@frontmcp/sdk 0.6.0 → 0.6.1

package/README.md

@@ -14,6 +14,7 @@ _Made with ❤️ for TypeScript developers_
 [![NPM - @frontmcp/sdk](https://img.shields.io/npm/v/@frontmcp/sdk.svg?v=2)](https://www.npmjs.com/package/@frontmcp/sdk)
 [![Node](https://img.shields.io/badge/node-%3E%3D22-339933?logo=node.js&logoColor=white)](https://nodejs.org)
 [![License](https://img.shields.io/github/license/agentfront/frontmcp.svg?v=1)](https://github.com/agentfront/frontmcp/blob/main/LICENSE)
+[![Snyk](https://snyk.io/test/github/agentfront/frontmcp/badge.svg)](https://snyk.io/test/github/agentfront/frontmcp)
 
 </div>
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@frontmcp/sdk",
-  "version": "0.6.0",
+  "version": "0.6.1",
   "description": "FrontMCP SDK",
   "author": "AgentFront <info@agentfront.dev>",
   "homepage": "https://docs.agentfront.dev",
@@ -40,19 +40,26 @@
   },
   "peerDependencies": {
     "zod": "^4.0.0",
-    "express": "^4.21.0",
+    "express": "^4.18.0 || ^5.0.0",
     "cors": "^2.8.5",
     "raw-body": "^3.0.0",
-    "content-type": "^1.0.5"
+    "content-type": "^1.0.5",
+    "@vercel/kv": "^2.0.0 || ^3.0.0"
+  },
+  "peerDependenciesMeta": {
+    "@vercel/kv": {
+      "optional": true
+    }
   },
   "dependencies": {
-    "@frontmcp/ui": "0.6.0",
-    "@modelcontextprotocol/sdk": "1.24.3",
+    "@frontmcp/uipack": "0.6.1",
+    "@modelcontextprotocol/sdk": "1.25.1",
     "ioredis": "^5.8.0",
-    "jose": "^6.1.0",
+    "jose": "^6.1.3",
     "reflect-metadata": "^0.2.2"
   },
   "devDependencies": {
+    "@vercel/kv": "^3.0.0",
     "typescript": "^5.9.3"
   },
   "type": "commonjs"

package/src/auth/session/index.d.ts

@@ -1,5 +1,6 @@
 export * from './transport-session.types';
 export { TransportSessionManager, InMemorySessionStore } from './transport-session.manager';
 export { RedisSessionStore } from './redis-session.store';
+export { VercelKvSessionStore } from './vercel-kv-session.store';
 export * from './authorization.store';
 export * from './authorization-vault';

package/src/auth/session/index.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.RedisSessionStore = exports.InMemorySessionStore = exports.TransportSessionManager = void 0;
+exports.VercelKvSessionStore = exports.RedisSessionStore = exports.InMemorySessionStore = exports.TransportSessionManager = void 0;
 const tslib_1 = require("tslib");
 // Transport session architecture
 tslib_1.__exportStar(require("./transport-session.types"), exports);
@@ -9,6 +9,8 @@ Object.defineProperty(exports, "TransportSessionManager", { enumerable: true, ge
 Object.defineProperty(exports, "InMemorySessionStore", { enumerable: true, get: function () { return transport_session_manager_1.InMemorySessionStore; } });
 var redis_session_store_1 = require("./redis-session.store");
 Object.defineProperty(exports, "RedisSessionStore", { enumerable: true, get: function () { return redis_session_store_1.RedisSessionStore; } });
+var vercel_kv_session_store_1 = require("./vercel-kv-session.store");
+Object.defineProperty(exports, "VercelKvSessionStore", { enumerable: true, get: function () { return vercel_kv_session_store_1.VercelKvSessionStore; } });
 // Authorization store for OAuth flows
 tslib_1.__exportStar(require("./authorization.store"), exports);
 // Authorization vault for stateful sessions

package/src/auth/session/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/auth/session/index.ts"],"names":[],"mappings":";;;;AAAA,iCAAiC;AACjC,oEAA0C;AAC1C,yEAA4F;AAAnF,oIAAA,uBAAuB,OAAA;AAAE,iIAAA,oBAAoB,OAAA;AACtD,6DAA0D;AAAjD,wHAAA,iBAAiB,OAAA;AAE1B,sCAAsC;AACtC,gEAAsC;AAEtC,4CAA4C;AAC5C,gEAAsC","sourcesContent":["// Transport session architecture\nexport * from './transport-session.types';\nexport { TransportSessionManager, InMemorySessionStore } from './transport-session.manager';\nexport { RedisSessionStore } from './redis-session.store';\n\n// Authorization store for OAuth flows\nexport * from './authorization.store';\n\n// Authorization vault for stateful sessions\nexport * from './authorization-vault';\n"]}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/auth/session/index.ts"],"names":[],"mappings":";;;;AAAA,iCAAiC;AACjC,oEAA0C;AAC1C,yEAA4F;AAAnF,oIAAA,uBAAuB,OAAA;AAAE,iIAAA,oBAAoB,OAAA;AACtD,6DAA0D;AAAjD,wHAAA,iBAAiB,OAAA;AAC1B,qEAAiE;AAAxD,+HAAA,oBAAoB,OAAA;AAE7B,sCAAsC;AACtC,gEAAsC;AAEtC,4CAA4C;AAC5C,gEAAsC","sourcesContent":["// Transport session architecture\nexport * from './transport-session.types';\nexport { TransportSessionManager, InMemorySessionStore } from './transport-session.manager';\nexport { RedisSessionStore } from './redis-session.store';\nexport { VercelKvSessionStore } from './vercel-kv-session.store';\n\n// Authorization store for OAuth flows\nexport * from './authorization.store';\n\n// Authorization vault for stateful sessions\nexport * from './authorization-vault';\n"]}

package/src/auth/session/vercel-kv-session.store.d.ts

@@ -0,0 +1,96 @@
+/**
+ * Vercel KV Session Store
+ *
+ * Session store implementation using Vercel KV (edge-compatible REST-based key-value store).
+ * Uses dynamic import to avoid bundling @vercel/kv for non-Vercel deployments.
+ *
+ * @see https://vercel.com/docs/storage/vercel-kv
+ */
+import { SessionStore, StoredSession } from './transport-session.types';
+import { FrontMcpLogger } from '../../common/interfaces/logger.interface';
+import type { VercelKvProviderOptions } from '../../common/types/options/redis.options';
+export interface VercelKvSessionConfig {
+    /**
+     * KV REST API URL
+     * @default process.env.KV_REST_API_URL
+     */
+    url?: string;
+    /**
+     * KV REST API Token
+     * @default process.env.KV_REST_API_TOKEN
+     */
+    token?: string;
+    /**
+     * Key prefix for session keys
+     * @default 'mcp:session:'
+     */
+    keyPrefix?: string;
+    /**
+     * Default TTL in milliseconds for session extension on access
+     * @default 3600000 (1 hour)
+     */
+    defaultTtlMs?: number;
+}
+/**
+ * Vercel KV-backed session store implementation
+ *
+ * Provides persistent session storage for edge deployments using Vercel KV.
+ * Sessions are stored as JSON with optional TTL.
+ */
+export declare class VercelKvSessionStore implements SessionStore {
+    private kv;
+    private connectPromise;
+    private readonly keyPrefix;
+    private readonly defaultTtlMs;
+    private readonly logger?;
+    private readonly config;
+    constructor(config: VercelKvSessionConfig | VercelKvProviderOptions, logger?: FrontMcpLogger);
+    /**
+     * Connect to Vercel KV
+     * Uses dynamic import to avoid bundling @vercel/kv when not used.
+     * Thread-safe: concurrent calls will share the same connection promise.
+     */
+    connect(): Promise<void>;
+    private doConnect;
+    private ensureConnected;
+    /**
+     * Get the full key for a session ID
+     * @throws Error if sessionId is empty
+     */
+    private key;
+    /**
+     * Get a stored session by ID
+     *
+     * Note: Vercel KV doesn't support GETEX, so we use GET + PEXPIRE separately.
+     * This is slightly less atomic than Redis GETEX but sufficient for most use cases.
+     */
+    get(sessionId: string): Promise<StoredSession | null>;
+    /**
+     * Store a session with optional TTL
+     */
+    set(sessionId: string, session: StoredSession, ttlMs?: number): Promise<void>;
+    /**
+     * Delete a session
+     */
+    delete(sessionId: string): Promise<void>;
+    /**
+     * Check if a session exists
+     */
+    exists(sessionId: string): Promise<boolean>;
+    /**
+     * Allocate a new session ID
+     */
+    allocId(): string;
+    /**
+     * Disconnect from Vercel KV
+     * Vercel KV uses REST API, so there's no persistent connection to close
+     */
+    disconnect(): Promise<void>;
+    /**
+     * Test Vercel KV connection by setting and getting a test key.
+     * Useful for validating connection on startup.
+     *
+     * @returns true if connection is healthy, false otherwise
+     */
+    ping(): Promise<boolean>;
+}

package/src/auth/session/vercel-kv-session.store.js

@@ -0,0 +1,216 @@
+"use strict";
+/**
+ * Vercel KV Session Store
+ *
+ * Session store implementation using Vercel KV (edge-compatible REST-based key-value store).
+ * Uses dynamic import to avoid bundling @vercel/kv for non-Vercel deployments.
+ *
+ * @see https://vercel.com/docs/storage/vercel-kv
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.VercelKvSessionStore = void 0;
+const crypto_1 = require("crypto");
+const transport_session_types_1 = require("./transport-session.types");
+/**
+ * Vercel KV-backed session store implementation
+ *
+ * Provides persistent session storage for edge deployments using Vercel KV.
+ * Sessions are stored as JSON with optional TTL.
+ */
+class VercelKvSessionStore {
+    kv = null;
+    connectPromise = null;
+    keyPrefix;
+    defaultTtlMs;
+    logger;
+    config;
+    constructor(config, logger) {
+        this.config = config;
+        this.keyPrefix = config.keyPrefix ?? 'mcp:session:';
+        this.defaultTtlMs = config.defaultTtlMs ?? 3600000;
+        this.logger = logger;
+    }
+    /**
+     * Connect to Vercel KV
+     * Uses dynamic import to avoid bundling @vercel/kv when not used.
+     * Thread-safe: concurrent calls will share the same connection promise.
+     */
+    async connect() {
+        if (this.kv)
+            return;
+        // Prevent concurrent connection attempts
+        if (this.connectPromise) {
+            return this.connectPromise;
+        }
+        this.connectPromise = this.doConnect();
+        try {
+            await this.connectPromise;
+        }
+        catch (error) {
+            // Reset promise on failure to allow retry
+            this.connectPromise = null;
+            throw error;
+        }
+    }
+    async doConnect() {
+        const { createClient } = await import('@vercel/kv');
+        const url = this.config.url || process.env['KV_REST_API_URL'];
+        const token = this.config.token || process.env['KV_REST_API_TOKEN'];
+        if (!url || !token) {
+            throw new Error('Vercel KV requires url and token. Set KV_REST_API_URL and KV_REST_API_TOKEN environment variables or provide them in config.');
+        }
+        // Cast to our interface to avoid type compatibility issues
+        this.kv = createClient({ url, token });
+    }
+    async ensureConnected() {
+        await this.connect();
+        if (!this.kv) {
+            throw new Error('[VercelKvSessionStore] Connection failed - client not initialized');
+        }
+        return this.kv;
+    }
+    /**
+     * Get the full key for a session ID
+     * @throws Error if sessionId is empty
+     */
+    key(sessionId) {
+        if (!sessionId || sessionId.trim() === '') {
+            throw new Error('[VercelKvSessionStore] sessionId cannot be empty');
+        }
+        return `${this.keyPrefix}${sessionId}`;
+    }
+    /**
+     * Get a stored session by ID
+     *
+     * Note: Vercel KV doesn't support GETEX, so we use GET + PEXPIRE separately.
+     * This is slightly less atomic than Redis GETEX but sufficient for most use cases.
+     */
+    async get(sessionId) {
+        const kv = await this.ensureConnected();
+        const key = this.key(sessionId);
+        // Get the session
+        const raw = await kv.get(key);
+        if (!raw)
+            return null;
+        // Extend TTL (fire-and-forget, similar to Redis GETEX behavior)
+        kv.pexpire(key, this.defaultTtlMs).catch(() => void 0);
+        try {
+            const parsed = typeof raw === 'string' ? JSON.parse(raw) : raw;
+            const result = transport_session_types_1.storedSessionSchema.safeParse(parsed);
+            if (!result.success) {
+                this.logger?.warn('[VercelKvSessionStore] Invalid session format', {
+                    sessionId: sessionId.slice(0, 20),
+                    errors: result.error.issues.slice(0, 3).map((i) => ({ path: i.path, message: i.message })),
+                });
+                // Delete invalid session data
+                this.delete(sessionId).catch(() => void 0);
+                return null;
+            }
+            const session = result.data;
+            // Check application-level expiration (separate from KV TTL)
+            if (session.session.expiresAt && session.session.expiresAt < Date.now()) {
+                // Session is logically expired - delete it
+                await this.delete(sessionId);
+                return null;
+            }
+            // Bound TTL by session.expiresAt to avoid keeping expired sessions
+            if (session.session.expiresAt) {
+                const ttlMs = Math.min(this.defaultTtlMs, session.session.expiresAt - Date.now());
+                if (ttlMs > 0 && ttlMs < this.defaultTtlMs) {
+                    // Fire-and-forget - we're only optimizing cache eviction timing
+                    kv.pexpire(key, ttlMs).catch(() => void 0);
+                }
+            }
+            // Update last accessed timestamp (in the returned object)
+            const updatedSession = {
+                ...session,
+                lastAccessedAt: Date.now(),
+            };
+            return updatedSession;
+        }
+        catch (error) {
+            this.logger?.warn('[VercelKvSessionStore] Failed to parse session', {
+                sessionId: sessionId.slice(0, 20),
+                error: error.message,
+            });
+            // Delete corrupted session payloads to prevent repeated failures
+            this.delete(sessionId).catch(() => void 0);
+            return null;
+        }
+    }
+    /**
+     * Store a session with optional TTL
+     */
+    async set(sessionId, session, ttlMs) {
+        const kv = await this.ensureConnected();
+        const key = this.key(sessionId);
+        const value = JSON.stringify(session);
+        if (ttlMs && ttlMs > 0) {
+            // Use px for millisecond precision
+            await kv.set(key, value, { px: ttlMs });
+        }
+        else if (session.session.expiresAt) {
+            // Use session's expiration if available
+            const ttl = session.session.expiresAt - Date.now();
+            if (ttl > 0) {
+                await kv.set(key, value, { px: ttl });
+            }
+            else {
+                // Already expired, but store anyway (will be cleaned up on next access)
+                await kv.set(key, value);
+            }
+        }
+        else {
+            // No TTL - session persists until explicitly deleted
+            await kv.set(key, value);
+        }
+    }
+    /**
+     * Delete a session
+     */
+    async delete(sessionId) {
+        const kv = await this.ensureConnected();
+        await kv.del(this.key(sessionId));
+    }
+    /**
+     * Check if a session exists
+     */
+    async exists(sessionId) {
+        const kv = await this.ensureConnected();
+        return (await kv.exists(this.key(sessionId))) === 1;
+    }
+    /**
+     * Allocate a new session ID
+     */
+    allocId() {
+        return (0, crypto_1.randomUUID)();
+    }
+    /**
+     * Disconnect from Vercel KV
+     * Vercel KV uses REST API, so there's no persistent connection to close
+     */
+    async disconnect() {
+        this.kv = null;
+        this.connectPromise = null;
+    }
+    /**
+     * Test Vercel KV connection by setting and getting a test key.
+     * Useful for validating connection on startup.
+     *
+     * @returns true if connection is healthy, false otherwise
+     */
+    async ping() {
+        try {
+            const kv = await this.ensureConnected();
+            const testKey = `${this.keyPrefix}__ping__`;
+            await kv.set(testKey, 'pong', { ex: 1 });
+            const result = await kv.get(testKey);
+            return result === 'pong';
+        }
+        catch {
+            return false;
+        }
+    }
+}
+exports.VercelKvSessionStore = VercelKvSessionStore;
+//# sourceMappingURL=vercel-kv-session.store.js.map

package/src/auth/session/vercel-kv-session.store.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"vercel-kv-session.store.js","sourceRoot":"","sources":["../../../../src/auth/session/vercel-kv-session.store.ts"],"names":[],"mappings":";AAAA;;;;;;;GAOG;;;AAEH,mCAAoC;AACpC,uEAA6F;AAwC7F;;;;;GAKG;AACH,MAAa,oBAAoB;IACvB,EAAE,GAA0B,IAAI,CAAC;IACjC,cAAc,GAAyB,IAAI,CAAC;IACnC,SAAS,CAAS;IAClB,YAAY,CAAS;IACrB,MAAM,CAAkB;IACxB,MAAM,CAAwB;IAE/C,YAAY,MAAuD,EAAE,MAAuB;QAC1F,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,SAAS,GAAG,MAAM,CAAC,SAAS,IAAI,cAAc,CAAC;QACpD,IAAI,CAAC,YAAY,GAAG,MAAM,CAAC,YAAY,IAAI,OAAO,CAAC;QACnD,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;IACvB,CAAC;IAED;;;;OAIG;IACH,KAAK,CAAC,OAAO;QACX,IAAI,IAAI,CAAC,EAAE;YAAE,OAAO;QAEpB,yCAAyC;QACzC,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACxB,OAAO,IAAI,CAAC,cAAc,CAAC;QAC7B,CAAC;QAED,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC,SAAS,EAAE,CAAC;QACvC,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,cAAc,CAAC;QAC5B,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,0CAA0C;YAC1C,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC;YAC3B,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,SAAS;QACrB,MAAM,EAAE,YAAY,EAAE,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,CAAC;QAEpD,MAAM,GAAG,GAAG,IAAI,CAAC,MAAM,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;QAC9D,MAAM,KAAK,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,IAAI,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,CAAC;QAEpE,IAAI,CAAC,GAAG,IAAI,CAAC,KAAK,EAAE,CAAC;YACnB,MAAM,IAAI,KAAK,CACb,8HAA8H,CAC/H,CAAC;QACJ,CAAC;QAED,2DAA2D;QAC3D,IAAI,CAAC,EAAE,GAAG,YAAY,CAAC,EAAE,GAAG,EAAE,KAAK,EAAE,CAA8B,CAAC;IACtE,CAAC;IAEO,KAAK,CAAC,eAAe;QAC3B,MAAM,IAAI,CAAC,OAAO,EAAE,CAAC;QACrB,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,CAAC;YACb,MAAM,IAAI,KAAK,CAAC,mEAAmE,CAAC,CAAC;QACvF,CAAC;QACD,OAAO,IAAI,CAAC,EAAE,CAAC;IACjB,CAAC;IAED;;;OAGG;IACK,GAAG,CAAC,SAAiB;QAC3B,IAAI,CAAC,SAAS,IAAI,SAAS,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE,CAAC;YAC1C,MAAM,IAAI,KAAK,CAAC,kDAAkD,CAAC,CAAC;QACtE,CAAC;QACD,OAAO,GAAG,IAAI,CAAC,SAAS,GAAG,SAAS,EAAE,CAAC;IACzC,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,GAAG,CAAC,SAAiB;QACzB,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;QACxC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAEhC,kBAAkB;QAClB,MAAM,GAAG,GAAG,MAAM,EAAE,CAAC,GAAG,CAAS,GAAG,CAAC,CAAC;QACtC,IAAI,CAAC,GAAG;YAAE,OAAO,IAAI,CAAC;QAEtB,gEAAgE;QAChE,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC;QAEvD,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,OAAO,GAAG,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;YAC/D,MAAM,MAAM,GAAG,6CAAmB,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;YAErD,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;gBACpB,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,+CAA+C,EAAE;oBACjE,SAAS,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;oBACjC,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;iBAC3F,CAAC,CAAC;gBACH,8BAA8B;gBAC9B,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC;gBAC3C,OAAO,IAAI,CAAC;YACd,CAAC;YAED,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC;YAE5B,4DAA4D;YAC5D,IAAI,OAAO,CAAC,OAAO,CAAC,SAAS,IAAI,OAAO,CAAC,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;gBACxE,2CAA2C;gBAC3C,MAAM,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;gBAC7B,OAAO,IAAI,CAAC;YACd,CAAC;YAED,mEAAmE;YACnE,IAAI,OAAO,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;gBAC9B,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,IAAI,CAAC,YAAY,EAAE,OAAO,CAAC,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC;gBAClF,IAAI,KAAK,GAAG,CAAC,IAAI,KAAK,GAAG,IAAI,CAAC,YAAY,EAAE,CAAC;oBAC3C,gEAAgE;oBAChE,EAAE,CAAC,OAAO,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC;gBAC7C,CAAC;YACH,CAAC;YAED,0DAA0D;YAC1D,MAAM,cAAc,GAAkB;gBACpC,GAAG,OAAO;gBACV,cAAc,EAAE,IAAI,CAAC,GAAG,EAAE;aAC3B,CAAC;YAEF,OAAO,cAAc,CAAC;QACxB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,EAAE,IAAI,CAAC,gDAAgD,EAAE;gBAClE,SAAS,EAAE,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC;gBACjC,KAAK,EAAG,KAAe,CAAC,OAAO;aAChC,CAAC,CAAC;YACH,iEAAiE;YACjE,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC;YAC3C,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,GAAG,CAAC,SAAiB,EAAE,OAAsB,EAAE,KAAc;QACjE,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;QACxC,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QAChC,MAAM,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QAEtC,IAAI,KAAK,IAAI,KAAK,GAAG,CAAC,EAAE,CAAC;YACvB,mCAAmC;YACnC,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC;QAC1C,CAAC;aAAM,IAAI,OAAO,CAAC,OAAO,CAAC,SAAS,EAAE,CAAC;YACrC,wCAAwC;YACxC,MAAM,GAAG,GAAG,OAAO,CAAC,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YACnD,IAAI,GAAG,GAAG,CAAC,EAAE,CAAC;gBACZ,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE,GAAG,EAAE,CAAC,CAAC;YACxC,CAAC;iBAAM,CAAC;gBACN,wEAAwE;gBACxE,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;YAC3B,CAAC;QACH,CAAC;aAAM,CAAC;YACN,qDAAqD;YACrD,MAAM,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC;QAC3B,CAAC;IACH,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,MAAM,CAAC,SAAiB;QAC5B,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;QACxC,MAAM,EAAE,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC;IACpC,CAAC;IAED;;OAEG;IACH,KAAK,CAAC,MAAM,CAAC,SAAiB;QAC5B,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;QACxC,OAAO,CAAC,MAAM,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC;IACtD,CAAC;IAED;;OAEG;IACH,OAAO;QACL,OAAO,IAAA,mBAAU,GAAE,CAAC;IACtB,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,UAAU;QACd,IAAI,CAAC,EAAE,GAAG,IAAI,CAAC;QACf,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC;IAC7B,CAAC;IAED;;;;;OAKG;IACH,KAAK,CAAC,IAAI;QACR,IAAI,CAAC;YACH,MAAM,EAAE,GAAG,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;YACxC,MAAM,OAAO,GAAG,GAAG,IAAI,CAAC,SAAS,UAAU,CAAC;YAC5C,MAAM,EAAE,CAAC,GAAG,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC;YACzC,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC,GAAG,CAAS,OAAO,CAAC,CAAC;YAC7C,OAAO,MAAM,KAAK,MAAM,CAAC;QAC3B,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;CACF;AAvND,oDAuNC","sourcesContent":["/**\n * Vercel KV Session Store\n *\n * Session store implementation using Vercel KV (edge-compatible REST-based key-value store).\n * Uses dynamic import to avoid bundling @vercel/kv for non-Vercel deployments.\n *\n * @see https://vercel.com/docs/storage/vercel-kv\n */\n\nimport { randomUUID } from 'crypto';\nimport { SessionStore, StoredSession, storedSessionSchema } from './transport-session.types';\nimport { FrontMcpLogger } from '../../common/interfaces/logger.interface';\nimport type { VercelKvProviderOptions } from '../../common/types/options/redis.options';\n\n// Interface for the Vercel KV client (matches @vercel/kv API)\n// Using custom interface to avoid type compatibility issues with optional dependency\ninterface VercelKVClient {\n  get<T = unknown>(key: string): Promise<T | null>;\n  set(key: string, value: unknown, options?: { ex?: number; px?: number }): Promise<void>;\n  del(...keys: string[]): Promise<number>;\n  exists(...keys: string[]): Promise<number>;\n  pexpire(key: string, milliseconds: number): Promise<number>;\n}\n\nexport interface VercelKvSessionConfig {\n  /**\n   * KV REST API URL\n   * @default process.env.KV_REST_API_URL\n   */\n  url?: string;\n\n  /**\n   * KV REST API Token\n   * @default process.env.KV_REST_API_TOKEN\n   */\n  token?: string;\n\n  /**\n   * Key prefix for session keys\n   * @default 'mcp:session:'\n   */\n  keyPrefix?: string;\n\n  /**\n   * Default TTL in milliseconds for session extension on access\n   * @default 3600000 (1 hour)\n   */\n  defaultTtlMs?: number;\n}\n\n/**\n * Vercel KV-backed session store implementation\n *\n * Provides persistent session storage for edge deployments using Vercel KV.\n * Sessions are stored as JSON with optional TTL.\n */\nexport class VercelKvSessionStore implements SessionStore {\n  private kv: VercelKVClient | null = null;\n  private connectPromise: Promise<void> | null = null;\n  private readonly keyPrefix: string;\n  private readonly defaultTtlMs: number;\n  private readonly logger?: FrontMcpLogger;\n  private readonly config: VercelKvSessionConfig;\n\n  constructor(config: VercelKvSessionConfig | VercelKvProviderOptions, logger?: FrontMcpLogger) {\n    this.config = config;\n    this.keyPrefix = config.keyPrefix ?? 'mcp:session:';\n    this.defaultTtlMs = config.defaultTtlMs ?? 3600000;\n    this.logger = logger;\n  }\n\n  /**\n   * Connect to Vercel KV\n   * Uses dynamic import to avoid bundling @vercel/kv when not used.\n   * Thread-safe: concurrent calls will share the same connection promise.\n   */\n  async connect(): Promise<void> {\n    if (this.kv) return;\n\n    // Prevent concurrent connection attempts\n    if (this.connectPromise) {\n      return this.connectPromise;\n    }\n\n    this.connectPromise = this.doConnect();\n    try {\n      await this.connectPromise;\n    } catch (error) {\n      // Reset promise on failure to allow retry\n      this.connectPromise = null;\n      throw error;\n    }\n  }\n\n  private async doConnect(): Promise<void> {\n    const { createClient } = await import('@vercel/kv');\n\n    const url = this.config.url || process.env['KV_REST_API_URL'];\n    const token = this.config.token || process.env['KV_REST_API_TOKEN'];\n\n    if (!url || !token) {\n      throw new Error(\n        'Vercel KV requires url and token. Set KV_REST_API_URL and KV_REST_API_TOKEN environment variables or provide them in config.',\n      );\n    }\n\n    // Cast to our interface to avoid type compatibility issues\n    this.kv = createClient({ url, token }) as unknown as VercelKVClient;\n  }\n\n  private async ensureConnected(): Promise<VercelKVClient> {\n    await this.connect();\n    if (!this.kv) {\n      throw new Error('[VercelKvSessionStore] Connection failed - client not initialized');\n    }\n    return this.kv;\n  }\n\n  /**\n   * Get the full key for a session ID\n   * @throws Error if sessionId is empty\n   */\n  private key(sessionId: string): string {\n    if (!sessionId || sessionId.trim() === '') {\n      throw new Error('[VercelKvSessionStore] sessionId cannot be empty');\n    }\n    return `${this.keyPrefix}${sessionId}`;\n  }\n\n  /**\n   * Get a stored session by ID\n   *\n   * Note: Vercel KV doesn't support GETEX, so we use GET + PEXPIRE separately.\n   * This is slightly less atomic than Redis GETEX but sufficient for most use cases.\n   */\n  async get(sessionId: string): Promise<StoredSession | null> {\n    const kv = await this.ensureConnected();\n    const key = this.key(sessionId);\n\n    // Get the session\n    const raw = await kv.get<string>(key);\n    if (!raw) return null;\n\n    // Extend TTL (fire-and-forget, similar to Redis GETEX behavior)\n    kv.pexpire(key, this.defaultTtlMs).catch(() => void 0);\n\n    try {\n      const parsed = typeof raw === 'string' ? JSON.parse(raw) : raw;\n      const result = storedSessionSchema.safeParse(parsed);\n\n      if (!result.success) {\n        this.logger?.warn('[VercelKvSessionStore] Invalid session format', {\n          sessionId: sessionId.slice(0, 20),\n          errors: result.error.issues.slice(0, 3).map((i) => ({ path: i.path, message: i.message })),\n        });\n        // Delete invalid session data\n        this.delete(sessionId).catch(() => void 0);\n        return null;\n      }\n\n      const session = result.data;\n\n      // Check application-level expiration (separate from KV TTL)\n      if (session.session.expiresAt && session.session.expiresAt < Date.now()) {\n        // Session is logically expired - delete it\n        await this.delete(sessionId);\n        return null;\n      }\n\n      // Bound TTL by session.expiresAt to avoid keeping expired sessions\n      if (session.session.expiresAt) {\n        const ttlMs = Math.min(this.defaultTtlMs, session.session.expiresAt - Date.now());\n        if (ttlMs > 0 && ttlMs < this.defaultTtlMs) {\n          // Fire-and-forget - we're only optimizing cache eviction timing\n          kv.pexpire(key, ttlMs).catch(() => void 0);\n        }\n      }\n\n      // Update last accessed timestamp (in the returned object)\n      const updatedSession: StoredSession = {\n        ...session,\n        lastAccessedAt: Date.now(),\n      };\n\n      return updatedSession;\n    } catch (error) {\n      this.logger?.warn('[VercelKvSessionStore] Failed to parse session', {\n        sessionId: sessionId.slice(0, 20),\n        error: (error as Error).message,\n      });\n      // Delete corrupted session payloads to prevent repeated failures\n      this.delete(sessionId).catch(() => void 0);\n      return null;\n    }\n  }\n\n  /**\n   * Store a session with optional TTL\n   */\n  async set(sessionId: string, session: StoredSession, ttlMs?: number): Promise<void> {\n    const kv = await this.ensureConnected();\n    const key = this.key(sessionId);\n    const value = JSON.stringify(session);\n\n    if (ttlMs && ttlMs > 0) {\n      // Use px for millisecond precision\n      await kv.set(key, value, { px: ttlMs });\n    } else if (session.session.expiresAt) {\n      // Use session's expiration if available\n      const ttl = session.session.expiresAt - Date.now();\n      if (ttl > 0) {\n        await kv.set(key, value, { px: ttl });\n      } else {\n        // Already expired, but store anyway (will be cleaned up on next access)\n        await kv.set(key, value);\n      }\n    } else {\n      // No TTL - session persists until explicitly deleted\n      await kv.set(key, value);\n    }\n  }\n\n  /**\n   * Delete a session\n   */\n  async delete(sessionId: string): Promise<void> {\n    const kv = await this.ensureConnected();\n    await kv.del(this.key(sessionId));\n  }\n\n  /**\n   * Check if a session exists\n   */\n  async exists(sessionId: string): Promise<boolean> {\n    const kv = await this.ensureConnected();\n    return (await kv.exists(this.key(sessionId))) === 1;\n  }\n\n  /**\n   * Allocate a new session ID\n   */\n  allocId(): string {\n    return randomUUID();\n  }\n\n  /**\n   * Disconnect from Vercel KV\n   * Vercel KV uses REST API, so there's no persistent connection to close\n   */\n  async disconnect(): Promise<void> {\n    this.kv = null;\n    this.connectPromise = null;\n  }\n\n  /**\n   * Test Vercel KV connection by setting and getting a test key.\n   * Useful for validating connection on startup.\n   *\n   * @returns true if connection is healthy, false otherwise\n   */\n  async ping(): Promise<boolean> {\n    try {\n      const kv = await this.ensureConnected();\n      const testKey = `${this.keyPrefix}__ping__`;\n      await kv.set(testKey, 'pong', { ex: 1 });\n      const result = await kv.get<string>(testKey);\n      return result === 'pong';\n    } catch {\n      return false;\n    }\n  }\n}\n"]}

package/src/common/decorators/front-mcp.decorator.js

@@ -5,6 +5,7 @@ require("reflect-metadata");
 const tokens_1 = require("../tokens");
 const metadata_1 = require("../metadata");
 const migrate_1 = require("../migrate");
+const mcp_error_1 = require("../../errors/mcp.error");
 /**
  * Decorator that marks a class as a FrontMcp Server and provides metadata
  */
@@ -34,22 +35,18 @@ function FrontMcp(providedMetadata) {
         const isServerless = typeof process !== 'undefined' && process.env?.['FRONTMCP_SERVERLESS'] === '1';
         if (isServerless) {
             // Serverless mode: bootstrap, prepare (no listen), store handler globally
-            const sdk = '@frontmcp/sdk';
-            import(sdk)
-                .then(({ FrontMcpInstance, setServerlessHandler, setServerlessHandlerPromise, setServerlessHandlerError }) => {
-                if (!FrontMcpInstance) {
-                    throw new Error(`${sdk} version mismatch, make sure you have the same version for all @frontmcp/* packages`);
-                }
-                const handlerPromise = FrontMcpInstance.createHandler(metadata);
-                setServerlessHandlerPromise(handlerPromise);
-                handlerPromise.then(setServerlessHandler).catch((err) => {
-                    const e = err instanceof Error ? err : new Error(String(err));
-                    setServerlessHandlerError(e);
-                    console.error('[FrontMCP] Serverless initialization failed:', e);
-                });
-            })
-                .catch((err) => {
-                console.error('[FrontMCP] Failed to import @frontmcp/sdk for serverless init:', err);
+            // Use synchronous require for bundler compatibility (rspack/webpack)
+            // eslint-disable-next-line @typescript-eslint/no-require-imports
+            const { FrontMcpInstance: ServerlessInstance, setServerlessHandler, setServerlessHandlerPromise, setServerlessHandlerError, } = require('@frontmcp/sdk');
+            if (!ServerlessInstance) {
+                throw new mcp_error_1.InternalMcpError('@frontmcp/sdk version mismatch, make sure you have the same version for all @frontmcp/* packages', 'SDK_VERSION_MISMATCH');
+            }
+            const handlerPromise = ServerlessInstance.createHandler(metadata);
+            setServerlessHandlerPromise(handlerPromise);
+            handlerPromise.then(setServerlessHandler).catch((err) => {
+                const e = err instanceof Error ? err : new mcp_error_1.InternalMcpError(String(err), 'SERVERLESS_INIT_FAILED');
+                setServerlessHandlerError(e);
+                console.error('[FrontMCP] Serverless initialization failed:', e);
             });
         }
         else if (metadata.serve) {
@@ -57,7 +54,7 @@ function FrontMcp(providedMetadata) {
             const sdk = '@frontmcp/sdk';
             import(sdk).then(({ FrontMcpInstance }) => {
                 if (!FrontMcpInstance) {
-                    throw new Error(`${sdk} version mismatch, make sure you have the same version for all @frontmcp/* packages`);
+                    throw new mcp_error_1.InternalMcpError(`${sdk} version mismatch, make sure you have the same version for all @frontmcp/* packages`, 'SDK_VERSION_MISMATCH');
                 }
                 FrontMcpInstance.bootstrap(metadata);
             });

package/src/common/decorators/front-mcp.decorator.js.map

@@ -1 +1 @@
-{"version":3,"file":"front-mcp.decorator.js","sourceRoot":"","sources":["../../../../src/common/decorators/front-mcp.decorator.ts"],"names":[],"mappings":";;AASA,4BA2EC;AApFD,4BAA0B;AAC1B,sCAA2C;AAC3C,0CAAuE;AAEvE,wCAA4C;AAE5C;;GAEG;AACH,SAAgB,QAAQ,CAAC,gBAAkC;IACzD,OAAO,CAAC,MAAgB,EAAE,EAAE;QAC1B,oEAAoE;QACpE,MAAM,gBAAgB,GAAG,IAAA,wBAAc,EAAC,gBAAgB,CAAC,CAAC;QAC1D,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,iCAAsB,CAAC,SAAS,CAAC,gBAAgB,CAAC,CAAC;QACrF,IAAI,KAAK,EAAE,CAAC;YACV,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC;gBACxB,MAAM,IAAI,KAAK,CACb,2DAA2D,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAC1G,CAAC;YACJ,CAAC;YACD,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC,SAAS,EAAE,CAAC;gBAC7B,MAAM,IAAI,KAAK,CACb,gEAAgE,IAAI,CAAC,SAAS,CAC5E,KAAK,CAAC,MAAM,EAAE,CAAC,SAAS,EACxB,IAAI,EACJ,CAAC,CACF,EAAE,CACJ,CAAC;YACJ,CAAC;YACD,MAAM,aAAa,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,SAAS,CAAwC,CAAC;YACvF,IAAI,aAAa,EAAE,CAAC,YAAY,CAAC,EAAE,CAAC;gBAClC,MAAM,IAAI,KAAK,CACb,8EAA8E,IAAI,CAAC,SAAS,CAC1F,aAAa,CAAC,YAAY,CAAC,EAC3B,IAAI,EACJ,CAAC,CACF,EAAE,CACJ,CAAC;YACJ,CAAC;YACD,MAAM,KAAK,CAAC;QACd,CAAC;QAED,OAAO,CAAC,cAAc,CAAC,uBAAc,CAAC,IAAI,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;QAC1D,KAAK,MAAM,QAAQ,IAAI,QAAQ,EAAE,CAAC;YAChC,OAAO,CAAC,cAAc,CAAC,uBAAc,CAAC,QAAQ,CAAC,IAAI,QAAQ,EAAE,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC,CAAC;QAC3F,CAAC;QAED,mFAAmF;QACnF,MAAM,YAAY,GAAG,OAAO,OAAO,KAAK,WAAW,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC,qBAAqB,CAAC,KAAK,GAAG,CAAC;QAEpG,IAAI,YAAY,EAAE,CAAC;YACjB,0EAA0E;YAC1E,MAAM,GAAG,GAAG,eAAe,CAAC;YAC5B,MAAM,CAAC,GAAG,CAAC;iBACR,IAAI,CAAC,CAAC,EAAE,gBAAgB,EAAE,oBAAoB,EAAE,2BAA2B,EAAE,yBAAyB,EAAE,EAAE,EAAE;gBAC3G,IAAI,CAAC,gBAAgB,EAAE,CAAC;oBACtB,MAAM,IAAI,KAAK,CACb,GAAG,GAAG,qFAAqF,CAC5F,CAAC;gBACJ,CAAC;gBAED,MAAM,cAAc,GAAG,gBAAgB,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;gBAChE,2BAA2B,CAAC,cAAc,CAAC,CAAC;gBAC5C,cAAc,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,KAAK,CAAC,CAAC,GAAY,EAAE,EAAE;oBAC/D,MAAM,CAAC,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;oBAC9D,yBAAyB,CAAC,CAAC,CAAC,CAAC;oBAC7B,OAAO,CAAC,KAAK,CAAC,8CAA8C,EAAE,CAAC,CAAC,CAAC;gBACnE,CAAC,CAAC,CAAC;YACL,CAAC,CAAC;iBACD,KAAK,CAAC,CAAC,GAAY,EAAE,EAAE;gBACtB,OAAO,CAAC,KAAK,CAAC,gEAAgE,EAAE,GAAG,CAAC,CAAC;YACvF,CAAC,CAAC,CAAC;QACP,CAAC;aAAM,IAAI,QAAQ,CAAC,KAAK,EAAE,CAAC;YAC1B,0CAA0C;YAC1C,MAAM,GAAG,GAAG,eAAe,CAAC;YAC5B,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,EAAE,gBAAgB,EAAE,EAAE,EAAE;gBACxC,IAAI,CAAC,gBAAgB,EAAE,CAAC;oBACtB,MAAM,IAAI,KAAK,CAAC,GAAG,GAAG,qFAAqF,CAAC,CAAC;gBAC/G,CAAC;gBAED,gBAAgB,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;YACvC,CAAC,CAAC,CAAC;QACL,CAAC;IACH,CAAC,CAAC;AACJ,CAAC","sourcesContent":["import 'reflect-metadata';\nimport { FrontMcpTokens } from '../tokens';\nimport { FrontMcpMetadata, frontMcpMetadataSchema } from '../metadata';\nimport { FrontMcpInstance } from '../../front-mcp';\nimport { applyMigration } from '../migrate';\n\n/**\n * Decorator that marks a class as a FrontMcp Server and provides metadata\n */\nexport function FrontMcp(providedMetadata: FrontMcpMetadata): ClassDecorator {\n  return (target: Function) => {\n    // Apply migration for deprecated auth.transport and session configs\n    const migratedMetadata = applyMigration(providedMetadata);\n    const { error, data: metadata } = frontMcpMetadataSchema.safeParse(migratedMetadata);\n    if (error) {\n      if (error.format().apps) {\n        throw new Error(\n          `Invalid metadata provided to @FrontMcp { apps: [?] }: \\n${JSON.stringify(error.format().apps, null, 2)}`,\n        );\n      }\n      if (error.format().providers) {\n        throw new Error(\n          `Invalid metadata provided to @FrontMcp { providers: [?] }: \\n${JSON.stringify(\n            error.format().providers,\n            null,\n            2,\n          )}`,\n        );\n      }\n      const loggingFormat = error.format()['logging'] as Record<string, unknown> | undefined;\n      if (loggingFormat?.['transports']) {\n        throw new Error(\n          `Invalid metadata provided to @FrontMcp { logging: { transports: [?] } }: \\n${JSON.stringify(\n            loggingFormat['transports'],\n            null,\n            2,\n          )}`,\n        );\n      }\n      throw error;\n    }\n\n    Reflect.defineMetadata(FrontMcpTokens.type, true, target);\n    for (const property in metadata) {\n      Reflect.defineMetadata(FrontMcpTokens[property] ?? property, metadata[property], target);\n    }\n\n    // Safe check for serverless mode - process.env may not exist in Cloudflare Workers\n    const isServerless = typeof process !== 'undefined' && process.env?.['FRONTMCP_SERVERLESS'] === '1';\n\n    if (isServerless) {\n      // Serverless mode: bootstrap, prepare (no listen), store handler globally\n      const sdk = '@frontmcp/sdk';\n      import(sdk)\n        .then(({ FrontMcpInstance, setServerlessHandler, setServerlessHandlerPromise, setServerlessHandlerError }) => {\n          if (!FrontMcpInstance) {\n            throw new Error(\n              `${sdk} version mismatch, make sure you have the same version for all @frontmcp/* packages`,\n            );\n          }\n\n          const handlerPromise = FrontMcpInstance.createHandler(metadata);\n          setServerlessHandlerPromise(handlerPromise);\n          handlerPromise.then(setServerlessHandler).catch((err: unknown) => {\n            const e = err instanceof Error ? err : new Error(String(err));\n            setServerlessHandlerError(e);\n            console.error('[FrontMCP] Serverless initialization failed:', e);\n          });\n        })\n        .catch((err: unknown) => {\n          console.error('[FrontMCP] Failed to import @frontmcp/sdk for serverless init:', err);\n        });\n    } else if (metadata.serve) {\n      // Normal mode: bootstrap and start server\n      const sdk = '@frontmcp/sdk';\n      import(sdk).then(({ FrontMcpInstance }) => {\n        if (!FrontMcpInstance) {\n          throw new Error(`${sdk} version mismatch, make sure you have the same version for all @frontmcp/* packages`);\n        }\n\n        FrontMcpInstance.bootstrap(metadata);\n      });\n    }\n  };\n}\n"]}
+{"version":3,"file":"front-mcp.decorator.js","sourceRoot":"","sources":["../../../../src/common/decorators/front-mcp.decorator.ts"],"names":[],"mappings":";;AAUA,4BAsFC;AAhGD,4BAA0B;AAC1B,sCAA2C;AAC3C,0CAAuE;AAEvE,wCAA4C;AAC5C,sDAA0D;AAE1D;;GAEG;AACH,SAAgB,QAAQ,CAAC,gBAAkC;IACzD,OAAO,CAAC,MAAgB,EAAE,EAAE;QAC1B,oEAAoE;QACpE,MAAM,gBAAgB,GAAG,IAAA,wBAAc,EAAC,gBAAgB,CAAC,CAAC;QAC1D,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,iCAAsB,CAAC,SAAS,CAAC,gBAAgB,CAAC,CAAC;QACrF,IAAI,KAAK,EAAE,CAAC;YACV,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,CAAC;gBACxB,MAAM,IAAI,KAAK,CACb,2DAA2D,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,MAAM,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,CAC1G,CAAC;YACJ,CAAC;YACD,IAAI,KAAK,CAAC,MAAM,EAAE,CAAC,SAAS,EAAE,CAAC;gBAC7B,MAAM,IAAI,KAAK,CACb,gEAAgE,IAAI,CAAC,SAAS,CAC5E,KAAK,CAAC,MAAM,EAAE,CAAC,SAAS,EACxB,IAAI,EACJ,CAAC,CACF,EAAE,CACJ,CAAC;YACJ,CAAC;YACD,MAAM,aAAa,GAAG,KAAK,CAAC,MAAM,EAAE,CAAC,SAAS,CAAwC,CAAC;YACvF,IAAI,aAAa,EAAE,CAAC,YAAY,CAAC,EAAE,CAAC;gBAClC,MAAM,IAAI,KAAK,CACb,8EAA8E,IAAI,CAAC,SAAS,CAC1F,aAAa,CAAC,YAAY,CAAC,EAC3B,IAAI,EACJ,CAAC,CACF,EAAE,CACJ,CAAC;YACJ,CAAC;YACD,MAAM,KAAK,CAAC;QACd,CAAC;QAED,OAAO,CAAC,cAAc,CAAC,uBAAc,CAAC,IAAI,EAAE,IAAI,EAAE,MAAM,CAAC,CAAC;QAC1D,KAAK,MAAM,QAAQ,IAAI,QAAQ,EAAE,CAAC;YAChC,OAAO,CAAC,cAAc,CAAC,uBAAc,CAAC,QAAQ,CAAC,IAAI,QAAQ,EAAE,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC,CAAC;QAC3F,CAAC;QAED,mFAAmF;QACnF,MAAM,YAAY,GAAG,OAAO,OAAO,KAAK,WAAW,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC,qBAAqB,CAAC,KAAK,GAAG,CAAC;QAEpG,IAAI,YAAY,EAAE,CAAC;YACjB,0EAA0E;YAC1E,qEAAqE;YACrE,iEAAiE;YACjE,MAAM,EACJ,gBAAgB,EAAE,kBAAkB,EACpC,oBAAoB,EACpB,2BAA2B,EAC3B,yBAAyB,GAC1B,GAKG,OAAO,CAAC,eAAe,CAAC,CAAC;YAE7B,IAAI,CAAC,kBAAkB,EAAE,CAAC;gBACxB,MAAM,IAAI,4BAAgB,CACxB,kGAAkG,EAClG,sBAAsB,CACvB,CAAC;YACJ,CAAC;YAED,MAAM,cAAc,GAAG,kBAAkB,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;YAClE,2BAA2B,CAAC,cAAc,CAAC,CAAC;YAC5C,cAAc,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC,KAAK,CAAC,CAAC,GAAY,EAAE,EAAE;gBAC/D,MAAM,CAAC,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,4BAAgB,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,wBAAwB,CAAC,CAAC;gBACnG,yBAAyB,CAAC,CAAC,CAAC,CAAC;gBAC7B,OAAO,CAAC,KAAK,CAAC,8CAA8C,EAAE,CAAC,CAAC,CAAC;YACnE,CAAC,CAAC,CAAC;QACL,CAAC;aAAM,IAAI,QAAQ,CAAC,KAAK,EAAE,CAAC;YAC1B,0CAA0C;YAC1C,MAAM,GAAG,GAAG,eAAe,CAAC;YAC5B,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC,EAAE,gBAAgB,EAAE,EAAE,EAAE;gBACxC,IAAI,CAAC,gBAAgB,EAAE,CAAC;oBACtB,MAAM,IAAI,4BAAgB,CACxB,GAAG,GAAG,qFAAqF,EAC3F,sBAAsB,CACvB,CAAC;gBACJ,CAAC;gBAED,gBAAgB,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;YACvC,CAAC,CAAC,CAAC;QACL,CAAC;IACH,CAAC,CAAC;AACJ,CAAC","sourcesContent":["import 'reflect-metadata';\nimport { FrontMcpTokens } from '../tokens';\nimport { FrontMcpMetadata, frontMcpMetadataSchema } from '../metadata';\nimport { FrontMcpInstance } from '../../front-mcp';\nimport { applyMigration } from '../migrate';\nimport { InternalMcpError } from '../../errors/mcp.error';\n\n/**\n * Decorator that marks a class as a FrontMcp Server and provides metadata\n */\nexport function FrontMcp(providedMetadata: FrontMcpMetadata): ClassDecorator {\n  return (target: Function) => {\n    // Apply migration for deprecated auth.transport and session configs\n    const migratedMetadata = applyMigration(providedMetadata);\n    const { error, data: metadata } = frontMcpMetadataSchema.safeParse(migratedMetadata);\n    if (error) {\n      if (error.format().apps) {\n        throw new Error(\n          `Invalid metadata provided to @FrontMcp { apps: [?] }: \\n${JSON.stringify(error.format().apps, null, 2)}`,\n        );\n      }\n      if (error.format().providers) {\n        throw new Error(\n          `Invalid metadata provided to @FrontMcp { providers: [?] }: \\n${JSON.stringify(\n            error.format().providers,\n            null,\n            2,\n          )}`,\n        );\n      }\n      const loggingFormat = error.format()['logging'] as Record<string, unknown> | undefined;\n      if (loggingFormat?.['transports']) {\n        throw new Error(\n          `Invalid metadata provided to @FrontMcp { logging: { transports: [?] } }: \\n${JSON.stringify(\n            loggingFormat['transports'],\n            null,\n            2,\n          )}`,\n        );\n      }\n      throw error;\n    }\n\n    Reflect.defineMetadata(FrontMcpTokens.type, true, target);\n    for (const property in metadata) {\n      Reflect.defineMetadata(FrontMcpTokens[property] ?? property, metadata[property], target);\n    }\n\n    // Safe check for serverless mode - process.env may not exist in Cloudflare Workers\n    const isServerless = typeof process !== 'undefined' && process.env?.['FRONTMCP_SERVERLESS'] === '1';\n\n    if (isServerless) {\n      // Serverless mode: bootstrap, prepare (no listen), store handler globally\n      // Use synchronous require for bundler compatibility (rspack/webpack)\n      // eslint-disable-next-line @typescript-eslint/no-require-imports\n      const {\n        FrontMcpInstance: ServerlessInstance,\n        setServerlessHandler,\n        setServerlessHandlerPromise,\n        setServerlessHandlerError,\n      }: {\n        FrontMcpInstance: typeof FrontMcpInstance;\n        setServerlessHandler: (handler: unknown) => void;\n        setServerlessHandlerPromise: (promise: Promise<unknown>) => void;\n        setServerlessHandlerError: (error: Error) => void;\n      } = require('@frontmcp/sdk');\n\n      if (!ServerlessInstance) {\n        throw new InternalMcpError(\n          '@frontmcp/sdk version mismatch, make sure you have the same version for all @frontmcp/* packages',\n          'SDK_VERSION_MISMATCH',\n        );\n      }\n\n      const handlerPromise = ServerlessInstance.createHandler(metadata);\n      setServerlessHandlerPromise(handlerPromise);\n      handlerPromise.then(setServerlessHandler).catch((err: unknown) => {\n        const e = err instanceof Error ? err : new InternalMcpError(String(err), 'SERVERLESS_INIT_FAILED');\n        setServerlessHandlerError(e);\n        console.error('[FrontMCP] Serverless initialization failed:', e);\n      });\n    } else if (metadata.serve) {\n      // Normal mode: bootstrap and start server\n      const sdk = '@frontmcp/sdk';\n      import(sdk).then(({ FrontMcpInstance }) => {\n        if (!FrontMcpInstance) {\n          throw new InternalMcpError(\n            `${sdk} version mismatch, make sure you have the same version for all @frontmcp/* packages`,\n            'SDK_VERSION_MISMATCH',\n          );\n        }\n\n        FrontMcpInstance.bootstrap(metadata);\n      });\n    }\n  };\n}\n"]}