npm - @mcp-ts/sdk - Versions diffs - 1.3.7 → 1.3.10 - Mend

@mcp-ts/sdk 1.3.7 → 1.3.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (66) hide show

package/LICENSE +21 -21
package/README.md +397 -404
package/dist/adapters/agui-middleware.js.map +1 -1
package/dist/adapters/agui-middleware.mjs.map +1 -1
package/dist/bin/mcp-ts.js +0 -0
package/dist/bin/mcp-ts.js.map +1 -1
package/dist/bin/mcp-ts.mjs +0 -0
package/dist/bin/mcp-ts.mjs.map +1 -1
package/dist/client/index.js.map +1 -1
package/dist/client/index.mjs.map +1 -1
package/dist/client/react.d.mts +10 -28
package/dist/client/react.d.ts +10 -28
package/dist/client/react.js +101 -52
package/dist/client/react.js.map +1 -1
package/dist/client/react.mjs +102 -53
package/dist/client/react.mjs.map +1 -1
package/dist/client/vue.js.map +1 -1
package/dist/client/vue.mjs.map +1 -1
package/dist/index.js +78 -6
package/dist/index.js.map +1 -1
package/dist/index.mjs +73 -6
package/dist/index.mjs.map +1 -1
package/dist/server/index.js +78 -6
package/dist/server/index.js.map +1 -1
package/dist/server/index.mjs +73 -6
package/dist/server/index.mjs.map +1 -1
package/dist/shared/index.js.map +1 -1
package/dist/shared/index.mjs.map +1 -1
package/package.json +185 -185
package/src/adapters/agui-middleware.ts +382 -382
package/src/bin/mcp-ts.ts +102 -102
package/src/client/core/app-host.ts +417 -417
package/src/client/core/sse-client.ts +371 -371
package/src/client/core/types.ts +31 -31
package/src/client/index.ts +27 -27
package/src/client/react/index.ts +20 -16
package/src/client/react/use-app-host.ts +74 -73
package/src/client/react/use-mcp-apps.tsx +224 -214
package/src/client/react/use-mcp.ts +669 -641
package/src/client/vue/index.ts +10 -10
package/src/client/vue/use-mcp.ts +617 -617
package/src/index.ts +11 -11
package/src/server/handlers/nextjs-handler.ts +204 -204
package/src/server/handlers/sse-handler.ts +631 -631
package/src/server/index.ts +57 -57
package/src/server/mcp/multi-session-client.ts +228 -228
package/src/server/mcp/oauth-client.ts +1188 -1188
package/src/server/mcp/storage-oauth-provider.ts +272 -272
package/src/server/storage/crypto.ts +92 -0
package/src/server/storage/file-backend.ts +157 -157
package/src/server/storage/index.ts +176 -176
package/src/server/storage/memory-backend.ts +123 -123
package/src/server/storage/redis-backend.ts +276 -276
package/src/server/storage/redis.ts +160 -160
package/src/server/storage/sqlite-backend.ts +182 -182
package/src/server/storage/supabase-backend.ts +229 -228
package/src/server/storage/types.ts +116 -116
package/src/shared/constants.ts +29 -29
package/src/shared/errors.ts +133 -133
package/src/shared/event-routing.ts +28 -28
package/src/shared/events.ts +180 -180
package/src/shared/index.ts +75 -75
package/src/shared/tool-utils.ts +61 -61
package/src/shared/types.ts +282 -282
package/src/shared/utils.ts +38 -38
package/supabase/migrations/20260330195700_install_mcp_sessions.sql +84 -84

package/dist/server/index.mjs CHANGED Viewed

@@ -7,6 +7,7 @@ import { ListToolsResultSchema, CallToolResultSchema, ListPromptsResultSchema, G
 import * as fs2 from 'fs';
 import { promises } from 'fs';
 import * as path from 'path';
+import { createDecipheriv, randomBytes, createCipheriv } from 'crypto';
 var __defProp = Object.defineProperty;
 var __getOwnPropNames = Object.getOwnPropertyNames;
@@ -707,6 +708,72 @@ var SqliteStorage = class {
     }
   }
 };
+var ALGORITHM = "aes-256-gcm";
+var IV_LENGTH = 12;
+var ENCRYPTION_PREFIX = "enc:1:";
+var warningLogged = false;
+function getKey() {
+  const keyString = process.env.STORAGE_ENCRYPTION_KEY;
+  if (!keyString) return null;
+  if (keyString.length === 64) {
+    return Buffer.from(keyString, "hex");
+  } else {
+    const keyBuffer = Buffer.alloc(32);
+    keyBuffer.write(keyString, 0, 32, "utf-8");
+    return keyBuffer;
+  }
+}
+function encryptObject(data) {
+  if (data === void 0 || data === null) return data;
+  const key = getKey();
+  if (!key) {
+    if (!warningLogged) {
+      console.warn("[mcp-ts][Storage] WARNING: STORAGE_ENCRYPTION_KEY is not set. Saving sensitive data in plain-text.");
+      warningLogged = true;
+    }
+    return data;
+  }
+  try {
+    const text = JSON.stringify(data);
+    const iv = randomBytes(IV_LENGTH);
+    const cipher = createCipheriv(ALGORITHM, key, iv);
+    let encrypted = cipher.update(text, "utf-8", "hex");
+    encrypted += cipher.final("hex");
+    const authTag = cipher.getAuthTag().toString("hex");
+    return `${ENCRYPTION_PREFIX}${iv.toString("hex")}:${authTag}:${encrypted}`;
+  } catch (e) {
+    console.error("[mcp-ts][Storage] Encryption failed, falling back to plain-text.", e);
+    return data;
+  }
+}
+function decryptObject(data) {
+  if (data === void 0 || data === null) return data;
+  if (typeof data !== "string" || !data.startsWith(ENCRYPTION_PREFIX)) {
+    return data;
+  }
+  const key = getKey();
+  if (!key) {
+    console.warn("[mcp-ts][Storage] WARNING: Found encrypted data but STORAGE_ENCRYPTION_KEY is missing. Returning raw encrypted string.");
+    return data;
+  }
+  try {
+    const parts = data.split(":");
+    if (parts.length !== 5) {
+      return data;
+    }
+    const iv = Buffer.from(parts[2], "hex");
+    const authTag = Buffer.from(parts[3], "hex");
+    const encryptedText = parts[4];
+    const decipher = createDecipheriv(ALGORITHM, key, iv);
+    decipher.setAuthTag(authTag);
+    let decrypted = decipher.update(encryptedText, "hex", "utf-8");
+    decrypted += decipher.final("utf-8");
+    return JSON.parse(decrypted);
+  } catch (e) {
+    console.error("[mcp-ts][Storage] Decryption failed.", e);
+    return data;
+  }
+}
 // src/server/storage/supabase-backend.ts
 var SupabaseStorageBackend = class {
@@ -739,10 +806,10 @@ var SupabaseStorageBackend = class {
       callbackUrl: row.callback_url,
       createdAt: new Date(row.created_at).getTime(),
       identity: row.identity,
-      headers: row.headers,
+      headers: decryptObject(row.headers),
       active: row.active,
       clientInformation: row.client_information,
-      tokens: row.tokens,
+      tokens: decryptObject(row.tokens),
       codeVerifier: row.code_verifier,
       clientId: row.client_id
     };
@@ -763,10 +830,10 @@ var SupabaseStorageBackend = class {
       callback_url: session.callbackUrl,
       created_at: new Date(session.createdAt || Date.now()).toISOString(),
       identity,
-      headers: session.headers,
+      headers: encryptObject(session.headers),
       active: session.active ?? false,
       client_information: session.clientInformation,
-      tokens: session.tokens,
+      tokens: encryptObject(session.tokens),
       code_verifier: session.codeVerifier,
       client_id: session.clientId,
       expires_at: expiresAt
@@ -791,9 +858,9 @@ var SupabaseStorageBackend = class {
     if ("transportType" in data) updateData.transport_type = data.transportType;
     if ("callbackUrl" in data) updateData.callback_url = data.callbackUrl;
     if ("active" in data) updateData.active = data.active;
-    if ("headers" in data) updateData.headers = data.headers;
+    if ("headers" in data) updateData.headers = encryptObject(data.headers);
     if ("clientInformation" in data) updateData.client_information = data.clientInformation;
-    if ("tokens" in data) updateData.tokens = data.tokens;
+    if ("tokens" in data) updateData.tokens = encryptObject(data.tokens);
     if ("codeVerifier" in data) updateData.code_verifier = data.codeVerifier;
     if ("clientId" in data) updateData.client_id = data.clientId;
     const { data: updatedRows, error } = await this.supabase.from("mcp_sessions").update(updateData).eq("identity", identity).eq("session_id", sessionId).select("id");