@mcp-ts/sdk 1.3.2 → 1.3.3

package/dist/{multi-session-client-B1DBx5yR.d.mts → multi-session-client-DzjmT7FX.d.mts}

@@ -189,6 +189,7 @@ declare class MCPClient {
      * Saves current session state to storage
      * Creates new session if it doesn't exist, updates if it does
      * @param ttl - Time-to-live in seconds (defaults to 12hr for connected sessions)
+     * @param active - Session status marker used to avoid unnecessary TTL rewrites
      * @private
      */
     private saveSession;

package/dist/{multi-session-client-DyFzyJUx.d.ts → multi-session-client-FAFpUzZ4.d.ts}

@@ -189,6 +189,7 @@ declare class MCPClient {
      * Saves current session state to storage
      * Creates new session if it doesn't exist, updates if it does
      * @param ttl - Time-to-live in seconds (defaults to 12hr for connected sessions)
+     * @param active - Session status marker used to avoid unnecessary TTL rewrites
      * @private
      */
     private saveSession;

package/dist/server/index.d.mts

@@ -1,11 +1,11 @@
-export { M as MCPClient, a as MultiSessionClient, S as StorageOAuthClientProvider } from '../multi-session-client-B1DBx5yR.mjs';
+export { M as MCPClient, a as MultiSessionClient, S as StorageOAuthClientProvider } from '../multi-session-client-DzjmT7FX.mjs';
 export { U as UnauthorizedError, s as sanitizeServerLabel } from '../utils-0qmYrqoa.mjs';
 import { OAuthClientInformationMixed, OAuthTokens } from '@modelcontextprotocol/sdk/shared/auth.js';
 export { OAuthClientInformation, OAuthClientInformationFull, OAuthClientMetadata, OAuthTokens } from '@modelcontextprotocol/sdk/shared/auth.js';
 import { M as McpConnectionEvent, d as McpObservabilityEvent } from '../events-CK3N--3g.mjs';
 export { D as Disposable, E as Emitter, b as Event, c as McpConnectionState } from '../events-CK3N--3g.mjs';
-import { q as McpRpcResponse, p as McpRpcRequest } from '../types-PjM1W07s.mjs';
-export { a as CallToolRequest, b as CallToolResponse, f as ConnectRequest, g as ConnectResponse, m as ListToolsResponse, T as ToolInfo } from '../types-PjM1W07s.mjs';
+import { q as McpRpcResponse, p as McpRpcRequest } from '../types-CW6lghof.mjs';
+export { a as CallToolRequest, b as CallToolResponse, f as ConnectRequest, g as ConnectResponse, m as ListToolsResponse, T as ToolInfo } from '../types-CW6lghof.mjs';
 export { CallToolResult, ListToolsResult, Tool } from '@modelcontextprotocol/sdk/types.js';
 import '@modelcontextprotocol/sdk/client/auth.js';
 
@@ -19,6 +19,13 @@ interface SessionData {
     createdAt: number;
     identity: string;
     headers?: Record<string, string>;
+    /**
+     * Session status marker used for TTL transitions:
+     * - false: short-lived intermediate/error/auth-pending session state
+     *          (keep this value when connection/auth is incomplete or failed)
+     * - true: active long-lived session state after successful connection/auth completion
+     */
+    active?: boolean;
     clientInformation?: OAuthClientInformationMixed;
     tokens?: OAuthTokens;
     codeVerifier?: string;
@@ -220,8 +227,10 @@ declare function createSSEHandler(options: SSEHandlerOptions): (req: {
 }) => Promise<void>;
 
 /**
- * Next.js App Router Handler for MCP SSE
- * Provides a clean, zero-boilerplate API for Next.js applications
+ * Next.js App Router Handler for MCP
+ * Stateless transport for serverless environments:
+ * - POST + `Accept: text/event-stream` streams progress + rpc-response
+ * - POST + JSON accepts direct RPC result response
  */
 
 interface NextMcpHandlerOptions {
@@ -244,29 +253,15 @@ interface NextMcpHandlerOptions {
     heartbeatInterval?: number;
     /**
      * Static OAuth client metadata defaults (for all connections)
-     * Use this for single-tenant applications with fixed branding
      */
     clientDefaults?: ClientMetadata;
     /**
-     * Dynamic OAuth client metadata getter (per-request, useful for multi-tenant)
-     * Use this when you need different branding based on request (tenant, domain, etc.)
-     * Takes precedence over clientDefaults
+     * Dynamic OAuth client metadata getter (per-request)
      */
     getClientMetadata?: (request: Request) => ClientMetadata | Promise<ClientMetadata>;
 }
-/**
- * Creates Next.js App Router handlers (GET and POST) for MCP SSE endpoint
- *
- * @example
- * ```typescript
- * // app/api/mcp/route.ts
- * import { createNextMcpHandler } from '@mcp-ts/core/server';
- *
- * export const { GET, POST } = createNextMcpHandler();
- * ```
- */
 declare function createNextMcpHandler(options?: NextMcpHandlerOptions): {
-    GET: (request: Request) => Promise<Response>;
+    GET: () => Promise<Response>;
     POST: (request: Request) => Promise<Response>;
 };
 

package/dist/server/index.d.ts

@@ -1,11 +1,11 @@
-export { M as MCPClient, a as MultiSessionClient, S as StorageOAuthClientProvider } from '../multi-session-client-DyFzyJUx.js';
+export { M as MCPClient, a as MultiSessionClient, S as StorageOAuthClientProvider } from '../multi-session-client-FAFpUzZ4.js';
 export { U as UnauthorizedError, s as sanitizeServerLabel } from '../utils-0qmYrqoa.js';
 import { OAuthClientInformationMixed, OAuthTokens } from '@modelcontextprotocol/sdk/shared/auth.js';
 export { OAuthClientInformation, OAuthClientInformationFull, OAuthClientMetadata, OAuthTokens } from '@modelcontextprotocol/sdk/shared/auth.js';
 import { M as McpConnectionEvent, d as McpObservabilityEvent } from '../events-CK3N--3g.js';
 export { D as Disposable, E as Emitter, b as Event, c as McpConnectionState } from '../events-CK3N--3g.js';
-import { q as McpRpcResponse, p as McpRpcRequest } from '../types-PjM1W07s.js';
-export { a as CallToolRequest, b as CallToolResponse, f as ConnectRequest, g as ConnectResponse, m as ListToolsResponse, T as ToolInfo } from '../types-PjM1W07s.js';
+import { q as McpRpcResponse, p as McpRpcRequest } from '../types-CW6lghof.js';
+export { a as CallToolRequest, b as CallToolResponse, f as ConnectRequest, g as ConnectResponse, m as ListToolsResponse, T as ToolInfo } from '../types-CW6lghof.js';
 export { CallToolResult, ListToolsResult, Tool } from '@modelcontextprotocol/sdk/types.js';
 import '@modelcontextprotocol/sdk/client/auth.js';
 
@@ -19,6 +19,13 @@ interface SessionData {
     createdAt: number;
     identity: string;
     headers?: Record<string, string>;
+    /**
+     * Session status marker used for TTL transitions:
+     * - false: short-lived intermediate/error/auth-pending session state
+     *          (keep this value when connection/auth is incomplete or failed)
+     * - true: active long-lived session state after successful connection/auth completion
+     */
+    active?: boolean;
     clientInformation?: OAuthClientInformationMixed;
     tokens?: OAuthTokens;
     codeVerifier?: string;
@@ -220,8 +227,10 @@ declare function createSSEHandler(options: SSEHandlerOptions): (req: {
 }) => Promise<void>;
 
 /**
- * Next.js App Router Handler for MCP SSE
- * Provides a clean, zero-boilerplate API for Next.js applications
+ * Next.js App Router Handler for MCP
+ * Stateless transport for serverless environments:
+ * - POST + `Accept: text/event-stream` streams progress + rpc-response
+ * - POST + JSON accepts direct RPC result response
  */
 
 interface NextMcpHandlerOptions {
@@ -244,29 +253,15 @@ interface NextMcpHandlerOptions {
     heartbeatInterval?: number;
     /**
      * Static OAuth client metadata defaults (for all connections)
-     * Use this for single-tenant applications with fixed branding
      */
     clientDefaults?: ClientMetadata;
     /**
-     * Dynamic OAuth client metadata getter (per-request, useful for multi-tenant)
-     * Use this when you need different branding based on request (tenant, domain, etc.)
-     * Takes precedence over clientDefaults
+     * Dynamic OAuth client metadata getter (per-request)
      */
     getClientMetadata?: (request: Request) => ClientMetadata | Promise<ClientMetadata>;
 }
-/**
- * Creates Next.js App Router handlers (GET and POST) for MCP SSE endpoint
- *
- * @example
- * ```typescript
- * // app/api/mcp/route.ts
- * import { createNextMcpHandler } from '@mcp-ts/core/server';
- *
- * export const { GET, POST } = createNextMcpHandler();
- * ```
- */
 declare function createNextMcpHandler(options?: NextMcpHandlerOptions): {
-    GET: (request: Request) => Promise<Response>;
+    GET: () => Promise<Response>;
     POST: (request: Request) => Promise<Response>;
 };
 

package/dist/server/index.js

@@ -1254,7 +1254,8 @@ var MCPClient = class _MCPClient {
         serverUrl: this.serverUrl,
         callbackUrl: this.callbackUrl,
         transportType: this.transportType || "streamable_http",
-        createdAt: this.createdAt
+        createdAt: this.createdAt,
+        active: false
       }, Math.floor(STATE_EXPIRATION_MS / 1e3));
     }
   }
@@ -1262,9 +1263,10 @@ var MCPClient = class _MCPClient {
    * Saves current session state to storage
    * Creates new session if it doesn't exist, updates if it does
    * @param ttl - Time-to-live in seconds (defaults to 12hr for connected sessions)
+   * @param active - Session status marker used to avoid unnecessary TTL rewrites
    * @private
    */
-  async saveSession(ttl = SESSION_TTL_SECONDS) {
+  async saveSession(ttl = SESSION_TTL_SECONDS, active = true) {
     if (!this.sessionId || !this.serverId || !this.serverUrl || !this.callbackUrl) {
       return;
     }
@@ -1276,7 +1278,8 @@ var MCPClient = class _MCPClient {
       serverUrl: this.serverUrl,
       callbackUrl: this.callbackUrl,
       transportType: this.transportType || "streamable_http",
-      createdAt: this.createdAt || Date.now()
+      createdAt: this.createdAt || Date.now(),
+      active
     };
     const existingSession = await storage.getSession(this.identity, this.sessionId);
     if (existingSession) {
@@ -1350,15 +1353,17 @@ var MCPClient = class _MCPClient {
       this.emitStateChange("CONNECTED");
       this.emitProgress("Connected successfully");
       const existingSession = await storage.getSession(this.identity, this.sessionId);
-      if (!existingSession || existingSession.transportType !== this.transportType) {
-        console.log(`[MCPClient] Saving session ${this.sessionId} (new or transport changed)`);
-        await this.saveSession(SESSION_TTL_SECONDS);
+      const needsTransportUpdate = !existingSession || existingSession.transportType !== this.transportType;
+      const needsTtlPromotion = !existingSession || existingSession.active !== true;
+      if (needsTransportUpdate || needsTtlPromotion) {
+        console.log(`[MCPClient] Saving session ${this.sessionId} with 12hr TTL (connect success)`);
+        await this.saveSession(SESSION_TTL_SECONDS, true);
       }
     } catch (error) {
       if (error instanceof auth_js.UnauthorizedError || error instanceof Error && error.message.toLowerCase().includes("unauthorized")) {
         this.emitStateChange("AUTHENTICATING");
         console.log(`[MCPClient] Saving session ${this.sessionId} with 10min TTL (OAuth pending)`);
-        await this.saveSession(Math.floor(STATE_EXPIRATION_MS / 1e3));
+        await this.saveSession(Math.floor(STATE_EXPIRATION_MS / 1e3), false);
         let authUrl = "";
         if (this.oauthProvider) {
           authUrl = this.oauthProvider.authUrl || "";
@@ -1436,7 +1441,7 @@ var MCPClient = class _MCPClient {
         await this.client.connect(this.transport);
         this.emitStateChange("CONNECTED");
         console.log(`[MCPClient] Updating session ${this.sessionId} to 12hr TTL (OAuth complete)`);
-        await this.saveSession(SESSION_TTL_SECONDS);
+        await this.saveSession(SESSION_TTL_SECONDS, true);
         return;
       } catch (error) {
         lastError = error;
@@ -2101,7 +2106,8 @@ var SSEConnectionManager = class {
         serverName: s.serverName,
         serverUrl: s.serverUrl,
         transport: s.transportType,
-        createdAt: s.createdAt
+        createdAt: s.createdAt,
+        active: s.active !== false
       }))
     };
   }
@@ -2116,6 +2122,13 @@ var SSEConnectionManager = class {
       (s) => s.serverId === serverId || s.serverUrl === serverUrl
     );
     if (duplicate) {
+      if (duplicate.active === false) {
+        await this.restoreSession({ sessionId: duplicate.sessionId });
+        return {
+          sessionId: duplicate.sessionId,
+          success: true
+        };
+      }
       throw new Error(`Connection already exists for server: ${duplicate.serverUrl || duplicate.serverId} (${duplicate.serverName})`);
     }
     const sessionId = await storage.generateSessionId();
@@ -2441,7 +2454,9 @@ function writeSSEEvent(res, event, data) {
 }
 
 // src/server/handlers/nextjs-handler.ts
-var managers = /* @__PURE__ */ new Map();
+function isRpcResponseEvent(event) {
+  return "id" in event && ("result" in event || "error" in event);
+}
 function createNextMcpHandler(options = {}) {
   const {
     getIdentity = (request) => new URL(request.url).searchParams.get("identity"),
@@ -2454,72 +2469,29 @@ function createNextMcpHandler(options = {}) {
     clientDefaults,
     getClientMetadata
   } = options;
-  async function GET(request) {
-    const identity = getIdentity(request);
-    const authToken = getAuthToken(request);
-    if (!identity) {
-      return new Response("Missing identity", { status: 400 });
-    }
-    const isAuthorized = await authenticate(identity, authToken);
-    if (!isAuthorized) {
-      return new Response("Unauthorized", { status: 401 });
-    }
-    const stream = new TransformStream();
-    const writer = stream.writable.getWriter();
-    const encoder = new TextEncoder();
-    const sendSSE = (event, data) => {
-      const message = `event: ${event}
-data: ${JSON.stringify(data)}
-
-`;
-      writer.write(encoder.encode(message)).catch(() => {
-      });
-    };
-    const previousManager = managers.get(identity);
-    if (previousManager) {
-      previousManager.dispose();
-    }
-    const resolvedClientMetadata = getClientMetadata ? await getClientMetadata(request) : clientDefaults;
-    const manager = new SSEConnectionManager(
+  const toManagerOptions = (identity, resolvedClientMetadata) => ({
+    identity,
+    heartbeatInterval,
+    clientDefaults: resolvedClientMetadata
+  });
+  async function resolveClientMetadata(request) {
+    return getClientMetadata ? await getClientMetadata(request) : clientDefaults;
+  }
+  async function GET() {
+    return Response.json(
       {
-        identity,
-        heartbeatInterval,
-        clientDefaults: resolvedClientMetadata
-        // Pass resolved metadata
-      },
-      (event) => {
-        if ("id" in event) {
-          sendSSE("rpc-response", event);
-        } else if ("type" in event && "sessionId" in event) {
-          sendSSE("connection", event);
-        } else {
-          sendSSE("observability", event);
+        error: {
+          code: "METHOD_NOT_ALLOWED",
+          message: "Use POST /api/mcp. For streaming use Accept: text/event-stream."
         }
-      }
+      },
+      { status: 405 }
     );
-    managers.set(identity, manager);
-    sendSSE("connected", { timestamp: Date.now() });
-    const abortController = new AbortController();
-    request.signal?.addEventListener("abort", () => {
-      manager.dispose();
-      managers.delete(identity);
-      writer.close().catch(() => {
-      });
-      abortController.abort();
-    });
-    return new Response(stream.readable, {
-      status: 200,
-      headers: {
-        "Content-Type": "text/event-stream",
-        "Cache-Control": "no-cache, no-transform",
-        "Connection": "keep-alive",
-        "X-Accel-Buffering": "no"
-      }
-    });
   }
   async function POST(request) {
     const identity = getIdentity(request);
     const authToken = getAuthToken(request);
+    const acceptsEventStream = (request.headers.get("accept") || "").toLowerCase().includes("text/event-stream");
     if (!identity) {
       return Response.json({ error: { code: "MISSING_IDENTITY", message: "Missing identity" } }, { status: 400 });
     }
@@ -2527,28 +2499,103 @@ data: ${JSON.stringify(data)}
     if (!isAuthorized) {
       return Response.json({ error: { code: "UNAUTHORIZED", message: "Unauthorized" } }, { status: 401 });
     }
+    let rawBody = "";
     try {
-      const body = await request.json();
-      const manager = managers.get(identity);
-      if (!manager) {
+      rawBody = await request.text();
+      const body = rawBody ? JSON.parse(rawBody) : null;
+      if (!body || typeof body !== "object") {
         return Response.json(
           {
             error: {
-              code: "NO_CONNECTION",
-              message: "No SSE connection found. Please establish SSE connection first."
+              code: "INVALID_REQUEST",
+              message: "Invalid JSON-RPC request body"
             }
           },
           { status: 400 }
         );
       }
-      const response = await manager.handleRequest(body);
-      return Response.json(response);
+      const resolvedClientMetadata = await resolveClientMetadata(request);
+      if (!acceptsEventStream) {
+        const manager2 = new SSEConnectionManager(
+          toManagerOptions(identity, resolvedClientMetadata),
+          () => {
+          }
+        );
+        try {
+          const response = await manager2.handleRequest(body);
+          return Response.json(response);
+        } finally {
+          manager2.dispose();
+        }
+      }
+      const stream = new TransformStream();
+      const writer = stream.writable.getWriter();
+      const encoder = new TextEncoder();
+      let streamWritable = true;
+      const sendSSE = (event, data) => {
+        if (!streamWritable) return;
+        const message = `event: ${event}
+data: ${JSON.stringify(data)}
+
+`;
+        writer.write(encoder.encode(message)).catch(() => {
+          streamWritable = false;
+        });
+      };
+      const manager = new SSEConnectionManager(
+        toManagerOptions(identity, resolvedClientMetadata),
+        (event) => {
+          if (isRpcResponseEvent(event)) {
+            sendSSE("rpc-response", event);
+          } else if ("type" in event && "sessionId" in event) {
+            sendSSE("connection", event);
+          } else {
+            sendSSE("observability", event);
+          }
+        }
+      );
+      sendSSE("connected", { timestamp: Date.now() });
+      void (async () => {
+        try {
+          await manager.handleRequest(body);
+        } catch (error) {
+          const err = error instanceof Error ? error : new Error("Unknown error");
+          sendSSE("rpc-response", {
+            id: body.id || "unknown",
+            error: {
+              code: "EXECUTION_ERROR",
+              message: err.message
+            }
+          });
+        } finally {
+          streamWritable = false;
+          manager.dispose();
+          writer.close().catch(() => {
+          });
+        }
+      })();
+      return new Response(stream.readable, {
+        status: 200,
+        headers: {
+          "Content-Type": "text/event-stream",
+          "Cache-Control": "no-cache, no-transform",
+          "Connection": "keep-alive",
+          "X-Accel-Buffering": "no"
+        }
+      });
     } catch (error) {
+      const err = error instanceof Error ? error : new Error("Unknown error");
+      console.error("[MCP Next Handler] Failed to handle RPC", {
+        identity,
+        message: err.message,
+        stack: err.stack,
+        rawBody: rawBody.slice(0, 500)
+      });
       return Response.json(
         {
           error: {
             code: "EXECUTION_ERROR",
-            message: error instanceof Error ? error.message : "Unknown error"
+            message: err.message
           }
         },
         { status: 500 }