@mcp-ts/sdk 1.3.4 → 1.3.6

package/src/server/storage/redis-backend.ts

@@ -1,7 +1,7 @@
 
 import type { Redis } from 'ioredis';
 import { customAlphabet } from 'nanoid';
-import { StorageBackend, SessionData, SetClientOptions } from './types';
+import { StorageBackend, SessionData } from './types';
 import { SESSION_TTL_SECONDS } from '../../shared/constants.js';
 
 /** first char: letters only (required by OpenAI) */
@@ -22,8 +22,19 @@ const rest = customAlphabet(
 export class RedisStorageBackend implements StorageBackend {
     private readonly DEFAULT_TTL = SESSION_TTL_SECONDS;
     private readonly KEY_PREFIX = 'mcp:session:';
+    private readonly IDENTITY_KEY_PREFIX = 'mcp:identity:';
+    private readonly IDENTITY_KEY_SUFFIX = ':sessions';
 
     constructor(private redis: Redis) { }
+    
+    async init(): Promise<void> {
+        try {
+            await this.redis.ping();
+            console.log('[mcp-ts][Storage] Redis: ✓ Connected to server.');
+        } catch (error: any) {
+            throw new Error(`[RedisStorage] Failed to connect to Redis: ${error.message}`);
+        }
+    }
 
     /**
      * Generates Redis key for a specific session
@@ -38,7 +49,42 @@ export class RedisStorageBackend implements StorageBackend {
      * @private
      */
     private getIdentityKey(identity: string): string {
-        return `mcp:identity:${identity}:sessions`;
+        return `${this.IDENTITY_KEY_PREFIX}${identity}${this.IDENTITY_KEY_SUFFIX}`;
+    }
+
+    private parseIdentityFromKey(identityKey: string): string {
+        return identityKey.slice(
+            this.IDENTITY_KEY_PREFIX.length,
+            identityKey.length - this.IDENTITY_KEY_SUFFIX.length
+        );
+    }
+
+    private async scanKeys(pattern: string): Promise<string[]> {
+        const redis = this.redis as Redis & {
+            scan?: (cursor: string, ...args: Array<string | number>) => Promise<[string, string[]]>;
+        };
+
+        if (typeof redis.scan !== 'function') {
+            return await this.redis.keys(pattern);
+        }
+
+        const keys = new Set<string>();
+        let cursor = '0';
+
+        try {
+            do {
+                const [nextCursor, batch] = await redis.scan(cursor, 'MATCH', pattern, 'COUNT', 100);
+                cursor = nextCursor;
+                for (const key of batch) {
+                    keys.add(key);
+                }
+            } while (cursor !== '0');
+        } catch (error) {
+            console.warn('[RedisStorage] SCAN failed, falling back to KEYS:', error);
+            return await this.redis.keys(pattern);
+        }
+
+        return Array.from(keys);
     }
 
     generateSessionId(): string {
@@ -121,18 +167,14 @@ export class RedisStorageBackend implements StorageBackend {
     }
 
     async getIdentityMcpSessions(identity: string): Promise<string[]> {
-        const identityKey = this.getIdentityKey(identity);
-        try {
-            return await this.redis.smembers(identityKey);
-        } catch (error) {
-            console.error(`[RedisStorage] Failed to get sessions for ${identity}:`, error);
-            return [];
-        }
+        const sessions = await this.getIdentitySessionsData(identity);
+        return sessions.map((session) => session.sessionId);
     }
 
     async getIdentitySessionsData(identity: string): Promise<SessionData[]> {
         try {
-            const sessionIds = await this.redis.smembers(this.getIdentityKey(identity));
+            const identityKey = this.getIdentityKey(identity);
+            const sessionIds = await this.redis.smembers(identityKey);
             if (sessionIds.length === 0) return [];
 
             const results = await Promise.all(
@@ -142,6 +184,11 @@ export class RedisStorageBackend implements StorageBackend {
                 })
             );
 
+            const staleSessionIds = sessionIds.filter((_, index) => results[index] === null);
+            if (staleSessionIds.length > 0) {
+                await this.redis.srem(identityKey, ...staleSessionIds);
+            }
+
             return results.filter((session): session is SessionData => session !== null);
         } catch (error) {
             console.error(`[RedisStorage] Failed to get session data for ${identity}:`, error);
@@ -163,9 +210,24 @@ export class RedisStorageBackend implements StorageBackend {
 
     async getAllSessionIds(): Promise<string[]> {
         try {
-            const pattern = `${this.KEY_PREFIX}*`;
-            const keys = await this.redis.keys(pattern);
-            return keys.map((key) => key.replace(this.KEY_PREFIX, ''));
+            const keys = await this.scanKeys(`${this.KEY_PREFIX}*`);
+            const sessions = await Promise.all(
+                keys.map(async (key) => {
+                    const data = await this.redis.get(key);
+                    if (!data) {
+                        return null;
+                    }
+
+                    try {
+                        return (JSON.parse(data) as SessionData).sessionId;
+                    } catch (error) {
+                        console.error('[RedisStorage] Failed to parse session while listing all session IDs:', error);
+                        return null;
+                    }
+                })
+            );
+
+            return sessions.filter((sessionId): sessionId is string => sessionId !== null);
         } catch (error) {
             console.error('[RedisStorage] Failed to get all sessions:', error);
             return [];
@@ -174,10 +236,11 @@ export class RedisStorageBackend implements StorageBackend {
 
     async clearAll(): Promise<void> {
         try {
-            const pattern = `${this.KEY_PREFIX}*`;
-            const keys = await this.redis.keys(pattern);
-            if (keys.length > 0) {
-                await this.redis.del(...keys);
+            const keys = await this.scanKeys(`${this.KEY_PREFIX}*`);
+            const identityKeys = await this.scanKeys(`${this.IDENTITY_KEY_PREFIX}*${this.IDENTITY_KEY_SUFFIX}`);
+            const allKeys = [...keys, ...identityKeys];
+            if (allKeys.length > 0) {
+                await this.redis.del(...allKeys);
             }
         } catch (error) {
             console.error('[RedisStorage] Failed to clear sessions:', error);
@@ -186,13 +249,29 @@ export class RedisStorageBackend implements StorageBackend {
 
     async cleanupExpiredSessions(): Promise<void> {
         try {
-            const pattern = `${this.KEY_PREFIX}*`;
-            const keys = await this.redis.keys(pattern);
+            const identityKeys = await this.scanKeys(`${this.IDENTITY_KEY_PREFIX}*${this.IDENTITY_KEY_SUFFIX}`);
+
+            for (const identityKey of identityKeys) {
+                const identity = this.parseIdentityFromKey(identityKey);
+                const sessionIds = await this.redis.smembers(identityKey);
+
+                if (sessionIds.length === 0) {
+                    await this.redis.del(identityKey);
+                    continue;
+                }
+
+                const existenceChecks = await Promise.all(
+                    sessionIds.map((sessionId) => this.redis.exists(this.getSessionKey(identity, sessionId)))
+                );
+
+                const staleSessionIds = sessionIds.filter((_, index) => existenceChecks[index] === 0);
+                if (staleSessionIds.length > 0) {
+                    await this.redis.srem(identityKey, ...staleSessionIds);
+                }
 
-            for (const key of keys) {
-                const ttl = await this.redis.ttl(key);
-                if (ttl <= 0) {
-                    await this.redis.del(key);
+                const remainingCount = await this.redis.scard(identityKey);
+                if (remainingCount === 0) {
+                    await this.redis.del(identityKey);
                 }
             }
         } catch (error) {

package/src/server/storage/sqlite-backend.ts

@@ -44,6 +44,7 @@ export class SqliteStorage implements StorageBackend {
             `);
 
             this.initialized = true;
+            console.log(`[mcp-ts][Storage] SQLite: ✓ database at ${this.dbPath} verified.`);
         } catch (error: any) {
             if (error.code === 'MODULE_NOT_FOUND' || error.message?.includes('better-sqlite3')) {
                 throw new Error(

package/src/server/storage/supabase-backend.ts

@@ -0,0 +1,227 @@
+import type { SupabaseClient } from '@supabase/supabase-js';
+import { StorageBackend, SessionData } from './types.js';
+import { SESSION_TTL_SECONDS } from '../../shared/constants.js';
+
+export class SupabaseStorageBackend implements StorageBackend {
+    private readonly DEFAULT_TTL = SESSION_TTL_SECONDS;
+
+    constructor(private supabase: SupabaseClient) {}
+    
+    async init(): Promise<void> {
+        // Validate that the table exists
+        const { error } = await this.supabase
+            .from('mcp_sessions')
+            .select('session_id')
+            .limit(0);
+
+        if (error) {
+            // Postgres error code 42P01 is "relation does not exist"
+            if (error.code === '42P01') {
+                throw new Error(
+                    '[SupabaseStorage] Table "mcp_sessions" not found in your database. ' +
+                    'Please run "npx mcp-ts supabase-init" in your project to set up the required table and RLS policies.'
+                );
+            }
+            throw new Error(`[SupabaseStorage] Initialization check failed: ${error.message}`);
+        }
+
+        console.log('[mcp-ts][Storage] Supabase: ✓ "mcp_sessions" table verified.');
+    }
+
+    generateSessionId(): string {
+        return crypto.randomUUID();
+    }
+
+    private mapRowToSessionData(row: any): SessionData {
+        return {
+            sessionId: row.session_id,
+            serverId: row.server_id,
+            serverName: row.server_name,
+            serverUrl: row.server_url,
+            transportType: row.transport_type,
+            callbackUrl: row.callback_url,
+            createdAt: new Date(row.created_at).getTime(),
+            identity: row.identity,
+            headers: row.headers,
+            active: row.active,
+            clientInformation: row.client_information,
+            tokens: row.tokens,
+            codeVerifier: row.code_verifier,
+            clientId: row.client_id,
+        };
+    }
+
+    async createSession(session: SessionData, ttl?: number): Promise<void> {
+        const { sessionId, identity } = session;
+        if (!sessionId || !identity) throw new Error('identity and sessionId required');
+
+        const effectiveTtl = ttl ?? this.DEFAULT_TTL;
+        const expiresAt = new Date(Date.now() + effectiveTtl * 1000).toISOString();
+
+        const { error } = await this.supabase
+            .from('mcp_sessions')
+            .insert({
+                session_id: sessionId,
+                user_id: identity, // Maps user_id to identity to support RLS using auth.uid()
+                server_id: session.serverId,
+                server_name: session.serverName,
+                server_url: session.serverUrl,
+                transport_type: session.transportType,
+                callback_url: session.callbackUrl,
+                created_at: new Date(session.createdAt || Date.now()).toISOString(),
+                identity: identity,
+                headers: session.headers,
+                active: session.active ?? false,
+                client_information: session.clientInformation,
+                tokens: session.tokens,
+                code_verifier: session.codeVerifier,
+                client_id: session.clientId,
+                expires_at: expiresAt
+            });
+
+        if (error) {
+            // Postgres error code 23505 is unique violation
+            if (error.code === '23505') {
+                throw new Error(`Session ${sessionId} already exists`);
+            }
+            throw new Error(`Failed to create session in Supabase: ${error.message}`);
+        }
+    }
+
+    async updateSession(identity: string, sessionId: string, data: Partial<SessionData>, ttl?: number): Promise<void> {
+        const effectiveTtl = ttl ?? this.DEFAULT_TTL;
+        const expiresAt = new Date(Date.now() + effectiveTtl * 1000).toISOString();
+
+        // Convert the camelCase keys to snake_case for Supabase
+        const updateData: any = {
+            expires_at: expiresAt,
+            updated_at: new Date().toISOString()
+        };
+
+        if ('serverId' in data) updateData.server_id = data.serverId;
+        if ('serverName' in data) updateData.server_name = data.serverName;
+        if ('serverUrl' in data) updateData.server_url = data.serverUrl;
+        if ('transportType' in data) updateData.transport_type = data.transportType;
+        if ('callbackUrl' in data) updateData.callback_url = data.callbackUrl;
+        if ('active' in data) updateData.active = data.active;
+        if ('headers' in data) updateData.headers = data.headers;
+        if ('clientInformation' in data) updateData.client_information = data.clientInformation;
+        if ('tokens' in data) updateData.tokens = data.tokens;
+        if ('codeVerifier' in data) updateData.code_verifier = data.codeVerifier;
+        if ('clientId' in data) updateData.client_id = data.clientId;
+
+        const { data: updatedRows, error } = await this.supabase
+            .from('mcp_sessions')
+            .update(updateData)
+            .eq('identity', identity)
+            .eq('session_id', sessionId)
+            .select('id');
+
+        if (error) {
+            throw new Error(`Failed to update session: ${error.message}`);
+        }
+
+        if (!updatedRows || updatedRows.length === 0) {
+            throw new Error(`Session ${sessionId} not found for identity ${identity}`);
+        }
+    }
+
+    async getSession(identity: string, sessionId: string): Promise<SessionData | null> {
+        const { data, error } = await this.supabase
+            .from('mcp_sessions')
+            .select('*')
+            .eq('identity', identity)
+            .eq('session_id', sessionId)
+            .maybeSingle();
+
+        if (error) {
+            console.error('[SupabaseStorage] Failed to get session:', error);
+            return null;
+        }
+
+        if (!data) return null;
+
+        return this.mapRowToSessionData(data);
+    }
+
+    async getIdentitySessionsData(identity: string): Promise<SessionData[]> {
+        const { data, error } = await this.supabase
+            .from('mcp_sessions')
+            .select('*')
+            .eq('identity', identity);
+
+        if (error) {
+            console.error(`[SupabaseStorage] Failed to get session data for ${identity}:`, error);
+            return [];
+        }
+
+        return data.map(row => this.mapRowToSessionData(row));
+    }
+
+    async removeSession(identity: string, sessionId: string): Promise<void> {
+        const { error } = await this.supabase
+            .from('mcp_sessions')
+            .delete()
+            .eq('identity', identity)
+            .eq('session_id', sessionId);
+
+        if (error) {
+            console.error('[SupabaseStorage] Failed to remove session:', error);
+        }
+    }
+
+    async getIdentityMcpSessions(identity: string): Promise<string[]> {
+        const { data, error } = await this.supabase
+            .from('mcp_sessions')
+            .select('session_id')
+            .eq('identity', identity);
+
+        if (error) {
+            console.error(`[SupabaseStorage] Failed to get sessions for ${identity}:`, error);
+            return [];
+        }
+
+        return data.map(row => row.session_id);
+    }
+
+    async getAllSessionIds(): Promise<string[]> {
+        const { data, error } = await this.supabase
+            .from('mcp_sessions')
+            .select('session_id');
+
+        if (error) {
+            console.error('[SupabaseStorage] Failed to get all sessions:', error);
+            return [];
+        }
+
+        return data.map(row => row.session_id);
+    }
+
+    async clearAll(): Promise<void> {
+        // Warning: This deletes everything. Typically only used in testing.
+        const { error } = await this.supabase
+            .from('mcp_sessions')
+            .delete()
+            .neq('session_id', ''); // Delete all rows trick
+            
+        if (error) {
+            console.error('[SupabaseStorage] Failed to clear sessions:', error);
+        }
+    }
+
+    async cleanupExpiredSessions(): Promise<void> {
+        const { error } = await this.supabase
+            .from('mcp_sessions')
+            .delete()
+            .lt('expires_at', new Date().toISOString());
+
+        if (error) {
+            console.error('[SupabaseStorage] Failed to cleanup expired sessions:', error);
+        }
+    }
+
+    async disconnect(): Promise<void> {
+        // Supabase client handles its own connection pooling over HTTP, 
+        // there is no explicit disconnect method.
+    }
+}

package/src/server/storage/types.ts

@@ -5,8 +5,8 @@ import type {
     OAuthClientInformationMixed,
 } from '@modelcontextprotocol/sdk/shared/auth.js';
 
-export interface SessionData {
-    sessionId: string;
+export interface SessionData {
+    sessionId: string;
     serverId?: string; // Database server ID for mapping
     serverName?: string;
     serverUrl: string;
@@ -14,16 +14,16 @@ export interface SessionData {
     callbackUrl: string;
     createdAt: number;
     identity: string;
-    headers?: Record<string, string>;
-    /**
-     * Session status marker used for TTL transitions:
-     * - false: short-lived intermediate/error/auth-pending session state
-     *          (keep this value when connection/auth is incomplete or failed)
-     * - true: active long-lived session state after successful connection/auth completion
-     */
-    active?: boolean;
-    // OAuth data (consolidated)
-    clientInformation?: OAuthClientInformationMixed;
+    headers?: Record<string, string>;
+    /**
+     * Session status marker used for TTL transitions:
+     * - false: short-lived intermediate/error/auth-pending session state
+     *          (keep this value when connection/auth is incomplete or failed)
+     * - true: active long-lived session state after successful connection/auth completion
+     */
+    active?: boolean;
+    // OAuth data (consolidated)
+    clientInformation?: OAuthClientInformationMixed;
     tokens?: OAuthTokens;
     codeVerifier?: string;
     clientId?: string;

package/src/shared/constants.ts

@@ -19,10 +19,10 @@ export const TOKEN_EXPIRY_BUFFER_MS = 5 * 60 * 1000; // 5 minute buffer before e
 // Client Information
 export const DEFAULT_CLIENT_NAME = 'MCP Assistant';
 export const DEFAULT_CLIENT_URI = 'https://mcp-assistant.in';
-export const DEFAULT_LOGO_URI = 'https://mcp-assistant.in/logo.png';
+export const DEFAULT_LOGO_URI = 'https://mcp-assistant.in/logo.svg';
 export const DEFAULT_POLICY_URI = 'https://mcp-assistant.in/privacy';
 export const SOFTWARE_ID = '@mcp-ts';
-export const SOFTWARE_VERSION = '1.0.0-beta.5';
+export const SOFTWARE_VERSION = '1.3.4';
 
 // MCP Client Configuration
 export const MCP_CLIENT_NAME = 'mcp-ts-oauth-client';

package/src/shared/event-routing.ts

@@ -0,0 +1,28 @@
+import type { McpConnectionEvent, McpObservabilityEvent } from './events.js';
+import type { McpRpcResponse } from './types.js';
+
+export function isRpcResponseEvent(
+  event: McpConnectionEvent | McpObservabilityEvent | McpRpcResponse
+): event is McpRpcResponse {
+  return 'id' in event && ('result' in event || 'error' in event);
+}
+
+export function isConnectionEvent(
+  event: McpConnectionEvent | McpObservabilityEvent | McpRpcResponse
+): event is McpConnectionEvent {
+  if (!('type' in event)) {
+    return false;
+  }
+
+  switch (event.type) {
+    case 'state_changed':
+    case 'tools_discovered':
+    case 'auth_required':
+    case 'error':
+    case 'disconnected':
+    case 'progress':
+      return true;
+    default:
+      return false;
+  }
+}

package/supabase/migrations/20260330195700_install_mcp_sessions.sql

@@ -0,0 +1,84 @@
+-- Create the mcp_sessions table
+CREATE TABLE IF NOT EXISTS public.mcp_sessions (
+    id UUID PRIMARY KEY DEFAULT gen_random_uuid(),
+    session_id TEXT NOT NULL UNIQUE,
+    user_id TEXT NOT NULL, -- Will store the Next.js user's ID or identity
+    server_id TEXT,
+    server_name TEXT,
+    server_url TEXT NOT NULL,
+    transport_type TEXT NOT NULL,
+    callback_url TEXT NOT NULL,
+    created_at TIMESTAMPTZ NOT NULL DEFAULT now(),
+    updated_at TIMESTAMPTZ NOT NULL DEFAULT now(),
+    expires_at TIMESTAMPTZ NOT NULL,
+    active BOOLEAN DEFAULT false,
+    identity TEXT NOT NULL,
+    headers JSONB,
+    client_information JSONB,
+    tokens JSONB,
+    code_verifier TEXT,
+    client_id TEXT
+);
+
+-- Add an index on identity and user_id for faster lookups
+CREATE INDEX IF NOT EXISTS idx_mcp_sessions_identity ON public.mcp_sessions(identity);
+CREATE INDEX IF NOT EXISTS idx_mcp_sessions_user_id ON public.mcp_sessions(user_id);
+-- Add an index on expires_at to speed up the cleanup job
+CREATE INDEX IF NOT EXISTS idx_mcp_sessions_expires_at ON public.mcp_sessions(expires_at);
+
+-- Trigger to automatically update the 'updated_at' column
+CREATE OR REPLACE FUNCTION public.set_current_timestamp_updated_at()
+RETURNS TRIGGER AS $$
+BEGIN
+  NEW.updated_at = now();
+  RETURN NEW;
+END;
+$$ LANGUAGE plpgsql;
+
+DROP TRIGGER IF EXISTS trg_mcp_sessions_updated_at ON public.mcp_sessions;
+CREATE TRIGGER trg_mcp_sessions_updated_at
+BEFORE UPDATE ON public.mcp_sessions
+FOR EACH ROW
+EXECUTE FUNCTION public.set_current_timestamp_updated_at();
+
+-- Enable Row Level Security (RLS)
+ALTER TABLE public.mcp_sessions ENABLE ROW LEVEL SECURITY;
+
+-- Policy 1: Users can read their own sessions
+CREATE POLICY "Users can view their own sessions"
+ON public.mcp_sessions
+FOR SELECT
+TO authenticated
+USING (
+    auth.uid()::text = user_id OR auth.uid()::text = identity
+);
+
+-- Policy 2: Users can insert their own sessions
+CREATE POLICY "Users can insert their own sessions"
+ON public.mcp_sessions
+FOR INSERT
+TO authenticated
+WITH CHECK (
+    auth.uid()::text = user_id OR auth.uid()::text = identity
+);
+
+-- Policy 3: Users can update their own sessions
+CREATE POLICY "Users can update their own sessions"
+ON public.mcp_sessions
+FOR UPDATE
+TO authenticated
+USING (
+    auth.uid()::text = user_id OR auth.uid()::text = identity
+)
+WITH CHECK (
+    auth.uid()::text = user_id OR auth.uid()::text = identity
+);
+
+-- Policy 4: Users can delete their own sessions
+CREATE POLICY "Users can delete their own sessions"
+ON public.mcp_sessions
+FOR DELETE
+TO authenticated
+USING (
+    auth.uid()::text = user_id OR auth.uid()::text = identity
+);