@mcp-ts/sdk 2.5.2 → 2.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (73) hide show
  1. package/README.md +3 -574
  2. package/dist/adapters/agui-adapter.d.mts +4 -4
  3. package/dist/adapters/agui-adapter.d.ts +4 -4
  4. package/dist/adapters/agui-middleware.d.mts +4 -4
  5. package/dist/adapters/agui-middleware.d.ts +4 -4
  6. package/dist/adapters/ai-adapter.d.mts +4 -4
  7. package/dist/adapters/ai-adapter.d.ts +4 -4
  8. package/dist/adapters/langchain-adapter.d.mts +4 -4
  9. package/dist/adapters/langchain-adapter.d.ts +4 -4
  10. package/dist/adapters/mastra-adapter.d.mts +3 -3
  11. package/dist/adapters/mastra-adapter.d.ts +3 -3
  12. package/dist/client/index.d.mts +2 -2
  13. package/dist/client/index.d.ts +2 -2
  14. package/dist/client/index.js +3 -0
  15. package/dist/client/index.js.map +1 -1
  16. package/dist/client/index.mjs +3 -0
  17. package/dist/client/index.mjs.map +1 -1
  18. package/dist/client/react.d.mts +10 -18
  19. package/dist/client/react.d.ts +10 -18
  20. package/dist/client/react.js +17 -0
  21. package/dist/client/react.js.map +1 -1
  22. package/dist/client/react.mjs +17 -0
  23. package/dist/client/react.mjs.map +1 -1
  24. package/dist/client/vue.d.mts +4 -4
  25. package/dist/client/vue.d.ts +4 -4
  26. package/dist/client/vue.js +3 -0
  27. package/dist/client/vue.js.map +1 -1
  28. package/dist/client/vue.mjs +3 -0
  29. package/dist/client/vue.mjs.map +1 -1
  30. package/dist/{index-B3GPsPsi.d.mts → index-BrDkbut5.d.ts} +2 -1
  31. package/dist/{index-gNdSQTSz.d.ts → index-DHQvlx4K.d.mts} +2 -1
  32. package/dist/index.d.mts +5 -5
  33. package/dist/index.d.ts +5 -5
  34. package/dist/index.js +1056 -863
  35. package/dist/index.js.map +1 -1
  36. package/dist/index.mjs +1048 -858
  37. package/dist/index.mjs.map +1 -1
  38. package/dist/{multi-session-client-CB4oDrQX.d.ts → multi-session-client-CQzymvHl.d.ts} +183 -227
  39. package/dist/{multi-session-client-xj3iQIv6.d.mts → multi-session-client-C_Ja2TuV.d.mts} +183 -227
  40. package/dist/server/index.d.mts +338 -88
  41. package/dist/server/index.d.ts +338 -88
  42. package/dist/server/index.js +1054 -864
  43. package/dist/server/index.js.map +1 -1
  44. package/dist/server/index.mjs +1046 -859
  45. package/dist/server/index.mjs.map +1 -1
  46. package/dist/shared/index.d.mts +4 -4
  47. package/dist/shared/index.d.ts +4 -4
  48. package/dist/shared/index.js.map +1 -1
  49. package/dist/shared/index.mjs.map +1 -1
  50. package/dist/{tool-router-CsKVXbQB.d.mts → tool-router-C1n7OXbl.d.mts} +1 -1
  51. package/dist/{tool-router-C-Mw1_BQ.d.ts → tool-router-CBIawFnt.d.ts} +1 -1
  52. package/dist/{types-6SmXege4.d.mts → types-DX71u9gR.d.mts} +11 -3
  53. package/dist/{types-6SmXege4.d.ts → types-DX71u9gR.d.ts} +11 -3
  54. package/migrations/neon/20260513010000_install_mcp_sessions.sql +4 -34
  55. package/migrations/supabase/20260330195700_install_mcp_sessions.sql +5 -62
  56. package/package.json +2 -1
  57. package/src/client/core/sse-client.ts +5 -0
  58. package/src/client/react/use-mcp.ts +27 -28
  59. package/src/server/handlers/sse-handler.ts +671 -629
  60. package/src/server/index.ts +2 -1
  61. package/src/server/mcp/multi-session-client.ts +34 -10
  62. package/src/server/mcp/oauth-client.ts +197 -205
  63. package/src/server/mcp/storage-oauth-provider.ts +149 -29
  64. package/src/server/mcp/tool-policy-gateway.ts +11 -1
  65. package/src/server/storage/file-backend.ts +25 -21
  66. package/src/server/storage/index.ts +71 -0
  67. package/src/server/storage/memory-backend.ts +24 -12
  68. package/src/server/storage/neon-backend.ts +70 -72
  69. package/src/server/storage/redis-backend.ts +26 -36
  70. package/src/server/storage/sqlite-backend.ts +25 -39
  71. package/src/server/storage/supabase-backend.ts +45 -54
  72. package/src/server/storage/types.ts +22 -2
  73. package/src/shared/types.ts +13 -1
@@ -1,5 +1,5 @@
1
1
  import type { SupabaseClient } from '@supabase/supabase-js';
2
- import type { SessionStore, Session, SessionCredentials } from './types.js';
2
+ import type { SessionStore, Session, SessionCredentials, GetOptions, SessionResult } from './types.js';
3
3
  import { generateSessionId } from '../../shared/utils.js';
4
4
  import { encryptObject, decryptObject } from './crypto.js';
5
5
  import { resolveSessionExpiresAt } from './session-lifecycle.js';
@@ -11,7 +11,6 @@ export class SupabaseStorageBackend implements SessionStore {
11
11
 
12
12
  async init(): Promise<void> {
13
13
  await this.assertTable('mcp_sessions', 'session_id');
14
- await this.assertTable('mcp_credentials', 'session_id');
15
14
  console.log('[mcp-ts][Storage] Supabase: storage tables verified.');
16
15
  }
17
16
 
@@ -53,18 +52,12 @@ export class SupabaseStorageBackend implements SessionStore {
53
52
  authUrl: row.auth_url,
54
53
  status: row.status ?? 'pending',
55
54
  toolPolicy: normalizeToolPolicy(row.tool_policy),
56
- };
57
- }
58
-
59
- private mapRowToCredentials(row: any, userId: string, sessionId: string): SessionCredentials {
60
- return {
61
- sessionId,
62
- userId,
63
- clientInformation: decryptObject(row?.client_information),
64
- tokens: decryptObject(row?.tokens),
65
- codeVerifier: decryptObject(row?.code_verifier),
66
- clientId: row?.client_id,
67
- oauthState: row?.oauth_state,
55
+ clientInformation: decryptObject(row.client_information),
56
+ tokens: decryptObject(row.tokens),
57
+ codeVerifier: decryptObject(row.code_verifier),
58
+ clientId: row.client_id,
59
+ oauthState: row.oauth_state,
60
+ enabled: row.enabled ?? true,
68
61
  };
69
62
  }
70
63
 
@@ -140,6 +133,7 @@ export class SupabaseStorageBackend implements SessionStore {
140
133
  if ('headers' in data) updateData.headers = encryptObject(data.headers);
141
134
  if ('authUrl' in data) updateData.auth_url = data.authUrl ?? null;
142
135
  if ('toolPolicy' in data) updateData.tool_policy = normalizeToolPolicy(data.toolPolicy);
136
+ if ('enabled' in data) updateData.enabled = data.enabled;
143
137
 
144
138
  const shouldUpdateSession = Object.keys(updateData).some((key) => key !== 'updated_at');
145
139
 
@@ -178,32 +172,35 @@ export class SupabaseStorageBackend implements SessionStore {
178
172
  async patchCredentials(userId: string, sessionId: string, data: Partial<SessionCredentials>): Promise<void> {
179
173
  if (!this.hasCredentialData(data)) return;
180
174
 
181
- const row: any = {
182
- user_id: userId,
183
- session_id: sessionId,
175
+ const updateData: Record<string, unknown> = {
184
176
  updated_at: new Date().toISOString(),
185
177
  };
186
178
 
187
- if ('clientInformation' in data) row.client_information = data.clientInformation == null ? null : encryptObject(data.clientInformation);
188
- if ('tokens' in data) row.tokens = data.tokens == null ? null : encryptObject(data.tokens);
189
- if ('codeVerifier' in data) row.code_verifier = data.codeVerifier == null ? null : encryptObject(data.codeVerifier);
190
- if ('clientId' in data) row.client_id = data.clientId ?? null;
191
- if ('oauthState' in data) row.oauth_state = data.oauthState ?? null;
179
+ if ('clientInformation' in data) updateData.client_information = data.clientInformation == null ? null : encryptObject(data.clientInformation);
180
+ if ('tokens' in data) updateData.tokens = data.tokens == null ? null : encryptObject(data.tokens);
181
+ if ('codeVerifier' in data) updateData.code_verifier = data.codeVerifier == null ? null : encryptObject(data.codeVerifier);
182
+ if ('clientId' in data) updateData.client_id = data.clientId ?? null;
183
+ if ('oauthState' in data) updateData.oauth_state = data.oauthState ?? null;
192
184
 
193
185
  const { error } = await this.supabase
194
- .from('mcp_credentials')
195
- .upsert(row, { onConflict: 'user_id,session_id' });
186
+ .from('mcp_sessions')
187
+ .update(updateData)
188
+ .eq('user_id', userId)
189
+ .eq('session_id', sessionId);
196
190
 
197
191
  if (error) {
198
192
  throw new Error(`Failed to update credentials: ${error.message}`);
199
193
  }
200
-
201
194
  }
202
195
 
203
- async get(userId: string, sessionId: string): Promise<Session | null> {
196
+ async get(userId: string, sessionId: string, options?: GetOptions): Promise<SessionResult | null> {
197
+ const selection = options?.includeCredentials
198
+ ? '*'
199
+ : 'session_id, user_id, server_id, server_name, server_url, transport_type, callback_url, created_at, updated_at, expires_at, headers, auth_url, status, tool_policy, enabled';
200
+
204
201
  const { data, error } = await this.supabase
205
202
  .from('mcp_sessions')
206
- .select('*')
203
+ .select(selection)
207
204
  .eq('user_id', userId)
208
205
  .eq('session_id', sessionId)
209
206
  .maybeSingle();
@@ -220,8 +217,8 @@ export class SupabaseStorageBackend implements SessionStore {
220
217
 
221
218
  async getCredentials(userId: string, sessionId: string): Promise<SessionCredentials | null> {
222
219
  const { data, error } = await this.supabase
223
- .from('mcp_credentials')
224
- .select('*')
220
+ .from('mcp_sessions')
221
+ .select('client_information, tokens, code_verifier, client_id, oauth_state')
225
222
  .eq('user_id', userId)
226
223
  .eq('session_id', sessionId)
227
224
  .maybeSingle();
@@ -231,21 +228,17 @@ export class SupabaseStorageBackend implements SessionStore {
231
228
  return null;
232
229
  }
233
230
 
234
- if (data) {
235
- return this.mapRowToCredentials(data, userId, sessionId);
236
- }
237
-
238
- const { data: sessionRows, error: sessionError } = await this.supabase
239
- .from('mcp_sessions')
240
- .select('id')
241
- .eq('user_id', userId)
242
- .eq('session_id', sessionId);
243
-
244
- if (sessionError || !sessionRows || sessionRows.length === 0) {
245
- return null;
246
- }
231
+ if (!data) return null;
247
232
 
248
- return { sessionId, userId };
233
+ return {
234
+ sessionId,
235
+ userId,
236
+ clientInformation: decryptObject(data.client_information),
237
+ tokens: decryptObject(data.tokens),
238
+ codeVerifier: decryptObject(data.code_verifier),
239
+ clientId: data.client_id,
240
+ oauthState: data.oauth_state,
241
+ };
249
242
  }
250
243
 
251
244
  async list(userId: string): Promise<Session[]> {
@@ -264,8 +257,15 @@ export class SupabaseStorageBackend implements SessionStore {
264
257
 
265
258
  async clearCredentials(userId: string, sessionId: string): Promise<void> {
266
259
  const { error } = await this.supabase
267
- .from('mcp_credentials')
268
- .delete()
260
+ .from('mcp_sessions')
261
+ .update({
262
+ client_information: null,
263
+ tokens: null,
264
+ code_verifier: null,
265
+ client_id: null,
266
+ oauth_state: null,
267
+ updated_at: new Date().toISOString(),
268
+ })
269
269
  .eq('user_id', userId)
270
270
  .eq('session_id', sessionId);
271
271
 
@@ -314,15 +314,6 @@ export class SupabaseStorageBackend implements SessionStore {
314
314
  }
315
315
 
316
316
  async clearAll(): Promise<void> {
317
- const { error: credentialsError } = await this.supabase
318
- .from('mcp_credentials')
319
- .delete()
320
- .neq('session_id', '');
321
-
322
- if (credentialsError) {
323
- console.error('[SupabaseStorage] Failed to clear credentials:', credentialsError);
324
- }
325
-
326
317
  const { error } = await this.supabase
327
318
  .from('mcp_sessions')
328
319
  .delete()
@@ -46,6 +46,15 @@ export interface Session {
46
46
  */
47
47
  status?: SessionStatus;
48
48
  toolPolicy?: ToolPolicy;
49
+ /** When false, the session is excluded from agent tool discovery and RPC access. Defaults to true. */
50
+ enabled?: boolean;
51
+ clientInformation?: OAuthClientInformationMixed | null;
52
+ tokens?: OAuthTokens | null;
53
+ codeVerifier?: string | null;
54
+ codeVerifierChallenge?: string | null;
55
+ codeVerifierNonce?: string | null;
56
+ clientId?: string | null;
57
+ oauthState?: OAuthState | null;
49
58
  }
50
59
 
51
60
  export interface SessionCredentials {
@@ -54,6 +63,8 @@ export interface SessionCredentials {
54
63
  clientInformation?: OAuthClientInformationMixed | null;
55
64
  tokens?: OAuthTokens | null;
56
65
  codeVerifier?: string | null;
66
+ codeVerifierChallenge?: string | null;
67
+ codeVerifierNonce?: string | null;
57
68
  clientId?: string | null;
58
69
  oauthState?: OAuthState | null;
59
70
  }
@@ -86,6 +97,12 @@ export interface SetClientOptions {
86
97
  /**
87
98
  * Interface for MCP session stores.
88
99
  */
100
+ export type GetOptions = {
101
+ includeCredentials?: boolean;
102
+ };
103
+
104
+ export type SessionResult = Session;
105
+
89
106
  export interface SessionStore {
90
107
  /**
91
108
  * Optional initialization (e.g., database connection)
@@ -118,9 +135,12 @@ export interface SessionStore {
118
135
  patchCredentials(userId: string, sessionId: string, data: Partial<SessionCredentials>): Promise<void>;
119
136
 
120
137
  /**
121
- * Retrieves a session
138
+ * Retrieves a session, optionally including its credential fields in one round-trip.
139
+ * When includeCredentials is true, the returned session has credential fields
140
+ * (clientInformation, tokens, codeVerifier, etc.) populated from storage.
141
+ * When false or undefined, credential fields are left as undefined.
122
142
  */
123
- get(userId: string, sessionId: string): Promise<Session | null>;
143
+ get(userId: string, sessionId: string, options?: GetOptions): Promise<SessionResult | null>;
124
144
 
125
145
  /**
126
146
  * Retrieves runtime credentials for a session.
@@ -193,7 +193,8 @@ export type McpRpcMethod =
193
193
  | 'listResources'
194
194
  | 'readResource'
195
195
  | 'setToolPolicy'
196
- | 'getToolPolicy';
196
+ | 'getToolPolicy'
197
+ | 'updateSession';
197
198
 
198
199
  export interface McpRpcRequest {
199
200
  id: string;
@@ -264,6 +265,11 @@ export interface GetToolPolicyParams {
264
265
  sessionId: string;
265
266
  }
266
267
 
268
+ export interface UpdateSessionParams {
269
+ sessionId: string;
270
+ enabled?: boolean;
271
+ }
272
+
267
273
  export type McpRpcParams =
268
274
  | ConnectParams
269
275
  | DisconnectParams
@@ -275,6 +281,7 @@ export type McpRpcParams =
275
281
  | FinishAuthParams
276
282
  | SetToolPolicyParams
277
283
  | GetToolPolicyParams
284
+ | UpdateSessionParams
278
285
  | undefined;
279
286
 
280
287
  // RPC Result Types
@@ -292,6 +299,7 @@ export interface SessionInfo {
292
299
  */
293
300
  status: SessionStatus;
294
301
  toolPolicy?: ToolPolicy;
302
+ enabled?: boolean;
295
303
  }
296
304
 
297
305
  export interface SessionListResult {
@@ -328,6 +336,10 @@ export interface SetToolPolicyResult {
328
336
  toolCount: number;
329
337
  }
330
338
 
339
+ export interface UpdateSessionResult {
340
+ success: boolean;
341
+ }
342
+
331
343
  export type ToolAccessInfo = Tool & {
332
344
  toolId: string;
333
345
  allowed: boolean;