@j0hanz/fetch-url-mcp 1.6.0 → 1.7.0

package/dist/lib/mcp-tools.js

@@ -2,17 +2,46 @@ import {} from '@modelcontextprotocol/sdk/types.js';
 import { z } from 'zod';
 import { FetchError, isAbortError, isSystemError } from './utils.js';
 const paramsSchema = z.looseObject({});
-const mcpRequestSchema = z.strictObject({
+const jsonRpcRequestIdSchema = z.union([z.string(), z.number()]);
+const jsonRpcRequestSchema = z.strictObject({
     jsonrpc: z.literal('2.0'),
     method: z.string().min(1),
-    id: z.union([z.string(), z.number(), z.null()]).optional(),
+    id: jsonRpcRequestIdSchema.optional(),
     params: paramsSchema.optional(),
 });
+const jsonRpcResultResponseSchema = z.strictObject({
+    jsonrpc: z.literal('2.0'),
+    id: z.union([z.string(), z.number()]),
+    result: z.record(z.string(), z.unknown()),
+});
+const jsonRpcErrorResponseSchema = z.strictObject({
+    jsonrpc: z.literal('2.0'),
+    id: z.union([z.string(), z.number(), z.null()]).optional(),
+    error: z.strictObject({
+        code: z.number().int(),
+        message: z.string(),
+        data: z.unknown().optional(),
+    }),
+});
+const jsonRpcResponseSchema = z.union([
+    jsonRpcResultResponseSchema,
+    jsonRpcErrorResponseSchema,
+]);
+const jsonRpcMessageSchema = z.union([
+    jsonRpcRequestSchema,
+    jsonRpcResponseSchema,
+]);
 export function isJsonRpcBatchRequest(body) {
     return Array.isArray(body);
 }
 export function isMcpRequestBody(body) {
-    return mcpRequestSchema.safeParse(body).success;
+    return jsonRpcRequestSchema.safeParse(body).success;
+}
+export function isJsonRpcResponseBody(body) {
+    return jsonRpcResponseSchema.safeParse(body).success;
+}
+export function isMcpMessageBody(body) {
+    return jsonRpcMessageSchema.safeParse(body).success;
 }
 function parseAcceptMediaTypes(header) {
     if (!header)
@@ -76,8 +105,10 @@ function resolveToolErrorMessage(error, fallbackMessage) {
     return `${fallbackMessage}: Unknown error`;
 }
 function resolveToolErrorCode(error) {
-    if (error instanceof FetchError)
-        return error.code;
+    if (error instanceof FetchError) {
+        const detailsCode = error.details['code'];
+        return typeof detailsCode === 'string' ? detailsCode : error.code;
+    }
     if (isValidationError(error))
         return 'VALIDATION_ERROR';
     if (isAbortError(error))
@@ -103,5 +134,5 @@ export function handleToolError(error, url, fallbackMessage = 'Operation failed'
  * without changes. Direct imports from the sub-modules are preferred for new code.
  * ------------------------------------------------------------------------------------------------- */
 export { registerServerLifecycleCleanup, registerTaskHandlers, cancelTasksForOwner, abortAllTaskExecutions, } from './task-handlers.js';
-export { readString, readNestedRecord, withSignal, TRUNCATION_MARKER, appendTruncationMarker, executeFetchPipeline, parseCachedMarkdownResult, markdownTransform, serializeMarkdownResult, performSharedFetch, } from './fetch-pipeline.js';
+export { readNestedRecord, withSignal, TRUNCATION_MARKER, appendTruncationMarker, executeFetchPipeline, parseCachedMarkdownResult, markdownTransform, serializeMarkdownResult, performSharedFetch, } from './fetch-pipeline.js';
 export { createProgressReporter, } from './progress.js';

package/dist/lib/net-utils.d.ts

@@ -1,3 +1,4 @@
 export declare function buildIpv4(parts: readonly [number, number, number, number]): string;
 export declare function stripTrailingDots(value: string): string;
 export declare function normalizeHostname(value: string): string | null;
+//# sourceMappingURL=net-utils.d.ts.map

package/dist/lib/net-utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"net-utils.d.ts","sourceRoot":"","sources":["../../src/lib/net-utils.ts"],"names":[],"mappings":"AAGA,wBAAgB,SAAS,CACvB,KAAK,EAAE,SAAS,CAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,GAC/C,MAAM,CAER;AAED,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAIvD;AAED,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAS9D"}

package/dist/lib/progress.d.ts

@@ -28,3 +28,4 @@ export interface ProgressReporter {
 }
 export declare function createProgressReporter(extra?: ToolHandlerExtra): ProgressReporter;
 export {};
+//# sourceMappingURL=progress.d.ts.map

package/dist/lib/progress.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"progress.d.ts","sourceRoot":"","sources":["../../src/lib/progress.ts"],"names":[],"mappings":"AAOA,KAAK,aAAa,GAAG,MAAM,GAAG,MAAM,CAAC;AACrC,UAAU,WAAW;IACnB,aAAa,CAAC,EAAE,aAAa,GAAG,SAAS,CAAC;IAC1C,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC;CACxB;AACD,MAAM,WAAW,0BAA0B;IACzC,aAAa,EAAE,aAAa,CAAC;IAC7B,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CACjC;AACD,MAAM,WAAW,oBAAoB;IACnC,MAAM,EAAE,wBAAwB,CAAC;IACjC,MAAM,EAAE,0BAA0B,CAAC;CACpC;AACD,MAAM,WAAW,gBAAgB;IAC/B,MAAM,CAAC,EAAE,WAAW,CAAC;IACrB,SAAS,CAAC,EAAE,MAAM,GAAG,MAAM,CAAC;IAC5B,SAAS,CAAC,EAAE,OAAO,CAAC;IACpB,WAAW,CAAC,EAAE,OAAO,CAAC;IACtB,KAAK,CAAC,EAAE,WAAW,CAAC;IACpB,gBAAgB,CAAC,EAAE,CAAC,YAAY,EAAE,oBAAoB,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACzE,UAAU,CAAC,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,KAAK,IAAI,CAAC;CAC1D;AACD,MAAM,WAAW,gBAAgB;IAC/B,MAAM,EAAE,CAAC,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,KAAK,IAAI,CAAC;CACrD;AA0ID,wBAAgB,sBAAsB,CACpC,KAAK,CAAC,EAAE,gBAAgB,GACvB,gBAAgB,CAElB"}

package/dist/lib/task-handlers.d.ts

@@ -2,4 +2,12 @@ import { type McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
 type CleanupCallback = () => void;
 export declare function registerServerLifecycleCleanup(server: McpServer, callback: CleanupCallback): void;
 export { cancelTasksForOwner, abortAllTaskExecutions, } from '../tasks/execution.js';
-export declare function registerTaskHandlers(server: McpServer): void;
+interface TaskHandlerRegistrationOptions {
+    requireInterception?: boolean;
+}
+interface TaskHandlerRegistrationResult {
+    interceptedToolsCall: boolean;
+    taskCapableToolsRegistered: boolean;
+}
+export declare function registerTaskHandlers(server: McpServer, options?: TaskHandlerRegistrationOptions): TaskHandlerRegistrationResult;
+//# sourceMappingURL=task-handlers.d.ts.map

package/dist/lib/task-handlers.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"task-handlers.d.ts","sourceRoot":"","sources":["../../src/lib/task-handlers.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,KAAK,SAAS,EAAE,MAAM,yCAAyC,CAAC;AA0CzE,KAAK,eAAe,GAAG,MAAM,IAAI,CAAC;AAyClC,wBAAgB,8BAA8B,CAC5C,MAAM,EAAE,SAAS,EACjB,QAAQ,EAAE,eAAe,GACxB,IAAI,CAGN;AAED,OAAO,EACL,mBAAmB,EACnB,sBAAsB,GACvB,MAAM,uBAAuB,CAAC;AA+E/B,UAAU,8BAA8B;IACtC,mBAAmB,CAAC,EAAE,OAAO,CAAC;CAC/B;AAED,UAAU,6BAA6B;IACrC,oBAAoB,EAAE,OAAO,CAAC;IAC9B,0BAA0B,EAAE,OAAO,CAAC;CACrC;AAUD,wBAAgB,oBAAoB,CAClC,MAAM,EAAE,SAAS,EACjB,OAAO,CAAC,EAAE,8BAA8B,GACvC,6BAA6B,CAiK/B"}

package/dist/lib/task-handlers.js

@@ -5,8 +5,9 @@ import { z } from 'zod';
 import { abortTaskExecution, emitTaskStatusNotification, handleToolCallRequest, throwTaskNotFound, toTaskSummary, withRelatedTaskMeta, } from '../tasks/execution.js';
 import { taskManager } from '../tasks/manager.js';
 import { isServerResult, parseHandlerExtra, resolveTaskOwnerKey, resolveToolCallContext, } from '../tasks/owner.js';
-import { hasTaskCapableTool } from '../tasks/tool-registry.js';
+import { hasRegisteredTaskCapableTools, hasTaskCapableTool, } from '../tasks/tool-registry.js';
 import { logWarn, runWithRequestContext } from './core.js';
+import { formatZodError } from './zod.js';
 const patchedCleanupServers = new WeakSet();
 const serverCleanupCallbacks = new WeakMap();
 function getServerCleanupCallbackSet(server) {
@@ -55,42 +56,31 @@ export { cancelTasksForOwner, abortAllTaskExecutions, } from '../tasks/execution
 /* -------------------------------------------------------------------------------------------------
  * Task handler schemas and registration
  * ------------------------------------------------------------------------------------------------- */
-const TaskGetSchema = z
-    .object({
+const TaskGetSchema = z.looseObject({
     method: z.literal('tasks/get'),
-    params: z.object({ taskId: z.string() }).loose(),
-})
-    .loose();
-const TaskListSchema = z
-    .object({
+    params: z.looseObject({ taskId: z.string() }),
+});
+const TaskListSchema = z.looseObject({
     method: z.literal('tasks/list'),
     params: z
-        .object({
+        .looseObject({
         cursor: z.string().optional(),
     })
-        .loose()
         .optional(),
-})
-    .loose();
-const TaskCancelSchema = z
-    .object({
+});
+const TaskCancelSchema = z.looseObject({
     method: z.literal('tasks/cancel'),
-    params: z.object({ taskId: z.string() }).loose(),
-})
-    .loose();
-const TaskResultSchema = z
-    .object({
+    params: z.looseObject({ taskId: z.string() }),
+});
+const TaskResultSchema = z.looseObject({
     method: z.literal('tasks/result'),
-    params: z.object({ taskId: z.string() }).loose(),
-})
-    .loose();
+    params: z.looseObject({ taskId: z.string() }),
+});
 const MIN_TASK_TTL_MS = 1_000;
 const MAX_TASK_TTL_MS = 86_400_000;
-const ExtendedCallToolRequestSchema = z
-    .object({
+const ExtendedCallToolRequestSchema = z.looseObject({
     method: z.literal('tools/call'),
-    params: z
-        .object({
+    params: z.looseObject({
         name: z.string().min(1),
         arguments: z.record(z.string(), z.unknown()).optional(),
         task: z
@@ -104,7 +94,7 @@ const ExtendedCallToolRequestSchema = z
         })
             .optional(),
         _meta: z
-            .object({
+            .looseObject({
             progressToken: z.union([z.string(), z.number()]).optional(),
             'io.modelcontextprotocol/related-task': z
                 .strictObject({
@@ -112,21 +102,14 @@ const ExtendedCallToolRequestSchema = z
             })
                 .optional(),
         })
-            .loose()
             .optional(),
-    })
-        .loose(),
-})
-    .loose();
+    }),
+});
 function parseExtendedCallToolRequest(request) {
     const parsed = ExtendedCallToolRequestSchema.safeParse(request);
     if (parsed.success)
         return parsed.data;
-    const flat = z.flattenError(parsed.error);
-    const details = Object.entries(flat.fieldErrors)
-        .map(([k, v]) => `${k}: ${(v ?? []).join(', ')}`)
-        .join('; ') || flat.formErrors.join('; ');
-    throw new McpError(ErrorCode.InvalidParams, `Invalid tool request params: ${details}`);
+    throw new McpError(ErrorCode.InvalidParams, `Invalid tool request params: ${formatZodError(parsed.error)}`);
 }
 function resolveOwnerScopedExtra(extra) {
     const parsedExtra = parseHandlerExtra(extra);
@@ -143,9 +126,14 @@ function getSdkCallToolHandler(server) {
     const handler = maybeHandlers.get('tools/call');
     return typeof handler === 'function' ? handler : null;
 }
-export function registerTaskHandlers(server) {
+export function registerTaskHandlers(server, options) {
     const sdkCallToolHandler = getSdkCallToolHandler(server);
+    const taskCapableToolsRegistered = hasRegisteredTaskCapableTools();
+    const requireInterception = options?.requireInterception ?? true;
     if (!sdkCallToolHandler) {
+        if (taskCapableToolsRegistered && requireInterception) {
+            throw new Error('Task-capable tools are registered but SDK tools/call interception is unavailable. Upgrade compatibility or disable strict interception with TASKS_REQUIRE_INTERCEPTION=false.');
+        }
         logWarn('Task call interception disabled: SDK tools/call handler unavailable; task-capable tools require MCP SDK compatibility update', { sdkVersion: 'unknown' });
     }
     if (sdkCallToolHandler) {
@@ -239,4 +227,8 @@ export function registerTaskHandlers(server) {
         emitTaskStatusNotification(server, task);
         return toTaskSummary(task);
     });
+    return {
+        interceptedToolsCall: sdkCallToolHandler !== null,
+        taskCapableToolsRegistered,
+    };
 }

package/dist/lib/types.d.ts

@@ -2,3 +2,7 @@ export interface IconInfo {
     src: string;
     mimeType: string;
 }
+export declare function buildOptionalIcons(iconInfo?: IconInfo): {
+    icons: IconInfo[];
+} | Record<string, never>;
+//# sourceMappingURL=types.d.ts.map

package/dist/lib/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/lib/types.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,QAAQ;IACvB,GAAG,EAAE,MAAM,CAAC;IACZ,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,wBAAgB,kBAAkB,CAChC,QAAQ,CAAC,EAAE,QAAQ,GAClB;IAAE,KAAK,EAAE,QAAQ,EAAE,CAAA;CAAE,GAAG,MAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAU/C"}

package/dist/lib/types.js

@@ -1 +1,12 @@
-export {};
+export function buildOptionalIcons(iconInfo) {
+    if (!iconInfo)
+        return {};
+    return {
+        icons: [
+            {
+                src: iconInfo.src,
+                mimeType: iconInfo.mimeType,
+            },
+        ],
+    };
+}

package/dist/lib/url.d.ts

@@ -4,6 +4,7 @@ export declare class SafeDnsResolver {
     private readonly ipBlocker;
     private readonly security;
     private readonly blockedHostSuffixes;
+    private readonly cnameResolver;
     constructor(ipBlocker: IpBlocker, security: SecurityConfig, blockedHostSuffixes: readonly string[]);
     resolveAndValidate(hostname: string, signal?: AbortSignal): Promise<string>;
     private isBlockedHostname;
@@ -50,6 +51,7 @@ export declare class IpBlocker {
     private readonly blockList;
     constructor(security: SecurityConfig);
     isBlockedIp(candidate: string): boolean;
+    isHostBlocked(hostname: string, blockedHostSuffixes: readonly string[]): boolean;
 }
 type ConstantsConfig = typeof config.constants;
 export declare class UrlNormalizer {
@@ -68,3 +70,4 @@ export declare class UrlNormalizer {
     private assertHostnameAllowed;
 }
 export {};
+//# sourceMappingURL=url.d.ts.map

package/dist/lib/url.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"url.d.ts","sourceRoot":"","sources":["../../src/lib/url.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAuB,MAAM,UAAU,CAAC;AAE1D,OAAO,EAAE,MAAM,EAAY,MAAM,WAAW,CAAC;AAwD7C,qBAAa,eAAe;IAMxB,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,QAAQ;IACzB,OAAO,CAAC,QAAQ,CAAC,mBAAmB;IAPtC,OAAO,CAAC,QAAQ,CAAC,aAAa,CAE3B;gBAGgB,SAAS,EAAE,SAAS,EACpB,QAAQ,EAAE,cAAc,EACxB,mBAAmB,EAAE,SAAS,MAAM,EAAE;IAGnD,kBAAkB,CACtB,QAAQ,EAAE,MAAM,EAChB,MAAM,CAAC,EAAE,WAAW,GACnB,OAAO,CAAC,MAAM,CAAC;IAyFlB,OAAO,CAAC,iBAAiB;YAIX,oBAAoB;YA2BpB,YAAY;CAiC3B;AACD,KAAK,iBAAiB,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,WAAW,KAAK,OAAO,CAAC,MAAM,CAAC,CAAC;AAMhF,wBAAgB,kBAAkB,CAChC,WAAW,EAAE,eAAe,GAC3B,iBAAiB,CAKnB;AACD,wBAAgB,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI,CAc1D;AAWD,KAAK,QAAQ,GAAG,MAAM,GAAG,MAAM,CAAC;AAyChC,wBAAgB,sBAAsB,IAAI,SAAS,CAMlD;AACD,wBAAgB,uBAAuB,CACrC,KAAK,EAAE,MAAM,GACZ;IAAE,EAAE,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,QAAQ,CAAA;CAAE,GAAG,IAAI,CAwBzC;AACD,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,GAAG,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAC;IAC9B,QAAQ,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;CAC5B;AAuDD,qBAAa,iBAAiB;IAChB,OAAO,CAAC,QAAQ,CAAC,MAAM;gBAAN,MAAM,EAAE,MAAM;IAE3C,iBAAiB,CAAC,GAAG,EAAE,MAAM,GAAG,eAAe;IA4B/C,mBAAmB,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO;IAmB/C,OAAO,CAAC,QAAQ;IAUhB,OAAO,CAAC,WAAW;IAYnB,OAAO,CAAC,mBAAmB;IA0B3B,OAAO,CAAC,mBAAmB;IAmB3B,OAAO,CAAC,mBAAmB;IAwC3B,OAAO,CAAC,eAAe;IAuBvB,OAAO,CAAC,kBAAkB;CAmB3B;AACD,MAAM,WAAW,MAAM;IACrB,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IAC7D,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;IAC5D,KAAK,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,IAAI,CAAC;CAC9D;AACD,eAAO,MAAM,qBAAqB,qBAAqB,CAAC;AAIxD,eAAO,MAAM,qBAAqB,EAAE,SAAS,MAAM,EAA4B,CAAC;AAgBhF,KAAK,cAAc,GAAG,OAAO,MAAM,CAAC,QAAQ,CAAC;AAC7C,qBAAa,SAAS;IAGR,OAAO,CAAC,QAAQ,CAAC,QAAQ;IAFrC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAA4B;gBAEzB,QAAQ,EAAE,cAAc;IAErD,WAAW,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO;IAavC,aAAa,CACX,QAAQ,EAAE,MAAM,EAChB,mBAAmB,EAAE,SAAS,MAAM,EAAE,GACrC,OAAO;CAMX;AACD,KAAK,eAAe,GAAG,OAAO,MAAM,CAAC,SAAS,CAAC;AAC/C,qBAAa,aAAa;IAEtB,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,QAAQ;IACzB,OAAO,CAAC,QAAQ,CAAC,SAAS;IAC1B,OAAO,CAAC,QAAQ,CAAC,mBAAmB;gBAHnB,SAAS,EAAE,eAAe,EAC1B,QAAQ,EAAE,cAAc,EACxB,SAAS,EAAE,SAAS,EACpB,mBAAmB,EAAE,SAAS,MAAM,EAAE;IAGzD,SAAS,CAAC,SAAS,EAAE,MAAM,GAAG;QAAE,aAAa,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAA;KAAE;IA6BzE,oBAAoB,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM;IAI/C,OAAO,CAAC,iBAAiB;IAUzB,OAAO,CAAC,iBAAiB;IAUzB,OAAO,CAAC,qBAAqB;CAyB9B"}

package/dist/lib/url.js

@@ -9,29 +9,6 @@ function normalizeDnsName(value) {
     const normalized = value.trim().toLowerCase().replace(/\.+$/, '');
     return normalized;
 }
-function createSignalAbortRace(signal, isAbort, onTimeout, onAbort) {
-    let abortListener = null;
-    const abortPromise = new Promise((_, reject) => {
-        abortListener = () => {
-            reject(isAbort() ? onAbort() : onTimeout());
-        };
-        signal.addEventListener('abort', abortListener, { once: true });
-        if (signal.aborted)
-            abortListener();
-    });
-    const cleanup = () => {
-        if (!abortListener)
-            return;
-        try {
-            signal.removeEventListener('abort', abortListener);
-        }
-        catch {
-            // Ignore listener cleanup failures; they are non-fatal by design.
-        }
-        abortListener = null;
-    };
-    return { abortPromise, cleanup };
-}
 async function withTimeout(promise, timeoutMs, onTimeout, signal, onAbort) {
     const timeoutSignal = timeoutMs > 0 ? AbortSignal.timeout(timeoutMs) : undefined;
     const raceSignal = signal && timeoutSignal
@@ -39,13 +16,25 @@ async function withTimeout(promise, timeoutMs, onTimeout, signal, onAbort) {
         : (signal ?? timeoutSignal);
     if (!raceSignal)
         return promise;
-    const abortRace = createSignalAbortRace(raceSignal, () => signal?.aborted === true, onTimeout, onAbort ?? (() => new Error('Request was canceled')));
-    try {
-        return await Promise.race([promise, abortRace.abortPromise]);
-    }
-    finally {
-        abortRace.cleanup();
-    }
+    return new Promise((resolve, reject) => {
+        const onAborted = () => {
+            reject(signal?.aborted
+                ? (onAbort?.() ?? new Error('Request was canceled'))
+                : onTimeout());
+        };
+        if (raceSignal.aborted) {
+            onAborted();
+            return;
+        }
+        raceSignal.addEventListener('abort', onAborted, { once: true });
+        promise.then((value) => {
+            raceSignal.removeEventListener('abort', onAborted);
+            resolve(value);
+        }, (err) => {
+            raceSignal.removeEventListener('abort', onAborted);
+            reject(err instanceof Error ? err : new Error(String(err)));
+        });
+    });
 }
 function createAbortSignalError() {
     const err = new Error('Request was canceled');
@@ -56,6 +45,9 @@ export class SafeDnsResolver {
     ipBlocker;
     security;
     blockedHostSuffixes;
+    cnameResolver = new dns.promises.Resolver({
+        timeout: DNS_LOOKUP_TIMEOUT_MS,
+    });
     constructor(ipBlocker, security, blockedHostSuffixes) {
         this.ipBlocker = ipBlocker;
         this.security = security;
@@ -105,13 +97,7 @@ export class SafeDnsResolver {
         return addresses[0].address;
     }
     isBlockedHostname(hostname) {
-        if (isCloudMetadataHost(hostname))
-            return true;
-        if (isLocalFetchAllowed())
-            return false;
-        if (this.security.blockedHosts.has(hostname))
-            return true;
-        return this.blockedHostSuffixes.some((suffix) => hostname.endsWith(suffix));
+        return this.ipBlocker.isHostBlocked(hostname, this.blockedHostSuffixes);
     }
     async assertNoBlockedCname(hostname, signal) {
         let current = hostname;
@@ -133,8 +119,9 @@ export class SafeDnsResolver {
     }
     async resolveCname(hostname, signal) {
         try {
-            const resultPromise = dns.promises.resolveCname(hostname);
-            const cnames = await withTimeout(resultPromise, DNS_LOOKUP_TIMEOUT_MS, () => createErrorWithCode(`DNS CNAME lookup timed out for ${hostname}`, 'ETIMEOUT'), signal, createAbortSignalError);
+            if (signal?.aborted)
+                throw createAbortSignalError();
+            const cnames = await this.cnameResolver.resolveCname(hostname);
             return cnames
                 .map((value) => normalizeDnsName(value))
                 .filter((value) => value.length > 0);
@@ -146,7 +133,8 @@ export class SafeDnsResolver {
             if (isSystemError(error) &&
                 (error.code === 'ENODATA' ||
                     error.code === 'ENOTFOUND' ||
-                    error.code === 'ENODOMAIN')) {
+                    error.code === 'ENODOMAIN' ||
+                    error.code === 'ETIMEOUT')) {
                 return [];
             }
             logDebug('DNS CNAME lookup failed; continuing with address lookup', {
@@ -158,12 +146,10 @@ export class SafeDnsResolver {
     }
 }
 function extractHostname(url) {
-    try {
-        return new URL(url).hostname;
-    }
-    catch {
+    const parsed = URL.parse(url);
+    if (!parsed)
         throw createErrorWithCode('Invalid URL', 'EINVAL');
-    }
+    return parsed.hostname;
 }
 export function createDnsPreflight(dnsResolver) {
     return async (url, signal) => {
@@ -178,19 +164,13 @@ export function normalizeHost(value) {
     const first = takeFirstHostValue(trimmedLower);
     if (!first)
         return null;
-    for (const resolveCandidate of [
-        () => normalizeSocketAddress(first),
-        () => parseHostWithUrl(first),
-        () => normalizeBracketedIpv6(first),
-    ]) {
-        const candidate = resolveCandidate();
-        if (candidate !== null)
-            return candidate;
-    }
-    if (isIpV6Literal(first)) {
-        return normalizeHostname(first);
-    }
-    return normalizeHostname(stripPortIfPresent(first));
+    const socketAddr = SocketAddress.parse(first);
+    if (socketAddr)
+        return normalizeHostname(socketAddr.address);
+    const parsed = URL.parse(`http://${first}`);
+    if (parsed)
+        return normalizeHostname(parsed.hostname);
+    return normalizeHostname(first);
 }
 function takeFirstHostValue(value) {
     // Faster than split(',') for large forwarded headers; preserves behavior.
@@ -198,47 +178,6 @@ function takeFirstHostValue(value) {
     const first = commaIndex === -1 ? value : value.slice(0, commaIndex);
     return first ? trimToNull(first) : null;
 }
-function stripIpv6Brackets(value) {
-    if (!value.startsWith('['))
-        return null;
-    const end = value.indexOf(']');
-    if (end === -1)
-        return null;
-    return value.slice(1, end);
-}
-function stripPortIfPresent(value) {
-    const colonIndex = value.indexOf(':');
-    if (colonIndex === -1)
-        return value;
-    return value.slice(0, colonIndex);
-}
-function isIpV6Literal(value) {
-    return isIP(value) === 6;
-}
-function normalizeSocketAddress(value) {
-    const socketAddress = SocketAddress.parse(value);
-    if (!socketAddress)
-        return null;
-    return normalizeHostname(socketAddress.address);
-}
-function normalizeBracketedIpv6(value) {
-    const ipv6 = stripIpv6Brackets(value);
-    if (!ipv6)
-        return null;
-    return normalizeHostname(ipv6);
-}
-function parseHostWithUrl(value) {
-    const candidateUrl = `http://${value}`;
-    if (!URL.canParse(candidateUrl))
-        return null;
-    try {
-        const parsed = new URL(candidateUrl);
-        return normalizeHostname(parsed.hostname);
-    }
-    catch {
-        return null;
-    }
-}
 function trimToNull(value) {
     const trimmed = value.trim();
     return trimmed ? trimmed : null;
@@ -284,23 +223,13 @@ export function createDefaultBlockList() {
     }
     return list;
 }
-function extractMappedIpv4(ip) {
-    if (!ip.startsWith(IPV6_MAPPED_PREFIX))
-        return null;
-    const mapped = ip.slice(IPV6_MAPPED_PREFIX.length);
-    return isIP(mapped) === 4 ? mapped : null;
-}
-function stripIpv6ZoneId(ip) {
-    const zoneIndex = ip.indexOf('%');
-    if (zoneIndex <= 0)
-        return ip;
-    return ip.slice(0, zoneIndex);
-}
 export function normalizeIpForBlockList(input) {
     const lowered = input.trim().toLowerCase();
     if (!lowered)
         return null;
-    const normalizedInput = stripIpv6ZoneId(lowered);
+    // Strip IPv6 zone ID (e.g. %eth0)
+    const zoneIndex = lowered.indexOf('%');
+    const normalizedInput = zoneIndex > 0 ? lowered.slice(0, zoneIndex) : lowered;
     if (!normalizedInput)
         return null;
     const ipType = isIP(normalizedInput);
@@ -308,10 +237,13 @@ export function normalizeIpForBlockList(input) {
         case 4:
             return { ip: normalizedInput, family: 'ipv4' };
         case 6: {
-            const mapped = extractMappedIpv4(normalizedInput);
-            return mapped
-                ? { ip: mapped, family: 'ipv4' }
-                : { ip: normalizedInput, family: 'ipv6' };
+            // Extract mapped IPv4 from ::ffff: prefix
+            if (normalizedInput.startsWith(IPV6_MAPPED_PREFIX)) {
+                const mapped = normalizedInput.slice(IPV6_MAPPED_PREFIX.length);
+                if (isIP(mapped) === 4)
+                    return { ip: mapped, family: 'ipv4' };
+            }
+            return { ip: normalizedInput, family: 'ipv6' };
         }
         default:
             return null;
@@ -385,12 +317,13 @@ export class RawUrlTransformer {
         let base;
         let hash;
         let parsed;
-        try {
-            parsed = new URL(url);
+        const maybeParsed = URL.parse(url);
+        if (maybeParsed) {
+            parsed = maybeParsed;
             base = parsed.origin + parsed.pathname;
             ({ hash } = parsed);
         }
-        catch {
+        else {
             ({ base, hash } = this.splitParams(url));
         }
         const match = this.tryTransformWithUrl(base, hash, parsed);
@@ -408,22 +341,20 @@ export class RawUrlTransformer {
             return false;
         if (this.isRawUrl(urlString))
             return true;
-        try {
-            const url = new URL(urlString);
-            const pathname = url.pathname.toLowerCase();
+        const parsed = URL.parse(urlString);
+        if (parsed) {
+            const pathname = parsed.pathname.toLowerCase();
             const lastDot = pathname.lastIndexOf('.');
             if (lastDot === -1)
                 return false;
             return RAW_TEXT_EXTENSIONS.has(pathname.slice(lastDot));
         }
-        catch {
-            const { base } = this.splitParams(urlString);
-            const lowerBase = base.toLowerCase();
-            const lastDot = lowerBase.lastIndexOf('.');
-            if (lastDot === -1)
-                return false;
-            return RAW_TEXT_EXTENSIONS.has(lowerBase.slice(lastDot));
-        }
+        const { base } = this.splitParams(urlString);
+        const lowerBase = base.toLowerCase();
+        const lastDot = lowerBase.lastIndexOf('.');
+        if (lastDot === -1)
+            return false;
+        return RAW_TEXT_EXTENSIONS.has(lowerBase.slice(lastDot));
     }
     isRawUrl(url) {
         const lower = url.toLowerCase();
@@ -440,15 +371,7 @@ export class RawUrlTransformer {
         return { base: urlString.slice(0, endIndex), hash };
     }
     tryTransformWithUrl(base, hash, preParsed) {
-        let parsed = preParsed ?? null;
-        if (!parsed) {
-            try {
-                parsed = new URL(base);
-            }
-            catch {
-                // Ignore invalid URLs
-            }
-        }
+        const parsed = preParsed ?? URL.parse(base);
         if (!parsed)
             return null;
         if (parsed.protocol !== 'http:' && parsed.protocol !== 'https:')
@@ -594,6 +517,15 @@ export class IpBlocker {
             ? this.blockList.check(normalizedIp.ip, normalizedIp.family)
             : false;
     }
+    isHostBlocked(hostname, blockedHostSuffixes) {
+        if (isCloudMetadataHost(hostname))
+            return true;
+        if (isLocalFetchAllowed())
+            return false;
+        if (this.security.blockedHosts.has(hostname))
+            return true;
+        return blockedHostSuffixes.some((suffix) => hostname.endsWith(suffix));
+    }
 }
 export class UrlNormalizer {
     constants;
@@ -611,11 +543,8 @@ export class UrlNormalizer {
         if (trimmedUrl.length > this.constants.maxUrlLength) {
             throw createValidationError(`URL exceeds maximum length of ${this.constants.maxUrlLength} characters`);
         }
-        let url;
-        try {
-            url = new URL(trimmedUrl);
-        }
-        catch {
+        const url = URL.parse(trimmedUrl);
+        if (!url) {
             throw createValidationError('Invalid URL format');
         }
         if (url.protocol !== 'http:' && url.protocol !== 'https:') {
@@ -652,13 +581,11 @@ export class UrlNormalizer {
         if (isCloudMetadataHost(hostname)) {
             throw createValidationError(`Blocked host: ${hostname}. Cloud metadata endpoints are not allowed`);
         }
-        if (!isLocalFetchAllowed()) {
-            if (this.security.blockedHosts.has(hostname)) {
-                throw createValidationError(`Blocked host: ${hostname}. Internal hosts are not allowed`);
-            }
-            if (this.ipBlocker.isBlockedIp(hostname)) {
-                throw createValidationError(`Blocked IP range: ${hostname}. Private IPs are not allowed`);
-            }
+        if (!isLocalFetchAllowed() && this.security.blockedHosts.has(hostname)) {
+            throw createValidationError(`Blocked host: ${hostname}. Internal hosts are not allowed`);
+        }
+        if (!isLocalFetchAllowed() && this.ipBlocker.isBlockedIp(hostname)) {
+            throw createValidationError(`Blocked IP range: ${hostname}. Private IPs are not allowed`);
         }
         if (this.blockedHostSuffixes.some((suffix) => hostname.endsWith(suffix))) {
             throw createValidationError(`Blocked hostname pattern: ${hostname}. Internal domain suffixes are not allowed`);

package/dist/lib/utils.d.ts

@@ -15,8 +15,7 @@ export declare function toError(error: unknown): Error;
 export declare function isAbortError(error: unknown): boolean;
 export declare function createErrorWithCode(message: string, code: string, options?: ErrorOptions): NodeJS.ErrnoException;
 export declare function isSystemError(error: unknown): error is NodeJS.ErrnoException;
-export declare const RESOURCE_NOT_FOUND_ERROR_CODE = -32002;
-export declare function stableStringify(obj: unknown, depth?: number, seen?: WeakSet<WeakKey>): string;
+export declare function stableStringify(obj: unknown): string;
 interface HttpServerTuningTarget {
     headersTimeout?: number;
     requestTimeout?: number;
@@ -56,3 +55,4 @@ interface LikeNode {
 }
 export declare function isLikeNode(value: unknown): value is LikeNode;
 export {};
+//# sourceMappingURL=utils.d.ts.map