@lifeaitools/clauth 1.5.32 → 1.5.33

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/cli/commands/serve.js +23 -14
  2. package/package.json +1 -1
package/cli/commands/serve.js CHANGED
@@ -2978,8 +2978,9 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
2978
2978
  // fall through to MCP handling
2979
2979
  }
2980
2980
 
2981
- // ── MCP Streamable HTTP transport (2025-03-26 spec) ──
2981
+ // ── MCP Streamable HTTP transport ──
2982
2982
  // POST /sse, /mcp, /gws, /clauth — JSON-RPC over HTTP
2983
+ // claude.ai requires text/event-stream SSE format (like regen-media/Express).
2983
2984
  if (method === "POST" && (reqPath === "/sse" || isMcpPath)) {
2984
2985
  let body;
2985
2986
  try { body = await readBody(req); } catch {
@@ -2992,26 +2993,37 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
2992
2993
  const logMsg = `[${new Date().toISOString()}] Streamable HTTP [${reqPath}]: ${rpcMethod} id=${id}\n`;
2993
2994
  try { fs.appendFileSync(LOG_FILE, logMsg); } catch {}
2994
2995
 
2996
+ // Check if client accepts SSE — claude.ai sends Accept: application/json, text/event-stream
2997
+ const acceptsSSE = (req.headers.accept || "").includes("text/event-stream");
2998
+
2999
+ // Helper: respond in SSE or JSON format based on client preference
3000
+ function mcpRespond(res, jsonRpcResponse) {
3001
+ if (acceptsSSE) {
3002
+ const ssePayload = `event: message\ndata: ${JSON.stringify(jsonRpcResponse)}\n\n`;
3003
+ res.writeHead(200, { "Content-Type": "text/event-stream", "Cache-Control": "no-cache", ...CORS });
3004
+ return res.end(ssePayload);
3005
+ }
3006
+ res.writeHead(200, { "Content-Type": "application/json", ...CORS });
3007
+ return res.end(JSON.stringify(jsonRpcResponse));
3008
+ }
3009
+
2995
3010
  // Notifications — no response needed
2996
3011
  if (rpcMethod === "notifications/initialized" || rpcMethod === "initialized") {
2997
- res.writeHead(204, CORS);
3012
+ res.writeHead(202, CORS);
2998
3013
  return res.end();
2999
3014
  }
3000
3015
 
3001
3016
  if (rpcMethod === "initialize") {
3002
- // Always return 2025-03-26 — returning 2025-11-25 causes claude.ai to require OAuth
3003
3017
  const result = {
3004
3018
  protocolVersion: "2025-03-26",
3005
3019
  serverInfo: { name: serverNameForPath(reqPath), version: VERSION },
3006
- capabilities: { tools: {} }
3020
+ capabilities: { tools: { listChanged: true } }
3007
3021
  };
3008
- res.writeHead(200, { "Content-Type": "application/json", ...CORS });
3009
- return res.end(JSON.stringify({ jsonrpc: "2.0", id, result }));
3022
+ return mcpRespond(res, { jsonrpc: "2.0", id, result });
3010
3023
  }
3011
3024
 
3012
3025
  if (rpcMethod === "tools/list") {
3013
- res.writeHead(200, { "Content-Type": "application/json", ...CORS });
3014
- return res.end(JSON.stringify({ jsonrpc: "2.0", id, result: { tools: toolsForPath(reqPath) } }));
3026
+ return mcpRespond(res, { jsonrpc: "2.0", id, result: { tools: toolsForPath(reqPath) } });
3015
3027
  }
3016
3028
 
3017
3029
  if (rpcMethod === "tools/call") {
@@ -3021,17 +3033,14 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
3021
3033
  try {
3022
3034
  const result = await handleMcpTool(vault, name, args || {});
3023
3035
  password = vault.password;
3024
- res.writeHead(200, { "Content-Type": "application/json", ...CORS });
3025
- return res.end(JSON.stringify({ jsonrpc: "2.0", id, result }));
3036
+ return mcpRespond(res, { jsonrpc: "2.0", id, result });
3026
3037
  } catch (err) {
3027
- res.writeHead(200, { "Content-Type": "application/json", ...CORS });
3028
- return res.end(JSON.stringify({ jsonrpc: "2.0", id, result: mcpError(`Internal error: ${err.message}`) }));
3038
+ return mcpRespond(res, { jsonrpc: "2.0", id, result: mcpError(`Internal error: ${err.message}`) });
3029
3039
  }
3030
3040
  }
3031
3041
 
3032
3042
  // Unknown method
3033
- res.writeHead(200, { "Content-Type": "application/json", ...CORS });
3034
- return res.end(JSON.stringify({ jsonrpc: "2.0", id, error: { code: -32601, message: `Unknown method: ${rpcMethod}` } }));
3043
+ return mcpRespond(res, { jsonrpc: "2.0", id, error: { code: -32601, message: `Unknown method: ${rpcMethod}` } });
3035
3044
  }
3036
3045
 
3037
3046
  // ── MCP SSE transport — /sse and namespaced paths ────
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@lifeaitools/clauth",
3
- "version": "1.5.32",
3
+ "version": "1.5.33",
4
4
  "description": "Hardware-bound credential vault for the LIFEAI infrastructure stack",
5
5
  "type": "module",
6
6
  "bin": {