@smithery/sdk 1.5.9 → 1.6.1

package/dist/index.d.ts

@@ -1,7 +1,4 @@
 export * from "./shared/config.js";
 export * from "./shared/patch.js";
-export * from "./client/transport.js";
-export * from "./client/integrations/ai-sdk.js";
-export * from "./client/integrations/wrap-error.js";
 export { createStatefulServer, type StatefulServerOptions, } from "./server/stateful.js";
 export * from "./server/session.js";

package/dist/index.js

@@ -4,10 +4,6 @@
 // Shared utilities
 export * from "./shared/config.js";
 export * from "./shared/patch.js";
-// Client-side helpers
-export * from "./client/transport.js";
-export * from "./client/integrations/ai-sdk.js";
-export * from "./client/integrations/wrap-error.js";
 // Server-side helpers (selective to avoid duplicate type names)
 export { createStatefulServer, } from "./server/stateful.js";
 export * from "./server/session.js";

package/dist/server/index.d.ts

@@ -1,3 +1,4 @@
 export * from "./stateful.js";
 export * from "./stateless.js";
 export * from "./session.js";
+export * from "./oauth.js";

package/dist/server/index.js

@@ -1,3 +1,4 @@
 export * from "./stateful.js";
 export * from "./stateless.js";
 export * from "./session.js";
+export * from "./oauth.js";

package/dist/server/oauth.d.ts

@@ -0,0 +1,14 @@
+import type express from "express";
+import type { OAuthServerProvider } from "@modelcontextprotocol/sdk/server/auth/provider.js";
+import type { Response } from "express";
+/**
+ * OAuth server provider that supports a callback handler.
+ * The callback handler is invoked to catch the OAuth callback from the OAuth provider.
+ */
+export interface CallbackOAuthServerProvider extends OAuthServerProvider {
+    /** Provider-specific callback handler used by the SDK */
+    handleOAuthCallback?: (code: string, state: string | undefined, res: Response) => Promise<URL>;
+    basePath?: string;
+    callbackPath: string;
+}
+export declare function mountOAuth(app: express.Application, provider: CallbackOAuthServerProvider): void;

package/dist/server/oauth.js

@@ -0,0 +1,36 @@
+import { requireBearerAuth } from "@modelcontextprotocol/sdk/server/auth/middleware/bearerAuth.js";
+import { mcpAuthRouter } from "@modelcontextprotocol/sdk/server/auth/router.js";
+export function mountOAuth(app, provider) {
+    // Mount OAuth authorization and token routes with dynamic issuer URL and provider
+    app.use(provider.basePath ?? "/", (req, res, next) => {
+        const host = req.get("host") ?? "localhost";
+        // Issuer URL must be https
+        const issuerUrl = new URL(`https://${host}`);
+        const router = mcpAuthRouter({ provider, issuerUrl });
+        return router(req, res, next);
+    });
+    const callbackHandler = provider.handleOAuthCallback;
+    if (callbackHandler) {
+        // Callback handler
+        app.get(provider.callbackPath, async (req, res) => {
+            const code = typeof req.query.code === "string" ? req.query.code : undefined;
+            const state = typeof req.query.state === "string" ? req.query.state : undefined;
+            if (!code) {
+                res.status(400).send("Invalid request parameters");
+                return;
+            }
+            try {
+                const redirectUrl = await callbackHandler.bind(provider)(code, state, res);
+                res.redirect(redirectUrl.toString());
+            }
+            catch (error) {
+                console.error(error);
+                res.status(500).send("Error during authentication callback");
+            }
+        });
+    }
+    // Bearer protection for all /mcp routes (POST/GET/DELETE)
+    app.use("/mcp", (req, res, next) => {
+        return requireBearerAuth({ verifier: provider })(req, res, next);
+    });
+}

package/dist/server/stateful.d.ts

@@ -1,14 +1,17 @@
 import { StreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
+import type { AuthInfo } from "@modelcontextprotocol/sdk/server/auth/types.js";
 import express from "express";
 import type { z } from "zod";
 import type { Server } from "@modelcontextprotocol/sdk/server/index.js";
 import { type SessionStore } from "./session.js";
+import type { CallbackOAuthServerProvider } from "./oauth.js";
 /**
  * Arguments when we create a new instance of your server
  */
 export interface CreateServerArg<T = Record<string, unknown>> {
     sessionId: string;
     config: T;
+    auth?: AuthInfo;
 }
 export type CreateServerFn<T = Record<string, unknown>> = (arg: CreateServerArg<T>) => Server;
 /**
@@ -27,6 +30,10 @@ export interface StatefulServerOptions<T = Record<string, unknown>> {
      * Express app instance to use (optional)
      */
     app?: express.Application;
+    /**
+     * OAuth provider instance. If provided, OAuth routes and bearer protection are auto-wired.
+     */
+    oauthProvider?: CallbackOAuthServerProvider;
 }
 /**
  * Creates a stateful server for handling MCP requests.

package/dist/server/stateful.js

@@ -5,6 +5,7 @@ import { randomUUID } from "node:crypto";
 import { parseAndValidateConfig } from "../shared/config.js";
 import { zodToJsonSchema } from "zod-to-json-schema";
 import { createLRUStore } from "./session.js";
+import { mountOAuth } from "./oauth.js";
 /**
  * Creates a stateful server for handling MCP requests.
  * For every new session, we invoke createMcpServer to create a new instance of the server.
@@ -14,6 +15,11 @@ import { createLRUStore } from "./session.js";
  */
 export function createStatefulServer(createMcpServer, options) {
     const app = options?.app ?? express();
+    // Auto-wire OAuth routes and bearer protection if configured
+    const oauthProvider = options?.oauthProvider;
+    if (oauthProvider) {
+        mountOAuth(app, oauthProvider);
+    }
     app.use("/mcp", express.json());
     const sessionStore = options?.sessionStore ?? createLRUStore();
     // Handle POST requests for client-to-server communication
@@ -54,6 +60,7 @@ export function createStatefulServer(createMcpServer, options) {
                 const server = createMcpServer({
                     sessionId: newSessionId,
                     config: config,
+                    auth: req.auth,
                 });
                 // Connect to the MCP server
                 await server.connect(transport);

package/dist/server/stateless.d.ts

@@ -1,11 +1,14 @@
 import express from "express";
 import type { z } from "zod";
 import type { Server } from "@modelcontextprotocol/sdk/server/index.js";
+import type { AuthInfo } from "@modelcontextprotocol/sdk/server/auth/types.js";
+import type { CallbackOAuthServerProvider } from "./oauth.js";
 /**
  * Arguments when we create a stateless server instance
  */
 export interface CreateStatelessServerArg<T = Record<string, unknown>> {
     config: T;
+    auth?: AuthInfo;
 }
 export type CreateStatelessServerFn<T = Record<string, unknown>> = (arg: CreateStatelessServerArg<T>) => Server;
 /**
@@ -20,6 +23,10 @@ export interface StatelessServerOptions<T = Record<string, unknown>> {
      * Express app instance to use (optional)
      */
     app?: express.Application;
+    /**
+     * OAuth provider instance. If provided, OAuth routes and bearer protection are auto-wired.
+     */
+    oauthProvider?: CallbackOAuthServerProvider;
 }
 /**
  * Creates a stateless server for handling MCP requests.

package/dist/server/stateless.js

@@ -2,6 +2,7 @@ import { StreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/
 import express from "express";
 import { parseAndValidateConfig } from "../shared/config.js";
 import { zodToJsonSchema } from "zod-to-json-schema";
+import { mountOAuth } from "./oauth.js";
 /**
  * Creates a stateless server for handling MCP requests.
  * Each request creates a new server instance - no session state is maintained.
@@ -13,6 +14,11 @@ import { zodToJsonSchema } from "zod-to-json-schema";
  */
 export function createStatelessServer(createMcpServer, options) {
     const app = options?.app ?? express();
+    // Auto-wire OAuth routes and bearer protection if configured
+    const oauthProvider = options?.oauthProvider;
+    if (oauthProvider) {
+        mountOAuth(app, oauthProvider);
+    }
     app.use("/mcp", express.json());
     // Handle POST requests for client-to-server communication
     app.post("/mcp", async (req, res) => {
@@ -31,6 +37,7 @@ export function createStatelessServer(createMcpServer, options) {
             // Create a fresh server instance for each request
             const server = createMcpServer({
                 config,
+                auth: req.auth,
             });
             // Create a new transport for this request (no session management)
             const transport = new StreamableHTTPServerTransport({

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@smithery/sdk",
-	"version": "1.5.9",
+	"version": "1.6.1",
 	"description": "SDK to develop with Smithery",
 	"type": "module",
 	"main": "./dist/index.js",
@@ -20,14 +20,11 @@
 	},
 	"license": "MIT",
 	"dependencies": {
-		"@anthropic-ai/sdk": "^0.32.1",
-		"@modelcontextprotocol/sdk": "^1.15.0",
-		"ai": "^4.3.15",
+		"@modelcontextprotocol/sdk": "^1.18.0",
 		"express": "^5.1.0",
 		"json-schema": "^0.4.0",
 		"lodash": "^4.17.21",
 		"okay-error": "^1.0.3",
-		"openai": "^4.0.0",
 		"uuid": "^11.0.3",
 		"zod": "^3.23.8",
 		"zod-to-json-schema": "^3.24.1"

package/dist/client/integrations/ai-sdk.d.ts

@@ -1,15 +0,0 @@
-import type { Client } from "@modelcontextprotocol/sdk/client/index.js";
-import { type Tool } from "ai";
-type ToolClient = Pick<Client, "listTools" | "callTool" | "setNotificationHandler">;
-/**
- * Watches the MCP client for tool changes and updates the tools object accordingly.
- * @param client The MCP client to watch
- * @returns A record of tool names to their implementations
- */
-export declare function watchTools(client: ToolClient): Promise<Record<string, Tool>>;
-/**
- * Returns a set of wrapped AI SDK tools from the MCP server.
- * @returns A record of tool names to their implementations
- */
-export declare function listTools(client: ToolClient): Promise<Record<string, Tool>>;
-export {};

package/dist/client/integrations/ai-sdk.js

@@ -1,39 +0,0 @@
-import { ToolListChangedNotificationSchema } from "@modelcontextprotocol/sdk/types.js";
-import { jsonSchema, tool, } from "ai";
-/**
- * Watches the MCP client for tool changes and updates the tools object accordingly.
- * @param client The MCP client to watch
- * @returns A record of tool names to their implementations
- */
-export async function watchTools(client) {
-    const tools = {};
-    client.setNotificationHandler(ToolListChangedNotificationSchema, async () => {
-        Object.assign(tools, await listTools(client));
-    });
-    Object.assign(tools, await listTools(client));
-    return tools;
-}
-/**
- * Returns a set of wrapped AI SDK tools from the MCP server.
- * @returns A record of tool names to their implementations
- */
-export async function listTools(client) {
-    const tools = {};
-    const listToolsResult = await client.listTools();
-    for (const { name, description, inputSchema } of listToolsResult.tools) {
-        const parameters = jsonSchema(inputSchema);
-        tools[name] = tool({
-            description,
-            parameters,
-            execute: async (args, options) => {
-                options?.abortSignal?.throwIfAborted();
-                const result = await client.callTool({
-                    name,
-                    arguments: args,
-                });
-                return result;
-            },
-        });
-    }
-    return tools;
-}

package/dist/client/integrations/llm/anthropic.d.ts

@@ -1,12 +0,0 @@
-import type { Message, MessageParam, Tool } from "@anthropic-ai/sdk/resources/index.js";
-import type { Client } from "@modelcontextprotocol/sdk/client/index.js";
-import type { RequestOptions } from "@modelcontextprotocol/sdk/shared/protocol.js";
-/**
- * Adapt an MCP client so it works seamlessly with Anthropic messages
- */
-export declare class AnthropicChatAdapter {
-    private client;
-    constructor(client: Pick<Client, "callTool" | "listTools">);
-    listTools(): Promise<Tool[]>;
-    callTool(response: Message, options?: RequestOptions): Promise<MessageParam[]>;
-}

package/dist/client/integrations/llm/anthropic.js

@@ -1,48 +0,0 @@
-import { CallToolResultSchema } from "@modelcontextprotocol/sdk/types.js";
-/**
- * Adapt an MCP client so it works seamlessly with Anthropic messages
- */
-export class AnthropicChatAdapter {
-    constructor(client) {
-        this.client = client;
-    }
-    async listTools() {
-        const toolResult = await this.client.listTools();
-        return toolResult.tools.map(tool => ({
-            name: tool.name,
-            description: tool.description,
-            input_schema: tool.inputSchema,
-        }));
-    }
-    // TODO: Support streaming
-    async callTool(response, options) {
-        const content = response.content;
-        if (!content || content.length === 0) {
-            return [];
-        }
-        // Find tool calls in the message content
-        const toolCalls = content.filter(part => part.type === "tool_use");
-        if (toolCalls.length === 0) {
-            return [];
-        }
-        // Run parallel tool call
-        const results = await Promise.all(toolCalls.map(async (toolCall) => {
-            return await this.client.callTool({
-                name: toolCall.name,
-                arguments: toolCall.input,
-            }, CallToolResultSchema, options);
-        }));
-        return [
-            {
-                role: "user",
-                content: results.map((result, index) => ({
-                    tool_use_id: toolCalls[index].id,
-                    type: "tool_result",
-                    // TODO: Find a way to remove the any
-                    content: result.content.filter((part) => part.type === "text"),
-                    is_error: Boolean(result.isError),
-                })),
-            },
-        ];
-    }
-}

package/dist/client/integrations/llm/openai.d.ts

@@ -1,19 +0,0 @@
-import type { OpenAI } from "openai";
-import type { ChatCompletionTool, ChatCompletionToolMessageParam } from "openai/resources/index.js";
-import type { RequestOptions } from "@modelcontextprotocol/sdk/shared/protocol.js";
-import type { Client } from "@modelcontextprotocol/sdk/client/index.js";
-interface OpenAIAdapterOptions {
-    strict?: boolean;
-    truncateDescriptionLength?: number;
-}
-/**
- * Adapt an MCP client so it works seamlessly with OpenAI chat completions
- */
-export declare class OpenAIChatAdapter {
-    private client;
-    private options;
-    constructor(client: Pick<Client, "callTool" | "listTools">, options?: OpenAIAdapterOptions);
-    listTools(): Promise<ChatCompletionTool[]>;
-    callTool(response: OpenAI.Chat.Completions.ChatCompletion, options?: RequestOptions): Promise<ChatCompletionToolMessageParam[]>;
-}
-export {};

package/dist/client/integrations/llm/openai.js

@@ -1,48 +0,0 @@
-import { CallToolResultSchema } from "@modelcontextprotocol/sdk/types.js";
-/**
- * Adapt an MCP client so it works seamlessly with OpenAI chat completions
- */
-export class OpenAIChatAdapter {
-    constructor(client, options = {
-        // Restriction enforced by OpenAI
-        truncateDescriptionLength: 1024,
-    }) {
-        this.client = client;
-        this.options = options;
-    }
-    async listTools() {
-        const toolResult = await this.client.listTools();
-        return toolResult.tools.map(tool => ({
-            type: "function",
-            function: {
-                name: tool.name,
-                description: tool.description?.slice(0, this.options?.truncateDescriptionLength),
-                parameters: tool.inputSchema,
-                strict: this.options?.strict ?? false,
-            },
-        }));
-    }
-    // TODO: Support streaming
-    async callTool(response, options) {
-        if (response.choices.length !== 1) {
-            // TODO: Support `n`
-            throw new Error("Multiple choices not supported");
-        }
-        const choice = response.choices[0];
-        if (!choice?.message?.tool_calls) {
-            return [];
-        }
-        const toolCalls = choice.message.tool_calls;
-        const results = await Promise.all(toolCalls.map(async (toolCall) => {
-            return await this.client.callTool({
-                name: toolCall.function.name,
-                arguments: JSON.parse(toolCall.function.arguments),
-            }, CallToolResultSchema, options);
-        }));
-        return results.map((result, index) => ({
-            role: "tool",
-            content: result.content,
-            tool_call_id: toolCalls[index].id,
-        }));
-    }
-}

package/dist/client/integrations/wrap-error.d.ts

@@ -1,5 +0,0 @@
-import type { Client } from "@modelcontextprotocol/sdk/client/index.js";
-/**
- * Wraps each tool call so any errors get sent back to the LLM instead of throwing
- */
-export declare function wrapError<C extends Pick<Client, "callTool">>(client: C): C;

package/dist/client/integrations/wrap-error.js

@@ -1,24 +0,0 @@
-import { CallToolResultSchema, } from "@modelcontextprotocol/sdk/types.js";
-import { patch } from "../../shared/patch.js";
-/**
- * Wraps each tool call so any errors get sent back to the LLM instead of throwing
- */
-export function wrapError(client) {
-    patch(client, "callTool", callTool => async (params, resultSchema = CallToolResultSchema, options) => {
-        try {
-            return await callTool(params, resultSchema, options);
-        }
-        catch (err) {
-            return {
-                content: [
-                    {
-                        type: "text",
-                        text: JSON.stringify(err, Object.getOwnPropertyNames(err)),
-                    },
-                ],
-                isError: true,
-            };
-        }
-    });
-    return client;
-}

package/dist/client/transport.d.ts

@@ -1,9 +0,0 @@
-import { StreamableHTTPClientTransport } from "@modelcontextprotocol/sdk/client/streamableHttp.js";
-import { type SmitheryUrlOptions } from "../shared/config.js";
-/**
- * Creates a transport to connect to the Smithery server
- * @param baseUrl The URL of the Smithery server (without trailing slash or protocol)
- * @param options Optional configuration object
- * @returns Transport
- */
-export declare function createTransport(baseUrl: string, options?: SmitheryUrlOptions): StreamableHTTPClientTransport;

package/dist/client/transport.js

@@ -1,11 +0,0 @@
-import { StreamableHTTPClientTransport } from "@modelcontextprotocol/sdk/client/streamableHttp.js";
-import { createSmitheryUrl } from "../shared/config.js";
-/**
- * Creates a transport to connect to the Smithery server
- * @param baseUrl The URL of the Smithery server (without trailing slash or protocol)
- * @param options Optional configuration object
- * @returns Transport
- */
-export function createTransport(baseUrl, options) {
-    return new StreamableHTTPClientTransport(createSmitheryUrl(baseUrl, options));
-}