CAAC,WAAW,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;QAEnC,IAAI,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;YACjC,MAAM,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QAChC,CAAC;QAED,OAAO,WAAW,CAAC;IACrB,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,IAAmB,EAAE,KAAa,EAAE,SAAiB,EAAE,MAAe;QAC7F,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,EAAE,SAAS,CAAC,CAAC;QAE/C,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;QACpC,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;YAC5B,OAAO;QACT,CAAC;QAED,IAAI,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;YACjC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAC5C,IAAI,QAAQ,EAAE,CAAC;gBACb,MAAM,IAAI,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;gBAC1C,OAAO;YACT,CAAC;QACH,CAAC;QAED,MAAM,IAAI,KAAK,CAAC,2DAA2D,CAAC,CAAC;IAC/E,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,sCAAsC,CAAC,IAAmB,EAAE,GAAmB;QACnF,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,eAAe,EAAE,eAAe,CAAC,CAAC;QAC/D,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;QACvC,IAAI,QAAQ;YAAE,OAAO,QAAQ,CAAC;QAE9B,qDAAqD;QACrD,MAAM,WAAW,GAAG,IAAI,kCAAgB,CAAC,IAAI,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE;YAClE,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;YACrB,IAAI,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;gBACjC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC;YAC3C,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,MAAM,WAAW,CAAC,KAAK,EAAE,CAAC;QAC1B,IAAI,CAAC,WAAW,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;QAEnC,IAAI,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;YACjC,MAAM,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QAChC,CAAC;QAED,OAAO,WAAW,CAAC;IACrB,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,0CAA0C,CAC9C,IAAmB,EACnB,KAAa,EACb,GAAmB;QAEnB,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,EAAE,eAAe,CAAC,CAAC;QACrD,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;QACvC,IAAI,QAAQ;YAAE,OAAO,QAAQ,CAAC;QAE9B,4CAA4C;QAC5C,MAAM,WAAW,GAAG,IAAI,kCAAgB,CAAC,IAAI,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE;YAClE,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;YACrB,IAAI,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;gBACjC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC;YAC3C,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,MAAM,WAAW,CAAC,KAAK,EAAE,CAAC;QAC1B,IAAI,CAAC,WAAW,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;QAEnC,IAAI,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;YACjC,MAAM,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QAChC,CAAC;QAED,OAAO,WAAW,CAAC;IACrB,CAAC;IAED;;;;;;;;;OASG;IACH,iBAAiB,CAAC,IAAmB,EAAE,KAAa,EAAE,SAAiB;QACrE,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACrC,MAAM,UAAU,GAAG,GAAG,IAAI,IAAI,SAAS,IAAI,SAAS,EAAE,CAAC;QACvD,OAAO,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC7C,CAAC;IAED,kFAAkF;IAE1E,MAAM,CAAC,KAAa;QAC1B,OAAO,IAAA,mBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAClE,CAAC;IAEO,KAAK,CAAC,IAAmB,EAAE,KAAa,EAAE,SAAiB,EAAE,YAAqB;QACxF,OAAO;YACL,IAAI;YACJ,KAAK;YACL,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC;YAC7B,SAAS;YACT,YAAY;SACb,CAAC;IACJ,CAAC;IAEO,gBAAgB,CAAC,IAAmB;QAC1C,IAAI,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACnC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,GAAG,IAAI,GAAG,EAAgC,CAAC;YACjD,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAChC,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,iBAAiB,CAAC,UAA+B,EAAE,SAAiB;QAC1E,IAAI,MAAM,GAAG,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QACvC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,GAAG,IAAI,GAAG,EAAuB,CAAC;YACxC,UAAU,CAAC,GAAG,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;QACpC,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,WAAW,CAAC,GAAiB;QACnC,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC7C,IAAI,CAAC,UAAU;YAAE,OAAO,SAAS,CAAC;QAClC,MAAM,WAAW,GAAG,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAClD,IAAI,CAAC,WAAW;YAAE,OAAO,SAAS,CAAC;QACnC,OAAO,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IACxC,CAAC;IAEO,WAAW,CAAC,GAAiB,EAAE,CAAc;QACnD,MAAM,UAAU,GAAG,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACnD,MAAM,WAAW,GAAG,IAAI,CAAC,iBAAiB,CAAC,UAAU,EAAE,GAAG,CAAC,SAAS,CAAC,CAAC;QACtE,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC;QAElC,4DAA4D;QAC5D,MAAM,UAAU,GAAG,GAAG,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,SAAS,IAAI,GAAG,CAAC,SAAS,EAAE,CAAC;QACnE,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;QAEhD,qEAAqE;QACrE,IAAI,IAAI,CAAC,cAAc,CAAC,IAAI,GAAG,IAAI,CAAC,mBAAmB,EAAE,CAAC;YACxD,MAAM,OAAO,GAAG,CAAC,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC/E,+BAA+B;YAC/B,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,mBAAmB,GAAG,GAAG,CAAC,CAAC;YAC1D,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,OAAO,IAAI,CAAC,GAAG,OAAO,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;gBACvD,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC5C,CAAC;QACH,CAAC;IACH,CAAC;IAEO,UAAU,CAAC,GAAiB;QAClC,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC7C,IAAI,CAAC,UAAU;YAAE,OAAO;QACxB,MAAM,WAAW,GAAG,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAClD,IAAI,CAAC,WAAW;YAAE,OAAO;QACzB,WAAW,CAAC,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAClC,IAAI,WAAW,CAAC,IAAI,KAAK,CAAC;YAAE,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC7D,IAAI,UAAU,CAAC,IAAI,KAAK,CAAC;YAAE,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAC1D,CAAC;CACF;AAtPD,4CAsPC","sourcesContent":["// server/transport/transport.registry.ts\nimport { createHash } from 'crypto';\nimport {\n TransportBus,\n Transporter,\n TransportKey,\n TransportRegistryBucket,\n TransportTokenBucket,\n TransportType,\n TransportTypeBucket,\n} from './transport.types';\nimport { RemoteTransporter } from './transport.remote';\nimport { LocalTransporter } from './transport.local';\nimport { ServerResponse } from '../common';\nimport { Scope } from '../scope';\nimport HandleStreamableHttpFlow from './flows/handle.streamable-http.flow';\nimport HandleSseFlow from './flows/handle.sse.flow';\nimport HandleStatelessHttpFlow from './flows/handle.stateless-http.flow';\n\nexport class TransportService {\n readonly ready: Promise<void>;\n private readonly byType: TransportRegistryBucket = new Map();\n private readonly distributed: boolean;\n private readonly bus?: TransportBus;\n private readonly scope: Scope;\n\n /*\n Session history cache for tracking if sessions were ever created.\n * Used to differentiate between \"session never initialized\" (HTTP 400) and\n * \"session expired/terminated\" (HTTP 404) per MCP Spec 2025-11-25.\n \n Key: \"type:tokenHash:sessionId\", Value: creation timestamp\n /\n private readonly sessionHistory: Map<string, number> = new Map();\n private readonly MAX_SESSION_HISTORY = 10000;\n\n constructor(scope: Scope) {\n this.scope = scope;\n this.distributed = false; // get from scope metadata\n this.bus = undefined; // get from scope metadata\n if (this.distributed && !this.bus) {\n throw new Error('TransportRegistry: distributed=true requires a TransportBus implementation.');\n }\n\n this.ready = this.initialize();\n }\n\n private async initialize() {\n await this.scope.registryFlows(HandleStreamableHttpFlow, HandleSseFlow, HandleStatelessHttpFlow);\n }\n\n async destroy() {\n / empty /\n }\n\n async getTransporter(type: TransportType, token: string, sessionId: string): Promise<Transporter \| undefined> {\n const key = this.keyOf(type, token, sessionId);\n\n const local = this.lookupLocal(key);\n if (local) return local;\n\n if (this.distributed && this.bus) {\n const location = await this.bus.lookup(key);\n if (location) {\n return new RemoteTransporter(key, this.bus);\n }\n }\n\n return undefined;\n }\n\n async createTransporter(\n type: TransportType,\n token: string,\n sessionId: string,\n res: ServerResponse,\n ): Promise<Transporter> {\n const key = this.keyOf(type, token, sessionId);\n const existing = this.lookupLocal(key);\n if (existing) return existing;\n\n const transporter = new LocalTransporter(this.scope, key, res, () => {\n key.sessionId = sessionId;\n this.evictLocal(key);\n if (this.distributed && this.bus) {\n this.bus.revoke(key).catch(() => void 0);\n }\n });\n\n await transporter.ready();\n\n this.insertLocal(key, transporter);\n\n if (this.distributed && this.bus) {\n await this.bus.advertise(key);\n }\n\n return transporter;\n }\n\n async destroyTransporter(type: TransportType, token: string, sessionId: string, reason?: string): Promise<void> {\n const key = this.keyOf(type, token, sessionId);\n\n const local = this.lookupLocal(key);\n if (local) {\n await local.destroy(reason);\n return;\n }\n\n if (this.distributed && this.bus) {\n const location = await this.bus.lookup(key);\n if (location) {\n await this.bus.destroyRemote(key, reason);\n return;\n }\n }\n\n throw new Error('Invalid session: cannot destroy non-existent transporter.');\n }\n\n /\n Get or create a shared singleton transport for anonymous stateless requests.\n * All anonymous requests share the same transport instance.\n /\n async getOrCreateAnonymousStatelessTransport(type: TransportType, res: ServerResponse): Promise<Transporter> {\n const key = this.keyOf(type, '__anonymous__', '__stateless__');\n const existing = this.lookupLocal(key);\n if (existing) return existing;\n\n // Create shared transport for all anonymous requests\n const transporter = new LocalTransporter(this.scope, key, res, () => {\n this.evictLocal(key);\n if (this.distributed && this.bus) {\n this.bus.revoke(key).catch(() => void 0);\n }\n });\n\n await transporter.ready();\n this.insertLocal(key, transporter);\n\n if (this.distributed && this.bus) {\n await this.bus.advertise(key);\n }\n\n return transporter;\n }\n\n /\n Get or create a singleton transport for authenticated stateless requests.\n * Each unique token gets its own singleton transport.\n /\n async getOrCreateAuthenticatedStatelessTransport(\n type: TransportType,\n token: string,\n res: ServerResponse,\n ): Promise<Transporter> {\n const key = this.keyOf(type, token, '__stateless__');\n const existing = this.lookupLocal(key);\n if (existing) return existing;\n\n // Create singleton transport for this token\n const transporter = new LocalTransporter(this.scope, key, res, () => {\n this.evictLocal(key);\n if (this.distributed && this.bus) {\n this.bus.revoke(key).catch(() => void 0);\n }\n });\n\n await transporter.ready();\n this.insertLocal(key, transporter);\n\n if (this.distributed && this.bus) {\n await this.bus.advertise(key);\n }\n\n return transporter;\n }\n\n /\n Check if a session was ever created (even if it's been terminated/evicted).\n * Used to differentiate between \"session never initialized\" (HTTP 400) and\n * \"session expired/terminated\" (HTTP 404) per MCP Spec 2025-11-25.\n \n @param type - Transport type (e.g., 'streamable-http', 'sse')\n * @param token - The authorization token\n * @param sessionId - The session ID to check\n * @returns true if session was ever created, false otherwise\n /\n wasSessionCreated(type: TransportType, token: string, sessionId: string): boolean {\n const tokenHash = this.sha256(token);\n const historyKey = `${type}:${tokenHash}:${sessionId}`;\n return this.sessionHistory.has(historyKey);\n }\n\n / --------------------------------- internals -------------------------------- /\n\n private sha256(value: string): string {\n return createHash('sha256').update(value, 'utf8').digest('hex');\n }\n\n private keyOf(type: TransportType, token: string, sessionId: string, sessionIdSse?: string): TransportKey {\n return {\n type,\n token,\n tokenHash: this.sha256(token),\n sessionId,\n sessionIdSse,\n };\n }\n\n private ensureTypeBucket(type: TransportType): TransportTypeBucket {\n let bucket = this.byType.get(type);\n if (!bucket) {\n bucket = new Map<string, TransportTokenBucket>();\n this.byType.set(type, bucket);\n }\n return bucket;\n }\n\n private ensureTokenBucket(typeBucket: TransportTypeBucket, tokenHash: string): TransportTokenBucket {\n let bucket = typeBucket.get(tokenHash);\n if (!bucket) {\n bucket = new Map<string, Transporter>();\n typeBucket.set(tokenHash, bucket);\n }\n return bucket;\n }\n\n private lookupLocal(key: TransportKey): Transporter \| undefined {\n const typeBucket = this.byType.get(key.type);\n if (!typeBucket) return undefined;\n const tokenBucket = typeBucket.get(key.tokenHash);\n if (!tokenBucket) return undefined;\n return tokenBucket.get(key.sessionId);\n }\n\n private insertLocal(key: TransportKey, t: Transporter): void {\n const typeBucket = this.ensureTypeBucket(key.type);\n const tokenBucket = this.ensureTokenBucket(typeBucket, key.tokenHash);\n tokenBucket.set(key.sessionId, t);\n\n // Record session creation in history for HTTP 404 detection\n const historyKey = `${key.type}:${key.tokenHash}:${key.sessionId}`;\n this.sessionHistory.set(historyKey, Date.now());\n\n // Evict oldest entries if cache exceeds max size (LRU-like eviction)\n if (this.sessionHistory.size > this.MAX_SESSION_HISTORY) {\n const entries = [...this.sessionHistory.entries()].sort((a, b) => a[1] - b[1]);\n // Remove oldest 10% of entries\n const toEvict = Math.ceil(this.MAX_SESSION_HISTORY 0.1);\n for (let i = 0; i < toEvict && i < entries.length; i++) {\n this.sessionHistory.delete(entries[i][0]);\n }\n }\n }\n\n private evictLocal(key: TransportKey): void {\n const typeBucket = this.byType.get(key.type);\n if (!typeBucket) return;\n const tokenBucket = typeBucket.get(key.tokenHash);\n if (!tokenBucket) return;\n tokenBucket.delete(key.sessionId);\n if (tokenBucket.size === 0) typeBucket.delete(key.tokenHash);\n if (typeBucket.size === 0) this.byType.delete(key.type);\n }\n}\n"]}
1	+ {"version":3,"file":"transport.registry.js","sourceRoot":"","sources":["../../../src/transport/transport.registry.ts"],"names":[],"mappings":";;;;AAAA,yCAAyC;AACzC,mCAAoC;AAUpC,yDAAuD;AACvD,uDAAqD;AAGrD,8GAA2E;AAC3E,sFAAoD;AACpD,4GAAyE;AACzE,6CAAmE;AACnE,mFAAyE;AAEzE,MAAa,gBAAgB;IAClB,KAAK,CAAgB;IACb,MAAM,GAA4B,IAAI,GAAG,EAAE,CAAC;IAC5C,WAAW,CAAU;IACrB,GAAG,CAAgB;IACnB,KAAK,CAAQ;IAE9B;;;;;;;OAOG;IACc,cAAc,GAAwB,IAAI,GAAG,EAAE,CAAC;IAChD,mBAAmB,GAAG,KAAK,CAAC;IAE7C;;;OAGG;IACK,YAAY,CAAqB;IAEzC;;OAEG;IACK,iBAAiB,CAAmC;IAE5D;;;OAGG;IACc,aAAa,GAAsC,IAAI,GAAG,EAAE,CAAC;IAE9E,YAAY,KAAY,EAAE,iBAAmD;QAC3E,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACnB,IAAI,CAAC,iBAAiB,GAAG,iBAAiB,CAAC;QAC3C,IAAI,CAAC,WAAW,GAAG,KAAK,CAAC,CAAC,0BAA0B;QACpD,IAAI,CAAC,GAAG,GAAG,SAAS,CAAC,CAAC,0BAA0B;QAChD,IAAI,IAAI,CAAC,WAAW,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;YAClC,MAAM,IAAI,KAAK,CAAC,6EAA6E,CAAC,CAAC;QACjG,CAAC;QAED,2DAA2D;QAC3D,IAAI,iBAAiB,EAAE,OAAO,IAAI,iBAAiB,CAAC,KAAK,EAAE,CAAC;YAC1D,IAAI,CAAC,YAAY,GAAG,IAAI,2BAAiB,CACvC;gBACE,IAAI,EAAE,iBAAiB,CAAC,KAAK,CAAC,IAAI;gBAClC,IAAI,EAAE,iBAAiB,CAAC,KAAK,CAAC,IAAI;gBAClC,QAAQ,EAAE,iBAAiB,CAAC,KAAK,CAAC,QAAQ;gBAC1C,EAAE,EAAE,iBAAiB,CAAC,KAAK,CAAC,EAAE;gBAC9B,GAAG,EAAE,iBAAiB,CAAC,KAAK,CAAC,GAAG;gBAChC,gFAAgF;gBAChF,uEAAuE;gBACvE,SAAS,EAAE,iBAAiB,CAAC,KAAK,CAAC,SAAS,IAAI,gBAAgB;gBAChE,YAAY,EAAE,iBAAiB,CAAC,YAAY,IAAI,OAAO,EAAE,iBAAiB;aAC3E,EACD,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAC7C,CAAC;YACF,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,8EAA8E,CAAC,CAAC;QACzG,CAAC;QAED,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,UAAU,EAAE,CAAC;IACjC,CAAC;IAEO,KAAK,CAAC,UAAU;QACtB,2DAA2D;QAC3D,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACtB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,IAAI,EAAE,CAAC;YACnD,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,8EAA8E,CAAC,CAAC;gBACxG,+EAA+E;gBAC/E,iFAAiF;gBACjF,MAAM,IAAI,CAAC,YAAY,CAAC,UAAU,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC;gBACzD,IAAI,CAAC,YAAY,GAAG,SAAS,CAAC;YAChC,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,4DAA4D,CAAC,CAAC;YACvF,CAAC;QACH,CAAC;QAED,MAAM,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,qCAAwB,EAAE,yBAAa,EAAE,oCAAuB,CAAC,CAAC;IACnG,CAAC;IAED,KAAK,CAAC,OAAO;QACX,2CAA2C;QAC3C,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;YACtB,MAAM,IAAI,CAAC,YAAY,CAAC,UAAU,EAAE,CAAC;YACrC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,qDAAqD,CAAC,CAAC;QAChF,CAAC;IACH,CAAC;IAED,KAAK,CAAC,cAAc,CAAC,IAAmB,EAAE,KAAa,EAAE,SAAiB;QACxE,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,EAAE,SAAS,CAAC,CAAC;QAE/C,uCAAuC;QACvC,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;QACpC,IAAI,KAAK;YAAE,OAAO,KAAK,CAAC;QAExB,wCAAwC;QACxC,IAAI,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;YACjC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAC5C,IAAI,QAAQ,EAAE,CAAC;gBACb,OAAO,IAAI,oCAAiB,CAAC,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC,CAAC;YAC9C,CAAC;QACH,CAAC;QAED,2EAA2E;QAC3E,2EAA2E;QAC3E,4DAA4D;QAE5D,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;;;;;;;OAQG;IACH,KAAK,CAAC,gBAAgB,CAAC,IAAmB,EAAE,KAAa,EAAE,SAAiB;QAC1E,IAAI,CAAC,IAAI,CAAC,YAAY,IAAI,IAAI,KAAK,iBAAiB;YAAE,OAAO,SAAS,CAAC;QAEvE,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACrC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QACtD,IAAI,CAAC,MAAM;YAAE,OAAO,SAAS,CAAC;QAE9B,gCAAgC;QAChC,IAAI,MAAM,CAAC,eAAe,KAAK,SAAS,EAAE,CAAC;YACzC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,yDAAyD,EAAE;gBAChF,SAAS,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;gBACjC,eAAe,EAAE,MAAM,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;gBACnD,gBAAgB,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC;aACxC,CAAC,CAAC;YACH,OAAO,SAAS,CAAC;QACnB,CAAC;QAED,OAAO,MAAM,CAAC;IAChB,CAAC;IAED;;;;;;;;;;OAUG;IACH,KAAK,CAAC,mBAAmB,CACvB,IAAmB,EACnB,KAAa,EACb,SAAiB,EACjB,aAA4B,EAC5B,GAAmB;QAEnB,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,EAAE,SAAS,CAAC,CAAC;QAE/C,uCAAuC;QACvC,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;QACvC,IAAI,QAAQ;YAAE,OAAO,QAAQ,CAAC;QAE9B,mEAAmE;QACnE,oGAAoG;QACpG,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,GAAG,CAAC,SAAS,EAAE,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC;QAC7E,MAAM,eAAe,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QACzD,IAAI,eAAe,EAAE,CAAC;YACpB,qEAAqE;YACrE,OAAO,eAAe,CAAC;QACzB,CAAC;QAED,+CAA+C;QAC/C,MAAM,iBAAiB,GAAG,IAAI,CAAC,qBAAqB,CAAC,GAAG,EAAE,SAAS,EAAE,aAAa,EAAE,GAAG,CAAC,CAAC;QACzF,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,QAAQ,EAAE,iBAAiB,CAAC,CAAC;QAEpD,IAAI,CAAC;YACH,OAAO,MAAM,iBAAiB,CAAC;QACjC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,sCAAsC;YACtC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,qEAAqE,EAAE;gBAC7F,SAAS,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;gBACjC,KAAK,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;aAC7F,CAAC,CAAC;YACH,MAAM,KAAK,CAAC;QACd,CAAC;gBAAS,CAAC;YACT,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QACtC,CAAC;IACH,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,qBAAqB,CACjC,GAAiB,EACjB,SAAiB,EACjB,aAA4B,EAC5B,GAAmB;QAEnB,uEAAuE;QACvE,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;QACvC,IAAI,QAAQ;YAAE,OAAO,QAAQ,CAAC;QAE9B,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,6DAA6D,EAAE;YACpF,SAAS,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;YACjC,QAAQ,EAAE,aAAa,CAAC,OAAO,CAAC,QAAQ;YACxC,SAAS,EAAE,aAAa,CAAC,SAAS;SACnC,CAAC,CAAC;QAEH,uCAAuC;QACvC,MAAM,UAAU,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,SAAS,EAAE,SAAS,CAAC,CAAC;QAC3E,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,UAAU,EAAE,aAAa,CAAC,SAAS,CAAC,CAAC;QAE7D,MAAM,YAAY,GAAG,IAAI,CAAC,YAAY,CAAC;QACvC,MAAM,iBAAiB,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAEjD,uBAAuB;QACvB,MAAM,WAAW,GAAG,IAAI,kCAAgB,CAAC,IAAI,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE;YAClE,GAAG,CAAC,SAAS,GAAG,SAAS,CAAC;YAC1B,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;YACrB,IAAI,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;gBACjC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC;YAC3C,CAAC;YACD,+BAA+B;YAC/B,IAAI,YAAY,EAAE,CAAC;gBACjB,YAAY,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC;YACrD,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,MAAM,WAAW,CAAC,KAAK,EAAE,CAAC;QAC1B,IAAI,CAAC,WAAW,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;QAEnC,sCAAsC;QACtC,IAAI,YAAY,EAAE,CAAC;YACjB,MAAM,cAAc,GAAkB;gBACpC,GAAG,aAAa;gBAChB,cAAc,EAAE,IAAI,CAAC,GAAG,EAAE;aAC3B,CAAC;YACF,YAAY,CAAC,GAAG,CAAC,SAAS,EAAE,cAAc,EAAE,iBAAiB,EAAE,YAAY,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;gBACzF,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,sDAAsD,EAAE;oBAC7E,SAAS,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;oBACjC,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;iBACxD,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;QACL,CAAC;QAED,IAAI,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;YACjC,MAAM,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QAChC,CAAC;QAED,OAAO,WAAW,CAAC;IACrB,CAAC;IAED,KAAK,CAAC,iBAAiB,CACrB,IAAmB,EACnB,KAAa,EACb,SAAiB,EACjB,GAAmB;QAEnB,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,EAAE,SAAS,CAAC,CAAC;QAE/C,0BAA0B;QAC1B,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;QACvC,IAAI,QAAQ;YAAE,OAAO,QAAQ,CAAC;QAE9B,iEAAiE;QACjE,oGAAoG;QACpG,MAAM,QAAQ,GAAG,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,GAAG,CAAC,SAAS,EAAE,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC;QAC7E,MAAM,eAAe,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QACzD,IAAI,eAAe,EAAE,CAAC;YACpB,mEAAmE;YACnE,OAAO,eAAe,CAAC;QACzB,CAAC;QAED,6CAA6C;QAC7C,MAAM,eAAe,GAAG,IAAI,CAAC,mBAAmB,CAAC,GAAG,EAAE,SAAS,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;QAC5E,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,QAAQ,EAAE,eAAe,CAAC,CAAC;QAElD,IAAI,CAAC;YACH,OAAO,MAAM,eAAe,CAAC;QAC/B,CAAC;gBAAS,CAAC;YACT,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;QACtC,CAAC;IACH,CAAC;IAED;;OAEG;IACK,KAAK,CAAC,mBAAmB,CAC/B,GAAiB,EACjB,SAAiB,EACjB,GAAmB,EACnB,IAAmB;QAEnB,uEAAuE;QACvE,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;QACvC,IAAI,QAAQ;YAAE,OAAO,QAAQ,CAAC;QAE9B,MAAM,YAAY,GAAG,IAAI,CAAC,YAAY,CAAC;QACvC,MAAM,iBAAiB,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAEjD,MAAM,WAAW,GAAG,IAAI,kCAAgB,CAAC,IAAI,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE;YAClE,GAAG,CAAC,SAAS,GAAG,SAAS,CAAC;YAC1B,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;YACrB,IAAI,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;gBACjC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC;YAC3C,CAAC;YACD,+BAA+B;YAC/B,IAAI,YAAY,EAAE,CAAC;gBACjB,YAAY,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC;YACrD,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,MAAM,WAAW,CAAC,KAAK,EAAE,CAAC;QAE1B,IAAI,CAAC,WAAW,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;QAEnC,0DAA0D;QAC1D,IAAI,YAAY,IAAI,IAAI,KAAK,iBAAiB,EAAE,CAAC;YAC/C,MAAM,aAAa,GAAkB;gBACnC,OAAO,EAAE;oBACP,EAAE,EAAE,SAAS;oBACb,eAAe,EAAE,GAAG,CAAC,SAAS;oBAC9B,QAAQ,EAAE,iBAAiB;oBAC3B,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;oBACrB,MAAM,EAAE,IAAA,kCAAY,GAAE;iBACvB;gBACD,eAAe,EAAE,GAAG,CAAC,SAAS;gBAC9B,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;gBACrB,cAAc,EAAE,IAAI,CAAC,GAAG,EAAE;aAC3B,CAAC;YACF,YAAY,CAAC,GAAG,CAAC,SAAS,EAAE,aAAa,EAAE,iBAAiB,EAAE,YAAY,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;gBACxF,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,uDAAuD,EAAE;oBAC9E,SAAS,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;oBACjC,KAAK,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC;iBACxD,CAAC,CAAC;YACL,CAAC,CAAC,CAAC;QACL,CAAC;QAED,IAAI,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;YACjC,MAAM,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QAChC,CAAC;QAED,OAAO,WAAW,CAAC;IACrB,CAAC;IAED,KAAK,CAAC,kBAAkB,CAAC,IAAmB,EAAE,KAAa,EAAE,SAAiB,EAAE,MAAe;QAC7F,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,EAAE,SAAS,CAAC,CAAC;QAE/C,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;QACpC,IAAI,KAAK,EAAE,CAAC;YACV,MAAM,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;YAC5B,OAAO;QACT,CAAC;QAED,IAAI,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;YACjC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;YAC5C,IAAI,QAAQ,EAAE,CAAC;gBACb,MAAM,IAAI,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,EAAE,MAAM,CAAC,CAAC;gBAC1C,OAAO;YACT,CAAC;QACH,CAAC;QAED,MAAM,IAAI,KAAK,CAAC,2DAA2D,CAAC,CAAC;IAC/E,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,sCAAsC,CAAC,IAAmB,EAAE,GAAmB;QACnF,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,eAAe,EAAE,eAAe,CAAC,CAAC;QAC/D,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;QACvC,IAAI,QAAQ;YAAE,OAAO,QAAQ,CAAC;QAE9B,qDAAqD;QACrD,MAAM,WAAW,GAAG,IAAI,kCAAgB,CAAC,IAAI,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE;YAClE,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;YACrB,IAAI,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;gBACjC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC;YAC3C,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,MAAM,WAAW,CAAC,KAAK,EAAE,CAAC;QAC1B,IAAI,CAAC,WAAW,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;QAEnC,IAAI,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;YACjC,MAAM,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QAChC,CAAC;QAED,OAAO,WAAW,CAAC;IACrB,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,0CAA0C,CAC9C,IAAmB,EACnB,KAAa,EACb,GAAmB;QAEnB,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,KAAK,EAAE,eAAe,CAAC,CAAC;QACrD,MAAM,QAAQ,GAAG,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC;QACvC,IAAI,QAAQ;YAAE,OAAO,QAAQ,CAAC;QAE9B,4CAA4C;QAC5C,MAAM,WAAW,GAAG,IAAI,kCAAgB,CAAC,IAAI,CAAC,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE;YAClE,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;YACrB,IAAI,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;gBACjC,IAAI,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC;YAC3C,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,MAAM,WAAW,CAAC,KAAK,EAAE,CAAC;QAC1B,IAAI,CAAC,WAAW,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC;QAEnC,IAAI,IAAI,CAAC,WAAW,IAAI,IAAI,CAAC,GAAG,EAAE,CAAC;YACjC,MAAM,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QAChC,CAAC;QAED,OAAO,WAAW,CAAC;IACrB,CAAC;IAED;;;;;;;;;;;;OAYG;IACH,iBAAiB,CAAC,IAAmB,EAAE,KAAa,EAAE,SAAiB;QACrE,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACrC,MAAM,UAAU,GAAG,IAAI,CAAC,cAAc,CAAC,IAAI,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;QACnE,OAAO,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;IAC7C,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,sBAAsB,CAAC,IAAmB,EAAE,KAAa,EAAE,SAAiB;QAChF,wCAAwC;QACxC,IAAI,IAAI,CAAC,iBAAiB,CAAC,IAAI,EAAE,KAAK,EAAE,SAAS,CAAC,EAAE,CAAC;YACnD,OAAO,IAAI,CAAC;QACd,CAAC;QAED,yEAAyE;QACzE,+EAA+E;QAC/E,IAAI,IAAI,CAAC,YAAY,IAAI,IAAI,KAAK,iBAAiB,EAAE,CAAC;YACpD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,IAAI,EAAE,KAAK,EAAE,SAAS,CAAC,CAAC;YACnE,OAAO,MAAM,KAAK,SAAS,CAAC;QAC9B,CAAC;QAED,OAAO,KAAK,CAAC;IACf,CAAC;IAED,kFAAkF;IAE1E,MAAM,CAAC,KAAa;QAC1B,OAAO,IAAA,mBAAU,EAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IAClE,CAAC;IAED;;;OAGG;IACK,cAAc,CAAC,IAAY,EAAE,SAAiB,EAAE,SAAiB;QACvE,OAAO,IAAI,CAAC,SAAS,CAAC,EAAE,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,SAAS,EAAE,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC;IACjE,CAAC;IAED;;;OAGG;IACK,eAAe,CAAC,GAAW;QACjC,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;YAC/B,IAAI,OAAO,MAAM,CAAC,CAAC,KAAK,QAAQ,IAAI,OAAO,MAAM,CAAC,CAAC,KAAK,QAAQ,IAAI,OAAO,MAAM,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;gBACjG,OAAO,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC,EAAE,SAAS,EAAE,MAAM,CAAC,CAAC,EAAE,CAAC;YACtE,CAAC;YACD,OAAO,SAAS,CAAC;QACnB,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,SAAS,CAAC;QACnB,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,IAAmB,EAAE,KAAa,EAAE,SAAiB,EAAE,YAAqB;QACxF,OAAO;YACL,IAAI;YACJ,KAAK;YACL,SAAS,EAAE,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC;YAC7B,SAAS;YACT,YAAY;SACb,CAAC;IACJ,CAAC;IAEO,gBAAgB,CAAC,IAAmB;QAC1C,IAAI,MAAM,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACnC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,GAAG,IAAI,GAAG,EAAgC,CAAC;YACjD,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC;QAChC,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,iBAAiB,CAAC,UAA+B,EAAE,SAAiB;QAC1E,IAAI,MAAM,GAAG,UAAU,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QACvC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,GAAG,IAAI,GAAG,EAAuB,CAAC;YACxC,UAAU,CAAC,GAAG,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;QACpC,CAAC;QACD,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,WAAW,CAAC,GAAiB;QACnC,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC7C,IAAI,CAAC,UAAU;YAAE,OAAO,SAAS,CAAC;QAClC,MAAM,WAAW,GAAG,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAClD,IAAI,CAAC,WAAW;YAAE,OAAO,SAAS,CAAC;QACnC,OAAO,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IACxC,CAAC;IAEO,WAAW,CAAC,GAAiB,EAAE,CAAc;QACnD,MAAM,UAAU,GAAG,IAAI,CAAC,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QACnD,MAAM,WAAW,GAAG,IAAI,CAAC,iBAAiB,CAAC,UAAU,EAAE,GAAG,CAAC,SAAS,CAAC,CAAC;QACtE,WAAW,CAAC,GAAG,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC;QAElC,4DAA4D;QAC5D,MAAM,UAAU,GAAG,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,SAAS,EAAE,GAAG,CAAC,SAAS,CAAC,CAAC;QAC/E,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,UAAU,EAAE,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;QAEhD,iDAAiD;QACjD,qFAAqF;QACrF,IAAI,IAAI,CAAC,cAAc,CAAC,IAAI,GAAG,IAAI,CAAC,mBAAmB,EAAE,CAAC;YACxD,MAAM,OAAO,GAAG,CAAC,GAAG,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC/E,0EAA0E;YAC1E,MAAM,eAAe,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,mBAAmB,GAAG,GAAG,CAAC,CAAC;YAClE,IAAI,OAAO,GAAG,CAAC,CAAC;YAEhB,KAAK,MAAM,CAAC,OAAO,CAAC,IAAI,OAAO,EAAE,CAAC;gBAChC,IAAI,OAAO,IAAI,eAAe;oBAAE,MAAM;gBAEtC,uDAAuD;gBACvD,MAAM,MAAM,GAAG,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,CAAC;gBAC7C,IAAI,CAAC,MAAM,EAAE,CAAC;oBACZ,qCAAqC;oBACrC,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;oBACpC,OAAO,EAAE,CAAC;oBACV,SAAS;gBACX,CAAC;gBAED,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,MAAM,CAAC;gBAC9C,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,IAAqB,CAAC,CAAC;gBAC1D,MAAM,WAAW,GAAG,UAAU,EAAE,GAAG,CAAC,SAAS,CAAC,CAAC;gBAC/C,MAAM,kBAAkB,GAAG,WAAW,EAAE,GAAG,CAAC,SAAS,CAAC,IAAI,KAAK,CAAC;gBAEhE,6DAA6D;gBAC7D,IAAI,CAAC,kBAAkB,EAAE,CAAC;oBACxB,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;oBACpC,OAAO,EAAE,CAAC;gBACZ,CAAC;YACH,CAAC;YAED,+EAA+E;YAC/E,IAAI,OAAO,GAAG,eAAe,EAAE,CAAC;gBAC9B,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,2EAA2E,EAAE;oBAClG,eAAe;oBACf,eAAe,EAAE,OAAO;oBACxB,WAAW,EAAE,IAAI,CAAC,cAAc,CAAC,IAAI;oBACrC,OAAO,EAAE,IAAI,CAAC,mBAAmB;iBAClC,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAEO,UAAU,CAAC,GAAiB;QAClC,MAAM,UAAU,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAC7C,IAAI,CAAC,UAAU;YAAE,OAAO;QACxB,MAAM,WAAW,GAAG,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAClD,IAAI,CAAC,WAAW;YAAE,OAAO;QACzB,WAAW,CAAC,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAClC,IAAI,WAAW,CAAC,IAAI,KAAK,CAAC;YAAE,UAAU,CAAC,MAAM,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAC7D,IAAI,UAAU,CAAC,IAAI,KAAK,CAAC;YAAE,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IAC1D,CAAC;CACF;AAnlBD,4CAmlBC","sourcesContent":["// server/transport/transport.registry.ts\nimport { createHash } from 'crypto';\nimport {\n TransportBus,\n Transporter,\n TransportKey,\n TransportRegistryBucket,\n TransportTokenBucket,\n TransportType,\n TransportTypeBucket,\n} from './transport.types';\nimport { RemoteTransporter } from './transport.remote';\nimport { LocalTransporter } from './transport.local';\nimport { ServerResponse, TransportPersistenceConfigInput } from '../common';\nimport { Scope } from '../scope';\nimport HandleStreamableHttpFlow from './flows/handle.streamable-http.flow';\nimport HandleSseFlow from './flows/handle.sse.flow';\nimport HandleStatelessHttpFlow from './flows/handle.stateless-http.flow';\nimport { RedisSessionStore, StoredSession } from '../auth/session';\nimport { getMachineId } from '../auth/authorization/authorization.class';\n\nexport class TransportService {\n readonly ready: Promise<void>;\n private readonly byType: TransportRegistryBucket = new Map();\n private readonly distributed: boolean;\n private readonly bus?: TransportBus;\n private readonly scope: Scope;\n\n /*\n Session history cache for tracking if sessions were ever created.\n * Used to differentiate between \"session never initialized\" (HTTP 400) and\n * \"session expired/terminated\" (HTTP 404) per MCP Spec 2025-11-25.\n \n Key: JSON-encoded {type, tokenHash, sessionId}, Value: creation timestamp\n * Note: We use JSON instead of colon-delimiter because sessionId can contain colons.\n /\n private readonly sessionHistory: Map<string, number> = new Map();\n private readonly MAX_SESSION_HISTORY = 10000;\n\n /\n Redis session store for transport persistence\n * Used to persist session metadata across server restarts\n /\n private sessionStore?: RedisSessionStore;\n\n /\n Transport persistence configuration\n /\n private persistenceConfig?: TransportPersistenceConfigInput;\n\n /\n Mutex map for preventing concurrent transport creation for the same key.\n * Key: JSON-encoded {t: type, h: tokenHash, s: sessionId}, Value: Promise that resolves when creation completes\n /\n private readonly creationMutex: Map<string, Promise<Transporter>> = new Map();\n\n constructor(scope: Scope, persistenceConfig?: TransportPersistenceConfigInput) {\n this.scope = scope;\n this.persistenceConfig = persistenceConfig;\n this.distributed = false; // get from scope metadata\n this.bus = undefined; // get from scope metadata\n if (this.distributed && !this.bus) {\n throw new Error('TransportRegistry: distributed=true requires a TransportBus implementation.');\n }\n\n // Initialize Redis session store if persistence is enabled\n if (persistenceConfig?.enabled && persistenceConfig.redis) {\n this.sessionStore = new RedisSessionStore(\n {\n host: persistenceConfig.redis.host,\n port: persistenceConfig.redis.port,\n password: persistenceConfig.redis.password,\n db: persistenceConfig.redis.db,\n tls: persistenceConfig.redis.tls,\n // Note: Uses 'mcp:transport:' prefix (not 'mcp:session:') to separate transport\n // persistence data from authentication session data in the auth module\n keyPrefix: persistenceConfig.redis.keyPrefix ?? 'mcp:transport:',\n defaultTtlMs: persistenceConfig.defaultTtlMs ?? 3600000, // 1 hour default\n },\n this.scope.logger.child('RedisSessionStore'),\n );\n this.scope.logger.info('[TransportService] Redis session store initialized for transport persistence');\n }\n\n this.ready = this.initialize();\n }\n\n private async initialize() {\n // Validate Redis connection if session store is configured\n if (this.sessionStore) {\n const isConnected = await this.sessionStore.ping();\n if (!isConnected) {\n this.scope.logger.error('[TransportService] Failed to connect to Redis - session persistence disabled');\n // Nullify sessionStore to prevent silent failures on all subsequent operations\n // This ensures clean graceful degradation - sessions will only persist in memory\n await this.sessionStore.disconnect().catch(() => void 0);\n this.sessionStore = undefined;\n } else {\n this.scope.logger.info('[TransportService] Redis connection validated successfully');\n }\n }\n\n await this.scope.registryFlows(HandleStreamableHttpFlow, HandleSseFlow, HandleStatelessHttpFlow);\n }\n\n async destroy() {\n // Close Redis connection if it was created\n if (this.sessionStore) {\n await this.sessionStore.disconnect();\n this.scope.logger.info('[TransportService] Redis session store disconnected');\n }\n }\n\n async getTransporter(type: TransportType, token: string, sessionId: string): Promise<Transporter \| undefined> {\n const key = this.keyOf(type, token, sessionId);\n\n // 1. Check local in-memory cache first\n const local = this.lookupLocal(key);\n if (local) return local;\n\n // 2. Check distributed bus (if enabled)\n if (this.distributed && this.bus) {\n const location = await this.bus.lookup(key);\n if (location) {\n return new RemoteTransporter(key, this.bus);\n }\n }\n\n // Note: Redis-stored sessions require recreation via recreateTransporter()\n // Flows should use getStoredSession() to check if session exists in Redis,\n // then call recreateTransporter() with the response object.\n\n return undefined;\n }\n\n /\n Get stored session from Redis (without creating a transport).\n * Used by flows to check if session exists and can be recreated.\n \n @param type - Transport type\n * @param token - Authorization token\n * @param sessionId - Session ID\n * @returns Stored session data if exists and token matches, undefined otherwise\n /\n async getStoredSession(type: TransportType, token: string, sessionId: string): Promise<StoredSession \| undefined> {\n if (!this.sessionStore \|\| type !== 'streamable-http') return undefined;\n\n const tokenHash = this.sha256(token);\n const stored = await this.sessionStore.get(sessionId);\n if (!stored) return undefined;\n\n // Verify the token hash matches\n if (stored.authorizationId !== tokenHash) {\n this.scope.logger.warn('[TransportService] Session token mismatch during lookup', {\n sessionId: sessionId.slice(0, 20),\n storedTokenHash: stored.authorizationId.slice(0, 8),\n requestTokenHash: tokenHash.slice(0, 8),\n });\n return undefined;\n }\n\n return stored;\n }\n\n /\n Recreate a transport from stored session data.\n * Must be called with a valid response object to create the actual transport.\n \n @param type - Transport type\n * @param token - Authorization token\n * @param sessionId - Session ID\n * @param storedSession - Previously stored session data\n * @param res - Server response object for the new transport\n * @returns The recreated transport\n /\n async recreateTransporter(\n type: TransportType,\n token: string,\n sessionId: string,\n storedSession: StoredSession,\n res: ServerResponse,\n ): Promise<Transporter> {\n const key = this.keyOf(type, token, sessionId);\n\n // Check if already recreated in memory\n const existing = this.lookupLocal(key);\n if (existing) return existing;\n\n // Use mutex to prevent concurrent recreation of the same transport\n // Use JSON encoding for mutex key (consistent with history key format, handles colons in sessionId)\n const mutexKey = JSON.stringify({ t: type, h: key.tokenHash, s: sessionId });\n const pendingCreation = this.creationMutex.get(mutexKey);\n if (pendingCreation) {\n // Another request is already recreating this transport - wait for it\n return pendingCreation;\n }\n\n // Recreate the transport with mutex protection\n const recreationPromise = this.doRecreateTransporter(key, sessionId, storedSession, res);\n this.creationMutex.set(mutexKey, recreationPromise);\n\n try {\n return await recreationPromise;\n } catch (error) {\n // Log recreation errors for debugging\n this.scope.logger.error('[TransportService] Failed to recreate transport from stored session', {\n sessionId: sessionId.slice(0, 20),\n error: error instanceof Error ? { name: error.name, message: error.message } : String(error),\n });\n throw error;\n } finally {\n this.creationMutex.delete(mutexKey);\n }\n }\n\n /\n Internal method to actually recreate the transport (called with mutex protection)\n /\n private async doRecreateTransporter(\n key: TransportKey,\n sessionId: string,\n storedSession: StoredSession,\n res: ServerResponse,\n ): Promise<Transporter> {\n // Double-check in case another request completed while we were waiting\n const existing = this.lookupLocal(key);\n if (existing) return existing;\n\n this.scope.logger.info('[TransportService] Recreating transport from stored session', {\n sessionId: sessionId.slice(0, 20),\n protocol: storedSession.session.protocol,\n createdAt: storedSession.createdAt,\n });\n\n // Mark session as recreated in history\n const historyKey = this.makeHistoryKey(key.type, key.tokenHash, sessionId);\n this.sessionHistory.set(historyKey, storedSession.createdAt);\n\n const sessionStore = this.sessionStore;\n const persistenceConfig = this.persistenceConfig;\n\n // Create new transport\n const transporter = new LocalTransporter(this.scope, key, res, () => {\n key.sessionId = sessionId;\n this.evictLocal(key);\n if (this.distributed && this.bus) {\n this.bus.revoke(key).catch(() => void 0);\n }\n // Remove from Redis on dispose\n if (sessionStore) {\n sessionStore.delete(sessionId).catch(() => void 0);\n }\n });\n\n await transporter.ready();\n this.insertLocal(key, transporter);\n\n // Update session access time in Redis\n if (sessionStore) {\n const updatedSession: StoredSession = {\n ...storedSession,\n lastAccessedAt: Date.now(),\n };\n sessionStore.set(sessionId, updatedSession, persistenceConfig?.defaultTtlMs).catch((err) => {\n this.scope.logger.warn('[TransportService] Failed to update session in Redis', {\n sessionId: sessionId.slice(0, 20),\n error: err instanceof Error ? err.message : String(err),\n });\n });\n }\n\n if (this.distributed && this.bus) {\n await this.bus.advertise(key);\n }\n\n return transporter;\n }\n\n async createTransporter(\n type: TransportType,\n token: string,\n sessionId: string,\n res: ServerResponse,\n ): Promise<Transporter> {\n const key = this.keyOf(type, token, sessionId);\n\n // Check if already exists\n const existing = this.lookupLocal(key);\n if (existing) return existing;\n\n // Use mutex to prevent concurrent creation of the same transport\n // Use JSON encoding for mutex key (consistent with history key format, handles colons in sessionId)\n const mutexKey = JSON.stringify({ t: type, h: key.tokenHash, s: sessionId });\n const pendingCreation = this.creationMutex.get(mutexKey);\n if (pendingCreation) {\n // Another request is already creating this transport - wait for it\n return pendingCreation;\n }\n\n // Create the transport with mutex protection\n const creationPromise = this.doCreateTransporter(key, sessionId, res, type);\n this.creationMutex.set(mutexKey, creationPromise);\n\n try {\n return await creationPromise;\n } finally {\n this.creationMutex.delete(mutexKey);\n }\n }\n\n /\n Internal method to actually create the transport (called with mutex protection)\n /\n private async doCreateTransporter(\n key: TransportKey,\n sessionId: string,\n res: ServerResponse,\n type: TransportType,\n ): Promise<Transporter> {\n // Double-check in case another request completed while we were waiting\n const existing = this.lookupLocal(key);\n if (existing) return existing;\n\n const sessionStore = this.sessionStore;\n const persistenceConfig = this.persistenceConfig;\n\n const transporter = new LocalTransporter(this.scope, key, res, () => {\n key.sessionId = sessionId;\n this.evictLocal(key);\n if (this.distributed && this.bus) {\n this.bus.revoke(key).catch(() => void 0);\n }\n // Remove from Redis on dispose\n if (sessionStore) {\n sessionStore.delete(sessionId).catch(() => void 0);\n }\n });\n\n await transporter.ready();\n\n this.insertLocal(key, transporter);\n\n // Persist session to Redis (streamable-http only for now)\n if (sessionStore && type === 'streamable-http') {\n const storedSession: StoredSession = {\n session: {\n id: sessionId,\n authorizationId: key.tokenHash,\n protocol: 'streamable-http',\n createdAt: Date.now(),\n nodeId: getMachineId(),\n },\n authorizationId: key.tokenHash,\n createdAt: Date.now(),\n lastAccessedAt: Date.now(),\n };\n sessionStore.set(sessionId, storedSession, persistenceConfig?.defaultTtlMs).catch((err) => {\n this.scope.logger.warn('[TransportService] Failed to persist session to Redis', {\n sessionId: sessionId.slice(0, 20),\n error: err instanceof Error ? err.message : String(err),\n });\n });\n }\n\n if (this.distributed && this.bus) {\n await this.bus.advertise(key);\n }\n\n return transporter;\n }\n\n async destroyTransporter(type: TransportType, token: string, sessionId: string, reason?: string): Promise<void> {\n const key = this.keyOf(type, token, sessionId);\n\n const local = this.lookupLocal(key);\n if (local) {\n await local.destroy(reason);\n return;\n }\n\n if (this.distributed && this.bus) {\n const location = await this.bus.lookup(key);\n if (location) {\n await this.bus.destroyRemote(key, reason);\n return;\n }\n }\n\n throw new Error('Invalid session: cannot destroy non-existent transporter.');\n }\n\n /\n Get or create a shared singleton transport for anonymous stateless requests.\n * All anonymous requests share the same transport instance.\n /\n async getOrCreateAnonymousStatelessTransport(type: TransportType, res: ServerResponse): Promise<Transporter> {\n const key = this.keyOf(type, '__anonymous__', '__stateless__');\n const existing = this.lookupLocal(key);\n if (existing) return existing;\n\n // Create shared transport for all anonymous requests\n const transporter = new LocalTransporter(this.scope, key, res, () => {\n this.evictLocal(key);\n if (this.distributed && this.bus) {\n this.bus.revoke(key).catch(() => void 0);\n }\n });\n\n await transporter.ready();\n this.insertLocal(key, transporter);\n\n if (this.distributed && this.bus) {\n await this.bus.advertise(key);\n }\n\n return transporter;\n }\n\n /\n Get or create a singleton transport for authenticated stateless requests.\n * Each unique token gets its own singleton transport.\n /\n async getOrCreateAuthenticatedStatelessTransport(\n type: TransportType,\n token: string,\n res: ServerResponse,\n ): Promise<Transporter> {\n const key = this.keyOf(type, token, '__stateless__');\n const existing = this.lookupLocal(key);\n if (existing) return existing;\n\n // Create singleton transport for this token\n const transporter = new LocalTransporter(this.scope, key, res, () => {\n this.evictLocal(key);\n if (this.distributed && this.bus) {\n this.bus.revoke(key).catch(() => void 0);\n }\n });\n\n await transporter.ready();\n this.insertLocal(key, transporter);\n\n if (this.distributed && this.bus) {\n await this.bus.advertise(key);\n }\n\n return transporter;\n }\n\n /\n Check if a session was ever created (even if it's been terminated/evicted).\n * Used to differentiate between \"session never initialized\" (HTTP 400) and\n * \"session expired/terminated\" (HTTP 404) per MCP Spec 2025-11-25.\n \n Note: This is synchronous and only checks local history. For async Redis check,\n * use wasSessionCreatedAsync.\n \n @param type - Transport type (e.g., 'streamable-http', 'sse')\n * @param token - The authorization token\n * @param sessionId - The session ID to check\n * @returns true if session was ever created locally, false otherwise\n /\n wasSessionCreated(type: TransportType, token: string, sessionId: string): boolean {\n const tokenHash = this.sha256(token);\n const historyKey = this.makeHistoryKey(type, tokenHash, sessionId);\n return this.sessionHistory.has(historyKey);\n }\n\n /\n Async version that also checks Redis for session existence.\n * Used when we need to check if session was ever created across server restarts.\n /\n async wasSessionCreatedAsync(type: TransportType, token: string, sessionId: string): Promise<boolean> {\n // Check local history first (fast path)\n if (this.wasSessionCreated(type, token, sessionId)) {\n return true;\n }\n\n // Check Redis if available - use getStoredSession() to verify token hash\n // (sessionStore.exists() would leak session existence to unauthorized callers)\n if (this.sessionStore && type === 'streamable-http') {\n const stored = await this.getStoredSession(type, token, sessionId);\n return stored !== undefined;\n }\n\n return false;\n }\n\n / --------------------------------- internals -------------------------------- /\n\n private sha256(value: string): string {\n return createHash('sha256').update(value, 'utf8').digest('hex');\n }\n\n /\n Create a history key from components.\n * Uses JSON encoding to handle sessionIds that contain special characters.\n /\n private makeHistoryKey(type: string, tokenHash: string, sessionId: string): string {\n return JSON.stringify({ t: type, h: tokenHash, s: sessionId });\n }\n\n /\n Parse a history key back into components.\n * Returns undefined if the key is malformed.\n /\n private parseHistoryKey(key: string): { type: string; tokenHash: string; sessionId: string } \| undefined {\n try {\n const parsed = JSON.parse(key);\n if (typeof parsed.t === 'string' && typeof parsed.h === 'string' && typeof parsed.s === 'string') {\n return { type: parsed.t, tokenHash: parsed.h, sessionId: parsed.s };\n }\n return undefined;\n } catch {\n return undefined;\n }\n }\n\n private keyOf(type: TransportType, token: string, sessionId: string, sessionIdSse?: string): TransportKey {\n return {\n type,\n token,\n tokenHash: this.sha256(token),\n sessionId,\n sessionIdSse,\n };\n }\n\n private ensureTypeBucket(type: TransportType): TransportTypeBucket {\n let bucket = this.byType.get(type);\n if (!bucket) {\n bucket = new Map<string, TransportTokenBucket>();\n this.byType.set(type, bucket);\n }\n return bucket;\n }\n\n private ensureTokenBucket(typeBucket: TransportTypeBucket, tokenHash: string): TransportTokenBucket {\n let bucket = typeBucket.get(tokenHash);\n if (!bucket) {\n bucket = new Map<string, Transporter>();\n typeBucket.set(tokenHash, bucket);\n }\n return bucket;\n }\n\n private lookupLocal(key: TransportKey): Transporter \| undefined {\n const typeBucket = this.byType.get(key.type);\n if (!typeBucket) return undefined;\n const tokenBucket = typeBucket.get(key.tokenHash);\n if (!tokenBucket) return undefined;\n return tokenBucket.get(key.sessionId);\n }\n\n private insertLocal(key: TransportKey, t: Transporter): void {\n const typeBucket = this.ensureTypeBucket(key.type);\n const tokenBucket = this.ensureTokenBucket(typeBucket, key.tokenHash);\n tokenBucket.set(key.sessionId, t);\n\n // Record session creation in history for HTTP 404 detection\n const historyKey = this.makeHistoryKey(key.type, key.tokenHash, key.sessionId);\n this.sessionHistory.set(historyKey, Date.now());\n\n // Evict oldest entries if cache exceeds max size\n // Only evict entries that don't have active transports (to avoid inconsistent state)\n if (this.sessionHistory.size > this.MAX_SESSION_HISTORY) {\n const entries = [...this.sessionHistory.entries()].sort((a, b) => a[1] - b[1]);\n // Try to remove oldest 10% of entries (skip those with active transports)\n const targetEvictions = Math.ceil(this.MAX_SESSION_HISTORY 0.1);\n let evicted = 0;\n\n for (const [histKey] of entries) {\n if (evicted >= targetEvictions) break;\n\n // Parse history key to check if transport still exists\n const parsed = this.parseHistoryKey(histKey);\n if (!parsed) {\n // Invalid key format - safe to evict\n this.sessionHistory.delete(histKey);\n evicted++;\n continue;\n }\n\n const { type, tokenHash, sessionId } = parsed;\n const typeBucket = this.byType.get(type as TransportType);\n const tokenBucket = typeBucket?.get(tokenHash);\n const hasActiveTransport = tokenBucket?.has(sessionId) ?? false;\n\n // Only evict if there's no active transport for this session\n if (!hasActiveTransport) {\n this.sessionHistory.delete(histKey);\n evicted++;\n }\n }\n\n // Log warning if we couldn't evict enough entries (all have active transports)\n if (evicted < targetEvictions) {\n this.scope.logger.warn('[TransportService] Session history eviction: unable to free target memory', {\n targetEvictions,\n actualEvictions: evicted,\n currentSize: this.sessionHistory.size,\n maxSize: this.MAX_SESSION_HISTORY,\n });\n }\n }\n }\n\n private evictLocal(key: TransportKey): void {\n const typeBucket = this.byType.get(key.type);\n if (!typeBucket) return;\n const tokenBucket = typeBucket.get(key.tokenHash);\n if (!tokenBucket) return;\n tokenBucket.delete(key.sessionId);\n if (tokenBucket.size === 0) typeBucket.delete(key.tokenHash);\n if (typeBucket.size === 0) this.byType.delete(key.type);\n }\n}\n"]}