@silver886/mcp-proxy 0.1.3 → 0.2.0

package/dist/proxy/discovery/client.js

@@ -0,0 +1,283 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DiscoveryError = void 0;
+exports.initializeServer = initializeServer;
+exports.sendInitialized = sendInitialized;
+exports.fetchTools = fetchTools;
+exports.fetchPromptsStrict = fetchPromptsStrict;
+exports.fetchResourcesStrict = fetchResourcesStrict;
+exports.fetchResourceTemplatesStrict = fetchResourceTemplatesStrict;
+exports.discoverServerCapabilities = discoverServerCapabilities;
+exports.deleteSession = deleteSession;
+exports.listHostServers = listHostServers;
+const protocol_js_1 = require("../../shared/protocol.js");
+const constants_js_1 = require("../core/constants.js");
+const fetch_timeout_js_1 = require("../core/fetch-timeout.js");
+async function initializeServer(targetUrl, baseHeaders, name, clientCapabilities, clientInfo) {
+    const resp = await fetch(targetUrl, {
+        method: "POST",
+        headers: baseHeaders,
+        signal: (0, fetch_timeout_js_1.timeoutSignal)(constants_js_1.DISCOVERY_FETCH_TIMEOUT_MS),
+        body: JSON.stringify({
+            jsonrpc: "2.0",
+            id: `init-${name}`,
+            method: "initialize",
+            params: {
+                protocolVersion: protocol_js_1.MCP_PROTOCOL_VERSION,
+                capabilities: clientCapabilities,
+                clientInfo,
+            },
+        }),
+    });
+    return {
+        ok: resp.ok,
+        status: resp.status,
+        sessionId: resp.headers.get("mcp-session-id") ?? undefined,
+        body: await resp.text(),
+    };
+}
+async function sendInitialized(targetUrl, sessionHeaders) {
+    await fetch(targetUrl, {
+        method: "POST",
+        headers: sessionHeaders,
+        signal: (0, fetch_timeout_js_1.timeoutSignal)(constants_js_1.DISCOVERY_FETCH_TIMEOUT_MS),
+        body: JSON.stringify({ jsonrpc: "2.0", method: "notifications/initialized", params: {} }),
+    });
+}
+// Reject malformed envelopes (no `result` object, or expected field is not
+// an array) with a thrown error rather than silently returning []. A broken
+// upstream that answers a list call with `{}` or `{result: null}` would
+// otherwise be indistinguishable from "feature absent" — the runtime proxy
+// would mark the capability as healthy-but-empty, and the pairing UI would
+// claim the server has zero tools/prompts/resources.
+function extractListField(data, method, resultField) {
+    if (!data || typeof data !== "object") {
+        throw new Error(`${method} response is not a JSON object`);
+    }
+    const result = data.result;
+    if (!result || typeof result !== "object") {
+        throw new Error(`${method} response is missing the \`result\` object`);
+    }
+    const list = result[resultField];
+    if (!Array.isArray(list)) {
+        throw new Error(`${method} response is missing the \`result.${resultField}\` array`);
+    }
+    return list;
+}
+async function fetchTools(targetUrl, headers, name) {
+    const resp = await fetch(targetUrl, {
+        method: "POST",
+        headers,
+        signal: (0, fetch_timeout_js_1.timeoutSignal)(constants_js_1.DISCOVERY_FETCH_TIMEOUT_MS),
+        body: JSON.stringify({ jsonrpc: "2.0", id: `tools-${name}`, method: "tools/list", params: {} }),
+    });
+    if (!resp.ok)
+        throw new Error(`tools/list HTTP ${resp.status}: ${(await resp.text()).slice(0, 200)}`);
+    let data;
+    try {
+        data = await resp.json();
+    }
+    catch (err) {
+        throw new Error(`tools/list returned malformed JSON: ${err.message}`);
+    }
+    const error = data.error;
+    if (error)
+        throw new Error(`tools/list error: ${error.message ?? JSON.stringify(error)}`);
+    return extractListField(data, "tools/list", "tools");
+}
+// JSON-RPC METHOD_NOT_FOUND — what an MCP server returns when it doesn't
+// support a capability. Treated as "feature absent" (empty list), distinct
+// from a transport blip which the strict variants surface as a throw.
+const METHOD_NOT_FOUND = -32601;
+// Run a tools/prompts/resources-style list call against the upstream and
+// extract the list field. Throws on any transport, parse, or JSON-RPC
+// failure other than METHOD_NOT_FOUND, which collapses to []. Callers
+// (initial discovery, capability retry, refresh paths) catch and decide
+// what to do — preserve cached state, mark pending, fail outright.
+// Centralising the request/response shape here keeps the four list calls
+// from drifting from each other.
+async function fetchListStrict(targetUrl, headers, reqId, method, resultField) {
+    const resp = await fetch(targetUrl, {
+        method: "POST",
+        headers,
+        signal: (0, fetch_timeout_js_1.timeoutSignal)(constants_js_1.DISCOVERY_FETCH_TIMEOUT_MS),
+        body: JSON.stringify({ jsonrpc: "2.0", id: reqId, method, params: {} }),
+    });
+    if (!resp.ok)
+        throw new Error(`${method} HTTP ${resp.status}: ${(await resp.text()).slice(0, 200)}`);
+    let data;
+    try {
+        data = await resp.json();
+    }
+    catch (err) {
+        throw new Error(`${method} returned malformed JSON: ${err.message}`);
+    }
+    const error = data.error;
+    if (error) {
+        if (error.code === METHOD_NOT_FOUND)
+            return [];
+        throw new Error(`${method} error: ${error.message ?? JSON.stringify(error)}`);
+    }
+    return extractListField(data, method, resultField);
+}
+// Strict variants: throw on transport / non-METHOD_NOT_FOUND JSON-RPC
+// errors so the caller can decide whether to preserve cached state. Used
+// by refresh paths that must NOT wipe a server's prompts/resources on a
+// transient blip.
+function fetchPromptsStrict(targetUrl, headers, name) {
+    return fetchListStrict(targetUrl, headers, `prompts-${name}`, "prompts/list", "prompts");
+}
+function fetchResourcesStrict(targetUrl, headers, name) {
+    return fetchListStrict(targetUrl, headers, `resources-${name}`, "resources/list", "resources");
+}
+function fetchResourceTemplatesStrict(targetUrl, headers, name) {
+    return fetchListStrict(targetUrl, headers, `templates-${name}`, "resources/templates/list", "resourceTemplates");
+}
+// Errors thrown out of the handshake carry the captured session id, if
+// any, so the caller can DELETE the orphaned upstream session after a
+// post-init failure (sendInitialized / tools/list). Without this, a
+// transient JSON-RPC error on tools/list would leak a child process on
+// the host until idle GC reaped it ~30 minutes later.
+class DiscoveryError extends Error {
+    sessionId;
+    constructor(message, sessionId) {
+        super(message);
+        this.sessionId = sessionId;
+        this.name = "DiscoveryError";
+    }
+}
+exports.DiscoveryError = DiscoveryError;
+// Single source of truth for the per-server MCP handshake: initialize →
+// notifications/initialized → tools/list (required) → prompts / resources /
+// templates (each optional, recorded as pending on failure). Used by both
+// the runtime discovery path and the pairing-mediated discovery endpoint
+// so the browser sees the same capability set the proxy will see at
+// runtime — including using the real MCP client's capabilities/clientInfo
+// rather than synthetic browser values.
+async function discoverServerCapabilities(targetUrl, baseHeaders, name, clientCapabilities, clientInfo, log) {
+    let sessionId;
+    try {
+        const init = await initializeServer(targetUrl, baseHeaders, name, clientCapabilities, clientInfo);
+        // Capture the session id BEFORE parsing the body. Once the host returned
+        // 200 with a session header it has minted a child process, so the catch
+        // path below needs the id to clean it up even if the JSON payload is an
+        // error or malformed.
+        sessionId = init.sessionId;
+        if (!init.ok) {
+            throw new Error(`initialize HTTP ${init.status}: ${init.body.slice(0, 200)}`);
+        }
+        let initData;
+        try {
+            initData = JSON.parse(init.body);
+        }
+        catch (err) {
+            throw new Error(`initialize returned malformed JSON: ${err.message}`);
+        }
+        if (initData.error) {
+            throw new Error(`initialize error: ${initData.error.message ?? JSON.stringify(initData.error)}`);
+        }
+        const sessionHeaders = { ...baseHeaders };
+        if (sessionId)
+            sessionHeaders["Mcp-Session-Id"] = sessionId;
+        await sendInitialized(targetUrl, sessionHeaders);
+        const tools = await fetchTools(targetUrl, sessionHeaders, name);
+        // METHOD_NOT_FOUND on a capability is "feature absent" → empty list and
+        // no pending flag. Any other failure (transport, JSON-RPC error,
+        // malformed body) leaves the capability empty and sets the per-capability
+        // pending flag so the caller can either retry (runtime) or surface the
+        // failure to the user (pairing).
+        const [promptsResult, resourcesResult, templatesResult] = await Promise.allSettled([
+            fetchPromptsStrict(targetUrl, sessionHeaders, name),
+            fetchResourcesStrict(targetUrl, sessionHeaders, name),
+            fetchResourceTemplatesStrict(targetUrl, sessionHeaders, name),
+        ]);
+        const capErrors = {};
+        const prompts = promptsResult.status === "fulfilled" ? promptsResult.value : [];
+        const pendingPrompts = promptsResult.status === "rejected";
+        if (pendingPrompts) {
+            capErrors.prompts = promptsResult.reason.message;
+            log?.(`    [${name}] prompts/list failed (will retry): ${capErrors.prompts}`);
+        }
+        const resources = resourcesResult.status === "fulfilled" ? resourcesResult.value : [];
+        const pendingResources = resourcesResult.status === "rejected";
+        if (pendingResources) {
+            capErrors.resources = resourcesResult.reason.message;
+            log?.(`    [${name}] resources/list failed (will retry): ${capErrors.resources}`);
+        }
+        const resourceTemplates = templatesResult.status === "fulfilled" ? templatesResult.value : [];
+        const pendingResourceTemplates = templatesResult.status === "rejected";
+        if (pendingResourceTemplates) {
+            capErrors.resourceTemplates = templatesResult.reason.message;
+            log?.(`    [${name}] resources/templates/list failed (will retry): ${capErrors.resourceTemplates}`);
+        }
+        return {
+            sessionId,
+            tools,
+            prompts,
+            resources,
+            resourceTemplates,
+            pendingPrompts,
+            pendingResources,
+            pendingResourceTemplates,
+            capErrors,
+        };
+    }
+    catch (err) {
+        const message = err instanceof Error ? err.message : String(err);
+        throw new DiscoveryError(message, sessionId);
+    }
+}
+async function deleteSession(targetUrl, headers) {
+    try {
+        await fetch(targetUrl, {
+            method: "DELETE",
+            headers,
+            signal: (0, fetch_timeout_js_1.timeoutSignal)(constants_js_1.SESSION_DELETE_TIMEOUT_MS),
+        });
+    }
+    catch {
+        /* host unreachable — idle GC will reap eventually */
+    }
+}
+// List the servers a host advertises at GET /. Used by both runtime
+// discovery (server.ts) and pairing-mediated discovery (the setup page,
+// via the proxy's pairing endpoint). Filters server names through the
+// shared validator so an upstream advertising a name the proxy/page
+// can't safely route is dropped here rather than failing later in init —
+// callers (runtime + pairing UI) get a single, consistent view of what
+// the proxy will actually accept. Optional `log` surfaces dropped names
+// to the operator on the runtime path; pairing leaves it unset so the
+// UI just doesn't render unroutable rows.
+async function listHostServers(hostUrl, headers, log) {
+    const resp = await fetch(`${hostUrl}/`, {
+        method: "GET",
+        headers,
+        signal: (0, fetch_timeout_js_1.timeoutSignal)(constants_js_1.DISCOVERY_FETCH_TIMEOUT_MS),
+    });
+    if (!resp.ok) {
+        throw new Error(`list HTTP ${resp.status}: ${(await resp.text()).slice(0, 200)}`);
+    }
+    let data;
+    try {
+        data = await resp.json();
+    }
+    catch (err) {
+        throw new Error(`list returned malformed JSON: ${err.message}`);
+    }
+    const servers = data.servers;
+    if (!Array.isArray(servers)) {
+        throw new Error("list response is missing the `servers` array");
+    }
+    const out = [];
+    for (const s of servers) {
+        if (typeof s !== "string")
+            continue;
+        const reason = (0, protocol_js_1.validateServerName)(s);
+        if (reason) {
+            log?.(`    [${s}] skipped: ${reason}`);
+            continue;
+        }
+        out.push(s);
+    }
+    return out;
+}

package/dist/proxy/discovery/runner.d.ts

@@ -0,0 +1,21 @@
+import type { ProxyState } from "../core/state.js";
+import type { HostState, ServerState } from "../core/types.js";
+import type { SseReader } from "../runtime/sse.js";
+export declare class DiscoveryRunner {
+    private readonly state;
+    private readonly sse;
+    private readonly log;
+    constructor(state: ProxyState, sse: SseReader, log: (line: string) => void);
+    captureSessionId(host: HostState, serverName: string, server: ServerState, newId: string | null): void;
+    private static hasPendingCapabilities;
+    retryDiscoveryIfNeeded(): Promise<void>;
+    discoverServers(): Promise<void>;
+    private runDiscovery;
+    private discoverHost;
+    private retryPendingCapabilities;
+    initServer(host: HostState, name: string): Promise<void>;
+    rebuildToolRoute(): void;
+    refreshTools(host: HostState, serverName: string): Promise<void>;
+    refreshPrompts(host: HostState, serverName: string): Promise<void>;
+    refreshResources(host: HostState, serverName: string): Promise<void>;
+}

package/dist/proxy/discovery/runner.js

@@ -0,0 +1,319 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DiscoveryRunner = void 0;
+const constants_js_1 = require("../core/constants.js");
+const filtering_js_1 = require("../routing/filtering.js");
+const client_js_1 = require("./client.js");
+// Owns the proxy's discovery + refresh + per-server init logic. One pass
+// runs at a time (single-flighted via state.discoveryInflight); each
+// individual server is initialised through the shared
+// discoverServerCapabilities helper so pairing-time and runtime use the
+// exact same handshake.
+class DiscoveryRunner {
+    state;
+    sse;
+    log;
+    constructor(state, sse, log) {
+        this.state = state;
+        this.sse = sse;
+        this.log = log;
+    }
+    // After every upstream POST: if the host returned a different session
+    // id, restart the SSE notification loop bound to the new id. Without
+    // this, notifications go to the old session's queue and are silently
+    // lost. Lives here because it owns both the server state mutation and
+    // the SSE handle — Forwarder/Bridge call into it through a callback.
+    captureSessionId(host, serverName, server, newId) {
+        if (!newId)
+            return;
+        if (server.sessionId === newId)
+            return;
+        server.sessionId = newId;
+        this.sse.start(host, serverName, newId);
+    }
+    // True if any server stored under this host still has a capability list
+    // that needs to be re-fetched. Drives both the discovery host filter
+    // and retryDiscoveryIfNeeded's gate.
+    static hasPendingCapabilities(host) {
+        for (const server of host.servers.values()) {
+            if (server.pendingPrompts || server.pendingResources || server.pendingResourceTemplates)
+                return true;
+        }
+        return false;
+    }
+    // Retry-on-demand: kick another pass if any host hasn't fully settled.
+    // "Fully settled" means listing succeeded AND every server it named has
+    // an entry in host.servers (pendingServers is empty) AND every stored
+    // server has all three capability lists committed (no pending* flags).
+    // discoverServers is single-flighted, runDiscovery skips fully-settled
+    // hosts, discoverHost only re-runs init for the residual pendingServers,
+    // and retryPendingCapabilities only refetches the capability lists that
+    // are still pending — so this stays cheap once the system has stabilised.
+    async retryDiscoveryIfNeeded() {
+        if (!this.state.config)
+            return;
+        if (Array.from(this.state.hosts.values()).some((h) => !h.listed || h.pendingServers.size > 0 || DiscoveryRunner.hasPendingCapabilities(h))) {
+            await this.discoverServers();
+        }
+    }
+    discoverServers() {
+        if (this.state.discoveryInflight)
+            return this.state.discoveryInflight;
+        if (!this.state.config)
+            return Promise.resolve();
+        const run = this.runDiscovery().finally(() => {
+            this.state.discoveryInflight = null;
+        });
+        this.state.discoveryInflight = run;
+        return run;
+    }
+    async runDiscovery() {
+        if (!this.state.config)
+            return;
+        // Snapshot the generation and the host references at the start. If a
+        // re-pair swaps in a new pairing while we're awaiting upstream calls,
+        // this run is superseded: discoverHost's writes go to detached host
+        // objects (harmless), and we skip rebuildToolRoute so we don't
+        // clobber the new pairing's state.
+        const gen = this.state.configGeneration;
+        const hostsSnapshot = Array.from(this.state.hosts.values());
+        // Parallel host discovery. One slow host no longer delays the others —
+        // each host's failures are caught inside discoverHost so a single
+        // rejected promise can't poison the batch (allSettled is still used
+        // for defensive symmetry). A host with listing done but lingering
+        // pendingServers gets re-entered so its residual inits retry.
+        await Promise.allSettled(hostsSnapshot
+            .filter((h) => !h.listed || h.pendingServers.size > 0 || DiscoveryRunner.hasPendingCapabilities(h))
+            .map((h) => this.discoverHost(h)));
+        if (gen !== this.state.configGeneration)
+            return;
+        this.rebuildToolRoute();
+        this.log(`  Total tools: ${this.state.toolRoute.size}\n`);
+    }
+    async discoverHost(host) {
+        this.log(`  Host [${host.config.id}] ${host.config.tunnelUrl}`);
+        if (!host.listed) {
+            let serverNames;
+            try {
+                // listHostServers itself runs each advertised name through the
+                // shared validator and logs anything dropped, so the result is
+                // already safe to route — no second filter needed here.
+                serverNames = await (0, client_js_1.listHostServers)(host.config.tunnelUrl, this.state.hostHeaders(host.config), this.log);
+            }
+            catch (err) {
+                this.log(`    Discovery failed: ${err.message}`);
+                return;
+            }
+            // Drop deselected servers BEFORE we ever open a session. Without this
+            // the proxy spawns a child for every advertised server, forwards the
+            // real client capabilities upstream, and leaves an SSE loop attached
+            // — even for servers the user explicitly unchecked. selectedServers
+            // is a least-privilege boundary, so it has to gate side-effects, not
+            // just the agent-facing surface.
+            const selected = serverNames.filter((name) => {
+                if ((0, filtering_js_1.isServerSelected)(this.state.config, host.config.id, name))
+                    return true;
+                this.log(`    [${name}] skipped: not in selectedServers`);
+                return false;
+            });
+            this.log(`    discovered: ${selected.join(", ") || "(none)"}`);
+            for (const name of selected)
+                host.pendingServers.add(name);
+            host.listed = true;
+        }
+        else if (host.pendingServers.size > 0) {
+            this.log(`    retrying inits: ${Array.from(host.pendingServers).join(", ")}`);
+        }
+        // Snapshot first — initServer mutates pendingServers on success, and
+        // iterating a Set we're deleting from is footgun-territory. Servers
+        // within a host stay sequential: they share a session lifecycle and
+        // ordering keeps stderr readable.
+        for (const name of Array.from(host.pendingServers)) {
+            await this.initServer(host, name);
+        }
+        await this.retryPendingCapabilities(host);
+    }
+    // Re-fetch any capability list that failed during init for an
+    // already-stored server. Each per-capability flag is independent: a
+    // server with healthy tools but a transient prompts/list failure stays
+    // online and serves tools, and only the failed list is retried here.
+    // Strict variants keep the cached value on failure (preserve-on-failure)
+    // so a transient blip on the retry doesn't wipe what we already have.
+    async retryPendingCapabilities(host) {
+        for (const [serverName, server] of host.servers) {
+            if (!server.sessionId)
+                continue;
+            if (!server.pendingPrompts && !server.pendingResources && !server.pendingResourceTemplates)
+                continue;
+            const target = `${host.config.tunnelUrl}/servers/${serverName}`;
+            const headers = { ...this.state.hostHeaders(host.config), "Mcp-Session-Id": server.sessionId };
+            if (server.pendingPrompts) {
+                try {
+                    server.prompts = await (0, client_js_1.fetchPromptsStrict)(target, headers, serverName);
+                    server.pendingPrompts = false;
+                    this.log(`    [${host.config.id}/${serverName}] prompts retry ok: ${server.prompts.length}`);
+                }
+                catch (err) {
+                    this.log(`    [${host.config.id}/${serverName}] prompts retry failed: ${err.message}`);
+                }
+            }
+            if (server.pendingResources) {
+                try {
+                    server.resources = await (0, client_js_1.fetchResourcesStrict)(target, headers, serverName);
+                    server.pendingResources = false;
+                    this.log(`    [${host.config.id}/${serverName}] resources retry ok: ${server.resources.length}`);
+                }
+                catch (err) {
+                    this.log(`    [${host.config.id}/${serverName}] resources retry failed: ${err.message}`);
+                }
+            }
+            if (server.pendingResourceTemplates) {
+                try {
+                    server.resourceTemplates = await (0, client_js_1.fetchResourceTemplatesStrict)(target, headers, serverName);
+                    server.pendingResourceTemplates = false;
+                    this.log(`    [${host.config.id}/${serverName}] templates retry ok: ${server.resourceTemplates.length}`);
+                }
+                catch (err) {
+                    this.log(`    [${host.config.id}/${serverName}] templates retry failed: ${err.message}`);
+                }
+            }
+        }
+    }
+    async initServer(host, name) {
+        const targetUrl = `${host.config.tunnelUrl}/servers/${name}`;
+        const headers = this.state.hostHeaders(host.config);
+        let result;
+        try {
+            result = await (0, client_js_1.discoverServerCapabilities)(targetUrl, headers, name, this.state.clientCapabilities, this.state.clientInfo, (line) => this.log(line));
+        }
+        catch (err) {
+            // Leave name in pendingServers so the next on-demand discovery pass
+            // retries the init. The list call already succeeded — only the per-
+            // server init is in residue. Best-effort cleanup of any orphaned
+            // upstream session the failed handshake left behind.
+            const dErr = err;
+            this.log(`    [${name}] init failed: ${dErr.message}`);
+            if (dErr.sessionId) {
+                void (0, client_js_1.deleteSession)(targetUrl, { ...headers, "Mcp-Session-Id": dErr.sessionId });
+            }
+            return;
+        }
+        const state = {
+            sessionId: result.sessionId,
+            tools: result.tools,
+            prompts: result.prompts,
+            resources: result.resources,
+            resourceTemplates: result.resourceTemplates,
+            pendingPrompts: result.pendingPrompts,
+            pendingResources: result.pendingResources,
+            pendingResourceTemplates: result.pendingResourceTemplates,
+            // Fresh session starts with no subscriptions. Stale-session recovery
+            // in Forwarder snapshots the prior set BEFORE calling initServer and
+            // replays it onto the new state, so an init that runs as part of
+            // recovery still ends up with the right subscriptions populated.
+            subscriptions: new Set(),
+        };
+        host.servers.set(name, state);
+        host.pendingServers.delete(name);
+        if (result.sessionId)
+            this.sse.start(host, name, result.sessionId);
+        this.log(`    [${name}] ${result.tools.length} tools, ${result.prompts.length} prompts, ${result.resources.length} resources, ${result.resourceTemplates.length} templates`);
+    }
+    rebuildToolRoute() {
+        this.state.toolRoute.clear();
+        this.state.promptRoute.clear();
+        this.state.resources.clear();
+        for (const host of this.state.hosts.values()) {
+            for (const [serverName, state] of host.servers) {
+                const route = (originalName) => ({ hostId: host.config.id, serverName, originalName });
+                for (const tool of state.tools) {
+                    const prefixed = `${host.config.id}${constants_js_1.TOOL_SEPARATOR}${serverName}${constants_js_1.TOOL_SEPARATOR}${tool.name}`;
+                    this.state.toolRoute.set(prefixed, route(tool.name));
+                }
+                for (const prompt of state.prompts) {
+                    const prefixed = `${host.config.id}${constants_js_1.TOOL_SEPARATOR}${serverName}${constants_js_1.TOOL_SEPARATOR}${prompt.name}`;
+                    this.state.promptRoute.set(prefixed, route(prompt.name));
+                }
+                const collisions = this.state.resources.add(host.config.id, serverName, state.resources, state.resourceTemplates);
+                for (const line of collisions)
+                    this.log(`  ${line}`);
+            }
+        }
+        this.state.templateRoutes = this.state.resources.templateEntries();
+    }
+    // --- Refresh on list_changed ---
+    async refreshTools(host, serverName) {
+        const server = host.servers.get(serverName);
+        if (!server || !server.sessionId)
+            return;
+        const target = `${host.config.tunnelUrl}/servers/${serverName}`;
+        const headers = { ...this.state.hostHeaders(host.config), "Mcp-Session-Id": server.sessionId };
+        try {
+            server.tools = await (0, client_js_1.fetchTools)(target, headers, serverName);
+        }
+        catch {
+            return;
+        }
+        this.rebuildToolRoute();
+        this.log(`  [${host.config.id}/${serverName}] tools refreshed: ${server.tools.length}`);
+    }
+    async refreshPrompts(host, serverName) {
+        const server = host.servers.get(serverName);
+        if (!server || !server.sessionId)
+            return;
+        const target = `${host.config.tunnelUrl}/servers/${serverName}`;
+        const headers = { ...this.state.hostHeaders(host.config), "Mcp-Session-Id": server.sessionId };
+        // Strict + preserve-on-failure: a transient HTTP/JSON-RPC blip during
+        // refresh used to wipe the cached prompt list and hide prompts until
+        // another list_changed arrived. Now we only commit the new list when
+        // the fetch actually succeeds.
+        let next;
+        try {
+            next = await (0, client_js_1.fetchPromptsStrict)(target, headers, serverName);
+        }
+        catch (err) {
+            this.log(`  [${host.config.id}/${serverName}] prompts refresh failed (keeping cached ${server.prompts.length}): ${err.message}`);
+            return;
+        }
+        server.prompts = next;
+        this.rebuildToolRoute();
+        this.log(`  [${host.config.id}/${serverName}] prompts refreshed: ${server.prompts.length}`);
+    }
+    async refreshResources(host, serverName) {
+        const server = host.servers.get(serverName);
+        if (!server || !server.sessionId)
+            return;
+        const target = `${host.config.tunnelUrl}/servers/${serverName}`;
+        const headers = { ...this.state.hostHeaders(host.config), "Mcp-Session-Id": server.sessionId };
+        // Refresh both lists in parallel — the SSE notification only says
+        // "something changed", not whether it's the concrete list or the
+        // templates. At this scale a double-fetch is cheaper than waiting on
+        // a sequential chain. Each side is strict + preserve-on-failure so a
+        // transient failure on one list doesn't take the other down with it.
+        const [resourcesResult, templatesResult] = await Promise.allSettled([
+            (0, client_js_1.fetchResourcesStrict)(target, headers, serverName),
+            (0, client_js_1.fetchResourceTemplatesStrict)(target, headers, serverName),
+        ]);
+        let resourcesChanged = false;
+        let templatesChanged = false;
+        if (resourcesResult.status === "fulfilled") {
+            server.resources = resourcesResult.value;
+            resourcesChanged = true;
+        }
+        else {
+            this.log(`  [${host.config.id}/${serverName}] resources refresh failed (keeping cached ${server.resources.length}): ${resourcesResult.reason.message}`);
+        }
+        if (templatesResult.status === "fulfilled") {
+            server.resourceTemplates = templatesResult.value;
+            templatesChanged = true;
+        }
+        else {
+            this.log(`  [${host.config.id}/${serverName}] templates refresh failed (keeping cached ${server.resourceTemplates.length}): ${templatesResult.reason.message}`);
+        }
+        if (!resourcesChanged && !templatesChanged)
+            return;
+        this.rebuildToolRoute();
+        this.log(`  [${host.config.id}/${serverName}] resources refreshed: ${server.resources.length} concrete, ${server.resourceTemplates.length} templates`);
+    }
+}
+exports.DiscoveryRunner = DiscoveryRunner;

package/dist/proxy/pairing/config.d.ts

@@ -0,0 +1,9 @@
+import type { HostConfig, PairingConfig } from "../core/types.js";
+export type PairingConfigValidation = {
+    ok: true;
+    hosts: HostConfig[];
+} | {
+    ok: false;
+    error: string;
+};
+export declare function validatePairingConfig(cfg: PairingConfig): PairingConfigValidation;