mcp-remote 0.1.13 → 0.1.15

package/dist/{chunk-QAIZEZGG.js → chunk-QW4IRS52.js}

@@ -10301,7 +10301,7 @@ var z = /* @__PURE__ */ Object.freeze({
   ZodError
 });
 
-// node_modules/.pnpm/@modelcontextprotocol+sdk@1.12.1/node_modules/@modelcontextprotocol/sdk/dist/esm/types.js
+// node_modules/.pnpm/@modelcontextprotocol+sdk@https+++pkg.pr.new+geelen+typescript-sdk+@modelcontextprotocol+sdk@cdf3508/node_modules/@modelcontextprotocol/sdk/dist/esm/types.js
 var LATEST_PROTOCOL_VERSION = "2025-03-26";
 var SUPPORTED_PROTOCOL_VERSIONS = [
   LATEST_PROTOCOL_VERSION,
@@ -11126,7 +11126,7 @@ var McpError = class extends Error {
   }
 };
 
-// node_modules/.pnpm/@modelcontextprotocol+sdk@1.12.1/node_modules/@modelcontextprotocol/sdk/dist/esm/shared/protocol.js
+// node_modules/.pnpm/@modelcontextprotocol+sdk@https+++pkg.pr.new+geelen+typescript-sdk+@modelcontextprotocol+sdk@cdf3508/node_modules/@modelcontextprotocol/sdk/dist/esm/shared/protocol.js
 var DEFAULT_REQUEST_TIMEOUT_MSEC = 6e4;
 var Protocol = class {
   constructor(_options) {
@@ -11472,7 +11472,7 @@ function mergeCapabilities(base, additional) {
   }, { ...base });
 }
 
-// node_modules/.pnpm/@modelcontextprotocol+sdk@1.12.1/node_modules/@modelcontextprotocol/sdk/dist/esm/client/index.js
+// node_modules/.pnpm/@modelcontextprotocol+sdk@https+++pkg.pr.new+geelen+typescript-sdk+@modelcontextprotocol+sdk@cdf3508/node_modules/@modelcontextprotocol/sdk/dist/esm/client/index.js
 var import_ajv = __toESM(require_ajv(), 1);
 var Client = class extends Protocol {
   /**
@@ -11707,7 +11707,7 @@ var Client = class extends Protocol {
 };
 
 // package.json
-var version = "0.1.13";
+var version = "0.1.15";
 
 // node_modules/.pnpm/pkce-challenge@5.0.0/node_modules/pkce-challenge/dist/index.node.js
 var crypto;
@@ -11748,7 +11748,7 @@ async function pkceChallenge(length) {
   };
 }
 
-// node_modules/.pnpm/@modelcontextprotocol+sdk@1.12.1/node_modules/@modelcontextprotocol/sdk/dist/esm/shared/auth.js
+// node_modules/.pnpm/@modelcontextprotocol+sdk@https+++pkg.pr.new+geelen+typescript-sdk+@modelcontextprotocol+sdk@cdf3508/node_modules/@modelcontextprotocol/sdk/dist/esm/shared/auth.js
 var OAuthProtectedResourceMetadataSchema = z.object({
   resource: z.string().url(),
   authorization_servers: z.array(z.string().url()).optional(),
@@ -11830,13 +11830,130 @@ var OAuthTokenRevocationRequestSchema = z.object({
   token_type_hint: z.string().optional()
 }).strip();
 
-// node_modules/.pnpm/@modelcontextprotocol+sdk@1.12.1/node_modules/@modelcontextprotocol/sdk/dist/esm/client/auth.js
+// node_modules/.pnpm/@modelcontextprotocol+sdk@https+++pkg.pr.new+geelen+typescript-sdk+@modelcontextprotocol+sdk@cdf3508/node_modules/@modelcontextprotocol/sdk/dist/esm/server/auth/errors.js
+var OAuthError = class extends Error {
+  constructor(message, errorUri) {
+    super(message);
+    this.errorUri = errorUri;
+    this.errorCode = this.constructor.errorCode;
+    this.name = this.constructor.name;
+  }
+  /**
+   * Converts the error to a standard OAuth error response object
+   */
+  toResponseObject() {
+    const response = {
+      error: this.errorCode,
+      error_description: this.message
+    };
+    if (this.errorUri) {
+      response.error_uri = this.errorUri;
+    }
+    return response;
+  }
+};
+var InvalidRequestError = class extends OAuthError {
+};
+InvalidRequestError.errorCode = "invalid_request";
+var InvalidClientError = class extends OAuthError {
+};
+InvalidClientError.errorCode = "invalid_client";
+var InvalidGrantError = class extends OAuthError {
+};
+InvalidGrantError.errorCode = "invalid_grant";
+var UnauthorizedClientError = class extends OAuthError {
+};
+UnauthorizedClientError.errorCode = "unauthorized_client";
+var UnsupportedGrantTypeError = class extends OAuthError {
+};
+UnsupportedGrantTypeError.errorCode = "unsupported_grant_type";
+var InvalidScopeError = class extends OAuthError {
+};
+InvalidScopeError.errorCode = "invalid_scope";
+var AccessDeniedError = class extends OAuthError {
+};
+AccessDeniedError.errorCode = "access_denied";
+var ServerError = class extends OAuthError {
+};
+ServerError.errorCode = "server_error";
+var TemporarilyUnavailableError = class extends OAuthError {
+};
+TemporarilyUnavailableError.errorCode = "temporarily_unavailable";
+var UnsupportedResponseTypeError = class extends OAuthError {
+};
+UnsupportedResponseTypeError.errorCode = "unsupported_response_type";
+var UnsupportedTokenTypeError = class extends OAuthError {
+};
+UnsupportedTokenTypeError.errorCode = "unsupported_token_type";
+var InvalidTokenError = class extends OAuthError {
+};
+InvalidTokenError.errorCode = "invalid_token";
+var MethodNotAllowedError = class extends OAuthError {
+};
+MethodNotAllowedError.errorCode = "method_not_allowed";
+var TooManyRequestsError = class extends OAuthError {
+};
+TooManyRequestsError.errorCode = "too_many_requests";
+var InvalidClientMetadataError = class extends OAuthError {
+};
+InvalidClientMetadataError.errorCode = "invalid_client_metadata";
+var InsufficientScopeError = class extends OAuthError {
+};
+InsufficientScopeError.errorCode = "insufficient_scope";
+var OAUTH_ERRORS = {
+  [InvalidRequestError.errorCode]: InvalidRequestError,
+  [InvalidClientError.errorCode]: InvalidClientError,
+  [InvalidGrantError.errorCode]: InvalidGrantError,
+  [UnauthorizedClientError.errorCode]: UnauthorizedClientError,
+  [UnsupportedGrantTypeError.errorCode]: UnsupportedGrantTypeError,
+  [InvalidScopeError.errorCode]: InvalidScopeError,
+  [AccessDeniedError.errorCode]: AccessDeniedError,
+  [ServerError.errorCode]: ServerError,
+  [TemporarilyUnavailableError.errorCode]: TemporarilyUnavailableError,
+  [UnsupportedResponseTypeError.errorCode]: UnsupportedResponseTypeError,
+  [UnsupportedTokenTypeError.errorCode]: UnsupportedTokenTypeError,
+  [InvalidTokenError.errorCode]: InvalidTokenError,
+  [MethodNotAllowedError.errorCode]: MethodNotAllowedError,
+  [TooManyRequestsError.errorCode]: TooManyRequestsError,
+  [InvalidClientMetadataError.errorCode]: InvalidClientMetadataError,
+  [InsufficientScopeError.errorCode]: InsufficientScopeError
+};
+
+// node_modules/.pnpm/@modelcontextprotocol+sdk@https+++pkg.pr.new+geelen+typescript-sdk+@modelcontextprotocol+sdk@cdf3508/node_modules/@modelcontextprotocol/sdk/dist/esm/client/auth.js
 var UnauthorizedError = class extends Error {
   constructor(message) {
     super(message !== null && message !== void 0 ? message : "Unauthorized");
   }
 };
-async function auth(provider, { serverUrl, authorizationCode, scope, resourceMetadataUrl }) {
+async function parseErrorResponse(input) {
+  const statusCode = input instanceof Response ? input.status : void 0;
+  const body = input instanceof Response ? await input.text() : input;
+  try {
+    const result = OAuthErrorResponseSchema.parse(JSON.parse(body));
+    const { error, error_description, error_uri } = result;
+    const errorClass = OAUTH_ERRORS[error] || ServerError;
+    return new errorClass(error_description || "", error_uri);
+  } catch (error) {
+    const errorMessage = `${statusCode ? `HTTP ${statusCode}: ` : ""}Invalid OAuth error response: ${error}. Raw body: ${body}`;
+    return new ServerError(errorMessage);
+  }
+}
+async function auth(provider, options) {
+  var _a, _b;
+  try {
+    return await authInternal(provider, options);
+  } catch (error) {
+    if (error instanceof InvalidClientError || error instanceof UnauthorizedClientError) {
+      await ((_a = provider.invalidateCredentials) === null || _a === void 0 ? void 0 : _a.call(provider, "all"));
+      return await authInternal(provider, options);
+    } else if (error instanceof InvalidGrantError) {
+      await ((_b = provider.invalidateCredentials) === null || _b === void 0 ? void 0 : _b.call(provider, "tokens"));
+      return await authInternal(provider, options);
+    }
+    throw error;
+  }
+}
+async function authInternal(provider, { serverUrl, authorizationCode, scope, resourceMetadataUrl }) {
   let authorizationServerUrl = serverUrl;
   try {
     const resourceMetadata = await discoverOAuthProtectedResourceMetadata(resourceMetadataUrl || serverUrl);
@@ -11885,7 +12002,12 @@ async function auth(provider, { serverUrl, authorizationCode, scope, resourceMet
       await provider.saveTokens(newTokens);
       return "AUTHORIZED";
     } catch (error) {
-      console.error("Could not refresh OAuth tokens:", error);
+      if (!(error instanceof OAuthError) || error instanceof ServerError) {
+        console.error("Could not refresh OAuth tokens:", error);
+      } else {
+        console.warn(`OAuth token refresh failed: ${JSON.stringify(error.toResponseObject())}`);
+        throw error;
+      }
     }
   }
   const state = provider.state ? await provider.state() : void 0;
@@ -12037,7 +12159,7 @@ async function exchangeAuthorization(authorizationServerUrl, { metadata, clientI
     body: params
   });
   if (!response.ok) {
-    throw new Error(`Token exchange failed: HTTP ${response.status}`);
+    throw await parseErrorResponse(response);
   }
   return OAuthTokensSchema.parse(await response.json());
 }
@@ -12068,7 +12190,7 @@ async function refreshAuthorization(authorizationServerUrl, { metadata, clientIn
     body: params
   });
   if (!response.ok) {
-    throw new Error(`Token refresh failed: HTTP ${response.status}`);
+    throw await parseErrorResponse(response);
   }
   return OAuthTokensSchema.parse({ refresh_token: refreshToken, ...await response.json() });
 }
@@ -12090,7 +12212,7 @@ async function registerClient(authorizationServerUrl, { metadata, clientMetadata
     body: JSON.stringify(clientMetadata)
   });
   if (!response.ok) {
-    throw new Error(`Dynamic client registration failed: HTTP ${response.status}`);
+    throw await parseErrorResponse(response);
   }
   return OAuthClientInformationFullSchema.parse(await response.json());
 }
@@ -12495,7 +12617,7 @@ function getBaseURL() {
   return doc && typeof doc == "object" && "baseURI" in doc && typeof doc.baseURI == "string" ? doc.baseURI : void 0;
 }
 
-// node_modules/.pnpm/@modelcontextprotocol+sdk@1.12.1/node_modules/@modelcontextprotocol/sdk/dist/esm/client/sse.js
+// node_modules/.pnpm/@modelcontextprotocol+sdk@https+++pkg.pr.new+geelen+typescript-sdk+@modelcontextprotocol+sdk@cdf3508/node_modules/@modelcontextprotocol/sdk/dist/esm/client/sse.js
 var SseError = class extends Error {
   constructor(code, message, event) {
     super(`SSE error: ${message}`);
@@ -12678,7 +12800,7 @@ var EventSourceParserStream = class extends TransformStream {
   }
 };
 
-// node_modules/.pnpm/@modelcontextprotocol+sdk@1.12.1/node_modules/@modelcontextprotocol/sdk/dist/esm/client/streamableHttp.js
+// node_modules/.pnpm/@modelcontextprotocol+sdk@https+++pkg.pr.new+geelen+typescript-sdk+@modelcontextprotocol+sdk@cdf3508/node_modules/@modelcontextprotocol/sdk/dist/esm/client/streamableHttp.js
 var DEFAULT_STREAMABLE_HTTP_RECONNECTION_OPTIONS = {
   initialReconnectionDelay: 1e3,
   maxReconnectionDelay: 3e4,
@@ -13082,9 +13204,9 @@ async function writeTextFile(serverUrlHash, filename, text) {
 import express from "express";
 import net from "net";
 import crypto2 from "crypto";
-import fs2, { readFile } from "fs/promises";
+import fs2 from "fs";
+import { readFile, rm } from "fs/promises";
 import path2 from "path";
-import os2 from "os";
 var REASON_AUTH_NEEDED = "authentication-needed";
 var REASON_TRANSPORT_FALLBACK = "falling-back-to-alternate-transport";
 var pid = process.pid;
@@ -13093,7 +13215,7 @@ function getTimestamp() {
   const now = /* @__PURE__ */ new Date();
   return now.toISOString();
 }
-async function debugLog(message, ...args) {
+function debugLog(message, ...args) {
   if (!DEBUG) return;
   const serverUrlHash = global.currentServerUrlHash;
   if (!serverUrlHash) {
@@ -13103,12 +13225,12 @@ async function debugLog(message, ...args) {
   try {
     const formattedMessage = `[${getTimestamp()}][${pid}] ${message}`;
     console.error(formattedMessage, ...args);
-    const configDir = process.env.MCP_REMOTE_CONFIG_DIR || path2.join(os2.homedir(), ".mcp-auth");
-    await fs2.mkdir(configDir, { recursive: true });
+    const configDir = getConfigDir();
+    fs2.mkdirSync(configDir, { recursive: true });
     const logPath = path2.join(configDir, `${serverUrlHash}_debug.log`);
     const logMessage = `${formattedMessage} ${args.map((arg) => typeof arg === "object" ? JSON.stringify(arg) : String(arg)).join(" ")}
 `;
-    await fs2.appendFile(logPath, logMessage, { encoding: "utf8" });
+    fs2.appendFileSync(logPath, logMessage, { encoding: "utf8" });
   } catch (error) {
     console.error(`[DEBUG LOG ERROR] ${error}`);
   }
@@ -13116,8 +13238,7 @@ async function debugLog(message, ...args) {
 function log(str, ...rest) {
   console.error(`[${pid}] ${str}`, ...rest);
   if (DEBUG && global.currentServerUrlHash) {
-    debugLog(str, ...rest).catch(() => {
-    });
+    debugLog(str, ...rest);
   }
 }
 function mcpProxy({ transportToClient, transportToServer }) {
@@ -13131,7 +13252,6 @@ function mcpProxy({ transportToClient, transportToServer }) {
         method: message.method,
         id: message.id,
         params: message.params ? JSON.stringify(message.params).substring(0, 500) : void 0
-      }).catch(() => {
       });
     }
     if (message.method === "initialize") {
@@ -13139,8 +13259,7 @@ function mcpProxy({ transportToClient, transportToServer }) {
       if (clientInfo) clientInfo.name = `${clientInfo.name} (via mcp-remote ${version})`;
       log(JSON.stringify(message, null, 2));
       if (DEBUG) {
-        debugLog("Initialize message with modified client info", { clientInfo }).catch(() => {
-        });
+        debugLog("Initialize message with modified client info", { clientInfo });
       }
     }
     transportToServer.send(message).catch(onServerError);
@@ -13154,7 +13273,6 @@ function mcpProxy({ transportToClient, transportToServer }) {
         id: message.id,
         result: message.result ? "result-present" : void 0,
         error: message.error
-      }).catch(() => {
       });
     }
     transportToClient.send(message).catch(onClientError);
@@ -13164,8 +13282,7 @@ function mcpProxy({ transportToClient, transportToServer }) {
       return;
     }
     transportToClientClosed = true;
-    if (DEBUG) debugLog("Local transport closed, closing remote transport").catch(() => {
-    });
+    if (DEBUG) debugLog("Local transport closed, closing remote transport");
     transportToServer.close().catch(onServerError);
   };
   transportToServer.onclose = () => {
@@ -13173,21 +13290,18 @@ function mcpProxy({ transportToClient, transportToServer }) {
       return;
     }
     transportToServerClosed = true;
-    if (DEBUG) debugLog("Remote transport closed, closing local transport").catch(() => {
-    });
+    if (DEBUG) debugLog("Remote transport closed, closing local transport");
     transportToClient.close().catch(onClientError);
   };
   transportToClient.onerror = onClientError;
   transportToServer.onerror = onServerError;
   function onClientError(error) {
     log("Error from local client:", error);
-    if (DEBUG) debugLog("Error from local client", { errorMessage: error.message, stack: error.stack }).catch(() => {
-    });
+    if (DEBUG) debugLog("Error from local client", { stack: error.stack });
   }
   function onServerError(error) {
     log("Error from remote server:", error);
-    if (DEBUG) debugLog("Error from remote server", { errorMessage: error.message, stack: error.stack }).catch(() => {
-    });
+    if (DEBUG) debugLog("Error from remote server", { stack: error.stack });
   }
 }
 async function connectToRemoteServer(client, serverUrl, authProvider, headers, authInitializer, transportStrategy = "http-first", recursionReasons = /* @__PURE__ */ new Set()) {
@@ -13220,22 +13334,21 @@ async function connectToRemoteServer(client, serverUrl, authProvider, headers, a
     requestInit: { headers }
   });
   try {
-    if (DEBUG) await debugLog("Attempting to connect to remote server", { sseTransport });
+    if (DEBUG) debugLog("Attempting to connect to remote server", { sseTransport });
     if (client) {
-      if (DEBUG) await debugLog("Connecting client to transport");
+      if (DEBUG) debugLog("Connecting client to transport");
       await client.connect(transport);
     } else {
-      if (DEBUG) await debugLog("Starting transport directly");
+      if (DEBUG) debugLog("Starting transport directly");
       await transport.start();
       if (!sseTransport) {
-        if (DEBUG) await debugLog("Creating test transport for HTTP-only connection test");
+        if (DEBUG) debugLog("Creating test transport for HTTP-only connection test");
         const testTransport = new StreamableHTTPClientTransport(url, { authProvider, requestInit: { headers } });
         const testClient = new Client({ name: "mcp-remote-fallback-test", version: "0.0.0" }, { capabilities: {} });
         await testClient.connect(testTransport);
       }
     }
     log(`Connected to remote server using ${transport.constructor.name}`);
-    if (DEBUG) await debugLog(`Connected to remote server successfully`, { transportType: transport.constructor.name });
     return transport;
   } catch (error) {
     if (error instanceof Error && shouldAttemptFallback && (error.message.includes("405") || error.message.includes("Method Not Allowed") || error.message.includes("404") || error.message.includes("Not Found"))) {
@@ -13259,47 +13372,52 @@ async function connectToRemoteServer(client, serverUrl, authProvider, headers, a
     } else if (error instanceof UnauthorizedError || error instanceof Error && error.message.includes("Unauthorized")) {
       log("Authentication required. Initializing auth...");
       if (DEBUG) {
-        await debugLog("Authentication required, initializing auth process", {
+        debugLog("Authentication error detected", {
+          errorCode: error instanceof OAuthError ? error.errorCode : void 0,
           errorMessage: error.message,
           stack: error.stack
         });
       }
-      if (DEBUG) await debugLog("Calling authInitializer to start auth flow");
+      if (DEBUG) debugLog("Calling authInitializer to start auth flow");
       const { waitForAuthCode, skipBrowserAuth } = await authInitializer();
       if (skipBrowserAuth) {
         log("Authentication required but skipping browser auth - using shared auth");
-        if (DEBUG) await debugLog("Authentication required but skipping browser auth - using shared auth");
       } else {
         log("Authentication required. Waiting for authorization...");
-        if (DEBUG) await debugLog("Authentication required. Waiting for authorization...");
       }
-      if (DEBUG) await debugLog("Waiting for auth code from callback server");
+      if (DEBUG) debugLog("Waiting for auth code from callback server");
       const code = await waitForAuthCode();
-      if (DEBUG) await debugLog("Received auth code from callback server");
+      if (DEBUG) debugLog("Received auth code from callback server");
       try {
         log("Completing authorization...");
-        if (DEBUG) await debugLog("Completing authorization with transport.finishAuth");
         await transport.finishAuth(code);
-        if (DEBUG) await debugLog("Authorization completed successfully");
+        if (DEBUG) debugLog("Authorization completed successfully");
         if (recursionReasons.has(REASON_AUTH_NEEDED)) {
           const errorMessage = `Already attempted reconnection for reason: ${REASON_AUTH_NEEDED}. Giving up.`;
           log(errorMessage);
-          if (DEBUG) await debugLog("Already attempted auth reconnection, giving up", { recursionReasons: Array.from(recursionReasons) });
+          if (DEBUG)
+            debugLog("Already attempted auth reconnection, giving up", {
+              recursionReasons: Array.from(recursionReasons)
+            });
           throw new Error(errorMessage);
         }
         recursionReasons.add(REASON_AUTH_NEEDED);
         log(`Recursively reconnecting for reason: ${REASON_AUTH_NEEDED}`);
-        if (DEBUG) await debugLog("Recursively reconnecting after auth", { recursionReasons: Array.from(recursionReasons) });
+        if (DEBUG) debugLog("Recursively reconnecting after auth", { recursionReasons: Array.from(recursionReasons) });
         return connectToRemoteServer(client, serverUrl, authProvider, headers, authInitializer, transportStrategy, recursionReasons);
       } catch (authError) {
         log("Authorization error:", authError);
-        if (DEBUG) await debugLog("Authorization error during finishAuth", { errorMessage: authError.message, stack: authError.stack });
+        if (DEBUG)
+          debugLog("Authorization error during finishAuth", {
+            errorMessage: authError.message,
+            stack: authError.stack
+          });
         throw authError;
       }
     } else {
       log("Connection error:", error);
       if (DEBUG)
-        await debugLog("Connection error", {
+        debugLog("Connection error", {
           errorMessage: error.message,
           stack: error.stack,
           transportType: transport.constructor.name
@@ -13497,8 +13615,7 @@ async function parseCommandLineArgs(args, usage) {
   const serverUrlHash = getServerUrlHash(serverUrl);
   global.currentServerUrlHash = serverUrlHash;
   if (DEBUG) {
-    debugLog(`Starting mcp-remote with server URL: ${serverUrl}`).catch(() => {
-    });
+    debugLog(`Starting mcp-remote with server URL: ${serverUrl}`);
   }
   const defaultPort = calculateDefaultPort(serverUrlHash);
   const [existingClientPort, availablePort] = await Promise.all([findExistingClientPort(serverUrlHash), findAvailablePort(defaultPort)]);
@@ -13508,7 +13625,7 @@ async function parseCommandLineArgs(args, usage) {
       log(
         `Warning! Specified callback port of ${specifiedPort}, which conflicts with existing client registration port ${existingClientPort}. Deleting existing client data to force reregistration.`
       );
-      await fs2.rm(getConfigFilePath(serverUrlHash, "client_info.json"));
+      await rm(getConfigFilePath(serverUrlHash, "client_info.json"));
     }
     log(`Using specified callback port: ${specifiedPort}`);
     callbackPort = specifiedPort;
@@ -13552,6 +13669,26 @@ function setupSignalHandlers(cleanup) {
 function getServerUrlHash(serverUrl) {
   return crypto2.createHash("md5").update(serverUrl).digest("hex");
 }
+function sanitizeUrl(raw) {
+  const abort = () => {
+    throw new Error(`Invalid url to pass to open(): ${raw}`);
+  };
+  let url;
+  try {
+    url = new URL(raw);
+  } catch (_) {
+    abort();
+  }
+  if (url.protocol !== "https:" && url.protocol !== "http:") abort();
+  if (url.hostname !== encodeURIComponent(url.hostname)) abort();
+  url.pathname = url.pathname.slice(0, 1) + encodeURIComponent(url.pathname.slice(1)).replace(/%2f/ig, "/");
+  url.search = url.search.slice(0, 1) + Array.from(url.searchParams.entries()).map(sanitizeParam).join("&");
+  url.hash = url.hash.slice(0, 1) + encodeURIComponent(url.hash.slice(1));
+  return url.href;
+}
+function sanitizeParam([k, v]) {
+  return `${encodeURIComponent(k)}${v.length > 0 ? `=${encodeURIComponent(v)}` : ""}`;
+}
 
 // src/lib/node-oauth-client-provider.ts
 import open from "open";
@@ -13606,9 +13743,9 @@ var NodeOAuthClientProvider = class {
    * @returns The client information or undefined
    */
   async clientInformation() {
-    if (DEBUG) await debugLog(this.serverUrlHash, "Reading client info");
+    if (DEBUG) debugLog("Reading client info");
     if (this.staticOAuthClientInfo) {
-      if (DEBUG) await debugLog(this.serverUrlHash, "Returning static client info");
+      if (DEBUG) debugLog("Returning static client info");
       return this.staticOAuthClientInfo;
     }
     const clientInfo = await readJsonFile(
@@ -13616,7 +13753,7 @@ var NodeOAuthClientProvider = class {
       "client_info.json",
       OAuthClientInformationFullSchema
     );
-    if (DEBUG) await debugLog(this.serverUrlHash, "Client info result:", clientInfo ? "Found" : "Not found");
+    if (DEBUG) debugLog("Client info result:", clientInfo ? "Found" : "Not found");
     return clientInfo;
   }
   /**
@@ -13624,7 +13761,7 @@ var NodeOAuthClientProvider = class {
    * @param clientInformation The client information to save
    */
   async saveClientInformation(clientInformation) {
-    if (DEBUG) await debugLog(this.serverUrlHash, "Saving client info", { client_id: clientInformation.client_id });
+    if (DEBUG) debugLog("Saving client info", { client_id: clientInformation.client_id });
     await writeJsonFile(this.serverUrlHash, "client_info.json", clientInformation);
   }
   /**
@@ -13633,21 +13770,21 @@ var NodeOAuthClientProvider = class {
    */
   async tokens() {
     if (DEBUG) {
-      await debugLog(this.serverUrlHash, "Reading OAuth tokens");
-      await debugLog(this.serverUrlHash, "Token request stack trace:", new Error().stack);
+      debugLog("Reading OAuth tokens");
+      debugLog("Token request stack trace:", new Error().stack);
     }
     const tokens = await readJsonFile(this.serverUrlHash, "tokens.json", OAuthTokensSchema);
     if (DEBUG) {
       if (tokens) {
         const timeLeft = tokens.expires_in || 0;
         if (typeof tokens.expires_in !== "number" || tokens.expires_in < 0) {
-          await debugLog(this.serverUrlHash, "\u26A0\uFE0F WARNING: Invalid expires_in detected while reading tokens \u26A0\uFE0F", {
+          debugLog("\u26A0\uFE0F WARNING: Invalid expires_in detected while reading tokens \u26A0\uFE0F", {
             expiresIn: tokens.expires_in,
             tokenObject: JSON.stringify(tokens),
             stack: new Error("Invalid expires_in value").stack
           });
         }
-        await debugLog(this.serverUrlHash, "Token result:", {
+        debugLog("Token result:", {
           found: true,
           hasAccessToken: !!tokens.access_token,
           hasRefreshToken: !!tokens.refresh_token,
@@ -13656,7 +13793,7 @@ var NodeOAuthClientProvider = class {
           expiresInValue: tokens.expires_in
         });
       } else {
-        await debugLog(this.serverUrlHash, "Token result: Not found");
+        debugLog("Token result: Not found");
       }
     }
     return tokens;
@@ -13669,13 +13806,13 @@ var NodeOAuthClientProvider = class {
     if (DEBUG) {
       const timeLeft = tokens.expires_in || 0;
       if (typeof tokens.expires_in !== "number" || tokens.expires_in < 0) {
-        await debugLog(this.serverUrlHash, "\u26A0\uFE0F WARNING: Invalid expires_in detected in tokens \u26A0\uFE0F", {
+        debugLog("\u26A0\uFE0F WARNING: Invalid expires_in detected in tokens \u26A0\uFE0F", {
           expiresIn: tokens.expires_in,
           tokenObject: JSON.stringify(tokens),
           stack: new Error("Invalid expires_in value").stack
         });
       }
-      await debugLog(this.serverUrlHash, "Saving tokens", {
+      debugLog("Saving tokens", {
         hasAccessToken: !!tokens.access_token,
         hasRefreshToken: !!tokens.refresh_token,
         expiresIn: `${timeLeft} seconds`,
@@ -13693,14 +13830,13 @@ var NodeOAuthClientProvider = class {
 Please authorize this client by visiting:
 ${authorizationUrl.toString()}
 `);
-    if (DEBUG) await debugLog(this.serverUrlHash, "Redirecting to authorization URL", authorizationUrl.toString());
+    if (DEBUG) debugLog("Redirecting to authorization URL", authorizationUrl.toString());
     try {
-      await open(authorizationUrl.toString());
+      await open(sanitizeUrl(authorizationUrl.toString()));
       log("Browser opened automatically.");
-      if (DEBUG) await debugLog(this.serverUrlHash, "Browser opened automatically");
     } catch (error) {
       log("Could not open browser automatically. Please copy and paste the URL above into your browser.");
-      if (DEBUG) await debugLog(this.serverUrlHash, "Failed to open browser", error);
+      if (DEBUG) debugLog("Failed to open browser", error);
     }
   }
   /**
@@ -13708,7 +13844,7 @@ ${authorizationUrl.toString()}
    * @param codeVerifier The code verifier to save
    */
   async saveCodeVerifier(codeVerifier) {
-    if (DEBUG) await debugLog(this.serverUrlHash, "Saving code verifier");
+    if (DEBUG) debugLog("Saving code verifier");
     await writeTextFile(this.serverUrlHash, "code_verifier.txt", codeVerifier);
   }
   /**
@@ -13716,11 +13852,42 @@ ${authorizationUrl.toString()}
    * @returns The code verifier
    */
   async codeVerifier() {
-    if (DEBUG) await debugLog(this.serverUrlHash, "Reading code verifier");
+    if (DEBUG) debugLog("Reading code verifier");
     const verifier = await readTextFile(this.serverUrlHash, "code_verifier.txt", "No code verifier saved for session");
-    if (DEBUG) await debugLog(this.serverUrlHash, "Code verifier found:", !!verifier);
+    if (DEBUG) debugLog("Code verifier found:", !!verifier);
     return verifier;
   }
+  /**
+   * Invalidates the specified credentials
+   * @param scope The scope of credentials to invalidate
+   */
+  async invalidateCredentials(scope) {
+    if (DEBUG) debugLog(`Invalidating credentials: ${scope}`);
+    switch (scope) {
+      case "all":
+        await Promise.all([
+          deleteConfigFile(this.serverUrlHash, "client_info.json"),
+          deleteConfigFile(this.serverUrlHash, "tokens.json"),
+          deleteConfigFile(this.serverUrlHash, "code_verifier.txt")
+        ]);
+        if (DEBUG) debugLog("All credentials invalidated");
+        break;
+      case "client":
+        await deleteConfigFile(this.serverUrlHash, "client_info.json");
+        if (DEBUG) debugLog("Client information invalidated");
+        break;
+      case "tokens":
+        await deleteConfigFile(this.serverUrlHash, "tokens.json");
+        if (DEBUG) debugLog("OAuth tokens invalidated");
+        break;
+      case "verifier":
+        await deleteConfigFile(this.serverUrlHash, "code_verifier.txt");
+        if (DEBUG) debugLog("Code verifier invalidated");
+        break;
+      default:
+        throw new Error(`Unknown credential scope: ${scope}`);
+    }
+  }
 };
 
 // src/lib/coordination.ts
@@ -13729,20 +13896,20 @@ import { unlinkSync } from "fs";
 async function isPidRunning(pid2) {
   try {
     process.kill(pid2, 0);
-    if (DEBUG) await debugLog(global.currentServerUrlHash, `Process ${pid2} is running`);
+    if (DEBUG) debugLog(`Process ${pid2} is running`);
     return true;
   } catch (err) {
-    if (DEBUG) await debugLog(global.currentServerUrlHash, `Process ${pid2} is not running`, err);
+    if (DEBUG) debugLog(`Process ${pid2} is not running`, err);
     return false;
   }
 }
 async function isLockValid(lockData) {
-  if (DEBUG) await debugLog(global.currentServerUrlHash, "Checking if lockfile is valid", lockData);
+  if (DEBUG) debugLog("Checking if lockfile is valid", lockData);
   const MAX_LOCK_AGE = 30 * 60 * 1e3;
   if (Date.now() - lockData.timestamp > MAX_LOCK_AGE) {
     log("Lockfile is too old");
     if (DEBUG)
-      await debugLog(global.currentServerUrlHash, "Lockfile is too old", {
+      debugLog("Lockfile is too old", {
         age: Date.now() - lockData.timestamp,
         maxAge: MAX_LOCK_AGE
       });
@@ -13750,11 +13917,11 @@ async function isLockValid(lockData) {
   }
   if (!await isPidRunning(lockData.pid)) {
     log("Process from lockfile is not running");
-    if (DEBUG) await debugLog(global.currentServerUrlHash, "Process from lockfile is not running", { pid: lockData.pid });
+    if (DEBUG) debugLog("Process from lockfile is not running", { pid: lockData.pid });
     return false;
   }
   try {
-    if (DEBUG) await debugLog(global.currentServerUrlHash, "Checking if endpoint is accessible", { port: lockData.port });
+    if (DEBUG) debugLog("Checking if endpoint is accessible", { port: lockData.port });
     const controller = new AbortController();
     const timeout = setTimeout(() => controller.abort(), 1e3);
     const response = await fetch(`http://127.0.0.1:${lockData.port}/wait-for-auth?poll=false`, {
@@ -13762,49 +13929,45 @@ async function isLockValid(lockData) {
     });
     clearTimeout(timeout);
     const isValid2 = response.status === 200 || response.status === 202;
-    if (DEBUG)
-      await debugLog(global.currentServerUrlHash, `Endpoint check result: ${isValid2 ? "valid" : "invalid"}`, { status: response.status });
+    if (DEBUG) debugLog(`Endpoint check result: ${isValid2 ? "valid" : "invalid"}`, { status: response.status });
     return isValid2;
   } catch (error) {
     log(`Error connecting to auth server: ${error.message}`);
-    if (DEBUG) await debugLog(global.currentServerUrlHash, "Error connecting to auth server", error);
+    if (DEBUG) debugLog("Error connecting to auth server", error);
     return false;
   }
 }
 async function waitForAuthentication(port) {
   log(`Waiting for authentication from the server on port ${port}...`);
-  if (DEBUG) await debugLog(global.currentServerUrlHash, `Waiting for authentication from server on port ${port}`);
   try {
     let attempts = 0;
     while (true) {
       attempts++;
       const url = `http://127.0.0.1:${port}/wait-for-auth`;
       log(`Querying: ${url}`);
-      if (DEBUG) await debugLog(global.currentServerUrlHash, `Poll attempt ${attempts}: ${url}`);
+      if (DEBUG) debugLog(`Poll attempt ${attempts}`);
       try {
         const response = await fetch(url);
-        if (DEBUG) await debugLog(global.currentServerUrlHash, `Poll response status: ${response.status}`);
+        if (DEBUG) debugLog(`Poll response status: ${response.status}`);
         if (response.status === 200) {
           log(`Authentication completed by other instance`);
-          if (DEBUG) await debugLog(global.currentServerUrlHash, `Authentication completed by other instance`);
           return true;
         } else if (response.status === 202) {
           log(`Authentication still in progress`);
-          if (DEBUG) await debugLog(global.currentServerUrlHash, `Authentication still in progress, will retry in 1s`);
+          if (DEBUG) debugLog(`Will retry in 1s`);
           await new Promise((resolve) => setTimeout(resolve, 1e3));
         } else {
           log(`Unexpected response status: ${response.status}`);
-          if (DEBUG) await debugLog(global.currentServerUrlHash, `Unexpected response status`, { status: response.status });
           return false;
         }
       } catch (fetchError) {
-        if (DEBUG) await debugLog(global.currentServerUrlHash, `Fetch error during poll`, fetchError);
+        if (DEBUG) debugLog(`Fetch error during poll`, fetchError);
         await new Promise((resolve) => setTimeout(resolve, 2e3));
       }
     }
   } catch (error) {
     log(`Error waiting for authentication: ${error.message}`);
-    if (DEBUG) await debugLog(global.currentServerUrlHash, `Error waiting for authentication`, error);
+    if (DEBUG) debugLog(`Error waiting for authentication`, error);
     return false;
   }
 }
@@ -13813,43 +13976,39 @@ function createLazyAuthCoordinator(serverUrlHash, callbackPort, events) {
   return {
     initializeAuth: async () => {
       if (authState) {
-        if (DEBUG) await debugLog(serverUrlHash, "Auth already initialized, reusing existing state");
+        if (DEBUG) debugLog("Auth already initialized, reusing existing state");
         return authState;
       }
       log("Initializing auth coordination on-demand");
-      if (DEBUG) await debugLog(serverUrlHash, "Initializing auth coordination on-demand", { serverUrlHash, callbackPort });
+      if (DEBUG) debugLog("Initializing auth coordination on-demand", { serverUrlHash, callbackPort });
       authState = await coordinateAuth(serverUrlHash, callbackPort, events);
-      if (DEBUG) await debugLog(serverUrlHash, "Auth coordination completed", { skipBrowserAuth: authState.skipBrowserAuth });
+      if (DEBUG) debugLog("Auth coordination completed", { skipBrowserAuth: authState.skipBrowserAuth });
       return authState;
     }
   };
 }
 async function coordinateAuth(serverUrlHash, callbackPort, events) {
-  if (DEBUG) await debugLog(serverUrlHash, "Coordinating authentication", { serverUrlHash, callbackPort });
+  if (DEBUG) debugLog("Coordinating authentication", { serverUrlHash, callbackPort });
   const lockData = process.platform === "win32" ? null : await checkLockfile(serverUrlHash);
   if (DEBUG) {
     if (process.platform === "win32") {
-      await debugLog(serverUrlHash, "Skipping lockfile check on Windows");
+      debugLog("Skipping lockfile check on Windows");
     } else {
-      await debugLog(serverUrlHash, "Lockfile check result", { found: !!lockData, lockData });
+      debugLog("Lockfile check result", { found: !!lockData, lockData });
     }
   }
   if (lockData && await isLockValid(lockData)) {
-    log(`Another instance is handling authentication on port ${lockData.port}`);
-    if (DEBUG) await debugLog(serverUrlHash, "Another instance is handling authentication", { port: lockData.port, pid: lockData.pid });
+    log(`Another instance is handling authentication on port ${lockData.port} (pid: ${lockData.pid})`);
     try {
-      if (DEBUG) await debugLog(serverUrlHash, "Waiting for authentication from other instance");
+      if (DEBUG) debugLog("Waiting for authentication from other instance");
       const authCompleted = await waitForAuthentication(lockData.port);
       if (authCompleted) {
-        log("Authentication completed by another instance");
-        if (DEBUG) await debugLog(serverUrlHash, "Authentication completed by another instance, will use tokens from disk");
+        log("Authentication completed by another instance. Using tokens from disk");
         const dummyServer = express2().listen(0);
         const dummyPort = dummyServer.address().port;
-        if (DEBUG) await debugLog(serverUrlHash, "Started dummy server", { port: dummyPort });
+        if (DEBUG) debugLog("Started dummy server", { port: dummyPort });
         const dummyWaitForAuthCode = () => {
           log("WARNING: waitForAuthCode called in secondary instance - this is unexpected");
-          if (DEBUG) debugLog(serverUrlHash, "WARNING: waitForAuthCode called in secondary instance - this is unexpected").catch(() => {
-          });
           return new Promise(() => {
           });
         };
@@ -13860,20 +14019,18 @@ async function coordinateAuth(serverUrlHash, callbackPort, events) {
         };
       } else {
         log("Taking over authentication process...");
-        if (DEBUG) await debugLog(serverUrlHash, "Taking over authentication process");
       }
     } catch (error) {
       log(`Error waiting for authentication: ${error}`);
-      if (DEBUG) await debugLog(serverUrlHash, "Error waiting for authentication", error);
+      if (DEBUG) debugLog("Error waiting for authentication", error);
     }
-    if (DEBUG) await debugLog(serverUrlHash, "Other instance did not complete auth successfully, deleting lockfile");
+    if (DEBUG) debugLog("Other instance did not complete auth successfully, deleting lockfile");
     await deleteLockfile(serverUrlHash);
   } else if (lockData) {
     log("Found invalid lockfile, deleting it");
-    if (DEBUG) await debugLog(serverUrlHash, "Found invalid lockfile, deleting it");
     await deleteLockfile(serverUrlHash);
   }
-  if (DEBUG) await debugLog(serverUrlHash, "Setting up OAuth callback server", { port: callbackPort });
+  if (DEBUG) debugLog("Setting up OAuth callback server", { port: callbackPort });
   const { server, waitForAuthCode, authCompletedPromise } = setupOAuthCallbackServerWithLongPoll({
     port: callbackPort,
     path: "/oauth/callback",
@@ -13881,18 +14038,16 @@ async function coordinateAuth(serverUrlHash, callbackPort, events) {
   });
   const address = server.address();
   const actualPort = address.port;
-  if (DEBUG) await debugLog(serverUrlHash, "OAuth callback server running", { port: actualPort });
+  if (DEBUG) debugLog("OAuth callback server running", { port: actualPort });
   log(`Creating lockfile for server ${serverUrlHash} with process ${process.pid} on port ${actualPort}`);
-  if (DEBUG) await debugLog(serverUrlHash, "Creating lockfile", { serverUrlHash, pid: process.pid, port: actualPort });
   await createLockfile(serverUrlHash, process.pid, actualPort);
   const cleanupHandler = async () => {
     try {
       log(`Cleaning up lockfile for server ${serverUrlHash}`);
-      if (DEBUG) await debugLog(serverUrlHash, "Cleaning up lockfile");
       await deleteLockfile(serverUrlHash);
     } catch (error) {
       log(`Error cleaning up lockfile: ${error}`);
-      if (DEBUG) await debugLog(serverUrlHash, "Error cleaning up lockfile", error);
+      if (DEBUG) debugLog("Error cleaning up lockfile", error);
     }
   };
   process.once("exit", () => {
@@ -13905,10 +14060,10 @@ async function coordinateAuth(serverUrlHash, callbackPort, events) {
     }
   });
   process.once("SIGINT", async () => {
-    if (DEBUG) await debugLog(serverUrlHash, "Received SIGINT signal, cleaning up");
+    if (DEBUG) debugLog("Received SIGINT signal, cleaning up");
     await cleanupHandler();
   });
-  if (DEBUG) await debugLog(serverUrlHash, "Auth coordination complete, returning primary instance handlers");
+  if (DEBUG) debugLog("Auth coordination complete, returning primary instance handlers");
   return {
     server,
     waitForAuthCode,

package/dist/client.js

@@ -11,7 +11,7 @@ import {
   parseCommandLineArgs,
   setupSignalHandlers,
   version
-} from "./chunk-QAIZEZGG.js";
+} from "./chunk-QW4IRS52.js";
 
 // src/client.ts
 import { EventEmitter } from "events";

package/dist/proxy.js

@@ -9,15 +9,15 @@ import {
   mcpProxy,
   parseCommandLineArgs,
   setupSignalHandlers
-} from "./chunk-QAIZEZGG.js";
+} from "./chunk-QW4IRS52.js";
 
 // src/proxy.ts
 import { EventEmitter } from "events";
 
-// node_modules/.pnpm/@modelcontextprotocol+sdk@1.12.1/node_modules/@modelcontextprotocol/sdk/dist/esm/server/stdio.js
+// node_modules/.pnpm/@modelcontextprotocol+sdk@https+++pkg.pr.new+geelen+typescript-sdk+@modelcontextprotocol+sdk@cdf3508/node_modules/@modelcontextprotocol/sdk/dist/esm/server/stdio.js
 import process2 from "node:process";
 
-// node_modules/.pnpm/@modelcontextprotocol+sdk@1.12.1/node_modules/@modelcontextprotocol/sdk/dist/esm/shared/stdio.js
+// node_modules/.pnpm/@modelcontextprotocol+sdk@https+++pkg.pr.new+geelen+typescript-sdk+@modelcontextprotocol+sdk@cdf3508/node_modules/@modelcontextprotocol/sdk/dist/esm/shared/stdio.js
 var ReadBuffer = class {
   append(chunk) {
     this._buffer = this._buffer ? Buffer.concat([this._buffer, chunk]) : chunk;
@@ -45,7 +45,7 @@ function serializeMessage(message) {
   return JSON.stringify(message) + "\n";
 }
 
-// node_modules/.pnpm/@modelcontextprotocol+sdk@1.12.1/node_modules/@modelcontextprotocol/sdk/dist/esm/server/stdio.js
+// node_modules/.pnpm/@modelcontextprotocol+sdk@https+++pkg.pr.new+geelen+typescript-sdk+@modelcontextprotocol+sdk@cdf3508/node_modules/@modelcontextprotocol/sdk/dist/esm/server/stdio.js
 var StdioServerTransport = class {
   constructor(_stdin = process2.stdin, _stdout = process2.stdout) {
     this._stdin = _stdin;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mcp-remote",
-  "version": "0.1.13",
+  "version": "0.1.15",
   "description": "Remote proxy for Model Context Protocol, allowing local-only clients to connect to remote servers using oAuth",
   "keywords": [
     "mcp",
@@ -22,18 +22,27 @@
     "mcp-remote": "dist/proxy.js",
     "mcp-remote-client": "dist/client.js"
   },
+  "scripts": {
+    "build": "tsup",
+    "build:watch": "tsup --watch",
+    "check": "prettier --check . && tsc",
+    "lint-fix": "prettier --check . --write",
+    "test:unit": "vitest run",
+    "test:unit:watch": "vitest"
+  },
   "dependencies": {
     "express": "^4.21.2",
     "open": "^10.1.0"
   },
   "devDependencies": {
-    "@modelcontextprotocol/sdk": "^1.12.1",
+    "@modelcontextprotocol/sdk": "https://pkg.pr.new/geelen/typescript-sdk/@modelcontextprotocol/sdk@cdf3508",
     "@types/express": "^5.0.0",
     "@types/node": "^22.13.10",
     "prettier": "^3.5.3",
     "tsup": "^8.4.0",
     "tsx": "^4.19.3",
-    "typescript": "^5.8.2"
+    "typescript": "^5.8.2",
+    "vitest": "^3.2.3"
   },
   "tsup": {
     "entry": [
@@ -48,10 +57,12 @@
     "outDir": "dist",
     "external": []
   },
-  "scripts": {
-    "build": "tsup",
-    "build:watch": "tsup --watch",
-    "check": "prettier --check . && tsc",
-    "lint-fix": "prettier --check . --write"
-  }
-}
+  "vitest": {
+    "environment": "node",
+    "globals": true,
+    "include": [
+      "src/**/*.test.ts"
+    ]
+  },
+  "packageManager": "pnpm@10.11.0+sha512.6540583f41cc5f628eb3d9773ecee802f4f9ef9923cc45b69890fb47991d4b092964694ec3a4f738a420c918a333062c8b925d312f42e4f0c263eb603551f977"
+}