@silver886/mcp-proxy 0.1.4 → 0.2.0

package/dist/host/session.js

@@ -0,0 +1,204 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.McpSession = void 0;
+const node_child_process_1 = require("node:child_process");
+const protocol_js_1 = require("../shared/protocol.js");
+const constants_js_1 = require("./constants.js");
+// One McpSession owns a single MCP server child process and matches its
+// JSON-RPC stdout responses to outstanding requests. Notifications (no id)
+// are queued for the SSE poller in HostAgent. Lifetime is tied to the host's
+// session map: HostAgent.sweepIdleSessions reaps after SESSION_IDLE_TIMEOUT_MS,
+// shutdown destroys all entries, and stdin/process errors fail every pending
+// request so callers don't sit through their per-request timeout.
+class McpSession {
+    name;
+    timeout;
+    process;
+    stdoutBuffer = new protocol_js_1.LineBuffer();
+    pending = new Map();
+    notifications = [];
+    notificationsDropped = 0;
+    // Late responses to already-timed-out requests: counted separately so the
+    // drain log can attribute "child answered after we gave up" distinctly
+    // from notification-queue overflow.
+    orphansDropped = 0;
+    destroyed = false;
+    lastActivity = Date.now();
+    constructor(name, config, timeout) {
+        this.name = name;
+        this.timeout = timeout;
+        console.log(`[${name}] Spawning: ${config.command} ${config.args.join(" ")}`);
+        this.process = (0, node_child_process_1.spawn)(config.command, config.args, {
+            stdio: ["pipe", "pipe", "pipe"],
+            env: { ...process.env, ...config.env },
+            shell: config.shell ?? false,
+        });
+        this.process.stdout.on("data", (chunk) => {
+            const lines = this.stdoutBuffer.push(chunk.toString("utf-8"));
+            for (const line of lines) {
+                this.handleLine(line);
+            }
+        });
+        this.process.stderr.on("data", (chunk) => {
+            console.error(`[${name}] stderr: ${chunk.toString("utf-8").trimEnd()}`);
+        });
+        this.process.on("exit", (code) => {
+            console.log(`[${name}] Process exited (code=${code})`);
+            this.destroyed = true;
+            this.failPending(protocol_js_1.ErrorCode.PROCESS_EXITED, `code=${code}`);
+        });
+        this.process.on("error", (err) => {
+            console.error(`[${name}] Process error: ${err.message}`);
+            this.destroyed = true;
+            // Spawn failures (ENOENT, EACCES, …) emit 'error' and may emit
+            // 'exit' only later or not at all. Without failing pending here,
+            // any in-flight request blocks until its per-request timeout.
+            this.failPending(protocol_js_1.ErrorCode.PROCESS_NOT_RUNNING, err.message);
+        });
+        // EPIPE / write-after-close on the child's stdin shows up as an 'error'
+        // on the stream itself, distinct from the process error.
+        this.process.stdin?.on("error", (err) => {
+            console.error(`[${name}] stdin error: ${err.message}`);
+            this.destroyed = true;
+            this.failPending(protocol_js_1.ErrorCode.PROCESS_NOT_RUNNING, `stdin: ${err.message}`);
+        });
+    }
+    failPending(code, detail) {
+        for (const [id, p] of this.pending) {
+            clearTimeout(p.timer);
+            p.resolve((0, protocol_js_1.jsonRpcError)(code, detail, id));
+        }
+        this.pending.clear();
+    }
+    handleLine(line) {
+        let parsed;
+        try {
+            parsed = JSON.parse(line);
+        }
+        catch {
+            return; // Not valid JSON, skip
+        }
+        // Response shape: id present, no method. (Server-initiated requests
+        // also have an id, but they carry a method too and belong on the
+        // notification path so the SSE reader can route them to the bridge.)
+        const isResponse = parsed.id !== undefined && typeof parsed.method !== "string";
+        if (isResponse) {
+            const p = this.pending.get(parsed.id);
+            if (p) {
+                // Matched delivery is real activity, so refresh lastActivity. We
+                // deliberately do NOT refresh it for queued notifications below —
+                // if the SSE reader is gone, an upstream that chatters
+                // notifications would otherwise keep this session alive forever
+                // AND grow the notifications queue. Streams with an active reader
+                // still bump lastActivity via drainNotifications().
+                this.lastActivity = Date.now();
+                clearTimeout(p.timer);
+                this.pending.delete(parsed.id);
+                p.resolve(line);
+                return;
+            }
+            // Orphan: a response that arrived after the request already timed
+            // out (and was answered with REQUEST_TIMEOUT) or carries an id we
+            // don't know. Dropping is the only correct action — without this
+            // it would be queued as a notification, evicting real progress/log
+            // notifications from the bounded ring buffer and adding spurious
+            // SSE traffic. Counted so the next drain can log a single line.
+            this.orphansDropped++;
+            return;
+        }
+        // Notification (no id) or server-initiated request (id + method) —
+        // both belong on the SSE drain path. Bounded ring buffer so a dead/
+        // slow SSE reader can't grow this without limit; drop the oldest
+        // entry (FIFO discipline) and account for the loss.
+        if (this.notifications.length >= constants_js_1.MAX_QUEUED_NOTIFICATIONS) {
+            this.notifications.shift();
+            this.notificationsDropped++;
+        }
+        this.notifications.push(line);
+    }
+    sendRequest(jsonRpcLine) {
+        if (this.destroyed || !this.process.stdin?.writable) {
+            return Promise.resolve((0, protocol_js_1.jsonRpcError)(protocol_js_1.ErrorCode.PROCESS_NOT_RUNNING));
+        }
+        this.lastActivity = Date.now();
+        // Inspect the JSON-RPC shape to decide how to handle the body.
+        let parsed = {};
+        try {
+            parsed = JSON.parse(jsonRpcLine);
+        }
+        catch {
+            // Not parseable — fall through and forward verbatim, no matching.
+        }
+        // Notification: no id. Response from client for a server-initiated
+        // request: has id but no method (and result/error). Both are
+        // fire-and-forget from the host's perspective.
+        const isNotification = parsed.id === undefined;
+        const isResponse = !isNotification && typeof parsed.method !== "string";
+        if (isNotification || isResponse) {
+            try {
+                this.process.stdin.write(jsonRpcLine + "\n");
+            }
+            catch (err) {
+                // Best effort — no caller is waiting on a result here.
+                console.error(`[${this.name}] stdin write failed: ${err.message}`);
+            }
+            return Promise.resolve("");
+        }
+        const id = parsed.id;
+        return new Promise((resolve) => {
+            const timer = setTimeout(() => {
+                this.pending.delete(id);
+                resolve((0, protocol_js_1.jsonRpcError)(protocol_js_1.ErrorCode.REQUEST_TIMEOUT, undefined, id));
+            }, this.timeout);
+            // Register pending FIRST so a 'error' / stdin 'error' handler that
+            // fires synchronously during stdin.write() can find this entry via
+            // failPending() and resolve it. Writing first would leave a tiny
+            // window where the entry isn't yet registered when the listener
+            // drains this.pending, leading to a hung promise.
+            this.pending.set(id, { resolve, timer });
+            try {
+                this.process.stdin.write(jsonRpcLine + "\n");
+            }
+            catch (err) {
+                // Synchronous EPIPE on a half-dead child. The async stdin 'error'
+                // listener may or may not fire for this — fail this entry now so
+                // the caller doesn't sit through the full request timeout.
+                if (this.pending.get(id)?.timer === timer) {
+                    clearTimeout(timer);
+                    this.pending.delete(id);
+                    resolve((0, protocol_js_1.jsonRpcError)(protocol_js_1.ErrorCode.PROCESS_NOT_RUNNING, err.message, id));
+                }
+            }
+        });
+    }
+    drainNotifications() {
+        const n = this.notifications;
+        this.notifications = [];
+        // SSE listener actively reading — also a sign of life.
+        if (n.length > 0)
+            this.lastActivity = Date.now();
+        if (this.notificationsDropped > 0) {
+            console.error(`[${this.name}] dropped ${this.notificationsDropped} queued notification(s) (cap=${constants_js_1.MAX_QUEUED_NOTIFICATIONS}); SSE reader was behind`);
+            this.notificationsDropped = 0;
+        }
+        if (this.orphansDropped > 0) {
+            console.error(`[${this.name}] dropped ${this.orphansDropped} late/unmatched response(s); requests already timed out`);
+            this.orphansDropped = 0;
+        }
+        return n;
+    }
+    get serverName() {
+        return this.name;
+    }
+    get isAlive() {
+        return !this.destroyed;
+    }
+    destroy() {
+        if (this.destroyed)
+            return;
+        this.destroyed = true;
+        if (!this.process.killed)
+            this.process.kill();
+    }
+}
+exports.McpSession = McpSession;

package/dist/host/tunnel.d.ts

@@ -0,0 +1,5 @@
+export interface HostTunnel {
+    url: string;
+    stop: () => void;
+}
+export declare function startTunnel(port: number, onUnexpectedExit?: (reason: string) => void): Promise<HostTunnel>;

package/dist/host/tunnel.js

@@ -0,0 +1,82 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.startTunnel = startTunnel;
+const cloudflared_1 = require("cloudflared");
+// Bound how long we wait for cloudflared to advertise the public URL.
+// Anything slower than this is almost always a configuration / network /
+// account issue we want to surface to the user instead of hanging silently.
+const TUNNEL_STARTUP_TIMEOUT_MS = 30_000;
+// Start a quick cloudflared tunnel and resolve once cloudflared advertises
+// the public URL. Rejects with a descriptive error if cloudflared:
+//   - errors out before becoming ready (binary missing, network unreachable,
+//     account auth failure, etc.),
+//   - exits before advertising a URL,
+//   - or doesn't surface a URL within TUNNEL_STARTUP_TIMEOUT_MS.
+//
+// `onUnexpectedExit` fires only AFTER the URL was advertised — i.e., a
+// runtime failure once the tunnel was healthy. Pre-ready failures already
+// reject the start() promise, so the caller learns about those
+// synchronously and can decide whether to keep the host running locally or
+// shut it down.
+function startTunnel(port, onUnexpectedExit) {
+    const tunnel = cloudflared_1.Tunnel.quick(`http://localhost:${port}`);
+    // Capture the most recent cloudflared error so a subsequent exit/timeout
+    // can include the real cause in the rejection instead of "did not produce
+    // a URL".
+    let lastErrorMessage = null;
+    tunnel.on("error", (err) => {
+        lastErrorMessage = err.message;
+        process.stderr.write(`Tunnel error: ${err.message}\n`);
+    });
+    return new Promise((resolveP, rejectP) => {
+        let settled = false;
+        let urlReady = false;
+        const finishStartup = (fn) => {
+            if (settled)
+                return;
+            settled = true;
+            clearTimeout(startupTimer);
+            fn();
+        };
+        const startupTimer = setTimeout(() => {
+            finishStartup(() => {
+                try {
+                    tunnel.stop();
+                }
+                catch { /* already gone */ }
+                const cause = lastErrorMessage ? ` (last error: ${lastErrorMessage})` : "";
+                rejectP(new Error(`Cloudflare tunnel did not produce a URL within ${TUNNEL_STARTUP_TIMEOUT_MS / 1000}s${cause}`));
+            });
+        }, TUNNEL_STARTUP_TIMEOUT_MS);
+        tunnel.once("url", (url) => {
+            urlReady = true;
+            console.log(`Tunnel URL: ${url}`);
+            finishStartup(() => {
+                resolveP({
+                    url,
+                    stop: () => { try {
+                        tunnel.stop();
+                    }
+                    catch { /* already stopped */ } },
+                });
+            });
+        });
+        tunnel.on("exit", (code, signal) => {
+            const detail = code !== null
+                ? `code ${code}`
+                : signal !== null ? `signal ${signal}` : "unknown reason";
+            const errBit = lastErrorMessage ? ` (${lastErrorMessage})` : "";
+            const reason = `cloudflared exited (${detail})${errBit}`;
+            if (!urlReady) {
+                finishStartup(() => rejectP(new Error(reason)));
+                return;
+            }
+            // URL was already advertised — this is a runtime failure. Surface
+            // through the caller's hook so cli.ts (or whoever owns the lifecycle)
+            // can log it and decide what to do.
+            process.stderr.write(`Tunnel ${reason}\n`);
+            if (onUnexpectedExit)
+                onUnexpectedExit(reason);
+        });
+    });
+}

package/dist/host.js

@@ -0,0 +1,8 @@
+#!/usr/bin/env node
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const cli_js_1 = require("./host/cli.js");
+(0, cli_js_1.main)().catch((err) => {
+    console.error(`Host agent failed to start: ${err.message}`);
+    process.exit(1);
+});

package/dist/proxy/core/constants.d.ts

@@ -0,0 +1,13 @@
+import type { Prompt, Tool } from "./types.js";
+export declare const TOOL_SEPARATOR = "__";
+export declare const TUNNEL_STARTUP_TIMEOUT_MS = 30000;
+export declare const PAIRING_WINDOW_MS: number;
+export declare const UPSTREAM_REQUEST_TIMEOUT_MS = 120000;
+export declare const DISCOVERY_FETCH_TIMEOUT_MS = 15000;
+export declare const TOOL_FORWARD_TIMEOUT_MS: number;
+export declare const SESSION_DELETE_TIMEOUT_MS = 5000;
+export declare const SSE_BACKOFF_INITIAL_MS = 500;
+export declare const SSE_BACKOFF_MAX_MS = 10000;
+export declare const SSE_CONNECT_TIMEOUT_MS = 15000;
+export declare const CONFIGURE_TOOL: Tool;
+export declare const CONFIGURE_PROMPT: Prompt;

package/dist/proxy/core/constants.js

@@ -0,0 +1,39 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CONFIGURE_PROMPT = exports.CONFIGURE_TOOL = exports.SSE_CONNECT_TIMEOUT_MS = exports.SSE_BACKOFF_MAX_MS = exports.SSE_BACKOFF_INITIAL_MS = exports.SESSION_DELETE_TIMEOUT_MS = exports.TOOL_FORWARD_TIMEOUT_MS = exports.DISCOVERY_FETCH_TIMEOUT_MS = exports.UPSTREAM_REQUEST_TIMEOUT_MS = exports.PAIRING_WINDOW_MS = exports.TUNNEL_STARTUP_TIMEOUT_MS = exports.TOOL_SEPARATOR = void 0;
+const protocol_js_1 = require("../../shared/protocol.js");
+exports.TOOL_SEPARATOR = protocol_js_1.TOOL_NAME_SEPARATOR;
+// Pairing-tunnel + bridging budgets.
+exports.TUNNEL_STARTUP_TIMEOUT_MS = 30_000; // bring up cloudflared
+exports.PAIRING_WINDOW_MS = 10 * 60 * 1000; // hard expiry per pairing
+exports.UPSTREAM_REQUEST_TIMEOUT_MS = 120_000; // server→client bridge
+// Per-fetch budgets. Discovery + pairing-forward are short — anything that
+// can't answer the MCP handshake in this many milliseconds is broken enough
+// to surface to the user. Tool calls / prompt gets / resource reads ride a
+// much longer budget because they are user-bound (long shell commands,
+// large filesystem reads, etc.).
+exports.DISCOVERY_FETCH_TIMEOUT_MS = 15_000;
+exports.TOOL_FORWARD_TIMEOUT_MS = 5 * 60 * 1000;
+exports.SESSION_DELETE_TIMEOUT_MS = 5_000;
+exports.SSE_BACKOFF_INITIAL_MS = 500;
+exports.SSE_BACKOFF_MAX_MS = 10_000;
+// Bound the connect+headers phase only. A blackholed tunnel would otherwise
+// leave fetch() waiting on the OS connect timeout (Linux ~127s) before the
+// loop could fall through to backoff, freezing list_changed and server-
+// initiated requests for that session. The streaming body is NOT bounded
+// by this timeout — once headers arrive, the read loop runs under the
+// lifecycle signal alone.
+exports.SSE_CONNECT_TIMEOUT_MS = 15_000;
+// Local tool: always advertised so a client can re-pair without a process
+// restart, even if discovery returned zero upstream tools.
+exports.CONFIGURE_TOOL = {
+    name: "configure",
+    description: "Set up or reconfigure the MCP proxy connection. Returns the setup URL.",
+    inputSchema: { type: "object", properties: {} },
+};
+// Local prompt counterpart. Surfaced even when no upstream prompts exist so
+// an agent can always pull up the setup URL through prompts/get.
+exports.CONFIGURE_PROMPT = {
+    name: "configure",
+    description: "Set up or reconfigure the MCP proxy connection.",
+};

package/dist/proxy/core/fetch-timeout.d.ts

@@ -0,0 +1 @@
+export declare function timeoutSignal(ms: number, parent?: AbortSignal): AbortSignal;

package/dist/proxy/core/fetch-timeout.js

@@ -0,0 +1,15 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.timeoutSignal = timeoutSignal;
+// Combine a per-request timeout with an optional caller signal (e.g., a
+// session-scoped AbortController). AbortSignal.any() is the floor (Node
+// 20.3+); package.json's engines.node enforces it at install time so we
+// don't need a polyfill or a runtime guard here.
+//
+// We use this for every upstream fetch so a wedged tunnel can't pin the
+// proxy indefinitely. Discovery uses DISCOVERY_FETCH_TIMEOUT_MS (15s),
+// runtime tool forwards use TOOL_FORWARD_TIMEOUT_MS (5min); see constants.ts.
+function timeoutSignal(ms, parent) {
+    const t = AbortSignal.timeout(ms);
+    return parent ? AbortSignal.any([parent, t]) : t;
+}

package/dist/proxy/core/state.d.ts

@@ -0,0 +1,25 @@
+import { ResourceRouter } from "../routing/router.js";
+import type { HostConfig, HostState, PairingConfig, ToolRoute } from "./types.js";
+export declare class ProxyState {
+    config: PairingConfig | null;
+    hosts: Map<string, HostState>;
+    toolRoute: Map<string, ToolRoute>;
+    promptRoute: Map<string, ToolRoute>;
+    resources: ResourceRouter;
+    templateRoutes: Array<{
+        uriTemplate: string;
+        route: ToolRoute;
+    }>;
+    clientCapabilities: Record<string, unknown>;
+    clientInfo: {
+        name: string;
+        version: string;
+    };
+    discoveryInflight: Promise<void> | null;
+    configGeneration: number;
+    inflight: Map<string | number, ToolRoute>;
+    progressTokens: Map<string | number, ToolRoute>;
+    hostHeaders(host: HostConfig): Record<string, string>;
+    installConfig(config: PairingConfig, hosts: HostConfig[]): void;
+    resetAfterClose(): void;
+}

package/dist/proxy/core/state.js

@@ -0,0 +1,90 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ProxyState = void 0;
+const protocol_js_1 = require("../../shared/protocol.js");
+const router_js_1 = require("../routing/router.js");
+// Mutable proxy-wide state. Holds the paired config, host map, route maps,
+// and the captured client identity. All long-running components
+// (DiscoveryRunner, Forwarder, RequestHandlers, PairingController) read
+// and write through this single object so the proxy has exactly one source
+// of truth for "what is paired right now". Mutating helpers
+// (`installConfig`, `resetAfterClose`) keep the swap atomic — replacing
+// every Map at once so an in-flight discovery from a prior pairing can
+// detect supersession by comparing identity / generation rather than
+// racing in-place mutations.
+class ProxyState {
+    config = null;
+    hosts = new Map();
+    toolRoute = new Map();
+    promptRoute = new Map();
+    resources = new router_js_1.ResourceRouter();
+    templateRoutes = [];
+    // Client-declared capabilities + info, captured at initialize and
+    // forwarded upstream when we open each MCP session. This is what makes
+    // sampling / elicitation / roots actually work end-to-end: the upstream
+    // server sees the real client's feature flags, not an empty object.
+    // Pairing-time discovery uses these too, so the setup UI sees the same
+    // capability set the runtime path will see.
+    clientCapabilities = {};
+    clientInfo = { name: protocol_js_1.PACKAGE_NAME, version: protocol_js_1.PACKAGE_VERSION };
+    // Single-flight guard: every caller of discoverServers awaits the same
+    // run. Two passes racing would double-spawn upstream sessions and let
+    // their session-id rotations clobber each other's toolRoute writes.
+    discoveryInflight = null;
+    // Supersession token for config/hosts. handleComplete is the sole writer
+    // and bumps this on every swap; long-running readers (discovery, etc.)
+    // snapshot it at the start and refuse to write back to shared state if
+    // the value has moved on.
+    configGeneration = 0;
+    // requestId → route for in-flight agent→server requests. Used to route
+    // notifications/cancelled to the originating session.
+    inflight = new Map();
+    // progressToken → route. Populated when the agent issues a request whose
+    // params._meta carries a progressToken; consulted on
+    // notifications/progress so the proxy forwards the update to the right
+    // upstream session instead of dropping or broadcasting it.
+    progressTokens = new Map();
+    hostHeaders(host) {
+        return {
+            "Content-Type": "application/json",
+            Accept: "application/json, text/event-stream",
+            Authorization: `Bearer ${host.authToken}`,
+        };
+    }
+    // Atomic swap on re-pair. Bumps the generation token, then replaces the
+    // host map with brand-new Maps so any in-flight discovery from a prior
+    // pairing can detect it has been superseded by comparing identity /
+    // token rather than racing in-place mutations. discoveryInflight is
+    // nulled too, otherwise the next discoverServers() call would reuse the
+    // prior pairing's promise and skip its own run.
+    installConfig(config, hosts) {
+        this.configGeneration++;
+        this.config = config;
+        const newHosts = new Map();
+        for (const h of hosts) {
+            newHosts.set(h.id, {
+                config: h,
+                servers: new Map(),
+                sseControllers: new Map(),
+                listed: false,
+                pendingServers: new Set(),
+            });
+        }
+        this.hosts = newHosts;
+        this.toolRoute = new Map();
+        this.promptRoute = new Map();
+        this.resources.clear();
+        this.templateRoutes = [];
+        this.discoveryInflight = null;
+    }
+    // Drop every host/route after sessions have been closed. Called from
+    // PairingController.closeAllSessions on its way out of an old pairing.
+    resetAfterClose() {
+        this.hosts = new Map();
+        this.toolRoute = new Map();
+        this.promptRoute = new Map();
+        this.resources.clear();
+        this.templateRoutes = [];
+    }
+}
+exports.ProxyState = ProxyState;

package/dist/proxy/core/types.d.ts

@@ -0,0 +1,57 @@
+export interface Tool {
+    name: string;
+    description?: string;
+    inputSchema?: unknown;
+}
+export interface Prompt {
+    name: string;
+    description?: string;
+    arguments?: unknown;
+}
+export interface Resource {
+    uri: string;
+    name?: string;
+    description?: string;
+    mimeType?: string;
+}
+export interface ResourceTemplate {
+    uriTemplate: string;
+    name?: string;
+    description?: string;
+    mimeType?: string;
+}
+export interface HostConfig {
+    id: string;
+    tunnelUrl: string;
+    authToken: string;
+    label?: string;
+}
+export interface PairingConfig {
+    hosts: HostConfig[];
+    selectedServers?: string[];
+    selectedTools?: string[];
+    sealed: boolean;
+}
+export interface ServerState {
+    sessionId?: string;
+    tools: Tool[];
+    prompts: Prompt[];
+    resources: Resource[];
+    resourceTemplates: ResourceTemplate[];
+    pendingPrompts: boolean;
+    pendingResources: boolean;
+    pendingResourceTemplates: boolean;
+    subscriptions: Set<string>;
+}
+export interface HostState {
+    config: HostConfig;
+    servers: Map<string, ServerState>;
+    sseControllers: Map<string, AbortController>;
+    listed: boolean;
+    pendingServers: Set<string>;
+}
+export interface ToolRoute {
+    hostId: string;
+    serverName: string;
+    originalName: string;
+}

package/dist/proxy/core/types.js

@@ -0,0 +1,5 @@
+"use strict";
+// Type definitions shared across proxy submodules. Kept in one place so the
+// route map / pairing config / server state contracts are visible without
+// chasing imports through every file.
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/proxy/discovery/client.d.ts

@@ -0,0 +1,42 @@
+import type { Prompt, Resource, ResourceTemplate, Tool } from "../core/types.js";
+interface InitResponse {
+    ok: boolean;
+    status: number;
+    sessionId?: string;
+    body: string;
+}
+export declare function initializeServer(targetUrl: string, baseHeaders: Record<string, string>, name: string, clientCapabilities: Record<string, unknown>, clientInfo: {
+    name: string;
+    version: string;
+}): Promise<InitResponse>;
+export declare function sendInitialized(targetUrl: string, sessionHeaders: Record<string, string>): Promise<void>;
+export declare function fetchTools(targetUrl: string, headers: Record<string, string>, name: string): Promise<Tool[]>;
+export declare function fetchPromptsStrict(targetUrl: string, headers: Record<string, string>, name: string): Promise<Prompt[]>;
+export declare function fetchResourcesStrict(targetUrl: string, headers: Record<string, string>, name: string): Promise<Resource[]>;
+export declare function fetchResourceTemplatesStrict(targetUrl: string, headers: Record<string, string>, name: string): Promise<ResourceTemplate[]>;
+export interface ServerDiscoveryResult {
+    sessionId: string | undefined;
+    tools: Tool[];
+    prompts: Prompt[];
+    resources: Resource[];
+    resourceTemplates: ResourceTemplate[];
+    pendingPrompts: boolean;
+    pendingResources: boolean;
+    pendingResourceTemplates: boolean;
+    capErrors: {
+        prompts?: string;
+        resources?: string;
+        resourceTemplates?: string;
+    };
+}
+export declare class DiscoveryError extends Error {
+    readonly sessionId: string | undefined;
+    constructor(message: string, sessionId: string | undefined);
+}
+export declare function discoverServerCapabilities(targetUrl: string, baseHeaders: Record<string, string>, name: string, clientCapabilities: Record<string, unknown>, clientInfo: {
+    name: string;
+    version: string;
+}, log?: (line: string) => void): Promise<ServerDiscoveryResult>;
+export declare function deleteSession(targetUrl: string, headers: Record<string, string>): Promise<void>;
+export declare function listHostServers(hostUrl: string, headers: Record<string, string>, log?: (line: string) => void): Promise<string[]>;
+export {};