@mcpstack/agent-sdk 1.0.0-pr.16.7572c080abaa.13.1

package/dist/index.js

@@ -0,0 +1,2649 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  McpStackAgent: () => McpStackAgent,
+  clearPersistedMcpAuth: () => clearPersistedMcpAuth,
+  clearPersistedMcpAuthState: () => clearPersistedMcpAuthState
+});
+module.exports = __toCommonJS(index_exports);
+
+// src/core/sse-client.ts
+function* parseEventBlocks(input) {
+  const normalized = input.replace(/\r\n/g, "\n");
+  const eventBlocks = normalized.split("\n\n");
+  for (const eventBlock of eventBlocks) {
+    if (!eventBlock.trim()) continue;
+    let eventType = "";
+    const dataLines = [];
+    for (const line of eventBlock.split("\n")) {
+      if (line.startsWith("event: ")) {
+        eventType = line.slice("event: ".length);
+      } else if (line.startsWith("data: ")) {
+        dataLines.push(line.slice("data: ".length));
+      } else if (line === "data:") {
+        dataLines.push("");
+      }
+    }
+    if (!eventType || dataLines.length === 0) {
+      continue;
+    }
+    try {
+      const parsed = JSON.parse(dataLines.join("\n"));
+      yield { type: eventType, data: parsed };
+    } catch {
+    }
+  }
+}
+async function* parseSseStream(response, signal) {
+  const reader = response.body?.getReader();
+  if (!reader) {
+    const text = await response.text().catch(() => "");
+    yield* parseEventBlocks(text);
+    return;
+  }
+  const decoder = new TextDecoder();
+  let buffer = "";
+  try {
+    while (true) {
+      if (signal?.aborted) break;
+      const { done, value } = await reader.read();
+      if (done) break;
+      buffer += decoder.decode(value, { stream: true });
+      const normalized = buffer.replace(/\r\n/g, "\n");
+      const events = normalized.split("\n\n");
+      buffer = events.pop() ?? "";
+      for (const eventBlock of events) {
+        yield* parseEventBlocks(eventBlock);
+      }
+    }
+    if (buffer.trim()) {
+      yield* parseEventBlocks(buffer);
+    }
+  } finally {
+    reader.releaseLock();
+  }
+}
+
+// src/core/auth/registration.ts
+var REGISTRATION_STORAGE_PREFIX = "mcpstack_oauth_registration_";
+function getStorage(storage) {
+  if (storage) {
+    return storage;
+  }
+  try {
+    return typeof localStorage === "undefined" ? null : localStorage;
+  } catch {
+    return null;
+  }
+}
+function encodeCacheKey(raw) {
+  return btoa(raw).replace(/[^a-zA-Z0-9]/g, "");
+}
+function getPreferredRegistrationPreference(authConfig) {
+  return authConfig?.registrationPreference ?? "auto";
+}
+function getEffectiveCallbackUrl(authConfig, fallbackCallbackUrl) {
+  const configuredCallbackUrl = authConfig?.callbackUrl?.trim();
+  if (!configuredCallbackUrl) {
+    return fallbackCallbackUrl;
+  }
+  if (isNativeCallbackUrl(fallbackCallbackUrl) && !isNativeCallbackUrl(configuredCallbackUrl)) {
+    return fallbackCallbackUrl;
+  }
+  return configuredCallbackUrl;
+}
+function buildRegistrationCacheKey(authConfig, callbackUrl, requestedMode) {
+  const raw = [
+    authConfig.authorizationServerUrl ?? "",
+    authConfig.authorizationServerMetadataUrl ?? "",
+    authConfig.resource ?? "",
+    callbackUrl,
+    requestedMode
+  ].join("|");
+  return encodeCacheKey(raw);
+}
+function buildTokenCacheKey(authConfig, mcpServerUrl) {
+  if (!authConfig) {
+    return encodeCacheKey(`legacy|${mcpServerUrl}`);
+  }
+  const callbackUrl = authConfig.callbackUrl ?? "";
+  const clientMode = authConfig.clientMode ?? "manual";
+  const raw = [
+    authConfig.authorizationServerUrl ?? mcpServerUrl,
+    authConfig.resource ?? "",
+    callbackUrl,
+    clientMode
+  ].join("|");
+  return encodeCacheKey(raw);
+}
+function loadStoredRegistration(cacheKey, storage) {
+  const targetStorage = getStorage(storage);
+  if (!targetStorage) return null;
+  try {
+    const raw = targetStorage.getItem(`${REGISTRATION_STORAGE_PREFIX}${cacheKey}`);
+    if (!raw) return null;
+    return JSON.parse(raw);
+  } catch {
+    return null;
+  }
+}
+function saveStoredRegistration(registration, storage) {
+  const targetStorage = getStorage(storage);
+  if (!targetStorage) return;
+  try {
+    targetStorage.setItem(
+      `${REGISTRATION_STORAGE_PREFIX}${registration.key}`,
+      JSON.stringify(registration)
+    );
+  } catch {
+  }
+}
+function applyResolvedRegistration(authConfig, registration) {
+  return {
+    ...authConfig,
+    callbackUrl: registration.callbackUrl,
+    clientId: registration.clientId ?? authConfig.clientId,
+    clientMode: registration.mode,
+    resource: registration.resource ?? authConfig.resource,
+    authorizationServerUrl: registration.authorizationServerUrl ?? authConfig.authorizationServerUrl,
+    authorizationServerMetadataUrl: registration.authorizationServerMetadataUrl ?? authConfig.authorizationServerMetadataUrl,
+    registrationEndpoint: registration.registrationEndpoint ?? authConfig.registrationEndpoint
+  };
+}
+function createResolvedRegistration(authConfig, mode, callbackUrl, clientId, clientMetadataUrl) {
+  return {
+    cacheKey: buildRegistrationCacheKey(authConfig, callbackUrl, mode),
+    mode,
+    clientId,
+    callbackUrl,
+    resource: authConfig.resource,
+    authorizationServerUrl: authConfig.authorizationServerUrl,
+    authorizationServerMetadataUrl: authConfig.authorizationServerMetadataUrl,
+    registrationEndpoint: authConfig.registrationEndpoint,
+    clientMetadataUrl
+  };
+}
+function shouldAttemptMode(preferred, candidate) {
+  return preferred === "auto" || preferred === candidate;
+}
+function isLoopbackHost(hostname) {
+  return hostname === "localhost" || hostname === "127.0.0.1" || hostname === "[::1]" || hostname === "::1";
+}
+function isNativeCallbackUrl(callbackUrl) {
+  try {
+    const url = new URL(callbackUrl);
+    return url.protocol !== "http:" && url.protocol !== "https:";
+  } catch {
+    return !callbackUrl.startsWith("http://") && !callbackUrl.startsWith("https://");
+  }
+}
+function inferApplicationType(callbackUrl) {
+  try {
+    const url = new URL(callbackUrl);
+    if (url.protocol === "http:" || url.protocol === "https:") {
+      return isLoopbackHost(url.hostname) ? "native" : "web";
+    }
+    return "native";
+  } catch {
+    return "native";
+  }
+}
+async function registerPublicClient(authConfig, options) {
+  const fetchImpl = options.fetchImpl ?? fetch;
+  const callbackUrl = options.callbackUrl;
+  const registration = createResolvedRegistration(authConfig, "dcr", callbackUrl);
+  if (!authConfig.registrationEndpoint) {
+    throw new Error("Dynamic client registration is not available for this server.");
+  }
+  const existing = loadStoredRegistration(registration.cacheKey, options.storage);
+  if (existing?.clientId) {
+    return {
+      ...registration,
+      clientId: existing.clientId
+    };
+  }
+  const requestBody = {
+    client_name: options.clientName ?? "MCP Stack MCP Client",
+    application_type: inferApplicationType(callbackUrl),
+    redirect_uris: [callbackUrl],
+    grant_types: ["authorization_code", "refresh_token"],
+    response_types: ["code"],
+    token_endpoint_auth_method: "none",
+    scope: authConfig.scopes?.join(" "),
+    client_uri: options.clientUri
+  };
+  const response = await fetchImpl(authConfig.registrationEndpoint, {
+    method: "POST",
+    headers: {
+      Accept: "application/json",
+      "Content-Type": "application/json"
+    },
+    body: JSON.stringify(requestBody)
+  });
+  if (!response.ok) {
+    const errorText = await response.text().catch(() => "Dynamic client registration failed.");
+    throw new Error(`Dynamic client registration failed (${response.status}): ${errorText}`);
+  }
+  const payload = await response.json();
+  if (!payload.client_id) {
+    throw new Error("Dynamic client registration response did not include a client_id.");
+  }
+  saveStoredRegistration({
+    key: registration.cacheKey,
+    mode: "dcr",
+    authorizationServerUrl: authConfig.authorizationServerUrl ?? "",
+    authorizationServerMetadataUrl: authConfig.authorizationServerMetadataUrl,
+    registrationEndpoint: authConfig.registrationEndpoint,
+    clientId: payload.client_id,
+    callbackUrl,
+    resource: authConfig.resource,
+    createdAt: Date.now(),
+    updatedAt: Date.now()
+  }, options.storage);
+  return {
+    ...registration,
+    clientId: payload.client_id
+  };
+}
+async function resolveOAuthRegistration(authConfig, options) {
+  const callbackUrl = getEffectiveCallbackUrl(authConfig, options.callbackUrl);
+  const preferred = getPreferredRegistrationPreference(authConfig);
+  const preregClientId = authConfig.clientId?.trim();
+  if (preregClientId && shouldAttemptMode(preferred, "preregistered")) {
+    return createResolvedRegistration(
+      authConfig,
+      "preregistered",
+      callbackUrl,
+      preregClientId
+    );
+  }
+  if (authConfig.clientIdMetadataDocumentSupported && options.oauthClientMetadataUrl && shouldAttemptMode(preferred, "cimd")) {
+    return createResolvedRegistration(
+      authConfig,
+      "cimd",
+      callbackUrl,
+      options.oauthClientMetadataUrl,
+      options.oauthClientMetadataUrl
+    );
+  }
+  if (authConfig.registrationEndpoint && shouldAttemptMode(preferred, "dcr")) {
+    return registerPublicClient(authConfig, {
+      ...options,
+      callbackUrl
+    });
+  }
+  return createResolvedRegistration(
+    authConfig,
+    preregClientId ? "preregistered" : "manual",
+    callbackUrl,
+    preregClientId
+  );
+}
+
+// src/core/auth-storage.ts
+var LEGACY_OAUTH_TOKEN_STORAGE_PREFIX = "mcpstack_oauth_";
+var REGISTRATION_STORAGE_PREFIX2 = "mcpstack_oauth_registration_";
+var SCOPED_OAUTH_TOKEN_STORAGE_PREFIX = "mcpstack_oauth_session_";
+var OAUTH_CALLBACK_STORAGE_PREFIX = "mcpstack-oauth-callback:";
+function hashAuthSessionKey(value) {
+  let hash = 2166136261;
+  for (let index = 0; index < value.length; index += 1) {
+    hash ^= value.charCodeAt(index);
+    hash = Math.imul(hash, 16777619);
+  }
+  return (hash >>> 0).toString(36);
+}
+function normalizeAuthSessionKey(value) {
+  if (typeof value !== "string") {
+    return null;
+  }
+  const normalized = value.trim();
+  return normalized || null;
+}
+function resolveExplicitAuthSessionKey(config) {
+  return normalizeAuthSessionKey(config.authSessionKey);
+}
+function buildScopedOAuthTokenStoragePrefix(authSessionKey) {
+  const normalizedSessionKey = normalizeAuthSessionKey(authSessionKey);
+  if (!normalizedSessionKey) {
+    return LEGACY_OAUTH_TOKEN_STORAGE_PREFIX;
+  }
+  return `${SCOPED_OAUTH_TOKEN_STORAGE_PREFIX}${hashAuthSessionKey(normalizedSessionKey)}_`;
+}
+function buildScopedOAuthTokenStorageKey(cacheKey, authSessionKey) {
+  return `${buildScopedOAuthTokenStoragePrefix(authSessionKey)}${cacheKey}`;
+}
+function getStorage2(storage) {
+  if (storage) {
+    return storage;
+  }
+  try {
+    return typeof localStorage === "undefined" ? null : localStorage;
+  } catch {
+    return null;
+  }
+}
+function clearPersistedMcpAuthState(options = {}) {
+  const storage = getStorage2(options.storage);
+  if (!storage) {
+    return;
+  }
+  const scopedPrefix = buildScopedOAuthTokenStoragePrefix(
+    options.authSessionKey
+  );
+  const tokenPrefixes = options.clearAll ? [LEGACY_OAUTH_TOKEN_STORAGE_PREFIX, SCOPED_OAUTH_TOKEN_STORAGE_PREFIX] : [scopedPrefix];
+  try {
+    for (let index = storage.length - 1; index >= 0; index -= 1) {
+      const key = storage.key(index);
+      if (!key) {
+        continue;
+      }
+      if (key.startsWith(OAUTH_CALLBACK_STORAGE_PREFIX)) {
+        storage.removeItem(key);
+        continue;
+      }
+      if (key.startsWith(REGISTRATION_STORAGE_PREFIX2)) {
+        continue;
+      }
+      if (tokenPrefixes.some((prefix) => key.startsWith(prefix))) {
+        storage.removeItem(key);
+      }
+    }
+  } catch {
+  }
+}
+function clearPersistedMcpAuth() {
+  clearPersistedMcpAuthState({ clearAll: true });
+}
+
+// src/core/EmcyAgent.ts
+var DEFAULT_MCP_PROTOCOL_VERSION = "2025-11-25";
+var DEFAULT_LOCAL_PUBLIC_APP_PORT = "3100";
+var DEFAULT_OAUTH_CALLBACK_URL = "https://mcpstack.com/oauth/callback";
+var DEFAULT_OAUTH_CLIENT_METADATA_URL = "https://mcpstack.com/.well-known/oauth-client-metadata.json";
+var DEFAULT_AUDIO_TURN_DETECTION = {
+  enabled: true,
+  autoSubmit: true,
+  silenceDurationMs: 850,
+  minSpeechDurationMs: 180,
+  noSpeechTimeoutMs: 12e3,
+  speechThreshold: 0.012,
+  noiseMultiplier: 2.4
+};
+var AUDIO_ACTIVITY_EMIT_INTERVAL_MS = 120;
+var MIN_AUDIO_LEVEL_DELTA_FOR_STATE = 0.03;
+function isLocalhostHost(hostname) {
+  return hostname === "localhost" || hostname === "127.0.0.1" || hostname === "[::1]";
+}
+function getDefaultOAuthHelperOrigin(agentServiceUrl) {
+  if (!agentServiceUrl) {
+    return DEFAULT_OAUTH_CALLBACK_URL.replace(/\/oauth\/callback$/, "");
+  }
+  try {
+    const url = new URL(agentServiceUrl);
+    if (isLocalhostHost(url.hostname)) {
+      return `${url.protocol}//${url.hostname}:${DEFAULT_LOCAL_PUBLIC_APP_PORT}`;
+    }
+  } catch {
+  }
+  return DEFAULT_OAUTH_CALLBACK_URL.replace(/\/oauth\/callback$/, "");
+}
+function getDefaultOAuthCallbackUrl(agentServiceUrl) {
+  return `${getDefaultOAuthHelperOrigin(agentServiceUrl)}/oauth/callback`;
+}
+function getDefaultOAuthClientMetadataUrl(agentServiceUrl) {
+  return `${getDefaultOAuthHelperOrigin(agentServiceUrl)}/.well-known/oauth-client-metadata.json`;
+}
+function buildEmbeddedExchangeUrl(mcpServerUrl) {
+  const url = new URL(mcpServerUrl);
+  if (/\/mcp\/?$/i.test(url.pathname)) {
+    url.pathname = url.pathname.replace(/\/mcp\/?$/i, "/embedded/exchange");
+  } else {
+    url.pathname = `${url.pathname.replace(/\/$/, "")}/embedded/exchange`;
+  }
+  return url.toString();
+}
+function normalizeOAuthTokenResponse(payload, authConfig) {
+  const accessToken = typeof payload.accessToken === "string" ? payload.accessToken : typeof payload.access_token === "string" ? payload.access_token : "";
+  if (!accessToken) {
+    return void 0;
+  }
+  return {
+    accessToken,
+    refreshToken: typeof payload.refreshToken === "string" ? payload.refreshToken : typeof payload.refresh_token === "string" ? payload.refresh_token : void 0,
+    expiresIn: typeof payload.expiresIn === "number" ? payload.expiresIn : typeof payload.expires_in === "number" ? payload.expires_in : void 0,
+    tokenType: typeof payload.tokenType === "string" ? payload.tokenType : typeof payload.token_type === "string" ? payload.token_type : "Bearer",
+    resolvedAuthConfig: authConfig
+  };
+}
+function createAppTokenAuthHandler(agentId, auth) {
+  return async (mcpServerUrl, authConfig) => {
+    const appToken = await auth.getToken();
+    const trimmedToken = appToken?.trim();
+    if (!trimmedToken) {
+      return void 0;
+    }
+    const headers = {
+      "Content-Type": "application/json",
+      Authorization: `Bearer ${trimmedToken}`
+    };
+    if (auth.appId?.trim()) {
+      headers["x-mcpstack-embedded-app-id"] = auth.appId.trim();
+    }
+    const body = {
+      agentId,
+      resource: authConfig.resource ?? mcpServerUrl,
+      scopes: authConfig.scopes
+    };
+    if (auth.appId?.trim()) {
+      body.appId = auth.appId.trim();
+    }
+    const response = await fetch(buildEmbeddedExchangeUrl(mcpServerUrl), {
+      method: "POST",
+      headers,
+      body: JSON.stringify(body)
+    });
+    const payload = await response.json().catch(() => null);
+    if (!response.ok) {
+      const description = typeof payload?.error_description === "string" ? payload.error_description : typeof payload?.error === "string" ? payload.error : `App token exchange failed (${response.status}).`;
+      throw new Error(description);
+    }
+    return normalizeOAuthTokenResponse(payload ?? {}, authConfig);
+  };
+}
+function extractErrorMessage(payload) {
+  if (typeof payload === "string") {
+    const message = payload.trim();
+    return message || null;
+  }
+  if (!payload || typeof payload !== "object") {
+    return null;
+  }
+  const record = payload;
+  for (const key of ["error", "message", "detail"]) {
+    const value = record[key];
+    if (typeof value === "string" && value.trim()) {
+      return value.trim();
+    }
+  }
+  return null;
+}
+async function getResponseErrorMessage(response) {
+  const fallback = `HTTP ${response.status}`;
+  try {
+    const payload = await response.clone().json();
+    const message = extractErrorMessage(payload);
+    if (message) {
+      return message;
+    }
+  } catch {
+  }
+  const text = await response.text().catch(() => "");
+  return text.trim() || fallback;
+}
+function parameterToJsonSchema(parameter) {
+  const schema = {
+    type: parameter.type
+  };
+  if (parameter.description) {
+    schema.description = parameter.description;
+  }
+  if (parameter.enum) {
+    schema.enum = parameter.enum;
+  }
+  if (parameter.type === "array") {
+    schema.items = parameter.items ? parameterToJsonSchema(parameter.items) : { type: "string" };
+  }
+  if (parameter.type === "object" && parameter.properties) {
+    const properties = {};
+    const required = [];
+    for (const [key, child] of Object.entries(parameter.properties)) {
+      properties[key] = parameterToJsonSchema(child);
+      if (child.required) required.push(key);
+    }
+    schema.properties = properties;
+    schema.required = required;
+  }
+  if (parameter.additionalProperties !== void 0) {
+    schema.additionalProperties = typeof parameter.additionalProperties === "boolean" ? parameter.additionalProperties : parameterToJsonSchema(parameter.additionalProperties);
+  }
+  return schema;
+}
+function parametersToJsonSchema(params) {
+  const properties = {};
+  const required = [];
+  for (const [key, p] of Object.entries(params)) {
+    properties[key] = parameterToJsonSchema(p);
+    if (p.required) required.push(key);
+  }
+  return { type: "object", properties, required };
+}
+var McpStackAgent = class {
+  constructor(config) {
+    this.agentConfig = null;
+    this.budgetSnapshot = null;
+    this.conversationId = null;
+    this.messages = [];
+    this.historyCursor = null;
+    this.hasOlderMessages = false;
+    this.isLoadingHistory = false;
+    this.abortController = null;
+    this.isLoading = false;
+    this.listeners = /* @__PURE__ */ new Map();
+    /** Per-server MCP session tracking */
+    this.mcpSessions = /* @__PURE__ */ new Map();
+    /** OAuth tokens per MCP server URL (standalone mode only) */
+    this.oauthTokens = /* @__PURE__ */ new Map();
+    /** Servers explicitly disconnected by the user and awaiting manual re-auth */
+    this.manuallySignedOutServers = /* @__PURE__ */ new Set();
+    this.audioState = {
+      status: "idle",
+      isSupported: false,
+      isEnabled: false,
+      transcript: "",
+      partialTranscript: "",
+      error: null
+    };
+    this.audioStream = null;
+    this.audioContext = null;
+    this.audioSource = null;
+    this.audioProcessor = null;
+    this.audioSilentGain = null;
+    this.audioSocket = null;
+    this.audioSessionTimer = null;
+    this.audioSessionStopRequested = false;
+    this.audioFinalTranscript = "";
+    this.audioTurnState = null;
+    const appTokenAuthHandler = config.auth?.mode === "app-token" ? createAppTokenAuthHandler(config.agentId, config.auth) : void 0;
+    this.config = {
+      ...config,
+      agentServiceUrl: config.agentServiceUrl ?? "https://api.mcpstack.com",
+      oauthCallbackUrl: config.oauthCallbackUrl ?? getDefaultOAuthCallbackUrl(config.agentServiceUrl),
+      oauthClientMetadataUrl: config.oauthClientMetadataUrl ?? getDefaultOAuthClientMetadataUrl(config.agentServiceUrl),
+      onAuthRequired: config.onAuthRequired ?? appTokenAuthHandler
+    };
+    this.audioState = this.buildAudioState({ status: "idle" });
+  }
+  async resolveAuthToken() {
+    if (this.config.getAuthToken) {
+      const token = await this.config.getAuthToken();
+      if (token) return token;
+    }
+    return this.config.apiKey;
+  }
+  /** Initialize: fetch agent config (tools, widget settings, MCP servers) */
+  async init() {
+    const token = await this.resolveAuthToken();
+    const response = await fetch(
+      `${this.config.agentServiceUrl}/api/v1/agents/${this.config.agentId}/config`,
+      {
+        headers: {
+          Authorization: `Bearer ${token}`
+        }
+      }
+    );
+    if (!response.ok) {
+      throw new Error(await getResponseErrorMessage(response));
+    }
+    this.agentConfig = await response.json();
+    this.audioState = this.buildAudioState({ status: "idle" });
+    this.emit("audio_state", this.audioState);
+    await this.refreshBudgetSnapshot().catch(() => void 0);
+    if (this.agentConfig?.mcpServers?.length) {
+      await Promise.all(
+        this.agentConfig.mcpServers.map(async (server) => {
+          server.authConfig = await this.resolveServerAuthConfig(server.url, server.authConfig ?? null);
+        })
+      );
+    }
+    if (this.agentConfig?.mcpServers) {
+      for (const server of this.agentConfig.mcpServers) {
+        if (!this.mcpSessions.has(server.url)) {
+          let authStatus;
+          if (server.authConfig?.authType === "oauth2") {
+            authStatus = server.authStatus === "connected" || this.hasValidOAuthToken(server.url) ? "connected" : "needs_auth";
+          } else {
+            authStatus = server.authStatus || "connected";
+          }
+          this.mcpSessions.set(server.url, { sessionId: null, authStatus });
+        }
+      }
+    }
+    if (this.config.initialConversationId) {
+      await this.loadConversation(this.config.initialConversationId);
+    }
+    return this.agentConfig;
+  }
+  /** Get current MCP server auth statuses */
+  getMcpServers() {
+    if (!this.agentConfig?.mcpServers) return [];
+    return this.agentConfig.mcpServers.map((server) => ({
+      url: server.url,
+      name: server.name,
+      authStatus: this.mcpSessions.get(server.url)?.authStatus ?? server.authStatus ?? "connected",
+      canSignOut: (server.authConfig?.authType ?? "none") !== "none"
+    }));
+  }
+  /** Send a message and process the full orchestration loop (including tool calls) */
+  async sendMessage(message) {
+    if (!this.agentConfig) {
+      await this.init();
+    }
+    this.isLoading = true;
+    this.emit("loading", true);
+    const userMsg = {
+      id: crypto.randomUUID(),
+      role: "user",
+      content: message,
+      timestamp: /* @__PURE__ */ new Date()
+    };
+    this.messages.push(userMsg);
+    this.emit("message", userMsg);
+    try {
+      await this.runChatLoop(message);
+    } catch (err) {
+      const errorMsg = err instanceof Error ? err.message : "Unknown error";
+      this.emit("error", { code: "sdk_error", message: errorMsg });
+    } finally {
+      this.isLoading = false;
+      this.emit("loading", false);
+      this.emit("thinking", false);
+    }
+  }
+  /** Start a new conversation */
+  newConversation() {
+    this.conversationId = null;
+    this.messages = [];
+    this.historyCursor = null;
+    this.hasOlderMessages = false;
+    this.isLoadingHistory = false;
+  }
+  /** Cancel the current in-flight request */
+  cancel() {
+    this.abortController?.abort();
+    this.abortController = null;
+  }
+  /** Get all messages in the current conversation */
+  getMessages() {
+    return [...this.messages];
+  }
+  /** Get the current conversation ID */
+  getConversationId() {
+    return this.conversationId;
+  }
+  getHasOlderMessages() {
+    return this.hasOlderMessages;
+  }
+  getIsLoadingHistory() {
+    return this.isLoadingHistory;
+  }
+  /** Get the loaded agent config */
+  getAgentConfig() {
+    return this.agentConfig;
+  }
+  getAudioInputState() {
+    return { ...this.audioState };
+  }
+  async startVoiceInput() {
+    if (!this.agentConfig) {
+      await this.init();
+    }
+    if (!this.isAudioInputSupported()) {
+      this.setAudioState({
+        status: "error",
+        error: {
+          code: "unsupported_browser",
+          message: "Microphone input is not supported in this browser."
+        }
+      });
+      return;
+    }
+    if (!this.isAudioInputEnabled()) {
+      this.setAudioState({
+        status: "error",
+        error: {
+          code: "audio_not_enabled",
+          message: "Microphone input is not enabled for this agent."
+        }
+      });
+      return;
+    }
+    if (this.audioState.status === "requesting_permission" || this.audioState.status === "connecting" || this.audioState.status === "listening" || this.audioState.status === "transcribing") {
+      return;
+    }
+    this.audioSessionStopRequested = false;
+    this.audioFinalTranscript = "";
+    this.audioTurnState = null;
+    this.setAudioState({
+      status: "requesting_permission",
+      transcript: "",
+      partialTranscript: "",
+      error: null,
+      sessionId: null,
+      conversationId: this.conversationId,
+      inputLevel: 0,
+      isSpeaking: false,
+      speechMs: 0,
+      silenceMs: 0,
+      autoSubmitEnabled: this.getAudioTurnDetectionConfig().enabled && this.getAudioTurnDetectionConfig().autoSubmit
+    });
+    let stream = null;
+    try {
+      stream = await navigator.mediaDevices.getUserMedia({
+        audio: {
+          channelCount: 1,
+          echoCancellation: true,
+          noiseSuppression: true,
+          autoGainControl: true
+        }
+      });
+    } catch (error) {
+      this.setAudioState({
+        status: "error",
+        error: {
+          code: "microphone_permission_denied",
+          message: error instanceof Error ? error.message : "Microphone permission was denied."
+        }
+      });
+      return;
+    }
+    try {
+      this.audioStream = stream;
+      this.setAudioState({ status: "connecting" });
+      const session = await this.createRealtimeTranscriptionSession();
+      this.conversationId = session.conversationId;
+      this.setAudioState({
+        sessionId: session.sessionId,
+        conversationId: session.conversationId,
+        maxSessionSeconds: session.maxSessionSeconds
+      });
+      const socket = await this.openAudioSocket(session.webSocketUrl);
+      this.audioSocket = socket;
+      this.bindAudioSocket(socket);
+      await this.startAudioCapture(stream, socket);
+      const maxSessionMs = Math.max(1, session.maxSessionSeconds) * 1e3;
+      this.audioSessionTimer = setTimeout(() => {
+        void this.commitVoiceInput();
+      }, maxSessionMs);
+      this.setAudioState({ status: "listening" });
+    } catch (error) {
+      this.cleanupAudioCapture();
+      this.setAudioState({
+        status: "error",
+        error: {
+          code: this.extractErrorCode(error) ?? "audio_start_failed",
+          message: error instanceof Error ? error.message : "Could not start microphone input."
+        }
+      });
+    }
+  }
+  async stopVoiceInput() {
+    await this.commitVoiceInput();
+  }
+  cancelVoiceInput() {
+    this.audioSessionStopRequested = true;
+    this.cleanupAudioCapture();
+    this.audioTurnState = null;
+    this.setAudioState({
+      status: "idle",
+      transcript: "",
+      partialTranscript: "",
+      error: null,
+      sessionId: null,
+      inputLevel: 0,
+      isSpeaking: false,
+      speechMs: 0,
+      silenceMs: 0
+    });
+  }
+  async loadConversation(conversationId, pageSize = this.config.conversationHistoryPageSize ?? 50) {
+    this.isLoadingHistory = true;
+    try {
+      const page = await this.fetchConversationMessages(conversationId, void 0, pageSize);
+      this.applyConversationPage(page, false);
+      return page;
+    } finally {
+      this.isLoadingHistory = false;
+    }
+  }
+  async loadOlderMessages(pageSize = this.config.conversationHistoryPageSize ?? 50) {
+    if (!this.conversationId || !this.historyCursor || !this.hasOlderMessages) {
+      return null;
+    }
+    this.isLoadingHistory = true;
+    try {
+      const page = await this.fetchConversationMessages(this.conversationId, this.historyCursor, pageSize);
+      this.applyConversationPage(page, true);
+      return page;
+    } finally {
+      this.isLoadingHistory = false;
+    }
+  }
+  async submitFeedback(input) {
+    if (!this.conversationId) {
+      throw new Error("No active conversation to rate.");
+    }
+    const token = await this.resolveAuthToken();
+    const response = await fetch(
+      `${this.config.agentServiceUrl}/api/v1/chat/conversations/${encodeURIComponent(this.conversationId)}/feedback`,
+      {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json",
+          Authorization: `Bearer ${token}`
+        },
+        body: JSON.stringify(input)
+      }
+    );
+    if (!response.ok) {
+      throw new Error(await getResponseErrorMessage(response));
+    }
+    return await response.json();
+  }
+  /** Convert client tools to the API schema format. */
+  clientToolsToSchemas() {
+    if (!this.config.clientTools) return [];
+    return Object.entries(this.config.clientTools).map(([name, def]) => ({
+      name,
+      description: def.description,
+      inputSchema: parametersToJsonSchema(def.parameters),
+      selection: def.selection
+    }));
+  }
+  resolveExternalUserId() {
+    const hostIdentity = this.config.embeddedAuth?.hostIdentity;
+    return this.config.externalUserId ?? hostIdentity?.subject ?? hostIdentity?.email ?? void 0;
+  }
+  buildExternalUserContext() {
+    const hostIdentity = this.config.embeddedAuth?.hostIdentity;
+    const id = this.resolveExternalUserId();
+    const externalUser = {};
+    if (id) externalUser.id = id;
+    if (hostIdentity?.email) externalUser.email = hostIdentity.email;
+    if (hostIdentity?.displayName) externalUser.displayName = hostIdentity.displayName;
+    if (hostIdentity?.avatarUrl) externalUser.avatarUrl = hostIdentity.avatarUrl;
+    if (hostIdentity?.organizationId) externalUser.organizationId = hostIdentity.organizationId;
+    return Object.keys(externalUser).length > 0 ? externalUser : void 0;
+  }
+  /** Latest runtime budget snapshot for the current SDK identity. */
+  getBudgetSnapshot() {
+    return this.budgetSnapshot;
+  }
+  /** Refresh the current SDK identity's budget snapshot from the API. */
+  async refreshBudgetSnapshot() {
+    const token = await this.resolveAuthToken();
+    const params = new URLSearchParams();
+    const externalUserId = this.resolveExternalUserId();
+    if (externalUserId) {
+      params.set("externalUserId", externalUserId);
+    }
+    const query = params.toString();
+    const response = await fetch(
+      `${this.config.agentServiceUrl}/api/v1/agents/${this.config.agentId}/budget${query ? `?${query}` : ""}`,
+      {
+        headers: {
+          Authorization: `Bearer ${token}`
+        }
+      }
+    );
+    if (!response.ok) {
+      throw new Error(await getResponseErrorMessage(response));
+    }
+    this.budgetSnapshot = await response.json();
+    this.emit("budget_snapshot", this.budgetSnapshot);
+    return this.budgetSnapshot;
+  }
+  /** Whether a request is currently in flight */
+  getIsLoading() {
+    return this.isLoading;
+  }
+  /** Update the per-turn app context sent with each chat request. */
+  setAppContext(context) {
+    this.config = {
+      ...this.config,
+      context
+    };
+  }
+  /** Update the client tools exposed to the agent without recreating the session. */
+  setClientTools(clientTools) {
+    this.config = {
+      ...this.config,
+      clientTools
+    };
+  }
+  /**
+   * Proactively authenticate with an MCP server before sending a message.
+   * If a token response is provided directly, it is stored immediately.
+   * Otherwise, this uses the configured OAuth flow and verifies via MCP init.
+   *
+   * @param mcpServerUrl - The MCP server URL to authenticate with
+   * @param tokenResponse - Optional: provide token response directly (from OAuth popup)
+   */
+  async authenticate(mcpServerUrl, tokenResponse) {
+    const wasManuallySignedOut = this.manuallySignedOutServers.delete(mcpServerUrl);
+    try {
+      if (tokenResponse?.accessToken) {
+        if (tokenResponse.resolvedAuthConfig) {
+          this.updateServerAuthConfig(mcpServerUrl, tokenResponse.resolvedAuthConfig);
+        }
+        this.storeOAuthToken(mcpServerUrl, tokenResponse);
+        this.updateMcpAuthStatus(mcpServerUrl, "connected");
+        return true;
+      }
+      const token = await this.resolveToken(mcpServerUrl);
+      if (!token) {
+        if (wasManuallySignedOut) {
+          this.manuallySignedOutServers.add(mcpServerUrl);
+        }
+        return false;
+      }
+      this.updateMcpAuthStatus(mcpServerUrl, "connected");
+      try {
+        await this.initMcpSession(mcpServerUrl);
+        return true;
+      } catch {
+        return true;
+      }
+    } catch {
+      if (wasManuallySignedOut) {
+        this.manuallySignedOutServers.add(mcpServerUrl);
+      }
+      this.updateMcpAuthStatus(mcpServerUrl, "needs_auth");
+      return false;
+    }
+  }
+  /** Disconnect from an MCP server and require explicit re-authentication before reuse. */
+  async signOutMcpServer(mcpServerUrl) {
+    this.manuallySignedOutServers.add(mcpServerUrl);
+    await this.closeMcpSession(mcpServerUrl);
+    this.clearOAuthToken(mcpServerUrl);
+    this.updateMcpAuthStatus(mcpServerUrl, "needs_auth");
+  }
+  /** Get the auth config for an MCP server (from agent config) */
+  getServerAuthConfig(mcpServerUrl) {
+    const server = this.agentConfig?.mcpServers?.find((s) => s.url === mcpServerUrl);
+    return server?.authConfig ?? null;
+  }
+  getOAuthCallbackUrl() {
+    return this.config.oauthCallbackUrl ?? DEFAULT_OAUTH_CALLBACK_URL;
+  }
+  getOAuthClientMetadataUrl() {
+    return this.config.oauthClientMetadataUrl ?? DEFAULT_OAUTH_CLIENT_METADATA_URL;
+  }
+  getDefaultAuthRequiredHandler() {
+    return this.config.auth?.mode === "app-token" ? createAppTokenAuthHandler(this.config.agentId, this.config.auth) : void 0;
+  }
+  setOnAuthRequired(onAuthRequired) {
+    this.config = {
+      ...this.config,
+      onAuthRequired: onAuthRequired ?? this.getDefaultAuthRequiredHandler()
+    };
+  }
+  isAudioInputSupported() {
+    const audioContextCtor = this.getAudioContextConstructor();
+    return typeof navigator !== "undefined" && Boolean(navigator.mediaDevices?.getUserMedia) && typeof WebSocket !== "undefined" && Boolean(audioContextCtor) && typeof crypto !== "undefined";
+  }
+  isAudioInputEnabled() {
+    const capabilities = this.agentConfig?.modelConfig?.capabilities;
+    return Boolean(
+      this.agentConfig?.audio?.inputEnabled && (capabilities?.audioInput ?? capabilities?.realtimeAudioInput)
+    );
+  }
+  isAudioAutoSubmitEnabled() {
+    const turnDetection = this.getAudioTurnDetectionConfig();
+    return turnDetection.enabled && turnDetection.autoSubmit;
+  }
+  getAudioTurnDetectionConfig() {
+    const override = this.config.audioInput?.turnDetection ?? {};
+    return {
+      enabled: override.enabled ?? DEFAULT_AUDIO_TURN_DETECTION.enabled,
+      autoSubmit: override.autoSubmit ?? DEFAULT_AUDIO_TURN_DETECTION.autoSubmit,
+      silenceDurationMs: this.clampNumber(
+        override.silenceDurationMs,
+        250,
+        3e3,
+        DEFAULT_AUDIO_TURN_DETECTION.silenceDurationMs
+      ),
+      minSpeechDurationMs: this.clampNumber(
+        override.minSpeechDurationMs,
+        80,
+        1e3,
+        DEFAULT_AUDIO_TURN_DETECTION.minSpeechDurationMs
+      ),
+      noSpeechTimeoutMs: this.clampNumber(
+        override.noSpeechTimeoutMs,
+        0,
+        6e4,
+        DEFAULT_AUDIO_TURN_DETECTION.noSpeechTimeoutMs
+      ),
+      speechThreshold: this.clampNumber(
+        override.speechThreshold,
+        2e-3,
+        0.2,
+        DEFAULT_AUDIO_TURN_DETECTION.speechThreshold
+      ),
+      noiseMultiplier: this.clampNumber(
+        override.noiseMultiplier,
+        1.2,
+        8,
+        DEFAULT_AUDIO_TURN_DETECTION.noiseMultiplier
+      )
+    };
+  }
+  clampNumber(value, min, max, fallback) {
+    if (typeof value !== "number" || !Number.isFinite(value)) {
+      return fallback;
+    }
+    return Math.min(max, Math.max(min, value));
+  }
+  buildAudioState(patch) {
+    const hasPatch = (key) => Object.prototype.hasOwnProperty.call(patch, key);
+    return {
+      status: patch.status ?? this.audioState.status,
+      isSupported: this.isAudioInputSupported(),
+      isEnabled: this.isAudioInputEnabled(),
+      transcript: patch.transcript ?? this.audioState.transcript,
+      partialTranscript: patch.partialTranscript ?? this.audioState.partialTranscript,
+      error: hasPatch("error") ? patch.error ?? null : this.audioState.error,
+      sessionId: hasPatch("sessionId") ? patch.sessionId ?? null : this.audioState.sessionId ?? null,
+      conversationId: hasPatch("conversationId") ? patch.conversationId ?? null : this.audioState.conversationId ?? this.conversationId,
+      maxSessionSeconds: hasPatch("maxSessionSeconds") ? patch.maxSessionSeconds ?? null : this.audioState.maxSessionSeconds ?? this.agentConfig?.audio?.maxSessionSeconds ?? null,
+      inputLevel: hasPatch("inputLevel") ? patch.inputLevel ?? 0 : this.audioState.inputLevel ?? 0,
+      isSpeaking: hasPatch("isSpeaking") ? patch.isSpeaking ?? false : this.audioState.isSpeaking ?? false,
+      speechMs: hasPatch("speechMs") ? patch.speechMs ?? 0 : this.audioState.speechMs ?? 0,
+      silenceMs: hasPatch("silenceMs") ? patch.silenceMs ?? 0 : this.audioState.silenceMs ?? 0,
+      autoSubmitEnabled: hasPatch("autoSubmitEnabled") ? patch.autoSubmitEnabled ?? false : this.audioState.autoSubmitEnabled ?? this.isAudioAutoSubmitEnabled()
+    };
+  }
+  setAudioState(patch) {
+    this.audioState = this.buildAudioState(patch);
+    this.emit("audio_state", this.audioState);
+  }
+  getAudioContextConstructor() {
+    if (typeof window === "undefined") {
+      return null;
+    }
+    return window.AudioContext ?? window.webkitAudioContext ?? null;
+  }
+  async createRealtimeTranscriptionSession() {
+    const token = await this.resolveAuthToken();
+    const externalUser = this.buildExternalUserContext();
+    const response = await fetch(
+      `${this.config.agentServiceUrl}/api/v1/agents/${encodeURIComponent(this.config.agentId)}/realtime/transcription-sessions`,
+      {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json",
+          Authorization: `Bearer ${token}`
+        },
+        body: JSON.stringify({
+          conversationId: this.conversationId,
+          externalUserId: this.resolveExternalUserId(),
+          externalUser
+        })
+      }
+    );
+    if (!response.ok) {
+      throw await this.buildApiError(response);
+    }
+    return await response.json();
+  }
+  async buildApiError(response) {
+    let code = null;
+    let message = null;
+    try {
+      const payload = await response.clone().json();
+      if (payload && typeof payload === "object") {
+        const record = payload;
+        code = typeof record.code === "string" ? record.code : null;
+        message = extractErrorMessage(payload);
+      }
+    } catch {
+    }
+    const error = new Error(message ?? await getResponseErrorMessage(response));
+    if (code) {
+      error.code = code;
+    }
+    return error;
+  }
+  async openAudioSocket(url) {
+    return new Promise((resolve, reject) => {
+      const socket = new WebSocket(this.normalizeAudioSocketUrl(url));
+      const cleanup = () => {
+        socket.removeEventListener("open", handleOpen);
+        socket.removeEventListener("error", handleError);
+      };
+      const handleOpen = () => {
+        cleanup();
+        resolve(socket);
+      };
+      const handleError = () => {
+        cleanup();
+        reject(new Error("Could not connect to the realtime microphone service."));
+      };
+      socket.addEventListener("open", handleOpen);
+      socket.addEventListener("error", handleError);
+    });
+  }
+  normalizeAudioSocketUrl(url) {
+    if (typeof window === "undefined") {
+      return url;
+    }
+    try {
+      const parsed = new URL(url, window.location.href);
+      if (window.location.protocol === "https:" && parsed.protocol === "ws:") {
+        parsed.protocol = "wss:";
+      }
+      return parsed.toString();
+    } catch {
+      return url;
+    }
+  }
+  bindAudioSocket(socket) {
+    socket.addEventListener("message", (event) => {
+      void this.handleAudioSocketMessage(event);
+    });
+    socket.addEventListener("close", () => {
+      if (this.audioSocket !== socket) {
+        return;
+      }
+      this.audioSocket = null;
+      this.clearAudioSessionTimer();
+      if (this.audioState.status === "listening" || this.audioState.status === "transcribing" || this.audioState.status === "connecting") {
+        this.cleanupAudioCapture(false);
+        this.audioTurnState = null;
+        this.setAudioState({
+          status: "idle",
+          inputLevel: 0,
+          isSpeaking: false,
+          speechMs: 0,
+          silenceMs: 0
+        });
+      }
+    });
+    socket.addEventListener("error", () => {
+      if (this.audioSocket !== socket) {
+        return;
+      }
+      this.cleanupAudioCapture();
+      this.audioTurnState = null;
+      this.setAudioState({
+        status: "error",
+        error: {
+          code: "audio_socket_error",
+          message: "The realtime microphone connection failed."
+        },
+        inputLevel: 0,
+        isSpeaking: false,
+        speechMs: 0,
+        silenceMs: 0
+      });
+    });
+  }
+  async handleAudioSocketMessage(event) {
+    const raw = typeof event.data === "string" ? event.data : event.data instanceof Blob ? await event.data.text() : "";
+    if (!raw) {
+      return;
+    }
+    let payload;
+    try {
+      payload = JSON.parse(raw);
+    } catch {
+      return;
+    }
+    const type = typeof payload.type === "string" ? payload.type : "";
+    if (type === "transcript_delta") {
+      const text = typeof payload.text === "string" ? payload.text : "";
+      if (!text) {
+        return;
+      }
+      this.audioFinalTranscript += text;
+      this.setAudioState({
+        partialTranscript: this.audioFinalTranscript,
+        transcript: this.audioFinalTranscript
+      });
+      this.emit("audio_transcript_delta", {
+        text,
+        transcript: this.audioFinalTranscript,
+        isFinal: false
+      });
+      return;
+    }
+    if (type === "transcript_final") {
+      const finalText = (typeof payload.text === "string" && payload.text.trim() ? payload.text : this.audioFinalTranscript).trim();
+      this.cleanupAudioCapture();
+      this.audioTurnState = null;
+      if (!finalText) {
+        this.setAudioState({
+          status: "idle",
+          transcript: "",
+          partialTranscript: "",
+          inputLevel: 0,
+          isSpeaking: false,
+          speechMs: 0,
+          silenceMs: 0
+        });
+        return;
+      }
+      this.setAudioState({
+        status: "sending",
+        transcript: finalText,
+        partialTranscript: "",
+        error: null,
+        inputLevel: 0,
+        isSpeaking: false
+      });
+      this.emit("audio_transcript_final", {
+        text: finalText,
+        transcript: finalText,
+        conversationId: this.conversationId ?? ""
+      });
+      await this.sendMessage(finalText);
+      this.setAudioState({
+        status: "idle",
+        transcript: finalText,
+        partialTranscript: "",
+        sessionId: null,
+        inputLevel: 0,
+        isSpeaking: false,
+        speechMs: 0,
+        silenceMs: 0
+      });
+      return;
+    }
+    if (type === "error") {
+      const code = typeof payload.code === "string" ? payload.code : "audio_error";
+      const message = typeof payload.message === "string" ? payload.message : "Microphone input failed.";
+      this.cleanupAudioCapture();
+      this.audioTurnState = null;
+      this.setAudioState({
+        status: "error",
+        error: { code, message },
+        inputLevel: 0,
+        isSpeaking: false,
+        speechMs: 0,
+        silenceMs: 0
+      });
+    }
+  }
+  async commitVoiceInput() {
+    if (this.audioSessionStopRequested || this.audioState.status !== "listening" && this.audioState.status !== "connecting") {
+      return;
+    }
+    this.audioSessionStopRequested = true;
+    this.cleanupAudioCapture(false);
+    if (this.audioSocket?.readyState === WebSocket.OPEN) {
+      this.audioSocket.send(JSON.stringify({ type: "audio.commit" }));
+      this.setAudioState({
+        status: "transcribing",
+        inputLevel: 0,
+        isSpeaking: false,
+        silenceMs: this.audioTurnState?.silenceMs ?? this.audioState.silenceMs ?? 0,
+        speechMs: this.audioTurnState?.speechMs ?? this.audioState.speechMs ?? 0
+      });
+      return;
+    }
+    this.audioTurnState = null;
+    this.setAudioState({
+      status: "idle",
+      inputLevel: 0,
+      isSpeaking: false,
+      speechMs: 0,
+      silenceMs: 0
+    });
+  }
+  stopVoiceInputWithoutTranscript(message) {
+    this.audioSessionStopRequested = true;
+    this.cleanupAudioCapture();
+    this.audioTurnState = null;
+    this.setAudioState({
+      status: "idle",
+      transcript: "",
+      partialTranscript: "",
+      sessionId: null,
+      inputLevel: 0,
+      isSpeaking: false,
+      speechMs: 0,
+      silenceMs: 0,
+      error: {
+        code: "no_speech_detected",
+        message
+      }
+    });
+  }
+  createAudioTurnState(nowMs) {
+    return {
+      startedAtMs: nowMs,
+      lastFrameAtMs: nowMs,
+      speechStartedAtMs: null,
+      lastSpeechAtMs: null,
+      speechMs: 0,
+      silenceMs: 0,
+      noiseFloor: DEFAULT_AUDIO_TURN_DETECTION.speechThreshold / 2,
+      isSpeaking: false,
+      autoCommitted: false,
+      lastActivityEmitMs: 0
+    };
+  }
+  analyzeAudioFrame(input, durationMs) {
+    if (input.length === 0) {
+      return { rms: 0, peak: 0, inputLevel: 0, durationMs };
+    }
+    let sumSquares = 0;
+    let peak = 0;
+    for (let index = 0; index < input.length; index += 1) {
+      const sample = input[index];
+      const abs = Math.abs(sample);
+      sumSquares += sample * sample;
+      if (abs > peak) {
+        peak = abs;
+      }
+    }
+    const rms = Math.sqrt(sumSquares / input.length);
+    return {
+      rms,
+      peak,
+      inputLevel: Math.min(1, rms * 14),
+      durationMs
+    };
+  }
+  processAudioTurnActivity(activity, nowMs) {
+    const config = this.getAudioTurnDetectionConfig();
+    if (!config.enabled) {
+      this.emitAudioActivity(activity, nowMs, false, 0, 0, DEFAULT_AUDIO_TURN_DETECTION.speechThreshold / 2);
+      return;
+    }
+    const state = this.audioTurnState ?? this.createAudioTurnState(nowMs);
+    this.audioTurnState = state;
+    const frameGapMs = Math.max(1, nowMs - state.lastFrameAtMs);
+    const frameDurationMs = Math.max(activity.durationMs, frameGapMs);
+    state.lastFrameAtMs = nowMs;
+    const adaptiveThreshold = Math.max(
+      config.speechThreshold,
+      Math.min(0.08, state.noiseFloor * config.noiseMultiplier)
+    );
+    const peakThreshold = Math.max(adaptiveThreshold * 2.2, config.speechThreshold * 2.5);
+    const speechCandidate = activity.rms >= adaptiveThreshold || activity.rms >= adaptiveThreshold * 0.72 && activity.peak >= peakThreshold;
+    if (speechCandidate) {
+      if (state.speechStartedAtMs === null) {
+        state.speechStartedAtMs = nowMs;
+        state.speechMs = 0;
+      }
+      state.lastSpeechAtMs = nowMs;
+      state.speechMs += frameDurationMs;
+      state.silenceMs = 0;
+      state.isSpeaking = true;
+    } else {
+      state.noiseFloor = this.updateNoiseFloor(state.noiseFloor, activity.rms);
+      state.isSpeaking = false;
+      if (state.lastSpeechAtMs !== null) {
+        state.silenceMs = nowMs - state.lastSpeechAtMs;
+      }
+    }
+    if (state.speechStartedAtMs !== null && state.speechMs < config.minSpeechDurationMs && state.silenceMs >= config.silenceDurationMs) {
+      state.speechStartedAtMs = null;
+      state.lastSpeechAtMs = null;
+      state.speechMs = 0;
+      state.silenceMs = 0;
+    }
+    this.emitAudioActivity(
+      activity,
+      nowMs,
+      state.isSpeaking,
+      state.speechMs,
+      state.silenceMs,
+      state.noiseFloor
+    );
+    const noSpeechElapsedMs = nowMs - state.startedAtMs;
+    if (config.noSpeechTimeoutMs > 0 && state.speechStartedAtMs === null && noSpeechElapsedMs >= config.noSpeechTimeoutMs && !state.autoCommitted) {
+      state.autoCommitted = true;
+      this.stopVoiceInputWithoutTranscript("No speech was detected. Try again when you are ready to speak.");
+      return;
+    }
+    if (config.autoSubmit && state.speechStartedAtMs !== null && state.speechMs >= config.minSpeechDurationMs && state.silenceMs >= config.silenceDurationMs && !state.autoCommitted) {
+      state.autoCommitted = true;
+      void this.commitVoiceInput();
+    }
+  }
+  updateNoiseFloor(currentNoiseFloor, rms) {
+    const sample = Math.max(15e-4, Math.min(0.08, rms));
+    const smoothing = sample > currentNoiseFloor ? 0.02 : 0.12;
+    return currentNoiseFloor * (1 - smoothing) + sample * smoothing;
+  }
+  emitAudioActivity(activity, nowMs, isSpeaking, speechMs, silenceMs, noiseFloor) {
+    const state = this.audioTurnState;
+    const shouldEmitState = !state || nowMs - state.lastActivityEmitMs >= AUDIO_ACTIVITY_EMIT_INTERVAL_MS || isSpeaking !== this.audioState.isSpeaking || Math.abs(activity.inputLevel - (this.audioState.inputLevel ?? 0)) >= MIN_AUDIO_LEVEL_DELTA_FOR_STATE;
+    if (!shouldEmitState) {
+      return;
+    }
+    if (state) {
+      state.lastActivityEmitMs = nowMs;
+    }
+    const roundedLevel = Number(activity.inputLevel.toFixed(3));
+    const roundedNoiseFloor = Number(noiseFloor.toFixed(5));
+    this.setAudioState({
+      inputLevel: roundedLevel,
+      isSpeaking,
+      speechMs: Math.round(speechMs),
+      silenceMs: Math.round(silenceMs),
+      autoSubmitEnabled: this.isAudioAutoSubmitEnabled()
+    });
+    this.emit("audio_activity", {
+      inputLevel: roundedLevel,
+      noiseFloor: roundedNoiseFloor,
+      isSpeaking,
+      speechMs: Math.round(speechMs),
+      silenceMs: Math.round(silenceMs)
+    });
+  }
+  async startAudioCapture(stream, socket) {
+    const AudioContextCtor = this.getAudioContextConstructor();
+    if (!AudioContextCtor) {
+      throw new Error("Audio capture is not available in this browser.");
+    }
+    const context = new AudioContextCtor();
+    if (context.state === "suspended") {
+      await context.resume();
+    }
+    const source = context.createMediaStreamSource(stream);
+    const processor = context.createScriptProcessor(4096, 1, 1);
+    const silentGain = context.createGain();
+    silentGain.gain.value = 0;
+    this.audioTurnState = this.createAudioTurnState(performance.now());
+    processor.onaudioprocess = (event) => {
+      if (this.audioSessionStopRequested || socket.readyState !== WebSocket.OPEN || this.audioState.status !== "listening") {
+        return;
+      }
+      const input = event.inputBuffer.getChannelData(0);
+      const durationMs = input.length / context.sampleRate * 1e3;
+      this.processAudioTurnActivity(
+        this.analyzeAudioFrame(input, durationMs),
+        performance.now()
+      );
+      if (this.audioSessionStopRequested) {
+        return;
+      }
+      const resampled = this.resampleToPcm16(input, context.sampleRate, 24e3);
+      if (resampled.length === 0) {
+        return;
+      }
+      socket.send(JSON.stringify({
+        type: "audio.append",
+        audio: this.pcm16ToBase64(resampled)
+      }));
+    };
+    source.connect(processor);
+    processor.connect(silentGain);
+    silentGain.connect(context.destination);
+    this.audioContext = context;
+    this.audioSource = source;
+    this.audioProcessor = processor;
+    this.audioSilentGain = silentGain;
+  }
+  resampleToPcm16(input, inputSampleRate, outputSampleRate) {
+    if (inputSampleRate === outputSampleRate) {
+      return this.floatToPcm16(input);
+    }
+    const ratio = inputSampleRate / outputSampleRate;
+    const outputLength = Math.floor(input.length / ratio);
+    const output = new Float32Array(outputLength);
+    for (let index = 0; index < outputLength; index += 1) {
+      const inputIndex = index * ratio;
+      const lower = Math.floor(inputIndex);
+      const upper = Math.min(lower + 1, input.length - 1);
+      const weight = inputIndex - lower;
+      output[index] = input[lower] * (1 - weight) + input[upper] * weight;
+    }
+    return this.floatToPcm16(output);
+  }
+  floatToPcm16(input) {
+    const output = new Int16Array(input.length);
+    for (let index = 0; index < input.length; index += 1) {
+      const sample = Math.max(-1, Math.min(1, input[index]));
+      output[index] = sample < 0 ? sample * 32768 : sample * 32767;
+    }
+    return output;
+  }
+  pcm16ToBase64(input) {
+    const bytes = new Uint8Array(input.buffer, input.byteOffset, input.byteLength);
+    let binary = "";
+    const chunkSize = 32768;
+    for (let offset = 0; offset < bytes.length; offset += chunkSize) {
+      const chunk = bytes.subarray(offset, offset + chunkSize);
+      binary += String.fromCharCode(...chunk);
+    }
+    return btoa(binary);
+  }
+  cleanupAudioCapture(closeSocket = true) {
+    this.clearAudioSessionTimer();
+    this.audioProcessor?.disconnect();
+    this.audioSource?.disconnect();
+    this.audioSilentGain?.disconnect();
+    this.audioProcessor = null;
+    this.audioSource = null;
+    this.audioSilentGain = null;
+    if (this.audioContext) {
+      void this.audioContext.close().catch(() => void 0);
+      this.audioContext = null;
+    }
+    this.audioStream?.getTracks().forEach((track) => track.stop());
+    this.audioStream = null;
+    if (closeSocket && this.audioSocket) {
+      const socket = this.audioSocket;
+      this.audioSocket = null;
+      if (socket.readyState === WebSocket.OPEN) {
+        socket.send(JSON.stringify({ type: "audio.close" }));
+        socket.close();
+      } else if (socket.readyState === WebSocket.CONNECTING) {
+        socket.close();
+      }
+    }
+  }
+  clearAudioSessionTimer() {
+    if (!this.audioSessionTimer) {
+      return;
+    }
+    clearTimeout(this.audioSessionTimer);
+    this.audioSessionTimer = null;
+  }
+  extractErrorCode(error) {
+    if (error && typeof error === "object" && "code" in error) {
+      const code = error.code;
+      return typeof code === "string" ? code : null;
+    }
+    return null;
+  }
+  getPersistentStorage() {
+    return this.config.storage ?? null;
+  }
+  async resolveOAuthClientRegistration(authConfig) {
+    if (!authConfig || authConfig.authType !== "oauth2") {
+      return authConfig ?? null;
+    }
+    const registration = await resolveOAuthRegistration(authConfig, {
+      callbackUrl: this.getOAuthCallbackUrl(),
+      oauthClientMetadataUrl: this.config.oauthClientMetadataUrl,
+      clientName: "MCP Stack MCP Client",
+      clientUri: "https://mcpstack.com",
+      storage: this.getPersistentStorage()
+    });
+    return applyResolvedRegistration(authConfig, registration);
+  }
+  /** Subscribe to events */
+  on(event, handler) {
+    if (!this.listeners.has(event)) {
+      this.listeners.set(event, /* @__PURE__ */ new Set());
+    }
+    this.listeners.get(event).add(handler);
+  }
+  /** Unsubscribe from events */
+  off(event, handler) {
+    this.listeners.get(event)?.delete(handler);
+  }
+  // ================================================================
+  // Private methods
+  // ================================================================
+  buildProtectedResourceMetadataCandidates(mcpServerUrl) {
+    const url = new URL(mcpServerUrl);
+    const candidates = /* @__PURE__ */ new Set();
+    const normalizedPath = url.pathname.endsWith("/") ? url.pathname.slice(0, -1) : url.pathname;
+    if (!normalizedPath || normalizedPath === "/") {
+      candidates.add(`${url.origin}/.well-known/oauth-protected-resource`);
+      return [...candidates];
+    }
+    candidates.add(`${url.origin}/.well-known/oauth-protected-resource${normalizedPath}`);
+    candidates.add(`${url.origin}${normalizedPath}/.well-known/oauth-protected-resource`);
+    candidates.add(`${url.origin}/.well-known/oauth-protected-resource`);
+    return [...candidates];
+  }
+  hasSameOrigin(left, right) {
+    try {
+      const leftUrl = new URL(left);
+      const rightUrl = new URL(right);
+      return leftUrl.origin === rightUrl.origin;
+    } catch {
+      return false;
+    }
+  }
+  extractQuotedHeaderValue(header, key) {
+    const match = header.match(new RegExp(`${key}="([^"]+)"`, "i"));
+    return match?.[1] ?? null;
+  }
+  buildAuthorizationServerMetadataCandidates(issuerOrMetadataUrl) {
+    const candidates = /* @__PURE__ */ new Set();
+    if (issuerOrMetadataUrl.includes("/.well-known/oauth-authorization-server") || issuerOrMetadataUrl.includes("/.well-known/openid-configuration")) {
+      candidates.add(issuerOrMetadataUrl);
+      return [...candidates];
+    }
+    const url = new URL(issuerOrMetadataUrl);
+    const normalizedPath = url.pathname.endsWith("/") ? url.pathname.slice(0, -1) : url.pathname;
+    if (!normalizedPath || normalizedPath === "/") {
+      candidates.add(`${url.origin}/.well-known/oauth-authorization-server`);
+      candidates.add(`${url.origin}/.well-known/openid-configuration`);
+      return [...candidates];
+    }
+    candidates.add(`${url.origin}/.well-known/oauth-authorization-server${normalizedPath}`);
+    candidates.add(`${url.origin}/.well-known/openid-configuration${normalizedPath}`);
+    candidates.add(`${url.origin}${normalizedPath}/.well-known/openid-configuration`);
+    return [...candidates];
+  }
+  hasExplicitManualOverride(manualConfig, field) {
+    return manualConfig?.manualOverrides?.includes(field) ?? false;
+  }
+  pickAuthConfigValue(field, manualConfig, manualValue, discoveredValue) {
+    if (this.hasExplicitManualOverride(manualConfig, field) && manualValue != null) {
+      return manualValue;
+    }
+    return discoveredValue ?? manualValue;
+  }
+  pickAuthConfigArrayValue(field, manualConfig, manualValue, discoveredValue) {
+    if (this.hasExplicitManualOverride(manualConfig, field) && manualValue?.length) {
+      return manualValue;
+    }
+    if (discoveredValue?.length) {
+      return discoveredValue;
+    }
+    return manualValue?.length ? manualValue : void 0;
+  }
+  mergeAuthConfigs(manualConfig, discoveredConfig) {
+    if (!manualConfig && !discoveredConfig) return null;
+    const manualOverrides = new Set(manualConfig?.manualOverrides ?? []);
+    const authorizationEndpoint = this.pickAuthConfigValue(
+      "authorizationEndpoint",
+      manualConfig,
+      manualConfig?.authorizationEndpoint ?? manualConfig?.loginUrl,
+      discoveredConfig?.authorizationEndpoint ?? discoveredConfig?.loginUrl
+    );
+    const tokenEndpoint = this.pickAuthConfigValue(
+      "tokenEndpoint",
+      manualConfig,
+      manualConfig?.tokenEndpoint ?? manualConfig?.tokenUrl,
+      discoveredConfig?.tokenEndpoint ?? discoveredConfig?.tokenUrl
+    );
+    const callbackUrl = this.pickAuthConfigValue(
+      "callbackUrl",
+      manualConfig,
+      manualConfig?.callbackUrl,
+      discoveredConfig?.callbackUrl
+    ) ?? this.getOAuthCallbackUrl();
+    const merged = {
+      authType: manualConfig?.authType ?? discoveredConfig?.authType ?? "oauth2",
+      issuer: discoveredConfig?.issuer ?? manualConfig?.issuer,
+      authorizationServerUrl: this.pickAuthConfigValue(
+        "authorizationServerUrl",
+        manualConfig,
+        manualConfig?.authorizationServerUrl,
+        discoveredConfig?.authorizationServerUrl
+      ),
+      authorizationServerMetadataUrl: this.pickAuthConfigValue(
+        "authorizationServerMetadataUrl",
+        manualConfig,
+        manualConfig?.authorizationServerMetadataUrl,
+        discoveredConfig?.authorizationServerMetadataUrl
+      ),
+      authorizationEndpoint,
+      loginUrl: authorizationEndpoint,
+      tokenEndpoint,
+      tokenUrl: tokenEndpoint,
+      registrationEndpoint: this.pickAuthConfigValue(
+        "registrationEndpoint",
+        manualConfig,
+        manualConfig?.registrationEndpoint,
+        discoveredConfig?.registrationEndpoint
+      ),
+      clientId: this.pickAuthConfigValue(
+        "clientId",
+        manualConfig,
+        manualConfig?.clientId,
+        discoveredConfig?.clientId
+      ),
+      scopes: this.pickAuthConfigArrayValue(
+        "scopes",
+        manualConfig,
+        manualConfig?.scopes,
+        discoveredConfig?.scopes
+      ),
+      resource: this.pickAuthConfigValue(
+        "resource",
+        manualConfig,
+        manualConfig?.resource,
+        discoveredConfig?.resource
+      ),
+      callbackUrl,
+      protectedResourceMetadataUrl: discoveredConfig?.protectedResourceMetadataUrl ?? manualConfig?.protectedResourceMetadataUrl,
+      clientIdMetadataDocumentSupported: discoveredConfig?.clientIdMetadataDocumentSupported ?? manualConfig?.clientIdMetadataDocumentSupported,
+      resourceParameterSupported: discoveredConfig?.resourceParameterSupported ?? manualConfig?.resourceParameterSupported,
+      registrationPreference: manualConfig?.registrationPreference ?? discoveredConfig?.registrationPreference ?? "auto",
+      clientMode: discoveredConfig?.clientMode ?? manualConfig?.clientMode,
+      authRecipe: manualConfig?.authRecipe ?? discoveredConfig?.authRecipe,
+      manualOverrides: manualOverrides.size ? [...manualOverrides] : void 0,
+      discovered: discoveredConfig?.discovered ?? false
+    };
+    return merged;
+  }
+  async discoverAuthConfig(mcpServerUrl, manualConfig) {
+    let protectedResourceUrl = null;
+    let protectedResource = null;
+    const protectedResourceCandidates = /* @__PURE__ */ new Set();
+    if (manualConfig?.protectedResourceMetadataUrl) {
+      protectedResourceCandidates.add(manualConfig.protectedResourceMetadataUrl);
+    }
+    for (const candidate of this.buildProtectedResourceMetadataCandidates(mcpServerUrl)) {
+      protectedResourceCandidates.add(candidate);
+    }
+    for (const candidate of protectedResourceCandidates) {
+      try {
+        const response = await fetch(candidate, {
+          method: "GET",
+          headers: { Accept: "application/json" }
+        });
+        if (response.ok) {
+          protectedResource = await response.json();
+          protectedResourceUrl = candidate;
+          break;
+        }
+        const authenticateHeader = response.headers.get("www-authenticate");
+        if (authenticateHeader) {
+          const resourceMetadataUrl = this.extractQuotedHeaderValue(authenticateHeader, "resource_metadata");
+          if (resourceMetadataUrl && this.hasSameOrigin(candidate, resourceMetadataUrl)) {
+            const metadataResponse = await fetch(resourceMetadataUrl, {
+              method: "GET",
+              headers: { Accept: "application/json" }
+            });
+            if (metadataResponse.ok) {
+              protectedResource = await metadataResponse.json();
+              protectedResourceUrl = resourceMetadataUrl;
+              break;
+            }
+          }
+        }
+      } catch {
+      }
+    }
+    const authServerUrl = protectedResource?.authorization_servers?.[0] ?? protectedResource?.authorization_server ?? manualConfig?.authorizationServerUrl;
+    try {
+      let metadata = null;
+      let metadataUrl = manualConfig?.authorizationServerMetadataUrl ?? null;
+      const metadataCandidates = /* @__PURE__ */ new Set();
+      if (manualConfig?.authorizationServerMetadataUrl) {
+        metadataCandidates.add(manualConfig.authorizationServerMetadataUrl);
+      }
+      if (authServerUrl) {
+        for (const candidate of this.buildAuthorizationServerMetadataCandidates(authServerUrl)) {
+          metadataCandidates.add(candidate);
+        }
+      }
+      for (const candidate of metadataCandidates) {
+        try {
+          const response = await fetch(candidate, {
+            method: "GET",
+            headers: { Accept: "application/json" }
+          });
+          if (response.ok) {
+            metadata = await response.json();
+            metadataUrl = candidate;
+            break;
+          }
+        } catch {
+        }
+      }
+      if (!metadata && !protectedResource && !manualConfig) {
+        return null;
+      }
+      return {
+        authType: "oauth2",
+        issuer: metadata?.issuer ?? authServerUrl ?? manualConfig?.issuer,
+        authorizationServerUrl: authServerUrl ?? manualConfig?.authorizationServerUrl,
+        authorizationServerMetadataUrl: metadataUrl ?? void 0,
+        authorizationEndpoint: metadata?.authorization_endpoint ?? manualConfig?.authorizationEndpoint ?? manualConfig?.loginUrl,
+        loginUrl: metadata?.authorization_endpoint ?? manualConfig?.loginUrl ?? manualConfig?.authorizationEndpoint,
+        tokenEndpoint: metadata?.token_endpoint ?? manualConfig?.tokenEndpoint ?? manualConfig?.tokenUrl,
+        tokenUrl: metadata?.token_endpoint ?? manualConfig?.tokenUrl ?? manualConfig?.tokenEndpoint,
+        registrationEndpoint: metadata?.registration_endpoint ?? manualConfig?.registrationEndpoint,
+        clientId: manualConfig?.clientId,
+        scopes: protectedResource?.scopes_supported?.length ? protectedResource.scopes_supported : metadata?.scopes_supported ?? manualConfig?.scopes,
+        resource: protectedResource?.resource ?? manualConfig?.resource,
+        callbackUrl: getEffectiveCallbackUrl(manualConfig, this.getOAuthCallbackUrl()),
+        protectedResourceMetadataUrl: protectedResourceUrl ?? manualConfig?.protectedResourceMetadataUrl,
+        clientIdMetadataDocumentSupported: metadata?.client_id_metadata_document_supported ?? manualConfig?.clientIdMetadataDocumentSupported,
+        resourceParameterSupported: metadata?.resource_parameter_supported ?? manualConfig?.resourceParameterSupported,
+        registrationPreference: manualConfig?.registrationPreference ?? "auto",
+        authRecipe: manualConfig?.authRecipe,
+        discovered: Boolean(protectedResource || metadata)
+      };
+    } catch {
+      return manualConfig ? {
+        ...manualConfig,
+        callbackUrl: getEffectiveCallbackUrl(manualConfig, this.getOAuthCallbackUrl()),
+        protectedResourceMetadataUrl: protectedResourceUrl ?? manualConfig.protectedResourceMetadataUrl,
+        resource: protectedResource?.resource ?? manualConfig.resource,
+        scopes: protectedResource?.scopes_supported?.length ? protectedResource.scopes_supported : manualConfig.scopes,
+        discovered: Boolean(protectedResource)
+      } : null;
+    }
+  }
+  async resolveServerAuthConfig(mcpServerUrl, manualConfig) {
+    const discoveredConfig = await this.discoverAuthConfig(mcpServerUrl, manualConfig);
+    return this.mergeAuthConfigs(manualConfig, discoveredConfig);
+  }
+  async ensureServerAuthConfig(mcpServerUrl) {
+    const server = this.agentConfig?.mcpServers?.find((item) => item.url === mcpServerUrl);
+    if (!server) {
+      return null;
+    }
+    if (server.authConfig && (server.authConfig.authType !== "oauth2" || server.authConfig.discovered || !!server.authConfig.authorizationEndpoint || !!server.authConfig.tokenEndpoint || !!server.authConfig.tokenUrl || !!server.authConfig.registrationEndpoint || !!server.authConfig.resource)) {
+      return server.authConfig;
+    }
+    server.authConfig = await this.resolveServerAuthConfig(mcpServerUrl, server.authConfig ?? null);
+    return server.authConfig;
+  }
+  updateServerAuthConfig(mcpServerUrl, authConfig) {
+    const server = this.agentConfig?.mcpServers?.find((item) => item.url === mcpServerUrl);
+    if (server) {
+      server.authConfig = authConfig;
+    }
+  }
+  emit(event, data) {
+    this.listeners.get(event)?.forEach((handler) => handler(data));
+  }
+  // ================================================================
+  // OAuth Token Storage (standalone mode only)
+  // ================================================================
+  /** Generate the legacy token cache suffix used before auth-aware keying. */
+  hashUrl(url) {
+    return btoa(url).replace(/[^a-zA-Z0-9]/g, "").slice(0, 32);
+  }
+  getLegacyTokenStorageKey(mcpServerUrl) {
+    return buildScopedOAuthTokenStorageKey(this.hashUrl(mcpServerUrl));
+  }
+  getAuthSessionKey() {
+    return resolveExplicitAuthSessionKey(this.config);
+  }
+  getTokenStorageKey(mcpServerUrl, authConfig) {
+    return buildScopedOAuthTokenStorageKey(
+      buildTokenCacheKey(authConfig, mcpServerUrl),
+      this.getAuthSessionKey()
+    );
+  }
+  getTokenStorageCandidates(mcpServerUrl) {
+    const currentAuthConfig = this.getServerAuthConfig(mcpServerUrl);
+    const hasExplicitAuthSessionKey = this.getAuthSessionKey() !== null;
+    if (!currentAuthConfig) {
+      return hasExplicitAuthSessionKey ? [{
+        storageKey: this.getTokenStorageKey(mcpServerUrl, null),
+        authConfig: null
+      }] : [{
+        storageKey: this.getLegacyTokenStorageKey(mcpServerUrl),
+        authConfig: null
+      }];
+    }
+    const callbackUrl = getEffectiveCallbackUrl(currentAuthConfig, this.getOAuthCallbackUrl());
+    const candidates = [currentAuthConfig];
+    if (currentAuthConfig.authType === "oauth2") {
+      candidates.push({
+        ...currentAuthConfig,
+        clientMode: "manual",
+        callbackUrl
+      });
+      if (currentAuthConfig.clientId) {
+        candidates.push({
+          ...currentAuthConfig,
+          clientMode: "preregistered",
+          callbackUrl
+        });
+      }
+      if (currentAuthConfig.clientIdMetadataDocumentSupported && this.config.oauthClientMetadataUrl) {
+        candidates.push({
+          ...currentAuthConfig,
+          clientId: this.config.oauthClientMetadataUrl,
+          clientMode: "cimd",
+          callbackUrl
+        });
+      }
+      if (currentAuthConfig.registrationEndpoint) {
+        const cacheKey = buildRegistrationCacheKey(currentAuthConfig, callbackUrl, "dcr");
+        const storedRegistration = loadStoredRegistration(cacheKey, this.getPersistentStorage());
+        if (storedRegistration?.clientId) {
+          candidates.push(applyResolvedRegistration(currentAuthConfig, {
+            cacheKey,
+            mode: "dcr",
+            clientId: storedRegistration.clientId,
+            callbackUrl,
+            resource: currentAuthConfig.resource,
+            authorizationServerUrl: currentAuthConfig.authorizationServerUrl,
+            authorizationServerMetadataUrl: currentAuthConfig.authorizationServerMetadataUrl,
+            registrationEndpoint: currentAuthConfig.registrationEndpoint
+          }));
+        }
+      }
+    }
+    const seen = /* @__PURE__ */ new Set();
+    const resolved = candidates.map((candidate) => ({
+      storageKey: this.getTokenStorageKey(mcpServerUrl, candidate),
+      authConfig: candidate
+    })).filter((candidate) => {
+      if (seen.has(candidate.storageKey)) return false;
+      seen.add(candidate.storageKey);
+      return true;
+    });
+    if (!hasExplicitAuthSessionKey) {
+      resolved.push({
+        storageKey: this.getLegacyTokenStorageKey(mcpServerUrl),
+        authConfig: currentAuthConfig
+      });
+    }
+    return resolved;
+  }
+  /** Load OAuth token from memory/persistent storage using auth-aware cache keying. */
+  loadOAuthToken(mcpServerUrl) {
+    for (const candidate of this.getTokenStorageCandidates(mcpServerUrl)) {
+      const cached = this.oauthTokens.get(candidate.storageKey);
+      if (cached) {
+        if (candidate.authConfig) {
+          this.updateServerAuthConfig(mcpServerUrl, candidate.authConfig);
+        }
+        return cached;
+      }
+    }
+    try {
+      const storage = this.getPersistentStorage() ?? (typeof localStorage !== "undefined" ? localStorage : null);
+      if (storage) {
+        for (const candidate of this.getTokenStorageCandidates(mcpServerUrl)) {
+          const stored = storage.getItem(candidate.storageKey);
+          if (stored) {
+            const data = JSON.parse(stored);
+            if (data.accessToken && data.expiresAt) {
+              this.oauthTokens.set(candidate.storageKey, data);
+              if (candidate.authConfig) {
+                this.updateServerAuthConfig(mcpServerUrl, candidate.authConfig);
+              }
+              return data;
+            }
+          }
+        }
+      }
+    } catch {
+    }
+    return null;
+  }
+  /** Check if we have a valid (non-expired) OAuth token */
+  hasValidOAuthToken(mcpServerUrl) {
+    const token = this.loadOAuthToken(mcpServerUrl);
+    if (!token) return false;
+    return token.expiresAt > Date.now() || !!token.refreshToken;
+  }
+  /** Store OAuth token to memory and persistent storage */
+  storeOAuthToken(mcpServerUrl, tokenResponse) {
+    const resolvedAuthConfig = tokenResponse.resolvedAuthConfig ?? this.getServerAuthConfig(mcpServerUrl);
+    const storageKey = this.getTokenStorageKey(mcpServerUrl, resolvedAuthConfig);
+    const expiresIn = tokenResponse.expiresIn ?? 3600;
+    const expiresAt = Date.now() + expiresIn * 1e3 - 60 * 1e3;
+    const data = {
+      accessToken: tokenResponse.accessToken,
+      refreshToken: tokenResponse.refreshToken,
+      expiresAt
+    };
+    this.oauthTokens.set(storageKey, data);
+    try {
+      const storage = this.getPersistentStorage() ?? (typeof localStorage !== "undefined" ? localStorage : null);
+      if (storage) {
+        storage.setItem(storageKey, JSON.stringify(data));
+      }
+    } catch {
+    }
+  }
+  /** Clear OAuth token from memory and persistent storage */
+  clearOAuthToken(mcpServerUrl) {
+    for (const candidate of this.getTokenStorageCandidates(mcpServerUrl)) {
+      this.oauthTokens.delete(candidate.storageKey);
+    }
+    try {
+      const storage = this.getPersistentStorage() ?? (typeof localStorage !== "undefined" ? localStorage : null);
+      if (storage) {
+        for (const candidate of this.getTokenStorageCandidates(mcpServerUrl)) {
+          storage.removeItem(candidate.storageKey);
+        }
+      }
+    } catch {
+    }
+  }
+  /** Refresh OAuth token using refresh token */
+  async refreshOAuthToken(mcpServerUrl, refreshToken) {
+    const authConfig = await this.ensureServerAuthConfig(mcpServerUrl);
+    const tokenUrl = authConfig?.tokenEndpoint ?? authConfig?.tokenUrl;
+    if (!tokenUrl) return void 0;
+    try {
+      const body = new URLSearchParams({
+        grant_type: "refresh_token",
+        refresh_token: refreshToken
+      });
+      if (authConfig?.clientId) body.set("client_id", authConfig.clientId);
+      if (authConfig?.resource) body.set("resource", authConfig.resource);
+      const response = await fetch(tokenUrl, {
+        method: "POST",
+        headers: { "Content-Type": "application/x-www-form-urlencoded" },
+        body
+      });
+      if (response.ok) {
+        const data = await response.json();
+        if (data.access_token) {
+          const tokenResponse = {
+            accessToken: data.access_token,
+            refreshToken: data.refresh_token ?? refreshToken,
+            expiresIn: data.expires_in,
+            resolvedAuthConfig: authConfig ?? void 0
+          };
+          this.storeOAuthToken(mcpServerUrl, tokenResponse);
+          return data.access_token;
+        }
+      }
+    } catch {
+    }
+    return void 0;
+  }
+  // ================================================================
+  // Token Resolution
+  // ================================================================
+  /**
+   * Resolve the auth token for an MCP server.
+   * - OAuth mode: Checks stored token, refreshes if expired, triggers auth if needed
+   */
+  async resolveToken(mcpServerUrl) {
+    if (this.manuallySignedOutServers.has(mcpServerUrl)) {
+      return void 0;
+    }
+    const authConfig = await this.ensureServerAuthConfig(mcpServerUrl);
+    const stored = this.loadOAuthToken(mcpServerUrl);
+    if (stored) {
+      if (stored.expiresAt > Date.now()) {
+        return stored.accessToken;
+      }
+      if (stored.refreshToken) {
+        const refreshed = await this.refreshOAuthToken(mcpServerUrl, stored.refreshToken);
+        if (refreshed) return refreshed;
+      }
+      this.clearOAuthToken(mcpServerUrl);
+    }
+    if (this.config.onAuthRequired) {
+      if (authConfig) {
+        const isBuiltInPopupAuth = this.config.onAuthRequired.__mcpStackBuiltinPopupAuth === true;
+        const isAppTokenAuth = this.config.auth?.mode === "app-token";
+        const authConfigForHandler = authConfig.authType === "oauth2" && !isBuiltInPopupAuth && !isAppTokenAuth ? await this.resolveOAuthClientRegistration(authConfig) : authConfig;
+        if (authConfigForHandler) {
+          this.updateServerAuthConfig(mcpServerUrl, authConfigForHandler);
+        }
+        const tokenResponse = await this.config.onAuthRequired(
+          mcpServerUrl,
+          authConfigForHandler ?? authConfig
+        );
+        if (tokenResponse?.accessToken) {
+          if (tokenResponse.resolvedAuthConfig) {
+            this.updateServerAuthConfig(mcpServerUrl, tokenResponse.resolvedAuthConfig);
+          }
+          this.storeOAuthToken(mcpServerUrl, tokenResponse);
+          return tokenResponse.accessToken;
+        }
+      }
+    }
+    return void 0;
+  }
+  // ================================================================
+  // Chat Loop
+  // ================================================================
+  /**
+   * The core orchestration loop:
+   * 1. Send message to chat API
+   * 2. Stream response
+   * 3. If tool_call → execute tool via MCP → send result → continue
+   * 4. If message_end → done
+   */
+  async runChatLoop(message) {
+    this.abortController = new AbortController();
+    this.emit("thinking", true);
+    const chatBody = {
+      agentId: this.config.agentId,
+      conversationId: this.conversationId,
+      message,
+      externalUserId: this.resolveExternalUserId(),
+      context: this.config.context
+    };
+    const externalUser = this.buildExternalUserContext();
+    if (externalUser) {
+      chatBody.externalUser = externalUser;
+    }
+    const clientToolSchemas = this.clientToolsToSchemas();
+    if (clientToolSchemas.length > 0) {
+      chatBody.clientTools = clientToolSchemas;
+    }
+    let response = await this.callChatApi(chatBody, "chat");
+    while (true) {
+      const result = await this.processSseStream(response);
+      if (result.type === "message_end") {
+        break;
+      }
+      if (result.type === "tool_call") {
+        const toolCall = result.data;
+        const startTime = Date.now();
+        try {
+          const toolResult = await this.executeTool(toolCall);
+          const duration = Date.now() - startTime;
+          const toolCallMsg = this.messages.find(
+            (m) => m.role === "tool_call" && m.toolCallId === toolCall.toolCallId
+          );
+          if (toolCallMsg) {
+            toolCallMsg.toolCallStatus = "completed";
+            toolCallMsg.toolCallDuration = duration;
+            toolCallMsg.toolResult = typeof toolResult === "string" ? toolResult : JSON.stringify(toolResult);
+          }
+          this.emit("tool_result", { toolCallId: toolCall.toolCallId, result: toolResult, duration });
+          const toolResultMsg = {
+            id: crypto.randomUUID(),
+            role: "tool_result",
+            content: typeof toolResult === "string" ? toolResult : JSON.stringify(toolResult),
+            toolCallId: toolCall.toolCallId,
+            toolName: toolCall.toolName,
+            timestamp: /* @__PURE__ */ new Date()
+          };
+          this.messages.push(toolResultMsg);
+          this.emit("thinking", true);
+          const toolResultBody = {
+            conversationId: this.conversationId,
+            toolCallId: toolCall.toolCallId,
+            result: toolResult,
+            durationMs: duration,
+            context: this.config.context
+          };
+          const clientToolSchemas2 = this.clientToolsToSchemas();
+          if (clientToolSchemas2.length > 0) {
+            toolResultBody.clientTools = clientToolSchemas2;
+          }
+          response = await this.callChatApi(toolResultBody, "chat/tool-result");
+        } catch (err) {
+          const duration = Date.now() - startTime;
+          const errorMsg = err instanceof Error ? err.message : "Tool execution failed";
+          const toolCallMsg = this.messages.find(
+            (m) => m.role === "tool_call" && m.toolCallId === toolCall.toolCallId
+          );
+          if (toolCallMsg) {
+            toolCallMsg.toolCallStatus = "error";
+            toolCallMsg.toolCallDuration = duration;
+            toolCallMsg.toolError = errorMsg;
+          }
+          this.emit("tool_error", { toolCallId: toolCall.toolCallId, error: errorMsg, duration });
+          const errorResult = `Error: ${errorMsg}`;
+          const toolResultMsg = {
+            id: crypto.randomUUID(),
+            role: "tool_result",
+            content: errorResult,
+            toolCallId: toolCall.toolCallId,
+            toolName: toolCall.toolName,
+            timestamp: /* @__PURE__ */ new Date()
+          };
+          this.messages.push(toolResultMsg);
+          this.emit("thinking", true);
+          try {
+            const toolResultBody = {
+              conversationId: this.conversationId,
+              toolCallId: toolCall.toolCallId,
+              result: errorResult,
+              isError: true,
+              durationMs: duration,
+              context: this.config.context
+            };
+            const clientToolSchemas2 = this.clientToolsToSchemas();
+            if (clientToolSchemas2.length > 0) {
+              toolResultBody.clientTools = clientToolSchemas2;
+            }
+            response = await this.callChatApi(toolResultBody, "chat/tool-result");
+          } catch {
+            this.emit("error", { code: "tool_error", message: errorMsg });
+            break;
+          }
+        }
+      }
+      if (result.type === "error") {
+        break;
+      }
+    }
+  }
+  async callChatApi(body, endpoint) {
+    const token = await this.resolveAuthToken();
+    const response = await fetch(
+      `${this.config.agentServiceUrl}/api/v1/${endpoint}`,
+      {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json",
+          Authorization: `Bearer ${token}`
+        },
+        body: JSON.stringify(body),
+        signal: this.abortController?.signal
+      }
+    );
+    if (!response.ok) {
+      throw new Error(await getResponseErrorMessage(response));
+    }
+    return response;
+  }
+  async fetchConversationMessages(conversationId, cursor, pageSize = 50) {
+    const token = await this.resolveAuthToken();
+    const params = new URLSearchParams();
+    params.set("pageSize", String(pageSize));
+    if (cursor) {
+      params.set("cursor", cursor);
+    }
+    const response = await fetch(
+      `${this.config.agentServiceUrl}/api/v1/chat/conversations/${encodeURIComponent(conversationId)}/messages?${params.toString()}`,
+      {
+        headers: {
+          Authorization: `Bearer ${token}`
+        }
+      }
+    );
+    if (!response.ok) {
+      throw new Error(await getResponseErrorMessage(response));
+    }
+    return await response.json();
+  }
+  applyConversationPage(page, prepend) {
+    const mappedMessages = page.messages.map((message) => this.mapReplayMessage(message));
+    this.conversationId = page.conversationId;
+    this.historyCursor = page.nextCursor ?? null;
+    this.hasOlderMessages = page.hasNextPage;
+    this.messages = prepend ? [...mappedMessages, ...this.messages] : mappedMessages;
+  }
+  mapReplayMessage(message) {
+    const timestamp = new Date(message.createdAt);
+    return {
+      id: message.id,
+      role: message.role,
+      content: message.content ?? "",
+      toolName: message.toolName ?? void 0,
+      toolLabel: message.toolLabel ?? void 0,
+      toolCallId: message.toolCallId ?? void 0,
+      timestamp,
+      toolCallStatus: message.toolCallStatus ?? void 0,
+      toolCallStartTime: message.toolCallDurationMs != null ? timestamp.getTime() - message.toolCallDurationMs : void 0,
+      toolCallDuration: message.toolCallDurationMs ?? void 0,
+      toolResult: message.toolResultJson ?? void 0,
+      toolError: message.toolError ?? void 0,
+      errorCode: message.errorCode ?? void 0,
+      metadataJson: message.metadataJson ?? null
+    };
+  }
+  /**
+   * Process an SSE stream from the chat API.
+   * Returns when the stream ends (either message_end or tool_call).
+   */
+  async processSseStream(response) {
+    let assistantContent = "";
+    let lastToolCall = null;
+    let emittedThinkingFalse = false;
+    for await (const event of parseSseStream(response, this.abortController?.signal)) {
+      switch (event.type) {
+        case "message_start": {
+          const data = event.data;
+          this.conversationId = data.conversationId;
+          break;
+        }
+        case "content_delta": {
+          const data = event.data;
+          if (!emittedThinkingFalse) {
+            this.emit("thinking", false);
+            emittedThinkingFalse = true;
+          }
+          assistantContent += data.text;
+          this.emit("content_delta", data);
+          break;
+        }
+        case "tool_call": {
+          const data = event.data;
+          if (!emittedThinkingFalse) {
+            this.emit("thinking", false);
+            emittedThinkingFalse = true;
+          }
+          lastToolCall = data;
+          const toolCallMsg = {
+            id: crypto.randomUUID(),
+            role: "tool_call",
+            content: `Calling ${data.toolLabel ?? data.toolName}...`,
+            toolName: data.toolName,
+            toolLabel: data.toolLabel,
+            toolCallId: data.toolCallId,
+            timestamp: /* @__PURE__ */ new Date(),
+            toolCallStatus: "calling",
+            toolCallStartTime: Date.now()
+          };
+          this.messages.push(toolCallMsg);
+          this.emit("tool_call", data);
+          break;
+        }
+        case "message_end": {
+          const data = event.data;
+          if (assistantContent) {
+            const assistantMsg = {
+              id: crypto.randomUUID(),
+              role: "assistant",
+              content: assistantContent,
+              timestamp: /* @__PURE__ */ new Date()
+            };
+            this.messages.push(assistantMsg);
+            this.emit("message", assistantMsg);
+          }
+          this.emit("message_end", data);
+          return { type: "message_end", data };
+        }
+        case "budget_snapshot": {
+          const data = event.data;
+          this.budgetSnapshot = data;
+          this.emit("budget_snapshot", data);
+          break;
+        }
+        case "error": {
+          const data = event.data;
+          if (data.budget) {
+            this.budgetSnapshot = data.budget;
+            this.emit("budget_snapshot", data.budget);
+          }
+          const errorMsg = {
+            id: crypto.randomUUID(),
+            role: "error",
+            content: data.message,
+            timestamp: /* @__PURE__ */ new Date(),
+            errorCode: data.code
+          };
+          this.messages.push(errorMsg);
+          this.emit("message", errorMsg);
+          this.emit("error", data);
+          return { type: "error", data };
+        }
+      }
+    }
+    if (lastToolCall) {
+      if (assistantContent) {
+        const assistantMsg = {
+          id: crypto.randomUUID(),
+          role: "assistant",
+          content: assistantContent,
+          timestamp: /* @__PURE__ */ new Date()
+        };
+        this.messages.push(assistantMsg);
+        this.emit("message", assistantMsg);
+      }
+      return { type: "tool_call", data: lastToolCall };
+    }
+    if (assistantContent) {
+      const assistantMsg = {
+        id: crypto.randomUUID(),
+        role: "assistant",
+        content: assistantContent,
+        timestamp: /* @__PURE__ */ new Date()
+      };
+      this.messages.push(assistantMsg);
+      this.emit("message", assistantMsg);
+    }
+    return { type: "message_end" };
+  }
+  // ================================================================
+  // MCP Session Management
+  // ================================================================
+  /** Build headers for MCP server requests */
+  getMcpHeaders(mcpServerUrl) {
+    const headers = {
+      "Content-Type": "application/json",
+      "Accept": "application/json, text/event-stream"
+    };
+    const session = this.mcpSessions.get(mcpServerUrl);
+    if (session?.sessionId) {
+      headers["Mcp-Session-Id"] = session.sessionId;
+    }
+    return headers;
+  }
+  /** Best-effort MCP session teardown so reconnect starts cleanly after sign-out. */
+  async closeMcpSession(mcpServerUrl) {
+    const session = this.mcpSessions.get(mcpServerUrl);
+    if (!session?.sessionId) return;
+    const headers = {
+      "Accept": "application/json, text/event-stream",
+      "Mcp-Session-Id": session.sessionId
+    };
+    const storedToken = this.loadOAuthToken(mcpServerUrl);
+    if (storedToken?.accessToken) {
+      headers["Authorization"] = `Bearer ${storedToken.accessToken}`;
+    }
+    try {
+      await fetch(mcpServerUrl, {
+        method: "DELETE",
+        headers,
+        credentials: this.config.useCookies ? "include" : "omit"
+      });
+    } catch {
+    }
+    this.mcpSessions.set(mcpServerUrl, {
+      sessionId: null,
+      authStatus: session.authStatus
+    });
+  }
+  /** Initialize the MCP session for a specific server (required before tools/call) */
+  async initMcpSession(mcpServerUrl) {
+    const session = this.mcpSessions.get(mcpServerUrl);
+    if (session?.sessionId) return;
+    const headers = this.getMcpHeaders(mcpServerUrl);
+    await this.ensureServerAuthConfig(mcpServerUrl);
+    const token = await this.resolveToken(mcpServerUrl);
+    if (token) headers["Authorization"] = `Bearer ${token}`;
+    const initPayload = JSON.stringify({
+      jsonrpc: "2.0",
+      id: 1,
+      method: "initialize",
+      params: {
+        protocolVersion: DEFAULT_MCP_PROTOCOL_VERSION,
+        capabilities: {},
+        clientInfo: { name: "mcpstack-agent-sdk", version: "0.1.0" }
+      }
+    });
+    const initResponse = await fetch(mcpServerUrl, {
+      method: "POST",
+      headers,
+      credentials: this.config.useCookies ? "include" : "omit",
+      body: initPayload
+    });
+    if (initResponse.status === 401) {
+      this.clearOAuthToken(mcpServerUrl);
+      this.updateMcpAuthStatus(mcpServerUrl, "needs_auth");
+      const freshToken = await this.resolveToken(mcpServerUrl);
+      if (freshToken) {
+        headers["Authorization"] = `Bearer ${freshToken}`;
+        const retryResponse = await fetch(mcpServerUrl, {
+          method: "POST",
+          headers,
+          credentials: this.config.useCookies ? "include" : "omit",
+          body: initPayload
+        });
+        if (retryResponse.ok) {
+          const sessionId2 = retryResponse.headers.get("mcp-session-id");
+          this.mcpSessions.set(mcpServerUrl, { sessionId: sessionId2, authStatus: "connected" });
+          this.updateMcpAuthStatus(mcpServerUrl, "connected");
+          await retryResponse.text().catch(() => {
+          });
+          const notifyHeaders2 = this.getMcpHeaders(mcpServerUrl);
+          notifyHeaders2["Authorization"] = `Bearer ${freshToken}`;
+          await fetch(mcpServerUrl, {
+            method: "POST",
+            headers: notifyHeaders2,
+            credentials: this.config.useCookies ? "include" : "omit",
+            body: JSON.stringify({ jsonrpc: "2.0", method: "notifications/initialized" })
+          });
+          return;
+        }
+      }
+      throw new Error("MCP initialization failed (401): Authentication required");
+    }
+    if (!initResponse.ok) {
+      const errorText = await initResponse.text().catch(() => "MCP init error");
+      throw new Error(`MCP initialization failed (${initResponse.status}): ${errorText}`);
+    }
+    const sessionId = initResponse.headers.get("mcp-session-id");
+    this.mcpSessions.set(mcpServerUrl, { sessionId, authStatus: "connected" });
+    this.updateMcpAuthStatus(mcpServerUrl, "connected");
+    await initResponse.text().catch(() => {
+    });
+    const notifyHeaders = this.getMcpHeaders(mcpServerUrl);
+    if (token) notifyHeaders["Authorization"] = `Bearer ${token}`;
+    await fetch(mcpServerUrl, {
+      method: "POST",
+      headers: notifyHeaders,
+      credentials: this.config.useCookies ? "include" : "omit",
+      body: JSON.stringify({ jsonrpc: "2.0", method: "notifications/initialized" })
+    });
+  }
+  /** Update auth status for an MCP server and emit event */
+  updateMcpAuthStatus(mcpServerUrl, authStatus) {
+    const session = this.mcpSessions.get(mcpServerUrl);
+    if (session) {
+      session.authStatus = authStatus;
+    } else {
+      this.mcpSessions.set(mcpServerUrl, { sessionId: null, authStatus });
+    }
+    const serverInfo = this.agentConfig?.mcpServers?.find((s) => s.url === mcpServerUrl);
+    this.emit("mcp_auth_status", {
+      mcpServerUrl,
+      mcpServerName: serverInfo?.name ?? mcpServerUrl,
+      authStatus
+    });
+  }
+  /** Parse a JSON-RPC response from either JSON or SSE format */
+  async parseMcpResponse(response) {
+    const contentType = (response.headers.get("content-type") || "").toLowerCase();
+    if (contentType.includes("text/event-stream")) {
+      const text = await response.text();
+      const lines = text.split("\n");
+      let jsonData = "";
+      for (const line of lines) {
+        if (line.startsWith("data: ")) {
+          jsonData += line.slice(6);
+        }
+      }
+      if (!jsonData) {
+        throw new Error("No data received from MCP server SSE response");
+      }
+      return JSON.parse(jsonData);
+    }
+    return response.json();
+  }
+  // ================================================================
+  // Tool Execution
+  // ================================================================
+  async executeTool(toolCall) {
+    const isClientTool = toolCall.source === "client" || !toolCall.mcpServerUrl;
+    if (isClientTool && this.config.clientTools) {
+      const def = this.config.clientTools[toolCall.toolName];
+      if (def) {
+        const result2 = await def.execute(toolCall.arguments ?? {});
+        return result2;
+      }
+      throw new Error(`Unknown client tool: ${toolCall.toolName}`);
+    }
+    const mcpServerUrl = toolCall.mcpServerUrl || this.agentConfig?.mcpServerUrl;
+    if (!mcpServerUrl) {
+      throw new Error("No MCP server URL for tool call");
+    }
+    await this.initMcpSession(mcpServerUrl);
+    const token = await this.resolveToken(mcpServerUrl);
+    const headers = this.getMcpHeaders(mcpServerUrl);
+    if (token) headers["Authorization"] = `Bearer ${token}`;
+    const toolCallBody = JSON.stringify({
+      jsonrpc: "2.0",
+      id: 2,
+      method: "tools/call",
+      params: { name: toolCall.toolName, arguments: toolCall.arguments }
+    });
+    let response = await fetch(mcpServerUrl, {
+      method: "POST",
+      headers,
+      credentials: this.config.useCookies ? "include" : "omit",
+      body: toolCallBody,
+      signal: this.abortController?.signal
+    });
+    const session = this.mcpSessions.get(mcpServerUrl);
+    if (response.status === 404 && session?.sessionId) {
+      this.mcpSessions.set(mcpServerUrl, { ...session, sessionId: null });
+      await this.initMcpSession(mcpServerUrl);
+      const retryHeaders = this.getMcpHeaders(mcpServerUrl);
+      if (token) retryHeaders["Authorization"] = `Bearer ${token}`;
+      response = await fetch(mcpServerUrl, {
+        method: "POST",
+        headers: retryHeaders,
+        credentials: this.config.useCookies ? "include" : "omit",
+        body: toolCallBody,
+        signal: this.abortController?.signal
+      });
+    }
+    if (response.status === 401) {
+      this.clearOAuthToken(mcpServerUrl);
+      this.updateMcpAuthStatus(mcpServerUrl, "needs_auth");
+      const freshToken = await this.resolveToken(mcpServerUrl);
+      if (freshToken) {
+        const authHeaders = this.getMcpHeaders(mcpServerUrl);
+        authHeaders["Authorization"] = `Bearer ${freshToken}`;
+        response = await fetch(mcpServerUrl, {
+          method: "POST",
+          headers: authHeaders,
+          credentials: this.config.useCookies ? "include" : "omit",
+          body: toolCallBody,
+          signal: this.abortController?.signal
+        });
+        if (response.ok) {
+          this.updateMcpAuthStatus(mcpServerUrl, "connected");
+        }
+      }
+      if (!response.ok) {
+        const errorText = await response.text().catch(() => "Authentication required");
+        throw new Error(`Tool execution failed (401): ${errorText}`);
+      }
+    }
+    if (!response.ok) {
+      const errorText = await response.text().catch(() => "MCP server error");
+      throw new Error(`Tool execution failed (${response.status}): ${errorText}`);
+    }
+    const currentSession = this.mcpSessions.get(mcpServerUrl);
+    if (currentSession?.authStatus === "needs_auth") {
+      this.updateMcpAuthStatus(mcpServerUrl, "connected");
+    }
+    const result = await this.parseMcpResponse(response);
+    if (result.error) {
+      throw new Error(`MCP error (${result.error.code}): ${result.error.message}`);
+    }
+    if (result.result?.content) {
+      const textContent = result.result.content.filter((c) => c.type === "text").map((c) => c.text).join("\n");
+      return textContent || result.result;
+    }
+    return result.result ?? result;
+  }
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  McpStackAgent,
+  clearPersistedMcpAuth,
+  clearPersistedMcpAuthState
+});
+//# sourceMappingURL=index.js.map