npm - @j0hanz/fetch-url-mcp - Versions diffs - 1.12.6 → 1.12.8 - Mend

@j0hanz/fetch-url-mcp 1.12.6 → 1.12.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (146) hide show

package/dist/http/auth.d.ts +2 -2
package/dist/http/auth.d.ts.map +1 -1
package/dist/http/auth.js +15 -16
package/dist/http/index.d.ts +6 -0
package/dist/http/index.d.ts.map +1 -0
package/dist/http/index.js +5 -0
package/dist/http/native.d.ts +73 -0
package/dist/http/native.d.ts.map +1 -1
package/dist/http/native.js +585 -62
package/dist/http/rate-limit.d.ts +1 -1
package/dist/http/rate-limit.d.ts.map +1 -1
package/dist/http/rate-limit.js +5 -6
package/dist/index.d.ts +17 -0
package/dist/index.d.ts.map +1 -1
package/dist/index.js +69 -8
package/dist/lib/config.js +2 -2
package/dist/lib/core.d.ts +56 -4
package/dist/lib/core.d.ts.map +1 -1
package/dist/lib/core.js +162 -11
package/dist/lib/error/classes.d.ts +19 -0
package/dist/lib/error/classes.d.ts.map +1 -0
package/dist/lib/error/classes.js +107 -0
package/dist/lib/error/classify.d.ts +4 -0
package/dist/lib/error/classify.d.ts.map +1 -0
package/dist/lib/error/classify.js +154 -0
package/dist/lib/error/codes.d.ts +23 -0
package/dist/lib/error/codes.d.ts.map +1 -0
package/dist/lib/error/codes.js +22 -0
package/dist/lib/error/index.d.ts +6 -0
package/dist/lib/error/index.d.ts.map +1 -0
package/dist/lib/error/index.js +5 -0
package/dist/lib/{error-messages.d.ts → error/messages.d.ts} +2 -2
package/dist/lib/error/messages.d.ts.map +1 -0
package/dist/lib/{error-messages.js → error/messages.js} +13 -13
package/dist/lib/{tool-errors.d.ts → error/payload.d.ts} +7 -13
package/dist/lib/error/payload.d.ts.map +1 -0
package/dist/lib/error/payload.js +108 -0
package/dist/lib/mcp-interop.d.ts +1 -0
package/dist/lib/mcp-interop.d.ts.map +1 -1
package/dist/lib/mcp-interop.js +17 -9
package/dist/lib/net/http.d.ts.map +1 -0
package/dist/lib/{http.js → net/http.js} +11 -14
package/dist/lib/net/index.d.ts +4 -0
package/dist/lib/net/index.d.ts.map +1 -0
package/dist/lib/net/index.js +3 -0
package/dist/lib/{fetch-pipeline.d.ts → net/pipeline.d.ts} +3 -3
package/dist/lib/net/pipeline.d.ts.map +1 -0
package/dist/lib/{fetch-pipeline.js → net/pipeline.js} +7 -9
package/dist/lib/{url.d.ts → net/url.d.ts} +2 -2
package/dist/lib/net/url.d.ts.map +1 -0
package/dist/lib/{url.js → net/url.js} +6 -8
package/dist/lib/utils.d.ts +3 -18
package/dist/lib/utils.d.ts.map +1 -1
package/dist/lib/utils.js +33 -105
package/dist/resources/index.d.ts.map +1 -1
package/dist/resources/index.js +6 -3
package/dist/schemas.d.ts +1 -1
package/dist/server.d.ts.map +1 -1
package/dist/server.js +12 -14
package/dist/tasks/index.d.ts +2 -0
package/dist/tasks/index.d.ts.map +1 -0
package/dist/tasks/index.js +1 -0
package/dist/tasks/manager.d.ts +123 -1
package/dist/tasks/manager.d.ts.map +1 -1
package/dist/tasks/manager.js +753 -18
package/dist/tools/{fetch-url.d.ts → index.d.ts} +4 -5
package/dist/tools/index.d.ts.map +1 -0
package/dist/tools/{fetch-url.js → index.js} +14 -31
package/dist/transform/index.d.ts +279 -0
package/dist/transform/index.d.ts.map +1 -0
package/dist/transform/index.js +5234 -0
package/package.json +2 -2
package/dist/cli.d.ts +0 -19
package/dist/cli.d.ts.map +0 -1
package/dist/cli.js +0 -65
package/dist/http/health.d.ts +0 -8
package/dist/http/health.d.ts.map +0 -1
package/dist/http/health.js +0 -152
package/dist/http/helpers.d.ts +0 -68
package/dist/http/helpers.d.ts.map +0 -1
package/dist/http/helpers.js +0 -404
package/dist/lib/error-codes.d.ts +0 -11
package/dist/lib/error-codes.d.ts.map +0 -1
package/dist/lib/error-codes.js +0 -15
package/dist/lib/error-messages.d.ts.map +0 -1
package/dist/lib/fetch-pipeline.d.ts.map +0 -1
package/dist/lib/http.d.ts.map +0 -1
package/dist/lib/logger-names.d.ts +0 -14
package/dist/lib/logger-names.d.ts.map +0 -1
package/dist/lib/logger-names.js +0 -13
package/dist/lib/session.d.ts +0 -44
package/dist/lib/session.d.ts.map +0 -1
package/dist/lib/session.js +0 -137
package/dist/lib/tool-errors.d.ts.map +0 -1
package/dist/lib/tool-errors.js +0 -252
package/dist/lib/url.d.ts.map +0 -1
package/dist/lib/zod.d.ts +0 -3
package/dist/lib/zod.d.ts.map +0 -1
package/dist/lib/zod.js +0 -27
package/dist/tasks/call-contract.d.ts +0 -25
package/dist/tasks/call-contract.d.ts.map +0 -1
package/dist/tasks/call-contract.js +0 -59
package/dist/tasks/execution.d.ts +0 -16
package/dist/tasks/execution.d.ts.map +0 -1
package/dist/tasks/execution.js +0 -241
package/dist/tasks/handlers.d.ts +0 -11
package/dist/tasks/handlers.d.ts.map +0 -1
package/dist/tasks/handlers.js +0 -157
package/dist/tasks/owner.d.ts +0 -43
package/dist/tasks/owner.d.ts.map +0 -1
package/dist/tasks/owner.js +0 -144
package/dist/tasks/registry.d.ts +0 -20
package/dist/tasks/registry.d.ts.map +0 -1
package/dist/tasks/registry.js +0 -40
package/dist/tasks/waiters.d.ts +0 -27
package/dist/tasks/waiters.d.ts.map +0 -1
package/dist/tasks/waiters.js +0 -114
package/dist/tools/fetch-url.d.ts.map +0 -1
package/dist/transform/dom-prep.d.ts +0 -16
package/dist/transform/dom-prep.d.ts.map +0 -1
package/dist/transform/dom-prep.js +0 -1287
package/dist/transform/html-translators.d.ts +0 -5
package/dist/transform/html-translators.d.ts.map +0 -1
package/dist/transform/html-translators.js +0 -697
package/dist/transform/markdown-cleanup.d.ts +0 -10
package/dist/transform/markdown-cleanup.d.ts.map +0 -1
package/dist/transform/markdown-cleanup.js +0 -542
package/dist/transform/metadata.d.ts +0 -18
package/dist/transform/metadata.d.ts.map +0 -1
package/dist/transform/metadata.js +0 -462
package/dist/transform/next-flight.d.ts +0 -2
package/dist/transform/next-flight.d.ts.map +0 -1
package/dist/transform/next-flight.js +0 -374
package/dist/transform/shared.d.ts +0 -8
package/dist/transform/shared.d.ts.map +0 -1
package/dist/transform/shared.js +0 -137
package/dist/transform/transform.d.ts +0 -38
package/dist/transform/transform.d.ts.map +0 -1
package/dist/transform/transform.js +0 -1041
package/dist/transform/types.d.ts +0 -124
package/dist/transform/types.d.ts.map +0 -1
package/dist/transform/types.js +0 -5
package/dist/transform/worker-pool.d.ts +0 -76
package/dist/transform/worker-pool.d.ts.map +0 -1
package/dist/transform/worker-pool.js +0 -725
/package/dist/lib/{http.d.ts → net/http.d.ts} +0 -0

package/dist/http/native.js CHANGED Viewed

@@ -1,23 +1,567 @@
+import { StreamableHTTPServerTransport } from '@modelcontextprotocol/sdk/server/streamableHttp.js';
+import { isInitializeRequest } from '@modelcontextprotocol/sdk/types.js';
 import { randomUUID } from 'node:crypto';
 import { once } from 'node:events';
 import { readFileSync } from 'node:fs';
 import { createServer, } from 'node:http';
 import { createServer as createHttpsServer, } from 'node:https';
-import { hostname } from 'node:os';
+import { freemem, hostname, totalmem } from 'node:os';
+import { monitorEventLoopDelay, performance } from 'node:perf_hooks';
 import process from 'node:process';
-import { StreamableHTTPServerTransport } from '@modelcontextprotocol/sdk/server/streamableHttp.js';
-import { isInitializeRequest } from '@modelcontextprotocol/sdk/types.js';
-import { composeCloseHandlers, config, createSessionStore, createSlotTracker, enableHttpMode, ensureSessionCapacity, logDebug, logError, logInfo, logWarn, registerMcpSessionOwnerKey, registerMcpSessionServer, reserveSessionSlot, runWithRequestContext, startSessionCleanupLoop, } from '../lib/core.js';
-import { LOG_AUTH, LOG_HTTP, LOG_SESSION } from '../lib/logger-names.js';
-import { acceptsEventStream, acceptsJsonAndEventStream, isJsonRpcBatchRequest, isMcpMessageBody, isMcpRequestBody, } from '../lib/mcp-interop.js';
-import { applyHttpServerTuning, drainConnectionsOnShutdown, isObject, toError, } from '../lib/utils.js';
+import { Writable } from 'node:stream';
+import { pipeline } from 'node:stream/promises';
+import { composeCloseHandlers, config, createSessionStore, createSlotTracker, enableHttpMode, ensureSessionCapacity, logDebug, logError, Loggers, logInfo, logWarn, registerMcpSessionOwnerKey, registerMcpSessionServer, reserveSessionSlot, resolveMcpSessionIdByServer, runWithRequestContext, serverVersion, startSessionCleanupLoop, unregisterMcpSessionServer, unregisterMcpSessionServerByServer, } from '../lib/core.js';
+import { getErrorMessage, toError } from '../lib/error/index.js';
+import { acceptsEventStream, acceptsJsonAndEventStream, isMcpRequestBody, } from '../lib/mcp-interop.js';
+import { createDefaultBlockList, normalizeIpForBlockList, } from '../lib/net/index.js';
+import { applyHttpServerTuning, drainConnectionsOnShutdown, isObject, } from '../lib/utils.js';
 import { createMcpServerForHttpSession } from '../server.js';
-import { buildAuthenticatedOwnerKey } from '../tasks/owner.js';
+import { buildAuthenticatedOwnerKey } from '../tasks/index.js';
+import { getTransformPoolStats } from '../transform/index.js';
 import { applyInsufficientScopeAuthHeaders, applyUnauthorizedAuthHeaders, assertHttpModeConfiguration, authService, buildAuthFingerprint, buildProtectedResourceMetadataDocument, corsPolicy, DEFAULT_MCP_PROTOCOL_VERSION, ensureMcpProtocolVersion, hostOriginPolicy, isInsufficientScopeError, isOAuthMetadataEnabled, isProtectedResourceMetadataPath, SUPPORTED_MCP_PROTOCOL_VERSIONS, } from './auth.js';
-import { disableEventLoopMonitoring, isVerboseHealthRequest, resetEventLoopMonitoring, sendHealthRouteResponse, shouldHandleHealthRoute, } from './health.js';
-import { buildRequestContext, createRequestAbortSignal, createTransportAdapter, DEFAULT_BODY_LIMIT_BYTES, drainRequest, findDuplicateSingleValueHeader, getHeaderValue, getMcpSessionId, isJsonBodyError, jsonBodyReader, registerInboundBlockList, sendEmpty, sendError, sendJson, } from './helpers.js';
-import { teardownSessionRegistration, teardownSessionResources, teardownUnregisteredSessionResources, } from './helpers.js';
 import { createRateLimitManagerImpl, } from './rate-limit.js';
+function abortControllerBestEffort(controller) {
+    if (!controller.signal.aborted)
+        controller.abort();
+}
+function destroyRequestBestEffort(req) {
+    try {
+        req.destroy();
+    }
+    catch {
+        // Best-effort only.
+    }
+}
+// ---------------------------------------------------------------------------
+// Response helpers
+// ---------------------------------------------------------------------------
+function setNoStoreHeaders(res) {
+    res.setHeader('X-Content-Type-Options', 'nosniff');
+    res.setHeader('Cache-Control', 'no-store');
+}
+export function sendJson(res, status, body) {
+    res.statusCode = status;
+    res.setHeader('Content-Type', 'application/json; charset=utf-8');
+    setNoStoreHeaders(res);
+    res.end(JSON.stringify(body));
+}
+export function sendEmpty(res, status) {
+    res.statusCode = status;
+    res.setHeader('Content-Length', '0');
+    res.end();
+}
+export function sendError(res, _code, message, status = 400,
+// eslint-disable-next-line @typescript-eslint/no-unused-vars -- kept for call-site compat
+_id) {
+    sendJson(res, status, { error: message });
+}
+// ---------------------------------------------------------------------------
+// Request helpers
+// ---------------------------------------------------------------------------
+export function getHeaderValue(req, name) {
+    const val = req.headers[name];
+    if (!val)
+        return null;
+    return Array.isArray(val) ? (val[0] ?? null) : val;
+}
+export function getMcpSessionId(req) {
+    return (getHeaderValue(req, 'mcp-session-id') ??
+        getHeaderValue(req, 'x-mcp-session-id'));
+}
+const SINGLE_VALUE_HEADER_NAMES = [
+    'authorization',
+    'x-api-key',
+    'host',
+    'origin',
+    'content-length',
+    'mcp-protocol-version',
+    'mcp-session-id',
+    'x-mcp-session-id',
+];
+function hasDuplicateHeader(req, name) {
+    const values = req.headersDistinct[name];
+    return Array.isArray(values) && values.length > 1;
+}
+export function findDuplicateSingleValueHeader(req) {
+    for (const name of SINGLE_VALUE_HEADER_NAMES) {
+        if (hasDuplicateHeader(req, name))
+            return name;
+    }
+    return null;
+}
+export function drainRequest(req) {
+    if (req.readableEnded)
+        return;
+    try {
+        req.resume();
+    }
+    catch {
+        // Best-effort only.
+    }
+}
+// ---------------------------------------------------------------------------
+// Request abort signal
+// ---------------------------------------------------------------------------
+export function createRequestAbortSignal(req) {
+    const controller = new AbortController();
+    let cleanedUp = false;
+    const abortRequest = () => {
+        if (cleanedUp)
+            return;
+        abortControllerBestEffort(controller);
+    };
+    if (req.destroyed) {
+        abortRequest();
+        return {
+            signal: controller.signal,
+            cleanup: () => {
+                cleanedUp = true;
+            },
+        };
+    }
+    const onClose = () => {
+        // A normal close after a complete body should not be treated as cancellation.
+        if (req.complete)
+            return;
+        abortRequest();
+    };
+    const onError = () => {
+        abortRequest();
+    };
+    req.once('close', onClose);
+    req.once('error', onError);
+    return {
+        signal: controller.signal,
+        cleanup: () => {
+            cleanedUp = true;
+            req.removeListener('close', onClose);
+            req.removeListener('error', onError);
+        },
+    };
+}
+// ---------------------------------------------------------------------------
+// IP & connection helpers
+// ---------------------------------------------------------------------------
+function normalizeRemoteAddress(address) {
+    if (!address)
+        return null;
+    const trimmed = address.trim();
+    if (!trimmed)
+        return null;
+    const normalized = normalizeIpForBlockList(trimmed);
+    if (normalized)
+        return normalized.ip;
+    return trimmed;
+}
+export function registerInboundBlockList(server) {
+    if (!config.server.http.blockPrivateConnections)
+        return;
+    const blockList = createDefaultBlockList();
+    server.on('connection', (socket) => {
+        const raw = socket.remoteAddress?.trim();
+        if (!raw)
+            return;
+        const normalized = normalizeIpForBlockList(raw);
+        if (!normalized)
+            return;
+        if (blockList.check(normalized.ip, normalized.family)) {
+            logWarn('Blocked inbound connection', {
+                remoteAddress: normalized.ip,
+                family: normalized.family,
+            }, Loggers.LOG_HTTP);
+            socket.destroy();
+        }
+    });
+}
+// ---------------------------------------------------------------------------
+// Request context builder
+// ---------------------------------------------------------------------------
+export function buildRequestContext(req, res, signal) {
+    const url = URL.parse(req.url ?? '', 'http://localhost');
+    if (!url) {
+        sendJson(res, 400, { error: 'Invalid request URL' });
+        return null;
+    }
+    return {
+        req,
+        res,
+        url,
+        method: req.method,
+        ip: normalizeRemoteAddress(req.socket.remoteAddress),
+        body: undefined,
+        ...(signal ? { signal } : {}),
+    };
+}
+// ---------------------------------------------------------------------------
+// Transport / MCP helpers
+// ---------------------------------------------------------------------------
+export async function closeTransportBestEffort(transport, context) {
+    try {
+        await transport.close();
+    }
+    catch (error) {
+        logWarn('Transport close failed', { context, error }, Loggers.LOG_HTTP);
+    }
+}
+export async function closeMcpServerBestEffort(server, context) {
+    try {
+        await server.close();
+    }
+    catch (error) {
+        logWarn('MCP server close failed', { context, error }, Loggers.LOG_HTTP);
+    }
+}
+export function createTransportAdapter(transportImpl) {
+    const noopOnClose = () => { };
+    const noopOnError = () => { };
+    const noopOnMessage = () => { };
+    const baseOnClose = transportImpl.onclose;
+    let oncloseHandler = noopOnClose;
+    let onerrorHandler = noopOnError;
+    let onmessageHandler = noopOnMessage;
+    return {
+        start: () => transportImpl.start(),
+        send: (message, options) => transportImpl.send(message, options),
+        close: () => transportImpl.close(),
+        get onclose() {
+            return oncloseHandler;
+        },
+        set onclose(handler) {
+            oncloseHandler = handler;
+            transportImpl.onclose = composeCloseHandlers(baseOnClose, handler);
+        },
+        get onerror() {
+            return onerrorHandler;
+        },
+        set onerror(handler) {
+            onerrorHandler = handler;
+            transportImpl.onerror = handler;
+        },
+        get onmessage() {
+            return onmessageHandler;
+        },
+        set onmessage(handler) {
+            onmessageHandler = handler;
+            transportImpl.onmessage = handler;
+        },
+    };
+}
+export class JsonBodyError extends Error {
+    kind;
+    constructor(kind, message) {
+        super(message);
+        this.name = 'JsonBodyError';
+        this.kind = kind;
+    }
+}
+export function isJsonBodyError(error) {
+    return error instanceof JsonBodyError;
+}
+export const DEFAULT_BODY_LIMIT_BYTES = 1024 * 1024;
+function isRequestReadAborted(req) {
+    return req.destroyed && !req.complete;
+}
+class JsonBodyReader {
+    async read(req, limit = DEFAULT_BODY_LIMIT_BYTES, signal) {
+        const contentType = getHeaderValue(req, 'content-type');
+        if (!contentType?.includes('application/json'))
+            return undefined;
+        const contentLengthHeader = getHeaderValue(req, 'content-length');
+        if (contentLengthHeader) {
+            const contentLength = Number.parseInt(contentLengthHeader, 10);
+            if (Number.isFinite(contentLength) && contentLength > limit) {
+                const error = new JsonBodyError('payload-too-large', 'Payload too large');
+                throw error;
+            }
+        }
+        if (signal?.aborted || isRequestReadAborted(req)) {
+            const error = new JsonBodyError('read-failed', 'Request aborted');
+            throw error;
+        }
+        const body = await this.readBody(req, limit, signal);
+        if (!body)
+            return undefined;
+        try {
+            return JSON.parse(body);
+        }
+        catch (err) {
+            const error = new JsonBodyError('invalid-json', getErrorMessage(err));
+            throw error;
+        }
+    }
+    async readBody(req, limit, signal) {
+        const abortListener = signal != null
+            ? () => {
+                destroyRequestBestEffort(req);
+            }
+            : null;
+        if (signal != null && abortListener) {
+            if (signal.aborted) {
+                abortListener();
+            }
+            else {
+                signal.addEventListener('abort', abortListener, { once: true });
+            }
+        }
+        try {
+            const { chunks, size } = await this.collectChunks(req, limit, signal);
+            if (chunks.length === 0)
+                return undefined;
+            const combined = new Uint8Array(size);
+            let offset = 0;
+            for (const chunk of chunks) {
+                combined.set(chunk, offset);
+                offset += chunk.byteLength;
+            }
+            const text = new TextDecoder().decode(combined);
+            return text;
+        }
+        finally {
+            if (signal && abortListener) {
+                try {
+                    signal.removeEventListener('abort', abortListener);
+                }
+                catch {
+                    // Best-effort cleanup.
+                }
+            }
+        }
+    }
+    async collectChunks(req, limit, signal) {
+        let size = 0;
+        const chunks = [];
+        const sink = new Writable({
+            write: (chunk, _encoding, callback) => {
+                try {
+                    if (signal?.aborted || isRequestReadAborted(req)) {
+                        callback(new JsonBodyError('read-failed', 'Request aborted'));
+                        return;
+                    }
+                    const buf = this.normalizeChunk(chunk);
+                    size += buf.byteLength;
+                    if (size > limit) {
+                        callback(new JsonBodyError('payload-too-large', 'Payload too large'));
+                        return;
+                    }
+                    chunks.push(buf);
+                    callback();
+                }
+                catch (err) {
+                    callback(toError(err));
+                }
+            },
+        });
+        try {
+            if (signal?.aborted || isRequestReadAborted(req)) {
+                const error = new JsonBodyError('read-failed', 'Request aborted');
+                throw error;
+            }
+            await pipeline(req, sink, signal ? { signal } : undefined);
+            return { chunks, size };
+        }
+        catch (err) {
+            if (err instanceof JsonBodyError)
+                throw err;
+            if (signal?.aborted || isRequestReadAborted(req)) {
+                const error = new JsonBodyError('read-failed', 'Request aborted');
+                throw error;
+            }
+            const error = new JsonBodyError('read-failed', getErrorMessage(err));
+            throw error;
+        }
+    }
+    normalizeChunk(chunk) {
+        if (typeof chunk === 'string') {
+            const encoded = new TextEncoder().encode(chunk);
+            return encoded;
+        }
+        return chunk;
+    }
+}
+export const jsonBodyReader = new JsonBodyReader();
+function unregisterSessionTaskScope(server) {
+    const sessionId = resolveMcpSessionIdByServer(server);
+    if (!sessionId)
+        return null;
+    unregisterMcpSessionServer(sessionId);
+    return sessionId;
+}
+async function closeSessionResources(session, options) {
+    const closeTasks = [];
+    if (options.closeTransportReason) {
+        closeTasks.push(closeTransportBestEffort(session.transport, options.closeTransportReason));
+    }
+    if (options.closeServerReason) {
+        closeTasks.push(closeMcpServerBestEffort(session.server, options.closeServerReason));
+    }
+    if (options.awaitClose && closeTasks.length > 0) {
+        await Promise.all(closeTasks);
+    }
+}
+export async function teardownSessionResources(session, options) {
+    unregisterSessionTaskScope(session.server);
+    if (options.unregisterByServer) {
+        unregisterMcpSessionServerByServer(session.server);
+    }
+    await closeSessionResources(session, options);
+}
+export async function teardownUnregisteredSessionResources(session, context) {
+    await closeSessionResources(session, {
+        closeTransportReason: context,
+        closeServerReason: context,
+        awaitClose: true,
+    });
+}
+export function teardownSessionRegistration(server) {
+    unregisterSessionTaskScope(server);
+}
+// --- health.ts ---
+// ---------------------------------------------------------------------------
+// Event-loop monitoring
+// ---------------------------------------------------------------------------
+const EVENT_LOOP_DELAY_RESOLUTION_MS = 20;
+const eventLoopDelay = monitorEventLoopDelay({
+    resolution: EVENT_LOOP_DELAY_RESOLUTION_MS,
+});
+let lastEventLoopUtilization = performance.eventLoopUtilization();
+export function resetEventLoopMonitoring() {
+    lastEventLoopUtilization = performance.eventLoopUtilization();
+    eventLoopDelay.reset();
+    eventLoopDelay.enable();
+}
+export function disableEventLoopMonitoring() {
+    eventLoopDelay.disable();
+}
+// ---------------------------------------------------------------------------
+// Stats helpers
+// ---------------------------------------------------------------------------
+function roundTo(value, precision) {
+    const factor = 10 ** precision;
+    return Math.round(value * factor) / factor;
+}
+function formatEventLoopUtilization(snapshot) {
+    return {
+        utilization: roundTo(snapshot.utilization, 4),
+        activeMs: Math.round(snapshot.active),
+        idleMs: Math.round(snapshot.idle),
+    };
+}
+function toMs(valueNs) {
+    return roundTo(valueNs / 1_000_000, 3);
+}
+function getEventLoopStats() {
+    const current = performance.eventLoopUtilization();
+    const delta = performance.eventLoopUtilization(current, lastEventLoopUtilization);
+    lastEventLoopUtilization = current;
+    return {
+        utilization: {
+            total: formatEventLoopUtilization(current),
+            sinceLast: formatEventLoopUtilization(delta),
+        },
+        delay: {
+            minMs: toMs(eventLoopDelay.min),
+            maxMs: toMs(eventLoopDelay.max),
+            meanMs: toMs(eventLoopDelay.mean),
+            stddevMs: toMs(eventLoopDelay.stddev),
+            p50Ms: toMs(eventLoopDelay.percentile(50)),
+            p95Ms: toMs(eventLoopDelay.percentile(95)),
+            p99Ms: toMs(eventLoopDelay.percentile(99)),
+        },
+    };
+}
+function buildHealthResponse(store, includeDiagnostics) {
+    const base = {
+        status: 'ok',
+        version: serverVersion,
+        uptime: Math.floor(process.uptime()),
+        timestamp: new Date().toISOString(),
+    };
+    if (!includeDiagnostics)
+        return base;
+    const poolStats = getTransformPoolStats();
+    return {
+        ...base,
+        os: {
+            hostname: hostname(),
+            platform: process.platform,
+            arch: process.arch,
+            memoryFree: freemem(),
+            memoryTotal: totalmem(),
+        },
+        process: {
+            pid: process.pid,
+            ppid: process.ppid,
+            memory: process.memoryUsage(),
+            cpu: process.cpuUsage(),
+            resource: process.resourceUsage(),
+            ...(typeof process.availableMemory === 'function'
+                ? { availableMemory: process.availableMemory() }
+                : {}),
+            ...(typeof process.constrainedMemory === 'function'
+                ? { constrainedMemory: process.constrainedMemory() }
+                : {}),
+        },
+        perf: getEventLoopStats(),
+        ...(typeof process.getActiveResourcesInfo === 'function'
+            ? { activeResources: process.getActiveResourcesInfo() }
+            : {}),
+        stats: {
+            activeSessions: store.size(),
+            workerPool: poolStats ?? {
+                queueDepth: 0,
+                activeWorkers: 0,
+                capacity: 0,
+            },
+        },
+    };
+}
+function sendHealth(store, res, includeDiagnostics) {
+    res.setHeader('Cache-Control', 'no-store');
+    sendJson(res, 200, buildHealthResponse(store, includeDiagnostics));
+}
+// ---------------------------------------------------------------------------
+// Health route helpers
+// ---------------------------------------------------------------------------
+export function isVerboseHealthRequest(ctx) {
+    const value = ctx.url.searchParams.get('verbose');
+    if (!value)
+        return false;
+    const normalized = value.trim().toLowerCase();
+    return normalized === '1' || normalized === 'true';
+}
+function isHealthRoute(ctx) {
+    return ctx.method === 'GET' && ctx.url.pathname === '/health';
+}
+function isVerboseHealthRoute(ctx) {
+    return isHealthRoute(ctx) && isVerboseHealthRequest(ctx);
+}
+function ensureHealthAuthIfNeeded(ctx, authPresent) {
+    if (!isVerboseHealthRoute(ctx))
+        return true;
+    if (!config.security.allowRemote)
+        return true;
+    if (authPresent)
+        return true;
+    sendJson(ctx.res, 401, {
+        error: 'Authentication required for verbose health metrics',
+    });
+    return false;
+}
+function resolveHealthDiagnosticsMode(ctx, authPresent) {
+    return (isVerboseHealthRoute(ctx) && (authPresent || !config.security.allowRemote));
+}
+export function shouldHandleHealthRoute(ctx) {
+    return isHealthRoute(ctx);
+}
+export function sendHealthRouteResponse(store, ctx, authPresent) {
+    if (!shouldHandleHealthRoute(ctx))
+        return false;
+    if (!ensureHealthAuthIfNeeded(ctx, authPresent))
+        return true;
+    const includeDiagnostics = resolveHealthDiagnosticsMode(ctx, authPresent);
+    sendHealth(store, ctx.res, includeDiagnostics);
+    return true;
+}
 function resolveRequestedProtocolVersion(body) {
     if (!isObject(body))
         return DEFAULT_MCP_PROTOCOL_VERSION;
@@ -56,7 +600,7 @@ function logGatewayRejection(params) {
         ...rest,
         ...(rpcId === null || rpcId === undefined ? {} : { rpcId }),
         ...(details ?? {}),
-    }, LOG_HTTP);
+    }, Loggers.LOG_HTTP);
 }
 function resolveRequestPath(req) {
     return URL.parse(req.url ?? '', 'http://localhost')?.pathname ?? '/';
@@ -71,14 +615,14 @@ function logRequestCompletion(params) {
         ...(params.sessionId ? { sessionId: params.sessionId } : {}),
     };
     if (params.statusCode >= 500) {
-        logError('HTTP request failed with server error', meta, LOG_HTTP);
+        logError('HTTP request failed with server error', meta, Loggers.LOG_HTTP);
         return;
     }
     if (params.statusCode >= 400) {
-        logWarn('HTTP client error', meta, LOG_HTTP);
+        logWarn('HTTP client error', meta, Loggers.LOG_HTTP);
         return;
     }
-    logDebug('HTTP request completed', meta, LOG_HTTP);
+    logDebug('HTTP request completed', meta, Loggers.LOG_HTTP);
 }
 function createSessionTeardownOptions(mode, context) {
     switch (mode) {
@@ -137,7 +681,7 @@ class McpSessionGateway {
             method: method ?? 'response',
             rpcId: body.id,
             sessionId,
-        }, LOG_HTTP);
+        }, Loggers.LOG_HTTP);
         const transport = await this.getOrCreateTransport(ctx, requestId);
         if (!transport)
             return;
@@ -165,7 +709,7 @@ class McpSessionGateway {
             });
             return;
         }
-        logDebug('MCP GET received', { sessionId }, LOG_HTTP);
+        logDebug('MCP GET received', { sessionId }, Loggers.LOG_HTTP);
         this.store.touch(sessionId);
         await session.transport.handleRequest(ctx.req, ctx.res);
     }
@@ -177,7 +721,7 @@ class McpSessionGateway {
             return;
         const { sessionId, session } = sessionState;
         await session.transport.close();
-        logDebug('MCP DELETE received', { sessionId }, LOG_HTTP);
+        logDebug('MCP DELETE received', { sessionId }, Loggers.LOG_HTTP);
         this.cleanupSessionRecord(sessionId, createSessionTeardownOptions('ended', 'session-delete'));
         sendJson(ctx.res, 200, { status: 'closed' });
     }
@@ -196,31 +740,10 @@ class McpSessionGateway {
             return null;
         }
         const { body } = ctx;
-        if (isJsonRpcBatchRequest(body)) {
-            logGatewayRejection({
-                message: 'Rejected MCP POST request',
-                method: ctx.method,
-                path: ctx.url.pathname,
-                reason: 'batch_request_not_supported',
-                status: 400,
-                mcpCode: -32600,
-            });
-            sendError(ctx.res, -32600, "We don't support batch requests yet. Please send one request at a time.");
-            return null;
-        }
-        if (!isMcpMessageBody(body)) {
-            logGatewayRejection({
-                message: 'Rejected MCP POST request',
-                method: ctx.method,
-                path: ctx.url.pathname,
-                reason: 'invalid_request_body',
-                status: 400,
-                mcpCode: -32600,
-            });
-            sendError(ctx.res, -32600, "The request body isn't quite right. Please check the format and try again.");
-            return null;
+        if (isObject(body) && !Array.isArray(body)) {
+            return body;
         }
-        return body;
+        return { id: undefined, method: undefined };
     }
     resolvePostRequestState(ctx, body) {
         const requestId = body.id ?? null;
@@ -444,7 +967,7 @@ class McpSessionGateway {
         this.clearSessionInitTimeout(sessionId);
         if (sessionId)
             this.store.touch(sessionId);
-        logDebug('Session initialized', { sessionId }, LOG_SESSION);
+        logDebug('Session initialized', { sessionId }, Loggers.LOG_SESSION);
     }
     createSessionInitTimeout(sessionId, tracker, unpublishedSession) {
         const initTimeout = setTimeout(() => {
@@ -454,11 +977,11 @@ class McpSessionGateway {
                     this.clearSessionInitTimeout(sessionId);
                     return;
                 }
-                logWarn('Session init timeout', { sessionId }, LOG_SESSION);
+                logWarn('Session init timeout', { sessionId }, Loggers.LOG_SESSION);
                 this.cleanupSessionRecord(sessionId, createSessionTeardownOptions('init-timeout'));
                 return;
             }
-            logWarn('Session init timeout before registration completed', { sessionId }, LOG_SESSION);
+            logWarn('Session init timeout before registration completed', { sessionId }, Loggers.LOG_SESSION);
             tracker.releaseSlot();
             void teardownUnregisteredSessionResources(unpublishedSession, 'session-init-timeout');
         }, config.server.sessionInitTimeoutMs);
@@ -481,7 +1004,7 @@ class McpSessionGateway {
             logWarn('Session transport connect failed', {
                 sessionId,
                 error: toError(err).message,
-            }, LOG_SESSION);
+            }, Loggers.LOG_SESSION);
             clearTimeout(initTimeout);
             tracker.releaseSlot();
             void teardownUnregisteredSessionResources(unpublishedSession, 'session-connect-failed');
@@ -495,7 +1018,7 @@ class McpSessionGateway {
             logError('Session creation failed: missing auth context', {
                 path: ctx.url.pathname,
                 method: ctx.method,
-            }, LOG_SESSION);
+            }, Loggers.LOG_SESSION);
             sendError(ctx.res, -32603, "We're missing some authorization details to process this request.", 500, requestId);
             return null;
         }
@@ -504,7 +1027,7 @@ class McpSessionGateway {
             logError('Session creation failed: missing task owner context', {
                 path: ctx.url.pathname,
                 method: ctx.method,
-            }, LOG_SESSION);
+            }, Loggers.LOG_SESSION);
             sendError(ctx.res, -32603, "We're missing the owner information needed to authorize this request.", 500, requestId);
             return null;
         }
@@ -517,7 +1040,7 @@ class McpSessionGateway {
             sessionServer = await this.createSessionServer();
         }
         catch (error) {
-            logError('Session server creation failed', { sessionId: newSessionId, error: toError(error).message }, LOG_SESSION);
+            logError('Session server creation failed', { sessionId: newSessionId, error: toError(error).message }, Loggers.LOG_SESSION);
             tracker.releaseSlot();
             throw error;
         }
@@ -532,7 +1055,7 @@ class McpSessionGateway {
         const isConnected = await this.connectTransport(sessionServer, transportImpl, initTimeout, tracker, unpublishedSession, newSessionId);
         tracker.releaseSlot();
         if (!isConnected) {
-            logWarn('Session closed before registration completed', { sessionId: newSessionId }, LOG_SESSION);
+            logWarn('Session closed before registration completed', { sessionId: newSessionId }, Loggers.LOG_SESSION);
             void teardownUnregisteredSessionResources(unpublishedSession, 'session-closed-during-connect');
             return null;
         }
@@ -548,7 +1071,7 @@ class McpSessionGateway {
         this.sessionInitTimeouts.set(newSessionId, initTimeout);
         registerMcpSessionOwnerKey(newSessionId, ownerKey);
         registerMcpSessionServer(newSessionId, sessionServer);
-        logInfo('Session created', { sessionId: newSessionId, negotiatedProtocolVersion }, LOG_SESSION);
+        logInfo('Session created', { sessionId: newSessionId, negotiatedProtocolVersion }, Loggers.LOG_SESSION);
         transportImpl.onclose = composeCloseHandlers(transportImpl.onclose, () => {
             this.cleanupSessionRecord(newSessionId, createSessionTeardownOptions('ended', 'session-close'));
         });
@@ -558,7 +1081,7 @@ class McpSessionGateway {
         const context = teardownOptions.closeTransportReason ??
             teardownOptions.closeServerReason ??
             'session';
-        logDebug('Session cleanup', { sessionId, context }, LOG_SESSION);
+        logDebug('Session cleanup', { sessionId, context }, Loggers.LOG_SESSION);
         this.clearSessionInitTimeout(sessionId);
         const session = this.store.remove(sessionId);
         if (!session)
@@ -588,13 +1111,13 @@ class McpSessionGateway {
             },
         });
         if (!allowed) {
-            logWarn('Session capacity exhausted', { maxSessions: config.server.maxSessions }, LOG_SESSION);
+            logWarn('Session capacity exhausted', { maxSessions: config.server.maxSessions }, Loggers.LOG_SESSION);
             sendError(res, -32000, 'The server is currently too busy to handle your request. Please try again in a little while.', 503, requestId);
             return false;
         }
         // Double-check: capacity may have changed during the async eviction window above.
         if (!reserveSessionSlot(this.store, config.server.maxSessions)) {
-            logWarn('Session capacity exhausted (post-eviction)', { maxSessions: config.server.maxSessions }, LOG_SESSION);
+            logWarn('Session capacity exhausted (post-eviction)', { maxSessions: config.server.maxSessions }, Loggers.LOG_SESSION);
             sendError(res, -32000, 'The server is currently too busy to handle your request. Please try again in a little while.', 503, requestId);
             return false;
         }
@@ -662,7 +1185,7 @@ class HttpDispatcher {
         }
         catch (err) {
             const error = toError(err);
-            logError('Request failed', error, LOG_HTTP);
+            logError('Request failed', error, Loggers.LOG_HTTP);
             if (!ctx.res.writableEnded) {
                 sendJson(ctx.res, 500, {
                     error: "Something went wrong on our end. We're looking into it!",
@@ -691,7 +1214,7 @@ class HttpDispatcher {
         }
         catch (err) {
             const message = err instanceof Error ? err.message : 'Unauthorized';
-            logWarn('Authentication failed', { message, method: ctx.method, path: ctx.url.pathname }, LOG_AUTH);
+            logWarn('Authentication failed', { message, method: ctx.method, path: ctx.url.pathname }, Loggers.LOG_AUTH);
             if (isInsufficientScopeError(err)) {
                 applyInsufficientScopeAuthHeaders(ctx.req, ctx.res, err.requiredScopes, message);
                 sendError(ctx.res, -32000, message, 403);
@@ -839,10 +1362,10 @@ class HttpRequestPipeline {
         catch (error) {
             const bodyErrorKind = isJsonBodyError(error) ? error.kind : null;
             if (bodyErrorKind === 'payload-too-large') {
-                logWarn('The request body is too large. Please send a smaller payload.', { method: ctx.method, path: ctx.url.pathname }, LOG_HTTP);
+                logWarn('The request body is too large. Please send a smaller payload.', { method: ctx.method, path: ctx.url.pathname }, Loggers.LOG_HTTP);
             }
             else if (bodyErrorKind === 'read-failed' || bodyErrorKind === null) {
-                logError('Request body parsing failed', toError(error), LOG_HTTP);
+                logError('Request body parsing failed', toError(error), Loggers.LOG_HTTP);
             }
             sendBodyParseError(ctx, bodyErrorKind, rawReq);
             return false;
@@ -864,7 +1387,7 @@ class HttpRequestPipeline {
 // Server bootstrap
 // ---------------------------------------------------------------------------
 function handlePipelineError(error, res) {
-    logError('Request pipeline failed', toError(error), LOG_HTTP);
+    logError('Request pipeline failed', toError(error), Loggers.LOG_HTTP);
     if (res.writableEnded)
         return;
     if (!res.headersSent) {
@@ -912,7 +1435,7 @@ function resolveListeningPort(server, fallback) {
 function createShutdownHandler(options) {
     const closeBatchSize = 10;
     return async (signal) => {
-        logInfo(`Stopping HTTP server (${signal})...`, undefined, LOG_HTTP);
+        logInfo(`Stopping HTTP server (${signal})...`, undefined, Loggers.LOG_HTTP);
         options.rateLimiter.stop();
         options.sessionCleanup.abort();
         drainConnectionsOnShutdown(options.server);
@@ -925,7 +1448,7 @@ function createShutdownHandler(options) {
             }));
             for (const r of results) {
                 if (r.status === 'rejected') {
-                    logError('Session teardown failed during shutdown', r.reason instanceof Error ? r.reason : undefined, LOG_HTTP);
+                    logError('Session teardown failed during shutdown', r.reason instanceof Error ? r.reason : undefined, Loggers.LOG_HTTP);
                 }
             }
         }
@@ -961,7 +1484,7 @@ export async function startHttpServer() {
         arch: process.arch,
         hostname: hostname(),
         nodeVersion: process.version,
-    }, LOG_HTTP);
+    }, Loggers.LOG_HTTP);
     return {
         port,
         host: config.server.host,