agents 0.0.0-5908188 → 0.0.0-59ac254

package/dist/mcp/index.js

@@ -1,10 +1,13 @@
-import { t as MessageType } from "../ai-types-B3aQaFv3.js";
-import "../client-BfiZ3HQd.js";
-import { i as SSEEdgeClientTransport, r as StreamableHTTPEdgeClientTransport } from "../client-CIvp_OWw.js";
-import "../do-oauth-client-provider-CswoD5Lu.js";
-import { c as getCurrentAgent, s as getAgentByName, t as Agent } from "../src-CTtjSFyX.js";
+import "../context-BkKbAa1R.js";
+import { t as MessageType } from "../ai-types-CwgHzwUb.js";
+import "../client-CcyhkGfN.js";
+import "../client-QZa2Rq0l.js";
+import "../do-oauth-client-provider-B1fVIshX.js";
+import { c as getCurrentAgent, s as getAgentByName, t as Agent } from "../src-BmbDclOA.js";
 import { AsyncLocalStorage } from "node:async_hooks";
-import { ElicitRequestSchema, InitializeRequestSchema, JSONRPCMessageSchema, isInitializeRequest, isJSONRPCError, isJSONRPCNotification, isJSONRPCRequest, isJSONRPCResponse } from "@modelcontextprotocol/sdk/types.js";
+import { SSEClientTransport } from "@modelcontextprotocol/sdk/client/sse.js";
+import { StreamableHTTPClientTransport } from "@modelcontextprotocol/sdk/client/streamableHttp.js";
+import { ElicitRequestSchema, InitializeRequestSchema, JSONRPCMessageSchema, SUPPORTED_PROTOCOL_VERSIONS, isInitializeRequest, isJSONRPCError, isJSONRPCNotification, isJSONRPCRequest, isJSONRPCResponse } from "@modelcontextprotocol/sdk/types.js";
 
 //#region src/mcp/utils.ts
 /**
@@ -21,7 +24,7 @@ const MCP_HTTP_METHOD_HEADER = "cf-mcp-method";
 */
 const MCP_MESSAGE_HEADER = "cf-mcp-message";
 const MAXIMUM_MESSAGE_SIZE_BYTES = 4 * 1024 * 1024;
-const createStreamingHttpHandler = (basePath, namespace, corsOptions) => {
+const createStreamingHttpHandler = (basePath, namespace, options = {}) => {
 	let pathname = basePath;
 	if (basePath === "/") pathname = "/*";
 	const basePattern = new URLPattern({ pathname });
@@ -130,7 +133,10 @@ const createStreamingHttpHandler = (basePath, namespace, corsOptions) => {
 					return new Response(body$1, { status: 400 });
 				}
 				sessionId = sessionId ?? namespace.newUniqueId().toString();
-				const agent = await getAgentByName(namespace, `streamable-http:${sessionId}`, { props: ctx.props });
+				const agent = await getAgentByName(namespace, `streamable-http:${sessionId}`, {
+					props: ctx.props,
+					jurisdiction: options.jurisdiction
+				});
 				const isInitialized = await agent.getInitializeRequest();
 				if (maybeInitializeRequest) await agent.setInitializeRequest(maybeInitializeRequest);
 				else if (!isInitialized) {
@@ -205,7 +211,7 @@ const createStreamingHttpHandler = (basePath, namespace, corsOptions) => {
 				if (messages.every((msg) => isJSONRPCNotification(msg) || isJSONRPCResponse(msg))) {
 					ws.close();
 					return new Response(null, {
-						headers: corsHeaders(request, corsOptions),
+						headers: corsHeaders(request, options.corsOptions),
 						status: 202
 					});
 				}
@@ -215,7 +221,7 @@ const createStreamingHttpHandler = (basePath, namespace, corsOptions) => {
 						Connection: "keep-alive",
 						"Content-Type": "text/event-stream",
 						"mcp-session-id": sessionId,
-						...corsHeaders(request, corsOptions)
+						...corsHeaders(request, options.corsOptions)
 					},
 					status: 200
 				});
@@ -243,7 +249,10 @@ const createStreamingHttpHandler = (basePath, namespace, corsOptions) => {
 				const { readable, writable } = new TransformStream();
 				const writer = writable.getWriter();
 				const encoder = new TextEncoder();
-				const agent = await getAgentByName(namespace, `streamable-http:${sessionId}`, { props: ctx.props });
+				const agent = await getAgentByName(namespace, `streamable-http:${sessionId}`, {
+					props: ctx.props,
+					jurisdiction: options.jurisdiction
+				});
 				if (!await agent.getInitializeRequest()) return new Response(JSON.stringify({
 					jsonrpc: "2.0",
 					error: {
@@ -292,7 +301,7 @@ const createStreamingHttpHandler = (basePath, namespace, corsOptions) => {
 						Connection: "keep-alive",
 						"Content-Type": "text/event-stream",
 						"mcp-session-id": sessionId,
-						...corsHeaders(request, corsOptions)
+						...corsHeaders(request, options.corsOptions)
 					},
 					status: 200
 				});
@@ -307,9 +316,9 @@ const createStreamingHttpHandler = (basePath, namespace, corsOptions) => {
 					id: null
 				}), {
 					status: 400,
-					headers: corsHeaders(request, corsOptions)
+					headers: corsHeaders(request, options.corsOptions)
 				});
-				const agent = await getAgentByName(namespace, `streamable-http:${sessionId}`);
+				const agent = await getAgentByName(namespace, `streamable-http:${sessionId}`, { jurisdiction: options.jurisdiction });
 				if (!await agent.getInitializeRequest()) return new Response(JSON.stringify({
 					jsonrpc: "2.0",
 					error: {
@@ -319,12 +328,12 @@ const createStreamingHttpHandler = (basePath, namespace, corsOptions) => {
 					id: null
 				}), {
 					status: 404,
-					headers: corsHeaders(request, corsOptions)
+					headers: corsHeaders(request, options.corsOptions)
 				});
 				ctx.waitUntil(agent.destroy().catch(() => {}));
 				return new Response(null, {
 					status: 204,
-					headers: corsHeaders(request, corsOptions)
+					headers: corsHeaders(request, options.corsOptions)
 				});
 			}
 		}
@@ -339,7 +348,7 @@ const createStreamingHttpHandler = (basePath, namespace, corsOptions) => {
 		return new Response(body, { status: 404 });
 	};
 };
-const createLegacySseHandler = (basePath, namespace, corsOptions) => {
+const createLegacySseHandler = (basePath, namespace, options = {}) => {
 	let pathname = basePath;
 	if (basePath === "/") pathname = "/*";
 	const basePattern = new URLPattern({ pathname });
@@ -356,7 +365,10 @@ const createLegacySseHandler = (basePath, namespace, corsOptions) => {
 			endpointUrl.searchParams.set("sessionId", sessionId);
 			const endpointMessage = `event: endpoint\ndata: ${endpointUrl.pathname + endpointUrl.search + endpointUrl.hash}\n\n`;
 			writer.write(encoder.encode(endpointMessage));
-			const agent = await getAgentByName(namespace, `sse:${sessionId}`, { props: ctx.props });
+			const agent = await getAgentByName(namespace, `sse:${sessionId}`, {
+				props: ctx.props,
+				jurisdiction: options.jurisdiction
+			});
 			const existingHeaders = {};
 			request.headers.forEach((value, key) => {
 				existingHeaders[key] = value;
@@ -408,7 +420,7 @@ const createLegacySseHandler = (basePath, namespace, corsOptions) => {
 				"Cache-Control": "no-cache",
 				Connection: "keep-alive",
 				"Content-Type": "text/event-stream",
-				...corsHeaders(request, corsOptions)
+				...corsHeaders(request, options.corsOptions)
 			} });
 		}
 		if (request.method === "POST" && messagePattern.test(url)) {
@@ -418,15 +430,19 @@ const createLegacySseHandler = (basePath, namespace, corsOptions) => {
 			if (!contentType.includes("application/json")) return new Response(`Unsupported content-type: ${contentType}`, { status: 400 });
 			const contentLength = Number.parseInt(request.headers.get("content-length") || "0", 10);
 			if (contentLength > MAXIMUM_MESSAGE_SIZE_BYTES) return new Response(`Request body too large: ${contentLength} bytes`, { status: 400 });
-			const agent = await getAgentByName(namespace, `sse:${sessionId}`, { props: ctx.props });
+			const agent = await getAgentByName(namespace, `sse:${sessionId}`, {
+				props: ctx.props,
+				jurisdiction: options.jurisdiction
+			});
 			const messageBody = await request.json();
-			const error = await agent.onSSEMcpMessage(sessionId, messageBody);
+			const extraInfo = { requestInfo: { headers: Object.fromEntries(request.headers.entries()) } };
+			const error = await agent.onSSEMcpMessage(sessionId, messageBody, extraInfo);
 			if (error) return new Response(error.message, {
 				headers: {
 					"Cache-Control": "no-cache",
 					Connection: "keep-alive",
 					"Content-Type": "text/event-stream",
-					...corsHeaders(request, corsOptions)
+					...corsHeaders(request, options.corsOptions)
 				},
 				status: 400
 			});
@@ -435,7 +451,7 @@ const createLegacySseHandler = (basePath, namespace, corsOptions) => {
 					"Cache-Control": "no-cache",
 					Connection: "keep-alive",
 					"Content-Type": "text/event-stream",
-					...corsHeaders(request, corsOptions)
+					...corsHeaders(request, options.corsOptions)
 				},
 				status: 202
 			});
@@ -464,9 +480,12 @@ function isDurableObjectNamespace(namespace) {
 //#endregion
 //#region src/mcp/transport.ts
 var McpSSETransport = class {
-	constructor(getWebSocket) {
+	constructor() {
 		this._started = false;
-		this._getWebSocket = getWebSocket;
+		const { agent } = getCurrentAgent();
+		if (!agent) throw new Error("McpAgent was not found in Transport constructor");
+		this.sessionId = agent.getSessionId();
+		this._getWebSocket = () => agent.getWebSocket();
 	}
 	async start() {
 		if (this._started) throw new Error("Transport already started");
@@ -574,19 +593,35 @@ var StreamableHTTPServerTransport = class {
 		if (Array.isArray(rawMessage)) messages = rawMessage.map((msg) => JSONRPCMessageSchema.parse(msg));
 		else messages = [JSONRPCMessageSchema.parse(rawMessage)];
 		const hasRequests = messages.some(isJSONRPCRequest);
-		if (!hasRequests) for (const message of messages) this.onmessage?.(message, {
-			authInfo,
-			requestInfo
-		});
+		if (!hasRequests) for (const message of messages) {
+			if (this.messageInterceptor) {
+				if (await this.messageInterceptor(message, {
+					authInfo,
+					requestInfo
+				})) continue;
+			}
+			this.onmessage?.(message, {
+				authInfo,
+				requestInfo
+			});
+		}
 		else if (hasRequests) {
 			const { connection } = getCurrentAgent();
 			if (!connection) throw new Error("Connection was not found in handlePostRequest");
 			const requestIds = messages.filter(isJSONRPCRequest).map((message) => message.id);
 			connection.setState({ requestIds });
-			for (const message of messages) this.onmessage?.(message, {
-				authInfo,
-				requestInfo
-			});
+			for (const message of messages) {
+				if (this.messageInterceptor) {
+					if (await this.messageInterceptor(message, {
+						authInfo,
+						requestInfo
+					})) continue;
+				}
+				this.onmessage?.(message, {
+					authInfo,
+					requestInfo
+				});
+			}
 		}
 	}
 	async close() {
@@ -625,8 +660,41 @@ var StreamableHTTPServerTransport = class {
 	}
 };
 
+//#endregion
+//#region src/mcp/client-transports.ts
+/**
+* Deprecated transport wrappers
+*/
+let didWarnAboutSSEEdgeClientTransport = false;
+/**
+* @deprecated Use SSEClientTransport from @modelcontextprotocol/sdk/client/sse.js instead. This alias will be removed in the next major version.
+*/
+var SSEEdgeClientTransport = class extends SSEClientTransport {
+	constructor(url, options) {
+		super(url, options);
+		if (!didWarnAboutSSEEdgeClientTransport) {
+			didWarnAboutSSEEdgeClientTransport = true;
+			console.warn("SSEEdgeClientTransport is deprecated. Use SSEClientTransport from @modelcontextprotocol/sdk/client/sse.js instead. SSEEdgeClientTransport will be removed in the next major version.");
+		}
+	}
+};
+let didWarnAboutStreamableHTTPEdgeClientTransport = false;
+/**
+* @deprecated Use StreamableHTTPClientTransport from @modelcontextprotocol/sdk/client/streamableHttp.js instead. This alias will be removed in the next major version.
+*/
+var StreamableHTTPEdgeClientTransport = class extends StreamableHTTPClientTransport {
+	constructor(url, options) {
+		super(url, options);
+		if (!didWarnAboutStreamableHTTPEdgeClientTransport) {
+			didWarnAboutStreamableHTTPEdgeClientTransport = true;
+			console.warn("StreamableHTTPEdgeClientTransport is deprecated. Use StreamableHTTPClientTransport from @modelcontextprotocol/sdk/client/streamableHttp.js instead. StreamableHTTPEdgeClientTransport will be removed in the next major version.");
+		}
+	}
+};
+
 //#endregion
 //#region src/mcp/worker-transport.ts
+const MCP_PROTOCOL_VERSION_HEADER = "MCP-Protocol-Version";
 var WorkerTransport = class {
 	constructor(options) {
 		this.started = false;
@@ -636,15 +704,93 @@ var WorkerTransport = class {
 		this.streamMapping = /* @__PURE__ */ new Map();
 		this.requestToStreamMapping = /* @__PURE__ */ new Map();
 		this.requestResponseMap = /* @__PURE__ */ new Map();
+		this.stateRestored = false;
 		this.sessionIdGenerator = options?.sessionIdGenerator;
 		this.enableJsonResponse = options?.enableJsonResponse ?? false;
 		this.onsessioninitialized = options?.onsessioninitialized;
+		this.corsOptions = options?.corsOptions;
+		this.storage = options?.storage;
+	}
+	/**
+	* Restore transport state from persistent storage.
+	* This is automatically called on start.
+	*/
+	async restoreState() {
+		if (!this.storage || this.stateRestored) return;
+		const state = await Promise.resolve(this.storage.get());
+		if (state) {
+			this.sessionId = state.sessionId;
+			this.initialized = state.initialized;
+		}
+		this.stateRestored = true;
+	}
+	/**
+	* Persist current transport state to storage.
+	*/
+	async saveState() {
+		if (!this.storage) return;
+		const state = {
+			sessionId: this.sessionId,
+			initialized: this.initialized
+		};
+		await Promise.resolve(this.storage.set(state));
 	}
 	async start() {
 		if (this.started) throw new Error("Transport already started");
 		this.started = true;
 	}
+	/**
+	* Validates the MCP-Protocol-Version header on incoming requests.
+	*
+	* This performs a simple check: if a version header is present, it must be
+	* in the SUPPORTED_PROTOCOL_VERSIONS list. We do not track the negotiated
+	* version or enforce version consistency across requests - the SDK handles
+	* version negotiation during initialization, and we simply reject any
+	* explicitly unsupported versions.
+	*
+	* - Header present and supported: Accept
+	* - Header present and unsupported: 400 Bad Request
+	* - Header missing: Accept (version validation is optional)
+	*/
+	validateProtocolVersion(request) {
+		const protocolVersion = request.headers.get(MCP_PROTOCOL_VERSION_HEADER);
+		if (protocolVersion !== null && !SUPPORTED_PROTOCOL_VERSIONS.includes(protocolVersion)) return new Response(JSON.stringify({
+			jsonrpc: "2.0",
+			error: {
+				code: -32e3,
+				message: `Bad Request: Unsupported protocol version: ${protocolVersion} (supported versions: ${SUPPORTED_PROTOCOL_VERSIONS.join(", ")})`
+			},
+			id: null
+		}), {
+			status: 400,
+			headers: {
+				"Content-Type": "application/json",
+				...this.getHeaders()
+			}
+		});
+	}
+	getHeaders({ forPreflight } = {}) {
+		const options = {
+			origin: "*",
+			headers: "Content-Type, Accept, Authorization, mcp-session-id, MCP-Protocol-Version",
+			methods: "GET, POST, DELETE, OPTIONS",
+			exposeHeaders: "mcp-session-id",
+			maxAge: 86400,
+			...this.corsOptions
+		};
+		if (forPreflight) return {
+			"Access-Control-Allow-Origin": options.origin,
+			"Access-Control-Allow-Headers": options.headers,
+			"Access-Control-Allow-Methods": options.methods,
+			"Access-Control-Max-Age": options.maxAge.toString()
+		};
+		return {
+			"Access-Control-Allow-Origin": options.origin,
+			"Access-Control-Expose-Headers": options.exposeHeaders
+		};
+	}
 	async handleRequest(request, parsedBody) {
+		await this.restoreState();
 		switch (request.method) {
 			case "OPTIONS": return this.handleOptionsRequest(request);
 			case "GET": return this.handleGetRequest(request);
@@ -663,10 +809,15 @@ var WorkerTransport = class {
 			id: null
 		}), {
 			status: 406,
-			headers: { "Content-Type": "application/json" }
+			headers: {
+				"Content-Type": "application/json",
+				...this.getHeaders()
+			}
 		});
-		const sessionValid = this.validateSession(request);
-		if (sessionValid !== true) return sessionValid;
+		const sessionError = this.validateSession(request);
+		if (sessionError) return sessionError;
+		const versionError = this.validateProtocolVersion(request);
+		if (versionError) return versionError;
 		const streamId = this.standaloneSseStreamId;
 		if (this.streamMapping.get(streamId) !== void 0) return new Response(JSON.stringify({
 			jsonrpc: "2.0",
@@ -677,7 +828,10 @@ var WorkerTransport = class {
 			id: null
 		}), {
 			status: 409,
-			headers: { "Content-Type": "application/json" }
+			headers: {
+				"Content-Type": "application/json",
+				...this.getHeaders()
+			}
 		});
 		const { readable, writable } = new TransformStream();
 		const writer = writable.getWriter();
@@ -686,8 +840,7 @@ var WorkerTransport = class {
 			"Content-Type": "text/event-stream",
 			"Cache-Control": "no-cache",
 			Connection: "keep-alive",
-			"Access-Control-Allow-Origin": "*",
-			"Access-Control-Expose-Headers": "mcp-session-id"
+			...this.getHeaders()
 		});
 		if (this.sessionId !== void 0) headers.set("mcp-session-id", this.sessionId);
 		const keepAlive = setInterval(() => {
@@ -710,7 +863,7 @@ var WorkerTransport = class {
 	}
 	async handlePostRequest(request, parsedBody) {
 		const acceptHeader = request.headers.get("Accept");
-		if (!acceptHeader?.includes("application/json") || !acceptHeader.includes("text/event-stream")) return new Response(JSON.stringify({
+		if (!acceptHeader?.includes("application/json") || !acceptHeader?.includes("text/event-stream")) return new Response(JSON.stringify({
 			jsonrpc: "2.0",
 			error: {
 				code: -32e3,
@@ -719,7 +872,10 @@ var WorkerTransport = class {
 			id: null
 		}), {
 			status: 406,
-			headers: { "Content-Type": "application/json" }
+			headers: {
+				"Content-Type": "application/json",
+				...this.getHeaders()
+			}
 		});
 		if (!request.headers.get("Content-Type")?.includes("application/json")) return new Response(JSON.stringify({
 			jsonrpc: "2.0",
@@ -730,7 +886,10 @@ var WorkerTransport = class {
 			id: null
 		}), {
 			status: 415,
-			headers: { "Content-Type": "application/json" }
+			headers: {
+				"Content-Type": "application/json",
+				...this.getHeaders()
+			}
 		});
 		let rawMessage = parsedBody;
 		if (rawMessage === void 0) try {
@@ -745,7 +904,10 @@ var WorkerTransport = class {
 				id: null
 			}), {
 				status: 400,
-				headers: { "Content-Type": "application/json" }
+				headers: {
+					"Content-Type": "application/json",
+					...this.getHeaders()
+				}
 			});
 		}
 		let messages;
@@ -762,9 +924,13 @@ var WorkerTransport = class {
 				id: null
 			}), {
 				status: 400,
-				headers: { "Content-Type": "application/json" }
+				headers: {
+					"Content-Type": "application/json",
+					...this.getHeaders()
+				}
 			});
 		}
+		const requestInfo = { headers: Object.fromEntries(request.headers.entries()) };
 		const isInitializationRequest = messages.some(isInitializeRequest);
 		if (isInitializationRequest) {
 			if (this.initialized && this.sessionId !== void 0) return new Response(JSON.stringify({
@@ -776,7 +942,10 @@ var WorkerTransport = class {
 				id: null
 			}), {
 				status: 400,
-				headers: { "Content-Type": "application/json" }
+				headers: {
+					"Content-Type": "application/json",
+					...this.getHeaders()
+				}
 			});
 			if (messages.length > 1) return new Response(JSON.stringify({
 				jsonrpc: "2.0",
@@ -787,21 +956,27 @@ var WorkerTransport = class {
 				id: null
 			}), {
 				status: 400,
-				headers: { "Content-Type": "application/json" }
+				headers: {
+					"Content-Type": "application/json",
+					...this.getHeaders()
+				}
 			});
 			this.sessionId = this.sessionIdGenerator?.();
 			this.initialized = true;
+			await this.saveState();
 			if (this.sessionId && this.onsessioninitialized) this.onsessioninitialized(this.sessionId);
 		}
 		if (!isInitializationRequest) {
-			const sessionValid = this.validateSession(request);
-			if (sessionValid !== true) return sessionValid;
+			const sessionError = this.validateSession(request);
+			if (sessionError) return sessionError;
+			const versionError = this.validateProtocolVersion(request);
+			if (versionError) return versionError;
 		}
 		if (!messages.some(isJSONRPCRequest)) {
-			for (const message of messages) this.onmessage?.(message);
+			for (const message of messages) this.onmessage?.(message, { requestInfo });
 			return new Response(null, {
 				status: 202,
-				headers: { "Access-Control-Allow-Origin": "*" }
+				headers: { ...this.getHeaders() }
 			});
 		}
 		const streamId = crypto.randomUUID();
@@ -813,7 +988,7 @@ var WorkerTransport = class {
 				}
 			});
 			for (const message of messages) if (isJSONRPCRequest(message)) this.requestToStreamMapping.set(message.id, streamId);
-			for (const message of messages) this.onmessage?.(message);
+			for (const message of messages) this.onmessage?.(message, { requestInfo });
 		});
 		const { readable, writable } = new TransformStream();
 		const writer = writable.getWriter();
@@ -822,8 +997,7 @@ var WorkerTransport = class {
 			"Content-Type": "text/event-stream",
 			"Cache-Control": "no-cache",
 			Connection: "keep-alive",
-			"Access-Control-Allow-Origin": "*",
-			"Access-Control-Expose-Headers": "mcp-session-id"
+			...this.getHeaders()
 		});
 		if (this.sessionId !== void 0) headers.set("mcp-session-id", this.sessionId);
 		this.streamMapping.set(streamId, {
@@ -835,28 +1009,24 @@ var WorkerTransport = class {
 			}
 		});
 		for (const message of messages) if (isJSONRPCRequest(message)) this.requestToStreamMapping.set(message.id, streamId);
-		for (const message of messages) this.onmessage?.(message);
+		for (const message of messages) this.onmessage?.(message, { requestInfo });
 		return new Response(readable, { headers });
 	}
 	async handleDeleteRequest(request) {
-		const sessionValid = this.validateSession(request);
-		if (sessionValid !== true) return sessionValid;
+		const sessionError = this.validateSession(request);
+		if (sessionError) return sessionError;
+		const versionError = this.validateProtocolVersion(request);
+		if (versionError) return versionError;
 		await this.close();
 		return new Response(null, {
 			status: 200,
-			headers: { "Access-Control-Allow-Origin": "*" }
+			headers: { ...this.getHeaders() }
 		});
 	}
 	handleOptionsRequest(_request) {
-		const headers = new Headers({
-			"Access-Control-Allow-Origin": "*",
-			"Access-Control-Allow-Methods": "GET, POST, DELETE, OPTIONS",
-			"Access-Control-Allow-Headers": "Content-Type, Accept, Authorization, mcp-session-id",
-			"Access-Control-Max-Age": "86400"
-		});
 		return new Response(null, {
-			status: 204,
-			headers
+			status: 200,
+			headers: { ...this.getHeaders({ forPreflight: true }) }
 		});
 	}
 	handleUnsupportedRequest() {
@@ -876,7 +1046,7 @@ var WorkerTransport = class {
 		});
 	}
 	validateSession(request) {
-		if (this.sessionIdGenerator === void 0) return true;
+		if (this.sessionIdGenerator === void 0) return;
 		if (!this.initialized) return new Response(JSON.stringify({
 			jsonrpc: "2.0",
 			error: {
@@ -886,7 +1056,10 @@ var WorkerTransport = class {
 			id: null
 		}), {
 			status: 400,
-			headers: { "Content-Type": "application/json" }
+			headers: {
+				"Content-Type": "application/json",
+				...this.getHeaders()
+			}
 		});
 		const sessionId = request.headers.get("mcp-session-id");
 		if (!sessionId) return new Response(JSON.stringify({
@@ -898,7 +1071,10 @@ var WorkerTransport = class {
 			id: null
 		}), {
 			status: 400,
-			headers: { "Content-Type": "application/json" }
+			headers: {
+				"Content-Type": "application/json",
+				...this.getHeaders()
+			}
 		});
 		if (sessionId !== this.sessionId) return new Response(JSON.stringify({
 			jsonrpc: "2.0",
@@ -909,9 +1085,11 @@ var WorkerTransport = class {
 			id: null
 		}), {
 			status: 404,
-			headers: { "Content-Type": "application/json" }
+			headers: {
+				"Content-Type": "application/json",
+				...this.getHeaders()
+			}
 		});
-		return true;
 	}
 	async close() {
 		for (const { cleanup } of this.streamMapping.values()) cleanup();
@@ -919,8 +1097,8 @@ var WorkerTransport = class {
 		this.requestResponseMap.clear();
 		this.onclose?.();
 	}
-	async send(message) {
-		let requestId;
+	async send(message, options) {
+		let requestId = options?.relatedRequestId;
 		if (isJSONRPCResponse(message) || isJSONRPCError(message)) requestId = message.id;
 		if (requestId === void 0) {
 			if (isJSONRPCResponse(message) || isJSONRPCError(message)) throw new Error("Cannot send a response on a standalone SSE stream unless resuming a previous client request");
@@ -950,8 +1128,7 @@ var WorkerTransport = class {
 					const responses = relatedIds.map((id) => this.requestResponseMap.get(id));
 					const headers = new Headers({
 						"Content-Type": "application/json",
-						"Access-Control-Allow-Origin": "*",
-						"Access-Control-Expose-Headers": "mcp-session-id"
+						...this.getHeaders()
 					});
 					if (this.sessionId !== void 0) headers.set("mcp-session-id", this.sessionId);
 					const body = responses.length === 1 ? responses[0] : responses;
@@ -978,23 +1155,30 @@ function runWithAuthContext(context, fn) {
 
 //#endregion
 //#region src/mcp/handler.ts
-function experimental_createMcpHandler(server, options = {}) {
+function createMcpHandler(server, options = {}) {
 	const route = options.route ?? "/mcp";
 	return async (request, _env, ctx) => {
 		const url = new URL(request.url);
 		if (route && url.pathname !== route) return new Response("Not Found", { status: 404 });
-		const oauthCtx = ctx;
-		const authContext = oauthCtx.props ? { props: oauthCtx.props } : void 0;
-		const transport = new WorkerTransport(options);
-		await server.connect(transport);
+		const transport = options.transport ?? new WorkerTransport({
+			sessionIdGenerator: options.sessionIdGenerator,
+			enableJsonResponse: options.enableJsonResponse,
+			onsessioninitialized: options.onsessioninitialized,
+			corsOptions: options.corsOptions,
+			storage: options.storage
+		});
+		const buildAuthContext = () => {
+			if (options.authContext) return options.authContext;
+			if (ctx.props && Object.keys(ctx.props).length > 0) return { props: ctx.props };
+		};
 		const handleRequest = async () => {
 			return await transport.handleRequest(request);
 		};
+		const authContext = buildAuthContext();
+		if (!transport.started) await server.connect(transport);
 		try {
-			let response;
-			if (authContext) response = await runWithAuthContext(authContext, handleRequest);
-			else response = await handleRequest();
-			return response;
+			if (authContext) return await runWithAuthContext(authContext, handleRequest);
+			else return await handleRequest();
 		} catch (error) {
 			console.error("MCP handler error:", error);
 			return new Response(JSON.stringify({
@@ -1011,6 +1195,17 @@ function experimental_createMcpHandler(server, options = {}) {
 		}
 	};
 }
+let didWarnAboutExperimentalCreateMcpHandler = false;
+/**
+* @deprecated This has been renamed to createMcpHandler, and experimental_createMcpHandler will be removed in the next major version
+*/
+function experimental_createMcpHandler(server, options = {}) {
+	if (!didWarnAboutExperimentalCreateMcpHandler) {
+		didWarnAboutExperimentalCreateMcpHandler = true;
+		console.warn("experimental_createMcpHandler is deprecated, use createMcpHandler instead. experimental_createMcpHandler will be removed in the next major version.");
+	}
+	return createMcpHandler(server, options);
+}
 
 //#endregion
 //#region src/mcp/index.ts
@@ -1051,8 +1246,14 @@ var McpAgent = class McpAgent extends Agent {
 	/** Returns a new transport matching the type of the Agent. */
 	initTransport() {
 		switch (this.getTransportType()) {
-			case "sse": return new McpSSETransport(() => this.getWebSocket());
-			case "streamable-http": return new StreamableHTTPServerTransport({});
+			case "sse": return new McpSSETransport();
+			case "streamable-http": {
+				const transport = new StreamableHTTPServerTransport({});
+				transport.messageInterceptor = async (message) => {
+					return this._handleElicitationResponse(message);
+				};
+				return transport;
+			}
 		}
 	}
 	/** Update and store the props */
@@ -1104,7 +1305,7 @@ var McpAgent = class McpAgent extends Agent {
 		}
 	}
 	/** Handles MCP Messages for the legacy SSE transport. */
-	async onSSEMcpMessage(_sessionId, messageBody) {
+	async onSSEMcpMessage(_sessionId, messageBody, extraInfo) {
 		if (this.getTransportType() !== "sse") return /* @__PURE__ */ new Error("Internal Server Error: Expected SSE transport");
 		try {
 			let parsedMessage;
@@ -1115,7 +1316,7 @@ var McpAgent = class McpAgent extends Agent {
 				throw error;
 			}
 			if (await this._handleElicitationResponse(parsedMessage)) return null;
-			this._transport?.onmessage?.(parsedMessage);
+			this._transport?.onmessage?.(parsedMessage, extraInfo);
 			return null;
 		} catch (error) {
 			console.error("Error forwarding message to SSE:", error);
@@ -1201,7 +1402,7 @@ var McpAgent = class McpAgent extends Agent {
 	/** Return a handler for the given path for this MCP.
 	* Defaults to Streamable HTTP transport.
 	*/
-	static serve(path, { binding = "MCP_OBJECT", corsOptions, transport = "streamable-http" } = {}) {
+	static serve(path, { binding = "MCP_OBJECT", corsOptions, transport = "streamable-http", jurisdiction } = {}) {
 		return { async fetch(request, env, ctx) {
 			const corsResponse = handleCORS(request, corsOptions);
 			if (corsResponse) return corsResponse;
@@ -1210,8 +1411,14 @@ var McpAgent = class McpAgent extends Agent {
 			if (!isDurableObjectNamespace(bindingValue)) throw new Error(`Invalid McpAgent binding for ${binding}. Make sure it's a Durable Object binding.`);
 			const namespace = bindingValue;
 			switch (transport) {
-				case "streamable-http": return createStreamingHttpHandler(path, namespace, corsOptions)(request, ctx);
-				case "sse": return createLegacySseHandler(path, namespace, corsOptions)(request, ctx);
+				case "streamable-http": return createStreamingHttpHandler(path, namespace, {
+					corsOptions,
+					jurisdiction
+				})(request, ctx);
+				case "sse": return createLegacySseHandler(path, namespace, {
+					corsOptions,
+					jurisdiction
+				})(request, ctx);
 				default: return new Response("Invalid MCP transport mode. Only `streamable-http` or `sse` are allowed.", { status: 500 });
 			}
 		} };
@@ -1231,5 +1438,5 @@ var McpAgent = class McpAgent extends Agent {
 };
 
 //#endregion
-export { ElicitRequestSchema, McpAgent, SSEEdgeClientTransport, StreamableHTTPEdgeClientTransport, WorkerTransport, experimental_createMcpHandler, getMcpAuthContext };
+export { ElicitRequestSchema, McpAgent, SSEEdgeClientTransport, StreamableHTTPEdgeClientTransport, WorkerTransport, createMcpHandler, experimental_createMcpHandler, getMcpAuthContext };
 //# sourceMappingURL=index.js.map