@smithery/sdk 1.6.7 → 1.7.0

package/package.json

@@ -1,12 +1,20 @@
 {
 	"name": "@smithery/sdk",
-	"version": "1.6.7",
+	"version": "1.7.0",
 	"description": "SDK to develop with Smithery",
 	"type": "module",
+	"repository": {
+		"type": "git",
+		"url": "https://github.com/smithery-ai/sdk"
+	},
 	"main": "./dist/index.js",
 	"types": "./dist/index.d.ts",
 	"exports": {
 		".": "./dist/index.js",
+		"./react": "./dist/react/index.js",
+		"./openai": "./dist/openai/index.js",
+		"./server": "./dist/server/index.js",
+		"./helpers": "./dist/helpers/index.js",
 		"./*": "./dist/*"
 	},
 	"files": [
@@ -21,7 +29,8 @@
 	"packageManager": "npm@11.4.1",
 	"license": "MIT",
 	"dependencies": {
-		"@modelcontextprotocol/sdk": "^1.18.0",
+		"@modelcontextprotocol/sdk": "^1.18.1",
+		"chalk": "^5.6.2",
 		"express": "^5.1.0",
 		"jose": "^6.1.0",
 		"json-schema": "^0.4.0",
@@ -37,6 +46,7 @@
 		"@types/json-schema": "^7.0.15",
 		"@types/lodash": "^4.17.17",
 		"@types/node": "^20.0.0",
+		"@types/react": "^18.3.12",
 		"@types/uuid": "^9.0.7",
 		"dotenv": "^16.4.7",
 		"tsx": "^4.19.2",

package/dist/index.d.ts

@@ -1,6 +0,0 @@
-export * from "./shared/config.js";
-export * from "./shared/patch.js";
-export { createStatefulServer, type StatefulServerOptions, } from "./server/stateful.js";
-export * from "./server/session.js";
-export * from "./server/auth/identity.js";
-export * from "./server/auth/oauth.js";

package/dist/index.js

@@ -1,11 +0,0 @@
-// Smithery SDK – Barrel file
-// Central re-exports so that `dist/index.js` & `index.d.ts` are generated.
-// Update this list whenever a new top-level feature is added.
-// Shared utilities
-export * from "./shared/config.js";
-export * from "./shared/patch.js";
-// Server-side helpers (selective to avoid duplicate type names)
-export { createStatefulServer, } from "./server/stateful.js";
-export * from "./server/session.js";
-export * from "./server/auth/identity.js";
-export * from "./server/auth/oauth.js";

package/dist/server/auth/identity.d.ts

@@ -1,18 +0,0 @@
-import type { Application, Request, Router } from "express";
-import { type JWTPayload } from "jose";
-import type { OAuthTokens } from "@modelcontextprotocol/sdk/shared/auth.js";
-export type IdentityJwtClaims = JWTPayload & Record<string, unknown>;
-export interface IdentityHandler {
-    /** Base path to mount metadata and token endpoints. Default: "/" */
-    basePath?: string;
-    /** Expected JWT issuer. Default: "https://server.smithery.ai" */
-    issuer?: string;
-    /** JWKS URL for issuer. Default: "https://server.smithery.ai/.well-known/jwks.json" */
-    jwksUrl?: string;
-    /** Optional explicit token path. Overrides basePath+"token". */
-    tokenPath?: string;
-    /** Handle a JWT grant provided by an external identity provider (i.e., Smithery) and mint access tokens */
-    handleJwtGrant: (claims: IdentityJwtClaims, req: Request) => Promise<OAuthTokens | null>;
-}
-export declare function createIdentityTokenRouter(options: IdentityHandler): Router;
-export declare function mountIdentity(app: Application, options: IdentityHandler): void;

package/dist/server/auth/identity.js

@@ -1,55 +0,0 @@
-import express from "express";
-import { createRemoteJWKSet, jwtVerify } from "jose";
-function normalizeBasePath(basePath) {
-    const value = basePath ?? "/";
-    return value.endsWith("/") ? value : `${value}/`;
-}
-export function createIdentityTokenRouter(options) {
-    const basePath = normalizeBasePath(options.basePath);
-    const issuer = options.issuer ?? "https://server.smithery.ai";
-    const jwksUrl = new URL(options.jwksUrl ?? "https://server.smithery.ai/.well-known/jwks.json");
-    const tokenPath = typeof options.tokenPath === "string" && options.tokenPath.length > 0
-        ? options.tokenPath
-        : `${basePath}token`;
-    // Create JWKS resolver once; jose caches keys internally
-    const JWKS = createRemoteJWKSet(jwksUrl);
-    const tokenRouter = express.Router();
-    // urlencoded parser required for OAuth token requests
-    tokenRouter.use(express.urlencoded({ extended: false }));
-    tokenRouter.post(tokenPath, async (req, res, next) => {
-        try {
-            const grantType = typeof req.body?.grant_type === "string"
-                ? req.body.grant_type
-                : undefined;
-            if (grantType !== "urn:ietf:params:oauth:grant-type:jwt-bearer")
-                return next();
-            const assertion = typeof req.body?.assertion === "string" ? req.body.assertion : undefined;
-            if (!assertion) {
-                res.status(400).json({
-                    error: "invalid_request",
-                    error_description: "Missing assertion",
-                });
-                return;
-            }
-            const host = req.get("host") ?? "localhost";
-            const audience = `https://${host}${tokenPath}`;
-            const { payload } = await jwtVerify(assertion, JWKS, {
-                issuer,
-                audience,
-                algorithms: ["RS256"],
-            });
-            const result = await options.handleJwtGrant(payload, req);
-            if (!result)
-                return next();
-            res.json(result);
-        }
-        catch (error) {
-            console.error(error);
-            res.status(400).json({ error: "invalid_grant" });
-        }
-    });
-    return tokenRouter;
-}
-export function mountIdentity(app, options) {
-    app.use(createIdentityTokenRouter(options));
-}

package/dist/server/auth/oauth.d.ts

@@ -1,21 +0,0 @@
-import type { OAuthServerProvider, OAuthTokenVerifier } from "@modelcontextprotocol/sdk/server/auth/provider.js";
-import type { AuthInfo } from "@modelcontextprotocol/sdk/server/auth/types.js";
-import type { Application, Response } from "express";
-import { type IdentityHandler } from "./identity.js";
-export interface TokenVerifier extends OAuthTokenVerifier {
-    verifyAccessToken: (token: string) => Promise<AuthInfo>;
-    requiredScopes?: string[];
-    resourceMetadataUrl?: string;
-}
-type ProviderVerifier = OAuthServerProvider & TokenVerifier;
-export interface OAuthProvider extends ProviderVerifier {
-    basePath?: string;
-    callbackPath?: string;
-    handleOAuthCallback?: (code: string, state: string | undefined, res: Response) => Promise<URL>;
-}
-export interface OAuthMountOptions {
-    provider?: OAuthProvider | TokenVerifier;
-    identity?: IdentityHandler;
-}
-export declare function mountOAuth(app: Application, opts: OAuthMountOptions): void;
-export {};

package/dist/server/auth/oauth.js

@@ -1,155 +0,0 @@
-import { authorizationHandler } from "@modelcontextprotocol/sdk/server/auth/handlers/authorize.js";
-import { metadataHandler } from "@modelcontextprotocol/sdk/server/auth/handlers/metadata.js";
-import { clientRegistrationHandler } from "@modelcontextprotocol/sdk/server/auth/handlers/register.js";
-import { revocationHandler } from "@modelcontextprotocol/sdk/server/auth/handlers/revoke.js";
-import { tokenHandler } from "@modelcontextprotocol/sdk/server/auth/handlers/token.js";
-import { requireBearerAuth } from "@modelcontextprotocol/sdk/server/auth/middleware/bearerAuth.js";
-import { createOAuthMetadata, mcpAuthMetadataRouter, } from "@modelcontextprotocol/sdk/server/auth/router.js";
-import { mountIdentity } from "./identity.js";
-function isOAuthProvider(provider) {
-    return !!provider && "authorize" in provider;
-}
-export function mountOAuth(app, opts) {
-    // Determine base path once based on OAuth provider or identity
-    const provider = opts.provider;
-    const hasOAuth = isOAuthProvider(provider);
-    const rawBasePath = hasOAuth
-        ? (provider.basePath ?? "/")
-        : (opts.identity?.basePath ?? "/");
-    const basePath = rawBasePath.endsWith("/") ? rawBasePath : `${rawBasePath}/`;
-    // Precompute endpoint pathnames from metadata
-    let authorizationPath;
-    let tokenPath;
-    let registrationPath;
-    let revocationPath;
-    if (isOAuthProvider(provider)) {
-        const placeholderIssuer = new URL("https://localhost");
-        const placeholderBaseUrl = new URL(basePath, placeholderIssuer);
-        const localMetadata = createOAuthMetadata({
-            provider,
-            issuerUrl: placeholderIssuer,
-            baseUrl: placeholderBaseUrl,
-        });
-        authorizationPath = new URL(localMetadata.authorization_endpoint).pathname;
-        tokenPath = new URL(localMetadata.token_endpoint).pathname;
-        if (localMetadata.registration_endpoint) {
-            registrationPath = new URL(localMetadata.registration_endpoint).pathname;
-        }
-        if (localMetadata.revocation_endpoint) {
-            revocationPath = new URL(localMetadata.revocation_endpoint).pathname;
-        }
-    }
-    // Metadata endpoints
-    if (isOAuthProvider(provider)) {
-        // Mount a per-request adapter so issuer/baseUrl reflect Host/Proto
-        app.use((req, res, next) => {
-            if (!req.path.startsWith("/.well-known/"))
-                return next();
-            const host = req.get("host") ?? "localhost";
-            if (req.protocol !== "https") {
-                console.warn("Detected http but using https for issuer URL in OAuth metadata since it will fail otherwise.");
-            }
-            const issuerUrl = new URL(`https://${host}`);
-            const baseUrl = new URL(basePath, issuerUrl);
-            const oauthMetadata = createOAuthMetadata({
-                provider,
-                issuerUrl,
-                baseUrl,
-            });
-            if (opts.identity) {
-                oauthMetadata.grant_types_supported = Array.from(new Set([
-                    ...(oauthMetadata.grant_types_supported ?? []),
-                    "urn:ietf:params:oauth:grant-type:jwt-bearer",
-                ]));
-            }
-            const resourceServerUrl = new URL("/mcp", issuerUrl);
-            const metadataRouter = mcpAuthMetadataRouter({
-                oauthMetadata,
-                resourceServerUrl,
-            });
-            return metadataRouter(req, res, next);
-        });
-    }
-    else if (opts.identity) {
-        // Identity-only: explicitly mount protected resource metadata endpoint
-        app.use("/.well-known/oauth-protected-resource", (req, res, next) => {
-            const host = req.get("host") ?? "localhost";
-            const issuerUrl = new URL(`https://${host}`);
-            const protectedResourceMetadata = {
-                resource: new URL("/mcp", issuerUrl).href,
-                authorization_servers: [issuerUrl.href],
-            };
-            return metadataHandler(protectedResourceMetadata)(req, res, next);
-        });
-        // Identity-only: also advertise minimal AS metadata for discovery per RFC 8414
-        app.use("/.well-known/oauth-authorization-server", (req, res, next) => {
-            const host = req.get("host") ?? "localhost";
-            const issuerUrl = new URL(`https://${host}`);
-            const oauthMetadata = {
-                issuer: issuerUrl.href,
-                token_endpoint: new URL(`${basePath}token`, issuerUrl).href,
-                grant_types_supported: ["urn:ietf:params:oauth:grant-type:jwt-bearer"],
-            };
-            return metadataHandler(oauthMetadata)(req, res, next);
-        });
-    }
-    // Mount identity (JWT bearer grant) first so OAuth token can fall through
-    if (opts.identity) {
-        const identityOptions = {
-            ...opts.identity,
-            basePath,
-            tokenPath: tokenPath ?? `${basePath}token`,
-        };
-        mountIdentity(app, identityOptions);
-    }
-    // Mount OAuth endpoints functionally if an OAuth provider is present
-    if (isOAuthProvider(provider)) {
-        // Authorization endpoint
-        const authPath = authorizationPath ?? `${basePath}authorize`;
-        app.use(authPath, authorizationHandler({ provider }));
-        // Token endpoint (OAuth); identity's token handler will handle JWT grant and call next() otherwise
-        const tokPath = tokenPath ?? `${basePath}token`;
-        app.use(tokPath, tokenHandler({ provider }));
-        // Dynamic client registration if supported
-        if (provider.clientsStore?.registerClient) {
-            const regPath = registrationPath ?? `${basePath}register`;
-            app.use(regPath, clientRegistrationHandler({ clientsStore: provider.clientsStore }));
-        }
-        // Token revocation if supported
-        if (provider.revokeToken) {
-            const revPath = revocationPath ?? `${basePath}revoke`;
-            app.use(revPath, revocationHandler({ provider }));
-        }
-        // Optional OAuth callback
-        const callbackHandler = provider.handleOAuthCallback?.bind(provider);
-        if (callbackHandler) {
-            const callbackPath = provider.callbackPath ?? "/callback";
-            app.get(callbackPath, async (req, res) => {
-                const code = typeof req.query.code === "string" ? req.query.code : undefined;
-                const state = typeof req.query.state === "string" ? req.query.state : undefined;
-                if (!code) {
-                    res.status(400).send("Invalid request parameters");
-                    return;
-                }
-                try {
-                    const redirectUrl = await callbackHandler(code, state, res);
-                    res.redirect(redirectUrl.toString());
-                }
-                catch (error) {
-                    console.error(error);
-                    res.status(500).send("Error during authentication callback");
-                }
-            });
-        }
-    }
-    // Protect MCP resource with bearer auth if a verifier/provider is present
-    if (provider) {
-        app.use("/mcp", (req, res, next) => {
-            return requireBearerAuth({
-                verifier: provider,
-                requiredScopes: provider.requiredScopes,
-                resourceMetadataUrl: provider.resourceMetadataUrl,
-            })(req, res, next);
-        });
-    }
-}

package/dist/server/index.d.ts

@@ -1,5 +0,0 @@
-export * from "./stateful.js";
-export * from "./stateless.js";
-export * from "./session.js";
-export * from "./auth/oauth.js";
-export * from "./auth/identity.js";

package/dist/server/index.js

@@ -1,5 +0,0 @@
-export * from "./stateful.js";
-export * from "./stateless.js";
-export * from "./session.js";
-export * from "./auth/oauth.js";
-export * from "./auth/identity.js";

package/dist/server/session.d.ts

@@ -1,17 +0,0 @@
-import type { Transport } from "@modelcontextprotocol/sdk/shared/transport.js";
-export interface SessionStore<T extends Transport> {
-    /** return existing transport (or `undefined`) */
-    get(id: string): T | undefined;
-    /** insert / update */
-    set(id: string, t: T): void;
-    /** optional - explicit eviction */
-    delete?(id: string): void;
-}
-/**
- * Minimal Map‑based LRU implementation that fulfils {@link SessionStore}.
- * Keeps at most `max` transports; upon insert, the least‑recently‑used entry
- * (oldest insertion order) is removed and the evicted transport is closed.
- *
- * @param max  maximum number of sessions to retain (default = 1000)
- */
-export declare const createLRUStore: <T extends Transport>(max?: number) => SessionStore<T>;

package/dist/server/session.js

@@ -1,36 +0,0 @@
-/**
- * Minimal Map‑based LRU implementation that fulfils {@link SessionStore}.
- * Keeps at most `max` transports; upon insert, the least‑recently‑used entry
- * (oldest insertion order) is removed and the evicted transport is closed.
- *
- * @param max  maximum number of sessions to retain (default = 1000)
- */
-export const createLRUStore = (max = 1000) => {
-    // ECMA‑262 §23.1.3.13 - the order of keys in a Map object is the order of insertion; operations that remove a key drop it from that order, and set appends when the key is new or has just been removed.
-    const cache = new Map();
-    return {
-        get: id => {
-            const t = cache.get(id);
-            if (!t)
-                return undefined;
-            // refresh position
-            cache.delete(id);
-            cache.set(id, t);
-            return t;
-        },
-        set: (id, transport) => {
-            if (cache.has(id)) {
-                // key already present - refresh position
-                cache.delete(id);
-            }
-            else if (cache.size >= max) {
-                // evict oldest entry (first in insertion order)
-                const [lruId, lruTransport] = cache.entries().next().value;
-                lruTransport.close?.();
-                cache.delete(lruId);
-            }
-            cache.set(id, transport);
-        },
-        delete: id => cache.delete(id),
-    };
-};

package/dist/server/stateful.d.ts

@@ -1,42 +0,0 @@
-import { StreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
-import type { AuthInfo } from "@modelcontextprotocol/sdk/server/auth/types.js";
-import express from "express";
-import type { z } from "zod";
-import type { Server } from "@modelcontextprotocol/sdk/server/index.js";
-import { type SessionStore } from "./session.js";
-/**
- * Arguments when we create a new instance of your server
- */
-export interface CreateServerArg<T = Record<string, unknown>> {
-    sessionId: string;
-    config: T;
-    auth?: AuthInfo;
-}
-export type CreateServerFn<T = Record<string, unknown>> = (arg: CreateServerArg<T>) => Server;
-/**
- * Configuration options for the stateful server
- */
-export interface StatefulServerOptions<T = Record<string, unknown>> {
-    /**
-     * Session store to use for managing active sessions
-     */
-    sessionStore?: SessionStore<StreamableHTTPServerTransport>;
-    /**
-     * Zod schema for config validation
-     */
-    schema?: z.ZodSchema<T>;
-    /**
-     * Express app instance to use (optional)
-     */
-    app?: express.Application;
-}
-/**
- * Creates a stateful server for handling MCP requests.
- * For every new session, we invoke createMcpServer to create a new instance of the server.
- * @param createMcpServer Function to create an MCP server
- * @param options Configuration options including optional schema validation and Express app
- * @returns Express app
- */
-export declare function createStatefulServer<T = Record<string, unknown>>(createMcpServer: CreateServerFn<T>, options?: StatefulServerOptions<T>): {
-    app: express.Application;
-};

package/dist/server/stateful.js

@@ -1,155 +0,0 @@
-import { StreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
-import { isInitializeRequest } from "@modelcontextprotocol/sdk/types.js";
-import express from "express";
-import { randomUUID } from "node:crypto";
-import { parseAndValidateConfig } from "../shared/config.js";
-import { zodToJsonSchema } from "zod-to-json-schema";
-import { createLRUStore } from "./session.js";
-/**
- * Creates a stateful server for handling MCP requests.
- * For every new session, we invoke createMcpServer to create a new instance of the server.
- * @param createMcpServer Function to create an MCP server
- * @param options Configuration options including optional schema validation and Express app
- * @returns Express app
- */
-export function createStatefulServer(createMcpServer, options) {
-    const app = options?.app ?? express();
-    app.use("/mcp", express.json());
-    const sessionStore = options?.sessionStore ?? createLRUStore();
-    // Handle POST requests for client-to-server communication
-    app.post("/mcp", async (req, res) => {
-        // Check for existing session ID
-        const sessionId = req.headers["mcp-session-id"];
-        let transport;
-        if (sessionId && sessionStore.get(sessionId)) {
-            // Reuse existing transport
-            // biome-ignore lint/style/noNonNullAssertion: Not possible
-            transport = sessionStore.get(sessionId);
-        }
-        else if (!sessionId && isInitializeRequest(req.body)) {
-            // New initialization request
-            const newSessionId = randomUUID();
-            transport = new StreamableHTTPServerTransport({
-                sessionIdGenerator: () => newSessionId,
-                onsessioninitialized: sessionId => {
-                    // Store the transport by session ID
-                    sessionStore.set(sessionId, transport);
-                },
-            });
-            // Clean up transport when closed
-            transport.onclose = () => {
-                if (transport.sessionId) {
-                    sessionStore.delete?.(transport.sessionId);
-                }
-            };
-            // New session - validate config
-            const configResult = parseAndValidateConfig(req, options?.schema);
-            if (!configResult.ok) {
-                const status = configResult.error.status || 400;
-                res.status(status).json(configResult.error);
-                return;
-            }
-            const config = configResult.value;
-            try {
-                const server = createMcpServer({
-                    sessionId: newSessionId,
-                    config: config,
-                    auth: req.auth,
-                });
-                // Connect to the MCP server
-                await server.connect(transport);
-            }
-            catch (error) {
-                console.error("Error initializing server:", error);
-                res.status(500).json({
-                    jsonrpc: "2.0",
-                    error: {
-                        code: -32603,
-                        message: "Error initializing server.",
-                    },
-                    id: null,
-                });
-                return;
-            }
-        }
-        else {
-            // Invalid request
-            res.status(400).json({
-                jsonrpc: "2.0",
-                error: {
-                    code: -32000,
-                    message: "Session not found or expired",
-                },
-                id: null,
-            });
-            return;
-        }
-        // Handle the request
-        await transport.handleRequest(req, res, req.body);
-    });
-    // Add .well-known/mcp-config endpoint for configuration discovery
-    app.get("/.well-known/mcp-config", (req, res) => {
-        // Set proper content type for JSON Schema
-        res.set("Content-Type", "application/schema+json; charset=utf-8");
-        const baseSchema = options?.schema
-            ? zodToJsonSchema(options.schema)
-            : {
-                type: "object",
-                properties: {},
-                required: [],
-            };
-        const configSchema = {
-            $schema: "https://json-schema.org/draft/2020-12/schema",
-            $id: `${req.protocol}://${req.get("host")}/.well-known/mcp-config`,
-            title: "MCP Session Configuration",
-            description: "Schema for the /mcp endpoint configuration",
-            "x-query-style": "dot+bracket",
-            ...baseSchema,
-        };
-        res.json(configSchema);
-    });
-    // Handle GET requests for server-to-client notifications via SSE
-    app.get("/mcp", async (req, res) => {
-        const sessionId = req.headers["mcp-session-id"];
-        if (!sessionId || !sessionStore.get(sessionId)) {
-            res.status(400).send("Invalid or expired session ID");
-            return;
-        }
-        // biome-ignore lint/style/noNonNullAssertion: Not possible
-        const transport = sessionStore.get(sessionId);
-        await transport.handleRequest(req, res);
-    });
-    // Handle DELETE requests for session termination
-    // https://modelcontextprotocol.io/specification/2025-03-26/basic/transports#session-management
-    app.delete("/mcp", async (req, res) => {
-        const sessionId = req.headers["mcp-session-id"];
-        if (!sessionId) {
-            res.status(400).json({
-                jsonrpc: "2.0",
-                error: {
-                    code: -32600,
-                    message: "Missing mcp-session-id header",
-                },
-                id: null,
-            });
-            return;
-        }
-        const transport = sessionStore.get(sessionId);
-        if (!transport) {
-            res.status(404).json({
-                jsonrpc: "2.0",
-                error: {
-                    code: -32000,
-                    message: "Session not found or expired",
-                },
-                id: null,
-            });
-            return;
-        }
-        // Close the transport
-        transport.close?.();
-        // Acknowledge session termination with 204 No Content
-        res.status(204).end();
-    });
-    return { app };
-}

package/dist/server/stateless.d.ts

@@ -1,39 +0,0 @@
-import express from "express";
-import type { z } from "zod";
-import type { Server } from "@modelcontextprotocol/sdk/server/index.js";
-import type { AuthInfo } from "@modelcontextprotocol/sdk/server/auth/types.js";
-import type { OAuthMountOptions } from "./auth/oauth.js";
-/**
- * Arguments when we create a stateless server instance
- */
-export interface CreateStatelessServerArg<T = Record<string, unknown>> {
-    config: T;
-    auth?: AuthInfo;
-}
-export type CreateStatelessServerFn<T = Record<string, unknown>> = (arg: CreateStatelessServerArg<T>) => Server;
-/**
- * Configuration options for the stateless server
- */
-export interface StatelessServerOptions<T = Record<string, unknown>> {
-    /**
-     * Zod schema for config validation
-     */
-    schema?: z.ZodSchema<T>;
-    /**
-     * Express app instance to use (optional)
-     */
-    app?: express.Application;
-    oauth?: OAuthMountOptions;
-}
-/**
- * Creates a stateless server for handling MCP requests.
- * Each request creates a new server instance - no session state is maintained.
- * This is ideal for stateless API integrations and serverless environments.
- *
- * @param createMcpServer Function to create an MCP server
- * @param options Configuration options including optional schema validation and Express app
- * @returns Express app
- */
-export declare function createStatelessServer<T = Record<string, unknown>>(createMcpServer: CreateStatelessServerFn<T>, options?: StatelessServerOptions<T>): {
-    app: express.Application;
-};

package/dist/server/stateless.js

@@ -1,108 +0,0 @@
-import { StreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
-import express from "express";
-import { parseAndValidateConfig } from "../shared/config.js";
-import { zodToJsonSchema } from "zod-to-json-schema";
-/**
- * Creates a stateless server for handling MCP requests.
- * Each request creates a new server instance - no session state is maintained.
- * This is ideal for stateless API integrations and serverless environments.
- *
- * @param createMcpServer Function to create an MCP server
- * @param options Configuration options including optional schema validation and Express app
- * @returns Express app
- */
-export function createStatelessServer(createMcpServer, options) {
-    const app = options?.app ?? express();
-    app.use("/mcp", express.json());
-    // Handle POST requests for client-to-server communication
-    app.post("/mcp", async (req, res) => {
-        // In stateless mode, create a new instance of transport and server for each request
-        // to ensure complete isolation. A single instance would cause request ID collisions
-        // when multiple clients connect concurrently.
-        try {
-            // Validate config for all requests in stateless mode
-            const configResult = parseAndValidateConfig(req, options?.schema);
-            if (!configResult.ok) {
-                const status = configResult.error.status || 400;
-                res.status(status).json(configResult.error);
-                return;
-            }
-            const config = configResult.value;
-            // Create a fresh server instance for each request
-            const server = createMcpServer({
-                config,
-                auth: req.auth,
-            });
-            // Create a new transport for this request (no session management)
-            const transport = new StreamableHTTPServerTransport({
-                sessionIdGenerator: undefined,
-            });
-            // Clean up resources when request closes
-            res.on("close", () => {
-                transport.close();
-                server.close();
-            });
-            // Connect to the MCP server
-            await server.connect(transport);
-            // Handle the request directly
-            await transport.handleRequest(req, res, req.body);
-        }
-        catch (error) {
-            console.error("Error handling MCP request:", error);
-            if (!res.headersSent) {
-                res.status(500).json({
-                    jsonrpc: "2.0",
-                    error: {
-                        code: -32603,
-                        message: "Internal server error",
-                    },
-                    id: null,
-                });
-            }
-        }
-    });
-    // SSE notifications not supported in stateless mode
-    app.get("/mcp", async (_req, res) => {
-        res.status(405).json({
-            jsonrpc: "2.0",
-            error: {
-                code: -32000,
-                message: "Method not allowed.",
-            },
-            id: null,
-        });
-    });
-    // Session termination not needed in stateless mode
-    app.delete("/mcp", async (_req, res) => {
-        res.status(405).json({
-            jsonrpc: "2.0",
-            error: {
-                code: -32000,
-                message: "Method not allowed.",
-            },
-            id: null,
-        });
-    });
-    // Add .well-known/mcp-config endpoint for configuration discovery
-    app.get("/.well-known/mcp-config", (req, res) => {
-        // Set proper content type for JSON Schema
-        res.set("Content-Type", "application/schema+json; charset=utf-8");
-        const baseSchema = options?.schema
-            ? zodToJsonSchema(options.schema)
-            : {
-                type: "object",
-                properties: {},
-                required: [],
-            };
-        const configSchema = {
-            $schema: "https://json-schema.org/draft/2020-12/schema",
-            $id: `${req.protocol}://${req.get("host")}/.well-known/mcp-config`,
-            title: "MCP Session Configuration",
-            description: "Schema for the /mcp endpoint configuration",
-            "x-query-style": "dot+bracket",
-            ...baseSchema,
-        };
-        res.json(configSchema);
-    });
-    return { app };
-}

package/dist/shared/config.d.ts

@@ -1,41 +0,0 @@
-import type { Request as ExpressRequest } from "express";
-import type { z } from "zod";
-export interface SmitheryUrlOptions {
-    apiKey?: string;
-    profile?: string;
-    config?: object;
-}
-export declare function appendConfigAsDotParams(url: URL, config: unknown): void;
-/**
- * Creates a URL to connect to the Smithery MCP server.
- * @param baseUrl The base URL of the Smithery server
- * @param options Optional configuration object
- * @returns A URL with config encoded using dot-notation query params (e.g. model.name=gpt-4&debug=true)
- */
-export declare function createSmitheryUrl(baseUrl: string, options?: SmitheryUrlOptions): URL;
-/**
- * Parses and validates config from an Express request with optional Zod schema validation
- * Supports dot-notation config parameters (e.g., foo=bar, a.b=c)
- * @param req The express request
- * @param schema Optional Zod schema for validation
- * @returns Result with either parsed data or error response
- */
-export declare function parseAndValidateConfig<T = Record<string, unknown>>(req: ExpressRequest, schema?: z.ZodSchema<T>): import("okay-error").Err<{
-    readonly title: "Invalid configuration parameters";
-    readonly status: 422;
-    readonly detail: "One or more config parameters are invalid.";
-    readonly instance: string;
-    readonly configSchema: import("zod-to-json-schema").JsonSchema7Type & {
-        $schema?: string | undefined;
-        definitions?: {
-            [key: string]: import("zod-to-json-schema").JsonSchema7Type;
-        } | undefined;
-    };
-    readonly errors: {
-        param: string;
-        pointer: string;
-        reason: string;
-        received: unknown;
-    }[];
-}> | import("okay-error").Ok<T>;
-export declare function parseConfigFromQuery(query: Iterable<[string, unknown]>): Record<string, unknown>;

package/dist/shared/config.js

@@ -1,132 +0,0 @@
-import _ from "lodash";
-import { err, ok } from "okay-error";
-import { zodToJsonSchema } from "zod-to-json-schema";
-function isPlainObject(value) {
-    return value !== null && typeof value === "object" && !Array.isArray(value);
-}
-export function appendConfigAsDotParams(url, config) {
-    function add(pathParts, value) {
-        if (Array.isArray(value)) {
-            for (let index = 0; index < value.length; index++) {
-                add([...pathParts, String(index)], value[index]);
-            }
-            return;
-        }
-        if (isPlainObject(value)) {
-            for (const [key, nested] of Object.entries(value)) {
-                add([...pathParts, key], nested);
-            }
-            return;
-        }
-        const key = pathParts.join(".");
-        let stringValue;
-        switch (typeof value) {
-            case "string":
-                stringValue = value;
-                break;
-            case "number":
-            case "boolean":
-                stringValue = String(value);
-                break;
-            default:
-                stringValue = JSON.stringify(value);
-        }
-        url.searchParams.set(key, stringValue);
-    }
-    if (isPlainObject(config)) {
-        for (const [key, value] of Object.entries(config)) {
-            add([key], value);
-        }
-    }
-}
-/**
- * Creates a URL to connect to the Smithery MCP server.
- * @param baseUrl The base URL of the Smithery server
- * @param options Optional configuration object
- * @returns A URL with config encoded using dot-notation query params (e.g. model.name=gpt-4&debug=true)
- */
-export function createSmitheryUrl(baseUrl, options) {
-    const url = new URL(`${baseUrl}/mcp`);
-    if (options?.config) {
-        appendConfigAsDotParams(url, options.config);
-    }
-    if (options?.apiKey) {
-        url.searchParams.set("api_key", options.apiKey);
-    }
-    if (options?.profile) {
-        url.searchParams.set("profile", options.profile);
-    }
-    return url;
-}
-/**
- * Parses and validates config from an Express request with optional Zod schema validation
- * Supports dot-notation config parameters (e.g., foo=bar, a.b=c)
- * @param req The express request
- * @param schema Optional Zod schema for validation
- * @returns Result with either parsed data or error response
- */
-export function parseAndValidateConfig(req, schema) {
-    const config = parseConfigFromQuery(Object.entries(req.query));
-    // Validate config against schema if provided
-    if (schema) {
-        const result = schema.safeParse(config);
-        if (!result.success) {
-            const jsonSchema = zodToJsonSchema(schema);
-            const errors = result.error.issues.map(issue => {
-                // Safely traverse the config object to get the received value
-                let received = config;
-                for (const key of issue.path) {
-                    if (received && typeof received === "object" && key in received) {
-                        received = received[key];
-                    }
-                    else {
-                        received = undefined;
-                        break;
-                    }
-                }
-                return {
-                    param: issue.path.join(".") || "root",
-                    pointer: `/${issue.path.join("/")}`,
-                    reason: issue.message,
-                    received,
-                };
-            });
-            return err({
-                title: "Invalid configuration parameters",
-                status: 422,
-                detail: "One or more config parameters are invalid.",
-                instance: req.originalUrl,
-                configSchema: jsonSchema,
-                errors,
-            });
-        }
-        return ok(result.data);
-    }
-    return ok(config);
-}
-// Process dot-notation config parameters from query parameters (foo=bar, a.b=c)
-// This allows URL params like ?server.host=localhost&server.port=8080&debug=true
-export function parseConfigFromQuery(query) {
-    const config = {};
-    for (const [key, value] of query) {
-        // Skip reserved parameters
-        if (key === "api_key" || key === "profile")
-            continue;
-        const pathParts = key.split(".");
-        // Handle array values from Express query parsing
-        const rawValue = Array.isArray(value) ? value[0] : value;
-        if (typeof rawValue !== "string")
-            continue;
-        // Try to parse value as JSON (for booleans, numbers, objects)
-        let parsedValue = rawValue;
-        try {
-            parsedValue = JSON.parse(rawValue);
-        }
-        catch {
-            // If parsing fails, use the raw string value
-        }
-        // Use lodash's set method to handle nested paths
-        _.set(config, pathParts, parsedValue);
-    }
-    return config;
-}

package/dist/shared/patch.d.ts

@@ -1,12 +0,0 @@
-/**
- * Patches a function on an object
- * @param obj
- * @param key
- * @param patcher
- */
-export declare function patch<T extends {
-    [P in K]: (...args: any[]) => any;
-}, K extends keyof T & string>(obj: T, key: K, patcher: (fn: T[K]) => T[K]): void;
-export declare function patch<T extends {
-    [P in K]?: (...args: any[]) => any;
-}, K extends keyof T & string>(obj: T, key: K, patcher: (fn?: T[K]) => T[K]): void;

package/dist/shared/patch.js

@@ -1,12 +0,0 @@
-/**
- * Patches a function on an object
- * @param obj
- * @param key
- * @param patcher
- */
-// Unified implementation (not type-checked by callers)
-export function patch(obj, key, patcher) {
-    // If the property is actually a function, bind it; otherwise undefined
-    const original = typeof obj[key] === "function" ? obj[key].bind(obj) : undefined;
-    obj[key] = patcher(original);
-}