npm - @mcp-ts/sdk - Versions diffs - 1.3.9 → 1.4.0 - Mend

@mcp-ts/sdk 1.3.9 → 1.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (47) hide show

package/README.md +0 -1
package/dist/adapters/langchain-adapter.js.map +1 -1
package/dist/adapters/langchain-adapter.mjs.map +1 -1
package/dist/client/index.d.mts +3 -189
package/dist/client/index.d.ts +3 -189
package/dist/client/index.js +218 -54
package/dist/client/index.js.map +1 -1
package/dist/client/index.mjs +215 -55
package/dist/client/index.mjs.map +1 -1
package/dist/client/react.d.mts +29 -40
package/dist/client/react.d.ts +29 -40
package/dist/client/react.js +492 -147
package/dist/client/react.js.map +1 -1
package/dist/client/react.mjs +490 -149
package/dist/client/react.mjs.map +1 -1
package/dist/client/vue.d.mts +3 -2
package/dist/client/vue.d.ts +3 -2
package/dist/client/vue.js +239 -63
package/dist/client/vue.js.map +1 -1
package/dist/client/vue.mjs +236 -64
package/dist/client/vue.mjs.map +1 -1
package/dist/index-CQr9q0bF.d.mts +295 -0
package/dist/index-nE_7Io0I.d.ts +295 -0
package/dist/index.d.mts +2 -1
package/dist/index.d.ts +2 -1
package/dist/index.js +315 -64
package/dist/index.js.map +1 -1
package/dist/index.mjs +303 -65
package/dist/index.mjs.map +1 -1
package/dist/server/index.js +93 -10
package/dist/server/index.js.map +1 -1
package/dist/server/index.mjs +88 -10
package/dist/server/index.mjs.map +1 -1
package/package.json +13 -11
package/src/adapters/langchain-adapter.ts +1 -1
package/src/client/core/app-host.ts +252 -65
package/src/client/core/constants.ts +30 -0
package/src/client/index.ts +6 -1
package/src/client/react/index.ts +6 -1
package/src/client/react/use-app-host.ts +13 -19
package/src/client/react/use-mcp-apps.tsx +297 -125
package/src/client/react/use-mcp.ts +75 -36
package/src/client/utils/app-host-utils.ts +62 -0
package/src/client/vue/use-mcp.ts +23 -12
package/src/server/mcp/oauth-client.ts +31 -8
package/src/server/storage/crypto.ts +92 -0
package/src/server/storage/supabase-backend.ts +7 -6

package/dist/server/index.js CHANGED Viewed

@@ -8,6 +8,7 @@ var auth_js = require('@modelcontextprotocol/sdk/client/auth.js');
 var types_js = require('@modelcontextprotocol/sdk/types.js');
 var fs2 = require('fs');
 var path = require('path');
+var crypto = require('crypto');
 function _interopNamespace(e) {
   if (e && e.__esModule) return e;
@@ -765,6 +766,77 @@ var SqliteStorage = class {
 // src/server/storage/supabase-backend.ts
 init_cjs_shims();
+// src/server/storage/crypto.ts
+init_cjs_shims();
+var ALGORITHM = "aes-256-gcm";
+var IV_LENGTH = 12;
+var ENCRYPTION_PREFIX = "enc:1:";
+var warningLogged = false;
+function getKey() {
+  const keyString = process.env.STORAGE_ENCRYPTION_KEY;
+  if (!keyString) return null;
+  if (keyString.length === 64) {
+    return Buffer.from(keyString, "hex");
+  } else {
+    const keyBuffer = Buffer.alloc(32);
+    keyBuffer.write(keyString, 0, 32, "utf-8");
+    return keyBuffer;
+  }
+}
+function encryptObject(data) {
+  if (data === void 0 || data === null) return data;
+  const key = getKey();
+  if (!key) {
+    if (!warningLogged) {
+      console.warn("[mcp-ts][Storage] WARNING: STORAGE_ENCRYPTION_KEY is not set. Saving sensitive data in plain-text.");
+      warningLogged = true;
+    }
+    return data;
+  }
+  try {
+    const text = JSON.stringify(data);
+    const iv = crypto.randomBytes(IV_LENGTH);
+    const cipher = crypto.createCipheriv(ALGORITHM, key, iv);
+    let encrypted = cipher.update(text, "utf-8", "hex");
+    encrypted += cipher.final("hex");
+    const authTag = cipher.getAuthTag().toString("hex");
+    return `${ENCRYPTION_PREFIX}${iv.toString("hex")}:${authTag}:${encrypted}`;
+  } catch (e) {
+    console.error("[mcp-ts][Storage] Encryption failed, falling back to plain-text.", e);
+    return data;
+  }
+}
+function decryptObject(data) {
+  if (data === void 0 || data === null) return data;
+  if (typeof data !== "string" || !data.startsWith(ENCRYPTION_PREFIX)) {
+    return data;
+  }
+  const key = getKey();
+  if (!key) {
+    console.warn("[mcp-ts][Storage] WARNING: Found encrypted data but STORAGE_ENCRYPTION_KEY is missing. Returning raw encrypted string.");
+    return data;
+  }
+  try {
+    const parts = data.split(":");
+    if (parts.length !== 5) {
+      return data;
+    }
+    const iv = Buffer.from(parts[2], "hex");
+    const authTag = Buffer.from(parts[3], "hex");
+    const encryptedText = parts[4];
+    const decipher = crypto.createDecipheriv(ALGORITHM, key, iv);
+    decipher.setAuthTag(authTag);
+    let decrypted = decipher.update(encryptedText, "hex", "utf-8");
+    decrypted += decipher.final("utf-8");
+    return JSON.parse(decrypted);
+  } catch (e) {
+    console.error("[mcp-ts][Storage] Decryption failed.", e);
+    return data;
+  }
+}
+// src/server/storage/supabase-backend.ts
 var SupabaseStorageBackend = class {
   constructor(supabase) {
     this.supabase = supabase;
@@ -795,10 +867,10 @@ var SupabaseStorageBackend = class {
       callbackUrl: row.callback_url,
       createdAt: new Date(row.created_at).getTime(),
       identity: row.identity,
-      headers: row.headers,
+      headers: decryptObject(row.headers),
       active: row.active,
       clientInformation: row.client_information,
-      tokens: row.tokens,
+      tokens: decryptObject(row.tokens),
       codeVerifier: row.code_verifier,
       clientId: row.client_id
     };
@@ -819,10 +891,10 @@ var SupabaseStorageBackend = class {
       callback_url: session.callbackUrl,
       created_at: new Date(session.createdAt || Date.now()).toISOString(),
       identity,
-      headers: session.headers,
+      headers: encryptObject(session.headers),
       active: session.active ?? false,
       client_information: session.clientInformation,
-      tokens: session.tokens,
+      tokens: encryptObject(session.tokens),
       code_verifier: session.codeVerifier,
       client_id: session.clientId,
       expires_at: expiresAt
@@ -847,9 +919,9 @@ var SupabaseStorageBackend = class {
     if ("transportType" in data) updateData.transport_type = data.transportType;
     if ("callbackUrl" in data) updateData.callback_url = data.callbackUrl;
     if ("active" in data) updateData.active = data.active;
-    if ("headers" in data) updateData.headers = data.headers;
+    if ("headers" in data) updateData.headers = encryptObject(data.headers);
     if ("clientInformation" in data) updateData.client_information = data.clientInformation;
-    if ("tokens" in data) updateData.tokens = data.tokens;
+    if ("tokens" in data) updateData.tokens = encryptObject(data.tokens);
     if ("codeVerifier" in data) updateData.code_verifier = data.codeVerifier;
     if ("clientId" in data) updateData.client_id = data.clientId;
     const { data: updatedRows, error } = await this.supabase.from("mcp_sessions").update(updateData).eq("identity", identity).eq("session_id", sessionId).select("id");
@@ -1648,13 +1720,24 @@ var MCPClient = class _MCPClient {
       }
     } catch (error) {
       if (error instanceof auth_js.UnauthorizedError || error instanceof Error && error.message.toLowerCase().includes("unauthorized")) {
-        this.emitStateChange("AUTHENTICATING");
-        console.log(`[MCPClient] Saving session ${this.sessionId} with 10min TTL (OAuth pending)`);
-        await this.saveSession(Math.floor(STATE_EXPIRATION_MS / 1e3), false);
         let authUrl = "";
         if (this.oauthProvider) {
-          authUrl = this.oauthProvider.authUrl || "";
+          authUrl = (this.oauthProvider.authUrl || "").trim();
         }
+        if (!authUrl) {
+          const detail = error instanceof Error && error.message.trim().length > 0 ? error.message.trim() : "Unauthorized";
+          const message = detail.toLowerCase() === "unauthorized" ? "OAuth authorization URL not available" : `OAuth authorization URL not available: ${detail}`;
+          this.emitError(message, "auth");
+          this.emitStateChange("FAILED");
+          try {
+            await storage.removeSession(this.identity, this.sessionId);
+          } catch {
+          }
+          throw new Error(message);
+        }
+        this.emitStateChange("AUTHENTICATING");
+        console.log(`[MCPClient] Saving session ${this.sessionId} with 10min TTL (OAuth pending)`);
+        await this.saveSession(Math.floor(STATE_EXPIRATION_MS / 1e3), false);
         if (this.serverId) {
           this._onConnectionEvent.fire({
             type: "auth_required",