@mcp-ts/sdk 2.5.2 → 2.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +3 -574
- package/dist/adapters/agui-adapter.d.mts +4 -4
- package/dist/adapters/agui-adapter.d.ts +4 -4
- package/dist/adapters/agui-middleware.d.mts +4 -4
- package/dist/adapters/agui-middleware.d.ts +4 -4
- package/dist/adapters/ai-adapter.d.mts +4 -4
- package/dist/adapters/ai-adapter.d.ts +4 -4
- package/dist/adapters/langchain-adapter.d.mts +4 -4
- package/dist/adapters/langchain-adapter.d.ts +4 -4
- package/dist/adapters/mastra-adapter.d.mts +3 -3
- package/dist/adapters/mastra-adapter.d.ts +3 -3
- package/dist/client/index.d.mts +2 -2
- package/dist/client/index.d.ts +2 -2
- package/dist/client/index.js +3 -0
- package/dist/client/index.js.map +1 -1
- package/dist/client/index.mjs +3 -0
- package/dist/client/index.mjs.map +1 -1
- package/dist/client/react.d.mts +10 -18
- package/dist/client/react.d.ts +10 -18
- package/dist/client/react.js +17 -0
- package/dist/client/react.js.map +1 -1
- package/dist/client/react.mjs +17 -0
- package/dist/client/react.mjs.map +1 -1
- package/dist/client/vue.d.mts +4 -4
- package/dist/client/vue.d.ts +4 -4
- package/dist/client/vue.js +3 -0
- package/dist/client/vue.js.map +1 -1
- package/dist/client/vue.mjs +3 -0
- package/dist/client/vue.mjs.map +1 -1
- package/dist/{index-B3GPsPsi.d.mts → index-BrDkbut5.d.ts} +2 -1
- package/dist/{index-gNdSQTSz.d.ts → index-DHQvlx4K.d.mts} +2 -1
- package/dist/index.d.mts +5 -5
- package/dist/index.d.ts +5 -5
- package/dist/index.js +1056 -863
- package/dist/index.js.map +1 -1
- package/dist/index.mjs +1048 -858
- package/dist/index.mjs.map +1 -1
- package/dist/{multi-session-client-CB4oDrQX.d.ts → multi-session-client-CQzymvHl.d.ts} +183 -227
- package/dist/{multi-session-client-xj3iQIv6.d.mts → multi-session-client-C_Ja2TuV.d.mts} +183 -227
- package/dist/server/index.d.mts +338 -88
- package/dist/server/index.d.ts +338 -88
- package/dist/server/index.js +1054 -864
- package/dist/server/index.js.map +1 -1
- package/dist/server/index.mjs +1046 -859
- package/dist/server/index.mjs.map +1 -1
- package/dist/shared/index.d.mts +4 -4
- package/dist/shared/index.d.ts +4 -4
- package/dist/shared/index.js.map +1 -1
- package/dist/shared/index.mjs.map +1 -1
- package/dist/{tool-router-CsKVXbQB.d.mts → tool-router-C1n7OXbl.d.mts} +1 -1
- package/dist/{tool-router-C-Mw1_BQ.d.ts → tool-router-CBIawFnt.d.ts} +1 -1
- package/dist/{types-6SmXege4.d.mts → types-DX71u9gR.d.mts} +11 -3
- package/dist/{types-6SmXege4.d.ts → types-DX71u9gR.d.ts} +11 -3
- package/migrations/neon/20260513010000_install_mcp_sessions.sql +4 -34
- package/migrations/supabase/20260330195700_install_mcp_sessions.sql +5 -62
- package/package.json +2 -1
- package/src/client/core/sse-client.ts +5 -0
- package/src/client/react/use-mcp.ts +27 -28
- package/src/server/handlers/sse-handler.ts +671 -629
- package/src/server/index.ts +2 -1
- package/src/server/mcp/multi-session-client.ts +34 -10
- package/src/server/mcp/oauth-client.ts +197 -205
- package/src/server/mcp/storage-oauth-provider.ts +149 -29
- package/src/server/mcp/tool-policy-gateway.ts +11 -1
- package/src/server/storage/file-backend.ts +25 -21
- package/src/server/storage/index.ts +71 -0
- package/src/server/storage/memory-backend.ts +24 -12
- package/src/server/storage/neon-backend.ts +70 -72
- package/src/server/storage/redis-backend.ts +26 -36
- package/src/server/storage/sqlite-backend.ts +25 -39
- package/src/server/storage/supabase-backend.ts +45 -54
- package/src/server/storage/types.ts +22 -2
- package/src/shared/types.ts +13 -1
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
import type { SupabaseClient } from '@supabase/supabase-js';
|
|
2
|
-
import type { SessionStore, Session, SessionCredentials } from './types.js';
|
|
2
|
+
import type { SessionStore, Session, SessionCredentials, GetOptions, SessionResult } from './types.js';
|
|
3
3
|
import { generateSessionId } from '../../shared/utils.js';
|
|
4
4
|
import { encryptObject, decryptObject } from './crypto.js';
|
|
5
5
|
import { resolveSessionExpiresAt } from './session-lifecycle.js';
|
|
@@ -11,7 +11,6 @@ export class SupabaseStorageBackend implements SessionStore {
|
|
|
11
11
|
|
|
12
12
|
async init(): Promise<void> {
|
|
13
13
|
await this.assertTable('mcp_sessions', 'session_id');
|
|
14
|
-
await this.assertTable('mcp_credentials', 'session_id');
|
|
15
14
|
console.log('[mcp-ts][Storage] Supabase: storage tables verified.');
|
|
16
15
|
}
|
|
17
16
|
|
|
@@ -53,18 +52,12 @@ export class SupabaseStorageBackend implements SessionStore {
|
|
|
53
52
|
authUrl: row.auth_url,
|
|
54
53
|
status: row.status ?? 'pending',
|
|
55
54
|
toolPolicy: normalizeToolPolicy(row.tool_policy),
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
userId,
|
|
63
|
-
clientInformation: decryptObject(row?.client_information),
|
|
64
|
-
tokens: decryptObject(row?.tokens),
|
|
65
|
-
codeVerifier: decryptObject(row?.code_verifier),
|
|
66
|
-
clientId: row?.client_id,
|
|
67
|
-
oauthState: row?.oauth_state,
|
|
55
|
+
clientInformation: decryptObject(row.client_information),
|
|
56
|
+
tokens: decryptObject(row.tokens),
|
|
57
|
+
codeVerifier: decryptObject(row.code_verifier),
|
|
58
|
+
clientId: row.client_id,
|
|
59
|
+
oauthState: row.oauth_state,
|
|
60
|
+
enabled: row.enabled ?? true,
|
|
68
61
|
};
|
|
69
62
|
}
|
|
70
63
|
|
|
@@ -140,6 +133,7 @@ export class SupabaseStorageBackend implements SessionStore {
|
|
|
140
133
|
if ('headers' in data) updateData.headers = encryptObject(data.headers);
|
|
141
134
|
if ('authUrl' in data) updateData.auth_url = data.authUrl ?? null;
|
|
142
135
|
if ('toolPolicy' in data) updateData.tool_policy = normalizeToolPolicy(data.toolPolicy);
|
|
136
|
+
if ('enabled' in data) updateData.enabled = data.enabled;
|
|
143
137
|
|
|
144
138
|
const shouldUpdateSession = Object.keys(updateData).some((key) => key !== 'updated_at');
|
|
145
139
|
|
|
@@ -178,32 +172,35 @@ export class SupabaseStorageBackend implements SessionStore {
|
|
|
178
172
|
async patchCredentials(userId: string, sessionId: string, data: Partial<SessionCredentials>): Promise<void> {
|
|
179
173
|
if (!this.hasCredentialData(data)) return;
|
|
180
174
|
|
|
181
|
-
const
|
|
182
|
-
user_id: userId,
|
|
183
|
-
session_id: sessionId,
|
|
175
|
+
const updateData: Record<string, unknown> = {
|
|
184
176
|
updated_at: new Date().toISOString(),
|
|
185
177
|
};
|
|
186
178
|
|
|
187
|
-
if ('clientInformation' in data)
|
|
188
|
-
if ('tokens' in data)
|
|
189
|
-
if ('codeVerifier' in data)
|
|
190
|
-
if ('clientId' in data)
|
|
191
|
-
if ('oauthState' in data)
|
|
179
|
+
if ('clientInformation' in data) updateData.client_information = data.clientInformation == null ? null : encryptObject(data.clientInformation);
|
|
180
|
+
if ('tokens' in data) updateData.tokens = data.tokens == null ? null : encryptObject(data.tokens);
|
|
181
|
+
if ('codeVerifier' in data) updateData.code_verifier = data.codeVerifier == null ? null : encryptObject(data.codeVerifier);
|
|
182
|
+
if ('clientId' in data) updateData.client_id = data.clientId ?? null;
|
|
183
|
+
if ('oauthState' in data) updateData.oauth_state = data.oauthState ?? null;
|
|
192
184
|
|
|
193
185
|
const { error } = await this.supabase
|
|
194
|
-
.from('
|
|
195
|
-
.
|
|
186
|
+
.from('mcp_sessions')
|
|
187
|
+
.update(updateData)
|
|
188
|
+
.eq('user_id', userId)
|
|
189
|
+
.eq('session_id', sessionId);
|
|
196
190
|
|
|
197
191
|
if (error) {
|
|
198
192
|
throw new Error(`Failed to update credentials: ${error.message}`);
|
|
199
193
|
}
|
|
200
|
-
|
|
201
194
|
}
|
|
202
195
|
|
|
203
|
-
async get(userId: string, sessionId: string): Promise<
|
|
196
|
+
async get(userId: string, sessionId: string, options?: GetOptions): Promise<SessionResult | null> {
|
|
197
|
+
const selection = options?.includeCredentials
|
|
198
|
+
? '*'
|
|
199
|
+
: 'session_id, user_id, server_id, server_name, server_url, transport_type, callback_url, created_at, updated_at, expires_at, headers, auth_url, status, tool_policy, enabled';
|
|
200
|
+
|
|
204
201
|
const { data, error } = await this.supabase
|
|
205
202
|
.from('mcp_sessions')
|
|
206
|
-
.select(
|
|
203
|
+
.select(selection)
|
|
207
204
|
.eq('user_id', userId)
|
|
208
205
|
.eq('session_id', sessionId)
|
|
209
206
|
.maybeSingle();
|
|
@@ -220,8 +217,8 @@ export class SupabaseStorageBackend implements SessionStore {
|
|
|
220
217
|
|
|
221
218
|
async getCredentials(userId: string, sessionId: string): Promise<SessionCredentials | null> {
|
|
222
219
|
const { data, error } = await this.supabase
|
|
223
|
-
.from('
|
|
224
|
-
.select('
|
|
220
|
+
.from('mcp_sessions')
|
|
221
|
+
.select('client_information, tokens, code_verifier, client_id, oauth_state')
|
|
225
222
|
.eq('user_id', userId)
|
|
226
223
|
.eq('session_id', sessionId)
|
|
227
224
|
.maybeSingle();
|
|
@@ -231,21 +228,17 @@ export class SupabaseStorageBackend implements SessionStore {
|
|
|
231
228
|
return null;
|
|
232
229
|
}
|
|
233
230
|
|
|
234
|
-
if (data)
|
|
235
|
-
return this.mapRowToCredentials(data, userId, sessionId);
|
|
236
|
-
}
|
|
237
|
-
|
|
238
|
-
const { data: sessionRows, error: sessionError } = await this.supabase
|
|
239
|
-
.from('mcp_sessions')
|
|
240
|
-
.select('id')
|
|
241
|
-
.eq('user_id', userId)
|
|
242
|
-
.eq('session_id', sessionId);
|
|
243
|
-
|
|
244
|
-
if (sessionError || !sessionRows || sessionRows.length === 0) {
|
|
245
|
-
return null;
|
|
246
|
-
}
|
|
231
|
+
if (!data) return null;
|
|
247
232
|
|
|
248
|
-
return {
|
|
233
|
+
return {
|
|
234
|
+
sessionId,
|
|
235
|
+
userId,
|
|
236
|
+
clientInformation: decryptObject(data.client_information),
|
|
237
|
+
tokens: decryptObject(data.tokens),
|
|
238
|
+
codeVerifier: decryptObject(data.code_verifier),
|
|
239
|
+
clientId: data.client_id,
|
|
240
|
+
oauthState: data.oauth_state,
|
|
241
|
+
};
|
|
249
242
|
}
|
|
250
243
|
|
|
251
244
|
async list(userId: string): Promise<Session[]> {
|
|
@@ -264,8 +257,15 @@ export class SupabaseStorageBackend implements SessionStore {
|
|
|
264
257
|
|
|
265
258
|
async clearCredentials(userId: string, sessionId: string): Promise<void> {
|
|
266
259
|
const { error } = await this.supabase
|
|
267
|
-
.from('
|
|
268
|
-
.
|
|
260
|
+
.from('mcp_sessions')
|
|
261
|
+
.update({
|
|
262
|
+
client_information: null,
|
|
263
|
+
tokens: null,
|
|
264
|
+
code_verifier: null,
|
|
265
|
+
client_id: null,
|
|
266
|
+
oauth_state: null,
|
|
267
|
+
updated_at: new Date().toISOString(),
|
|
268
|
+
})
|
|
269
269
|
.eq('user_id', userId)
|
|
270
270
|
.eq('session_id', sessionId);
|
|
271
271
|
|
|
@@ -314,15 +314,6 @@ export class SupabaseStorageBackend implements SessionStore {
|
|
|
314
314
|
}
|
|
315
315
|
|
|
316
316
|
async clearAll(): Promise<void> {
|
|
317
|
-
const { error: credentialsError } = await this.supabase
|
|
318
|
-
.from('mcp_credentials')
|
|
319
|
-
.delete()
|
|
320
|
-
.neq('session_id', '');
|
|
321
|
-
|
|
322
|
-
if (credentialsError) {
|
|
323
|
-
console.error('[SupabaseStorage] Failed to clear credentials:', credentialsError);
|
|
324
|
-
}
|
|
325
|
-
|
|
326
317
|
const { error } = await this.supabase
|
|
327
318
|
.from('mcp_sessions')
|
|
328
319
|
.delete()
|
|
@@ -46,6 +46,15 @@ export interface Session {
|
|
|
46
46
|
*/
|
|
47
47
|
status?: SessionStatus;
|
|
48
48
|
toolPolicy?: ToolPolicy;
|
|
49
|
+
/** When false, the session is excluded from agent tool discovery and RPC access. Defaults to true. */
|
|
50
|
+
enabled?: boolean;
|
|
51
|
+
clientInformation?: OAuthClientInformationMixed | null;
|
|
52
|
+
tokens?: OAuthTokens | null;
|
|
53
|
+
codeVerifier?: string | null;
|
|
54
|
+
codeVerifierChallenge?: string | null;
|
|
55
|
+
codeVerifierNonce?: string | null;
|
|
56
|
+
clientId?: string | null;
|
|
57
|
+
oauthState?: OAuthState | null;
|
|
49
58
|
}
|
|
50
59
|
|
|
51
60
|
export interface SessionCredentials {
|
|
@@ -54,6 +63,8 @@ export interface SessionCredentials {
|
|
|
54
63
|
clientInformation?: OAuthClientInformationMixed | null;
|
|
55
64
|
tokens?: OAuthTokens | null;
|
|
56
65
|
codeVerifier?: string | null;
|
|
66
|
+
codeVerifierChallenge?: string | null;
|
|
67
|
+
codeVerifierNonce?: string | null;
|
|
57
68
|
clientId?: string | null;
|
|
58
69
|
oauthState?: OAuthState | null;
|
|
59
70
|
}
|
|
@@ -86,6 +97,12 @@ export interface SetClientOptions {
|
|
|
86
97
|
/**
|
|
87
98
|
* Interface for MCP session stores.
|
|
88
99
|
*/
|
|
100
|
+
export type GetOptions = {
|
|
101
|
+
includeCredentials?: boolean;
|
|
102
|
+
};
|
|
103
|
+
|
|
104
|
+
export type SessionResult = Session;
|
|
105
|
+
|
|
89
106
|
export interface SessionStore {
|
|
90
107
|
/**
|
|
91
108
|
* Optional initialization (e.g., database connection)
|
|
@@ -118,9 +135,12 @@ export interface SessionStore {
|
|
|
118
135
|
patchCredentials(userId: string, sessionId: string, data: Partial<SessionCredentials>): Promise<void>;
|
|
119
136
|
|
|
120
137
|
/**
|
|
121
|
-
* Retrieves a session
|
|
138
|
+
* Retrieves a session, optionally including its credential fields in one round-trip.
|
|
139
|
+
* When includeCredentials is true, the returned session has credential fields
|
|
140
|
+
* (clientInformation, tokens, codeVerifier, etc.) populated from storage.
|
|
141
|
+
* When false or undefined, credential fields are left as undefined.
|
|
122
142
|
*/
|
|
123
|
-
get(userId: string, sessionId: string): Promise<
|
|
143
|
+
get(userId: string, sessionId: string, options?: GetOptions): Promise<SessionResult | null>;
|
|
124
144
|
|
|
125
145
|
/**
|
|
126
146
|
* Retrieves runtime credentials for a session.
|
package/src/shared/types.ts
CHANGED
|
@@ -193,7 +193,8 @@ export type McpRpcMethod =
|
|
|
193
193
|
| 'listResources'
|
|
194
194
|
| 'readResource'
|
|
195
195
|
| 'setToolPolicy'
|
|
196
|
-
| 'getToolPolicy'
|
|
196
|
+
| 'getToolPolicy'
|
|
197
|
+
| 'updateSession';
|
|
197
198
|
|
|
198
199
|
export interface McpRpcRequest {
|
|
199
200
|
id: string;
|
|
@@ -264,6 +265,11 @@ export interface GetToolPolicyParams {
|
|
|
264
265
|
sessionId: string;
|
|
265
266
|
}
|
|
266
267
|
|
|
268
|
+
export interface UpdateSessionParams {
|
|
269
|
+
sessionId: string;
|
|
270
|
+
enabled?: boolean;
|
|
271
|
+
}
|
|
272
|
+
|
|
267
273
|
export type McpRpcParams =
|
|
268
274
|
| ConnectParams
|
|
269
275
|
| DisconnectParams
|
|
@@ -275,6 +281,7 @@ export type McpRpcParams =
|
|
|
275
281
|
| FinishAuthParams
|
|
276
282
|
| SetToolPolicyParams
|
|
277
283
|
| GetToolPolicyParams
|
|
284
|
+
| UpdateSessionParams
|
|
278
285
|
| undefined;
|
|
279
286
|
|
|
280
287
|
// RPC Result Types
|
|
@@ -292,6 +299,7 @@ export interface SessionInfo {
|
|
|
292
299
|
*/
|
|
293
300
|
status: SessionStatus;
|
|
294
301
|
toolPolicy?: ToolPolicy;
|
|
302
|
+
enabled?: boolean;
|
|
295
303
|
}
|
|
296
304
|
|
|
297
305
|
export interface SessionListResult {
|
|
@@ -328,6 +336,10 @@ export interface SetToolPolicyResult {
|
|
|
328
336
|
toolCount: number;
|
|
329
337
|
}
|
|
330
338
|
|
|
339
|
+
export interface UpdateSessionResult {
|
|
340
|
+
success: boolean;
|
|
341
|
+
}
|
|
342
|
+
|
|
331
343
|
export type ToolAccessInfo = Tool & {
|
|
332
344
|
toolId: string;
|
|
333
345
|
allowed: boolean;
|