@studiometa/productive-mcp 0.10.7 → 0.10.9

package/dist/hints.d.ts

@@ -74,6 +74,10 @@ export declare function getPageHints(pageId: string): ContextualHints;
  * Generate hints for a discussion
  */
 export declare function getDiscussionHints(discussionId: string, pageId?: string): ContextualHints;
+/**
+ * Generate hints for a custom field definition
+ */
+export declare function getCustomFieldHints(fieldId: string): ContextualHints;
 /**
  * Generate hints for a timer
  */

package/dist/hints.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"hints.d.ts","sourceRoot":"","sources":["../src/hints.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,MAAM,WAAW,YAAY;IAC3B,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAClC;AAED,MAAM,WAAW,UAAU;IACzB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAClC;AAED,MAAM,WAAW,eAAe;IAC9B,iBAAiB,CAAC,EAAE,YAAY,EAAE,CAAC;IACnC,cAAc,CAAC,EAAE,UAAU,EAAE,CAAC;CAC/B;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,MAAM,GAAG,eAAe,CA6DhF;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,SAAS,EAAE,MAAM,GAAG,eAAe,CA8DlE;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,eAAe,CAoD5D;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,eAAe,CAyChE;AAED;;;;;;;GAOG;AACH,wBAAgB,mBAAmB,CACjC,aAAa,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GACrC,eAAe,GAAG,IAAI,CAkBxB;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,SAAS,EAAE,MAAM,GAAG,eAAe,CAqDlE;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,SAAS,EAAE,MAAM,GAAG,eAAe,CAyClE;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAC/B,WAAW,EAAE,MAAM,EACnB,MAAM,CAAC,EAAE,MAAM,EACf,SAAS,CAAC,EAAE,MAAM,GACjB,eAAe,CA0CjB;AAED;;GAEG;AACH,wBAAgB,eAAe,CAC7B,UAAU,EAAE,MAAM,EAClB,eAAe,CAAC,EAAE,MAAM,EACxB,aAAa,CAAC,EAAE,MAAM,GACrB,eAAe,CA4BjB;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAChC,aAAa,EAAE,MAAM,EACrB,cAAc,CAAC,EAAE,MAAM,GACtB,eAAe,CAqCjB;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,eAAe,CA6BrF;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,eAAe,CAqD5D;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,YAAY,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,eAAe,CA+CzF;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,MAAM,GAAG,eAAe,CA4BlF"}
+{"version":3,"file":"hints.d.ts","sourceRoot":"","sources":["../src/hints.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,MAAM,WAAW,YAAY;IAC3B,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAClC;AAED,MAAM,WAAW,UAAU;IACzB,MAAM,EAAE,MAAM,CAAC;IACf,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAClC;AAED,MAAM,WAAW,eAAe;IAC9B,iBAAiB,CAAC,EAAE,YAAY,EAAE,CAAC;IACnC,cAAc,CAAC,EAAE,UAAU,EAAE,CAAC;CAC/B;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,MAAM,GAAG,eAAe,CAsEhF;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,SAAS,EAAE,MAAM,GAAG,eAAe,CA8DlE;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,eAAe,CA6D5D;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,eAAe,CAyChE;AAED;;;;;;;GAOG;AACH,wBAAgB,mBAAmB,CACjC,aAAa,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GACrC,eAAe,GAAG,IAAI,CAkBxB;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,SAAS,EAAE,MAAM,GAAG,eAAe,CAqDlE;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,SAAS,EAAE,MAAM,GAAG,eAAe,CAmDlE;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAC/B,WAAW,EAAE,MAAM,EACnB,MAAM,CAAC,EAAE,MAAM,EACf,SAAS,CAAC,EAAE,MAAM,GACjB,eAAe,CA0CjB;AAED;;GAEG;AACH,wBAAgB,eAAe,CAC7B,UAAU,EAAE,MAAM,EAClB,eAAe,CAAC,EAAE,MAAM,EACxB,aAAa,CAAC,EAAE,MAAM,GACrB,eAAe,CA4BjB;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAChC,aAAa,EAAE,MAAM,EACrB,cAAc,CAAC,EAAE,MAAM,GACtB,eAAe,CAqCjB;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,SAAS,EAAE,MAAM,EAAE,QAAQ,CAAC,EAAE,MAAM,GAAG,eAAe,CA6BrF;AAED;;GAEG;AACH,wBAAgB,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,eAAe,CAqD5D;AAED;;GAEG;AACH,wBAAgB,kBAAkB,CAAC,YAAY,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,MAAM,GAAG,eAAe,CA+CzF;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,MAAM,GAAG,eAAe,CAyBpE;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,MAAM,GAAG,eAAe,CA4BlF"}

package/dist/http.d.ts

@@ -4,7 +4,7 @@
  * This module contains the app/router creation logic for the HTTP transport.
  * The actual server startup is in server.ts.
  */
-import { type App } from 'h3';
+import { H3 } from 'h3';
 /**
  * JSON-RPC error response
  */
@@ -44,6 +44,7 @@ export declare function handleInitialize(): {
  */
 export declare function handleToolsList(): {
     tools: {
+        description?: string | undefined;
         inputSchema: {
             [x: string]: unknown;
             type: "object";
@@ -52,8 +53,6 @@ export declare function handleToolsList(): {
             } | undefined;
             required?: string[] | undefined;
         };
-        name: string;
-        description?: string | undefined;
         outputSchema?: {
             [x: string]: unknown;
             type: "object";
@@ -70,7 +69,7 @@ export declare function handleToolsList(): {
             openWorldHint?: boolean | undefined;
         } | undefined;
         execution?: {
-            taskSupport?: "optional" | "required" | "forbidden" | undefined;
+            taskSupport?: "forbidden" | "optional" | "required" | undefined;
         } | undefined;
         _meta?: {
             [x: string]: unknown;
@@ -79,13 +78,14 @@ export declare function handleToolsList(): {
             src: string;
             mimeType?: string | undefined;
             sizes?: string[] | undefined;
-            theme?: "light" | "dark" | undefined;
+            theme?: "dark" | "light" | undefined;
         }[] | undefined;
+        name: string;
         title?: string | undefined;
     }[];
 };
 /**
- * Create the h3 application with all routes
+ * Create the H3 application with all routes
  */
-export declare function createHttpApp(): App;
+export declare function createHttpApp(): H3;
 //# sourceMappingURL=http.d.ts.map

package/dist/http.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"http.d.ts","sourceRoot":"","sources":["../src/http.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAOL,KAAK,GAAG,EACT,MAAM,IAAI,CAAC;AAgBZ;;GAEG;AACH,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,GAAE,MAAM,GAAG,MAAM,GAAG,IAAW;;;;;;;EAM5F;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,OAAO,EAAE,EAAE,GAAE,MAAM,GAAG,MAAM,GAAG,IAAW;;;;EAMhF;AAED;;GAEG;AACH,wBAAgB,gBAAgB;;;;;;;;;;;EAa/B;AAED;;GAEG;AACH,wBAAgB,eAAe;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAE9B;AAED;;GAEG;AACH,wBAAgB,aAAa,IAAI,GAAG,CA0LnC"}
+{"version":3,"file":"http.d.ts","sourceRoot":"","sources":["../src/http.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,EAAE,EAA+B,MAAM,IAAI,CAAC;AAgBrD;;GAEG;AACH,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,GAAE,MAAM,GAAG,MAAM,GAAG,IAAW;;;;;;;EAM5F;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,OAAO,EAAE,EAAE,GAAE,MAAM,GAAG,MAAM,GAAG,IAAW;;;;EAMhF;AAED;;GAEG;AACH,wBAAgB,gBAAgB;;;;;;;;;;;EAa/B;AAED;;GAEG;AACH,wBAAgB,eAAe;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAE9B;AAWD;;GAEG;AACH,wBAAgB,aAAa,IAAI,EAAE,CA0LlC"}

package/dist/http.js

@@ -1,10 +1,9 @@
-import { a as INSTRUCTIONS, i as readResource, n as listResourceTemplates, r as listResources, t as VERSION } from "./version-zLvx5_bN.js";
-import { t as executeToolWithCredentials } from "./handlers-CzOijI7B.js";
-import "./handlers.js";
+import { a as INSTRUCTIONS, i as readResource, n as listResourceTemplates, r as listResources, t as VERSION } from "./version-BFw4junA.js";
+import { t as executeToolWithCredentials } from "./handlers-t95fhdps.js";
 import { TOOLS } from "./tools.js";
 import { parseAuthHeader } from "./auth.js";
 import { authorizeGetHandler, authorizePostHandler, oauthMetadataHandler, registerHandler, tokenHandler } from "./oauth.js";
-import { createApp, createRouter, defineEventHandler, getHeader, readBody, setResponseHeader } from "h3";
+import { H3, defineHandler } from "h3";
 /**
 * HTTP transport handlers for Productive MCP Server
 *
@@ -58,21 +57,26 @@ function handleToolsList() {
 	return { tools: TOOLS };
 }
 /**
-* Create the h3 application with all routes
+* Get base URL from event headers
+*/
+function getBaseUrl(event) {
+	const host = event.req.headers.get("host") || "localhost:3000";
+	return `${event.req.headers.get("x-forwarded-proto") || "http"}://${host}`;
+}
+/**
+* Create the H3 application with all routes
 */
 function createHttpApp() {
-	const app = createApp();
-	const router = createRouter();
-	router.get("/.well-known/oauth-authorization-server", oauthMetadataHandler);
-	router.post("/register", registerHandler);
-	router.get("/authorize", authorizeGetHandler);
-	router.post("/authorize", authorizePostHandler);
-	router.post("/token", tokenHandler);
-	router.get("/.well-known/oauth-protected-resource", defineEventHandler((event) => {
-		const host = event.node.req.headers.host || "localhost:3000";
-		const baseUrl = `${event.node.req.headers["x-forwarded-proto"] || "http"}://${host}`;
-		setResponseHeader(event, "Content-Type", "application/json");
-		setResponseHeader(event, "Cache-Control", "public, max-age=3600");
+	const app = new H3();
+	app.get("/.well-known/oauth-authorization-server", oauthMetadataHandler);
+	app.post("/register", registerHandler);
+	app.get("/authorize", authorizeGetHandler);
+	app.post("/authorize", authorizePostHandler);
+	app.post("/token", tokenHandler);
+	app.get("/.well-known/oauth-protected-resource", defineHandler((event) => {
+		const baseUrl = getBaseUrl(event);
+		event.res.headers.set("Content-Type", "application/json");
+		event.res.headers.set("Cache-Control", "public, max-age=3600");
 		return {
 			resource: `${baseUrl}/mcp`,
 			authorization_servers: [baseUrl],
@@ -80,36 +84,35 @@ function createHttpApp() {
 			bearer_methods_supported: ["header"]
 		};
 	}));
-	router.get("/", defineEventHandler(() => {
+	app.get("/", defineHandler(() => {
 		return {
 			status: "ok",
 			service: "productive-mcp",
 			version: VERSION
 		};
 	}));
-	router.get("/health", defineEventHandler(() => {
+	app.get("/health", defineHandler(() => {
 		return { status: "ok" };
 	}));
-	router.post("/mcp", defineEventHandler(async (event) => {
-		const credentials = parseAuthHeader(getHeader(event, "authorization"));
+	app.post("/mcp", defineHandler(async (event) => {
+		const credentials = parseAuthHeader(event.req.headers.get("authorization"));
 		if (!credentials) {
-			const host = event.node.req.headers.host || "localhost:3000";
-			const baseUrl = `${event.node.req.headers["x-forwarded-proto"] || "http"}://${host}`;
-			setResponseHeader(event, "Content-Type", "application/json");
-			setResponseHeader(event, "WWW-Authenticate", `Bearer resource_metadata="${baseUrl}/.well-known/oauth-protected-resource"`);
-			event.node.res.statusCode = 401;
+			const baseUrl = getBaseUrl(event);
+			event.res.headers.set("Content-Type", "application/json");
+			event.res.headers.set("WWW-Authenticate", `Bearer resource_metadata="${baseUrl}/.well-known/oauth-protected-resource"`);
+			event.res.status = 401;
 			return jsonRpcError(-32001, "Authentication required. Provide Bearer token with base64(organizationId:apiToken:userId)");
 		}
-		setResponseHeader(event, "Content-Type", "application/json");
+		event.res.headers.set("Content-Type", "application/json");
 		let body;
 		try {
-			body = await readBody(event);
+			body = await event.req.json();
 		} catch {
-			event.node.res.statusCode = 400;
+			event.res.status = 400;
 			return jsonRpcError(-32700, "Parse error: Invalid JSON");
 		}
 		if (!body || typeof body !== "object") {
-			event.node.res.statusCode = 400;
+			event.res.status = 400;
 			return jsonRpcError(-32700, "Parse error: Invalid JSON");
 		}
 		const { method, params, id } = body;
@@ -132,27 +135,34 @@ function createHttpApp() {
 			return jsonRpcError(-32603, `Internal error: ${error instanceof Error ? error.message : String(error)}`, id ?? null);
 		}
 	}));
-	router.get("/mcp/sse", defineEventHandler(async (event) => {
-		if (!parseAuthHeader(getHeader(event, "authorization"))) {
-			const host = event.node.req.headers.host || "localhost:3000";
-			setResponseHeader(event, "WWW-Authenticate", `Bearer resource_metadata="${`${event.node.req.headers["x-forwarded-proto"] || "http"}://${host}`}/.well-known/oauth-protected-resource"`);
-			event.node.res.statusCode = 401;
+	app.get("/mcp/sse", defineHandler(async (event) => {
+		if (!parseAuthHeader(event.req.headers.get("authorization"))) {
+			const baseUrl = getBaseUrl(event);
+			event.res.headers.set("WWW-Authenticate", `Bearer resource_metadata="${baseUrl}/.well-known/oauth-protected-resource"`);
+			event.res.status = 401;
 			return { error: "Authentication required" };
 		}
-		setResponseHeader(event, "Content-Type", "text/event-stream");
-		setResponseHeader(event, "Cache-Control", "no-cache");
-		setResponseHeader(event, "Connection", "keep-alive");
+		const nodeRuntime = event.runtime?.node;
+		const nodeRes = nodeRuntime?.res;
+		if (!nodeRes) {
+			event.res.status = 501;
+			return { error: "SSE requires Node.js runtime" };
+		}
+		nodeRes.writeHead(200, {
+			"Content-Type": "text/event-stream",
+			"Cache-Control": "no-cache",
+			Connection: "keep-alive"
+		});
 		const sessionId = crypto.randomUUID();
-		event.node.res.write(`event: session\ndata: ${JSON.stringify({ sessionId })}\n\n`);
+		nodeRes.write(`event: session\ndata: ${JSON.stringify({ sessionId })}\n\n`);
 		const keepAlive = setInterval(() => {
-			event.node.res.write(": keepalive\n\n");
+			nodeRes.write(": keepalive\n\n");
 		}, 3e4);
-		event.node.req.on("close", () => {
+		nodeRuntime?.req.on("close", () => {
 			clearInterval(keepAlive);
 		});
 		return new Promise(() => {});
 	}));
-	app.use(router);
 	return app;
 }
 export { createHttpApp, handleInitialize, handleToolsList, jsonRpcError, jsonRpcSuccess };

package/dist/http.js.map

@@ -1 +1 @@
-{"version":3,"file":"http.js","names":[],"sources":["../src/http.ts"],"sourcesContent":["/**\n * HTTP transport handlers for Productive MCP Server\n *\n * This module contains the app/router creation logic for the HTTP transport.\n * The actual server startup is in server.ts.\n */\n\nimport {\n  createApp,\n  createRouter,\n  defineEventHandler,\n  readBody,\n  getHeader,\n  setResponseHeader,\n  type App,\n} from 'h3';\n\nimport { parseAuthHeader } from './auth.js';\nimport { executeToolWithCredentials } from './handlers.js';\nimport { INSTRUCTIONS } from './instructions.js';\nimport {\n  oauthMetadataHandler,\n  registerHandler,\n  authorizeGetHandler,\n  authorizePostHandler,\n  tokenHandler,\n} from './oauth.js';\nimport { listResources, listResourceTemplates, readResource } from './resources.js';\nimport { TOOLS } from './tools.js';\nimport { VERSION } from './version.js';\n\n/**\n * JSON-RPC error response\n */\nexport function jsonRpcError(code: number, message: string, id: string | number | null = null) {\n  return {\n    jsonrpc: '2.0',\n    error: { code, message },\n    id,\n  };\n}\n\n/**\n * JSON-RPC success response\n */\nexport function jsonRpcSuccess(result: unknown, id: string | number | null = null) {\n  return {\n    jsonrpc: '2.0',\n    result,\n    id,\n  };\n}\n\n/**\n * Handle the initialize JSON-RPC method\n */\nexport function handleInitialize() {\n  return {\n    protocolVersion: '2024-11-05',\n    serverInfo: {\n      name: 'productive-mcp',\n      version: VERSION,\n    },\n    capabilities: {\n      tools: {},\n      resources: {},\n    },\n    instructions: INSTRUCTIONS,\n  };\n}\n\n/**\n * Handle the tools/list JSON-RPC method\n */\nexport function handleToolsList() {\n  return { tools: TOOLS };\n}\n\n/**\n * Create the h3 application with all routes\n */\nexport function createHttpApp(): App {\n  const app = createApp();\n  const router = createRouter();\n\n  // OAuth 2.0 endpoints for Claude Desktop integration (MCP auth spec)\n  router.get('/.well-known/oauth-authorization-server', oauthMetadataHandler);\n  router.post('/register', registerHandler); // Dynamic Client Registration (RFC 7591)\n  router.get('/authorize', authorizeGetHandler);\n  router.post('/authorize', authorizePostHandler);\n  router.post('/token', tokenHandler);\n\n  // OAuth Protected Resource Metadata (RFC 9728 / MCP spec 2025-03-26)\n  // This endpoint tells clients where to find the authorization server\n  router.get(\n    '/.well-known/oauth-protected-resource',\n    defineEventHandler((event) => {\n      const host = event.node.req.headers.host || 'localhost:3000';\n      const protocol = event.node.req.headers['x-forwarded-proto'] || 'http';\n      const baseUrl = `${protocol}://${host}`;\n\n      setResponseHeader(event, 'Content-Type', 'application/json');\n      setResponseHeader(event, 'Cache-Control', 'public, max-age=3600');\n\n      return {\n        resource: `${baseUrl}/mcp`,\n        authorization_servers: [baseUrl],\n        scopes_supported: ['productive'],\n        bearer_methods_supported: ['header'],\n      };\n    }),\n  );\n\n  // Health check endpoint\n  router.get(\n    '/',\n    defineEventHandler(() => {\n      return { status: 'ok', service: 'productive-mcp', version: VERSION };\n    }),\n  );\n\n  router.get(\n    '/health',\n    defineEventHandler(() => {\n      return { status: 'ok' };\n    }),\n  );\n\n  // MCP endpoint - handles JSON-RPC over HTTP\n  router.post(\n    '/mcp',\n    defineEventHandler(async (event) => {\n      // Parse authorization header\n      const authHeader = getHeader(event, 'authorization');\n      const credentials = parseAuthHeader(authHeader);\n\n      if (!credentials) {\n        // RFC 6750: Return WWW-Authenticate header to trigger OAuth flow\n        const host = event.node.req.headers.host || 'localhost:3000';\n        const protocol = event.node.req.headers['x-forwarded-proto'] || 'http';\n        const baseUrl = `${protocol}://${host}`;\n\n        setResponseHeader(event, 'Content-Type', 'application/json');\n        setResponseHeader(\n          event,\n          'WWW-Authenticate',\n          `Bearer resource_metadata=\"${baseUrl}/.well-known/oauth-protected-resource\"`,\n        );\n        event.node.res.statusCode = 401;\n        return jsonRpcError(\n          -32001,\n          'Authentication required. Provide Bearer token with base64(organizationId:apiToken:userId)',\n        );\n      }\n\n      setResponseHeader(event, 'Content-Type', 'application/json');\n\n      // Parse JSON-RPC request\n      let body: { method?: string; params?: unknown; id?: string | number };\n      try {\n        body = await readBody(event);\n      } catch {\n        event.node.res.statusCode = 400;\n        return jsonRpcError(-32700, 'Parse error: Invalid JSON');\n      }\n\n      if (!body || typeof body !== 'object') {\n        event.node.res.statusCode = 400;\n        return jsonRpcError(-32700, 'Parse error: Invalid JSON');\n      }\n\n      const { method, params, id } = body;\n\n      try {\n        if (method === 'initialize') {\n          return jsonRpcSuccess(handleInitialize(), id ?? null);\n        }\n\n        if (method === 'tools/list') {\n          return jsonRpcSuccess(handleToolsList(), id ?? null);\n        }\n\n        if (method === 'tools/call') {\n          const { name, arguments: args } = params as {\n            name: string;\n            arguments?: Record<string, unknown>;\n          };\n          const result = await executeToolWithCredentials(name, args || {}, credentials);\n          return jsonRpcSuccess(result, id ?? null);\n        }\n\n        if (method === 'resources/list') {\n          return jsonRpcSuccess({ resources: listResources() }, id ?? null);\n        }\n\n        if (method === 'resources/templates/list') {\n          return jsonRpcSuccess({ resourceTemplates: listResourceTemplates() }, id ?? null);\n        }\n\n        if (method === 'resources/read') {\n          const { uri } = (params as { uri: string }) ?? {};\n          if (!uri) {\n            return jsonRpcError(-32602, 'Invalid params: uri is required', id ?? null);\n          }\n          const result = await readResource(uri, credentials);\n          return jsonRpcSuccess(result, id ?? null);\n        }\n\n        // Unknown method\n        return jsonRpcError(-32601, `Method not found: ${method}`, id ?? null);\n      } catch (error) {\n        const message = error instanceof Error ? error.message : String(error);\n        return jsonRpcError(-32603, `Internal error: ${message}`, id ?? null);\n      }\n    }),\n  );\n\n  // SSE endpoint for server-sent events (optional, for streaming responses)\n  router.get(\n    '/mcp/sse',\n    defineEventHandler(async (event) => {\n      const authHeader = getHeader(event, 'authorization');\n      const credentials = parseAuthHeader(authHeader);\n\n      if (!credentials) {\n        // RFC 6750: Return WWW-Authenticate header to trigger OAuth flow\n        const host = event.node.req.headers.host || 'localhost:3000';\n        const protocol = event.node.req.headers['x-forwarded-proto'] || 'http';\n        const baseUrl = `${protocol}://${host}`;\n\n        setResponseHeader(\n          event,\n          'WWW-Authenticate',\n          `Bearer resource_metadata=\"${baseUrl}/.well-known/oauth-protected-resource\"`,\n        );\n        event.node.res.statusCode = 401;\n        return { error: 'Authentication required' };\n      }\n\n      // Set SSE headers\n      setResponseHeader(event, 'Content-Type', 'text/event-stream');\n      setResponseHeader(event, 'Cache-Control', 'no-cache');\n      setResponseHeader(event, 'Connection', 'keep-alive');\n\n      // Generate session ID and send it\n      const sessionId = crypto.randomUUID();\n\n      // Send initial session event\n      event.node.res.write(`event: session\\ndata: ${JSON.stringify({ sessionId })}\\n\\n`);\n\n      // Keep connection alive\n      const keepAlive = setInterval(() => {\n        event.node.res.write(': keepalive\\n\\n');\n      }, 30000);\n\n      // Clean up on close\n      event.node.req.on('close', () => {\n        clearInterval(keepAlive);\n      });\n\n      // Don't end the response - keep it open for SSE\n      return new Promise(() => {});\n    }),\n  );\n\n  app.use(router);\n  return app;\n}\n"],"mappings":";;;;;;;;;;;;;;;;AAkCA,SAAgB,aAAa,MAAc,SAAiB,KAA6B,MAAM;AAC7F,QAAO;EACL,SAAS;EACT,OAAO;GAAE;GAAM;GAAS;EACxB;EACD;;;;;AAMH,SAAgB,eAAe,QAAiB,KAA6B,MAAM;AACjF,QAAO;EACL,SAAS;EACT;EACA;EACD;;;;;AAMH,SAAgB,mBAAmB;AACjC,QAAO;EACL,iBAAiB;EACjB,YAAY;GACV,MAAM;GACN,SAAS;GACV;EACD,cAAc;GACZ,OAAO,EAAE;GACT,WAAW,EAAE;GACd;EACD,cAAc;EACf;;;;;AAMH,SAAgB,kBAAkB;AAChC,QAAO,EAAE,OAAO,OAAO;;;;;AAMzB,SAAgB,gBAAqB;CACnC,MAAM,MAAM,WAAW;CACvB,MAAM,SAAS,cAAc;AAG7B,QAAO,IAAI,2CAA2C,qBAAqB;AAC3E,QAAO,KAAK,aAAa,gBAAgB;AACzC,QAAO,IAAI,cAAc,oBAAoB;AAC7C,QAAO,KAAK,cAAc,qBAAqB;AAC/C,QAAO,KAAK,UAAU,aAAa;AAInC,QAAO,IACL,yCACA,oBAAoB,UAAU;EAC5B,MAAM,OAAO,MAAM,KAAK,IAAI,QAAQ,QAAQ;EAE5C,MAAM,UAAU,GADC,MAAM,KAAK,IAAI,QAAQ,wBAAwB,OACpC,KAAK;AAEjC,oBAAkB,OAAO,gBAAgB,mBAAmB;AAC5D,oBAAkB,OAAO,iBAAiB,uBAAuB;AAEjE,SAAO;GACL,UAAU,GAAG,QAAQ;GACrB,uBAAuB,CAAC,QAAQ;GAChC,kBAAkB,CAAC,aAAa;GAChC,0BAA0B,CAAC,SAAS;GACrC;GACD,CACH;AAGD,QAAO,IACL,KACA,yBAAyB;AACvB,SAAO;GAAE,QAAQ;GAAM,SAAS;GAAkB,SAAS;GAAS;GACpE,CACH;AAED,QAAO,IACL,WACA,yBAAyB;AACvB,SAAO,EAAE,QAAQ,MAAM;GACvB,CACH;AAGD,QAAO,KACL,QACA,mBAAmB,OAAO,UAAU;EAGlC,MAAM,cAAc,gBADD,UAAU,OAAO,gBAAgB,CACL;AAE/C,MAAI,CAAC,aAAa;GAEhB,MAAM,OAAO,MAAM,KAAK,IAAI,QAAQ,QAAQ;GAE5C,MAAM,UAAU,GADC,MAAM,KAAK,IAAI,QAAQ,wBAAwB,OACpC,KAAK;AAEjC,qBAAkB,OAAO,gBAAgB,mBAAmB;AAC5D,qBACE,OACA,oBACA,6BAA6B,QAAQ,wCACtC;AACD,SAAM,KAAK,IAAI,aAAa;AAC5B,UAAO,aACL,QACA,4FACD;;AAGH,oBAAkB,OAAO,gBAAgB,mBAAmB;EAG5D,IAAI;AACJ,MAAI;AACF,UAAO,MAAM,SAAS,MAAM;UACtB;AACN,SAAM,KAAK,IAAI,aAAa;AAC5B,UAAO,aAAa,QAAQ,4BAA4B;;AAG1D,MAAI,CAAC,QAAQ,OAAO,SAAS,UAAU;AACrC,SAAM,KAAK,IAAI,aAAa;AAC5B,UAAO,aAAa,QAAQ,4BAA4B;;EAG1D,MAAM,EAAE,QAAQ,QAAQ,OAAO;AAE/B,MAAI;AACF,OAAI,WAAW,aACb,QAAO,eAAe,kBAAkB,EAAE,MAAM,KAAK;AAGvD,OAAI,WAAW,aACb,QAAO,eAAe,iBAAiB,EAAE,MAAM,KAAK;AAGtD,OAAI,WAAW,cAAc;IAC3B,MAAM,EAAE,MAAM,WAAW,SAAS;AAKlC,WAAO,eADQ,MAAM,2BAA2B,MAAM,QAAQ,EAAE,EAAE,YAAY,EAChD,MAAM,KAAK;;AAG3C,OAAI,WAAW,iBACb,QAAO,eAAe,EAAE,WAAW,eAAe,EAAE,EAAE,MAAM,KAAK;AAGnE,OAAI,WAAW,2BACb,QAAO,eAAe,EAAE,mBAAmB,uBAAuB,EAAE,EAAE,MAAM,KAAK;AAGnF,OAAI,WAAW,kBAAkB;IAC/B,MAAM,EAAE,QAAS,UAA8B,EAAE;AACjD,QAAI,CAAC,IACH,QAAO,aAAa,QAAQ,mCAAmC,MAAM,KAAK;AAG5E,WAAO,eADQ,MAAM,aAAa,KAAK,YAAY,EACrB,MAAM,KAAK;;AAI3C,UAAO,aAAa,QAAQ,qBAAqB,UAAU,MAAM,KAAK;WAC/D,OAAO;AAEd,UAAO,aAAa,QAAQ,mBADZ,iBAAiB,QAAQ,MAAM,UAAU,OAAO,MAAM,IACZ,MAAM,KAAK;;GAEvE,CACH;AAGD,QAAO,IACL,YACA,mBAAmB,OAAO,UAAU;AAIlC,MAAI,CAFgB,gBADD,UAAU,OAAO,gBAAgB,CACL,EAE7B;GAEhB,MAAM,OAAO,MAAM,KAAK,IAAI,QAAQ,QAAQ;AAI5C,qBACE,OACA,oBACA,6BALc,GADC,MAAM,KAAK,IAAI,QAAQ,wBAAwB,OACpC,KAAK,OAKM,wCACtC;AACD,SAAM,KAAK,IAAI,aAAa;AAC5B,UAAO,EAAE,OAAO,2BAA2B;;AAI7C,oBAAkB,OAAO,gBAAgB,oBAAoB;AAC7D,oBAAkB,OAAO,iBAAiB,WAAW;AACrD,oBAAkB,OAAO,cAAc,aAAa;EAGpD,MAAM,YAAY,OAAO,YAAY;AAGrC,QAAM,KAAK,IAAI,MAAM,yBAAyB,KAAK,UAAU,EAAE,WAAW,CAAC,CAAC,MAAM;EAGlF,MAAM,YAAY,kBAAkB;AAClC,SAAM,KAAK,IAAI,MAAM,kBAAkB;KACtC,IAAM;AAGT,QAAM,KAAK,IAAI,GAAG,eAAe;AAC/B,iBAAc,UAAU;IACxB;AAGF,SAAO,IAAI,cAAc,GAAG;GAC5B,CACH;AAED,KAAI,IAAI,OAAO;AACf,QAAO"}
+{"version":3,"file":"http.js","names":[],"sources":["../src/http.ts"],"sourcesContent":["/**\n * HTTP transport handlers for Productive MCP Server\n *\n * This module contains the app/router creation logic for the HTTP transport.\n * The actual server startup is in server.ts.\n */\n\nimport { H3, defineHandler, type H3Event } from 'h3';\n\nimport { parseAuthHeader } from './auth.js';\nimport { executeToolWithCredentials } from './handlers.js';\nimport { INSTRUCTIONS } from './instructions.js';\nimport {\n  oauthMetadataHandler,\n  registerHandler,\n  authorizeGetHandler,\n  authorizePostHandler,\n  tokenHandler,\n} from './oauth.js';\nimport { listResources, listResourceTemplates, readResource } from './resources.js';\nimport { TOOLS } from './tools.js';\nimport { VERSION } from './version.js';\n\n/**\n * JSON-RPC error response\n */\nexport function jsonRpcError(code: number, message: string, id: string | number | null = null) {\n  return {\n    jsonrpc: '2.0',\n    error: { code, message },\n    id,\n  };\n}\n\n/**\n * JSON-RPC success response\n */\nexport function jsonRpcSuccess(result: unknown, id: string | number | null = null) {\n  return {\n    jsonrpc: '2.0',\n    result,\n    id,\n  };\n}\n\n/**\n * Handle the initialize JSON-RPC method\n */\nexport function handleInitialize() {\n  return {\n    protocolVersion: '2024-11-05',\n    serverInfo: {\n      name: 'productive-mcp',\n      version: VERSION,\n    },\n    capabilities: {\n      tools: {},\n      resources: {},\n    },\n    instructions: INSTRUCTIONS,\n  };\n}\n\n/**\n * Handle the tools/list JSON-RPC method\n */\nexport function handleToolsList() {\n  return { tools: TOOLS };\n}\n\n/**\n * Get base URL from event headers\n */\nfunction getBaseUrl(event: H3Event): string {\n  const host = event.req.headers.get('host') || 'localhost:3000';\n  const protocol = event.req.headers.get('x-forwarded-proto') || 'http';\n  return `${protocol}://${host}`;\n}\n\n/**\n * Create the H3 application with all routes\n */\nexport function createHttpApp(): H3 {\n  const app = new H3();\n\n  // OAuth 2.0 endpoints for Claude Desktop integration (MCP auth spec)\n  app.get('/.well-known/oauth-authorization-server', oauthMetadataHandler);\n  app.post('/register', registerHandler); // Dynamic Client Registration (RFC 7591)\n  app.get('/authorize', authorizeGetHandler);\n  app.post('/authorize', authorizePostHandler);\n  app.post('/token', tokenHandler);\n\n  // OAuth Protected Resource Metadata (RFC 9728 / MCP spec 2025-03-26)\n  // This endpoint tells clients where to find the authorization server\n  app.get(\n    '/.well-known/oauth-protected-resource',\n    defineHandler((event) => {\n      const baseUrl = getBaseUrl(event);\n\n      event.res.headers.set('Content-Type', 'application/json');\n      event.res.headers.set('Cache-Control', 'public, max-age=3600');\n\n      return {\n        resource: `${baseUrl}/mcp`,\n        authorization_servers: [baseUrl],\n        scopes_supported: ['productive'],\n        bearer_methods_supported: ['header'],\n      };\n    }),\n  );\n\n  // Health check endpoint\n  app.get(\n    '/',\n    defineHandler(() => {\n      return { status: 'ok', service: 'productive-mcp', version: VERSION };\n    }),\n  );\n\n  app.get(\n    '/health',\n    defineHandler(() => {\n      return { status: 'ok' };\n    }),\n  );\n\n  // MCP endpoint - handles JSON-RPC over HTTP\n  app.post(\n    '/mcp',\n    defineHandler(async (event) => {\n      // Parse authorization header\n      const authHeader = event.req.headers.get('authorization');\n      const credentials = parseAuthHeader(authHeader);\n\n      if (!credentials) {\n        // RFC 6750: Return WWW-Authenticate header to trigger OAuth flow\n        const baseUrl = getBaseUrl(event);\n\n        event.res.headers.set('Content-Type', 'application/json');\n        event.res.headers.set(\n          'WWW-Authenticate',\n          `Bearer resource_metadata=\"${baseUrl}/.well-known/oauth-protected-resource\"`,\n        );\n        event.res.status = 401;\n        return jsonRpcError(\n          -32001,\n          'Authentication required. Provide Bearer token with base64(organizationId:apiToken:userId)',\n        );\n      }\n\n      event.res.headers.set('Content-Type', 'application/json');\n\n      // Parse JSON-RPC request\n      let body: { method?: string; params?: unknown; id?: string | number } | undefined;\n      try {\n        body = await event.req.json();\n      } catch {\n        event.res.status = 400;\n        return jsonRpcError(-32700, 'Parse error: Invalid JSON');\n      }\n\n      if (!body || typeof body !== 'object') {\n        event.res.status = 400;\n        return jsonRpcError(-32700, 'Parse error: Invalid JSON');\n      }\n\n      const { method, params, id } = body;\n\n      try {\n        if (method === 'initialize') {\n          return jsonRpcSuccess(handleInitialize(), id ?? null);\n        }\n\n        if (method === 'tools/list') {\n          return jsonRpcSuccess(handleToolsList(), id ?? null);\n        }\n\n        if (method === 'tools/call') {\n          const { name, arguments: args } = params as {\n            name: string;\n            arguments?: Record<string, unknown>;\n          };\n          const result = await executeToolWithCredentials(name, args || {}, credentials);\n          return jsonRpcSuccess(result, id ?? null);\n        }\n\n        if (method === 'resources/list') {\n          return jsonRpcSuccess({ resources: listResources() }, id ?? null);\n        }\n\n        if (method === 'resources/templates/list') {\n          return jsonRpcSuccess({ resourceTemplates: listResourceTemplates() }, id ?? null);\n        }\n\n        if (method === 'resources/read') {\n          const { uri } = (params as { uri: string }) ?? {};\n          if (!uri) {\n            return jsonRpcError(-32602, 'Invalid params: uri is required', id ?? null);\n          }\n          const result = await readResource(uri, credentials);\n          return jsonRpcSuccess(result, id ?? null);\n        }\n\n        // Unknown method\n        return jsonRpcError(-32601, `Method not found: ${method}`, id ?? null);\n      } catch (error) {\n        const message = error instanceof Error ? error.message : String(error);\n        return jsonRpcError(-32603, `Internal error: ${message}`, id ?? null);\n      }\n    }),\n  );\n\n  // SSE endpoint for server-sent events (optional, for streaming responses)\n  app.get(\n    '/mcp/sse',\n    defineHandler(async (event) => {\n      const authHeader = event.req.headers.get('authorization');\n      const credentials = parseAuthHeader(authHeader);\n\n      if (!credentials) {\n        // RFC 6750: Return WWW-Authenticate header to trigger OAuth flow\n        const baseUrl = getBaseUrl(event);\n\n        event.res.headers.set(\n          'WWW-Authenticate',\n          `Bearer resource_metadata=\"${baseUrl}/.well-known/oauth-protected-resource\"`,\n        );\n        event.res.status = 401;\n        return { error: 'Authentication required' };\n      }\n\n      // Node.js-specific SSE: access raw res for streaming\n      const nodeRuntime = event.runtime?.node;\n      const nodeRes = nodeRuntime?.res as import('node:http').ServerResponse | undefined;\n      if (!nodeRes) {\n        event.res.status = 501;\n        return { error: 'SSE requires Node.js runtime' };\n      }\n\n      // Write SSE headers directly to Node.js response (bypassing h3's pipeline)\n      nodeRes.writeHead(200, {\n        'Content-Type': 'text/event-stream',\n        'Cache-Control': 'no-cache',\n        Connection: 'keep-alive',\n      });\n\n      // Generate session ID and send it\n      const sessionId = crypto.randomUUID();\n\n      // Send initial session event\n      nodeRes.write(`event: session\\ndata: ${JSON.stringify({ sessionId })}\\n\\n`);\n\n      // Keep connection alive\n      const keepAlive = setInterval(() => {\n        nodeRes.write(': keepalive\\n\\n');\n      }, 30000);\n\n      // Clean up on close\n      nodeRuntime?.req.on('close', () => {\n        clearInterval(keepAlive);\n      });\n\n      // Don't end the response - keep it open for SSE\n      return new Promise(() => {});\n    }),\n  );\n\n  return app;\n}\n"],"mappings":";;;;;;;;;;;;;;;AA0BA,SAAgB,aAAa,MAAc,SAAiB,KAA6B,MAAM;AAC7F,QAAO;EACL,SAAS;EACT,OAAO;GAAE;GAAM;GAAS;EACxB;EACD;;;;;AAMH,SAAgB,eAAe,QAAiB,KAA6B,MAAM;AACjF,QAAO;EACL,SAAS;EACT;EACA;EACD;;;;;AAMH,SAAgB,mBAAmB;AACjC,QAAO;EACL,iBAAiB;EACjB,YAAY;GACV,MAAM;GACN,SAAS;GACV;EACD,cAAc;GACZ,OAAO,EAAE;GACT,WAAW,EAAE;GACd;EACD,cAAc;EACf;;;;;AAMH,SAAgB,kBAAkB;AAChC,QAAO,EAAE,OAAO,OAAO;;;;;AAMzB,SAAS,WAAW,OAAwB;CAC1C,MAAM,OAAO,MAAM,IAAI,QAAQ,IAAI,OAAO,IAAI;AAE9C,QAAO,GADU,MAAM,IAAI,QAAQ,IAAI,oBAAoB,IAAI,OAC5C,KAAK;;;;;AAM1B,SAAgB,gBAAoB;CAClC,MAAM,MAAM,IAAI,IAAI;AAGpB,KAAI,IAAI,2CAA2C,qBAAqB;AACxE,KAAI,KAAK,aAAa,gBAAgB;AACtC,KAAI,IAAI,cAAc,oBAAoB;AAC1C,KAAI,KAAK,cAAc,qBAAqB;AAC5C,KAAI,KAAK,UAAU,aAAa;AAIhC,KAAI,IACF,yCACA,eAAe,UAAU;EACvB,MAAM,UAAU,WAAW,MAAM;AAEjC,QAAM,IAAI,QAAQ,IAAI,gBAAgB,mBAAmB;AACzD,QAAM,IAAI,QAAQ,IAAI,iBAAiB,uBAAuB;AAE9D,SAAO;GACL,UAAU,GAAG,QAAQ;GACrB,uBAAuB,CAAC,QAAQ;GAChC,kBAAkB,CAAC,aAAa;GAChC,0BAA0B,CAAC,SAAS;GACrC;GACD,CACH;AAGD,KAAI,IACF,KACA,oBAAoB;AAClB,SAAO;GAAE,QAAQ;GAAM,SAAS;GAAkB,SAAS;GAAS;GACpE,CACH;AAED,KAAI,IACF,WACA,oBAAoB;AAClB,SAAO,EAAE,QAAQ,MAAM;GACvB,CACH;AAGD,KAAI,KACF,QACA,cAAc,OAAO,UAAU;EAG7B,MAAM,cAAc,gBADD,MAAM,IAAI,QAAQ,IAAI,gBAAgB,CACV;AAE/C,MAAI,CAAC,aAAa;GAEhB,MAAM,UAAU,WAAW,MAAM;AAEjC,SAAM,IAAI,QAAQ,IAAI,gBAAgB,mBAAmB;AACzD,SAAM,IAAI,QAAQ,IAChB,oBACA,6BAA6B,QAAQ,wCACtC;AACD,SAAM,IAAI,SAAS;AACnB,UAAO,aACL,QACA,4FACD;;AAGH,QAAM,IAAI,QAAQ,IAAI,gBAAgB,mBAAmB;EAGzD,IAAI;AACJ,MAAI;AACF,UAAO,MAAM,MAAM,IAAI,MAAM;UACvB;AACN,SAAM,IAAI,SAAS;AACnB,UAAO,aAAa,QAAQ,4BAA4B;;AAG1D,MAAI,CAAC,QAAQ,OAAO,SAAS,UAAU;AACrC,SAAM,IAAI,SAAS;AACnB,UAAO,aAAa,QAAQ,4BAA4B;;EAG1D,MAAM,EAAE,QAAQ,QAAQ,OAAO;AAE/B,MAAI;AACF,OAAI,WAAW,aACb,QAAO,eAAe,kBAAkB,EAAE,MAAM,KAAK;AAGvD,OAAI,WAAW,aACb,QAAO,eAAe,iBAAiB,EAAE,MAAM,KAAK;AAGtD,OAAI,WAAW,cAAc;IAC3B,MAAM,EAAE,MAAM,WAAW,SAAS;AAKlC,WAAO,eADQ,MAAM,2BAA2B,MAAM,QAAQ,EAAE,EAAE,YAAY,EAChD,MAAM,KAAK;;AAG3C,OAAI,WAAW,iBACb,QAAO,eAAe,EAAE,WAAW,eAAe,EAAE,EAAE,MAAM,KAAK;AAGnE,OAAI,WAAW,2BACb,QAAO,eAAe,EAAE,mBAAmB,uBAAuB,EAAE,EAAE,MAAM,KAAK;AAGnF,OAAI,WAAW,kBAAkB;IAC/B,MAAM,EAAE,QAAS,UAA8B,EAAE;AACjD,QAAI,CAAC,IACH,QAAO,aAAa,QAAQ,mCAAmC,MAAM,KAAK;AAG5E,WAAO,eADQ,MAAM,aAAa,KAAK,YAAY,EACrB,MAAM,KAAK;;AAI3C,UAAO,aAAa,QAAQ,qBAAqB,UAAU,MAAM,KAAK;WAC/D,OAAO;AAEd,UAAO,aAAa,QAAQ,mBADZ,iBAAiB,QAAQ,MAAM,UAAU,OAAO,MAAM,IACZ,MAAM,KAAK;;GAEvE,CACH;AAGD,KAAI,IACF,YACA,cAAc,OAAO,UAAU;AAI7B,MAAI,CAFgB,gBADD,MAAM,IAAI,QAAQ,IAAI,gBAAgB,CACV,EAE7B;GAEhB,MAAM,UAAU,WAAW,MAAM;AAEjC,SAAM,IAAI,QAAQ,IAChB,oBACA,6BAA6B,QAAQ,wCACtC;AACD,SAAM,IAAI,SAAS;AACnB,UAAO,EAAE,OAAO,2BAA2B;;EAI7C,MAAM,cAAc,MAAM,SAAS;EACnC,MAAM,UAAU,aAAa;AAC7B,MAAI,CAAC,SAAS;AACZ,SAAM,IAAI,SAAS;AACnB,UAAO,EAAE,OAAO,gCAAgC;;AAIlD,UAAQ,UAAU,KAAK;GACrB,gBAAgB;GAChB,iBAAiB;GACjB,YAAY;GACb,CAAC;EAGF,MAAM,YAAY,OAAO,YAAY;AAGrC,UAAQ,MAAM,yBAAyB,KAAK,UAAU,EAAE,WAAW,CAAC,CAAC,MAAM;EAG3E,MAAM,YAAY,kBAAkB;AAClC,WAAQ,MAAM,kBAAkB;KAC/B,IAAM;AAGT,eAAa,IAAI,GAAG,eAAe;AACjC,iBAAc,UAAU;IACxB;AAGF,SAAO,IAAI,cAAc,GAAG;GAC5B,CACH;AAED,QAAO"}

package/dist/index.js

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
-import { a as INSTRUCTIONS, i as readResource, n as listResourceTemplates, r as listResources, t as VERSION } from "./version-zLvx5_bN.js";
-import "./handlers-CzOijI7B.js";
-import { getAvailablePrompts, getAvailableTools, handlePrompt, handleToolCall } from "./stdio.js";
+import { a as INSTRUCTIONS, i as readResource, n as listResourceTemplates, r as listResources, t as VERSION } from "./version-BFw4junA.js";
+import "./handlers-t95fhdps.js";
+import { a as handlePrompt, n as getAvailableTools, s as handleToolCall, t as getAvailablePrompts } from "./stdio-Bi1Lvp8O.js";
 import { Server } from "@modelcontextprotocol/sdk/server/index.js";
 import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
 import { CallToolRequestSchema, GetPromptRequestSchema, ListPromptsRequestSchema, ListResourceTemplatesRequestSchema, ListResourcesRequestSchema, ListToolsRequestSchema, ReadResourceRequestSchema } from "@modelcontextprotocol/sdk/types.js";

package/dist/oauth.d.ts

@@ -20,7 +20,7 @@
  *
  * MCP clients MUST check this endpoint first for server capabilities.
  */
-export declare const oauthMetadataHandler: import("h3").EventHandler<import("h3").EventHandlerRequest, {
+export declare const oauthMetadataHandler: import("h3").EventHandlerWithFetch<import("h3").EventHandlerRequest, {
     issuer: string;
     authorization_endpoint: string;
     token_endpoint: string;
@@ -40,7 +40,7 @@ export declare const oauthMetadataHandler: import("h3").EventHandler<import("h3"
  * Since we use stateless tokens, we accept any registration and return
  * a generated client_id.
  */
-export declare const registerHandler: import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<{
+export declare const registerHandler: import("h3").EventHandlerWithFetch<import("h3").EventHandlerRequest, Promise<{
     error: string;
     error_description: string;
     client_id?: undefined;
@@ -50,25 +50,25 @@ export declare const registerHandler: import("h3").EventHandler<import("h3").Eve
     grant_types?: undefined;
     response_types?: undefined;
 } | {
+    error?: undefined;
+    error_description?: undefined;
     client_id: string;
     client_name: string;
     redirect_uris: string[];
     token_endpoint_auth_method: string;
     grant_types: string[];
     response_types: string[];
-    error?: undefined;
-    error_description?: undefined;
 }>>;
 /**
  * Authorization endpoint - shows login form
  * GET /authorize
  */
-export declare const authorizeGetHandler: import("h3").EventHandler<import("h3").EventHandlerRequest, string | Promise<void>>;
+export declare const authorizeGetHandler: import("h3").EventHandlerWithFetch<import("h3").EventHandlerRequest, string | import("h3").HTTPResponse>;
 /**
  * Authorization endpoint - process login
  * POST /authorize
  */
-export declare const authorizePostHandler: import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<string>>;
+export declare const authorizePostHandler: import("h3").EventHandlerWithFetch<import("h3").EventHandlerRequest, Promise<string>>;
 /**
  * Token endpoint - exchange code for access token
  * POST /token
@@ -77,7 +77,7 @@ export declare const authorizePostHandler: import("h3").EventHandler<import("h3"
  * - authorization_code grant (with PKCE validation)
  * - refresh_token grant
  */
-export declare const tokenHandler: import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<{
+export declare const tokenHandler: import("h3").EventHandlerWithFetch<import("h3").EventHandlerRequest, Promise<{
     error: string;
     error_description: string;
     access_token?: undefined;
@@ -85,11 +85,11 @@ export declare const tokenHandler: import("h3").EventHandler<import("h3").EventH
     expires_in?: undefined;
     refresh_token?: undefined;
 } | {
+    error?: undefined;
+    error_description?: undefined;
     access_token: string;
     token_type: string;
     expires_in: number;
     refresh_token: string;
-    error?: undefined;
-    error_description?: undefined;
 }>>;
 //# sourceMappingURL=oauth.d.ts.map

package/dist/oauth.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"oauth.d.ts","sourceRoot":"","sources":["../src/oauth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAeH;;;;;GAKG;AACH,eAAO,MAAM,oBAAoB;;;;;;;;;;;EAyB/B,CAAC;AAEH;;;;;;;GAOG;AACH,eAAO,MAAM,eAAe;;;;;;;;;;;;;;;;;;GAoC1B,CAAC;AAEH;;;GAGG;AACH,eAAO,MAAM,mBAAmB,qFA+C9B,CAAC;AAEH;;;GAGG;AACH,eAAO,MAAM,oBAAoB,8EAyD/B,CAAC;AAEH;;;;;;;GAOG;AACH,eAAO,MAAM,YAAY;;;;;;;;;;;;;;GA+FvB,CAAC"}
+{"version":3,"file":"oauth.d.ts","sourceRoot":"","sources":["../src/oauth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAQH;;;;;GAKG;AACH,eAAO,MAAM,oBAAoB;;;;;;;;;;;EAyB/B,CAAC;AAEH;;;;;;;GAOG;AACH,eAAO,MAAM,eAAe;;;;;;;;;;;;;;;;;;GAoC1B,CAAC;AAEH;;;GAGG;AACH,eAAO,MAAM,mBAAmB,0GA+C9B,CAAC;AAEH;;;GAGG;AACH,eAAO,MAAM,oBAAoB,uFA0D/B,CAAC;AAEH;;;;;;;GAOG;AACH,eAAO,MAAM,YAAY;;;;;;;;;;;;;;GA2FvB,CAAC"}

package/dist/oauth.js

@@ -1,6 +1,6 @@
 import { createAuthToken } from "./auth.js";
 import { createAuthCode, decodeAuthCode } from "./crypto.js";
-import { defineEventHandler, getQuery, readBody, sendRedirect, setResponseHeader } from "h3";
+import { defineHandler, getQuery, redirect } from "h3";
 import { createHash } from "node:crypto";
 /**
 * OAuth 2.0 endpoints for Claude Desktop integration
@@ -24,11 +24,11 @@ import { createHash } from "node:crypto";
 *
 * MCP clients MUST check this endpoint first for server capabilities.
 */
-const oauthMetadataHandler = defineEventHandler((event) => {
-	const host = event.node.req.headers.host || "localhost:3000";
-	const baseUrl = `${event.node.req.headers["x-forwarded-proto"] || "http"}://${host}`;
-	setResponseHeader(event, "Content-Type", "application/json");
-	setResponseHeader(event, "Cache-Control", "public, max-age=3600");
+const oauthMetadataHandler = defineHandler((event) => {
+	const host = event.req.headers.get("host") || "localhost:3000";
+	const baseUrl = `${event.req.headers.get("x-forwarded-proto") || "http"}://${host}`;
+	event.res.headers.set("Content-Type", "application/json");
+	event.res.headers.set("Cache-Control", "public, max-age=3600");
 	return {
 		issuer: baseUrl,
 		authorization_endpoint: `${baseUrl}/authorize`,
@@ -50,13 +50,13 @@ const oauthMetadataHandler = defineEventHandler((event) => {
 * Since we use stateless tokens, we accept any registration and return
 * a generated client_id.
 */
-const registerHandler = defineEventHandler(async (event) => {
-	setResponseHeader(event, "Content-Type", "application/json");
+const registerHandler = defineHandler(async (event) => {
+	event.res.headers.set("Content-Type", "application/json");
 	let body;
 	try {
-		body = await readBody(event);
+		body = await event.req.json();
 	} catch {
-		event.node.res.statusCode = 400;
+		event.res.status = 400;
 		return {
 			error: "invalid_request",
 			error_description: "Invalid JSON body"
@@ -68,7 +68,7 @@ const registerHandler = defineEventHandler(async (event) => {
 		name: clientName,
 		ts: Date.now()
 	})).toString("base64url");
-	event.node.res.statusCode = 201;
+	event.res.status = 201;
 	return {
 		client_id: clientId,
 		client_name: clientName,
@@ -82,7 +82,7 @@ const registerHandler = defineEventHandler(async (event) => {
 * Authorization endpoint - shows login form
 * GET /authorize
 */
-const authorizeGetHandler = defineEventHandler((event) => {
+const authorizeGetHandler = defineHandler((event) => {
 	const query = getQuery(event);
 	const clientId = query.client_id;
 	const redirectUri = query.redirect_uri;
@@ -91,8 +91,8 @@ const authorizeGetHandler = defineEventHandler((event) => {
 	const codeChallengeMethod = query.code_challenge_method;
 	const scope = query.scope;
 	if (!redirectUri) {
-		setResponseHeader(event, "Content-Type", "text/html; charset=utf-8");
-		event.node.res.statusCode = 400;
+		event.res.headers.set("Content-Type", "text/html; charset=utf-8");
+		event.res.status = 400;
 		return renderErrorPage("Missing required parameter: redirect_uri");
 	}
 	if (!codeChallenge) {
@@ -100,16 +100,16 @@ const authorizeGetHandler = defineEventHandler((event) => {
 		errorUrl.searchParams.set("error", "invalid_request");
 		errorUrl.searchParams.set("error_description", "code_challenge is required");
 		if (state) errorUrl.searchParams.set("state", state);
-		return sendRedirect(event, errorUrl.toString());
+		return redirect(errorUrl.toString());
 	}
 	if (codeChallengeMethod && codeChallengeMethod !== "S256") {
 		const errorUrl = new URL(redirectUri);
 		errorUrl.searchParams.set("error", "invalid_request");
 		errorUrl.searchParams.set("error_description", "Only S256 code_challenge_method is supported");
 		if (state) errorUrl.searchParams.set("state", state);
-		return sendRedirect(event, errorUrl.toString());
+		return redirect(errorUrl.toString());
 	}
-	setResponseHeader(event, "Content-Type", "text/html; charset=utf-8");
+	event.res.headers.set("Content-Type", "text/html; charset=utf-8");
 	return renderLoginForm({
 		clientId,
 		redirectUri,
@@ -123,11 +123,12 @@ const authorizeGetHandler = defineEventHandler((event) => {
 * Authorization endpoint - process login
 * POST /authorize
 */
-const authorizePostHandler = defineEventHandler(async (event) => {
-	const { orgId, apiToken, userId, redirectUri, state, codeChallenge, codeChallengeMethod } = await readBody(event);
+const authorizePostHandler = defineHandler(async (event) => {
+	const formData = await event.req.formData();
+	const { orgId, apiToken, userId, redirectUri, state, codeChallenge, codeChallengeMethod } = Object.fromEntries(formData.entries());
 	if (!redirectUri) {
-		setResponseHeader(event, "Content-Type", "text/html; charset=utf-8");
-		event.node.res.statusCode = 400;
+		event.res.headers.set("Content-Type", "text/html; charset=utf-8");
+		event.res.status = 400;
 		return renderErrorPage("Missing redirect_uri parameter");
 	}
 	try {
@@ -135,15 +136,15 @@ const authorizePostHandler = defineEventHandler(async (event) => {
 		const isLocalhost = uri.hostname === "localhost" || uri.hostname === "127.0.0.1";
 		const isHttps = uri.protocol === "https:";
 		if (!isLocalhost && !isHttps) {
-			event.node.res.statusCode = 400;
+			event.res.status = 400;
 			return renderErrorPage("redirect_uri must be HTTPS or localhost");
 		}
 	} catch {
-		event.node.res.statusCode = 400;
+		event.res.status = 400;
 		return renderErrorPage("Invalid redirect_uri format");
 	}
 	if (!orgId || !apiToken) {
-		setResponseHeader(event, "Content-Type", "text/html; charset=utf-8");
+		event.res.headers.set("Content-Type", "text/html; charset=utf-8");
 		return renderLoginForm({
 			redirectUri,
 			state,
@@ -162,7 +163,7 @@ const authorizePostHandler = defineEventHandler(async (event) => {
 	const redirectUrl = new URL(redirectUri);
 	redirectUrl.searchParams.set("code", code);
 	if (state) redirectUrl.searchParams.set("state", state);
-	setResponseHeader(event, "Content-Type", "text/html; charset=utf-8");
+	event.res.headers.set("Content-Type", "text/html; charset=utf-8");
 	return renderSuccessPage(redirectUrl.toString());
 });
 /**
@@ -173,32 +174,31 @@ const authorizePostHandler = defineEventHandler(async (event) => {
 * - authorization_code grant (with PKCE validation)
 * - refresh_token grant
 */
-const tokenHandler = defineEventHandler(async (event) => {
-	setResponseHeader(event, "Content-Type", "application/json");
+const tokenHandler = defineHandler(async (event) => {
+	event.res.headers.set("Content-Type", "application/json");
 	let body;
-	if ((event.node.req.headers["content-type"] || "").includes("application/x-www-form-urlencoded")) {
-		const rawBody = await readBody(event);
-		if (typeof rawBody === "string") body = Object.fromEntries(new URLSearchParams(rawBody));
-		else body = rawBody;
-	} else body = await readBody(event);
+	if ((event.req.headers.get("content-type") || "").includes("application/x-www-form-urlencoded")) {
+		const rawText = await event.req.text();
+		body = Object.fromEntries(new URLSearchParams(rawText));
+	} else body = await event.req.json();
 	const { grant_type, code, code_verifier, refresh_token } = body;
 	if (grant_type === "refresh_token") return handleRefreshToken(event, refresh_token);
 	if (grant_type !== "authorization_code") {
-		event.node.res.statusCode = 400;
+		event.res.status = 400;
 		return {
 			error: "unsupported_grant_type",
 			error_description: "Supported grant types: authorization_code, refresh_token"
 		};
 	}
 	if (!code) {
-		event.node.res.statusCode = 400;
+		event.res.status = 400;
 		return {
 			error: "invalid_request",
 			error_description: "Missing authorization code"
 		};
 	}
 	if (!code_verifier) {
-		event.node.res.statusCode = 400;
+		event.res.status = 400;
 		return {
 			error: "invalid_request",
 			error_description: "Missing code_verifier (PKCE required)"
@@ -208,7 +208,7 @@ const tokenHandler = defineEventHandler(async (event) => {
 		const payload = decodeAuthCode(code);
 		if (payload.codeChallenge) {
 			if (createS256Challenge(code_verifier) !== payload.codeChallenge) {
-				event.node.res.statusCode = 400;
+				event.res.status = 400;
 				return {
 					error: "invalid_grant",
 					error_description: "Invalid code_verifier"
@@ -230,7 +230,7 @@ const tokenHandler = defineEventHandler(async (event) => {
 			}, 86400 * 30)
 		};
 	} catch (error) {
-		event.node.res.statusCode = 400;
+		event.res.status = 400;
 		return {
 			error: "invalid_grant",
 			error_description: error instanceof Error ? error.message : "Invalid authorization code"
@@ -242,7 +242,7 @@ const tokenHandler = defineEventHandler(async (event) => {
 */
 function handleRefreshToken(event, refreshToken) {
 	if (!refreshToken) {
-		event.node.res.statusCode = 400;
+		event.res.status = 400;
 		return {
 			error: "invalid_request",
 			error_description: "Missing refresh_token"
@@ -265,7 +265,7 @@ function handleRefreshToken(event, refreshToken) {
 			}, 86400 * 30)
 		};
 	} catch (error) {
-		event.node.res.statusCode = 400;
+		event.res.status = 400;
 		return {
 			error: "invalid_grant",
 			error_description: error instanceof Error ? error.message : "Invalid refresh token"