@frontmcp/sdk 0.6.2 → 0.6.3

package/esm/index.mjs

@@ -512,7 +512,7 @@ var init_http_options = __esm({
 
 // libs/sdk/src/auth/session/transport-session.types.ts
 import { z as z6 } from "zod";
-var transportProtocolSchema, sseTransportStateSchema, streamableHttpTransportStateSchema, statefulHttpTransportStateSchema, statelessHttpTransportStateSchema, legacySseTransportStateSchema, transportStateSchema, transportSessionSchema, sessionJwtPayloadSchema, statelessSessionJwtPayloadSchema, encryptedBlobSchema, storedSessionSchema, redisConfigSchema, statefulStorageSchema, sessionStorageConfigSchema;
+var transportProtocolSchema, sseTransportStateSchema, streamableHttpTransportStateSchema, statefulHttpTransportStateSchema, statelessHttpTransportStateSchema, legacySseTransportStateSchema, transportStateSchema, transportSessionSchema, sessionJwtPayloadSchema, encryptedBlobSchema, storedSessionSchema, redisConfigSchema;
 var init_transport_session_types = __esm({
   "libs/sdk/src/auth/session/transport-session.types.ts"() {
     "use strict";
@@ -577,10 +577,6 @@ var init_transport_session_types = __esm({
       iat: z6.number(),
       exp: z6.number().optional()
     });
-    statelessSessionJwtPayloadSchema = sessionJwtPayloadSchema.extend({
-      state: z6.string().optional(),
-      tokens: z6.string().optional()
-    });
     encryptedBlobSchema = z6.object({
       alg: z6.literal("A256GCM"),
       kid: z6.string().optional(),
@@ -595,7 +591,9 @@ var init_transport_session_types = __esm({
       authorizationId: z6.string(),
       tokens: z6.record(z6.string(), encryptedBlobSchema).optional(),
       createdAt: z6.number(),
-      lastAccessedAt: z6.number()
+      lastAccessedAt: z6.number(),
+      initialized: z6.boolean().optional(),
+      maxLifetimeAt: z6.number().optional()
     });
     redisConfigSchema = z6.object({
       host: z6.string().min(1),
@@ -607,15 +605,6 @@ var init_transport_session_types = __esm({
       defaultTtlMs: z6.number().int().positive().optional().default(36e5)
       // 1 hour default
     });
-    statefulStorageSchema = z6.discriminatedUnion("store", [
-      z6.object({ store: z6.literal("memory") }),
-      z6.object({ store: z6.literal("redis"), config: redisConfigSchema })
-    ]);
-    sessionStorageConfigSchema = z6.union([
-      z6.object({ mode: z6.literal("stateless") }),
-      z6.object({ mode: z6.literal("stateful") }).merge(statefulStorageSchema.options[0]),
-      z6.object({ mode: z6.literal("stateful") }).merge(statefulStorageSchema.options[1])
-    ]);
   }
 });
 
@@ -15741,8 +15730,19 @@ var init_http_request_flow = __esm({
         try {
           const { request } = this.rawInput;
           this.logger.verbose(`[${this.requestId}] router: check request decision`);
-          const transport = this.scope.auth.transport;
+          const transport = this.scope.metadata.transport ?? this.scope.auth.transport;
+          this.logger.debug(`[${this.requestId}] transport config`, {
+            enableLegacySSE: transport.enableLegacySSE,
+            enableStreamableHttp: transport.enableStreamableHttp,
+            path: request.path,
+            accept: request.headers?.["accept"]
+          });
           const decision = decideIntent(request, { ...transport, tolerateMissingAccept: true });
+          this.logger.debug(`[${this.requestId}] decision result`, {
+            intent: decision.intent,
+            reasons: decision.reasons,
+            debug: decision.debug
+          });
           if (request.method.toUpperCase() === "DELETE") {
             this.logger.verbose(`[${this.requestId}] DELETE request, using decision intent: ${decision.intent}`);
             if (decision.intent === "unknown") {
@@ -16056,6 +16056,8 @@ var init_transport_remote = __esm({
       async destroy(_reason) {
         throw new Error("RemoteTransporter: destroy() not implemented.");
       }
+      markAsInitialized() {
+      }
     };
   }
 });
@@ -16235,6 +16237,79 @@ data: ${JSON.stringify(message)}
   }
 });
 
+// libs/sdk/src/transport/adapters/sse-transport.ts
+var RecreateableSSEServerTransport;
+var init_sse_transport = __esm({
+  "libs/sdk/src/transport/adapters/sse-transport.ts"() {
+    "use strict";
+    init_legacy_sse_tranporter();
+    RecreateableSSEServerTransport = class extends SSEServerTransport {
+      _isRecreatedSession = false;
+      constructor(endpoint, res, options) {
+        super(endpoint, res, options);
+        if (options?.initialEventId !== void 0 && this.isValidEventId(options.initialEventId)) {
+          this.setEventIdCounter(options.initialEventId);
+          this._isRecreatedSession = true;
+        }
+      }
+      /**
+       * Validates that an event ID is a valid non-negative integer.
+       * Protects against negative values, NaN, Infinity, and non-integer values.
+       */
+      isValidEventId(eventId) {
+        return Number.isInteger(eventId) && eventId >= 0 && eventId <= Number.MAX_SAFE_INTEGER;
+      }
+      /**
+       * Returns whether this is a recreated session.
+       */
+      get isRecreatedSession() {
+        return this._isRecreatedSession;
+      }
+      /**
+       * Returns the current event ID counter value.
+       * Alias for lastEventId for consistency with the recreation API.
+       */
+      get eventIdCounter() {
+        return this.lastEventId;
+      }
+      /**
+       * Sets the event ID counter for session recreation.
+       * Use this when recreating a session from stored state to maintain
+       * event ID continuity for SSE reconnection support.
+       *
+       * @param eventId - The event ID to restore (must be a non-negative integer)
+       */
+      setEventIdCounter(eventId) {
+        if (!this.isValidEventId(eventId)) {
+          console.warn(
+            `[RecreateableSSEServerTransport] Invalid eventId: ${eventId}. Must be a non-negative integer. Ignoring.`
+          );
+          return;
+        }
+        this._eventIdCounter = eventId;
+      }
+      /**
+       * Sets the transport to a recreated session state.
+       * Use this when recreating a transport from a stored session.
+       *
+       * @param sessionId - The session ID (for verification, should match constructor)
+       * @param lastEventId - The last event ID that was sent to the client
+       */
+      setSessionState(sessionId, lastEventId) {
+        if (this.sessionId !== sessionId) {
+          console.warn(
+            `RecreateableSSEServerTransport: session ID mismatch. Expected ${sessionId}, got ${this.sessionId}. Using constructor value.`
+          );
+        }
+        if (lastEventId !== void 0) {
+          this.setEventIdCounter(lastEventId);
+        }
+        this._isRecreatedSession = true;
+      }
+    };
+  }
+});
+
 // libs/sdk/src/transport/transport.event-store.ts
 var InMemoryEventStore;
 var init_transport_event_store = __esm({
@@ -16729,6 +16804,12 @@ var init_transport_local_adapter = __esm({
       #requestId = 1;
       ready;
       server;
+      /**
+       * Marks this transport as pre-initialized for session recreation.
+       * Override in subclasses that need to set the MCP SDK's _initialized flag.
+       */
+      markAsInitialized() {
+      }
       connectServer() {
         const { info } = this.scope.metadata;
         const hasPrompts = this.scope.prompts.hasAny();
@@ -16862,22 +16943,45 @@ var TransportSSEAdapter;
 var init_transport_sse_adapter = __esm({
   "libs/sdk/src/transport/adapters/transport.sse.adapter.ts"() {
     "use strict";
-    init_legacy_sse_tranporter();
+    init_sse_transport();
     init_transport_local_adapter();
     init_transport_error();
     TransportSSEAdapter = class extends LocalTransportAdapter {
       sessionId;
+      /**
+       * Configures common error and close handlers for SSE transports.
+       */
+      configureTransportHandlers(transport) {
+        transport.onerror = (error) => {
+          console.error("SSE error:", error instanceof Error ? error.message : "Unknown error");
+        };
+        transport.onclose = this.destroy.bind(this);
+      }
       createTransport(sessionId, res) {
         this.sessionId = sessionId;
         this.logger.info(`new transport session: ${sessionId.slice(0, 40)}`);
-        const scopePath = this.scope.fullPath;
-        const transport = new SSEServerTransport(`${scopePath}/message`, res, {
+        const transport = new RecreateableSSEServerTransport(`${this.scope.fullPath}/message`, res, {
           sessionId
         });
-        transport.onerror = (error) => {
-          console.error("SSE error:", error instanceof Error ? error.message : "Unknown error");
-        };
-        transport.onclose = this.destroy.bind(this);
+        this.configureTransportHandlers(transport);
+        return transport;
+      }
+      /**
+       * Recreates a transport with preserved session state.
+       * Use this when restoring a session from Redis or other storage.
+       *
+       * @param sessionId - The session ID to restore
+       * @param res - The new response stream for SSE
+       * @param lastEventId - The last event ID that was sent (for reconnection support)
+       */
+      createTransportFromSession(sessionId, res, lastEventId) {
+        this.sessionId = sessionId;
+        this.logger.info(`recreating transport session: ${sessionId.slice(0, 40)}, lastEventId: ${lastEventId ?? "none"}`);
+        const transport = new RecreateableSSEServerTransport(`${this.scope.fullPath}/message`, res, {
+          sessionId,
+          initialEventId: lastEventId
+        });
+        this.configureTransportHandlers(transport);
         return transport;
       }
       initialize(req, res) {
@@ -16924,8 +17028,58 @@ var init_transport_sse_adapter = __esm({
   }
 });
 
-// libs/sdk/src/transport/adapters/transport.streamable-http.adapter.ts
+// libs/sdk/src/transport/adapters/streamable-http-transport.ts
 import { StreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
+var RecreateableStreamableHTTPServerTransport;
+var init_streamable_http_transport = __esm({
+  "libs/sdk/src/transport/adapters/streamable-http-transport.ts"() {
+    "use strict";
+    RecreateableStreamableHTTPServerTransport = class extends StreamableHTTPServerTransport {
+      constructor(options = {}) {
+        super(options);
+      }
+      /**
+       * Returns whether the transport has been initialized.
+       */
+      get isInitialized() {
+        return this._webStandardTransport?._initialized ?? false;
+      }
+      /**
+       * Sets the transport to an initialized state with the given session ID.
+       * Use this when recreating a transport from a stored session.
+       *
+       * This method allows you to "restore" a session without replaying the
+       * initialization handshake. After calling this method, the transport
+       * will accept requests with the given session ID.
+       *
+       * @param sessionId - The session ID that was previously assigned to this session
+       * @throws Error if sessionId is empty or invalid
+       */
+      setInitializationState(sessionId) {
+        if (!sessionId || typeof sessionId !== "string" || sessionId.trim() === "") {
+          throw new Error("[RecreateableStreamableHTTPServerTransport] sessionId cannot be empty");
+        }
+        const webTransport = this._webStandardTransport;
+        if (!webTransport) {
+          console.warn(
+            "[RecreateableStreamableHTTPServerTransport] Internal transport not found. This may indicate an incompatible MCP SDK version."
+          );
+          return;
+        }
+        if (!("_initialized" in webTransport) || !("sessionId" in webTransport)) {
+          console.warn(
+            "[RecreateableStreamableHTTPServerTransport] Expected fields not found on internal transport. This may indicate an incompatible MCP SDK version."
+          );
+          return;
+        }
+        webTransport._initialized = true;
+        webTransport.sessionId = sessionId;
+      }
+    };
+  }
+});
+
+// libs/sdk/src/transport/adapters/transport.streamable-http.adapter.ts
 import { toJSONSchema as toJSONSchema3 } from "zod/v4";
 var resolveSessionIdGenerator, TransportStreamableHttpAdapter;
 var init_transport_streamable_http_adapter = __esm({
@@ -16933,13 +17087,14 @@ var init_transport_streamable_http_adapter = __esm({
     "use strict";
     init_transport_local_adapter();
     init_transport_error();
+    init_streamable_http_transport();
     resolveSessionIdGenerator = (transportType, sessionId) => {
       return transportType === "stateless-http" ? void 0 : () => sessionId;
     };
     TransportStreamableHttpAdapter = class extends LocalTransportAdapter {
       createTransport(sessionId, response) {
         const sessionIdGenerator = resolveSessionIdGenerator(this.key.type, sessionId);
-        return new StreamableHTTPServerTransport({
+        return new RecreateableStreamableHTTPServerTransport({
           sessionIdGenerator,
           onsessionclosed: () => {
           },
@@ -17018,6 +17173,21 @@ var init_transport_streamable_http_adapter = __esm({
           };
         });
       }
+      /**
+       * Marks this transport as pre-initialized for session recreation.
+       * This is needed when recreating a transport from Redis because the
+       * original initialize request was processed by a different transport instance.
+       *
+       * Uses the RecreateableStreamableHTTPServerTransport's public API to set
+       * initialization state, avoiding access to private properties.
+       */
+      markAsInitialized() {
+        this.transport.setInitializationState(this.key.sessionId);
+        this.logger.info("[StreamableHttpAdapter] Marked transport as pre-initialized for session recreation", {
+          sessionId: this.key.sessionId?.slice(0, 20),
+          isInitialized: this.transport.isInitialized
+        });
+      }
     };
   }
 });
@@ -17076,6 +17246,14 @@ var init_transport_local = __esm({
           res.status(500).json(rpcError("Internal error"));
         }
       }
+      /**
+       * Marks this transport as pre-initialized for session recreation.
+       * This is needed when recreating a transport from Redis because the
+       * original initialize request was processed by a different transport instance.
+       */
+      markAsInitialized() {
+        this.adapter.markAsInitialized();
+      }
       async destroy(reason) {
         try {
           await this.adapter.destroy(reason);
@@ -17213,14 +17391,27 @@ var init_handle_streamable_http_flow = __esm({
         const logger = this.scopeLogger.child("handle:streamable-http:onMessage");
         const { request, response } = this.rawInput;
         const { token, session } = this.state.required;
+        logger.info("onMessage: starting", {
+          sessionId: session.id?.slice(0, 20),
+          hasToken: !!token
+        });
         let transport = await transportService.getTransporter("streamable-http", token, session.id);
+        logger.info("onMessage: getTransporter result", { found: !!transport });
         if (!transport) {
           try {
+            logger.info("onMessage: transport not in memory, checking Redis", {
+              sessionId: session.id?.slice(0, 20)
+            });
             const storedSession = await transportService.getStoredSession("streamable-http", token, session.id);
+            logger.info("onMessage: getStoredSession result", {
+              found: !!storedSession,
+              initialized: storedSession?.initialized
+            });
             if (storedSession) {
               logger.info("Recreating transport from Redis session", {
                 sessionId: session.id?.slice(0, 20),
-                createdAt: storedSession.createdAt
+                createdAt: storedSession.createdAt,
+                initialized: storedSession.initialized
               });
               transport = await transportService.recreateTransporter(
                 "streamable-http",
@@ -17229,6 +17420,7 @@ var init_handle_streamable_http_flow = __esm({
                 storedSession,
                 response
               );
+              logger.info("onMessage: transport recreated successfully");
             }
           } catch (error) {
             logger.warn("Failed to recreate transport from stored session", {
@@ -17625,6 +17817,210 @@ var init_store_helpers = __esm({
   }
 });
 
+// libs/sdk/src/auth/session/session-crypto.ts
+import { createHmac, timingSafeEqual } from "crypto";
+function getSigningSecret(config) {
+  const secret = config?.secret || process.env["MCP_SESSION_SECRET"];
+  if (!secret) {
+    if (process.env["NODE_ENV"] === "production") {
+      throw new Error(
+        "[SessionCrypto] MCP_SESSION_SECRET is required in production for session signing. Set this environment variable to a secure random string."
+      );
+    }
+    console.warn("[SessionCrypto] MCP_SESSION_SECRET not set. Using insecure default for development only.");
+    return "insecure-dev-secret-do-not-use-in-production";
+  }
+  return secret;
+}
+function computeSignature(data, secret) {
+  return createHmac("sha256", secret).update(data, "utf8").digest("base64url");
+}
+function signSession(session, config) {
+  const secret = getSigningSecret(config);
+  const data = JSON.stringify(session);
+  const sig = computeSignature(data, secret);
+  const signed = {
+    data: session,
+    sig,
+    v: 1
+  };
+  return JSON.stringify(signed);
+}
+function verifySession(signedData, config) {
+  try {
+    const secret = getSigningSecret(config);
+    const parsed = JSON.parse(signedData);
+    if (!parsed || typeof parsed !== "object" || !("sig" in parsed)) {
+      return null;
+    }
+    const signed = parsed;
+    if (signed.v !== 1) {
+      console.warn("[SessionCrypto] Unknown signature version:", signed.v);
+      return null;
+    }
+    const data = JSON.stringify(signed.data);
+    const expectedSig = computeSignature(data, secret);
+    const sigBuffer = Buffer.from(signed.sig, "base64url");
+    const expectedBuffer = Buffer.from(expectedSig, "base64url");
+    if (sigBuffer.length !== expectedBuffer.length) {
+      console.warn("[SessionCrypto] Signature length mismatch - possible tampering");
+      return null;
+    }
+    if (!timingSafeEqual(sigBuffer, expectedBuffer)) {
+      console.warn("[SessionCrypto] HMAC verification failed - session data may be tampered");
+      return null;
+    }
+    return signed.data;
+  } catch (error) {
+    console.warn("[SessionCrypto] Failed to verify session:", error.message);
+    return null;
+  }
+}
+function isSignedSession(data) {
+  try {
+    const parsed = JSON.parse(data);
+    return parsed && typeof parsed === "object" && "sig" in parsed && "v" in parsed;
+  } catch {
+    return false;
+  }
+}
+function verifyOrParseSession(data, config) {
+  if (isSignedSession(data)) {
+    return verifySession(data, config);
+  }
+  try {
+    return JSON.parse(data);
+  } catch {
+    return null;
+  }
+}
+var init_session_crypto = __esm({
+  "libs/sdk/src/auth/session/session-crypto.ts"() {
+    "use strict";
+  }
+});
+
+// libs/sdk/src/auth/session/session-rate-limiter.ts
+var SessionRateLimiter, defaultSessionRateLimiter;
+var init_session_rate_limiter = __esm({
+  "libs/sdk/src/auth/session/session-rate-limiter.ts"() {
+    "use strict";
+    SessionRateLimiter = class {
+      windowMs;
+      maxRequests;
+      requests = /* @__PURE__ */ new Map();
+      cleanupTimer = null;
+      constructor(config = {}) {
+        this.windowMs = config.windowMs ?? 6e4;
+        this.maxRequests = config.maxRequests ?? 100;
+        const cleanupIntervalMs = config.cleanupIntervalMs ?? 6e4;
+        if (cleanupIntervalMs > 0) {
+          this.cleanupTimer = setInterval(() => this.cleanup(), cleanupIntervalMs);
+          this.cleanupTimer.unref();
+        }
+      }
+      /**
+       * Check if a request is allowed for the given key.
+       *
+       * @param key - Identifier for rate limiting (e.g., client IP, session ID prefix)
+       * @returns Rate limit result with allowed status and metadata
+       */
+      check(key) {
+        const now = Date.now();
+        const windowStart = now - this.windowMs;
+        let timestamps = this.requests.get(key);
+        if (!timestamps) {
+          timestamps = [];
+          this.requests.set(key, timestamps);
+        }
+        const validTimestamps = timestamps.filter((t) => t > windowStart);
+        const oldestInWindow = validTimestamps[0] ?? now;
+        const resetAt = oldestInWindow + this.windowMs;
+        if (validTimestamps.length >= this.maxRequests) {
+          return {
+            allowed: false,
+            remaining: 0,
+            resetAt,
+            retryAfterMs: resetAt - now
+          };
+        }
+        validTimestamps.push(now);
+        this.requests.set(key, validTimestamps);
+        return {
+          allowed: true,
+          remaining: this.maxRequests - validTimestamps.length,
+          resetAt
+        };
+      }
+      /**
+       * Check if a request would be allowed without recording it.
+       * Useful for pre-checking without consuming quota.
+       *
+       * @param key - Identifier for rate limiting
+       * @returns true if request would be allowed
+       */
+      wouldAllow(key) {
+        const now = Date.now();
+        const windowStart = now - this.windowMs;
+        const timestamps = this.requests.get(key);
+        if (!timestamps) return true;
+        const validCount = timestamps.filter((t) => t > windowStart).length;
+        return validCount < this.maxRequests;
+      }
+      /**
+       * Reset rate limit for a specific key.
+       * Useful for testing or after successful authentication.
+       *
+       * @param key - Identifier to reset
+       */
+      reset(key) {
+        this.requests.delete(key);
+      }
+      /**
+       * Clean up expired entries from all keys.
+       * Called automatically on configured interval, but can be called manually.
+       */
+      cleanup() {
+        const now = Date.now();
+        const windowStart = now - this.windowMs;
+        for (const [key, timestamps] of this.requests.entries()) {
+          const valid = timestamps.filter((t) => t > windowStart);
+          if (valid.length === 0) {
+            this.requests.delete(key);
+          } else if (valid.length < timestamps.length) {
+            this.requests.set(key, valid);
+          }
+        }
+      }
+      /**
+       * Get current statistics for monitoring.
+       */
+      getStats() {
+        let totalRequests = 0;
+        for (const timestamps of this.requests.values()) {
+          totalRequests += timestamps.length;
+        }
+        return {
+          totalKeys: this.requests.size,
+          totalRequests
+        };
+      }
+      /**
+       * Stop the automatic cleanup timer.
+       * Call this when disposing of the rate limiter.
+       */
+      dispose() {
+        if (this.cleanupTimer) {
+          clearInterval(this.cleanupTimer);
+          this.cleanupTimer = null;
+        }
+        this.requests.clear();
+      }
+    };
+    defaultSessionRateLimiter = new SessionRateLimiter();
+  }
+});
+
 // libs/sdk/src/auth/session/redis-session.store.ts
 var redis_session_store_exports = {};
 __export(redis_session_store_exports, {
@@ -17637,15 +18033,27 @@ var init_redis_session_store = __esm({
   "libs/sdk/src/auth/session/redis-session.store.ts"() {
     "use strict";
     init_transport_session_types();
+    init_session_crypto();
+    init_session_rate_limiter();
     RedisSessionStore = class {
       redis;
       keyPrefix;
       defaultTtlMs;
       logger;
       externalInstance = false;
+      // Security features
+      security;
+      rateLimiter;
       constructor(config, logger) {
         this.defaultTtlMs = ("defaultTtlMs" in config ? config.defaultTtlMs : void 0) ?? 36e5;
         this.logger = logger;
+        this.security = ("security" in config ? config.security : void 0) ?? {};
+        if (this.security.enableRateLimiting) {
+          this.rateLimiter = new SessionRateLimiter({
+            windowMs: this.security.rateLimiting?.windowMs,
+            maxRequests: this.security.rateLimiting?.maxRequests
+          });
+        }
         if ("redis" in config && config.redis) {
           this.redis = config.redis;
           this.keyPrefix = config.keyPrefix ?? "mcp:session:";
@@ -17680,8 +18088,26 @@ var init_redis_session_store = __esm({
        *
        * Note: Uses atomic GETEX to extend TTL while reading, preventing race conditions
        * where concurrent readers might resurrect expired sessions.
-       */
-      async get(sessionId) {
+       *
+       * @param sessionId - The session ID to look up
+       * @param options - Optional parameters for rate limiting
+       * @param options.clientIdentifier - Client identifier (e.g., IP address) for rate limiting.
+       *   When provided, rate limiting is applied per-client to prevent session enumeration.
+       *   If not provided, falls back to sessionId which provides DoS protection per-session.
+       */
+      async get(sessionId, options) {
+        if (this.rateLimiter) {
+          const rateLimitKey = options?.clientIdentifier || sessionId;
+          const rateLimitResult = this.rateLimiter.check(rateLimitKey);
+          if (!rateLimitResult.allowed) {
+            this.logger?.warn("[RedisSessionStore] Rate limit exceeded for session lookup", {
+              sessionId: sessionId.slice(0, 20),
+              clientIdentifier: options?.clientIdentifier ? options.clientIdentifier.slice(0, 20) : void 0,
+              retryAfterMs: rateLimitResult.retryAfterMs
+            });
+            return null;
+          }
+        }
         const key = this.key(sessionId);
         let raw;
         try {
@@ -17691,7 +18117,19 @@ var init_redis_session_store = __esm({
         }
         if (!raw) return null;
         try {
-          const parsed = JSON.parse(raw);
+          let parsed;
+          if (this.security.enableSigning) {
+            parsed = verifyOrParseSession(raw, { secret: this.security.signingSecret });
+            if (!parsed) {
+              this.logger?.warn("[RedisSessionStore] Session signature verification failed", {
+                sessionId: sessionId.slice(0, 20)
+              });
+              this.delete(sessionId).catch(() => void 0);
+              return null;
+            }
+          } else {
+            parsed = JSON.parse(raw);
+          }
           const result = storedSessionSchema.safeParse(parsed);
           if (!result.success) {
             this.logger?.warn("[RedisSessionStore] Invalid session format", {
@@ -17702,6 +18140,14 @@ var init_redis_session_store = __esm({
             return null;
           }
           const session = result.data;
+          if (session.maxLifetimeAt && session.maxLifetimeAt < Date.now()) {
+            this.logger?.info("[RedisSessionStore] Session exceeded max lifetime", {
+              sessionId: sessionId.slice(0, 20),
+              maxLifetimeAt: session.maxLifetimeAt
+            });
+            await this.delete(sessionId);
+            return null;
+          }
           if (session.session.expiresAt && session.session.expiresAt < Date.now()) {
             await this.delete(sessionId);
             return null;
@@ -17709,7 +18155,12 @@ var init_redis_session_store = __esm({
           if (session.session.expiresAt) {
             const ttlMs = Math.min(this.defaultTtlMs, session.session.expiresAt - Date.now());
             if (ttlMs > 0 && ttlMs < this.defaultTtlMs) {
-              this.redis.pexpire(key, ttlMs).catch(() => void 0);
+              this.redis.pexpire(key, ttlMs).catch((err) => {
+                this.logger?.warn("[RedisSessionStore] TTL extension failed", {
+                  sessionId: sessionId.slice(0, 20),
+                  error: err.message
+                });
+              });
             }
           }
           const updatedSession = {
@@ -17731,7 +18182,12 @@ var init_redis_session_store = __esm({
        */
       async set(sessionId, session, ttlMs) {
         const key = this.key(sessionId);
-        const value = JSON.stringify(session);
+        let value;
+        if (this.security.enableSigning) {
+          value = signSession(session, { secret: this.security.signingSecret });
+        } else {
+          value = JSON.stringify(session);
+        }
         if (ttlMs && ttlMs > 0) {
           await this.redis.set(key, value, "PX", ttlMs);
         } else if (session.session.expiresAt) {
@@ -17806,6 +18262,8 @@ var init_vercel_kv_session_store = __esm({
   "libs/sdk/src/auth/session/vercel-kv-session.store.ts"() {
     "use strict";
     init_transport_session_types();
+    init_session_crypto();
+    init_session_rate_limiter();
     VercelKvSessionStore = class {
       kv = null;
       connectPromise = null;
@@ -17813,11 +18271,21 @@ var init_vercel_kv_session_store = __esm({
       defaultTtlMs;
       logger;
       config;
+      // Security features
+      security;
+      rateLimiter;
       constructor(config, logger) {
         this.config = config;
         this.keyPrefix = config.keyPrefix ?? "mcp:session:";
         this.defaultTtlMs = config.defaultTtlMs ?? 36e5;
         this.logger = logger;
+        this.security = ("security" in config ? config.security : void 0) ?? {};
+        if (this.security.enableRateLimiting) {
+          this.rateLimiter = new SessionRateLimiter({
+            windowMs: this.security.rateLimiting?.windowMs,
+            maxRequests: this.security.rateLimiting?.maxRequests
+          });
+        }
       }
       /**
        * Connect to Vercel KV
@@ -17870,15 +18338,51 @@ var init_vercel_kv_session_store = __esm({
        *
        * Note: Vercel KV doesn't support GETEX, so we use GET + PEXPIRE separately.
        * This is slightly less atomic than Redis GETEX but sufficient for most use cases.
-       */
-      async get(sessionId) {
+       *
+       * @param sessionId - The session ID to look up
+       * @param options - Optional parameters for rate limiting
+       * @param options.clientIdentifier - Client identifier (e.g., IP address) for rate limiting.
+       *   When provided, rate limiting is applied per-client to prevent session enumeration.
+       *   If not provided, falls back to sessionId which provides DoS protection per-session.
+       */
+      async get(sessionId, options) {
+        if (this.rateLimiter) {
+          const rateLimitKey = options?.clientIdentifier || sessionId;
+          const rateLimitResult = this.rateLimiter.check(rateLimitKey);
+          if (!rateLimitResult.allowed) {
+            this.logger?.warn("[VercelKvSessionStore] Rate limit exceeded for session lookup", {
+              sessionId: sessionId.slice(0, 20),
+              clientIdentifier: options?.clientIdentifier ? options.clientIdentifier.slice(0, 20) : void 0,
+              retryAfterMs: rateLimitResult.retryAfterMs
+            });
+            return null;
+          }
+        }
         const kv = await this.ensureConnected();
         const key = this.key(sessionId);
         const raw = await kv.get(key);
         if (!raw) return null;
-        kv.pexpire(key, this.defaultTtlMs).catch(() => void 0);
+        kv.pexpire(key, this.defaultTtlMs).catch((err) => {
+          this.logger?.warn("[VercelKvSessionStore] TTL extension failed", {
+            sessionId: sessionId.slice(0, 20),
+            error: err.message
+          });
+        });
         try {
-          const parsed = typeof raw === "string" ? JSON.parse(raw) : raw;
+          let parsed;
+          const rawStr = typeof raw === "string" ? raw : JSON.stringify(raw);
+          if (this.security.enableSigning) {
+            parsed = verifyOrParseSession(rawStr, { secret: this.security.signingSecret });
+            if (!parsed) {
+              this.logger?.warn("[VercelKvSessionStore] Session signature verification failed", {
+                sessionId: sessionId.slice(0, 20)
+              });
+              this.delete(sessionId).catch(() => void 0);
+              return null;
+            }
+          } else {
+            parsed = typeof raw === "string" ? JSON.parse(raw) : raw;
+          }
           const result = storedSessionSchema.safeParse(parsed);
           if (!result.success) {
             this.logger?.warn("[VercelKvSessionStore] Invalid session format", {
@@ -17889,6 +18393,14 @@ var init_vercel_kv_session_store = __esm({
             return null;
           }
           const session = result.data;
+          if (session.maxLifetimeAt && session.maxLifetimeAt < Date.now()) {
+            this.logger?.info("[VercelKvSessionStore] Session exceeded max lifetime", {
+              sessionId: sessionId.slice(0, 20),
+              maxLifetimeAt: session.maxLifetimeAt
+            });
+            await this.delete(sessionId);
+            return null;
+          }
           if (session.session.expiresAt && session.session.expiresAt < Date.now()) {
             await this.delete(sessionId);
             return null;
@@ -17896,7 +18408,12 @@ var init_vercel_kv_session_store = __esm({
           if (session.session.expiresAt) {
             const ttlMs = Math.min(this.defaultTtlMs, session.session.expiresAt - Date.now());
             if (ttlMs > 0 && ttlMs < this.defaultTtlMs) {
-              kv.pexpire(key, ttlMs).catch(() => void 0);
+              kv.pexpire(key, ttlMs).catch((err) => {
+                this.logger?.warn("[VercelKvSessionStore] TTL bound extension failed", {
+                  sessionId: sessionId.slice(0, 20),
+                  error: err.message
+                });
+              });
             }
           }
           const updatedSession = {
@@ -17919,7 +18436,12 @@ var init_vercel_kv_session_store = __esm({
       async set(sessionId, session, ttlMs) {
         const kv = await this.ensureConnected();
         const key = this.key(sessionId);
-        const value = JSON.stringify(session);
+        let value;
+        if (this.security.enableSigning) {
+          value = signSession(session, { secret: this.security.signingSecret });
+        } else {
+          value = JSON.stringify(session);
+        }
         if (ttlMs && ttlMs > 0) {
           await kv.set(key, value, { px: ttlMs });
         } else if (session.session.expiresAt) {
@@ -18204,9 +18726,12 @@ var init_transport_registry = __esm({
        * @param type - Transport type
        * @param token - Authorization token
        * @param sessionId - Session ID
+       * @param options - Optional validation options
+       * @param options.clientFingerprint - Client fingerprint for additional validation
+       * @param options.warnOnFingerprintMismatch - If true, log warning on mismatch but still return session
        * @returns Stored session data if exists and token matches, undefined otherwise
        */
-      async getStoredSession(type, token, sessionId) {
+      async getStoredSession(type, token, sessionId, options) {
         if (!this.sessionStore || type !== "streamable-http") return void 0;
         const tokenHash = this.sha256(token);
         const stored = await this.sessionStore.get(sessionId);
@@ -18219,6 +18744,18 @@ var init_transport_registry = __esm({
           });
           return void 0;
         }
+        if (options?.clientFingerprint && stored.session.clientFingerprint) {
+          if (stored.session.clientFingerprint !== options.clientFingerprint) {
+            this.scope.logger.warn("[TransportService] Client fingerprint mismatch", {
+              sessionId: sessionId.slice(0, 20),
+              storedFingerprint: stored.session.clientFingerprint.slice(0, 8),
+              requestFingerprint: options.clientFingerprint.slice(0, 8)
+            });
+            if (!options.warnOnFingerprintMismatch) {
+              return void 0;
+            }
+          }
+        }
         return stored;
       }
       /**
@@ -18281,6 +18818,9 @@ var init_transport_registry = __esm({
           }
         });
         await transporter.ready();
+        if (storedSession.initialized !== false) {
+          transporter.markAsInitialized();
+        }
         this.insertLocal(key, transporter);
         if (sessionStore) {
           const updatedSession = {
@@ -18347,7 +18887,9 @@ var init_transport_registry = __esm({
             },
             authorizationId: key.tokenHash,
             createdAt: Date.now(),
-            lastAccessedAt: Date.now()
+            lastAccessedAt: Date.now(),
+            initialized: true
+            // Mark as initialized for session recreation
           };
           sessionStore.set(sessionId, storedSession, persistenceConfig?.defaultTtlMs).catch((err) => {
             this.scope.logger.warn("[TransportService] Failed to persist session to Redis", {
@@ -19936,6 +20478,54 @@ var init_front_mcp2 = __esm({
   }
 });
 
+// libs/sdk/src/front-mcp/serverless-handler.ts
+var serverless_handler_exports = {};
+__export(serverless_handler_exports, {
+  getServerlessHandler: () => getServerlessHandler,
+  getServerlessHandlerAsync: () => getServerlessHandlerAsync,
+  setServerlessHandler: () => setServerlessHandler,
+  setServerlessHandlerError: () => setServerlessHandlerError,
+  setServerlessHandlerPromise: () => setServerlessHandlerPromise
+});
+function setServerlessHandler(handler) {
+  globalHandler = handler;
+}
+function setServerlessHandlerPromise(promise) {
+  globalHandlerPromise = promise;
+}
+function setServerlessHandlerError(error) {
+  globalHandlerError = error;
+}
+function getServerlessHandler() {
+  if (globalHandlerError) {
+    throw globalHandlerError;
+  }
+  return globalHandler;
+}
+async function getServerlessHandlerAsync() {
+  if (globalHandlerError) {
+    throw globalHandlerError;
+  }
+  if (globalHandlerPromise) {
+    return globalHandlerPromise;
+  }
+  if (!globalHandler) {
+    throw new Error(
+      "Serverless handler not initialized. Ensure @FrontMcp decorator ran and FRONTMCP_SERVERLESS=1 is set."
+    );
+  }
+  return globalHandler;
+}
+var globalHandler, globalHandlerPromise, globalHandlerError;
+var init_serverless_handler = __esm({
+  "libs/sdk/src/front-mcp/serverless-handler.ts"() {
+    "use strict";
+    globalHandler = null;
+    globalHandlerPromise = null;
+    globalHandlerError = null;
+  }
+});
+
 // libs/sdk/src/common/decorators/front-mcp.decorator.ts
 import "reflect-metadata";
 function getFrontMcpInstance() {
@@ -19947,6 +20537,15 @@ function getFrontMcpInstance() {
   }
   return _FrontMcpInstance;
 }
+function getServerlessHandlerFns() {
+  if (!_serverlessHandlerFns) {
+    _serverlessHandlerFns = (init_serverless_handler(), __toCommonJS(serverless_handler_exports));
+  }
+  if (!_serverlessHandlerFns) {
+    throw new InternalMcpError("Serverless handler functions not found", "MODULE_LOAD_FAILED");
+  }
+  return _serverlessHandlerFns;
+}
 function FrontMcp(providedMetadata) {
   return (target) => {
     const migratedMetadata = applyMigration(providedMetadata);
@@ -19987,18 +20586,8 @@ ${JSON.stringify(
     }
     const isServerless = typeof process !== "undefined" && process.env?.["FRONTMCP_SERVERLESS"] === "1";
     if (isServerless) {
-      const {
-        FrontMcpInstance: ServerlessInstance,
-        setServerlessHandler: setServerlessHandler2,
-        setServerlessHandlerPromise: setServerlessHandlerPromise2,
-        setServerlessHandlerError: setServerlessHandlerError2
-      } = __require("@frontmcp/sdk");
-      if (!ServerlessInstance) {
-        throw new InternalMcpError(
-          "@frontmcp/sdk version mismatch, make sure you have the same version for all @frontmcp/* packages",
-          "SDK_VERSION_MISMATCH"
-        );
-      }
+      const ServerlessInstance = getFrontMcpInstance();
+      const { setServerlessHandler: setServerlessHandler2, setServerlessHandlerPromise: setServerlessHandlerPromise2, setServerlessHandlerError: setServerlessHandlerError2 } = getServerlessHandlerFns();
       const handlerPromise = ServerlessInstance.createHandler(metadata);
       setServerlessHandlerPromise2(handlerPromise);
       handlerPromise.then(setServerlessHandler2).catch((err) => {
@@ -20011,7 +20600,7 @@ ${JSON.stringify(
     }
   };
 }
-var _FrontMcpInstance;
+var _FrontMcpInstance, _serverlessHandlerFns;
 var init_front_mcp_decorator = __esm({
   "libs/sdk/src/common/decorators/front-mcp.decorator.ts"() {
     "use strict";
@@ -20020,6 +20609,7 @@ var init_front_mcp_decorator = __esm({
     init_migrate();
     init_mcp_error();
     _FrontMcpInstance = null;
+    _serverlessHandlerFns = null;
   }
 });
 
@@ -22326,46 +22916,11 @@ var init_common = __esm({
 // libs/sdk/src/index.ts
 init_common();
 init_front_mcp2();
-import "reflect-metadata";
-
-// libs/sdk/src/front-mcp/serverless-handler.ts
-var globalHandler = null;
-var globalHandlerPromise = null;
-var globalHandlerError = null;
-function setServerlessHandler(handler) {
-  globalHandler = handler;
-}
-function setServerlessHandlerPromise(promise) {
-  globalHandlerPromise = promise;
-}
-function setServerlessHandlerError(error) {
-  globalHandlerError = error;
-}
-function getServerlessHandler() {
-  if (globalHandlerError) {
-    throw globalHandlerError;
-  }
-  return globalHandler;
-}
-async function getServerlessHandlerAsync() {
-  if (globalHandlerError) {
-    throw globalHandlerError;
-  }
-  if (globalHandlerPromise) {
-    return globalHandlerPromise;
-  }
-  if (!globalHandler) {
-    throw new Error(
-      "Serverless handler not initialized. Ensure @FrontMcp decorator ran and FRONTMCP_SERVERLESS=1 is set."
-    );
-  }
-  return globalHandler;
-}
-
-// libs/sdk/src/index.ts
+init_serverless_handler();
 init_common();
 init_errors();
 init_context();
+import "reflect-metadata";
 var ToolHook = FlowHooksOf("tools:call-tool");
 var ListToolsHook = FlowHooksOf("tools:list-tools");
 var HttpHook = FlowHooksOf("http:request");