@modelcontextprotocol/server 2.0.0-beta.1 → 2.0.0-beta.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (41) hide show
  1. package/dist/ajvProvider-D2kRT_qB.d.cts +1030 -0
  2. package/dist/ajvProvider-D2kRT_qB.d.cts.map +1 -0
  3. package/dist/ajvProvider-DhTNkgm1.cjs +7059 -0
  4. package/dist/ajvProvider-DhTNkgm1.cjs.map +1 -0
  5. package/dist/cfWorkerProvider-Djgwc46-.cjs +976 -0
  6. package/dist/cfWorkerProvider-Djgwc46-.cjs.map +1 -0
  7. package/dist/cfWorkerProvider-RncldJmy.d.cts +59 -0
  8. package/dist/cfWorkerProvider-RncldJmy.d.cts.map +1 -0
  9. package/dist/chunk-Bnu9O96Y.cjs +60 -0
  10. package/dist/createMcpHandler-Du3hjXvf.d.mts.map +1 -1
  11. package/dist/createMcpHandler-DyxapqGO.d.cts +11190 -0
  12. package/dist/createMcpHandler-DyxapqGO.d.cts.map +1 -0
  13. package/dist/index.cjs +1657 -0
  14. package/dist/index.cjs.map +1 -0
  15. package/dist/index.d.cts +1745 -0
  16. package/dist/index.d.cts.map +1 -0
  17. package/dist/index.mjs +3 -2
  18. package/dist/index.mjs.map +1 -1
  19. package/dist/{mcp-JttQJlI9.mjs → mcp-C2tFGfLG.mjs} +18 -5
  20. package/dist/mcp-C2tFGfLG.mjs.map +1 -0
  21. package/dist/mcp-DVEehpM2.cjs +10545 -0
  22. package/dist/mcp-DVEehpM2.cjs.map +1 -0
  23. package/dist/shimsNode.cjs +12 -0
  24. package/dist/shimsNode.d.cts +3 -0
  25. package/dist/shimsWorkerd.cjs +23 -0
  26. package/dist/shimsWorkerd.cjs.map +1 -0
  27. package/dist/shimsWorkerd.d.cts +11 -0
  28. package/dist/shimsWorkerd.d.cts.map +1 -0
  29. package/dist/stdio.cjs +563 -0
  30. package/dist/stdio.cjs.map +1 -0
  31. package/dist/stdio.d.cts +107 -0
  32. package/dist/stdio.d.cts.map +1 -0
  33. package/dist/stdio.mjs +1 -1
  34. package/dist/types-Pc2fJzyM.d.cts +1099 -0
  35. package/dist/types-Pc2fJzyM.d.cts.map +1 -0
  36. package/dist/validators/ajv.cjs +10 -0
  37. package/dist/validators/ajv.d.cts +2 -0
  38. package/dist/validators/cfWorker.cjs +3 -0
  39. package/dist/validators/cfWorker.d.cts +2 -0
  40. package/package.json +68 -19
  41. package/dist/mcp-JttQJlI9.mjs.map +0 -1
package/dist/index.cjs ADDED
@@ -0,0 +1,1657 @@
1
+ const require_chunk = require('./chunk-Bnu9O96Y.cjs');
2
+ const require_mcp = require('./mcp-DVEehpM2.cjs');
3
+ let _modelcontextprotocol_server__shims = require("@modelcontextprotocol/server/_shims");
4
+
5
+ //#region src/server/perRequestTransport.ts
6
+ /**
7
+ * The per-request micro-transport: a real, connected `Transport` whose whole
8
+ * lifetime is one HTTP exchange. See the module documentation for the
9
+ * response shapes it produces.
10
+ */
11
+ var PerRequestHTTPServerTransport = class {
12
+ onclose;
13
+ onerror;
14
+ onmessage;
15
+ _classification;
16
+ _responseMode;
17
+ _started = false;
18
+ _used = false;
19
+ _closed = false;
20
+ _terminalDelivered = false;
21
+ /**
22
+ * `true` only while the inbound message is being delivered synchronously
23
+ * to the connected protocol layer. The pre-handler gates (the era
24
+ * registry gate, the edge→instance handoff check, the missing-handler
25
+ * rejection) answer inside this window; request handlers always run
26
+ * after it (the protocol layer defers them to a microtask). An error
27
+ * sent inside the window is therefore ladder-originated, and an error
28
+ * sent after it is handler-produced.
29
+ */
30
+ _dispatchWindowOpen = false;
31
+ _requestId;
32
+ _deferredResponse;
33
+ _sse;
34
+ _abortCleanup;
35
+ constructor(options) {
36
+ this._classification = options.classification;
37
+ this._responseMode = options.responseMode ?? "auto";
38
+ }
39
+ async start() {
40
+ if (this._started) throw new Error("PerRequestHTTPServerTransport is already started");
41
+ this._started = true;
42
+ }
43
+ /**
44
+ * Serves the single exchange: delivers the classified message to the
45
+ * connected server instance and resolves with the HTTP response.
46
+ *
47
+ * Throws when called a second time (the transport is strictly
48
+ * single-use), or before a server has been connected to the transport.
49
+ * The returned promise rejects with a connection-closed error when the
50
+ * transport is closed before a response was produced (for example because
51
+ * the client disconnected).
52
+ */
53
+ async handleMessage(message, extra) {
54
+ if (this._used) throw new Error("PerRequestHTTPServerTransport serves exactly one exchange; construct a new transport per request");
55
+ if (!this._started || this.onmessage === void 0) throw new Error("PerRequestHTTPServerTransport is not connected: connect a server to this transport before handling a message");
56
+ if (this._closed) throw new Error("PerRequestHTTPServerTransport is closed");
57
+ this._used = true;
58
+ const signal = extra?.request?.signal;
59
+ if (signal?.aborted) {
60
+ await this.close();
61
+ throw new require_mcp.SdkError(require_mcp.SdkErrorCode.ConnectionClosed, "The request was aborted before it could be handled");
62
+ }
63
+ const messageExtra = {
64
+ classification: this._classification,
65
+ ...extra?.request !== void 0 && { request: extra.request },
66
+ ...extra?.authInfo !== void 0 && { authInfo: extra.authInfo }
67
+ };
68
+ if (require_mcp.isJSONRPCRequest(message)) {
69
+ this._requestId = message.id;
70
+ let resolve;
71
+ let reject;
72
+ const promise = new Promise((promiseResolve, promiseReject) => {
73
+ resolve = promiseResolve;
74
+ reject = promiseReject;
75
+ });
76
+ this._deferredResponse = {
77
+ promise,
78
+ resolve,
79
+ reject,
80
+ settled: false
81
+ };
82
+ if (signal !== void 0) {
83
+ const onAbort = () => void this.close();
84
+ signal.addEventListener("abort", onAbort, { once: true });
85
+ this._abortCleanup = () => signal.removeEventListener("abort", onAbort);
86
+ }
87
+ this._dispatchWindowOpen = true;
88
+ try {
89
+ this.onmessage(message, messageExtra);
90
+ } finally {
91
+ this._dispatchWindowOpen = false;
92
+ }
93
+ if (this._responseMode === "sse" && !this._closed && !this._deferredResponse.settled) this.upgradeToSse();
94
+ return promise;
95
+ }
96
+ this.onmessage(message, messageExtra);
97
+ return new Response(null, { status: 202 });
98
+ }
99
+ async send(message, options) {
100
+ if (this._closed) return;
101
+ const isResponse = require_mcp.isJSONRPCResultResponse(message) || require_mcp.isJSONRPCErrorResponse(message);
102
+ const relatedId = isResponse ? message.id : options?.relatedRequestId;
103
+ if (this._requestId === void 0 || relatedId === void 0 || relatedId !== this._requestId) {
104
+ if (isResponse) this.onerror?.(/* @__PURE__ */ new Error(`Received a response for an unknown request id: ${String(message.id)}`));
105
+ return;
106
+ }
107
+ if (isResponse) {
108
+ if (this._terminalDelivered) return;
109
+ this._terminalDelivered = true;
110
+ const errorCode = require_mcp.isJSONRPCErrorResponse(message) ? message.error.code : void 0;
111
+ const ladderStatus = errorCode !== void 0 && (this._dispatchWindowOpen || errorCode === require_mcp.ProtocolErrorCode.MissingRequiredClientCapability) ? require_mcp.LADDER_ERROR_HTTP_STATUS[errorCode] : void 0;
112
+ if (ladderStatus !== void 0 && this._sse === void 0) {
113
+ this.settleResponse(Response.json(message, {
114
+ status: ladderStatus,
115
+ headers: { "Content-Type": "application/json" }
116
+ }));
117
+ queueMicrotask(() => void this.close());
118
+ return;
119
+ }
120
+ if (this._sse !== void 0 || this._responseMode === "sse") {
121
+ if (this._sse === void 0) this.upgradeToSse();
122
+ this.writeMessageFrame(message);
123
+ this.finalizeStream();
124
+ return;
125
+ }
126
+ this.settleResponse(Response.json(message, {
127
+ status: 200,
128
+ headers: { "Content-Type": "application/json" }
129
+ }));
130
+ queueMicrotask(() => void this.close());
131
+ return;
132
+ }
133
+ if (this._responseMode === "json") return;
134
+ if (this._sse === void 0) this.upgradeToSse();
135
+ this.writeMessageFrame(message);
136
+ }
137
+ /**
138
+ * Writes an SSE comment frame (a keep-alive heartbeat). Dropped when the
139
+ * exchange is not currently streaming.
140
+ */
141
+ writeCommentFrame(comment) {
142
+ if (this._closed || this._sse === void 0 || this._sse.closed) return;
143
+ const frame = comment.split("\n").map((line) => `: ${line}`).join("\n");
144
+ this.writeFrame(`${frame}\n\n`);
145
+ }
146
+ async close() {
147
+ if (this._closed) return;
148
+ this._closed = true;
149
+ this._abortCleanup?.();
150
+ this._abortCleanup = void 0;
151
+ if (this._sse !== void 0 && !this._sse.closed) {
152
+ this._sse.closed = true;
153
+ try {
154
+ this._sse.controller.close();
155
+ } catch {}
156
+ }
157
+ if (this._deferredResponse !== void 0 && !this._deferredResponse.settled) {
158
+ this._deferredResponse.settled = true;
159
+ this._deferredResponse.reject(new require_mcp.SdkError(require_mcp.SdkErrorCode.ConnectionClosed, "Connection closed before a response was produced"));
160
+ }
161
+ this.onclose?.();
162
+ }
163
+ settleResponse(response) {
164
+ if (this._deferredResponse === void 0 || this._deferredResponse.settled) return;
165
+ this._deferredResponse.settled = true;
166
+ this._deferredResponse.resolve(response);
167
+ }
168
+ upgradeToSse() {
169
+ let controller;
170
+ const readable = new ReadableStream({
171
+ start: (streamController) => {
172
+ controller = streamController;
173
+ },
174
+ cancel: () => {
175
+ this.close();
176
+ }
177
+ });
178
+ this._sse = {
179
+ controller,
180
+ encoder: new TextEncoder(),
181
+ closed: false
182
+ };
183
+ this.settleResponse(new Response(readable, {
184
+ status: 200,
185
+ headers: {
186
+ "Content-Type": "text/event-stream",
187
+ "Cache-Control": "no-cache",
188
+ Connection: "keep-alive",
189
+ "X-Accel-Buffering": "no"
190
+ }
191
+ }));
192
+ }
193
+ finalizeStream() {
194
+ if (this._sse !== void 0 && !this._sse.closed) {
195
+ this._sse.closed = true;
196
+ try {
197
+ this._sse.controller.close();
198
+ } catch {}
199
+ }
200
+ queueMicrotask(() => void this.close());
201
+ }
202
+ writeMessageFrame(message) {
203
+ this.writeFrame(`event: message\ndata: ${JSON.stringify(message)}\n\n`);
204
+ }
205
+ writeFrame(frame) {
206
+ if (this._sse === void 0 || this._sse.closed) return;
207
+ try {
208
+ this._sse.controller.enqueue(this._sse.encoder.encode(frame));
209
+ } catch (error) {
210
+ this.onerror?.(/* @__PURE__ */ new Error(`Failed to write to the response stream: ${error}`));
211
+ }
212
+ }
213
+ };
214
+
215
+ //#endregion
216
+ //#region src/server/invoke.ts
217
+ /**
218
+ * Serves one classified inbound message on the given server instance and
219
+ * returns the HTTP response for the exchange.
220
+ *
221
+ * The instance is connected to a fresh single-exchange transport, the message
222
+ * is injected through the normal transport message path, and whatever the
223
+ * dispatch layer produces (the handler result, a protocol-level rejection, or
224
+ * streamed related messages followed by the result) is captured as the
225
+ * returned `Response`. For request exchanges, teardown rides the transport's
226
+ * close chain once the terminal response has been delivered; notification
227
+ * exchanges resolve with the 202 response immediately and do NOT run the
228
+ * close chain — the transport stays connected until the caller closes it or
229
+ * drops the per-request instance, which is the caller's choice either way.
230
+ */
231
+ async function invoke(server, message, ctx) {
232
+ const transport = new PerRequestHTTPServerTransport({
233
+ classification: ctx.classification,
234
+ ...ctx.responseMode !== void 0 && { responseMode: ctx.responseMode }
235
+ });
236
+ await server.connect(transport);
237
+ return transport.handleMessage(message, {
238
+ ...ctx.request !== void 0 && { request: ctx.request },
239
+ ...ctx.authInfo !== void 0 && { authInfo: ctx.authInfo }
240
+ });
241
+ }
242
+
243
+ //#endregion
244
+ //#region src/server/streamableHttp.ts
245
+ /**
246
+ * Server transport for Web Standards Streamable HTTP: this implements the MCP Streamable HTTP transport specification
247
+ * using Web Standard APIs (`Request`, `Response`, `ReadableStream`).
248
+ *
249
+ * This transport works on any runtime that supports Web Standards: Node.js 18+, Cloudflare Workers, Deno, Bun, etc.
250
+ *
251
+ * In stateful mode:
252
+ * - Session ID is generated and included in response headers
253
+ * - Session ID is always included in initialization responses
254
+ * - Requests with invalid session IDs are rejected with `404 Not Found`
255
+ * - Non-initialization requests without a session ID are rejected with `400 Bad Request`
256
+ * - State is maintained in-memory (connections, message history)
257
+ *
258
+ * In stateless mode:
259
+ * - No Session ID is included in any responses
260
+ * - No session validation is performed
261
+ *
262
+ * @example Stateful setup
263
+ * ```ts source="./streamableHttp.examples.ts#WebStandardStreamableHTTPServerTransport_stateful"
264
+ * const server = new McpServer({ name: 'my-server', version: '1.0.0' });
265
+ *
266
+ * const transport = new WebStandardStreamableHTTPServerTransport({
267
+ * sessionIdGenerator: () => crypto.randomUUID()
268
+ * });
269
+ *
270
+ * await server.connect(transport);
271
+ * ```
272
+ *
273
+ * @example Stateless setup
274
+ * ```ts source="./streamableHttp.examples.ts#WebStandardStreamableHTTPServerTransport_stateless"
275
+ * const transport = new WebStandardStreamableHTTPServerTransport({
276
+ * sessionIdGenerator: undefined
277
+ * });
278
+ * ```
279
+ *
280
+ * @example Hono.js
281
+ * ```ts source="./streamableHttp.examples.ts#WebStandardStreamableHTTPServerTransport_hono"
282
+ * app.all('/mcp', async c => {
283
+ * return transport.handleRequest(c.req.raw);
284
+ * });
285
+ * ```
286
+ *
287
+ * @example Cloudflare Workers
288
+ * ```ts source="./streamableHttp.examples.ts#WebStandardStreamableHTTPServerTransport_workers"
289
+ * const worker = {
290
+ * async fetch(request: Request): Promise<Response> {
291
+ * return transport.handleRequest(request);
292
+ * }
293
+ * };
294
+ * ```
295
+ */
296
+ var WebStandardStreamableHTTPServerTransport = class {
297
+ sessionIdGenerator;
298
+ _started = false;
299
+ _closed = false;
300
+ _streamMapping = /* @__PURE__ */ new Map();
301
+ _requestToStreamMapping = /* @__PURE__ */ new Map();
302
+ _requestResponseMap = /* @__PURE__ */ new Map();
303
+ _initialized = false;
304
+ _enableJsonResponse = false;
305
+ _standaloneSseStreamId = "_GET_stream";
306
+ _eventStore;
307
+ _onsessioninitialized;
308
+ _onsessionclosed;
309
+ _allowedHosts;
310
+ _allowedOrigins;
311
+ _enableDnsRebindingProtection;
312
+ _retryInterval;
313
+ _supportedProtocolVersions;
314
+ sessionId;
315
+ onclose;
316
+ onerror;
317
+ onmessage;
318
+ constructor(options = {}) {
319
+ this.sessionIdGenerator = options.sessionIdGenerator;
320
+ this._enableJsonResponse = options.enableJsonResponse ?? false;
321
+ this._eventStore = options.eventStore;
322
+ this._onsessioninitialized = options.onsessioninitialized;
323
+ this._onsessionclosed = options.onsessionclosed;
324
+ this._allowedHosts = options.allowedHosts;
325
+ this._allowedOrigins = options.allowedOrigins;
326
+ this._enableDnsRebindingProtection = options.enableDnsRebindingProtection ?? false;
327
+ this._retryInterval = options.retryInterval;
328
+ this._supportedProtocolVersions = options.supportedProtocolVersions ?? require_mcp.SUPPORTED_PROTOCOL_VERSIONS;
329
+ }
330
+ /**
331
+ * Starts the transport. This is required by the {@linkcode Transport} interface but is a no-op
332
+ * for the Streamable HTTP transport as connections are managed per-request.
333
+ */
334
+ async start() {
335
+ if (this._started) throw new Error("Transport already started");
336
+ this._started = true;
337
+ }
338
+ /**
339
+ * Sets the supported protocol versions for header validation.
340
+ * Called by the server during {@linkcode server/server.Server.connect | connect()} to pass its supported versions.
341
+ */
342
+ setSupportedProtocolVersions(versions) {
343
+ this._supportedProtocolVersions = versions;
344
+ }
345
+ /**
346
+ * Helper to create a JSON error response
347
+ */
348
+ createJsonErrorResponse(status, code, message, options) {
349
+ const error = {
350
+ code,
351
+ message
352
+ };
353
+ if (options?.data !== void 0) error.data = options.data;
354
+ return Response.json({
355
+ jsonrpc: "2.0",
356
+ error,
357
+ id: null
358
+ }, {
359
+ status,
360
+ headers: {
361
+ "Content-Type": "application/json",
362
+ ...options?.headers
363
+ }
364
+ });
365
+ }
366
+ /**
367
+ * Validates request headers for DNS rebinding protection.
368
+ * @returns Error response if validation fails, `undefined` if validation passes.
369
+ */
370
+ validateRequestHeaders(req) {
371
+ if (!this._enableDnsRebindingProtection) return;
372
+ if (this._allowedHosts && this._allowedHosts.length > 0) {
373
+ const hostHeader = req.headers.get("host");
374
+ if (!hostHeader || !this._allowedHosts.includes(hostHeader)) {
375
+ const error = `Invalid Host header: ${hostHeader}`;
376
+ this.onerror?.(new Error(error));
377
+ return this.createJsonErrorResponse(403, -32e3, error);
378
+ }
379
+ }
380
+ if (this._allowedOrigins && this._allowedOrigins.length > 0) {
381
+ const originHeader = req.headers.get("origin");
382
+ if (originHeader && !this._allowedOrigins.includes(originHeader)) {
383
+ const error = `Invalid Origin header: ${originHeader}`;
384
+ this.onerror?.(new Error(error));
385
+ return this.createJsonErrorResponse(403, -32e3, error);
386
+ }
387
+ }
388
+ }
389
+ /**
390
+ * Handles an incoming HTTP request, whether `GET`, `POST`, or `DELETE`
391
+ * Returns a `Response` object (Web Standard)
392
+ */
393
+ async handleRequest(req, options) {
394
+ const validationError = this.validateRequestHeaders(req);
395
+ if (validationError) return validationError;
396
+ switch (req.method) {
397
+ case "POST": return this.handlePostRequest(req, options);
398
+ case "GET": return this.handleGetRequest(req);
399
+ case "DELETE": return this.handleDeleteRequest(req);
400
+ default: return this.handleUnsupportedRequest();
401
+ }
402
+ }
403
+ /**
404
+ * Returns true if the client's protocol version supports empty SSE data in
405
+ * priming events (the fix shipped with protocol version `2025-11-25`).
406
+ *
407
+ * The version is checked for membership in this transport instance's
408
+ * supported protocol versions rather than with an open-ended
409
+ * `>= '2025-11-25'` comparison: the value may come from an `initialize`
410
+ * request body, which (unlike the `MCP-Protocol-Version` header) is not
411
+ * validated against `supportedProtocolVersions` before reaching this
412
+ * check. An unknown future version string must not silently enable
413
+ * behavior reserved for versions this transport actually supports.
414
+ */
415
+ supportsEmptySSEData(protocolVersion) {
416
+ return this._supportedProtocolVersions.includes(protocolVersion) && protocolVersion >= "2025-11-25";
417
+ }
418
+ /**
419
+ * Writes a priming event to establish resumption capability.
420
+ * Only sends if `eventStore` is configured (opt-in for resumability) and
421
+ * the client's protocol version supports empty SSE data (a supported
422
+ * version that is >= `2025-11-25`).
423
+ */
424
+ async writePrimingEvent(controller, encoder, streamId, protocolVersion) {
425
+ if (!this._eventStore) return;
426
+ if (!this.supportsEmptySSEData(protocolVersion)) return;
427
+ const primingEventId = await this._eventStore.storeEvent(streamId, {});
428
+ let primingEvent = `id: ${primingEventId}\ndata: \n\n`;
429
+ if (this._retryInterval !== void 0) primingEvent = `id: ${primingEventId}\nretry: ${this._retryInterval}\ndata: \n\n`;
430
+ controller.enqueue(encoder.encode(primingEvent));
431
+ }
432
+ /**
433
+ * Handles `GET` requests for SSE stream
434
+ */
435
+ async handleGetRequest(req) {
436
+ if (!req.headers.get("accept")?.includes("text/event-stream")) {
437
+ this.onerror?.(/* @__PURE__ */ new Error("Not Acceptable: Client must accept text/event-stream"));
438
+ return this.createJsonErrorResponse(406, -32e3, "Not Acceptable: Client must accept text/event-stream");
439
+ }
440
+ const sessionError = this.validateSession(req);
441
+ if (sessionError) return sessionError;
442
+ const protocolError = this.validateProtocolVersion(req);
443
+ if (protocolError) return protocolError;
444
+ if (this._eventStore) {
445
+ const lastEventId = req.headers.get("last-event-id");
446
+ if (lastEventId) return this.replayEvents(lastEventId);
447
+ }
448
+ if (this._streamMapping.get(this._standaloneSseStreamId) !== void 0) {
449
+ this.onerror?.(/* @__PURE__ */ new Error("Conflict: Only one SSE stream is allowed per session"));
450
+ return this.createJsonErrorResponse(409, -32e3, "Conflict: Only one SSE stream is allowed per session");
451
+ }
452
+ const encoder = new TextEncoder();
453
+ let streamController;
454
+ const readable = new ReadableStream({
455
+ start: (controller) => {
456
+ streamController = controller;
457
+ },
458
+ cancel: () => {
459
+ if (this._streamMapping.get(this._standaloneSseStreamId)?.controller === streamController) this._streamMapping.delete(this._standaloneSseStreamId);
460
+ }
461
+ });
462
+ const headers = {
463
+ "Content-Type": "text/event-stream",
464
+ "Cache-Control": "no-cache, no-transform",
465
+ Connection: "keep-alive"
466
+ };
467
+ if (this.sessionId !== void 0) headers["mcp-session-id"] = this.sessionId;
468
+ this._streamMapping.set(this._standaloneSseStreamId, {
469
+ controller: streamController,
470
+ encoder,
471
+ cleanup: () => {
472
+ this._streamMapping.delete(this._standaloneSseStreamId);
473
+ try {
474
+ streamController.close();
475
+ } catch {}
476
+ }
477
+ });
478
+ return new Response(readable, { headers });
479
+ }
480
+ /**
481
+ * Replays events that would have been sent after the specified event ID
482
+ * Only used when resumability is enabled
483
+ */
484
+ async replayEvents(lastEventId) {
485
+ if (!this._eventStore) {
486
+ this.onerror?.(/* @__PURE__ */ new Error("Event store not configured"));
487
+ return this.createJsonErrorResponse(400, -32e3, "Event store not configured");
488
+ }
489
+ try {
490
+ let streamId;
491
+ if (this._eventStore.getStreamIdForEventId) {
492
+ streamId = await this._eventStore.getStreamIdForEventId(lastEventId);
493
+ if (!streamId) {
494
+ this.onerror?.(/* @__PURE__ */ new Error("Invalid event ID format"));
495
+ return this.createJsonErrorResponse(400, -32e3, "Invalid event ID format");
496
+ }
497
+ if (this._streamMapping.get(streamId) !== void 0) {
498
+ this.onerror?.(/* @__PURE__ */ new Error("Conflict: Stream already has an active connection"));
499
+ return this.createJsonErrorResponse(409, -32e3, "Conflict: Stream already has an active connection");
500
+ }
501
+ }
502
+ const headers = {
503
+ "Content-Type": "text/event-stream",
504
+ "Cache-Control": "no-cache, no-transform",
505
+ Connection: "keep-alive"
506
+ };
507
+ if (this.sessionId !== void 0) headers["mcp-session-id"] = this.sessionId;
508
+ const encoder = new TextEncoder();
509
+ let streamController;
510
+ let replayedStreamId;
511
+ const readable = new ReadableStream({
512
+ start: (controller) => {
513
+ streamController = controller;
514
+ },
515
+ cancel: () => {
516
+ if (replayedStreamId !== void 0 && this._streamMapping.get(replayedStreamId)?.controller === streamController) this._streamMapping.delete(replayedStreamId);
517
+ }
518
+ });
519
+ const replayedEventIds = /* @__PURE__ */ new Set();
520
+ replayedStreamId = await this._eventStore.replayEventsAfter(lastEventId, { send: async (eventId, message) => {
521
+ replayedEventIds.add(eventId);
522
+ if (!this.writeSSEEvent(streamController, encoder, message, eventId)) try {
523
+ streamController.close();
524
+ } catch {}
525
+ } });
526
+ this._streamMapping.set(replayedStreamId, {
527
+ controller: streamController,
528
+ encoder,
529
+ replayedEventIds,
530
+ cleanup: () => {
531
+ this._streamMapping.delete(replayedStreamId);
532
+ try {
533
+ streamController.close();
534
+ } catch {}
535
+ }
536
+ });
537
+ if (replayedStreamId !== this._standaloneSseStreamId) {
538
+ if (![...this._requestToStreamMapping.values()].includes(replayedStreamId)) {
539
+ this._streamMapping.delete(replayedStreamId);
540
+ try {
541
+ streamController.close();
542
+ } catch {}
543
+ }
544
+ }
545
+ return new Response(readable, { headers });
546
+ } catch (error) {
547
+ this.onerror?.(error);
548
+ return this.createJsonErrorResponse(500, -32e3, "Error replaying events");
549
+ }
550
+ }
551
+ /**
552
+ * Writes an event to an SSE stream via controller with proper formatting
553
+ */
554
+ writeSSEEvent(controller, encoder, message, eventId) {
555
+ try {
556
+ let eventData = `event: message\n`;
557
+ if (eventId) eventData += `id: ${eventId}\n`;
558
+ eventData += `data: ${JSON.stringify(message)}\n\n`;
559
+ controller.enqueue(encoder.encode(eventData));
560
+ return true;
561
+ } catch (error) {
562
+ this.onerror?.(error);
563
+ return false;
564
+ }
565
+ }
566
+ /**
567
+ * Handles unsupported requests (`PUT`, `PATCH`, etc.)
568
+ */
569
+ handleUnsupportedRequest() {
570
+ this.onerror?.(/* @__PURE__ */ new Error("Method not allowed."));
571
+ return Response.json({
572
+ jsonrpc: "2.0",
573
+ error: {
574
+ code: -32e3,
575
+ message: "Method not allowed."
576
+ },
577
+ id: null
578
+ }, {
579
+ status: 405,
580
+ headers: {
581
+ Allow: "GET, POST, DELETE",
582
+ "Content-Type": "application/json"
583
+ }
584
+ });
585
+ }
586
+ /**
587
+ * Handles `POST` requests containing JSON-RPC messages
588
+ */
589
+ async handlePostRequest(req, options) {
590
+ try {
591
+ const acceptHeader = req.headers.get("accept");
592
+ if (!acceptHeader?.includes("application/json") || !acceptHeader.includes("text/event-stream")) {
593
+ this.onerror?.(/* @__PURE__ */ new Error("Not Acceptable: Client must accept both application/json and text/event-stream"));
594
+ return this.createJsonErrorResponse(406, -32e3, "Not Acceptable: Client must accept both application/json and text/event-stream");
595
+ }
596
+ const ct = req.headers.get("content-type");
597
+ if (!ct || !ct.includes("application/json")) {
598
+ this.onerror?.(/* @__PURE__ */ new Error("Unsupported Media Type: Content-Type must be application/json"));
599
+ return this.createJsonErrorResponse(415, -32e3, "Unsupported Media Type: Content-Type must be application/json");
600
+ }
601
+ const request = req;
602
+ let rawMessage;
603
+ if (options?.parsedBody === void 0) try {
604
+ rawMessage = await req.json();
605
+ } catch (error) {
606
+ this.onerror?.(error);
607
+ return this.createJsonErrorResponse(400, -32700, "Parse error: Invalid JSON");
608
+ }
609
+ else rawMessage = options.parsedBody;
610
+ let messages;
611
+ try {
612
+ messages = Array.isArray(rawMessage) ? rawMessage.map((msg) => require_mcp.JSONRPCMessageSchema.parse(msg)) : [require_mcp.JSONRPCMessageSchema.parse(rawMessage)];
613
+ } catch (error) {
614
+ this.onerror?.(error);
615
+ return this.createJsonErrorResponse(400, -32700, "Parse error: Invalid JSON-RPC message");
616
+ }
617
+ const isInitializationRequest = messages.some((element) => require_mcp.isInitializeRequest(element));
618
+ if (isInitializationRequest) {
619
+ if (this._initialized && this.sessionId !== void 0) {
620
+ this.onerror?.(/* @__PURE__ */ new Error("Invalid Request: Server already initialized"));
621
+ return this.createJsonErrorResponse(400, -32600, "Invalid Request: Server already initialized");
622
+ }
623
+ if (messages.length > 1) {
624
+ this.onerror?.(/* @__PURE__ */ new Error("Invalid Request: Only one initialization request is allowed"));
625
+ return this.createJsonErrorResponse(400, -32600, "Invalid Request: Only one initialization request is allowed");
626
+ }
627
+ this.sessionId = this.sessionIdGenerator?.();
628
+ this._initialized = true;
629
+ if (this.sessionId && this._onsessioninitialized) await Promise.resolve(this._onsessioninitialized(this.sessionId));
630
+ }
631
+ if (!isInitializationRequest) {
632
+ const sessionError = this.validateSession(req);
633
+ if (sessionError) return sessionError;
634
+ const protocolError = this.validateProtocolVersion(req);
635
+ if (protocolError) return protocolError;
636
+ }
637
+ if (!messages.some((element) => require_mcp.isJSONRPCRequest(element))) {
638
+ for (const message of messages) this.onmessage?.(message, {
639
+ authInfo: options?.authInfo,
640
+ request
641
+ });
642
+ return new Response(null, { status: 202 });
643
+ }
644
+ const streamId = crypto.randomUUID();
645
+ const initRequest = messages.find((m) => require_mcp.isInitializeRequest(m));
646
+ const clientProtocolVersion = initRequest ? initRequest.params.protocolVersion : req.headers.get("mcp-protocol-version") ?? require_mcp.DEFAULT_NEGOTIATED_PROTOCOL_VERSION;
647
+ if (this._enableJsonResponse) return new Promise((resolve) => {
648
+ this._streamMapping.set(streamId, {
649
+ resolveJson: resolve,
650
+ cleanup: () => {
651
+ this._streamMapping.delete(streamId);
652
+ }
653
+ });
654
+ for (const message of messages) if (require_mcp.isJSONRPCRequest(message)) this._requestToStreamMapping.set(message.id, streamId);
655
+ for (const message of messages) this.onmessage?.(message, {
656
+ authInfo: options?.authInfo,
657
+ request
658
+ });
659
+ });
660
+ const encoder = new TextEncoder();
661
+ let streamController;
662
+ const readable = new ReadableStream({
663
+ start: (controller) => {
664
+ streamController = controller;
665
+ },
666
+ cancel: () => {
667
+ if (this._streamMapping.get(streamId)?.controller === streamController) this._streamMapping.delete(streamId);
668
+ }
669
+ });
670
+ const headers = {
671
+ "Content-Type": "text/event-stream",
672
+ "Cache-Control": "no-cache",
673
+ Connection: "keep-alive"
674
+ };
675
+ if (this.sessionId !== void 0) headers["mcp-session-id"] = this.sessionId;
676
+ for (const message of messages) if (require_mcp.isJSONRPCRequest(message)) {
677
+ this._streamMapping.set(streamId, {
678
+ controller: streamController,
679
+ encoder,
680
+ cleanup: () => {
681
+ this._streamMapping.delete(streamId);
682
+ try {
683
+ streamController.close();
684
+ } catch {}
685
+ }
686
+ });
687
+ this._requestToStreamMapping.set(message.id, streamId);
688
+ }
689
+ await this.writePrimingEvent(streamController, encoder, streamId, clientProtocolVersion);
690
+ for (const message of messages) {
691
+ let closeSSEStream;
692
+ let closeStandaloneSSEStream;
693
+ if (require_mcp.isJSONRPCRequest(message) && this._eventStore && this.supportsEmptySSEData(clientProtocolVersion)) {
694
+ closeSSEStream = () => {
695
+ this.closeSSEStream(message.id);
696
+ };
697
+ closeStandaloneSSEStream = () => {
698
+ this.closeStandaloneSSEStream();
699
+ };
700
+ }
701
+ this.onmessage?.(message, {
702
+ authInfo: options?.authInfo,
703
+ request,
704
+ closeSSEStream,
705
+ closeStandaloneSSEStream
706
+ });
707
+ }
708
+ return new Response(readable, {
709
+ status: 200,
710
+ headers
711
+ });
712
+ } catch (error) {
713
+ this.onerror?.(error);
714
+ return this.createJsonErrorResponse(400, -32700, "Parse error", { data: String(error) });
715
+ }
716
+ }
717
+ /**
718
+ * Handles `DELETE` requests to terminate sessions
719
+ */
720
+ async handleDeleteRequest(req) {
721
+ const sessionError = this.validateSession(req);
722
+ if (sessionError) return sessionError;
723
+ const protocolError = this.validateProtocolVersion(req);
724
+ if (protocolError) return protocolError;
725
+ await Promise.resolve(this._onsessionclosed?.(this.sessionId));
726
+ await this.close();
727
+ return new Response(null, { status: 200 });
728
+ }
729
+ /**
730
+ * Validates session ID for non-initialization requests.
731
+ * Returns `Response` error if invalid, `undefined` otherwise
732
+ */
733
+ validateSession(req) {
734
+ if (this.sessionIdGenerator === void 0) return;
735
+ if (!this._initialized) {
736
+ this.onerror?.(/* @__PURE__ */ new Error("Bad Request: Server not initialized"));
737
+ return this.createJsonErrorResponse(400, -32e3, "Bad Request: Server not initialized");
738
+ }
739
+ const sessionId = req.headers.get("mcp-session-id");
740
+ if (!sessionId) {
741
+ this.onerror?.(/* @__PURE__ */ new Error("Bad Request: Mcp-Session-Id header is required"));
742
+ return this.createJsonErrorResponse(400, -32e3, "Bad Request: Mcp-Session-Id header is required");
743
+ }
744
+ if (sessionId !== this.sessionId) {
745
+ this.onerror?.(/* @__PURE__ */ new Error("Session not found"));
746
+ return this.createJsonErrorResponse(404, -32001, "Session not found");
747
+ }
748
+ }
749
+ /**
750
+ * Validates the `MCP-Protocol-Version` header on incoming requests.
751
+ *
752
+ * For initialization: Version negotiation handles unknown versions gracefully
753
+ * (server responds with its supported version).
754
+ *
755
+ * For subsequent requests with `MCP-Protocol-Version` header:
756
+ * - Accept if in supported list
757
+ * - 400 if unsupported
758
+ *
759
+ * For HTTP requests without the `MCP-Protocol-Version` header:
760
+ * - Accept and default to the version negotiated at initialization
761
+ */
762
+ validateProtocolVersion(req) {
763
+ const protocolVersion = req.headers.get("mcp-protocol-version");
764
+ if (protocolVersion !== null && !this._supportedProtocolVersions.includes(protocolVersion)) {
765
+ const error = `Bad Request: Unsupported protocol version: ${protocolVersion} (supported versions: ${this._supportedProtocolVersions.join(", ")})`;
766
+ this.onerror?.(new Error(error));
767
+ return this.createJsonErrorResponse(400, -32e3, error);
768
+ }
769
+ }
770
+ async close() {
771
+ if (this._closed) return;
772
+ this._closed = true;
773
+ for (const { cleanup } of this._streamMapping.values()) cleanup();
774
+ this._streamMapping.clear();
775
+ this._requestResponseMap.clear();
776
+ this.onclose?.();
777
+ }
778
+ /**
779
+ * Close an SSE stream for a specific request, triggering client reconnection.
780
+ * Use this to implement polling behavior during long-running operations -
781
+ * client will reconnect after the retry interval specified in the priming event.
782
+ */
783
+ closeSSEStream(requestId) {
784
+ const streamId = this._requestToStreamMapping.get(requestId);
785
+ if (!streamId) return;
786
+ const stream = this._streamMapping.get(streamId);
787
+ if (stream) stream.cleanup();
788
+ }
789
+ /**
790
+ * Close the standalone `GET` SSE stream, triggering client reconnection.
791
+ * Use this to implement polling behavior for server-initiated notifications.
792
+ */
793
+ closeStandaloneSSEStream() {
794
+ const stream = this._streamMapping.get(this._standaloneSseStreamId);
795
+ if (stream) stream.cleanup();
796
+ }
797
+ async send(message, options) {
798
+ let requestId = options?.relatedRequestId;
799
+ if (require_mcp.isJSONRPCResultResponse(message) || require_mcp.isJSONRPCErrorResponse(message)) requestId = message.id;
800
+ if (requestId === void 0) {
801
+ if (require_mcp.isJSONRPCResultResponse(message) || require_mcp.isJSONRPCErrorResponse(message)) throw new Error("Cannot send a response on a standalone SSE stream unless resuming a previous client request");
802
+ let eventId;
803
+ if (this._eventStore) eventId = await this._eventStore.storeEvent(this._standaloneSseStreamId, message);
804
+ const standaloneSse = this._streamMapping.get(this._standaloneSseStreamId);
805
+ if (standaloneSse === void 0) return;
806
+ if (standaloneSse.controller && standaloneSse.encoder && (eventId === void 0 || !standaloneSse.replayedEventIds?.has(eventId))) this.writeSSEEvent(standaloneSse.controller, standaloneSse.encoder, message, eventId);
807
+ return;
808
+ }
809
+ const streamId = this._requestToStreamMapping.get(requestId);
810
+ if (!streamId) throw new Error(`No connection established for request ID: ${String(requestId)}`);
811
+ let stream = this._streamMapping.get(streamId);
812
+ if (!this._enableJsonResponse) {
813
+ let eventId;
814
+ if (this._eventStore) {
815
+ eventId = await this._eventStore.storeEvent(streamId, message);
816
+ stream = this._streamMapping.get(streamId);
817
+ }
818
+ if (stream?.controller && stream?.encoder && (eventId === void 0 || !stream.replayedEventIds?.has(eventId))) this.writeSSEEvent(stream.controller, stream.encoder, message, eventId);
819
+ }
820
+ if (require_mcp.isJSONRPCResultResponse(message) || require_mcp.isJSONRPCErrorResponse(message)) {
821
+ this._requestResponseMap.set(requestId, message);
822
+ const relatedIds = [...this._requestToStreamMapping.entries()].filter(([_, sid]) => sid === streamId).map(([id]) => id);
823
+ if (relatedIds.every((id) => this._requestResponseMap.has(id))) {
824
+ if (!stream) {
825
+ if (this._enableJsonResponse) throw new Error(`No connection established for request ID: ${String(requestId)}`);
826
+ if (!this._eventStore) {
827
+ this.onerror?.(/* @__PURE__ */ new Error(`Response for request ID ${String(requestId)} is undeliverable: per-request stream is disconnected and no eventStore is configured`));
828
+ for (const id of relatedIds) {
829
+ this._requestResponseMap.delete(id);
830
+ this._requestToStreamMapping.delete(id);
831
+ }
832
+ return;
833
+ }
834
+ for (const id of relatedIds) {
835
+ this._requestResponseMap.delete(id);
836
+ this._requestToStreamMapping.delete(id);
837
+ }
838
+ return;
839
+ }
840
+ if (this._enableJsonResponse && stream.resolveJson) {
841
+ const headers = { "Content-Type": "application/json" };
842
+ if (this.sessionId !== void 0) headers["mcp-session-id"] = this.sessionId;
843
+ const responses = relatedIds.map((id) => this._requestResponseMap.get(id));
844
+ if (responses.length === 1) stream.resolveJson(Response.json(responses[0], {
845
+ status: 200,
846
+ headers
847
+ }));
848
+ else stream.resolveJson(Response.json(responses, {
849
+ status: 200,
850
+ headers
851
+ }));
852
+ stream.cleanup();
853
+ } else stream.cleanup();
854
+ for (const id of relatedIds) {
855
+ this._requestResponseMap.delete(id);
856
+ this._requestToStreamMapping.delete(id);
857
+ }
858
+ }
859
+ }
860
+ }
861
+ };
862
+
863
+ //#endregion
864
+ //#region src/server/createMcpHandler.ts
865
+ /**
866
+ * The JSON-RPC id to echo on an entry-built error response: the body's `id`
867
+ * when the body is a single JSON-RPC request whose id is a string or number,
868
+ * `null` otherwise. Error responses must carry the id of the request they
869
+ * correspond to whenever it could be read; `null` is reserved for the cases
870
+ * where no single request id is determinable — unparseable bodies, body-less
871
+ * methods, notifications, posted responses and batch arrays.
872
+ */
873
+ function echoableRequestId(body) {
874
+ if (body === null || typeof body !== "object" || Array.isArray(body)) return null;
875
+ const { method, id } = body;
876
+ if (typeof method !== "string") return null;
877
+ return typeof id === "string" || typeof id === "number" ? id : null;
878
+ }
879
+ function jsonRpcErrorResponse(httpStatus, code, message, data, id = null) {
880
+ return Response.json({
881
+ jsonrpc: "2.0",
882
+ error: {
883
+ code,
884
+ message,
885
+ ...data !== void 0 && { data }
886
+ },
887
+ id
888
+ }, { status: httpStatus });
889
+ }
890
+ function rejectionResponse(rejection, id = null) {
891
+ return jsonRpcErrorResponse(rejection.httpStatus, rejection.code, rejection.message, rejection.data, id);
892
+ }
893
+ function toError(value) {
894
+ return value instanceof Error ? value : new Error(String(value));
895
+ }
896
+ function internalServerErrorResponse(id = null) {
897
+ return jsonRpcErrorResponse(500, -32603, "Internal server error", void 0, id);
898
+ }
899
+ /**
900
+ * The entry's default legacy serving (`legacy: 'stateless'`): per-request
901
+ * stateless serving of 2025-era traffic using the same factory as the modern
902
+ * path. Exported as a standalone building block for hand-wired compositions
903
+ * (for example mounting legacy stateless serving on its own route next to a
904
+ * strict modern endpoint).
905
+ *
906
+ * Each POST is served by a fresh instance from the factory connected to a
907
+ * fresh streamable HTTP transport constructed with only
908
+ * `sessionIdGenerator: undefined` — the established stateless idiom, unchanged.
909
+ * Because serving is per-request and stateless, GET and DELETE (2025 session
910
+ * operations) are answered with `405` / `Method not allowed.`, exactly like the
911
+ * canonical stateless example.
912
+ *
913
+ * The optional `onerror` callback receives factory and serving failures on
914
+ * this leg (reporting only — the response stays the 500 internal-error body).
915
+ * The entry passes its own `onerror` here when expanding the default, so
916
+ * legacy-leg failures are never silently swallowed.
917
+ */
918
+ function legacyStatelessFallback(factory, onerror) {
919
+ return async (request, options) => {
920
+ if (request.method.toUpperCase() !== "POST") return jsonRpcErrorResponse(405, -32e3, "Method not allowed.");
921
+ try {
922
+ const product = await factory({
923
+ era: "legacy",
924
+ ...options?.authInfo !== void 0 && { authInfo: options.authInfo },
925
+ requestInfo: request
926
+ });
927
+ const transport = new WebStandardStreamableHTTPServerTransport({ sessionIdGenerator: void 0 });
928
+ await product.connect(transport);
929
+ const teardown = () => {
930
+ transport.close().catch(() => {});
931
+ product.close().catch(() => {});
932
+ };
933
+ request.signal?.addEventListener("abort", teardown, { once: true });
934
+ const response = await transport.handleRequest(request, {
935
+ ...options?.authInfo !== void 0 && { authInfo: options.authInfo },
936
+ ...options?.parsedBody !== void 0 && { parsedBody: options.parsedBody }
937
+ });
938
+ if (response.body === null || !(response.headers.get("content-type") ?? "").includes("text/event-stream")) {
939
+ teardown();
940
+ return response;
941
+ }
942
+ const reader = response.body.getReader();
943
+ let toreDown = false;
944
+ const completeExchange = () => {
945
+ if (!toreDown) {
946
+ toreDown = true;
947
+ teardown();
948
+ }
949
+ };
950
+ const monitoredBody = new ReadableStream({
951
+ pull: async (controller) => {
952
+ try {
953
+ const { done, value } = await reader.read();
954
+ if (done) {
955
+ completeExchange();
956
+ controller.close();
957
+ return;
958
+ }
959
+ if (value !== void 0) controller.enqueue(value);
960
+ } catch (error) {
961
+ completeExchange();
962
+ controller.error(error);
963
+ }
964
+ },
965
+ cancel: (reason) => {
966
+ completeExchange();
967
+ return reader.cancel(reason).catch(() => {});
968
+ }
969
+ });
970
+ return new Response(monitoredBody, {
971
+ status: response.status,
972
+ statusText: response.statusText,
973
+ headers: response.headers
974
+ });
975
+ } catch (error) {
976
+ try {
977
+ onerror?.(toError(error));
978
+ } catch {}
979
+ return internalServerErrorResponse(echoableRequestId(options?.parsedBody));
980
+ }
981
+ };
982
+ }
983
+ /**
984
+ * The entry's classification step: read the request body exactly once (unless
985
+ * a pre-parsed body is supplied) and classify the request with
986
+ * {@linkcode classifyInboundRequest}. This is the single code path behind both
987
+ * {@linkcode createMcpHandler}'s routing and the exported
988
+ * {@linkcode isLegacyRequest} predicate, so the two can never disagree.
989
+ *
990
+ * Pass `needsForward: false` when the caller never reads `forwardRequest` —
991
+ * the body-preserving clone is then skipped and `forwardRequest` is the
992
+ * (consumed) input request.
993
+ */
994
+ async function classifyEntryRequest(request, providedParsedBody, needsForward = true) {
995
+ const httpMethod = request.method.toUpperCase();
996
+ let body;
997
+ let parsedBody = providedParsedBody;
998
+ let forwardRequest = request;
999
+ let unparseable = false;
1000
+ if (httpMethod === "POST") {
1001
+ if (parsedBody === void 0) {
1002
+ if (needsForward) forwardRequest = request.clone();
1003
+ let bodyText;
1004
+ try {
1005
+ bodyText = await request.text();
1006
+ } catch {
1007
+ return { step: "unreadable-body" };
1008
+ }
1009
+ try {
1010
+ body = bodyText.length === 0 ? void 0 : JSON.parse(bodyText);
1011
+ } catch {
1012
+ unparseable = true;
1013
+ }
1014
+ if (!unparseable && body !== void 0) parsedBody = body;
1015
+ } else body = parsedBody;
1016
+ if (unparseable || body === void 0) return {
1017
+ step: "no-json-body",
1018
+ forwardRequest
1019
+ };
1020
+ }
1021
+ return {
1022
+ step: "classified",
1023
+ outcome: require_mcp.classifyInboundRequest({
1024
+ httpMethod,
1025
+ protocolVersionHeader: request.headers.get("mcp-protocol-version") ?? void 0,
1026
+ mcpMethodHeader: request.headers.get("mcp-method") ?? void 0,
1027
+ mcpNameHeader: request.headers.get("mcp-name") ?? void 0,
1028
+ ...body !== void 0 && { body }
1029
+ }),
1030
+ body,
1031
+ parsedBody,
1032
+ forwardRequest
1033
+ };
1034
+ }
1035
+ /**
1036
+ * Whether {@linkcode createMcpHandler} would route this request to its legacy
1037
+ * (2025-era) serving rather than the modern (2026-07-28) path.
1038
+ *
1039
+ * Call it with just the request: `await isLegacyRequest(request)`. For a
1040
+ * `POST` the body is read from an internal clone, so the request you pass
1041
+ * stays fully readable for whichever handler you route it to — no second
1042
+ * argument is needed. (In a Node `(req, res)` handler, build that `Request`
1043
+ * with `toWebRequest(req)` from `@modelcontextprotocol/node`; behind a body
1044
+ * parser, which has already drained the Node stream, build it as
1045
+ * `toWebRequest(req, req.body)` so the bytes come from the parsed body —
1046
+ * either way the predicate still takes just the request.) The optional
1047
+ * `parsedBody` is a perf escape hatch for a body you already hold parsed:
1048
+ * pass it and the predicate classifies from the value directly, reading and
1049
+ * cloning nothing. It is needed, not just faster, when the request's own
1050
+ * body was already read — the internal clone is then impossible (cloning a
1051
+ * used body throws a `TypeError`), so such a single-argument call rejects
1052
+ * instead of guessing.
1053
+ *
1054
+ * This is the entry's own classification step exported as a predicate — it
1055
+ * runs exactly the code `createMcpHandler` runs to make the routing decision,
1056
+ * not a re-implementation — so a hand-wired composition that branches on it
1057
+ * can never disagree with the entry. Use it to keep an existing legacy
1058
+ * deployment (for example a sessionful streamable HTTP wiring) serving 2025
1059
+ * traffic next to a strict modern endpoint, now that the entry has no
1060
+ * handler-valued `legacy` option:
1061
+ *
1062
+ * ```ts
1063
+ * import { createMcpHandler, isLegacyRequest } from '@modelcontextprotocol/server';
1064
+ *
1065
+ * const modern = createMcpHandler(factory, { legacy: 'reject' });
1066
+ *
1067
+ * export default {
1068
+ * async fetch(request: Request): Promise<Response> {
1069
+ * if (await isLegacyRequest(request)) {
1070
+ * // e.g. an existing sessionful WebStandardStreamableHTTPServerTransport wiring
1071
+ * return myExistingLegacyHandler(request);
1072
+ * }
1073
+ * return modern.fetch(request);
1074
+ * }
1075
+ * };
1076
+ * ```
1077
+ *
1078
+ * Semantics (identical to the entry's routing):
1079
+ *
1080
+ * - Returns `true` only for requests with no per-request `_meta` envelope
1081
+ * claim: claim-less POSTs (including the `initialize` handshake and 2025-era
1082
+ * notification POSTs without a modern protocol-version header), body-less
1083
+ * GET/DELETE session operations, all-legacy JSON-RPC batch arrays, posted
1084
+ * JSON-RPC responses, and POSTs whose body is empty or not valid JSON.
1085
+ * - Returns `false` for everything the modern path answers, including its
1086
+ * validation-ladder rejections: a request carrying the envelope claim (even
1087
+ * one naming a revision the endpoint does not serve — the modern path
1088
+ * answers it with the unsupported-protocol-version error), a malformed
1089
+ * envelope behind a present claim (answered `-32602`), a request whose
1090
+ * `MCP-Protocol-Version` header names a modern revision but that lacks the
1091
+ * envelope (`-32602`), and header/body mismatches (`-32020`). Consumers
1092
+ * routing on the predicate must send `false` traffic to the modern handler,
1093
+ * never to a legacy handler — the modern path owns those error answers.
1094
+ * - `server/discover` probes sent by negotiating clients always carry the
1095
+ * envelope claim, so they are never legacy; a hand-built claim-less POST to
1096
+ * a method named `server/discover` has no claim and classifies legacy,
1097
+ * exactly as the entry itself routes it.
1098
+ */
1099
+ async function isLegacyRequest(request, parsedBody) {
1100
+ const classified = await classifyEntryRequest(parsedBody === void 0 && request.method.toUpperCase() === "POST" ? request.clone() : request, parsedBody, false);
1101
+ return classified.step === "no-json-body" || classified.step === "classified" && classified.outcome.kind === "legacy";
1102
+ }
1103
+ /**
1104
+ * Creates an HTTP handler that serves the 2026-07-28 protocol revision from a
1105
+ * per-request server factory and, by default, falls back to old-school
1106
+ * stateless serving for 2025-era traffic. Pass `legacy: 'reject'` for a
1107
+ * modern-only strict endpoint.
1108
+ *
1109
+ * Mounting: `handler.fetch` is the web-standard face (Cloudflare Workers,
1110
+ * Deno, Bun, Hono's `c.req.raw`); for Express/Fastify/plain `node:http`, wrap
1111
+ * the handler once with `toNodeHandler(handler)` from
1112
+ * `@modelcontextprotocol/node`. When mounting bare on a fetch-native runtime,
1113
+ * put Origin/Host validation in front of the handler — the entry itself is
1114
+ * deliberately validation-free:
1115
+ *
1116
+ * ```ts
1117
+ * import { hostHeaderValidationResponse, originValidationResponse, localhostAllowedHostnames, localhostAllowedOrigins } from '@modelcontextprotocol/server';
1118
+ *
1119
+ * export default {
1120
+ * async fetch(request: Request): Promise<Response> {
1121
+ * const rejected =
1122
+ * hostHeaderValidationResponse(request, localhostAllowedHostnames()) ??
1123
+ * originValidationResponse(request, localhostAllowedOrigins());
1124
+ * return rejected ?? handler.fetch(request);
1125
+ * }
1126
+ * };
1127
+ * ```
1128
+ *
1129
+ * Use ONE factory for both legs: the same tools/resources/prompts definition
1130
+ * backs the modern path and the stateless legacy fallback, so the two eras can
1131
+ * never drift apart. To keep an existing legacy deployment (for example a
1132
+ * sessionful streamable HTTP wiring) serving 2025 traffic instead of the
1133
+ * stateless fallback, route in user land with {@linkcode isLegacyRequest} in
1134
+ * front of a strict handler — see that predicate's documentation for the
1135
+ * pattern. Power users composing transport-neutral routing can also use the
1136
+ * exported building blocks directly: {@linkcode classifyInboundRequest} for
1137
+ * the era decision and `PerRequestHTTPServerTransport` for single-exchange
1138
+ * serving.
1139
+ *
1140
+ * The entry performs no token verification: `authInfo` given to `fetch` is
1141
+ * passed through to handlers and the factory as-is and is never derived from
1142
+ * request headers.
1143
+ */
1144
+ function createMcpHandler(factory, options = {}) {
1145
+ const { legacy, onerror, responseMode } = options;
1146
+ if (typeof legacy === "function") throw new TypeError("The 'legacy' option only accepts 'stateless' or 'reject', not a handler function. To serve 2025-era traffic with your own handler, route in user land with the exported isLegacyRequest(request) predicate in front of a strict (legacy: 'reject') handler.");
1147
+ /** Modern per-request instances with an exchange still in flight (close() tears these down). */
1148
+ const inflight = /* @__PURE__ */ new Set();
1149
+ let closed = false;
1150
+ const reportError = (error) => {
1151
+ try {
1152
+ onerror?.(error);
1153
+ } catch {}
1154
+ };
1155
+ const bus = options.bus ?? new require_mcp.InMemoryServerEventBus(reportError);
1156
+ const notify = require_mcp.createServerNotifier(bus);
1157
+ const listenRouter = require_mcp.createListenRouter({
1158
+ bus,
1159
+ maxSubscriptions: options.maxSubscriptions ?? require_mcp.DEFAULT_MAX_SUBSCRIPTIONS,
1160
+ keepAliveMs: options.keepAliveMs ?? require_mcp.DEFAULT_LISTEN_KEEPALIVE_MS,
1161
+ onerror: reportError
1162
+ });
1163
+ if (responseMode === "json") console.warn("responseMode: 'json' drops mid-call notifications. subscriptions/listen streams are always served over SSE regardless; other notifications emitted before a result are dropped.");
1164
+ const legacyHandler = legacy === "reject" ? void 0 : legacyStatelessFallback(factory, reportError);
1165
+ async function serveModern(route, request, authInfo) {
1166
+ const claimedRevision = route.classification.revision;
1167
+ if (claimedRevision === void 0 || !require_mcp.SUPPORTED_MODERN_PROTOCOL_VERSIONS.includes(claimedRevision)) {
1168
+ const error = new require_mcp.UnsupportedProtocolVersionError({
1169
+ supported: [...require_mcp.SUPPORTED_MODERN_PROTOCOL_VERSIONS],
1170
+ requested: claimedRevision ?? "unknown"
1171
+ });
1172
+ reportError(error);
1173
+ return jsonRpcErrorResponse(400, error.code, error.message, error.data, echoableRequestId(route.message));
1174
+ }
1175
+ const stdHeaderRejection = require_mcp.validateStandardRequestHeaders({
1176
+ httpMethod: request.method,
1177
+ mcpMethodHeader: request.headers.get("mcp-method") ?? void 0,
1178
+ mcpNameHeader: request.headers.get("mcp-name") ?? void 0
1179
+ }, route);
1180
+ if (stdHeaderRejection !== void 0) {
1181
+ reportError(/* @__PURE__ */ new Error(`Rejected inbound request (${stdHeaderRejection.cell}): ${stdHeaderRejection.message}`));
1182
+ return rejectionResponse(stdHeaderRejection, echoableRequestId(route.message));
1183
+ }
1184
+ const meta = route.messageKind === "request" ? require_mcp.requestMetaOf(route.message.params) : void 0;
1185
+ const declaredClientCapabilities = meta?.[require_mcp.CLIENT_CAPABILITIES_META_KEY];
1186
+ if (route.messageKind === "request") {
1187
+ const required = require_mcp.requiredClientCapabilitiesForRequest(route.message.method);
1188
+ if (required !== void 0) {
1189
+ const missing = require_mcp.missingClientCapabilities(required, declaredClientCapabilities);
1190
+ if (missing !== void 0) {
1191
+ const error = new require_mcp.MissingRequiredClientCapabilityError({ requiredCapabilities: missing });
1192
+ reportError(error);
1193
+ return jsonRpcErrorResponse(require_mcp.httpStatusForErrorCode(error.code, "ladder"), error.code, error.message, error.data, route.message.id);
1194
+ }
1195
+ }
1196
+ }
1197
+ const product = await factory({
1198
+ era: "modern",
1199
+ ...authInfo !== void 0 && { authInfo },
1200
+ requestInfo: request
1201
+ });
1202
+ const server = product instanceof require_mcp.McpServer ? product.server : product;
1203
+ if (route.messageKind === "request" && route.message.method === "subscriptions/listen") {
1204
+ const capabilities = server.getCapabilities();
1205
+ product.close().catch(reportError);
1206
+ return listenRouter.serve(route.message, request.signal, capabilities);
1207
+ }
1208
+ if (route.messageKind === "request" && route.message.method === "tools/call" && product instanceof require_mcp.McpServer) {
1209
+ const callParams = route.message.params;
1210
+ const toolName = typeof callParams?.name === "string" ? callParams.name : void 0;
1211
+ const inputSchema = toolName === void 0 ? void 0 : product.toolInputSchemaJson(toolName);
1212
+ if (inputSchema !== void 0) {
1213
+ const scan = require_mcp.scanXMcpHeaderDeclarations(inputSchema);
1214
+ if (scan.valid && scan.declarations.length > 0) {
1215
+ const rejection = require_mcp.validateMcpParamHeaders(scan.declarations, callParams?.arguments, request.headers);
1216
+ if (rejection !== void 0) {
1217
+ product.close().catch(reportError);
1218
+ reportError(/* @__PURE__ */ new Error(`Rejected inbound request (${rejection.cell}): ${rejection.message}`));
1219
+ return rejectionResponse(rejection, route.message.id);
1220
+ }
1221
+ }
1222
+ }
1223
+ }
1224
+ require_mcp.setNegotiatedProtocolVersion(server, claimedRevision);
1225
+ require_mcp.installModernOnlyHandlers(server, require_mcp.SUPPORTED_MODERN_PROTOCOL_VERSIONS);
1226
+ if (meta !== void 0) require_mcp.seedClientIdentityFromEnvelope(server, {
1227
+ clientInfo: meta[require_mcp.CLIENT_INFO_META_KEY],
1228
+ clientCapabilities: declaredClientCapabilities
1229
+ });
1230
+ const previousOnClose = server.onclose;
1231
+ inflight.add(server);
1232
+ server.onclose = () => {
1233
+ inflight.delete(server);
1234
+ previousOnClose?.();
1235
+ };
1236
+ try {
1237
+ const response = await invoke(product, route.message, {
1238
+ classification: route.classification,
1239
+ request,
1240
+ ...authInfo !== void 0 && { authInfo },
1241
+ ...responseMode !== void 0 && { responseMode }
1242
+ });
1243
+ if (route.messageKind === "notification") queueMicrotask(() => void server.close().catch(() => {}));
1244
+ return response;
1245
+ } catch (error) {
1246
+ if (error instanceof require_mcp.SdkError && error.code === require_mcp.SdkErrorCode.ConnectionClosed) return new Response(null, { status: 499 });
1247
+ await server.close().catch(() => {});
1248
+ inflight.delete(server);
1249
+ reportError(toError(error));
1250
+ return internalServerErrorResponse(echoableRequestId(route.message));
1251
+ }
1252
+ }
1253
+ async function serveLegacyRoute(route, forwardRequest, authInfo, parsedBody) {
1254
+ if (legacyHandler !== void 0) return legacyHandler(forwardRequest, {
1255
+ ...authInfo !== void 0 && { authInfo },
1256
+ ...parsedBody !== void 0 && { parsedBody }
1257
+ });
1258
+ const strict = require_mcp.modernOnlyStrictRejection(route, require_mcp.SUPPORTED_MODERN_PROTOCOL_VERSIONS);
1259
+ if (strict === void 0) return new Response(null, { status: 202 });
1260
+ reportError(/* @__PURE__ */ new Error(`Rejected 2025-era request on a modern-only endpoint (${strict.cell}): ${strict.message}`));
1261
+ return rejectionResponse(strict, echoableRequestId(parsedBody));
1262
+ }
1263
+ async function handle(request, requestOptions) {
1264
+ const authInfo = requestOptions?.authInfo;
1265
+ const classified = await classifyEntryRequest(request, requestOptions?.parsedBody);
1266
+ if (classified.step === "unreadable-body") return jsonRpcErrorResponse(400, -32700, "Parse error: the request body could not be read");
1267
+ if (classified.step === "no-json-body") {
1268
+ if (legacyHandler !== void 0) return legacyHandler(classified.forwardRequest, { ...authInfo !== void 0 && { authInfo } });
1269
+ return jsonRpcErrorResponse(400, -32700, "Parse error: the request body is not valid JSON");
1270
+ }
1271
+ const { outcome, body, parsedBody, forwardRequest } = classified;
1272
+ try {
1273
+ switch (outcome.kind) {
1274
+ case "reject":
1275
+ reportError(/* @__PURE__ */ new Error(`Rejected inbound request (${outcome.cell}): ${outcome.message}`));
1276
+ return rejectionResponse(outcome, echoableRequestId(body));
1277
+ case "modern": return await serveModern(outcome, request, authInfo);
1278
+ case "legacy": return await serveLegacyRoute(outcome, forwardRequest, authInfo, parsedBody);
1279
+ }
1280
+ } catch (error) {
1281
+ reportError(toError(error));
1282
+ return internalServerErrorResponse(echoableRequestId(body));
1283
+ }
1284
+ }
1285
+ const fetchFace = async (request, requestOptions) => {
1286
+ if (closed) throw new Error("This MCP handler has been closed");
1287
+ try {
1288
+ return await handle(request, requestOptions);
1289
+ } catch (error) {
1290
+ reportError(toError(error));
1291
+ return internalServerErrorResponse(echoableRequestId(requestOptions?.parsedBody));
1292
+ }
1293
+ };
1294
+ return {
1295
+ fetch: fetchFace,
1296
+ notify,
1297
+ bus,
1298
+ close: async () => {
1299
+ closed = true;
1300
+ listenRouter.closeAll();
1301
+ const closing = [...inflight].map((server) => server.close().catch(() => {}));
1302
+ inflight.clear();
1303
+ await Promise.all(closing);
1304
+ }
1305
+ };
1306
+ }
1307
+
1308
+ //#endregion
1309
+ //#region src/server/middleware/hostHeaderValidation.ts
1310
+ /**
1311
+ * Parse and validate a `Host` header against an allowlist of hostnames (port-agnostic).
1312
+ *
1313
+ * - Input host header may include a port (e.g. `localhost:3000`) or IPv6 brackets (e.g. `[::1]:3000`).
1314
+ * - Allowlist items should be hostnames only (no ports). For IPv6, include brackets (e.g. `[::1]`).
1315
+ */
1316
+ function validateHostHeader(hostHeader, allowedHostnames) {
1317
+ if (!hostHeader) return {
1318
+ ok: false,
1319
+ errorCode: "missing_host",
1320
+ message: "Missing Host header"
1321
+ };
1322
+ let hostname;
1323
+ try {
1324
+ hostname = new URL(`http://${hostHeader}`).hostname;
1325
+ } catch {
1326
+ return {
1327
+ ok: false,
1328
+ errorCode: "invalid_host_header",
1329
+ message: `Invalid Host header: ${hostHeader}`,
1330
+ hostHeader
1331
+ };
1332
+ }
1333
+ if (!allowedHostnames.includes(hostname)) return {
1334
+ ok: false,
1335
+ errorCode: "invalid_host",
1336
+ message: `Invalid Host: ${hostname}`,
1337
+ hostHeader,
1338
+ hostname
1339
+ };
1340
+ return {
1341
+ ok: true,
1342
+ hostname
1343
+ };
1344
+ }
1345
+ /**
1346
+ * Convenience allowlist for `localhost` DNS rebinding protection.
1347
+ */
1348
+ function localhostAllowedHostnames() {
1349
+ return [
1350
+ "localhost",
1351
+ "127.0.0.1",
1352
+ "[::1]"
1353
+ ];
1354
+ }
1355
+ /**
1356
+ * Web-standard `Request` helper for DNS rebinding protection.
1357
+ * @example
1358
+ * ```ts source="./hostHeaderValidation.examples.ts#hostHeaderValidationResponse_basicUsage"
1359
+ * const result = validateHostHeader(req.headers.get('host'), ['localhost']);
1360
+ * ```
1361
+ */
1362
+ function hostHeaderValidationResponse(req, allowedHostnames) {
1363
+ const result = validateHostHeader(req.headers.get("host"), allowedHostnames);
1364
+ if (result.ok) return void 0;
1365
+ return Response.json({
1366
+ jsonrpc: "2.0",
1367
+ error: {
1368
+ code: -32e3,
1369
+ message: result.message
1370
+ },
1371
+ id: null
1372
+ }, {
1373
+ status: 403,
1374
+ headers: { "Content-Type": "application/json" }
1375
+ });
1376
+ }
1377
+
1378
+ //#endregion
1379
+ //#region src/server/middleware/originValidation.ts
1380
+ /**
1381
+ * Validate an `Origin` header against an allowlist of hostnames (port-agnostic).
1382
+ *
1383
+ * - A missing/empty `Origin` header passes: non-browser clients do not send one,
1384
+ * and only browser-originated requests carry the header this check defends against.
1385
+ * - Allowlist items are hostnames only (no scheme, no port), the same convention as
1386
+ * `validateHostHeader`. For IPv6, include brackets (e.g. `[::1]`).
1387
+ * - Any present value that cannot be parsed as an origin URL — including the literal
1388
+ * `null` origin browsers send for opaque contexts — is rejected (deny on failure).
1389
+ */
1390
+ function validateOriginHeader(originHeader, allowedOriginHostnames) {
1391
+ if (originHeader === null || originHeader === void 0 || originHeader === "") return { ok: true };
1392
+ let hostname;
1393
+ try {
1394
+ hostname = new URL(originHeader).hostname;
1395
+ } catch {
1396
+ return {
1397
+ ok: false,
1398
+ errorCode: "invalid_origin_header",
1399
+ message: `Invalid Origin header: ${originHeader}`,
1400
+ originHeader
1401
+ };
1402
+ }
1403
+ if (hostname === "") return {
1404
+ ok: false,
1405
+ errorCode: "invalid_origin_header",
1406
+ message: `Invalid Origin header: ${originHeader}`,
1407
+ originHeader
1408
+ };
1409
+ if (!allowedOriginHostnames.includes(hostname)) return {
1410
+ ok: false,
1411
+ errorCode: "invalid_origin",
1412
+ message: `Invalid Origin: ${hostname}`,
1413
+ originHeader,
1414
+ hostname
1415
+ };
1416
+ return {
1417
+ ok: true,
1418
+ origin: originHeader,
1419
+ hostname
1420
+ };
1421
+ }
1422
+ /**
1423
+ * Convenience allowlist of localhost-class origin hostnames, mirroring
1424
+ * `localhostAllowedHostnames`.
1425
+ */
1426
+ function localhostAllowedOrigins() {
1427
+ return [
1428
+ "localhost",
1429
+ "127.0.0.1",
1430
+ "[::1]"
1431
+ ];
1432
+ }
1433
+ /**
1434
+ * Web-standard `Request` helper for Origin validation: returns a `403` JSON-RPC
1435
+ * error response when the request's `Origin` header is not allowed, and
1436
+ * `undefined` when the request may proceed.
1437
+ *
1438
+ * ```ts
1439
+ * const rejected = originValidationResponse(request, localhostAllowedOrigins());
1440
+ * if (rejected) return rejected;
1441
+ * ```
1442
+ */
1443
+ function originValidationResponse(req, allowedOriginHostnames) {
1444
+ const result = validateOriginHeader(req.headers.get("origin"), allowedOriginHostnames);
1445
+ if (result.ok) return void 0;
1446
+ return Response.json({
1447
+ jsonrpc: "2.0",
1448
+ error: {
1449
+ code: -32e3,
1450
+ message: result.message
1451
+ },
1452
+ id: null
1453
+ }, {
1454
+ status: 403,
1455
+ headers: { "Content-Type": "application/json" }
1456
+ });
1457
+ }
1458
+
1459
+ //#endregion
1460
+ //#region src/server/requestStateCodec.ts
1461
+ const PREFIX = "v1.";
1462
+ function bytesToBase64Url(bytes) {
1463
+ let bin = "";
1464
+ for (const b of bytes) bin += String.fromCodePoint(b);
1465
+ return btoa(bin).replaceAll("+", "-").replaceAll("/", "_").replace(/=+$/, "");
1466
+ }
1467
+ function constantTimeTagEqual(a, b) {
1468
+ if (a.length !== b.length) return false;
1469
+ let r = 0;
1470
+ for (let i = 0; i < a.length; i++) r |= a.codePointAt(i) ^ b.codePointAt(i);
1471
+ return r === 0;
1472
+ }
1473
+ function base64UrlToBytes(s) {
1474
+ const b64 = s.replaceAll("-", "+").replaceAll("_", "/");
1475
+ const bin = atob(b64);
1476
+ const bytes = new Uint8Array(bin.length);
1477
+ for (let i = 0; i < bin.length; i++) bytes[i] = bin.codePointAt(i);
1478
+ return bytes;
1479
+ }
1480
+ /**
1481
+ * Create an opt-in HMAC-SHA256 codec for the multi-round-trip `requestState`
1482
+ * (protocol revision 2026-07-28).
1483
+ *
1484
+ * `requestState` round-trips through the client and is attacker-controlled
1485
+ * input on re-entry. The SDK applies no protection of its own; this helper is
1486
+ * the convenience implementation of the spec's integrity MUST so authors don't
1487
+ * hand-roll HMAC. Wire shape:
1488
+ *
1489
+ * "v1." b64url({"p":<payload>,"exp":<unixSeconds>,"b":<bindTag>?}) "." b64url(mac)
1490
+ *
1491
+ * where `bindTag` is `b64url(HMAC(key, "mcp.requestState.bind:" + bind(ctx))[:16])`
1492
+ * — the binding value is never embedded raw.
1493
+ *
1494
+ * The codec is **signed, not encrypted**: the body is integrity-protected but
1495
+ * the client can base64url-decode it and read the payload (`p`) in clear. Do
1496
+ * not put secrets in the payload; use an AEAD construction if confidentiality
1497
+ * is required. The handler reads its payload back via the typed
1498
+ * `ctx.mcpReq.requestState<T>()` accessor — the seam has already run `verify`
1499
+ * (integrity proven, payload decoded) by the time the handler is entered.
1500
+ *
1501
+ * Verification is fail-closed and constant-time (WebCrypto `subtle.verify` for
1502
+ * the body MAC; a fixed-length XOR-accumulator compare for the bind tag).
1503
+ * See `examples/mrtr/server.ts` for a worked end-to-end example.
1504
+ *
1505
+ * Design comparison (mcp.d `secureRequestState`, the peer SDK's reference
1506
+ * implementation): mcp.d additionally offers an AES-256-GCM encrypted mode and
1507
+ * derives independent cipher / bind-HMAC sub-keys from the operator secret via
1508
+ * HKDF-SHA256, with an auto-generated per-process ephemeral key when none is
1509
+ * supplied. This codec deliberately ships only the signed mode and a single
1510
+ * keyed HMAC (domain-separated by input prefix) — HKDF sub-key derivation and
1511
+ * an encrypted mode are intentionally out of scope for the initial release.
1512
+ */
1513
+ function createRequestStateCodec(options) {
1514
+ const subtle = globalThis.crypto?.subtle;
1515
+ if (subtle === void 0) throw new TypeError("createRequestStateCodec requires the Web Crypto API (globalThis.crypto.subtle); see https://ts.sdk.modelcontextprotocol.io/v2/troubleshooting for the Node.js polyfill instructions");
1516
+ const keyBytes = typeof options.key === "string" ? new TextEncoder().encode(options.key) : Uint8Array.from(options.key);
1517
+ if (keyBytes.byteLength < 32) throw new RangeError(`createRequestStateCodec: key must be at least 32 bytes (got ${keyBytes.byteLength})`);
1518
+ const ttlSeconds = options.ttlSeconds ?? 600;
1519
+ if (!Number.isFinite(ttlSeconds)) throw new RangeError("createRequestStateCodec: ttlSeconds must be a finite number");
1520
+ const bind = options.bind;
1521
+ let cryptoKey;
1522
+ const importedKey = () => cryptoKey ??= subtle.importKey("raw", keyBytes, {
1523
+ name: "HMAC",
1524
+ hash: "SHA-256"
1525
+ }, false, ["sign", "verify"]);
1526
+ const utf8 = new TextEncoder();
1527
+ const BIND_LABEL = "mcp.requestState.bind:";
1528
+ const bindTag = async (value) => {
1529
+ return bytesToBase64Url(new Uint8Array(await subtle.sign("HMAC", await importedKey(), utf8.encode(BIND_LABEL + value))).slice(0, 16));
1530
+ };
1531
+ return {
1532
+ async mint(payload, ctx) {
1533
+ const envelope = {
1534
+ p: payload,
1535
+ exp: Math.floor(Date.now() / 1e3) + ttlSeconds
1536
+ };
1537
+ if (bind !== void 0) {
1538
+ if (ctx === void 0) throw new TypeError("createRequestStateCodec: mint() requires ctx when a bind callback is configured");
1539
+ envelope.b = await bindTag(bind(ctx));
1540
+ }
1541
+ const body = bytesToBase64Url(utf8.encode(JSON.stringify(envelope)));
1542
+ return `${PREFIX}${body}.${bytesToBase64Url(new Uint8Array(await subtle.sign("HMAC", await importedKey(), utf8.encode(PREFIX + body))))}`;
1543
+ },
1544
+ async verify(state, ctx) {
1545
+ const dot = state.lastIndexOf(".");
1546
+ if (!state.startsWith(PREFIX) || dot <= 3) throw new Error("malformed");
1547
+ const body = state.slice(3, dot);
1548
+ let macBytes;
1549
+ try {
1550
+ macBytes = base64UrlToBytes(state.slice(dot + 1));
1551
+ } catch {
1552
+ throw new Error("malformed");
1553
+ }
1554
+ if (!await subtle.verify("HMAC", await importedKey(), macBytes, utf8.encode(PREFIX + body))) throw new Error("mac");
1555
+ let envelope;
1556
+ try {
1557
+ envelope = JSON.parse(new TextDecoder("utf-8", { fatal: true }).decode(base64UrlToBytes(body)));
1558
+ } catch {
1559
+ throw new Error("malformed");
1560
+ }
1561
+ if (typeof envelope.exp !== "number" || envelope.exp < Math.floor(Date.now() / 1e3)) throw new Error("expired");
1562
+ if (bind !== void 0) {
1563
+ const expected = await bindTag(bind(ctx));
1564
+ if (envelope.b === void 0 || !constantTimeTagEqual(envelope.b, expected)) throw new Error("bind");
1565
+ } else if (envelope.b !== void 0) throw new Error("bind");
1566
+ return envelope.p;
1567
+ }
1568
+ };
1569
+ }
1570
+
1571
+ //#endregion
1572
+ //#region src/fromJsonSchema.ts
1573
+ let _defaultValidator;
1574
+ function fromJsonSchema(schema, validator) {
1575
+ return require_mcp.fromJsonSchema(schema, validator ?? (_defaultValidator ??= new _modelcontextprotocol_server__shims.DefaultJsonSchemaValidator()));
1576
+ }
1577
+
1578
+ //#endregion
1579
+ exports.BAGGAGE_META_KEY = require_mcp.BAGGAGE_META_KEY;
1580
+ exports.CLIENT_CAPABILITIES_META_KEY = require_mcp.CLIENT_CAPABILITIES_META_KEY;
1581
+ exports.CLIENT_INFO_META_KEY = require_mcp.CLIENT_INFO_META_KEY;
1582
+ exports.DEFAULT_NEGOTIATED_PROTOCOL_VERSION = require_mcp.DEFAULT_NEGOTIATED_PROTOCOL_VERSION;
1583
+ exports.DEFAULT_REQUEST_TIMEOUT_MSEC = require_mcp.DEFAULT_REQUEST_TIMEOUT_MSEC;
1584
+ exports.INTERNAL_ERROR = require_mcp.INTERNAL_ERROR;
1585
+ exports.INVALID_PARAMS = require_mcp.INVALID_PARAMS;
1586
+ exports.INVALID_REQUEST = require_mcp.INVALID_REQUEST;
1587
+ exports.InMemoryServerEventBus = require_mcp.InMemoryServerEventBus;
1588
+ exports.InMemoryTransport = require_mcp.InMemoryTransport;
1589
+ exports.JSONRPC_VERSION = require_mcp.JSONRPC_VERSION;
1590
+ exports.LATEST_PROTOCOL_VERSION = require_mcp.LATEST_PROTOCOL_VERSION;
1591
+ exports.LOG_LEVEL_META_KEY = require_mcp.LOG_LEVEL_META_KEY;
1592
+ exports.METHOD_NOT_FOUND = require_mcp.METHOD_NOT_FOUND;
1593
+ exports.McpServer = require_mcp.McpServer;
1594
+ exports.MissingRequiredClientCapabilityError = require_mcp.MissingRequiredClientCapabilityError;
1595
+ exports.OAuthError = require_mcp.OAuthError;
1596
+ exports.OAuthErrorCode = require_mcp.OAuthErrorCode;
1597
+ exports.PARSE_ERROR = require_mcp.PARSE_ERROR;
1598
+ exports.PROTOCOL_VERSION_META_KEY = require_mcp.PROTOCOL_VERSION_META_KEY;
1599
+ exports.PerRequestHTTPServerTransport = PerRequestHTTPServerTransport;
1600
+ exports.ProtocolError = require_mcp.ProtocolError;
1601
+ exports.ProtocolErrorCode = require_mcp.ProtocolErrorCode;
1602
+ exports.RELATED_TASK_META_KEY = require_mcp.RELATED_TASK_META_KEY;
1603
+ exports.ReadBuffer = require_mcp.ReadBuffer;
1604
+ exports.ResourceNotFoundError = require_mcp.ResourceNotFoundError;
1605
+ exports.ResourceTemplate = require_mcp.ResourceTemplate;
1606
+ exports.STDIO_DEFAULT_MAX_BUFFER_SIZE = require_mcp.STDIO_DEFAULT_MAX_BUFFER_SIZE;
1607
+ exports.SUBSCRIPTION_ID_META_KEY = require_mcp.SUBSCRIPTION_ID_META_KEY;
1608
+ exports.SUPPORTED_PROTOCOL_VERSIONS = require_mcp.SUPPORTED_PROTOCOL_VERSIONS;
1609
+ exports.SdkError = require_mcp.SdkError;
1610
+ exports.SdkErrorCode = require_mcp.SdkErrorCode;
1611
+ exports.SdkHttpError = require_mcp.SdkHttpError;
1612
+ exports.Server = require_mcp.Server;
1613
+ exports.TRACEPARENT_META_KEY = require_mcp.TRACEPARENT_META_KEY;
1614
+ exports.TRACESTATE_META_KEY = require_mcp.TRACESTATE_META_KEY;
1615
+ exports.UnsupportedProtocolVersionError = require_mcp.UnsupportedProtocolVersionError;
1616
+ exports.UriTemplate = require_mcp.UriTemplate;
1617
+ exports.UrlElicitationRequiredError = require_mcp.UrlElicitationRequiredError;
1618
+ exports.WebStandardStreamableHTTPServerTransport = WebStandardStreamableHTTPServerTransport;
1619
+ exports.acceptedContent = require_mcp.acceptedContent;
1620
+ exports.assertCompleteRequestPrompt = require_mcp.assertCompleteRequestPrompt;
1621
+ exports.assertCompleteRequestResourceTemplate = require_mcp.assertCompleteRequestResourceTemplate;
1622
+ exports.checkResourceAllowed = require_mcp.checkResourceAllowed;
1623
+ exports.classifyInboundRequest = require_mcp.classifyInboundRequest;
1624
+ exports.completable = require_mcp.completable;
1625
+ exports.createFetchWithInit = require_mcp.createFetchWithInit;
1626
+ exports.createMcpHandler = createMcpHandler;
1627
+ exports.createRequestStateCodec = createRequestStateCodec;
1628
+ exports.deserializeMessage = require_mcp.deserializeMessage;
1629
+ exports.fromJsonSchema = fromJsonSchema;
1630
+ exports.getDisplayName = require_mcp.getDisplayName;
1631
+ exports.hostHeaderValidationResponse = hostHeaderValidationResponse;
1632
+ exports.inputRequired = require_mcp.inputRequired;
1633
+ exports.inputResponse = require_mcp.inputResponse;
1634
+ exports.isCallToolResult = require_mcp.isCallToolResult;
1635
+ exports.isCompletable = require_mcp.isCompletable;
1636
+ exports.isInitializeRequest = require_mcp.isInitializeRequest;
1637
+ exports.isInitializedNotification = require_mcp.isInitializedNotification;
1638
+ exports.isInputRequiredResult = require_mcp.isInputRequiredResult;
1639
+ exports.isJSONRPCErrorResponse = require_mcp.isJSONRPCErrorResponse;
1640
+ exports.isJSONRPCNotification = require_mcp.isJSONRPCNotification;
1641
+ exports.isJSONRPCRequest = require_mcp.isJSONRPCRequest;
1642
+ exports.isJSONRPCResponse = require_mcp.isJSONRPCResponse;
1643
+ exports.isJSONRPCResultResponse = require_mcp.isJSONRPCResultResponse;
1644
+ exports.isLegacyRequest = isLegacyRequest;
1645
+ exports.isSpecType = require_mcp.isSpecType;
1646
+ exports.isTaskAugmentedRequestParams = require_mcp.isTaskAugmentedRequestParams;
1647
+ exports.legacyStatelessFallback = legacyStatelessFallback;
1648
+ exports.localhostAllowedHostnames = localhostAllowedHostnames;
1649
+ exports.localhostAllowedOrigins = localhostAllowedOrigins;
1650
+ exports.originValidationResponse = originValidationResponse;
1651
+ exports.parseJSONRPCMessage = require_mcp.parseJSONRPCMessage;
1652
+ exports.resourceUrlFromServerUrl = require_mcp.resourceUrlFromServerUrl;
1653
+ exports.serializeMessage = require_mcp.serializeMessage;
1654
+ exports.specTypeSchemas = require_mcp.specTypeSchemas;
1655
+ exports.validateHostHeader = validateHostHeader;
1656
+ exports.validateOriginHeader = validateOriginHeader;
1657
+ //# sourceMappingURL=index.cjs.map