@mcp-ts/sdk 1.6.2 → 2.0.0

package/dist/server/index.mjs

@@ -149,35 +149,35 @@ var RedisStorageBackend = class {
     this.redis = redis2;
     __publicField(this, "DEFAULT_TTL", SESSION_TTL_SECONDS);
     __publicField(this, "KEY_PREFIX", "mcp:session:");
-    __publicField(this, "IDENTITY_KEY_PREFIX", "mcp:identity:");
-    __publicField(this, "IDENTITY_KEY_SUFFIX", ":sessions");
+    __publicField(this, "USER_ID_KEY_PREFIX", "mcp:userId:");
+    __publicField(this, "USER_ID_KEY_SUFFIX", ":sessions");
   }
   async init() {
     try {
       await this.redis.ping();
       console.log("[mcp-ts][Storage] Redis: \u2713 Connected to server.");
     } catch (error) {
-      throw new Error(`[RedisStorage] Failed to connect to Redis: ${error.message}`);
+      throw new Error(`[RedisStorageBackend] Failed to connect to Redis: ${error.message}`);
     }
   }
   /**
    * Generates Redis key for a specific session
    * @private
    */
-  getSessionKey(identity, sessionId) {
-    return `${this.KEY_PREFIX}${identity}:${sessionId}`;
+  getSessionKey(userId, sessionId) {
+    return `${this.KEY_PREFIX}${userId}:${sessionId}`;
   }
   /**
-   * Generates Redis key for tracking all sessions for an identity
+   * Generates Redis key for tracking all sessions for a user
    * @private
    */
-  getIdentityKey(identity) {
-    return `${this.IDENTITY_KEY_PREFIX}${identity}${this.IDENTITY_KEY_SUFFIX}`;
+  getUserIdKey(userId) {
+    return `${this.USER_ID_KEY_PREFIX}${userId}${this.USER_ID_KEY_SUFFIX}`;
   }
-  parseIdentityFromKey(identityKey) {
-    return identityKey.slice(
-      this.IDENTITY_KEY_PREFIX.length,
-      identityKey.length - this.IDENTITY_KEY_SUFFIX.length
+  parseUserIdFromKey(userIdKey) {
+    return userIdKey.slice(
+      this.USER_ID_KEY_PREFIX.length,
+      userIdKey.length - this.USER_ID_KEY_SUFFIX.length
     );
   }
   async scanKeys(pattern) {
@@ -196,7 +196,7 @@ var RedisStorageBackend = class {
         }
       } while (cursor !== "0");
     } catch (error) {
-      console.warn("[RedisStorage] SCAN failed, falling back to KEYS:", error);
+      console.warn("[RedisStorageBackend] SCAN failed, falling back to KEYS:", error);
       return await this.redis.keys(pattern);
     }
     return Array.from(keys);
@@ -204,11 +204,11 @@ var RedisStorageBackend = class {
   generateSessionId() {
     return generateSessionId();
   }
-  async createSession(session, ttl) {
-    const { sessionId, identity } = session;
-    if (!sessionId || !identity) throw new Error("identity and sessionId required");
-    const sessionKey = this.getSessionKey(identity, sessionId);
-    const identityKey = this.getIdentityKey(identity);
+  async create(session, ttl) {
+    const { sessionId, userId } = session;
+    if (!sessionId || !userId) throw new Error("userId and sessionId required");
+    const sessionKey = this.getSessionKey(userId, sessionId);
+    const userIdKey = this.getUserIdKey(userId);
     const effectiveTtl = ttl ?? this.DEFAULT_TTL;
     const result = await this.redis.set(
       sessionKey,
@@ -220,10 +220,10 @@ var RedisStorageBackend = class {
     if (result !== "OK") {
       throw new Error(`Session ${sessionId} already exists`);
     }
-    await this.redis.sadd(identityKey, sessionId);
+    await this.redis.sadd(userIdKey, sessionId);
   }
-  async updateSession(identity, sessionId, data, ttl) {
-    const sessionKey = this.getSessionKey(identity, sessionId);
+  async update(userId, sessionId, data, ttl) {
+    const sessionKey = this.getSessionKey(userId, sessionId);
     const effectiveTtl = ttl ?? this.DEFAULT_TTL;
     const script = `
             local currentStr = redis.call("GET", KEYS[1])
@@ -249,62 +249,62 @@ var RedisStorageBackend = class {
       effectiveTtl
     );
     if (result === 0) {
-      throw new Error(`Session ${sessionId} not found for identity ${identity}`);
+      throw new Error(`Session ${sessionId} not found for userId ${userId}`);
     }
   }
-  async getSession(identity, sessionId) {
+  async get(userId, sessionId) {
     try {
-      const sessionKey = this.getSessionKey(identity, sessionId);
+      const sessionKey = this.getSessionKey(userId, sessionId);
       const sessionDataStr = await this.redis.get(sessionKey);
       if (!sessionDataStr) {
         return null;
       }
-      const sessionData = JSON.parse(sessionDataStr);
-      return sessionData;
+      const Session = JSON.parse(sessionDataStr);
+      return Session;
     } catch (error) {
-      console.error("[RedisStorage] Failed to get session:", error);
+      console.error("[RedisStorageBackend] Failed to get session:", error);
       return null;
     }
   }
-  async getIdentityMcpSessions(identity) {
-    const sessions = await this.getIdentitySessionsData(identity);
-    return sessions.map((session) => session.sessionId);
+  async listIds(userId) {
+    const sessions2 = await this.list(userId);
+    return sessions2.map((session) => session.sessionId);
   }
-  async getIdentitySessionsData(identity) {
+  async list(userId) {
     try {
-      const identityKey = this.getIdentityKey(identity);
-      const sessionIds = await this.redis.smembers(identityKey);
+      const userIdKey = this.getUserIdKey(userId);
+      const sessionIds = await this.redis.smembers(userIdKey);
       if (sessionIds.length === 0) return [];
       const results = await Promise.all(
         sessionIds.map(async (sessionId) => {
-          const data = await this.redis.get(this.getSessionKey(identity, sessionId));
+          const data = await this.redis.get(this.getSessionKey(userId, sessionId));
           return data ? JSON.parse(data) : null;
         })
       );
       const staleSessionIds = sessionIds.filter((_, index) => results[index] === null);
       if (staleSessionIds.length > 0) {
-        await this.redis.srem(identityKey, ...staleSessionIds);
+        await this.redis.srem(userIdKey, ...staleSessionIds);
       }
       return results.filter((session) => session !== null);
     } catch (error) {
-      console.error(`[RedisStorage] Failed to get session data for ${identity}:`, error);
+      console.error(`[RedisStorageBackend] Failed to get session data for ${userId}:`, error);
       return [];
     }
   }
-  async removeSession(identity, sessionId) {
+  async delete(userId, sessionId) {
     try {
-      const sessionKey = this.getSessionKey(identity, sessionId);
-      const identityKey = this.getIdentityKey(identity);
-      await this.redis.srem(identityKey, sessionId);
+      const sessionKey = this.getSessionKey(userId, sessionId);
+      const userIdKey = this.getUserIdKey(userId);
+      await this.redis.srem(userIdKey, sessionId);
       await this.redis.del(sessionKey);
     } catch (error) {
-      console.error("[RedisStorage] Failed to remove session:", error);
+      console.error("[RedisStorageBackend] Failed to remove session:", error);
     }
   }
-  async getAllSessionIds() {
+  async listAllIds() {
     try {
       const keys = await this.scanKeys(`${this.KEY_PREFIX}*`);
-      const sessions = await Promise.all(
+      const sessions2 = await Promise.all(
         keys.map(async (key) => {
           const data = await this.redis.get(key);
           if (!data) {
@@ -313,60 +313,60 @@ var RedisStorageBackend = class {
           try {
             return JSON.parse(data).sessionId;
           } catch (error) {
-            console.error("[RedisStorage] Failed to parse session while listing all session IDs:", error);
+            console.error("[RedisStorageBackend] Failed to parse session while listing all session IDs:", error);
             return null;
           }
         })
       );
-      return sessions.filter((sessionId) => sessionId !== null);
+      return sessions2.filter((sessionId) => sessionId !== null);
     } catch (error) {
-      console.error("[RedisStorage] Failed to get all sessions:", error);
+      console.error("[RedisStorageBackend] Failed to get all sessions:", error);
       return [];
     }
   }
   async clearAll() {
     try {
       const keys = await this.scanKeys(`${this.KEY_PREFIX}*`);
-      const identityKeys = await this.scanKeys(`${this.IDENTITY_KEY_PREFIX}*${this.IDENTITY_KEY_SUFFIX}`);
-      const allKeys = [...keys, ...identityKeys];
+      const userIdKeys = await this.scanKeys(`${this.USER_ID_KEY_PREFIX}*${this.USER_ID_KEY_SUFFIX}`);
+      const allKeys = [...keys, ...userIdKeys];
       if (allKeys.length > 0) {
         await this.redis.del(...allKeys);
       }
     } catch (error) {
-      console.error("[RedisStorage] Failed to clear sessions:", error);
+      console.error("[RedisStorageBackend] Failed to clear sessions:", error);
     }
   }
-  async cleanupExpiredSessions() {
+  async cleanupExpired() {
     try {
-      const identityKeys = await this.scanKeys(`${this.IDENTITY_KEY_PREFIX}*${this.IDENTITY_KEY_SUFFIX}`);
-      for (const identityKey of identityKeys) {
-        const identity = this.parseIdentityFromKey(identityKey);
-        const sessionIds = await this.redis.smembers(identityKey);
+      const userIdKeys = await this.scanKeys(`${this.USER_ID_KEY_PREFIX}*${this.USER_ID_KEY_SUFFIX}`);
+      for (const userIdKey of userIdKeys) {
+        const userId = this.parseUserIdFromKey(userIdKey);
+        const sessionIds = await this.redis.smembers(userIdKey);
         if (sessionIds.length === 0) {
-          await this.redis.del(identityKey);
+          await this.redis.del(userIdKey);
           continue;
         }
         const existenceChecks = await Promise.all(
-          sessionIds.map((sessionId) => this.redis.exists(this.getSessionKey(identity, sessionId)))
+          sessionIds.map((sessionId) => this.redis.exists(this.getSessionKey(userId, sessionId)))
         );
         const staleSessionIds = sessionIds.filter((_, index) => existenceChecks[index] === 0);
         if (staleSessionIds.length > 0) {
-          await this.redis.srem(identityKey, ...staleSessionIds);
+          await this.redis.srem(userIdKey, ...staleSessionIds);
         }
-        const remainingCount = await this.redis.scard(identityKey);
+        const remainingCount = await this.redis.scard(userIdKey);
         if (remainingCount === 0) {
-          await this.redis.del(identityKey);
+          await this.redis.del(userIdKey);
         }
       }
     } catch (error) {
-      console.error("[RedisStorage] Failed to cleanup expired sessions:", error);
+      console.error("[RedisStorageBackend] Failed to cleanup expired sessions:", error);
     }
   }
   async disconnect() {
     try {
       await this.redis.quit();
     } catch (error) {
-      console.error("[RedisStorage] Failed to disconnect:", error);
+      console.error("[RedisStorageBackend] Failed to disconnect:", error);
     }
   }
 };
@@ -374,36 +374,36 @@ var RedisStorageBackend = class {
 // src/server/storage/memory-backend.ts
 var MemoryStorageBackend = class {
   constructor() {
-    // Map<identity:sessionId, SessionData>
+    // Map<userId:sessionId, Session>
     __publicField(this, "sessions", /* @__PURE__ */ new Map());
-    // Map<identity, Set<sessionId>>
-    __publicField(this, "identitySessions", /* @__PURE__ */ new Map());
+    // Map<userId, Set<sessionId>>
+    __publicField(this, "userIdSessions", /* @__PURE__ */ new Map());
   }
   async init() {
     console.log("[mcp-ts][Storage] Memory: \u2713 internal memory store active.");
   }
-  getSessionKey(identity, sessionId) {
-    return `${identity}:${sessionId}`;
+  getSessionKey(userId, sessionId) {
+    return `${userId}:${sessionId}`;
   }
   generateSessionId() {
     return generateSessionId();
   }
-  async createSession(session, ttl) {
-    const { sessionId, identity } = session;
-    if (!sessionId || !identity) throw new Error("identity and sessionId required");
-    const sessionKey = this.getSessionKey(identity, sessionId);
+  async create(session, ttl) {
+    const { sessionId, userId } = session;
+    if (!sessionId || !userId) throw new Error("userId and sessionId required");
+    const sessionKey = this.getSessionKey(userId, sessionId);
     if (this.sessions.has(sessionKey)) {
       throw new Error(`Session ${sessionId} already exists`);
     }
     this.sessions.set(sessionKey, session);
-    if (!this.identitySessions.has(identity)) {
-      this.identitySessions.set(identity, /* @__PURE__ */ new Set());
+    if (!this.userIdSessions.has(userId)) {
+      this.userIdSessions.set(userId, /* @__PURE__ */ new Set());
     }
-    this.identitySessions.get(identity).add(sessionId);
+    this.userIdSessions.get(userId).add(sessionId);
   }
-  async updateSession(identity, sessionId, data, ttl) {
-    if (!identity || !sessionId) throw new Error("identity and sessionId required");
-    const sessionKey = this.getSessionKey(identity, sessionId);
+  async update(userId, sessionId, data, ttl) {
+    if (!userId || !sessionId) throw new Error("userId and sessionId required");
+    const sessionKey = this.getSessionKey(userId, sessionId);
     const current = this.sessions.get(sessionKey);
     if (!current) {
       throw new Error(`Session ${sessionId} not found`);
@@ -414,45 +414,45 @@ var MemoryStorageBackend = class {
     };
     this.sessions.set(sessionKey, updated);
   }
-  async getSession(identity, sessionId) {
-    const sessionKey = this.getSessionKey(identity, sessionId);
+  async get(userId, sessionId) {
+    const sessionKey = this.getSessionKey(userId, sessionId);
     return this.sessions.get(sessionKey) || null;
   }
-  async getIdentityMcpSessions(identity) {
-    const set = this.identitySessions.get(identity);
+  async listIds(userId) {
+    const set = this.userIdSessions.get(userId);
     return set ? Array.from(set) : [];
   }
-  async getIdentitySessionsData(identity) {
-    const set = this.identitySessions.get(identity);
+  async list(userId) {
+    const set = this.userIdSessions.get(userId);
     if (!set) return [];
     const results = [];
     for (const sessionId of set) {
-      const session = this.sessions.get(this.getSessionKey(identity, sessionId));
+      const session = this.sessions.get(this.getSessionKey(userId, sessionId));
       if (session) {
         results.push(session);
       }
     }
     return results;
   }
-  async removeSession(identity, sessionId) {
-    const sessionKey = this.getSessionKey(identity, sessionId);
+  async delete(userId, sessionId) {
+    const sessionKey = this.getSessionKey(userId, sessionId);
     this.sessions.delete(sessionKey);
-    const set = this.identitySessions.get(identity);
+    const set = this.userIdSessions.get(userId);
     if (set) {
       set.delete(sessionId);
       if (set.size === 0) {
-        this.identitySessions.delete(identity);
+        this.userIdSessions.delete(userId);
       }
     }
   }
-  async getAllSessionIds() {
+  async listAllIds() {
     return Array.from(this.sessions.values()).map((s) => s.sessionId);
   }
   async clearAll() {
     this.sessions.clear();
-    this.identitySessions.clear();
+    this.userIdSessions.clear();
   }
-  async cleanupExpiredSessions() {
+  async cleanupExpired() {
   }
   async disconnect() {
   }
@@ -480,7 +480,7 @@ var FileStorageBackend = class {
       this.memoryCache = /* @__PURE__ */ new Map();
       if (Array.isArray(json)) {
         json.forEach((s) => {
-          this.memoryCache.set(this.getSessionKey(s.identity || "unknown", s.sessionId), s);
+          this.memoryCache.set(this.getSessionKey(s.userId || "unknown", s.sessionId), s);
         });
       }
     } catch (error) {
@@ -500,30 +500,30 @@ var FileStorageBackend = class {
   }
   async flush() {
     if (!this.memoryCache) return;
-    const sessions = Array.from(this.memoryCache.values());
-    await promises.writeFile(this.filePath, JSON.stringify(sessions, null, 2), "utf-8");
+    const sessions2 = Array.from(this.memoryCache.values());
+    await promises.writeFile(this.filePath, JSON.stringify(sessions2, null, 2), "utf-8");
   }
-  getSessionKey(identity, sessionId) {
-    return `${identity}:${sessionId}`;
+  getSessionKey(userId, sessionId) {
+    return `${userId}:${sessionId}`;
   }
   generateSessionId() {
     return generateSessionId();
   }
-  async createSession(session, ttl) {
+  async create(session, ttl) {
     await this.ensureInitialized();
-    const { sessionId, identity } = session;
-    if (!sessionId || !identity) throw new Error("identity and sessionId required");
-    const sessionKey = this.getSessionKey(identity, sessionId);
+    const { sessionId, userId } = session;
+    if (!sessionId || !userId) throw new Error("userId and sessionId required");
+    const sessionKey = this.getSessionKey(userId, sessionId);
     if (this.memoryCache.has(sessionKey)) {
       throw new Error(`Session ${sessionId} already exists`);
     }
     this.memoryCache.set(sessionKey, session);
     await this.flush();
   }
-  async updateSession(identity, sessionId, data, ttl) {
+  async update(userId, sessionId, data, ttl) {
     await this.ensureInitialized();
-    if (!identity || !sessionId) throw new Error("identity and sessionId required");
-    const sessionKey = this.getSessionKey(identity, sessionId);
+    if (!userId || !sessionId) throw new Error("userId and sessionId required");
+    const sessionKey = this.getSessionKey(userId, sessionId);
     const current = this.memoryCache.get(sessionKey);
     if (!current) {
       throw new Error(`Session ${sessionId} not found`);
@@ -535,27 +535,27 @@ var FileStorageBackend = class {
     this.memoryCache.set(sessionKey, updated);
     await this.flush();
   }
-  async getSession(identity, sessionId) {
+  async get(userId, sessionId) {
     await this.ensureInitialized();
-    const sessionKey = this.getSessionKey(identity, sessionId);
+    const sessionKey = this.getSessionKey(userId, sessionId);
     return this.memoryCache.get(sessionKey) || null;
   }
-  async getIdentitySessionsData(identity) {
+  async list(userId) {
     await this.ensureInitialized();
-    return Array.from(this.memoryCache.values()).filter((s) => s.identity === identity);
+    return Array.from(this.memoryCache.values()).filter((s) => s.userId === userId);
   }
-  async getIdentityMcpSessions(identity) {
+  async listIds(userId) {
     await this.ensureInitialized();
-    return Array.from(this.memoryCache.values()).filter((s) => s.identity === identity).map((s) => s.sessionId);
+    return Array.from(this.memoryCache.values()).filter((s) => s.userId === userId).map((s) => s.sessionId);
   }
-  async removeSession(identity, sessionId) {
+  async delete(userId, sessionId) {
     await this.ensureInitialized();
-    const sessionKey = this.getSessionKey(identity, sessionId);
+    const sessionKey = this.getSessionKey(userId, sessionId);
     if (this.memoryCache.delete(sessionKey)) {
       await this.flush();
     }
   }
-  async getAllSessionIds() {
+  async listAllIds() {
     await this.ensureInitialized();
     return Array.from(this.memoryCache.values()).map((s) => s.sessionId);
   }
@@ -564,7 +564,7 @@ var FileStorageBackend = class {
     this.memoryCache.clear();
     await this.flush();
   }
-  async cleanupExpiredSessions() {
+  async cleanupExpired() {
     await this.ensureInitialized();
   }
   async disconnect() {
@@ -591,11 +591,11 @@ var SqliteStorage = class {
       this.db.exec(`
                 CREATE TABLE IF NOT EXISTS ${this.table} (
                     sessionId TEXT PRIMARY KEY,
-                    identity TEXT NOT NULL,
+                    userId TEXT NOT NULL,
                     data TEXT NOT NULL,
                     expiresAt INTEGER
                 );
-                CREATE INDEX IF NOT EXISTS idx_${this.table}_identity ON ${this.table}(identity);
+                CREATE INDEX IF NOT EXISTS idx_${this.table}_userId ON ${this.table}(userId);
             `);
       this.initialized = true;
       console.log(`[mcp-ts][Storage] SQLite: \u2713 database at ${this.dbPath} verified.`);
@@ -616,18 +616,18 @@ var SqliteStorage = class {
   generateSessionId() {
     return generateSessionId();
   }
-  async createSession(session, ttl) {
+  async create(session, ttl) {
     this.ensureInitialized();
-    const { sessionId, identity } = session;
-    if (!sessionId || !identity) {
-      throw new Error("identity and sessionId required");
+    const { sessionId, userId } = session;
+    if (!sessionId || !userId) {
+      throw new Error("userId and sessionId required");
     }
     const expiresAt = ttl ? Date.now() + ttl * 1e3 : null;
     try {
       const stmt = this.db.prepare(
-        `INSERT INTO ${this.table} (sessionId, identity, data, expiresAt) VALUES (?, ?, ?, ?)`
+        `INSERT INTO ${this.table} (sessionId, userId, data, expiresAt) VALUES (?, ?, ?, ?)`
       );
-      stmt.run(sessionId, identity, JSON.stringify(session), expiresAt);
+      stmt.run(sessionId, userId, JSON.stringify(session), expiresAt);
     } catch (error) {
       if (error.code === "SQLITE_CONSTRAINT_PRIMARYKEY") {
         throw new Error(`Session ${sessionId} already exists`);
@@ -635,55 +635,55 @@ var SqliteStorage = class {
       throw error;
     }
   }
-  async updateSession(identity, sessionId, data, ttl) {
+  async update(userId, sessionId, data, ttl) {
     this.ensureInitialized();
-    if (!sessionId || !identity) {
-      throw new Error("identity and sessionId required");
+    if (!sessionId || !userId) {
+      throw new Error("userId and sessionId required");
     }
-    const currentSession = await this.getSession(identity, sessionId);
+    const currentSession = await this.get(userId, sessionId);
     if (!currentSession) {
-      throw new Error(`Session ${sessionId} not found for identity ${identity}`);
+      throw new Error(`Session ${sessionId} not found for userId ${userId}`);
     }
     const updatedSession = { ...currentSession, ...data };
     const expiresAt = ttl ? Date.now() + ttl * 1e3 : null;
     const stmt = this.db.prepare(
-      `UPDATE ${this.table} SET data = ?, expiresAt = ? WHERE sessionId = ? AND identity = ?`
+      `UPDATE ${this.table} SET data = ?, expiresAt = ? WHERE sessionId = ? AND userId = ?`
     );
-    stmt.run(JSON.stringify(updatedSession), expiresAt, sessionId, identity);
+    stmt.run(JSON.stringify(updatedSession), expiresAt, sessionId, userId);
   }
-  async getSession(identity, sessionId) {
+  async get(userId, sessionId) {
     this.ensureInitialized();
     const stmt = this.db.prepare(
-      `SELECT data FROM ${this.table} WHERE sessionId = ? AND identity = ?`
+      `SELECT data FROM ${this.table} WHERE sessionId = ? AND userId = ?`
     );
-    const row = stmt.get(sessionId, identity);
+    const row = stmt.get(sessionId, userId);
     if (!row) return null;
     return JSON.parse(row.data);
   }
-  async getIdentitySessionsData(identity) {
+  async list(userId) {
     this.ensureInitialized();
     const stmt = this.db.prepare(
-      `SELECT data FROM ${this.table} WHERE identity = ?`
+      `SELECT data FROM ${this.table} WHERE userId = ?`
     );
-    const rows = stmt.all(identity);
+    const rows = stmt.all(userId);
     return rows.map((row) => JSON.parse(row.data));
   }
-  async getIdentityMcpSessions(identity) {
+  async listIds(userId) {
     this.ensureInitialized();
     const stmt = this.db.prepare(
-      `SELECT sessionId FROM ${this.table} WHERE identity = ?`
+      `SELECT sessionId FROM ${this.table} WHERE userId = ?`
     );
-    const rows = stmt.all(identity);
+    const rows = stmt.all(userId);
     return rows.map((row) => row.sessionId);
   }
-  async removeSession(identity, sessionId) {
+  async delete(userId, sessionId) {
     this.ensureInitialized();
     const stmt = this.db.prepare(
-      `DELETE FROM ${this.table} WHERE sessionId = ? AND identity = ?`
+      `DELETE FROM ${this.table} WHERE sessionId = ? AND userId = ?`
     );
-    stmt.run(sessionId, identity);
+    stmt.run(sessionId, userId);
   }
-  async getAllSessionIds() {
+  async listAllIds() {
     this.ensureInitialized();
     const stmt = this.db.prepare(`SELECT sessionId FROM ${this.table}`);
     const rows = stmt.all();
@@ -694,7 +694,7 @@ var SqliteStorage = class {
     const stmt = this.db.prepare(`DELETE FROM ${this.table}`);
     stmt.run();
   }
-  async cleanupExpiredSessions() {
+  async cleanupExpired() {
     this.ensureInitialized();
     const now = Date.now();
     const stmt = this.db.prepare(
@@ -805,7 +805,7 @@ var SupabaseStorageBackend = class {
       transportType: row.transport_type,
       callbackUrl: row.callback_url,
       createdAt: new Date(row.created_at).getTime(),
-      identity: row.identity,
+      userId: row.user_id,
       headers: decryptObject(row.headers),
       active: row.active,
       clientInformation: row.client_information,
@@ -814,22 +814,21 @@ var SupabaseStorageBackend = class {
       clientId: row.client_id
     };
   }
-  async createSession(session, ttl) {
-    const { sessionId, identity } = session;
-    if (!sessionId || !identity) throw new Error("identity and sessionId required");
+  async create(session, ttl) {
+    const { sessionId, userId } = session;
+    if (!sessionId || !userId) throw new Error("userId and sessionId required");
     const effectiveTtl = ttl ?? this.DEFAULT_TTL;
     const expiresAt = new Date(Date.now() + effectiveTtl * 1e3).toISOString();
     const { error } = await this.supabase.from("mcp_sessions").insert({
       session_id: sessionId,
-      user_id: identity,
-      // Maps user_id to identity to support RLS using auth.uid()
+      user_id: userId,
+      // Maps user_id to userId to support RLS using auth.uid()
       server_id: session.serverId,
       server_name: session.serverName,
       server_url: session.serverUrl,
       transport_type: session.transportType,
       callback_url: session.callbackUrl,
       created_at: new Date(session.createdAt || Date.now()).toISOString(),
-      identity,
       headers: encryptObject(session.headers),
       active: session.active ?? false,
       client_information: session.clientInformation,
@@ -845,7 +844,7 @@ var SupabaseStorageBackend = class {
       throw new Error(`Failed to create session in Supabase: ${error.message}`);
     }
   }
-  async updateSession(identity, sessionId, data, ttl) {
+  async update(userId, sessionId, data, ttl) {
     const effectiveTtl = ttl ?? this.DEFAULT_TTL;
     const expiresAt = new Date(Date.now() + effectiveTtl * 1e3).toISOString();
     const updateData = {
@@ -863,16 +862,16 @@ var SupabaseStorageBackend = class {
     if ("tokens" in data) updateData.tokens = encryptObject(data.tokens);
     if ("codeVerifier" in data) updateData.code_verifier = data.codeVerifier;
     if ("clientId" in data) updateData.client_id = data.clientId;
-    const { data: updatedRows, error } = await this.supabase.from("mcp_sessions").update(updateData).eq("identity", identity).eq("session_id", sessionId).select("id");
+    const { data: updatedRows, error } = await this.supabase.from("mcp_sessions").update(updateData).eq("user_id", userId).eq("session_id", sessionId).select("id");
     if (error) {
       throw new Error(`Failed to update session: ${error.message}`);
     }
     if (!updatedRows || updatedRows.length === 0) {
-      throw new Error(`Session ${sessionId} not found for identity ${identity}`);
+      throw new Error(`Session ${sessionId} not found for userId ${userId}`);
     }
   }
-  async getSession(identity, sessionId) {
-    const { data, error } = await this.supabase.from("mcp_sessions").select("*").eq("identity", identity).eq("session_id", sessionId).maybeSingle();
+  async get(userId, sessionId) {
+    const { data, error } = await this.supabase.from("mcp_sessions").select("*").eq("user_id", userId).eq("session_id", sessionId).maybeSingle();
     if (error) {
       console.error("[SupabaseStorage] Failed to get session:", error);
       return null;
@@ -880,29 +879,29 @@ var SupabaseStorageBackend = class {
     if (!data) return null;
     return this.mapRowToSessionData(data);
   }
-  async getIdentitySessionsData(identity) {
-    const { data, error } = await this.supabase.from("mcp_sessions").select("*").eq("identity", identity);
+  async list(userId) {
+    const { data, error } = await this.supabase.from("mcp_sessions").select("*").eq("user_id", userId);
     if (error) {
-      console.error(`[SupabaseStorage] Failed to get session data for ${identity}:`, error);
+      console.error(`[SupabaseStorage] Failed to get session data for ${userId}:`, error);
       return [];
     }
     return data.map((row) => this.mapRowToSessionData(row));
   }
-  async removeSession(identity, sessionId) {
-    const { error } = await this.supabase.from("mcp_sessions").delete().eq("identity", identity).eq("session_id", sessionId);
+  async delete(userId, sessionId) {
+    const { error } = await this.supabase.from("mcp_sessions").delete().eq("user_id", userId).eq("session_id", sessionId);
     if (error) {
       console.error("[SupabaseStorage] Failed to remove session:", error);
     }
   }
-  async getIdentityMcpSessions(identity) {
-    const { data, error } = await this.supabase.from("mcp_sessions").select("session_id").eq("identity", identity);
+  async listIds(userId) {
+    const { data, error } = await this.supabase.from("mcp_sessions").select("session_id").eq("user_id", userId);
     if (error) {
-      console.error(`[SupabaseStorage] Failed to get sessions for ${identity}:`, error);
+      console.error(`[SupabaseStorage] Failed to get sessions for ${userId}:`, error);
       return [];
     }
     return data.map((row) => row.session_id);
   }
-  async getAllSessionIds() {
+  async listAllIds() {
     const { data, error } = await this.supabase.from("mcp_sessions").select("session_id");
     if (error) {
       console.error("[SupabaseStorage] Failed to get all sessions:", error);
@@ -916,7 +915,7 @@ var SupabaseStorageBackend = class {
       console.error("[SupabaseStorage] Failed to clear sessions:", error);
     }
   }
-  async cleanupExpiredSessions() {
+  async cleanupExpired() {
     const { error } = await this.supabase.from("mcp_sessions").delete().lt("expires_at", (/* @__PURE__ */ new Date()).toISOString());
     if (error) {
       console.error("[SupabaseStorage] Failed to cleanup expired sessions:", error);
@@ -926,7 +925,250 @@ var SupabaseStorageBackend = class {
   }
 };
 
+// src/server/storage/neon-backend.ts
+var NeonStorageBackend = class {
+  constructor(sql, options = {}) {
+    this.sql = sql;
+    __publicField(this, "DEFAULT_TTL", SESSION_TTL_SECONDS);
+    __publicField(this, "tableName");
+    const schema = options.schema || "public";
+    const table = options.table || "mcp_sessions";
+    this.tableName = `${this.quoteIdentifier(schema)}.${this.quoteIdentifier(table)}`;
+  }
+  async init() {
+    const [{ exists } = { exists: null }] = await this.sql.query(
+      "SELECT to_regclass($1) AS exists",
+      [this.tableName.replace(/"/g, "")]
+    );
+    if (!exists) {
+      throw new Error(
+        '[NeonStorage] Table "mcp_sessions" not found in your database. Please create it using the Neon storage guide in docs/storage-backends/neon.md.'
+      );
+    }
+    console.log('[mcp-ts][Storage] Neon: "mcp_sessions" table verified.');
+  }
+  generateSessionId() {
+    return generateSessionId();
+  }
+  quoteIdentifier(identifier) {
+    if (!/^[A-Za-z_][A-Za-z0-9_]*$/.test(identifier)) {
+      throw new Error(`Invalid Neon storage identifier: ${identifier}`);
+    }
+    return `"${identifier}"`;
+  }
+  mapRowToSessionData(row) {
+    return {
+      sessionId: row.session_id,
+      serverId: row.server_id ?? void 0,
+      serverName: row.server_name ?? void 0,
+      serverUrl: row.server_url,
+      transportType: row.transport_type,
+      callbackUrl: row.callback_url,
+      createdAt: new Date(row.created_at).getTime(),
+      userId: row.user_id,
+      headers: decryptObject(row.headers),
+      active: row.active ?? false,
+      clientInformation: row.client_information,
+      tokens: decryptObject(row.tokens),
+      codeVerifier: row.code_verifier ?? void 0,
+      clientId: row.client_id ?? void 0
+    };
+  }
+  async create(session, ttl) {
+    const { sessionId, userId } = session;
+    if (!sessionId || !userId) throw new Error("userId and sessionId required");
+    const effectiveTtl = ttl ?? this.DEFAULT_TTL;
+    const expiresAt = new Date(Date.now() + effectiveTtl * 1e3).toISOString();
+    try {
+      await this.sql.query(
+        `INSERT INTO ${this.tableName} (
+                    session_id,
+                    user_id,
+                    server_id,
+                    server_name,
+                    server_url,
+                    transport_type,
+                    callback_url,
+                    created_at,
+                    headers,
+                    active,
+                    client_information,
+                    tokens,
+                    code_verifier,
+                    client_id,
+                    expires_at
+                ) VALUES (
+                    $1, $2, $3, $4, $5, $6, $7, $8,
+                    $9, $10, $11, $12, $13, $14, $15
+                )`,
+        [
+          sessionId,
+          userId,
+          session.serverId,
+          session.serverName,
+          session.serverUrl,
+          session.transportType,
+          session.callbackUrl,
+          new Date(session.createdAt || Date.now()).toISOString(),
+          encryptObject(session.headers),
+          session.active ?? false,
+          session.clientInformation,
+          encryptObject(session.tokens),
+          session.codeVerifier,
+          session.clientId,
+          expiresAt
+        ]
+      );
+    } catch (error) {
+      if (error.code === "23505") {
+        throw new Error(`Session ${sessionId} already exists`);
+      }
+      throw new Error(`Failed to create session in Neon: ${error.message}`);
+    }
+  }
+  async update(userId, sessionId, data, ttl) {
+    const currentSession = await this.get(userId, sessionId);
+    if (!currentSession) {
+      throw new Error(`Session ${sessionId} not found for userId ${userId}`);
+    }
+    const updatedSession = { ...currentSession, ...data };
+    const effectiveTtl = ttl ?? this.DEFAULT_TTL;
+    const expiresAt = new Date(Date.now() + effectiveTtl * 1e3).toISOString();
+    const updatedRows = await this.sql.query(
+      `UPDATE ${this.tableName}
+             SET
+                server_id = $1,
+                server_name = $2,
+                server_url = $3,
+                transport_type = $4,
+                callback_url = $5,
+                active = $6,
+                headers = $7,
+                client_information = $8,
+                tokens = $9,
+                code_verifier = $10,
+                client_id = $11,
+                expires_at = $12,
+                updated_at = now()
+             WHERE user_id = $13 AND session_id = $14
+             RETURNING id`,
+      [
+        updatedSession.serverId,
+        updatedSession.serverName,
+        updatedSession.serverUrl,
+        updatedSession.transportType,
+        updatedSession.callbackUrl,
+        updatedSession.active ?? false,
+        encryptObject(updatedSession.headers),
+        updatedSession.clientInformation,
+        encryptObject(updatedSession.tokens),
+        updatedSession.codeVerifier,
+        updatedSession.clientId,
+        expiresAt,
+        userId,
+        sessionId
+      ]
+    );
+    if (updatedRows.length === 0) {
+      throw new Error(`Session ${sessionId} not found for userId ${userId}`);
+    }
+  }
+  async get(userId, sessionId) {
+    try {
+      const rows = await this.sql.query(
+        `SELECT * FROM ${this.tableName} WHERE user_id = $1 AND session_id = $2`,
+        [userId, sessionId]
+      );
+      return rows[0] ? this.mapRowToSessionData(rows[0]) : null;
+    } catch (error) {
+      console.error("[NeonStorage] Failed to get session:", error);
+      return null;
+    }
+  }
+  async list(userId) {
+    try {
+      const rows = await this.sql.query(
+        `SELECT * FROM ${this.tableName} WHERE user_id = $1`,
+        [userId]
+      );
+      return rows.map((row) => this.mapRowToSessionData(row));
+    } catch (error) {
+      console.error(`[NeonStorage] Failed to get session data for ${userId}:`, error);
+      return [];
+    }
+  }
+  async delete(userId, sessionId) {
+    try {
+      await this.sql.query(
+        `DELETE FROM ${this.tableName} WHERE user_id = $1 AND session_id = $2`,
+        [userId, sessionId]
+      );
+    } catch (error) {
+      console.error("[NeonStorage] Failed to remove session:", error);
+    }
+  }
+  async listIds(userId) {
+    try {
+      const rows = await this.sql.query(
+        `SELECT session_id FROM ${this.tableName} WHERE user_id = $1`,
+        [userId]
+      );
+      return rows.map((row) => row.session_id);
+    } catch (error) {
+      console.error(`[NeonStorage] Failed to get sessions for ${userId}:`, error);
+      return [];
+    }
+  }
+  async listAllIds() {
+    try {
+      const rows = await this.sql.query(
+        `SELECT session_id FROM ${this.tableName}`
+      );
+      return rows.map((row) => row.session_id);
+    } catch (error) {
+      console.error("[NeonStorage] Failed to get all sessions:", error);
+      return [];
+    }
+  }
+  async clearAll() {
+    try {
+      await this.sql.query(`DELETE FROM ${this.tableName}`);
+    } catch (error) {
+      console.error("[NeonStorage] Failed to clear sessions:", error);
+    }
+  }
+  async cleanupExpired() {
+    try {
+      await this.sql.query(
+        `DELETE FROM ${this.tableName} WHERE expires_at < $1`,
+        [(/* @__PURE__ */ new Date()).toISOString()]
+      );
+    } catch (error) {
+      console.error("[NeonStorage] Failed to cleanup expired sessions:", error);
+    }
+  }
+  async disconnect() {
+  }
+};
+
 // src/server/storage/index.ts
+function warnIfNeonConnectionStringIsInsecure(connectionString) {
+  try {
+    const url = new URL(connectionString);
+    const sslMode = url.searchParams.get("sslmode");
+    const channelBinding = url.searchParams.get("channel_binding");
+    if (!sslMode) {
+      console.warn("[mcp-ts][Storage] Neon connection string does not include sslmode. Neon recommends sslmode=verify-full for the strongest certificate verification.");
+    } else if (!["verify-full", "require"].includes(sslMode)) {
+      console.warn(`[mcp-ts][Storage] Neon connection string uses sslmode=${sslMode}. Use sslmode=verify-full or sslmode=require for secure connections.`);
+    }
+    if (!channelBinding) {
+      console.warn("[mcp-ts][Storage] Neon connection string does not include channel_binding=require. Add it when supported by your runtime and connection path.");
+    }
+  } catch {
+    console.warn("[mcp-ts][Storage] Neon connection string could not be parsed for SSL checks.");
+  }
+}
 var storageInstance = null;
 var storagePromise = null;
 async function initializeStorage(store) {
@@ -983,6 +1225,24 @@ async function createStorage() {
       }
     }
   }
+  if (type === "neon") {
+    const connectionString = process.env.NEON_DATABASE_URL || process.env.DATABASE_URL;
+    if (!connectionString) {
+      console.warn('[mcp-ts][Storage] Explicit selection "neon" requires NEON_DATABASE_URL or DATABASE_URL.');
+    } else {
+      try {
+        const { neon } = await import('@neondatabase/serverless');
+        warnIfNeonConnectionStringIsInsecure(connectionString);
+        const sql = neon(connectionString);
+        console.log('[mcp-ts][Storage] Explicit selection: "neon"');
+        return await initializeStorage(new NeonStorageBackend(sql));
+      } catch (error) {
+        console.error("[mcp-ts][Storage] Failed to initialize Neon:", error.message);
+        console.log("[mcp-ts][Storage] Falling back to In-Memory storage");
+        return await initializeStorage(new MemoryStorageBackend());
+      }
+    }
+  }
   if (type === "memory") {
     console.log('[mcp-ts][Storage] Explicit selection: "memory"');
     return await initializeStorage(new MemoryStorageBackend());
@@ -1021,6 +1281,17 @@ async function createStorage() {
       console.error("[mcp-ts][Storage] Supabase auto-detection failed:", error.message);
     }
   }
+  if (process.env.NEON_DATABASE_URL) {
+    try {
+      const { neon } = await import('@neondatabase/serverless');
+      warnIfNeonConnectionStringIsInsecure(process.env.NEON_DATABASE_URL);
+      const sql = neon(process.env.NEON_DATABASE_URL);
+      console.log('[mcp-ts][Storage] Auto-detection: "neon" (via NEON_DATABASE_URL)');
+      return await initializeStorage(new NeonStorageBackend(sql));
+    } catch (error) {
+      console.error("[mcp-ts][Storage] Neon auto-detection failed:", error.message);
+    }
+  }
   console.log('[mcp-ts][Storage] Defaulting to: "memory"');
   return await initializeStorage(new MemoryStorageBackend());
 }
@@ -1037,7 +1308,7 @@ async function getStorage() {
   storageInstance = await storagePromise;
   return storageInstance;
 }
-var storage = new Proxy({}, {
+var sessions = new Proxy({}, {
   get(_target, prop) {
     return async (...args) => {
       const instance = await getStorage();
@@ -1053,11 +1324,11 @@ var storage = new Proxy({}, {
 // src/server/mcp/storage-oauth-provider.ts
 var StorageOAuthClientProvider = class {
   /**
-   * Creates a new storage-backed OAuth provider
+   * Creates a new session-backed OAuth provider
    * @param options - Provider configuration
    */
   constructor(options) {
-    __publicField(this, "identity");
+    __publicField(this, "userId");
     __publicField(this, "serverId");
     __publicField(this, "sessionId");
     __publicField(this, "redirectUrl");
@@ -1070,7 +1341,7 @@ var StorageOAuthClientProvider = class {
     __publicField(this, "_clientId");
     __publicField(this, "onRedirectCallback");
     __publicField(this, "tokenExpiresAt");
-    this.identity = options.identity;
+    this.userId = options.userId;
     this.serverId = options.serverId;
     this.sessionId = options.sessionId;
     this.redirectUrl = options.redirectUrl;
@@ -1103,24 +1374,24 @@ var StorageOAuthClientProvider = class {
     this._clientId = clientId_;
   }
   /**
-   * Loads OAuth data from storage session
+   * Loads OAuth data from the session store
    * @private
    */
   async getSessionData() {
-    const data = await storage.getSession(this.identity, this.sessionId);
+    const data = await sessions.get(this.userId, this.sessionId);
     if (!data) {
       return {};
     }
     return data;
   }
   /**
-   * Saves OAuth data to storage
+   * Saves OAuth data to the session store
    * @param data - Partial OAuth data to save
    * @private
    * @throws Error if session doesn't exist (session must be created by controller layer)
    */
   async saveSessionData(data) {
-    await storage.updateSession(this.identity, this.sessionId, data);
+    await sessions.update(this.userId, this.sessionId, data);
   }
   /**
    * Retrieves stored OAuth client information
@@ -1168,7 +1439,7 @@ var StorageOAuthClientProvider = class {
     return this.sessionId;
   }
   async checkState(_state) {
-    const data = await storage.getSession(this.identity, this.sessionId);
+    const data = await sessions.get(this.userId, this.sessionId);
     if (!data) {
       return { valid: false, error: "Session not found" };
     }
@@ -1184,7 +1455,7 @@ var StorageOAuthClientProvider = class {
   }
   async invalidateCredentials(scope) {
     if (scope === "all") {
-      await storage.removeSession(this.identity, this.sessionId);
+      await sessions.delete(this.userId, this.sessionId);
     } else {
       const updates = {};
       if (scope === "client") {
@@ -1310,14 +1581,14 @@ var RpcErrorCodes = {
 var MCPClient = class _MCPClient {
   /**
    * Creates a new MCP client instance
-   * Can be initialized with minimal options (identity + sessionId) for session restoration
+   * Can be initialized with minimal options (userId + sessionId) for session restoration
    * @param options - Client configuration options
    */
   constructor(options) {
     __publicField(this, "client", null);
     __publicField(this, "oauthProvider", null);
     __publicField(this, "transport", null);
-    __publicField(this, "identity");
+    __publicField(this, "userId");
     __publicField(this, "serverId");
     __publicField(this, "sessionId");
     __publicField(this, "serverName");
@@ -1344,7 +1615,7 @@ var MCPClient = class _MCPClient {
     this.serverName = options.serverName;
     this.callbackUrl = options.callbackUrl;
     this.onRedirect = options.onRedirect;
-    this.identity = options.identity;
+    this.userId = options.userId;
     this.serverId = options.serverId;
     this.sessionId = options.sessionId;
     this.transportType = options.transportType;
@@ -1483,7 +1754,7 @@ var MCPClient = class _MCPClient {
     this.emitStateChange("INITIALIZING");
     this.emitProgress("Loading session configuration...");
     if (!this.serverUrl || !this.callbackUrl || !this.serverId) {
-      const sessionData = await storage.getSession(this.identity, this.sessionId);
+      const sessionData = await sessions.get(this.userId, this.sessionId);
       if (!sessionData) {
         throw new Error(`Session not found: ${this.sessionId}`);
       }
@@ -1502,7 +1773,7 @@ var MCPClient = class _MCPClient {
         throw new Error("serverId required for OAuth provider initialization");
       }
       this.oauthProvider = new StorageOAuthClientProvider({
-        identity: this.identity,
+        userId: this.userId,
         serverId: this.serverId,
         sessionId: this.sessionId,
         redirectUrl: this.callbackUrl,
@@ -1536,18 +1807,18 @@ var MCPClient = class _MCPClient {
         }
       );
     }
-    const existingSession = await storage.getSession(this.identity, this.sessionId);
+    const existingSession = await sessions.get(this.userId, this.sessionId);
     if (!existingSession && this.serverId && this.serverUrl && this.callbackUrl) {
       this.createdAt = Date.now();
       console.log(`[MCPClient] Creating initial session ${this.sessionId} for OAuth flow`);
-      await storage.createSession({
+      await sessions.create({
         sessionId: this.sessionId,
-        identity: this.identity,
+        userId: this.userId,
         serverId: this.serverId,
         serverName: this.serverName,
         serverUrl: this.serverUrl,
         callbackUrl: this.callbackUrl,
-        transportType: this.transportType || "streamable_http",
+        transportType: this.transportType || "streamable-http",
         headers: this.headers,
         createdAt: this.createdAt,
         active: false
@@ -1555,7 +1826,7 @@ var MCPClient = class _MCPClient {
     }
   }
   /**
-   * Saves current session state to storage
+   * Saves current session state to the session store
    * Creates new session if it doesn't exist, updates if it does
    * @param ttl - Time-to-live in seconds (defaults to 12hr for connected sessions)
    * @param active - Session status marker used to avoid unnecessary TTL rewrites
@@ -1567,21 +1838,21 @@ var MCPClient = class _MCPClient {
     }
     const sessionData = {
       sessionId: this.sessionId,
-      identity: this.identity,
+      userId: this.userId,
       serverId: this.serverId,
       serverName: this.serverName,
       serverUrl: this.serverUrl,
       callbackUrl: this.callbackUrl,
-      transportType: this.transportType || "streamable_http",
+      transportType: this.transportType || "streamable-http",
       headers: this.headers,
       createdAt: this.createdAt || Date.now(),
       active
     };
-    const existingSession = await storage.getSession(this.identity, this.sessionId);
+    const existingSession = await sessions.get(this.userId, this.sessionId);
     if (existingSession) {
-      await storage.updateSession(this.identity, this.sessionId, sessionData, ttl);
+      await sessions.update(this.userId, this.sessionId, sessionData, ttl);
     } else {
-      await storage.createSession(sessionData, ttl);
+      await sessions.create(sessionData, ttl);
     }
   }
   /**
@@ -1590,7 +1861,7 @@ var MCPClient = class _MCPClient {
    * @private
    */
   async tryConnect() {
-    const transportsToTry = this.transportType ? [this.transportType] : ["streamable_http", "sse"];
+    const transportsToTry = this.transportType ? [this.transportType] : ["streamable-http", "sse"];
     let lastError;
     for (const currentType of transportsToTry) {
       const isLastAttempt = currentType === transportsToTry[transportsToTry.length - 1];
@@ -1662,7 +1933,7 @@ var MCPClient = class _MCPClient {
           this.emitError(message, "auth");
           this.emitStateChange("FAILED");
           try {
-            await storage.removeSession(this.identity, this.sessionId);
+            await sessions.delete(this.userId, this.sessionId);
           } catch {
           }
           throw new Error(message);
@@ -1688,9 +1959,9 @@ var MCPClient = class _MCPClient {
       this.emitError(errorMessage, "connection");
       this.emitStateChange("FAILED");
       try {
-        const existingSession = await storage.getSession(this.identity, this.sessionId);
+        const existingSession = await sessions.get(this.userId, this.sessionId);
         if (!existingSession || existingSession.active !== true) {
-          await storage.removeSession(this.identity, this.sessionId);
+          await sessions.delete(this.userId, this.sessionId);
         }
       } catch {
       }
@@ -1714,7 +1985,7 @@ var MCPClient = class _MCPClient {
       this.emitStateChange("FAILED");
       throw new Error(error);
     }
-    const transportsToTry = this.transportType ? [this.transportType] : ["streamable_http", "sse"];
+    const transportsToTry = this.transportType ? [this.transportType] : ["streamable-http", "sse"];
     let lastError;
     let tokensExchanged = false;
     let authenticatedStateEmitted = false;
@@ -2038,7 +2309,7 @@ var MCPClient = class _MCPClient {
       },
       { capabilities: {} }
     );
-    const tt = this.transportType || "streamable_http";
+    const tt = this.transportType || "streamable-http";
     this.transport = this.getTransport(tt);
     await this.client.connect(this.transport);
   }
@@ -2055,7 +2326,7 @@ var MCPClient = class _MCPClient {
     if (this.oauthProvider) {
       await this.oauthProvider.invalidateCredentials("all");
     }
-    await storage.removeSession(this.identity, this.sessionId);
+    await sessions.delete(this.userId, this.sessionId);
     this.disconnect();
   }
   /**
@@ -2123,10 +2394,10 @@ var MCPClient = class _MCPClient {
   }
   /**
    * Gets the transport type being used
-   * @returns Transport type (defaults to 'streamable_http')
+   * @returns Transport type (defaults to 'streamable-http')
    */
   getTransportType() {
-    return this.transportType || "streamable_http";
+    return this.transportType || "streamable-http";
   }
   /**
    * Gets the human-readable server name
@@ -2153,25 +2424,25 @@ var MCPClient = class _MCPClient {
    * Gets MCP server configuration for all active user sessions
    * Loads sessions from Redis, validates OAuth tokens, refreshes if expired
    * Returns ready-to-use configuration with valid auth headers
-   * @param identity - User ID to fetch sessions for
+   * @param userId - User ID to fetch sessions for
    * @returns Object keyed by sanitized server labels containing transport, url, headers, etc.
    * @static
    */
-  static async getMcpServerConfig(identity) {
+  static async getMcpServerConfig(userId) {
     const mcpConfig = {};
-    const sessions = await storage.getIdentitySessionsData(identity);
+    const sessionList = await sessions.list(userId);
     await Promise.all(
-      sessions.map(async (sessionData) => {
+      sessionList.map(async (sessionData) => {
         const { sessionId } = sessionData;
         try {
           if (!sessionData.serverId || !sessionData.transportType || !sessionData.serverUrl || !sessionData.callbackUrl) {
-            await storage.removeSession(identity, sessionId);
+            await sessions.delete(userId, sessionId);
             return;
           }
           let headers;
           try {
             const client = new _MCPClient({
-              identity,
+              userId,
               sessionId,
               serverId: sessionData.serverId,
               serverUrl: sessionData.serverUrl,
@@ -2204,7 +2475,7 @@ var MCPClient = class _MCPClient {
             ...headers && { headers }
           };
         } catch (error) {
-          await storage.removeSession(identity, sessionId);
+          await sessions.delete(userId, sessionId);
           console.warn(`[MCP] Failed to process session ${sessionId}:`, error);
         }
       })
@@ -2220,18 +2491,18 @@ var DEFAULT_RETRY_DELAY_MS = 1e3;
 var CONNECTION_BATCH_SIZE = 5;
 var MultiSessionClient = class {
   /**
-   * Creates a new MultiSessionClient for the given user identity.
+   * Creates a new MultiSessionClient for the given user userId.
    *
-   * @param identity - A unique string identifying the user (e.g. user ID or email).
+   * @param userId - A unique string identifying the user (e.g. user ID or email).
    * @param options  - Optional tuning for connection timeout, retry count, and retry delay.
    *                   Falls back to sensible defaults if not provided.
    */
-  constructor(identity, options = {}) {
+  constructor(userId, options = {}) {
     __publicField(this, "clients", []);
-    __publicField(this, "identity");
+    __publicField(this, "userId");
     __publicField(this, "options");
     __publicField(this, "connectionPromises", /* @__PURE__ */ new Map());
-    this.identity = identity;
+    this.userId = userId;
     this.options = {
       timeout: DEFAULT_TIMEOUT_MS,
       maxRetries: DEFAULT_MAX_RETRIES,
@@ -2240,7 +2511,7 @@ var MultiSessionClient = class {
     };
   }
   /**
-   * Fetches all sessions for this identity from storage and returns only the
+   * Fetches all sessions for this userId from storage and returns only the
    * ones that are ready to connect.
    *
    * A session is considered connectable when:
@@ -2253,8 +2524,8 @@ var MultiSessionClient = class {
    * for backwards compatibility.
    */
   async getActiveSessions() {
-    const sessions = await storage.getIdentitySessionsData(this.identity);
-    const valid = sessions.filter(
+    const sessionList = await sessions.list(this.userId);
+    const valid = sessionList.filter(
       (s) => s.serverId && s.serverUrl && s.callbackUrl && s.active !== false
       // exclude OAuth-pending / failed sessions
     );
@@ -2267,9 +2538,9 @@ var MultiSessionClient = class {
    * has many active MCP sessions (e.g. 20+ servers). Within each batch, sessions
    * are connected concurrently using `Promise.all` for speed.
    */
-  async connectInBatches(sessions) {
-    for (let i = 0; i < sessions.length; i += CONNECTION_BATCH_SIZE) {
-      const batch = sessions.slice(i, i + CONNECTION_BATCH_SIZE);
+  async connectInBatches(sessions2) {
+    for (let i = 0; i < sessions2.length; i += CONNECTION_BATCH_SIZE) {
+      const batch = sessions2.slice(i, i + CONNECTION_BATCH_SIZE);
       await Promise.all(batch.map((session) => this.connectSession(session)));
     }
   }
@@ -2320,7 +2591,7 @@ var MultiSessionClient = class {
     for (let attempt = 0; attempt <= maxRetries; attempt++) {
       try {
         const client = new MCPClient({
-          identity: this.identity,
+          userId: this.userId,
           sessionId: session.sessionId,
           serverId: session.serverId,
           serverUrl: session.serverUrl,
@@ -2352,7 +2623,7 @@ var MultiSessionClient = class {
     console.error(`[MultiSessionClient] Failed to connect to session ${session.sessionId} after ${maxRetries + 1} attempts:`, lastError);
   }
   /**
-   * The main entry point. Fetches all active sessions for this identity from
+   * The main entry point. Fetches all active sessions for this userId from
    * storage and establishes connections to all of them in batches.
    *
    * Call this once after creating the client. On traditional servers, you can
@@ -2360,8 +2631,8 @@ var MultiSessionClient = class {
    * re-fetching and re-connecting on every request.
    */
   async connect() {
-    const sessions = await this.getActiveSessions();
-    await this.connectInBatches(sessions);
+    const sessions2 = await this.getActiveSessions();
+    await this.connectInBatches(sessions2);
   }
   /**
    * Returns all currently connected `MCPClient` instances.
@@ -2416,11 +2687,11 @@ var SSEConnectionManager = class {
   constructor(options, sendEvent) {
     this.options = options;
     this.sendEvent = sendEvent;
-    __publicField(this, "identity");
+    __publicField(this, "userId");
     __publicField(this, "clients", /* @__PURE__ */ new Map());
     __publicField(this, "heartbeatTimer");
     __publicField(this, "isActive", true);
-    this.identity = options.identity;
+    this.userId = options.userId;
     this.startHeartbeat();
   }
   /**
@@ -2460,8 +2731,8 @@ var SSEConnectionManager = class {
     try {
       let result;
       switch (request.method) {
-        case "getSessions":
-          result = await this.getSessions();
+        case "listSessions":
+          result = await this.listSessions();
           break;
         case "connect":
           result = await this.connect(request.params);
@@ -2475,8 +2746,8 @@ var SSEConnectionManager = class {
         case "callTool":
           result = await this.callTool(request.params);
           break;
-        case "restoreSession":
-          result = await this.restoreSession(request.params);
+        case "getSession":
+          result = await this.getSession(request.params);
           break;
         case "finishAuth":
           result = await this.finishAuth(request.params);
@@ -2515,12 +2786,12 @@ var SSEConnectionManager = class {
     }
   }
   /**
-   * Get all sessions for the current identity
+   * Get all sessions for the current userId
    */
-  async getSessions() {
-    const sessions = await storage.getIdentitySessionsData(this.identity);
+  async listSessions() {
+    const sessionList = await sessions.list(this.userId);
     return {
-      sessions: sessions.map((s) => ({
+      sessions: sessionList.map((s) => ({
         sessionId: s.sessionId,
         serverId: s.serverId,
         serverName: s.serverName,
@@ -2537,14 +2808,14 @@ var SSEConnectionManager = class {
   async connect(params) {
     const { serverName, serverUrl, callbackUrl, transportType } = params;
     const headers = normalizeHeaders(params.headers);
-    const serverId = params.serverId && params.serverId.length <= 12 ? params.serverId : await storage.generateSessionId();
-    const existingSessions = await storage.getIdentitySessionsData(this.identity);
+    const serverId = params.serverId && params.serverId.length <= 12 ? params.serverId : await sessions.generateSessionId();
+    const existingSessions = await sessions.list(this.userId);
     const duplicate = existingSessions.find(
       (s) => s.serverId === serverId || s.serverUrl === serverUrl
     );
     if (duplicate) {
       if (duplicate.active === false) {
-        await this.restoreSession({ sessionId: duplicate.sessionId });
+        await this.getSession({ sessionId: duplicate.sessionId });
         return {
           sessionId: duplicate.sessionId,
           success: true
@@ -2552,11 +2823,11 @@ var SSEConnectionManager = class {
       }
       throw new Error(`Connection already exists for server: ${duplicate.serverUrl || duplicate.serverId} (${duplicate.serverName})`);
     }
-    const sessionId = await storage.generateSessionId();
+    const sessionId = await sessions.generateSessionId();
     try {
       const clientMetadata = await this.getResolvedClientMetadata();
       const client = new MCPClient({
-        identity: this.identity,
+        userId: this.userId,
         sessionId,
         serverId,
         serverName,
@@ -2611,7 +2882,7 @@ var SSEConnectionManager = class {
       client.disconnect();
       this.clients.delete(sessionId);
     } else {
-      await storage.removeSession(this.identity, sessionId);
+      await sessions.delete(this.userId, sessionId);
     }
     return { success: true };
   }
@@ -2623,12 +2894,12 @@ var SSEConnectionManager = class {
     if (existing) {
       return existing;
     }
-    const session = await storage.getSession(this.identity, sessionId);
+    const session = await sessions.get(this.userId, sessionId);
     if (!session) {
       throw new Error("Session not found");
     }
     const client = new MCPClient({
-      identity: this.identity,
+      userId: this.userId,
       sessionId,
       // These fields are optional in MCPClient, but when rehydrating a known
       // stored session on the server we pass them explicitly to preserve the
@@ -2675,9 +2946,9 @@ var SSEConnectionManager = class {
   /**
    * Restore and validate an existing session
    */
-  async restoreSession(params) {
+  async getSession(params) {
     const { sessionId } = params;
-    const session = await storage.getSession(this.identity, sessionId);
+    const session = await sessions.get(this.userId, sessionId);
     if (!session) {
       throw new Error("Session not found");
     }
@@ -2694,7 +2965,7 @@ var SSEConnectionManager = class {
     try {
       const clientMetadata = await this.getResolvedClientMetadata();
       const client = new MCPClient({
-        identity: this.identity,
+        userId: this.userId,
         sessionId,
         // These fields are optional in MCPClient, but when rehydrating a known
         // stored session on the server we pass them explicitly to preserve the
@@ -2731,13 +3002,13 @@ var SSEConnectionManager = class {
    */
   async finishAuth(params) {
     const { sessionId, code } = params;
-    const session = await storage.getSession(this.identity, sessionId);
+    const session = await sessions.get(this.userId, sessionId);
     if (!session) {
       throw new Error("Session not found");
     }
     try {
       const client = new MCPClient({
-        identity: this.identity,
+        userId: this.userId,
         sessionId,
         // These fields are optional in MCPClient, but when rehydrating a known
         // stored session on the server we pass them explicitly to preserve the
@@ -2748,7 +3019,7 @@ var SSEConnectionManager = class {
         serverUrl: session.serverUrl,
         callbackUrl: session.callbackUrl,
         // NOTE: transportType is intentionally omitted here.
-        // The session's stored transportType is a placeholder ('streamable_http')
+        // The session's stored transportType is a placeholder ('streamable-http')
         // set before transport negotiation. Omitting it lets MCPClient auto-negotiate
         // (try streamable_http → SSE fallback), which is critical for servers like
         // Neon that only support SSE transport.
@@ -2870,18 +3141,21 @@ function writeSSEEvent(res, event, data) {
 // src/server/handlers/nextjs-handler.ts
 function createNextMcpHandler(options = {}) {
   const {
-    getIdentity = (request) => new URL(request.url).searchParams.get("identity"),
+    getUserId = (request) => request.headers.get("x-mcp-user-id"),
     getAuthToken = (request) => {
-      const url = new URL(request.url);
-      return url.searchParams.get("token") || request.headers.get("authorization");
+      const authHeader = request.headers.get("authorization");
+      if (authHeader?.toLowerCase().startsWith("bearer ")) {
+        return authHeader.slice(7);
+      }
+      return authHeader;
     },
     authenticate = () => true,
     heartbeatInterval = 3e4,
     clientDefaults,
     getClientMetadata
   } = options;
-  const toManagerOptions = (identity, resolvedClientMetadata) => ({
-    identity,
+  const toManagerOptions = (userId, resolvedClientMetadata) => ({
+    userId,
     heartbeatInterval,
     clientDefaults: resolvedClientMetadata
   });
@@ -2900,13 +3174,13 @@ function createNextMcpHandler(options = {}) {
     );
   }
   async function POST(request) {
-    const identity = getIdentity(request);
+    const userId = getUserId(request);
     const authToken = getAuthToken(request);
     const acceptsEventStream = (request.headers.get("accept") || "").toLowerCase().includes("text/event-stream");
-    if (!identity) {
-      return Response.json({ error: { code: "MISSING_IDENTITY", message: "Missing identity" } }, { status: 400 });
+    if (!userId) {
+      return Response.json({ error: { code: "MISSING_userId", message: "Missing userId" } }, { status: 400 });
     }
-    const isAuthorized = await authenticate(identity, authToken);
+    const isAuthorized = await authenticate(userId, authToken);
     if (!isAuthorized) {
       return Response.json({ error: { code: "UNAUTHORIZED", message: "Unauthorized" } }, { status: 401 });
     }
@@ -2928,7 +3202,7 @@ function createNextMcpHandler(options = {}) {
       const resolvedClientMetadata = await resolveClientMetadata(request);
       if (!acceptsEventStream) {
         const manager2 = new SSEConnectionManager(
-          toManagerOptions(identity, resolvedClientMetadata),
+          toManagerOptions(userId, resolvedClientMetadata),
           () => {
           }
         );
@@ -2954,7 +3228,7 @@ data: ${JSON.stringify(data)}
         });
       };
       const manager = new SSEConnectionManager(
-        toManagerOptions(identity, resolvedClientMetadata),
+        toManagerOptions(userId, resolvedClientMetadata),
         (event) => {
           if (isRpcResponseEvent(event)) {
             sendSSE("rpc-response", event);
@@ -2997,7 +3271,7 @@ data: ${JSON.stringify(data)}
     } catch (error) {
       const err = error instanceof Error ? error : new Error("Unknown error");
       console.error("[MCP Next Handler] Failed to handle RPC", {
-        identity,
+        userId,
         message: err.message,
         stack: err.stack,
         rawBody: rawBody.slice(0, 500)
@@ -3016,6 +3290,6 @@ data: ${JSON.stringify(data)}
   return { GET, POST };
 }
 
-export { MCPClient, MultiSessionClient, SSEConnectionManager, StorageOAuthClientProvider, UnauthorizedError, createNextMcpHandler, createSSEHandler, sanitizeServerLabel, storage };
+export { MCPClient, MultiSessionClient, SSEConnectionManager, StorageOAuthClientProvider, UnauthorizedError, createNextMcpHandler, createSSEHandler, sanitizeServerLabel, sessions };
 //# sourceMappingURL=index.mjs.map
 //# sourceMappingURL=index.mjs.map