mcp-use 1.10.5 → 1.11.0-canary.10

package/dist/src/server/index.cjs

@@ -413,8 +413,8 @@ var init_runtime = __esm({
         if (isDeno) {
           return await globalThis.Deno.readTextFile(path);
         }
-        const { readFileSync } = await import("fs");
-        const result = readFileSync(path, encoding);
+        const { readFileSync: readFileSync2 } = await import("fs");
+        const result = readFileSync2(path, encoding);
         return typeof result === "string" ? result : result.toString(encoding);
       },
       async readFile(path) {
@@ -422,8 +422,8 @@ var init_runtime = __esm({
           const data = await globalThis.Deno.readFile(path);
           return data.buffer;
         }
-        const { readFileSync } = await import("fs");
-        const buffer = readFileSync(path);
+        const { readFileSync: readFileSync2 } = await import("fs");
+        const buffer = readFileSync2(path);
         return buffer.buffer.slice(
           buffer.byteOffset,
           buffer.byteOffset + buffer.byteLength
@@ -438,8 +438,8 @@ var init_runtime = __esm({
             return false;
           }
         }
-        const { existsSync } = await import("fs");
-        return existsSync(path);
+        const { existsSync: existsSync2 } = await import("fs");
+        return existsSync2(path);
       },
       async readdirSync(path) {
         if (isDeno) {
@@ -643,7 +643,7 @@ var init_logging = __esm({
               timestamp({ format: "HH:mm:ss" }),
               this.getFormatter()
             ),
-            transports: []
+            transports: [new winston.transports.Console()]
           });
         }
         return this.instances[name];
@@ -761,7 +761,7 @@ var VERSION;
 var init_version = __esm({
   "src/version.ts"() {
     "use strict";
-    VERSION = "1.10.5";
+    VERSION = "1.11.0-canary.10";
     __name(getPackageVersion, "getPackageVersion");
   }
 });
@@ -2098,10 +2098,84 @@ var init_conversion2 = __esm({
   }
 });
 
+// src/server/utils/jsonrpc-helpers.ts
+function createNotification(method, params) {
+  return {
+    jsonrpc: "2.0",
+    method,
+    ...params && { params }
+  };
+}
+function createRequest(id, method, params) {
+  return {
+    jsonrpc: "2.0",
+    id,
+    method,
+    ...params && { params }
+  };
+}
+var init_jsonrpc_helpers = __esm({
+  "src/server/utils/jsonrpc-helpers.ts"() {
+    "use strict";
+    __name(createNotification, "createNotification");
+    __name(createRequest, "createRequest");
+  }
+});
+
+// src/server/sessions/notifications.ts
+var notifications_exports = {};
+__export(notifications_exports, {
+  sendNotificationToAll: () => sendNotificationToAll,
+  sendNotificationToSession: () => sendNotificationToSession
+});
+async function sendNotificationToAll(sessions, method, params) {
+  const notification = createNotification(method, params);
+  for (const [sessionId, session] of sessions.entries()) {
+    try {
+      await session.transport.send(notification);
+    } catch (error2) {
+      console.warn(
+        `[MCP] Failed to send notification to session ${sessionId}:`,
+        error2
+      );
+    }
+  }
+}
+async function sendNotificationToSession(sessions, sessionId, method, params) {
+  const session = sessions.get(sessionId);
+  if (!session) {
+    return false;
+  }
+  const notification = createNotification(method, params);
+  try {
+    await session.transport.send(notification);
+    return true;
+  } catch (error2) {
+    console.warn(
+      `[MCP] Failed to send notification to session ${sessionId}:`,
+      error2
+    );
+    return false;
+  }
+}
+var init_notifications = __esm({
+  "src/server/sessions/notifications.ts"() {
+    "use strict";
+    init_jsonrpc_helpers();
+    __name(sendNotificationToAll, "sendNotificationToAll");
+    __name(sendNotificationToSession, "sendNotificationToSession");
+  }
+});
+
 // src/server/index.ts
 var server_exports = {};
 __export(server_exports, {
+  FileSystemSessionStore: () => FileSystemSessionStore,
+  InMemorySessionStore: () => InMemorySessionStore,
+  InMemoryStreamManager: () => InMemoryStreamManager,
   MCPServer: () => MCPServer,
+  RedisSessionStore: () => RedisSessionStore,
+  RedisStreamManager: () => RedisStreamManager,
   VERSION: () => VERSION,
   adaptConnectMiddleware: () => adaptConnectMiddleware,
   adaptMiddleware: () => adaptMiddleware,
@@ -2427,17 +2501,23 @@ function binary(base64Data, mimeType) {
 }
 __name(binary, "binary");
 function widget(config) {
-  const { data, message } = config;
-  return {
-    content: [
-      {
-        type: "text",
-        text: message || ""
-      }
-    ],
-    // structuredContent will be injected as window.openai.toolOutput by Apps SDK
-    structuredContent: data
+  const props = config.props || config.data || {};
+  const { output, message } = config;
+  const finalContent = message ? [{ type: "text", text: message }] : Array.isArray(output?.content) && output.content.length > 0 ? output.content : [{ type: "text", text: "" }];
+  const meta = {
+    ...output?._meta || {},
+    "mcp-use/props": props
   };
+  const result = {
+    content: finalContent,
+    _meta: meta
+  };
+  if (output?.structuredContent) {
+    result.structuredContent = output.structuredContent;
+  } else if (Object.keys(props).length > 0) {
+    result.structuredContent = props;
+  }
+  return result;
 }
 __name(widget, "widget");
 function mix(...results) {
@@ -3107,7 +3187,7 @@ function processWidgetHtml(html2, widgetName, baseUrl) {
 }
 __name(processWidgetHtml, "processWidgetHtml");
 function createWidgetRegistration(widgetName, metadata, html2, serverConfig, isDev = false) {
-  const props = metadata.inputs || {};
+  const props = metadata.props || metadata.inputs || metadata.schema || {};
   const description = metadata.description || `Widget: ${widgetName}`;
   const title = metadata.title || widgetName;
   const exposeAsTool = metadata.exposeAsTool !== void 0 ? metadata.exposeAsTool : true;
@@ -3249,6 +3329,33 @@ function setupPublicRoutes(app, useDistDirectory = false) {
   });
 }
 __name(setupPublicRoutes, "setupPublicRoutes");
+function setupFaviconRoute(app, faviconPath, useDistDirectory = false) {
+  if (!faviconPath) {
+    return;
+  }
+  app.get("/favicon.ico", async (c) => {
+    const basePath = useDistDirectory ? "dist/public" : "public";
+    const fullPath = pathHelpers.join(getCwd(), basePath, faviconPath);
+    try {
+      if (await fsHelpers.existsSync(fullPath)) {
+        const content = await fsHelpers.readFile(fullPath);
+        const contentType = getContentType(faviconPath);
+        return new Response(content, {
+          status: 200,
+          headers: {
+            "Content-Type": contentType,
+            "Cache-Control": "public, max-age=31536000"
+            // Cache for 1 year
+          }
+        });
+      }
+      return c.notFound();
+    } catch {
+      return c.notFound();
+    }
+  });
+}
+__name(setupFaviconRoute, "setupFaviconRoute");
 
 // src/server/widgets/mount-widgets-dev.ts
 var TMP_MCP_USE_DIR = ".mcp-use";
@@ -3298,6 +3405,19 @@ async function mountWidgetsDev(app, serverConfig, registerWidget, options) {
     return;
   }
   const tempDir = pathHelpers.join(getCwd(), TMP_MCP_USE_DIR);
+  try {
+    await fs.access(tempDir);
+    const currentWidgetNames = new Set(entries.map((e) => e.name));
+    const existingDirs = await fs.readdir(tempDir, { withFileTypes: true });
+    for (const dirent of existingDirs) {
+      if (dirent.isDirectory() && !currentWidgetNames.has(dirent.name)) {
+        const staleDir = pathHelpers.join(tempDir, dirent.name);
+        await fs.rm(staleDir, { recursive: true, force: true });
+        console.log(`[WIDGETS] Cleaned up stale widget: ${dirent.name}`);
+      }
+    }
+  } catch {
+  }
   await fs.mkdir(tempDir, { recursive: true }).catch(() => {
   });
   let createServer;
@@ -3335,10 +3455,13 @@ async function mountWidgetsDev(app, serverConfig, registerWidget, options) {
     await fs.mkdir(widgetTempDir, { recursive: true });
     const resourcesPath = pathHelpers.join(getCwd(), resourcesDir);
     const relativeResourcesPath = pathHelpers.relative(widgetTempDir, resourcesPath).replace(/\\/g, "/");
+    const mcpUsePath = pathHelpers.join(getCwd(), "node_modules", "mcp-use");
+    const relativeMcpUsePath = pathHelpers.relative(widgetTempDir, mcpUsePath).replace(/\\/g, "/");
     const cssContent = `@import "tailwindcss";
 
-/* Configure Tailwind to scan the resources directory */
+/* Configure Tailwind to scan the resources directory and mcp-use package */
 @source "${relativeResourcesPath}";
+@source "${relativeMcpUsePath}/**/*.{ts,tsx,js,jsx}";
 `;
     await fs.writeFile(
       pathHelpers.join(widgetTempDir, "styles.css"),
@@ -3361,7 +3484,8 @@ if (container && Component) {
   <head>
     <meta charset="UTF-8" />
     <meta name="viewport" content="width=device-width,initial-scale=1" />
-    <title>${widget2.name} Widget</title>
+    <title>${widget2.name} Widget</title>${serverConfig.favicon ? `
+    <link rel="icon" href="/mcp-use/public/${serverConfig.favicon}" />` : ""}
   </head>
   <body>
     <div id="widget-root"></div>
@@ -3405,6 +3529,50 @@ if (container && Component) {
       const resourcesPath = pathHelpers.join(getCwd(), resourcesDir);
       server.watcher.add(resourcesPath);
       console.log(`[WIDGETS] Watching resources directory: ${resourcesPath}`);
+      server.watcher.on("unlink", async (filePath) => {
+        const relativePath = pathHelpers.relative(resourcesPath, filePath);
+        if ((relativePath.endsWith(".tsx") || relativePath.endsWith(".ts")) && !relativePath.includes("/")) {
+          const widgetName = relativePath.replace(/\.tsx?$/, "");
+          const widgetDir = pathHelpers.join(tempDir, widgetName);
+          try {
+            await fs.access(widgetDir);
+            await fs.rm(widgetDir, { recursive: true, force: true });
+            console.log(
+              `[WIDGETS] Cleaned up stale widget (file removed): ${widgetName}`
+            );
+          } catch {
+          }
+        } else if (relativePath.endsWith("widget.tsx")) {
+          const parts = relativePath.split("/");
+          if (parts.length === 2) {
+            const widgetName = parts[0];
+            const widgetDir = pathHelpers.join(tempDir, widgetName);
+            try {
+              await fs.access(widgetDir);
+              await fs.rm(widgetDir, { recursive: true, force: true });
+              console.log(
+                `[WIDGETS] Cleaned up stale widget (file removed): ${widgetName}`
+              );
+            } catch {
+            }
+          }
+        }
+      });
+      server.watcher.on("unlinkDir", async (dirPath) => {
+        const relativePath = pathHelpers.relative(resourcesPath, dirPath);
+        if (relativePath && !relativePath.includes("/")) {
+          const widgetName = relativePath;
+          const widgetDir = pathHelpers.join(tempDir, widgetName);
+          try {
+            await fs.access(widgetDir);
+            await fs.rm(widgetDir, { recursive: true, force: true });
+            console.log(
+              `[WIDGETS] Cleaned up stale widget (directory removed): ${widgetName}`
+            );
+          } catch {
+          }
+        }
+      });
     }
   };
   const nodeStubsPlugin = {
@@ -3517,6 +3685,7 @@ export default PostHog;
   );
   app.use(`${baseRoute}/*`, viteMiddleware);
   setupPublicRoutes(app, false);
+  setupFaviconRoute(app, serverConfig.favicon, false);
   app.use(`${baseRoute}/*`, async (c) => {
     const url = new URL(c.req.url);
     const isAsset = url.pathname.match(
@@ -3726,6 +3895,7 @@ function setupWidgetRoutes(app, serverConfig) {
     }
   });
   setupPublicRoutes(app, true);
+  setupFaviconRoute(app, serverConfig.favicon, true);
 }
 __name(setupWidgetRoutes, "setupWidgetRoutes");
 
@@ -3860,18 +4030,30 @@ function uiResourceRegistration(server, definition) {
           );
           const uniqueToolMetadata = {
             ...toolMetadata,
-            "openai/outputTemplate": uniqueUri
+            "openai/outputTemplate": uniqueUri,
+            "mcp-use/props": params
+            // Pass params as widget props
           };
+          let toolOutputResult;
+          if (definition.toolOutput) {
+            toolOutputResult = typeof definition.toolOutput === "function" ? definition.toolOutput(params) : definition.toolOutput;
+          } else {
+            toolOutputResult = {
+              content: [
+                {
+                  type: "text",
+                  text: `Displaying ${displayName}`
+                }
+              ]
+            };
+          }
+          const content = toolOutputResult.content || [
+            { type: "text", text: `Displaying ${displayName}` }
+          ];
           return {
             _meta: uniqueToolMetadata,
-            content: [
-              {
-                type: "text",
-                text: `Displaying ${displayName}`
-              }
-            ],
-            // structuredContent will be injected as window.openai.toolOutput by Apps SDK
-            structuredContent: params
+            content,
+            structuredContent: toolOutputResult.structuredContent
           };
         }
         return {
@@ -3897,7 +4079,8 @@ async function mountWidgets(server, options) {
     serverBaseUrl: server.serverBaseUrl || `http://${server.serverHost}:${server.serverPort || 3e3}`,
     serverPort: server.serverPort || 3e3,
     cspUrls: getCSPUrls(),
-    buildId: server.buildId
+    buildId: server.buildId,
+    favicon: server.favicon
   };
   const registerWidget = /* @__PURE__ */ __name((widgetDef) => {
     server.uiResource(widgetDef);
@@ -4392,27 +4575,7 @@ __name(registerPrompt, "registerPrompt");
 
 // src/server/roots/roots-registration.ts
 init_runtime();
-
-// src/server/utils/jsonrpc-helpers.ts
-function createNotification(method, params) {
-  return {
-    jsonrpc: "2.0",
-    method,
-    ...params && { params }
-  };
-}
-__name(createNotification, "createNotification");
-function createRequest(id, method, params) {
-  return {
-    jsonrpc: "2.0",
-    id,
-    method,
-    ...params && { params }
-  };
-}
-__name(createRequest, "createRequest");
-
-// src/server/roots/roots-registration.ts
+init_jsonrpc_helpers();
 function onRootsChanged(callback) {
   this.onRootsChangedCallback = callback;
   return this;
@@ -4574,41 +4737,8 @@ async function requestLogger(c, next) {
 }
 __name(requestLogger, "requestLogger");
 
-// src/server/sessions/notifications.ts
-async function sendNotificationToAll(sessions, method, params) {
-  const notification = createNotification(method, params);
-  for (const [sessionId, session] of sessions.entries()) {
-    try {
-      await session.transport.send(notification);
-    } catch (error2) {
-      console.warn(
-        `[MCP] Failed to send notification to session ${sessionId}:`,
-        error2
-      );
-    }
-  }
-}
-__name(sendNotificationToAll, "sendNotificationToAll");
-async function sendNotificationToSession(sessions, sessionId, method, params) {
-  const session = sessions.get(sessionId);
-  if (!session) {
-    return false;
-  }
-  const notification = createNotification(method, params);
-  try {
-    await session.transport.send(notification);
-    return true;
-  } catch (error2) {
-    console.warn(
-      `[MCP] Failed to send notification to session ${sessionId}:`,
-      error2
-    );
-    return false;
-  }
-}
-__name(sendNotificationToSession, "sendNotificationToSession");
-
 // src/server/notifications/notification-registration.ts
+init_notifications();
 function getActiveSessions() {
   return Array.from(this.sessions.keys());
 }
@@ -4626,13 +4756,34 @@ async function sendNotificationToSession2(sessionId, method, params) {
   );
 }
 __name(sendNotificationToSession2, "sendNotificationToSession");
+async function sendToolsListChanged() {
+  await sendNotificationToAll(
+    this.sessions,
+    "notifications/tools/list_changed"
+  );
+}
+__name(sendToolsListChanged, "sendToolsListChanged");
+async function sendResourcesListChanged() {
+  await sendNotificationToAll(
+    this.sessions,
+    "notifications/resources/list_changed"
+  );
+}
+__name(sendResourcesListChanged, "sendResourcesListChanged");
+async function sendPromptsListChanged() {
+  await sendNotificationToAll(
+    this.sessions,
+    "notifications/prompts/list_changed"
+  );
+}
+__name(sendPromptsListChanged, "sendPromptsListChanged");
 
 // src/server/mcp-server.ts
 init_tool_execution_helpers();
 init_context_storage();
 
 // src/server/sessions/session-manager.ts
-function startIdleCleanup(sessions, idleTimeoutMs, mcpServerInstance) {
+function startIdleCleanup(sessions, idleTimeoutMs, transports, mcpServerInstance) {
   if (idleTimeoutMs <= 0) {
     return void 0;
   }
@@ -4649,136 +4800,1141 @@ function startIdleCleanup(sessions, idleTimeoutMs, mcpServerInstance) {
         `[MCP] Cleaning up ${expiredSessions.length} idle session(s)`
       );
       for (const sessionId of expiredSessions) {
+        const transport = transports?.get(sessionId);
+        if (transport?.close) {
+          Promise.resolve(transport.close()).catch((e) => {
+            console.warn(
+              `[MCP] Error closing transport for session ${sessionId}:`,
+              e
+            );
+          });
+        }
+        transports?.delete(sessionId);
         sessions.delete(sessionId);
         mcpServerInstance?.cleanupSessionSubscriptions?.(sessionId);
+        console.log(
+          `[MCP] Cleaned up resource subscriptions for session ${sessionId}`
+        );
       }
     }
   }, 6e4);
 }
 __name(startIdleCleanup, "startIdleCleanup");
 
-// src/server/endpoints/mount-mcp.ts
-init_runtime();
-init_telemetry2();
-async function mountMcp(app, mcpServerInstance, sessions, config, isProductionMode2) {
-  const { FetchStreamableHTTPServerTransport } = await import("@mcp-use/modelcontextprotocol-sdk/experimental/fetch-streamable-http/index.js");
-  const idleTimeoutMs = config.sessionIdleTimeoutMs ?? 3e5;
-  const transports = /* @__PURE__ */ new Map();
-  let idleCleanupInterval;
-  if (idleTimeoutMs > 0) {
-    idleCleanupInterval = startIdleCleanup(
-      sessions,
-      idleTimeoutMs,
-      mcpServerInstance
-    );
+// src/server/sessions/index.ts
+init_notifications();
+
+// src/server/sessions/stores/memory.ts
+var InMemorySessionStore = class {
+  static {
+    __name(this, "InMemorySessionStore");
   }
-  const handleRequest = /* @__PURE__ */ __name(async (c) => {
-    const sessionId = c.req.header("mcp-session-id");
-    if (sessionId && transports.has(sessionId)) {
-      const transport2 = transports.get(sessionId);
-      if (sessions.has(sessionId)) {
-        const session = sessions.get(sessionId);
-        session.lastAccessedAt = Date.now();
-        session.context = c;
-        session.honoContext = c;
-      }
-      return transport2.handleRequest(c.req.raw);
-    }
-    const server = mcpServerInstance.getServerForSession();
-    const transport = new FetchStreamableHTTPServerTransport({
-      sessionIdGenerator: /* @__PURE__ */ __name(() => generateUUID(), "sessionIdGenerator"),
-      onsessioninitialized: /* @__PURE__ */ __name((sid) => {
-        console.log(`[MCP] Session initialized: ${sid}`);
-        transports.set(sid, transport);
-        sessions.set(sid, {
-          transport,
-          server,
-          lastAccessedAt: Date.now(),
-          context: c,
-          honoContext: c
-        });
-        server.server.oninitialized = () => {
-          const clientCapabilities = server.server.getClientCapabilities();
-          const clientInfo = server.server.getClientInfo?.() || {};
-          const protocolVersion = server.server.getProtocolVersion?.() || "unknown";
-          if (clientCapabilities && sessions.has(sid)) {
-            const session = sessions.get(sid);
-            session.clientCapabilities = clientCapabilities;
-            console.log(
-              `[MCP] Captured client capabilities for session ${sid}:`,
-              Object.keys(clientCapabilities)
-            );
-          }
-          Telemetry.getInstance().trackServerInitialize({
-            protocolVersion: String(protocolVersion),
-            clientInfo: clientInfo || {},
-            clientCapabilities: clientCapabilities || {},
-            sessionId: sid
-          }).catch(
-            (e) => console.debug(`Failed to track server initialize: ${e}`)
-          );
-        };
-      }, "onsessioninitialized"),
-      onsessionclosed: /* @__PURE__ */ __name((sid) => {
-        console.log(`[MCP] Session closed: ${sid}`);
-        transports.delete(sid);
-        sessions.delete(sid);
-        mcpServerInstance.cleanupSessionSubscriptions?.(sid);
-      }, "onsessionclosed")
-    });
-    await server.connect(transport);
-    return transport.handleRequest(c.req.raw);
-  }, "handleRequest");
-  for (const endpoint of ["/mcp", "/sse"]) {
-    app.on(["GET", "POST", "DELETE"], endpoint, handleRequest);
+  /**
+   * Internal map storing session metadata
+   * Key: sessionId, Value: SessionMetadata
+   */
+  sessions = /* @__PURE__ */ new Map();
+  /**
+   * Retrieve session metadata by ID
+   */
+  async get(sessionId) {
+    const data = this.sessions.get(sessionId);
+    return data ?? null;
   }
-  console.log(
-    `[MCP] Server mounted at /mcp and /sse (using FetchStreamableHTTPServerTransport - Web Standard APIs)`
-  );
-  return { mcpMounted: true, idleCleanupInterval };
-}
-__name(mountMcp, "mountMcp");
-
-// src/server/oauth/routes.ts
-var import_cors2 = require("hono/cors");
-function setupOAuthRoutes(app, provider, baseUrl) {
-  const mode = provider.getMode?.() || "proxy";
-  app.use(
-    "/.well-known/*",
-    (0, import_cors2.cors)({
-      origin: "*",
-      // Allow all origins for metadata discovery
-      allowMethods: ["GET", "OPTIONS"],
-      allowHeaders: ["Content-Type", "Authorization"],
-      exposeHeaders: ["Content-Type"],
-      maxAge: 86400
-      // Cache preflight for 24 hours
-    })
-  );
-  if (mode === "proxy") {
-    app.use(
-      "/authorize",
-      (0, import_cors2.cors)({
-        origin: "*",
-        allowMethods: ["GET", "POST", "OPTIONS"],
-        allowHeaders: ["Content-Type", "Authorization"],
-        maxAge: 86400
-      })
-    );
-    app.use(
-      "/token",
-      (0, import_cors2.cors)({
-        origin: "*",
-        allowMethods: ["POST", "OPTIONS"],
-        allowHeaders: ["Content-Type", "Authorization"],
-        maxAge: 86400
-      })
-    );
+  /**
+   * Store or update session metadata
+   */
+  async set(sessionId, data) {
+    this.sessions.set(sessionId, data);
   }
-  if (mode === "proxy") {
-    const handleAuthorize = /* @__PURE__ */ __name(async (c) => {
-      const params = c.req.method === "POST" ? await c.req.parseBody() : c.req.query();
-      const clientId = params.client_id;
+  /**
+   * Delete session metadata
+   */
+  async delete(sessionId) {
+    this.sessions.delete(sessionId);
+  }
+  /**
+   * Check if session exists
+   */
+  async has(sessionId) {
+    return this.sessions.has(sessionId);
+  }
+  /**
+   * List all session IDs
+   */
+  async keys() {
+    return Array.from(this.sessions.keys());
+  }
+  /**
+   * Store session metadata with TTL (time-to-live)
+   *
+   * Note: In-memory implementation uses setTimeout for TTL.
+   * For production TTL support, use Redis or another store with native TTL.
+   */
+  async setWithTTL(sessionId, data, ttlMs) {
+    this.sessions.set(sessionId, data);
+    setTimeout(() => {
+      this.sessions.delete(sessionId);
+      console.log(`[MCP] Session ${sessionId} expired after ${ttlMs}ms`);
+    }, ttlMs);
+  }
+  /**
+   * Get the number of active sessions
+   * Useful for monitoring and debugging
+   */
+  get size() {
+    return this.sessions.size;
+  }
+  /**
+   * Clear all sessions
+   * Useful for testing and manual cleanup
+   */
+  async clear() {
+    this.sessions.clear();
+  }
+};
+
+// src/server/sessions/stores/redis.ts
+var RedisSessionStore = class {
+  static {
+    __name(this, "RedisSessionStore");
+  }
+  client;
+  prefix;
+  defaultTTL;
+  constructor(config) {
+    this.client = config.client;
+    this.prefix = config.prefix ?? "mcp:session:";
+    this.defaultTTL = config.defaultTTL ?? 3600;
+  }
+  /**
+   * Get full Redis key for a session ID
+   */
+  getKey(sessionId) {
+    return `${this.prefix}${sessionId}`;
+  }
+  /**
+   * Retrieve session metadata by ID
+   */
+  async get(sessionId) {
+    try {
+      const key = this.getKey(sessionId);
+      const data = await this.client.get(key);
+      if (!data) {
+        return null;
+      }
+      return JSON.parse(data);
+    } catch (error2) {
+      console.error(
+        `[RedisSessionStore] Error getting session ${sessionId}:`,
+        error2
+      );
+      return null;
+    }
+  }
+  /**
+   * Store or update session metadata
+   */
+  async set(sessionId, data) {
+    try {
+      const key = this.getKey(sessionId);
+      const value = JSON.stringify(data);
+      if (this.client.setEx) {
+        await this.client.setEx(key, this.defaultTTL, value);
+      } else if (this.client.setex) {
+        await this.client.setex(key, this.defaultTTL, value);
+      } else {
+        await this.client.set(key, value, { EX: this.defaultTTL });
+      }
+    } catch (error2) {
+      console.error(
+        `[RedisSessionStore] Error setting session ${sessionId}:`,
+        error2
+      );
+      throw error2;
+    }
+  }
+  /**
+   * Delete a session
+   */
+  async delete(sessionId) {
+    try {
+      const key = this.getKey(sessionId);
+      await this.client.del(key);
+    } catch (error2) {
+      console.error(
+        `[RedisSessionStore] Error deleting session ${sessionId}:`,
+        error2
+      );
+      throw error2;
+    }
+  }
+  /**
+   * Check if a session exists
+   */
+  async has(sessionId) {
+    try {
+      const key = this.getKey(sessionId);
+      const exists = await this.client.exists(key);
+      return exists === 1;
+    } catch (error2) {
+      console.error(
+        `[RedisSessionStore] Error checking session ${sessionId}:`,
+        error2
+      );
+      return false;
+    }
+  }
+  /**
+   * List all session IDs
+   *
+   * WARNING: Uses KEYS command which blocks Redis. For production systems with
+   * many sessions, consider using SCAN instead or maintaining a separate SET of
+   * active session IDs.
+   */
+  async keys() {
+    try {
+      const pattern = `${this.prefix}*`;
+      const keys = await this.client.keys(pattern);
+      return keys.map((key) => key.substring(this.prefix.length));
+    } catch (error2) {
+      console.error("[RedisSessionStore] Error listing session keys:", error2);
+      return [];
+    }
+  }
+  /**
+   * Store session metadata with custom TTL (time-to-live)
+   */
+  async setWithTTL(sessionId, data, ttlMs) {
+    try {
+      const key = this.getKey(sessionId);
+      const value = JSON.stringify(data);
+      const ttlSeconds = Math.ceil(ttlMs / 1e3);
+      if (this.client.setEx) {
+        await this.client.setEx(key, ttlSeconds, value);
+      } else if (this.client.setex) {
+        await this.client.setex(key, ttlSeconds, value);
+      } else {
+        await this.client.set(key, value, { EX: ttlSeconds });
+      }
+    } catch (error2) {
+      console.error(
+        `[RedisSessionStore] Error setting session ${sessionId} with TTL:`,
+        error2
+      );
+      throw error2;
+    }
+  }
+  /**
+   * Close Redis connection
+   * Should be called when shutting down the server
+   */
+  async close() {
+    try {
+      await this.client.quit();
+    } catch (error2) {
+      console.error(
+        "[RedisSessionStore] Error closing Redis connection:",
+        error2
+      );
+      throw error2;
+    }
+  }
+  /**
+   * Clear all sessions (useful for testing)
+   * WARNING: This will delete all sessions with the configured prefix
+   *
+   * NOTE: Uses KEYS command which blocks Redis. This is acceptable for testing
+   * but should be avoided in production with large datasets.
+   */
+  async clear() {
+    try {
+      const pattern = `${this.prefix}*`;
+      const keys = await this.client.keys(pattern);
+      if (keys.length > 0) {
+        await this.client.del(keys);
+      }
+    } catch (error2) {
+      console.error("[RedisSessionStore] Error clearing sessions:", error2);
+      throw error2;
+    }
+  }
+};
+
+// src/server/sessions/stores/filesystem.ts
+var import_promises = require("fs/promises");
+var import_node_path = require("path");
+var import_node_fs = require("fs");
+var FileSystemSessionStore = class {
+  static {
+    __name(this, "FileSystemSessionStore");
+  }
+  sessions = /* @__PURE__ */ new Map();
+  filePath;
+  debounceMs;
+  maxAgeMs;
+  saveTimer = null;
+  saving = false;
+  pendingSave = false;
+  constructor(config = {}) {
+    this.filePath = config.path ?? (0, import_node_path.join)(process.cwd(), ".mcp-use", "sessions.json");
+    this.debounceMs = config.debounceMs ?? 100;
+    this.maxAgeMs = config.maxAgeMs ?? 24 * 60 * 60 * 1e3;
+    this.loadSessionsSync();
+  }
+  /**
+   * Load sessions from file synchronously during construction
+   * This ensures sessions are available immediately when the server starts
+   */
+  loadSessionsSync() {
+    try {
+      if (!(0, import_node_fs.existsSync)(this.filePath)) {
+        console.log(
+          `[FileSystemSessionStore] No session file found at ${this.filePath}, starting fresh`
+        );
+        return;
+      }
+      const data = (0, import_node_fs.readFileSync)(this.filePath, "utf-8");
+      const parsed = JSON.parse(data);
+      const now = Date.now();
+      let loadedCount = 0;
+      let expiredCount = 0;
+      for (const [sessionId, metadata] of Object.entries(parsed)) {
+        const sessionMetadata = metadata;
+        const age = now - sessionMetadata.lastAccessedAt;
+        if (age > this.maxAgeMs) {
+          expiredCount++;
+          continue;
+        }
+        this.sessions.set(sessionId, sessionMetadata);
+        loadedCount++;
+      }
+      console.log(
+        `[FileSystemSessionStore] Loaded ${loadedCount} session(s) from ${this.filePath}` + (expiredCount > 0 ? ` (cleaned up ${expiredCount} expired)` : "")
+      );
+    } catch (error2) {
+      if (error2.code === "ENOENT") {
+        console.log(`[FileSystemSessionStore] No existing sessions file`);
+      } else if (error2 instanceof SyntaxError) {
+        console.warn(
+          `[FileSystemSessionStore] Corrupted session file, starting fresh:`,
+          error2.message
+        );
+      } else {
+        console.warn(
+          `[FileSystemSessionStore] Error loading sessions, starting fresh:`,
+          error2.message
+        );
+      }
+    }
+  }
+  /**
+   * Retrieve session metadata by ID
+   */
+  async get(sessionId) {
+    const data = this.sessions.get(sessionId);
+    return data ?? null;
+  }
+  /**
+   * Store or update session metadata
+   * Uses debouncing to batch rapid consecutive writes
+   */
+  async set(sessionId, data) {
+    this.sessions.set(sessionId, data);
+    await this.scheduleSave();
+  }
+  /**
+   * Delete session metadata
+   */
+  async delete(sessionId) {
+    this.sessions.delete(sessionId);
+    await this.scheduleSave();
+  }
+  /**
+   * Check if session exists
+   */
+  async has(sessionId) {
+    return this.sessions.has(sessionId);
+  }
+  /**
+   * List all session IDs
+   */
+  async keys() {
+    return Array.from(this.sessions.keys());
+  }
+  /**
+   * Store session metadata with TTL
+   * Note: TTL is enforced on load, not with timers (simple implementation)
+   */
+  async setWithTTL(sessionId, data, ttlMs) {
+    const metadataWithExpiry = {
+      ...data,
+      lastAccessedAt: Date.now()
+    };
+    this.sessions.set(sessionId, metadataWithExpiry);
+    await this.scheduleSave();
+    setTimeout(() => {
+      this.sessions.delete(sessionId);
+      this.scheduleSave();
+    }, ttlMs);
+  }
+  /**
+   * Get the number of active sessions
+   */
+  get size() {
+    return this.sessions.size;
+  }
+  /**
+   * Clear all sessions
+   */
+  async clear() {
+    this.sessions.clear();
+    await this.scheduleSave();
+  }
+  /**
+   * Schedule a save operation with debouncing
+   * Prevents excessive disk I/O from rapid consecutive writes
+   */
+  async scheduleSave() {
+    if (this.saving) {
+      this.pendingSave = true;
+      return;
+    }
+    if (this.saveTimer) {
+      clearTimeout(this.saveTimer);
+    }
+    this.saveTimer = setTimeout(() => {
+      this.performSave();
+    }, this.debounceMs);
+  }
+  /**
+   * Perform the actual save operation with atomic writes
+   * Uses write-to-temp-then-rename pattern to prevent corruption
+   */
+  async performSave() {
+    this.saveTimer = null;
+    this.saving = true;
+    this.pendingSave = false;
+    try {
+      const dir = (0, import_node_path.dirname)(this.filePath);
+      await (0, import_promises.mkdir)(dir, { recursive: true });
+      const data = {};
+      for (const [sessionId, metadata] of Array.from(this.sessions.entries())) {
+        data[sessionId] = metadata;
+      }
+      const tempPath = `${this.filePath}.tmp`;
+      await (0, import_promises.writeFile)(tempPath, JSON.stringify(data, null, 2), "utf-8");
+      await (0, import_promises.rename)(tempPath, this.filePath);
+      console.debug(
+        `[FileSystemSessionStore] Saved ${this.sessions.size} session(s) to ${this.filePath}`
+      );
+    } catch (error2) {
+      console.error(
+        `[FileSystemSessionStore] Error saving sessions:`,
+        error2.message
+      );
+      try {
+        const tempPath = `${this.filePath}.tmp`;
+        if ((0, import_node_fs.existsSync)(tempPath)) {
+          await (0, import_promises.unlink)(tempPath);
+        }
+      } catch {
+      }
+    } finally {
+      this.saving = false;
+      if (this.pendingSave) {
+        await this.scheduleSave();
+      }
+    }
+  }
+  /**
+   * Force an immediate save (bypasses debouncing)
+   * Useful for ensuring persistence before process exit
+   */
+  async flush() {
+    if (this.saveTimer) {
+      clearTimeout(this.saveTimer);
+      this.saveTimer = null;
+    }
+    await this.performSave();
+  }
+};
+
+// src/server/sessions/streams/memory.ts
+var InMemoryStreamManager = class {
+  static {
+    __name(this, "InMemoryStreamManager");
+  }
+  /**
+   * Map of active SSE stream controllers
+   * Key: sessionId, Value: ReadableStreamDefaultController
+   */
+  streams = /* @__PURE__ */ new Map();
+  /**
+   * Text encoder for converting strings to Uint8Array
+   */
+  textEncoder = new TextEncoder();
+  /**
+   * Register an active SSE stream controller
+   */
+  async create(sessionId, controller) {
+    this.streams.set(sessionId, controller);
+  }
+  /**
+   * Send data to active SSE streams
+   *
+   * Directly enqueues data to in-memory controllers.
+   * For distributed deployments, use RedisStreamManager instead.
+   */
+  async send(sessionIds, data) {
+    const encoded = this.textEncoder.encode(data);
+    if (!sessionIds) {
+      for (const [_id, controller] of this.streams.entries()) {
+        try {
+          controller.enqueue(encoded);
+        } catch (error2) {
+          console.warn(
+            `[InMemoryStreamManager] Failed to send to session ${_id}:`,
+            error2
+          );
+        }
+      }
+    } else {
+      for (const sessionId of sessionIds) {
+        const controller = this.streams.get(sessionId);
+        if (controller) {
+          try {
+            controller.enqueue(encoded);
+          } catch (error2) {
+            console.warn(
+              `[InMemoryStreamManager] Failed to send to session ${sessionId}:`,
+              error2
+            );
+          }
+        }
+      }
+    }
+  }
+  /**
+   * Remove an active SSE stream
+   */
+  async delete(sessionId) {
+    const controller = this.streams.get(sessionId);
+    if (controller) {
+      try {
+        controller.close();
+      } catch (error2) {
+        console.debug(
+          `[InMemoryStreamManager] Controller already closed for session ${sessionId}`
+        );
+      }
+      this.streams.delete(sessionId);
+    }
+  }
+  /**
+   * Check if an active stream exists
+   */
+  async has(sessionId) {
+    return this.streams.has(sessionId);
+  }
+  /**
+   * Close all active streams
+   */
+  async close() {
+    for (const [sessionId, controller] of this.streams.entries()) {
+      try {
+        controller.close();
+      } catch (error2) {
+        console.debug(
+          `[InMemoryStreamManager] Error closing stream for ${sessionId}:`,
+          error2
+        );
+      }
+    }
+    this.streams.clear();
+  }
+  /**
+   * Get the number of active streams
+   * Useful for monitoring
+   */
+  get size() {
+    return this.streams.size;
+  }
+};
+
+// src/server/sessions/streams/redis.ts
+var RedisStreamManager = class {
+  static {
+    __name(this, "RedisStreamManager");
+  }
+  pubSubClient;
+  client;
+  prefix;
+  heartbeatInterval;
+  textEncoder = new TextEncoder();
+  /**
+   * Map of local controllers (only on this server instance)
+   * Key: sessionId, Value: controller
+   */
+  localControllers = /* @__PURE__ */ new Map();
+  /**
+   * Map of heartbeat intervals for keeping sessions alive
+   * Key: sessionId, Value: interval timer
+   */
+  heartbeats = /* @__PURE__ */ new Map();
+  constructor(config) {
+    this.pubSubClient = config.pubSubClient;
+    this.client = config.client;
+    this.prefix = config.prefix ?? "mcp:stream:";
+    this.heartbeatInterval = config.heartbeatInterval ?? 10;
+  }
+  /**
+   * Get the Redis channel name for a session
+   */
+  getChannel(sessionId) {
+    return `${this.prefix}${sessionId}`;
+  }
+  /**
+   * Get the Redis key for tracking active sessions
+   */
+  getAvailableKey(sessionId) {
+    return `available:${this.prefix}${sessionId}`;
+  }
+  /**
+   * Get the Redis key for the active sessions SET
+   */
+  getActiveSessionsKey() {
+    return `${this.prefix}active`;
+  }
+  /**
+   * Register an active SSE stream and subscribe to Redis channel
+   */
+  async create(sessionId, controller) {
+    try {
+      this.localControllers.set(sessionId, controller);
+      const availableKey = this.getAvailableKey(sessionId);
+      await this.client.set(availableKey, "active");
+      if (this.client.expire) {
+        await this.client.expire(availableKey, this.heartbeatInterval * 2);
+      }
+      const activeSessionsKey = this.getActiveSessionsKey();
+      if (this.client.sAdd) {
+        await this.client.sAdd(activeSessionsKey, sessionId);
+        if (this.client.expire) {
+          await this.client.expire(
+            activeSessionsKey,
+            this.heartbeatInterval * 2
+          );
+        }
+      }
+      const heartbeat = setInterval(async () => {
+        try {
+          if (this.client.expire) {
+            await this.client.expire(availableKey, this.heartbeatInterval * 2);
+            const activeSessionsKey2 = this.getActiveSessionsKey();
+            await this.client.expire(
+              activeSessionsKey2,
+              this.heartbeatInterval * 2
+            );
+          }
+        } catch (error2) {
+          console.warn(
+            `[RedisStreamManager] Heartbeat failed for session ${sessionId}:`,
+            error2
+          );
+        }
+      }, this.heartbeatInterval * 1e3);
+      this.heartbeats.set(sessionId, heartbeat);
+      const channel = this.getChannel(sessionId);
+      if (!this.pubSubClient.subscribe) {
+        throw new Error(
+          "[RedisStreamManager] Redis client does not support subscribe method"
+        );
+      }
+      await this.pubSubClient.subscribe(channel, (message) => {
+        const localController = this.localControllers.get(sessionId);
+        if (localController) {
+          try {
+            localController.enqueue(this.textEncoder.encode(message));
+          } catch (error2) {
+            console.warn(
+              `[RedisStreamManager] Failed to enqueue message for ${sessionId}:`,
+              error2
+            );
+          }
+        }
+      });
+      const deleteChannel = `delete:${this.getChannel(sessionId)}`;
+      await this.pubSubClient.subscribe(deleteChannel, async () => {
+        await this.delete(sessionId);
+      });
+      console.log(
+        `[RedisStreamManager] Created stream for session ${sessionId}`
+      );
+    } catch (error2) {
+      console.error(
+        `[RedisStreamManager] Error creating stream for ${sessionId}:`,
+        error2
+      );
+      throw error2;
+    }
+  }
+  /**
+   * Send data to sessions via Redis Pub/Sub
+   *
+   * This works across distributed servers - any server with an active
+   * SSE connection for the target session will receive and forward the message.
+   *
+   * Note: Uses the regular client (not pubSubClient) for publishing.
+   * In node-redis v5+, clients in subscriber mode cannot publish.
+   */
+  async send(sessionIds, data) {
+    try {
+      if (!sessionIds) {
+        const activeSessionsKey = this.getActiveSessionsKey();
+        if (this.client.sMembers) {
+          const sessionIds2 = await this.client.sMembers(activeSessionsKey);
+          for (const sessionId of sessionIds2) {
+            const channel = this.getChannel(sessionId);
+            if (!this.client.publish) {
+              throw new Error(
+                "[RedisStreamManager] Redis client does not support publish method"
+              );
+            }
+            await this.client.publish(channel, data);
+          }
+        } else {
+          const pattern = `available:${this.prefix}*`;
+          const keys = await this.client.keys(pattern);
+          for (const key of keys) {
+            const sessionId = key.replace(`available:${this.prefix}`, "");
+            const channel = this.getChannel(sessionId);
+            if (!this.client.publish) {
+              throw new Error(
+                "[RedisStreamManager] Redis client does not support publish method"
+              );
+            }
+            await this.client.publish(channel, data);
+          }
+        }
+      } else {
+        for (const sessionId of sessionIds) {
+          const channel = this.getChannel(sessionId);
+          if (!this.client.publish) {
+            throw new Error(
+              "[RedisStreamManager] Redis client does not support publish method"
+            );
+          }
+          await this.client.publish(channel, data);
+        }
+      }
+    } catch (error2) {
+      console.error(`[RedisStreamManager] Error sending to sessions:`, error2);
+      throw error2;
+    }
+  }
+  /**
+   * Remove an active SSE stream
+   */
+  async delete(sessionId) {
+    try {
+      const heartbeat = this.heartbeats.get(sessionId);
+      if (heartbeat) {
+        clearInterval(heartbeat);
+        this.heartbeats.delete(sessionId);
+      }
+      const channel = this.getChannel(sessionId);
+      const deleteChannel = `delete:${channel}`;
+      if (!this.pubSubClient.unsubscribe) {
+        throw new Error(
+          "[RedisStreamManager] Redis client does not support unsubscribe method"
+        );
+      }
+      await this.pubSubClient.unsubscribe(channel);
+      await this.pubSubClient.unsubscribe(deleteChannel);
+      if (!this.client.publish) {
+        throw new Error(
+          "[RedisStreamManager] Redis client does not support publish method"
+        );
+      }
+      await this.client.publish(deleteChannel, "");
+      await this.client.del(this.getAvailableKey(sessionId));
+      const activeSessionsKey = this.getActiveSessionsKey();
+      if (this.client.sRem) {
+        await this.client.sRem(activeSessionsKey, sessionId);
+      }
+      const controller = this.localControllers.get(sessionId);
+      if (controller) {
+        try {
+          controller.close();
+        } catch (error2) {
+          console.debug(
+            `[RedisStreamManager] Controller already closed for ${sessionId}`
+          );
+        }
+        this.localControllers.delete(sessionId);
+      }
+      console.log(
+        `[RedisStreamManager] Deleted stream for session ${sessionId}`
+      );
+    } catch (error2) {
+      console.error(
+        `[RedisStreamManager] Error deleting stream for ${sessionId}:`,
+        error2
+      );
+      throw error2;
+    }
+  }
+  /**
+   * Check if a session has an active stream (on ANY server)
+   */
+  async has(sessionId) {
+    try {
+      const availableKey = this.getAvailableKey(sessionId);
+      const exists = await this.client.exists(availableKey);
+      return exists === 1;
+    } catch (error2) {
+      console.error(
+        `[RedisStreamManager] Error checking session ${sessionId}:`,
+        error2
+      );
+      return false;
+    }
+  }
+  /**
+   * Close all connections and cleanup
+   */
+  async close() {
+    try {
+      for (const heartbeat of this.heartbeats.values()) {
+        clearInterval(heartbeat);
+      }
+      this.heartbeats.clear();
+      const activeSessionsKey = this.getActiveSessionsKey();
+      const sessionIdsToCleanup = Array.from(this.localControllers.keys());
+      for (const sessionId of sessionIdsToCleanup) {
+        await this.client.del(this.getAvailableKey(sessionId));
+        if (this.client.sRem) {
+          await this.client.sRem(activeSessionsKey, sessionId);
+        }
+      }
+      for (const controller of this.localControllers.values()) {
+        try {
+          controller.close();
+        } catch (error2) {
+        }
+      }
+      this.localControllers.clear();
+      console.log(`[RedisStreamManager] Closed all streams`);
+    } catch (error2) {
+      console.error(`[RedisStreamManager] Error during close:`, error2);
+      throw error2;
+    }
+  }
+  /**
+   * Get count of active local streams on this server instance
+   */
+  get localSize() {
+    return this.localControllers.size;
+  }
+};
+
+// src/server/endpoints/mount-mcp.ts
+init_runtime();
+init_telemetry2();
+var import_node_path2 = require("path");
+async function mountMcp(app, mcpServerInstance, sessions, config, isProductionMode2) {
+  const { FetchStreamableHTTPServerTransport } = await import("@mcp-use/modelcontextprotocol-sdk/experimental/fetch-streamable-http/index.js");
+  const idleTimeoutMs = config.sessionIdleTimeoutMs ?? 3e5;
+  const sessionStore = config.sessionStore ?? (isProductionMode2 ? new InMemorySessionStore() : new FileSystemSessionStore({
+    path: (0, import_node_path2.join)(process.cwd(), ".mcp-use", "sessions.json")
+  }));
+  const streamManager = config.streamManager ?? new InMemoryStreamManager();
+  const transports = /* @__PURE__ */ new Map();
+  if (config.autoCreateSessionOnInvalidId !== void 0) {
+    console.warn(
+      "[MCP] WARNING: 'autoCreateSessionOnInvalidId' is deprecated and will be removed in a future version.\nThe MCP specification requires clients to send a new InitializeRequest when receiving a 404 for stale sessions.\nModern MCP clients handle this correctly. For session persistence across restarts, use the 'sessionStore' option.\nSee: https://modelcontextprotocol.io/specification/2025-11-25/basic/transports#session-management"
+    );
+  }
+  let idleCleanupInterval;
+  if (!config.stateless && idleTimeoutMs > 0) {
+    idleCleanupInterval = startIdleCleanup(
+      sessions,
+      idleTimeoutMs,
+      transports,
+      mcpServerInstance
+    );
+  }
+  const handleRequest = /* @__PURE__ */ __name(async (c) => {
+    const acceptHeader = c.req.header("Accept") || c.req.header("accept") || "";
+    const clientSupportsSSE = acceptHeader.includes("text/event-stream");
+    const useStatelessMode = config.stateless || !clientSupportsSSE;
+    if (useStatelessMode) {
+      const server = mcpServerInstance.getServerForSession();
+      const transport = new FetchStreamableHTTPServerTransport({
+        sessionIdGenerator: void 0,
+        // No session tracking
+        // Enable plain JSON responses ONLY if client doesn't support SSE
+        // This allows k6/curl to work while maintaining SSE format for compatible clients
+        enableJsonResponse: !clientSupportsSSE
+      });
+      try {
+        await server.connect(transport);
+        const request = c.req.raw;
+        if (!clientSupportsSSE) {
+          const modifiedRequest = new Request(request.url, {
+            method: request.method,
+            headers: {
+              ...Object.fromEntries(request.headers.entries()),
+              Accept: "application/json, text/event-stream"
+            },
+            body: request.body,
+            ...request.body && { duplex: "half" }
+          });
+          return await transport.handleRequest(modifiedRequest);
+        }
+        return await transport.handleRequest(request);
+      } catch (error2) {
+        console.error("[MCP] Stateless request error:", error2);
+        transport.close();
+        server.close();
+        throw error2;
+      }
+    } else {
+      const sessionId = c.req.header("mcp-session-id");
+      if (c.req.method === "HEAD") {
+        if (sessionId && await sessionStore.has(sessionId)) {
+          const session = await sessionStore.get(sessionId);
+          if (session) {
+            session.lastAccessedAt = Date.now();
+            await sessionStore.set(sessionId, session);
+          }
+        }
+        return new Response(null, { status: 200 });
+      }
+      if (sessionId && await sessionStore.has(sessionId) && !transports.has(sessionId)) {
+        console.log(
+          `[MCP] Session metadata found but transport lost (likely hot reload): ${sessionId} - recreating transport`
+        );
+        const server2 = mcpServerInstance.getServerForSession();
+        const transport2 = new FetchStreamableHTTPServerTransport({
+          sessionIdGenerator: /* @__PURE__ */ __name(() => sessionId, "sessionIdGenerator"),
+          // Reuse existing session ID
+          onsessioninitialized: /* @__PURE__ */ __name(async (sid) => {
+            console.log(`[MCP] Session reconnected: ${sid}`);
+            transports.set(sid, transport2);
+            const metadata = await sessionStore.get(sid);
+            const sessionData = {
+              transport: transport2,
+              server: server2,
+              lastAccessedAt: Date.now(),
+              context: c,
+              honoContext: c,
+              ...metadata || {}
+            };
+            sessions.set(sid, sessionData);
+            server2.server.oninitialized = async () => {
+              const clientCapabilities = server2.server.getClientCapabilities();
+              const clientInfo = server2.server.getClientInfo?.() || {};
+              const protocolVersion = server2.server.getProtocolVersion?.() || "unknown";
+              const metadata2 = await sessionStore.get(sid);
+              if (metadata2) {
+                metadata2.clientCapabilities = clientCapabilities;
+                metadata2.clientInfo = clientInfo;
+                metadata2.protocolVersion = String(protocolVersion);
+                await sessionStore.set(sid, metadata2);
+              }
+              const sessionData2 = sessions.get(sid);
+              if (sessionData2) {
+                sessionData2.clientCapabilities = clientCapabilities;
+              }
+              Telemetry.getInstance().trackServerInitialize({
+                protocolVersion: String(protocolVersion),
+                clientInfo: clientInfo || {},
+                clientCapabilities: clientCapabilities || {},
+                sessionId: sid
+              }).catch(
+                (e) => console.debug(`Failed to track server initialize: ${e}`)
+              );
+              if (!isProductionMode2) {
+                console.log(
+                  `[MCP] Development mode: Sending list_changed notifications to reconnected session ${sid}`
+                );
+                try {
+                  const { sendNotificationToSession: sendNotificationToSession3 } = await Promise.resolve().then(() => (init_notifications(), notifications_exports));
+                  await sendNotificationToSession3(
+                    sessions,
+                    sid,
+                    "notifications/tools/list_changed"
+                  );
+                  await sendNotificationToSession3(
+                    sessions,
+                    sid,
+                    "notifications/resources/list_changed"
+                  );
+                  await sendNotificationToSession3(
+                    sessions,
+                    sid,
+                    "notifications/prompts/list_changed"
+                  );
+                } catch (err) {
+                  console.debug(
+                    `[MCP] Failed to send list_changed notification:`,
+                    err
+                  );
+                }
+              }
+            };
+          }, "onsessioninitialized"),
+          onsessionclosed: /* @__PURE__ */ __name(async (sid) => {
+            console.log(`[MCP] Session closed: ${sid}`);
+            transports.delete(sid);
+            await streamManager.delete(sid);
+            await sessionStore.delete(sid);
+            sessions.delete(sid);
+            mcpServerInstance.cleanupSessionSubscriptions?.(sid);
+          }, "onsessionclosed")
+        });
+        await server2.connect(transport2);
+        return transport2.handleRequest(c.req.raw);
+      }
+      if (sessionId && !await sessionStore.has(sessionId)) {
+        console.log(
+          `[MCP] Session not found: ${sessionId} - returning 404 (client should re-initialize)`
+        );
+        return c.json(
+          {
+            jsonrpc: "2.0",
+            error: { code: -32001, message: "Session not found" },
+            id: null
+          },
+          404
+        );
+      }
+      if (sessionId && transports.has(sessionId)) {
+        const transport2 = transports.get(sessionId);
+        const metadata = await sessionStore.get(sessionId);
+        if (metadata) {
+          metadata.lastAccessedAt = Date.now();
+          await sessionStore.set(sessionId, metadata);
+        }
+        const sessionData = sessions.get(sessionId);
+        if (sessionData) {
+          sessionData.lastAccessedAt = Date.now();
+          sessionData.context = c;
+          sessionData.honoContext = c;
+        }
+        return transport2.handleRequest(c.req.raw);
+      }
+      const server = mcpServerInstance.getServerForSession();
+      const transport = new FetchStreamableHTTPServerTransport({
+        sessionIdGenerator: /* @__PURE__ */ __name(() => generateUUID(), "sessionIdGenerator"),
+        onsessioninitialized: /* @__PURE__ */ __name(async (sid) => {
+          console.log(`[MCP] Session initialized: ${sid}`);
+          transports.set(sid, transport);
+          const sessionData = {
+            transport,
+            server,
+            lastAccessedAt: Date.now(),
+            context: c,
+            honoContext: c
+          };
+          sessions.set(sid, sessionData);
+          await sessionStore.set(sid, {
+            lastAccessedAt: Date.now()
+          });
+          server.server.oninitialized = async () => {
+            const clientCapabilities = server.server.getClientCapabilities();
+            const clientInfo = server.server.getClientInfo?.() || {};
+            const protocolVersion = server.server.getProtocolVersion?.() || "unknown";
+            const metadata = await sessionStore.get(sid);
+            if (metadata) {
+              metadata.clientCapabilities = clientCapabilities;
+              metadata.clientInfo = clientInfo;
+              metadata.protocolVersion = String(protocolVersion);
+              await sessionStore.set(sid, metadata);
+              console.log(
+                `[MCP] Captured client capabilities for session ${sid}:`,
+                clientCapabilities ? Object.keys(clientCapabilities) : "none"
+              );
+            }
+            const sessionData2 = sessions.get(sid);
+            if (sessionData2) {
+              sessionData2.clientCapabilities = clientCapabilities;
+            }
+            Telemetry.getInstance().trackServerInitialize({
+              protocolVersion: String(protocolVersion),
+              clientInfo: clientInfo || {},
+              clientCapabilities: clientCapabilities || {},
+              sessionId: sid
+            }).catch(
+              (e) => console.debug(`Failed to track server initialize: ${e}`)
+            );
+          };
+        }, "onsessioninitialized"),
+        onsessionclosed: /* @__PURE__ */ __name(async (sid) => {
+          console.log(`[MCP] Session closed: ${sid}`);
+          transports.delete(sid);
+          await streamManager.delete(sid);
+          await sessionStore.delete(sid);
+          sessions.delete(sid);
+          mcpServerInstance.cleanupSessionSubscriptions?.(sid);
+        }, "onsessionclosed")
+      });
+      await server.connect(transport);
+      return transport.handleRequest(c.req.raw);
+    }
+  }, "handleRequest");
+  for (const endpoint of ["/mcp", "/sse"]) {
+    app.on(["GET", "POST", "DELETE", "HEAD"], endpoint, handleRequest);
+  }
+  console.log(
+    `[MCP] Server mounted at /mcp and /sse (${config.stateless ? "stateless" : "stateful"} mode)`
+  );
+  return { mcpMounted: true, idleCleanupInterval };
+}
+__name(mountMcp, "mountMcp");
+
+// src/server/oauth/routes.ts
+var import_cors2 = require("hono/cors");
+function setupOAuthRoutes(app, provider, baseUrl) {
+  const mode = provider.getMode?.() || "proxy";
+  app.use(
+    "/.well-known/*",
+    (0, import_cors2.cors)({
+      origin: "*",
+      // Allow all origins for metadata discovery
+      allowMethods: ["GET", "OPTIONS"],
+      allowHeaders: ["Content-Type", "Authorization"],
+      exposeHeaders: ["Content-Type"],
+      maxAge: 86400
+      // Cache preflight for 24 hours
+    })
+  );
+  if (mode === "proxy") {
+    app.use(
+      "/authorize",
+      (0, import_cors2.cors)({
+        origin: "*",
+        allowMethods: ["GET", "POST", "OPTIONS"],
+        allowHeaders: ["Content-Type", "Authorization"],
+        maxAge: 86400
+      })
+    );
+    app.use(
+      "/token",
+      (0, import_cors2.cors)({
+        origin: "*",
+        allowMethods: ["POST", "OPTIONS"],
+        allowHeaders: ["Content-Type", "Authorization"],
+        maxAge: 86400
+      })
+    );
+  }
+  if (mode === "proxy") {
+    const handleAuthorize = /* @__PURE__ */ __name(async (c) => {
+      const params = c.req.method === "POST" ? await c.req.parseBody() : c.req.query();
+      const clientId = params.client_id;
       const redirectUri = params.redirect_uri;
       const responseType = params.response_type;
       const codeChallenge = params.code_challenge;
@@ -5042,6 +6198,7 @@ var MCPServerClass = class {
   serverPort;
   serverHost;
   serverBaseUrl;
+  favicon;
   registeredTools = [];
   registeredPrompts = [];
   registeredResources = [];
@@ -5099,8 +6256,15 @@ var MCPServerClass = class {
    */
   constructor(config) {
     this.config = config;
+    if (this.config.stateless === void 0) {
+      this.config.stateless = isDeno;
+      if (this.config.stateless) {
+        console.log("[MCP] Deno detected - using stateless mode (no sessions)");
+      }
+    }
     this.serverHost = config.host || "localhost";
     this.serverBaseUrl = config.baseUrl;
+    this.favicon = config.favicon;
     this.nativeServer = new import_mcp2.McpServer(
       {
         name: config.name,
@@ -5165,7 +6329,10 @@ var MCPServerClass = class {
               "openai/widgetAccessible": widgetConfig.widgetAccessible ?? true,
               "openai/resultCanProduceWidget": widgetConfig.resultCanProduceWidget ?? true
             };
-            result._meta = responseMeta;
+            result._meta = {
+              ...result._meta || {},
+              ...responseMeta
+            };
             if (result.content?.[0]?.type === "text" && !result.content[0].text) {
               result.content[0].text = `Displaying ${widgetName}`;
             }
@@ -5568,6 +6735,9 @@ var MCPServerClass = class {
   getActiveSessions = getActiveSessions;
   sendNotification = sendNotification;
   sendNotificationToSession = sendNotificationToSession2;
+  sendToolsListChanged = sendToolsListChanged;
+  sendResourcesListChanged = sendResourcesListChanged;
+  sendPromptsListChanged = sendPromptsListChanged;
   /**
    * Notify subscribed clients that a resource has been updated
    *
@@ -5820,7 +6990,8 @@ function createMCPServer(name, config = {}) {
     allowedOrigins: config.allowedOrigins,
     sessionIdleTimeoutMs: config.sessionIdleTimeoutMs,
     autoCreateSessionOnInvalidId: config.autoCreateSessionOnInvalidId,
-    oauth: config.oauth
+    oauth: config.oauth,
+    favicon: config.favicon
   });
   return instance;
 }