@mcp-ts/sdk 2.5.3 → 2.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (73) hide show
  1. package/README.md +3 -574
  2. package/dist/adapters/agui-adapter.d.mts +4 -4
  3. package/dist/adapters/agui-adapter.d.ts +4 -4
  4. package/dist/adapters/agui-middleware.d.mts +4 -4
  5. package/dist/adapters/agui-middleware.d.ts +4 -4
  6. package/dist/adapters/ai-adapter.d.mts +4 -4
  7. package/dist/adapters/ai-adapter.d.ts +4 -4
  8. package/dist/adapters/langchain-adapter.d.mts +4 -4
  9. package/dist/adapters/langchain-adapter.d.ts +4 -4
  10. package/dist/adapters/mastra-adapter.d.mts +3 -3
  11. package/dist/adapters/mastra-adapter.d.ts +3 -3
  12. package/dist/client/index.d.mts +2 -2
  13. package/dist/client/index.d.ts +2 -2
  14. package/dist/client/index.js +3 -0
  15. package/dist/client/index.js.map +1 -1
  16. package/dist/client/index.mjs +3 -0
  17. package/dist/client/index.mjs.map +1 -1
  18. package/dist/client/react.d.mts +10 -18
  19. package/dist/client/react.d.ts +10 -18
  20. package/dist/client/react.js +17 -0
  21. package/dist/client/react.js.map +1 -1
  22. package/dist/client/react.mjs +17 -0
  23. package/dist/client/react.mjs.map +1 -1
  24. package/dist/client/vue.d.mts +4 -4
  25. package/dist/client/vue.d.ts +4 -4
  26. package/dist/client/vue.js +3 -0
  27. package/dist/client/vue.js.map +1 -1
  28. package/dist/client/vue.mjs +3 -0
  29. package/dist/client/vue.mjs.map +1 -1
  30. package/dist/{index-BRZO_JyI.d.mts → index-BrDkbut5.d.ts} +2 -1
  31. package/dist/{index-C3YGagi2.d.ts → index-DHQvlx4K.d.mts} +2 -1
  32. package/dist/index.d.mts +5 -5
  33. package/dist/index.d.ts +5 -5
  34. package/dist/index.js +1056 -876
  35. package/dist/index.js.map +1 -1
  36. package/dist/index.mjs +1048 -871
  37. package/dist/index.mjs.map +1 -1
  38. package/dist/{multi-session-client-CuacvZaQ.d.ts → multi-session-client-CQzymvHl.d.ts} +183 -227
  39. package/dist/{multi-session-client-DqzT8Oo7.d.mts → multi-session-client-C_Ja2TuV.d.mts} +183 -227
  40. package/dist/server/index.d.mts +338 -88
  41. package/dist/server/index.d.ts +338 -88
  42. package/dist/server/index.js +1053 -876
  43. package/dist/server/index.js.map +1 -1
  44. package/dist/server/index.mjs +1045 -871
  45. package/dist/server/index.mjs.map +1 -1
  46. package/dist/shared/index.d.mts +4 -4
  47. package/dist/shared/index.d.ts +4 -4
  48. package/dist/shared/index.js.map +1 -1
  49. package/dist/shared/index.mjs.map +1 -1
  50. package/dist/{tool-router-B0qpui-V.d.mts → tool-router-C1n7OXbl.d.mts} +1 -1
  51. package/dist/{tool-router-2qUyZ-cP.d.ts → tool-router-CBIawFnt.d.ts} +1 -1
  52. package/dist/{types-BkJ_rgzo.d.mts → types-DX71u9gR.d.mts} +11 -5
  53. package/dist/{types-BkJ_rgzo.d.ts → types-DX71u9gR.d.ts} +11 -5
  54. package/migrations/neon/20260513010000_install_mcp_sessions.sql +4 -34
  55. package/migrations/supabase/20260330195700_install_mcp_sessions.sql +5 -62
  56. package/package.json +2 -1
  57. package/src/client/core/sse-client.ts +5 -0
  58. package/src/client/react/use-mcp.ts +27 -28
  59. package/src/server/handlers/sse-handler.ts +671 -633
  60. package/src/server/index.ts +2 -1
  61. package/src/server/mcp/multi-session-client.ts +34 -10
  62. package/src/server/mcp/oauth-client.ts +197 -205
  63. package/src/server/mcp/storage-oauth-provider.ts +148 -41
  64. package/src/server/mcp/tool-policy-gateway.ts +11 -1
  65. package/src/server/storage/file-backend.ts +25 -21
  66. package/src/server/storage/index.ts +71 -0
  67. package/src/server/storage/memory-backend.ts +24 -12
  68. package/src/server/storage/neon-backend.ts +70 -72
  69. package/src/server/storage/redis-backend.ts +26 -36
  70. package/src/server/storage/sqlite-backend.ts +25 -39
  71. package/src/server/storage/supabase-backend.ts +45 -54
  72. package/src/server/storage/types.ts +22 -2
  73. package/src/shared/types.ts +13 -3
@@ -1,5 +1,5 @@
1
1
  import type { SupabaseClient } from '@supabase/supabase-js';
2
- import type { SessionStore, Session, SessionCredentials } from './types.js';
2
+ import type { SessionStore, Session, SessionCredentials, GetOptions, SessionResult } from './types.js';
3
3
  import { generateSessionId } from '../../shared/utils.js';
4
4
  import { encryptObject, decryptObject } from './crypto.js';
5
5
  import { resolveSessionExpiresAt } from './session-lifecycle.js';
@@ -11,7 +11,6 @@ export class SupabaseStorageBackend implements SessionStore {
11
11
 
12
12
  async init(): Promise<void> {
13
13
  await this.assertTable('mcp_sessions', 'session_id');
14
- await this.assertTable('mcp_credentials', 'session_id');
15
14
  console.log('[mcp-ts][Storage] Supabase: storage tables verified.');
16
15
  }
17
16
 
@@ -53,18 +52,12 @@ export class SupabaseStorageBackend implements SessionStore {
53
52
  authUrl: row.auth_url,
54
53
  status: row.status ?? 'pending',
55
54
  toolPolicy: normalizeToolPolicy(row.tool_policy),
56
- };
57
- }
58
-
59
- private mapRowToCredentials(row: any, userId: string, sessionId: string): SessionCredentials {
60
- return {
61
- sessionId,
62
- userId,
63
- clientInformation: decryptObject(row?.client_information),
64
- tokens: decryptObject(row?.tokens),
65
- codeVerifier: decryptObject(row?.code_verifier),
66
- clientId: row?.client_id,
67
- oauthState: row?.oauth_state,
55
+ clientInformation: decryptObject(row.client_information),
56
+ tokens: decryptObject(row.tokens),
57
+ codeVerifier: decryptObject(row.code_verifier),
58
+ clientId: row.client_id,
59
+ oauthState: row.oauth_state,
60
+ enabled: row.enabled ?? true,
68
61
  };
69
62
  }
70
63
 
@@ -140,6 +133,7 @@ export class SupabaseStorageBackend implements SessionStore {
140
133
  if ('headers' in data) updateData.headers = encryptObject(data.headers);
141
134
  if ('authUrl' in data) updateData.auth_url = data.authUrl ?? null;
142
135
  if ('toolPolicy' in data) updateData.tool_policy = normalizeToolPolicy(data.toolPolicy);
136
+ if ('enabled' in data) updateData.enabled = data.enabled;
143
137
 
144
138
  const shouldUpdateSession = Object.keys(updateData).some((key) => key !== 'updated_at');
145
139
 
@@ -178,32 +172,35 @@ export class SupabaseStorageBackend implements SessionStore {
178
172
  async patchCredentials(userId: string, sessionId: string, data: Partial<SessionCredentials>): Promise<void> {
179
173
  if (!this.hasCredentialData(data)) return;
180
174
 
181
- const row: any = {
182
- user_id: userId,
183
- session_id: sessionId,
175
+ const updateData: Record<string, unknown> = {
184
176
  updated_at: new Date().toISOString(),
185
177
  };
186
178
 
187
- if ('clientInformation' in data) row.client_information = data.clientInformation == null ? null : encryptObject(data.clientInformation);
188
- if ('tokens' in data) row.tokens = data.tokens == null ? null : encryptObject(data.tokens);
189
- if ('codeVerifier' in data) row.code_verifier = data.codeVerifier == null ? null : encryptObject(data.codeVerifier);
190
- if ('clientId' in data) row.client_id = data.clientId ?? null;
191
- if ('oauthState' in data) row.oauth_state = data.oauthState ?? null;
179
+ if ('clientInformation' in data) updateData.client_information = data.clientInformation == null ? null : encryptObject(data.clientInformation);
180
+ if ('tokens' in data) updateData.tokens = data.tokens == null ? null : encryptObject(data.tokens);
181
+ if ('codeVerifier' in data) updateData.code_verifier = data.codeVerifier == null ? null : encryptObject(data.codeVerifier);
182
+ if ('clientId' in data) updateData.client_id = data.clientId ?? null;
183
+ if ('oauthState' in data) updateData.oauth_state = data.oauthState ?? null;
192
184
 
193
185
  const { error } = await this.supabase
194
- .from('mcp_credentials')
195
- .upsert(row, { onConflict: 'user_id,session_id' });
186
+ .from('mcp_sessions')
187
+ .update(updateData)
188
+ .eq('user_id', userId)
189
+ .eq('session_id', sessionId);
196
190
 
197
191
  if (error) {
198
192
  throw new Error(`Failed to update credentials: ${error.message}`);
199
193
  }
200
-
201
194
  }
202
195
 
203
- async get(userId: string, sessionId: string): Promise<Session | null> {
196
+ async get(userId: string, sessionId: string, options?: GetOptions): Promise<SessionResult | null> {
197
+ const selection = options?.includeCredentials
198
+ ? '*'
199
+ : 'session_id, user_id, server_id, server_name, server_url, transport_type, callback_url, created_at, updated_at, expires_at, headers, auth_url, status, tool_policy, enabled';
200
+
204
201
  const { data, error } = await this.supabase
205
202
  .from('mcp_sessions')
206
- .select('*')
203
+ .select(selection)
207
204
  .eq('user_id', userId)
208
205
  .eq('session_id', sessionId)
209
206
  .maybeSingle();
@@ -220,8 +217,8 @@ export class SupabaseStorageBackend implements SessionStore {
220
217
 
221
218
  async getCredentials(userId: string, sessionId: string): Promise<SessionCredentials | null> {
222
219
  const { data, error } = await this.supabase
223
- .from('mcp_credentials')
224
- .select('*')
220
+ .from('mcp_sessions')
221
+ .select('client_information, tokens, code_verifier, client_id, oauth_state')
225
222
  .eq('user_id', userId)
226
223
  .eq('session_id', sessionId)
227
224
  .maybeSingle();
@@ -231,21 +228,17 @@ export class SupabaseStorageBackend implements SessionStore {
231
228
  return null;
232
229
  }
233
230
 
234
- if (data) {
235
- return this.mapRowToCredentials(data, userId, sessionId);
236
- }
237
-
238
- const { data: sessionRows, error: sessionError } = await this.supabase
239
- .from('mcp_sessions')
240
- .select('id')
241
- .eq('user_id', userId)
242
- .eq('session_id', sessionId);
243
-
244
- if (sessionError || !sessionRows || sessionRows.length === 0) {
245
- return null;
246
- }
231
+ if (!data) return null;
247
232
 
248
- return { sessionId, userId };
233
+ return {
234
+ sessionId,
235
+ userId,
236
+ clientInformation: decryptObject(data.client_information),
237
+ tokens: decryptObject(data.tokens),
238
+ codeVerifier: decryptObject(data.code_verifier),
239
+ clientId: data.client_id,
240
+ oauthState: data.oauth_state,
241
+ };
249
242
  }
250
243
 
251
244
  async list(userId: string): Promise<Session[]> {
@@ -264,8 +257,15 @@ export class SupabaseStorageBackend implements SessionStore {
264
257
 
265
258
  async clearCredentials(userId: string, sessionId: string): Promise<void> {
266
259
  const { error } = await this.supabase
267
- .from('mcp_credentials')
268
- .delete()
260
+ .from('mcp_sessions')
261
+ .update({
262
+ client_information: null,
263
+ tokens: null,
264
+ code_verifier: null,
265
+ client_id: null,
266
+ oauth_state: null,
267
+ updated_at: new Date().toISOString(),
268
+ })
269
269
  .eq('user_id', userId)
270
270
  .eq('session_id', sessionId);
271
271
 
@@ -314,15 +314,6 @@ export class SupabaseStorageBackend implements SessionStore {
314
314
  }
315
315
 
316
316
  async clearAll(): Promise<void> {
317
- const { error: credentialsError } = await this.supabase
318
- .from('mcp_credentials')
319
- .delete()
320
- .neq('session_id', '');
321
-
322
- if (credentialsError) {
323
- console.error('[SupabaseStorage] Failed to clear credentials:', credentialsError);
324
- }
325
-
326
317
  const { error } = await this.supabase
327
318
  .from('mcp_sessions')
328
319
  .delete()
@@ -46,6 +46,15 @@ export interface Session {
46
46
  */
47
47
  status?: SessionStatus;
48
48
  toolPolicy?: ToolPolicy;
49
+ /** When false, the session is excluded from agent tool discovery and RPC access. Defaults to true. */
50
+ enabled?: boolean;
51
+ clientInformation?: OAuthClientInformationMixed | null;
52
+ tokens?: OAuthTokens | null;
53
+ codeVerifier?: string | null;
54
+ codeVerifierChallenge?: string | null;
55
+ codeVerifierNonce?: string | null;
56
+ clientId?: string | null;
57
+ oauthState?: OAuthState | null;
49
58
  }
50
59
 
51
60
  export interface SessionCredentials {
@@ -54,6 +63,8 @@ export interface SessionCredentials {
54
63
  clientInformation?: OAuthClientInformationMixed | null;
55
64
  tokens?: OAuthTokens | null;
56
65
  codeVerifier?: string | null;
66
+ codeVerifierChallenge?: string | null;
67
+ codeVerifierNonce?: string | null;
57
68
  clientId?: string | null;
58
69
  oauthState?: OAuthState | null;
59
70
  }
@@ -86,6 +97,12 @@ export interface SetClientOptions {
86
97
  /**
87
98
  * Interface for MCP session stores.
88
99
  */
100
+ export type GetOptions = {
101
+ includeCredentials?: boolean;
102
+ };
103
+
104
+ export type SessionResult = Session;
105
+
89
106
  export interface SessionStore {
90
107
  /**
91
108
  * Optional initialization (e.g., database connection)
@@ -118,9 +135,12 @@ export interface SessionStore {
118
135
  patchCredentials(userId: string, sessionId: string, data: Partial<SessionCredentials>): Promise<void>;
119
136
 
120
137
  /**
121
- * Retrieves a session
138
+ * Retrieves a session, optionally including its credential fields in one round-trip.
139
+ * When includeCredentials is true, the returned session has credential fields
140
+ * (clientInformation, tokens, codeVerifier, etc.) populated from storage.
141
+ * When false or undefined, credential fields are left as undefined.
122
142
  */
123
- get(userId: string, sessionId: string): Promise<Session | null>;
143
+ get(userId: string, sessionId: string, options?: GetOptions): Promise<SessionResult | null>;
124
144
 
125
145
  /**
126
146
  * Retrieves runtime credentials for a session.
@@ -193,7 +193,8 @@ export type McpRpcMethod =
193
193
  | 'listResources'
194
194
  | 'readResource'
195
195
  | 'setToolPolicy'
196
- | 'getToolPolicy';
196
+ | 'getToolPolicy'
197
+ | 'updateSession';
197
198
 
198
199
  export interface McpRpcRequest {
199
200
  id: string;
@@ -218,8 +219,6 @@ export interface ConnectParams {
218
219
  callbackUrl: string;
219
220
  transportType?: TransportType;
220
221
  headers?: Record<string, string>;
221
- clientId?: string;
222
- clientSecret?: string;
223
222
  }
224
223
 
225
224
  export interface DisconnectParams {
@@ -266,6 +265,11 @@ export interface GetToolPolicyParams {
266
265
  sessionId: string;
267
266
  }
268
267
 
268
+ export interface UpdateSessionParams {
269
+ sessionId: string;
270
+ enabled?: boolean;
271
+ }
272
+
269
273
  export type McpRpcParams =
270
274
  | ConnectParams
271
275
  | DisconnectParams
@@ -277,6 +281,7 @@ export type McpRpcParams =
277
281
  | FinishAuthParams
278
282
  | SetToolPolicyParams
279
283
  | GetToolPolicyParams
284
+ | UpdateSessionParams
280
285
  | undefined;
281
286
 
282
287
  // RPC Result Types
@@ -294,6 +299,7 @@ export interface SessionInfo {
294
299
  */
295
300
  status: SessionStatus;
296
301
  toolPolicy?: ToolPolicy;
302
+ enabled?: boolean;
297
303
  }
298
304
 
299
305
  export interface SessionListResult {
@@ -330,6 +336,10 @@ export interface SetToolPolicyResult {
330
336
  toolCount: number;
331
337
  }
332
338
 
339
+ export interface UpdateSessionResult {
340
+ success: boolean;
341
+ }
342
+
333
343
  export type ToolAccessInfo = Tool & {
334
344
  toolId: string;
335
345
  allowed: boolean;