@smithery/sdk 3.0.1 → 4.0.1

package/README.md

@@ -1,49 +1,6 @@
-# Smithery Typescript SDK
+# Smithery TypeScript SDK
 
-The SDK provides files for you to easily setup Smithery-compatible MCP servers and clients.
+The SDK provides the types and bundle manifest schemas for building and deploying MCP servers on Smithery.
 
-## Installation
-
-```bash
-npm install @smithery/sdk @modelcontextprotocol/sdk
-```
-
-## Usage
-
-### Spawning a Server
-
-Here's a minimal example of how to use the SDK to spawn an MCP server.
-
-```typescript
-import { createStatelessServer } from '@smithery/sdk/server/stateless.js'
-import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js"
-
-// Create your MCP server function
-function createMcpServer({ config }) {
-  // Create and return a server instance
-  // https://github.com/modelcontextprotocol/typescript-sdk?tab=readme-ov-file#core-concepts
-  const mcpServer = new McpServer({
-    name: "My App",
-    version: "1.0.0"
-  })
-
-  // ...
-  
-  return mcpServer.server
-}
-
-// Create the stateless server using your MCP server function.
-createStatelessServer(createMcpServer)
-  .app
-  .listen(process.env.PORT || 3000)
-```
-
-This example:
-1. Creates a stateless server that handles MCP requests
-2. Defines a function to create MCP server instances for each session
-3. Starts the Express server on the specified port. You must listen on the PORT env var if provided for the deployment to work on Smithery.
-
-#### Stateful Server
-Most API integrations are stateless.
-
-However, if your MCP server needs to persist state between calls (i.e., remembering previous interactions in a single chat conversation), you can use the `createStatefulServer` function instead.
+For getting started, see the official documentation:
+[https://smithery.ai/docs/getting_started/quickstart_build_typescript](https://smithery.ai/docs/getting_started/quickstart_build_typescript)

package/dist/bundle/config.d.ts

@@ -0,0 +1,16 @@
+/**
+ * Config - loaded from smithery.config.ts
+ */
+export interface Config {
+    build?: {
+        /**
+         * Path to the server's entry point.
+         * Default: detected from package.json "module" or "main"
+         */
+        entry?: string;
+        /**
+         * Optional esbuild overrides for bundling
+         */
+        esbuild?: Record<string, unknown>;
+    };
+}

package/dist/bundle/config.js

@@ -0,0 +1 @@
+export {};

package/dist/bundle/deploy-payload.d.ts

@@ -0,0 +1,120 @@
+import { z } from "zod";
+export declare const DeployPayloadSchema: z.ZodDiscriminatedUnion<[z.ZodObject<{
+    type: z.ZodLiteral<"hosted">;
+    stateful: z.ZodDefault<z.ZodBoolean>;
+    configSchema: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+    serverCard: z.ZodOptional<z.ZodObject<{
+        serverInfo: z.ZodObject<{
+            version: z.ZodString;
+            websiteUrl: z.ZodOptional<z.ZodString>;
+            description: z.ZodOptional<z.ZodString>;
+            icons: z.ZodOptional<z.ZodArray<z.ZodObject<{
+                src: z.ZodString;
+                mimeType: z.ZodOptional<z.ZodString>;
+                sizes: z.ZodOptional<z.ZodArray<z.ZodString>>;
+                theme: z.ZodOptional<z.ZodEnum<{
+                    light: "light";
+                    dark: "dark";
+                }>>;
+            }, z.core.$strip>>>;
+            name: z.ZodString;
+            title: z.ZodOptional<z.ZodString>;
+        }, z.core.$strip>;
+        authentication: z.ZodOptional<z.ZodObject<{
+            required: z.ZodBoolean;
+            schemes: z.ZodArray<z.ZodString>;
+        }, z.core.$strip>>;
+        tools: z.ZodOptional<z.ZodArray<z.ZodObject<{
+            description: z.ZodOptional<z.ZodString>;
+            inputSchema: z.ZodObject<{
+                type: z.ZodLiteral<"object">;
+                properties: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodCustom<object, object>>>;
+                required: z.ZodOptional<z.ZodArray<z.ZodString>>;
+            }, z.core.$catchall<z.ZodUnknown>>;
+            outputSchema: z.ZodOptional<z.ZodObject<{
+                type: z.ZodLiteral<"object">;
+                properties: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodCustom<object, object>>>;
+                required: z.ZodOptional<z.ZodArray<z.ZodString>>;
+            }, z.core.$catchall<z.ZodUnknown>>>;
+            annotations: z.ZodOptional<z.ZodObject<{
+                title: z.ZodOptional<z.ZodString>;
+                readOnlyHint: z.ZodOptional<z.ZodBoolean>;
+                destructiveHint: z.ZodOptional<z.ZodBoolean>;
+                idempotentHint: z.ZodOptional<z.ZodBoolean>;
+                openWorldHint: z.ZodOptional<z.ZodBoolean>;
+            }, z.core.$strip>>;
+            execution: z.ZodOptional<z.ZodObject<{
+                taskSupport: z.ZodOptional<z.ZodEnum<{
+                    optional: "optional";
+                    required: "required";
+                    forbidden: "forbidden";
+                }>>;
+            }, z.core.$strip>>;
+            _meta: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+            icons: z.ZodOptional<z.ZodArray<z.ZodObject<{
+                src: z.ZodString;
+                mimeType: z.ZodOptional<z.ZodString>;
+                sizes: z.ZodOptional<z.ZodArray<z.ZodString>>;
+                theme: z.ZodOptional<z.ZodEnum<{
+                    light: "light";
+                    dark: "dark";
+                }>>;
+            }, z.core.$strip>>>;
+            name: z.ZodString;
+            title: z.ZodOptional<z.ZodString>;
+        }, z.core.$strip>>>;
+        resources: z.ZodOptional<z.ZodArray<z.ZodObject<{
+            uri: z.ZodString;
+            description: z.ZodOptional<z.ZodString>;
+            mimeType: z.ZodOptional<z.ZodString>;
+            annotations: z.ZodOptional<z.ZodObject<{
+                audience: z.ZodOptional<z.ZodArray<z.ZodEnum<{
+                    user: "user";
+                    assistant: "assistant";
+                }>>>;
+                priority: z.ZodOptional<z.ZodNumber>;
+                lastModified: z.ZodOptional<z.ZodISODateTime>;
+            }, z.core.$strip>>;
+            _meta: z.ZodOptional<z.ZodObject<{}, z.core.$loose>>;
+            icons: z.ZodOptional<z.ZodArray<z.ZodObject<{
+                src: z.ZodString;
+                mimeType: z.ZodOptional<z.ZodString>;
+                sizes: z.ZodOptional<z.ZodArray<z.ZodString>>;
+                theme: z.ZodOptional<z.ZodEnum<{
+                    light: "light";
+                    dark: "dark";
+                }>>;
+            }, z.core.$strip>>>;
+            name: z.ZodString;
+            title: z.ZodOptional<z.ZodString>;
+        }, z.core.$strip>>>;
+        prompts: z.ZodOptional<z.ZodArray<z.ZodObject<{
+            description: z.ZodOptional<z.ZodString>;
+            arguments: z.ZodOptional<z.ZodArray<z.ZodObject<{
+                name: z.ZodString;
+                description: z.ZodOptional<z.ZodString>;
+                required: z.ZodOptional<z.ZodBoolean>;
+            }, z.core.$strip>>>;
+            _meta: z.ZodOptional<z.ZodObject<{}, z.core.$loose>>;
+            icons: z.ZodOptional<z.ZodArray<z.ZodObject<{
+                src: z.ZodString;
+                mimeType: z.ZodOptional<z.ZodString>;
+                sizes: z.ZodOptional<z.ZodArray<z.ZodString>>;
+                theme: z.ZodOptional<z.ZodEnum<{
+                    light: "light";
+                    dark: "dark";
+                }>>;
+            }, z.core.$strip>>>;
+            name: z.ZodString;
+            title: z.ZodOptional<z.ZodString>;
+        }, z.core.$strip>>>;
+    }, z.core.$loose>>;
+    source: z.ZodOptional<z.ZodObject<{
+        commit: z.ZodOptional<z.ZodString>;
+        branch: z.ZodOptional<z.ZodString>;
+    }, z.core.$strip>>;
+}, z.core.$strip>, z.ZodObject<{
+    type: z.ZodLiteral<"external">;
+    upstreamUrl: z.ZodString;
+}, z.core.$strip>], "type">;
+export type DeployPayload = z.infer<typeof DeployPayloadSchema>;

package/dist/bundle/deploy-payload.js

@@ -0,0 +1,22 @@
+import { z } from "zod";
+import { ServerCardSchema } from "./server-card.js";
+const HostedDeployPayloadSchema = z.object({
+    type: z.literal("hosted"),
+    stateful: z.boolean().default(false),
+    configSchema: z.record(z.string(), z.unknown()).optional(),
+    serverCard: ServerCardSchema.optional(),
+    source: z
+        .object({
+        commit: z.string().optional(),
+        branch: z.string().optional(),
+    })
+        .optional(),
+});
+const ExternalDeployPayloadSchema = z.object({
+    type: z.literal("external"),
+    upstreamUrl: z.string().url(),
+});
+export const DeployPayloadSchema = z.discriminatedUnion("type", [
+    HostedDeployPayloadSchema,
+    ExternalDeployPayloadSchema,
+]);

package/dist/bundle/index.d.ts

@@ -0,0 +1,7 @@
+/**
+ * The bundle package is not guaranteed to be backwards compatible or stable, and is used internally for Smithery CLI.
+ */
+export * from "./limits.js";
+export * from "./config.js";
+export * from "./deploy-payload.js";
+export * from "./server-card.js";

package/dist/bundle/index.js

@@ -0,0 +1,7 @@
+/**
+ * The bundle package is not guaranteed to be backwards compatible or stable, and is used internally for Smithery CLI.
+ */
+export * from "./limits.js";
+export * from "./config.js";
+export * from "./deploy-payload.js";
+export * from "./server-card.js";

package/dist/bundle/limits.d.ts

@@ -0,0 +1,7 @@
+/**
+ * Validate bundle size limits
+ */
+export declare const BUNDLE_SIZE_LIMITS: {
+    module: number;
+    sourcemap: number;
+};

package/dist/bundle/limits.js

@@ -0,0 +1,7 @@
+/**
+ * Validate bundle size limits
+ */
+export const BUNDLE_SIZE_LIMITS = {
+    module: 5 * 1024 * 1024, // 5 MB
+    sourcemap: 10 * 1024 * 1024, // 10 MB
+};

package/dist/bundle/server-card.d.ts

@@ -0,0 +1,108 @@
+import { z } from "zod";
+export declare const ServerCardSchema: z.ZodObject<{
+    serverInfo: z.ZodObject<{
+        version: z.ZodString;
+        websiteUrl: z.ZodOptional<z.ZodString>;
+        description: z.ZodOptional<z.ZodString>;
+        icons: z.ZodOptional<z.ZodArray<z.ZodObject<{
+            src: z.ZodString;
+            mimeType: z.ZodOptional<z.ZodString>;
+            sizes: z.ZodOptional<z.ZodArray<z.ZodString>>;
+            theme: z.ZodOptional<z.ZodEnum<{
+                light: "light";
+                dark: "dark";
+            }>>;
+        }, z.core.$strip>>>;
+        name: z.ZodString;
+        title: z.ZodOptional<z.ZodString>;
+    }, z.core.$strip>;
+    authentication: z.ZodOptional<z.ZodObject<{
+        required: z.ZodBoolean;
+        schemes: z.ZodArray<z.ZodString>;
+    }, z.core.$strip>>;
+    tools: z.ZodOptional<z.ZodArray<z.ZodObject<{
+        description: z.ZodOptional<z.ZodString>;
+        inputSchema: z.ZodObject<{
+            type: z.ZodLiteral<"object">;
+            properties: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodCustom<object, object>>>;
+            required: z.ZodOptional<z.ZodArray<z.ZodString>>;
+        }, z.core.$catchall<z.ZodUnknown>>;
+        outputSchema: z.ZodOptional<z.ZodObject<{
+            type: z.ZodLiteral<"object">;
+            properties: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodCustom<object, object>>>;
+            required: z.ZodOptional<z.ZodArray<z.ZodString>>;
+        }, z.core.$catchall<z.ZodUnknown>>>;
+        annotations: z.ZodOptional<z.ZodObject<{
+            title: z.ZodOptional<z.ZodString>;
+            readOnlyHint: z.ZodOptional<z.ZodBoolean>;
+            destructiveHint: z.ZodOptional<z.ZodBoolean>;
+            idempotentHint: z.ZodOptional<z.ZodBoolean>;
+            openWorldHint: z.ZodOptional<z.ZodBoolean>;
+        }, z.core.$strip>>;
+        execution: z.ZodOptional<z.ZodObject<{
+            taskSupport: z.ZodOptional<z.ZodEnum<{
+                optional: "optional";
+                required: "required";
+                forbidden: "forbidden";
+            }>>;
+        }, z.core.$strip>>;
+        _meta: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnknown>>;
+        icons: z.ZodOptional<z.ZodArray<z.ZodObject<{
+            src: z.ZodString;
+            mimeType: z.ZodOptional<z.ZodString>;
+            sizes: z.ZodOptional<z.ZodArray<z.ZodString>>;
+            theme: z.ZodOptional<z.ZodEnum<{
+                light: "light";
+                dark: "dark";
+            }>>;
+        }, z.core.$strip>>>;
+        name: z.ZodString;
+        title: z.ZodOptional<z.ZodString>;
+    }, z.core.$strip>>>;
+    resources: z.ZodOptional<z.ZodArray<z.ZodObject<{
+        uri: z.ZodString;
+        description: z.ZodOptional<z.ZodString>;
+        mimeType: z.ZodOptional<z.ZodString>;
+        annotations: z.ZodOptional<z.ZodObject<{
+            audience: z.ZodOptional<z.ZodArray<z.ZodEnum<{
+                user: "user";
+                assistant: "assistant";
+            }>>>;
+            priority: z.ZodOptional<z.ZodNumber>;
+            lastModified: z.ZodOptional<z.ZodISODateTime>;
+        }, z.core.$strip>>;
+        _meta: z.ZodOptional<z.ZodObject<{}, z.core.$loose>>;
+        icons: z.ZodOptional<z.ZodArray<z.ZodObject<{
+            src: z.ZodString;
+            mimeType: z.ZodOptional<z.ZodString>;
+            sizes: z.ZodOptional<z.ZodArray<z.ZodString>>;
+            theme: z.ZodOptional<z.ZodEnum<{
+                light: "light";
+                dark: "dark";
+            }>>;
+        }, z.core.$strip>>>;
+        name: z.ZodString;
+        title: z.ZodOptional<z.ZodString>;
+    }, z.core.$strip>>>;
+    prompts: z.ZodOptional<z.ZodArray<z.ZodObject<{
+        description: z.ZodOptional<z.ZodString>;
+        arguments: z.ZodOptional<z.ZodArray<z.ZodObject<{
+            name: z.ZodString;
+            description: z.ZodOptional<z.ZodString>;
+            required: z.ZodOptional<z.ZodBoolean>;
+        }, z.core.$strip>>>;
+        _meta: z.ZodOptional<z.ZodObject<{}, z.core.$loose>>;
+        icons: z.ZodOptional<z.ZodArray<z.ZodObject<{
+            src: z.ZodString;
+            mimeType: z.ZodOptional<z.ZodString>;
+            sizes: z.ZodOptional<z.ZodArray<z.ZodString>>;
+            theme: z.ZodOptional<z.ZodEnum<{
+                light: "light";
+                dark: "dark";
+            }>>;
+        }, z.core.$strip>>>;
+        name: z.ZodString;
+        title: z.ZodOptional<z.ZodString>;
+    }, z.core.$strip>>>;
+}, z.core.$loose>;
+export type ServerCard = z.infer<typeof ServerCardSchema>;

package/dist/bundle/server-card.js

@@ -0,0 +1,16 @@
+import { ImplementationSchema, PromptSchema, ResourceSchema, ToolSchema, } from "@modelcontextprotocol/sdk/types.js";
+import { z } from "zod";
+export const ServerCardSchema = z
+    .object({
+    serverInfo: ImplementationSchema,
+    authentication: z
+        .object({
+        required: z.boolean(),
+        schemes: z.array(z.string()),
+    })
+        .optional(),
+    tools: z.array(ToolSchema).optional(),
+    resources: z.array(ResourceSchema).optional(),
+    prompts: z.array(PromptSchema).optional(),
+})
+    .passthrough();

package/dist/index.d.ts

@@ -1,8 +1,2 @@
-export * from "./shared/config.js";
-export * from "./shared/patch.js";
-export { createStatefulServer, type CreateServerFn, type StatefulServerOptions, } from "./server/stateful.js";
-export { createStatelessServer, type CreateStatelessServerFn, type StatelessServerOptions, } from "./server/stateless.js";
-export * from "./server/logger.js";
-export * from "./server/session.js";
-export * from "./server/auth/identity.js";
-export * from "./server/auth/oauth.js";
+export * from "./types/index.js";
+export * from "./bundle/index.js";

package/dist/index.js

@@ -1,13 +1,5 @@
 // Smithery SDK – Main exports
-// Use subpath imports for tree-shaking: @smithery/sdk/server, /helpers
-// === Shared Utilities ===
-export * from "./shared/config.js";
-export * from "./shared/patch.js";
-// === Server Primitives ===
-// Stateful/stateless server patterns, session management, auth
-export { createStatefulServer, } from "./server/stateful.js";
-export { createStatelessServer, } from "./server/stateless.js";
-export * from "./server/logger.js";
-export * from "./server/session.js";
-export * from "./server/auth/identity.js";
-export * from "./server/auth/oauth.js";
+// Types for MCP server authors
+export * from "./types/index.js";
+// Bundle manifest schema (for CLI/registry)
+export * from "./bundle/index.js";

package/dist/types/index.d.ts

@@ -0,0 +1,38 @@
+import type { Server } from "@modelcontextprotocol/sdk/server/index.js";
+import type { z } from "zod";
+export type Session = {
+    id: string;
+    get: <T = unknown>(key: string) => Promise<T | undefined>;
+    set: (key: string, value: unknown) => Promise<void>;
+    delete: (key: string) => Promise<void>;
+};
+export type StatelessServerContext<TConfig = unknown> = {
+    config: TConfig;
+    env: Record<string, string | undefined>;
+};
+export type StatefulServerContext<TConfig = unknown> = {
+    config: TConfig;
+    session: Session;
+    env: Record<string, string | undefined>;
+};
+export type ServerContext<TConfig = unknown> = StatelessServerContext<TConfig> | StatefulServerContext<TConfig>;
+export type SandboxServerContext = {
+    session: Session;
+};
+export type CreateServerFn<TConfig = unknown> = (context: ServerContext<TConfig>) => Server | Promise<Server>;
+export type CreateSandboxServerFn = (context: SandboxServerContext) => Server | Promise<Server>;
+/**
+ * ServerModule - expected exports from an MCP server entry point
+ */
+export interface ServerModule<TConfig = unknown> {
+    default: CreateServerFn<TConfig>;
+    configSchema?: z.ZodSchema<TConfig>;
+    createSandboxServer?: CreateSandboxServerFn;
+    /**
+     * Whether the server is stateful.
+     * Stateful servers maintain state between calls within a session.
+     * Stateless servers are fresh for each request.
+     * @default false
+     */
+    stateful?: boolean;
+}

package/dist/types/index.js

@@ -0,0 +1 @@
+export {};

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@smithery/sdk",
-	"version": "3.0.1",
+	"version": "4.0.1",
 	"description": "SDK to develop with Smithery",
 	"type": "module",
 	"repository": {
@@ -10,40 +10,32 @@
 	"main": "./dist/index.js",
 	"types": "./dist/index.d.ts",
 	"exports": {
-		".": "./dist/index.js"
+		".": {
+			"types": "./dist/index.d.ts",
+			"default": "./dist/index.js"
+		},
+		"./bundle": {
+			"types": "./dist/bundle/index.d.ts",
+			"default": "./dist/bundle/index.js"
+		}
 	},
 	"files": [
 		"dist"
 	],
 	"scripts": {
-		"build": "tsc",
-		"build:all": "pnpm -r --filter './*' build",
-		"watch": "tsc --watch",
+		"build": "rm -rf dist && tsc",
 		"check": "pnpm exec biome check --write --unsafe",
 		"prepare": "pnpm run build"
 	},
 	"packageManager": "pnpm@9.0.0",
 	"license": "MIT",
-	"dependencies": {
-		"@modelcontextprotocol/sdk": "^1.25.1",
-		"chalk": "^5.6.2",
-		"express": "^5.1.0",
-		"jose": "^6.1.0",
-		"lodash": "^4.17.21",
-		"okay-error": "^1.0.3"
-	},
 	"peerDependencies": {
+		"@modelcontextprotocol/sdk": "^1.25.1",
 		"zod": "^4"
 	},
 	"devDependencies": {
 		"@biomejs/biome": "2.2.6",
-		"@types/express": "^5.0.1",
-		"@types/json-schema": "^7.0.15",
-		"@types/lodash": "^4.17.17",
 		"@types/node": "^20.0.0",
-		"@types/uuid": "^9.0.7",
-		"dotenv": "^16.4.7",
-		"tsx": "^4.19.2",
 		"typescript": "^5.0.0",
 		"zod": "^4"
 	}

package/dist/server/auth/identity.d.ts

@@ -1,18 +0,0 @@
-import type { Application, Request, Router } from "express";
-import { type JWTPayload } from "jose";
-import type { OAuthTokens } from "@modelcontextprotocol/sdk/shared/auth.js";
-export type IdentityJwtClaims = JWTPayload & Record<string, unknown>;
-export interface IdentityHandler {
-    /** Base path to mount metadata and token endpoints. Default: "/" */
-    basePath?: string;
-    /** Expected JWT issuer. Default: "https://server.smithery.ai" */
-    issuer?: string;
-    /** JWKS URL for issuer. Default: "https://server.smithery.ai/.well-known/jwks.json" */
-    jwksUrl?: string;
-    /** Optional explicit token path. Overrides basePath+"token". */
-    tokenPath?: string;
-    /** Handle a JWT grant provided by an external identity provider (i.e., Smithery) and mint access tokens */
-    handleJwtGrant: (claims: IdentityJwtClaims, req: Request) => Promise<OAuthTokens | null>;
-}
-export declare function createIdentityTokenRouter(options: IdentityHandler): Router;
-export declare function mountIdentity(app: Application, options: IdentityHandler): void;

package/dist/server/auth/identity.js

@@ -1,55 +0,0 @@
-import express from "express";
-import { createRemoteJWKSet, jwtVerify } from "jose";
-function normalizeBasePath(basePath) {
-    const value = basePath ?? "/";
-    return value.endsWith("/") ? value : `${value}/`;
-}
-export function createIdentityTokenRouter(options) {
-    const basePath = normalizeBasePath(options.basePath);
-    const issuer = options.issuer ?? "https://server.smithery.ai";
-    const jwksUrl = new URL(options.jwksUrl ?? "https://server.smithery.ai/.well-known/jwks.json");
-    const tokenPath = typeof options.tokenPath === "string" && options.tokenPath.length > 0
-        ? options.tokenPath
-        : `${basePath}token`;
-    // Create JWKS resolver once; jose caches keys internally
-    const JWKS = createRemoteJWKSet(jwksUrl);
-    const tokenRouter = express.Router();
-    // urlencoded parser required for OAuth token requests
-    tokenRouter.use(express.urlencoded({ extended: false }));
-    tokenRouter.post(tokenPath, async (req, res, next) => {
-        try {
-            const grantType = typeof req.body?.grant_type === "string"
-                ? req.body.grant_type
-                : undefined;
-            if (grantType !== "urn:ietf:params:oauth:grant-type:jwt-bearer")
-                return next();
-            const assertion = typeof req.body?.assertion === "string" ? req.body.assertion : undefined;
-            if (!assertion) {
-                res.status(400).json({
-                    error: "invalid_request",
-                    error_description: "Missing assertion",
-                });
-                return;
-            }
-            const host = req.get("host") ?? "localhost";
-            const audience = `https://${host}${tokenPath}`;
-            const { payload } = await jwtVerify(assertion, JWKS, {
-                issuer,
-                audience,
-                algorithms: ["RS256"],
-            });
-            const result = await options.handleJwtGrant(payload, req);
-            if (!result)
-                return next();
-            res.json(result);
-        }
-        catch (error) {
-            console.error(error);
-            res.status(400).json({ error: "invalid_grant" });
-        }
-    });
-    return tokenRouter;
-}
-export function mountIdentity(app, options) {
-    app.use(createIdentityTokenRouter(options));
-}

package/dist/server/auth/oauth.d.ts

@@ -1,21 +0,0 @@
-import type { OAuthServerProvider, OAuthTokenVerifier } from "@modelcontextprotocol/sdk/server/auth/provider.js";
-import type { AuthInfo } from "@modelcontextprotocol/sdk/server/auth/types.js";
-import type { Application, Response } from "express";
-import { type IdentityHandler } from "./identity.js";
-export interface TokenVerifier extends OAuthTokenVerifier {
-    verifyAccessToken: (token: string) => Promise<AuthInfo>;
-    requiredScopes?: string[];
-    resourceMetadataUrl?: string;
-}
-type ProviderVerifier = OAuthServerProvider & TokenVerifier;
-export interface OAuthProvider extends ProviderVerifier {
-    basePath?: string;
-    callbackPath?: string;
-    handleOAuthCallback?: (code: string, state: string | undefined, res: Response) => Promise<URL>;
-}
-export interface OAuthMountOptions {
-    provider?: OAuthProvider | TokenVerifier;
-    identity?: IdentityHandler;
-}
-export declare function mountOAuth(app: Application, opts: OAuthMountOptions): void;
-export {};