@mcp-use/inspector 0.9.0-canary.2 → 0.9.0-canary.4

package/dist/client/assets/{index-BaR5HKmC.js → index-DEA0KU_h.js}

@@ -1,4 +1,4 @@
-const __vite__mapDeps=(i,m=__vite__mapDeps,d=(m.f||(m.f=["assets/winston-nzaZqgVL.js","assets/util-D59LNlyU.js","assets/__vite-browser-external-CHS79mP1.js","assets/index-DX0TIfSM.js","assets/path-QsnVvLoj.js","assets/index-DoWSnGj3.js","assets/index-B8yt0GKw.js","assets/index-BLXuIjh0.js","assets/embeddings-CF86nH4i.js","assets/index-BCYl76Jb.js","assets/index-CV9pPOH9.js","assets/browser-B7TIAiNJ.js"])))=>i.map(i=>d[i]);
+const __vite__mapDeps=(i,m=__vite__mapDeps,d=(m.f||(m.f=["assets/winston-B_texDHP.js","assets/util-D59LNlyU.js","assets/__vite-browser-external-CHS79mP1.js","assets/index-DX0TIfSM.js","assets/path-QsnVvLoj.js","assets/index-DD0wWmuA.js","assets/index-D-pAR_RA.js","assets/index-BumNh2YP.js","assets/embeddings-DSM58WFd.js","assets/index-DiEpOjl1.js","assets/index-DgPlosep.js","assets/browser-CwknRi82.js"])))=>i.map(i=>d[i]);
 var __defProp = Object.defineProperty;
 var __defNormalProp = (obj, key, value) => key in obj ? __defProp(obj, key, { enumerable: true, configurable: true, writable: true, value }) : obj[key] = value;
 var __publicField = (obj, key, value) => __defNormalProp(obj, typeof key !== "symbol" ? key + "" : key, value);
@@ -186,26 +186,6 @@ var __require = /* @__PURE__ */ ((x2) => typeof require !== "undefined" ? requir
   throw Error('Dynamic require of "' + x2 + '" is not supported');
 });
 var define_process_env_default$2 = {};
-var isDeno = typeof globalThis.Deno !== "undefined";
-function getEnv(key) {
-  if (isDeno) {
-    return globalThis.Deno.env.get(key);
-  }
-  return define_process_env_default$2[key];
-}
-__name(getEnv, "getEnv");
-function getCwd() {
-  if (isDeno) {
-    return globalThis.Deno.cwd();
-  }
-  return process.cwd();
-}
-__name(getCwd, "getCwd");
-function generateUUID() {
-  return globalThis.crypto.randomUUID();
-}
-__name(generateUUID, "generateUUID");
-var define_process_env_default$1 = {};
 async function getNodeModules() {
   if (typeof process !== "undefined" && "browser") {
     try {
@@ -231,7 +211,7 @@ function loadWinstonSync() {
 __name(loadWinstonSync, "loadWinstonSync");
 async function getWinston() {
   if (!winston) {
-    winston = await __vitePreload(() => import("./winston-nzaZqgVL.js").then((n2) => n2.w), true ? __vite__mapDeps([0,1,2,3,4]) : void 0);
+    winston = await __vitePreload(() => import("./winston-B_texDHP.js").then((n2) => n2.w), true ? __vite__mapDeps([0,1,2,3,4]) : void 0);
   }
   return winston;
 }
@@ -321,7 +301,7 @@ var SimpleConsoleLogger = (_a2 = class {
   }
 }, __name(_a2, "SimpleConsoleLogger"), _a2);
 function resolveLevel(env) {
-  const envValue = typeof process !== "undefined" && define_process_env_default$1 ? env : void 0;
+  const envValue = typeof process !== "undefined" && define_process_env_default$2 ? env : void 0;
   switch (envValue?.trim()) {
     case "2":
       return "debug";
@@ -336,7 +316,7 @@ var Logger = (_b = class {
   static get(name = DEFAULT_LOGGER_NAME) {
     if (!isNodeJSEnvironment()) {
       if (!this.simpleInstances[name]) {
-        const debugEnv = typeof process !== "undefined" && define_process_env_default$1?.DEBUG || void 0;
+        const debugEnv = typeof process !== "undefined" && define_process_env_default$2?.DEBUG || void 0;
         this.simpleInstances[name] = new SimpleConsoleLogger(
           name,
           resolveLevel(debugEnv)
@@ -351,7 +331,7 @@ var Logger = (_b = class {
       const { createLogger, format: format2 } = winston;
       const { combine, timestamp, label, colorize, splat } = format2;
       this.instances[name] = createLogger({
-        level: resolveLevel(define_process_env_default$1.DEBUG),
+        level: resolveLevel(define_process_env_default$2.DEBUG),
         format: combine(
           colorize(),
           splat(),
@@ -392,7 +372,7 @@ var Logger = (_b = class {
   }
   static async configure(options = {}) {
     const { level, console: console2 = true, file, format: format2 = "minimal" } = options;
-    const debugEnv = typeof process !== "undefined" && define_process_env_default$1?.DEBUG || void 0;
+    const debugEnv = typeof process !== "undefined" && define_process_env_default$2?.DEBUG || void 0;
     const resolvedLevel = level ?? resolveLevel(debugEnv);
     this.currentFormat = format2;
     if (!isNodeJSEnvironment()) {
@@ -450,8 +430,8 @@ var Logger = (_b = class {
         logger2.level = level;
       }
     });
-    if (typeof process !== "undefined" && define_process_env_default$1) {
-      define_process_env_default$1.DEBUG = enabled ? enabled === true ? "2" : String(enabled) : "0";
+    if (typeof process !== "undefined" && define_process_env_default$2) {
+      define_process_env_default$2.DEBUG = enabled ? enabled === true ? "2" : String(enabled) : "0";
     }
   }
   static setFormat(format2) {
@@ -1051,7 +1031,7 @@ const _safeParse = (_Err) => (schema2, value, _ctx) => {
     error: new (_Err ?? $ZodError)(result.issues.map((iss) => finalizeIssue(iss, ctx, config())))
   } : { success: true, data: result.value };
 };
-const safeParse$1 = /* @__PURE__ */ _safeParse($ZodRealError);
+const safeParse$2 = /* @__PURE__ */ _safeParse($ZodRealError);
 const _safeParseAsync = (_Err) => async (schema2, value, _ctx) => {
   const ctx = _ctx ? Object.assign(_ctx, { async: true }) : { async: true };
   let result = schema2._zod.run({ value, issues: [] }, ctx);
@@ -1668,7 +1648,7 @@ const $ZodType = /* @__PURE__ */ $constructor("$ZodType", (inst, def) => {
   inst["~standard"] = {
     validate: (value) => {
       try {
-        const r2 = safeParse$1(inst, value);
+        const r2 = safeParse$2(inst, value);
         return r2.success ? { value: r2.data } : { issues: r2.error?.issues };
       } catch (_2) {
         return safeParseAsync$1(inst, value).then((r2) => r2.success ? { value: r2.data } : { issues: r2.error?.issues });
@@ -1735,10 +1715,10 @@ const $ZodURL = /* @__PURE__ */ $constructor("$ZodURL", (inst, def) => {
   inst._zod.check = (payload) => {
     try {
       const trimmed = payload.value.trim();
-      const url = new URL(trimmed);
+      const url2 = new URL(trimmed);
       if (def.hostname) {
         def.hostname.lastIndex = 0;
-        if (!def.hostname.test(url.hostname)) {
+        if (!def.hostname.test(url2.hostname)) {
           payload.issues.push({
             code: "invalid_format",
             format: "url",
@@ -1752,7 +1732,7 @@ const $ZodURL = /* @__PURE__ */ $constructor("$ZodURL", (inst, def) => {
       }
       if (def.protocol) {
         def.protocol.lastIndex = 0;
-        if (!def.protocol.test(url.protocol.endsWith(":") ? url.protocol.slice(0, -1) : url.protocol)) {
+        if (!def.protocol.test(url2.protocol.endsWith(":") ? url2.protocol.slice(0, -1) : url2.protocol)) {
           payload.issues.push({
             code: "invalid_format",
             format: "url",
@@ -1765,7 +1745,7 @@ const $ZodURL = /* @__PURE__ */ $constructor("$ZodURL", (inst, def) => {
         }
       }
       if (def.normalize) {
-        payload.value = url.href;
+        payload.value = url2.href;
       } else {
         payload.value = trimmed;
       }
@@ -3479,7 +3459,7 @@ const ZodRealError = /* @__PURE__ */ $constructor("ZodError", initializer, {
 });
 const parse$1 = /* @__PURE__ */ _parse(ZodRealError);
 const parseAsync = /* @__PURE__ */ _parseAsync(ZodRealError);
-const safeParse = /* @__PURE__ */ _safeParse(ZodRealError);
+const safeParse$1 = /* @__PURE__ */ _safeParse(ZodRealError);
 const safeParseAsync = /* @__PURE__ */ _safeParseAsync(ZodRealError);
 const encode$1 = /* @__PURE__ */ _encode(ZodRealError);
 const decode$1 = /* @__PURE__ */ _decode(ZodRealError);
@@ -3509,7 +3489,7 @@ const ZodType = /* @__PURE__ */ $constructor("ZodType", (inst, def) => {
     return inst;
   });
   inst.parse = (data2, params) => parse$1(inst, data2, params, { callee: inst.parse });
-  inst.safeParse = (data2, params) => safeParse(inst, data2, params);
+  inst.safeParse = (data2, params) => safeParse$1(inst, data2, params);
   inst.parseAsync = async (data2, params) => parseAsync(inst, data2, params, { callee: inst.parseAsync });
   inst.safeParseAsync = async (data2, params) => safeParseAsync(inst, data2, params);
   inst.spa = inst.safeParseAsync;
@@ -3637,6 +3617,9 @@ const ZodURL = /* @__PURE__ */ $constructor("ZodURL", (inst, def) => {
   $ZodURL.init(inst, def);
   ZodStringFormat.init(inst, def);
 });
+function url(params) {
+  return _url$1(ZodURL, params);
+}
 const ZodEmoji = /* @__PURE__ */ $constructor("ZodEmoji", (inst, def) => {
   $ZodEmoji.init(inst, def);
   ZodStringFormat.init(inst, def);
@@ -3812,6 +3795,14 @@ function object(shape, params) {
   };
   return new ZodObject(def);
 }
+function looseObject(shape, params) {
+  return new ZodObject({
+    type: "object",
+    shape,
+    catchall: unknown(),
+    ...normalizeParams(params)
+  });
+}
 const ZodUnion = /* @__PURE__ */ $constructor("ZodUnion", (inst, def) => {
   $ZodUnion.init(inst, def);
   ZodType.init(inst, def);
@@ -4077,6 +4068,9 @@ function refine(fn, _params = {}) {
 function superRefine(fn) {
   return _superRefine(fn);
 }
+function preprocess(fn, schema2) {
+  return pipe$1(transform(fn), schema2);
+}
 const ZodIssueCode = {
   custom: "custom"
 };
@@ -4086,13 +4080,13 @@ const JSONRPC_VERSION = "2.0";
 const AssertObjectSchema = custom((v2) => v2 !== null && (typeof v2 === "object" || typeof v2 === "function"));
 const ProgressTokenSchema = union([string(), number$1().int()]);
 const CursorSchema = string();
-const RequestMetaSchema = object({
+const RequestMetaSchema = looseObject({
   /**
    * If specified, the caller is requesting out-of-band progress notifications for this request (as represented by notifications/progress). The value of this parameter is an opaque token that will be attached to any subsequent notifications. The receiver is not obligated to provide these notifications.
    */
   progressToken: ProgressTokenSchema.optional()
-}).passthrough();
-const BaseRequestParamsSchema = object({
+});
+const BaseRequestParamsSchema = looseObject({
   /**
    * See [General fields: `_meta`](/specification/draft/basic/index#meta) for notes on `_meta` usage.
    */
@@ -4100,9 +4094,9 @@ const BaseRequestParamsSchema = object({
 });
 const RequestSchema = object({
   method: string(),
-  params: BaseRequestParamsSchema.passthrough().optional()
+  params: BaseRequestParamsSchema.optional()
 });
-const NotificationsParamsSchema = object({
+const NotificationsParamsSchema = looseObject({
   /**
    * See [MCP specification](https://github.com/modelcontextprotocol/modelcontextprotocol/blob/47339c03c143bb4ec01a26e721a1b8fe66634ebe/docs/specification/draft/basic/index.mdx#general-fields)
    * for notes on _meta usage.
@@ -4111,24 +4105,26 @@ const NotificationsParamsSchema = object({
 });
 const NotificationSchema = object({
   method: string(),
-  params: NotificationsParamsSchema.passthrough().optional()
+  params: NotificationsParamsSchema.optional()
 });
-const ResultSchema = object({
+const ResultSchema = looseObject({
   /**
    * See [MCP specification](https://github.com/modelcontextprotocol/modelcontextprotocol/blob/47339c03c143bb4ec01a26e721a1b8fe66634ebe/docs/specification/draft/basic/index.mdx#general-fields)
    * for notes on _meta usage.
    */
   _meta: record(string(), unknown()).optional()
-}).passthrough();
+});
 const RequestIdSchema = union([string(), number$1().int()]);
 const JSONRPCRequestSchema = object({
   jsonrpc: literal(JSONRPC_VERSION),
-  id: RequestIdSchema
-}).merge(RequestSchema).strict();
+  id: RequestIdSchema,
+  ...RequestSchema.shape
+}).strict();
 const isJSONRPCRequest = (value) => JSONRPCRequestSchema.safeParse(value).success;
 const JSONRPCNotificationSchema = object({
-  jsonrpc: literal(JSONRPC_VERSION)
-}).merge(NotificationSchema).strict();
+  jsonrpc: literal(JSONRPC_VERSION),
+  ...NotificationSchema.shape
+}).strict();
 const isJSONRPCNotification = (value) => JSONRPCNotificationSchema.safeParse(value).success;
 const JSONRPCResponseSchema = object({
   jsonrpc: literal(JSONRPC_VERSION),
@@ -4145,6 +4141,7 @@ var ErrorCode;
   ErrorCode2[ErrorCode2["MethodNotFound"] = -32601] = "MethodNotFound";
   ErrorCode2[ErrorCode2["InvalidParams"] = -32602] = "InvalidParams";
   ErrorCode2[ErrorCode2["InternalError"] = -32603] = "InternalError";
+  ErrorCode2[ErrorCode2["UrlElicitationRequired"] = -32042] = "UrlElicitationRequired";
 })(ErrorCode || (ErrorCode = {}));
 const JSONRPCErrorSchema = object({
   jsonrpc: literal(JSONRPC_VERSION),
@@ -4228,12 +4225,28 @@ const BaseMetadataSchema = object({
   title: string().optional()
 });
 const ImplementationSchema = BaseMetadataSchema.extend({
+  ...BaseMetadataSchema.shape,
+  ...IconsSchema.shape,
   version: string(),
   /**
    * An optional URL of the website for this implementation.
    */
   websiteUrl: string().optional()
-}).merge(IconsSchema);
+});
+const FormElicitationCapabilitySchema = intersection(object({
+  applyDefaults: boolean().optional()
+}), record(string(), unknown()));
+const ElicitationCapabilitySchema = preprocess((value) => {
+  if (value && typeof value === "object" && !Array.isArray(value)) {
+    if (Object.keys(value).length === 0) {
+      return { form: {} };
+    }
+  }
+  return value;
+}, intersection(object({
+  form: FormElicitationCapabilitySchema.optional(),
+  url: AssertObjectSchema.optional()
+}), record(string(), unknown()).optional()));
 const ClientCapabilitiesSchema = object({
   /**
    * Experimental, non-standard capabilities that the client supports.
@@ -4242,16 +4255,21 @@ const ClientCapabilitiesSchema = object({
   /**
    * Present if the client supports sampling from an LLM.
    */
-  sampling: AssertObjectSchema.optional(),
+  sampling: object({
+    /**
+     * Present if the client supports context inclusion via includeContext parameter.
+     * If not declared, servers SHOULD only use `includeContext: "none"` (or omit it).
+     */
+    context: AssertObjectSchema.optional(),
+    /**
+     * Present if the client supports tool use via tools and toolChoice parameters.
+     */
+    tools: AssertObjectSchema.optional()
+  }).optional(),
   /**
    * Present if the client supports eliciting user input.
    */
-  elicitation: intersection(object({
-    /**
-     * Whether the client should apply defaults to the user input.
-     */
-    applyDefaults: boolean().optional()
-  }).optional(), record(string(), unknown()).optional()),
+  elicitation: ElicitationCapabilitySchema.optional(),
   /**
    * Present if the client supports listing roots.
    */
@@ -4354,7 +4372,9 @@ const ProgressSchema = object({
    */
   message: optional(string())
 });
-const ProgressNotificationParamsSchema = NotificationsParamsSchema.merge(ProgressSchema).extend({
+const ProgressNotificationParamsSchema = object({
+  ...NotificationsParamsSchema.shape,
+  ...ProgressSchema.shape,
   /**
    * The progress token which was given in the initial request, used to associate this notification with the request that is proceeding.
    */
@@ -4416,7 +4436,9 @@ const BlobResourceContentsSchema = ResourceContentsSchema.extend({
    */
   blob: Base64Schema
 });
-const ResourceSchema = BaseMetadataSchema.extend({
+const ResourceSchema = object({
+  ...BaseMetadataSchema.shape,
+  ...IconsSchema.shape,
   /**
    * The URI of this resource.
    */
@@ -4435,9 +4457,11 @@ const ResourceSchema = BaseMetadataSchema.extend({
    * See [MCP specification](https://github.com/modelcontextprotocol/modelcontextprotocol/blob/47339c03c143bb4ec01a26e721a1b8fe66634ebe/docs/specification/draft/basic/index.mdx#general-fields)
    * for notes on _meta usage.
    */
-  _meta: optional(object({}).passthrough())
-}).merge(IconsSchema);
-const ResourceTemplateSchema = BaseMetadataSchema.extend({
+  _meta: optional(looseObject({}))
+});
+const ResourceTemplateSchema = object({
+  ...BaseMetadataSchema.shape,
+  ...IconsSchema.shape,
   /**
    * A URI template (according to RFC 6570) that can be used to construct resource URIs.
    */
@@ -4456,8 +4480,8 @@ const ResourceTemplateSchema = BaseMetadataSchema.extend({
    * See [MCP specification](https://github.com/modelcontextprotocol/modelcontextprotocol/blob/47339c03c143bb4ec01a26e721a1b8fe66634ebe/docs/specification/draft/basic/index.mdx#general-fields)
    * for notes on _meta usage.
    */
-  _meta: optional(object({}).passthrough())
-}).merge(IconsSchema);
+  _meta: optional(looseObject({}))
+});
 const ListResourcesRequestSchema = PaginatedRequestSchema.extend({
   method: literal("resources/list")
 });
@@ -4523,7 +4547,9 @@ const PromptArgumentSchema = object({
    */
   required: optional(boolean())
 });
-const PromptSchema = BaseMetadataSchema.extend({
+const PromptSchema = object({
+  ...BaseMetadataSchema.shape,
+  ...IconsSchema.shape,
   /**
    * An optional description of what this prompt provides
    */
@@ -4536,8 +4562,8 @@ const PromptSchema = BaseMetadataSchema.extend({
    * See [MCP specification](https://github.com/modelcontextprotocol/modelcontextprotocol/blob/47339c03c143bb4ec01a26e721a1b8fe66634ebe/docs/specification/draft/basic/index.mdx#general-fields)
    * for notes on _meta usage.
    */
-  _meta: optional(object({}).passthrough())
-}).merge(IconsSchema);
+  _meta: optional(looseObject({}))
+});
 const ListPromptsRequestSchema = PaginatedRequestSchema.extend({
   method: literal("prompts/list")
 });
@@ -4602,6 +4628,29 @@ const AudioContentSchema = object({
    */
   _meta: record(string(), unknown()).optional()
 });
+const ToolUseContentSchema = object({
+  type: literal("tool_use"),
+  /**
+   * The name of the tool to invoke.
+   * Must match a tool name from the request's tools array.
+   */
+  name: string(),
+  /**
+   * Unique identifier for this tool call.
+   * Used to correlate with ToolResultContent in subsequent messages.
+   */
+  id: string(),
+  /**
+   * Arguments to pass to the tool.
+   * Must conform to the tool's inputSchema.
+   */
+  input: object({}).passthrough(),
+  /**
+   * See [MCP specification](https://github.com/modelcontextprotocol/modelcontextprotocol/blob/47339c03c143bb4ec01a26e721a1b8fe66634ebe/docs/specification/draft/basic/index.mdx#general-fields)
+   * for notes on _meta usage.
+   */
+  _meta: optional(object({}).passthrough())
+}).passthrough();
 const EmbeddedResourceSchema = object({
   type: literal("resource"),
   resource: union([TextResourceContentsSchema, BlobResourceContentsSchema]),
@@ -4674,32 +4723,32 @@ const ToolAnnotationsSchema = object({
    */
   openWorldHint: boolean().optional()
 });
-const ToolSchema = BaseMetadataSchema.extend({
+const ToolSchema = object({
+  ...BaseMetadataSchema.shape,
+  ...IconsSchema.shape,
   /**
    * A human-readable description of the tool.
    */
   description: string().optional(),
   /**
-   * A JSON Schema object defining the expected parameters for the tool.
+   * A JSON Schema 2020-12 object defining the expected parameters for the tool.
+   * Must have type: 'object' at the root level per MCP spec.
    */
   inputSchema: object({
     type: literal("object"),
     properties: record(string(), AssertObjectSchema).optional(),
-    required: optional(array(string()))
-  }),
+    required: array(string()).optional()
+  }).catchall(unknown()),
   /**
-   * An optional JSON Schema object defining the structure of the tool's output returned in
-   * the structuredContent field of a CallToolResult.
+   * An optional JSON Schema 2020-12 object defining the structure of the tool's output
+   * returned in the structuredContent field of a CallToolResult.
+   * Must have type: 'object' at the root level per MCP spec.
    */
   outputSchema: object({
     type: literal("object"),
     properties: record(string(), AssertObjectSchema).optional(),
-    required: optional(array(string())),
-    /**
-     * Not in the MCP specification, but added to support the Ajv validator while removing .passthrough() which previously allowed additionalProperties to be passed through.
-     */
-    additionalProperties: optional(boolean())
-  }).optional(),
+    required: array(string()).optional()
+  }).catchall(unknown()).optional(),
   /**
    * Optional additional tool information.
    */
@@ -4709,7 +4758,7 @@ const ToolSchema = BaseMetadataSchema.extend({
    * for notes on _meta usage.
    */
   _meta: record(string(), unknown()).optional()
-}).merge(IconsSchema);
+});
 const ListToolsRequestSchema = PaginatedRequestSchema.extend({
   method: literal("tools/list")
 });
@@ -4819,10 +4868,43 @@ const ModelPreferencesSchema = object({
    */
   intelligencePriority: optional(number$1().min(0).max(1))
 });
+const ToolChoiceSchema = object({
+  /**
+   * Controls when tools are used:
+   * - "auto": Model decides whether to use tools (default)
+   * - "required": Model MUST use at least one tool before completing
+   * - "none": Model MUST NOT use any tools
+   */
+  mode: optional(_enum$1(["auto", "required", "none"]))
+});
+const ToolResultContentSchema = object({
+  type: literal("tool_result"),
+  toolUseId: string().describe("The unique identifier for the corresponding tool call."),
+  content: array(ContentBlockSchema).default([]),
+  structuredContent: object({}).passthrough().optional(),
+  isError: optional(boolean()),
+  /**
+   * See [MCP specification](https://github.com/modelcontextprotocol/modelcontextprotocol/blob/47339c03c143bb4ec01a26e721a1b8fe66634ebe/docs/specification/draft/basic/index.mdx#general-fields)
+   * for notes on _meta usage.
+   */
+  _meta: optional(object({}).passthrough())
+}).passthrough();
+const SamplingMessageContentBlockSchema = discriminatedUnion("type", [
+  TextContentSchema,
+  ImageContentSchema,
+  AudioContentSchema,
+  ToolUseContentSchema,
+  ToolResultContentSchema
+]);
 const SamplingMessageSchema = object({
   role: _enum$1(["user", "assistant"]),
-  content: union([TextContentSchema, ImageContentSchema, AudioContentSchema])
-});
+  content: union([SamplingMessageContentBlockSchema, array(SamplingMessageContentBlockSchema)]),
+  /**
+   * See [MCP specification](https://github.com/modelcontextprotocol/modelcontextprotocol/blob/47339c03c143bb4ec01a26e721a1b8fe66634ebe/docs/specification/draft/basic/index.mdx#general-fields)
+   * for notes on _meta usage.
+   */
+  _meta: optional(object({}).passthrough())
+}).passthrough();
 const CreateMessageRequestParamsSchema = BaseRequestParamsSchema.extend({
   messages: array(SamplingMessageSchema),
   /**
@@ -4834,7 +4916,11 @@ const CreateMessageRequestParamsSchema = BaseRequestParamsSchema.extend({
    */
   systemPrompt: string().optional(),
   /**
-   * A request to include context from one or more MCP servers (including the caller), to be attached to the prompt. The client MAY ignore this request.
+   * A request to include context from one or more MCP servers (including the caller), to be attached to the prompt.
+   * The client MAY ignore this request.
+   *
+   * Default is "none". Values "thisServer" and "allServers" are soft-deprecated. Servers SHOULD only use these values if the client
+   * declares ClientCapabilities.sampling.context. These values may be removed in future spec releases.
    */
   includeContext: _enum$1(["none", "thisServer", "allServers"]).optional(),
   temperature: number$1().optional(),
@@ -4848,7 +4934,18 @@ const CreateMessageRequestParamsSchema = BaseRequestParamsSchema.extend({
   /**
    * Optional metadata to pass through to the LLM provider. The format of this metadata is provider-specific.
    */
-  metadata: AssertObjectSchema.optional()
+  metadata: AssertObjectSchema.optional(),
+  /**
+   * Tools that the model may use during generation.
+   * The client MUST return an error if this field is provided but ClientCapabilities.sampling.tools is not declared.
+   */
+  tools: optional(array(ToolSchema)),
+  /**
+   * Controls how the model uses tools.
+   * The client MUST return an error if this field is provided but ClientCapabilities.sampling.tools is not declared.
+   * Default is `{ mode: "auto" }`.
+   */
+  toolChoice: optional(ToolChoiceSchema)
 });
 const CreateMessageRequestSchema = RequestSchema.extend({
   method: literal("sampling/createMessage"),
@@ -4860,11 +4957,22 @@ const CreateMessageResultSchema = ResultSchema.extend({
    */
   model: string(),
   /**
-   * The reason why sampling stopped.
+   * The reason why sampling stopped, if known.
+   *
+   * Standard values:
+   * - "endTurn": Natural end of the assistant's turn
+   * - "stopSequence": A stop sequence was encountered
+   * - "maxTokens": Maximum token limit was reached
+   * - "toolUse": The model wants to use one or more tools
+   *
+   * This field is an open string to allow for provider-specific stop reasons.
    */
-  stopReason: optional(_enum$1(["endTurn", "stopSequence", "maxTokens"]).or(string())),
+  stopReason: optional(_enum$1(["endTurn", "stopSequence", "maxTokens", "toolUse"]).or(string())),
   role: _enum$1(["user", "assistant"]),
-  content: discriminatedUnion("type", [TextContentSchema, ImageContentSchema, AudioContentSchema])
+  /**
+   * Response content. May be ToolUseContent if stopReason is "toolUse".
+   */
+  content: union([SamplingMessageContentBlockSchema, array(SamplingMessageContentBlockSchema)])
 });
 const BooleanSchemaSchema = object({
   type: literal("boolean"),
@@ -4944,9 +5052,15 @@ const TitledMultiSelectEnumSchemaSchema = object({
 const MultiSelectEnumSchemaSchema = union([UntitledMultiSelectEnumSchemaSchema, TitledMultiSelectEnumSchemaSchema]);
 const EnumSchemaSchema = union([LegacyTitledEnumSchemaSchema, SingleSelectEnumSchemaSchema, MultiSelectEnumSchemaSchema]);
 const PrimitiveSchemaDefinitionSchema = union([EnumSchemaSchema, BooleanSchemaSchema, StringSchemaSchema, NumberSchemaSchema]);
-const ElicitRequestParamsSchema = BaseRequestParamsSchema.extend({
+const ElicitRequestFormParamsSchema = BaseRequestParamsSchema.extend({
   /**
-   * The message to present to the user.
+   * The elicitation mode.
+   *
+   * Optional for backward compatibility. Clients MUST treat missing mode as "form".
+   */
+  mode: literal("form").optional(),
+  /**
+   * The message to present to the user describing what information is being requested.
    */
   message: string(),
   /**
@@ -4959,10 +5073,40 @@ const ElicitRequestParamsSchema = BaseRequestParamsSchema.extend({
     required: array(string()).optional()
   })
 });
+const ElicitRequestURLParamsSchema = BaseRequestParamsSchema.extend({
+  /**
+   * The elicitation mode.
+   */
+  mode: literal("url"),
+  /**
+   * The message to present to the user explaining why the interaction is needed.
+   */
+  message: string(),
+  /**
+   * The ID of the elicitation, which must be unique within the context of the server.
+   * The client MUST treat this ID as an opaque value.
+   */
+  elicitationId: string(),
+  /**
+   * The URL that the user should navigate to.
+   */
+  url: string().url()
+});
+const ElicitRequestParamsSchema = union([ElicitRequestFormParamsSchema, ElicitRequestURLParamsSchema]);
 const ElicitRequestSchema = RequestSchema.extend({
   method: literal("elicitation/create"),
   params: ElicitRequestParamsSchema
 });
+const ElicitationCompleteNotificationParamsSchema = NotificationsParamsSchema.extend({
+  /**
+   * The ID of the elicitation that completed.
+   */
+  elicitationId: string()
+});
+const ElicitationCompleteNotificationSchema = NotificationSchema.extend({
+  method: literal("notifications/elicitation/complete"),
+  params: ElicitationCompleteNotificationParamsSchema
+});
 const ElicitResultSchema = ResultSchema.extend({
   /**
    * The user action in response to the elicitation.
@@ -4975,7 +5119,7 @@ const ElicitResultSchema = ResultSchema.extend({
    * The submitted form data, only present when action is "accept".
    * Contains values matching the requested schema.
    */
-  content: record(union([string(), number$1(), boolean(), array(string())])).optional()
+  content: record(string(), union([string(), number$1(), boolean(), array(string())])).optional()
 });
 const ResourceTemplateReferenceSchema = object({
   type: literal("ref/resource"),
@@ -5018,7 +5162,7 @@ const CompleteRequestSchema = RequestSchema.extend({
   params: CompleteRequestParamsSchema
 });
 const CompleteResultSchema = ResultSchema.extend({
-  completion: object({
+  completion: looseObject({
     /**
      * An array of completion values. Must not exceed 100 items.
      */
@@ -5031,7 +5175,7 @@ const CompleteResultSchema = ResultSchema.extend({
      * Indicates whether there are additional completion options beyond those provided in the current response, even if the exact total is unknown.
      */
     hasMore: optional(boolean())
-  }).passthrough()
+  })
 });
 const RootSchema = object({
   /**
@@ -5087,7 +5231,8 @@ union([
   ResourceUpdatedNotificationSchema,
   ResourceListChangedNotificationSchema,
   ToolListChangedNotificationSchema,
-  PromptListChangedNotificationSchema
+  PromptListChangedNotificationSchema,
+  ElicitationCompleteNotificationSchema
 ]);
 union([
   EmptyResultSchema,
@@ -5108,6 +5253,29 @@ class McpError extends Error {
     this.data = data2;
     this.name = "McpError";
   }
+  /**
+   * Factory method to create the appropriate error type based on the error code and data
+   */
+  static fromError(code2, message, data2) {
+    if (code2 === ErrorCode.UrlElicitationRequired && data2) {
+      const errorData = data2;
+      if (errorData.elicitations) {
+        return new UrlElicitationRequiredError(errorData.elicitations, message);
+      }
+    }
+    return new McpError(code2, message, data2);
+  }
+}
+class UrlElicitationRequiredError extends McpError {
+  constructor(elicitations, message = `URL elicitation${elicitations.length > 1 ? "s" : ""} required`) {
+    super(ErrorCode.UrlElicitationRequired, message, {
+      elicitations
+    });
+  }
+  get elicitations() {
+    var _a3, _b2;
+    return (_b2 = (_a3 = this.data) === null || _a3 === void 0 ? void 0 : _a3.elicitations) !== null && _b2 !== void 0 ? _b2 : [];
+  }
 }
 var BaseConnector = (_c = class {
   client = null;
@@ -5503,6 +5671,109 @@ var BaseConnector = (_c = class {
     }
   }
 }, __name(_c, "BaseConnector"), _c);
+var define_process_env_default$1 = {};
+var isDeno = typeof globalThis.Deno !== "undefined";
+function getEnv(key) {
+  if (isDeno) {
+    return globalThis.Deno.env.get(key);
+  }
+  return define_process_env_default$1[key];
+}
+__name(getEnv, "getEnv");
+function getCwd() {
+  if (isDeno) {
+    return globalThis.Deno.cwd();
+  }
+  return process.cwd();
+}
+__name(getCwd, "getCwd");
+function generateUUID() {
+  return globalThis.crypto.randomUUID();
+}
+__name(generateUUID, "generateUUID");
+function isZ4Schema(s2) {
+  const schema2 = s2;
+  return !!schema2._zod;
+}
+function safeParse(schema2, data2) {
+  if (isZ4Schema(schema2)) {
+    const result2 = safeParse$2(schema2, data2);
+    return result2;
+  }
+  const v3Schema = schema2;
+  const result = v3Schema.safeParse(data2);
+  return result;
+}
+function getObjectShape(schema2) {
+  var _a3, _b2;
+  if (!schema2)
+    return void 0;
+  let rawShape;
+  if (isZ4Schema(schema2)) {
+    const v4Schema = schema2;
+    rawShape = (_b2 = (_a3 = v4Schema._zod) === null || _a3 === void 0 ? void 0 : _a3.def) === null || _b2 === void 0 ? void 0 : _b2.shape;
+  } else {
+    const v3Schema = schema2;
+    rawShape = v3Schema.shape;
+  }
+  if (!rawShape)
+    return void 0;
+  if (typeof rawShape === "function") {
+    try {
+      return rawShape();
+    } catch (_c2) {
+      return void 0;
+    }
+  }
+  return rawShape;
+}
+function getLiteralValue(schema2) {
+  var _a3;
+  if (isZ4Schema(schema2)) {
+    const v4Schema = schema2;
+    const def2 = (_a3 = v4Schema._zod) === null || _a3 === void 0 ? void 0 : _a3.def;
+    if (def2) {
+      if (def2.value !== void 0)
+        return def2.value;
+      if (Array.isArray(def2.values) && def2.values.length > 0) {
+        return def2.values[0];
+      }
+    }
+  }
+  const v3Schema = schema2;
+  const def = v3Schema._def;
+  if (def) {
+    if (def.value !== void 0)
+      return def.value;
+    if (Array.isArray(def.values) && def.values.length > 0) {
+      return def.values[0];
+    }
+  }
+  const directValue = schema2.value;
+  if (directValue !== void 0)
+    return directValue;
+  return void 0;
+}
+new Set("ABCDEFGHIJKLMNOPQRSTUVXYZabcdefghijklmnopqrstuvxyz0123456789");
+function getMethodLiteral(schema2) {
+  const shape = getObjectShape(schema2);
+  const methodSchema = shape === null || shape === void 0 ? void 0 : shape.method;
+  if (!methodSchema) {
+    throw new Error("Schema is missing a method literal");
+  }
+  const value = getLiteralValue(methodSchema);
+  if (typeof value !== "string") {
+    throw new Error("Schema method literal must be a string");
+  }
+  return value;
+}
+function parseWithCompat(schema2, data2) {
+  const result = safeParse(schema2, data2);
+  if (!result.success) {
+    throw result.error;
+  }
+  return result.data;
+}
 const DEFAULT_REQUEST_TIMEOUT_MSEC = 6e4;
 class Protocol {
   constructor(_options) {
@@ -5545,7 +5816,7 @@ class Protocol {
     const totalElapsed = Date.now() - info2.startTime;
     if (info2.maxTotalTimeout && totalElapsed >= info2.maxTotalTimeout) {
       this._timeoutInfo.delete(messageId);
-      throw new McpError(ErrorCode.RequestTimeout, "Maximum total timeout exceeded", {
+      throw McpError.fromError(ErrorCode.RequestTimeout, "Maximum total timeout exceeded", {
         maxTotalTimeout: info2.maxTotalTimeout,
         totalElapsed
       });
@@ -5602,7 +5873,7 @@ class Protocol {
     this._pendingDebouncedNotifications.clear();
     this._transport = void 0;
     (_a3 = this.onclose) === null || _a3 === void 0 ? void 0 : _a3.call(this);
-    const error = new McpError(ErrorCode.ConnectionClosed, "Connection closed");
+    const error = McpError.fromError(ErrorCode.ConnectionClosed, "Connection closed");
     for (const handler of responseHandlers.values()) {
       handler(error);
     }
@@ -5665,7 +5936,8 @@ class Protocol {
         id: request.id,
         error: {
           code: Number.isSafeInteger(error["code"]) ? error["code"] : ErrorCode.InternalError,
-          message: (_a4 = error.message) !== null && _a4 !== void 0 ? _a4 : "Internal error"
+          message: (_a4 = error.message) !== null && _a4 !== void 0 ? _a4 : "Internal error",
+          ...error["data"] !== void 0 && { data: error["data"] }
         }
       });
     }).catch((error) => this._onerror(new Error(`Failed to send response: ${error}`))).finally(() => {
@@ -5705,7 +5977,7 @@ class Protocol {
     if (isJSONRPCResponse(response)) {
       handler(response);
     } else {
-      const error = new McpError(response.error.code, response.error.message, response.error.data);
+      const error = McpError.fromError(response.error.code, response.error.message, response.error.data);
       handler(error);
     }
   }
@@ -5776,8 +6048,12 @@ class Protocol {
           return reject(response);
         }
         try {
-          const result = resultSchema.parse(response.result);
-          resolve2(result);
+          const parseResult = safeParse(resultSchema, response.result);
+          if (!parseResult.success) {
+            reject(parseResult.error);
+          } else {
+            resolve2(parseResult.data);
+          }
         } catch (error) {
           reject(error);
         }
@@ -5787,7 +6063,7 @@ class Protocol {
         cancel((_a4 = options === null || options === void 0 ? void 0 : options.signal) === null || _a4 === void 0 ? void 0 : _a4.reason);
       });
       const timeout = (_e3 = options === null || options === void 0 ? void 0 : options.timeout) !== null && _e3 !== void 0 ? _e3 : DEFAULT_REQUEST_TIMEOUT_MSEC;
-      const timeoutHandler = () => cancel(new McpError(ErrorCode.RequestTimeout, "Request timed out", { timeout }));
+      const timeoutHandler = () => cancel(McpError.fromError(ErrorCode.RequestTimeout, "Request timed out", { timeout }));
       this._setupTimeout(messageId, timeout, options === null || options === void 0 ? void 0 : options.maxTotalTimeout, timeoutHandler, (_f2 = options === null || options === void 0 ? void 0 : options.resetTimeoutOnProgress) !== null && _f2 !== void 0 ? _f2 : false);
       this._transport.send(jsonrpcRequest, { relatedRequestId, resumptionToken, onresumptiontoken }).catch((error) => {
         this._cleanupTimeout(messageId);
@@ -5837,10 +6113,11 @@ class Protocol {
    * Note that this will replace any previous request handler for the same method.
    */
   setRequestHandler(requestSchema, handler) {
-    const method = requestSchema.shape.method.value;
+    const method = getMethodLiteral(requestSchema);
     this.assertRequestHandlerCapability(method);
     this._requestHandlers.set(method, (request, extra) => {
-      return Promise.resolve(handler(requestSchema.parse(request), extra));
+      const parsed = parseWithCompat(requestSchema, request);
+      return Promise.resolve(handler(parsed, extra));
     });
   }
   /**
@@ -5863,7 +6140,11 @@ class Protocol {
    * Note that this will replace any previous notification handler for the same method.
    */
   setNotificationHandler(notificationSchema, handler) {
-    this._notificationHandlers.set(notificationSchema.shape.method.value, (notification) => Promise.resolve(handler(notificationSchema.parse(notification))));
+    const method = getMethodLiteral(notificationSchema);
+    this._notificationHandlers.set(method, (notification) => {
+      const parsed = parseWithCompat(notificationSchema, notification);
+      return Promise.resolve(handler(parsed));
+    });
   }
   /**
    * Removes the notification handler for the given method.
@@ -12618,6 +12899,16 @@ function applyElicitationDefaults(schema2, data2) {
     }
   }
 }
+function getSupportedElicitationModes(capabilities) {
+  if (!capabilities) {
+    return { supportsFormMode: false, supportsUrlMode: false };
+  }
+  const hasFormCapability = capabilities.form !== void 0;
+  const hasUrlCapability = capabilities.url !== void 0;
+  const supportsFormMode = hasFormCapability || !hasFormCapability && !hasUrlCapability;
+  const supportsUrlMode = hasUrlCapability;
+  return { supportsFormMode, supportsUrlMode };
+}
 class Client extends Protocol {
   /**
    * Initializes this client with the given name and version information.
@@ -12645,24 +12936,57 @@ class Client extends Protocol {
    * Override request handler registration to enforce client-side validation for elicitation.
    */
   setRequestHandler(requestSchema, handler) {
-    const method = requestSchema.shape.method.value;
+    var _a3, _b2, _c2;
+    const shape = getObjectShape(requestSchema);
+    const methodSchema = shape === null || shape === void 0 ? void 0 : shape.method;
+    if (!methodSchema) {
+      throw new Error("Schema is missing a method literal");
+    }
+    let methodValue;
+    if (isZ4Schema(methodSchema)) {
+      const v4Schema = methodSchema;
+      const v4Def = (_a3 = v4Schema._zod) === null || _a3 === void 0 ? void 0 : _a3.def;
+      methodValue = (_b2 = v4Def === null || v4Def === void 0 ? void 0 : v4Def.value) !== null && _b2 !== void 0 ? _b2 : v4Schema.value;
+    } else {
+      const v3Schema = methodSchema;
+      const legacyDef = v3Schema._def;
+      methodValue = (_c2 = legacyDef === null || legacyDef === void 0 ? void 0 : legacyDef.value) !== null && _c2 !== void 0 ? _c2 : v3Schema.value;
+    }
+    if (typeof methodValue !== "string") {
+      throw new Error("Schema method literal must be a string");
+    }
+    const method = methodValue;
     if (method === "elicitation/create") {
       const wrappedHandler = async (request, extra) => {
-        var _a3;
-        const validatedRequest = ElicitRequestSchema.safeParse(request);
+        var _a4, _b3, _c3;
+        const validatedRequest = safeParse(ElicitRequestSchema, request);
         if (!validatedRequest.success) {
-          throw new McpError(ErrorCode.InvalidParams, `Invalid elicitation request: ${validatedRequest.error.message}`);
+          const errorMessage = validatedRequest.error instanceof Error ? validatedRequest.error.message : String(validatedRequest.error);
+          throw new McpError(ErrorCode.InvalidParams, `Invalid elicitation request: ${errorMessage}`);
+        }
+        const { params } = validatedRequest.data;
+        const mode = (_a4 = params.mode) !== null && _a4 !== void 0 ? _a4 : "form";
+        const { supportsFormMode, supportsUrlMode } = getSupportedElicitationModes(this._capabilities.elicitation);
+        if (mode === "form" && !supportsFormMode) {
+          throw new McpError(ErrorCode.InvalidParams, "Client does not support form-mode elicitation requests");
+        }
+        if (mode === "url" && !supportsUrlMode) {
+          throw new McpError(ErrorCode.InvalidParams, "Client does not support URL-mode elicitation requests");
         }
         const result = await Promise.resolve(handler(request, extra));
-        const validationResult = ElicitResultSchema.safeParse(result);
+        const validationResult = safeParse(ElicitResultSchema, result);
         if (!validationResult.success) {
-          throw new McpError(ErrorCode.InvalidParams, `Invalid elicitation result: ${validationResult.error.message}`);
+          const errorMessage = validationResult.error instanceof Error ? validationResult.error.message : String(validationResult.error);
+          throw new McpError(ErrorCode.InvalidParams, `Invalid elicitation result: ${errorMessage}`);
         }
         const validatedResult = validationResult.data;
-        if (((_a3 = this._capabilities.elicitation) === null || _a3 === void 0 ? void 0 : _a3.applyDefaults) && validatedResult.action === "accept" && validatedResult.content && validatedRequest.data.params.requestedSchema) {
-          try {
-            applyElicitationDefaults(validatedRequest.data.params.requestedSchema, validatedResult.content);
-          } catch (_b2) {
+        const requestedSchema = mode === "form" ? params.requestedSchema : void 0;
+        if (mode === "form" && validatedResult.action === "accept" && validatedResult.content && requestedSchema) {
+          if ((_c3 = (_b3 = this._capabilities.elicitation) === null || _b3 === void 0 ? void 0 : _b3.form) === null || _c3 === void 0 ? void 0 : _c3.applyDefaults) {
+            try {
+              applyElicitationDefaults(requestedSchema, validatedResult.content);
+            } catch (_d2) {
+            }
           }
         }
         return validatedResult;
@@ -12878,6 +13202,31 @@ class Client extends Protocol {
     return this.notification({ method: "notifications/roots/list_changed" });
   }
 }
+function normalizeHeaders(headers) {
+  if (!headers)
+    return {};
+  if (headers instanceof Headers) {
+    return Object.fromEntries(headers.entries());
+  }
+  if (Array.isArray(headers)) {
+    return Object.fromEntries(headers);
+  }
+  return { ...headers };
+}
+function createFetchWithInit(baseFetch = fetch, baseInit) {
+  if (!baseInit) {
+    return baseFetch;
+  }
+  return async (url2, init) => {
+    const mergedInit = {
+      ...baseInit,
+      ...init,
+      // Headers need special handling - merge instead of replace
+      headers: (init === null || init === void 0 ? void 0 : init.headers) ? { ...normalizeHeaders(baseInit.headers), ...normalizeHeaders(init.headers) } : baseInit.headers
+    };
+    return baseFetch(url2, mergedInit);
+  };
+}
 let crypto$1;
 crypto$1 = globalThis.crypto;
 async function getRandomValues(size2) {
@@ -12913,7 +13262,7 @@ async function pkceChallenge(length) {
     code_challenge: challenge
   };
 }
-const SafeUrlSchema = string().url().superRefine((val, ctx) => {
+const SafeUrlSchema = url().superRefine((val, ctx) => {
   if (!URL.canParse(val)) {
     ctx.addIssue({
       code: ZodIssueCode.custom,
@@ -12922,11 +13271,11 @@ const SafeUrlSchema = string().url().superRefine((val, ctx) => {
     });
     return NEVER;
   }
-}).refine((url) => {
-  const u2 = new URL(url);
+}).refine((url2) => {
+  const u2 = new URL(url2);
   return u2.protocol !== "javascript:" && u2.protocol !== "data:" && u2.protocol !== "vbscript:";
 }, { message: "URL cannot use javascript:, data:, or vbscript: scheme" });
-const OAuthProtectedResourceMetadataSchema = object({
+const OAuthProtectedResourceMetadataSchema = looseObject({
   resource: string().url(),
   authorization_servers: array(SafeUrlSchema).optional(),
   jwks_uri: string().url().optional(),
@@ -12941,8 +13290,8 @@ const OAuthProtectedResourceMetadataSchema = object({
   authorization_details_types_supported: array(string()).optional(),
   dpop_signing_alg_values_supported: array(string()).optional(),
   dpop_bound_access_tokens_required: boolean().optional()
-}).passthrough();
-const OAuthMetadataSchema = object({
+});
+const OAuthMetadataSchema = looseObject({
   issuer: string(),
   authorization_endpoint: SafeUrlSchema,
   token_endpoint: SafeUrlSchema,
@@ -12960,9 +13309,10 @@ const OAuthMetadataSchema = object({
   introspection_endpoint: string().optional(),
   introspection_endpoint_auth_methods_supported: array(string()).optional(),
   introspection_endpoint_auth_signing_alg_values_supported: array(string()).optional(),
-  code_challenge_methods_supported: array(string()).optional()
-}).passthrough();
-const OpenIdProviderMetadataSchema = object({
+  code_challenge_methods_supported: array(string()).optional(),
+  client_id_metadata_document_supported: boolean().optional()
+});
+const OpenIdProviderMetadataSchema = looseObject({
   issuer: string(),
   authorization_endpoint: SafeUrlSchema,
   token_endpoint: SafeUrlSchema,
@@ -12997,11 +13347,15 @@ const OpenIdProviderMetadataSchema = object({
   request_uri_parameter_supported: boolean().optional(),
   require_request_uri_registration: boolean().optional(),
   op_policy_uri: SafeUrlSchema.optional(),
-  op_tos_uri: SafeUrlSchema.optional()
-}).passthrough();
-const OpenIdProviderDiscoveryMetadataSchema = OpenIdProviderMetadataSchema.merge(OAuthMetadataSchema.pick({
-  code_challenge_methods_supported: true
-}));
+  op_tos_uri: SafeUrlSchema.optional(),
+  client_id_metadata_document_supported: boolean().optional()
+});
+const OpenIdProviderDiscoveryMetadataSchema = object({
+  ...OpenIdProviderMetadataSchema.shape,
+  ...OAuthMetadataSchema.pick({
+    code_challenge_methods_supported: true
+  }).shape
+});
 const OAuthTokensSchema = object({
   access_token: string(),
   id_token: string().optional(),
@@ -13050,8 +13404,8 @@ object({
   token: string(),
   token_type_hint: string().optional()
 }).strip();
-function resourceUrlFromServerUrl(url) {
-  const resourceURL = typeof url === "string" ? new URL(url) : new URL(url.href);
+function resourceUrlFromServerUrl(url2) {
+  const resourceURL = typeof url2 === "string" ? new URL(url2) : new URL(url2.href);
   resourceURL.hash = "";
   return resourceURL;
 }
@@ -13247,6 +13601,7 @@ async function auth(provider, options) {
   }
 }
 async function authInternal(provider, { serverUrl, authorizationCode, scope: scope2, resourceMetadataUrl, fetchFn }) {
+  var _a3, _b2;
   let resourceMetadata;
   let authorizationServerUrl;
   try {
@@ -13254,7 +13609,7 @@ async function authInternal(provider, { serverUrl, authorizationCode, scope: sco
     if (resourceMetadata.authorization_servers && resourceMetadata.authorization_servers.length > 0) {
       authorizationServerUrl = resourceMetadata.authorization_servers[0];
     }
-  } catch (_a3) {
+  } catch (_c2) {
   }
   if (!authorizationServerUrl) {
     authorizationServerUrl = new URL("/", serverUrl);
@@ -13268,16 +13623,29 @@ async function authInternal(provider, { serverUrl, authorizationCode, scope: sco
     if (authorizationCode !== void 0) {
       throw new Error("Existing OAuth client information is required when exchanging an authorization code");
     }
-    if (!provider.saveClientInformation) {
-      throw new Error("OAuth client information must be saveable for dynamic registration");
+    const supportsUrlBasedClientId = (metadata2 === null || metadata2 === void 0 ? void 0 : metadata2.client_id_metadata_document_supported) === true;
+    const clientMetadataUrl = provider.clientMetadataUrl;
+    if (clientMetadataUrl && !isHttpsUrl(clientMetadataUrl)) {
+      throw new InvalidClientMetadataError(`clientMetadataUrl must be a valid HTTPS URL with a non-root pathname, got: ${clientMetadataUrl}`);
+    }
+    const shouldUseUrlBasedClientId = supportsUrlBasedClientId && clientMetadataUrl;
+    if (shouldUseUrlBasedClientId) {
+      clientInformation = {
+        client_id: clientMetadataUrl
+      };
+      await ((_a3 = provider.saveClientInformation) === null || _a3 === void 0 ? void 0 : _a3.call(provider, clientInformation));
+    } else {
+      if (!provider.saveClientInformation) {
+        throw new Error("OAuth client information must be saveable for dynamic registration");
+      }
+      const fullInformation = await registerClient(authorizationServerUrl, {
+        metadata: metadata2,
+        clientMetadata: provider.clientMetadata,
+        fetchFn
+      });
+      await provider.saveClientInformation(fullInformation);
+      clientInformation = fullInformation;
     }
-    const fullInformation = await registerClient(authorizationServerUrl, {
-      metadata: metadata2,
-      clientMetadata: provider.clientMetadata,
-      fetchFn
-    });
-    await provider.saveClientInformation(fullInformation);
-    clientInformation = fullInformation;
   }
   if (authorizationCode !== void 0) {
     const codeVerifier2 = await provider.codeVerifier();
@@ -13320,13 +13688,23 @@ async function authInternal(provider, { serverUrl, authorizationCode, scope: sco
     clientInformation,
     state,
     redirectUrl: provider.redirectUrl,
-    scope: scope2 || provider.clientMetadata.scope,
+    scope: scope2 || ((_b2 = resourceMetadata === null || resourceMetadata === void 0 ? void 0 : resourceMetadata.scopes_supported) === null || _b2 === void 0 ? void 0 : _b2.join(" ")) || provider.clientMetadata.scope,
     resource
   });
   await provider.saveCodeVerifier(codeVerifier);
   await provider.redirectToAuthorization(authorizationUrl);
   return "REDIRECT";
 }
+function isHttpsUrl(value) {
+  if (!value)
+    return false;
+  try {
+    const url2 = new URL(value);
+    return url2.protocol === "https:" && url2.pathname !== "/";
+  } catch (_a3) {
+    return false;
+  }
+}
 async function selectResourceURL(serverUrl, provider, resourceMetadata) {
   const defaultResource = resourceUrlFromServerUrl(serverUrl);
   if (provider.validateResourceURL) {
@@ -13349,23 +13727,34 @@ function extractWWWAuthenticateParams(res) {
   if (type2.toLowerCase() !== "bearer" || !scheme) {
     return {};
   }
-  const resourceMetadataRegex = /resource_metadata="([^"]*)"/;
-  const resourceMetadataMatch = resourceMetadataRegex.exec(authenticateHeader);
-  const scopeRegex = /scope="([^"]*)"/;
-  const scopeMatch = scopeRegex.exec(authenticateHeader);
+  const resourceMetadataMatch = extractFieldFromWwwAuth(res, "resource_metadata") || void 0;
   let resourceMetadataUrl;
   if (resourceMetadataMatch) {
     try {
-      resourceMetadataUrl = new URL(resourceMetadataMatch[1]);
+      resourceMetadataUrl = new URL(resourceMetadataMatch);
     } catch (_a3) {
     }
   }
-  const scope2 = (scopeMatch === null || scopeMatch === void 0 ? void 0 : scopeMatch[1]) || void 0;
+  const scope2 = extractFieldFromWwwAuth(res, "scope") || void 0;
+  const error = extractFieldFromWwwAuth(res, "error") || void 0;
   return {
     resourceMetadataUrl,
-    scope: scope2
+    scope: scope2,
+    error
   };
 }
+function extractFieldFromWwwAuth(response, fieldName) {
+  const wwwAuthHeader = response.headers.get("WWW-Authenticate");
+  if (!wwwAuthHeader) {
+    return null;
+  }
+  const pattern2 = new RegExp(`${fieldName}=(?:"([^"]+)"|([^\\s,]+))`);
+  const match = wwwAuthHeader.match(pattern2);
+  if (match) {
+    return match[1] || match[2];
+  }
+  return null;
+}
 async function discoverOAuthProtectedResourceMetadata(serverUrl, opts, fetchFn = fetch) {
   const response = await discoverMetadataWithFallback(serverUrl, "oauth-protected-resource", fetchFn, {
     protocolVersion: opts === null || opts === void 0 ? void 0 : opts.protocolVersion,
@@ -13379,13 +13768,13 @@ async function discoverOAuthProtectedResourceMetadata(serverUrl, opts, fetchFn =
   }
   return OAuthProtectedResourceMetadataSchema.parse(await response.json());
 }
-async function fetchWithCorsRetry(url, headers, fetchFn = fetch) {
+async function fetchWithCorsRetry(url2, headers, fetchFn = fetch) {
   try {
-    return await fetchFn(url, { headers });
+    return await fetchFn(url2, { headers });
   } catch (error) {
     if (error instanceof TypeError) {
       if (headers) {
-        return fetchWithCorsRetry(url, void 0, fetchFn);
+        return fetchWithCorsRetry(url2, void 0, fetchFn);
       } else {
         return void 0;
       }
@@ -13399,11 +13788,11 @@ function buildWellKnownPath(wellKnownPrefix, pathname = "", options = {}) {
   }
   return options.prependPathname ? `${pathname}/.well-known/${wellKnownPrefix}` : `/.well-known/${wellKnownPrefix}${pathname}`;
 }
-async function tryMetadataDiscovery(url, protocolVersion, fetchFn = fetch) {
+async function tryMetadataDiscovery(url2, protocolVersion, fetchFn = fetch) {
   const headers = {
     "MCP-Protocol-Version": protocolVersion
   };
-  return await fetchWithCorsRetry(url, headers, fetchFn);
+  return await fetchWithCorsRetry(url2, headers, fetchFn);
 }
 function shouldAttemptFallback(response, pathname) {
   return !response || response.status >= 400 && response.status < 500 && pathname !== "/";
@@ -13412,15 +13801,15 @@ async function discoverMetadataWithFallback(serverUrl, wellKnownType, fetchFn, o
   var _a3, _b2;
   const issuer = new URL(serverUrl);
   const protocolVersion = (_a3 = opts === null || opts === void 0 ? void 0 : opts.protocolVersion) !== null && _a3 !== void 0 ? _a3 : LATEST_PROTOCOL_VERSION;
-  let url;
+  let url2;
   if (opts === null || opts === void 0 ? void 0 : opts.metadataUrl) {
-    url = new URL(opts.metadataUrl);
+    url2 = new URL(opts.metadataUrl);
   } else {
     const wellKnownPath = buildWellKnownPath(wellKnownType, issuer.pathname);
-    url = new URL(wellKnownPath, (_b2 = opts === null || opts === void 0 ? void 0 : opts.metadataServerUrl) !== null && _b2 !== void 0 ? _b2 : issuer);
-    url.search = issuer.search;
+    url2 = new URL(wellKnownPath, (_b2 = opts === null || opts === void 0 ? void 0 : opts.metadataServerUrl) !== null && _b2 !== void 0 ? _b2 : issuer);
+    url2.search = issuer.search;
   }
-  let response = await tryMetadataDiscovery(url, protocolVersion, fetchFn);
+  let response = await tryMetadataDiscovery(url2, protocolVersion, fetchFn);
   if (!(opts === null || opts === void 0 ? void 0 : opts.metadataUrl) && shouldAttemptFallback(response, issuer.pathname)) {
     const rootUrl = new URL(`/.well-known/${wellKnownType}`, issuer);
     response = await tryMetadataDiscovery(rootUrl, protocolVersion, fetchFn);
@@ -13428,34 +13817,34 @@ async function discoverMetadataWithFallback(serverUrl, wellKnownType, fetchFn, o
   return response;
 }
 function buildDiscoveryUrls(authorizationServerUrl) {
-  const url = typeof authorizationServerUrl === "string" ? new URL(authorizationServerUrl) : authorizationServerUrl;
-  const hasPath = url.pathname !== "/";
+  const url2 = typeof authorizationServerUrl === "string" ? new URL(authorizationServerUrl) : authorizationServerUrl;
+  const hasPath = url2.pathname !== "/";
   const urlsToTry = [];
   if (!hasPath) {
     urlsToTry.push({
-      url: new URL("/.well-known/oauth-authorization-server", url.origin),
+      url: new URL("/.well-known/oauth-authorization-server", url2.origin),
       type: "oauth"
     });
     urlsToTry.push({
-      url: new URL(`/.well-known/openid-configuration`, url.origin),
+      url: new URL(`/.well-known/openid-configuration`, url2.origin),
       type: "oidc"
     });
     return urlsToTry;
   }
-  let pathname = url.pathname;
+  let pathname = url2.pathname;
   if (pathname.endsWith("/")) {
     pathname = pathname.slice(0, -1);
   }
   urlsToTry.push({
-    url: new URL(`/.well-known/oauth-authorization-server${pathname}`, url.origin),
+    url: new URL(`/.well-known/oauth-authorization-server${pathname}`, url2.origin),
     type: "oauth"
   });
   urlsToTry.push({
-    url: new URL(`/.well-known/openid-configuration${pathname}`, url.origin),
+    url: new URL(`/.well-known/openid-configuration${pathname}`, url2.origin),
     type: "oidc"
   });
   urlsToTry.push({
-    url: new URL(`${pathname}/.well-known/openid-configuration`, url.origin),
+    url: new URL(`${pathname}/.well-known/openid-configuration`, url2.origin),
     type: "oidc"
   });
   return urlsToTry;
@@ -13627,6 +14016,7 @@ const auth$1 = /* @__PURE__ */ Object.freeze(/* @__PURE__ */ Object.defineProper
   discoverOAuthProtectedResourceMetadata,
   exchangeAuthorization,
   extractWWWAuthenticateParams,
+  isHttpsUrl,
   parseErrorResponse,
   refreshAuthorization,
   registerClient,
@@ -13770,15 +14160,16 @@ class StreamableHTTPError extends Error {
   }
 }
 class StreamableHTTPClientTransport {
-  constructor(url, opts) {
+  constructor(url2, opts) {
     var _a3;
     this._hasCompletedAuthFlow = false;
-    this._url = url;
+    this._url = url2;
     this._resourceMetadataUrl = void 0;
     this._scope = void 0;
     this._requestInit = opts === null || opts === void 0 ? void 0 : opts.requestInit;
     this._authProvider = opts === null || opts === void 0 ? void 0 : opts.authProvider;
     this._fetch = opts === null || opts === void 0 ? void 0 : opts.fetch;
+    this._fetchWithInit = createFetchWithInit(opts === null || opts === void 0 ? void 0 : opts.fetch, opts === null || opts === void 0 ? void 0 : opts.requestInit);
     this._sessionId = opts === null || opts === void 0 ? void 0 : opts.sessionId;
     this._reconnectionOptions = (_a3 = opts === null || opts === void 0 ? void 0 : opts.reconnectionOptions) !== null && _a3 !== void 0 ? _a3 : DEFAULT_STREAMABLE_HTTP_RECONNECTION_OPTIONS;
   }
@@ -13793,7 +14184,7 @@ class StreamableHTTPClientTransport {
         serverUrl: this._url,
         resourceMetadataUrl: this._resourceMetadataUrl,
         scope: this._scope,
-        fetchFn: this._fetch
+        fetchFn: this._fetchWithInit
       });
     } catch (error) {
       (_a3 = this.onerror) === null || _a3 === void 0 ? void 0 : _a3.call(this, error);
@@ -13819,7 +14210,7 @@ class StreamableHTTPClientTransport {
     if (this._protocolVersion) {
       headers["mcp-protocol-version"] = this._protocolVersion;
     }
-    const extraHeaders = this._normalizeHeaders((_a3 = this._requestInit) === null || _a3 === void 0 ? void 0 : _a3.headers);
+    const extraHeaders = normalizeHeaders((_a3 = this._requestInit) === null || _a3 === void 0 ? void 0 : _a3.headers);
     return new Headers({
       ...headers,
       ...extraHeaders
@@ -13861,24 +14252,16 @@ class StreamableHTTPClientTransport {
    * @returns Time to wait in milliseconds before next reconnection attempt
    */
   _getNextReconnectionDelay(attempt) {
+    if (this._serverRetryMs !== void 0) {
+      return this._serverRetryMs;
+    }
     const initialDelay = this._reconnectionOptions.initialReconnectionDelay;
     const growFactor = this._reconnectionOptions.reconnectionDelayGrowFactor;
     const maxDelay = this._reconnectionOptions.maxReconnectionDelay;
     return Math.min(initialDelay * Math.pow(growFactor, attempt), maxDelay);
   }
-  _normalizeHeaders(headers) {
-    if (!headers)
-      return {};
-    if (headers instanceof Headers) {
-      return Object.fromEntries(headers.entries());
-    }
-    if (Array.isArray(headers)) {
-      return Object.fromEntries(headers);
-    }
-    return { ...headers };
-  }
   /**
-   * Schedule a reconnection attempt with exponential backoff
+   * Schedule a reconnection attempt using server-provided retry interval or backoff
    *
    * @param lastEventId The ID of the last received event for resumability
    * @param attemptCount Current reconnection attempt count for this specific stream
@@ -13905,10 +14288,15 @@ class StreamableHTTPClientTransport {
     }
     const { onresumptiontoken, replayMessageId } = options;
     let lastEventId;
+    let hasPrimingEvent = false;
     const processStream = async () => {
       var _a3, _b2, _c2, _d2;
       try {
-        const reader = stream.pipeThrough(new TextDecoderStream()).pipeThrough(new EventSourceParserStream()).getReader();
+        const reader = stream.pipeThrough(new TextDecoderStream()).pipeThrough(new EventSourceParserStream({
+          onRetry: (retryMs) => {
+            this._serverRetryMs = retryMs;
+          }
+        })).getReader();
         while (true) {
           const { value: event, done } = await reader.read();
           if (done) {
@@ -13916,6 +14304,7 @@ class StreamableHTTPClientTransport {
           }
           if (event.id) {
             lastEventId = event.id;
+            hasPrimingEvent = true;
             onresumptiontoken === null || onresumptiontoken === void 0 ? void 0 : onresumptiontoken(event.id);
           }
           if (!event.event || event.event === "message") {
@@ -13930,9 +14319,18 @@ class StreamableHTTPClientTransport {
             }
           }
         }
+        const canResume = isReconnectable || hasPrimingEvent;
+        if (canResume && this._abortController && !this._abortController.signal.aborted) {
+          this._scheduleReconnection({
+            resumptionToken: lastEventId,
+            onresumptiontoken,
+            replayMessageId
+          }, 0);
+        }
       } catch (error) {
         (_c2 = this.onerror) === null || _c2 === void 0 ? void 0 : _c2.call(this, new Error(`SSE stream disconnected: ${error}`));
-        if (isReconnectable && this._abortController && !this._abortController.signal.aborted) {
+        const canResume = isReconnectable || hasPrimingEvent;
+        if (canResume && this._abortController && !this._abortController.signal.aborted) {
           try {
             this._scheduleReconnection({
               resumptionToken: lastEventId,
@@ -13965,7 +14363,7 @@ class StreamableHTTPClientTransport {
       authorizationCode,
       resourceMetadataUrl: this._resourceMetadataUrl,
       scope: this._scope,
-      fetchFn: this._fetch
+      fetchFn: this._fetchWithInit
     });
     if (result !== "AUTHORIZED") {
       throw new UnauthorizedError("Failed to authorize");
@@ -14014,7 +14412,7 @@ class StreamableHTTPClientTransport {
             serverUrl: this._url,
             resourceMetadataUrl: this._resourceMetadataUrl,
             scope: this._scope,
-            fetchFn: this._fetch
+            fetchFn: this._fetchWithInit
           });
           if (result !== "AUTHORIZED") {
             throw new UnauthorizedError();
@@ -14022,10 +14420,37 @@ class StreamableHTTPClientTransport {
           this._hasCompletedAuthFlow = true;
           return this.send(message);
         }
+        if (response.status === 403 && this._authProvider) {
+          const { resourceMetadataUrl, scope: scope2, error } = extractWWWAuthenticateParams(response);
+          if (error === "insufficient_scope") {
+            const wwwAuthHeader = response.headers.get("WWW-Authenticate");
+            if (this._lastUpscopingHeader === wwwAuthHeader) {
+              throw new StreamableHTTPError(403, "Server returned 403 after trying upscoping");
+            }
+            if (scope2) {
+              this._scope = scope2;
+            }
+            if (resourceMetadataUrl) {
+              this._resourceMetadataUrl = resourceMetadataUrl;
+            }
+            this._lastUpscopingHeader = wwwAuthHeader !== null && wwwAuthHeader !== void 0 ? wwwAuthHeader : void 0;
+            const result = await auth(this._authProvider, {
+              serverUrl: this._url,
+              resourceMetadataUrl: this._resourceMetadataUrl,
+              scope: this._scope,
+              fetchFn: this._fetch
+            });
+            if (result !== "AUTHORIZED") {
+              throw new UnauthorizedError();
+            }
+            return this.send(message);
+          }
+        }
         const text = await response.text().catch(() => null);
         throw new Error(`Error POSTing to endpoint (HTTP ${response.status}): ${text}`);
       }
       this._hasCompletedAuthFlow = false;
+      this._lastUpscopingHeader = void 0;
       if (response.status === 202) {
         if (isInitializedNotification(message)) {
           this._startOrAuthSse({ resumptionToken: void 0 }).catch((err) => {
@@ -14099,6 +14524,19 @@ class StreamableHTTPClientTransport {
   get protocolVersion() {
     return this._protocolVersion;
   }
+  /**
+   * Resume an SSE stream from a previous event ID.
+   * Opens a GET SSE connection with Last-Event-ID header to replay missed events.
+   *
+   * @param lastEventId The event ID to resume from
+   * @param options Optional callback to receive new resumption tokens
+   */
+  async resumeStream(lastEventId, options) {
+    await this._startOrAuthSse({
+      resumptionToken: lastEventId,
+      onresumptiontoken: options === null || options === void 0 ? void 0 : options.onresumptiontoken
+    });
+  }
 }
 class ErrorEvent extends Event {
   /**
@@ -14163,7 +14601,7 @@ var __typeError$1 = (msg) => {
   throw TypeError(msg);
 }, __accessCheck$1 = (obj, member, msg) => member.has(obj) || __typeError$1("Cannot " + msg), __privateGet$1 = (obj, member, getter) => (__accessCheck$1(obj, member, "read from private field"), getter ? getter.call(obj) : member.get(obj)), __privateAdd$1 = (obj, member, value) => member.has(obj) ? __typeError$1("Cannot add the same private member more than once") : member instanceof WeakSet ? member.add(obj) : member.set(obj, value), __privateSet = (obj, member, value, setter) => (__accessCheck$1(obj, member, "write to private field"), member.set(obj, value), value), __privateMethod = (obj, member, method) => (__accessCheck$1(obj, member, "access private method"), method), _readyState, _url, _redirectUrl, _withCredentials, _fetch, _reconnectInterval, _reconnectTimer, _lastEventId, _controller, _parser, _onError, _onMessage, _onOpen, _EventSource_instances, connect_fn, _onFetchResponse, _onFetchError, getRequestOptions_fn, _onEvent, _onRetryChange, failConnection_fn, scheduleReconnect_fn, _reconnect;
 class EventSource extends EventTarget {
-  constructor(url, eventSourceInitDict) {
+  constructor(url2, eventSourceInitDict) {
     var _a3, _b2;
     super(), __privateAdd$1(this, _EventSource_instances), this.CONNECTING = 0, this.OPEN = 1, this.CLOSED = 2, __privateAdd$1(this, _readyState), __privateAdd$1(this, _url), __privateAdd$1(this, _redirectUrl), __privateAdd$1(this, _withCredentials), __privateAdd$1(this, _fetch), __privateAdd$1(this, _reconnectInterval), __privateAdd$1(this, _reconnectTimer), __privateAdd$1(this, _lastEventId, null), __privateAdd$1(this, _controller), __privateAdd$1(this, _parser), __privateAdd$1(this, _onError, null), __privateAdd$1(this, _onMessage, null), __privateAdd$1(this, _onOpen, null), __privateAdd$1(this, _onFetchResponse, async (response) => {
       var _a22;
@@ -14211,10 +14649,10 @@ class EventSource extends EventTarget {
       __privateSet(this, _reconnectTimer, void 0), __privateGet$1(this, _readyState) === this.CONNECTING && __privateMethod(this, _EventSource_instances, connect_fn).call(this);
     });
     try {
-      if (url instanceof URL)
-        __privateSet(this, _url, url);
-      else if (typeof url == "string")
-        __privateSet(this, _url, new URL(url, getBaseURL()));
+      if (url2 instanceof URL)
+        __privateSet(this, _url, url2);
+      else if (typeof url2 == "string")
+        __privateSet(this, _url, new URL(url2, getBaseURL()));
       else
         throw new Error("Invalid URL");
     } catch {
@@ -14375,14 +14813,15 @@ class SseError extends Error {
   }
 }
 class SSEClientTransport {
-  constructor(url, opts) {
-    this._url = url;
+  constructor(url2, opts) {
+    this._url = url2;
     this._resourceMetadataUrl = void 0;
     this._scope = void 0;
     this._eventSourceInit = opts === null || opts === void 0 ? void 0 : opts.eventSourceInit;
     this._requestInit = opts === null || opts === void 0 ? void 0 : opts.requestInit;
     this._authProvider = opts === null || opts === void 0 ? void 0 : opts.authProvider;
     this._fetch = opts === null || opts === void 0 ? void 0 : opts.fetch;
+    this._fetchWithInit = createFetchWithInit(opts === null || opts === void 0 ? void 0 : opts.fetch, opts === null || opts === void 0 ? void 0 : opts.requestInit);
   }
   async _authThenStart() {
     var _a3;
@@ -14395,7 +14834,7 @@ class SSEClientTransport {
         serverUrl: this._url,
         resourceMetadataUrl: this._resourceMetadataUrl,
         scope: this._scope,
-        fetchFn: this._fetch
+        fetchFn: this._fetchWithInit
       });
     } catch (error) {
       (_a3 = this.onerror) === null || _a3 === void 0 ? void 0 : _a3.call(this, error);
@@ -14426,10 +14865,10 @@ class SSEClientTransport {
     return new Promise((resolve2, reject) => {
       this._eventSource = new EventSource(this._url.href, {
         ...this._eventSourceInit,
-        fetch: async (url, init) => {
+        fetch: async (url2, init) => {
           const headers = await this._commonHeaders();
           headers.set("Accept", "text/event-stream");
-          const response = await fetchImpl(url, {
+          const response = await fetchImpl(url2, {
             ...init,
             headers
           });
@@ -14502,7 +14941,7 @@ class SSEClientTransport {
       authorizationCode,
       resourceMetadataUrl: this._resourceMetadataUrl,
       scope: this._scope,
-      fetchFn: this._fetch
+      fetchFn: this._fetchWithInit
     });
     if (result !== "AUTHORIZED") {
       throw new UnauthorizedError("Failed to authorize");
@@ -14539,7 +14978,7 @@ class SSEClientTransport {
             serverUrl: this._url,
             resourceMetadataUrl: this._resourceMetadataUrl,
             scope: this._scope,
-            fetchFn: this._fetch
+            fetchFn: this._fetchWithInit
           });
           if (result !== "AUTHORIZED") {
             throw new UnauthorizedError();
@@ -14762,9 +15201,9 @@ var SseConnectionManager = (_f = class extends ConnectionManager {
    * @param url  The SSE endpoint URL.
    * @param opts Optional transport options (auth, headers, etc.).
    */
-  constructor(url, opts) {
+  constructor(url2, opts) {
     super();
-    this.url = typeof url === "string" ? new URL(url) : url;
+    this.url = typeof url2 === "string" ? new URL(url2) : url2;
     this.opts = opts;
   }
   /**
@@ -15051,9 +15490,9 @@ var WebSocketConnectionManager = (_h = class extends ConnectionManager {
    * @param url     The WebSocket URL to connect to.
    * @param headers Optional headers to include in the connection handshake.
    */
-  constructor(url, headers = {}) {
+  constructor(url2, headers = {}) {
     super();
-    this.url = url;
+    this.url = url2;
     this.headers = headers;
   }
   /** Establish a WebSocket connection and wait until it is open. */
@@ -15113,9 +15552,9 @@ var WebSocketConnector = (_i = class extends BaseConnector {
   receiverTask = null;
   pending = /* @__PURE__ */ new Map();
   toolsCache = null;
-  constructor(url, opts = {}) {
+  constructor(url2, opts = {}) {
     super();
-    this.url = url;
+    this.url = url2;
     this.headers = { ...opts.headers ?? {} };
     if (opts.authToken) this.headers.Authorization = `Bearer ${opts.authToken}`;
   }
@@ -15428,7 +15867,7 @@ var BrowserMCPClient = (_k = class extends BaseMCPClient {
    */
   createConnectorFromConfig(serverConfig) {
     const {
-      url,
+      url: url2,
       transport,
       headers,
       authToken,
@@ -15437,7 +15876,7 @@ var BrowserMCPClient = (_k = class extends BaseMCPClient {
       clientOptions,
       samplingCallback
     } = serverConfig;
-    if (!url) {
+    if (!url2) {
       throw new Error("Server URL is required");
     }
     const connectorOptions = {
@@ -15462,12 +15901,12 @@ var BrowserMCPClient = (_k = class extends BaseMCPClient {
         "[BrowserMCPClient] No clientOptions provided to connector!"
       );
     }
-    if (transport === "websocket" || url.startsWith("ws://") || url.startsWith("wss://")) {
-      return new WebSocketConnector(url, connectorOptions);
-    } else if (transport === "http" || url.startsWith("http://") || url.startsWith("https://")) {
-      return new HttpConnector(url, connectorOptions);
+    if (transport === "websocket" || url2.startsWith("ws://") || url2.startsWith("wss://")) {
+      return new WebSocketConnector(url2, connectorOptions);
+    } else if (transport === "http" || url2.startsWith("http://") || url2.startsWith("https://")) {
+      return new HttpConnector(url2, connectorOptions);
     } else {
-      return new HttpConnector(url, connectorOptions);
+      return new HttpConnector(url2, connectorOptions);
     }
   }
 }, __name(_k, "BrowserMCPClient"), _k);
@@ -15475,20 +15914,20 @@ function sanitizeUrl(raw) {
   const abort = /* @__PURE__ */ __name(() => {
     throw new Error(`Invalid url to pass to open(): ${raw}`);
   }, "abort");
-  let url;
+  let url2;
   try {
-    url = new URL(raw);
+    url2 = new URL(raw);
   } catch (_2) {
     abort();
   }
-  if (url.protocol !== "https:" && url.protocol !== "http:") abort();
-  if (url.hostname !== encodeURIComponent(url.hostname)) abort();
-  if (url.username) url.username = encodeURIComponent(url.username);
-  if (url.password) url.password = encodeURIComponent(url.password);
-  url.pathname = url.pathname.slice(0, 1) + encodeURIComponent(url.pathname.slice(1)).replace(/%2f/gi, "/");
-  url.search = url.search.slice(0, 1) + Array.from(url.searchParams.entries()).map(sanitizeParam).join("&");
-  url.hash = url.hash.slice(0, 1) + encodeURIComponent(url.hash.slice(1));
-  return url.href;
+  if (url2.protocol !== "https:" && url2.protocol !== "http:") abort();
+  if (url2.hostname !== encodeURIComponent(url2.hostname)) abort();
+  if (url2.username) url2.username = encodeURIComponent(url2.username);
+  if (url2.password) url2.password = encodeURIComponent(url2.password);
+  url2.pathname = url2.pathname.slice(0, 1) + encodeURIComponent(url2.pathname.slice(1)).replace(/%2f/gi, "/");
+  url2.search = url2.search.slice(0, 1) + Array.from(url2.searchParams.entries()).map(sanitizeParam).join("&");
+  url2.hash = url2.hash.slice(0, 1) + encodeURIComponent(url2.hash.slice(1));
+  return url2.href;
 }
 __name(sanitizeUrl, "sanitizeUrl");
 function sanitizeParam([k2, v2]) {
@@ -16306,7 +16745,7 @@ var DEFAULT_RECONNECT_DELAY = 3e3;
 var DEFAULT_RETRY_DELAY = 5e3;
 function useMcp(options) {
   const {
-    url,
+    url: url2,
     enabled = true,
     clientName,
     clientUri,
@@ -16417,7 +16856,7 @@ function useMcp(options) {
     [addLog]
   );
   const connect = reactExports.useCallback(async () => {
-    if (!enabled || !url) {
+    if (!enabled || !url2) {
       addLog(
         "debug",
         enabled ? "No server URL provided, skipping connection." : "Connection disabled via enabled flag."
@@ -16440,10 +16879,10 @@ function useMcp(options) {
     setState("discovering");
     addLog(
       "info",
-      `Connecting attempt #${connectAttemptRef.current} to ${url}...`
+      `Connecting attempt #${connectAttemptRef.current} to ${url2}...`
     );
     if (!authProviderRef.current) {
-      authProviderRef.current = new BrowserOAuthClientProvider(url, {
+      authProviderRef.current = new BrowserOAuthClientProvider(url2, {
         storageKeyPrefix,
         clientName,
         clientUri,
@@ -16466,7 +16905,7 @@ function useMcp(options) {
       try {
         const serverName = "inspector-server";
         const serverConfig = {
-          url,
+          url: url2,
           transport: transportTypeParam === "sse" ? "http" : transportTypeParam
         };
         if (customHeaders && Object.keys(customHeaders).length > 0) {
@@ -16494,9 +16933,9 @@ function useMcp(options) {
               "[useMcp] Applying transport wrapper for server:",
               serverName,
               "url:",
-              url
+              url2
             );
-            return wrapTransport(transport, url);
+            return wrapTransport(transport, url2);
           } : void 0
         });
         const session = await clientRef.current.createSession(
@@ -16550,7 +16989,7 @@ function useMcp(options) {
                 const { auth: auth3 } = await Promise.resolve().then(() => auth$1);
                 return { auth: auth3 };
               }, true ? void 0 : void 0);
-              const baseUrl = new URL(url).origin;
+              const baseUrl = new URL(url2).origin;
               auth2(authProviderRef.current, { serverUrl: baseUrl }).catch(
                 () => {
                 }
@@ -16620,7 +17059,7 @@ function useMcp(options) {
     addLog,
     failConnection,
     disconnect,
-    url,
+    url2,
     storageKeyPrefix,
     clientName,
     clientUri,
@@ -16688,7 +17127,7 @@ function useMcp(options) {
           authProviderRef.current,
           "Auth Provider not available for manual auth"
         );
-        assert$1(url, "Server URL is required for authentication");
+        assert$1(url2, "Server URL is required for authentication");
         addLog("info", "Clearing all OAuth state and initiating fresh flow...");
         const hashPrefix = `${storageKeyPrefix}:${authProviderRef.current.serverUrlHash}`;
         Object.keys(localStorage).forEach((key) => {
@@ -16702,7 +17141,7 @@ function useMcp(options) {
           }
         });
         setState("authenticating");
-        const freshAuthProvider = new BrowserOAuthClientProvider(url, {
+        const freshAuthProvider = new BrowserOAuthClientProvider(url2, {
           storageKeyPrefix,
           clientName,
           clientUri,
@@ -16718,7 +17157,7 @@ function useMcp(options) {
           const { auth: auth3 } = await Promise.resolve().then(() => auth$1);
           return { auth: auth3 };
         }, true ? void 0 : void 0);
-        const baseUrl = new URL(url).origin;
+        const baseUrl = new URL(url2).origin;
         auth2(freshAuthProvider, {
           serverUrl: baseUrl
         }).catch((err) => {
@@ -16756,7 +17195,7 @@ function useMcp(options) {
     addLog,
     retry,
     authUrl,
-    url,
+    url2,
     useRedirectFlow,
     onPopupWindow,
     storageKeyPrefix,
@@ -16767,13 +17206,13 @@ function useMcp(options) {
   const clearStorage = reactExports.useCallback(() => {
     if (authProviderRef.current) {
       const count2 = authProviderRef.current.clearStorage();
-      addLog("info", `Cleared ${count2} item(s) from localStorage for ${url}.`);
+      addLog("info", `Cleared ${count2} item(s) from localStorage for ${url2}.`);
       setAuthUrl(void 0);
       disconnect();
     } else {
       addLog("warn", "Auth provider not initialized, cannot clear storage.");
     }
-  }, [url, addLog, disconnect]);
+  }, [url2, addLog, disconnect]);
   const listResources = reactExports.useCallback(async () => {
     if (stateRef.current !== "ready" || !clientRef.current) {
       throw new Error(
@@ -16915,7 +17354,7 @@ function useMcp(options) {
   }, [addLog]);
   reactExports.useEffect(() => {
     isMountedRef.current = true;
-    if (!enabled || !url) {
+    if (!enabled || !url2) {
       addLog(
         "debug",
         enabled ? "No server URL provided, skipping connection." : "Connection disabled via enabled flag."
@@ -16927,8 +17366,8 @@ function useMcp(options) {
     }
     addLog("debug", "useMcp mounted, initiating connection.");
     connectAttemptRef.current = 0;
-    if (!authProviderRef.current || authProviderRef.current.serverUrl !== url) {
-      authProviderRef.current = new BrowserOAuthClientProvider(url, {
+    if (!authProviderRef.current || authProviderRef.current.serverUrl !== url2) {
+      authProviderRef.current = new BrowserOAuthClientProvider(url2, {
         storageKeyPrefix,
         clientName,
         clientUri,
@@ -16949,7 +17388,7 @@ function useMcp(options) {
       disconnect(true);
     };
   }, [
-    url,
+    url2,
     enabled,
     storageKeyPrefix,
     callbackUrl,
@@ -17729,18 +18168,6 @@ function WidgetControls({
   ));
 }
 __name(WidgetControls, "WidgetControls");
-var BrowserRouter$1 = null;
-var routerError = null;
-(async () => {
-  try {
-    const routerModule = await __vitePreload(() => import("./index-RN6yjAFG.js"), true ? [] : void 0);
-    BrowserRouter$1 = routerModule.BrowserRouter;
-  } catch (error) {
-    routerError = new Error(
-      "❌ react-router-dom not installed!\n\nTo use MCP widgets with McpUseProvider, you need to install:\n\n  npm install react-router-dom\n  # or\n  pnpm add react-router-dom\n\nThis dependency is automatically included in projects created with 'create-mcp-use-app'."
-    );
-  }
-})();
 function getBasename() {
   if (typeof window === "undefined") return "/";
   const path = window.location.pathname;
@@ -17764,6 +18191,33 @@ function McpUseProvider({
   const lastHeightRef = reactExports.useRef(0);
   const debounceTimeoutRef = reactExports.useRef(null);
   const notificationInProgressRef = reactExports.useRef(false);
+  const [BrowserRouter2, setBrowserRouter] = reactExports.useState(null);
+  const [routerError, setRouterError] = reactExports.useState(null);
+  const [isRouterLoading, setIsRouterLoading] = reactExports.useState(true);
+  reactExports.useEffect(() => {
+    let mounted = true;
+    (async () => {
+      try {
+        const routerModule = await __vitePreload(() => import("./index-DctLeaKS.js"), true ? [] : void 0);
+        if (mounted) {
+          setBrowserRouter(() => routerModule.BrowserRouter);
+          setIsRouterLoading(false);
+        }
+      } catch (error) {
+        if (mounted) {
+          setRouterError(
+            new Error(
+              "❌ react-router-dom not installed!\n\nTo use MCP widgets with McpUseProvider, you need to install:\n\n  npm install react-router-dom\n  # or\n  pnpm add react-router-dom\n\nThis dependency is automatically included in projects created with 'create-mcp-use-app'."
+            )
+          );
+          setIsRouterLoading(false);
+        }
+      }
+    })();
+    return () => {
+      mounted = false;
+    };
+  }, []);
   const notifyHeight = reactExports.useCallback((height) => {
     if (typeof window !== "undefined" && window.openai?.notifyIntrinsicHeight) {
       notificationInProgressRef.current = true;
@@ -17829,18 +18283,20 @@ function McpUseProvider({
       notificationInProgressRef.current = false;
     };
   }, [autoSize, debouncedNotifyHeight]);
+  if (isRouterLoading) {
+    return /* @__PURE__ */ re$1.createElement(reactExports.StrictMode, null, /* @__PURE__ */ re$1.createElement(ThemeProvider$1, null, /* @__PURE__ */ re$1.createElement("div", { style: { padding: "20px", textAlign: "center" } }, "Loading...")));
+  }
+  if (routerError) {
+    throw routerError;
+  }
   let content = children;
   content = /* @__PURE__ */ re$1.createElement(ErrorBoundary, null, content);
   if (enableDebugger || viewControls) {
     content = /* @__PURE__ */ re$1.createElement(WidgetControls, { debugger: enableDebugger, viewControls }, content);
   }
-  if (routerError) {
-    throw routerError;
-  }
-  if (!BrowserRouter$1) {
-    throw new Error("react-router-dom is still loading, please try again.");
+  if (BrowserRouter2) {
+    content = /* @__PURE__ */ re$1.createElement(BrowserRouter2, { basename }, content);
   }
-  content = /* @__PURE__ */ re$1.createElement(BrowserRouter$1, { basename }, content);
   content = /* @__PURE__ */ re$1.createElement(ThemeProvider$1, null, content);
   if (autoSize) {
     const containerStyle = {
@@ -18128,13 +18584,13 @@ function requireReactDom_production() {
   hasRequiredReactDom_production = 1;
   var React2 = requireReact();
   function formatProdErrorMessage(code2) {
-    var url = "https://react.dev/errors/" + code2;
+    var url2 = "https://react.dev/errors/" + code2;
     if (1 < arguments.length) {
-      url += "?args[]=" + encodeURIComponent(arguments[1]);
+      url2 += "?args[]=" + encodeURIComponent(arguments[1]);
       for (var i2 = 2; i2 < arguments.length; i2++)
-        url += "&args[]=" + encodeURIComponent(arguments[i2]);
+        url2 += "&args[]=" + encodeURIComponent(arguments[i2]);
     }
-    return "Minified React error #" + code2 + "; visit " + url + " for the full message or use the non-minified dev environment for full errors and additional helpful warnings.";
+    return "Minified React error #" + code2 + "; visit " + url2 + " for the full message or use the non-minified dev environment for full errors and additional helpful warnings.";
   }
   function noop3() {
   }
@@ -18295,13 +18751,13 @@ function requireReactDomClient_production() {
   hasRequiredReactDomClient_production = 1;
   var Scheduler = requireScheduler(), React2 = requireReact(), ReactDOM2 = requireReactDom();
   function formatProdErrorMessage(code2) {
-    var url = "https://react.dev/errors/" + code2;
+    var url2 = "https://react.dev/errors/" + code2;
     if (1 < arguments.length) {
-      url += "?args[]=" + encodeURIComponent(arguments[1]);
+      url2 += "?args[]=" + encodeURIComponent(arguments[1]);
       for (var i2 = 2; i2 < arguments.length; i2++)
-        url += "&args[]=" + encodeURIComponent(arguments[i2]);
+        url2 += "&args[]=" + encodeURIComponent(arguments[i2]);
     }
-    return "Minified React error #" + code2 + "; visit " + url + " for the full message or use the non-minified dev environment for full errors and additional helpful warnings.";
+    return "Minified React error #" + code2 + "; visit " + url2 + " for the full message or use the non-minified dev environment for full errors and additional helpful warnings.";
   }
   function isValidContainer(node) {
     return !(!node || 1 !== node.nodeType && 9 !== node.nodeType && 11 !== node.nodeType);
@@ -19329,8 +19785,8 @@ function requireReactDomClient_production() {
     ["xmlnsXlink", "xmlns:xlink"],
     ["xHeight", "x-height"]
   ]), isJavaScriptProtocol = /^[\u0000-\u001F ]*j[\r\n\t]*a[\r\n\t]*v[\r\n\t]*a[\r\n\t]*s[\r\n\t]*c[\r\n\t]*r[\r\n\t]*i[\r\n\t]*p[\r\n\t]*t[\r\n\t]*:/i;
-  function sanitizeURL(url) {
-    return isJavaScriptProtocol.test("" + url) ? "javascript:throw new Error('React has blocked a javascript: URL as a security precaution.')" : url;
+  function sanitizeURL(url2) {
+    return isJavaScriptProtocol.test("" + url2) ? "javascript:throw new Error('React has blocked a javascript: URL as a security precaution.')" : url2;
   }
   function noop$12() {
   }
@@ -29980,9 +30436,9 @@ function createHashHistory(options = {}) {
     let base = window2.document.querySelector("base");
     let href = "";
     if (base && base.getAttribute("href")) {
-      let url = window2.location.href;
-      let hashIndex = url.indexOf("#");
-      href = hashIndex === -1 ? url : url.slice(0, hashIndex);
+      let url2 = window2.location.href;
+      let hashIndex = url2.indexOf("#");
+      href = hashIndex === -1 ? url2 : url2.slice(0, hashIndex);
     }
     return href + "#" + (typeof to === "string" ? to : createPath(to));
   }
@@ -30099,14 +30555,14 @@ function getUrlBasedHistory(getLocation, createHref2, validateLocation, options
     if (validateLocation) validateLocation(location, to);
     index2 = getIndex() + 1;
     let historyState = getHistoryState(location, index2);
-    let url = history.createHref(location);
+    let url2 = history.createHref(location);
     try {
-      globalHistory.pushState(historyState, "", url);
+      globalHistory.pushState(historyState, "", url2);
     } catch (error) {
       if (error instanceof DOMException && error.name === "DataCloneError") {
         throw error;
       }
-      window2.location.assign(url);
+      window2.location.assign(url2);
     }
     if (v5Compat && listener) {
       listener({ action, location: history.location, delta: 1 });
@@ -30118,8 +30574,8 @@ function getUrlBasedHistory(getLocation, createHref2, validateLocation, options
     if (validateLocation) validateLocation(location, to);
     index2 = getIndex();
     let historyState = getHistoryState(location, index2);
-    let url = history.createHref(location);
-    globalHistory.replaceState(historyState, "", url);
+    let url2 = history.createHref(location);
+    globalHistory.replaceState(historyState, "", url2);
     if (v5Compat && listener) {
       listener({ action, location: history.location, delta: 0 });
     }
@@ -30150,11 +30606,11 @@ function getUrlBasedHistory(getLocation, createHref2, validateLocation, options
     },
     createURL,
     encodeLocation(to) {
-      let url = createURL(to);
+      let url2 = createURL(to);
       return {
-        pathname: url.pathname,
-        search: url.search,
-        hash: url.hash
+        pathname: url2.pathname,
+        search: url2.search,
+        hash: url2.hash
       };
     },
     push,
@@ -30728,7 +31184,7 @@ function data(data2, init) {
     typeof init === "number" ? { status: init } : init
   );
 }
-var redirect = (url, init = 302) => {
+var redirect = (url2, init = 302) => {
   let responseInit = init;
   if (typeof responseInit === "number") {
     responseInit = { status: responseInit };
@@ -30736,16 +31192,16 @@ var redirect = (url, init = 302) => {
     responseInit.status = 302;
   }
   let headers = new Headers(responseInit.headers);
-  headers.set("Location", url);
+  headers.set("Location", url2);
   return new Response(null, { ...responseInit, headers });
 };
-var redirectDocument = (url, init) => {
-  let response = redirect(url, init);
+var redirectDocument = (url2, init) => {
+  let response = redirect(url2, init);
   response.headers.set("X-Remix-Reload-Document", "true");
   return response;
 };
-var replace = (url, init) => {
-  let response = redirect(url, init);
+var replace = (url2, init) => {
+  let response = redirect(url2, init);
   response.headers.set("X-Remix-Replace", "true");
   return response;
 };
@@ -31077,7 +31533,7 @@ var IDLE_BLOCKER = {
   location: void 0
 };
 var ABSOLUTE_URL_REGEX = /^(?:[a-z][a-z0-9+.-]*:|\/\/)/i;
-var isAbsoluteUrl = (url) => ABSOLUTE_URL_REGEX.test(url);
+var isAbsoluteUrl = (url2) => ABSOLUTE_URL_REGEX.test(url2);
 var defaultMapRouteProperties = (route) => ({
   hasErrorBoundary: Boolean(route.hasErrorBoundary)
 });
@@ -32384,10 +32840,10 @@ function createRouter(init) {
       if (redirect2.response.headers.has("X-Remix-Reload-Document")) {
         isDocumentReload = true;
       } else if (isAbsoluteUrl(location)) {
-        const url = createBrowserURLImpl(location, true);
+        const url2 = createBrowserURLImpl(location, true);
         isDocumentReload = // Hard reload if it's an absolute URL to a new origin
-        url.origin !== routerWindow.location.origin || // Hard reload if it's an absolute URL that does not match our basename
-        stripBasename(url.pathname, basename) == null;
+        url2.origin !== routerWindow.location.origin || // Hard reload if it's an absolute URL that does not match our basename
+        stripBasename(url2.pathname, basename) == null;
       }
       if (isDocumentReload) {
         if (replace2) {
@@ -32899,9 +33355,9 @@ function createStaticHandler(routes, opts) {
     dataStrategy,
     generateMiddlewareResponse
   } = {}) {
-    let url = new URL(request.url);
+    let url2 = new URL(request.url);
     let method = request.method;
-    let location = createLocation("", createPath(url), null, "default");
+    let location = createLocation("", createPath(url2), null, "default");
     let matches = matchRoutes(dataRoutes, location, basename);
     requestContext = requestContext != null ? requestContext : new RouterContextProvider();
     if (!isValidMethod(method) && method !== "HEAD") {
@@ -33072,9 +33528,9 @@ function createStaticHandler(routes, opts) {
     dataStrategy,
     generateMiddlewareResponse
   } = {}) {
-    let url = new URL(request.url);
+    let url2 = new URL(request.url);
     let method = request.method;
-    let location = createLocation("", createPath(url), null, "default");
+    let location = createLocation("", createPath(url2), null, "default");
     let matches = matchRoutes(dataRoutes, location, basename);
     requestContext = requestContext != null ? requestContext : new RouterContextProvider();
     if (!isValidMethod(method) && method !== "HEAD" && method !== "OPTIONS") {
@@ -34456,8 +34912,8 @@ async function callLoaderOrAction({
         if (handler2) {
           [result] = await Promise.all([runHandler(handler2), lazyRoutePromise]);
         } else if (type2 === "action") {
-          let url = new URL(request.url);
-          let pathname = url.pathname + url.search;
+          let url2 = new URL(request.url);
+          let pathname = url2.pathname + url2.search;
           throw getInternalRouterError(405, {
             method: request.method,
             pathname,
@@ -34468,8 +34924,8 @@ async function callLoaderOrAction({
         }
       }
     } else if (!handler) {
-      let url = new URL(request.url);
-      let pathname = url.pathname + url.search;
+      let url2 = new URL(request.url);
+      let pathname = url2.pathname + url2.search;
       throw getInternalRouterError(404, {
         pathname
       });
@@ -34577,16 +35033,16 @@ function normalizeRelativeRoutingRedirectResponse(response, request, routeId, ma
 function normalizeRedirectLocation(location, currentUrl, basename) {
   if (isAbsoluteUrl(location)) {
     let normalizedLocation = location;
-    let url = normalizedLocation.startsWith("//") ? new URL(currentUrl.protocol + normalizedLocation) : new URL(normalizedLocation);
-    let isSameBasename = stripBasename(url.pathname, basename) != null;
-    if (url.origin === currentUrl.origin && isSameBasename) {
-      return url.pathname + url.search + url.hash;
+    let url2 = normalizedLocation.startsWith("//") ? new URL(currentUrl.protocol + normalizedLocation) : new URL(normalizedLocation);
+    let isSameBasename = stripBasename(url2.pathname, basename) != null;
+    if (url2.origin === currentUrl.origin && isSameBasename) {
+      return url2.pathname + url2.search + url2.hash;
     }
   }
   return location;
 }
 function createClientSideRequest(history, location, signal, submission) {
-  let url = history.createURL(stripHashFromPath(location)).toString();
+  let url2 = history.createURL(stripHashFromPath(location)).toString();
   let init = { signal };
   if (submission && isMutationMethod(submission.formMethod)) {
     let { formMethod, formEncType } = submission;
@@ -34602,7 +35058,7 @@ function createClientSideRequest(history, location, signal, submission) {
       init.body = submission.formData;
     }
   }
-  return new Request(url, init);
+  return new Request(url2, init);
 }
 function convertFormDataToSearchParams(formData) {
   let searchParams = new URLSearchParams();
@@ -37496,9 +37952,9 @@ async function singleFetchLoaderFetcherStrategy(args, fetchAndDecode, basename)
   );
   return { [fetcherMatch.route.id]: result };
 }
-function stripIndexParam(url) {
-  let indexValues = url.searchParams.getAll("index");
-  url.searchParams.delete("index");
+function stripIndexParam(url2) {
+  let indexValues = url2.searchParams.getAll("index");
+  url2.searchParams.delete("index");
   let indexValuesToKeep = [];
   for (let indexValue of indexValues) {
     if (indexValue) {
@@ -37506,36 +37962,36 @@ function stripIndexParam(url) {
     }
   }
   for (let toKeep of indexValuesToKeep) {
-    url.searchParams.append("index", toKeep);
+    url2.searchParams.append("index", toKeep);
   }
-  return url;
+  return url2;
 }
 function singleFetchUrl(reqUrl, basename, extension) {
-  let url = typeof reqUrl === "string" ? new URL(
+  let url2 = typeof reqUrl === "string" ? new URL(
     reqUrl,
     // This can be called during the SSR flow via PrefetchPageLinksImpl so
     // don't assume window is available
     typeof window === "undefined" ? "server://singlefetch/" : window.location.origin
   ) : reqUrl;
-  if (url.pathname === "/") {
-    url.pathname = `_root.${extension}`;
-  } else if (basename && stripBasename(url.pathname, basename) === "/") {
-    url.pathname = `${basename.replace(/\/$/, "")}/_root.${extension}`;
+  if (url2.pathname === "/") {
+    url2.pathname = `_root.${extension}`;
+  } else if (basename && stripBasename(url2.pathname, basename) === "/") {
+    url2.pathname = `${basename.replace(/\/$/, "")}/_root.${extension}`;
   } else {
-    url.pathname = `${url.pathname.replace(/\/$/, "")}.${extension}`;
+    url2.pathname = `${url2.pathname.replace(/\/$/, "")}.${extension}`;
   }
-  return url;
+  return url2;
 }
 async function fetchAndDecodeViaTurboStream(args, basename, targetRoutes) {
   let { request } = args;
-  let url = singleFetchUrl(request.url, basename, "data");
+  let url2 = singleFetchUrl(request.url, basename, "data");
   if (request.method === "GET") {
-    url = stripIndexParam(url);
+    url2 = stripIndexParam(url2);
     if (targetRoutes) {
-      url.searchParams.set("_routes", targetRoutes.join(","));
+      url2.searchParams.set("_routes", targetRoutes.join(","));
     }
   }
-  let res = await fetch(url, await createRequestInit(request));
+  let res = await fetch(url2, await createRequestInit(request));
   if (res.status >= 400 && !res.headers.has("X-Remix-Response")) {
     throw new ErrorResponseImpl(res.status, res.statusText, await res.text());
   }
@@ -38449,18 +38905,18 @@ async function fetchAndApplyManifestPatches(paths, errorReloadPath, manifest, ro
   const searchParams = new URLSearchParams();
   searchParams.set("paths", paths.sort().join(","));
   searchParams.set("version", manifest.version);
-  let url = new URL(
+  let url2 = new URL(
     getManifestPath(manifestPath, basename),
     window.location.origin
   );
-  url.search = searchParams.toString();
-  if (url.toString().length > URL_LIMIT) {
+  url2.search = searchParams.toString();
+  if (url2.toString().length > URL_LIMIT) {
     nextPaths.clear();
     return;
   }
   let serverPatches;
   try {
-    let res = await fetch(url, { signal });
+    let res = await fetch(url2, { signal });
     if (!res.ok) {
       throw new Error(`${res.status} ${res.statusText}`);
     } else if (res.status === 204 && res.headers.has("X-Remix-Reload-Document")) {
@@ -38743,14 +39199,14 @@ function PrefetchPageLinksImpl({
     if (routesParams.size === 0) {
       return [];
     }
-    let url = singleFetchUrl(page, basename, "data");
+    let url2 = singleFetchUrl(page, basename, "data");
     if (foundOptOutRoute && routesParams.size > 0) {
-      url.searchParams.set(
+      url2.searchParams.set(
         "_routes",
         nextMatches.filter((m2) => routesParams.has(m2.route.id)).map((m2) => m2.route.id).join(",")
       );
     }
-    return [url.pathname + url.search];
+    return [url2.pathname + url2.search];
   }, [
     basename,
     loaderData,
@@ -49745,7 +50201,7 @@ class MCPToolSavedEvent {
 function getPackageVersion() {
   try {
     if (true) {
-      return "0.9.0-canary.2";
+      return "0.9.0-canary.4";
     }
     return "0.0.0";
   } catch {
@@ -49987,7 +50443,7 @@ function useMcpContext() {
   return context;
 }
 function McpConnectionWrapper({
-  url,
+  url: url2,
   name,
   proxyConfig,
   transportType,
@@ -49996,13 +50452,13 @@ function McpConnectionWrapper({
   onRemove: _onRemove
 }) {
   const callbackUrl = typeof window !== "undefined" ? new URL("/inspector/oauth/callback", window.location.origin).toString() : "/inspector/oauth/callback";
-  let finalUrl = url;
+  let finalUrl = url2;
   let customHeaders = {};
   if (proxyConfig?.proxyAddress) {
     const proxyUrl = new URL(proxyConfig.proxyAddress);
-    const originalUrl = new URL(url);
+    const originalUrl = new URL(url2);
     finalUrl = `${proxyUrl.origin}${proxyUrl.pathname}${originalUrl.pathname}${originalUrl.search}`;
-    customHeaders["X-Target-URL"] = url;
+    customHeaders["X-Target-URL"] = url2;
   }
   if (proxyConfig?.customHeaders) {
     customHeaders = { ...customHeaders, ...proxyConfig.customHeaders };
@@ -50126,7 +50582,7 @@ function McpConnectionWrapper({
         const unreadCount = notifications.filter((n2) => !n2.read).length;
         const connection = {
           id: connectionId,
-          url,
+          url: url2,
           name: mcpHook.serverInfo?.name || name,
           // Use server-provided name if available
           state: mcpHook.state,
@@ -50165,7 +50621,7 @@ function McpConnectionWrapper({
       const unreadCount = notifications.filter((n2) => !n2.read).length;
       const connection = {
         id: connectionId,
-        url,
+        url: url2,
         name: mcpHook.serverInfo?.name || name,
         // Use server-provided name if available
         state: mcpHook.state,
@@ -50201,7 +50657,7 @@ function McpConnectionWrapper({
       }
     }
   }, [
-    url,
+    url2,
     name,
     transportType,
     proxyConfig,
@@ -50311,18 +50767,18 @@ function McpProvider({ children }) {
     localStorage.setItem("mcp-inspector-auto-connect", String(autoConnect));
   }, [autoConnect, configLoaded]);
   const addConnection = reactExports.useCallback(
-    (url, name, proxyConfig, transportType) => {
-      const existingConfig = connectionConfigs.find((c2) => c2.url === url);
-      const existingConnection = connections.find((c2) => c2.url === url);
+    (url2, name, proxyConfig, transportType) => {
+      const existingConfig = connectionConfigs.find((c2) => c2.url === url2);
+      const existingConnection = connections.find((c2) => c2.url === url2);
       if (existingConfig && existingConnection) {
         const proxyConfigChanged = JSON.stringify(existingConfig.proxyConfig) !== JSON.stringify(proxyConfig);
         if (proxyConfigChanged && proxyConfig) {
-          setConnectionConfigs((prev) => prev.filter((c2) => c2.url !== url));
-          setConnections((prev) => prev.filter((c2) => c2.url !== url));
+          setConnectionConfigs((prev) => prev.filter((c2) => c2.url !== url2));
+          setConnections((prev) => prev.filter((c2) => c2.url !== url2));
           setTimeout(() => {
             const newConfig2 = {
-              id: url,
-              url,
+              id: url2,
+              url: url2,
               name: name || existingConfig.name || "MCP Server",
               proxyConfig,
               transportType: transportType || existingConfig.transportType
@@ -50331,8 +50787,8 @@ function McpProvider({ children }) {
             setConnections((prev) => [
               ...prev,
               {
-                id: url,
-                url,
+                id: url2,
+                url: url2,
                 name: name || existingConfig.name || "MCP Server",
                 state: "connecting",
                 tools: [],
@@ -50379,7 +50835,7 @@ function McpProvider({ children }) {
         if (proxyConfig || transportType) {
           setConnectionConfigs(
             (prev) => prev.map(
-              (c2) => c2.url === url ? {
+              (c2) => c2.url === url2 ? {
                 ...c2,
                 proxyConfig: proxyConfig || c2.proxyConfig,
                 transportType: transportType || c2.transportType,
@@ -50391,8 +50847,8 @@ function McpProvider({ children }) {
         setConnections((prev) => [
           ...prev,
           {
-            id: existingConfig.id || url,
-            url,
+            id: existingConfig.id || url2,
+            url: url2,
             name: name || existingConfig.name || "MCP Server",
             state: "connecting",
             tools: [],
@@ -50433,8 +50889,8 @@ function McpProvider({ children }) {
         return;
       }
       const newConfig = {
-        id: url,
-        url,
+        id: url2,
+        url: url2,
         name: name || "MCP Server",
         proxyConfig,
         transportType
@@ -50443,8 +50899,8 @@ function McpProvider({ children }) {
       setConnections((prev) => [
         ...prev,
         {
-          id: url,
-          url,
+          id: url2,
+          url: url2,
           name: name || "MCP Server",
           state: "connecting",
           tools: [],
@@ -54063,7 +54519,7 @@ function CustomHeadersEditor({
 function ConnectionSettingsForm({
   transportType,
   setTransportType,
-  url,
+  url: url2,
   setUrl,
   connectionType,
   setConnectionType,
@@ -54098,12 +54554,12 @@ function ConnectionSettingsForm({
   const [authDialogOpen, setAuthDialogOpen] = reactExports.useState(false);
   const [configDialogOpen, setConfigDialogOpen] = reactExports.useState(false);
   const handleCopyConfig = async () => {
-    if (!url.trim()) {
+    if (!url2.trim()) {
       toast.error("Please enter a URL first");
       return;
     }
     const config2 = {
-      url,
+      url: url2,
       transportType: transportType === "SSE" ? "http" : "sse",
       connectionType,
       proxyConfig: connectionType === "Via Proxy" && proxyAddress.trim() ? {
@@ -54202,7 +54658,7 @@ function ConnectionSettingsForm({
       const target = e.target;
       if (target.tagName !== "TEXTAREA") {
         e.preventDefault();
-        if (onConnect && url.trim()) {
+        if (onConnect && url2.trim()) {
           onConnect();
         }
       }
@@ -54241,7 +54697,7 @@ function ConnectionSettingsForm({
         Input,
         {
           placeholder: "http://localhost:3001/sse",
-          value: url,
+          value: url2,
           onChange: (e) => setUrl(e.target.value),
           onPaste: handlePaste,
           className: inputClassName
@@ -54471,7 +54927,7 @@ function ConnectionSettingsForm({
       Button,
       {
         onClick: onConnect,
-        disabled: !url.trim() || isConnecting,
+        disabled: !url2.trim() || isConnecting,
         className: cn$1(
           "w-full font-semibold",
           isStyled ? "bg-white text-black hover:bg-white/90" : ""
@@ -54532,7 +54988,7 @@ function ServerConnectionModal({
   onConnect
 }) {
   const [transportType, setTransportType] = reactExports.useState("SSE");
-  const [url, setUrl] = reactExports.useState("");
+  const [url2, setUrl] = reactExports.useState("");
   const [connectionType, setConnectionType] = reactExports.useState("Direct");
   const [customHeaders, setCustomHeaders] = reactExports.useState([]);
   const [requestTimeout, setRequestTimeout] = reactExports.useState("10000");
@@ -54573,7 +55029,20 @@ function ServerConnectionModal({
     }
   }, [connection, open]);
   const handleConnect = () => {
-    if (!url.trim()) return;
+    if (!url2.trim()) return;
+    try {
+      const parsedUrl = new URL(url2.trim());
+      const isValid = parsedUrl.protocol === "http:" || parsedUrl.protocol === "https:" || parsedUrl.protocol === "ws:" || parsedUrl.protocol === "wss:";
+      if (!isValid) {
+        toast.error(
+          "Invalid URL protocol. Please use http://, https://, ws://, or wss://"
+        );
+        return;
+      }
+    } catch (error) {
+      toast.error("Invalid URL format. Please enter a valid URL.");
+      return;
+    }
     const proxyConfig = connectionType === "Via Proxy" && proxyAddress.trim() ? {
       proxyAddress: proxyAddress.trim(),
       customHeaders: customHeaders.reduce(
@@ -54598,7 +55067,7 @@ function ServerConnectionModal({
     };
     const actualTransportType = transportType === "SSE" ? "http" : "sse";
     onConnect({
-      url,
+      url: url2,
       name: connection?.name,
       transportType: actualTransportType,
       proxyConfig
@@ -54612,7 +55081,7 @@ function ServerConnectionModal({
       {
         transportType,
         setTransportType,
-        url,
+        url: url2,
         setUrl,
         connectionType,
         setConnectionType,
@@ -62145,8 +62614,8 @@ function getCachedFavicon(domain) {
   }
   return null;
 }
-async function fetchAndCacheImage(url, domain) {
-  const response = await fetch(url);
+async function fetchAndCacheImage(url2, domain) {
+  const response = await fetch(url2);
   const blob = await response.blob();
   return new Promise((resolve2, reject) => {
     const reader = new FileReader();
@@ -62404,7 +62873,7 @@ function InspectorDashboard() {
     });
   }, []);
   const [transportType, setTransportType] = reactExports.useState("SSE");
-  const [url, setUrl] = reactExports.useState("");
+  const [url2, setUrl] = reactExports.useState("");
   const [connectionType, setConnectionType] = reactExports.useState("Direct");
   const [customHeaders, setCustomHeaders] = reactExports.useState([]);
   const [requestTimeout, setRequestTimeout] = reactExports.useState("10000");
@@ -62431,7 +62900,22 @@ function InspectorDashboard() {
   }, []);
   const handleAddConnection = reactExports.useCallback(
     (isRetry = false, overrideConnectionType) => {
-      if (!url.trim()) return;
+      if (!url2.trim()) return;
+      if (!isRetry) {
+        try {
+          const parsedUrl = new URL(url2.trim());
+          const isValid = parsedUrl.protocol === "http:" || parsedUrl.protocol === "https:" || parsedUrl.protocol === "ws:" || parsedUrl.protocol === "wss:";
+          if (!isValid) {
+            toast.error(
+              "Invalid URL protocol. Please use http://, https://, ws://, or wss://"
+            );
+            return;
+          }
+        } catch (error) {
+          toast.error("Invalid URL format. Please enter a valid URL.");
+          return;
+        }
+      }
       setIsConnecting(true);
       hasShownToastRef.current = false;
       if (!isRetry) {
@@ -62462,13 +62946,13 @@ function InspectorDashboard() {
       };
       const actualTransportType = transportType === "SSE" ? "http" : "sse";
       setPendingConnectionConfig({
-        url,
-        name: url,
+        url: url2,
+        name: url2,
         proxyConfig,
         transportType: actualTransportType
       });
     },
-    [url, connectionType, proxyAddress, customHeaders, transportType]
+    [url2, connectionType, proxyAddress, customHeaders, transportType]
   );
   const handleConnectionSuccess = reactExports.useCallback(() => {
     if (!pendingConnectionConfig) return;
@@ -62946,7 +63430,7 @@ function InspectorDashboard() {
         {
           transportType,
           setTransportType,
-          url,
+          url: url2,
           setUrl,
           connectionType,
           setConnectionType,
@@ -63130,16 +63614,16 @@ function useAutoConnect({
   }, [autoConnectConfig]);
   const attemptConnection = reactExports.useCallback(
     (config2) => {
-      const { url, name, transportType, connectionType, customHeaders } = config2;
+      const { url: url2, name, transportType, connectionType, customHeaders } = config2;
       const proxyConfig = connectionType === "Via Proxy" ? {
         proxyAddress: `${window.location.origin}/inspector/api/proxy/mcp`,
         customHeaders: customHeaders || {}
       } : customHeaders && Object.keys(customHeaders).length > 0 ? { proxyAddress: void 0, customHeaders } : void 0;
       console.warn(
         `[useAutoConnect] Attempting connection (${connectionType}):`,
-        { url, transportType, proxyConfig }
+        { url: url2, transportType, proxyConfig }
       );
-      addConnection(url, name, proxyConfig, transportType);
+      addConnection(url2, name, proxyConfig, transportType);
     },
     [addConnection]
   );
@@ -91038,14 +91522,14 @@ function downloadJSON(data2, filename) {
     const blob = new BlobConstructor([jsonString], {
       type: "application/json"
     });
-    const url = URL.createObjectURL(blob);
+    const url2 = URL.createObjectURL(blob);
     const a2 = document.createElement("a");
-    a2.href = url;
+    a2.href = url2;
     a2.download = filename || `data-${Date.now()}.json`;
     document.body.appendChild(a2);
     a2.click();
     document.body.removeChild(a2);
-    URL.revokeObjectURL(url);
+    URL.revokeObjectURL(url2);
   } catch (error) {
     console.error("Failed to download JSON:", error);
     throw error;
@@ -96144,7 +96628,7 @@ function useChatMessagesClientSide({
           let llm;
           if (llmConfig.provider === "openai") {
             const { ChatOpenAI } = await __vitePreload(async () => {
-              const { ChatOpenAI: ChatOpenAI2 } = await import("./index-DoWSnGj3.js");
+              const { ChatOpenAI: ChatOpenAI2 } = await import("./index-DD0wWmuA.js");
               return { ChatOpenAI: ChatOpenAI2 };
             }, true ? __vite__mapDeps([5,6,3,7,8]) : void 0);
             llm = new ChatOpenAI({
@@ -96153,7 +96637,7 @@ function useChatMessagesClientSide({
             });
           } else if (llmConfig.provider === "anthropic") {
             const { ChatAnthropic } = await __vitePreload(async () => {
-              const { ChatAnthropic: ChatAnthropic2 } = await import("./index-BCYl76Jb.js");
+              const { ChatAnthropic: ChatAnthropic2 } = await import("./index-DiEpOjl1.js");
               return { ChatAnthropic: ChatAnthropic2 };
             }, true ? __vite__mapDeps([9,6,3]) : void 0);
             llm = new ChatAnthropic({
@@ -96162,7 +96646,7 @@ function useChatMessagesClientSide({
             });
           } else if (llmConfig.provider === "google") {
             const { ChatGoogleGenerativeAI } = await __vitePreload(async () => {
-              const { ChatGoogleGenerativeAI: ChatGoogleGenerativeAI2 } = await import("./index-CV9pPOH9.js");
+              const { ChatGoogleGenerativeAI: ChatGoogleGenerativeAI2 } = await import("./index-DgPlosep.js");
               return { ChatGoogleGenerativeAI: ChatGoogleGenerativeAI2 };
             }, true ? __vite__mapDeps([10,6,3,8]) : void 0);
             llm = new ChatGoogleGenerativeAI({
@@ -96181,7 +96665,7 @@ function useChatMessagesClientSide({
         }
         if (!agentRef.current || agentRef.current.llm !== llmRef.current.instance) {
           const { MCPAgent } = await __vitePreload(async () => {
-            const { MCPAgent: MCPAgent2 } = await import("./browser-B7TIAiNJ.js");
+            const { MCPAgent: MCPAgent2 } = await import("./browser-CwknRi82.js");
             return { MCPAgent: MCPAgent2 };
           }, true ? __vite__mapDeps([11,7,6,3,2,4,8]) : void 0);
           agentRef.current = new MCPAgent({
@@ -99281,14 +99765,14 @@ function NotificationsTab({
           type: "application/json"
         }
       );
-      const url = URL.createObjectURL(blob);
+      const url2 = URL.createObjectURL(blob);
       const a2 = document.createElement("a");
-      a2.href = url;
+      a2.href = url2;
       a2.download = `notification-${Date.now()}.json`;
       document.body.appendChild(a2);
       a2.click();
       document.body.removeChild(a2);
-      URL.revokeObjectURL(url);
+      URL.revokeObjectURL(url2);
     } catch (error) {
       console.error(
         "[NotificationsTab] Failed to download notification:",
@@ -100457,7 +100941,7 @@ function PromptsTab({
                   defaultSize: 0,
                   collapsible: true,
                   minSize: 5,
-                  collapsedSize: 6,
+                  collapsedSize: 5,
                   onCollapse: () => setRpcPanelCollapsed(true),
                   onExpand: () => setRpcPanelCollapsed(false),
                   className: "flex flex-col border-t dark:border-zinc-700",
@@ -101107,14 +101591,14 @@ function ResourcesTab({
           type: "application/json"
         }
       );
-      const url = URL.createObjectURL(blob);
+      const url2 = URL.createObjectURL(blob);
       const a2 = document.createElement("a");
-      a2.href = url;
+      a2.href = url2;
       a2.download = `resource-${Date.now()}.json`;
       document.body.appendChild(a2);
       a2.click();
       document.body.removeChild(a2);
-      URL.revokeObjectURL(url);
+      URL.revokeObjectURL(url2);
     } catch (error) {
       console.error("[ResourcesTab] Failed to download result:", error);
     }
@@ -101273,7 +101757,7 @@ function ResourcesTab({
               defaultSize: 0,
               collapsible: true,
               minSize: 5,
-              collapsedSize: 6,
+              collapsedSize: 5,
               onCollapse: () => setRpcPanelCollapsed(true),
               onExpand: () => setRpcPanelCollapsed(false),
               className: "flex flex-col border-t dark:border-zinc-700",
@@ -102923,7 +103407,7 @@ function ToolsTab({
                   defaultSize: 0,
                   collapsible: true,
                   minSize: 5,
-                  collapsedSize: 6,
+                  collapsedSize: 5,
                   onCollapse: () => {
                     setRpcPanelCollapsed(true);
                   },