@studiometa/productive-mcp 0.10.8 → 0.10.9

package/dist/handlers/time.d.ts

@@ -6,7 +6,102 @@
  */
 import type { TimeArgs } from './types.js';
 export declare const handleTime: (action: string, args: TimeArgs & {
-    query?: string;
-    type?: import("@studiometa/productive-core").ResolvableResourceType;
-}, ctx: import("./types.js").HandlerContext) => Promise<import("./types.js").ToolResult>;
+    query?: string | undefined;
+    type?: import("@studiometa/productive-core").ResolvableResourceType | undefined;
+}, ctx: import("./types.js").HandlerContext) => Promise<{
+    [x: string]: unknown;
+    _meta?: {
+        [x: string]: unknown;
+        progressToken?: string | number | undefined;
+        "io.modelcontextprotocol/related-task"?: {
+            taskId: string;
+        } | undefined;
+    } | undefined;
+    content: ({
+        type: "text";
+        text: string;
+        annotations?: {
+            audience?: ("assistant" | "user")[] | undefined;
+            priority?: number | undefined;
+            lastModified?: string | undefined;
+        } | undefined;
+        _meta?: {
+            [x: string]: unknown;
+        } | undefined;
+    } | {
+        type: "image";
+        data: string;
+        mimeType: string;
+        annotations?: {
+            audience?: ("assistant" | "user")[] | undefined;
+            priority?: number | undefined;
+            lastModified?: string | undefined;
+        } | undefined;
+        _meta?: {
+            [x: string]: unknown;
+        } | undefined;
+    } | {
+        type: "audio";
+        data: string;
+        mimeType: string;
+        annotations?: {
+            audience?: ("assistant" | "user")[] | undefined;
+            priority?: number | undefined;
+            lastModified?: string | undefined;
+        } | undefined;
+        _meta?: {
+            [x: string]: unknown;
+        } | undefined;
+    } | {
+        uri: string;
+        description?: string | undefined;
+        mimeType?: string | undefined;
+        annotations?: {
+            audience?: ("assistant" | "user")[] | undefined;
+            priority?: number | undefined;
+            lastModified?: string | undefined;
+        } | undefined;
+        _meta?: {
+            [x: string]: unknown;
+        } | undefined;
+        icons?: {
+            src: string;
+            mimeType?: string | undefined;
+            sizes?: string[] | undefined;
+            theme?: "dark" | "light" | undefined;
+        }[] | undefined;
+        name: string;
+        title?: string | undefined;
+        type: "resource_link";
+    } | {
+        type: "resource";
+        resource: {
+            uri: string;
+            mimeType?: string | undefined;
+            _meta?: {
+                [x: string]: unknown;
+            } | undefined;
+            text: string;
+        } | {
+            uri: string;
+            mimeType?: string | undefined;
+            _meta?: {
+                [x: string]: unknown;
+            } | undefined;
+            blob: string;
+        };
+        annotations?: {
+            audience?: ("assistant" | "user")[] | undefined;
+            priority?: number | undefined;
+            lastModified?: string | undefined;
+        } | undefined;
+        _meta?: {
+            [x: string]: unknown;
+        } | undefined;
+    })[];
+    structuredContent?: {
+        [x: string]: unknown;
+    } | undefined;
+    isError?: boolean | undefined;
+}>;
 //# sourceMappingURL=time.d.ts.map

package/dist/handlers/time.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"time.d.ts","sourceRoot":"","sources":["../../src/handlers/time.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAUH,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AAQ3C,eAAO,MAAM,UAAU;;;wFAgErB,CAAC"}
+{"version":3,"file":"time.d.ts","sourceRoot":"","sources":["../../src/handlers/time.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAUH,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAC;AAQ3C,eAAO,MAAM,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAgErB,CAAC"}

package/dist/handlers/timers.d.ts

@@ -3,7 +3,102 @@
  */
 import type { TimerArgs } from './types.js';
 export declare const handleTimers: (action: string, args: TimerArgs & {
-    query?: string;
-    type?: import("@studiometa/productive-core").ResolvableResourceType;
-}, ctx: import("./types.js").HandlerContext) => Promise<import("./types.js").ToolResult>;
+    query?: string | undefined;
+    type?: import("@studiometa/productive-core").ResolvableResourceType | undefined;
+}, ctx: import("./types.js").HandlerContext) => Promise<{
+    [x: string]: unknown;
+    _meta?: {
+        [x: string]: unknown;
+        progressToken?: string | number | undefined;
+        "io.modelcontextprotocol/related-task"?: {
+            taskId: string;
+        } | undefined;
+    } | undefined;
+    content: ({
+        type: "text";
+        text: string;
+        annotations?: {
+            audience?: ("assistant" | "user")[] | undefined;
+            priority?: number | undefined;
+            lastModified?: string | undefined;
+        } | undefined;
+        _meta?: {
+            [x: string]: unknown;
+        } | undefined;
+    } | {
+        type: "image";
+        data: string;
+        mimeType: string;
+        annotations?: {
+            audience?: ("assistant" | "user")[] | undefined;
+            priority?: number | undefined;
+            lastModified?: string | undefined;
+        } | undefined;
+        _meta?: {
+            [x: string]: unknown;
+        } | undefined;
+    } | {
+        type: "audio";
+        data: string;
+        mimeType: string;
+        annotations?: {
+            audience?: ("assistant" | "user")[] | undefined;
+            priority?: number | undefined;
+            lastModified?: string | undefined;
+        } | undefined;
+        _meta?: {
+            [x: string]: unknown;
+        } | undefined;
+    } | {
+        uri: string;
+        description?: string | undefined;
+        mimeType?: string | undefined;
+        annotations?: {
+            audience?: ("assistant" | "user")[] | undefined;
+            priority?: number | undefined;
+            lastModified?: string | undefined;
+        } | undefined;
+        _meta?: {
+            [x: string]: unknown;
+        } | undefined;
+        icons?: {
+            src: string;
+            mimeType?: string | undefined;
+            sizes?: string[] | undefined;
+            theme?: "dark" | "light" | undefined;
+        }[] | undefined;
+        name: string;
+        title?: string | undefined;
+        type: "resource_link";
+    } | {
+        type: "resource";
+        resource: {
+            uri: string;
+            mimeType?: string | undefined;
+            _meta?: {
+                [x: string]: unknown;
+            } | undefined;
+            text: string;
+        } | {
+            uri: string;
+            mimeType?: string | undefined;
+            _meta?: {
+                [x: string]: unknown;
+            } | undefined;
+            blob: string;
+        };
+        annotations?: {
+            audience?: ("assistant" | "user")[] | undefined;
+            priority?: number | undefined;
+            lastModified?: string | undefined;
+        } | undefined;
+        _meta?: {
+            [x: string]: unknown;
+        } | undefined;
+    })[];
+    structuredContent?: {
+        [x: string]: unknown;
+    } | undefined;
+    isError?: boolean | undefined;
+}>;
 //# sourceMappingURL=timers.d.ts.map

package/dist/handlers/timers.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"timers.d.ts","sourceRoot":"","sources":["../../src/handlers/timers.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAQ5C,eAAO,MAAM,YAAY;;;wFAqCvB,CAAC"}
+{"version":3,"file":"timers.d.ts","sourceRoot":"","sources":["../../src/handlers/timers.ts"],"names":[],"mappings":"AAAA;;GAEG;AAIH,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,YAAY,CAAC;AAQ5C,eAAO,MAAM,YAAY;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAqCvB,CAAC"}

package/dist/http.d.ts

@@ -4,7 +4,7 @@
  * This module contains the app/router creation logic for the HTTP transport.
  * The actual server startup is in server.ts.
  */
-import { type App } from 'h3';
+import { H3 } from 'h3';
 /**
  * JSON-RPC error response
  */
@@ -44,6 +44,7 @@ export declare function handleInitialize(): {
  */
 export declare function handleToolsList(): {
     tools: {
+        description?: string | undefined;
         inputSchema: {
             [x: string]: unknown;
             type: "object";
@@ -52,8 +53,6 @@ export declare function handleToolsList(): {
             } | undefined;
             required?: string[] | undefined;
         };
-        name: string;
-        description?: string | undefined;
         outputSchema?: {
             [x: string]: unknown;
             type: "object";
@@ -70,7 +69,7 @@ export declare function handleToolsList(): {
             openWorldHint?: boolean | undefined;
         } | undefined;
         execution?: {
-            taskSupport?: "optional" | "required" | "forbidden" | undefined;
+            taskSupport?: "forbidden" | "optional" | "required" | undefined;
         } | undefined;
         _meta?: {
             [x: string]: unknown;
@@ -79,13 +78,14 @@ export declare function handleToolsList(): {
             src: string;
             mimeType?: string | undefined;
             sizes?: string[] | undefined;
-            theme?: "light" | "dark" | undefined;
+            theme?: "dark" | "light" | undefined;
         }[] | undefined;
+        name: string;
         title?: string | undefined;
     }[];
 };
 /**
- * Create the h3 application with all routes
+ * Create the H3 application with all routes
  */
-export declare function createHttpApp(): App;
+export declare function createHttpApp(): H3;
 //# sourceMappingURL=http.d.ts.map

package/dist/http.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"http.d.ts","sourceRoot":"","sources":["../src/http.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAOL,KAAK,GAAG,EACT,MAAM,IAAI,CAAC;AAgBZ;;GAEG;AACH,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,GAAE,MAAM,GAAG,MAAM,GAAG,IAAW;;;;;;;EAM5F;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,OAAO,EAAE,EAAE,GAAE,MAAM,GAAG,MAAM,GAAG,IAAW;;;;EAMhF;AAED;;GAEG;AACH,wBAAgB,gBAAgB;;;;;;;;;;;EAa/B;AAED;;GAEG;AACH,wBAAgB,eAAe;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAE9B;AAED;;GAEG;AACH,wBAAgB,aAAa,IAAI,GAAG,CA0LnC"}
+{"version":3,"file":"http.d.ts","sourceRoot":"","sources":["../src/http.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,EAAE,EAA+B,MAAM,IAAI,CAAC;AAgBrD;;GAEG;AACH,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,GAAE,MAAM,GAAG,MAAM,GAAG,IAAW;;;;;;;EAM5F;AAED;;GAEG;AACH,wBAAgB,cAAc,CAAC,MAAM,EAAE,OAAO,EAAE,EAAE,GAAE,MAAM,GAAG,MAAM,GAAG,IAAW;;;;EAMhF;AAED;;GAEG;AACH,wBAAgB,gBAAgB;;;;;;;;;;;EAa/B;AAED;;GAEG;AACH,wBAAgB,eAAe;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;EAE9B;AAWD;;GAEG;AACH,wBAAgB,aAAa,IAAI,EAAE,CA0LlC"}

package/dist/http.js

@@ -1,9 +1,9 @@
-import { a as INSTRUCTIONS, i as readResource, n as listResourceTemplates, r as listResources, t as VERSION } from "./version-DpBFJ7eV.js";
+import { a as INSTRUCTIONS, i as readResource, n as listResourceTemplates, r as listResources, t as VERSION } from "./version-BFw4junA.js";
 import { t as executeToolWithCredentials } from "./handlers-t95fhdps.js";
 import { TOOLS } from "./tools.js";
 import { parseAuthHeader } from "./auth.js";
 import { authorizeGetHandler, authorizePostHandler, oauthMetadataHandler, registerHandler, tokenHandler } from "./oauth.js";
-import { createApp, createRouter, defineEventHandler, getHeader, readBody, setResponseHeader } from "h3";
+import { H3, defineHandler } from "h3";
 /**
 * HTTP transport handlers for Productive MCP Server
 *
@@ -57,21 +57,26 @@ function handleToolsList() {
 	return { tools: TOOLS };
 }
 /**
-* Create the h3 application with all routes
+* Get base URL from event headers
+*/
+function getBaseUrl(event) {
+	const host = event.req.headers.get("host") || "localhost:3000";
+	return `${event.req.headers.get("x-forwarded-proto") || "http"}://${host}`;
+}
+/**
+* Create the H3 application with all routes
 */
 function createHttpApp() {
-	const app = createApp();
-	const router = createRouter();
-	router.get("/.well-known/oauth-authorization-server", oauthMetadataHandler);
-	router.post("/register", registerHandler);
-	router.get("/authorize", authorizeGetHandler);
-	router.post("/authorize", authorizePostHandler);
-	router.post("/token", tokenHandler);
-	router.get("/.well-known/oauth-protected-resource", defineEventHandler((event) => {
-		const host = event.node.req.headers.host || "localhost:3000";
-		const baseUrl = `${event.node.req.headers["x-forwarded-proto"] || "http"}://${host}`;
-		setResponseHeader(event, "Content-Type", "application/json");
-		setResponseHeader(event, "Cache-Control", "public, max-age=3600");
+	const app = new H3();
+	app.get("/.well-known/oauth-authorization-server", oauthMetadataHandler);
+	app.post("/register", registerHandler);
+	app.get("/authorize", authorizeGetHandler);
+	app.post("/authorize", authorizePostHandler);
+	app.post("/token", tokenHandler);
+	app.get("/.well-known/oauth-protected-resource", defineHandler((event) => {
+		const baseUrl = getBaseUrl(event);
+		event.res.headers.set("Content-Type", "application/json");
+		event.res.headers.set("Cache-Control", "public, max-age=3600");
 		return {
 			resource: `${baseUrl}/mcp`,
 			authorization_servers: [baseUrl],
@@ -79,36 +84,35 @@ function createHttpApp() {
 			bearer_methods_supported: ["header"]
 		};
 	}));
-	router.get("/", defineEventHandler(() => {
+	app.get("/", defineHandler(() => {
 		return {
 			status: "ok",
 			service: "productive-mcp",
 			version: VERSION
 		};
 	}));
-	router.get("/health", defineEventHandler(() => {
+	app.get("/health", defineHandler(() => {
 		return { status: "ok" };
 	}));
-	router.post("/mcp", defineEventHandler(async (event) => {
-		const credentials = parseAuthHeader(getHeader(event, "authorization"));
+	app.post("/mcp", defineHandler(async (event) => {
+		const credentials = parseAuthHeader(event.req.headers.get("authorization"));
 		if (!credentials) {
-			const host = event.node.req.headers.host || "localhost:3000";
-			const baseUrl = `${event.node.req.headers["x-forwarded-proto"] || "http"}://${host}`;
-			setResponseHeader(event, "Content-Type", "application/json");
-			setResponseHeader(event, "WWW-Authenticate", `Bearer resource_metadata="${baseUrl}/.well-known/oauth-protected-resource"`);
-			event.node.res.statusCode = 401;
+			const baseUrl = getBaseUrl(event);
+			event.res.headers.set("Content-Type", "application/json");
+			event.res.headers.set("WWW-Authenticate", `Bearer resource_metadata="${baseUrl}/.well-known/oauth-protected-resource"`);
+			event.res.status = 401;
 			return jsonRpcError(-32001, "Authentication required. Provide Bearer token with base64(organizationId:apiToken:userId)");
 		}
-		setResponseHeader(event, "Content-Type", "application/json");
+		event.res.headers.set("Content-Type", "application/json");
 		let body;
 		try {
-			body = await readBody(event);
+			body = await event.req.json();
 		} catch {
-			event.node.res.statusCode = 400;
+			event.res.status = 400;
 			return jsonRpcError(-32700, "Parse error: Invalid JSON");
 		}
 		if (!body || typeof body !== "object") {
-			event.node.res.statusCode = 400;
+			event.res.status = 400;
 			return jsonRpcError(-32700, "Parse error: Invalid JSON");
 		}
 		const { method, params, id } = body;
@@ -131,27 +135,34 @@ function createHttpApp() {
 			return jsonRpcError(-32603, `Internal error: ${error instanceof Error ? error.message : String(error)}`, id ?? null);
 		}
 	}));
-	router.get("/mcp/sse", defineEventHandler(async (event) => {
-		if (!parseAuthHeader(getHeader(event, "authorization"))) {
-			const host = event.node.req.headers.host || "localhost:3000";
-			setResponseHeader(event, "WWW-Authenticate", `Bearer resource_metadata="${`${event.node.req.headers["x-forwarded-proto"] || "http"}://${host}`}/.well-known/oauth-protected-resource"`);
-			event.node.res.statusCode = 401;
+	app.get("/mcp/sse", defineHandler(async (event) => {
+		if (!parseAuthHeader(event.req.headers.get("authorization"))) {
+			const baseUrl = getBaseUrl(event);
+			event.res.headers.set("WWW-Authenticate", `Bearer resource_metadata="${baseUrl}/.well-known/oauth-protected-resource"`);
+			event.res.status = 401;
 			return { error: "Authentication required" };
 		}
-		setResponseHeader(event, "Content-Type", "text/event-stream");
-		setResponseHeader(event, "Cache-Control", "no-cache");
-		setResponseHeader(event, "Connection", "keep-alive");
+		const nodeRuntime = event.runtime?.node;
+		const nodeRes = nodeRuntime?.res;
+		if (!nodeRes) {
+			event.res.status = 501;
+			return { error: "SSE requires Node.js runtime" };
+		}
+		nodeRes.writeHead(200, {
+			"Content-Type": "text/event-stream",
+			"Cache-Control": "no-cache",
+			Connection: "keep-alive"
+		});
 		const sessionId = crypto.randomUUID();
-		event.node.res.write(`event: session\ndata: ${JSON.stringify({ sessionId })}\n\n`);
+		nodeRes.write(`event: session\ndata: ${JSON.stringify({ sessionId })}\n\n`);
 		const keepAlive = setInterval(() => {
-			event.node.res.write(": keepalive\n\n");
+			nodeRes.write(": keepalive\n\n");
 		}, 3e4);
-		event.node.req.on("close", () => {
+		nodeRuntime?.req.on("close", () => {
 			clearInterval(keepAlive);
 		});
 		return new Promise(() => {});
 	}));
-	app.use(router);
 	return app;
 }
 export { createHttpApp, handleInitialize, handleToolsList, jsonRpcError, jsonRpcSuccess };

package/dist/http.js.map

@@ -1 +1 @@
-{"version":3,"file":"http.js","names":[],"sources":["../src/http.ts"],"sourcesContent":["/**\n * HTTP transport handlers for Productive MCP Server\n *\n * This module contains the app/router creation logic for the HTTP transport.\n * The actual server startup is in server.ts.\n */\n\nimport {\n  createApp,\n  createRouter,\n  defineEventHandler,\n  readBody,\n  getHeader,\n  setResponseHeader,\n  type App,\n} from 'h3';\n\nimport { parseAuthHeader } from './auth.js';\nimport { executeToolWithCredentials } from './handlers.js';\nimport { INSTRUCTIONS } from './instructions.js';\nimport {\n  oauthMetadataHandler,\n  registerHandler,\n  authorizeGetHandler,\n  authorizePostHandler,\n  tokenHandler,\n} from './oauth.js';\nimport { listResources, listResourceTemplates, readResource } from './resources.js';\nimport { TOOLS } from './tools.js';\nimport { VERSION } from './version.js';\n\n/**\n * JSON-RPC error response\n */\nexport function jsonRpcError(code: number, message: string, id: string | number | null = null) {\n  return {\n    jsonrpc: '2.0',\n    error: { code, message },\n    id,\n  };\n}\n\n/**\n * JSON-RPC success response\n */\nexport function jsonRpcSuccess(result: unknown, id: string | number | null = null) {\n  return {\n    jsonrpc: '2.0',\n    result,\n    id,\n  };\n}\n\n/**\n * Handle the initialize JSON-RPC method\n */\nexport function handleInitialize() {\n  return {\n    protocolVersion: '2024-11-05',\n    serverInfo: {\n      name: 'productive-mcp',\n      version: VERSION,\n    },\n    capabilities: {\n      tools: {},\n      resources: {},\n    },\n    instructions: INSTRUCTIONS,\n  };\n}\n\n/**\n * Handle the tools/list JSON-RPC method\n */\nexport function handleToolsList() {\n  return { tools: TOOLS };\n}\n\n/**\n * Create the h3 application with all routes\n */\nexport function createHttpApp(): App {\n  const app = createApp();\n  const router = createRouter();\n\n  // OAuth 2.0 endpoints for Claude Desktop integration (MCP auth spec)\n  router.get('/.well-known/oauth-authorization-server', oauthMetadataHandler);\n  router.post('/register', registerHandler); // Dynamic Client Registration (RFC 7591)\n  router.get('/authorize', authorizeGetHandler);\n  router.post('/authorize', authorizePostHandler);\n  router.post('/token', tokenHandler);\n\n  // OAuth Protected Resource Metadata (RFC 9728 / MCP spec 2025-03-26)\n  // This endpoint tells clients where to find the authorization server\n  router.get(\n    '/.well-known/oauth-protected-resource',\n    defineEventHandler((event) => {\n      const host = event.node.req.headers.host || 'localhost:3000';\n      const protocol = event.node.req.headers['x-forwarded-proto'] || 'http';\n      const baseUrl = `${protocol}://${host}`;\n\n      setResponseHeader(event, 'Content-Type', 'application/json');\n      setResponseHeader(event, 'Cache-Control', 'public, max-age=3600');\n\n      return {\n        resource: `${baseUrl}/mcp`,\n        authorization_servers: [baseUrl],\n        scopes_supported: ['productive'],\n        bearer_methods_supported: ['header'],\n      };\n    }),\n  );\n\n  // Health check endpoint\n  router.get(\n    '/',\n    defineEventHandler(() => {\n      return { status: 'ok', service: 'productive-mcp', version: VERSION };\n    }),\n  );\n\n  router.get(\n    '/health',\n    defineEventHandler(() => {\n      return { status: 'ok' };\n    }),\n  );\n\n  // MCP endpoint - handles JSON-RPC over HTTP\n  router.post(\n    '/mcp',\n    defineEventHandler(async (event) => {\n      // Parse authorization header\n      const authHeader = getHeader(event, 'authorization');\n      const credentials = parseAuthHeader(authHeader);\n\n      if (!credentials) {\n        // RFC 6750: Return WWW-Authenticate header to trigger OAuth flow\n        const host = event.node.req.headers.host || 'localhost:3000';\n        const protocol = event.node.req.headers['x-forwarded-proto'] || 'http';\n        const baseUrl = `${protocol}://${host}`;\n\n        setResponseHeader(event, 'Content-Type', 'application/json');\n        setResponseHeader(\n          event,\n          'WWW-Authenticate',\n          `Bearer resource_metadata=\"${baseUrl}/.well-known/oauth-protected-resource\"`,\n        );\n        event.node.res.statusCode = 401;\n        return jsonRpcError(\n          -32001,\n          'Authentication required. Provide Bearer token with base64(organizationId:apiToken:userId)',\n        );\n      }\n\n      setResponseHeader(event, 'Content-Type', 'application/json');\n\n      // Parse JSON-RPC request\n      let body: { method?: string; params?: unknown; id?: string | number };\n      try {\n        body = await readBody(event);\n      } catch {\n        event.node.res.statusCode = 400;\n        return jsonRpcError(-32700, 'Parse error: Invalid JSON');\n      }\n\n      if (!body || typeof body !== 'object') {\n        event.node.res.statusCode = 400;\n        return jsonRpcError(-32700, 'Parse error: Invalid JSON');\n      }\n\n      const { method, params, id } = body;\n\n      try {\n        if (method === 'initialize') {\n          return jsonRpcSuccess(handleInitialize(), id ?? null);\n        }\n\n        if (method === 'tools/list') {\n          return jsonRpcSuccess(handleToolsList(), id ?? null);\n        }\n\n        if (method === 'tools/call') {\n          const { name, arguments: args } = params as {\n            name: string;\n            arguments?: Record<string, unknown>;\n          };\n          const result = await executeToolWithCredentials(name, args || {}, credentials);\n          return jsonRpcSuccess(result, id ?? null);\n        }\n\n        if (method === 'resources/list') {\n          return jsonRpcSuccess({ resources: listResources() }, id ?? null);\n        }\n\n        if (method === 'resources/templates/list') {\n          return jsonRpcSuccess({ resourceTemplates: listResourceTemplates() }, id ?? null);\n        }\n\n        if (method === 'resources/read') {\n          const { uri } = (params as { uri: string }) ?? {};\n          if (!uri) {\n            return jsonRpcError(-32602, 'Invalid params: uri is required', id ?? null);\n          }\n          const result = await readResource(uri, credentials);\n          return jsonRpcSuccess(result, id ?? null);\n        }\n\n        // Unknown method\n        return jsonRpcError(-32601, `Method not found: ${method}`, id ?? null);\n      } catch (error) {\n        const message = error instanceof Error ? error.message : String(error);\n        return jsonRpcError(-32603, `Internal error: ${message}`, id ?? null);\n      }\n    }),\n  );\n\n  // SSE endpoint for server-sent events (optional, for streaming responses)\n  router.get(\n    '/mcp/sse',\n    defineEventHandler(async (event) => {\n      const authHeader = getHeader(event, 'authorization');\n      const credentials = parseAuthHeader(authHeader);\n\n      if (!credentials) {\n        // RFC 6750: Return WWW-Authenticate header to trigger OAuth flow\n        const host = event.node.req.headers.host || 'localhost:3000';\n        const protocol = event.node.req.headers['x-forwarded-proto'] || 'http';\n        const baseUrl = `${protocol}://${host}`;\n\n        setResponseHeader(\n          event,\n          'WWW-Authenticate',\n          `Bearer resource_metadata=\"${baseUrl}/.well-known/oauth-protected-resource\"`,\n        );\n        event.node.res.statusCode = 401;\n        return { error: 'Authentication required' };\n      }\n\n      // Set SSE headers\n      setResponseHeader(event, 'Content-Type', 'text/event-stream');\n      setResponseHeader(event, 'Cache-Control', 'no-cache');\n      setResponseHeader(event, 'Connection', 'keep-alive');\n\n      // Generate session ID and send it\n      const sessionId = crypto.randomUUID();\n\n      // Send initial session event\n      event.node.res.write(`event: session\\ndata: ${JSON.stringify({ sessionId })}\\n\\n`);\n\n      // Keep connection alive\n      const keepAlive = setInterval(() => {\n        event.node.res.write(': keepalive\\n\\n');\n      }, 30000);\n\n      // Clean up on close\n      event.node.req.on('close', () => {\n        clearInterval(keepAlive);\n      });\n\n      // Don't end the response - keep it open for SSE\n      return new Promise(() => {});\n    }),\n  );\n\n  app.use(router);\n  return app;\n}\n"],"mappings":";;;;;;;;;;;;;;;AAkCA,SAAgB,aAAa,MAAc,SAAiB,KAA6B,MAAM;AAC7F,QAAO;EACL,SAAS;EACT,OAAO;GAAE;GAAM;GAAS;EACxB;EACD;;;;;AAMH,SAAgB,eAAe,QAAiB,KAA6B,MAAM;AACjF,QAAO;EACL,SAAS;EACT;EACA;EACD;;;;;AAMH,SAAgB,mBAAmB;AACjC,QAAO;EACL,iBAAiB;EACjB,YAAY;GACV,MAAM;GACN,SAAS;GACV;EACD,cAAc;GACZ,OAAO,EAAE;GACT,WAAW,EAAE;GACd;EACD,cAAc;EACf;;;;;AAMH,SAAgB,kBAAkB;AAChC,QAAO,EAAE,OAAO,OAAO;;;;;AAMzB,SAAgB,gBAAqB;CACnC,MAAM,MAAM,WAAW;CACvB,MAAM,SAAS,cAAc;AAG7B,QAAO,IAAI,2CAA2C,qBAAqB;AAC3E,QAAO,KAAK,aAAa,gBAAgB;AACzC,QAAO,IAAI,cAAc,oBAAoB;AAC7C,QAAO,KAAK,cAAc,qBAAqB;AAC/C,QAAO,KAAK,UAAU,aAAa;AAInC,QAAO,IACL,yCACA,oBAAoB,UAAU;EAC5B,MAAM,OAAO,MAAM,KAAK,IAAI,QAAQ,QAAQ;EAE5C,MAAM,UAAU,GADC,MAAM,KAAK,IAAI,QAAQ,wBAAwB,OACpC,KAAK;AAEjC,oBAAkB,OAAO,gBAAgB,mBAAmB;AAC5D,oBAAkB,OAAO,iBAAiB,uBAAuB;AAEjE,SAAO;GACL,UAAU,GAAG,QAAQ;GACrB,uBAAuB,CAAC,QAAQ;GAChC,kBAAkB,CAAC,aAAa;GAChC,0BAA0B,CAAC,SAAS;GACrC;GACD,CACH;AAGD,QAAO,IACL,KACA,yBAAyB;AACvB,SAAO;GAAE,QAAQ;GAAM,SAAS;GAAkB,SAAS;GAAS;GACpE,CACH;AAED,QAAO,IACL,WACA,yBAAyB;AACvB,SAAO,EAAE,QAAQ,MAAM;GACvB,CACH;AAGD,QAAO,KACL,QACA,mBAAmB,OAAO,UAAU;EAGlC,MAAM,cAAc,gBADD,UAAU,OAAO,gBAAgB,CACL;AAE/C,MAAI,CAAC,aAAa;GAEhB,MAAM,OAAO,MAAM,KAAK,IAAI,QAAQ,QAAQ;GAE5C,MAAM,UAAU,GADC,MAAM,KAAK,IAAI,QAAQ,wBAAwB,OACpC,KAAK;AAEjC,qBAAkB,OAAO,gBAAgB,mBAAmB;AAC5D,qBACE,OACA,oBACA,6BAA6B,QAAQ,wCACtC;AACD,SAAM,KAAK,IAAI,aAAa;AAC5B,UAAO,aACL,QACA,4FACD;;AAGH,oBAAkB,OAAO,gBAAgB,mBAAmB;EAG5D,IAAI;AACJ,MAAI;AACF,UAAO,MAAM,SAAS,MAAM;UACtB;AACN,SAAM,KAAK,IAAI,aAAa;AAC5B,UAAO,aAAa,QAAQ,4BAA4B;;AAG1D,MAAI,CAAC,QAAQ,OAAO,SAAS,UAAU;AACrC,SAAM,KAAK,IAAI,aAAa;AAC5B,UAAO,aAAa,QAAQ,4BAA4B;;EAG1D,MAAM,EAAE,QAAQ,QAAQ,OAAO;AAE/B,MAAI;AACF,OAAI,WAAW,aACb,QAAO,eAAe,kBAAkB,EAAE,MAAM,KAAK;AAGvD,OAAI,WAAW,aACb,QAAO,eAAe,iBAAiB,EAAE,MAAM,KAAK;AAGtD,OAAI,WAAW,cAAc;IAC3B,MAAM,EAAE,MAAM,WAAW,SAAS;AAKlC,WAAO,eADQ,MAAM,2BAA2B,MAAM,QAAQ,EAAE,EAAE,YAAY,EAChD,MAAM,KAAK;;AAG3C,OAAI,WAAW,iBACb,QAAO,eAAe,EAAE,WAAW,eAAe,EAAE,EAAE,MAAM,KAAK;AAGnE,OAAI,WAAW,2BACb,QAAO,eAAe,EAAE,mBAAmB,uBAAuB,EAAE,EAAE,MAAM,KAAK;AAGnF,OAAI,WAAW,kBAAkB;IAC/B,MAAM,EAAE,QAAS,UAA8B,EAAE;AACjD,QAAI,CAAC,IACH,QAAO,aAAa,QAAQ,mCAAmC,MAAM,KAAK;AAG5E,WAAO,eADQ,MAAM,aAAa,KAAK,YAAY,EACrB,MAAM,KAAK;;AAI3C,UAAO,aAAa,QAAQ,qBAAqB,UAAU,MAAM,KAAK;WAC/D,OAAO;AAEd,UAAO,aAAa,QAAQ,mBADZ,iBAAiB,QAAQ,MAAM,UAAU,OAAO,MAAM,IACZ,MAAM,KAAK;;GAEvE,CACH;AAGD,QAAO,IACL,YACA,mBAAmB,OAAO,UAAU;AAIlC,MAAI,CAFgB,gBADD,UAAU,OAAO,gBAAgB,CACL,EAE7B;GAEhB,MAAM,OAAO,MAAM,KAAK,IAAI,QAAQ,QAAQ;AAI5C,qBACE,OACA,oBACA,6BALc,GADC,MAAM,KAAK,IAAI,QAAQ,wBAAwB,OACpC,KAAK,OAKM,wCACtC;AACD,SAAM,KAAK,IAAI,aAAa;AAC5B,UAAO,EAAE,OAAO,2BAA2B;;AAI7C,oBAAkB,OAAO,gBAAgB,oBAAoB;AAC7D,oBAAkB,OAAO,iBAAiB,WAAW;AACrD,oBAAkB,OAAO,cAAc,aAAa;EAGpD,MAAM,YAAY,OAAO,YAAY;AAGrC,QAAM,KAAK,IAAI,MAAM,yBAAyB,KAAK,UAAU,EAAE,WAAW,CAAC,CAAC,MAAM;EAGlF,MAAM,YAAY,kBAAkB;AAClC,SAAM,KAAK,IAAI,MAAM,kBAAkB;KACtC,IAAM;AAGT,QAAM,KAAK,IAAI,GAAG,eAAe;AAC/B,iBAAc,UAAU;IACxB;AAGF,SAAO,IAAI,cAAc,GAAG;GAC5B,CACH;AAED,KAAI,IAAI,OAAO;AACf,QAAO"}
+{"version":3,"file":"http.js","names":[],"sources":["../src/http.ts"],"sourcesContent":["/**\n * HTTP transport handlers for Productive MCP Server\n *\n * This module contains the app/router creation logic for the HTTP transport.\n * The actual server startup is in server.ts.\n */\n\nimport { H3, defineHandler, type H3Event } from 'h3';\n\nimport { parseAuthHeader } from './auth.js';\nimport { executeToolWithCredentials } from './handlers.js';\nimport { INSTRUCTIONS } from './instructions.js';\nimport {\n  oauthMetadataHandler,\n  registerHandler,\n  authorizeGetHandler,\n  authorizePostHandler,\n  tokenHandler,\n} from './oauth.js';\nimport { listResources, listResourceTemplates, readResource } from './resources.js';\nimport { TOOLS } from './tools.js';\nimport { VERSION } from './version.js';\n\n/**\n * JSON-RPC error response\n */\nexport function jsonRpcError(code: number, message: string, id: string | number | null = null) {\n  return {\n    jsonrpc: '2.0',\n    error: { code, message },\n    id,\n  };\n}\n\n/**\n * JSON-RPC success response\n */\nexport function jsonRpcSuccess(result: unknown, id: string | number | null = null) {\n  return {\n    jsonrpc: '2.0',\n    result,\n    id,\n  };\n}\n\n/**\n * Handle the initialize JSON-RPC method\n */\nexport function handleInitialize() {\n  return {\n    protocolVersion: '2024-11-05',\n    serverInfo: {\n      name: 'productive-mcp',\n      version: VERSION,\n    },\n    capabilities: {\n      tools: {},\n      resources: {},\n    },\n    instructions: INSTRUCTIONS,\n  };\n}\n\n/**\n * Handle the tools/list JSON-RPC method\n */\nexport function handleToolsList() {\n  return { tools: TOOLS };\n}\n\n/**\n * Get base URL from event headers\n */\nfunction getBaseUrl(event: H3Event): string {\n  const host = event.req.headers.get('host') || 'localhost:3000';\n  const protocol = event.req.headers.get('x-forwarded-proto') || 'http';\n  return `${protocol}://${host}`;\n}\n\n/**\n * Create the H3 application with all routes\n */\nexport function createHttpApp(): H3 {\n  const app = new H3();\n\n  // OAuth 2.0 endpoints for Claude Desktop integration (MCP auth spec)\n  app.get('/.well-known/oauth-authorization-server', oauthMetadataHandler);\n  app.post('/register', registerHandler); // Dynamic Client Registration (RFC 7591)\n  app.get('/authorize', authorizeGetHandler);\n  app.post('/authorize', authorizePostHandler);\n  app.post('/token', tokenHandler);\n\n  // OAuth Protected Resource Metadata (RFC 9728 / MCP spec 2025-03-26)\n  // This endpoint tells clients where to find the authorization server\n  app.get(\n    '/.well-known/oauth-protected-resource',\n    defineHandler((event) => {\n      const baseUrl = getBaseUrl(event);\n\n      event.res.headers.set('Content-Type', 'application/json');\n      event.res.headers.set('Cache-Control', 'public, max-age=3600');\n\n      return {\n        resource: `${baseUrl}/mcp`,\n        authorization_servers: [baseUrl],\n        scopes_supported: ['productive'],\n        bearer_methods_supported: ['header'],\n      };\n    }),\n  );\n\n  // Health check endpoint\n  app.get(\n    '/',\n    defineHandler(() => {\n      return { status: 'ok', service: 'productive-mcp', version: VERSION };\n    }),\n  );\n\n  app.get(\n    '/health',\n    defineHandler(() => {\n      return { status: 'ok' };\n    }),\n  );\n\n  // MCP endpoint - handles JSON-RPC over HTTP\n  app.post(\n    '/mcp',\n    defineHandler(async (event) => {\n      // Parse authorization header\n      const authHeader = event.req.headers.get('authorization');\n      const credentials = parseAuthHeader(authHeader);\n\n      if (!credentials) {\n        // RFC 6750: Return WWW-Authenticate header to trigger OAuth flow\n        const baseUrl = getBaseUrl(event);\n\n        event.res.headers.set('Content-Type', 'application/json');\n        event.res.headers.set(\n          'WWW-Authenticate',\n          `Bearer resource_metadata=\"${baseUrl}/.well-known/oauth-protected-resource\"`,\n        );\n        event.res.status = 401;\n        return jsonRpcError(\n          -32001,\n          'Authentication required. Provide Bearer token with base64(organizationId:apiToken:userId)',\n        );\n      }\n\n      event.res.headers.set('Content-Type', 'application/json');\n\n      // Parse JSON-RPC request\n      let body: { method?: string; params?: unknown; id?: string | number } | undefined;\n      try {\n        body = await event.req.json();\n      } catch {\n        event.res.status = 400;\n        return jsonRpcError(-32700, 'Parse error: Invalid JSON');\n      }\n\n      if (!body || typeof body !== 'object') {\n        event.res.status = 400;\n        return jsonRpcError(-32700, 'Parse error: Invalid JSON');\n      }\n\n      const { method, params, id } = body;\n\n      try {\n        if (method === 'initialize') {\n          return jsonRpcSuccess(handleInitialize(), id ?? null);\n        }\n\n        if (method === 'tools/list') {\n          return jsonRpcSuccess(handleToolsList(), id ?? null);\n        }\n\n        if (method === 'tools/call') {\n          const { name, arguments: args } = params as {\n            name: string;\n            arguments?: Record<string, unknown>;\n          };\n          const result = await executeToolWithCredentials(name, args || {}, credentials);\n          return jsonRpcSuccess(result, id ?? null);\n        }\n\n        if (method === 'resources/list') {\n          return jsonRpcSuccess({ resources: listResources() }, id ?? null);\n        }\n\n        if (method === 'resources/templates/list') {\n          return jsonRpcSuccess({ resourceTemplates: listResourceTemplates() }, id ?? null);\n        }\n\n        if (method === 'resources/read') {\n          const { uri } = (params as { uri: string }) ?? {};\n          if (!uri) {\n            return jsonRpcError(-32602, 'Invalid params: uri is required', id ?? null);\n          }\n          const result = await readResource(uri, credentials);\n          return jsonRpcSuccess(result, id ?? null);\n        }\n\n        // Unknown method\n        return jsonRpcError(-32601, `Method not found: ${method}`, id ?? null);\n      } catch (error) {\n        const message = error instanceof Error ? error.message : String(error);\n        return jsonRpcError(-32603, `Internal error: ${message}`, id ?? null);\n      }\n    }),\n  );\n\n  // SSE endpoint for server-sent events (optional, for streaming responses)\n  app.get(\n    '/mcp/sse',\n    defineHandler(async (event) => {\n      const authHeader = event.req.headers.get('authorization');\n      const credentials = parseAuthHeader(authHeader);\n\n      if (!credentials) {\n        // RFC 6750: Return WWW-Authenticate header to trigger OAuth flow\n        const baseUrl = getBaseUrl(event);\n\n        event.res.headers.set(\n          'WWW-Authenticate',\n          `Bearer resource_metadata=\"${baseUrl}/.well-known/oauth-protected-resource\"`,\n        );\n        event.res.status = 401;\n        return { error: 'Authentication required' };\n      }\n\n      // Node.js-specific SSE: access raw res for streaming\n      const nodeRuntime = event.runtime?.node;\n      const nodeRes = nodeRuntime?.res as import('node:http').ServerResponse | undefined;\n      if (!nodeRes) {\n        event.res.status = 501;\n        return { error: 'SSE requires Node.js runtime' };\n      }\n\n      // Write SSE headers directly to Node.js response (bypassing h3's pipeline)\n      nodeRes.writeHead(200, {\n        'Content-Type': 'text/event-stream',\n        'Cache-Control': 'no-cache',\n        Connection: 'keep-alive',\n      });\n\n      // Generate session ID and send it\n      const sessionId = crypto.randomUUID();\n\n      // Send initial session event\n      nodeRes.write(`event: session\\ndata: ${JSON.stringify({ sessionId })}\\n\\n`);\n\n      // Keep connection alive\n      const keepAlive = setInterval(() => {\n        nodeRes.write(': keepalive\\n\\n');\n      }, 30000);\n\n      // Clean up on close\n      nodeRuntime?.req.on('close', () => {\n        clearInterval(keepAlive);\n      });\n\n      // Don't end the response - keep it open for SSE\n      return new Promise(() => {});\n    }),\n  );\n\n  return app;\n}\n"],"mappings":";;;;;;;;;;;;;;;AA0BA,SAAgB,aAAa,MAAc,SAAiB,KAA6B,MAAM;AAC7F,QAAO;EACL,SAAS;EACT,OAAO;GAAE;GAAM;GAAS;EACxB;EACD;;;;;AAMH,SAAgB,eAAe,QAAiB,KAA6B,MAAM;AACjF,QAAO;EACL,SAAS;EACT;EACA;EACD;;;;;AAMH,SAAgB,mBAAmB;AACjC,QAAO;EACL,iBAAiB;EACjB,YAAY;GACV,MAAM;GACN,SAAS;GACV;EACD,cAAc;GACZ,OAAO,EAAE;GACT,WAAW,EAAE;GACd;EACD,cAAc;EACf;;;;;AAMH,SAAgB,kBAAkB;AAChC,QAAO,EAAE,OAAO,OAAO;;;;;AAMzB,SAAS,WAAW,OAAwB;CAC1C,MAAM,OAAO,MAAM,IAAI,QAAQ,IAAI,OAAO,IAAI;AAE9C,QAAO,GADU,MAAM,IAAI,QAAQ,IAAI,oBAAoB,IAAI,OAC5C,KAAK;;;;;AAM1B,SAAgB,gBAAoB;CAClC,MAAM,MAAM,IAAI,IAAI;AAGpB,KAAI,IAAI,2CAA2C,qBAAqB;AACxE,KAAI,KAAK,aAAa,gBAAgB;AACtC,KAAI,IAAI,cAAc,oBAAoB;AAC1C,KAAI,KAAK,cAAc,qBAAqB;AAC5C,KAAI,KAAK,UAAU,aAAa;AAIhC,KAAI,IACF,yCACA,eAAe,UAAU;EACvB,MAAM,UAAU,WAAW,MAAM;AAEjC,QAAM,IAAI,QAAQ,IAAI,gBAAgB,mBAAmB;AACzD,QAAM,IAAI,QAAQ,IAAI,iBAAiB,uBAAuB;AAE9D,SAAO;GACL,UAAU,GAAG,QAAQ;GACrB,uBAAuB,CAAC,QAAQ;GAChC,kBAAkB,CAAC,aAAa;GAChC,0BAA0B,CAAC,SAAS;GACrC;GACD,CACH;AAGD,KAAI,IACF,KACA,oBAAoB;AAClB,SAAO;GAAE,QAAQ;GAAM,SAAS;GAAkB,SAAS;GAAS;GACpE,CACH;AAED,KAAI,IACF,WACA,oBAAoB;AAClB,SAAO,EAAE,QAAQ,MAAM;GACvB,CACH;AAGD,KAAI,KACF,QACA,cAAc,OAAO,UAAU;EAG7B,MAAM,cAAc,gBADD,MAAM,IAAI,QAAQ,IAAI,gBAAgB,CACV;AAE/C,MAAI,CAAC,aAAa;GAEhB,MAAM,UAAU,WAAW,MAAM;AAEjC,SAAM,IAAI,QAAQ,IAAI,gBAAgB,mBAAmB;AACzD,SAAM,IAAI,QAAQ,IAChB,oBACA,6BAA6B,QAAQ,wCACtC;AACD,SAAM,IAAI,SAAS;AACnB,UAAO,aACL,QACA,4FACD;;AAGH,QAAM,IAAI,QAAQ,IAAI,gBAAgB,mBAAmB;EAGzD,IAAI;AACJ,MAAI;AACF,UAAO,MAAM,MAAM,IAAI,MAAM;UACvB;AACN,SAAM,IAAI,SAAS;AACnB,UAAO,aAAa,QAAQ,4BAA4B;;AAG1D,MAAI,CAAC,QAAQ,OAAO,SAAS,UAAU;AACrC,SAAM,IAAI,SAAS;AACnB,UAAO,aAAa,QAAQ,4BAA4B;;EAG1D,MAAM,EAAE,QAAQ,QAAQ,OAAO;AAE/B,MAAI;AACF,OAAI,WAAW,aACb,QAAO,eAAe,kBAAkB,EAAE,MAAM,KAAK;AAGvD,OAAI,WAAW,aACb,QAAO,eAAe,iBAAiB,EAAE,MAAM,KAAK;AAGtD,OAAI,WAAW,cAAc;IAC3B,MAAM,EAAE,MAAM,WAAW,SAAS;AAKlC,WAAO,eADQ,MAAM,2BAA2B,MAAM,QAAQ,EAAE,EAAE,YAAY,EAChD,MAAM,KAAK;;AAG3C,OAAI,WAAW,iBACb,QAAO,eAAe,EAAE,WAAW,eAAe,EAAE,EAAE,MAAM,KAAK;AAGnE,OAAI,WAAW,2BACb,QAAO,eAAe,EAAE,mBAAmB,uBAAuB,EAAE,EAAE,MAAM,KAAK;AAGnF,OAAI,WAAW,kBAAkB;IAC/B,MAAM,EAAE,QAAS,UAA8B,EAAE;AACjD,QAAI,CAAC,IACH,QAAO,aAAa,QAAQ,mCAAmC,MAAM,KAAK;AAG5E,WAAO,eADQ,MAAM,aAAa,KAAK,YAAY,EACrB,MAAM,KAAK;;AAI3C,UAAO,aAAa,QAAQ,qBAAqB,UAAU,MAAM,KAAK;WAC/D,OAAO;AAEd,UAAO,aAAa,QAAQ,mBADZ,iBAAiB,QAAQ,MAAM,UAAU,OAAO,MAAM,IACZ,MAAM,KAAK;;GAEvE,CACH;AAGD,KAAI,IACF,YACA,cAAc,OAAO,UAAU;AAI7B,MAAI,CAFgB,gBADD,MAAM,IAAI,QAAQ,IAAI,gBAAgB,CACV,EAE7B;GAEhB,MAAM,UAAU,WAAW,MAAM;AAEjC,SAAM,IAAI,QAAQ,IAChB,oBACA,6BAA6B,QAAQ,wCACtC;AACD,SAAM,IAAI,SAAS;AACnB,UAAO,EAAE,OAAO,2BAA2B;;EAI7C,MAAM,cAAc,MAAM,SAAS;EACnC,MAAM,UAAU,aAAa;AAC7B,MAAI,CAAC,SAAS;AACZ,SAAM,IAAI,SAAS;AACnB,UAAO,EAAE,OAAO,gCAAgC;;AAIlD,UAAQ,UAAU,KAAK;GACrB,gBAAgB;GAChB,iBAAiB;GACjB,YAAY;GACb,CAAC;EAGF,MAAM,YAAY,OAAO,YAAY;AAGrC,UAAQ,MAAM,yBAAyB,KAAK,UAAU,EAAE,WAAW,CAAC,CAAC,MAAM;EAG3E,MAAM,YAAY,kBAAkB;AAClC,WAAQ,MAAM,kBAAkB;KAC/B,IAAM;AAGT,eAAa,IAAI,GAAG,eAAe;AACjC,iBAAc,UAAU;IACxB;AAGF,SAAO,IAAI,cAAc,GAAG;GAC5B,CACH;AAED,QAAO"}

package/dist/index.js

@@ -1,5 +1,5 @@
 #!/usr/bin/env node
-import { a as INSTRUCTIONS, i as readResource, n as listResourceTemplates, r as listResources, t as VERSION } from "./version-DpBFJ7eV.js";
+import { a as INSTRUCTIONS, i as readResource, n as listResourceTemplates, r as listResources, t as VERSION } from "./version-BFw4junA.js";
 import "./handlers-t95fhdps.js";
 import { a as handlePrompt, n as getAvailableTools, s as handleToolCall, t as getAvailablePrompts } from "./stdio-Bi1Lvp8O.js";
 import { Server } from "@modelcontextprotocol/sdk/server/index.js";

package/dist/oauth.d.ts

@@ -20,7 +20,7 @@
  *
  * MCP clients MUST check this endpoint first for server capabilities.
  */
-export declare const oauthMetadataHandler: import("h3").EventHandler<import("h3").EventHandlerRequest, {
+export declare const oauthMetadataHandler: import("h3").EventHandlerWithFetch<import("h3").EventHandlerRequest, {
     issuer: string;
     authorization_endpoint: string;
     token_endpoint: string;
@@ -40,7 +40,7 @@ export declare const oauthMetadataHandler: import("h3").EventHandler<import("h3"
  * Since we use stateless tokens, we accept any registration and return
  * a generated client_id.
  */
-export declare const registerHandler: import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<{
+export declare const registerHandler: import("h3").EventHandlerWithFetch<import("h3").EventHandlerRequest, Promise<{
     error: string;
     error_description: string;
     client_id?: undefined;
@@ -50,25 +50,25 @@ export declare const registerHandler: import("h3").EventHandler<import("h3").Eve
     grant_types?: undefined;
     response_types?: undefined;
 } | {
+    error?: undefined;
+    error_description?: undefined;
     client_id: string;
     client_name: string;
     redirect_uris: string[];
     token_endpoint_auth_method: string;
     grant_types: string[];
     response_types: string[];
-    error?: undefined;
-    error_description?: undefined;
 }>>;
 /**
  * Authorization endpoint - shows login form
  * GET /authorize
  */
-export declare const authorizeGetHandler: import("h3").EventHandler<import("h3").EventHandlerRequest, string | Promise<void>>;
+export declare const authorizeGetHandler: import("h3").EventHandlerWithFetch<import("h3").EventHandlerRequest, string | import("h3").HTTPResponse>;
 /**
  * Authorization endpoint - process login
  * POST /authorize
  */
-export declare const authorizePostHandler: import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<string>>;
+export declare const authorizePostHandler: import("h3").EventHandlerWithFetch<import("h3").EventHandlerRequest, Promise<string>>;
 /**
  * Token endpoint - exchange code for access token
  * POST /token
@@ -77,7 +77,7 @@ export declare const authorizePostHandler: import("h3").EventHandler<import("h3"
  * - authorization_code grant (with PKCE validation)
  * - refresh_token grant
  */
-export declare const tokenHandler: import("h3").EventHandler<import("h3").EventHandlerRequest, Promise<{
+export declare const tokenHandler: import("h3").EventHandlerWithFetch<import("h3").EventHandlerRequest, Promise<{
     error: string;
     error_description: string;
     access_token?: undefined;
@@ -85,11 +85,11 @@ export declare const tokenHandler: import("h3").EventHandler<import("h3").EventH
     expires_in?: undefined;
     refresh_token?: undefined;
 } | {
+    error?: undefined;
+    error_description?: undefined;
     access_token: string;
     token_type: string;
     expires_in: number;
     refresh_token: string;
-    error?: undefined;
-    error_description?: undefined;
 }>>;
 //# sourceMappingURL=oauth.d.ts.map

package/dist/oauth.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"oauth.d.ts","sourceRoot":"","sources":["../src/oauth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAeH;;;;;GAKG;AACH,eAAO,MAAM,oBAAoB;;;;;;;;;;;EAyB/B,CAAC;AAEH;;;;;;;GAOG;AACH,eAAO,MAAM,eAAe;;;;;;;;;;;;;;;;;;GAoC1B,CAAC;AAEH;;;GAGG;AACH,eAAO,MAAM,mBAAmB,qFA+C9B,CAAC;AAEH;;;GAGG;AACH,eAAO,MAAM,oBAAoB,8EAyD/B,CAAC;AAEH;;;;;;;GAOG;AACH,eAAO,MAAM,YAAY;;;;;;;;;;;;;;GA+FvB,CAAC"}
+{"version":3,"file":"oauth.d.ts","sourceRoot":"","sources":["../src/oauth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;GAeG;AAQH;;;;;GAKG;AACH,eAAO,MAAM,oBAAoB;;;;;;;;;;;EAyB/B,CAAC;AAEH;;;;;;;GAOG;AACH,eAAO,MAAM,eAAe;;;;;;;;;;;;;;;;;;GAoC1B,CAAC;AAEH;;;GAGG;AACH,eAAO,MAAM,mBAAmB,0GA+C9B,CAAC;AAEH;;;GAGG;AACH,eAAO,MAAM,oBAAoB,uFA0D/B,CAAC;AAEH;;;;;;;GAOG;AACH,eAAO,MAAM,YAAY;;;;;;;;;;;;;;GA2FvB,CAAC"}