npm - @modelcontextprotocol/sdk - Versions diffs - 1.12.3 → 1.13.1 - Mend

@modelcontextprotocol/sdk 1.12.3 → 1.13.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (166) hide show

package/README.md +342 -24
package/dist/cjs/client/auth.d.ts +15 -3
package/dist/cjs/client/auth.d.ts.map +1 -1
package/dist/cjs/client/auth.js +40 -10
package/dist/cjs/client/auth.js.map +1 -1
package/dist/cjs/client/index.d.ts +308 -26
package/dist/cjs/client/index.d.ts.map +1 -1
package/dist/cjs/client/index.js +11 -2
package/dist/cjs/client/index.js.map +1 -1
package/dist/cjs/client/sse.d.ts +2 -0
package/dist/cjs/client/sse.d.ts.map +1 -1
package/dist/cjs/client/sse.js +30 -13
package/dist/cjs/client/sse.js.map +1 -1
package/dist/cjs/client/streamableHttp.d.ts +3 -0
package/dist/cjs/client/streamableHttp.d.ts.map +1 -1
package/dist/cjs/client/streamableHttp.js +9 -0
package/dist/cjs/client/streamableHttp.js.map +1 -1
package/dist/cjs/examples/client/simpleStreamableHttp.js +261 -5
package/dist/cjs/examples/client/simpleStreamableHttp.js.map +1 -1
package/dist/cjs/examples/server/demoInMemoryOAuthProvider.d.ts +10 -4
package/dist/cjs/examples/server/demoInMemoryOAuthProvider.d.ts.map +1 -1
package/dist/cjs/examples/server/demoInMemoryOAuthProvider.js +21 -7
package/dist/cjs/examples/server/demoInMemoryOAuthProvider.js.map +1 -1
package/dist/cjs/examples/server/simpleStreamableHttp.js +246 -10
package/dist/cjs/examples/server/simpleStreamableHttp.js.map +1 -1
package/dist/cjs/server/auth/handlers/authorize.d.ts.map +1 -1
package/dist/cjs/server/auth/handlers/authorize.js +3 -3
package/dist/cjs/server/auth/handlers/authorize.js.map +1 -1
package/dist/cjs/server/auth/handlers/register.d.ts.map +1 -1
package/dist/cjs/server/auth/handlers/register.js +0 -1
package/dist/cjs/server/auth/handlers/register.js.map +1 -1
package/dist/cjs/server/auth/handlers/revoke.d.ts +1 -1
package/dist/cjs/server/auth/handlers/revoke.d.ts.map +1 -1
package/dist/cjs/server/auth/handlers/revoke.js +4 -6
package/dist/cjs/server/auth/handlers/revoke.js.map +1 -1
package/dist/cjs/server/auth/handlers/token.d.ts.map +1 -1
package/dist/cjs/server/auth/handlers/token.js +6 -6
package/dist/cjs/server/auth/handlers/token.js.map +1 -1
package/dist/cjs/server/auth/middleware/bearerAuth.d.ts.map +1 -1
package/dist/cjs/server/auth/middleware/bearerAuth.js +0 -1
package/dist/cjs/server/auth/middleware/bearerAuth.js.map +1 -1
package/dist/cjs/server/auth/middleware/clientAuth.d.ts.map +1 -1
package/dist/cjs/server/auth/middleware/clientAuth.js +0 -1
package/dist/cjs/server/auth/middleware/clientAuth.js.map +1 -1
package/dist/cjs/server/auth/provider.d.ts +3 -2
package/dist/cjs/server/auth/provider.d.ts.map +1 -1
package/dist/cjs/server/auth/providers/proxyProvider.d.ts +2 -2
package/dist/cjs/server/auth/providers/proxyProvider.d.ts.map +1 -1
package/dist/cjs/server/auth/providers/proxyProvider.js +10 -2
package/dist/cjs/server/auth/providers/proxyProvider.js.map +1 -1
package/dist/cjs/server/auth/types.d.ts +5 -0
package/dist/cjs/server/auth/types.d.ts.map +1 -1
package/dist/cjs/server/completable.d.ts +3 -1
package/dist/cjs/server/completable.d.ts.map +1 -1
package/dist/cjs/server/completable.js.map +1 -1
package/dist/cjs/server/index.d.ts +14 -1
package/dist/cjs/server/index.d.ts.map +1 -1
package/dist/cjs/server/index.js +36 -5
package/dist/cjs/server/index.js.map +1 -1
package/dist/cjs/server/mcp.d.ts +28 -1
package/dist/cjs/server/mcp.d.ts.map +1 -1
package/dist/cjs/server/mcp.js +147 -84
package/dist/cjs/server/mcp.js.map +1 -1
package/dist/cjs/server/sse.d.ts.map +1 -1
package/dist/cjs/server/sse.js.map +1 -1
package/dist/cjs/server/streamableHttp.d.ts +2 -1
package/dist/cjs/server/streamableHttp.d.ts.map +1 -1
package/dist/cjs/server/streamableHttp.js +36 -5
package/dist/cjs/server/streamableHttp.js.map +1 -1
package/dist/cjs/shared/auth-utils.d.ts +23 -0
package/dist/cjs/shared/auth-utils.d.ts.map +1 -0
package/dist/cjs/shared/auth-utils.js +48 -0
package/dist/cjs/shared/auth-utils.js.map +1 -0
package/dist/cjs/shared/metadataUtils.d.ts +12 -0
package/dist/cjs/shared/metadataUtils.d.ts.map +1 -0
package/dist/cjs/shared/metadataUtils.js +29 -0
package/dist/cjs/shared/metadataUtils.js.map +1 -0
package/dist/cjs/shared/transport.d.ts +4 -0
package/dist/cjs/shared/transport.d.ts.map +1 -1
package/dist/cjs/types.d.ts +16263 -2158
package/dist/cjs/types.d.ts.map +1 -1
package/dist/cjs/types.js +220 -59
package/dist/cjs/types.js.map +1 -1
package/dist/esm/client/auth.d.ts +15 -3
package/dist/esm/client/auth.d.ts.map +1 -1
package/dist/esm/client/auth.js +39 -10
package/dist/esm/client/auth.js.map +1 -1
package/dist/esm/client/index.d.ts +308 -26
package/dist/esm/client/index.d.ts.map +1 -1
package/dist/esm/client/index.js +11 -2
package/dist/esm/client/index.js.map +1 -1
package/dist/esm/client/sse.d.ts +2 -0
package/dist/esm/client/sse.d.ts.map +1 -1
package/dist/esm/client/sse.js +30 -13
package/dist/esm/client/sse.js.map +1 -1
package/dist/esm/client/streamableHttp.d.ts +3 -0
package/dist/esm/client/streamableHttp.d.ts.map +1 -1
package/dist/esm/client/streamableHttp.js +9 -0
package/dist/esm/client/streamableHttp.js.map +1 -1
package/dist/esm/examples/client/simpleStreamableHttp.js +259 -6
package/dist/esm/examples/client/simpleStreamableHttp.js.map +1 -1
package/dist/esm/examples/server/demoInMemoryOAuthProvider.d.ts +10 -4
package/dist/esm/examples/server/demoInMemoryOAuthProvider.d.ts.map +1 -1
package/dist/esm/examples/server/demoInMemoryOAuthProvider.js +21 -7
package/dist/esm/examples/server/demoInMemoryOAuthProvider.js.map +1 -1
package/dist/esm/examples/server/simpleStreamableHttp.js +246 -10
package/dist/esm/examples/server/simpleStreamableHttp.js.map +1 -1
package/dist/esm/server/auth/handlers/authorize.d.ts.map +1 -1
package/dist/esm/server/auth/handlers/authorize.js +3 -3
package/dist/esm/server/auth/handlers/authorize.js.map +1 -1
package/dist/esm/server/auth/handlers/register.d.ts.map +1 -1
package/dist/esm/server/auth/handlers/register.js +0 -1
package/dist/esm/server/auth/handlers/register.js.map +1 -1
package/dist/esm/server/auth/handlers/revoke.d.ts +1 -1
package/dist/esm/server/auth/handlers/revoke.d.ts.map +1 -1
package/dist/esm/server/auth/handlers/revoke.js +5 -7
package/dist/esm/server/auth/handlers/revoke.js.map +1 -1
package/dist/esm/server/auth/handlers/token.d.ts.map +1 -1
package/dist/esm/server/auth/handlers/token.js +6 -6
package/dist/esm/server/auth/handlers/token.js.map +1 -1
package/dist/esm/server/auth/middleware/bearerAuth.d.ts.map +1 -1
package/dist/esm/server/auth/middleware/bearerAuth.js +0 -1
package/dist/esm/server/auth/middleware/bearerAuth.js.map +1 -1
package/dist/esm/server/auth/middleware/clientAuth.d.ts.map +1 -1
package/dist/esm/server/auth/middleware/clientAuth.js +0 -1
package/dist/esm/server/auth/middleware/clientAuth.js.map +1 -1
package/dist/esm/server/auth/provider.d.ts +3 -2
package/dist/esm/server/auth/provider.d.ts.map +1 -1
package/dist/esm/server/auth/providers/proxyProvider.d.ts +2 -2
package/dist/esm/server/auth/providers/proxyProvider.d.ts.map +1 -1
package/dist/esm/server/auth/providers/proxyProvider.js +10 -2
package/dist/esm/server/auth/providers/proxyProvider.js.map +1 -1
package/dist/esm/server/auth/types.d.ts +5 -0
package/dist/esm/server/auth/types.d.ts.map +1 -1
package/dist/esm/server/completable.d.ts +3 -1
package/dist/esm/server/completable.d.ts.map +1 -1
package/dist/esm/server/completable.js.map +1 -1
package/dist/esm/server/index.d.ts +14 -1
package/dist/esm/server/index.d.ts.map +1 -1
package/dist/esm/server/index.js +34 -6
package/dist/esm/server/index.js.map +1 -1
package/dist/esm/server/mcp.d.ts +28 -1
package/dist/esm/server/mcp.d.ts.map +1 -1
package/dist/esm/server/mcp.js +147 -84
package/dist/esm/server/mcp.js.map +1 -1
package/dist/esm/server/sse.d.ts.map +1 -1
package/dist/esm/server/sse.js.map +1 -1
package/dist/esm/server/streamableHttp.d.ts +2 -1
package/dist/esm/server/streamableHttp.d.ts.map +1 -1
package/dist/esm/server/streamableHttp.js +37 -6
package/dist/esm/server/streamableHttp.js.map +1 -1
package/dist/esm/shared/auth-utils.d.ts +23 -0
package/dist/esm/shared/auth-utils.d.ts.map +1 -0
package/dist/esm/shared/auth-utils.js +44 -0
package/dist/esm/shared/auth-utils.js.map +1 -0
package/dist/esm/shared/metadataUtils.d.ts +12 -0
package/dist/esm/shared/metadataUtils.d.ts.map +1 -0
package/dist/esm/shared/metadataUtils.js +26 -0
package/dist/esm/shared/metadataUtils.js.map +1 -0
package/dist/esm/shared/transport.d.ts +4 -0
package/dist/esm/shared/transport.d.ts.map +1 -1
package/dist/esm/types.d.ts +16263 -2158
package/dist/esm/types.d.ts.map +1 -1
package/dist/esm/types.js +217 -57
package/dist/esm/types.js.map +1 -1
package/package.json +6 -3

package/README.md CHANGED Viewed

@@ -11,6 +11,7 @@
   - [Resources](#resources)
   - [Tools](#tools)
   - [Prompts](#prompts)
+  - [Completions](#completions)
 - [Running Your Server](#running-your-server)
   - [stdio](#stdio)
   - [Streamable HTTP](#streamable-http)
@@ -54,22 +55,30 @@ import { z } from "zod";
 // Create an MCP server
 const server = new McpServer({
-  name: "Demo",
+  name: "demo-server",
   version: "1.0.0"
 });
 // Add an addition tool
-server.tool("add",
-  { a: z.number(), b: z.number() },
+server.registerTool("add",
+  {
+    title: "Addition Tool",
+    description: "Add two numbers",
+    inputSchema: { a: z.number(), b: z.number() }
+  },
   async ({ a, b }) => ({
     content: [{ type: "text", text: String(a + b) }]
   })
 );
 // Add a dynamic greeting resource
-server.resource(
+server.registerResource(
   "greeting",
   new ResourceTemplate("greeting://{name}", { list: undefined }),
+  {
+    title: "Greeting Resource",      // Display name for UI
+    description: "Dynamic greeting generator"
+  },
   async (uri, { name }) => ({
     contents: [{
       uri: uri.href,
@@ -100,7 +109,7 @@ The McpServer is your core interface to the MCP protocol. It handles connection
 ```typescript
 const server = new McpServer({
-  name: "My App",
+  name: "my-app",
   version: "1.0.0"
 });
 ```
@@ -111,9 +120,14 @@ Resources are how you expose data to LLMs. They're similar to GET endpoints in a
 ```typescript
 // Static resource
-server.resource(
+server.registerResource(
   "config",
   "config://app",
+  {
+    title: "Application Config",
+    description: "Application configuration data",
+    mimeType: "text/plain"
+  },
   async (uri) => ({
     contents: [{
       uri: uri.href,
@@ -123,9 +137,13 @@ server.resource(
 );
 // Dynamic resource with parameters
-server.resource(
+server.registerResource(
   "user-profile",
   new ResourceTemplate("users://{userId}/profile", { list: undefined }),
+  {
+    title: "User Profile",
+    description: "User profile information"
+  },
   async (uri, { userId }) => ({
     contents: [{
       uri: uri.href,
@@ -133,6 +151,33 @@ server.resource(
     }]
   })
 );
+// Resource with context-aware completion
+server.registerResource(
+  "repository",
+  new ResourceTemplate("github://repos/{owner}/{repo}", {
+    list: undefined,
+    complete: {
+      // Provide intelligent completions based on previously resolved parameters
+      repo: (value, context) => {
+        if (context?.arguments?.["owner"] === "org1") {
+          return ["project1", "project2", "project3"].filter(r => r.startsWith(value));
+        }
+        return ["default-repo"].filter(r => r.startsWith(value));
+      }
+    }
+  }),
+  {
+    title: "GitHub Repository",
+    description: "Repository information"
+  },
+  async (uri, { owner, repo }) => ({
+    contents: [{
+      uri: uri.href,
+      text: `Repository: ${owner}/${repo}`
+    }]
+  })
+);
 ```
 ### Tools
@@ -141,11 +186,15 @@ Tools let LLMs take actions through your server. Unlike resources, tools are exp
 ```typescript
 // Simple tool with parameters
-server.tool(
+server.registerTool(
   "calculate-bmi",
   {
-    weightKg: z.number(),
-    heightM: z.number()
+    title: "BMI Calculator",
+    description: "Calculate Body Mass Index",
+    inputSchema: {
+      weightKg: z.number(),
+      heightM: z.number()
+    }
   },
   async ({ weightKg, heightM }) => ({
     content: [{
@@ -156,9 +205,13 @@ server.tool(
 );
 // Async tool with external API call
-server.tool(
+server.registerTool(
   "fetch-weather",
-  { city: z.string() },
+  {
+    title: "Weather Fetcher",
+    description: "Get weather data for a city",
+    inputSchema: { city: z.string() }
+  },
   async ({ city }) => {
     const response = await fetch(`https://api.weather.com/${city}`);
     const data = await response.text();
@@ -167,16 +220,56 @@ server.tool(
     };
   }
 );
+// Tool that returns ResourceLinks
+server.registerTool(
+  "list-files",
+  {
+    title: "List Files",
+    description: "List project files",
+    inputSchema: { pattern: z.string() }
+  },
+  async ({ pattern }) => ({
+    content: [
+      { type: "text", text: `Found files matching "${pattern}":` },
+      // ResourceLinks let tools return references without file content
+      {
+        type: "resource_link",
+        uri: "file:///project/README.md",
+        name: "README.md",
+        mimeType: "text/markdown",
+        description: 'A README file'
+      },
+      {
+        type: "resource_link",
+        uri: "file:///project/src/index.ts",
+        name: "index.ts",
+        mimeType: "text/typescript",
+        description: 'An index file'
+      }
+    ]
+  })
+);
 ```
+#### ResourceLinks
+Tools can return `ResourceLink` objects to reference resources without embedding their full content. This is essential for performance when dealing with large files or many resources - clients can then selectively read only the resources they need using the provided URIs.
 ### Prompts
 Prompts are reusable templates that help LLMs interact with your server effectively:
 ```typescript
-server.prompt(
+import { completable } from "@modelcontextprotocol/sdk/server/completable.js";
+server.registerPrompt(
   "review-code",
-  { code: z.string() },
+  {
+    title: "Code Review",
+    description: "Review code for best practices and potential issues",
+    argsSchema: { code: z.string() }
+  },
   ({ code }) => ({
     messages: [{
       role: "user",
@@ -187,6 +280,106 @@ server.prompt(
     }]
   })
 );
+// Prompt with context-aware completion
+server.registerPrompt(
+  "team-greeting",
+  {
+    title: "Team Greeting",
+    description: "Generate a greeting for team members",
+    argsSchema: {
+      department: completable(z.string(), (value) => {
+        // Department suggestions
+        return ["engineering", "sales", "marketing", "support"].filter(d => d.startsWith(value));
+      }),
+      name: completable(z.string(), (value, context) => {
+        // Name suggestions based on selected department
+        const department = context?.arguments?.["department"];
+        if (department === "engineering") {
+          return ["Alice", "Bob", "Charlie"].filter(n => n.startsWith(value));
+        } else if (department === "sales") {
+          return ["David", "Eve", "Frank"].filter(n => n.startsWith(value));
+        } else if (department === "marketing") {
+          return ["Grace", "Henry", "Iris"].filter(n => n.startsWith(value));
+        }
+        return ["Guest"].filter(n => n.startsWith(value));
+      })
+    }
+  },
+  ({ department, name }) => ({
+    messages: [{
+      role: "assistant",
+      content: {
+        type: "text",
+        text: `Hello ${name}, welcome to the ${department} team!`
+      }
+    }]
+  })
+);
+```
+### Completions
+MCP supports argument completions to help users fill in prompt arguments and resource template parameters. See the examples above for [resource completions](#resources) and [prompt completions](#prompts).
+#### Client Usage
+```typescript
+// Request completions for any argument
+const result = await client.complete({
+  ref: {
+    type: "ref/prompt",  // or "ref/resource"
+    name: "example"      // or uri: "template://..."
+  },
+  argument: {
+    name: "argumentName",
+    value: "partial"     // What the user has typed so far
+  },
+  context: {             // Optional: Include previously resolved arguments
+    arguments: {
+      previousArg: "value"
+    }
+  }
+});
+```
+### Display Names and Metadata
+All resources, tools, and prompts support an optional `title` field for better UI presentation. The `title` is used as a display name, while `name` remains the unique identifier.
+**Note:** The `register*` methods (`registerTool`, `registerPrompt`, `registerResource`) are the recommended approach for new code. The older methods (`tool`, `prompt`, `resource`) remain available for backwards compatibility.
+#### Title Precedence for Tools
+For tools specifically, there are two ways to specify a title:
+- `title` field in the tool configuration
+- `annotations.title` field (when using the older `tool()` method with annotations)
+The precedence order is: `title` → `annotations.title` → `name`
+```typescript
+// Using registerTool (recommended)
+server.registerTool("my_tool", {
+  title: "My Tool",              // This title takes precedence
+  annotations: {
+    title: "Annotation Title"    // This is ignored if title is set
+  }
+}, handler);
+// Using tool with annotations (older API)
+server.tool("my_tool", "description", {
+  title: "Annotation Title"      // This is used as title
+}, handler);
+```
+When building clients, use the provided utility to get the appropriate display name:
+```typescript
+import { getDisplayName } from "@modelcontextprotocol/sdk/shared/metadataUtils.js";
+// Automatically handles the precedence: title → annotations.title → name
+const displayName = getDisplayName(tool);
 ```
 ## Running Your Server
@@ -401,13 +594,17 @@ import { McpServer, ResourceTemplate } from "@modelcontextprotocol/sdk/server/mc
 import { z } from "zod";
 const server = new McpServer({
-  name: "Echo",
+  name: "echo-server",
   version: "1.0.0"
 });
-server.resource(
+server.registerResource(
   "echo",
   new ResourceTemplate("echo://{message}", { list: undefined }),
+  {
+    title: "Echo Resource",
+    description: "Echoes back messages as resources"
+  },
   async (uri, { message }) => ({
     contents: [{
       uri: uri.href,
@@ -416,17 +613,25 @@ server.resource(
   })
 );
-server.tool(
+server.registerTool(
   "echo",
-  { message: z.string() },
+  {
+    title: "Echo Tool",
+    description: "Echoes back the provided message",
+    inputSchema: { message: z.string() }
+  },
   async ({ message }) => ({
     content: [{ type: "text", text: `Tool echo: ${message}` }]
   })
 );
-server.prompt(
+server.registerPrompt(
   "echo",
-  { message: z.string() },
+  {
+    title: "Echo Prompt",
+    description: "Creates a prompt to process a message",
+    argsSchema: { message: z.string() }
+  },
   ({ message }) => ({
     messages: [{
       role: "user",
@@ -450,7 +655,7 @@ import { promisify } from "util";
 import { z } from "zod";
 const server = new McpServer({
-  name: "SQLite Explorer",
+  name: "sqlite-explorer",
   version: "1.0.0"
 });
@@ -463,9 +668,14 @@ const getDb = () => {
   };
 };
-server.resource(
+server.registerResource(
   "schema",
   "schema://main",
+  {
+    title: "Database Schema",
+    description: "SQLite database schema",
+    mimeType: "text/plain"
+  },
   async (uri) => {
     const db = getDb();
     try {
@@ -484,9 +694,13 @@ server.resource(
   }
 );
-server.tool(
+server.registerTool(
   "query",
-  { sql: z.string() },
+  {
+    title: "SQL Query",
+    description: "Execute SQL queries on the database",
+    inputSchema: { sql: z.string() }
+  },
   async ({ sql }) => {
     const db = getDb();
     try {
@@ -635,6 +849,109 @@ const transport = new StdioServerTransport();
 await server.connect(transport);
 ```
+### Eliciting User Input
+MCP servers can request additional information from users through the elicitation feature. This is useful for interactive workflows where the server needs user input or confirmation:
+```typescript
+// Server-side: Restaurant booking tool that asks for alternatives
+server.tool(
+  "book-restaurant",
+  {
+    restaurant: z.string(),
+    date: z.string(),
+    partySize: z.number()
+  },
+  async ({ restaurant, date, partySize }) => {
+    // Check availability
+    const available = await checkAvailability(restaurant, date, partySize);
+    if (!available) {
+      // Ask user if they want to try alternative dates
+      const result = await server.server.elicitInput({
+        message: `No tables available at ${restaurant} on ${date}. Would you like to check alternative dates?`,
+        requestedSchema: {
+          type: "object",
+          properties: {
+            checkAlternatives: {
+              type: "boolean",
+              title: "Check alternative dates",
+              description: "Would you like me to check other dates?"
+            },
+            flexibleDates: {
+              type: "string",
+              title: "Date flexibility",
+              description: "How flexible are your dates?",
+              enum: ["next_day", "same_week", "next_week"],
+              enumNames: ["Next day", "Same week", "Next week"]
+            }
+          },
+          required: ["checkAlternatives"]
+        }
+      });
+      if (result.action === "accept" && result.content?.checkAlternatives) {
+        const alternatives = await findAlternatives(
+          restaurant,
+          date,
+          partySize,
+          result.content.flexibleDates as string
+        );
+        return {
+          content: [{
+            type: "text",
+            text: `Found these alternatives: ${alternatives.join(", ")}`
+          }]
+        };
+      }
+      return {
+        content: [{
+          type: "text",
+          text: "No booking made. Original date not available."
+        }]
+      };
+    }
+    // Book the table
+    await makeBooking(restaurant, date, partySize);
+    return {
+      content: [{
+        type: "text",
+        text: `Booked table for ${partySize} at ${restaurant} on ${date}`
+      }]
+    };
+  }
+);
+```
+Client-side: Handle elicitation requests
+```typescript
+// This is a placeholder - implement based on your UI framework
+async function getInputFromUser(message: string, schema: any): Promise<{
+  action: "accept" | "reject" | "cancel";
+  data?: Record<string, any>;
+}> {
+  // This should be implemented depending on the app
+  throw new Error("getInputFromUser must be implemented for your platform");
+}
+client.setRequestHandler(ElicitRequestSchema, async (request) => {
+  const userResponse = await getInputFromUser(
+    request.params.message,
+    request.params.requestedSchema
+  );
+  return {
+    action: userResponse.action,
+    content: userResponse.action === "accept" ? userResponse.data : undefined
+  };
+});
+```
+**Note**: Elicitation requires client support. Clients must declare the `elicitation` capability during initialization.
 ### Writing MCP Clients
 The SDK provides a high-level client interface:
@@ -683,6 +1000,7 @@ const result = await client.callTool({
     arg1: "value"
   }
 });
 ```
 ### Proxy Authorization Requests Upstream

package/dist/cjs/client/auth.d.ts CHANGED Viewed

@@ -58,6 +58,14 @@ export interface OAuthClientProvider {
      * the authorization result.
      */
     codeVerifier(): string | Promise<string>;
+    /**
+     * If defined, overrides the selection and validation of the
+     * RFC 8707 Resource Indicator. If left undefined, default
+     * validation behavior will be used.
+     *
+     * Implementations must verify the returned resource matches the MCP server.
+     */
+    validateResourceURL?(serverUrl: string | URL, resource?: string): Promise<URL | undefined>;
 }
 export type AuthResult = "AUTHORIZED" | "REDIRECT";
 export declare class UnauthorizedError extends Error {
@@ -75,6 +83,7 @@ export declare function auth(provider: OAuthClientProvider, { serverUrl, authori
     scope?: string;
     resourceMetadataUrl?: URL;
 }): Promise<AuthResult>;
+export declare function selectResourceURL(serverUrl: string | URL, provider: OAuthClientProvider, resourceMetadata?: OAuthProtectedResourceMetadata): Promise<URL | undefined>;
 /**
  * Extract resource_metadata from response header.
  */
@@ -101,12 +110,13 @@ export declare function discoverOAuthMetadata(authorizationServerUrl: string | U
 /**
  * Begins the authorization flow with the given server, by generating a PKCE challenge and constructing the authorization URL.
  */
-export declare function startAuthorization(authorizationServerUrl: string | URL, { metadata, clientInformation, redirectUrl, scope, state, }: {
+export declare function startAuthorization(authorizationServerUrl: string | URL, { metadata, clientInformation, redirectUrl, scope, state, resource, }: {
     metadata?: OAuthMetadata;
     clientInformation: OAuthClientInformation;
     redirectUrl: string | URL;
     scope?: string;
     state?: string;
+    resource?: URL;
 }): Promise<{
     authorizationUrl: URL;
     codeVerifier: string;
@@ -114,20 +124,22 @@ export declare function startAuthorization(authorizationServerUrl: string | URL,
 /**
  * Exchanges an authorization code for an access token with the given server.
  */
-export declare function exchangeAuthorization(authorizationServerUrl: string | URL, { metadata, clientInformation, authorizationCode, codeVerifier, redirectUri, }: {
+export declare function exchangeAuthorization(authorizationServerUrl: string | URL, { metadata, clientInformation, authorizationCode, codeVerifier, redirectUri, resource, }: {
     metadata?: OAuthMetadata;
     clientInformation: OAuthClientInformation;
     authorizationCode: string;
     codeVerifier: string;
     redirectUri: string | URL;
+    resource?: URL;
 }): Promise<OAuthTokens>;
 /**
  * Exchange a refresh token for an updated access token.
  */
-export declare function refreshAuthorization(authorizationServerUrl: string | URL, { metadata, clientInformation, refreshToken, }: {
+export declare function refreshAuthorization(authorizationServerUrl: string | URL, { metadata, clientInformation, refreshToken, resource, }: {
     metadata?: OAuthMetadata;
     clientInformation: OAuthClientInformation;
     refreshToken: string;
+    resource?: URL;
 }): Promise<OAuthTokens>;
 /**
  * Performs OAuth 2.0 Dynamic Client Registration according to RFC 7591.

package/dist/cjs/client/auth.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../../src/client/auth.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,mBAAmB,EAAE,sBAAsB,EAAE,WAAW,EAAE,aAAa,EAAE,0BAA0B,EAAE,8BAA8B,EAAE,MAAM,mBAAmB,CAAC;~~AAG7K~~;;;;;;GAMG;AACH,MAAM,WAAW,mBAAmB;IAClC;;OAEG;IACH,IAAI,WAAW,IAAI,MAAM,GAAG,GAAG,CAAC;IAEhC;;OAEG;IACH,IAAI,cAAc,IAAI,mBAAmB,CAAC;IAE1C;;OAEG;IACH,KAAK,CAAC,IAAI,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAEnC;;;;OAIG;IACH,iBAAiB,IAAI,sBAAsB,GAAG,SAAS,GAAG,OAAO,CAAC,sBAAsB,GAAG,SAAS,CAAC,CAAC;IAEtG;;;;;;;OAOG;IACH,qBAAqB,CAAC,CAAC,iBAAiB,EAAE,0BAA0B,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE5F;;;OAGG;IACH,MAAM,IAAI,WAAW,GAAG,SAAS,GAAG,OAAO,CAAC,WAAW,GAAG,SAAS,CAAC,CAAC;IAErE;;;OAGG;IACH,UAAU,CAAC,MAAM,EAAE,WAAW,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEtD;;OAEG;IACH,uBAAuB,CAAC,gBAAgB,EAAE,GAAG,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAErE;;;OAGG;IACH,gBAAgB,CAAC,YAAY,EAAE,MAAM,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE7D;;;OAGG;IACH,YAAY,IAAI,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;~~CAC1C~~;AAED,MAAM,MAAM,UAAU,GAAG,YAAY,GAAG,UAAU,CAAC;AAEnD,qBAAa,iBAAkB,SAAQ,KAAK;gBAC9B,OAAO,CAAC,EAAE,MAAM;CAG7B;AAED;;;;;GAKG;AACH,wBAAsB,IAAI,CACxB,QAAQ,EAAE,mBAAmB,EAC7B,EAAE,SAAS,EACT,iBAAiB,EACjB,KAAK,EACL,mBAAmB,EACpB,EAAE;IACD,SAAS,EAAE,MAAM,GAAG,GAAG,CAAC;IACxB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,mBAAmB,CAAC,EAAE,GAAG,CAAA;CAAE,GAAG,OAAO,CAAC,UAAU,CAAC,~~CAoFpD~~;AAED;;GAEG;AACH,wBAAgB,0BAA0B,CAAC,GAAG,EAAE,QAAQ,GAAG,GAAG,GAAG,SAAS,~~CAyBzE~~;AAED;;;;;GAKG;AACH,wBAAsB,sCAAsC,CAC1D,SAAS,EAAE,MAAM,GAAG,GAAG,EACvB,IAAI,CAAC,EAAE;IAAE,eAAe,CAAC,EAAE,MAAM,CAAC;IAAC,mBAAmB,CAAC,EAAE,MAAM,GAAG,GAAG,CAAA;CAAE,GACtE,OAAO,CAAC,8BAA8B,CAAC,CAmCzC;AAED;;;;;GAKG;AACH,wBAAsB,qBAAqB,CACzC,sBAAsB,EAAE,MAAM,GAAG,GAAG,EACpC,IAAI,CAAC,EAAE;IAAE,eAAe,CAAC,EAAE,MAAM,CAAA;CAAE,GAClC,OAAO,CAAC,aAAa,GAAG,SAAS,CAAC,CA6BpC;AAED;;GAEG;AACH,wBAAsB,kBAAkB,CACtC,sBAAsB,EAAE,MAAM,GAAG,GAAG,EACpC,EACE,QAAQ,EACR,iBAAiB,EACjB,WAAW,EACX,KAAK,EACL,KAAK,~~GACN~~,EAAE;IACD,QAAQ,CAAC,EAAE,aAAa,CAAC;IACzB,iBAAiB,EAAE,sBAAsB,CAAC;IAC1C,WAAW,EAAE,MAAM,GAAG,GAAG,CAAC;IAC1B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB,GACA,OAAO,CAAC;IAAE,gBAAgB,EAAE,GAAG,CAAC;IAAC,YAAY,EAAE,MAAM,CAAA;CAAE,CAAC,~~CAiD1D~~;AAED;;GAEG;AACH,wBAAsB,qBAAqB,CACzC,sBAAsB,EAAE,MAAM,GAAG,GAAG,EACpC,EACE,QAAQ,EACR,iBAAiB,EACjB,iBAAiB,EACjB,YAAY,EACZ,WAAW,~~GACZ~~,EAAE;IACD,QAAQ,CAAC,EAAE,aAAa,CAAC;IACzB,iBAAiB,EAAE,sBAAsB,CAAC;IAC1C,iBAAiB,EAAE,MAAM,CAAC;IAC1B,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,GAAG,GAAG,CAAC;~~CAC3B~~,GACA,OAAO,CAAC,WAAW,CAAC,~~CA6CtB~~;AAED;;GAEG;AACH,wBAAsB,oBAAoB,CACxC,sBAAsB,EAAE,MAAM,GAAG,GAAG,EACpC,EACE,QAAQ,EACR,iBAAiB,EACjB,YAAY,~~GACb~~,EAAE;IACD,QAAQ,CAAC,EAAE,aAAa,CAAC;IACzB,iBAAiB,EAAE,sBAAsB,CAAC;IAC1C,YAAY,EAAE,MAAM,CAAC;~~CACtB~~,GACA,OAAO,CAAC,WAAW,CAAC,~~CA0CtB~~;AAED;;GAEG;AACH,wBAAsB,cAAc,CAClC,sBAAsB,EAAE,MAAM,GAAG,GAAG,EACpC,EACE,QAAQ,EACR,cAAc,GACf,EAAE;IACD,QAAQ,CAAC,EAAE,aAAa,CAAC;IACzB,cAAc,EAAE,mBAAmB,CAAC;CACrC,GACA,OAAO,CAAC,0BAA0B,CAAC,CA0BrC"}
1	+ {"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../../src/client/auth.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,mBAAmB,EAAE,sBAAsB,EAAE,WAAW,EAAE,aAAa,EAAE,0BAA0B,EAAE,8BAA8B,EAAE,MAAM,mBAAmB,CAAC;AAI7K;;;;;;GAMG;AACH,MAAM,WAAW,mBAAmB;IAClC;;OAEG;IACH,IAAI,WAAW,IAAI,MAAM,GAAG,GAAG,CAAC;IAEhC;;OAEG;IACH,IAAI,cAAc,IAAI,mBAAmB,CAAC;IAE1C;;OAEG;IACH,KAAK,CAAC,IAAI,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAEnC;;;;OAIG;IACH,iBAAiB,IAAI,sBAAsB,GAAG,SAAS,GAAG,OAAO,CAAC,sBAAsB,GAAG,SAAS,CAAC,CAAC;IAEtG;;;;;;;OAOG;IACH,qBAAqB,CAAC,CAAC,iBAAiB,EAAE,0BAA0B,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE5F;;;OAGG;IACH,MAAM,IAAI,WAAW,GAAG,SAAS,GAAG,OAAO,CAAC,WAAW,GAAG,SAAS,CAAC,CAAC;IAErE;;;OAGG;IACH,UAAU,CAAC,MAAM,EAAE,WAAW,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEtD;;OAEG;IACH,uBAAuB,CAAC,gBAAgB,EAAE,GAAG,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAErE;;;OAGG;IACH,gBAAgB,CAAC,YAAY,EAAE,MAAM,GAAG,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAE7D;;;OAGG;IACH,YAAY,IAAI,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC;IAEzC;;;;;;OAMG;IACH,mBAAmB,CAAC,CAAC,SAAS,EAAE,MAAM,GAAG,GAAG,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,GAAG,GAAG,SAAS,CAAC,CAAC;CAC5F;AAED,MAAM,MAAM,UAAU,GAAG,YAAY,GAAG,UAAU,CAAC;AAEnD,qBAAa,iBAAkB,SAAQ,KAAK;gBAC9B,OAAO,CAAC,EAAE,MAAM;CAG7B;AAED;;;;;GAKG;AACH,wBAAsB,IAAI,CACxB,QAAQ,EAAE,mBAAmB,EAC7B,EAAE,SAAS,EACT,iBAAiB,EACjB,KAAK,EACL,mBAAmB,EACpB,EAAE;IACD,SAAS,EAAE,MAAM,GAAG,GAAG,CAAC;IACxB,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,mBAAmB,CAAC,EAAE,GAAG,CAAA;CAAE,GAAG,OAAO,CAAC,UAAU,CAAC,CAwFpD;AAED,wBAAsB,iBAAiB,CAAC,SAAS,EAAE,MAAM,GAAE,GAAG,EAAE,QAAQ,EAAE,mBAAmB,EAAE,gBAAgB,CAAC,EAAE,8BAA8B,GAAG,OAAO,CAAC,GAAG,GAAG,SAAS,CAAC,CAc1K;AAED;;GAEG;AACH,wBAAgB,0BAA0B,CAAC,GAAG,EAAE,QAAQ,GAAG,GAAG,GAAG,SAAS,CAuBzE;AAED;;;;;GAKG;AACH,wBAAsB,sCAAsC,CAC1D,SAAS,EAAE,MAAM,GAAG,GAAG,EACvB,IAAI,CAAC,EAAE;IAAE,eAAe,CAAC,EAAE,MAAM,CAAC;IAAC,mBAAmB,CAAC,EAAE,MAAM,GAAG,GAAG,CAAA;CAAE,GACtE,OAAO,CAAC,8BAA8B,CAAC,CAmCzC;AAED;;;;;GAKG;AACH,wBAAsB,qBAAqB,CACzC,sBAAsB,EAAE,MAAM,GAAG,GAAG,EACpC,IAAI,CAAC,EAAE;IAAE,eAAe,CAAC,EAAE,MAAM,CAAA;CAAE,GAClC,OAAO,CAAC,aAAa,GAAG,SAAS,CAAC,CA6BpC;AAED;;GAEG;AACH,wBAAsB,kBAAkB,CACtC,sBAAsB,EAAE,MAAM,GAAG,GAAG,EACpC,EACE,QAAQ,EACR,iBAAiB,EACjB,WAAW,EACX,KAAK,EACL,KAAK,EACL,QAAQ,GACT,EAAE;IACD,QAAQ,CAAC,EAAE,aAAa,CAAC;IACzB,iBAAiB,EAAE,sBAAsB,CAAC;IAC1C,WAAW,EAAE,MAAM,GAAG,GAAG,CAAC;IAC1B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,QAAQ,CAAC,EAAE,GAAG,CAAC;CAChB,GACA,OAAO,CAAC;IAAE,gBAAgB,EAAE,GAAG,CAAC;IAAC,YAAY,EAAE,MAAM,CAAA;CAAE,CAAC,CAqD1D;AAED;;GAEG;AACH,wBAAsB,qBAAqB,CACzC,sBAAsB,EAAE,MAAM,GAAG,GAAG,EACpC,EACE,QAAQ,EACR,iBAAiB,EACjB,iBAAiB,EACjB,YAAY,EACZ,WAAW,EACX,QAAQ,GACT,EAAE;IACD,QAAQ,CAAC,EAAE,aAAa,CAAC;IACzB,iBAAiB,EAAE,sBAAsB,CAAC;IAC1C,iBAAiB,EAAE,MAAM,CAAC;IAC1B,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,GAAG,GAAG,CAAC;IAC1B,QAAQ,CAAC,EAAE,GAAG,CAAC;CAChB,GACA,OAAO,CAAC,WAAW,CAAC,CAiDtB;AAED;;GAEG;AACH,wBAAsB,oBAAoB,CACxC,sBAAsB,EAAE,MAAM,GAAG,GAAG,EACpC,EACE,QAAQ,EACR,iBAAiB,EACjB,YAAY,EACZ,QAAQ,GACT,EAAE;IACD,QAAQ,CAAC,EAAE,aAAa,CAAC;IACzB,iBAAiB,EAAE,sBAAsB,CAAC;IAC1C,YAAY,EAAE,MAAM,CAAC;IACrB,QAAQ,CAAC,EAAE,GAAG,CAAC;CAChB,GACA,OAAO,CAAC,WAAW,CAAC,CA8CtB;AAED;;GAEG;AACH,wBAAsB,cAAc,CAClC,sBAAsB,EAAE,MAAM,GAAG,GAAG,EACpC,EACE,QAAQ,EACR,cAAc,GACf,EAAE;IACD,QAAQ,CAAC,EAAE,aAAa,CAAC;IACzB,cAAc,EAAE,mBAAmB,CAAC;CACrC,GACA,OAAO,CAAC,0BAA0B,CAAC,CA0BrC"}