@smithery/sdk 1.6.6 → 1.6.8

package/dist/server/auth/identity.js

@@ -32,7 +32,7 @@ export function createIdentityTokenRouter(options) {
                 return;
             }
             const host = req.get("host") ?? "localhost";
-            const audience = `${req.protocol}://${host}${tokenPath}`;
+            const audience = `https://${host}${tokenPath}`;
             const { payload } = await jwtVerify(assertion, JWKS, {
                 issuer,
                 audience,

package/dist/server/auth/oauth.js

@@ -74,7 +74,7 @@ export function mountOAuth(app, opts) {
         // Identity-only: explicitly mount protected resource metadata endpoint
         app.use("/.well-known/oauth-protected-resource", (req, res, next) => {
             const host = req.get("host") ?? "localhost";
-            const issuerUrl = new URL(`${req.protocol}://${host}`);
+            const issuerUrl = new URL(`https://${host}`);
             const protectedResourceMetadata = {
                 resource: new URL("/mcp", issuerUrl).href,
                 authorization_servers: [issuerUrl.href],
@@ -84,7 +84,7 @@ export function mountOAuth(app, opts) {
         // Identity-only: also advertise minimal AS metadata for discovery per RFC 8414
         app.use("/.well-known/oauth-authorization-server", (req, res, next) => {
             const host = req.get("host") ?? "localhost";
-            const issuerUrl = new URL(`${req.protocol}://${host}`);
+            const issuerUrl = new URL(`https://${host}`);
             const oauthMetadata = {
                 issuer: issuerUrl.href,
                 token_endpoint: new URL(`${basePath}token`, issuerUrl).href,

package/dist/server/logger.d.ts

@@ -0,0 +1,19 @@
+/**
+ * Logger interface for structured logging
+ */
+export interface Logger {
+    info(msg: string, ...args: unknown[]): void;
+    info(obj: Record<string, unknown>, msg?: string, ...args: unknown[]): void;
+    error(msg: string, ...args: unknown[]): void;
+    error(obj: Record<string, unknown>, msg?: string, ...args: unknown[]): void;
+    warn(msg: string, ...args: unknown[]): void;
+    warn(obj: Record<string, unknown>, msg?: string, ...args: unknown[]): void;
+    debug(msg: string, ...args: unknown[]): void;
+    debug(obj: Record<string, unknown>, msg?: string, ...args: unknown[]): void;
+}
+type LogLevel = "debug" | "info" | "warn" | "error";
+/**
+ * Creates a simple console-based logger with pretty formatting
+ */
+export declare function createLogger(logLevel?: LogLevel): Logger;
+export {};

package/dist/server/logger.js

@@ -0,0 +1,76 @@
+import chalk from "chalk";
+/**
+ * Lightweight stringify with depth limiting
+ */
+function stringifyWithDepth(obj, maxDepth = 3) {
+    let depth = 0;
+    const seen = new WeakSet();
+    try {
+        return JSON.stringify(obj, (key, value) => {
+            // Track depth
+            if (key === "")
+                depth = 0;
+            else if (typeof value === "object" && value !== null)
+                depth++;
+            // Depth limit
+            if (depth > maxDepth) {
+                return "[Object]";
+            }
+            // Circular reference check
+            if (typeof value === "object" && value !== null) {
+                if (seen.has(value))
+                    return "[Circular]";
+                seen.add(value);
+            }
+            // Handle special types
+            if (typeof value === "function")
+                return "[Function]";
+            if (typeof value === "bigint")
+                return `${value}n`;
+            if (value instanceof Error)
+                return { name: value.name, message: value.message };
+            if (value instanceof Date)
+                return value.toISOString();
+            return value;
+        }, 2);
+    }
+    catch {
+        return String(obj);
+    }
+}
+/**
+ * Creates a simple console-based logger with pretty formatting
+ */
+export function createLogger(logLevel = "info") {
+    const levels = { debug: 0, info: 1, warn: 2, error: 3 };
+    const currentLevel = levels[logLevel];
+    const formatLog = (level, color, msgOrObj, msg) => {
+        const time = new Date().toISOString().split("T")[1].split(".")[0];
+        const timestamp = chalk.dim(time);
+        const levelStr = color(level);
+        if (typeof msgOrObj === "string") {
+            return `${timestamp} ${levelStr} ${msgOrObj}`;
+        }
+        const message = msg || "";
+        const data = stringifyWithDepth(msgOrObj, 3);
+        return `${timestamp} ${levelStr} ${message}\n${chalk.dim(data)}`;
+    };
+    return {
+        debug: (msgOrObj, msg) => {
+            if (currentLevel <= 0)
+                console.error(formatLog("DEBUG", chalk.cyan, msgOrObj, msg));
+        },
+        info: (msgOrObj, msg) => {
+            if (currentLevel <= 1)
+                console.error(formatLog("INFO", chalk.blue, msgOrObj, msg));
+        },
+        warn: (msgOrObj, msg) => {
+            if (currentLevel <= 2)
+                console.error(formatLog("WARN", chalk.yellow, msgOrObj, msg));
+        },
+        error: (msgOrObj, msg) => {
+            if (currentLevel <= 3)
+                console.error(formatLog("ERROR", chalk.red, msgOrObj, msg));
+        },
+    };
+}

package/dist/server/stateful.d.ts

@@ -4,6 +4,7 @@ import express from "express";
 import type { z } from "zod";
 import type { Server } from "@modelcontextprotocol/sdk/server/index.js";
 import { type SessionStore } from "./session.js";
+import type { Logger } from "./logger.js";
 /**
  * Arguments when we create a new instance of your server
  */
@@ -11,6 +12,7 @@ export interface CreateServerArg<T = Record<string, unknown>> {
     sessionId: string;
     config: T;
     auth?: AuthInfo;
+    logger: Logger;
 }
 export type CreateServerFn<T = Record<string, unknown>> = (arg: CreateServerArg<T>) => Server;
 /**
@@ -29,6 +31,10 @@ export interface StatefulServerOptions<T = Record<string, unknown>> {
      * Express app instance to use (optional)
      */
     app?: express.Application;
+    /**
+     * Log level for the server (default: 'info')
+     */
+    logLevel?: "debug" | "info" | "warn" | "error";
 }
 /**
  * Creates a stateful server for handling MCP requests.

package/dist/server/stateful.js

@@ -5,6 +5,7 @@ import { randomUUID } from "node:crypto";
 import { parseAndValidateConfig } from "../shared/config.js";
 import { zodToJsonSchema } from "zod-to-json-schema";
 import { createLRUStore } from "./session.js";
+import { createLogger } from "./logger.js";
 /**
  * Creates a stateful server for handling MCP requests.
  * For every new session, we invoke createMcpServer to create a new instance of the server.
@@ -16,8 +17,15 @@ export function createStatefulServer(createMcpServer, options) {
     const app = options?.app ?? express();
     app.use("/mcp", express.json());
     const sessionStore = options?.sessionStore ?? createLRUStore();
+    const logger = createLogger(options?.logLevel ?? "info");
     // Handle POST requests for client-to-server communication
     app.post("/mcp", async (req, res) => {
+        // Log incoming MCP request
+        logger.debug({
+            method: req.body.method,
+            id: req.body.id,
+            sessionId: req.headers["mcp-session-id"],
+        }, "MCP Request");
         // Check for existing session ID
         const sessionId = req.headers["mcp-session-id"];
         let transport;
@@ -46,21 +54,24 @@ export function createStatefulServer(createMcpServer, options) {
             const configResult = parseAndValidateConfig(req, options?.schema);
             if (!configResult.ok) {
                 const status = configResult.error.status || 400;
+                logger.error({ error: configResult.error, sessionId: newSessionId }, "Config validation failed");
                 res.status(status).json(configResult.error);
                 return;
             }
             const config = configResult.value;
             try {
+                logger.info({ sessionId: newSessionId }, "Creating new session");
                 const server = createMcpServer({
                     sessionId: newSessionId,
                     config: config,
                     auth: req.auth,
+                    logger,
                 });
                 // Connect to the MCP server
                 await server.connect(transport);
             }
             catch (error) {
-                console.error("Error initializing server:", error);
+                logger.error({ error, sessionId: newSessionId }, "Error initializing server");
                 res.status(500).json({
                     jsonrpc: "2.0",
                     error: {
@@ -74,6 +85,7 @@ export function createStatefulServer(createMcpServer, options) {
         }
         else {
             // Invalid request
+            logger.warn({ sessionId }, "Session not found or expired");
             res.status(400).json({
                 jsonrpc: "2.0",
                 error: {
@@ -86,6 +98,12 @@ export function createStatefulServer(createMcpServer, options) {
         }
         // Handle the request
         await transport.handleRequest(req, res, req.body);
+        // Log successful response
+        logger.debug({
+            method: req.body.method,
+            id: req.body.id,
+            sessionId: req.headers["mcp-session-id"],
+        }, "MCP Response sent");
     });
     // Add .well-known/mcp-config endpoint for configuration discovery
     app.get("/.well-known/mcp-config", (req, res) => {
@@ -124,6 +142,7 @@ export function createStatefulServer(createMcpServer, options) {
     app.delete("/mcp", async (req, res) => {
         const sessionId = req.headers["mcp-session-id"];
         if (!sessionId) {
+            logger.warn("Session termination request missing session ID");
             res.status(400).json({
                 jsonrpc: "2.0",
                 error: {
@@ -136,6 +155,7 @@ export function createStatefulServer(createMcpServer, options) {
         }
         const transport = sessionStore.get(sessionId);
         if (!transport) {
+            logger.warn({ sessionId }, "Session termination failed - not found");
             res.status(404).json({
                 jsonrpc: "2.0",
                 error: {
@@ -148,6 +168,7 @@ export function createStatefulServer(createMcpServer, options) {
         }
         // Close the transport
         transport.close?.();
+        logger.info({ sessionId }, "Session terminated");
         // Acknowledge session termination with 204 No Content
         res.status(204).end();
     });

package/dist/server/stateless.d.ts

@@ -3,12 +3,15 @@ import type { z } from "zod";
 import type { Server } from "@modelcontextprotocol/sdk/server/index.js";
 import type { AuthInfo } from "@modelcontextprotocol/sdk/server/auth/types.js";
 import type { OAuthMountOptions } from "./auth/oauth.js";
+import { type Logger } from "./logger.js";
+export type { Logger } from "./logger.js";
 /**
  * Arguments when we create a stateless server instance
  */
 export interface CreateStatelessServerArg<T = Record<string, unknown>> {
     config: T;
     auth?: AuthInfo;
+    logger: Logger;
 }
 export type CreateStatelessServerFn<T = Record<string, unknown>> = (arg: CreateStatelessServerArg<T>) => Server;
 /**
@@ -24,6 +27,10 @@ export interface StatelessServerOptions<T = Record<string, unknown>> {
      */
     app?: express.Application;
     oauth?: OAuthMountOptions;
+    /**
+     * Log level for the server (default: 'info')
+     */
+    logLevel?: "debug" | "info" | "warn" | "error";
 }
 /**
  * Creates a stateless server for handling MCP requests.

package/dist/server/stateless.js

@@ -2,6 +2,7 @@ import { StreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/
 import express from "express";
 import { parseAndValidateConfig } from "../shared/config.js";
 import { zodToJsonSchema } from "zod-to-json-schema";
+import { createLogger } from "./logger.js";
 /**
  * Creates a stateless server for handling MCP requests.
  * Each request creates a new server instance - no session state is maintained.
@@ -13,6 +14,7 @@ import { zodToJsonSchema } from "zod-to-json-schema";
  */
 export function createStatelessServer(createMcpServer, options) {
     const app = options?.app ?? express();
+    const logger = createLogger(options?.logLevel ?? "info");
     app.use("/mcp", express.json());
     // Handle POST requests for client-to-server communication
     app.post("/mcp", async (req, res) => {
@@ -20,10 +22,17 @@ export function createStatelessServer(createMcpServer, options) {
         // to ensure complete isolation. A single instance would cause request ID collisions
         // when multiple clients connect concurrently.
         try {
+            // Log incoming MCP request
+            logger.debug({
+                method: req.body.method,
+                id: req.body.id,
+                params: req.body.params,
+            }, "MCP Request");
             // Validate config for all requests in stateless mode
             const configResult = parseAndValidateConfig(req, options?.schema);
             if (!configResult.ok) {
                 const status = configResult.error.status || 400;
+                logger.error({ error: configResult.error }, "Config validation failed");
                 res.status(status).json(configResult.error);
                 return;
             }
@@ -32,6 +41,7 @@ export function createStatelessServer(createMcpServer, options) {
             const server = createMcpServer({
                 config,
                 auth: req.auth,
+                logger,
             });
             // Create a new transport for this request (no session management)
             const transport = new StreamableHTTPServerTransport({
@@ -46,9 +56,14 @@ export function createStatelessServer(createMcpServer, options) {
             await server.connect(transport);
             // Handle the request directly
             await transport.handleRequest(req, res, req.body);
+            // Log successful response
+            logger.debug({
+                method: req.body.method,
+                id: req.body.id,
+            }, "MCP Response sent");
         }
         catch (error) {
-            console.error("Error handling MCP request:", error);
+            logger.error({ error }, "Error handling MCP request");
             if (!res.headersSent) {
                 res.status(500).json({
                     jsonrpc: "2.0",

package/dist/shared/config.d.ts

@@ -37,5 +37,6 @@ export declare function parseAndValidateConfig<T = Record<string, unknown>>(req:
         reason: string;
         received: unknown;
     }[];
+    readonly help: "Pass config as URL query params. Example: /mcp?param1=value1&param2=value2";
 }> | import("okay-error").Ok<T>;
 export declare function parseConfigFromQuery(query: Iterable<[string, unknown]>): Record<string, unknown>;

package/dist/shared/config.js

@@ -98,6 +98,7 @@ export function parseAndValidateConfig(req, schema) {
                 instance: req.originalUrl,
                 configSchema: jsonSchema,
                 errors,
+                help: "Pass config as URL query params. Example: /mcp?param1=value1&param2=value2",
             });
         }
         return ok(result.data);

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@smithery/sdk",
-	"version": "1.6.6",
+	"version": "1.6.8",
 	"description": "SDK to develop with Smithery",
 	"type": "module",
 	"main": "./dist/index.js",
@@ -21,7 +21,8 @@
 	"packageManager": "npm@11.4.1",
 	"license": "MIT",
 	"dependencies": {
-		"@modelcontextprotocol/sdk": "^1.18.0",
+		"@modelcontextprotocol/sdk": "^1.18.1",
+		"chalk": "^5.6.2",
 		"express": "^5.1.0",
 		"jose": "^6.1.0",
 		"json-schema": "^0.4.0",