@studiometa/productive-mcp 0.10.8 → 0.10.10

package/dist/http.d.ts

@@ -4,7 +4,9 @@
  * This module contains the app/router creation logic for the HTTP transport.
  * The actual server startup is in server.ts.
  */
-import { type App } from 'h3';
+import { Server } from '@modelcontextprotocol/sdk/server/index.js';
+import { StreamableHTTPServerTransport } from '@modelcontextprotocol/sdk/server/streamableHttp.js';
+import { H3 } from 'h3';
 /**
  * JSON-RPC error response
  */
@@ -35,6 +37,7 @@ export declare function handleInitialize(): {
     };
     capabilities: {
         tools: {};
+        prompts: {};
         resources: {};
     };
     instructions: string;
@@ -44,6 +47,7 @@ export declare function handleInitialize(): {
  */
 export declare function handleToolsList(): {
     tools: {
+        description?: string | undefined;
         inputSchema: {
             [x: string]: unknown;
             type: "object";
@@ -52,8 +56,6 @@ export declare function handleToolsList(): {
             } | undefined;
             required?: string[] | undefined;
         };
-        name: string;
-        description?: string | undefined;
         outputSchema?: {
             [x: string]: unknown;
             type: "object";
@@ -70,7 +72,7 @@ export declare function handleToolsList(): {
             openWorldHint?: boolean | undefined;
         } | undefined;
         execution?: {
-            taskSupport?: "optional" | "required" | "forbidden" | undefined;
+            taskSupport?: "forbidden" | "optional" | "required" | undefined;
         } | undefined;
         _meta?: {
             [x: string]: unknown;
@@ -79,13 +81,16 @@ export declare function handleToolsList(): {
             src: string;
             mimeType?: string | undefined;
             sizes?: string[] | undefined;
-            theme?: "light" | "dark" | undefined;
+            theme?: "dark" | "light" | undefined;
         }[] | undefined;
+        name: string;
         title?: string | undefined;
     }[];
 };
+export declare function createHttpMcpServer(): Server;
+export declare function createHttpMcpTransport(): Promise<StreamableHTTPServerTransport>;
 /**
- * Create the h3 application with all routes
+ * Create the H3 application with all routes
  */
-export declare function createHttpApp(): App;
+export declare function createHttpApp(): H3;
 //# sourceMappingURL=http.d.ts.map

package/dist/http.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"http.d.ts","sourceRoot":"","sources":["../src/http.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAOL,KAAK,GAAG,EACT,MAAM,IAAI,CAAC;AAgBZ;;GAEG;AACH,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,GAAE,MAAM,GAAG,MAAM,GAAG,IAAW;;;;;;;EAM5F;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,OAAO,EAAE,EAAE,GAAE,MAAM,GAAG,MAAM,GAAG,IAAW;;;;EAMhF;AAED;;GAEG;AACH,wBAAgB,gBAAgB;;;;;;;;;;;EAa/B;AAED;;GAEG;AACH,wBAAgB,eAAe;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAE9B;AAED;;GAEG;AACH,wBAAgB,aAAa,IAAI,GAAG,CA0LnC"}
+{"version":3,"file":"http.d.ts","sourceRoot":"","sources":["../src/http.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAKH,OAAO,EAAE,MAAM,EAAE,MAAM,2CAA2C,CAAC;AACnE,OAAO,EAAE,6BAA6B,EAAE,MAAM,oDAAoD,CAAC;AAYnG,OAAO,EAAE,EAAE,EAA+B,MAAM,IAAI,CAAC;AAmBrD;;GAEG;AACH,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,GAAE,MAAM,GAAG,MAAM,GAAG,IAAW;;;;;;;EAM5F;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,OAAO,EAAE,EAAE,GAAE,MAAM,GAAG,MAAM,GAAG,IAAW;;;;EAMhF;AAED;;GAEG;AACH,wBAAgB,gBAAgB;;;;;;;;;;;;EAc/B;AAED;;GAEG;AACH,wBAAgB,eAAe;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAE9B;AA6DD,wBAAgB,mBAAmB,IAAI,MAAM,CAwD5C;AAED,wBAAsB,sBAAsB,IAAI,OAAO,CAAC,6BAA6B,CAAC,CAUrF;AAuBD;;GAEG;AACH,wBAAgB,aAAa,IAAI,EAAE,CA2FlC"}

package/dist/http.js

@@ -1,159 +1,2 @@
-import { a as INSTRUCTIONS, i as readResource, n as listResourceTemplates, r as listResources, t as VERSION } from "./version-DpBFJ7eV.js";
-import { t as executeToolWithCredentials } from "./handlers-t95fhdps.js";
-import { TOOLS } from "./tools.js";
-import { parseAuthHeader } from "./auth.js";
-import { authorizeGetHandler, authorizePostHandler, oauthMetadataHandler, registerHandler, tokenHandler } from "./oauth.js";
-import { createApp, createRouter, defineEventHandler, getHeader, readBody, setResponseHeader } from "h3";
-/**
-* HTTP transport handlers for Productive MCP Server
-*
-* This module contains the app/router creation logic for the HTTP transport.
-* The actual server startup is in server.ts.
-*/
-/**
-* JSON-RPC error response
-*/
-function jsonRpcError(code, message, id = null) {
-	return {
-		jsonrpc: "2.0",
-		error: {
-			code,
-			message
-		},
-		id
-	};
-}
-/**
-* JSON-RPC success response
-*/
-function jsonRpcSuccess(result, id = null) {
-	return {
-		jsonrpc: "2.0",
-		result,
-		id
-	};
-}
-/**
-* Handle the initialize JSON-RPC method
-*/
-function handleInitialize() {
-	return {
-		protocolVersion: "2024-11-05",
-		serverInfo: {
-			name: "productive-mcp",
-			version: VERSION
-		},
-		capabilities: {
-			tools: {},
-			resources: {}
-		},
-		instructions: INSTRUCTIONS
-	};
-}
-/**
-* Handle the tools/list JSON-RPC method
-*/
-function handleToolsList() {
-	return { tools: TOOLS };
-}
-/**
-* Create the h3 application with all routes
-*/
-function createHttpApp() {
-	const app = createApp();
-	const router = createRouter();
-	router.get("/.well-known/oauth-authorization-server", oauthMetadataHandler);
-	router.post("/register", registerHandler);
-	router.get("/authorize", authorizeGetHandler);
-	router.post("/authorize", authorizePostHandler);
-	router.post("/token", tokenHandler);
-	router.get("/.well-known/oauth-protected-resource", defineEventHandler((event) => {
-		const host = event.node.req.headers.host || "localhost:3000";
-		const baseUrl = `${event.node.req.headers["x-forwarded-proto"] || "http"}://${host}`;
-		setResponseHeader(event, "Content-Type", "application/json");
-		setResponseHeader(event, "Cache-Control", "public, max-age=3600");
-		return {
-			resource: `${baseUrl}/mcp`,
-			authorization_servers: [baseUrl],
-			scopes_supported: ["productive"],
-			bearer_methods_supported: ["header"]
-		};
-	}));
-	router.get("/", defineEventHandler(() => {
-		return {
-			status: "ok",
-			service: "productive-mcp",
-			version: VERSION
-		};
-	}));
-	router.get("/health", defineEventHandler(() => {
-		return { status: "ok" };
-	}));
-	router.post("/mcp", defineEventHandler(async (event) => {
-		const credentials = parseAuthHeader(getHeader(event, "authorization"));
-		if (!credentials) {
-			const host = event.node.req.headers.host || "localhost:3000";
-			const baseUrl = `${event.node.req.headers["x-forwarded-proto"] || "http"}://${host}`;
-			setResponseHeader(event, "Content-Type", "application/json");
-			setResponseHeader(event, "WWW-Authenticate", `Bearer resource_metadata="${baseUrl}/.well-known/oauth-protected-resource"`);
-			event.node.res.statusCode = 401;
-			return jsonRpcError(-32001, "Authentication required. Provide Bearer token with base64(organizationId:apiToken:userId)");
-		}
-		setResponseHeader(event, "Content-Type", "application/json");
-		let body;
-		try {
-			body = await readBody(event);
-		} catch {
-			event.node.res.statusCode = 400;
-			return jsonRpcError(-32700, "Parse error: Invalid JSON");
-		}
-		if (!body || typeof body !== "object") {
-			event.node.res.statusCode = 400;
-			return jsonRpcError(-32700, "Parse error: Invalid JSON");
-		}
-		const { method, params, id } = body;
-		try {
-			if (method === "initialize") return jsonRpcSuccess(handleInitialize(), id ?? null);
-			if (method === "tools/list") return jsonRpcSuccess(handleToolsList(), id ?? null);
-			if (method === "tools/call") {
-				const { name, arguments: args } = params;
-				return jsonRpcSuccess(await executeToolWithCredentials(name, args || {}, credentials), id ?? null);
-			}
-			if (method === "resources/list") return jsonRpcSuccess({ resources: listResources() }, id ?? null);
-			if (method === "resources/templates/list") return jsonRpcSuccess({ resourceTemplates: listResourceTemplates() }, id ?? null);
-			if (method === "resources/read") {
-				const { uri } = params ?? {};
-				if (!uri) return jsonRpcError(-32602, "Invalid params: uri is required", id ?? null);
-				return jsonRpcSuccess(await readResource(uri, credentials), id ?? null);
-			}
-			return jsonRpcError(-32601, `Method not found: ${method}`, id ?? null);
-		} catch (error) {
-			return jsonRpcError(-32603, `Internal error: ${error instanceof Error ? error.message : String(error)}`, id ?? null);
-		}
-	}));
-	router.get("/mcp/sse", defineEventHandler(async (event) => {
-		if (!parseAuthHeader(getHeader(event, "authorization"))) {
-			const host = event.node.req.headers.host || "localhost:3000";
-			setResponseHeader(event, "WWW-Authenticate", `Bearer resource_metadata="${`${event.node.req.headers["x-forwarded-proto"] || "http"}://${host}`}/.well-known/oauth-protected-resource"`);
-			event.node.res.statusCode = 401;
-			return { error: "Authentication required" };
-		}
-		setResponseHeader(event, "Content-Type", "text/event-stream");
-		setResponseHeader(event, "Cache-Control", "no-cache");
-		setResponseHeader(event, "Connection", "keep-alive");
-		const sessionId = crypto.randomUUID();
-		event.node.res.write(`event: session\ndata: ${JSON.stringify({ sessionId })}\n\n`);
-		const keepAlive = setInterval(() => {
-			event.node.res.write(": keepalive\n\n");
-		}, 3e4);
-		event.node.req.on("close", () => {
-			clearInterval(keepAlive);
-		});
-		return new Promise(() => {});
-	}));
-	app.use(router);
-	return app;
-}
-export { createHttpApp, handleInitialize, handleToolsList, jsonRpcError, jsonRpcSuccess };
-
-//# sourceMappingURL=http.js.map
+import { a as handleToolsList, i as handleInitialize, n as createHttpMcpServer, o as jsonRpcError, r as createHttpMcpTransport, s as jsonRpcSuccess, t as createHttpApp } from "./http-CVE4qtko.js";
+export { createHttpApp, createHttpMcpServer, createHttpMcpTransport, handleInitialize, handleToolsList, jsonRpcError, jsonRpcSuccess };

package/dist/index.js

@@ -1,11 +1,11 @@
 #!/usr/bin/env node
-import { a as INSTRUCTIONS, i as readResource, n as listResourceTemplates, r as listResources, t as VERSION } from "./version-DpBFJ7eV.js";
-import "./handlers-t95fhdps.js";
-import { a as handlePrompt, n as getAvailableTools, s as handleToolCall, t as getAvailablePrompts } from "./stdio-Bi1Lvp8O.js";
+import { a as INSTRUCTIONS, i as readResource, n as listResourceTemplates, r as listResources, t as VERSION } from "./version-Cy8UEAT1.js";
+import { a as handlePrompt, n as getAvailableTools, s as handleToolCall, t as getAvailablePrompts } from "./stdio-BFK9AcdQ.js";
 import { Server } from "@modelcontextprotocol/sdk/server/index.js";
 import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
 import { CallToolRequestSchema, GetPromptRequestSchema, ListPromptsRequestSchema, ListResourceTemplatesRequestSchema, ListResourcesRequestSchema, ListToolsRequestSchema, ReadResourceRequestSchema } from "@modelcontextprotocol/sdk/types.js";
 import { getConfig } from "@studiometa/productive-api";
+//#region src/index.ts
 /**
 * Productive MCP Server - Stdio Transport
 *
@@ -94,6 +94,7 @@ if (import.meta.url === `file://${process.argv[1]}` || process.argv[1]?.endsWith
 	console.error("Fatal error:", error);
 	process.exit(1);
 });
+//#endregion
 export { createStdioServer, startStdioServer };
 
 //# sourceMappingURL=index.js.map

package/dist/oauth.d.ts

@@ -20,7 +20,7 @@
  *
  * MCP clients MUST check this endpoint first for server capabilities.
  */
-export declare const oauthMetadataHandler: import("h3").EventHandler<import("h3").EventHandlerRequest, {
+export declare const oauthMetadataHandler: import("h3").EventHandlerWithFetch<import("h3").EventHandlerRequest, {
     issuer: string;
     authorization_endpoint: string;
     token_endpoint: string;
@@ -40,7 +40,7 @@ export declare const oauthMetadataHandler: import("h3").EventHandler<import("h3"
  * Since we use stateless tokens, we accept any registration and return
  * a generated client_id.
  */
-export declare const registerHandler: import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<{
+export declare const registerHandler: import("h3").EventHandlerWithFetch<import("h3").EventHandlerRequest, Promise<{
     error: string;
     error_description: string;
     client_id?: undefined;
@@ -50,25 +50,25 @@ export declare const registerHandler: import("h3").EventHandler<import("h3").Eve
     grant_types?: undefined;
     response_types?: undefined;
 } | {
+    error?: undefined;
+    error_description?: undefined;
     client_id: string;
     client_name: string;
     redirect_uris: string[];
     token_endpoint_auth_method: string;
     grant_types: string[];
     response_types: string[];
-    error?: undefined;
-    error_description?: undefined;
 }>>;
 /**
  * Authorization endpoint - shows login form
  * GET /authorize
  */
-export declare const authorizeGetHandler: import("h3").EventHandler<import("h3").EventHandlerRequest, string | Promise<void>>;
+export declare const authorizeGetHandler: import("h3").EventHandlerWithFetch<import("h3").EventHandlerRequest, string | import("h3").HTTPResponse>;
 /**
  * Authorization endpoint - process login
  * POST /authorize
  */
-export declare const authorizePostHandler: import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<string>>;
+export declare const authorizePostHandler: import("h3").EventHandlerWithFetch<import("h3").EventHandlerRequest, Promise<string | import("h3").HTTPResponse>>;
 /**
  * Token endpoint - exchange code for access token
  * POST /token
@@ -77,7 +77,7 @@ export declare const authorizePostHandler: import("h3").EventHandler<import("h3"
  * - authorization_code grant (with PKCE validation)
  * - refresh_token grant
  */
-export declare const tokenHandler: import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<{
+export declare const tokenHandler: import("h3").EventHandlerWithFetch<import("h3").EventHandlerRequest, Promise<{
     error: string;
     error_description: string;
     access_token?: undefined;
@@ -85,11 +85,11 @@ export declare const tokenHandler: import("h3").EventHandler<import("h3").EventH
     expires_in?: undefined;
     refresh_token?: undefined;
 } | {
+    error?: undefined;
+    error_description?: undefined;
     access_token: string;
     token_type: string;
     expires_in: number;
     refresh_token: string;
-    error?: undefined;
-    error_description?: undefined;
 }>>;
 //# sourceMappingURL=oauth.d.ts.map

package/dist/oauth.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"oauth.d.ts","sourceRoot":"","sources":["../src/oauth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAeH;;;;;GAKG;AACH,eAAO,MAAM,oBAAoB;;;;;;;;;;;EAyB/B,CAAC;AAEH;;;;;;;GAOG;AACH,eAAO,MAAM,eAAe;;;;;;;;;;;;;;;;;;GAoC1B,CAAC;AAEH;;;GAGG;AACH,eAAO,MAAM,mBAAmB,qFA+C9B,CAAC;AAEH;;;GAGG;AACH,eAAO,MAAM,oBAAoB,8EAyD/B,CAAC;AAEH;;;;;;;GAOG;AACH,eAAO,MAAM,YAAY;;;;;;;;;;;;;;GA+FvB,CAAC"}
+{"version":3,"file":"oauth.d.ts","sourceRoot":"","sources":["../src/oauth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAQH;;;;;GAKG;AACH,eAAO,MAAM,oBAAoB;;;;;;;;;;;EAyB/B,CAAC;AAEH;;;;;;;GAOG;AACH,eAAO,MAAM,eAAe;;;;;;;;;;;;;;;;;;GAoC1B,CAAC;AAEH;;;GAGG;AACH,eAAO,MAAM,mBAAmB,0GA+C9B,CAAC;AAEH;;;GAGG;AACH,eAAO,MAAM,oBAAoB,mHA0D/B,CAAC;AAEH;;;;;;;GAOG;AACH,eAAO,MAAM,YAAY;;;;;;;;;;;;;;GA2FvB,CAAC"}

package/dist/oauth.js

@@ -1,7 +1,8 @@
 import { createAuthToken } from "./auth.js";
 import { createAuthCode, decodeAuthCode } from "./crypto.js";
-import { defineEventHandler, getQuery, readBody, sendRedirect, setResponseHeader } from "h3";
+import { defineHandler, getQuery, redirect } from "h3";
 import { createHash } from "node:crypto";
+//#region src/oauth.ts
 /**
 * OAuth 2.0 endpoints for Claude Desktop integration
 *
@@ -24,11 +25,11 @@ import { createHash } from "node:crypto";
 *
 * MCP clients MUST check this endpoint first for server capabilities.
 */
-const oauthMetadataHandler = defineEventHandler((event) => {
-	const host = event.node.req.headers.host || "localhost:3000";
-	const baseUrl = `${event.node.req.headers["x-forwarded-proto"] || "http"}://${host}`;
-	setResponseHeader(event, "Content-Type", "application/json");
-	setResponseHeader(event, "Cache-Control", "public, max-age=3600");
+var oauthMetadataHandler = defineHandler((event) => {
+	const host = event.req.headers.get("host") || "localhost:3000";
+	const baseUrl = `${event.req.headers.get("x-forwarded-proto") || "http"}://${host}`;
+	event.res.headers.set("Content-Type", "application/json");
+	event.res.headers.set("Cache-Control", "public, max-age=3600");
 	return {
 		issuer: baseUrl,
 		authorization_endpoint: `${baseUrl}/authorize`,
@@ -50,13 +51,13 @@ const oauthMetadataHandler = defineEventHandler((event) => {
 * Since we use stateless tokens, we accept any registration and return
 * a generated client_id.
 */
-const registerHandler = defineEventHandler(async (event) => {
-	setResponseHeader(event, "Content-Type", "application/json");
+var registerHandler = defineHandler(async (event) => {
+	event.res.headers.set("Content-Type", "application/json");
 	let body;
 	try {
-		body = await readBody(event);
+		body = await event.req.json();
 	} catch {
-		event.node.res.statusCode = 400;
+		event.res.status = 400;
 		return {
 			error: "invalid_request",
 			error_description: "Invalid JSON body"
@@ -68,7 +69,7 @@ const registerHandler = defineEventHandler(async (event) => {
 		name: clientName,
 		ts: Date.now()
 	})).toString("base64url");
-	event.node.res.statusCode = 201;
+	event.res.status = 201;
 	return {
 		client_id: clientId,
 		client_name: clientName,
@@ -82,7 +83,7 @@ const registerHandler = defineEventHandler(async (event) => {
 * Authorization endpoint - shows login form
 * GET /authorize
 */
-const authorizeGetHandler = defineEventHandler((event) => {
+var authorizeGetHandler = defineHandler((event) => {
 	const query = getQuery(event);
 	const clientId = query.client_id;
 	const redirectUri = query.redirect_uri;
@@ -91,8 +92,8 @@ const authorizeGetHandler = defineEventHandler((event) => {
 	const codeChallengeMethod = query.code_challenge_method;
 	const scope = query.scope;
 	if (!redirectUri) {
-		setResponseHeader(event, "Content-Type", "text/html; charset=utf-8");
-		event.node.res.statusCode = 400;
+		event.res.headers.set("Content-Type", "text/html; charset=utf-8");
+		event.res.status = 400;
 		return renderErrorPage("Missing required parameter: redirect_uri");
 	}
 	if (!codeChallenge) {
@@ -100,16 +101,16 @@ const authorizeGetHandler = defineEventHandler((event) => {
 		errorUrl.searchParams.set("error", "invalid_request");
 		errorUrl.searchParams.set("error_description", "code_challenge is required");
 		if (state) errorUrl.searchParams.set("state", state);
-		return sendRedirect(event, errorUrl.toString());
+		return redirect(errorUrl.toString());
 	}
 	if (codeChallengeMethod && codeChallengeMethod !== "S256") {
 		const errorUrl = new URL(redirectUri);
 		errorUrl.searchParams.set("error", "invalid_request");
 		errorUrl.searchParams.set("error_description", "Only S256 code_challenge_method is supported");
 		if (state) errorUrl.searchParams.set("state", state);
-		return sendRedirect(event, errorUrl.toString());
+		return redirect(errorUrl.toString());
 	}
-	setResponseHeader(event, "Content-Type", "text/html; charset=utf-8");
+	event.res.headers.set("Content-Type", "text/html; charset=utf-8");
 	return renderLoginForm({
 		clientId,
 		redirectUri,
@@ -123,11 +124,12 @@ const authorizeGetHandler = defineEventHandler((event) => {
 * Authorization endpoint - process login
 * POST /authorize
 */
-const authorizePostHandler = defineEventHandler(async (event) => {
-	const { orgId, apiToken, userId, redirectUri, state, codeChallenge, codeChallengeMethod } = await readBody(event);
+var authorizePostHandler = defineHandler(async (event) => {
+	const formData = await event.req.formData();
+	const { orgId, apiToken, userId, redirectUri, state, codeChallenge, codeChallengeMethod } = Object.fromEntries(formData.entries());
 	if (!redirectUri) {
-		setResponseHeader(event, "Content-Type", "text/html; charset=utf-8");
-		event.node.res.statusCode = 400;
+		event.res.headers.set("Content-Type", "text/html; charset=utf-8");
+		event.res.status = 400;
 		return renderErrorPage("Missing redirect_uri parameter");
 	}
 	try {
@@ -135,15 +137,15 @@ const authorizePostHandler = defineEventHandler(async (event) => {
 		const isLocalhost = uri.hostname === "localhost" || uri.hostname === "127.0.0.1";
 		const isHttps = uri.protocol === "https:";
 		if (!isLocalhost && !isHttps) {
-			event.node.res.statusCode = 400;
+			event.res.status = 400;
 			return renderErrorPage("redirect_uri must be HTTPS or localhost");
 		}
 	} catch {
-		event.node.res.statusCode = 400;
+		event.res.status = 400;
 		return renderErrorPage("Invalid redirect_uri format");
 	}
 	if (!orgId || !apiToken) {
-		setResponseHeader(event, "Content-Type", "text/html; charset=utf-8");
+		event.res.headers.set("Content-Type", "text/html; charset=utf-8");
 		return renderLoginForm({
 			redirectUri,
 			state,
@@ -162,8 +164,7 @@ const authorizePostHandler = defineEventHandler(async (event) => {
 	const redirectUrl = new URL(redirectUri);
 	redirectUrl.searchParams.set("code", code);
 	if (state) redirectUrl.searchParams.set("state", state);
-	setResponseHeader(event, "Content-Type", "text/html; charset=utf-8");
-	return renderSuccessPage(redirectUrl.toString());
+	return redirect(redirectUrl.toString());
 });
 /**
 * Token endpoint - exchange code for access token
@@ -173,32 +174,31 @@ const authorizePostHandler = defineEventHandler(async (event) => {
 * - authorization_code grant (with PKCE validation)
 * - refresh_token grant
 */
-const tokenHandler = defineEventHandler(async (event) => {
-	setResponseHeader(event, "Content-Type", "application/json");
+var tokenHandler = defineHandler(async (event) => {
+	event.res.headers.set("Content-Type", "application/json");
 	let body;
-	if ((event.node.req.headers["content-type"] || "").includes("application/x-www-form-urlencoded")) {
-		const rawBody = await readBody(event);
-		if (typeof rawBody === "string") body = Object.fromEntries(new URLSearchParams(rawBody));
-		else body = rawBody;
-	} else body = await readBody(event);
+	if ((event.req.headers.get("content-type") || "").includes("application/x-www-form-urlencoded")) {
+		const rawText = await event.req.text();
+		body = Object.fromEntries(new URLSearchParams(rawText));
+	} else body = await event.req.json();
 	const { grant_type, code, code_verifier, refresh_token } = body;
 	if (grant_type === "refresh_token") return handleRefreshToken(event, refresh_token);
 	if (grant_type !== "authorization_code") {
-		event.node.res.statusCode = 400;
+		event.res.status = 400;
 		return {
 			error: "unsupported_grant_type",
 			error_description: "Supported grant types: authorization_code, refresh_token"
 		};
 	}
 	if (!code) {
-		event.node.res.statusCode = 400;
+		event.res.status = 400;
 		return {
 			error: "invalid_request",
 			error_description: "Missing authorization code"
 		};
 	}
 	if (!code_verifier) {
-		event.node.res.statusCode = 400;
+		event.res.status = 400;
 		return {
 			error: "invalid_request",
 			error_description: "Missing code_verifier (PKCE required)"
@@ -208,7 +208,7 @@ const tokenHandler = defineEventHandler(async (event) => {
 		const payload = decodeAuthCode(code);
 		if (payload.codeChallenge) {
 			if (createS256Challenge(code_verifier) !== payload.codeChallenge) {
-				event.node.res.statusCode = 400;
+				event.res.status = 400;
 				return {
 					error: "invalid_grant",
 					error_description: "Invalid code_verifier"
@@ -230,7 +230,7 @@ const tokenHandler = defineEventHandler(async (event) => {
 			}, 86400 * 30)
 		};
 	} catch (error) {
-		event.node.res.statusCode = 400;
+		event.res.status = 400;
 		return {
 			error: "invalid_grant",
 			error_description: error instanceof Error ? error.message : "Invalid authorization code"
@@ -242,7 +242,7 @@ const tokenHandler = defineEventHandler(async (event) => {
 */
 function handleRefreshToken(event, refreshToken) {
 	if (!refreshToken) {
-		event.node.res.statusCode = 400;
+		event.res.status = 400;
 		return {
 			error: "invalid_request",
 			error_description: "Missing refresh_token"
@@ -265,7 +265,7 @@ function handleRefreshToken(event, refreshToken) {
 			}, 86400 * 30)
 		};
 	} catch (error) {
-		event.node.res.statusCode = 400;
+		event.res.status = 400;
 		return {
 			error: "invalid_grant",
 			error_description: error instanceof Error ? error.message : "Invalid refresh token"
@@ -457,115 +457,6 @@ function renderLoginForm(params) {
 </html>`;
 }
 /**
-* Render success page with auto-redirect
-*/
-function renderSuccessPage(redirectUrl) {
-	return `<!DOCTYPE html>
-<html lang="en">
-<head>
-  <meta charset="UTF-8">
-  <meta name="viewport" content="width=device-width, initial-scale=1.0">
-  <meta http-equiv="refresh" content="2;url=${escapeHtml(redirectUrl)}">
-  <title>Connected - Productive MCP</title>
-  <style>
-    * {
-      box-sizing: border-box;
-      margin: 0;
-      padding: 0;
-    }
-    body {
-      font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
-      background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
-      min-height: 100vh;
-      display: flex;
-      align-items: center;
-      justify-content: center;
-      padding: 20px;
-    }
-    .container {
-      background: white;
-      border-radius: 16px;
-      box-shadow: 0 20px 60px rgba(0, 0, 0, 0.3);
-      padding: 40px;
-      width: 100%;
-      max-width: 420px;
-      text-align: center;
-    }
-    .success-icon {
-      width: 64px;
-      height: 64px;
-      margin: 0 auto 24px;
-      background: linear-gradient(135deg, #10b981 0%, #059669 100%);
-      border-radius: 50%;
-      display: flex;
-      align-items: center;
-      justify-content: center;
-    }
-    .success-icon svg {
-      width: 32px;
-      height: 32px;
-      stroke: white;
-    }
-    h1 {
-      color: #1a1a2e;
-      font-size: 24px;
-      margin-bottom: 8px;
-    }
-    .message {
-      color: #666;
-      font-size: 14px;
-      margin-bottom: 24px;
-    }
-    .spinner {
-      width: 24px;
-      height: 24px;
-      border: 3px solid #e5e7eb;
-      border-top-color: #667eea;
-      border-radius: 50%;
-      animation: spin 1s linear infinite;
-      margin: 0 auto 16px;
-    }
-    @keyframes spin {
-      to { transform: rotate(360deg); }
-    }
-    .redirect-text {
-      color: #9ca3af;
-      font-size: 13px;
-      margin-bottom: 16px;
-    }
-    .manual-link {
-      color: #667eea;
-      text-decoration: none;
-      font-size: 14px;
-    }
-    .manual-link:hover {
-      text-decoration: underline;
-    }
-  </style>
-</head>
-<body>
-  <div class="container">
-    <div class="success-icon">
-      <svg viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
-        <path d="M20 6L9 17L4 12" stroke-width="2.5" stroke-linecap="round" stroke-linejoin="round"/>
-      </svg>
-    </div>
-    <h1>Successfully Connected!</h1>
-    <p class="message">Your Productive.io credentials have been verified.</p>
-    <div class="spinner"></div>
-    <p class="redirect-text">Redirecting to Claude Desktop...</p>
-    <a href="${escapeHtml(redirectUrl)}" class="manual-link">Click here if not redirected automatically</a>
-  </div>
-  <script>
-    // Redirect after a short delay (backup for meta refresh)
-    setTimeout(function() {
-      window.location.href = ${JSON.stringify(redirectUrl)};
-    }, 2000);
-  <\/script>
-</body>
-</html>`;
-}
-/**
 * Render error page
 */
 function renderErrorPage(message) {
@@ -616,6 +507,7 @@ function renderErrorPage(message) {
 function escapeHtml(str) {
 	return str.replace(/&/g, "&amp;").replace(/</g, "&lt;").replace(/>/g, "&gt;").replace(/"/g, "&quot;").replace(/'/g, "&#039;");
 }
+//#endregion
 export { authorizeGetHandler, authorizePostHandler, oauthMetadataHandler, registerHandler, tokenHandler };
 
 //# sourceMappingURL=oauth.js.map