@j0hanz/fetch-url-mcp 1.11.8 → 1.12.1

package/dist/http/helpers.js

@@ -4,7 +4,6 @@ import { composeCloseHandlers, config, logWarn } from '../lib/core.js';
 import { resolveMcpSessionIdByServer, unregisterMcpSessionServer, unregisterMcpSessionServerByServer, } from '../lib/core.js';
 import { createDefaultBlockList, normalizeIpForBlockList } from '../lib/url.js';
 import { getErrorMessage, toError } from '../lib/utils.js';
-import { cancelTasksForOwner } from '../tasks/handlers.js';
 function abortControllerBestEffort(controller) {
     if (!controller.signal.aborted)
         controller.abort();
@@ -155,7 +154,7 @@ export function registerInboundBlockList(server) {
             logWarn('Blocked inbound connection', {
                 remoteAddress: normalized.ip,
                 family: normalized.family,
-            });
+            }, 'http');
             socket.destroy();
         }
     });
@@ -187,7 +186,7 @@ export async function closeTransportBestEffort(transport, context) {
         await transport.close();
     }
     catch (error) {
-        logWarn('Transport close failed', { context, error });
+        logWarn('Transport close failed', { context, error }, 'http');
     }
 }
 export async function closeMcpServerBestEffort(server, context) {
@@ -195,7 +194,7 @@ export async function closeMcpServerBestEffort(server, context) {
         await server.close();
     }
     catch (error) {
-        logWarn('MCP server close failed', { context, error });
+        logWarn('MCP server close failed', { context, error }, 'http');
     }
 }
 export function createTransportAdapter(transportImpl) {
@@ -357,11 +356,10 @@ class JsonBodyReader {
     }
 }
 export const jsonBodyReader = new JsonBodyReader();
-function cancelSessionTasks(server, message) {
+function unregisterSessionTaskScope(server) {
     const sessionId = resolveMcpSessionIdByServer(server);
     if (!sessionId)
         return null;
-    cancelTasksForOwner(`session:${sessionId}`, message);
     unregisterMcpSessionServer(sessionId);
     return sessionId;
 }
@@ -378,7 +376,7 @@ async function closeSessionResources(session, options) {
     }
 }
 export async function teardownSessionResources(session, options) {
-    cancelSessionTasks(session.server, options.cancelMessage);
+    unregisterSessionTaskScope(session.server);
     if (options.unregisterByServer) {
         unregisterMcpSessionServerByServer(session.server);
     }
@@ -391,6 +389,6 @@ export async function teardownUnregisteredSessionResources(session, context) {
         awaitClose: true,
     });
 }
-export function teardownSessionRegistration(server, cancelMessage) {
-    cancelSessionTasks(server, cancelMessage);
+export function teardownSessionRegistration(server) {
+    unregisterSessionTaskScope(server);
 }

package/dist/http/native.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"native.d.ts","sourceRoot":"","sources":["../../src/http/native.ts"],"names":[],"mappings":"AAqmCA,wBAAsB,eAAe,IAAI,OAAO,CAAC;IAC/C,QAAQ,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAC5C,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;CACd,CAAC,CA0DD"}
+{"version":3,"file":"native.d.ts","sourceRoot":"","sources":["../../src/http/native.ts"],"names":[],"mappings":"AAw4CA,wBAAsB,eAAe,IAAI,OAAO,CAAC;IAC/C,QAAQ,EAAE,CAAC,MAAM,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IAC5C,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;CACd,CAAC,CA2DD"}

package/dist/http/native.js

@@ -7,10 +7,11 @@ import { hostname } from 'node:os';
 import process from 'node:process';
 import { StreamableHTTPServerTransport } from '@modelcontextprotocol/sdk/server/streamableHttp.js';
 import { isInitializeRequest } from '@modelcontextprotocol/sdk/types.js';
-import { composeCloseHandlers, config, createSessionStore, createSlotTracker, enableHttpMode, ensureSessionCapacity, logError, logInfo, registerMcpSessionServer, reserveSessionSlot, runWithRequestContext, startSessionCleanupLoop, } from '../lib/core.js';
+import { composeCloseHandlers, config, createSessionStore, createSlotTracker, enableHttpMode, ensureSessionCapacity, logDebug, logError, logInfo, logWarn, registerMcpSessionOwnerKey, registerMcpSessionServer, reserveSessionSlot, runWithRequestContext, startSessionCleanupLoop, } from '../lib/core.js';
 import { acceptsEventStream, acceptsJsonAndEventStream, isJsonRpcBatchRequest, isMcpMessageBody, isMcpRequestBody, } from '../lib/mcp-interop.js';
 import { applyHttpServerTuning, drainConnectionsOnShutdown, isObject, toError, } from '../lib/utils.js';
 import { createMcpServerForHttpSession } from '../server.js';
+import { buildAuthenticatedOwnerKey } from '../tasks/owner.js';
 import { applyInsufficientScopeAuthHeaders, applyUnauthorizedAuthHeaders, assertHttpModeConfiguration, authService, buildAuthFingerprint, buildProtectedResourceMetadataDocument, corsPolicy, DEFAULT_MCP_PROTOCOL_VERSION, ensureMcpProtocolVersion, hostOriginPolicy, isInsufficientScopeError, isOAuthMetadataEnabled, isProtectedResourceMetadataPath, SUPPORTED_MCP_PROTOCOL_VERSIONS, } from './auth.js';
 import { disableEventLoopMonitoring, isVerboseHealthRequest, resetEventLoopMonitoring, sendHealthRouteResponse, shouldHandleHealthRoute, } from './health.js';
 import { buildRequestContext, createRequestAbortSignal, createTransportAdapter, DEFAULT_BODY_LIMIT_BYTES, drainRequest, findDuplicateSingleValueHeader, getHeaderValue, getMcpSessionId, isJsonBodyError, jsonBodyReader, registerInboundBlockList, sendEmpty, sendError, sendJson, } from './helpers.js';
@@ -28,10 +29,9 @@ function resolveRequestedProtocolVersion(body) {
     const normalized = value.trim();
     if (normalized.length === 0)
         return DEFAULT_MCP_PROTOCOL_VERSION;
-    if (!SUPPORTED_MCP_PROTOCOL_VERSIONS.has(normalized)) {
-        return null;
-    }
-    return normalized;
+    return SUPPORTED_MCP_PROTOCOL_VERSIONS.has(normalized)
+        ? normalized
+        : DEFAULT_MCP_PROTOCOL_VERSION;
 }
 function resolveProtocolVersionHeader(req) {
     const header = getHeaderValue(req, 'mcp-protocol-version');
@@ -49,6 +49,36 @@ function isPingRequest(method) {
 function isMcpRoute(pathname) {
     return pathname === '/mcp' || pathname === '/mcp/';
 }
+function logGatewayRejection(params) {
+    const { message, details, rpcId, ...rest } = params;
+    logWarn(message, {
+        ...rest,
+        ...(rpcId === null || rpcId === undefined ? {} : { rpcId }),
+        ...(details ?? {}),
+    }, 'http');
+}
+function resolveRequestPath(req) {
+    return URL.parse(req.url ?? '', 'http://localhost')?.pathname ?? '/';
+}
+function logRequestCompletion(params) {
+    const meta = {
+        method: params.method,
+        path: params.path,
+        statusCode: params.statusCode,
+        durationMs: Math.round(params.durationMs),
+        requestId: params.requestId,
+        ...(params.sessionId ? { sessionId: params.sessionId } : {}),
+    };
+    if (params.statusCode >= 500) {
+        logError('HTTP request completed with server error', meta, 'http');
+        return;
+    }
+    if (params.statusCode >= 400) {
+        logWarn('HTTP request completed with client error', meta, 'http');
+        return;
+    }
+    logDebug('HTTP request completed', meta, 'http');
+}
 function createSessionTeardownOptions(mode, context) {
     switch (mode) {
         case 'ended':
@@ -71,6 +101,14 @@ function createSessionTeardownOptions(mode, context) {
                 unregisterByServer: true,
                 awaitClose: true,
             };
+        case 'init-timeout':
+            return {
+                cancelMessage: 'The task was cancelled because the MCP session did not finish initialization.',
+                closeTransportReason: 'session-init-timeout',
+                closeServerReason: 'session-init-timeout',
+                unregisterByServer: true,
+                awaitClose: true,
+            };
     }
 }
 class McpSessionGateway {
@@ -94,11 +132,11 @@ class McpSessionGateway {
             sendEmpty(ctx.res, 202);
             return;
         }
-        logInfo('[MCP POST]', {
+        logDebug('MCP POST received', {
             method: method ?? 'response',
-            id: body.id,
+            rpcId: body.id,
             sessionId,
-        });
+        }, 'http');
         const transport = await this.getOrCreateTransport(ctx, requestId);
         if (!transport)
             return;
@@ -113,11 +151,20 @@ class McpSessionGateway {
         const { sessionId, session } = sessionState;
         const acceptHeader = getHeaderValue(ctx.req, 'accept');
         if (!acceptsEventStream(acceptHeader)) {
+            logGatewayRejection({
+                message: 'Rejected MCP GET request',
+                method: ctx.method,
+                path: ctx.url.pathname,
+                reason: 'accept_missing_event_stream',
+                status: 406,
+                sessionId,
+            });
             sendJson(ctx.res, 406, {
                 error: 'Not Acceptable: expected text/event-stream',
             });
             return;
         }
+        logDebug('MCP GET received', { sessionId }, 'http');
         this.store.touch(sessionId);
         await session.transport.handleRequest(ctx.req, ctx.res);
     }
@@ -129,11 +176,19 @@ class McpSessionGateway {
             return;
         const { sessionId, session } = sessionState;
         await session.transport.close();
-        this.cleanupSessionRecord(sessionId, 'session-delete');
+        logDebug('MCP DELETE received', { sessionId }, 'http');
+        this.cleanupSessionRecord(sessionId, createSessionTeardownOptions('ended', 'session-delete'));
         sendJson(ctx.res, 200, { status: 'closed' });
     }
     validatePostRequest(ctx) {
         if (!acceptsJsonAndEventStream(getHeaderValue(ctx.req, 'accept'))) {
+            logGatewayRejection({
+                message: 'Rejected MCP POST request',
+                method: ctx.method,
+                path: ctx.url.pathname,
+                reason: 'accept_missing_json_or_event_stream',
+                status: 406,
+            });
             sendJson(ctx.res, 406, {
                 error: 'Not Acceptable: expected application/json and text/event-stream',
             });
@@ -141,10 +196,26 @@ class McpSessionGateway {
         }
         const { body } = ctx;
         if (isJsonRpcBatchRequest(body)) {
+            logGatewayRejection({
+                message: 'Rejected MCP POST request',
+                method: ctx.method,
+                path: ctx.url.pathname,
+                reason: 'batch_request_not_supported',
+                status: 400,
+                mcpCode: -32600,
+            });
             sendError(ctx.res, -32600, 'Batch requests not supported');
             return null;
         }
         if (!isMcpMessageBody(body)) {
+            logGatewayRejection({
+                message: 'Rejected MCP POST request',
+                method: ctx.method,
+                path: ctx.url.pathname,
+                reason: 'invalid_request_body',
+                status: 400,
+                mcpCode: -32600,
+            });
             sendError(ctx.res, -32600, 'Invalid request body');
             return null;
         }
@@ -156,6 +227,15 @@ class McpSessionGateway {
         const isInitializedMethod = method !== null && isInitializedNotification(method);
         const isInitNotification = isInitializedMethod && body.id === undefined;
         if (isInitializedMethod && !isInitNotification) {
+            logGatewayRejection({
+                message: 'Rejected MCP POST request',
+                method: ctx.method,
+                path: ctx.url.pathname,
+                reason: 'initialized_request_must_be_notification',
+                status: 400,
+                mcpCode: -32600,
+                rpcId: requestId,
+            });
             sendError(ctx.res, -32600, 'notifications/initialized must be sent as a notification', 400, requestId);
             return null;
         }
@@ -187,10 +267,19 @@ class McpSessionGateway {
             return false;
         if (!session) {
             if (isInitNotification) {
+                logGatewayRejection({
+                    message: 'Rejected MCP POST request',
+                    method: ctx.method,
+                    path: ctx.url.pathname,
+                    reason: 'missing_session_id_for_initialized_notification',
+                    status: 400,
+                    mcpCode: -32600,
+                    rpcId: requestId,
+                });
                 sendError(ctx.res, -32600, 'Missing session ID', 400, requestId);
                 return false;
             }
-            return ensureMcpProtocolVersion(ctx.req, ctx.res);
+            return true;
         }
         if (!this.ensureSessionProtocolVersion(ctx, session))
             return false;
@@ -200,6 +289,16 @@ class McpSessionGateway {
             return true;
         if (method !== null && isPingRequest(method))
             return true;
+        logGatewayRejection({
+            message: 'Rejected MCP request',
+            method: ctx.method,
+            path: ctx.url.pathname,
+            reason: 'session_not_initialized',
+            status: 400,
+            mcpCode: -32600,
+            sessionId,
+            rpcId: requestId,
+        });
         sendError(ctx.res, -32600, 'Session not initialized', 400, requestId);
         return false;
     }
@@ -216,23 +315,51 @@ class McpSessionGateway {
     }
     getInitializeProtocolVersion(ctx, requestId) {
         if (!isMcpRequestBody(ctx.body)) {
+            logGatewayRejection({
+                message: 'Rejected MCP initialize request',
+                method: ctx.method,
+                path: ctx.url.pathname,
+                reason: 'missing_session_id',
+                status: 400,
+                mcpCode: -32600,
+                rpcId: requestId,
+            });
             sendError(ctx.res, -32600, 'Missing session ID', 400, requestId);
             return null;
         }
         if (!isInitializeRequest(ctx.body)) {
-            sendError(ctx.res, ctx.body.method === 'initialize' ? -32602 : -32600, ctx.body.method === 'initialize'
-                ? 'Invalid initialize request'
-                : 'Missing session ID', 400, requestId);
+            const invalidInitialize = ctx.body.method === 'initialize';
+            logGatewayRejection({
+                message: 'Rejected MCP initialize request',
+                method: ctx.method,
+                path: ctx.url.pathname,
+                reason: invalidInitialize
+                    ? 'invalid_initialize_request'
+                    : 'missing_session_id',
+                status: 400,
+                mcpCode: invalidInitialize ? -32602 : -32600,
+                rpcId: requestId,
+            });
+            sendError(ctx.res, invalidInitialize ? -32602 : -32600, invalidInitialize ? 'Invalid initialize request' : 'Missing session ID', 400, requestId);
             return null;
         }
         const negotiatedProtocolVersion = resolveRequestedProtocolVersion(ctx.body);
-        if (!negotiatedProtocolVersion) {
-            sendError(ctx.res, -32602, `Unsupported protocolVersion; supported versions: ${[...SUPPORTED_MCP_PROTOCOL_VERSIONS].join(', ')}`, 400, requestId);
-            return null;
-        }
         const headerProtocolVersion = resolveProtocolVersionHeader(ctx.req);
         if (headerProtocolVersion &&
             headerProtocolVersion !== negotiatedProtocolVersion) {
+            logGatewayRejection({
+                message: 'Rejected MCP initialize request',
+                method: ctx.method,
+                path: ctx.url.pathname,
+                reason: 'protocol_version_mismatch',
+                status: 400,
+                mcpCode: -32600,
+                rpcId: requestId,
+                details: {
+                    headerProtocolVersion,
+                    negotiatedProtocolVersion,
+                },
+            });
             sendError(ctx.res, -32600, `initialize protocolVersion mismatch: header=${headerProtocolVersion}, body=${negotiatedProtocolVersion}`, 400, requestId);
             return null;
         }
@@ -275,10 +402,28 @@ class McpSessionGateway {
     getAuthenticatedSessionById(sessionId, authFingerprint, res, requestId = null) {
         const session = this.store.get(sessionId);
         if (!session) {
+            logGatewayRejection({
+                message: 'Rejected MCP session request',
+                path: '/mcp',
+                reason: 'session_not_found',
+                status: 404,
+                mcpCode: -32600,
+                sessionId,
+                rpcId: requestId,
+            });
             sendError(res, -32600, 'Session not found', 404, requestId);
             return null;
         }
         if (!authFingerprint || session.authFingerprint !== authFingerprint) {
+            logGatewayRejection({
+                message: 'Rejected MCP session request',
+                path: '/mcp',
+                reason: 'session_auth_mismatch',
+                status: 404,
+                mcpCode: -32600,
+                sessionId,
+                rpcId: requestId,
+            });
             sendError(res, -32600, 'Session not found', 404, requestId);
             return null;
         }
@@ -296,6 +441,7 @@ class McpSessionGateway {
         this.clearSessionInitTimeout(sessionId);
         if (sessionId)
             this.store.touch(sessionId);
+        logDebug('Session initialized', { sessionId }, 'session');
     }
     createSessionInitTimeout(sessionId, tracker, unpublishedSession) {
         const initTimeout = setTimeout(() => {
@@ -305,9 +451,11 @@ class McpSessionGateway {
                     this.clearSessionInitTimeout(sessionId);
                     return;
                 }
-                this.cleanupSessionRecord(sessionId, 'session-init-timeout');
+                logWarn('Session init timeout', { sessionId }, 'session');
+                this.cleanupSessionRecord(sessionId, createSessionTeardownOptions('init-timeout'));
                 return;
             }
+            logWarn('Session init timeout before registration completed', { sessionId }, 'session');
             tracker.releaseSlot();
             void teardownUnregisteredSessionResources(unpublishedSession, 'session-init-timeout');
         }, config.server.sessionInitTimeoutMs);
@@ -327,6 +475,10 @@ class McpSessionGateway {
             await sessionServer.connect(transport);
         }
         catch (err) {
+            logWarn('Session transport connect failed', {
+                sessionId,
+                error: toError(err).message,
+            }, 'session');
             clearTimeout(initTimeout);
             tracker.releaseSlot();
             void teardownUnregisteredSessionResources(unpublishedSession, 'session-connect-failed');
@@ -337,9 +489,22 @@ class McpSessionGateway {
     async createNewSession(ctx, requestId, negotiatedProtocolVersion) {
         const authFingerprint = buildAuthFingerprint(ctx.auth);
         if (!authFingerprint) {
+            logError('Session creation failed: missing auth context', {
+                path: ctx.url.pathname,
+                method: ctx.method,
+            }, 'session');
             sendError(ctx.res, -32603, 'Missing auth context', 500, requestId);
             return null;
         }
+        const ownerKey = buildAuthenticatedOwnerKey(ctx.auth);
+        if (!ownerKey) {
+            logError('Session creation failed: missing task owner context', {
+                path: ctx.url.pathname,
+                method: ctx.method,
+            }, 'session');
+            sendError(ctx.res, -32603, 'Missing auth owner context', 500, requestId);
+            return null;
+        }
         if (!this.reserveCapacity(ctx.res, requestId))
             return null;
         const tracker = createSlotTracker(this.store);
@@ -349,6 +514,7 @@ class McpSessionGateway {
             sessionServer = await this.createSessionServer();
         }
         catch (error) {
+            logError('Session server creation failed', { sessionId: newSessionId, error: toError(error).message }, 'session');
             tracker.releaseSlot();
             throw error;
         }
@@ -363,6 +529,7 @@ class McpSessionGateway {
         const isConnected = await this.connectTransport(sessionServer, transportImpl, initTimeout, tracker, unpublishedSession, newSessionId);
         tracker.releaseSlot();
         if (!isConnected) {
+            logWarn('Session closed before registration completed', { sessionId: newSessionId }, 'session');
             void teardownUnregisteredSessionResources(unpublishedSession, 'session-closed-during-connect');
             return null;
         }
@@ -376,18 +543,24 @@ class McpSessionGateway {
             authFingerprint,
         });
         this.sessionInitTimeouts.set(newSessionId, initTimeout);
+        registerMcpSessionOwnerKey(newSessionId, ownerKey);
         registerMcpSessionServer(newSessionId, sessionServer);
+        logInfo('Session created', { sessionId: newSessionId, negotiatedProtocolVersion }, 'session');
         transportImpl.onclose = composeCloseHandlers(transportImpl.onclose, () => {
-            this.cleanupSessionRecord(newSessionId, 'session-close');
+            this.cleanupSessionRecord(newSessionId, createSessionTeardownOptions('ended', 'session-close'));
         });
         return transportImpl;
     }
-    cleanupSessionRecord(sessionId, context) {
+    cleanupSessionRecord(sessionId, teardownOptions) {
+        const context = teardownOptions.closeTransportReason ??
+            teardownOptions.closeServerReason ??
+            'session';
+        logDebug('Session cleanup', { sessionId, context }, 'session');
         this.clearSessionInitTimeout(sessionId);
         const session = this.store.remove(sessionId);
         if (!session)
             return;
-        void teardownSessionResources(session, createSessionTeardownOptions('ended', context));
+        void teardownSessionResources(session, teardownOptions);
     }
     clearSessionInitTimeout(sessionId) {
         if (!sessionId)
@@ -412,11 +585,13 @@ class McpSessionGateway {
             },
         });
         if (!allowed) {
+            logWarn('Session capacity exhausted', { maxSessions: config.server.maxSessions }, 'session');
             sendError(res, -32000, 'Server busy', 503, requestId);
             return false;
         }
         // Double-check: capacity may have changed during the async eviction window above.
         if (!reserveSessionSlot(this.store, config.server.maxSessions)) {
+            logWarn('Session capacity exhausted (post-eviction)', { maxSessions: config.server.maxSessions }, 'session');
             sendError(res, -32000, 'Server busy', 503, requestId);
             return false;
         }
@@ -472,12 +647,15 @@ class HttpDispatcher {
                 const handled = await this.handleMcpRoutes(authCtx);
                 if (handled)
                     return;
+                ctx.res.setHeader('Allow', 'DELETE, GET, OPTIONS, POST');
+                sendJson(ctx.res, 405, { error: 'Method Not Allowed' });
+                return;
             }
             sendJson(ctx.res, 404, { error: 'Not Found' });
         }
         catch (err) {
             const error = toError(err);
-            logError('Request failed', error);
+            logError('Request failed', error, 'http');
             if (!ctx.res.writableEnded) {
                 sendJson(ctx.res, 500, { error: 'Internal Server Error' });
             }
@@ -504,6 +682,7 @@ class HttpDispatcher {
         }
         catch (err) {
             const message = err instanceof Error ? err.message : 'Unauthorized';
+            logWarn('Authentication failed', { message, method: ctx.method, path: ctx.url.pathname }, 'auth');
             if (isInsufficientScopeError(err)) {
                 applyInsufficientScopeAuthHeaders(ctx.req, ctx.res, err.requiredScopes, message);
                 sendError(ctx.res, -32000, message, 403);
@@ -562,6 +741,18 @@ class HttpRequestPipeline {
         const requestId = getHeaderValue(rawReq, 'x-request-id') ?? randomUUID();
         const sessionId = getMcpSessionId(rawReq) ?? undefined;
         const { signal, cleanup } = createRequestAbortSignal(rawReq);
+        const path = resolveRequestPath(rawReq);
+        const startTime = performance.now();
+        rawRes.once('finish', () => {
+            logRequestCompletion({
+                path,
+                statusCode: rawRes.statusCode,
+                durationMs: performance.now() - startTime,
+                requestId,
+                ...(rawReq.method ? { method: rawReq.method } : {}),
+                ...(sessionId ? { sessionId } : {}),
+            });
+        });
         try {
             await runWithRequestContext({
                 requestId,
@@ -588,6 +779,14 @@ class HttpRequestPipeline {
         const duplicateHeader = findDuplicateSingleValueHeader(rawReq);
         if (!duplicateHeader)
             return false;
+        logGatewayRejection({
+            message: 'Rejected HTTP request',
+            method: rawReq.method,
+            path: resolveRequestPath(rawReq),
+            reason: 'duplicate_single_value_header',
+            status: 400,
+            details: { header: duplicateHeader },
+        });
         sendJson(rawRes, 400, {
             error: `Duplicate ${duplicateHeader} header is not allowed`,
         });
@@ -628,6 +827,12 @@ class HttpRequestPipeline {
         }
         catch (error) {
             const bodyErrorKind = isJsonBodyError(error) ? error.kind : null;
+            if (bodyErrorKind === 'payload-too-large') {
+                logWarn('Request body too large', { method: ctx.method, path: ctx.url.pathname }, 'http');
+            }
+            else if (bodyErrorKind === 'read-failed' || bodyErrorKind === null) {
+                logError('Request body parsing failed', toError(error), 'http');
+            }
             sendBodyParseError(ctx, bodyErrorKind, rawReq);
             return false;
         }
@@ -648,7 +853,7 @@ class HttpRequestPipeline {
 // Server bootstrap
 // ---------------------------------------------------------------------------
 function handlePipelineError(error, res) {
-    logError('Request pipeline failed', toError(error));
+    logError('Request pipeline failed', toError(error), 'http');
     if (res.writableEnded)
         return;
     if (!res.headersSent) {
@@ -694,7 +899,7 @@ function resolveListeningPort(server, fallback) {
 function createShutdownHandler(options) {
     const closeBatchSize = 10;
     return async (signal) => {
-        logInfo(`Stopping HTTP server (${signal})...`);
+        logInfo(`Stopping HTTP server (${signal})...`, undefined, 'http');
         options.rateLimiter.stop();
         options.sessionCleanup.abort();
         drainConnectionsOnShutdown(options.server);
@@ -707,7 +912,7 @@ function createShutdownHandler(options) {
             }));
             for (const r of results) {
                 if (r.status === 'rejected') {
-                    logError('Session teardown failed during shutdown', r.reason instanceof Error ? r.reason : undefined);
+                    logError('Session teardown failed during shutdown', r.reason instanceof Error ? r.reason : undefined, 'http');
                 }
             }
         }
@@ -722,7 +927,7 @@ export async function startHttpServer() {
     const sessionStore = createSessionStore(config.server.sessionTtlMs);
     const sessionCleanup = startSessionCleanupLoop(sessionStore, config.server.sessionTtlMs, {
         onEvictSession: (session) => {
-            teardownSessionRegistration(session.server, 'The task was cancelled because the MCP session expired.');
+            teardownSessionRegistration(session.server);
         },
     });
     const mcpGateway = new McpSessionGateway(sessionStore, createMcpServerForHttpSession);
@@ -743,7 +948,7 @@ export async function startHttpServer() {
         arch: process.arch,
         hostname: hostname(),
         nodeVersion: process.version,
-    });
+    }, 'http');
     return {
         port,
         host: config.server.host,

package/dist/http/rate-limit.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"rate-limit.d.ts","sourceRoot":"","sources":["../../src/http/rate-limit.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,KAAK,cAAc,EAAY,MAAM,cAAc,CAAC;AAY7D,UAAU,eAAe;IACvB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,OAAO,EAAE,OAAO,CAAC;CAClB;AAED,MAAM,WAAW,oBAAoB;IACnC,KAAK,CAAC,GAAG,EAAE,cAAc,GAAG,OAAO,CAAC;IACpC,IAAI,IAAI,IAAI,CAAC;CACd;AA0FD,wBAAgB,0BAA0B,CACxC,OAAO,EAAE,eAAe,GACvB,oBAAoB,CAEtB"}
+{"version":3,"file":"rate-limit.d.ts","sourceRoot":"","sources":["../../src/http/rate-limit.ts"],"names":[],"mappings":"AAIA,OAAO,EAAE,KAAK,cAAc,EAAY,MAAM,cAAc,CAAC;AAY7D,UAAU,eAAe;IACvB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,OAAO,EAAE,OAAO,CAAC;CAClB;AAED,MAAM,WAAW,oBAAoB;IACnC,KAAK,CAAC,GAAG,EAAE,cAAc,GAAG,OAAO,CAAC;IACpC,IAAI,IAAI,IAAI,CAAC;CACd;AA2FD,wBAAgB,0BAA0B,CACxC,OAAO,EAAE,eAAe,GACvB,oBAAoB,CAEtB"}

package/dist/http/rate-limit.js

@@ -21,7 +21,7 @@ class RateLimiter {
             },
             onError: (err) => {
                 if (!isAbortError(err)) {
-                    logWarn('Rate limit cleanup failed', { error: err });
+                    logWarn('Rate limit cleanup failed', { error: err }, 'rate-limit');
                 }
             },
         });
@@ -71,6 +71,7 @@ class RateLimiter {
             this.store.set(key, entry);
         }
         if (entry.count > this.options.maxRequests) {
+            logWarn('Rate limit exceeded', { ip: key }, 'rate-limit');
             const retryAfter = Math.max(1, Math.ceil((entry.resetTime - now) / 1000));
             ctx.res.setHeader('Retry-After', String(retryAfter));
             sendJson(ctx.res, 429, { error: 'Rate limit exceeded', retryAfter });

package/dist/index.js

@@ -36,7 +36,7 @@ const isStdioMode = !values.http;
 let isShuttingDown = false;
 const shutdownHandlerRef = {};
 function shouldAttemptShutdown() {
-    return !isShuttingDown && !isStdioMode && Boolean(shutdownHandlerRef.current);
+    return !isShuttingDown && Boolean(shutdownHandlerRef.current);
 }
 function attemptShutdown(signal) {
     if (!shutdownHandlerRef.current)
@@ -60,13 +60,13 @@ function registerHttpSignalHandlers() {
     registerSignalHandlers(['SIGINT', 'SIGTERM'], tryShutdown);
 }
 function writeStartupError(error) {
-    logError('Failed to start server', error);
+    logError('Failed to start server', error, 'server');
     process.stderr.write(`Failed to start server: ${error.message}\n`);
     process.exitCode = 1;
     scheduleForcedExit('Startup failure');
 }
 function handleFatalError(label, error, signal) {
-    logError(label, error);
+    logError(label, error, 'server');
     process.stderr.write(`${label}: ${error.message}\n`);
     process.exitCode = 1;
     if (shouldAttemptShutdown()) {
@@ -84,7 +84,8 @@ process.on('unhandledRejection', (reason) => {
 });
 try {
     if (isStdioMode) {
-        await startStdioServer();
+        const { shutdown } = await startStdioServer();
+        shutdownHandlerRef.current = shutdown;
     }
     else {
         const { shutdown } = await startHttpServer();

package/dist/lib/config.d.ts

@@ -1,5 +1,5 @@
 export declare const serverVersion: string;
-export type LogLevel = 'debug' | 'info' | 'warn' | 'error';
+export type LogLevel = 'debug' | 'info' | 'notice' | 'warn' | 'error' | 'critical';
 type TransformWorkerMode = 'threads' | 'process';
 type AuthMode = 'oauth' | 'static';
 interface WorkerResourceLimits {