fastmcp 3.20.1 → 3.20.2

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "fastmcp",
-  "version": "3.20.1",
+  "version": "3.20.2",
   "main": "dist/FastMCP.js",
   "scripts": {
     "build": "tsup",
@@ -52,6 +52,9 @@
       "@sebbo2002/semantic-release-jsr"
     ]
   },
+  "files": [
+    "dist"
+  ],
   "devDependencies": {
     "@eslint/js": "^9.33.0",
     "@modelcontextprotocol/inspector": "^0.16.2",

package/.github/workflows/feature.yaml

@@ -1,39 +0,0 @@
-name: Run Tests
-on:
-  pull_request:
-    branches:
-      - main
-    types:
-      - opened
-      - synchronize
-      - reopened
-      - ready_for_review
-jobs:
-  test:
-    runs-on: ubuntu-latest
-    name: Test
-    strategy:
-      fail-fast: true
-      matrix:
-        node:
-          - 22
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-      - uses: pnpm/action-setup@v4
-        with:
-          version: 9
-      - name: Setup NodeJS ${{ matrix.node }}
-        uses: actions/setup-node@v4
-        with:
-          node-version: ${{ matrix.node }}
-          cache: "pnpm"
-          cache-dependency-path: "**/pnpm-lock.yaml"
-      - name: Install dependencies
-        run: pnpm install
-      - name: Run lint
-        run: pnpm lint
-      - name: Run tests
-        run: pnpm test

package/.github/workflows/main.yaml

@@ -1,50 +0,0 @@
-name: Release
-on:
-  push:
-    branches:
-      - main
-jobs:
-  test:
-    environment: release
-    name: Test
-    strategy:
-      fail-fast: true
-      matrix:
-        node:
-          - 22
-    runs-on: ubuntu-latest
-    permissions:
-      contents: write
-      id-token: write
-    steps:
-      - name: setup repository
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-      - uses: pnpm/action-setup@v4
-        with:
-          version: 9
-      - name: setup node.js
-        uses: actions/setup-node@v4
-        with:
-          cache: "pnpm"
-          node-version: ${{ matrix.node }}
-      - name: Setup NodeJS ${{ matrix.node }}
-        uses: actions/setup-node@v4
-        with:
-          node-version: ${{ matrix.node }}
-          cache: "pnpm"
-          cache-dependency-path: "**/pnpm-lock.yaml"
-      - name: Install dependencies
-        run: pnpm install
-      - name: Run lint
-        run: pnpm lint
-      - name: Run tests
-        run: pnpm test
-      - name: Build
-        run: pnpm build
-      - name: Release
-        run: pnpm semantic-release
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          NPM_TOKEN: ${{ secrets.NPM_TOKEN }}

package/.prettierignore

@@ -1 +0,0 @@
-pnpm-lock.yaml

package/.roo/mcp.json

@@ -1,11 +0,0 @@
-{
-  "mcpServers": {
-    "context7": {
-      "command": "npx",
-      "args": ["-y", "@upstash/context7-mcp"],
-      "env": {
-        "DEFAULT_MINIMUM_TOKENS": ""
-      }
-    }
-  }
-}

package/eslint.config.ts

@@ -1,14 +0,0 @@
-import eslint from "@eslint/js";
-import eslintConfigPrettier from "eslint-config-prettier/flat";
-import perfectionist from "eslint-plugin-perfectionist";
-import tseslint from "typescript-eslint";
-
-export default tseslint.config(
-  eslint.configs.recommended,
-  tseslint.configs.recommended,
-  perfectionist.configs["recommended-alphabetical"],
-  eslintConfigPrettier,
-  {
-    ignores: ["**/*.js", "dist/**"],
-  },
-);

package/jsr.json

@@ -1,7 +0,0 @@
-{
-  "exports": "./src/FastMCP.ts",
-  "include": ["src/FastMCP.ts", "src/bin/fastmcp.ts"],
-  "license": "MIT",
-  "name": "@punkpeye/fastmcp",
-  "version": "3.20.1"
-}

package/src/FastMCP.oauth.test.ts

@@ -1,225 +0,0 @@
-import { getRandomPort } from "get-port-please";
-import { describe, expect, it } from "vitest";
-
-import { FastMCP } from "./FastMCP.js";
-
-describe("FastMCP OAuth Support", () => {
-  it("should serve OAuth authorization server metadata", async () => {
-    const port = await getRandomPort();
-
-    const server = new FastMCP({
-      name: "Test Server",
-      oauth: {
-        authorizationServer: {
-          authorizationEndpoint: "https://auth.example.com/oauth/authorize",
-          dpopSigningAlgValuesSupported: ["ES256", "RS256"],
-          grantTypesSupported: ["authorization_code", "refresh_token"],
-          issuer: "https://auth.example.com",
-          jwksUri: "https://auth.example.com/.well-known/jwks.json",
-          responseTypesSupported: ["code"],
-          scopesSupported: ["read", "write"],
-          tokenEndpoint: "https://auth.example.com/oauth/token",
-        },
-        enabled: true,
-      },
-      version: "1.0.0",
-    });
-
-    await server.start({
-      httpStream: { port },
-      transportType: "httpStream",
-    });
-
-    try {
-      // Test the OAuth authorization server endpoint
-      const response = await fetch(
-        `http://localhost:${port}/.well-known/oauth-authorization-server`,
-      );
-      expect(response.status).toBe(200);
-      expect(response.headers.get("content-type")).toBe("application/json");
-
-      const metadata = (await response.json()) as Record<string, unknown>;
-
-      // Check that camelCase was converted to snake_case
-      expect(metadata.issuer).toBe("https://auth.example.com");
-      expect(metadata.authorization_endpoint).toBe(
-        "https://auth.example.com/oauth/authorize",
-      );
-      expect(metadata.token_endpoint).toBe(
-        "https://auth.example.com/oauth/token",
-      );
-      expect(metadata.response_types_supported).toEqual(["code"]);
-      expect(metadata.jwks_uri).toBe(
-        "https://auth.example.com/.well-known/jwks.json",
-      );
-      expect(metadata.scopes_supported).toEqual(["read", "write"]);
-      expect(metadata.grant_types_supported).toEqual([
-        "authorization_code",
-        "refresh_token",
-      ]);
-      expect(metadata.dpop_signing_alg_values_supported).toEqual([
-        "ES256",
-        "RS256",
-      ]);
-    } finally {
-      await server.stop();
-    }
-  });
-
-  it("should serve OAuth protected resource metadata", async () => {
-    const port = await getRandomPort();
-
-    const server = new FastMCP({
-      name: "Test Server",
-      oauth: {
-        enabled: true,
-        protectedResource: {
-          authorizationDetailsTypesSupported: ["payment_initiation"],
-          authorizationServers: ["https://auth.example.com"],
-          bearerMethodsSupported: ["header"],
-          dpopBoundAccessTokensRequired: true,
-          dpopSigningAlgValuesSupported: ["ES256", "RS256"],
-          jwksUri: "https://test-server.example.com/.well-known/jwks.json",
-          resource: "mcp://test-server",
-          resourceDocumentation: "https://docs.example.com/api",
-          resourceName: "Test API",
-          resourcePolicyUri: "https://test-server.example.com/policy",
-          resourceSigningAlgValuesSupported: ["RS256"],
-          resourceTosUri: "https://test-server.example.com/tos",
-          scopesSupported: ["read", "write", "admin"],
-          serviceDocumentation: "https://developer.example.com/api",
-          tlsClientCertificateBoundAccessTokens: false,
-          vendorPrefix_complexObject: {
-            nestedArray: [1, 2, 3],
-            nestedProperty: "nested value",
-          },
-          // Vendor extensions (dynamic properties)
-          vendorPrefix_customField: "custom value",
-          x_api_version: "2.0",
-        },
-      },
-      version: "1.0.0",
-    });
-
-    await server.start({
-      httpStream: { port },
-      transportType: "httpStream",
-    });
-
-    try {
-      const response = await fetch(
-        `http://localhost:${port}/.well-known/oauth-protected-resource`,
-      );
-      expect(response.status).toBe(200);
-      expect(response.headers.get("content-type")).toBe("application/json");
-
-      const metadata = (await response.json()) as Record<string, unknown>;
-
-      // Check that camelCase was converted to snake_case
-      expect(metadata.resource).toBe("mcp://test-server");
-      expect(metadata.authorization_servers).toEqual([
-        "https://auth.example.com",
-      ]);
-      expect(metadata.jwks_uri).toBe(
-        "https://test-server.example.com/.well-known/jwks.json",
-      );
-      expect(metadata.bearer_methods_supported).toEqual(["header"]);
-      expect(metadata.resource_documentation).toBe(
-        "https://docs.example.com/api",
-      );
-
-      // New fields added for RFC 9728 compliance
-      expect(metadata.authorization_details_types_supported).toEqual([
-        "payment_initiation",
-      ]);
-      expect(metadata.dpop_bound_access_tokens_required).toBe(true);
-      expect(metadata.dpop_signing_alg_values_supported).toEqual([
-        "ES256",
-        "RS256",
-      ]);
-      expect(metadata.resource_name).toBe("Test API");
-      expect(metadata.resource_policy_uri).toBe(
-        "https://test-server.example.com/policy",
-      );
-      expect(metadata.resource_signing_alg_values_supported).toEqual(["RS256"]);
-      expect(metadata.resource_tos_uri).toBe(
-        "https://test-server.example.com/tos",
-      );
-      expect(metadata.scopes_supported).toEqual(["read", "write", "admin"]);
-      expect(metadata.service_documentation).toBe(
-        "https://developer.example.com/api",
-      );
-      expect(metadata.tls_client_certificate_bound_access_tokens).toBe(false);
-
-      // Vendor extensions (dynamic properties)
-      expect(metadata.vendor_prefix_custom_field).toBe("custom value");
-      expect(metadata.vendor_prefix_complex_object).toEqual({
-        nestedArray: [1, 2, 3],
-        nestedProperty: "nested value",
-      });
-      expect(metadata.x_api_version).toBe("2.0");
-    } finally {
-      await server.stop();
-    }
-  });
-
-  it("should return 404 for OAuth endpoints when disabled", async () => {
-    const port = await getRandomPort();
-
-    const server = new FastMCP({
-      name: "Test Server",
-      oauth: {
-        enabled: false,
-      },
-      version: "1.0.0",
-    });
-
-    await server.start({
-      httpStream: { port },
-      transportType: "httpStream",
-    });
-
-    try {
-      const authServerResponse = await fetch(
-        `http://localhost:${port}/.well-known/oauth-authorization-server`,
-      );
-      expect(authServerResponse.status).toBe(404);
-
-      const protectedResourceResponse = await fetch(
-        `http://localhost:${port}/.well-known/oauth-protected-resource`,
-      );
-      expect(protectedResourceResponse.status).toBe(404);
-    } finally {
-      await server.stop();
-    }
-  });
-
-  it("should return 404 for OAuth endpoints when not configured", async () => {
-    const port = await getRandomPort();
-
-    const server = new FastMCP({
-      name: "Test Server",
-      version: "1.0.0",
-      // No oauth configuration
-    });
-
-    await server.start({
-      httpStream: { port },
-      transportType: "httpStream",
-    });
-
-    try {
-      const authServerResponse = await fetch(
-        `http://localhost:${port}/.well-known/oauth-authorization-server`,
-      );
-      expect(authServerResponse.status).toBe(404);
-
-      const protectedResourceResponse = await fetch(
-        `http://localhost:${port}/.well-known/oauth-protected-resource`,
-      );
-      expect(protectedResourceResponse.status).toBe(404);
-    } finally {
-      await server.stop();
-    }
-  });
-});

package/src/FastMCP.session-context.test.ts

@@ -1,136 +0,0 @@
-import { describe, expect, it, vi } from "vitest";
-import { z } from "zod";
-
-import { FastMCP } from "./FastMCP.js";
-
-interface TestAuth {
-  [key: string]: unknown; // Required for FastMCPSessionAuth compatibility
-  role: "admin" | "user";
-  userId: string;
-}
-
-describe("FastMCP Session Context", () => {
-  describe("stdio transport", () => {
-    it("should pass session context to tool execution when authenticate is provided", async () => {
-      const mockAuth: TestAuth = { role: "admin", userId: "test-user" };
-      const server = new FastMCP<TestAuth>({
-        authenticate: async (request) => {
-          if (!request) return mockAuth;
-
-          throw new Error("Unexpected request in test");
-        },
-        name: "test-server",
-        version: "1.0.0",
-      });
-
-      server.addTool({
-        description: "Test tool to verify session context",
-        execute: async (_args, context) => {
-          return `Session received: ${context.session ? "yes" : "no"}`;
-        },
-        name: "test-session-context",
-        parameters: z.object({
-          message: z.string(),
-        }),
-      });
-
-      await server.start({ transportType: "stdio" });
-
-      expect(server).toBeDefined();
-    });
-
-    it("should handle authentication errors gracefully in stdio transport", async () => {
-      const mockLogger = {
-        debug: vi.fn(),
-        error: vi.fn(),
-        info: vi.fn(),
-        log: vi.fn(),
-        warn: vi.fn(),
-      };
-      const server = new FastMCP<TestAuth>({
-        authenticate: async () => {
-          throw new Error("Auth failed");
-        },
-        logger: mockLogger,
-        name: "test-server",
-        version: "1.0.0",
-      });
-
-      server.addTool({
-        description: "Test tool",
-        execute: async (_args, context) => {
-          return `Session: ${context.session ? "present" : "undefined"}`;
-        },
-        name: "test-tool",
-      });
-
-      await server.start({ transportType: "stdio" });
-
-      expect(mockLogger.error).toHaveBeenCalledWith(
-        "[FastMCP error] Authentication failed for stdio transport:",
-        "Auth failed",
-      );
-    });
-
-    it("should work without authenticate function", async () => {
-      const server = new FastMCP({
-        name: "test-server",
-        version: "1.0.0",
-      });
-
-      server.addTool({
-        description: "Test tool without auth",
-        execute: async (_args, context) => {
-          return `Session: ${context.session ? "present" : "undefined"}`;
-        },
-        name: "test-tool",
-      });
-
-      await server.start({ transportType: "stdio" });
-
-      expect(server).toBeDefined();
-    });
-  });
-
-  describe("environment variable based authentication", () => {
-    it("should support reading from environment variables in stdio mode", async () => {
-      const originalEnv = process.env.TEST_USER_ID;
-
-      process.env.TEST_USER_ID = "env-user-123";
-
-      try {
-        const server = new FastMCP<TestAuth>({
-          authenticate: async (request) => {
-            if (!request) {
-              return {
-                role: "user" as const,
-                userId: process.env.TEST_USER_ID || "default-user",
-              };
-            }
-            throw new Error("HTTP not supported in this test");
-          },
-          name: "test-server",
-          version: "1.0.0",
-        });
-
-        server.addTool({
-          description: "Tool using env-based auth",
-          execute: async (_args, context) => {
-            return `Environment user: ${context.session?.userId}`;
-          },
-          name: "env-test-tool",
-        });
-
-        await server.start({ transportType: "stdio" });
-
-        expect(server).toBeDefined();
-      } finally {
-        if (originalEnv !== undefined) {
-          process.env.TEST_USER_ID = originalEnv;
-        } else {
-          delete process.env.TEST_USER_ID;
-        }
-      }
-    });
-  });
-});