@mcp-ts/sdk 1.0.0

package/dist/index.mjs

@@ -0,0 +1,2723 @@
+import { Client } from '@modelcontextprotocol/sdk/client/index.js';
+import { customAlphabet, nanoid } from 'nanoid';
+import { StreamableHTTPClientTransport } from '@modelcontextprotocol/sdk/client/streamableHttp.js';
+import { SSEClientTransport } from '@modelcontextprotocol/sdk/client/sse.js';
+import { UnauthorizedError as UnauthorizedError$1, discoverOAuthProtectedResourceMetadata, discoverAuthorizationServerMetadata, refreshAuthorization } from '@modelcontextprotocol/sdk/client/auth.js';
+import { ListToolsResultSchema, CallToolResultSchema, ListPromptsResultSchema, GetPromptResultSchema, ListResourcesResultSchema, ReadResourceResultSchema } from '@modelcontextprotocol/sdk/types.js';
+import { promises } from 'fs';
+import * as path from 'path';
+
+var __defProp = Object.defineProperty;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __defNormalProp = (obj, key, value) => key in obj ? __defProp(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
+var __esm = (fn, res) => function __init() {
+  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
+};
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __publicField = (obj, key, value) => __defNormalProp(obj, typeof key !== "symbol" ? key + "" : key, value);
+
+// src/server/storage/redis.ts
+var redis_exports = {};
+__export(redis_exports, {
+  closeRedis: () => closeRedis,
+  getRedis: () => getRedis,
+  initRedis: () => initRedis,
+  redis: () => redis,
+  setRedisInstance: () => setRedisInstance
+});
+async function initRedis(config) {
+  if (redisInstance) {
+    return redisInstance;
+  }
+  const url = config.url ?? process.env.REDIS_URL;
+  if (!url) {
+    throw new Error(
+      "Redis URL is required. Set REDIS_URL environment variable or pass url in config."
+    );
+  }
+  let Redis;
+  if (config.RedisConstructor) {
+    Redis = config.RedisConstructor;
+  } else {
+    try {
+      const ioredis = await import('ioredis');
+      Redis = ioredis.Redis;
+    } catch (error) {
+      throw new Error(
+        "ioredis is not installed. Install it with:\n  npm install ioredis\n\nOr use a different storage backend:\n  MCP_TS_STORAGE_TYPE=memory  (for development)\n  MCP_TS_STORAGE_TYPE=file    (for local persistence)"
+      );
+    }
+  }
+  redisInstance = new Redis(url, {
+    lazyConnect: config.lazyConnect ?? true,
+    maxRetriesPerRequest: config.maxRetriesPerRequest ?? 1
+  });
+  if (config.verbose !== false) {
+    redisInstance.on("ready", () => {
+      console.log("\u2705 Redis connected");
+    });
+    redisInstance.on("error", (err) => {
+      console.error("\u274C Redis error:", err.message);
+    });
+    redisInstance.on("reconnecting", () => {
+      console.log("\u{1F504} Redis reconnecting...");
+    });
+  }
+  global.__redis = redisInstance;
+  global.__redisConfig = config;
+  return redisInstance;
+}
+async function getRedis() {
+  if (redisInstance) {
+    return redisInstance;
+  }
+  if (global.__redis) {
+    redisInstance = global.__redis;
+    return redisInstance;
+  }
+  return await initRedis({});
+}
+function setRedisInstance(instance) {
+  redisInstance = instance;
+  global.__redis = instance;
+}
+async function closeRedis() {
+  if (redisInstance) {
+    await redisInstance.quit();
+    redisInstance = null;
+    global.__redis = void 0;
+  }
+}
+var redisInstance, redis;
+var init_redis = __esm({
+  "src/server/storage/redis.ts"() {
+    redisInstance = null;
+    redis = new Proxy({}, {
+      get(_target, prop) {
+        return async (...args) => {
+          const instance = await getRedis();
+          const value = instance[prop];
+          if (typeof value === "function") {
+            return value.apply(instance, args);
+          }
+          return value;
+        };
+      }
+    });
+  }
+});
+
+// src/shared/constants.ts
+var SESSION_TTL_SECONDS = 43200;
+var STATE_EXPIRATION_MS = 10 * 60 * 1e3;
+var DEFAULT_HEARTBEAT_INTERVAL_MS = 3e4;
+var REDIS_KEY_PREFIX = "mcp:session:";
+var TOKEN_EXPIRY_BUFFER_MS = 5 * 60 * 1e3;
+var DEFAULT_CLIENT_NAME = "MCP Assistant";
+var DEFAULT_CLIENT_URI = "https://mcp-assistant.in";
+var DEFAULT_LOGO_URI = "https://mcp-assistant.in/logo.png";
+var DEFAULT_POLICY_URI = "https://mcp-assistant.in/privacy";
+var SOFTWARE_ID = "@mcp-ts";
+var SOFTWARE_VERSION = "1.0.0-beta.5";
+var MCP_CLIENT_NAME = "mcp-ts-oauth-client";
+var MCP_CLIENT_VERSION = "2.0";
+
+// src/server/storage/redis-backend.ts
+var firstChar = customAlphabet(
+  "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz",
+  1
+);
+var rest = customAlphabet(
+  "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
+  11
+);
+var RedisStorageBackend = class {
+  constructor(redis2) {
+    this.redis = redis2;
+    __publicField(this, "DEFAULT_TTL", SESSION_TTL_SECONDS);
+    __publicField(this, "KEY_PREFIX", "mcp:session:");
+  }
+  /**
+   * Generates Redis key for a specific session
+   * @private
+   */
+  getSessionKey(identity, sessionId) {
+    return `${this.KEY_PREFIX}${identity}:${sessionId}`;
+  }
+  /**
+   * Generates Redis key for tracking all sessions for an identity
+   * @private
+   */
+  getIdentityKey(identity) {
+    return `mcp:identity:${identity}:sessions`;
+  }
+  generateSessionId() {
+    return firstChar() + rest();
+  }
+  async createSession(session, ttl) {
+    const { sessionId, identity } = session;
+    if (!sessionId || !identity) throw new Error("identity and sessionId required");
+    const sessionKey = this.getSessionKey(identity, sessionId);
+    const identityKey = this.getIdentityKey(identity);
+    const effectiveTtl = ttl ?? this.DEFAULT_TTL;
+    const result = await this.redis.set(
+      sessionKey,
+      JSON.stringify(session),
+      "EX",
+      effectiveTtl,
+      "NX"
+    );
+    if (result !== "OK") {
+      throw new Error(`Session ${sessionId} already exists`);
+    }
+    await this.redis.sadd(identityKey, sessionId);
+  }
+  async updateSession(identity, sessionId, data, ttl) {
+    const sessionKey = this.getSessionKey(identity, sessionId);
+    const effectiveTtl = ttl ?? this.DEFAULT_TTL;
+    const script = `
+            local currentStr = redis.call("GET", KEYS[1])
+            if not currentStr then
+                return 0
+            end
+
+            local current = cjson.decode(currentStr)
+            local updates = cjson.decode(ARGV[1])
+
+            for k,v in pairs(updates) do
+                current[k] = v
+            end
+
+            redis.call("SET", KEYS[1], cjson.encode(current), "EX", ARGV[2])
+            return 1
+        `;
+    const result = await this.redis.eval(
+      script,
+      1,
+      sessionKey,
+      JSON.stringify(data),
+      effectiveTtl
+    );
+    if (result === 0) {
+      throw new Error(`Session ${sessionId} not found for identity ${identity}`);
+    }
+  }
+  async getSession(identity, sessionId) {
+    try {
+      const sessionKey = this.getSessionKey(identity, sessionId);
+      const sessionDataStr = await this.redis.get(sessionKey);
+      if (!sessionDataStr) {
+        return null;
+      }
+      const sessionData = JSON.parse(sessionDataStr);
+      return sessionData;
+    } catch (error) {
+      console.error("[RedisStorage] Failed to get session:", error);
+      return null;
+    }
+  }
+  async getIdentityMcpSessions(identity) {
+    const identityKey = this.getIdentityKey(identity);
+    try {
+      return await this.redis.smembers(identityKey);
+    } catch (error) {
+      console.error(`[RedisStorage] Failed to get sessions for ${identity}:`, error);
+      return [];
+    }
+  }
+  async getIdentitySessionsData(identity) {
+    try {
+      const sessionIds = await this.redis.smembers(this.getIdentityKey(identity));
+      if (sessionIds.length === 0) return [];
+      const results = await Promise.all(
+        sessionIds.map(async (sessionId) => {
+          const data = await this.redis.get(this.getSessionKey(identity, sessionId));
+          return data ? JSON.parse(data) : null;
+        })
+      );
+      return results.filter((session) => session !== null);
+    } catch (error) {
+      console.error(`[RedisStorage] Failed to get session data for ${identity}:`, error);
+      return [];
+    }
+  }
+  async removeSession(identity, sessionId) {
+    try {
+      const sessionKey = this.getSessionKey(identity, sessionId);
+      const identityKey = this.getIdentityKey(identity);
+      await this.redis.srem(identityKey, sessionId);
+      await this.redis.del(sessionKey);
+    } catch (error) {
+      console.error("[RedisStorage] Failed to remove session:", error);
+    }
+  }
+  async getAllSessionIds() {
+    try {
+      const pattern = `${this.KEY_PREFIX}*`;
+      const keys = await this.redis.keys(pattern);
+      return keys.map((key) => key.replace(this.KEY_PREFIX, ""));
+    } catch (error) {
+      console.error("[RedisStorage] Failed to get all sessions:", error);
+      return [];
+    }
+  }
+  async clearAll() {
+    try {
+      const pattern = `${this.KEY_PREFIX}*`;
+      const keys = await this.redis.keys(pattern);
+      if (keys.length > 0) {
+        await this.redis.del(...keys);
+      }
+    } catch (error) {
+      console.error("[RedisStorage] Failed to clear sessions:", error);
+    }
+  }
+  async cleanupExpiredSessions() {
+    try {
+      const pattern = `${this.KEY_PREFIX}*`;
+      const keys = await this.redis.keys(pattern);
+      for (const key of keys) {
+        const ttl = await this.redis.ttl(key);
+        if (ttl <= 0) {
+          await this.redis.del(key);
+        }
+      }
+    } catch (error) {
+      console.error("[RedisStorage] Failed to cleanup expired sessions:", error);
+    }
+  }
+  async disconnect() {
+    try {
+      await this.redis.quit();
+    } catch (error) {
+      console.error("[RedisStorage] Failed to disconnect:", error);
+    }
+  }
+};
+var firstChar2 = customAlphabet(
+  "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz",
+  1
+);
+var rest2 = customAlphabet(
+  "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
+  11
+);
+var MemoryStorageBackend = class {
+  constructor() {
+    // Map<identity:sessionId, SessionData>
+    __publicField(this, "sessions", /* @__PURE__ */ new Map());
+    // Map<identity, Set<sessionId>>
+    __publicField(this, "identitySessions", /* @__PURE__ */ new Map());
+  }
+  getSessionKey(identity, sessionId) {
+    return `${identity}:${sessionId}`;
+  }
+  generateSessionId() {
+    return firstChar2() + rest2();
+  }
+  async createSession(session, ttl) {
+    const { sessionId, identity } = session;
+    if (!sessionId || !identity) throw new Error("identity and sessionId required");
+    const sessionKey = this.getSessionKey(identity, sessionId);
+    if (this.sessions.has(sessionKey)) {
+      throw new Error(`Session ${sessionId} already exists`);
+    }
+    this.sessions.set(sessionKey, session);
+    if (!this.identitySessions.has(identity)) {
+      this.identitySessions.set(identity, /* @__PURE__ */ new Set());
+    }
+    this.identitySessions.get(identity).add(sessionId);
+  }
+  async updateSession(identity, sessionId, data, ttl) {
+    if (!identity || !sessionId) throw new Error("identity and sessionId required");
+    const sessionKey = this.getSessionKey(identity, sessionId);
+    const current = this.sessions.get(sessionKey);
+    if (!current) {
+      throw new Error(`Session ${sessionId} not found`);
+    }
+    const updated = {
+      ...current,
+      ...data
+    };
+    this.sessions.set(sessionKey, updated);
+  }
+  async getSession(identity, sessionId) {
+    const sessionKey = this.getSessionKey(identity, sessionId);
+    return this.sessions.get(sessionKey) || null;
+  }
+  async getIdentityMcpSessions(identity) {
+    const set = this.identitySessions.get(identity);
+    return set ? Array.from(set) : [];
+  }
+  async getIdentitySessionsData(identity) {
+    const set = this.identitySessions.get(identity);
+    if (!set) return [];
+    const results = [];
+    for (const sessionId of set) {
+      const session = this.sessions.get(this.getSessionKey(identity, sessionId));
+      if (session) {
+        results.push(session);
+      }
+    }
+    return results;
+  }
+  async removeSession(identity, sessionId) {
+    const sessionKey = this.getSessionKey(identity, sessionId);
+    this.sessions.delete(sessionKey);
+    const set = this.identitySessions.get(identity);
+    if (set) {
+      set.delete(sessionId);
+      if (set.size === 0) {
+        this.identitySessions.delete(identity);
+      }
+    }
+  }
+  async getAllSessionIds() {
+    return Array.from(this.sessions.values()).map((s) => s.sessionId);
+  }
+  async clearAll() {
+    this.sessions.clear();
+    this.identitySessions.clear();
+  }
+  async cleanupExpiredSessions() {
+  }
+  async disconnect() {
+  }
+};
+var firstChar3 = customAlphabet(
+  "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz",
+  1
+);
+var rest3 = customAlphabet(
+  "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
+  11
+);
+var FileStorageBackend = class {
+  /**
+   * @param options.path Path to the JSON file storage (default: ./sessions.json)
+   */
+  constructor(options = {}) {
+    __publicField(this, "filePath");
+    __publicField(this, "memoryCache", null);
+    __publicField(this, "initialized", false);
+    this.filePath = options.path || "./sessions.json";
+  }
+  /**
+   * Initialize storage: ensure file exists and load into memory cache
+   */
+  async init() {
+    if (this.initialized) return;
+    try {
+      const dir = path.dirname(this.filePath);
+      await promises.mkdir(dir, { recursive: true });
+      const data = await promises.readFile(this.filePath, "utf-8");
+      const json = JSON.parse(data);
+      this.memoryCache = /* @__PURE__ */ new Map();
+      if (Array.isArray(json)) {
+        json.forEach((s) => {
+          this.memoryCache.set(this.getSessionKey(s.identity || "unknown", s.sessionId), s);
+        });
+      }
+    } catch (error) {
+      if (error.code === "ENOENT") {
+        this.memoryCache = /* @__PURE__ */ new Map();
+        await this.flush();
+      } else {
+        console.error("[FileStorage] Failed to load sessions:", error);
+        throw error;
+      }
+    }
+    this.initialized = true;
+  }
+  async ensureInitialized() {
+    if (!this.initialized) await this.init();
+  }
+  async flush() {
+    if (!this.memoryCache) return;
+    const sessions = Array.from(this.memoryCache.values());
+    await promises.writeFile(this.filePath, JSON.stringify(sessions, null, 2), "utf-8");
+  }
+  getSessionKey(identity, sessionId) {
+    return `${identity}:${sessionId}`;
+  }
+  generateSessionId() {
+    return firstChar3() + rest3();
+  }
+  async createSession(session, ttl) {
+    await this.ensureInitialized();
+    const { sessionId, identity } = session;
+    if (!sessionId || !identity) throw new Error("identity and sessionId required");
+    const sessionKey = this.getSessionKey(identity, sessionId);
+    if (this.memoryCache.has(sessionKey)) {
+      throw new Error(`Session ${sessionId} already exists`);
+    }
+    this.memoryCache.set(sessionKey, session);
+    await this.flush();
+  }
+  async updateSession(identity, sessionId, data, ttl) {
+    await this.ensureInitialized();
+    if (!identity || !sessionId) throw new Error("identity and sessionId required");
+    const sessionKey = this.getSessionKey(identity, sessionId);
+    const current = this.memoryCache.get(sessionKey);
+    if (!current) {
+      throw new Error(`Session ${sessionId} not found`);
+    }
+    const updated = {
+      ...current,
+      ...data
+    };
+    this.memoryCache.set(sessionKey, updated);
+    await this.flush();
+  }
+  async getSession(identity, sessionId) {
+    await this.ensureInitialized();
+    const sessionKey = this.getSessionKey(identity, sessionId);
+    return this.memoryCache.get(sessionKey) || null;
+  }
+  async getIdentitySessionsData(identity) {
+    await this.ensureInitialized();
+    return Array.from(this.memoryCache.values()).filter((s) => s.identity === identity);
+  }
+  async getIdentityMcpSessions(identity) {
+    await this.ensureInitialized();
+    return Array.from(this.memoryCache.values()).filter((s) => s.identity === identity).map((s) => s.sessionId);
+  }
+  async removeSession(identity, sessionId) {
+    await this.ensureInitialized();
+    const sessionKey = this.getSessionKey(identity, sessionId);
+    if (this.memoryCache.delete(sessionKey)) {
+      await this.flush();
+    }
+  }
+  async getAllSessionIds() {
+    await this.ensureInitialized();
+    return Array.from(this.memoryCache.values()).map((s) => s.sessionId);
+  }
+  async clearAll() {
+    await this.ensureInitialized();
+    this.memoryCache.clear();
+    await this.flush();
+  }
+  async cleanupExpiredSessions() {
+    await this.ensureInitialized();
+  }
+  async disconnect() {
+  }
+};
+
+// src/server/storage/index.ts
+var storageInstance = null;
+var storagePromise = null;
+async function createStorage() {
+  const type = process.env.MCP_TS_STORAGE_TYPE?.toLowerCase();
+  if (type === "redis") {
+    if (!process.env.REDIS_URL) {
+      console.warn('[Storage] MCP_TS_STORAGE_TYPE is "redis" but REDIS_URL is missing');
+    }
+    try {
+      const { getRedis: getRedis2 } = await Promise.resolve().then(() => (init_redis(), redis_exports));
+      const redis2 = await getRedis2();
+      console.log("[Storage] Using Redis storage (Explicit)");
+      return new RedisStorageBackend(redis2);
+    } catch (error) {
+      console.error("[Storage] Failed to initialize Redis:", error.message);
+      console.log("[Storage] Falling back to In-Memory storage");
+      return new MemoryStorageBackend();
+    }
+  }
+  if (type === "file") {
+    const filePath = process.env.MCP_TS_STORAGE_FILE;
+    if (!filePath) {
+      console.warn('[Storage] MCP_TS_STORAGE_TYPE is "file" but MCP_TS_STORAGE_FILE is missing');
+    }
+    console.log(`[Storage] Using File storage (${filePath}) (Explicit)`);
+    const store = new FileStorageBackend({ path: filePath });
+    store.init().catch((err) => console.error("[Storage] Failed to initialize file storage:", err));
+    return store;
+  }
+  if (type === "memory") {
+    console.log("[Storage] Using In-Memory storage (Explicit)");
+    return new MemoryStorageBackend();
+  }
+  if (process.env.REDIS_URL) {
+    try {
+      const { getRedis: getRedis2 } = await Promise.resolve().then(() => (init_redis(), redis_exports));
+      const redis2 = await getRedis2();
+      console.log("[Storage] Auto-detected REDIS_URL. Using Redis storage.");
+      return new RedisStorageBackend(redis2);
+    } catch (error) {
+      console.error("[Storage] Redis auto-detection failed:", error.message);
+      console.log("[Storage] Falling back to In-Memory storage");
+      return new MemoryStorageBackend();
+    }
+  }
+  if (process.env.MCP_TS_STORAGE_FILE) {
+    console.log(`[Storage] Auto-detected MCP_TS_STORAGE_FILE. Using File storage (${process.env.MCP_TS_STORAGE_FILE}).`);
+    const store = new FileStorageBackend({ path: process.env.MCP_TS_STORAGE_FILE });
+    store.init().catch((err) => console.error("[Storage] Failed to initialize file storage:", err));
+    return store;
+  }
+  console.log("[Storage] No storage configured. Using In-Memory storage (Default).");
+  return new MemoryStorageBackend();
+}
+async function getStorage() {
+  if (storageInstance) {
+    return storageInstance;
+  }
+  if (!storagePromise) {
+    storagePromise = createStorage();
+  }
+  storageInstance = await storagePromise;
+  return storageInstance;
+}
+var storage = new Proxy({}, {
+  get(_target, prop) {
+    return async (...args) => {
+      const instance = await getStorage();
+      const value = instance[prop];
+      if (typeof value === "function") {
+        return value.apply(instance, args);
+      }
+      return value;
+    };
+  }
+});
+
+// src/server/mcp/storage-oauth-provider.ts
+var StorageOAuthClientProvider = class {
+  /**
+   * Creates a new Storage-backed OAuth provider
+   * @param identity - User/Client identifier
+   * @param serverId - Server identifier (for tracking which server this OAuth session belongs to)
+   * @param sessionId - Session identifier (used as OAuth state)
+   * @param clientName - OAuth client name
+   * @param baseRedirectUrl - OAuth callback URL
+   * @param onRedirect - Optional callback when redirect to authorization is needed
+   */
+  constructor(identity, serverId, sessionId, clientName, baseRedirectUrl, onRedirect) {
+    this.identity = identity;
+    this.serverId = serverId;
+    this.sessionId = sessionId;
+    this.clientName = clientName;
+    this.baseRedirectUrl = baseRedirectUrl;
+    __publicField(this, "_authUrl");
+    __publicField(this, "_clientId");
+    __publicField(this, "onRedirectCallback");
+    __publicField(this, "tokenExpiresAt");
+    this.onRedirectCallback = onRedirect;
+  }
+  get clientMetadata() {
+    return {
+      client_name: this.clientName,
+      client_uri: this.clientUri,
+      grant_types: ["authorization_code", "refresh_token"],
+      redirect_uris: [this.redirectUrl],
+      response_types: ["code"],
+      token_endpoint_auth_method: "none",
+      ...this._clientId ? { client_id: this._clientId } : {}
+    };
+  }
+  get clientUri() {
+    return new URL(this.redirectUrl).origin;
+  }
+  get redirectUrl() {
+    return this.baseRedirectUrl;
+  }
+  get clientId() {
+    return this._clientId;
+  }
+  set clientId(clientId_) {
+    this._clientId = clientId_;
+  }
+  /**
+   * Loads OAuth data from storage session
+   * @private
+   */
+  async getSessionData() {
+    const data = await storage.getSession(this.identity, this.sessionId);
+    if (!data) {
+      return {};
+    }
+    return data;
+  }
+  /**
+   * Saves OAuth data to storage
+   * @param data - Partial OAuth data to save
+   * @private
+   * @throws Error if session doesn't exist (session must be created by controller layer)
+   */
+  async saveSessionData(data) {
+    await storage.updateSession(this.identity, this.sessionId, data);
+  }
+  /**
+   * Retrieves stored OAuth client information
+   */
+  async clientInformation() {
+    const data = await this.getSessionData();
+    if (data.clientId && !this._clientId) {
+      this._clientId = data.clientId;
+    }
+    return data.clientInformation;
+  }
+  /**
+   * Stores OAuth client information
+   */
+  async saveClientInformation(clientInformation) {
+    await this.saveSessionData({
+      clientInformation,
+      clientId: clientInformation.client_id
+    });
+    this.clientId = clientInformation.client_id;
+  }
+  /**
+   * Stores OAuth tokens
+   */
+  async saveTokens(tokens) {
+    const data = { tokens };
+    if (tokens.expires_in) {
+      this.tokenExpiresAt = Date.now() + tokens.expires_in * 1e3 - TOKEN_EXPIRY_BUFFER_MS;
+    }
+    await this.saveSessionData(data);
+  }
+  get authUrl() {
+    return this._authUrl;
+  }
+  async state() {
+    return this.sessionId;
+  }
+  async checkState(state) {
+    const data = await storage.getSession(this.identity, this.sessionId);
+    if (!data) {
+      return { valid: false, error: "Session not found" };
+    }
+    return { valid: true, serverId: this.serverId };
+  }
+  async consumeState(state) {
+  }
+  async redirectToAuthorization(authUrl) {
+    this._authUrl = authUrl.toString();
+    if (this.onRedirectCallback) {
+      this.onRedirectCallback(authUrl.toString());
+    }
+  }
+  async invalidateCredentials(scope) {
+    if (scope === "all") {
+      await storage.removeSession(this.identity, this.sessionId);
+    } else {
+      await this.getSessionData();
+      const updates = {};
+      if (scope === "client") {
+        updates.clientInformation = void 0;
+        updates.clientId = void 0;
+      } else if (scope === "tokens") {
+        updates.tokens = void 0;
+      } else if (scope === "verifier") {
+        updates.codeVerifier = void 0;
+      }
+      await this.saveSessionData(updates);
+    }
+  }
+  async saveCodeVerifier(verifier) {
+    await this.saveSessionData({ codeVerifier: verifier });
+  }
+  async codeVerifier() {
+    const data = await this.getSessionData();
+    if (data.clientId && !this._clientId) {
+      this._clientId = data.clientId;
+    }
+    if (!data.codeVerifier) {
+      throw new Error("No code verifier found");
+    }
+    return data.codeVerifier;
+  }
+  async deleteCodeVerifier() {
+    await this.saveSessionData({ codeVerifier: void 0 });
+  }
+  async tokens() {
+    const data = await this.getSessionData();
+    if (data.clientId && !this._clientId) {
+      this._clientId = data.clientId;
+    }
+    return data.tokens;
+  }
+  isTokenExpired() {
+    if (!this.tokenExpiresAt) {
+      return false;
+    }
+    return Date.now() >= this.tokenExpiresAt;
+  }
+  setTokenExpiresAt(expiresAt) {
+    this.tokenExpiresAt = expiresAt;
+  }
+};
+
+// src/shared/utils.ts
+function sanitizeServerLabel(name) {
+  let sanitized = name.replace(/[^a-zA-Z0-9-_]/g, "_").replace(/_{2,}/g, "_").toLowerCase();
+  if (!/^[a-zA-Z]/.test(sanitized)) {
+    sanitized = "s_" + sanitized;
+  }
+  return sanitized;
+}
+
+// src/shared/events.ts
+var Emitter = class {
+  constructor() {
+    __publicField(this, "listeners", /* @__PURE__ */ new Set());
+  }
+  /**
+   * Subscribe to events
+   * @param listener - Callback function to handle events
+   * @returns Disposable to unsubscribe
+   */
+  get event() {
+    return (listener) => {
+      this.listeners.add(listener);
+      return {
+        dispose: () => {
+          this.listeners.delete(listener);
+        }
+      };
+    };
+  }
+  /**
+   * Fire an event to all listeners
+   * @param event - Event data to emit
+   */
+  fire(event) {
+    for (const listener of this.listeners) {
+      try {
+        listener(event);
+      } catch (error) {
+        console.error("[Emitter] Error in event listener:", error);
+      }
+    }
+  }
+  /**
+   * Clear all listeners
+   */
+  dispose() {
+    this.listeners.clear();
+  }
+  /**
+   * Get number of active listeners
+   */
+  get listenerCount() {
+    return this.listeners.size;
+  }
+};
+var DisposableStore = class {
+  constructor() {
+    __publicField(this, "disposables", /* @__PURE__ */ new Set());
+  }
+  add(disposable) {
+    this.disposables.add(disposable);
+  }
+  dispose() {
+    for (const disposable of this.disposables) {
+      disposable.dispose();
+    }
+    this.disposables.clear();
+  }
+};
+
+// src/shared/errors.ts
+var McpError = class extends Error {
+  constructor(code, message, cause) {
+    super(message);
+    this.code = code;
+    this.cause = cause;
+    this.name = "McpError";
+    Object.setPrototypeOf(this, new.target.prototype);
+  }
+  toJSON() {
+    return {
+      name: this.name,
+      code: this.code,
+      message: this.message,
+      ...this.cause ? { cause: this.cause.message } : {}
+    };
+  }
+};
+var UnauthorizedError = class extends McpError {
+  constructor(message = "OAuth authorization required", cause) {
+    super("UNAUTHORIZED", message, cause);
+    this.name = "UnauthorizedError";
+  }
+};
+var ConnectionError = class extends McpError {
+  constructor(message, cause) {
+    super("CONNECTION_ERROR", message, cause);
+    this.name = "ConnectionError";
+  }
+};
+var SessionNotFoundError = class extends McpError {
+  constructor(sessionId, cause) {
+    super("SESSION_NOT_FOUND", `Session not found: ${sessionId}`, cause);
+    this.name = "SessionNotFoundError";
+  }
+};
+var SessionValidationError = class extends McpError {
+  constructor(message, cause) {
+    super("SESSION_VALIDATION_ERROR", message, cause);
+    this.name = "SessionValidationError";
+  }
+};
+var AuthenticationError = class extends McpError {
+  constructor(message, cause) {
+    super("AUTH_ERROR", message, cause);
+    this.name = "AuthenticationError";
+  }
+};
+var InvalidStateError = class extends McpError {
+  constructor(message = "Invalid OAuth state", cause) {
+    super("INVALID_STATE", message, cause);
+    this.name = "InvalidStateError";
+  }
+};
+var NotConnectedError = class extends McpError {
+  constructor(message = "Not connected to server", cause) {
+    super("NOT_CONNECTED", message, cause);
+    this.name = "NotConnectedError";
+  }
+};
+var ConfigurationError = class extends McpError {
+  constructor(message, cause) {
+    super("CONFIGURATION_ERROR", message, cause);
+    this.name = "ConfigurationError";
+  }
+};
+var ToolExecutionError = class extends McpError {
+  constructor(toolName, message, cause) {
+    super("TOOL_EXECUTION_ERROR", `Tool '${toolName}' failed: ${message}`, cause);
+    this.name = "ToolExecutionError";
+  }
+};
+var RpcErrorCodes = {
+  EXECUTION_ERROR: "EXECUTION_ERROR",
+  MISSING_IDENTITY: "MISSING_IDENTITY",
+  UNAUTHORIZED: "UNAUTHORIZED",
+  NO_CONNECTION: "NO_CONNECTION",
+  UNKNOWN_METHOD: "UNKNOWN_METHOD",
+  INVALID_PARAMS: "INVALID_PARAMS"
+};
+
+// src/server/mcp/oauth-client.ts
+var MCPClient = class _MCPClient {
+  /**
+   * Creates a new MCP client instance
+   * Can be initialized with minimal options (identity + sessionId) for session restoration
+   * @param options - Client configuration options
+   */
+  constructor(options) {
+    __publicField(this, "client", null);
+    __publicField(this, "oauthProvider", null);
+    __publicField(this, "transport", null);
+    __publicField(this, "identity");
+    __publicField(this, "serverId");
+    __publicField(this, "sessionId");
+    __publicField(this, "serverName");
+    __publicField(this, "transportType");
+    __publicField(this, "serverUrl");
+    __publicField(this, "callbackUrl");
+    __publicField(this, "onRedirect");
+    __publicField(this, "tokens");
+    __publicField(this, "tokenExpiresAt");
+    __publicField(this, "clientInformation");
+    __publicField(this, "clientId");
+    __publicField(this, "clientSecret");
+    __publicField(this, "onSaveTokens");
+    __publicField(this, "headers");
+    /** OAuth Client Metadata */
+    __publicField(this, "clientName");
+    __publicField(this, "clientUri");
+    __publicField(this, "logoUri");
+    __publicField(this, "policyUri");
+    /** Event emitters for connection lifecycle */
+    __publicField(this, "_onConnectionEvent", new Emitter());
+    __publicField(this, "onConnectionEvent", this._onConnectionEvent.event);
+    __publicField(this, "_onObservabilityEvent", new Emitter());
+    __publicField(this, "onObservabilityEvent", this._onObservabilityEvent.event);
+    __publicField(this, "currentState", "DISCONNECTED");
+    this.serverUrl = options.serverUrl;
+    this.serverName = options.serverName;
+    this.callbackUrl = options.callbackUrl;
+    this.onRedirect = options.onRedirect;
+    this.identity = options.identity;
+    this.serverId = options.serverId;
+    this.sessionId = options.sessionId;
+    this.transportType = options.transportType;
+    this.tokens = options.tokens;
+    this.tokenExpiresAt = options.tokenExpiresAt;
+    this.clientInformation = options.clientInformation;
+    this.clientId = options.clientId;
+    this.clientSecret = options.clientSecret;
+    this.onSaveTokens = options.onSaveTokens;
+    this.headers = options.headers;
+    this.clientName = options.clientName;
+    this.clientUri = options.clientUri;
+    this.logoUri = options.logoUri;
+    this.policyUri = options.policyUri;
+  }
+  /**
+   * Emit a connection state change event
+   * @private
+   */
+  emitStateChange(newState) {
+    const previousState = this.currentState;
+    this.currentState = newState;
+    if (!this.serverId) return;
+    this._onConnectionEvent.fire({
+      type: "state_changed",
+      sessionId: this.sessionId,
+      serverId: this.serverId,
+      serverName: this.serverName || this.serverId,
+      state: newState,
+      previousState,
+      timestamp: Date.now()
+    });
+    this._onObservabilityEvent.fire({
+      type: "mcp:client:state_change",
+      level: "info",
+      message: `Connection state: ${previousState} \u2192 ${newState}`,
+      displayMessage: `State changed to ${newState}`,
+      sessionId: this.sessionId,
+      serverId: this.serverId,
+      payload: { previousState, newState },
+      timestamp: Date.now(),
+      id: nanoid()
+    });
+  }
+  /**
+   * Emit an error event
+   * @private
+   */
+  emitError(error, errorType = "unknown") {
+    if (!this.serverId) return;
+    this._onConnectionEvent.fire({
+      type: "error",
+      sessionId: this.sessionId,
+      serverId: this.serverId,
+      error,
+      errorType,
+      timestamp: Date.now()
+    });
+    this._onObservabilityEvent.fire({
+      type: "mcp:client:error",
+      level: "error",
+      message: error,
+      displayMessage: error,
+      sessionId: this.sessionId,
+      serverId: this.serverId,
+      payload: { errorType, error },
+      timestamp: Date.now(),
+      id: nanoid()
+    });
+  }
+  /**
+   * Emit a progress event
+   * @private
+   */
+  emitProgress(message) {
+    if (!this.serverId) return;
+    this._onConnectionEvent.fire({
+      type: "progress",
+      sessionId: this.sessionId,
+      serverId: this.serverId,
+      message,
+      timestamp: Date.now()
+    });
+  }
+  /**
+   * Get current connection state
+   */
+  getConnectionState() {
+    return this.currentState;
+  }
+  /**
+   * Helper to create a transport instance
+   * @param type - The transport type to create
+   * @returns Configured transport instance
+   * @private
+   */
+  getTransport(type) {
+    if (!this.serverUrl) {
+      throw new Error("Server URL is required to create transport");
+    }
+    const baseUrl = new URL(this.serverUrl);
+    const transportOptions = {
+      authProvider: this.oauthProvider,
+      ...this.headers && { headers: this.headers },
+      /**
+       * Custom fetch implementation to handle connection timeouts.
+       * Observation: SDK 1.24.0+ connections may hang indefinitely in some environments.
+       * This wrapper enforces a timeout and properly uses AbortController to unblock the request.
+       */
+      fetch: (url, init) => {
+        const timeout = 3e4;
+        const controller = new AbortController();
+        const timeoutId = setTimeout(() => controller.abort(), timeout);
+        const signal = init?.signal ? (
+          // @ts-ignore: AbortSignal.any is available in Node 20+
+          AbortSignal.any ? AbortSignal.any([init.signal, controller.signal]) : controller.signal
+        ) : controller.signal;
+        return fetch(url, { ...init, signal }).finally(() => clearTimeout(timeoutId));
+      }
+    };
+    if (type === "sse") {
+      return new SSEClientTransport(baseUrl, transportOptions);
+    } else {
+      return new StreamableHTTPClientTransport(baseUrl, transportOptions);
+    }
+  }
+  /**
+   * Initializes client components (client, transport, OAuth provider)
+   * Loads missing configuration from Redis session store if needed
+   * This method is idempotent and safe to call multiple times
+   * @private
+   */
+  async initialize() {
+    if (this.client && this.oauthProvider) {
+      return;
+    }
+    this.emitStateChange("INITIALIZING");
+    this.emitProgress("Loading session configuration...");
+    if (!this.serverUrl || !this.callbackUrl || !this.serverId) {
+      const sessionData = await storage.getSession(this.identity, this.sessionId);
+      if (!sessionData) {
+        throw new Error(`Session not found: ${this.sessionId}`);
+      }
+      this.serverUrl = this.serverUrl || sessionData.serverUrl;
+      this.callbackUrl = this.callbackUrl || sessionData.callbackUrl;
+      this.serverName = this.serverName || sessionData.serverName;
+      this.serverId = this.serverId || sessionData.serverId || "unknown";
+      this.headers = this.headers || sessionData.headers;
+    }
+    if (!this.serverUrl || !this.callbackUrl || !this.serverId) {
+      throw new Error("Missing required connection metadata");
+    }
+    const clientMetadata = {
+      client_name: this.clientName || "MCP Assistant",
+      redirect_uris: [this.callbackUrl],
+      token_endpoint_auth_method: this.clientSecret ? "client_secret_basic" : "none",
+      client_uri: this.clientUri || "https://mcp-assistant.in",
+      logo_uri: this.logoUri || "https://mcp-assistant.in/logo.png",
+      policy_uri: this.policyUri || "https://mcp-assistant.in/privacy",
+      ...this.clientId ? { client_id: this.clientId } : {},
+      ...this.clientSecret ? { client_secret: this.clientSecret } : {}
+    };
+    if (!this.oauthProvider) {
+      if (!this.serverId) {
+        throw new Error("serverId required for OAuth provider initialization");
+      }
+      this.oauthProvider = new StorageOAuthClientProvider(
+        this.identity,
+        this.serverId,
+        this.sessionId,
+        clientMetadata.client_name ?? "MCP Assistant",
+        this.callbackUrl,
+        (redirectUrl) => {
+          if (this.onRedirect) {
+            this.onRedirect(redirectUrl);
+          }
+        }
+      );
+      if (this.clientId && this.oauthProvider) {
+        this.oauthProvider.clientId = this.clientId;
+      }
+    }
+    if (!this.client) {
+      this.client = new Client(
+        {
+          name: "mcp-ts-oauth-client",
+          version: "2.0"
+        },
+        { capabilities: {} }
+      );
+    }
+    const existingSession = await storage.getSession(this.identity, this.sessionId);
+    if (!existingSession && this.serverId && this.serverUrl && this.callbackUrl) {
+      console.log(`[MCPClient] Creating initial session ${this.sessionId} for OAuth flow`);
+      await storage.createSession({
+        sessionId: this.sessionId,
+        identity: this.identity,
+        serverId: this.serverId,
+        serverName: this.serverName,
+        serverUrl: this.serverUrl,
+        callbackUrl: this.callbackUrl,
+        transportType: this.transportType || "streamable_http",
+        createdAt: Date.now()
+      }, Math.floor(STATE_EXPIRATION_MS / 1e3));
+    }
+  }
+  /**
+   * Saves current session state to storage
+   * Creates new session if it doesn't exist, updates if it does
+   * @param ttl - Time-to-live in seconds (defaults to 12hr for connected sessions)
+   * @private
+   */
+  async saveSession(ttl = SESSION_TTL_SECONDS) {
+    if (!this.sessionId || !this.serverId || !this.serverUrl || !this.callbackUrl) {
+      return;
+    }
+    const sessionData = {
+      sessionId: this.sessionId,
+      identity: this.identity,
+      serverId: this.serverId,
+      serverName: this.serverName,
+      serverUrl: this.serverUrl,
+      callbackUrl: this.callbackUrl,
+      transportType: this.transportType || "streamable_http",
+      createdAt: Date.now()
+    };
+    const existingSession = await storage.getSession(this.identity, this.sessionId);
+    if (existingSession) {
+      await storage.updateSession(this.identity, this.sessionId, sessionData, ttl);
+    } else {
+      await storage.createSession(sessionData, ttl);
+    }
+  }
+  /**
+   * Try to connect using available transports
+   * @returns The corrected transport type object if successful
+   * @private
+   */
+  async tryConnect() {
+    const transportsToTry = this.transportType ? [this.transportType] : ["streamable_http", "sse"];
+    let lastError;
+    for (const currentType of transportsToTry) {
+      const isLastAttempt = currentType === transportsToTry[transportsToTry.length - 1];
+      try {
+        const transport = this.getTransport(currentType);
+        this.transport = transport;
+        await this.client.connect(transport);
+        return { transportType: currentType };
+      } catch (error) {
+        lastError = error;
+        const isAuthError = error instanceof UnauthorizedError$1 || error instanceof Error && error.message.toLowerCase().includes("unauthorized");
+        if (isAuthError) {
+          throw error;
+        }
+        if (isLastAttempt) {
+          throw error;
+        }
+        const errorMessage = error instanceof Error ? error.message : String(error);
+        this.emitProgress(`Connection attempt with ${currentType} failed: ${errorMessage}. Retrying...`);
+        this._onObservabilityEvent.fire({
+          level: "warn",
+          message: `Transport ${currentType} failed, falling back`,
+          sessionId: this.sessionId,
+          serverId: this.serverId,
+          metadata: {
+            failedTransport: currentType,
+            error: errorMessage
+          },
+          timestamp: Date.now()
+        });
+      }
+    }
+    throw lastError || new Error("No transports available");
+  }
+  /**
+   * Connects to the MCP server
+   * Automatically validates and refreshes OAuth tokens if needed
+   * Saves session to Redis on first successful connection
+   * @throws {UnauthorizedError} When OAuth authorization is required
+   * @throws {Error} When connection fails for other reasons
+   */
+  async connect() {
+    await this.initialize();
+    if (!this.client || !this.oauthProvider) {
+      const error = "Client or OAuth provider not initialized";
+      this.emitError(error, "connection");
+      this.emitStateChange("FAILED");
+      throw new Error(error);
+    }
+    try {
+      this.emitProgress("Validating OAuth tokens...");
+      await this.getValidTokens();
+      this.emitStateChange("CONNECTING");
+      const { transportType } = await this.tryConnect();
+      this.transportType = transportType;
+      this.emitStateChange("CONNECTED");
+      this.emitProgress("Connected successfully");
+      const existingSession = await storage.getSession(this.identity, this.sessionId);
+      if (!existingSession || existingSession.transportType !== this.transportType) {
+        console.log(`[MCPClient] Saving session ${this.sessionId} (new or transport changed)`);
+        await this.saveSession(SESSION_TTL_SECONDS);
+      }
+    } catch (error) {
+      if (error instanceof UnauthorizedError$1 || error instanceof Error && error.message.toLowerCase().includes("unauthorized")) {
+        this.emitStateChange("AUTHENTICATING");
+        console.log(`[MCPClient] Saving session ${this.sessionId} with 10min TTL (OAuth pending)`);
+        await this.saveSession(Math.floor(STATE_EXPIRATION_MS / 1e3));
+        let authUrl = "";
+        if (this.oauthProvider) {
+          authUrl = this.oauthProvider.authUrl || "";
+        }
+        if (this.serverId) {
+          this._onConnectionEvent.fire({
+            type: "auth_required",
+            sessionId: this.sessionId,
+            serverId: this.serverId,
+            authUrl,
+            timestamp: Date.now()
+          });
+          if (authUrl && this.onRedirect) {
+            this.onRedirect(authUrl);
+          }
+        }
+        throw new UnauthorizedError("OAuth authorization required");
+      }
+      const errorMessage = error instanceof Error ? error.message : "Connection failed";
+      this.emitError(errorMessage, "connection");
+      this.emitStateChange("FAILED");
+      throw error;
+    }
+  }
+  /**
+   * Completes OAuth authorization flow by exchanging authorization code for tokens
+   * Creates new authenticated client and transport, then establishes connection
+   * Saves active session to Redis after successful authentication
+   * @param authCode - Authorization code received from OAuth callback
+   */
+  // TODO: needs to be optimized
+  async finishAuth(authCode) {
+    this.emitStateChange("AUTHENTICATING");
+    this.emitProgress("Exchanging authorization code for tokens...");
+    await this.initialize();
+    if (!this.oauthProvider) {
+      const error = "OAuth provider not initialized";
+      this.emitError(error, "auth");
+      this.emitStateChange("FAILED");
+      throw new Error(error);
+    }
+    const transportsToTry = this.transportType ? [this.transportType] : ["streamable_http", "sse"];
+    let lastError;
+    let tokensExchanged = false;
+    for (const currentType of transportsToTry) {
+      const isLastAttempt = currentType === transportsToTry[transportsToTry.length - 1];
+      try {
+        const transport = this.getTransport(currentType);
+        this.transport = transport;
+        if (!tokensExchanged) {
+          await transport.finishAuth(authCode);
+          tokensExchanged = true;
+        } else {
+          this.emitProgress(`Tokens already exchanged, skipping auth step for ${currentType}...`);
+        }
+        this.transportType = currentType;
+        this.emitStateChange("AUTHENTICATED");
+        this.emitProgress("Creating authenticated client...");
+        this.client = new Client(
+          {
+            name: "mcp-ts-oauth-client",
+            version: "2.0"
+          },
+          { capabilities: {} }
+        );
+        this.emitStateChange("CONNECTING");
+        await this.client.connect(this.transport);
+        this.emitStateChange("CONNECTED");
+        console.log(`[MCPClient] Updating session ${this.sessionId} to 12hr TTL (OAuth complete)`);
+        await this.saveSession(SESSION_TTL_SECONDS);
+        return;
+      } catch (error) {
+        lastError = error;
+        const isAuthError = error instanceof UnauthorizedError$1 || error instanceof Error && error.message.toLowerCase().includes("unauthorized");
+        if (isAuthError) {
+          throw error;
+        }
+        const errorMessage = error instanceof Error ? error.message : String(error);
+        if (!tokensExchanged && errorMessage.toLowerCase().includes("invalid authorization code")) {
+          const msg = error instanceof Error ? error.message : "Authentication failed";
+          this.emitError(msg, "auth");
+          this.emitStateChange("FAILED");
+          throw error;
+        }
+        if (isLastAttempt) {
+          const msg = error instanceof Error ? error.message : "Authentication failed";
+          this.emitError(msg, "auth");
+          this.emitStateChange("FAILED");
+          throw error;
+        }
+        this.emitProgress(`Auth attempt with ${currentType} failed: ${errorMessage}. Retrying...`);
+      }
+    }
+    if (lastError) {
+      const errorMessage = lastError instanceof Error ? lastError.message : "Authentication failed";
+      this.emitError(errorMessage, "auth");
+      this.emitStateChange("FAILED");
+      throw lastError;
+    }
+  }
+  /**
+   * Lists all available tools from the connected MCP server
+   * @returns List of tools with their schemas and descriptions
+   * @throws {Error} When client is not connected
+   */
+  async listTools() {
+    if (!this.client) {
+      throw new Error("Not connected to server");
+    }
+    this.emitStateChange("DISCOVERING");
+    try {
+      const request = {
+        method: "tools/list",
+        params: {}
+      };
+      const result = await this.client.request(request, ListToolsResultSchema);
+      if (this.serverId) {
+        this._onConnectionEvent.fire({
+          type: "tools_discovered",
+          sessionId: this.sessionId,
+          serverId: this.serverId,
+          toolCount: result.tools.length,
+          tools: result.tools,
+          timestamp: Date.now()
+        });
+      }
+      this.emitStateChange("READY");
+      this.emitProgress(`Discovered ${result.tools.length} tools`);
+      return result;
+    } catch (error) {
+      const errorMessage = error instanceof Error ? error.message : "Failed to list tools";
+      this.emitError(errorMessage, "validation");
+      this.emitStateChange("FAILED");
+      throw error;
+    }
+  }
+  /**
+   * Executes a tool on the connected MCP server
+   * @param toolName - Name of the tool to execute
+   * @param toolArgs - Arguments to pass to the tool
+   * @returns Tool execution result
+   * @throws {Error} When client is not connected
+   */
+  async callTool(toolName, toolArgs) {
+    if (!this.client) {
+      throw new Error("Not connected to server");
+    }
+    const request = {
+      method: "tools/call",
+      params: {
+        name: toolName,
+        arguments: toolArgs
+      }
+    };
+    try {
+      const result = await this.client.request(request, CallToolResultSchema);
+      this._onObservabilityEvent.fire({
+        type: "mcp:client:tool_call",
+        level: "info",
+        message: `Tool ${toolName} called successfully`,
+        displayMessage: `Called tool ${toolName}`,
+        sessionId: this.sessionId,
+        serverId: this.serverId,
+        payload: {
+          toolName,
+          args: toolArgs
+        },
+        timestamp: Date.now(),
+        id: nanoid()
+      });
+      return result;
+    } catch (error) {
+      const errorMessage = error instanceof Error ? error.message : `Failed to call tool ${toolName}`;
+      this._onObservabilityEvent.fire({
+        type: "mcp:client:error",
+        level: "error",
+        message: errorMessage,
+        displayMessage: `Failed to call tool ${toolName}`,
+        sessionId: this.sessionId,
+        serverId: this.serverId,
+        payload: {
+          errorType: "tool_execution",
+          error: errorMessage,
+          toolName,
+          args: toolArgs
+        },
+        timestamp: Date.now(),
+        id: nanoid()
+      });
+      throw error;
+    }
+  }
+  /**
+   * Lists all available prompts from the connected MCP server
+   * @returns List of available prompts
+   * @throws {Error} When client is not connected
+   */
+  async listPrompts() {
+    if (!this.client) {
+      throw new Error("Not connected to server");
+    }
+    this.emitStateChange("DISCOVERING");
+    try {
+      const request = {
+        method: "prompts/list",
+        params: {}
+      };
+      const result = await this.client.request(request, ListPromptsResultSchema);
+      this.emitStateChange("READY");
+      this.emitProgress(`Discovered ${result.prompts.length} prompts`);
+      return result;
+    } catch (error) {
+      const errorMessage = error instanceof Error ? error.message : "Failed to list prompts";
+      this.emitError(errorMessage, "validation");
+      this.emitStateChange("FAILED");
+      throw error;
+    }
+  }
+  /**
+   * Gets a specific prompt with arguments
+   * @param name - Name of the prompt
+   * @param args - Arguments for the prompt
+   * @returns Prompt content
+   * @throws {Error} When client is not connected
+   */
+  async getPrompt(name, args) {
+    if (!this.client) {
+      throw new Error("Not connected to server");
+    }
+    const request = {
+      method: "prompts/get",
+      params: {
+        name,
+        arguments: args
+      }
+    };
+    return await this.client.request(request, GetPromptResultSchema);
+  }
+  /**
+   * Lists all available resources from the connected MCP server
+   * @returns List of available resources
+   * @throws {Error} When client is not connected
+   */
+  async listResources() {
+    if (!this.client) {
+      throw new Error("Not connected to server");
+    }
+    this.emitStateChange("DISCOVERING");
+    try {
+      const request = {
+        method: "resources/list",
+        params: {}
+      };
+      const result = await this.client.request(request, ListResourcesResultSchema);
+      this.emitStateChange("READY");
+      this.emitProgress(`Discovered ${result.resources.length} resources`);
+      return result;
+    } catch (error) {
+      const errorMessage = error instanceof Error ? error.message : "Failed to list resources";
+      this.emitError(errorMessage, "validation");
+      this.emitStateChange("FAILED");
+      throw error;
+    }
+  }
+  /**
+   * Reads a specific resource
+   * @param uri - URI of the resource to read
+   * @returns Resource content
+   * @throws {Error} When client is not connected
+   */
+  async readResource(uri) {
+    if (!this.client) {
+      throw new Error("Not connected to server");
+    }
+    const request = {
+      method: "resources/read",
+      params: {
+        uri
+      }
+    };
+    return await this.client.request(request, ReadResourceResultSchema);
+  }
+  /**
+   * Refreshes the OAuth access token using the refresh token
+   * Discovers OAuth metadata from server and exchanges refresh token for new access token
+   * @returns True if refresh was successful, false otherwise
+   */
+  async refreshToken() {
+    await this.initialize();
+    if (!this.oauthProvider) {
+      return false;
+    }
+    const tokens = await this.oauthProvider.tokens();
+    if (!tokens || !tokens.refresh_token) {
+      return false;
+    }
+    const clientInformation = await this.oauthProvider.clientInformation();
+    if (!clientInformation) {
+      return false;
+    }
+    try {
+      const resourceMetadata = await discoverOAuthProtectedResourceMetadata(this.serverUrl);
+      const authServerUrl = resourceMetadata?.authorization_servers?.[0] || this.serverUrl;
+      const authMetadata = await discoverAuthorizationServerMetadata(authServerUrl);
+      const newTokens = await refreshAuthorization(authServerUrl, {
+        metadata: authMetadata,
+        clientInformation,
+        refreshToken: tokens.refresh_token
+      });
+      await this.oauthProvider.saveTokens(newTokens);
+      return true;
+    } catch (error) {
+      console.error("[OAuth] Token refresh failed:", error);
+      return false;
+    }
+  }
+  /**
+   * Ensures OAuth tokens are valid, refreshing them if expired
+   * Called automatically by connect() - rarely needs to be called manually
+   * @returns True if valid tokens are available, false otherwise
+   */
+  async getValidTokens() {
+    await this.initialize();
+    if (!this.oauthProvider) {
+      return false;
+    }
+    const tokens = await this.oauthProvider.tokens();
+    if (!tokens) {
+      return false;
+    }
+    if (this.oauthProvider.isTokenExpired()) {
+      return await this.refreshToken();
+    }
+    return true;
+  }
+  /**
+   * Reconnects to MCP server using existing OAuth provider from Redis
+   * Used for session restoration in serverless environments
+   * Creates new client and transport without re-initializing OAuth provider
+   * @throws {Error} When OAuth provider is not initialized
+   */
+  async reconnect() {
+    await this.initialize();
+    if (!this.oauthProvider) {
+      throw new Error("OAuth provider not initialized");
+    }
+    this.client = new Client(
+      {
+        name: "mcp-ts-oauth-client",
+        version: "2.0"
+      },
+      { capabilities: {} }
+    );
+    const tt = this.transportType || "streamable_http";
+    this.transport = this.getTransport(tt);
+    await this.client.connect(this.transport);
+  }
+  /**
+   * Completely removes the session from Redis including all OAuth data
+   * Invalidates credentials and disconnects the client
+   */
+  async clearSession() {
+    try {
+      await this.initialize();
+    } catch (error) {
+      console.warn("[MCPClient] Initialization failed during clearSession:", error);
+    }
+    if (this.oauthProvider) {
+      await this.oauthProvider.invalidateCredentials("all");
+    }
+    await storage.removeSession(this.identity, this.sessionId);
+    this.disconnect();
+  }
+  /**
+   * Checks if the client is currently connected to an MCP server
+   * @returns True if connected, false otherwise
+   */
+  isConnected() {
+    return this.client !== null;
+  }
+  /**
+   * Disconnects from the MCP server and cleans up resources
+   * Does not remove session from Redis - use clearSession() for that
+   */
+  disconnect(reason) {
+    if (this.client) {
+      this.client.close();
+    }
+    this.client = null;
+    this.oauthProvider = null;
+    this.transport = null;
+    if (this.serverId) {
+      this._onConnectionEvent.fire({
+        type: "disconnected",
+        sessionId: this.sessionId,
+        serverId: this.serverId,
+        reason,
+        timestamp: Date.now()
+      });
+      this._onObservabilityEvent.fire({
+        type: "mcp:client:disconnect",
+        level: "info",
+        message: `Disconnected from ${this.serverId}`,
+        sessionId: this.sessionId,
+        serverId: this.serverId,
+        payload: {
+          reason: reason || "unknown"
+        },
+        timestamp: Date.now(),
+        id: nanoid()
+      });
+    }
+    this.emitStateChange("DISCONNECTED");
+  }
+  /**
+   * Dispose of all event emitters
+   * Call this when the client is no longer needed
+   */
+  dispose() {
+    this._onConnectionEvent.dispose();
+    this._onObservabilityEvent.dispose();
+  }
+  /**
+   * Gets the server URL
+   * @returns Server URL or empty string if not set
+   */
+  getServerUrl() {
+    return this.serverUrl || "";
+  }
+  /**
+   * Gets the OAuth callback URL
+   * @returns Callback URL or empty string if not set
+   */
+  getCallbackUrl() {
+    return this.callbackUrl || "";
+  }
+  /**
+   * Gets the transport type being used
+   * @returns Transport type (defaults to 'streamable_http')
+   */
+  getTransportType() {
+    return this.transportType || "streamable_http";
+  }
+  /**
+   * Gets the human-readable server name
+   * @returns Server name or undefined
+   */
+  getServerName() {
+    return this.serverName;
+  }
+  /**
+   * Gets the server ID
+   * @returns Server ID or undefined
+   */
+  getServerId() {
+    return this.serverId;
+  }
+  /**
+   * Gets the session ID
+   * @returns Session ID
+   */
+  getSessionId() {
+    return this.sessionId;
+  }
+  /**
+   * Gets MCP server configuration for all active user sessions
+   * Loads sessions from Redis, validates OAuth tokens, refreshes if expired
+   * Returns ready-to-use configuration with valid auth headers
+   * @param identity - User ID to fetch sessions for
+   * @returns Object keyed by sanitized server labels containing transport, url, headers, etc.
+   * @static
+   */
+  static async getMcpServerConfig(identity) {
+    const mcpConfig = {};
+    const sessions = await storage.getIdentitySessionsData(identity);
+    await Promise.all(
+      sessions.map(async (sessionData) => {
+        const { sessionId } = sessionData;
+        try {
+          if (!sessionData.serverId || !sessionData.transportType || !sessionData.serverUrl || !sessionData.callbackUrl) {
+            await storage.removeSession(identity, sessionId);
+            return;
+          }
+          let headers;
+          try {
+            const client = new _MCPClient({
+              identity,
+              sessionId,
+              serverId: sessionData.serverId,
+              serverUrl: sessionData.serverUrl,
+              callbackUrl: sessionData.callbackUrl,
+              serverName: sessionData.serverName,
+              transportType: sessionData.transportType,
+              headers: sessionData.headers
+            });
+            await client.initialize();
+            const hasValidTokens = await client.getValidTokens();
+            if (hasValidTokens && client.oauthProvider) {
+              const tokens = await client.oauthProvider.tokens();
+              if (tokens?.access_token) {
+                headers = { Authorization: `Bearer ${tokens.access_token}` };
+              }
+            }
+          } catch (error) {
+            console.warn(`[MCP] Failed to get OAuth tokens for ${sessionId}:`, error);
+          }
+          const label = sanitizeServerLabel(
+            sessionData.serverName || sessionData.serverId || "server"
+          );
+          mcpConfig[label] = {
+            transport: sessionData.transportType,
+            url: sessionData.serverUrl,
+            ...sessionData.serverName && {
+              serverName: sessionData.serverName,
+              serverLabel: label
+            },
+            ...headers && { headers }
+          };
+        } catch (error) {
+          await storage.removeSession(identity, sessionId);
+          console.warn(`[MCP] Failed to process session ${sessionId}:`, error);
+        }
+      })
+    );
+    return mcpConfig;
+  }
+};
+
+// src/server/mcp/multi-session-client.ts
+var MultiSessionClient = class {
+  constructor(identity, options = {}) {
+    __publicField(this, "clients", []);
+    __publicField(this, "identity");
+    __publicField(this, "options");
+    this.identity = identity;
+    this.options = {
+      timeout: 15e3,
+      maxRetries: 2,
+      retryDelay: 1e3,
+      ...options
+    };
+  }
+  async getActiveSessions() {
+    const sessions = await storage.getIdentitySessionsData(this.identity);
+    console.log(
+      `[MultiSessionClient] All sessions for ${this.identity}:`,
+      sessions.map((s) => ({ sessionId: s.sessionId, serverId: s.serverId }))
+    );
+    const valid = sessions.filter((s) => s.serverId && s.serverUrl && s.callbackUrl);
+    console.log(`[MultiSessionClient] Filtered valid sessions:`, valid.length);
+    return valid;
+  }
+  async connectInBatches(sessions) {
+    const BATCH_SIZE = 5;
+    for (let i = 0; i < sessions.length; i += BATCH_SIZE) {
+      const batch = sessions.slice(i, i + BATCH_SIZE);
+      await Promise.all(batch.map((session) => this.connectSession(session)));
+    }
+  }
+  async connectSession(session) {
+    const existingClient = this.clients.find((c) => c.getSessionId() === session.sessionId);
+    if (existingClient?.isConnected()) {
+      return;
+    }
+    const maxRetries = this.options.maxRetries ?? 2;
+    const retryDelay = this.options.retryDelay ?? 1e3;
+    let lastError;
+    for (let attempt = 0; attempt <= maxRetries; attempt++) {
+      try {
+        const client = await this.createAndConnectClient(session);
+        this.clients.push(client);
+        return;
+      } catch (error) {
+        lastError = error;
+        if (attempt < maxRetries) {
+          await new Promise((resolve) => setTimeout(resolve, retryDelay));
+        }
+      }
+    }
+    console.error(`[MultiSessionClient] Failed to connect to session ${session.sessionId} after ${maxRetries + 1} attempts:`, lastError);
+  }
+  async createAndConnectClient(session) {
+    const client = new MCPClient({
+      identity: this.identity,
+      sessionId: session.sessionId,
+      serverId: session.serverId,
+      serverUrl: session.serverUrl,
+      callbackUrl: session.callbackUrl,
+      serverName: session.serverName,
+      transportType: session.transportType,
+      headers: session.headers
+    });
+    const timeoutMs = this.options.timeout ?? 15e3;
+    const timeoutPromise = new Promise((_, reject) => {
+      setTimeout(() => reject(new Error(`Connection timed out after ${timeoutMs}ms`)), timeoutMs);
+    });
+    await Promise.race([client.connect(), timeoutPromise]);
+    return client;
+  }
+  async connect() {
+    const sessions = await this.getActiveSessions();
+    await this.connectInBatches(sessions);
+  }
+  /**
+   * Returns the array of currently connected clients.
+   */
+  getClients() {
+    return this.clients;
+  }
+  /**
+   * Disconnects all clients.
+   */
+  disconnect() {
+    this.clients.forEach((client) => client.disconnect());
+    this.clients = [];
+  }
+};
+
+// src/server/handlers/sse-handler.ts
+var SSEConnectionManager = class {
+  constructor(options, sendEvent) {
+    this.options = options;
+    this.sendEvent = sendEvent;
+    __publicField(this, "identity");
+    __publicField(this, "clients", /* @__PURE__ */ new Map());
+    __publicField(this, "heartbeatTimer");
+    __publicField(this, "isActive", true);
+    this.identity = options.identity;
+    this.startHeartbeat();
+  }
+  /**
+   * Get resolved client metadata (dynamic > static > defaults)
+   */
+  async getResolvedClientMetadata(request) {
+    let metadata = {};
+    if (this.options.clientDefaults) {
+      metadata = { ...this.options.clientDefaults };
+    }
+    if (this.options.getClientMetadata) {
+      const dynamicMetadata = await this.options.getClientMetadata(request);
+      metadata = { ...metadata, ...dynamicMetadata };
+    }
+    return metadata;
+  }
+  /**
+   * Start heartbeat to keep connection alive
+   */
+  startHeartbeat() {
+    const interval = this.options.heartbeatInterval || 3e4;
+    this.heartbeatTimer = setInterval(() => {
+      if (this.isActive) {
+        this.sendEvent({
+          level: "debug",
+          message: "heartbeat",
+          timestamp: Date.now()
+        });
+      }
+    }, interval);
+  }
+  /**
+   * Handle incoming RPC requests
+   */
+  async handleRequest(request) {
+    try {
+      let result;
+      switch (request.method) {
+        case "getSessions":
+          result = await this.getSessions();
+          break;
+        case "connect":
+          result = await this.connect(request.params);
+          break;
+        case "disconnect":
+          result = await this.disconnect(request.params);
+          break;
+        case "listTools":
+          result = await this.listTools(request.params);
+          break;
+        case "callTool":
+          result = await this.callTool(request.params);
+          break;
+        case "restoreSession":
+          result = await this.restoreSession(request.params);
+          break;
+        case "finishAuth":
+          result = await this.finishAuth(request.params);
+          break;
+        case "listPrompts":
+          result = await this.listPrompts(request.params);
+          break;
+        case "getPrompt":
+          result = await this.getPrompt(request.params);
+          break;
+        case "listResources":
+          result = await this.listResources(request.params);
+          break;
+        case "readResource":
+          result = await this.readResource(request.params);
+          break;
+        default:
+          throw new Error(`Unknown method: ${request.method}`);
+      }
+      this.sendEvent({
+        id: request.id,
+        result
+      });
+    } catch (error) {
+      this.sendEvent({
+        id: request.id,
+        error: {
+          code: RpcErrorCodes.EXECUTION_ERROR,
+          message: error instanceof Error ? error.message : "Unknown error"
+        }
+      });
+    }
+  }
+  /**
+   * Get all user sessions
+   */
+  async getSessions() {
+    const sessions = await storage.getIdentitySessionsData(this.identity);
+    this.sendEvent({
+      level: "debug",
+      message: `Retrieved ${sessions.length} sessions for identity ${this.identity}`,
+      timestamp: Date.now(),
+      metadata: {
+        identity: this.identity,
+        sessionCount: sessions.length,
+        sessions: sessions.map((s) => ({
+          sessionId: s.sessionId,
+          serverId: s.serverId,
+          serverName: s.serverName
+        }))
+      }
+    });
+    return {
+      sessions: sessions.map((s) => ({
+        sessionId: s.sessionId,
+        serverId: s.serverId,
+        serverName: s.serverName,
+        serverUrl: s.serverUrl,
+        transport: s.transportType
+      }))
+    };
+  }
+  /**
+   * Connect to an MCP server
+   */
+  async connect(params) {
+    const { serverId, serverName, serverUrl, callbackUrl, transportType } = params;
+    const existingSessions = await storage.getIdentitySessionsData(this.identity);
+    const duplicate = existingSessions.find(
+      (s) => s.serverId === serverId || s.serverUrl === serverUrl
+    );
+    if (duplicate) {
+      throw new Error(`Connection already exists for server: ${duplicate.serverUrl || duplicate.serverId} (${duplicate.serverName})`);
+    }
+    const sessionId = await storage.generateSessionId();
+    this.emitConnectionEvent({
+      type: "state_changed",
+      sessionId,
+      serverId,
+      serverName,
+      state: "CONNECTING",
+      previousState: "DISCONNECTED",
+      timestamp: Date.now()
+    });
+    try {
+      const clientMetadata = await this.getResolvedClientMetadata();
+      const client = new MCPClient({
+        identity: this.identity,
+        sessionId,
+        serverId,
+        serverName,
+        serverUrl,
+        callbackUrl,
+        transportType,
+        ...clientMetadata,
+        // Spread client metadata (clientName, clientUri, logoUri, policyUri)
+        onRedirect: (authUrl) => {
+          this.emitConnectionEvent({
+            type: "auth_required",
+            sessionId,
+            serverId,
+            authUrl,
+            timestamp: Date.now()
+          });
+        }
+      });
+      this.clients.set(sessionId, client);
+      client.onConnectionEvent((event) => {
+        this.emitConnectionEvent(event);
+      });
+      client.onObservabilityEvent((event) => {
+        this.sendEvent(event);
+      });
+      await client.connect();
+      const tools = await client.listTools();
+      const sessionAfterConnect = await storage.getSession(this.identity, sessionId);
+      console.log(`[SSE Handler] After connect() - Session ${sessionId}:`, {
+        serverId: sessionAfterConnect?.serverId
+      });
+      this.emitConnectionEvent({
+        type: "tools_discovered",
+        sessionId,
+        serverId,
+        toolCount: tools.tools.length,
+        tools: tools.tools,
+        timestamp: Date.now()
+      });
+      return {
+        sessionId,
+        success: true
+      };
+    } catch (error) {
+      this.emitConnectionEvent({
+        type: "error",
+        sessionId,
+        serverId,
+        error: error instanceof Error ? error.message : "Connection failed",
+        errorType: "connection",
+        timestamp: Date.now()
+      });
+      this.clients.delete(sessionId);
+      throw error;
+    }
+  }
+  /**
+   * Disconnect from an MCP server
+   */
+  async disconnect(params) {
+    const { sessionId } = params;
+    const client = this.clients.get(sessionId);
+    if (client) {
+      await client.clearSession();
+      client.disconnect();
+      this.clients.delete(sessionId);
+    } else {
+      await storage.removeSession(this.identity, sessionId);
+    }
+    return { success: true };
+  }
+  /**
+   * Helper to get or restore a client
+   */
+  async getOrCreateClient(sessionId) {
+    let client = this.clients.get(sessionId);
+    if (!client) {
+      client = new MCPClient({
+        identity: this.identity,
+        sessionId
+      });
+      client.onConnectionEvent((event) => {
+        this.emitConnectionEvent(event);
+      });
+      client.onObservabilityEvent((event) => {
+        this.sendEvent(event);
+      });
+      await client.connect();
+      this.clients.set(sessionId, client);
+    }
+    return client;
+  }
+  /**
+   * List tools from a session
+   */
+  async listTools(params) {
+    const { sessionId } = params;
+    const client = await this.getOrCreateClient(sessionId);
+    const result = await client.listTools();
+    return { tools: result.tools };
+  }
+  /**
+   * Call a tool
+   */
+  async callTool(params) {
+    const { sessionId, toolName, toolArgs } = params;
+    const client = await this.getOrCreateClient(sessionId);
+    return await client.callTool(toolName, toolArgs);
+  }
+  /**
+   * Refresh/validate a session
+   */
+  async restoreSession(params) {
+    const { sessionId } = params;
+    this.sendEvent({
+      level: "debug",
+      message: `Starting session refresh for ${sessionId}`,
+      timestamp: Date.now(),
+      metadata: { sessionId, identity: this.identity }
+    });
+    const session = await storage.getSession(this.identity, sessionId);
+    if (!session) {
+      this.sendEvent({
+        level: "error",
+        message: `Session not found: ${sessionId}`,
+        timestamp: Date.now(),
+        metadata: { sessionId, identity: this.identity }
+      });
+      throw new Error("Session not found");
+    }
+    this.sendEvent({
+      level: "debug",
+      message: `Session found in Redis`,
+      timestamp: Date.now(),
+      metadata: {
+        sessionId,
+        serverId: session.serverId,
+        serverName: session.serverName,
+        serverUrl: session.serverUrl,
+        transportType: session.transportType
+      }
+    });
+    this.emitConnectionEvent({
+      type: "state_changed",
+      sessionId,
+      serverId: session.serverId || "unknown",
+      serverName: session.serverName || "Unknown",
+      state: "VALIDATING",
+      previousState: "DISCONNECTED",
+      timestamp: Date.now()
+    });
+    try {
+      const clientMetadata = await this.getResolvedClientMetadata();
+      const client = new MCPClient({
+        identity: this.identity,
+        sessionId,
+        ...clientMetadata
+        // Include metadata for consistency
+      });
+      client.onConnectionEvent((event) => {
+        this.emitConnectionEvent(event);
+      });
+      client.onObservabilityEvent((event) => {
+        this.sendEvent(event);
+      });
+      await client.connect();
+      this.clients.set(sessionId, client);
+      const tools = await client.listTools();
+      this.emitConnectionEvent({
+        type: "tools_discovered",
+        sessionId,
+        serverId: session.serverId || "unknown",
+        toolCount: tools.tools.length,
+        tools: tools.tools,
+        timestamp: Date.now()
+      });
+      return { success: true, toolCount: tools.tools.length };
+    } catch (error) {
+      this.emitConnectionEvent({
+        type: "error",
+        sessionId,
+        serverId: session.serverId || "unknown",
+        error: error instanceof Error ? error.message : "Validation failed",
+        errorType: "validation",
+        timestamp: Date.now()
+      });
+      throw error;
+    }
+  }
+  /**
+   * Complete OAuth authorization
+   */
+  async finishAuth(params) {
+    const { sessionId, code } = params;
+    this.sendEvent({
+      level: "debug",
+      message: `Completing OAuth for session ${sessionId}`,
+      timestamp: Date.now(),
+      metadata: { sessionId, identity: this.identity }
+    });
+    const session = await storage.getSession(this.identity, sessionId);
+    if (!session) {
+      throw new Error("Session not found");
+    }
+    this.emitConnectionEvent({
+      type: "state_changed",
+      sessionId,
+      serverId: session.serverId || "unknown",
+      serverName: session.serverName || "Unknown",
+      state: "AUTHENTICATING",
+      previousState: "DISCONNECTED",
+      timestamp: Date.now()
+    });
+    try {
+      const client = new MCPClient({
+        identity: this.identity,
+        sessionId
+      });
+      client.onConnectionEvent((event) => {
+        this.emitConnectionEvent(event);
+      });
+      await client.finishAuth(code);
+      this.clients.set(sessionId, client);
+      const tools = await client.listTools();
+      this.emitConnectionEvent({
+        type: "tools_discovered",
+        sessionId,
+        serverId: session.serverId || "unknown",
+        toolCount: tools.tools.length,
+        tools: tools.tools,
+        timestamp: Date.now()
+      });
+      return { success: true, toolCount: tools.tools.length };
+    } catch (error) {
+      this.emitConnectionEvent({
+        type: "error",
+        sessionId,
+        serverId: session.serverId || "unknown",
+        error: error instanceof Error ? error.message : "OAuth completion failed",
+        errorType: "auth",
+        timestamp: Date.now()
+      });
+      throw error;
+    }
+  }
+  /**
+   * List prompts from a session
+   */
+  async listPrompts(params) {
+    const { sessionId } = params;
+    const client = await this.getOrCreateClient(sessionId);
+    const result = await client.listPrompts();
+    return { prompts: result.prompts };
+  }
+  /**
+   * Get a specific prompt
+   */
+  async getPrompt(params) {
+    const { sessionId, name, args } = params;
+    const client = await this.getOrCreateClient(sessionId);
+    return await client.getPrompt(name, args);
+  }
+  /**
+   * List resources from a session
+   */
+  async listResources(params) {
+    const { sessionId } = params;
+    const client = await this.getOrCreateClient(sessionId);
+    const result = await client.listResources();
+    return { resources: result.resources };
+  }
+  /**
+   * Read a specific resource
+   */
+  async readResource(params) {
+    const { sessionId, uri } = params;
+    const client = await this.getOrCreateClient(sessionId);
+    return await client.readResource(uri);
+  }
+  /**
+   * Emit connection event
+   */
+  emitConnectionEvent(event) {
+    this.sendEvent(event);
+  }
+  /**
+   * Cleanup and close all connections
+   */
+  dispose() {
+    this.isActive = false;
+    if (this.heartbeatTimer) {
+      clearInterval(this.heartbeatTimer);
+    }
+    for (const client of this.clients.values()) {
+      client.disconnect();
+    }
+    this.clients.clear();
+  }
+};
+function createSSEHandler(options) {
+  return async (req, res) => {
+    res.writeHead(200, {
+      "Content-Type": "text/event-stream",
+      "Cache-Control": "no-cache",
+      "Connection": "keep-alive",
+      "Access-Control-Allow-Origin": "*"
+    });
+    sendSSE(res, "connected", { timestamp: Date.now() });
+    const manager = new SSEConnectionManager(options, (event) => {
+      if ("id" in event) {
+        sendSSE(res, "rpc-response", event);
+      } else if ("type" in event && "sessionId" in event) {
+        sendSSE(res, "connection", event);
+      } else {
+        sendSSE(res, "observability", event);
+      }
+    });
+    req.on("close", () => {
+      manager.dispose();
+    });
+    if (req.method === "POST") {
+      let body = "";
+      req.on("data", (chunk) => {
+        body += chunk.toString();
+      });
+      req.on("end", async () => {
+        try {
+          const request = JSON.parse(body);
+          await manager.handleRequest(request);
+        } catch (error) {
+          console.error("[SSE] Error handling request:", error);
+        }
+      });
+    }
+  };
+}
+function sendSSE(res, event, data) {
+  res.write(`event: ${event}
+`);
+  res.write(`data: ${JSON.stringify(data)}
+
+`);
+}
+
+// src/server/handlers/nextjs-handler.ts
+var managers = /* @__PURE__ */ new Map();
+function createNextMcpHandler(options = {}) {
+  const {
+    getIdentity = (request) => new URL(request.url).searchParams.get("identity"),
+    getAuthToken = (request) => {
+      const url = new URL(request.url);
+      return url.searchParams.get("token") || request.headers.get("authorization");
+    },
+    authenticate = () => true,
+    heartbeatInterval = 3e4,
+    clientDefaults,
+    getClientMetadata
+  } = options;
+  async function GET(request) {
+    const identity = getIdentity(request);
+    const authToken = getAuthToken(request);
+    if (!identity) {
+      return new Response("Missing identity", { status: 400 });
+    }
+    const isAuthorized = await authenticate(identity, authToken);
+    if (!isAuthorized) {
+      return new Response("Unauthorized", { status: 401 });
+    }
+    const stream = new TransformStream();
+    const writer = stream.writable.getWriter();
+    const encoder = new TextEncoder();
+    const sendSSE2 = (event, data) => {
+      const message = `event: ${event}
+data: ${JSON.stringify(data)}
+
+`;
+      writer.write(encoder.encode(message)).catch(() => {
+      });
+    };
+    sendSSE2("connected", { timestamp: Date.now() });
+    const previousManager = managers.get(identity);
+    if (previousManager) {
+      previousManager.dispose();
+    }
+    const resolvedClientMetadata = getClientMetadata ? await getClientMetadata(request) : clientDefaults;
+    const manager = new SSEConnectionManager(
+      {
+        identity,
+        heartbeatInterval,
+        clientDefaults: resolvedClientMetadata
+        // Pass resolved metadata
+      },
+      (event) => {
+        if ("id" in event) {
+          sendSSE2("rpc-response", event);
+        } else if ("type" in event && "sessionId" in event) {
+          sendSSE2("connection", event);
+        } else {
+          sendSSE2("observability", event);
+        }
+      }
+    );
+    managers.set(identity, manager);
+    const abortController = new AbortController();
+    request.signal?.addEventListener("abort", () => {
+      manager.dispose();
+      managers.delete(identity);
+      writer.close().catch(() => {
+      });
+      abortController.abort();
+    });
+    return new Response(stream.readable, {
+      status: 200,
+      headers: {
+        "Content-Type": "text/event-stream",
+        "Cache-Control": "no-cache, no-transform",
+        "Connection": "keep-alive",
+        "X-Accel-Buffering": "no"
+      }
+    });
+  }
+  async function POST(request) {
+    const identity = getIdentity(request);
+    const authToken = getAuthToken(request);
+    if (!identity) {
+      return Response.json({ error: { code: "MISSING_IDENTITY", message: "Missing identity" } }, { status: 400 });
+    }
+    const isAuthorized = await authenticate(identity, authToken);
+    if (!isAuthorized) {
+      return Response.json({ error: { code: "UNAUTHORIZED", message: "Unauthorized" } }, { status: 401 });
+    }
+    try {
+      const body = await request.json();
+      const manager = managers.get(identity);
+      if (!manager) {
+        return Response.json(
+          {
+            error: {
+              code: "NO_CONNECTION",
+              message: "No SSE connection found. Please establish SSE connection first."
+            }
+          },
+          { status: 400 }
+        );
+      }
+      await manager.handleRequest(body);
+      return Response.json({ acknowledged: true });
+    } catch (error) {
+      return Response.json(
+        {
+          error: {
+            code: "EXECUTION_ERROR",
+            message: error instanceof Error ? error.message : "Unknown error"
+          }
+        },
+        { status: 500 }
+      );
+    }
+  }
+  return { GET, POST };
+}
+var SSEClient = class {
+  constructor(options) {
+    this.options = options;
+    __publicField(this, "eventSource", null);
+    __publicField(this, "pendingRequests", /* @__PURE__ */ new Map());
+    __publicField(this, "reconnectAttempts", 0);
+    __publicField(this, "maxReconnectAttempts", 5);
+    __publicField(this, "reconnectDelay", 1e3);
+    __publicField(this, "isManuallyDisconnected", false);
+    __publicField(this, "connectionPromise", null);
+    __publicField(this, "connectionResolver", null);
+  }
+  /**
+   * Connect to SSE endpoint
+   */
+  connect() {
+    if (this.eventSource) {
+      return;
+    }
+    this.isManuallyDisconnected = false;
+    this.options.onStatusChange?.("connecting");
+    this.connectionPromise = new Promise((resolve) => {
+      this.connectionResolver = resolve;
+    });
+    const url = new URL(this.options.url, typeof window !== "undefined" ? window.location.origin : void 0);
+    url.searchParams.set("identity", this.options.identity);
+    if (this.options.authToken) {
+      url.searchParams.set("token", this.options.authToken);
+    }
+    this.eventSource = new EventSource(url.toString());
+    this.eventSource.addEventListener("open", () => {
+      console.log("[SSEClient] Connected");
+      this.reconnectAttempts = 0;
+      this.options.onStatusChange?.("connected");
+    });
+    this.eventSource.addEventListener("connected", (e) => {
+      const data = JSON.parse(e.data);
+      console.log("[SSEClient] Server ready:", data);
+      if (this.connectionResolver) {
+        this.connectionResolver();
+        this.connectionResolver = null;
+      }
+    });
+    this.eventSource.addEventListener("connection", (e) => {
+      const event = JSON.parse(e.data);
+      this.options.onConnectionEvent?.(event);
+    });
+    this.eventSource.addEventListener("observability", (e) => {
+      const event = JSON.parse(e.data);
+      this.options.onObservabilityEvent?.(event);
+    });
+    this.eventSource.addEventListener("rpc-response", (e) => {
+      const response = JSON.parse(e.data);
+      this.handleRpcResponse(response);
+    });
+    this.eventSource.addEventListener("error", () => {
+      console.error("[SSEClient] Connection error");
+      this.options.onStatusChange?.("error");
+      if (!this.isManuallyDisconnected && this.reconnectAttempts < this.maxReconnectAttempts) {
+        this.reconnectAttempts++;
+        console.log(`[SSEClient] Reconnecting (attempt ${this.reconnectAttempts})...`);
+        setTimeout(() => {
+          this.disconnect();
+          this.connect();
+        }, this.reconnectDelay * this.reconnectAttempts);
+      }
+    });
+  }
+  /**
+   * Disconnect from SSE endpoint
+   */
+  disconnect() {
+    this.isManuallyDisconnected = true;
+    if (this.eventSource) {
+      this.eventSource.close();
+      this.eventSource = null;
+    }
+    this.connectionPromise = null;
+    this.connectionResolver = null;
+    for (const [id, { reject }] of this.pendingRequests.entries()) {
+      const error = new Error("Connection closed");
+      error.name = "ConnectionClosedError";
+      reject(error);
+    }
+    this.pendingRequests.clear();
+    this.options.onStatusChange?.("disconnected");
+  }
+  /**
+   * Send RPC request via SSE
+   * Note: SSE is unidirectional (server->client), so we need to send requests via POST
+   */
+  async sendRequest(method, params) {
+    if (this.connectionPromise) {
+      await this.connectionPromise;
+    }
+    const id = `rpc_${nanoid(10)}`;
+    const request = {
+      id,
+      method,
+      params
+    };
+    const promise = new Promise((resolve, reject) => {
+      this.pendingRequests.set(id, { resolve, reject });
+      setTimeout(() => {
+        if (this.pendingRequests.has(id)) {
+          this.pendingRequests.delete(id);
+          reject(new Error("Request timeout"));
+        }
+      }, 3e4);
+    });
+    try {
+      const url = new URL(this.options.url, typeof window !== "undefined" ? window.location.origin : void 0);
+      url.searchParams.set("identity", this.options.identity);
+      await fetch(url.toString(), {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json",
+          ...this.options.authToken && { Authorization: `Bearer ${this.options.authToken}` }
+        },
+        body: JSON.stringify(request)
+      });
+    } catch (error) {
+      this.pendingRequests.delete(id);
+      throw error;
+    }
+    return promise;
+  }
+  /**
+   * Handle RPC response
+   */
+  handleRpcResponse(response) {
+    const pending = this.pendingRequests.get(response.id);
+    if (pending) {
+      this.pendingRequests.delete(response.id);
+      if (response.error) {
+        pending.reject(new Error(response.error.message));
+      } else {
+        pending.resolve(response.result);
+      }
+    }
+  }
+  /**
+   * Get all user sessions
+   */
+  async getSessions() {
+    return this.sendRequest("getSessions");
+  }
+  /**
+   * Connect to an MCP server
+   */
+  async connectToServer(params) {
+    return this.sendRequest("connect", params);
+  }
+  /**
+   * Disconnect from an MCP server
+   */
+  async disconnectFromServer(sessionId) {
+    return this.sendRequest("disconnect", { sessionId });
+  }
+  /**
+   * List tools from a session
+   */
+  async listTools(sessionId) {
+    return this.sendRequest("listTools", { sessionId });
+  }
+  /**
+   * Call a tool
+   */
+  async callTool(sessionId, toolName, toolArgs) {
+    return this.sendRequest("callTool", { sessionId, toolName, toolArgs });
+  }
+  /**
+   * Refresh/validate a session
+   */
+  async restoreSession(sessionId) {
+    return this.sendRequest("restoreSession", { sessionId });
+  }
+  /**
+   * Complete OAuth authorization
+   */
+  async finishAuth(sessionId, code) {
+    return this.sendRequest("finishAuth", { sessionId, code });
+  }
+  /**
+   * List available prompts
+   */
+  async listPrompts(sessionId) {
+    return this.sendRequest("listPrompts", { sessionId });
+  }
+  /**
+   * Get a specific prompt with arguments
+   */
+  async getPrompt(sessionId, name, args) {
+    return this.sendRequest("getPrompt", { sessionId, name, args });
+  }
+  /**
+   * List available resources
+   */
+  async listResources(sessionId) {
+    return this.sendRequest("listResources", { sessionId });
+  }
+  /**
+   * Read a specific resource
+   */
+  async readResource(sessionId, uri) {
+    return this.sendRequest("readResource", { sessionId, uri });
+  }
+  /**
+   * Check if connected
+   */
+  isConnected() {
+    return this.eventSource !== null && this.eventSource.readyState === EventSource.OPEN;
+  }
+};
+
+// src/shared/types.ts
+function isConnectSuccess(response) {
+  return "success" in response && response.success === true;
+}
+function isConnectAuthRequired(response) {
+  return "requiresAuth" in response && response.requiresAuth === true;
+}
+function isConnectError(response) {
+  return "error" in response;
+}
+function isListToolsSuccess(response) {
+  return "tools" in response;
+}
+function isCallToolSuccess(response) {
+  return "content" in response;
+}
+
+export { AuthenticationError, ConfigurationError, ConnectionError, DEFAULT_CLIENT_NAME, DEFAULT_CLIENT_URI, DEFAULT_HEARTBEAT_INTERVAL_MS, DEFAULT_LOGO_URI, DEFAULT_POLICY_URI, DisposableStore, Emitter, InvalidStateError, MCPClient, MCP_CLIENT_NAME, MCP_CLIENT_VERSION, McpError, MultiSessionClient, NotConnectedError, REDIS_KEY_PREFIX, RpcErrorCodes, SESSION_TTL_SECONDS, SOFTWARE_ID, SOFTWARE_VERSION, SSEClient, SSEConnectionManager, STATE_EXPIRATION_MS, SessionNotFoundError, SessionValidationError, StorageOAuthClientProvider, TOKEN_EXPIRY_BUFFER_MS, ToolExecutionError, UnauthorizedError, createNextMcpHandler, createSSEHandler, isCallToolSuccess, isConnectAuthRequired, isConnectError, isConnectSuccess, isListToolsSuccess, sanitizeServerLabel, storage };
+//# sourceMappingURL=index.mjs.map
+//# sourceMappingURL=index.mjs.map