@mcp-ts/sdk 1.3.4 → 1.3.6

package/dist/index.mjs

@@ -120,10 +120,10 @@ var REDIS_KEY_PREFIX = "mcp:session:";
 var TOKEN_EXPIRY_BUFFER_MS = 5 * 60 * 1e3;
 var DEFAULT_CLIENT_NAME = "MCP Assistant";
 var DEFAULT_CLIENT_URI = "https://mcp-assistant.in";
-var DEFAULT_LOGO_URI = "https://mcp-assistant.in/logo.png";
+var DEFAULT_LOGO_URI = "https://mcp-assistant.in/logo.svg";
 var DEFAULT_POLICY_URI = "https://mcp-assistant.in/privacy";
 var SOFTWARE_ID = "@mcp-ts";
-var SOFTWARE_VERSION = "1.0.0-beta.5";
+var SOFTWARE_VERSION = "1.3.4";
 var MCP_CLIENT_NAME = "mcp-ts-oauth-client";
 var MCP_CLIENT_VERSION = "2.0";
 
@@ -141,6 +141,16 @@ var RedisStorageBackend = class {
     this.redis = redis2;
     __publicField(this, "DEFAULT_TTL", SESSION_TTL_SECONDS);
     __publicField(this, "KEY_PREFIX", "mcp:session:");
+    __publicField(this, "IDENTITY_KEY_PREFIX", "mcp:identity:");
+    __publicField(this, "IDENTITY_KEY_SUFFIX", ":sessions");
+  }
+  async init() {
+    try {
+      await this.redis.ping();
+      console.log("[mcp-ts][Storage] Redis: \u2713 Connected to server.");
+    } catch (error) {
+      throw new Error(`[RedisStorage] Failed to connect to Redis: ${error.message}`);
+    }
   }
   /**
    * Generates Redis key for a specific session
@@ -154,7 +164,34 @@ var RedisStorageBackend = class {
    * @private
    */
   getIdentityKey(identity) {
-    return `mcp:identity:${identity}:sessions`;
+    return `${this.IDENTITY_KEY_PREFIX}${identity}${this.IDENTITY_KEY_SUFFIX}`;
+  }
+  parseIdentityFromKey(identityKey) {
+    return identityKey.slice(
+      this.IDENTITY_KEY_PREFIX.length,
+      identityKey.length - this.IDENTITY_KEY_SUFFIX.length
+    );
+  }
+  async scanKeys(pattern) {
+    const redis2 = this.redis;
+    if (typeof redis2.scan !== "function") {
+      return await this.redis.keys(pattern);
+    }
+    const keys = /* @__PURE__ */ new Set();
+    let cursor = "0";
+    try {
+      do {
+        const [nextCursor, batch] = await redis2.scan(cursor, "MATCH", pattern, "COUNT", 100);
+        cursor = nextCursor;
+        for (const key of batch) {
+          keys.add(key);
+        }
+      } while (cursor !== "0");
+    } catch (error) {
+      console.warn("[RedisStorage] SCAN failed, falling back to KEYS:", error);
+      return await this.redis.keys(pattern);
+    }
+    return Array.from(keys);
   }
   generateSessionId() {
     return firstChar() + rest();
@@ -222,17 +259,13 @@ var RedisStorageBackend = class {
     }
   }
   async getIdentityMcpSessions(identity) {
-    const identityKey = this.getIdentityKey(identity);
-    try {
-      return await this.redis.smembers(identityKey);
-    } catch (error) {
-      console.error(`[RedisStorage] Failed to get sessions for ${identity}:`, error);
-      return [];
-    }
+    const sessions = await this.getIdentitySessionsData(identity);
+    return sessions.map((session) => session.sessionId);
   }
   async getIdentitySessionsData(identity) {
     try {
-      const sessionIds = await this.redis.smembers(this.getIdentityKey(identity));
+      const identityKey = this.getIdentityKey(identity);
+      const sessionIds = await this.redis.smembers(identityKey);
       if (sessionIds.length === 0) return [];
       const results = await Promise.all(
         sessionIds.map(async (sessionId) => {
@@ -240,6 +273,10 @@ var RedisStorageBackend = class {
           return data ? JSON.parse(data) : null;
         })
       );
+      const staleSessionIds = sessionIds.filter((_, index) => results[index] === null);
+      if (staleSessionIds.length > 0) {
+        await this.redis.srem(identityKey, ...staleSessionIds);
+      }
       return results.filter((session) => session !== null);
     } catch (error) {
       console.error(`[RedisStorage] Failed to get session data for ${identity}:`, error);
@@ -258,9 +295,22 @@ var RedisStorageBackend = class {
   }
   async getAllSessionIds() {
     try {
-      const pattern = `${this.KEY_PREFIX}*`;
-      const keys = await this.redis.keys(pattern);
-      return keys.map((key) => key.replace(this.KEY_PREFIX, ""));
+      const keys = await this.scanKeys(`${this.KEY_PREFIX}*`);
+      const sessions = await Promise.all(
+        keys.map(async (key) => {
+          const data = await this.redis.get(key);
+          if (!data) {
+            return null;
+          }
+          try {
+            return JSON.parse(data).sessionId;
+          } catch (error) {
+            console.error("[RedisStorage] Failed to parse session while listing all session IDs:", error);
+            return null;
+          }
+        })
+      );
+      return sessions.filter((sessionId) => sessionId !== null);
     } catch (error) {
       console.error("[RedisStorage] Failed to get all sessions:", error);
       return [];
@@ -268,10 +318,11 @@ var RedisStorageBackend = class {
   }
   async clearAll() {
     try {
-      const pattern = `${this.KEY_PREFIX}*`;
-      const keys = await this.redis.keys(pattern);
-      if (keys.length > 0) {
-        await this.redis.del(...keys);
+      const keys = await this.scanKeys(`${this.KEY_PREFIX}*`);
+      const identityKeys = await this.scanKeys(`${this.IDENTITY_KEY_PREFIX}*${this.IDENTITY_KEY_SUFFIX}`);
+      const allKeys = [...keys, ...identityKeys];
+      if (allKeys.length > 0) {
+        await this.redis.del(...allKeys);
       }
     } catch (error) {
       console.error("[RedisStorage] Failed to clear sessions:", error);
@@ -279,12 +330,24 @@ var RedisStorageBackend = class {
   }
   async cleanupExpiredSessions() {
     try {
-      const pattern = `${this.KEY_PREFIX}*`;
-      const keys = await this.redis.keys(pattern);
-      for (const key of keys) {
-        const ttl = await this.redis.ttl(key);
-        if (ttl <= 0) {
-          await this.redis.del(key);
+      const identityKeys = await this.scanKeys(`${this.IDENTITY_KEY_PREFIX}*${this.IDENTITY_KEY_SUFFIX}`);
+      for (const identityKey of identityKeys) {
+        const identity = this.parseIdentityFromKey(identityKey);
+        const sessionIds = await this.redis.smembers(identityKey);
+        if (sessionIds.length === 0) {
+          await this.redis.del(identityKey);
+          continue;
+        }
+        const existenceChecks = await Promise.all(
+          sessionIds.map((sessionId) => this.redis.exists(this.getSessionKey(identity, sessionId)))
+        );
+        const staleSessionIds = sessionIds.filter((_, index) => existenceChecks[index] === 0);
+        if (staleSessionIds.length > 0) {
+          await this.redis.srem(identityKey, ...staleSessionIds);
+        }
+        const remainingCount = await this.redis.scard(identityKey);
+        if (remainingCount === 0) {
+          await this.redis.del(identityKey);
         }
       }
     } catch (error) {
@@ -314,6 +377,9 @@ var MemoryStorageBackend = class {
     // Map<identity, Set<sessionId>>
     __publicField(this, "identitySessions", /* @__PURE__ */ new Map());
   }
+  async init() {
+    console.log("[mcp-ts][Storage] Memory: \u2713 internal memory store active.");
+  }
   getSessionKey(identity, sessionId) {
     return `${identity}:${sessionId}`;
   }
@@ -433,6 +499,7 @@ var FileStorageBackend = class {
       }
     }
     this.initialized = true;
+    console.log(`[mcp-ts][Storage] File: \u2713 storage directory at ${path.dirname(this.filePath)} verified.`);
   }
   async ensureInitialized() {
     if (!this.initialized) await this.init();
@@ -537,6 +604,7 @@ var SqliteStorage = class {
                 CREATE INDEX IF NOT EXISTS idx_${this.table}_identity ON ${this.table}(identity);
             `);
       this.initialized = true;
+      console.log(`[mcp-ts][Storage] SQLite: \u2713 database at ${this.dbPath} verified.`);
     } catch (error) {
       if (error.code === "MODULE_NOT_FOUND" || error.message?.includes("better-sqlite3")) {
         throw new Error(
@@ -652,9 +720,166 @@ var SqliteStorage = class {
   }
 };
 
+// src/server/storage/supabase-backend.ts
+var SupabaseStorageBackend = class {
+  constructor(supabase) {
+    this.supabase = supabase;
+    __publicField(this, "DEFAULT_TTL", SESSION_TTL_SECONDS);
+  }
+  async init() {
+    const { error } = await this.supabase.from("mcp_sessions").select("session_id").limit(0);
+    if (error) {
+      if (error.code === "42P01") {
+        throw new Error(
+          '[SupabaseStorage] Table "mcp_sessions" not found in your database. Please run "npx mcp-ts supabase-init" in your project to set up the required table and RLS policies.'
+        );
+      }
+      throw new Error(`[SupabaseStorage] Initialization check failed: ${error.message}`);
+    }
+    console.log('[mcp-ts][Storage] Supabase: \u2713 "mcp_sessions" table verified.');
+  }
+  generateSessionId() {
+    return crypto.randomUUID();
+  }
+  mapRowToSessionData(row) {
+    return {
+      sessionId: row.session_id,
+      serverId: row.server_id,
+      serverName: row.server_name,
+      serverUrl: row.server_url,
+      transportType: row.transport_type,
+      callbackUrl: row.callback_url,
+      createdAt: new Date(row.created_at).getTime(),
+      identity: row.identity,
+      headers: row.headers,
+      active: row.active,
+      clientInformation: row.client_information,
+      tokens: row.tokens,
+      codeVerifier: row.code_verifier,
+      clientId: row.client_id
+    };
+  }
+  async createSession(session, ttl) {
+    const { sessionId, identity } = session;
+    if (!sessionId || !identity) throw new Error("identity and sessionId required");
+    const effectiveTtl = ttl ?? this.DEFAULT_TTL;
+    const expiresAt = new Date(Date.now() + effectiveTtl * 1e3).toISOString();
+    const { error } = await this.supabase.from("mcp_sessions").insert({
+      session_id: sessionId,
+      user_id: identity,
+      // Maps user_id to identity to support RLS using auth.uid()
+      server_id: session.serverId,
+      server_name: session.serverName,
+      server_url: session.serverUrl,
+      transport_type: session.transportType,
+      callback_url: session.callbackUrl,
+      created_at: new Date(session.createdAt || Date.now()).toISOString(),
+      identity,
+      headers: session.headers,
+      active: session.active ?? false,
+      client_information: session.clientInformation,
+      tokens: session.tokens,
+      code_verifier: session.codeVerifier,
+      client_id: session.clientId,
+      expires_at: expiresAt
+    });
+    if (error) {
+      if (error.code === "23505") {
+        throw new Error(`Session ${sessionId} already exists`);
+      }
+      throw new Error(`Failed to create session in Supabase: ${error.message}`);
+    }
+  }
+  async updateSession(identity, sessionId, data, ttl) {
+    const effectiveTtl = ttl ?? this.DEFAULT_TTL;
+    const expiresAt = new Date(Date.now() + effectiveTtl * 1e3).toISOString();
+    const updateData = {
+      expires_at: expiresAt,
+      updated_at: (/* @__PURE__ */ new Date()).toISOString()
+    };
+    if ("serverId" in data) updateData.server_id = data.serverId;
+    if ("serverName" in data) updateData.server_name = data.serverName;
+    if ("serverUrl" in data) updateData.server_url = data.serverUrl;
+    if ("transportType" in data) updateData.transport_type = data.transportType;
+    if ("callbackUrl" in data) updateData.callback_url = data.callbackUrl;
+    if ("active" in data) updateData.active = data.active;
+    if ("headers" in data) updateData.headers = data.headers;
+    if ("clientInformation" in data) updateData.client_information = data.clientInformation;
+    if ("tokens" in data) updateData.tokens = data.tokens;
+    if ("codeVerifier" in data) updateData.code_verifier = data.codeVerifier;
+    if ("clientId" in data) updateData.client_id = data.clientId;
+    const { data: updatedRows, error } = await this.supabase.from("mcp_sessions").update(updateData).eq("identity", identity).eq("session_id", sessionId).select("id");
+    if (error) {
+      throw new Error(`Failed to update session: ${error.message}`);
+    }
+    if (!updatedRows || updatedRows.length === 0) {
+      throw new Error(`Session ${sessionId} not found for identity ${identity}`);
+    }
+  }
+  async getSession(identity, sessionId) {
+    const { data, error } = await this.supabase.from("mcp_sessions").select("*").eq("identity", identity).eq("session_id", sessionId).maybeSingle();
+    if (error) {
+      console.error("[SupabaseStorage] Failed to get session:", error);
+      return null;
+    }
+    if (!data) return null;
+    return this.mapRowToSessionData(data);
+  }
+  async getIdentitySessionsData(identity) {
+    const { data, error } = await this.supabase.from("mcp_sessions").select("*").eq("identity", identity);
+    if (error) {
+      console.error(`[SupabaseStorage] Failed to get session data for ${identity}:`, error);
+      return [];
+    }
+    return data.map((row) => this.mapRowToSessionData(row));
+  }
+  async removeSession(identity, sessionId) {
+    const { error } = await this.supabase.from("mcp_sessions").delete().eq("identity", identity).eq("session_id", sessionId);
+    if (error) {
+      console.error("[SupabaseStorage] Failed to remove session:", error);
+    }
+  }
+  async getIdentityMcpSessions(identity) {
+    const { data, error } = await this.supabase.from("mcp_sessions").select("session_id").eq("identity", identity);
+    if (error) {
+      console.error(`[SupabaseStorage] Failed to get sessions for ${identity}:`, error);
+      return [];
+    }
+    return data.map((row) => row.session_id);
+  }
+  async getAllSessionIds() {
+    const { data, error } = await this.supabase.from("mcp_sessions").select("session_id");
+    if (error) {
+      console.error("[SupabaseStorage] Failed to get all sessions:", error);
+      return [];
+    }
+    return data.map((row) => row.session_id);
+  }
+  async clearAll() {
+    const { error } = await this.supabase.from("mcp_sessions").delete().neq("session_id", "");
+    if (error) {
+      console.error("[SupabaseStorage] Failed to clear sessions:", error);
+    }
+  }
+  async cleanupExpiredSessions() {
+    const { error } = await this.supabase.from("mcp_sessions").delete().lt("expires_at", (/* @__PURE__ */ new Date()).toISOString());
+    if (error) {
+      console.error("[SupabaseStorage] Failed to cleanup expired sessions:", error);
+    }
+  }
+  async disconnect() {
+  }
+};
+
 // src/server/storage/index.ts
 var storageInstance = null;
 var storagePromise = null;
+async function initializeStorage(store) {
+  if (typeof store.init === "function") {
+    await store.init();
+  }
+  return store;
+}
 async function createStorage() {
   const type = process.env.MCP_TS_STORAGE_TYPE?.toLowerCase();
   if (type === "redis") {
@@ -664,68 +889,95 @@ async function createStorage() {
     try {
       const { getRedis: getRedis2 } = await Promise.resolve().then(() => (init_redis(), redis_exports));
       const redis2 = await getRedis2();
-      console.log("[Storage] Using Redis storage (Explicit)");
-      return new RedisStorageBackend(redis2);
+      console.log('[mcp-ts][Storage] Explicit selection: "redis"');
+      return await initializeStorage(new RedisStorageBackend(redis2));
     } catch (error) {
-      console.error("[Storage] Failed to initialize Redis:", error.message);
-      console.log("[Storage] Falling back to In-Memory storage");
-      return new MemoryStorageBackend();
+      console.error("[mcp-ts][Storage] Failed to initialize Redis:", error.message);
+      console.log("[mcp-ts][Storage] Falling back to In-Memory storage");
+      return await initializeStorage(new MemoryStorageBackend());
     }
   }
   if (type === "file") {
     const filePath = process.env.MCP_TS_STORAGE_FILE;
-    if (!filePath) {
-      console.warn('[Storage] MCP_TS_STORAGE_TYPE is "file" but MCP_TS_STORAGE_FILE is missing');
-    }
-    console.log(`[Storage] Using File storage (${filePath}) (Explicit)`);
-    const store = new FileStorageBackend({ path: filePath });
-    store.init().catch((err) => console.error("[Storage] Failed to initialize file storage:", err));
-    return store;
+    console.log(`[mcp-ts][Storage] Explicit selection: "file" (${filePath || "default"})`);
+    return await initializeStorage(new FileStorageBackend({ path: filePath }));
   }
   if (type === "sqlite") {
     const dbPath = process.env.MCP_TS_STORAGE_SQLITE_PATH;
-    console.log(`[Storage] Using SQLite storage (${dbPath || "default"}) (Explicit)`);
-    const store = new SqliteStorage({ path: dbPath });
-    store.init().catch((err) => console.error("[Storage] Failed to initialize SQLite storage:", err));
-    return store;
+    console.log(`[mcp-ts][Storage] Explicit selection: "sqlite" (${dbPath || "default"})`);
+    return await initializeStorage(new SqliteStorage({ path: dbPath }));
+  }
+  if (type === "supabase") {
+    const url = process.env.SUPABASE_URL;
+    const key = process.env.SUPABASE_SERVICE_ROLE_KEY || process.env.SUPABASE_ANON_KEY;
+    if (!url || !key) {
+      console.warn('[mcp-ts][Storage] Explicit selection "supabase" requires SUPABASE_URL and SUPABASE_SERVICE_ROLE_KEY.');
+    } else {
+      if (!process.env.SUPABASE_SERVICE_ROLE_KEY) {
+        console.warn('[mcp-ts][Storage] \u26A0\uFE0F  Warning: Using "SUPABASE_ANON_KEY" for server-side storage. You may encounter RLS policy violations. "SUPABASE_SERVICE_ROLE_KEY" is recommended.');
+      }
+      try {
+        const { createClient } = await import('@supabase/supabase-js');
+        const client = createClient(url, key);
+        console.log('[mcp-ts][Storage] Explicit selection: "supabase"');
+        return await initializeStorage(new SupabaseStorageBackend(client));
+      } catch (error) {
+        console.error("[mcp-ts][Storage] Failed to initialize Supabase:", error.message);
+        console.log("[mcp-ts][Storage] Falling back to In-Memory storage");
+        return await initializeStorage(new MemoryStorageBackend());
+      }
+    }
   }
   if (type === "memory") {
-    console.log("[Storage] Using In-Memory storage (Explicit)");
-    return new MemoryStorageBackend();
+    console.log('[mcp-ts][Storage] Explicit selection: "memory"');
+    return await initializeStorage(new MemoryStorageBackend());
   }
   if (process.env.REDIS_URL) {
     try {
       const { getRedis: getRedis2 } = await Promise.resolve().then(() => (init_redis(), redis_exports));
       const redis2 = await getRedis2();
-      console.log("[Storage] Auto-detected REDIS_URL. Using Redis storage.");
-      return new RedisStorageBackend(redis2);
+      console.log('[mcp-ts][Storage] Auto-detection: "redis" (via REDIS_URL)');
+      return await initializeStorage(new RedisStorageBackend(redis2));
     } catch (error) {
-      console.error("[Storage] Redis auto-detection failed:", error.message);
-      console.log("[Storage] Falling back to In-Memory storage");
-      return new MemoryStorageBackend();
+      console.error("[mcp-ts][Storage] Redis auto-detection failed:", error.message);
+      console.log("[mcp-ts][Storage] Falling back to next available backend");
     }
   }
   if (process.env.MCP_TS_STORAGE_FILE) {
-    console.log(`[Storage] Auto-detected MCP_TS_STORAGE_FILE. Using File storage (${process.env.MCP_TS_STORAGE_FILE}).`);
-    const store = new FileStorageBackend({ path: process.env.MCP_TS_STORAGE_FILE });
-    store.init().catch((err) => console.error("[Storage] Failed to initialize file storage:", err));
-    return store;
+    console.log(`[mcp-ts][Storage] Auto-detection: "file" (${process.env.MCP_TS_STORAGE_FILE})`);
+    return await initializeStorage(new FileStorageBackend({ path: process.env.MCP_TS_STORAGE_FILE }));
   }
   if (process.env.MCP_TS_STORAGE_SQLITE_PATH) {
-    console.log(`[Storage] Auto-detected MCP_TS_STORAGE_SQLITE_PATH. Using SQLite storage (${process.env.MCP_TS_STORAGE_SQLITE_PATH}).`);
-    const store = new SqliteStorage({ path: process.env.MCP_TS_STORAGE_SQLITE_PATH });
-    store.init().catch((err) => console.error("[Storage] Failed to initialize SQLite storage:", err));
-    return store;
+    console.log(`[mcp-ts][Storage] Auto-detection: "sqlite" (${process.env.MCP_TS_STORAGE_SQLITE_PATH})`);
+    return await initializeStorage(new SqliteStorage({ path: process.env.MCP_TS_STORAGE_SQLITE_PATH }));
   }
-  console.log("[Storage] No storage configured. Using In-Memory storage (Default).");
-  return new MemoryStorageBackend();
+  if (process.env.SUPABASE_URL && (process.env.SUPABASE_SERVICE_ROLE_KEY || process.env.SUPABASE_ANON_KEY)) {
+    try {
+      const { createClient } = await import('@supabase/supabase-js');
+      const url = process.env.SUPABASE_URL;
+      const key = process.env.SUPABASE_SERVICE_ROLE_KEY || process.env.SUPABASE_ANON_KEY;
+      if (!process.env.SUPABASE_SERVICE_ROLE_KEY) {
+        console.warn('[mcp-ts][Storage] \u26A0\uFE0F Warning: Using "SUPABASE_ANON_KEY" for server-side storage. You may encounter RLS policy violations. "SUPABASE_SERVICE_ROLE_KEY" is recommended.');
+      }
+      const client = createClient(url, key);
+      console.log('[mcp-ts][Storage] Auto-detection: "supabase" (via SUPABASE_URL)');
+      return await initializeStorage(new SupabaseStorageBackend(client));
+    } catch (error) {
+      console.error("[mcp-ts][Storage] Supabase auto-detection failed:", error.message);
+    }
+  }
+  console.log('[mcp-ts][Storage] Defaulting to: "memory"');
+  return await initializeStorage(new MemoryStorageBackend());
 }
 async function getStorage() {
   if (storageInstance) {
     return storageInstance;
   }
   if (!storagePromise) {
-    storagePromise = createStorage();
+    storagePromise = createStorage().catch((error) => {
+      storagePromise = null;
+      throw error;
+    });
   }
   storageInstance = await storagePromise;
   return storageInstance;
@@ -746,43 +998,49 @@ var storage = new Proxy({}, {
 // src/server/mcp/storage-oauth-provider.ts
 var StorageOAuthClientProvider = class {
   /**
-   * Creates a new Storage-backed OAuth provider
-   * @param identity - User/Client identifier
-   * @param serverId - Server identifier (for tracking which server this OAuth session belongs to)
-   * @param sessionId - Session identifier (used as OAuth state)
-   * @param clientName - OAuth client name
-   * @param baseRedirectUrl - OAuth callback URL
-   * @param onRedirect - Optional callback when redirect to authorization is needed
+   * Creates a new storage-backed OAuth provider
+   * @param options - Provider configuration
    */
-  constructor(identity, serverId, sessionId, clientName, baseRedirectUrl, onRedirect) {
-    this.identity = identity;
-    this.serverId = serverId;
-    this.sessionId = sessionId;
-    this.clientName = clientName;
-    this.baseRedirectUrl = baseRedirectUrl;
+  constructor(options) {
+    __publicField(this, "identity");
+    __publicField(this, "serverId");
+    __publicField(this, "sessionId");
+    __publicField(this, "redirectUrl");
+    __publicField(this, "clientName");
+    __publicField(this, "clientUri");
+    __publicField(this, "logoUri");
+    __publicField(this, "policyUri");
+    __publicField(this, "clientSecret");
     __publicField(this, "_authUrl");
     __publicField(this, "_clientId");
     __publicField(this, "onRedirectCallback");
     __publicField(this, "tokenExpiresAt");
-    this.onRedirectCallback = onRedirect;
+    this.identity = options.identity;
+    this.serverId = options.serverId;
+    this.sessionId = options.sessionId;
+    this.redirectUrl = options.redirectUrl;
+    this.clientName = options.clientName;
+    this.clientUri = options.clientUri;
+    this.logoUri = options.logoUri;
+    this.policyUri = options.policyUri;
+    this._clientId = options.clientId;
+    this.clientSecret = options.clientSecret;
+    this.onRedirectCallback = options.onRedirect;
   }
   get clientMetadata() {
     return {
-      client_name: this.clientName,
-      client_uri: this.clientUri,
+      client_name: this.clientName || DEFAULT_CLIENT_NAME,
+      client_uri: this.clientUri || DEFAULT_CLIENT_URI,
+      logo_uri: this.logoUri || DEFAULT_LOGO_URI,
+      policy_uri: this.policyUri || DEFAULT_POLICY_URI,
       grant_types: ["authorization_code", "refresh_token"],
       redirect_uris: [this.redirectUrl],
       response_types: ["code"],
-      token_endpoint_auth_method: "none",
-      ...this._clientId ? { client_id: this._clientId } : {}
+      token_endpoint_auth_method: this.clientSecret ? "client_secret_basic" : "none",
+      software_id: SOFTWARE_ID,
+      software_version: SOFTWARE_VERSION
     };
   }
-  get clientUri() {
-    return new URL(this.redirectUrl).origin;
-  }
-  get redirectUrl() {
-    return this.baseRedirectUrl;
-  }
   get clientId() {
     return this._clientId;
   }
@@ -817,7 +1075,16 @@ var StorageOAuthClientProvider = class {
     if (data.clientId && !this._clientId) {
       this._clientId = data.clientId;
     }
-    return data.clientInformation;
+    if (data.clientInformation) {
+      return data.clientInformation;
+    }
+    if (!this._clientId) {
+      return void 0;
+    }
+    return {
+      client_id: this._clientId,
+      ...this.clientSecret ? { client_secret: this.clientSecret } : {}
+    };
   }
   /**
    * Stores OAuth client information
@@ -845,14 +1112,14 @@ var StorageOAuthClientProvider = class {
   async state() {
     return this.sessionId;
   }
-  async checkState(state) {
+  async checkState(_state) {
     const data = await storage.getSession(this.identity, this.sessionId);
     if (!data) {
       return { valid: false, error: "Session not found" };
     }
     return { valid: true, serverId: this.serverId };
   }
-  async consumeState(state) {
+  async consumeState(_state) {
   }
   async redirectToAuthorization(authUrl) {
     this._authUrl = authUrl.toString();
@@ -864,7 +1131,6 @@ var StorageOAuthClientProvider = class {
     if (scope === "all") {
       await storage.removeSession(this.identity, this.sessionId);
     } else {
-      await this.getSessionData();
       const updates = {};
       if (scope === "client") {
         updates.clientInformation = void 0;
@@ -1252,41 +1518,33 @@ var MCPClient = class _MCPClient {
     if (!this.serverUrl || !this.callbackUrl || !this.serverId) {
       throw new Error("Missing required connection metadata");
     }
-    const clientMetadata = {
-      client_name: this.clientName || "MCP Assistant",
-      redirect_uris: [this.callbackUrl],
-      token_endpoint_auth_method: this.clientSecret ? "client_secret_basic" : "none",
-      client_uri: this.clientUri || "https://mcp-assistant.in",
-      logo_uri: this.logoUri || "https://mcp-assistant.in/logo.png",
-      policy_uri: this.policyUri || "https://mcp-assistant.in/privacy",
-      ...this.clientId ? { client_id: this.clientId } : {},
-      ...this.clientSecret ? { client_secret: this.clientSecret } : {}
-    };
     if (!this.oauthProvider) {
       if (!this.serverId) {
         throw new Error("serverId required for OAuth provider initialization");
       }
-      this.oauthProvider = new StorageOAuthClientProvider(
-        this.identity,
-        this.serverId,
-        this.sessionId,
-        clientMetadata.client_name ?? "MCP Assistant",
-        this.callbackUrl,
-        (redirectUrl) => {
+      this.oauthProvider = new StorageOAuthClientProvider({
+        identity: this.identity,
+        serverId: this.serverId,
+        sessionId: this.sessionId,
+        redirectUrl: this.callbackUrl,
+        clientName: this.clientName,
+        clientUri: this.clientUri,
+        logoUri: this.logoUri,
+        policyUri: this.policyUri,
+        clientId: this.clientId,
+        clientSecret: this.clientSecret,
+        onRedirect: (redirectUrl) => {
           if (this.onRedirect) {
             this.onRedirect(redirectUrl);
           }
         }
-      );
-      if (this.clientId && this.oauthProvider) {
-        this.oauthProvider.clientId = this.clientId;
-      }
+      });
     }
     if (!this.client) {
       this.client = new Client(
         {
-          name: "mcp-ts-oauth-client",
-          version: "2.0"
+          name: MCP_CLIENT_NAME,
+          version: MCP_CLIENT_VERSION
         },
         {
           capabilities: {
@@ -1481,8 +1739,8 @@ var MCPClient = class _MCPClient {
         this.emitProgress("Creating authenticated client...");
         this.client = new Client(
           {
-            name: "mcp-ts-oauth-client",
-            version: "2.0"
+            name: MCP_CLIENT_NAME,
+            version: MCP_CLIENT_VERSION
           },
           {
             capabilities: {
@@ -1777,8 +2035,8 @@ var MCPClient = class _MCPClient {
     }
     this.client = new Client(
       {
-        name: "mcp-ts-oauth-client",
-        version: "2.0"
+        name: MCP_CLIENT_NAME,
+        version: MCP_CLIENT_VERSION
       },
       { capabilities: {} }
     );
@@ -2047,6 +2305,27 @@ var MultiSessionClient = class {
   }
 };
 
+// src/shared/event-routing.ts
+function isRpcResponseEvent(event) {
+  return "id" in event && ("result" in event || "error" in event);
+}
+function isConnectionEvent(event) {
+  if (!("type" in event)) {
+    return false;
+  }
+  switch (event.type) {
+    case "state_changed":
+    case "tools_discovered":
+    case "auth_required":
+    case "error":
+    case "disconnected":
+    case "progress":
+      return true;
+    default:
+      return false;
+  }
+}
+
 // src/server/handlers/sse-handler.ts
 var DEFAULT_HEARTBEAT_INTERVAL = 3e4;
 var SSEConnectionManager = class {
@@ -2189,16 +2468,6 @@ var SSEConnectionManager = class {
       throw new Error(`Connection already exists for server: ${duplicate.serverUrl || duplicate.serverId} (${duplicate.serverName})`);
     }
     const sessionId = await storage.generateSessionId();
-    this.emitConnectionEvent({
-      type: "state_changed",
-      sessionId,
-      serverId,
-      serverName,
-      serverUrl,
-      state: "CONNECTING",
-      previousState: "DISCONNECTED",
-      timestamp: Date.now()
-    });
     try {
       const clientMetadata = await this.getResolvedClientMetadata();
       const client = new MCPClient({
@@ -2209,17 +2478,8 @@ var SSEConnectionManager = class {
         serverUrl,
         callbackUrl,
         transportType,
-        ...clientMetadata,
+        ...clientMetadata
         // Spread client metadata (clientName, clientUri, logoUri, policyUri)
-        onRedirect: (authUrl) => {
-          this.emitConnectionEvent({
-            type: "auth_required",
-            sessionId,
-            serverId,
-            authUrl,
-            timestamp: Date.now()
-          });
-        }
       });
       this.clients.set(sessionId, client);
       client.onConnectionEvent((event) => {
@@ -2229,20 +2489,19 @@ var SSEConnectionManager = class {
         this.sendEvent(event);
       });
       await client.connect();
-      const tools = await client.listTools();
-      this.emitConnectionEvent({
-        type: "tools_discovered",
-        sessionId,
-        serverId,
-        toolCount: tools.tools.length,
-        tools: tools.tools,
-        timestamp: Date.now()
-      });
+      await client.listTools();
       return {
         sessionId,
         success: true
       };
     } catch (error) {
+      if (error instanceof UnauthorizedError) {
+        this.clients.delete(sessionId);
+        return {
+          sessionId,
+          success: true
+        };
+      }
       this.emitConnectionEvent({
         type: "error",
         sessionId,
@@ -2344,14 +2603,6 @@ var SSEConnectionManager = class {
       await client.connect();
       this.clients.set(sessionId, client);
       const tools = await client.listTools();
-      this.emitConnectionEvent({
-        type: "tools_discovered",
-        sessionId,
-        serverId: session.serverId ?? "unknown",
-        toolCount: tools.tools.length,
-        tools: tools.tools,
-        timestamp: Date.now()
-      });
       return { success: true, toolCount: tools.tools.length };
     } catch (error) {
       this.emitConnectionEvent({
@@ -2374,16 +2625,6 @@ var SSEConnectionManager = class {
     if (!session) {
       throw new Error("Session not found");
     }
-    this.emitConnectionEvent({
-      type: "state_changed",
-      sessionId,
-      serverId: session.serverId ?? "unknown",
-      serverName: session.serverName ?? "Unknown",
-      serverUrl: session.serverUrl,
-      state: "AUTHENTICATING",
-      previousState: "DISCONNECTED",
-      timestamp: Date.now()
-    });
     try {
       const client = new MCPClient({
         identity: this.identity,
@@ -2393,14 +2634,6 @@ var SSEConnectionManager = class {
       await client.finishAuth(code);
       this.clients.set(sessionId, client);
       const tools = await client.listTools();
-      this.emitConnectionEvent({
-        type: "tools_discovered",
-        sessionId,
-        serverId: session.serverId ?? "unknown",
-        toolCount: tools.tools.length,
-        tools: tools.tools,
-        timestamp: Date.now()
-      });
       return { success: true, toolCount: tools.tools.length };
     } catch (error) {
       this.emitConnectionEvent({
@@ -2478,9 +2711,9 @@ function createSSEHandler(options) {
     });
     writeSSEEvent(res, "connected", { timestamp: Date.now() });
     const manager = new SSEConnectionManager(options, (event) => {
-      if ("id" in event) {
+      if (isRpcResponseEvent(event)) {
         writeSSEEvent(res, "rpc-response", event);
-      } else if ("type" in event && "sessionId" in event) {
+      } else if (isConnectionEvent(event)) {
         writeSSEEvent(res, "connection", event);
       } else {
         writeSSEEvent(res, "observability", event);
@@ -2511,9 +2744,6 @@ function writeSSEEvent(res, event, data) {
 }
 
 // src/server/handlers/nextjs-handler.ts
-function isRpcResponseEvent(event) {
-  return "id" in event && ("result" in event || "error" in event);
-}
 function createNextMcpHandler(options = {}) {
   const {
     getIdentity = (request) => new URL(request.url).searchParams.get("identity"),
@@ -2604,7 +2834,7 @@ data: ${JSON.stringify(data)}
         (event) => {
           if (isRpcResponseEvent(event)) {
             sendSSE("rpc-response", event);
-          } else if ("type" in event && "sessionId" in event) {
+          } else if (isConnectionEvent(event)) {
             sendSSE("connection", event);
           } else {
             sendSSE("observability", event);
@@ -2661,6 +2891,7 @@ data: ${JSON.stringify(data)}
   }
   return { GET, POST };
 }
+var CONNECTION_EVENT_INTERVAL_MS = 300;
 var SSEClient = class {
   constructor(options) {
     this.options = options;
@@ -2765,10 +2996,12 @@ var SSEClient = class {
       const data2 = await response.json();
       return this.parseRpcResponse(data2);
     }
-    const data = await this.readRpcResponseFromStream(response);
+    const data = await this.readRpcResponseFromStream(response, {
+      delayConnectionEvents: method === "connect" || method === "restoreSession" || method === "finishAuth"
+    });
     return this.parseRpcResponse(data);
   }
-  async readRpcResponseFromStream(response) {
+  async readRpcResponseFromStream(response, options = {}) {
     if (!response.body) {
       throw new Error("Streaming response body is missing");
     }
@@ -2776,7 +3009,7 @@ var SSEClient = class {
     const decoder = new TextDecoder();
     let buffer = "";
     let rpcResponse = null;
-    const dispatchBlock = (block) => {
+    const dispatchBlock = async (block) => {
       const lines = block.split("\n");
       let eventName = "message";
       const dataLines = [];
@@ -2804,6 +3037,9 @@ var SSEClient = class {
           break;
         case "connection":
           this.options.onConnectionEvent?.(payload);
+          if (options.delayConnectionEvents) {
+            await this.sleep(CONNECTION_EVENT_INTERVAL_MS);
+          }
           break;
         case "observability":
           this.options.onObservabilityEvent?.(payload);
@@ -2823,18 +3059,21 @@ var SSEClient = class {
         const separatorLength = separatorMatch[0].length;
         const block = buffer.slice(0, separatorIndex);
         buffer = buffer.slice(separatorIndex + separatorLength);
-        dispatchBlock(block);
+        await dispatchBlock(block);
         separatorMatch = buffer.match(/\r?\n\r?\n/);
       }
     }
     if (buffer.trim()) {
-      dispatchBlock(buffer);
+      await dispatchBlock(buffer);
     }
     if (!rpcResponse) {
       throw new Error("Missing rpc-response event in streamed RPC result");
     }
     return rpcResponse;
   }
+  sleep(ms) {
+    return new Promise((resolve) => setTimeout(resolve, ms));
+  }
   parseRpcResponse(data) {
     if ("result" in data) {
       return data.result;