npm - @hasna/coders - Versions diffs - 0.2.2 → 0.2.4 - Mend

@hasna/coders 0.2.2 → 0.2.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/cli.mjs CHANGED Viewed

@@ -9587,7 +9587,7 @@ var init_dist = __esm({
       module.exports = { signatureAlgorithmHashFromCertificate };
     });
     require_sasl = __commonJS2((exports, module) => {
-      var crypto2 = require_utils2();
+      var crypto4 = require_utils2();
       var { signatureAlgorithmHashFromCertificate } = require_cert_signatures();
       function startSession(mechanisms, stream) {
         const candidates = ["SCRAM-SHA-256"];
@@ -9600,7 +9600,7 @@ var init_dist = __esm({
         if (mechanism === "SCRAM-SHA-256-PLUS" && typeof stream.getPeerCertificate !== "function") {
           throw new Error("SASL: Mechanism SCRAM-SHA-256-PLUS requires a certificate");
         }
-        const clientNonce = crypto2.randomBytes(18).toString("base64");
+        const clientNonce = crypto4.randomBytes(18).toString("base64");
         const gs2Header = mechanism === "SCRAM-SHA-256-PLUS" ? "p=tls-server-end-point" : stream ? "y" : "n";
         return {
           mechanism,
@@ -9636,20 +9636,20 @@ var init_dist = __esm({
           let hashName = signatureAlgorithmHashFromCertificate(peerCert);
           if (hashName === "MD5" || hashName === "SHA-1")
             hashName = "SHA-256";
-          const certHash = await crypto2.hashByName(hashName, peerCert);
+          const certHash = await crypto4.hashByName(hashName, peerCert);
           const bindingData = Buffer.concat([Buffer.from("p=tls-server-end-point,,"), Buffer.from(certHash)]);
           channelBinding = bindingData.toString("base64");
         }
         const clientFinalMessageWithoutProof = "c=" + channelBinding + ",r=" + sv.nonce;
         const authMessage = clientFirstMessageBare + "," + serverFirstMessage + "," + clientFinalMessageWithoutProof;
         const saltBytes = Buffer.from(sv.salt, "base64");
-        const saltedPassword = await crypto2.deriveKey(password, saltBytes, sv.iteration);
-        const clientKey = await crypto2.hmacSha256(saltedPassword, "Client Key");
-        const storedKey = await crypto2.sha256(clientKey);
-        const clientSignature = await crypto2.hmacSha256(storedKey, authMessage);
+        const saltedPassword = await crypto4.deriveKey(password, saltBytes, sv.iteration);
+        const clientKey = await crypto4.hmacSha256(saltedPassword, "Client Key");
+        const storedKey = await crypto4.sha256(clientKey);
+        const clientSignature = await crypto4.hmacSha256(storedKey, authMessage);
         const clientProof = xorBuffers(Buffer.from(clientKey), Buffer.from(clientSignature)).toString("base64");
-        const serverKey = await crypto2.hmacSha256(saltedPassword, "Server Key");
-        const serverSignatureBytes = await crypto2.hmacSha256(serverKey, authMessage);
+        const serverKey = await crypto4.hmacSha256(saltedPassword, "Server Key");
+        const serverSignatureBytes = await crypto4.hmacSha256(serverKey, authMessage);
         session.message = "SASLResponse";
         session.serverSignature = Buffer.from(serverSignatureBytes).toString("base64");
         session.response = clientFinalMessageWithoutProof + ",p=" + clientProof;
@@ -11651,7 +11651,7 @@ See https://www.postgresql.org/docs/current/libpq-ssl.html for libpq SSL mode de
       var Query2 = require_query();
       var defaults2 = require_defaults();
       var Connection2 = require_connection();
-      var crypto2 = require_utils2();
+      var crypto4 = require_utils2();
       var activeQueryDeprecationNotice = nodeUtils.deprecate(() => {
       }, "Client.activeQuery is deprecated and will be removed in pg@9.0");
       var queryQueueDeprecationNotice = nodeUtils.deprecate(() => {
@@ -11871,7 +11871,7 @@ See https://www.postgresql.org/docs/current/libpq-ssl.html for libpq SSL mode de
         _handleAuthMD5Password(msg) {
           this._getPassword(async () => {
             try {
-              const hashedPassword = await crypto2.postgresMd5PasswordHash(this.user, this.password, msg.salt);
+              const hashedPassword = await crypto4.postgresMd5PasswordHash(this.user, this.password, msg.salt);
               this.connection.password(hashedPassword);
             } catch (e) {
               this.emit("error", e);
@@ -44134,8 +44134,8 @@ var init_wrap_text = __esm({
     init_cli_truncate();
     cache2 = {};
     wrapText = (text, maxWidth, wrapType) => {
-      const cacheKey = text + String(maxWidth) + String(wrapType);
-      const cachedText = cache2[cacheKey];
+      const cacheKey2 = text + String(maxWidth) + String(wrapType);
+      const cachedText = cache2[cacheKey2];
       if (cachedText) {
         return cachedText;
       }
@@ -44156,7 +44156,7 @@ var init_wrap_text = __esm({
         }
         wrappedText = cliTruncate(text, maxWidth, { position });
       }
-      cache2[cacheKey] = wrappedText;
+      cache2[cacheKey2] = wrappedText;
       return wrappedText;
     };
     wrap_text_default = wrapText;
@@ -46743,7 +46743,7 @@ var require_websocket = __commonJS({
     var net = __require("net");
     var tls = __require("tls");
     var { randomBytes: randomBytes2, createHash: createHash2 } = __require("crypto");
-    var { Duplex, Readable } = __require("stream");
+    var { Duplex, Readable: Readable2 } = __require("stream");
     var { URL: URL2 } = __require("url");
     var PerMessageDeflate = require_permessage_deflate();
     var Receiver2 = require_receiver();
@@ -76380,9 +76380,9 @@ var require_to_regex_range = __commonJS({
       let shorthand = String(opts.shorthand);
       let capture = String(opts.capture);
       let wrap = String(opts.wrap);
-      let cacheKey = min + ":" + max + "=" + relax + shorthand + capture + wrap;
-      if (toRegexRange.cache.hasOwnProperty(cacheKey)) {
-        return toRegexRange.cache[cacheKey].result;
+      let cacheKey2 = min + ":" + max + "=" + relax + shorthand + capture + wrap;
+      if (toRegexRange.cache.hasOwnProperty(cacheKey2)) {
+        return toRegexRange.cache[cacheKey2].result;
       }
       let a = Math.min(min, max);
       let b = Math.max(min, max);
@@ -76420,7 +76420,7 @@ var require_to_regex_range = __commonJS({
       } else if (opts.wrap !== false && positives.length + negatives.length > 1) {
         state.result = `(?:${state.result})`;
       }
-      toRegexRange.cache[cacheKey] = state;
+      toRegexRange.cache[cacheKey2] = state;
       return state.result;
     };
     function collatePatterns(neg, pos, options2) {
@@ -88287,11 +88287,12 @@ var init_v4 = __esm({
 });
 // node_modules/@modelcontextprotocol/sdk/dist/esm/types.js
-var LATEST_PROTOCOL_VERSION, SUPPORTED_PROTOCOL_VERSIONS, RELATED_TASK_META_KEY, JSONRPC_VERSION, AssertObjectSchema, ProgressTokenSchema, CursorSchema, TaskCreationParamsSchema, TaskMetadataSchema, RelatedTaskMetadataSchema, RequestMetaSchema, BaseRequestParamsSchema, TaskAugmentedRequestParamsSchema, isTaskAugmentedRequestParams, RequestSchema, NotificationsParamsSchema, NotificationSchema, ResultSchema, RequestIdSchema, JSONRPCRequestSchema, isJSONRPCRequest, JSONRPCNotificationSchema, isJSONRPCNotification, JSONRPCResultResponseSchema, isJSONRPCResultResponse, ErrorCode, JSONRPCErrorResponseSchema, isJSONRPCErrorResponse, JSONRPCMessageSchema, JSONRPCResponseSchema, EmptyResultSchema, CancelledNotificationParamsSchema, CancelledNotificationSchema, IconSchema, IconsSchema, BaseMetadataSchema, ImplementationSchema, FormElicitationCapabilitySchema, ElicitationCapabilitySchema, ClientTasksCapabilitySchema, ServerTasksCapabilitySchema, ClientCapabilitiesSchema, InitializeRequestParamsSchema, InitializeRequestSchema, ServerCapabilitiesSchema, InitializeResultSchema, InitializedNotificationSchema, PingRequestSchema, ProgressSchema, ProgressNotificationParamsSchema, ProgressNotificationSchema, PaginatedRequestParamsSchema, PaginatedRequestSchema, PaginatedResultSchema, TaskStatusSchema2, TaskSchema, CreateTaskResultSchema, TaskStatusNotificationParamsSchema, TaskStatusNotificationSchema, GetTaskRequestSchema, GetTaskResultSchema, GetTaskPayloadRequestSchema, GetTaskPayloadResultSchema, ListTasksRequestSchema, ListTasksResultSchema, CancelTaskRequestSchema, CancelTaskResultSchema, ResourceContentsSchema, TextResourceContentsSchema, Base64Schema, BlobResourceContentsSchema, RoleSchema, AnnotationsSchema, ResourceSchema, ResourceTemplateSchema, ListResourcesRequestSchema, ListResourcesResultSchema, ListResourceTemplatesRequestSchema, ListResourceTemplatesResultSchema, ResourceRequestParamsSchema, ReadResourceRequestParamsSchema, ReadResourceRequestSchema, ReadResourceResultSchema, ResourceListChangedNotificationSchema, SubscribeRequestParamsSchema, SubscribeRequestSchema, UnsubscribeRequestParamsSchema, UnsubscribeRequestSchema, ResourceUpdatedNotificationParamsSchema, ResourceUpdatedNotificationSchema, PromptArgumentSchema, PromptSchema, ListPromptsRequestSchema, ListPromptsResultSchema, GetPromptRequestParamsSchema, GetPromptRequestSchema, TextContentSchema, ImageContentSchema, AudioContentSchema, ToolUseContentSchema, EmbeddedResourceSchema, ResourceLinkSchema, ContentBlockSchema, PromptMessageSchema, GetPromptResultSchema, PromptListChangedNotificationSchema, ToolAnnotationsSchema, ToolExecutionSchema, ToolSchema, ListToolsRequestSchema, ListToolsResultSchema, CallToolResultSchema, CompatibilityCallToolResultSchema, CallToolRequestParamsSchema, CallToolRequestSchema, ToolListChangedNotificationSchema, ListChangedOptionsBaseSchema, LoggingLevelSchema, SetLevelRequestParamsSchema, SetLevelRequestSchema, LoggingMessageNotificationParamsSchema, LoggingMessageNotificationSchema, ModelHintSchema, ModelPreferencesSchema, ToolChoiceSchema, ToolResultContentSchema, SamplingContentSchema, SamplingMessageContentBlockSchema, SamplingMessageSchema, CreateMessageRequestParamsSchema, CreateMessageRequestSchema, CreateMessageResultSchema, CreateMessageResultWithToolsSchema, BooleanSchemaSchema, StringSchemaSchema, NumberSchemaSchema, UntitledSingleSelectEnumSchemaSchema, TitledSingleSelectEnumSchemaSchema, LegacyTitledEnumSchemaSchema, SingleSelectEnumSchemaSchema, UntitledMultiSelectEnumSchemaSchema, TitledMultiSelectEnumSchemaSchema, MultiSelectEnumSchemaSchema, EnumSchemaSchema, PrimitiveSchemaDefinitionSchema, ElicitRequestFormParamsSchema, ElicitRequestURLParamsSchema, ElicitRequestParamsSchema, ElicitRequestSchema, ElicitationCompleteNotificationParamsSchema, ElicitationCompleteNotificationSchema, ElicitResultSchema, ResourceTemplateReferenceSchema, PromptReferenceSchema, CompleteRequestParamsSchema, CompleteRequestSchema, CompleteResultSchema, RootSchema, ListRootsRequestSchema, ListRootsResultSchema, RootsListChangedNotificationSchema, ClientRequestSchema, ClientNotificationSchema, ClientResultSchema, ServerRequestSchema, ServerNotificationSchema, ServerResultSchema, McpError, UrlElicitationRequiredError;
+var LATEST_PROTOCOL_VERSION, DEFAULT_NEGOTIATED_PROTOCOL_VERSION, SUPPORTED_PROTOCOL_VERSIONS, RELATED_TASK_META_KEY, JSONRPC_VERSION, AssertObjectSchema, ProgressTokenSchema, CursorSchema, TaskCreationParamsSchema, TaskMetadataSchema, RelatedTaskMetadataSchema, RequestMetaSchema, BaseRequestParamsSchema, TaskAugmentedRequestParamsSchema, isTaskAugmentedRequestParams, RequestSchema, NotificationsParamsSchema, NotificationSchema, ResultSchema, RequestIdSchema, JSONRPCRequestSchema, isJSONRPCRequest, JSONRPCNotificationSchema, isJSONRPCNotification, JSONRPCResultResponseSchema, isJSONRPCResultResponse, ErrorCode, JSONRPCErrorResponseSchema, isJSONRPCErrorResponse, JSONRPCMessageSchema, JSONRPCResponseSchema, EmptyResultSchema, CancelledNotificationParamsSchema, CancelledNotificationSchema, IconSchema, IconsSchema, BaseMetadataSchema, ImplementationSchema, FormElicitationCapabilitySchema, ElicitationCapabilitySchema, ClientTasksCapabilitySchema, ServerTasksCapabilitySchema, ClientCapabilitiesSchema, InitializeRequestParamsSchema, InitializeRequestSchema, isInitializeRequest, ServerCapabilitiesSchema, InitializeResultSchema, InitializedNotificationSchema, PingRequestSchema, ProgressSchema, ProgressNotificationParamsSchema, ProgressNotificationSchema, PaginatedRequestParamsSchema, PaginatedRequestSchema, PaginatedResultSchema, TaskStatusSchema2, TaskSchema, CreateTaskResultSchema, TaskStatusNotificationParamsSchema, TaskStatusNotificationSchema, GetTaskRequestSchema, GetTaskResultSchema, GetTaskPayloadRequestSchema, GetTaskPayloadResultSchema, ListTasksRequestSchema, ListTasksResultSchema, CancelTaskRequestSchema, CancelTaskResultSchema, ResourceContentsSchema, TextResourceContentsSchema, Base64Schema, BlobResourceContentsSchema, RoleSchema, AnnotationsSchema, ResourceSchema, ResourceTemplateSchema, ListResourcesRequestSchema, ListResourcesResultSchema, ListResourceTemplatesRequestSchema, ListResourceTemplatesResultSchema, ResourceRequestParamsSchema, ReadResourceRequestParamsSchema, ReadResourceRequestSchema, ReadResourceResultSchema, ResourceListChangedNotificationSchema, SubscribeRequestParamsSchema, SubscribeRequestSchema, UnsubscribeRequestParamsSchema, UnsubscribeRequestSchema, ResourceUpdatedNotificationParamsSchema, ResourceUpdatedNotificationSchema, PromptArgumentSchema, PromptSchema, ListPromptsRequestSchema, ListPromptsResultSchema, GetPromptRequestParamsSchema, GetPromptRequestSchema, TextContentSchema, ImageContentSchema, AudioContentSchema, ToolUseContentSchema, EmbeddedResourceSchema, ResourceLinkSchema, ContentBlockSchema, PromptMessageSchema, GetPromptResultSchema, PromptListChangedNotificationSchema, ToolAnnotationsSchema, ToolExecutionSchema, ToolSchema, ListToolsRequestSchema, ListToolsResultSchema, CallToolResultSchema, CompatibilityCallToolResultSchema, CallToolRequestParamsSchema, CallToolRequestSchema, ToolListChangedNotificationSchema, ListChangedOptionsBaseSchema, LoggingLevelSchema, SetLevelRequestParamsSchema, SetLevelRequestSchema, LoggingMessageNotificationParamsSchema, LoggingMessageNotificationSchema, ModelHintSchema, ModelPreferencesSchema, ToolChoiceSchema, ToolResultContentSchema, SamplingContentSchema, SamplingMessageContentBlockSchema, SamplingMessageSchema, CreateMessageRequestParamsSchema, CreateMessageRequestSchema, CreateMessageResultSchema, CreateMessageResultWithToolsSchema, BooleanSchemaSchema, StringSchemaSchema, NumberSchemaSchema, UntitledSingleSelectEnumSchemaSchema, TitledSingleSelectEnumSchemaSchema, LegacyTitledEnumSchemaSchema, SingleSelectEnumSchemaSchema, UntitledMultiSelectEnumSchemaSchema, TitledMultiSelectEnumSchemaSchema, MultiSelectEnumSchemaSchema, EnumSchemaSchema, PrimitiveSchemaDefinitionSchema, ElicitRequestFormParamsSchema, ElicitRequestURLParamsSchema, ElicitRequestParamsSchema, ElicitRequestSchema, ElicitationCompleteNotificationParamsSchema, ElicitationCompleteNotificationSchema, ElicitResultSchema, ResourceTemplateReferenceSchema, PromptReferenceSchema, CompleteRequestParamsSchema, CompleteRequestSchema, CompleteResultSchema, RootSchema, ListRootsRequestSchema, ListRootsResultSchema, RootsListChangedNotificationSchema, ClientRequestSchema, ClientNotificationSchema, ClientResultSchema, ServerRequestSchema, ServerNotificationSchema, ServerResultSchema, McpError, UrlElicitationRequiredError;
 var init_types3 = __esm({
   "node_modules/@modelcontextprotocol/sdk/dist/esm/types.js"() {
     init_v4();
     LATEST_PROTOCOL_VERSION = "2025-11-25";
+    DEFAULT_NEGOTIATED_PROTOCOL_VERSION = "2025-03-26";
     SUPPORTED_PROTOCOL_VERSIONS = [LATEST_PROTOCOL_VERSION, "2025-06-18", "2025-03-26", "2024-11-05", "2024-10-07"];
     RELATED_TASK_META_KEY = "io.modelcontextprotocol/related-task";
     JSONRPC_VERSION = "2.0";
@@ -88616,6 +88617,7 @@ var init_types3 = __esm({
       method: literal("initialize"),
       params: InitializeRequestParamsSchema
     });
+    isInitializeRequest = (value) => InitializeRequestSchema.safeParse(value).success;
     ServerCapabilitiesSchema = object2({
       /**
        * Experimental, non-standard capabilities that the server supports.
@@ -95258,8 +95260,8 @@ var require_core = __commonJS({
             return this;
           }
           case "object": {
-            const cacheKey = schemaKeyRef;
-            this._cache.delete(cacheKey);
+            const cacheKey2 = schemaKeyRef;
+            this._cache.delete(cacheKey2);
             let id = schemaKeyRef[this.opts.schemaId];
             if (id) {
               id = (0, resolve_1.normalizeId)(id);
@@ -99841,7 +99843,7 @@ var init_transport = __esm({
 // node_modules/pkce-challenge/dist/index.node.js
 async function getRandomValues(size) {
-  return (await crypto).getRandomValues(new Uint8Array(size));
+  return (await crypto2).getRandomValues(new Uint8Array(size));
 }
 async function random(size) {
   const mask = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._~";
@@ -99861,7 +99863,7 @@ async function generateVerifier(length) {
   return await random(length);
 }
 async function generateChallenge(code_verifier) {
-  const buffer = await (await crypto).subtle.digest("SHA-256", new TextEncoder().encode(code_verifier));
+  const buffer = await (await crypto2).subtle.digest("SHA-256", new TextEncoder().encode(code_verifier));
   return btoa(String.fromCharCode(...new Uint8Array(buffer))).replace(/\//g, "_").replace(/\+/g, "-").replace(/=/g, "");
 }
 async function pkceChallenge(length) {
@@ -99877,10 +99879,10 @@ async function pkceChallenge(length) {
     code_challenge: challenge
   };
 }
-var crypto;
+var crypto2;
 var init_index_node = __esm({
   "node_modules/pkce-challenge/dist/index.node.js"() {
-    crypto = globalThis.crypto?.webcrypto ?? // Node.js [18-16] REPL
+    crypto2 = globalThis.crypto?.webcrypto ?? // Node.js [18-16] REPL
     globalThis.crypto ?? // Node.js >18
     import("node:crypto").then((m) => m.webcrypto);
   }
@@ -104722,6 +104724,1280 @@ var init_app = __esm({
   }
 });
+// node_modules/@hono/node-server/dist/index.mjs
+import { createServer as createServerHTTP } from "http";
+import { Http2ServerRequest as Http2ServerRequest2 } from "http2";
+import { Http2ServerRequest } from "http2";
+import { Readable } from "stream";
+import crypto3 from "crypto";
+async function readWithoutBlocking(readPromise) {
+  return Promise.race([readPromise, Promise.resolve().then(() => Promise.resolve(void 0))]);
+}
+function writeFromReadableStreamDefaultReader(reader, writable, currentReadPromise) {
+  const cancel = (error2) => {
+    reader.cancel(error2).catch(() => {
+    });
+  };
+  writable.on("close", cancel);
+  writable.on("error", cancel);
+  (currentReadPromise ?? reader.read()).then(flow, handleStreamError);
+  return reader.closed.finally(() => {
+    writable.off("close", cancel);
+    writable.off("error", cancel);
+  });
+  function handleStreamError(error2) {
+    if (error2) {
+      writable.destroy(error2);
+    }
+  }
+  function onDrain() {
+    reader.read().then(flow, handleStreamError);
+  }
+  function flow({ done, value }) {
+    try {
+      if (done) {
+        writable.end();
+      } else if (!writable.write(value)) {
+        writable.once("drain", onDrain);
+      } else {
+        return reader.read().then(flow, handleStreamError);
+      }
+    } catch (e) {
+      handleStreamError(e);
+    }
+  }
+}
+function writeFromReadableStream(stream, writable) {
+  if (stream.locked) {
+    throw new TypeError("ReadableStream is locked.");
+  } else if (writable.destroyed) {
+    return;
+  }
+  return writeFromReadableStreamDefaultReader(stream.getReader(), writable);
+}
+var RequestError, toRequestError, GlobalRequest, Request, newHeadersFromIncoming, wrapBodyStream, newRequestFromIncoming, getRequestCache, requestCache, incomingKey, urlKey, headersKey, abortControllerKey, getAbortController, requestPrototype, newRequest, responseCache, getResponseCache, cacheKey, GlobalResponse, Response2, buildOutgoingHttpHeaders, X_ALREADY_SENT, outgoingEnded, handleRequestError, handleFetchError, handleResponseError, flushHeaders, responseViaCache, isPromise, responseViaResponseObject, getRequestListener;
+var init_dist7 = __esm({
+  "node_modules/@hono/node-server/dist/index.mjs"() {
+    RequestError = class extends Error {
+      constructor(message, options2) {
+        super(message, options2);
+        this.name = "RequestError";
+      }
+    };
+    toRequestError = (e) => {
+      if (e instanceof RequestError) {
+        return e;
+      }
+      return new RequestError(e.message, { cause: e });
+    };
+    GlobalRequest = global.Request;
+    Request = class extends GlobalRequest {
+      constructor(input, options2) {
+        if (typeof input === "object" && getRequestCache in input) {
+          input = input[getRequestCache]();
+        }
+        if (typeof options2?.body?.getReader !== "undefined") {
+          ;
+          options2.duplex ??= "half";
+        }
+        super(input, options2);
+      }
+    };
+    newHeadersFromIncoming = (incoming) => {
+      const headerRecord = [];
+      const rawHeaders = incoming.rawHeaders;
+      for (let i = 0; i < rawHeaders.length; i += 2) {
+        const { [i]: key, [i + 1]: value } = rawHeaders;
+        if (key.charCodeAt(0) !== /*:*/
+        58) {
+          headerRecord.push([key, value]);
+        }
+      }
+      return new Headers(headerRecord);
+    };
+    wrapBodyStream = Symbol("wrapBodyStream");
+    newRequestFromIncoming = (method, url2, headers, incoming, abortController) => {
+      const init = {
+        method,
+        headers,
+        signal: abortController.signal
+      };
+      if (method === "TRACE") {
+        init.method = "GET";
+        const req = new Request(url2, init);
+        Object.defineProperty(req, "method", {
+          get() {
+            return "TRACE";
+          }
+        });
+        return req;
+      }
+      if (!(method === "GET" || method === "HEAD")) {
+        if ("rawBody" in incoming && incoming.rawBody instanceof Buffer) {
+          init.body = new ReadableStream({
+            start(controller) {
+              controller.enqueue(incoming.rawBody);
+              controller.close();
+            }
+          });
+        } else if (incoming[wrapBodyStream]) {
+          let reader;
+          init.body = new ReadableStream({
+            async pull(controller) {
+              try {
+                reader ||= Readable.toWeb(incoming).getReader();
+                const { done, value } = await reader.read();
+                if (done) {
+                  controller.close();
+                } else {
+                  controller.enqueue(value);
+                }
+              } catch (error2) {
+                controller.error(error2);
+              }
+            }
+          });
+        } else {
+          init.body = Readable.toWeb(incoming);
+        }
+      }
+      return new Request(url2, init);
+    };
+    getRequestCache = Symbol("getRequestCache");
+    requestCache = Symbol("requestCache");
+    incomingKey = Symbol("incomingKey");
+    urlKey = Symbol("urlKey");
+    headersKey = Symbol("headersKey");
+    abortControllerKey = Symbol("abortControllerKey");
+    getAbortController = Symbol("getAbortController");
+    requestPrototype = {
+      get method() {
+        return this[incomingKey].method || "GET";
+      },
+      get url() {
+        return this[urlKey];
+      },
+      get headers() {
+        return this[headersKey] ||= newHeadersFromIncoming(this[incomingKey]);
+      },
+      [getAbortController]() {
+        this[getRequestCache]();
+        return this[abortControllerKey];
+      },
+      [getRequestCache]() {
+        this[abortControllerKey] ||= new AbortController();
+        return this[requestCache] ||= newRequestFromIncoming(
+          this.method,
+          this[urlKey],
+          this.headers,
+          this[incomingKey],
+          this[abortControllerKey]
+        );
+      }
+    };
+    [
+      "body",
+      "bodyUsed",
+      "cache",
+      "credentials",
+      "destination",
+      "integrity",
+      "mode",
+      "redirect",
+      "referrer",
+      "referrerPolicy",
+      "signal",
+      "keepalive"
+    ].forEach((k) => {
+      Object.defineProperty(requestPrototype, k, {
+        get() {
+          return this[getRequestCache]()[k];
+        }
+      });
+    });
+    ["arrayBuffer", "blob", "clone", "formData", "json", "text"].forEach((k) => {
+      Object.defineProperty(requestPrototype, k, {
+        value: function() {
+          return this[getRequestCache]()[k]();
+        }
+      });
+    });
+    Object.setPrototypeOf(requestPrototype, Request.prototype);
+    newRequest = (incoming, defaultHostname) => {
+      const req = Object.create(requestPrototype);
+      req[incomingKey] = incoming;
+      const incomingUrl = incoming.url || "";
+      if (incomingUrl[0] !== "/" && // short-circuit for performance. most requests are relative URL.
+      (incomingUrl.startsWith("http://") || incomingUrl.startsWith("https://"))) {
+        if (incoming instanceof Http2ServerRequest) {
+          throw new RequestError("Absolute URL for :path is not allowed in HTTP/2");
+        }
+        try {
+          const url22 = new URL(incomingUrl);
+          req[urlKey] = url22.href;
+        } catch (e) {
+          throw new RequestError("Invalid absolute URL", { cause: e });
+        }
+        return req;
+      }
+      const host = (incoming instanceof Http2ServerRequest ? incoming.authority : incoming.headers.host) || defaultHostname;
+      if (!host) {
+        throw new RequestError("Missing host header");
+      }
+      let scheme;
+      if (incoming instanceof Http2ServerRequest) {
+        scheme = incoming.scheme;
+        if (!(scheme === "http" || scheme === "https")) {
+          throw new RequestError("Unsupported scheme");
+        }
+      } else {
+        scheme = incoming.socket && incoming.socket.encrypted ? "https" : "http";
+      }
+      const url2 = new URL(`${scheme}://${host}${incomingUrl}`);
+      if (url2.hostname.length !== host.length && url2.hostname !== host.replace(/:\d+$/, "")) {
+        throw new RequestError("Invalid host header");
+      }
+      req[urlKey] = url2.href;
+      return req;
+    };
+    responseCache = Symbol("responseCache");
+    getResponseCache = Symbol("getResponseCache");
+    cacheKey = Symbol("cache");
+    GlobalResponse = global.Response;
+    Response2 = class _Response {
+      #body;
+      #init;
+      [getResponseCache]() {
+        delete this[cacheKey];
+        return this[responseCache] ||= new GlobalResponse(this.#body, this.#init);
+      }
+      constructor(body, init) {
+        let headers;
+        this.#body = body;
+        if (init instanceof _Response) {
+          const cachedGlobalResponse = init[responseCache];
+          if (cachedGlobalResponse) {
+            this.#init = cachedGlobalResponse;
+            this[getResponseCache]();
+            return;
+          } else {
+            this.#init = init.#init;
+            headers = new Headers(init.#init.headers);
+          }
+        } else {
+          this.#init = init;
+        }
+        if (typeof body === "string" || typeof body?.getReader !== "undefined" || body instanceof Blob || body instanceof Uint8Array) {
+          ;
+          this[cacheKey] = [init?.status || 200, body, headers || init?.headers];
+        }
+      }
+      get headers() {
+        const cache3 = this[cacheKey];
+        if (cache3) {
+          if (!(cache3[2] instanceof Headers)) {
+            cache3[2] = new Headers(
+              cache3[2] || { "content-type": "text/plain; charset=UTF-8" }
+            );
+          }
+          return cache3[2];
+        }
+        return this[getResponseCache]().headers;
+      }
+      get status() {
+        return this[cacheKey]?.[0] ?? this[getResponseCache]().status;
+      }
+      get ok() {
+        const status = this.status;
+        return status >= 200 && status < 300;
+      }
+    };
+    ["body", "bodyUsed", "redirected", "statusText", "trailers", "type", "url"].forEach((k) => {
+      Object.defineProperty(Response2.prototype, k, {
+        get() {
+          return this[getResponseCache]()[k];
+        }
+      });
+    });
+    ["arrayBuffer", "blob", "clone", "formData", "json", "text"].forEach((k) => {
+      Object.defineProperty(Response2.prototype, k, {
+        value: function() {
+          return this[getResponseCache]()[k]();
+        }
+      });
+    });
+    Object.setPrototypeOf(Response2, GlobalResponse);
+    Object.setPrototypeOf(Response2.prototype, GlobalResponse.prototype);
+    buildOutgoingHttpHeaders = (headers) => {
+      const res = {};
+      if (!(headers instanceof Headers)) {
+        headers = new Headers(headers ?? void 0);
+      }
+      const cookies = [];
+      for (const [k, v] of headers) {
+        if (k === "set-cookie") {
+          cookies.push(v);
+        } else {
+          res[k] = v;
+        }
+      }
+      if (cookies.length > 0) {
+        res["set-cookie"] = cookies;
+      }
+      res["content-type"] ??= "text/plain; charset=UTF-8";
+      return res;
+    };
+    X_ALREADY_SENT = "x-hono-already-sent";
+    if (typeof global.crypto === "undefined") {
+      global.crypto = crypto3;
+    }
+    outgoingEnded = Symbol("outgoingEnded");
+    handleRequestError = () => new Response(null, {
+      status: 400
+    });
+    handleFetchError = (e) => new Response(null, {
+      status: e instanceof Error && (e.name === "TimeoutError" || e.constructor.name === "TimeoutError") ? 504 : 500
+    });
+    handleResponseError = (e, outgoing) => {
+      const err = e instanceof Error ? e : new Error("unknown error", { cause: e });
+      if (err.code === "ERR_STREAM_PREMATURE_CLOSE") {
+        console.info("The user aborted a request.");
+      } else {
+        console.error(e);
+        if (!outgoing.headersSent) {
+          outgoing.writeHead(500, { "Content-Type": "text/plain" });
+        }
+        outgoing.end(`Error: ${err.message}`);
+        outgoing.destroy(err);
+      }
+    };
+    flushHeaders = (outgoing) => {
+      if ("flushHeaders" in outgoing && outgoing.writable) {
+        outgoing.flushHeaders();
+      }
+    };
+    responseViaCache = async (res, outgoing) => {
+      let [status, body, header] = res[cacheKey];
+      let hasContentLength = false;
+      if (!header) {
+        header = { "content-type": "text/plain; charset=UTF-8" };
+      } else if (header instanceof Headers) {
+        hasContentLength = header.has("content-length");
+        header = buildOutgoingHttpHeaders(header);
+      } else if (Array.isArray(header)) {
+        const headerObj = new Headers(header);
+        hasContentLength = headerObj.has("content-length");
+        header = buildOutgoingHttpHeaders(headerObj);
+      } else {
+        for (const key in header) {
+          if (key.length === 14 && key.toLowerCase() === "content-length") {
+            hasContentLength = true;
+            break;
+          }
+        }
+      }
+      if (!hasContentLength) {
+        if (typeof body === "string") {
+          header["Content-Length"] = Buffer.byteLength(body);
+        } else if (body instanceof Uint8Array) {
+          header["Content-Length"] = body.byteLength;
+        } else if (body instanceof Blob) {
+          header["Content-Length"] = body.size;
+        }
+      }
+      outgoing.writeHead(status, header);
+      if (typeof body === "string" || body instanceof Uint8Array) {
+        outgoing.end(body);
+      } else if (body instanceof Blob) {
+        outgoing.end(new Uint8Array(await body.arrayBuffer()));
+      } else {
+        flushHeaders(outgoing);
+        await writeFromReadableStream(body, outgoing)?.catch(
+          (e) => handleResponseError(e, outgoing)
+        );
+      }
+      ;
+      outgoing[outgoingEnded]?.();
+    };
+    isPromise = (res) => typeof res.then === "function";
+    responseViaResponseObject = async (res, outgoing, options2 = {}) => {
+      if (isPromise(res)) {
+        if (options2.errorHandler) {
+          try {
+            res = await res;
+          } catch (err) {
+            const errRes = await options2.errorHandler(err);
+            if (!errRes) {
+              return;
+            }
+            res = errRes;
+          }
+        } else {
+          res = await res.catch(handleFetchError);
+        }
+      }
+      if (cacheKey in res) {
+        return responseViaCache(res, outgoing);
+      }
+      const resHeaderRecord = buildOutgoingHttpHeaders(res.headers);
+      if (res.body) {
+        const reader = res.body.getReader();
+        const values = [];
+        let done = false;
+        let currentReadPromise = void 0;
+        if (resHeaderRecord["transfer-encoding"] !== "chunked") {
+          let maxReadCount = 2;
+          for (let i = 0; i < maxReadCount; i++) {
+            currentReadPromise ||= reader.read();
+            const chunk = await readWithoutBlocking(currentReadPromise).catch((e) => {
+              console.error(e);
+              done = true;
+            });
+            if (!chunk) {
+              if (i === 1) {
+                await new Promise((resolve8) => setTimeout(resolve8));
+                maxReadCount = 3;
+                continue;
+              }
+              break;
+            }
+            currentReadPromise = void 0;
+            if (chunk.value) {
+              values.push(chunk.value);
+            }
+            if (chunk.done) {
+              done = true;
+              break;
+            }
+          }
+          if (done && !("content-length" in resHeaderRecord)) {
+            resHeaderRecord["content-length"] = values.reduce((acc, value) => acc + value.length, 0);
+          }
+        }
+        outgoing.writeHead(res.status, resHeaderRecord);
+        values.forEach((value) => {
+          ;
+          outgoing.write(value);
+        });
+        if (done) {
+          outgoing.end();
+        } else {
+          if (values.length === 0) {
+            flushHeaders(outgoing);
+          }
+          await writeFromReadableStreamDefaultReader(reader, outgoing, currentReadPromise);
+        }
+      } else if (resHeaderRecord[X_ALREADY_SENT]) {
+      } else {
+        outgoing.writeHead(res.status, resHeaderRecord);
+        outgoing.end();
+      }
+      ;
+      outgoing[outgoingEnded]?.();
+    };
+    getRequestListener = (fetchCallback, options2 = {}) => {
+      const autoCleanupIncoming = options2.autoCleanupIncoming ?? true;
+      if (options2.overrideGlobalObjects !== false && global.Request !== Request) {
+        Object.defineProperty(global, "Request", {
+          value: Request
+        });
+        Object.defineProperty(global, "Response", {
+          value: Response2
+        });
+      }
+      return async (incoming, outgoing) => {
+        let res, req;
+        try {
+          req = newRequest(incoming, options2.hostname);
+          let incomingEnded = !autoCleanupIncoming || incoming.method === "GET" || incoming.method === "HEAD";
+          if (!incomingEnded) {
+            ;
+            incoming[wrapBodyStream] = true;
+            incoming.on("end", () => {
+              incomingEnded = true;
+            });
+            if (incoming instanceof Http2ServerRequest2) {
+              ;
+              outgoing[outgoingEnded] = () => {
+                if (!incomingEnded) {
+                  setTimeout(() => {
+                    if (!incomingEnded) {
+                      setTimeout(() => {
+                        incoming.destroy();
+                        outgoing.destroy();
+                      });
+                    }
+                  });
+                }
+              };
+            }
+          }
+          outgoing.on("close", () => {
+            const abortController = req[abortControllerKey];
+            if (abortController) {
+              if (incoming.errored) {
+                req[abortControllerKey].abort(incoming.errored.toString());
+              } else if (!outgoing.writableFinished) {
+                req[abortControllerKey].abort("Client connection prematurely closed.");
+              }
+            }
+            if (!incomingEnded) {
+              setTimeout(() => {
+                if (!incomingEnded) {
+                  setTimeout(() => {
+                    incoming.destroy();
+                  });
+                }
+              });
+            }
+          });
+          res = fetchCallback(req, { incoming, outgoing });
+          if (cacheKey in res) {
+            return responseViaCache(res, outgoing);
+          }
+        } catch (e) {
+          if (!res) {
+            if (options2.errorHandler) {
+              res = await options2.errorHandler(req ? e : toRequestError(e));
+              if (!res) {
+                return;
+              }
+            } else if (!req) {
+              res = handleRequestError();
+            } else {
+              res = handleFetchError(e);
+            }
+          } else {
+            return handleResponseError(e, outgoing);
+          }
+        }
+        try {
+          return await responseViaResponseObject(res, outgoing, options2);
+        } catch (e) {
+          return handleResponseError(e, outgoing);
+        }
+      };
+    };
+  }
+});
+// node_modules/@modelcontextprotocol/sdk/dist/esm/server/webStandardStreamableHttp.js
+var WebStandardStreamableHTTPServerTransport;
+var init_webStandardStreamableHttp = __esm({
+  "node_modules/@modelcontextprotocol/sdk/dist/esm/server/webStandardStreamableHttp.js"() {
+    init_types3();
+    WebStandardStreamableHTTPServerTransport = class {
+      constructor(options2 = {}) {
+        this._started = false;
+        this._hasHandledRequest = false;
+        this._streamMapping = /* @__PURE__ */ new Map();
+        this._requestToStreamMapping = /* @__PURE__ */ new Map();
+        this._requestResponseMap = /* @__PURE__ */ new Map();
+        this._initialized = false;
+        this._enableJsonResponse = false;
+        this._standaloneSseStreamId = "_GET_stream";
+        this.sessionIdGenerator = options2.sessionIdGenerator;
+        this._enableJsonResponse = options2.enableJsonResponse ?? false;
+        this._eventStore = options2.eventStore;
+        this._onsessioninitialized = options2.onsessioninitialized;
+        this._onsessionclosed = options2.onsessionclosed;
+        this._allowedHosts = options2.allowedHosts;
+        this._allowedOrigins = options2.allowedOrigins;
+        this._enableDnsRebindingProtection = options2.enableDnsRebindingProtection ?? false;
+        this._retryInterval = options2.retryInterval;
+      }
+      /**
+       * Starts the transport. This is required by the Transport interface but is a no-op
+       * for the Streamable HTTP transport as connections are managed per-request.
+       */
+      async start() {
+        if (this._started) {
+          throw new Error("Transport already started");
+        }
+        this._started = true;
+      }
+      /**
+       * Helper to create a JSON error response
+       */
+      createJsonErrorResponse(status, code, message, options2) {
+        const error2 = { code, message };
+        if (options2?.data !== void 0) {
+          error2.data = options2.data;
+        }
+        return new Response(JSON.stringify({
+          jsonrpc: "2.0",
+          error: error2,
+          id: null
+        }), {
+          status,
+          headers: {
+            "Content-Type": "application/json",
+            ...options2?.headers
+          }
+        });
+      }
+      /**
+       * Validates request headers for DNS rebinding protection.
+       * @returns Error response if validation fails, undefined if validation passes.
+       */
+      validateRequestHeaders(req) {
+        if (!this._enableDnsRebindingProtection) {
+          return void 0;
+        }
+        if (this._allowedHosts && this._allowedHosts.length > 0) {
+          const hostHeader = req.headers.get("host");
+          if (!hostHeader || !this._allowedHosts.includes(hostHeader)) {
+            const error2 = `Invalid Host header: ${hostHeader}`;
+            this.onerror?.(new Error(error2));
+            return this.createJsonErrorResponse(403, -32e3, error2);
+          }
+        }
+        if (this._allowedOrigins && this._allowedOrigins.length > 0) {
+          const originHeader = req.headers.get("origin");
+          if (originHeader && !this._allowedOrigins.includes(originHeader)) {
+            const error2 = `Invalid Origin header: ${originHeader}`;
+            this.onerror?.(new Error(error2));
+            return this.createJsonErrorResponse(403, -32e3, error2);
+          }
+        }
+        return void 0;
+      }
+      /**
+       * Handles an incoming HTTP request, whether GET, POST, or DELETE
+       * Returns a Response object (Web Standard)
+       */
+      async handleRequest(req, options2) {
+        if (!this.sessionIdGenerator && this._hasHandledRequest) {
+          throw new Error("Stateless transport cannot be reused across requests. Create a new transport per request.");
+        }
+        this._hasHandledRequest = true;
+        const validationError = this.validateRequestHeaders(req);
+        if (validationError) {
+          return validationError;
+        }
+        switch (req.method) {
+          case "POST":
+            return this.handlePostRequest(req, options2);
+          case "GET":
+            return this.handleGetRequest(req);
+          case "DELETE":
+            return this.handleDeleteRequest(req);
+          default:
+            return this.handleUnsupportedRequest();
+        }
+      }
+      /**
+       * Writes a priming event to establish resumption capability.
+       * Only sends if eventStore is configured (opt-in for resumability) and
+       * the client's protocol version supports empty SSE data (>= 2025-11-25).
+       */
+      async writePrimingEvent(controller, encoder, streamId, protocolVersion) {
+        if (!this._eventStore) {
+          return;
+        }
+        if (protocolVersion < "2025-11-25") {
+          return;
+        }
+        const primingEventId = await this._eventStore.storeEvent(streamId, {});
+        let primingEvent = `id: ${primingEventId}
+data:
+`;
+        if (this._retryInterval !== void 0) {
+          primingEvent = `id: ${primingEventId}
+retry: ${this._retryInterval}
+data:
+`;
+        }
+        controller.enqueue(encoder.encode(primingEvent));
+      }
+      /**
+       * Handles GET requests for SSE stream
+       */
+      async handleGetRequest(req) {
+        const acceptHeader = req.headers.get("accept");
+        if (!acceptHeader?.includes("text/event-stream")) {
+          this.onerror?.(new Error("Not Acceptable: Client must accept text/event-stream"));
+          return this.createJsonErrorResponse(406, -32e3, "Not Acceptable: Client must accept text/event-stream");
+        }
+        const sessionError = this.validateSession(req);
+        if (sessionError) {
+          return sessionError;
+        }
+        const protocolError = this.validateProtocolVersion(req);
+        if (protocolError) {
+          return protocolError;
+        }
+        if (this._eventStore) {
+          const lastEventId = req.headers.get("last-event-id");
+          if (lastEventId) {
+            return this.replayEvents(lastEventId);
+          }
+        }
+        if (this._streamMapping.get(this._standaloneSseStreamId) !== void 0) {
+          this.onerror?.(new Error("Conflict: Only one SSE stream is allowed per session"));
+          return this.createJsonErrorResponse(409, -32e3, "Conflict: Only one SSE stream is allowed per session");
+        }
+        const encoder = new TextEncoder();
+        let streamController;
+        const readable = new ReadableStream({
+          start: (controller) => {
+            streamController = controller;
+          },
+          cancel: () => {
+            this._streamMapping.delete(this._standaloneSseStreamId);
+          }
+        });
+        const headers = {
+          "Content-Type": "text/event-stream",
+          "Cache-Control": "no-cache, no-transform",
+          Connection: "keep-alive"
+        };
+        if (this.sessionId !== void 0) {
+          headers["mcp-session-id"] = this.sessionId;
+        }
+        this._streamMapping.set(this._standaloneSseStreamId, {
+          controller: streamController,
+          encoder,
+          cleanup: () => {
+            this._streamMapping.delete(this._standaloneSseStreamId);
+            try {
+              streamController.close();
+            } catch {
+            }
+          }
+        });
+        return new Response(readable, { headers });
+      }
+      /**
+       * Replays events that would have been sent after the specified event ID
+       * Only used when resumability is enabled
+       */
+      async replayEvents(lastEventId) {
+        if (!this._eventStore) {
+          this.onerror?.(new Error("Event store not configured"));
+          return this.createJsonErrorResponse(400, -32e3, "Event store not configured");
+        }
+        try {
+          let streamId;
+          if (this._eventStore.getStreamIdForEventId) {
+            streamId = await this._eventStore.getStreamIdForEventId(lastEventId);
+            if (!streamId) {
+              this.onerror?.(new Error("Invalid event ID format"));
+              return this.createJsonErrorResponse(400, -32e3, "Invalid event ID format");
+            }
+            if (this._streamMapping.get(streamId) !== void 0) {
+              this.onerror?.(new Error("Conflict: Stream already has an active connection"));
+              return this.createJsonErrorResponse(409, -32e3, "Conflict: Stream already has an active connection");
+            }
+          }
+          const headers = {
+            "Content-Type": "text/event-stream",
+            "Cache-Control": "no-cache, no-transform",
+            Connection: "keep-alive"
+          };
+          if (this.sessionId !== void 0) {
+            headers["mcp-session-id"] = this.sessionId;
+          }
+          const encoder = new TextEncoder();
+          let streamController;
+          const readable = new ReadableStream({
+            start: (controller) => {
+              streamController = controller;
+            },
+            cancel: () => {
+            }
+          });
+          const replayedStreamId = await this._eventStore.replayEventsAfter(lastEventId, {
+            send: async (eventId, message) => {
+              const success = this.writeSSEEvent(streamController, encoder, message, eventId);
+              if (!success) {
+                this.onerror?.(new Error("Failed replay events"));
+                try {
+                  streamController.close();
+                } catch {
+                }
+              }
+            }
+          });
+          this._streamMapping.set(replayedStreamId, {
+            controller: streamController,
+            encoder,
+            cleanup: () => {
+              this._streamMapping.delete(replayedStreamId);
+              try {
+                streamController.close();
+              } catch {
+              }
+            }
+          });
+          return new Response(readable, { headers });
+        } catch (error2) {
+          this.onerror?.(error2);
+          return this.createJsonErrorResponse(500, -32e3, "Error replaying events");
+        }
+      }
+      /**
+       * Writes an event to an SSE stream via controller with proper formatting
+       */
+      writeSSEEvent(controller, encoder, message, eventId) {
+        try {
+          let eventData = `event: message
+`;
+          if (eventId) {
+            eventData += `id: ${eventId}
+`;
+          }
+          eventData += `data: ${JSON.stringify(message)}
+`;
+          controller.enqueue(encoder.encode(eventData));
+          return true;
+        } catch (error2) {
+          this.onerror?.(error2);
+          return false;
+        }
+      }
+      /**
+       * Handles unsupported requests (PUT, PATCH, etc.)
+       */
+      handleUnsupportedRequest() {
+        this.onerror?.(new Error("Method not allowed."));
+        return new Response(JSON.stringify({
+          jsonrpc: "2.0",
+          error: {
+            code: -32e3,
+            message: "Method not allowed."
+          },
+          id: null
+        }), {
+          status: 405,
+          headers: {
+            Allow: "GET, POST, DELETE",
+            "Content-Type": "application/json"
+          }
+        });
+      }
+      /**
+       * Handles POST requests containing JSON-RPC messages
+       */
+      async handlePostRequest(req, options2) {
+        try {
+          const acceptHeader = req.headers.get("accept");
+          if (!acceptHeader?.includes("application/json") || !acceptHeader.includes("text/event-stream")) {
+            this.onerror?.(new Error("Not Acceptable: Client must accept both application/json and text/event-stream"));
+            return this.createJsonErrorResponse(406, -32e3, "Not Acceptable: Client must accept both application/json and text/event-stream");
+          }
+          const ct = req.headers.get("content-type");
+          if (!ct || !ct.includes("application/json")) {
+            this.onerror?.(new Error("Unsupported Media Type: Content-Type must be application/json"));
+            return this.createJsonErrorResponse(415, -32e3, "Unsupported Media Type: Content-Type must be application/json");
+          }
+          const requestInfo = {
+            headers: Object.fromEntries(req.headers.entries()),
+            url: new URL(req.url)
+          };
+          let rawMessage;
+          if (options2?.parsedBody !== void 0) {
+            rawMessage = options2.parsedBody;
+          } else {
+            try {
+              rawMessage = await req.json();
+            } catch {
+              this.onerror?.(new Error("Parse error: Invalid JSON"));
+              return this.createJsonErrorResponse(400, -32700, "Parse error: Invalid JSON");
+            }
+          }
+          let messages;
+          try {
+            if (Array.isArray(rawMessage)) {
+              messages = rawMessage.map((msg) => JSONRPCMessageSchema.parse(msg));
+            } else {
+              messages = [JSONRPCMessageSchema.parse(rawMessage)];
+            }
+          } catch {
+            this.onerror?.(new Error("Parse error: Invalid JSON-RPC message"));
+            return this.createJsonErrorResponse(400, -32700, "Parse error: Invalid JSON-RPC message");
+          }
+          const isInitializationRequest = messages.some(isInitializeRequest);
+          if (isInitializationRequest) {
+            if (this._initialized && this.sessionId !== void 0) {
+              this.onerror?.(new Error("Invalid Request: Server already initialized"));
+              return this.createJsonErrorResponse(400, -32600, "Invalid Request: Server already initialized");
+            }
+            if (messages.length > 1) {
+              this.onerror?.(new Error("Invalid Request: Only one initialization request is allowed"));
+              return this.createJsonErrorResponse(400, -32600, "Invalid Request: Only one initialization request is allowed");
+            }
+            this.sessionId = this.sessionIdGenerator?.();
+            this._initialized = true;
+            if (this.sessionId && this._onsessioninitialized) {
+              await Promise.resolve(this._onsessioninitialized(this.sessionId));
+            }
+          }
+          if (!isInitializationRequest) {
+            const sessionError = this.validateSession(req);
+            if (sessionError) {
+              return sessionError;
+            }
+            const protocolError = this.validateProtocolVersion(req);
+            if (protocolError) {
+              return protocolError;
+            }
+          }
+          const hasRequests = messages.some(isJSONRPCRequest);
+          if (!hasRequests) {
+            for (const message of messages) {
+              this.onmessage?.(message, { authInfo: options2?.authInfo, requestInfo });
+            }
+            return new Response(null, { status: 202 });
+          }
+          const streamId = crypto.randomUUID();
+          const initRequest = messages.find((m) => isInitializeRequest(m));
+          const clientProtocolVersion = initRequest ? initRequest.params.protocolVersion : req.headers.get("mcp-protocol-version") ?? DEFAULT_NEGOTIATED_PROTOCOL_VERSION;
+          if (this._enableJsonResponse) {
+            return new Promise((resolve8) => {
+              this._streamMapping.set(streamId, {
+                resolveJson: resolve8,
+                cleanup: () => {
+                  this._streamMapping.delete(streamId);
+                }
+              });
+              for (const message of messages) {
+                if (isJSONRPCRequest(message)) {
+                  this._requestToStreamMapping.set(message.id, streamId);
+                }
+              }
+              for (const message of messages) {
+                this.onmessage?.(message, { authInfo: options2?.authInfo, requestInfo });
+              }
+            });
+          }
+          const encoder = new TextEncoder();
+          let streamController;
+          const readable = new ReadableStream({
+            start: (controller) => {
+              streamController = controller;
+            },
+            cancel: () => {
+              this._streamMapping.delete(streamId);
+            }
+          });
+          const headers = {
+            "Content-Type": "text/event-stream",
+            "Cache-Control": "no-cache",
+            Connection: "keep-alive"
+          };
+          if (this.sessionId !== void 0) {
+            headers["mcp-session-id"] = this.sessionId;
+          }
+          for (const message of messages) {
+            if (isJSONRPCRequest(message)) {
+              this._streamMapping.set(streamId, {
+                controller: streamController,
+                encoder,
+                cleanup: () => {
+                  this._streamMapping.delete(streamId);
+                  try {
+                    streamController.close();
+                  } catch {
+                  }
+                }
+              });
+              this._requestToStreamMapping.set(message.id, streamId);
+            }
+          }
+          await this.writePrimingEvent(streamController, encoder, streamId, clientProtocolVersion);
+          for (const message of messages) {
+            let closeSSEStream;
+            let closeStandaloneSSEStream;
+            if (isJSONRPCRequest(message) && this._eventStore && clientProtocolVersion >= "2025-11-25") {
+              closeSSEStream = () => {
+                this.closeSSEStream(message.id);
+              };
+              closeStandaloneSSEStream = () => {
+                this.closeStandaloneSSEStream();
+              };
+            }
+            this.onmessage?.(message, { authInfo: options2?.authInfo, requestInfo, closeSSEStream, closeStandaloneSSEStream });
+          }
+          return new Response(readable, { status: 200, headers });
+        } catch (error2) {
+          this.onerror?.(error2);
+          return this.createJsonErrorResponse(400, -32700, "Parse error", { data: String(error2) });
+        }
+      }
+      /**
+       * Handles DELETE requests to terminate sessions
+       */
+      async handleDeleteRequest(req) {
+        const sessionError = this.validateSession(req);
+        if (sessionError) {
+          return sessionError;
+        }
+        const protocolError = this.validateProtocolVersion(req);
+        if (protocolError) {
+          return protocolError;
+        }
+        await Promise.resolve(this._onsessionclosed?.(this.sessionId));
+        await this.close();
+        return new Response(null, { status: 200 });
+      }
+      /**
+       * Validates session ID for non-initialization requests.
+       * Returns Response error if invalid, undefined otherwise
+       */
+      validateSession(req) {
+        if (this.sessionIdGenerator === void 0) {
+          return void 0;
+        }
+        if (!this._initialized) {
+          this.onerror?.(new Error("Bad Request: Server not initialized"));
+          return this.createJsonErrorResponse(400, -32e3, "Bad Request: Server not initialized");
+        }
+        const sessionId = req.headers.get("mcp-session-id");
+        if (!sessionId) {
+          this.onerror?.(new Error("Bad Request: Mcp-Session-Id header is required"));
+          return this.createJsonErrorResponse(400, -32e3, "Bad Request: Mcp-Session-Id header is required");
+        }
+        if (sessionId !== this.sessionId) {
+          this.onerror?.(new Error("Session not found"));
+          return this.createJsonErrorResponse(404, -32001, "Session not found");
+        }
+        return void 0;
+      }
+      /**
+       * Validates the MCP-Protocol-Version header on incoming requests.
+       *
+       * For initialization: Version negotiation handles unknown versions gracefully
+       * (server responds with its supported version).
+       *
+       * For subsequent requests with MCP-Protocol-Version header:
+       * - Accept if in supported list
+       * - 400 if unsupported
+       *
+       * For HTTP requests without the MCP-Protocol-Version header:
+       * - Accept and default to the version negotiated at initialization
+       */
+      validateProtocolVersion(req) {
+        const protocolVersion = req.headers.get("mcp-protocol-version");
+        if (protocolVersion !== null && !SUPPORTED_PROTOCOL_VERSIONS.includes(protocolVersion)) {
+          this.onerror?.(new Error(`Bad Request: Unsupported protocol version: ${protocolVersion} (supported versions: ${SUPPORTED_PROTOCOL_VERSIONS.join(", ")})`));
+          return this.createJsonErrorResponse(400, -32e3, `Bad Request: Unsupported protocol version: ${protocolVersion} (supported versions: ${SUPPORTED_PROTOCOL_VERSIONS.join(", ")})`);
+        }
+        return void 0;
+      }
+      async close() {
+        this._streamMapping.forEach(({ cleanup }) => {
+          cleanup();
+        });
+        this._streamMapping.clear();
+        this._requestResponseMap.clear();
+        this.onclose?.();
+      }
+      /**
+       * Close an SSE stream for a specific request, triggering client reconnection.
+       * Use this to implement polling behavior during long-running operations -
+       * client will reconnect after the retry interval specified in the priming event.
+       */
+      closeSSEStream(requestId) {
+        const streamId = this._requestToStreamMapping.get(requestId);
+        if (!streamId)
+          return;
+        const stream = this._streamMapping.get(streamId);
+        if (stream) {
+          stream.cleanup();
+        }
+      }
+      /**
+       * Close the standalone GET SSE stream, triggering client reconnection.
+       * Use this to implement polling behavior for server-initiated notifications.
+       */
+      closeStandaloneSSEStream() {
+        const stream = this._streamMapping.get(this._standaloneSseStreamId);
+        if (stream) {
+          stream.cleanup();
+        }
+      }
+      async send(message, options2) {
+        let requestId = options2?.relatedRequestId;
+        if (isJSONRPCResultResponse(message) || isJSONRPCErrorResponse(message)) {
+          requestId = message.id;
+        }
+        if (requestId === void 0) {
+          if (isJSONRPCResultResponse(message) || isJSONRPCErrorResponse(message)) {
+            throw new Error("Cannot send a response on a standalone SSE stream unless resuming a previous client request");
+          }
+          let eventId;
+          if (this._eventStore) {
+            eventId = await this._eventStore.storeEvent(this._standaloneSseStreamId, message);
+          }
+          const standaloneSse = this._streamMapping.get(this._standaloneSseStreamId);
+          if (standaloneSse === void 0) {
+            return;
+          }
+          if (standaloneSse.controller && standaloneSse.encoder) {
+            this.writeSSEEvent(standaloneSse.controller, standaloneSse.encoder, message, eventId);
+          }
+          return;
+        }
+        const streamId = this._requestToStreamMapping.get(requestId);
+        if (!streamId) {
+          throw new Error(`No connection established for request ID: ${String(requestId)}`);
+        }
+        const stream = this._streamMapping.get(streamId);
+        if (!this._enableJsonResponse && stream?.controller && stream?.encoder) {
+          let eventId;
+          if (this._eventStore) {
+            eventId = await this._eventStore.storeEvent(streamId, message);
+          }
+          this.writeSSEEvent(stream.controller, stream.encoder, message, eventId);
+        }
+        if (isJSONRPCResultResponse(message) || isJSONRPCErrorResponse(message)) {
+          this._requestResponseMap.set(requestId, message);
+          const relatedIds = Array.from(this._requestToStreamMapping.entries()).filter(([_, sid]) => sid === streamId).map(([id]) => id);
+          const allResponsesReady = relatedIds.every((id) => this._requestResponseMap.has(id));
+          if (allResponsesReady) {
+            if (!stream) {
+              throw new Error(`No connection established for request ID: ${String(requestId)}`);
+            }
+            if (this._enableJsonResponse && stream.resolveJson) {
+              const headers = {
+                "Content-Type": "application/json"
+              };
+              if (this.sessionId !== void 0) {
+                headers["mcp-session-id"] = this.sessionId;
+              }
+              const responses = relatedIds.map((id) => this._requestResponseMap.get(id));
+              if (responses.length === 1) {
+                stream.resolveJson(new Response(JSON.stringify(responses[0]), { status: 200, headers }));
+              } else {
+                stream.resolveJson(new Response(JSON.stringify(responses), { status: 200, headers }));
+              }
+            } else {
+              stream.cleanup();
+            }
+            for (const id of relatedIds) {
+              this._requestResponseMap.delete(id);
+              this._requestToStreamMapping.delete(id);
+            }
+          }
+        }
+      }
+    };
+  }
+});
+// node_modules/@modelcontextprotocol/sdk/dist/esm/server/streamableHttp.js
+var StreamableHTTPServerTransport;
+var init_streamableHttp = __esm({
+  "node_modules/@modelcontextprotocol/sdk/dist/esm/server/streamableHttp.js"() {
+    init_dist7();
+    init_webStandardStreamableHttp();
+    StreamableHTTPServerTransport = class {
+      constructor(options2 = {}) {
+        this._requestContext = /* @__PURE__ */ new WeakMap();
+        this._webStandardTransport = new WebStandardStreamableHTTPServerTransport(options2);
+        this._requestListener = getRequestListener(async (webRequest) => {
+          const context = this._requestContext.get(webRequest);
+          return this._webStandardTransport.handleRequest(webRequest, {
+            authInfo: context?.authInfo,
+            parsedBody: context?.parsedBody
+          });
+        }, { overrideGlobalObjects: false });
+      }
+      /**
+       * Gets the session ID for this transport instance.
+       */
+      get sessionId() {
+        return this._webStandardTransport.sessionId;
+      }
+      /**
+       * Sets callback for when the transport is closed.
+       */
+      set onclose(handler) {
+        this._webStandardTransport.onclose = handler;
+      }
+      get onclose() {
+        return this._webStandardTransport.onclose;
+      }
+      /**
+       * Sets callback for transport errors.
+       */
+      set onerror(handler) {
+        this._webStandardTransport.onerror = handler;
+      }
+      get onerror() {
+        return this._webStandardTransport.onerror;
+      }
+      /**
+       * Sets callback for incoming messages.
+       */
+      set onmessage(handler) {
+        this._webStandardTransport.onmessage = handler;
+      }
+      get onmessage() {
+        return this._webStandardTransport.onmessage;
+      }
+      /**
+       * Starts the transport. This is required by the Transport interface but is a no-op
+       * for the Streamable HTTP transport as connections are managed per-request.
+       */
+      async start() {
+        return this._webStandardTransport.start();
+      }
+      /**
+       * Closes the transport and all active connections.
+       */
+      async close() {
+        return this._webStandardTransport.close();
+      }
+      /**
+       * Sends a JSON-RPC message through the transport.
+       */
+      async send(message, options2) {
+        return this._webStandardTransport.send(message, options2);
+      }
+      /**
+       * Handles an incoming HTTP request, whether GET or POST.
+       *
+       * This method converts Node.js HTTP objects to Web Standard Request/Response
+       * and delegates to the underlying WebStandardStreamableHTTPServerTransport.
+       *
+       * @param req - Node.js IncomingMessage, optionally with auth property from middleware
+       * @param res - Node.js ServerResponse
+       * @param parsedBody - Optional pre-parsed body from body-parser middleware
+       */
+      async handleRequest(req, res, parsedBody) {
+        const authInfo = req.auth;
+        const handler = getRequestListener(async (webRequest) => {
+          return this._webStandardTransport.handleRequest(webRequest, {
+            authInfo,
+            parsedBody
+          });
+        }, { overrideGlobalObjects: false });
+        await handler(req, res);
+      }
+      /**
+       * Close an SSE stream for a specific request, triggering client reconnection.
+       * Use this to implement polling behavior during long-running operations -
+       * client will reconnect after the retry interval specified in the priming event.
+       */
+      closeSSEStream(requestId) {
+        this._webStandardTransport.closeSSEStream(requestId);
+      }
+      /**
+       * Close the standalone GET SSE stream, triggering client reconnection.
+       * Use this to implement polling behavior for server-initiated notifications.
+       */
+      closeStandaloneSSEStream() {
+        this._webStandardTransport.closeStandaloneSSEStream();
+      }
+    };
+  }
+});
 // node_modules/@modelcontextprotocol/sdk/dist/esm/experimental/tasks/server.js
 var ExperimentalServerTasks;
 var init_server = __esm({
@@ -105403,6 +106679,7 @@ var init_stdio3 = __esm({
 // src/mcp/server.ts
 var server_exports = {};
 __export(server_exports, {
+  buildServer: () => buildServer,
   createMcpServer: () => createMcpServer,
   runMcpServer: () => runMcpServer
 });
@@ -105562,7 +106839,7 @@ function schemaToJsonSchema(schema) {
   }
   return { type: "object", properties: {} };
 }
-var _agentReg;
+var _agentReg, buildServer;
 var init_server3 = __esm({
   "src/mcp/server.ts"() {
     "use strict";
@@ -105573,6 +106850,112 @@ var init_server3 = __esm({
     init_registry2();
     init_db();
     _agentReg = /* @__PURE__ */ new Map();
+    buildServer = createMcpServer;
+  }
+});
+// src/mcp/http.ts
+var http_exports = {};
+__export(http_exports, {
+  DEFAULT_MCP_HTTP_PORT: () => DEFAULT_MCP_HTTP_PORT,
+  MCP_SERVICE_NAME: () => MCP_SERVICE_NAME,
+  handleStatelessMcpNode: () => handleStatelessMcpNode,
+  healthPayload: () => healthPayload,
+  isHttpMode: () => isHttpMode,
+  parseHttpArgv: () => parseHttpArgv,
+  resolveMcpHttpPort: () => resolveMcpHttpPort,
+  runMcpHttpServer: () => runMcpHttpServer,
+  startMcpHttpServer: () => startMcpHttpServer
+});
+import { createServer } from "node:http";
+function resolveMcpHttpPort(explicit) {
+  if (explicit != null && !Number.isNaN(explicit)) return explicit;
+  const env3 = process.env.MCP_HTTP_PORT;
+  if (env3) {
+    const parsed = parseInt(env3, 10);
+    if (!Number.isNaN(parsed)) return parsed;
+  }
+  return DEFAULT_MCP_HTTP_PORT;
+}
+function isHttpMode(argv = process.argv) {
+  return argv.includes("--http") || process.env.MCP_HTTP === "1";
+}
+function parseHttpArgv(argv = process.argv) {
+  const http = isHttpMode(argv);
+  let port;
+  const portIdx = argv.indexOf("--port");
+  if (portIdx !== -1 && argv[portIdx + 1]) {
+    port = parseInt(argv[portIdx + 1], 10);
+  }
+  return { http, port };
+}
+async function readJsonBody(req) {
+  const chunks = [];
+  for await (const chunk of req) chunks.push(chunk);
+  if (chunks.length === 0) return void 0;
+  const text = Buffer.concat(chunks).toString("utf8");
+  return text ? JSON.parse(text) : void 0;
+}
+async function handleStatelessMcpNode(req, res, getServer = buildServer) {
+  const server = await getServer();
+  const transport = new StreamableHTTPServerTransport({ sessionIdGenerator: void 0 });
+  await server.connect(transport);
+  const body = req.method === "POST" ? await readJsonBody(req) : void 0;
+  await transport.handleRequest(req, res, body);
+  res.on("close", () => {
+    void transport.close();
+    void server.close();
+  });
+}
+function healthPayload(name = MCP_SERVICE_NAME) {
+  return { status: "ok", name };
+}
+async function startMcpHttpServer(options2 = {}) {
+  const port = options2.port ?? resolveMcpHttpPort();
+  const host = "127.0.0.1";
+  const getServer = options2.getServer ?? buildServer;
+  const name = options2.name ?? MCP_SERVICE_NAME;
+  const httpServer = createServer(async (req, res) => {
+    const url2 = new URL(req.url ?? "/", `http://${host}:${port}`);
+    if (req.method === "GET" && url2.pathname === "/health") {
+      res.writeHead(200, { "Content-Type": "application/json" });
+      res.end(JSON.stringify(healthPayload(name)));
+      return;
+    }
+    if (url2.pathname === "/mcp") {
+      await handleStatelessMcpNode(req, res, getServer);
+      return;
+    }
+    res.writeHead(404);
+    res.end("Not found");
+  });
+  await new Promise((resolve8, reject) => {
+    httpServer.once("error", reject);
+    httpServer.listen(port, host, () => resolve8());
+  });
+  const address = httpServer.address();
+  const boundPort = typeof address === "object" && address ? address.port : port;
+  return {
+    port: boundPort,
+    close: () => new Promise((resolve8, reject) => {
+      httpServer.close((err) => err ? reject(err) : resolve8());
+    })
+  };
+}
+async function runMcpHttpServer(options2 = {}) {
+  const { port } = await startMcpHttpServer(options2);
+  console.error(`coders-mcp listening on http://127.0.0.1:${port}/mcp`);
+  await new Promise(() => {
+  });
+}
+var DEFAULT_MCP_HTTP_PORT, MCP_SERVICE_NAME;
+var init_http = __esm({
+  "src/mcp/http.ts"() {
+    "use strict";
+    init_streamableHttp();
+    init_server3();
+    DEFAULT_MCP_HTTP_PORT = 8805;
+    MCP_SERVICE_NAME = "coders";
   }
 });
@@ -106208,7 +107591,7 @@ var server_exports2 = {};
 __export(server_exports2, {
   startDashboard: () => startDashboard
 });
-import { createServer } from "http";
+import { createServer as createServer2 } from "http";
 import { createHash } from "crypto";
 function route(method, path, handler) {
   routes.push({ method, path, handler });
@@ -106413,7 +107796,7 @@ function terminalPageHTML() {
 </html>`;
 }
 function startDashboard(port = 7077) {
-  const server = createServer(handleRequest);
+  const server = createServer2(handleRequest);
   server.on("upgrade", (req, socket) => {
     if (req.url === "/ws") {
       handleUpgrade(req, socket);
@@ -106710,7 +108093,12 @@ async function main() {
     }
   });
   const mcp = program2.command("mcp").description("Configure and manage MCP servers").configureHelp(helpConfig());
-  mcp.command("serve").description("Start the Coders MCP server").option("-d, --debug", "Enable debug mode").option("--verbose", "Override verbose mode").action(async ({ debug, verbose }) => {
+  mcp.command("serve").description("Start the Coders MCP server").option("-d, --debug", "Enable debug mode").option("--verbose", "Override verbose mode").option("--http", "Use Streamable HTTP transport on 127.0.0.1").option("--port <port>", "HTTP port (default 8805 or MCP_HTTP_PORT)").action(async ({ debug, verbose, http, port }) => {
+    if (http || process.env.MCP_HTTP === "1") {
+      const { resolveMcpHttpPort: resolveMcpHttpPort2, runMcpHttpServer: runMcpHttpServer2 } = await Promise.resolve().then(() => (init_http(), http_exports));
+      await runMcpHttpServer2({ port: resolveMcpHttpPort2(port ? parseInt(port, 10) : void 0) });
+      return;
+    }
     const { runMcpServer: runMcpServer2 } = await Promise.resolve().then(() => (init_server3(), server_exports));
     await runMcpServer2({ debug, verbose });
   });
@@ -107644,7 +109032,7 @@ var VERSION, BUILD_TIME, PACKAGE_NAME, ISSUES_URL, startupTimestamps, originalCw
 var init_index = __esm({
   "src/cli/index.ts"() {
     VERSION = "0.1.2";
-    BUILD_TIME = "2026-04-01T19:47:07.631Z";
+    BUILD_TIME = "2026-05-28T10:04:25.240Z";
     PACKAGE_NAME = "@hasna/coders";
     ISSUES_URL = "https://github.com/hasnaxyz/open-coders/issues";
     startupTimestamps = {};