@mcp-ts/sdk 2.3.3 → 2.3.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,4 +1,4 @@
1
- import { M as MCPClient, a as MultiSessionClient } from '../multi-session-client-DYNe6az3.mjs';
1
+ import { M as MCPClient, a as MultiSessionClient } from '../multi-session-client-C7hGqzgM.mjs';
2
2
  import { d as ToolRouter } from '../tool-router-BhHsvBfP.mjs';
3
3
  import '../events-CK3N--3g.mjs';
4
4
  import '@modelcontextprotocol/sdk/types.js';
@@ -1,4 +1,4 @@
1
- import { M as MCPClient, a as MultiSessionClient } from '../multi-session-client-BYtguGJm.js';
1
+ import { M as MCPClient, a as MultiSessionClient } from '../multi-session-client-C_kPHpD5.js';
2
2
  import { d as ToolRouter } from '../tool-router-BMzhoNYt.js';
3
3
  import '../events-CK3N--3g.js';
4
4
  import '@modelcontextprotocol/sdk/types.js';
@@ -2,7 +2,7 @@ import { Observable } from 'rxjs';
2
2
  import { Middleware, RunAgentInput, AbstractAgent, BaseEvent } from '@ag-ui/client';
3
3
  export { AbstractAgent, BaseEvent, EventType, Middleware, RunAgentInput, Tool, ToolCallEndEvent } from '@ag-ui/client';
4
4
  import { AguiTool } from './agui-adapter.mjs';
5
- import '../multi-session-client-DYNe6az3.mjs';
5
+ import '../multi-session-client-C7hGqzgM.mjs';
6
6
  import '../events-CK3N--3g.mjs';
7
7
  import '@modelcontextprotocol/sdk/types.js';
8
8
  import '@modelcontextprotocol/sdk/client/auth.js';
@@ -2,7 +2,7 @@ import { Observable } from 'rxjs';
2
2
  import { Middleware, RunAgentInput, AbstractAgent, BaseEvent } from '@ag-ui/client';
3
3
  export { AbstractAgent, BaseEvent, EventType, Middleware, RunAgentInput, Tool, ToolCallEndEvent } from '@ag-ui/client';
4
4
  import { AguiTool } from './agui-adapter.js';
5
- import '../multi-session-client-BYtguGJm.js';
5
+ import '../multi-session-client-C_kPHpD5.js';
6
6
  import '../events-CK3N--3g.js';
7
7
  import '@modelcontextprotocol/sdk/types.js';
8
8
  import '@modelcontextprotocol/sdk/client/auth.js';
@@ -1,4 +1,4 @@
1
- import { M as MCPClient, a as MultiSessionClient } from '../multi-session-client-DYNe6az3.mjs';
1
+ import { M as MCPClient, a as MultiSessionClient } from '../multi-session-client-C7hGqzgM.mjs';
2
2
  import { ToolSet } from 'ai';
3
3
  import { d as ToolRouter } from '../tool-router-BhHsvBfP.mjs';
4
4
  import '../events-CK3N--3g.mjs';
@@ -1,4 +1,4 @@
1
- import { M as MCPClient, a as MultiSessionClient } from '../multi-session-client-BYtguGJm.js';
1
+ import { M as MCPClient, a as MultiSessionClient } from '../multi-session-client-C_kPHpD5.js';
2
2
  import { ToolSet } from 'ai';
3
3
  import { d as ToolRouter } from '../tool-router-BMzhoNYt.js';
4
4
  import '../events-CK3N--3g.js';
@@ -1,4 +1,4 @@
1
- import { M as MCPClient, a as MultiSessionClient } from '../multi-session-client-DYNe6az3.mjs';
1
+ import { M as MCPClient, a as MultiSessionClient } from '../multi-session-client-C7hGqzgM.mjs';
2
2
  import { StructuredTool } from '@langchain/core/tools';
3
3
  import { d as ToolRouter } from '../tool-router-BhHsvBfP.mjs';
4
4
  import '../events-CK3N--3g.mjs';
@@ -1,4 +1,4 @@
1
- import { M as MCPClient, a as MultiSessionClient } from '../multi-session-client-BYtguGJm.js';
1
+ import { M as MCPClient, a as MultiSessionClient } from '../multi-session-client-C_kPHpD5.js';
2
2
  import { StructuredTool } from '@langchain/core/tools';
3
3
  import { d as ToolRouter } from '../tool-router-BMzhoNYt.js';
4
4
  import '../events-CK3N--3g.js';
@@ -1,4 +1,4 @@
1
- import { M as MCPClient, a as MultiSessionClient } from '../multi-session-client-DYNe6az3.mjs';
1
+ import { M as MCPClient, a as MultiSessionClient } from '../multi-session-client-C7hGqzgM.mjs';
2
2
  import { z } from 'zod';
3
3
  import '../events-CK3N--3g.mjs';
4
4
  import '@modelcontextprotocol/sdk/types.js';
@@ -1,4 +1,4 @@
1
- import { M as MCPClient, a as MultiSessionClient } from '../multi-session-client-BYtguGJm.js';
1
+ import { M as MCPClient, a as MultiSessionClient } from '../multi-session-client-C_kPHpD5.js';
2
2
  import { z } from 'zod';
3
3
  import '../events-CK3N--3g.js';
4
4
  import '@modelcontextprotocol/sdk/types.js';
package/dist/index.d.mts CHANGED
@@ -1,4 +1,4 @@
1
- export { M as MCPClient, a as MultiSessionClient, S as StorageOAuthClientProvider } from './multi-session-client-DYNe6az3.mjs';
1
+ export { M as MCPClient, a as MultiSessionClient, S as StorageOAuthClientProvider } from './multi-session-client-C7hGqzgM.mjs';
2
2
  export { A as AuthenticationError, C as ConfigurationError, a as ConnectionError, I as InvalidStateError, M as McpError, N as NotConnectedError, R as RpcErrorCode, b as RpcErrorCodes, S as SessionNotFoundError, c as SessionValidationError, T as ToolExecutionError, U as UnauthorizedError, s as sanitizeServerLabel } from './utils-DELRKQPU.mjs';
3
3
  export { ClientMetadata, NextMcpHandlerOptions, SSEConnectionManager, SSEHandlerOptions, Session, SessionMutationEvent, SessionMutationListener, SessionMutationType, SessionStore, createNextMcpHandler, createSSEHandler, onSessionMutation, sessions } from './server/index.mjs';
4
4
  export { D as Disposable, a as DisposableStore, E as Emitter, b as Event, M as McpConnectionEvent, c as McpConnectionState, d as McpObservabilityEvent } from './events-CK3N--3g.mjs';
package/dist/index.d.ts CHANGED
@@ -1,4 +1,4 @@
1
- export { M as MCPClient, a as MultiSessionClient, S as StorageOAuthClientProvider } from './multi-session-client-BYtguGJm.js';
1
+ export { M as MCPClient, a as MultiSessionClient, S as StorageOAuthClientProvider } from './multi-session-client-C_kPHpD5.js';
2
2
  export { A as AuthenticationError, C as ConfigurationError, a as ConnectionError, I as InvalidStateError, M as McpError, N as NotConnectedError, R as RpcErrorCode, b as RpcErrorCodes, S as SessionNotFoundError, c as SessionValidationError, T as ToolExecutionError, U as UnauthorizedError, s as sanitizeServerLabel } from './utils-DELRKQPU.js';
3
3
  export { ClientMetadata, NextMcpHandlerOptions, SSEConnectionManager, SSEHandlerOptions, Session, SessionMutationEvent, SessionMutationListener, SessionMutationType, SessionStore, createNextMcpHandler, createSSEHandler, onSessionMutation, sessions } from './server/index.js';
4
4
  export { D as Disposable, a as DisposableStore, E as Emitter, b as Event, M as McpConnectionEvent, c as McpConnectionState, d as McpObservabilityEvent } from './events-CK3N--3g.js';
package/dist/index.js CHANGED
@@ -926,7 +926,7 @@ var SupabaseStorageBackend = class {
926
926
  if ("active" in data) updateData.active = data.active;
927
927
  if ("headers" in data) updateData.headers = encryptObject(data.headers);
928
928
  if ("clientInformation" in data) updateData.client_information = data.clientInformation;
929
- if ("tokens" in data) updateData.tokens = encryptObject(data.tokens);
929
+ if ("tokens" in data) updateData.tokens = data.tokens === void 0 ? null : encryptObject(data.tokens);
930
930
  if ("codeVerifier" in data) updateData.code_verifier = data.codeVerifier;
931
931
  if ("clientId" in data) updateData.client_id = data.clientId;
932
932
  const { data: updatedRows, error } = await this.supabase.from("mcp_sessions").update(updateData).eq("user_id", userId).eq("session_id", sessionId).select("id");
@@ -1129,7 +1129,7 @@ var NeonStorageBackend = class {
1129
1129
  updatedSession.active ?? false,
1130
1130
  encryptObject(updatedSession.headers),
1131
1131
  updatedSession.clientInformation,
1132
- encryptObject(updatedSession.tokens),
1132
+ updatedSession.tokens === void 0 ? null : encryptObject(updatedSession.tokens),
1133
1133
  updatedSession.codeVerifier,
1134
1134
  updatedSession.clientId,
1135
1135
  expiresAt,
@@ -1783,14 +1783,7 @@ var RpcErrorCodes = {
1783
1783
  };
1784
1784
 
1785
1785
  // src/server/mcp/oauth-client.ts
1786
- function isInvalidRefreshTokenError(error) {
1787
- if (!(error instanceof Error)) {
1788
- return false;
1789
- }
1790
- const text = `${error.name} ${error.message}`.toLowerCase();
1791
- return text.includes("invalidgrant") || text.includes("invalid_grant") || text.includes("invalid refresh token") || /refresh\s+token\s+(?:is\s+)?(?:invalid|expired|revoked)/i.test(text);
1792
- }
1793
- var MCPClient = class _MCPClient {
1786
+ var MCPClient = class {
1794
1787
  /**
1795
1788
  * Creates a new MCP client instance
1796
1789
  * Can be initialized with minimal options (userId + sessionId) for session restoration
@@ -2124,8 +2117,6 @@ var MCPClient = class _MCPClient {
2124
2117
  throw new Error(error);
2125
2118
  }
2126
2119
  try {
2127
- this.emitProgress("Validating OAuth tokens...");
2128
- await this.getValidTokens();
2129
2120
  this.emitStateChange("CONNECTING");
2130
2121
  const { transportType } = await this.tryConnect();
2131
2122
  this.transportType = transportType;
@@ -2450,67 +2441,6 @@ var MCPClient = class _MCPClient {
2450
2441
  };
2451
2442
  return await this.client.request(request, types_js.ReadResourceResultSchema);
2452
2443
  }
2453
- /**
2454
- * Refreshes the OAuth access token using the refresh token
2455
- * Discovers OAuth metadata from server and exchanges refresh token for new access token
2456
- * @returns True if refresh was successful, false otherwise
2457
- */
2458
- async refreshToken() {
2459
- await this.initialize();
2460
- if (!this.oauthProvider) {
2461
- return false;
2462
- }
2463
- const tokens = await this.oauthProvider.tokens();
2464
- if (!tokens || !tokens.refresh_token) {
2465
- return false;
2466
- }
2467
- const clientInformation = await this.oauthProvider.clientInformation();
2468
- if (!clientInformation) {
2469
- return false;
2470
- }
2471
- try {
2472
- const resourceMetadata = await auth_js.discoverOAuthProtectedResourceMetadata(this.serverUrl);
2473
- const authServerUrl = resourceMetadata?.authorization_servers?.[0] || this.serverUrl;
2474
- const authMetadata = await auth_js.discoverAuthorizationServerMetadata(authServerUrl);
2475
- const newTokens = await auth_js.refreshAuthorization(authServerUrl, {
2476
- metadata: authMetadata,
2477
- clientInformation,
2478
- refreshToken: tokens.refresh_token
2479
- });
2480
- await this.oauthProvider.saveTokens(newTokens);
2481
- return true;
2482
- } catch (error) {
2483
- console.error("[OAuth] Token refresh failed:", error);
2484
- if (isInvalidRefreshTokenError(error)) {
2485
- try {
2486
- await this.oauthProvider.invalidateCredentials?.("tokens");
2487
- this.emitProgress("OAuth refresh token is invalid; requesting reauthorization...");
2488
- } catch (invalidateError) {
2489
- console.warn("[OAuth] Failed to invalidate stale refresh token credentials:", invalidateError);
2490
- }
2491
- }
2492
- return false;
2493
- }
2494
- }
2495
- /**
2496
- * Ensures OAuth tokens are valid, refreshing them if expired
2497
- * Called automatically by connect() - rarely needs to be called manually
2498
- * @returns True if valid tokens are available, false otherwise
2499
- */
2500
- async getValidTokens() {
2501
- await this.initialize();
2502
- if (!this.oauthProvider) {
2503
- return false;
2504
- }
2505
- const tokens = await this.oauthProvider.tokens();
2506
- if (!tokens) {
2507
- return false;
2508
- }
2509
- if (this.oauthProvider.isTokenExpired()) {
2510
- return await this.refreshToken();
2511
- }
2512
- return true;
2513
- }
2514
2444
  /**
2515
2445
  * Reconnects to MCP server using existing OAuth provider from Redis
2516
2446
  * Used for session restoration in serverless environments
@@ -2642,10 +2572,14 @@ var MCPClient = class _MCPClient {
2642
2572
  }
2643
2573
  /**
2644
2574
  * Gets MCP server configuration for all active user sessions
2645
- * Loads sessions from Redis, validates OAuth tokens, refreshes if expired
2646
- * Returns ready-to-use configuration with valid auth headers
2575
+ * Loads sessions from storage and returns server connection metadata.
2576
+ * OAuth refresh is handled by SDK transports through their authProvider.
2577
+ * @deprecated This returns legacy connection metadata only and does not
2578
+ * include OAuth tokens or generated Authorization headers. Prefer
2579
+ * MultiSessionClient or explicit MCPClient instances so SDK transports can
2580
+ * own OAuth refresh and reauthorization.
2647
2581
  * @param userId - User ID to fetch sessions for
2648
- * @returns Object keyed by sanitized server labels containing transport, url, headers, etc.
2582
+ * @returns Object keyed by sanitized server labels containing transport and url.
2649
2583
  * @static
2650
2584
  */
2651
2585
  static async getMcpServerConfig(userId) {
@@ -2659,29 +2593,6 @@ var MCPClient = class _MCPClient {
2659
2593
  await sessions.delete(userId, sessionId);
2660
2594
  return;
2661
2595
  }
2662
- let headers;
2663
- try {
2664
- const client = new _MCPClient({
2665
- userId,
2666
- sessionId,
2667
- serverId: sessionData.serverId,
2668
- serverUrl: sessionData.serverUrl,
2669
- callbackUrl: sessionData.callbackUrl,
2670
- serverName: sessionData.serverName,
2671
- transportType: sessionData.transportType,
2672
- headers: sessionData.headers
2673
- });
2674
- await client.initialize();
2675
- const hasValidTokens = await client.getValidTokens();
2676
- if (hasValidTokens && client.oauthProvider) {
2677
- const tokens = await client.oauthProvider.tokens();
2678
- if (tokens?.access_token) {
2679
- headers = { Authorization: `Bearer ${tokens.access_token}` };
2680
- }
2681
- }
2682
- } catch (error) {
2683
- console.warn(`[MCP] Failed to get OAuth tokens for ${sessionId}:`, error);
2684
- }
2685
2596
  const label = sanitizeServerLabel(
2686
2597
  sessionData.serverName || sessionData.serverId || "server"
2687
2598
  );
@@ -2691,8 +2602,7 @@ var MCPClient = class _MCPClient {
2691
2602
  ...sessionData.serverName && {
2692
2603
  serverName: sessionData.serverName,
2693
2604
  serverLabel: label
2694
- },
2695
- ...headers && { headers }
2605
+ }
2696
2606
  };
2697
2607
  } catch (error) {
2698
2608
  await sessions.delete(userId, sessionId);