agents 0.0.0-cec3cca → 0.0.0-cf3b3d7

package/dist/do-oauth-client-provider-CnbnngL2.d.ts

@@ -0,0 +1,134 @@
+import { OAuthClientProvider } from "@modelcontextprotocol/sdk/client/auth.js";
+import {
+  OAuthClientInformationFull,
+  OAuthClientMetadata,
+  OAuthTokens
+} from "@modelcontextprotocol/sdk/shared/auth.js";
+
+//#region src/mcp/client-storage.d.ts
+/**
+ * Represents a row in the cf_agents_mcp_servers table
+ */
+type MCPServerRow = {
+  id: string;
+  name: string;
+  server_url: string;
+  client_id: string | null;
+  auth_url: string | null;
+  callback_url: string;
+  server_options: string | null;
+};
+/**
+ * KV storage interface for OAuth-related data
+ * Used by OAuth providers to store tokens, client info, etc.
+ */
+interface OAuthClientStorage {
+  /**
+   * Get a value from key-value storage (for OAuth data like tokens, client info, etc.)
+   */
+  get<T>(key: string): Promise<T | undefined> | undefined;
+  /**
+   * Put a value into key-value storage (for OAuth data like tokens, client info, etc.)
+   */
+  put(key: string, value: unknown): Promise<void> | void;
+}
+/**
+ * Storage interface for MCP client manager
+ * Abstracts storage operations to decouple from specific storage implementations
+ */
+interface MCPClientStorage extends OAuthClientStorage {
+  /**
+   * Save or update an MCP server configuration
+   */
+  saveServer(server: MCPServerRow): Promise<void>;
+  /**
+   * Remove an MCP server from storage
+   */
+  removeServer(serverId: string): Promise<void>;
+  /**
+   * List all MCP servers from storage
+   */
+  listServers(): Promise<MCPServerRow[]>;
+  /**
+   * Get an MCP server by its callback URL
+   * Used during OAuth callback to identify which server is being authenticated
+   */
+  getServerByCallbackUrl(callbackUrl: string): Promise<MCPServerRow | null>;
+  /**
+   * Clear auth_url after successful OAuth authentication
+   * This prevents the agent from continuously asking for OAuth on reconnect
+   * when stored tokens are still valid.
+   */
+  clearAuthUrl(serverId: string): Promise<void>;
+}
+//#endregion
+//#region src/mcp/do-oauth-client-provider.d.ts
+interface AgentsOAuthProvider extends OAuthClientProvider {
+  authUrl: string | undefined;
+  clientId: string | undefined;
+  serverId: string | undefined;
+}
+declare class DurableObjectOAuthClientProvider implements AgentsOAuthProvider {
+  storage: OAuthClientStorage;
+  clientName: string;
+  baseRedirectUrl: string;
+  private _authUrl_;
+  private _serverId_;
+  private _clientId_;
+  constructor(
+    storage: OAuthClientStorage,
+    clientName: string,
+    baseRedirectUrl: string
+  );
+  get clientMetadata(): OAuthClientMetadata;
+  get clientUri(): string;
+  get redirectUrl(): string;
+  get clientId(): string;
+  set clientId(clientId_: string);
+  get serverId(): string;
+  set serverId(serverId_: string);
+  keyPrefix(clientId: string): string;
+  clientInfoKey(clientId: string): string;
+  clientInformation(): Promise<
+    | {
+        client_id: string;
+        client_secret?: string | undefined;
+        client_id_issued_at?: number | undefined;
+        client_secret_expires_at?: number | undefined;
+      }
+    | undefined
+  >;
+  saveClientInformation(
+    clientInformation: OAuthClientInformationFull
+  ): Promise<void>;
+  tokenKey(clientId: string): string;
+  tokens(): Promise<
+    | {
+        access_token: string;
+        token_type: string;
+        id_token?: string | undefined;
+        expires_in?: number | undefined;
+        scope?: string | undefined;
+        refresh_token?: string | undefined;
+      }
+    | undefined
+  >;
+  saveTokens(tokens: OAuthTokens): Promise<void>;
+  get authUrl(): string | undefined;
+  /**
+   * Because this operates on the server side (but we need browser auth), we send this url back to the user
+   * and require user interact to initiate the redirect flow
+   */
+  redirectToAuthorization(authUrl: URL): void;
+  codeVerifierKey(clientId: string): string;
+  saveCodeVerifier(verifier: string): Promise<void>;
+  codeVerifier(): Promise<string>;
+}
+//#endregion
+export {
+  MCPServerRow as i,
+  DurableObjectOAuthClientProvider as n,
+  MCPClientStorage as r,
+  AgentsOAuthProvider as t
+};
+//# sourceMappingURL=do-oauth-client-provider-CnbnngL2.d.ts.map

package/dist/{do-oauth-client-provider-CswoD5Lu.js → do-oauth-client-provider-D2P1lSft.js}

@@ -68,7 +68,7 @@ var DurableObjectOAuthClientProvider = class {
 	* Because this operates on the server side (but we need browser auth), we send this url back to the user
 	* and require user interact to initiate the redirect flow
 	*/
-	async redirectToAuthorization(authUrl) {
+	redirectToAuthorization(authUrl) {
 		const stateToken = nanoid();
 		authUrl.searchParams.set("state", stateToken);
 		this._authUrl_ = authUrl.toString();
@@ -90,4 +90,4 @@ var DurableObjectOAuthClientProvider = class {
 
 //#endregion
 export { DurableObjectOAuthClientProvider as t };
-//# sourceMappingURL=do-oauth-client-provider-CswoD5Lu.js.map
+//# sourceMappingURL=do-oauth-client-provider-D2P1lSft.js.map

package/dist/do-oauth-client-provider-D2P1lSft.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"do-oauth-client-provider-D2P1lSft.js","names":["storage: OAuthClientStorage","clientName: string","baseRedirectUrl: string"],"sources":["../src/mcp/do-oauth-client-provider.ts"],"sourcesContent":["import type { OAuthClientProvider } from \"@modelcontextprotocol/sdk/client/auth.js\";\nimport type {\n  OAuthClientInformation,\n  OAuthClientInformationFull,\n  OAuthClientMetadata,\n  OAuthTokens\n} from \"@modelcontextprotocol/sdk/shared/auth.js\";\nimport { nanoid } from \"nanoid\";\nimport type { OAuthClientStorage } from \"./client-storage\";\n\n// A slight extension to the standard OAuthClientProvider interface because `redirectToAuthorization` doesn't give us the interface we need\n// This allows us to track authentication for a specific server and associated dynamic client registration\nexport interface AgentsOAuthProvider extends OAuthClientProvider {\n  authUrl: string | undefined;\n  clientId: string | undefined;\n  serverId: string | undefined;\n}\n\nexport class DurableObjectOAuthClientProvider implements AgentsOAuthProvider {\n  private _authUrl_: string | undefined;\n  private _serverId_: string | undefined;\n  private _clientId_: string | undefined;\n\n  constructor(\n    public storage: OAuthClientStorage,\n    public clientName: string,\n    public baseRedirectUrl: string\n  ) {}\n\n  get clientMetadata(): OAuthClientMetadata {\n    return {\n      client_name: this.clientName,\n      client_uri: this.clientUri,\n      grant_types: [\"authorization_code\", \"refresh_token\"],\n      redirect_uris: [this.redirectUrl],\n      response_types: [\"code\"],\n      token_endpoint_auth_method: \"none\"\n    };\n  }\n\n  get clientUri() {\n    return new URL(this.redirectUrl).origin;\n  }\n\n  get redirectUrl() {\n    return `${this.baseRedirectUrl}/${this.serverId}`;\n  }\n\n  get clientId() {\n    if (!this._clientId_) {\n      throw new Error(\"Trying to access clientId before it was set\");\n    }\n    return this._clientId_;\n  }\n\n  set clientId(clientId_: string) {\n    this._clientId_ = clientId_;\n  }\n\n  get serverId() {\n    if (!this._serverId_) {\n      throw new Error(\"Trying to access serverId before it was set\");\n    }\n    return this._serverId_;\n  }\n\n  set serverId(serverId_: string) {\n    this._serverId_ = serverId_;\n  }\n\n  keyPrefix(clientId: string) {\n    return `/${this.clientName}/${this.serverId}/${clientId}`;\n  }\n\n  clientInfoKey(clientId: string) {\n    return `${this.keyPrefix(clientId)}/client_info/`;\n  }\n\n  async clientInformation() {\n    if (!this._clientId_) {\n      return undefined;\n    }\n    return (\n      (await this.storage.get<OAuthClientInformation>(\n        this.clientInfoKey(this.clientId)\n      )) ?? undefined\n    );\n  }\n\n  async saveClientInformation(clientInformation: OAuthClientInformationFull) {\n    await this.storage.put(\n      this.clientInfoKey(clientInformation.client_id),\n      clientInformation\n    );\n    this.clientId = clientInformation.client_id;\n  }\n\n  tokenKey(clientId: string) {\n    return `${this.keyPrefix(clientId)}/token`;\n  }\n\n  async tokens() {\n    if (!this._clientId_) {\n      return undefined;\n    }\n    return (\n      (await this.storage.get<OAuthTokens>(this.tokenKey(this.clientId))) ??\n      undefined\n    );\n  }\n\n  async saveTokens(tokens: OAuthTokens) {\n    await this.storage.put(this.tokenKey(this.clientId), tokens);\n  }\n\n  get authUrl() {\n    return this._authUrl_;\n  }\n\n  /**\n   * Because this operates on the server side (but we need browser auth), we send this url back to the user\n   * and require user interact to initiate the redirect flow\n   */\n  redirectToAuthorization(authUrl: URL) {\n    // Generate secure random token for state parameter\n    const stateToken = nanoid();\n    authUrl.searchParams.set(\"state\", stateToken);\n    this._authUrl_ = authUrl.toString();\n  }\n\n  codeVerifierKey(clientId: string) {\n    return `${this.keyPrefix(clientId)}/code_verifier`;\n  }\n\n  async saveCodeVerifier(verifier: string) {\n    const key = this.codeVerifierKey(this.clientId);\n\n    // Don't overwrite existing verifier to preserve first PKCE verifier\n    const existing = await this.storage.get<string>(key);\n    if (existing) {\n      return;\n    }\n\n    await this.storage.put(key, verifier);\n  }\n\n  async codeVerifier() {\n    const codeVerifier = await this.storage.get<string>(\n      this.codeVerifierKey(this.clientId)\n    );\n    if (!codeVerifier) {\n      throw new Error(\"No code verifier found\");\n    }\n    return codeVerifier;\n  }\n}\n"],"mappings":";;;AAkBA,IAAa,mCAAb,MAA6E;CAK3E,YACE,AAAOA,SACP,AAAOC,YACP,AAAOC,iBACP;EAHO;EACA;EACA;;CAGT,IAAI,iBAAsC;AACxC,SAAO;GACL,aAAa,KAAK;GAClB,YAAY,KAAK;GACjB,aAAa,CAAC,sBAAsB,gBAAgB;GACpD,eAAe,CAAC,KAAK,YAAY;GACjC,gBAAgB,CAAC,OAAO;GACxB,4BAA4B;GAC7B;;CAGH,IAAI,YAAY;AACd,SAAO,IAAI,IAAI,KAAK,YAAY,CAAC;;CAGnC,IAAI,cAAc;AAChB,SAAO,GAAG,KAAK,gBAAgB,GAAG,KAAK;;CAGzC,IAAI,WAAW;AACb,MAAI,CAAC,KAAK,WACR,OAAM,IAAI,MAAM,8CAA8C;AAEhE,SAAO,KAAK;;CAGd,IAAI,SAAS,WAAmB;AAC9B,OAAK,aAAa;;CAGpB,IAAI,WAAW;AACb,MAAI,CAAC,KAAK,WACR,OAAM,IAAI,MAAM,8CAA8C;AAEhE,SAAO,KAAK;;CAGd,IAAI,SAAS,WAAmB;AAC9B,OAAK,aAAa;;CAGpB,UAAU,UAAkB;AAC1B,SAAO,IAAI,KAAK,WAAW,GAAG,KAAK,SAAS,GAAG;;CAGjD,cAAc,UAAkB;AAC9B,SAAO,GAAG,KAAK,UAAU,SAAS,CAAC;;CAGrC,MAAM,oBAAoB;AACxB,MAAI,CAAC,KAAK,WACR;AAEF,SACG,MAAM,KAAK,QAAQ,IAClB,KAAK,cAAc,KAAK,SAAS,CAClC,IAAK;;CAIV,MAAM,sBAAsB,mBAA+C;AACzE,QAAM,KAAK,QAAQ,IACjB,KAAK,cAAc,kBAAkB,UAAU,EAC/C,kBACD;AACD,OAAK,WAAW,kBAAkB;;CAGpC,SAAS,UAAkB;AACzB,SAAO,GAAG,KAAK,UAAU,SAAS,CAAC;;CAGrC,MAAM,SAAS;AACb,MAAI,CAAC,KAAK,WACR;AAEF,SACG,MAAM,KAAK,QAAQ,IAAiB,KAAK,SAAS,KAAK,SAAS,CAAC,IAClE;;CAIJ,MAAM,WAAW,QAAqB;AACpC,QAAM,KAAK,QAAQ,IAAI,KAAK,SAAS,KAAK,SAAS,EAAE,OAAO;;CAG9D,IAAI,UAAU;AACZ,SAAO,KAAK;;;;;;CAOd,wBAAwB,SAAc;EAEpC,MAAM,aAAa,QAAQ;AAC3B,UAAQ,aAAa,IAAI,SAAS,WAAW;AAC7C,OAAK,YAAY,QAAQ,UAAU;;CAGrC,gBAAgB,UAAkB;AAChC,SAAO,GAAG,KAAK,UAAU,SAAS,CAAC;;CAGrC,MAAM,iBAAiB,UAAkB;EACvC,MAAM,MAAM,KAAK,gBAAgB,KAAK,SAAS;AAI/C,MADiB,MAAM,KAAK,QAAQ,IAAY,IAAI,CAElD;AAGF,QAAM,KAAK,QAAQ,IAAI,KAAK,SAAS;;CAGvC,MAAM,eAAe;EACnB,MAAM,eAAe,MAAM,KAAK,QAAQ,IACtC,KAAK,gBAAgB,KAAK,SAAS,CACpC;AACD,MAAI,CAAC,aACH,OAAM,IAAI,MAAM,yBAAyB;AAE3C,SAAO"}

package/dist/{index-DFqsR7mb.d.ts → index-DCRAdW9R.d.ts}

@@ -1,8 +1,8 @@
 import {
-  a as MCPConnectionState,
-  t as MCPClientManager,
-  u as TransportType
-} from "./client-Csp_m13H.js";
+  l as MCPConnectionState,
+  m as TransportType,
+  t as MCPClientManager
+} from "./client-BaCHMay9.js";
 import { t as Observability } from "./index-DhJCaDWd.js";
 import { n as MessageType } from "./ai-types-D5YoPrBZ.js";
 import {
@@ -87,9 +87,9 @@ declare function callable(
  * @param metadata Optional metadata about the callable method
  */
 declare const unstable_callable: (metadata?: CallableMetadata) => void;
-type QueueItem<T$1 = string> = {
+type QueueItem<T = string> = {
   id: string;
-  payload: T$1;
+  payload: T;
   callback: keyof Agent<unknown>;
   created_at: number;
 };
@@ -97,13 +97,13 @@ type QueueItem<T$1 = string> = {
  * Represents a scheduled task within an Agent
  * @template T Type of the payload data
  */
-type Schedule<T$1 = string> = {
+type Schedule<T = string> = {
   /** Unique identifier for the schedule */
   id: string;
   /** Name of the method to be called */
   callback: string;
   /** Data to be passed to the callback */
-  payload: T$1;
+  payload: T;
 } & (
   | {
       /** Type of schedule for one-time execution at a specific time */
@@ -152,9 +152,9 @@ type MCPServer = {
   capabilities: ServerCapabilities | null;
 };
 declare function getCurrentAgent<
-  T$1 extends Agent<unknown, unknown> = Agent<unknown, unknown>
+  T extends Agent<unknown, unknown> = Agent<unknown, unknown>
 >(): {
-  agent: T$1 | undefined;
+  agent: T | undefined;
   connection: Connection | undefined;
   request: Request | undefined;
   email: AgentEmail | undefined;
@@ -171,7 +171,7 @@ declare class Agent<
 > extends Server<Env, Props> {
   private _state;
   private _disposables;
-  private _mcpStateRestored;
+  private _destroyed;
   private _ParentClass;
   readonly mcp: MCPClientManager;
   /**
@@ -347,7 +347,6 @@ declare class Agent<
    * @returns A map of method names to their metadata
    */
   private _isCallable;
-  private _ensureMcpStateRestored;
   /**
    * Connect to a new MCP Server
    *
@@ -374,10 +373,23 @@ declare class Agent<
     id: string;
     authUrl: string | undefined;
   }>;
-  private _connectToMcpServerInternal;
   removeMcpServer(id: string): Promise<void>;
-  getMcpServers(): MCPServersState;
+  getMcpServers(): Promise<MCPServersState>;
   private broadcastMcpServers;
+  /**
+   * Handle MCP OAuth callback request if it's an OAuth callback.
+   *
+   * This method encapsulates the entire OAuth callback flow:
+   * 1. Checks if the request is an MCP OAuth callback
+   * 2. Processes the OAuth code exchange
+   * 3. Establishes the connection if successful
+   * 4. Broadcasts MCP server state updates
+   * 5. Returns the appropriate HTTP response
+   *
+   * @param request The incoming HTTP request
+   * @returns Response if this was an OAuth callback, null otherwise
+   */
+  private handleMcpOAuthCallback;
   /**
    * Handle OAuth callback response using MCPClientManager configuration
    * @param result OAuth callback result
@@ -494,17 +506,17 @@ type EmailSendOptions = {
  */
 declare function getAgentByName<
   Env,
-  T$1 extends Agent<Env>,
+  T extends Agent<Env>,
   Props extends Record<string, unknown> = Record<string, unknown>
 >(
-  namespace: AgentNamespace<T$1>,
+  namespace: AgentNamespace<T>,
   name: string,
   options?: {
     jurisdiction?: DurableObjectJurisdiction;
     locationHint?: DurableObjectLocationHint;
     props?: Props;
   }
-): Promise<DurableObjectStub<T$1>>;
+): Promise<DurableObjectStub<T>>;
 /**
  * A wrapper for streaming responses in callable methods
  */
@@ -557,4 +569,4 @@ export {
   WSMessage as x,
   StateUpdateMessage as y
 };
-//# sourceMappingURL=index-DFqsR7mb.d.ts.map
+//# sourceMappingURL=index-DCRAdW9R.d.ts.map

package/dist/index.d.ts

@@ -1,6 +1,6 @@
-import { u as TransportType } from "./client-Csp_m13H.js";
+import { m as TransportType } from "./client-BaCHMay9.js";
 import "./mcp-Dw5vDrY8.js";
-import "./do-oauth-client-provider-DGc5pP0l.js";
+import "./do-oauth-client-provider-CnbnngL2.js";
 import "./index-DhJCaDWd.js";
 import "./ai-types-D5YoPrBZ.js";
 import {
@@ -34,7 +34,7 @@ import {
   w as createCatchAllEmailResolver,
   x as WSMessage,
   y as StateUpdateMessage
-} from "./index-DFqsR7mb.js";
+} from "./index-DCRAdW9R.js";
 export {
   Agent,
   AgentContext,

package/dist/index.js

@@ -1,7 +1,7 @@
 import "./ai-types-B3aQaFv3.js";
 import "./client-BfiZ3HQd.js";
-import "./client-9Ld2_lnt.js";
-import "./do-oauth-client-provider-CswoD5Lu.js";
-import { a as createCatchAllEmailResolver, c as getCurrentAgent, d as unstable_callable, i as createAddressBasedEmailResolver, l as routeAgentEmail, n as StreamingResponse, o as createHeaderBasedEmailResolver, r as callable, s as getAgentByName, t as Agent, u as routeAgentRequest } from "./src-Dz0H9hSU.js";
+import "./client-DpkZyXgJ.js";
+import "./do-oauth-client-provider-D2P1lSft.js";
+import { a as createCatchAllEmailResolver, c as getCurrentAgent, d as unstable_callable, i as createAddressBasedEmailResolver, l as routeAgentEmail, n as StreamingResponse, o as createHeaderBasedEmailResolver, r as callable, s as getAgentByName, t as Agent, u as routeAgentRequest } from "./src-Dk8lwxHf.js";
 
 export { Agent, StreamingResponse, callable, createAddressBasedEmailResolver, createCatchAllEmailResolver, createHeaderBasedEmailResolver, getAgentByName, getCurrentAgent, routeAgentEmail, routeAgentRequest, unstable_callable };

package/dist/mcp/client.d.ts

@@ -1,4 +1,4 @@
-import { i as getNamespacedData, n as MCPClientOAuthCallbackConfig, r as MCPClientOAuthResult, t as MCPClientManager } from "../client-Csp_m13H.js";
+import { a as MCPConnectionResult, c as getNamespacedData, i as MCPClientOAuthResult, n as MCPClientManagerOptions, o as MCPServerOptions, r as MCPClientOAuthCallbackConfig, s as RegisterServerOptions, t as MCPClientManager } from "../client-BaCHMay9.js";
 import "../mcp-Dw5vDrY8.js";
-import "../do-oauth-client-provider-DGc5pP0l.js";
-export { MCPClientManager, MCPClientOAuthCallbackConfig, MCPClientOAuthResult, getNamespacedData };
+import "../do-oauth-client-provider-CnbnngL2.js";
+export { MCPClientManager, MCPClientManagerOptions, MCPClientOAuthCallbackConfig, MCPClientOAuthResult, MCPConnectionResult, MCPServerOptions, RegisterServerOptions, getNamespacedData };

package/dist/mcp/client.js

@@ -1,3 +1,4 @@
-import { n as getNamespacedData, t as MCPClientManager } from "../client-9Ld2_lnt.js";
+import { n as getNamespacedData, t as MCPClientManager } from "../client-DpkZyXgJ.js";
+import "../do-oauth-client-provider-D2P1lSft.js";
 
 export { MCPClientManager, getNamespacedData };

package/dist/mcp/do-oauth-client-provider.d.ts

@@ -1,2 +1,2 @@
-import { n as DurableObjectOAuthClientProvider, t as AgentsOAuthProvider } from "../do-oauth-client-provider-DGc5pP0l.js";
+import { n as DurableObjectOAuthClientProvider, t as AgentsOAuthProvider } from "../do-oauth-client-provider-CnbnngL2.js";
 export { AgentsOAuthProvider, DurableObjectOAuthClientProvider };

package/dist/mcp/do-oauth-client-provider.js

@@ -1,3 +1,3 @@
-import { t as DurableObjectOAuthClientProvider } from "../do-oauth-client-provider-CswoD5Lu.js";
+import { t as DurableObjectOAuthClientProvider } from "../do-oauth-client-provider-D2P1lSft.js";
 
 export { DurableObjectOAuthClientProvider };

package/dist/mcp/index.d.ts

@@ -1,23 +1,59 @@
-import { c as MaybePromise, d as StreamableHTTPEdgeClientTransport, f as SSEEdgeClientTransport, l as ServeOptions, n as MCPClientOAuthCallbackConfig, o as BaseTransportType, r as MCPClientOAuthResult, s as CORSOptions } from "../client-Csp_m13H.js";
+import { a as MCPConnectionResult, d as CORSOptions, f as MaybePromise, i as MCPClientOAuthResult, o as MCPServerOptions, p as ServeOptions, r as MCPClientOAuthCallbackConfig, u as BaseTransportType } from "../client-BaCHMay9.js";
 import "../mcp-Dw5vDrY8.js";
-import "../do-oauth-client-provider-DGc5pP0l.js";
+import "../do-oauth-client-provider-CnbnngL2.js";
 import "../index-DhJCaDWd.js";
 import "../ai-types-D5YoPrBZ.js";
-import { c as ConnectionContext, s as Connection, t as Agent } from "../index-DFqsR7mb.js";
+import { c as ConnectionContext, s as Connection, t as Agent } from "../index-DCRAdW9R.js";
+import { SSEClientTransport, SSEClientTransportOptions } from "@modelcontextprotocol/sdk/client/sse.js";
+import { StreamableHTTPClientTransport, StreamableHTTPClientTransportOptions } from "@modelcontextprotocol/sdk/client/streamableHttp.js";
 import { ElicitRequest, ElicitRequestSchema, ElicitResult, ElicitResult as ElicitResult$1, JSONRPCMessage, MessageExtraInfo } from "@modelcontextprotocol/sdk/types.js";
 import { Server } from "@modelcontextprotocol/sdk/server/index.js";
 import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
-import { Transport } from "@modelcontextprotocol/sdk/shared/transport.js";
+import { Transport, TransportSendOptions } from "@modelcontextprotocol/sdk/shared/transport.js";
 
+//#region src/mcp/client-transports.d.ts
+/**
+ * @deprecated Use SSEClientTransport from @modelcontextprotocol/sdk/client/sse.js instead. This alias will be removed in the next major version.
+ */
+declare class SSEEdgeClientTransport extends SSEClientTransport {
+  constructor(url: URL, options: SSEClientTransportOptions);
+}
+/**
+ * @deprecated Use StreamableHTTPClientTransport from @modelcontextprotocol/sdk/client/streamableHttp.js instead. This alias will be removed in the next major version.
+ */
+declare class StreamableHTTPEdgeClientTransport extends StreamableHTTPClientTransport {
+  constructor(url: URL, options: StreamableHTTPClientTransportOptions);
+}
+//#endregion
 //#region src/mcp/worker-transport.d.ts
+declare const SUPPORTED_PROTOCOL_VERSIONS: readonly ["2025-03-26", "2025-06-18"];
+type ProtocolVersion = (typeof SUPPORTED_PROTOCOL_VERSIONS)[number];
+interface MCPStorageApi {
+  get(): Promise<TransportState | undefined> | TransportState | undefined;
+  set(state: TransportState): Promise<void> | void;
+}
+interface TransportState {
+  sessionId?: string;
+  initialized: boolean;
+  protocolVersion?: ProtocolVersion;
+}
 interface WorkerTransportOptions {
   sessionIdGenerator?: () => string;
+  /**
+   * Enable traditional Request/Response mode, this will disable streaming.
+   */
   enableJsonResponse?: boolean;
   onsessioninitialized?: (sessionId: string) => void;
   corsOptions?: CORSOptions;
+  /**
+   * Optional storage api for persisting transport state.
+   * Use this to store session state in Durable Object/Agent storage
+   * so it survives hibernation/restart.
+   */
+  storage?: MCPStorageApi;
 }
 declare class WorkerTransport implements Transport {
-  private started;
+  started: boolean;
   private initialized;
   private sessionIdGenerator?;
   private enableJsonResponse;
@@ -28,11 +64,22 @@ declare class WorkerTransport implements Transport {
   private requestResponseMap;
   private corsOptions?;
   private protocolVersion?;
+  private storage?;
+  private stateRestored;
   sessionId?: string;
   onclose?: () => void;
   onerror?: (error: Error) => void;
   onmessage?: (message: JSONRPCMessage, extra?: MessageExtraInfo) => void;
   constructor(options?: WorkerTransportOptions);
+  /**
+   * Restore transport state from persistent storage.
+   * This is automatically called on start.
+   */
+  private restoreState;
+  /**
+   * Persist current transport state to storage.
+   */
+  private saveState;
   start(): Promise<void>;
   private validateProtocolVersion;
   private getHeaders;
@@ -44,8 +91,14 @@ declare class WorkerTransport implements Transport {
   private handleUnsupportedRequest;
   private validateSession;
   close(): Promise<void>;
-  send(message: JSONRPCMessage): Promise<void>;
+  send(message: JSONRPCMessage, options?: TransportSendOptions): Promise<void>;
+}
+//#endregion
+//#region src/mcp/auth-context.d.ts
+interface McpAuthContext {
+  props: Record<string, unknown>;
 }
+declare function getMcpAuthContext(): McpAuthContext | undefined;
 //#endregion
 //#region src/mcp/handler.d.ts
 interface CreateMcpHandlerOptions extends WorkerTransportOptions {
@@ -56,36 +109,22 @@ interface CreateMcpHandlerOptions extends WorkerTransportOptions {
    */
   route?: string;
   /**
-   * CORS configuration options for handling cross-origin requests.
-   * These options are passed to the WorkerTransport which handles adding
-   * CORS headers to all responses.
-   *
-   * Default values are:
-   * - origin: "*"
-   * - headers: "Content-Type, Accept, Authorization, mcp-session-id, MCP-Protocol-Version"
-   * - methods: "GET, POST, DELETE, OPTIONS"
-   * - exposeHeaders: "mcp-session-id"
-   * - maxAge: 86400
-   *
-   * Provided options will overwrite the defaults.
+   * An optional auth context to use for handling MCP requests.
+   * If not provided, the handler will look for props in the execution context.
    */
-  corsOptions?: CORSOptions;
+  authContext?: McpAuthContext;
+  /**
+   * An optional transport to use for handling MCP requests.
+   * If not provided, a WorkerTransport will be created with the provided WorkerTransportOptions.
+   */
+  transport?: WorkerTransport;
 }
-type OAuthExecutionContext = ExecutionContext & {
-  props?: Record<string, unknown>;
-};
 declare function createMcpHandler(server: McpServer | Server, options?: CreateMcpHandlerOptions): (request: Request, env: unknown, ctx: ExecutionContext) => Promise<Response>;
 /**
  * @deprecated This has been renamed to createMcpHandler, and experimental_createMcpHandler will be removed in the next major version
  */
 declare function experimental_createMcpHandler(server: McpServer | Server, options?: CreateMcpHandlerOptions): (request: Request, env: unknown, ctx: ExecutionContext) => Promise<Response>;
 //#endregion
-//#region src/mcp/auth-context.d.ts
-interface McpAuthContext {
-  props: Record<string, unknown>;
-}
-declare function getMcpAuthContext(): McpAuthContext | undefined;
-//#endregion
 //#region src/mcp/index.d.ts
 declare abstract class McpAgent<Env = unknown, State = unknown, Props extends Record<string, unknown> = Record<string, unknown>> extends Agent<Env, State, Props> {
   private _transport?;
@@ -150,5 +189,5 @@ declare abstract class McpAgent<Env = unknown, State = unknown, Props extends Re
   };
 }
 //#endregion
-export { type CreateMcpHandlerOptions, type ElicitRequest, ElicitRequestSchema, type ElicitResult, type MCPClientOAuthCallbackConfig, type MCPClientOAuthResult, McpAgent, type McpAuthContext, type OAuthExecutionContext, SSEEdgeClientTransport, StreamableHTTPEdgeClientTransport, WorkerTransport, type WorkerTransportOptions, createMcpHandler, experimental_createMcpHandler, getMcpAuthContext };
+export { type CreateMcpHandlerOptions, type ElicitRequest, ElicitRequestSchema, type ElicitResult, type MCPClientOAuthCallbackConfig, type MCPClientOAuthResult, type MCPConnectionResult, type MCPServerOptions, McpAgent, type McpAuthContext, SSEEdgeClientTransport, StreamableHTTPEdgeClientTransport, type TransportState, WorkerTransport, type WorkerTransportOptions, createMcpHandler, experimental_createMcpHandler, getMcpAuthContext };
 //# sourceMappingURL=index.d.ts.map

package/dist/mcp/index.js

@@ -1,9 +1,11 @@
 import { t as MessageType } from "../ai-types-B3aQaFv3.js";
 import "../client-BfiZ3HQd.js";
-import { a as SSEEdgeClientTransport, i as StreamableHTTPEdgeClientTransport } from "../client-9Ld2_lnt.js";
-import "../do-oauth-client-provider-CswoD5Lu.js";
-import { c as getCurrentAgent, s as getAgentByName, t as Agent } from "../src-Dz0H9hSU.js";
+import "../client-DpkZyXgJ.js";
+import "../do-oauth-client-provider-D2P1lSft.js";
+import { c as getCurrentAgent, s as getAgentByName, t as Agent } from "../src-Dk8lwxHf.js";
 import { AsyncLocalStorage } from "node:async_hooks";
+import { SSEClientTransport } from "@modelcontextprotocol/sdk/client/sse.js";
+import { StreamableHTTPClientTransport } from "@modelcontextprotocol/sdk/client/streamableHttp.js";
 import { ElicitRequestSchema, InitializeRequestSchema, JSONRPCMessageSchema, isInitializeRequest, isJSONRPCError, isJSONRPCNotification, isJSONRPCRequest, isJSONRPCResponse } from "@modelcontextprotocol/sdk/types.js";
 
 //#region src/mcp/utils.ts
@@ -637,6 +639,35 @@ var StreamableHTTPServerTransport = class {
 	}
 };
 
+//#endregion
+//#region src/mcp/client-transports.ts
+let didWarnAboutSSEEdgeClientTransport = false;
+/**
+* @deprecated Use SSEClientTransport from @modelcontextprotocol/sdk/client/sse.js instead. This alias will be removed in the next major version.
+*/
+var SSEEdgeClientTransport = class extends SSEClientTransport {
+	constructor(url, options) {
+		super(url, options);
+		if (!didWarnAboutSSEEdgeClientTransport) {
+			didWarnAboutSSEEdgeClientTransport = true;
+			console.warn("SSEEdgeClientTransport is deprecated. Use SSEClientTransport from @modelcontextprotocol/sdk/client/sse.js instead. SSEEdgeClientTransport will be removed in the next major version.");
+		}
+	}
+};
+let didWarnAboutStreamableHTTPEdgeClientTransport = false;
+/**
+* @deprecated Use StreamableHTTPClientTransport from @modelcontextprotocol/sdk/client/streamableHttp.js instead. This alias will be removed in the next major version.
+*/
+var StreamableHTTPEdgeClientTransport = class extends StreamableHTTPClientTransport {
+	constructor(url, options) {
+		super(url, options);
+		if (!didWarnAboutStreamableHTTPEdgeClientTransport) {
+			didWarnAboutStreamableHTTPEdgeClientTransport = true;
+			console.warn("StreamableHTTPEdgeClientTransport is deprecated. Use StreamableHTTPClientTransport from @modelcontextprotocol/sdk/client/streamableHttp.js instead. StreamableHTTPEdgeClientTransport will be removed in the next major version.");
+		}
+	}
+};
+
 //#endregion
 //#region src/mcp/worker-transport.ts
 const SUPPORTED_PROTOCOL_VERSIONS = ["2025-03-26", "2025-06-18"];
@@ -651,10 +682,38 @@ var WorkerTransport = class {
 		this.streamMapping = /* @__PURE__ */ new Map();
 		this.requestToStreamMapping = /* @__PURE__ */ new Map();
 		this.requestResponseMap = /* @__PURE__ */ new Map();
+		this.stateRestored = false;
 		this.sessionIdGenerator = options?.sessionIdGenerator;
 		this.enableJsonResponse = options?.enableJsonResponse ?? false;
 		this.onsessioninitialized = options?.onsessioninitialized;
 		this.corsOptions = options?.corsOptions;
+		this.storage = options?.storage;
+	}
+	/**
+	* Restore transport state from persistent storage.
+	* This is automatically called on start.
+	*/
+	async restoreState() {
+		if (!this.storage || this.stateRestored) return;
+		const state = await Promise.resolve(this.storage.get());
+		if (state) {
+			this.sessionId = state.sessionId;
+			this.initialized = state.initialized;
+			this.protocolVersion = state.protocolVersion;
+		}
+		this.stateRestored = true;
+	}
+	/**
+	* Persist current transport state to storage.
+	*/
+	async saveState() {
+		if (!this.storage) return;
+		const state = {
+			sessionId: this.sessionId,
+			initialized: this.initialized,
+			protocolVersion: this.protocolVersion
+		};
+		await Promise.resolve(this.storage.set(state));
 	}
 	async start() {
 		if (this.started) throw new Error("Transport already started");
@@ -729,6 +788,7 @@ var WorkerTransport = class {
 		};
 	}
 	async handleRequest(request, parsedBody) {
+		await this.restoreState();
 		switch (request.method) {
 			case "OPTIONS": return this.handleOptionsRequest(request);
 			case "GET": return this.handleGetRequest(request);
@@ -801,7 +861,7 @@ var WorkerTransport = class {
 	}
 	async handlePostRequest(request, parsedBody) {
 		const acceptHeader = request.headers.get("Accept");
-		if (!acceptHeader?.includes("application/json") || !acceptHeader.includes("text/event-stream")) return new Response(JSON.stringify({
+		if (!acceptHeader?.includes("application/json") || !acceptHeader?.includes("text/event-stream")) return new Response(JSON.stringify({
 			jsonrpc: "2.0",
 			error: {
 				code: -32e3,
@@ -907,6 +967,7 @@ var WorkerTransport = class {
 			}
 			this.sessionId = this.sessionIdGenerator?.();
 			this.initialized = true;
+			await this.saveState();
 			if (this.sessionId && this.onsessioninitialized) this.onsessioninitialized(this.sessionId);
 		}
 		if (!isInitializationRequest) {
@@ -1040,8 +1101,8 @@ var WorkerTransport = class {
 		this.requestResponseMap.clear();
 		this.onclose?.();
 	}
-	async send(message) {
-		let requestId;
+	async send(message, options) {
+		let requestId = options?.relatedRequestId;
 		if (isJSONRPCResponse(message) || isJSONRPCError(message)) requestId = message.id;
 		if (requestId === void 0) {
 			if (isJSONRPCResponse(message) || isJSONRPCError(message)) throw new Error("Cannot send a response on a standalone SSE stream unless resuming a previous client request");
@@ -1103,13 +1164,22 @@ function createMcpHandler(server, options = {}) {
 	return async (request, _env, ctx) => {
 		const url = new URL(request.url);
 		if (route && url.pathname !== route) return new Response("Not Found", { status: 404 });
-		const oauthCtx = ctx;
-		const authContext = oauthCtx.props ? { props: oauthCtx.props } : void 0;
-		const transport = new WorkerTransport(options);
-		await server.connect(transport);
+		const transport = options.transport ?? new WorkerTransport({
+			sessionIdGenerator: options.sessionIdGenerator,
+			enableJsonResponse: options.enableJsonResponse,
+			onsessioninitialized: options.onsessioninitialized,
+			corsOptions: options.corsOptions,
+			storage: options.storage
+		});
+		const buildAuthContext = () => {
+			if (options.authContext) return options.authContext;
+			if (ctx.props && Object.keys(ctx.props).length > 0) return { props: ctx.props };
+		};
 		const handleRequest = async () => {
 			return await transport.handleRequest(request);
 		};
+		const authContext = buildAuthContext();
+		if (!transport.started) await server.connect(transport);
 		try {
 			if (authContext) return await runWithAuthContext(authContext, handleRequest);
 			else return await handleRequest();