@mcp-ts/sdk 2.3.3 → 2.3.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/adapters/agui-adapter.d.mts +1 -1
- package/dist/adapters/agui-adapter.d.ts +1 -1
- package/dist/adapters/agui-middleware.d.mts +1 -1
- package/dist/adapters/agui-middleware.d.ts +1 -1
- package/dist/adapters/ai-adapter.d.mts +1 -1
- package/dist/adapters/ai-adapter.d.ts +1 -1
- package/dist/adapters/langchain-adapter.d.mts +1 -1
- package/dist/adapters/langchain-adapter.d.ts +1 -1
- package/dist/adapters/mastra-adapter.d.mts +1 -1
- package/dist/adapters/mastra-adapter.d.ts +1 -1
- package/dist/index.d.mts +1 -1
- package/dist/index.d.ts +1 -1
- package/dist/index.js +11 -101
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +12 -102
- package/dist/index.mjs.map +1 -1
- package/dist/{multi-session-client-DYNe6az3.d.mts → multi-session-client-C7hGqzgM.d.mts} +7 -15
- package/dist/{multi-session-client-BYtguGJm.d.ts → multi-session-client-C_kPHpD5.d.ts} +7 -15
- package/dist/server/index.d.mts +1 -1
- package/dist/server/index.d.ts +1 -1
- package/dist/server/index.js +11 -101
- package/dist/server/index.js.map +1 -1
- package/dist/server/index.mjs +12 -102
- package/dist/server/index.mjs.map +1 -1
- package/package.json +1 -1
- package/src/server/mcp/oauth-client.ts +7 -126
- package/src/server/storage/neon-backend.ts +1 -1
- package/src/server/storage/supabase-backend.ts +1 -1
package/dist/index.mjs
CHANGED
|
@@ -2,7 +2,7 @@ import { Client } from '@modelcontextprotocol/sdk/client/index.js';
|
|
|
2
2
|
import { customAlphabet, nanoid } from 'nanoid';
|
|
3
3
|
import { StreamableHTTPClientTransport } from '@modelcontextprotocol/sdk/client/streamableHttp.js';
|
|
4
4
|
import { SSEClientTransport } from '@modelcontextprotocol/sdk/client/sse.js';
|
|
5
|
-
import { UnauthorizedError as UnauthorizedError$1
|
|
5
|
+
import { UnauthorizedError as UnauthorizedError$1 } from '@modelcontextprotocol/sdk/client/auth.js';
|
|
6
6
|
import { ListToolsResultSchema, CallToolResultSchema, ListPromptsResultSchema, GetPromptResultSchema, ListResourcesResultSchema, ReadResourceResultSchema } from '@modelcontextprotocol/sdk/types.js';
|
|
7
7
|
import * as fs2 from 'fs';
|
|
8
8
|
import { promises } from 'fs';
|
|
@@ -862,7 +862,7 @@ var SupabaseStorageBackend = class {
|
|
|
862
862
|
if ("active" in data) updateData.active = data.active;
|
|
863
863
|
if ("headers" in data) updateData.headers = encryptObject(data.headers);
|
|
864
864
|
if ("clientInformation" in data) updateData.client_information = data.clientInformation;
|
|
865
|
-
if ("tokens" in data) updateData.tokens = encryptObject(data.tokens);
|
|
865
|
+
if ("tokens" in data) updateData.tokens = data.tokens === void 0 ? null : encryptObject(data.tokens);
|
|
866
866
|
if ("codeVerifier" in data) updateData.code_verifier = data.codeVerifier;
|
|
867
867
|
if ("clientId" in data) updateData.client_id = data.clientId;
|
|
868
868
|
const { data: updatedRows, error } = await this.supabase.from("mcp_sessions").update(updateData).eq("user_id", userId).eq("session_id", sessionId).select("id");
|
|
@@ -1064,7 +1064,7 @@ var NeonStorageBackend = class {
|
|
|
1064
1064
|
updatedSession.active ?? false,
|
|
1065
1065
|
encryptObject(updatedSession.headers),
|
|
1066
1066
|
updatedSession.clientInformation,
|
|
1067
|
-
encryptObject(updatedSession.tokens),
|
|
1067
|
+
updatedSession.tokens === void 0 ? null : encryptObject(updatedSession.tokens),
|
|
1068
1068
|
updatedSession.codeVerifier,
|
|
1069
1069
|
updatedSession.clientId,
|
|
1070
1070
|
expiresAt,
|
|
@@ -1713,14 +1713,7 @@ var RpcErrorCodes = {
|
|
|
1713
1713
|
};
|
|
1714
1714
|
|
|
1715
1715
|
// src/server/mcp/oauth-client.ts
|
|
1716
|
-
|
|
1717
|
-
if (!(error instanceof Error)) {
|
|
1718
|
-
return false;
|
|
1719
|
-
}
|
|
1720
|
-
const text = `${error.name} ${error.message}`.toLowerCase();
|
|
1721
|
-
return text.includes("invalidgrant") || text.includes("invalid_grant") || text.includes("invalid refresh token") || /refresh\s+token\s+(?:is\s+)?(?:invalid|expired|revoked)/i.test(text);
|
|
1722
|
-
}
|
|
1723
|
-
var MCPClient = class _MCPClient {
|
|
1716
|
+
var MCPClient = class {
|
|
1724
1717
|
/**
|
|
1725
1718
|
* Creates a new MCP client instance
|
|
1726
1719
|
* Can be initialized with minimal options (userId + sessionId) for session restoration
|
|
@@ -2054,8 +2047,6 @@ var MCPClient = class _MCPClient {
|
|
|
2054
2047
|
throw new Error(error);
|
|
2055
2048
|
}
|
|
2056
2049
|
try {
|
|
2057
|
-
this.emitProgress("Validating OAuth tokens...");
|
|
2058
|
-
await this.getValidTokens();
|
|
2059
2050
|
this.emitStateChange("CONNECTING");
|
|
2060
2051
|
const { transportType } = await this.tryConnect();
|
|
2061
2052
|
this.transportType = transportType;
|
|
@@ -2380,67 +2371,6 @@ var MCPClient = class _MCPClient {
|
|
|
2380
2371
|
};
|
|
2381
2372
|
return await this.client.request(request, ReadResourceResultSchema);
|
|
2382
2373
|
}
|
|
2383
|
-
/**
|
|
2384
|
-
* Refreshes the OAuth access token using the refresh token
|
|
2385
|
-
* Discovers OAuth metadata from server and exchanges refresh token for new access token
|
|
2386
|
-
* @returns True if refresh was successful, false otherwise
|
|
2387
|
-
*/
|
|
2388
|
-
async refreshToken() {
|
|
2389
|
-
await this.initialize();
|
|
2390
|
-
if (!this.oauthProvider) {
|
|
2391
|
-
return false;
|
|
2392
|
-
}
|
|
2393
|
-
const tokens = await this.oauthProvider.tokens();
|
|
2394
|
-
if (!tokens || !tokens.refresh_token) {
|
|
2395
|
-
return false;
|
|
2396
|
-
}
|
|
2397
|
-
const clientInformation = await this.oauthProvider.clientInformation();
|
|
2398
|
-
if (!clientInformation) {
|
|
2399
|
-
return false;
|
|
2400
|
-
}
|
|
2401
|
-
try {
|
|
2402
|
-
const resourceMetadata = await discoverOAuthProtectedResourceMetadata(this.serverUrl);
|
|
2403
|
-
const authServerUrl = resourceMetadata?.authorization_servers?.[0] || this.serverUrl;
|
|
2404
|
-
const authMetadata = await discoverAuthorizationServerMetadata(authServerUrl);
|
|
2405
|
-
const newTokens = await refreshAuthorization(authServerUrl, {
|
|
2406
|
-
metadata: authMetadata,
|
|
2407
|
-
clientInformation,
|
|
2408
|
-
refreshToken: tokens.refresh_token
|
|
2409
|
-
});
|
|
2410
|
-
await this.oauthProvider.saveTokens(newTokens);
|
|
2411
|
-
return true;
|
|
2412
|
-
} catch (error) {
|
|
2413
|
-
console.error("[OAuth] Token refresh failed:", error);
|
|
2414
|
-
if (isInvalidRefreshTokenError(error)) {
|
|
2415
|
-
try {
|
|
2416
|
-
await this.oauthProvider.invalidateCredentials?.("tokens");
|
|
2417
|
-
this.emitProgress("OAuth refresh token is invalid; requesting reauthorization...");
|
|
2418
|
-
} catch (invalidateError) {
|
|
2419
|
-
console.warn("[OAuth] Failed to invalidate stale refresh token credentials:", invalidateError);
|
|
2420
|
-
}
|
|
2421
|
-
}
|
|
2422
|
-
return false;
|
|
2423
|
-
}
|
|
2424
|
-
}
|
|
2425
|
-
/**
|
|
2426
|
-
* Ensures OAuth tokens are valid, refreshing them if expired
|
|
2427
|
-
* Called automatically by connect() - rarely needs to be called manually
|
|
2428
|
-
* @returns True if valid tokens are available, false otherwise
|
|
2429
|
-
*/
|
|
2430
|
-
async getValidTokens() {
|
|
2431
|
-
await this.initialize();
|
|
2432
|
-
if (!this.oauthProvider) {
|
|
2433
|
-
return false;
|
|
2434
|
-
}
|
|
2435
|
-
const tokens = await this.oauthProvider.tokens();
|
|
2436
|
-
if (!tokens) {
|
|
2437
|
-
return false;
|
|
2438
|
-
}
|
|
2439
|
-
if (this.oauthProvider.isTokenExpired()) {
|
|
2440
|
-
return await this.refreshToken();
|
|
2441
|
-
}
|
|
2442
|
-
return true;
|
|
2443
|
-
}
|
|
2444
2374
|
/**
|
|
2445
2375
|
* Reconnects to MCP server using existing OAuth provider from Redis
|
|
2446
2376
|
* Used for session restoration in serverless environments
|
|
@@ -2572,10 +2502,14 @@ var MCPClient = class _MCPClient {
|
|
|
2572
2502
|
}
|
|
2573
2503
|
/**
|
|
2574
2504
|
* Gets MCP server configuration for all active user sessions
|
|
2575
|
-
* Loads sessions from
|
|
2576
|
-
*
|
|
2505
|
+
* Loads sessions from storage and returns server connection metadata.
|
|
2506
|
+
* OAuth refresh is handled by SDK transports through their authProvider.
|
|
2507
|
+
* @deprecated This returns legacy connection metadata only and does not
|
|
2508
|
+
* include OAuth tokens or generated Authorization headers. Prefer
|
|
2509
|
+
* MultiSessionClient or explicit MCPClient instances so SDK transports can
|
|
2510
|
+
* own OAuth refresh and reauthorization.
|
|
2577
2511
|
* @param userId - User ID to fetch sessions for
|
|
2578
|
-
* @returns Object keyed by sanitized server labels containing transport
|
|
2512
|
+
* @returns Object keyed by sanitized server labels containing transport and url.
|
|
2579
2513
|
* @static
|
|
2580
2514
|
*/
|
|
2581
2515
|
static async getMcpServerConfig(userId) {
|
|
@@ -2589,29 +2523,6 @@ var MCPClient = class _MCPClient {
|
|
|
2589
2523
|
await sessions.delete(userId, sessionId);
|
|
2590
2524
|
return;
|
|
2591
2525
|
}
|
|
2592
|
-
let headers;
|
|
2593
|
-
try {
|
|
2594
|
-
const client = new _MCPClient({
|
|
2595
|
-
userId,
|
|
2596
|
-
sessionId,
|
|
2597
|
-
serverId: sessionData.serverId,
|
|
2598
|
-
serverUrl: sessionData.serverUrl,
|
|
2599
|
-
callbackUrl: sessionData.callbackUrl,
|
|
2600
|
-
serverName: sessionData.serverName,
|
|
2601
|
-
transportType: sessionData.transportType,
|
|
2602
|
-
headers: sessionData.headers
|
|
2603
|
-
});
|
|
2604
|
-
await client.initialize();
|
|
2605
|
-
const hasValidTokens = await client.getValidTokens();
|
|
2606
|
-
if (hasValidTokens && client.oauthProvider) {
|
|
2607
|
-
const tokens = await client.oauthProvider.tokens();
|
|
2608
|
-
if (tokens?.access_token) {
|
|
2609
|
-
headers = { Authorization: `Bearer ${tokens.access_token}` };
|
|
2610
|
-
}
|
|
2611
|
-
}
|
|
2612
|
-
} catch (error) {
|
|
2613
|
-
console.warn(`[MCP] Failed to get OAuth tokens for ${sessionId}:`, error);
|
|
2614
|
-
}
|
|
2615
2526
|
const label = sanitizeServerLabel(
|
|
2616
2527
|
sessionData.serverName || sessionData.serverId || "server"
|
|
2617
2528
|
);
|
|
@@ -2621,8 +2532,7 @@ var MCPClient = class _MCPClient {
|
|
|
2621
2532
|
...sessionData.serverName && {
|
|
2622
2533
|
serverName: sessionData.serverName,
|
|
2623
2534
|
serverLabel: label
|
|
2624
|
-
}
|
|
2625
|
-
...headers && { headers }
|
|
2535
|
+
}
|
|
2626
2536
|
};
|
|
2627
2537
|
} catch (error) {
|
|
2628
2538
|
await sessions.delete(userId, sessionId);
|