mcp-use 1.11.0-canary.8 → 1.11.0

package/dist/src/server/index.js

@@ -7,13 +7,18 @@ import {
   createEnhancedContext,
   findSessionContext,
   isValidLogLevel
-} from "../../chunk-4LZSXUFM.js";
+} from "../../chunk-B7AGEK7F.js";
 import {
   convertToolResultToResourceResult
 } from "../../chunk-362PI25Z.js";
 import {
   convertToolResultToPromptResult
 } from "../../chunk-2EYAMIT3.js";
+import {
+  createRequest,
+  sendNotificationToAll,
+  sendNotificationToSession
+} from "../../chunk-UWWLWLS2.js";
 import "../../chunk-KUEVOU4M.js";
 import {
   Telemetry,
@@ -25,7 +30,7 @@ import {
   getPackageVersion,
   isDeno,
   pathHelpers
-} from "../../chunk-JPKFN73V.js";
+} from "../../chunk-ZLZOOXMJ.js";
 import "../../chunk-FRUZDWXH.js";
 import {
   __name
@@ -40,7 +45,7 @@ import {
   McpError,
   ErrorCode
 } from "@mcp-use/modelcontextprotocol-sdk/types.js";
-import { z as z2 } from "zod";
+import { z as z3 } from "zod";
 
 // src/server/utils/response-helpers.ts
 function text(content) {
@@ -314,18 +319,23 @@ function binary(base64Data, mimeType) {
 }
 __name(binary, "binary");
 function widget(config) {
-  const { props, output, message } = config;
-  const finalContent = message ? [{ type: "text", text: message }] : output.content || [{ type: "text", text: "" }];
-  return {
+  const props = config.props || config.data || {};
+  const { output, message } = config;
+  const finalContent = message ? [{ type: "text", text: message }] : Array.isArray(output?.content) && output.content.length > 0 ? output.content : [{ type: "text", text: "" }];
+  const meta = {
+    ...output?._meta || {},
+    "mcp-use/props": props
+  };
+  const result = {
     content: finalContent,
-    ...output.structuredContent && {
-      structuredContent: output.structuredContent
-    },
-    _meta: {
-      ...output._meta || {},
-      "mcp-use/props": props
-    }
+    _meta: meta
   };
+  if (output?.structuredContent) {
+    result.structuredContent = output.structuredContent;
+  } else if (Object.keys(props).length > 0) {
+    result.structuredContent = props;
+  }
+  return result;
 }
 __name(widget, "widget");
 function mix(...results) {
@@ -1504,12 +1514,16 @@ export default PostHog;
       const mod = await viteServer.ssrLoadModule(widget2.entry);
       if (mod.widgetMetadata) {
         metadata = mod.widgetMetadata;
-        if (metadata.inputs) {
+        const schemaField = metadata.props || metadata.inputs;
+        if (schemaField) {
           try {
-            metadata.inputs = metadata.inputs.shape || metadata.inputs;
+            metadata.props = schemaField;
+            if (!metadata.inputs) {
+              metadata.inputs = schemaField;
+            }
           } catch (error2) {
             console.warn(
-              `[WIDGET] Failed to extract props schema for ${widget2.name}:`,
+              `[WIDGET] Failed to extract schema for ${widget2.name}:`,
               error2
             );
           }
@@ -1697,6 +1711,7 @@ function setupWidgetRoutes(app, serverConfig) {
 __name(setupWidgetRoutes, "setupWidgetRoutes");
 
 // src/server/widgets/ui-resource-registration.ts
+import z from "zod";
 function uiResourceRegistration(server, definition) {
   const displayName = definition.title || definition.name;
   if (definition.type === "appsSdk" && definition._meta) {
@@ -1802,69 +1817,76 @@ function uiResourceRegistration(server, definition) {
         }
       }
     }
-    server.tool(
-      {
-        name: definition.name,
-        title: definition.title,
-        description: definition.description,
-        inputs: convertPropsToInputs(definition.props),
-        annotations: definition.toolAnnotations,
-        _meta: Object.keys(toolMetadata).length > 0 ? toolMetadata : void 0
-      },
-      async (params) => {
-        const uiResource = await createWidgetUIResource(
-          definition,
-          params,
-          serverConfig
+    const widgetMetadata2 = definition._meta?.["mcp-use/widget"];
+    const propsOrSchema = definition.props || widgetMetadata2?.props || widgetMetadata2?.inputs || widgetMetadata2?.schema;
+    const isZodSchema = propsOrSchema && typeof propsOrSchema === "object" && propsOrSchema instanceof z.ZodObject;
+    const toolDefinition = {
+      name: definition.name,
+      title: definition.title,
+      description: definition.description,
+      annotations: definition.toolAnnotations,
+      _meta: Object.keys(toolMetadata).length > 0 ? toolMetadata : void 0
+    };
+    if (isZodSchema) {
+      toolDefinition.schema = propsOrSchema;
+    } else if (propsOrSchema) {
+      toolDefinition.inputs = convertPropsToInputs(
+        propsOrSchema
+      );
+    }
+    server.tool(toolDefinition, async (params) => {
+      const uiResource = await createWidgetUIResource(
+        definition,
+        params,
+        serverConfig
+      );
+      if (definition.type === "appsSdk") {
+        const randomId = Math.random().toString(36).substring(2, 15);
+        const uniqueUri = generateWidgetUri(
+          definition.name,
+          server.buildId,
+          ".html",
+          randomId
         );
-        if (definition.type === "appsSdk") {
-          const randomId = Math.random().toString(36).substring(2, 15);
-          const uniqueUri = generateWidgetUri(
-            definition.name,
-            server.buildId,
-            ".html",
-            randomId
-          );
-          const uniqueToolMetadata = {
-            ...toolMetadata,
-            "openai/outputTemplate": uniqueUri,
-            "mcp-use/props": params
-            // Pass params as widget props
-          };
-          let toolOutputResult;
-          if (definition.toolOutput) {
-            toolOutputResult = typeof definition.toolOutput === "function" ? definition.toolOutput(params) : definition.toolOutput;
-          } else {
-            toolOutputResult = {
-              content: [
-                {
-                  type: "text",
-                  text: `Displaying ${displayName}`
-                }
-              ]
-            };
-          }
-          const content = toolOutputResult.content || [
-            { type: "text", text: `Displaying ${displayName}` }
-          ];
-          return {
-            _meta: uniqueToolMetadata,
-            content,
-            structuredContent: toolOutputResult.structuredContent
+        const uniqueToolMetadata = {
+          ...toolMetadata,
+          "openai/outputTemplate": uniqueUri,
+          "mcp-use/props": params
+          // Pass params as widget props
+        };
+        let toolOutputResult;
+        if (definition.toolOutput) {
+          toolOutputResult = typeof definition.toolOutput === "function" ? definition.toolOutput(params) : definition.toolOutput;
+        } else {
+          toolOutputResult = {
+            content: [
+              {
+                type: "text",
+                text: `Displaying ${displayName}`
+              }
+            ]
           };
         }
+        const content = toolOutputResult.content || [
+          { type: "text", text: `Displaying ${displayName}` }
+        ];
         return {
-          content: [
-            {
-              type: "text",
-              text: `Displaying ${displayName}`,
-              description: `Show MCP-UI widget for ${displayName}`
-            },
-            uiResource
-          ]
+          _meta: uniqueToolMetadata,
+          content,
+          structuredContent: toolOutputResult.structuredContent
         };
       }
-    );
+      return {
+        content: [
+          {
+            type: "text",
+            text: `Displaying ${displayName}`,
+            description: `Show MCP-UI widget for ${displayName}`
+          },
+          uiResource
+        ]
+      };
+    });
   }
   return server;
 }
@@ -1926,9 +1948,9 @@ async function mountInspectorUI(app, serverHost, serverPort, isProduction) {
 __name(mountInspectorUI, "mountInspectorUI");
 
 // src/server/tools/schema-helpers.ts
-import { z } from "zod";
+import { z as z2 } from "zod";
 function convertZodSchemaToParams(zodSchema) {
-  if (!(zodSchema instanceof z.ZodObject)) {
+  if (!(zodSchema instanceof z2.ZodObject)) {
     throw new Error("schema must be a Zod object schema (z.object({...}))");
   }
   const shape = zodSchema.shape;
@@ -1945,22 +1967,22 @@ function createParamsSchema(inputs) {
     let zodType;
     switch (input.type) {
       case "string":
-        zodType = z.string();
+        zodType = z2.string();
         break;
       case "number":
-        zodType = z.number();
+        zodType = z2.number();
         break;
       case "boolean":
-        zodType = z.boolean();
+        zodType = z2.boolean();
         break;
       case "object":
-        zodType = z.object({});
+        zodType = z2.object({});
         break;
       case "array":
-        zodType = z.array(z.any());
+        zodType = z2.array(z2.any());
         break;
       default:
-        zodType = z.any();
+        zodType = z2.any();
     }
     if (input.description) {
       zodType = zodType.describe(input.description);
@@ -2195,7 +2217,7 @@ function registerResource(resourceDefinition, callback) {
   const explicitMimeType = resourceDefinition.mimeType;
   const wrappedCallback = /* @__PURE__ */ __name(async () => {
     const { getRequestContext: getRequestContext2, runWithContext: runWithContext2 } = await import("../../context-storage-NA4MHWOZ.js");
-    const { findSessionContext: findSessionContext2 } = await import("../../tool-execution-helpers-EYAIJERC.js");
+    const { findSessionContext: findSessionContext2 } = await import("../../tool-execution-helpers-ZUA5D5IO.js");
     const initialRequestContext = getRequestContext2();
     const sessions = this.sessions || /* @__PURE__ */ new Map();
     const { requestContext } = findSessionContext2(
@@ -2273,7 +2295,7 @@ function registerResourceTemplate(resourceTemplateDefinition, callback) {
     async (uri) => {
       const params = this.parseTemplateUri(uriTemplate, uri.toString());
       const { getRequestContext: getRequestContext2, runWithContext: runWithContext2 } = await import("../../context-storage-NA4MHWOZ.js");
-      const { findSessionContext: findSessionContext2 } = await import("../../tool-execution-helpers-EYAIJERC.js");
+      const { findSessionContext: findSessionContext2 } = await import("../../tool-execution-helpers-ZUA5D5IO.js");
       const initialRequestContext = getRequestContext2();
       const sessions = this.sessions || /* @__PURE__ */ new Map();
       const { requestContext } = findSessionContext2(
@@ -2328,7 +2350,7 @@ function registerPrompt(promptDefinition, callback) {
   }
   const wrappedCallback = /* @__PURE__ */ __name(async (params, extra) => {
     const { getRequestContext: getRequestContext2, runWithContext: runWithContext2 } = await import("../../context-storage-NA4MHWOZ.js");
-    const { findSessionContext: findSessionContext2 } = await import("../../tool-execution-helpers-EYAIJERC.js");
+    const { findSessionContext: findSessionContext2 } = await import("../../tool-execution-helpers-ZUA5D5IO.js");
     const initialRequestContext = getRequestContext2();
     const sessions = this.sessions || /* @__PURE__ */ new Map();
     const { requestContext } = findSessionContext2(
@@ -2365,25 +2387,6 @@ function registerPrompt(promptDefinition, callback) {
 }
 __name(registerPrompt, "registerPrompt");
 
-// src/server/utils/jsonrpc-helpers.ts
-function createNotification(method, params) {
-  return {
-    jsonrpc: "2.0",
-    method,
-    ...params && { params }
-  };
-}
-__name(createNotification, "createNotification");
-function createRequest(id, method, params) {
-  return {
-    jsonrpc: "2.0",
-    id,
-    method,
-    ...params && { params }
-  };
-}
-__name(createRequest, "createRequest");
-
 // src/server/roots/roots-registration.ts
 function onRootsChanged(callback) {
   this.onRootsChangedCallback = callback;
@@ -2545,40 +2548,6 @@ async function requestLogger(c, next) {
 }
 __name(requestLogger, "requestLogger");
 
-// src/server/sessions/notifications.ts
-async function sendNotificationToAll(sessions, method, params) {
-  const notification = createNotification(method, params);
-  for (const [sessionId, session] of sessions.entries()) {
-    try {
-      await session.transport.send(notification);
-    } catch (error2) {
-      console.warn(
-        `[MCP] Failed to send notification to session ${sessionId}:`,
-        error2
-      );
-    }
-  }
-}
-__name(sendNotificationToAll, "sendNotificationToAll");
-async function sendNotificationToSession(sessions, sessionId, method, params) {
-  const session = sessions.get(sessionId);
-  if (!session) {
-    return false;
-  }
-  const notification = createNotification(method, params);
-  try {
-    await session.transport.send(notification);
-    return true;
-  } catch (error2) {
-    console.warn(
-      `[MCP] Failed to send notification to session ${sessionId}:`,
-      error2
-    );
-    return false;
-  }
-}
-__name(sendNotificationToSession, "sendNotificationToSession");
-
 // src/server/notifications/notification-registration.ts
 function getActiveSessions() {
   return Array.from(this.sessions.keys());
@@ -2597,6 +2566,27 @@ async function sendNotificationToSession2(sessionId, method, params) {
   );
 }
 __name(sendNotificationToSession2, "sendNotificationToSession");
+async function sendToolsListChanged() {
+  await sendNotificationToAll(
+    this.sessions,
+    "notifications/tools/list_changed"
+  );
+}
+__name(sendToolsListChanged, "sendToolsListChanged");
+async function sendResourcesListChanged() {
+  await sendNotificationToAll(
+    this.sessions,
+    "notifications/resources/list_changed"
+  );
+}
+__name(sendResourcesListChanged, "sendResourcesListChanged");
+async function sendPromptsListChanged() {
+  await sendNotificationToAll(
+    this.sessions,
+    "notifications/prompts/list_changed"
+  );
+}
+__name(sendPromptsListChanged, "sendPromptsListChanged");
 
 // src/server/sessions/session-manager.ts
 function startIdleCleanup(sessions, idleTimeoutMs, transports, mcpServerInstance) {
@@ -2637,11 +2627,836 @@ function startIdleCleanup(sessions, idleTimeoutMs, transports, mcpServerInstance
 }
 __name(startIdleCleanup, "startIdleCleanup");
 
+// src/server/sessions/stores/memory.ts
+var InMemorySessionStore = class {
+  static {
+    __name(this, "InMemorySessionStore");
+  }
+  /**
+   * Internal map storing session metadata
+   * Key: sessionId, Value: SessionMetadata
+   */
+  sessions = /* @__PURE__ */ new Map();
+  /**
+   * Retrieve session metadata by ID
+   */
+  async get(sessionId) {
+    const data = this.sessions.get(sessionId);
+    return data ?? null;
+  }
+  /**
+   * Store or update session metadata
+   */
+  async set(sessionId, data) {
+    this.sessions.set(sessionId, data);
+  }
+  /**
+   * Delete session metadata
+   */
+  async delete(sessionId) {
+    this.sessions.delete(sessionId);
+  }
+  /**
+   * Check if session exists
+   */
+  async has(sessionId) {
+    return this.sessions.has(sessionId);
+  }
+  /**
+   * List all session IDs
+   */
+  async keys() {
+    return Array.from(this.sessions.keys());
+  }
+  /**
+   * Store session metadata with TTL (time-to-live)
+   *
+   * Note: In-memory implementation uses setTimeout for TTL.
+   * For production TTL support, use Redis or another store with native TTL.
+   */
+  async setWithTTL(sessionId, data, ttlMs) {
+    this.sessions.set(sessionId, data);
+    setTimeout(() => {
+      this.sessions.delete(sessionId);
+      console.log(`[MCP] Session ${sessionId} expired after ${ttlMs}ms`);
+    }, ttlMs);
+  }
+  /**
+   * Get the number of active sessions
+   * Useful for monitoring and debugging
+   */
+  get size() {
+    return this.sessions.size;
+  }
+  /**
+   * Clear all sessions
+   * Useful for testing and manual cleanup
+   */
+  async clear() {
+    this.sessions.clear();
+  }
+};
+
+// src/server/sessions/stores/redis.ts
+var RedisSessionStore = class {
+  static {
+    __name(this, "RedisSessionStore");
+  }
+  client;
+  prefix;
+  defaultTTL;
+  constructor(config) {
+    this.client = config.client;
+    this.prefix = config.prefix ?? "mcp:session:";
+    this.defaultTTL = config.defaultTTL ?? 3600;
+  }
+  /**
+   * Get full Redis key for a session ID
+   */
+  getKey(sessionId) {
+    return `${this.prefix}${sessionId}`;
+  }
+  /**
+   * Retrieve session metadata by ID
+   */
+  async get(sessionId) {
+    try {
+      const key = this.getKey(sessionId);
+      const data = await this.client.get(key);
+      if (!data) {
+        return null;
+      }
+      return JSON.parse(data);
+    } catch (error2) {
+      console.error(
+        `[RedisSessionStore] Error getting session ${sessionId}:`,
+        error2
+      );
+      return null;
+    }
+  }
+  /**
+   * Store or update session metadata
+   */
+  async set(sessionId, data) {
+    try {
+      const key = this.getKey(sessionId);
+      const value = JSON.stringify(data);
+      if (this.client.setEx) {
+        await this.client.setEx(key, this.defaultTTL, value);
+      } else if (this.client.setex) {
+        await this.client.setex(key, this.defaultTTL, value);
+      } else {
+        await this.client.set(key, value, { EX: this.defaultTTL });
+      }
+    } catch (error2) {
+      console.error(
+        `[RedisSessionStore] Error setting session ${sessionId}:`,
+        error2
+      );
+      throw error2;
+    }
+  }
+  /**
+   * Delete a session
+   */
+  async delete(sessionId) {
+    try {
+      const key = this.getKey(sessionId);
+      await this.client.del(key);
+    } catch (error2) {
+      console.error(
+        `[RedisSessionStore] Error deleting session ${sessionId}:`,
+        error2
+      );
+      throw error2;
+    }
+  }
+  /**
+   * Check if a session exists
+   */
+  async has(sessionId) {
+    try {
+      const key = this.getKey(sessionId);
+      const exists = await this.client.exists(key);
+      return exists === 1;
+    } catch (error2) {
+      console.error(
+        `[RedisSessionStore] Error checking session ${sessionId}:`,
+        error2
+      );
+      return false;
+    }
+  }
+  /**
+   * List all session IDs
+   *
+   * WARNING: Uses KEYS command which blocks Redis. For production systems with
+   * many sessions, consider using SCAN instead or maintaining a separate SET of
+   * active session IDs.
+   */
+  async keys() {
+    try {
+      const pattern = `${this.prefix}*`;
+      const keys = await this.client.keys(pattern);
+      return keys.map((key) => key.substring(this.prefix.length));
+    } catch (error2) {
+      console.error("[RedisSessionStore] Error listing session keys:", error2);
+      return [];
+    }
+  }
+  /**
+   * Store session metadata with custom TTL (time-to-live)
+   */
+  async setWithTTL(sessionId, data, ttlMs) {
+    try {
+      const key = this.getKey(sessionId);
+      const value = JSON.stringify(data);
+      const ttlSeconds = Math.ceil(ttlMs / 1e3);
+      if (this.client.setEx) {
+        await this.client.setEx(key, ttlSeconds, value);
+      } else if (this.client.setex) {
+        await this.client.setex(key, ttlSeconds, value);
+      } else {
+        await this.client.set(key, value, { EX: ttlSeconds });
+      }
+    } catch (error2) {
+      console.error(
+        `[RedisSessionStore] Error setting session ${sessionId} with TTL:`,
+        error2
+      );
+      throw error2;
+    }
+  }
+  /**
+   * Close Redis connection
+   * Should be called when shutting down the server
+   */
+  async close() {
+    try {
+      await this.client.quit();
+    } catch (error2) {
+      console.error(
+        "[RedisSessionStore] Error closing Redis connection:",
+        error2
+      );
+      throw error2;
+    }
+  }
+  /**
+   * Clear all sessions (useful for testing)
+   * WARNING: This will delete all sessions with the configured prefix
+   *
+   * NOTE: Uses KEYS command which blocks Redis. This is acceptable for testing
+   * but should be avoided in production with large datasets.
+   */
+  async clear() {
+    try {
+      const pattern = `${this.prefix}*`;
+      const keys = await this.client.keys(pattern);
+      if (keys.length > 0) {
+        await this.client.del(keys);
+      }
+    } catch (error2) {
+      console.error("[RedisSessionStore] Error clearing sessions:", error2);
+      throw error2;
+    }
+  }
+};
+
+// src/server/sessions/stores/filesystem.ts
+import { mkdir, writeFile, rename, unlink } from "fs/promises";
+import { join, dirname } from "path";
+import { existsSync, readFileSync } from "fs";
+var FileSystemSessionStore = class {
+  static {
+    __name(this, "FileSystemSessionStore");
+  }
+  sessions = /* @__PURE__ */ new Map();
+  filePath;
+  debounceMs;
+  maxAgeMs;
+  saveTimer = null;
+  saving = false;
+  pendingSave = false;
+  constructor(config = {}) {
+    this.filePath = config.path ?? join(process.cwd(), ".mcp-use", "sessions.json");
+    this.debounceMs = config.debounceMs ?? 100;
+    this.maxAgeMs = config.maxAgeMs ?? 24 * 60 * 60 * 1e3;
+    this.loadSessionsSync();
+  }
+  /**
+   * Load sessions from file synchronously during construction
+   * This ensures sessions are available immediately when the server starts
+   */
+  loadSessionsSync() {
+    try {
+      if (!existsSync(this.filePath)) {
+        console.log(
+          `[FileSystemSessionStore] No session file found at ${this.filePath}, starting fresh`
+        );
+        return;
+      }
+      const data = readFileSync(this.filePath, "utf-8");
+      const parsed = JSON.parse(data);
+      const now = Date.now();
+      let loadedCount = 0;
+      let expiredCount = 0;
+      for (const [sessionId, metadata] of Object.entries(parsed)) {
+        const sessionMetadata = metadata;
+        const age = now - sessionMetadata.lastAccessedAt;
+        if (age > this.maxAgeMs) {
+          expiredCount++;
+          continue;
+        }
+        this.sessions.set(sessionId, sessionMetadata);
+        loadedCount++;
+      }
+      console.log(
+        `[FileSystemSessionStore] Loaded ${loadedCount} session(s) from ${this.filePath}` + (expiredCount > 0 ? ` (cleaned up ${expiredCount} expired)` : "")
+      );
+    } catch (error2) {
+      if (error2.code === "ENOENT") {
+        console.log(`[FileSystemSessionStore] No existing sessions file`);
+      } else if (error2 instanceof SyntaxError) {
+        console.warn(
+          `[FileSystemSessionStore] Corrupted session file, starting fresh:`,
+          error2.message
+        );
+      } else {
+        console.warn(
+          `[FileSystemSessionStore] Error loading sessions, starting fresh:`,
+          error2.message
+        );
+      }
+    }
+  }
+  /**
+   * Retrieve session metadata by ID
+   */
+  async get(sessionId) {
+    const data = this.sessions.get(sessionId);
+    return data ?? null;
+  }
+  /**
+   * Store or update session metadata
+   * Uses debouncing to batch rapid consecutive writes
+   */
+  async set(sessionId, data) {
+    this.sessions.set(sessionId, data);
+    await this.scheduleSave();
+  }
+  /**
+   * Delete session metadata
+   */
+  async delete(sessionId) {
+    this.sessions.delete(sessionId);
+    await this.scheduleSave();
+  }
+  /**
+   * Check if session exists
+   */
+  async has(sessionId) {
+    return this.sessions.has(sessionId);
+  }
+  /**
+   * List all session IDs
+   */
+  async keys() {
+    return Array.from(this.sessions.keys());
+  }
+  /**
+   * Store session metadata with TTL
+   * Note: TTL is enforced on load, not with timers (simple implementation)
+   */
+  async setWithTTL(sessionId, data, ttlMs) {
+    const metadataWithExpiry = {
+      ...data,
+      lastAccessedAt: Date.now()
+    };
+    this.sessions.set(sessionId, metadataWithExpiry);
+    await this.scheduleSave();
+    setTimeout(() => {
+      this.sessions.delete(sessionId);
+      this.scheduleSave();
+    }, ttlMs);
+  }
+  /**
+   * Get the number of active sessions
+   */
+  get size() {
+    return this.sessions.size;
+  }
+  /**
+   * Clear all sessions
+   */
+  async clear() {
+    this.sessions.clear();
+    await this.scheduleSave();
+  }
+  /**
+   * Schedule a save operation with debouncing
+   * Prevents excessive disk I/O from rapid consecutive writes
+   */
+  async scheduleSave() {
+    if (this.saving) {
+      this.pendingSave = true;
+      return;
+    }
+    if (this.saveTimer) {
+      clearTimeout(this.saveTimer);
+    }
+    this.saveTimer = setTimeout(() => {
+      this.performSave();
+    }, this.debounceMs);
+  }
+  /**
+   * Perform the actual save operation with atomic writes
+   * Uses write-to-temp-then-rename pattern to prevent corruption
+   */
+  async performSave() {
+    this.saveTimer = null;
+    this.saving = true;
+    this.pendingSave = false;
+    try {
+      const dir = dirname(this.filePath);
+      await mkdir(dir, { recursive: true });
+      const data = {};
+      for (const [sessionId, metadata] of Array.from(this.sessions.entries())) {
+        data[sessionId] = metadata;
+      }
+      const tempPath = `${this.filePath}.tmp`;
+      await writeFile(tempPath, JSON.stringify(data, null, 2), "utf-8");
+      await rename(tempPath, this.filePath);
+      console.debug(
+        `[FileSystemSessionStore] Saved ${this.sessions.size} session(s) to ${this.filePath}`
+      );
+    } catch (error2) {
+      console.error(
+        `[FileSystemSessionStore] Error saving sessions:`,
+        error2.message
+      );
+      try {
+        const tempPath = `${this.filePath}.tmp`;
+        if (existsSync(tempPath)) {
+          await unlink(tempPath);
+        }
+      } catch {
+      }
+    } finally {
+      this.saving = false;
+      if (this.pendingSave) {
+        await this.scheduleSave();
+      }
+    }
+  }
+  /**
+   * Force an immediate save (bypasses debouncing)
+   * Useful for ensuring persistence before process exit
+   */
+  async flush() {
+    if (this.saveTimer) {
+      clearTimeout(this.saveTimer);
+      this.saveTimer = null;
+    }
+    await this.performSave();
+  }
+};
+
+// src/server/sessions/streams/memory.ts
+var InMemoryStreamManager = class {
+  static {
+    __name(this, "InMemoryStreamManager");
+  }
+  /**
+   * Map of active SSE stream controllers
+   * Key: sessionId, Value: ReadableStreamDefaultController
+   */
+  streams = /* @__PURE__ */ new Map();
+  /**
+   * Text encoder for converting strings to Uint8Array
+   */
+  textEncoder = new TextEncoder();
+  /**
+   * Register an active SSE stream controller
+   */
+  async create(sessionId, controller) {
+    this.streams.set(sessionId, controller);
+  }
+  /**
+   * Send data to active SSE streams
+   *
+   * Directly enqueues data to in-memory controllers.
+   * For distributed deployments, use RedisStreamManager instead.
+   */
+  async send(sessionIds, data) {
+    const encoded = this.textEncoder.encode(data);
+    if (!sessionIds) {
+      for (const [_id, controller] of this.streams.entries()) {
+        try {
+          controller.enqueue(encoded);
+        } catch (error2) {
+          console.warn(
+            `[InMemoryStreamManager] Failed to send to session ${_id}:`,
+            error2
+          );
+        }
+      }
+    } else {
+      for (const sessionId of sessionIds) {
+        const controller = this.streams.get(sessionId);
+        if (controller) {
+          try {
+            controller.enqueue(encoded);
+          } catch (error2) {
+            console.warn(
+              `[InMemoryStreamManager] Failed to send to session ${sessionId}:`,
+              error2
+            );
+          }
+        }
+      }
+    }
+  }
+  /**
+   * Remove an active SSE stream
+   */
+  async delete(sessionId) {
+    const controller = this.streams.get(sessionId);
+    if (controller) {
+      try {
+        controller.close();
+      } catch (error2) {
+        console.debug(
+          `[InMemoryStreamManager] Controller already closed for session ${sessionId}`
+        );
+      }
+      this.streams.delete(sessionId);
+    }
+  }
+  /**
+   * Check if an active stream exists
+   */
+  async has(sessionId) {
+    return this.streams.has(sessionId);
+  }
+  /**
+   * Close all active streams
+   */
+  async close() {
+    for (const [sessionId, controller] of this.streams.entries()) {
+      try {
+        controller.close();
+      } catch (error2) {
+        console.debug(
+          `[InMemoryStreamManager] Error closing stream for ${sessionId}:`,
+          error2
+        );
+      }
+    }
+    this.streams.clear();
+  }
+  /**
+   * Get the number of active streams
+   * Useful for monitoring
+   */
+  get size() {
+    return this.streams.size;
+  }
+};
+
+// src/server/sessions/streams/redis.ts
+var RedisStreamManager = class {
+  static {
+    __name(this, "RedisStreamManager");
+  }
+  pubSubClient;
+  client;
+  prefix;
+  heartbeatInterval;
+  textEncoder = new TextEncoder();
+  /**
+   * Map of local controllers (only on this server instance)
+   * Key: sessionId, Value: controller
+   */
+  localControllers = /* @__PURE__ */ new Map();
+  /**
+   * Map of heartbeat intervals for keeping sessions alive
+   * Key: sessionId, Value: interval timer
+   */
+  heartbeats = /* @__PURE__ */ new Map();
+  constructor(config) {
+    this.pubSubClient = config.pubSubClient;
+    this.client = config.client;
+    this.prefix = config.prefix ?? "mcp:stream:";
+    this.heartbeatInterval = config.heartbeatInterval ?? 10;
+  }
+  /**
+   * Get the Redis channel name for a session
+   */
+  getChannel(sessionId) {
+    return `${this.prefix}${sessionId}`;
+  }
+  /**
+   * Get the Redis key for tracking active sessions
+   */
+  getAvailableKey(sessionId) {
+    return `available:${this.prefix}${sessionId}`;
+  }
+  /**
+   * Get the Redis key for the active sessions SET
+   */
+  getActiveSessionsKey() {
+    return `${this.prefix}active`;
+  }
+  /**
+   * Register an active SSE stream and subscribe to Redis channel
+   */
+  async create(sessionId, controller) {
+    try {
+      this.localControllers.set(sessionId, controller);
+      const availableKey = this.getAvailableKey(sessionId);
+      await this.client.set(availableKey, "active");
+      if (this.client.expire) {
+        await this.client.expire(availableKey, this.heartbeatInterval * 2);
+      }
+      const activeSessionsKey = this.getActiveSessionsKey();
+      if (this.client.sAdd) {
+        await this.client.sAdd(activeSessionsKey, sessionId);
+        if (this.client.expire) {
+          await this.client.expire(
+            activeSessionsKey,
+            this.heartbeatInterval * 2
+          );
+        }
+      }
+      const heartbeat = setInterval(async () => {
+        try {
+          if (this.client.expire) {
+            await this.client.expire(availableKey, this.heartbeatInterval * 2);
+            const activeSessionsKey2 = this.getActiveSessionsKey();
+            await this.client.expire(
+              activeSessionsKey2,
+              this.heartbeatInterval * 2
+            );
+          }
+        } catch (error2) {
+          console.warn(
+            `[RedisStreamManager] Heartbeat failed for session ${sessionId}:`,
+            error2
+          );
+        }
+      }, this.heartbeatInterval * 1e3);
+      this.heartbeats.set(sessionId, heartbeat);
+      const channel = this.getChannel(sessionId);
+      if (!this.pubSubClient.subscribe) {
+        throw new Error(
+          "[RedisStreamManager] Redis client does not support subscribe method"
+        );
+      }
+      await this.pubSubClient.subscribe(channel, (message) => {
+        const localController = this.localControllers.get(sessionId);
+        if (localController) {
+          try {
+            localController.enqueue(this.textEncoder.encode(message));
+          } catch (error2) {
+            console.warn(
+              `[RedisStreamManager] Failed to enqueue message for ${sessionId}:`,
+              error2
+            );
+          }
+        }
+      });
+      const deleteChannel = `delete:${this.getChannel(sessionId)}`;
+      await this.pubSubClient.subscribe(deleteChannel, async () => {
+        await this.delete(sessionId);
+      });
+      console.log(
+        `[RedisStreamManager] Created stream for session ${sessionId}`
+      );
+    } catch (error2) {
+      console.error(
+        `[RedisStreamManager] Error creating stream for ${sessionId}:`,
+        error2
+      );
+      throw error2;
+    }
+  }
+  /**
+   * Send data to sessions via Redis Pub/Sub
+   *
+   * This works across distributed servers - any server with an active
+   * SSE connection for the target session will receive and forward the message.
+   *
+   * Note: Uses the regular client (not pubSubClient) for publishing.
+   * In node-redis v5+, clients in subscriber mode cannot publish.
+   */
+  async send(sessionIds, data) {
+    try {
+      if (!sessionIds) {
+        const activeSessionsKey = this.getActiveSessionsKey();
+        if (this.client.sMembers) {
+          const sessionIds2 = await this.client.sMembers(activeSessionsKey);
+          for (const sessionId of sessionIds2) {
+            const channel = this.getChannel(sessionId);
+            if (!this.client.publish) {
+              throw new Error(
+                "[RedisStreamManager] Redis client does not support publish method"
+              );
+            }
+            await this.client.publish(channel, data);
+          }
+        } else {
+          const pattern = `available:${this.prefix}*`;
+          const keys = await this.client.keys(pattern);
+          for (const key of keys) {
+            const sessionId = key.replace(`available:${this.prefix}`, "");
+            const channel = this.getChannel(sessionId);
+            if (!this.client.publish) {
+              throw new Error(
+                "[RedisStreamManager] Redis client does not support publish method"
+              );
+            }
+            await this.client.publish(channel, data);
+          }
+        }
+      } else {
+        for (const sessionId of sessionIds) {
+          const channel = this.getChannel(sessionId);
+          if (!this.client.publish) {
+            throw new Error(
+              "[RedisStreamManager] Redis client does not support publish method"
+            );
+          }
+          await this.client.publish(channel, data);
+        }
+      }
+    } catch (error2) {
+      console.error(`[RedisStreamManager] Error sending to sessions:`, error2);
+      throw error2;
+    }
+  }
+  /**
+   * Remove an active SSE stream
+   */
+  async delete(sessionId) {
+    try {
+      const heartbeat = this.heartbeats.get(sessionId);
+      if (heartbeat) {
+        clearInterval(heartbeat);
+        this.heartbeats.delete(sessionId);
+      }
+      const channel = this.getChannel(sessionId);
+      const deleteChannel = `delete:${channel}`;
+      if (!this.pubSubClient.unsubscribe) {
+        throw new Error(
+          "[RedisStreamManager] Redis client does not support unsubscribe method"
+        );
+      }
+      await this.pubSubClient.unsubscribe(channel);
+      await this.pubSubClient.unsubscribe(deleteChannel);
+      if (!this.client.publish) {
+        throw new Error(
+          "[RedisStreamManager] Redis client does not support publish method"
+        );
+      }
+      await this.client.publish(deleteChannel, "");
+      await this.client.del(this.getAvailableKey(sessionId));
+      const activeSessionsKey = this.getActiveSessionsKey();
+      if (this.client.sRem) {
+        await this.client.sRem(activeSessionsKey, sessionId);
+      }
+      const controller = this.localControllers.get(sessionId);
+      if (controller) {
+        try {
+          controller.close();
+        } catch (error2) {
+          console.debug(
+            `[RedisStreamManager] Controller already closed for ${sessionId}`
+          );
+        }
+        this.localControllers.delete(sessionId);
+      }
+      console.log(
+        `[RedisStreamManager] Deleted stream for session ${sessionId}`
+      );
+    } catch (error2) {
+      console.error(
+        `[RedisStreamManager] Error deleting stream for ${sessionId}:`,
+        error2
+      );
+      throw error2;
+    }
+  }
+  /**
+   * Check if a session has an active stream (on ANY server)
+   */
+  async has(sessionId) {
+    try {
+      const availableKey = this.getAvailableKey(sessionId);
+      const exists = await this.client.exists(availableKey);
+      return exists === 1;
+    } catch (error2) {
+      console.error(
+        `[RedisStreamManager] Error checking session ${sessionId}:`,
+        error2
+      );
+      return false;
+    }
+  }
+  /**
+   * Close all connections and cleanup
+   */
+  async close() {
+    try {
+      for (const heartbeat of this.heartbeats.values()) {
+        clearInterval(heartbeat);
+      }
+      this.heartbeats.clear();
+      const activeSessionsKey = this.getActiveSessionsKey();
+      const sessionIdsToCleanup = Array.from(this.localControllers.keys());
+      for (const sessionId of sessionIdsToCleanup) {
+        await this.client.del(this.getAvailableKey(sessionId));
+        if (this.client.sRem) {
+          await this.client.sRem(activeSessionsKey, sessionId);
+        }
+      }
+      for (const controller of this.localControllers.values()) {
+        try {
+          controller.close();
+        } catch (error2) {
+        }
+      }
+      this.localControllers.clear();
+      console.log(`[RedisStreamManager] Closed all streams`);
+    } catch (error2) {
+      console.error(`[RedisStreamManager] Error during close:`, error2);
+      throw error2;
+    }
+  }
+  /**
+   * Get count of active local streams on this server instance
+   */
+  get localSize() {
+    return this.localControllers.size;
+  }
+};
+
 // src/server/endpoints/mount-mcp.ts
+import { join as join2 } from "path";
 async function mountMcp(app, mcpServerInstance, sessions, config, isProductionMode2) {
   const { FetchStreamableHTTPServerTransport } = await import("@mcp-use/modelcontextprotocol-sdk/experimental/fetch-streamable-http/index.js");
   const idleTimeoutMs = config.sessionIdleTimeoutMs ?? 3e5;
+  const sessionStore = config.sessionStore ?? (isProductionMode2 ? new InMemorySessionStore() : new FileSystemSessionStore({
+    path: join2(process.cwd(), ".mcp-use", "sessions.json")
+  }));
+  const streamManager = config.streamManager ?? new InMemoryStreamManager();
   const transports = /* @__PURE__ */ new Map();
+  if (config.autoCreateSessionOnInvalidId !== void 0) {
+    console.warn(
+      "[MCP] WARNING: 'autoCreateSessionOnInvalidId' is deprecated and will be removed in a future version.\nThe MCP specification requires clients to send a new InitializeRequest when receiving a 404 for stale sessions.\nModern MCP clients handle this correctly. For session persistence across restarts, use the 'sessionStore' option.\nSee: https://modelcontextprotocol.io/specification/2025-11-25/basic/transports#session-management"
+    );
+  }
   let idleCleanupInterval;
   if (!config.stateless && idleTimeoutMs > 0) {
     idleCleanupInterval = startIdleCleanup(
@@ -2652,15 +3467,34 @@ async function mountMcp(app, mcpServerInstance, sessions, config, isProductionMo
     );
   }
   const handleRequest = /* @__PURE__ */ __name(async (c) => {
-    if (config.stateless) {
+    const acceptHeader = c.req.header("Accept") || c.req.header("accept") || "";
+    const clientSupportsSSE = acceptHeader.includes("text/event-stream");
+    const useStatelessMode = config.stateless || !clientSupportsSSE;
+    if (useStatelessMode) {
       const server = mcpServerInstance.getServerForSession();
       const transport = new FetchStreamableHTTPServerTransport({
-        sessionIdGenerator: void 0
+        sessionIdGenerator: void 0,
         // No session tracking
+        // Enable plain JSON responses ONLY if client doesn't support SSE
+        // This allows k6/curl to work while maintaining SSE format for compatible clients
+        enableJsonResponse: !clientSupportsSSE
       });
       try {
         await server.connect(transport);
-        return await transport.handleRequest(c.req.raw);
+        const request = c.req.raw;
+        if (!clientSupportsSSE) {
+          const modifiedRequest = new Request(request.url, {
+            method: request.method,
+            headers: {
+              ...Object.fromEntries(request.headers.entries()),
+              Accept: "application/json, text/event-stream"
+            },
+            body: request.body,
+            ...request.body && { duplex: "half" }
+          });
+          return await transport.handleRequest(modifiedRequest);
+        }
+        return await transport.handleRequest(request);
       } catch (error2) {
         console.error("[MCP] Stateless request error:", error2);
         transport.close();
@@ -2670,46 +3504,165 @@ async function mountMcp(app, mcpServerInstance, sessions, config, isProductionMo
     } else {
       const sessionId = c.req.header("mcp-session-id");
       if (c.req.method === "HEAD") {
-        if (sessionId && sessions.has(sessionId)) {
-          sessions.get(sessionId).lastAccessedAt = Date.now();
+        if (sessionId && await sessionStore.has(sessionId)) {
+          const session = await sessionStore.get(sessionId);
+          if (session) {
+            session.lastAccessedAt = Date.now();
+            await sessionStore.set(sessionId, session);
+          }
         }
         return new Response(null, { status: 200 });
       }
+      if (sessionId && await sessionStore.has(sessionId) && !transports.has(sessionId)) {
+        console.log(
+          `[MCP] Session metadata found but transport lost (likely hot reload): ${sessionId} - recreating transport`
+        );
+        const server2 = mcpServerInstance.getServerForSession();
+        const transport2 = new FetchStreamableHTTPServerTransport({
+          sessionIdGenerator: /* @__PURE__ */ __name(() => sessionId, "sessionIdGenerator"),
+          // Reuse existing session ID
+          onsessioninitialized: /* @__PURE__ */ __name(async (sid) => {
+            console.log(`[MCP] Session reconnected: ${sid}`);
+            transports.set(sid, transport2);
+            const metadata = await sessionStore.get(sid);
+            const sessionData = {
+              transport: transport2,
+              server: server2,
+              lastAccessedAt: Date.now(),
+              context: c,
+              honoContext: c,
+              ...metadata || {}
+            };
+            sessions.set(sid, sessionData);
+            server2.server.oninitialized = async () => {
+              const clientCapabilities = server2.server.getClientCapabilities();
+              const clientInfo = server2.server.getClientInfo?.() || {};
+              const protocolVersion = server2.server.getProtocolVersion?.() || "unknown";
+              const metadata2 = await sessionStore.get(sid);
+              if (metadata2) {
+                metadata2.clientCapabilities = clientCapabilities;
+                metadata2.clientInfo = clientInfo;
+                metadata2.protocolVersion = String(protocolVersion);
+                await sessionStore.set(sid, metadata2);
+              }
+              const sessionData2 = sessions.get(sid);
+              if (sessionData2) {
+                sessionData2.clientCapabilities = clientCapabilities;
+              }
+              Telemetry.getInstance().trackServerInitialize({
+                protocolVersion: String(protocolVersion),
+                clientInfo: clientInfo || {},
+                clientCapabilities: clientCapabilities || {},
+                sessionId: sid
+              }).catch(
+                (e) => console.debug(`Failed to track server initialize: ${e}`)
+              );
+              if (!isProductionMode2) {
+                console.log(
+                  `[MCP] Development mode: Sending list_changed notifications to reconnected session ${sid}`
+                );
+                try {
+                  const { sendNotificationToSession: sendNotificationToSession3 } = await import("../../notifications-FLGIFS56.js");
+                  await sendNotificationToSession3(
+                    sessions,
+                    sid,
+                    "notifications/tools/list_changed"
+                  );
+                  await sendNotificationToSession3(
+                    sessions,
+                    sid,
+                    "notifications/resources/list_changed"
+                  );
+                  await sendNotificationToSession3(
+                    sessions,
+                    sid,
+                    "notifications/prompts/list_changed"
+                  );
+                } catch (err) {
+                  console.debug(
+                    `[MCP] Failed to send list_changed notification:`,
+                    err
+                  );
+                }
+              }
+            };
+          }, "onsessioninitialized"),
+          onsessionclosed: /* @__PURE__ */ __name(async (sid) => {
+            console.log(`[MCP] Session closed: ${sid}`);
+            transports.delete(sid);
+            await streamManager.delete(sid);
+            await sessionStore.delete(sid);
+            sessions.delete(sid);
+            mcpServerInstance.cleanupSessionSubscriptions?.(sid);
+          }, "onsessionclosed")
+        });
+        await server2.connect(transport2);
+        return transport2.handleRequest(c.req.raw);
+      }
+      if (sessionId && !await sessionStore.has(sessionId)) {
+        console.log(
+          `[MCP] Session not found: ${sessionId} - returning 404 (client should re-initialize)`
+        );
+        return c.json(
+          {
+            jsonrpc: "2.0",
+            error: { code: -32001, message: "Session not found" },
+            id: null
+          },
+          404
+        );
+      }
       if (sessionId && transports.has(sessionId)) {
         const transport2 = transports.get(sessionId);
-        if (sessions.has(sessionId)) {
-          const session = sessions.get(sessionId);
-          session.lastAccessedAt = Date.now();
-          session.context = c;
-          session.honoContext = c;
+        const metadata = await sessionStore.get(sessionId);
+        if (metadata) {
+          metadata.lastAccessedAt = Date.now();
+          await sessionStore.set(sessionId, metadata);
+        }
+        const sessionData = sessions.get(sessionId);
+        if (sessionData) {
+          sessionData.lastAccessedAt = Date.now();
+          sessionData.context = c;
+          sessionData.honoContext = c;
         }
         return transport2.handleRequest(c.req.raw);
       }
       const server = mcpServerInstance.getServerForSession();
       const transport = new FetchStreamableHTTPServerTransport({
         sessionIdGenerator: /* @__PURE__ */ __name(() => generateUUID(), "sessionIdGenerator"),
-        onsessioninitialized: /* @__PURE__ */ __name((sid) => {
+        onsessioninitialized: /* @__PURE__ */ __name(async (sid) => {
           console.log(`[MCP] Session initialized: ${sid}`);
           transports.set(sid, transport);
-          sessions.set(sid, {
+          const sessionData = {
             transport,
             server,
             lastAccessedAt: Date.now(),
             context: c,
             honoContext: c
+          };
+          sessions.set(sid, sessionData);
+          await sessionStore.set(sid, {
+            lastAccessedAt: Date.now()
           });
-          server.server.oninitialized = () => {
+          server.server.oninitialized = async () => {
             const clientCapabilities = server.server.getClientCapabilities();
             const clientInfo = server.server.getClientInfo?.() || {};
             const protocolVersion = server.server.getProtocolVersion?.() || "unknown";
-            if (clientCapabilities && sessions.has(sid)) {
-              const session = sessions.get(sid);
-              session.clientCapabilities = clientCapabilities;
+            const metadata = await sessionStore.get(sid);
+            if (metadata) {
+              metadata.clientCapabilities = clientCapabilities;
+              metadata.clientInfo = clientInfo;
+              metadata.protocolVersion = String(protocolVersion);
+              await sessionStore.set(sid, metadata);
               console.log(
                 `[MCP] Captured client capabilities for session ${sid}:`,
-                Object.keys(clientCapabilities)
+                clientCapabilities ? Object.keys(clientCapabilities) : "none"
               );
             }
+            const sessionData2 = sessions.get(sid);
+            if (sessionData2) {
+              sessionData2.clientCapabilities = clientCapabilities;
+            }
             Telemetry.getInstance().trackServerInitialize({
               protocolVersion: String(protocolVersion),
               clientInfo: clientInfo || {},
@@ -2720,9 +3673,11 @@ async function mountMcp(app, mcpServerInstance, sessions, config, isProductionMo
             );
           };
         }, "onsessioninitialized"),
-        onsessionclosed: /* @__PURE__ */ __name((sid) => {
+        onsessionclosed: /* @__PURE__ */ __name(async (sid) => {
           console.log(`[MCP] Session closed: ${sid}`);
           transports.delete(sid);
+          await streamManager.delete(sid);
+          await sessionStore.delete(sid);
           sessions.delete(sid);
           mcpServerInstance.cleanupSessionSubscriptions?.(sid);
         }, "onsessionclosed")
@@ -3509,7 +4464,7 @@ var MCPServerClass = class {
       );
     }
     newServer.server.setRequestHandler(
-      z2.object({ method: z2.literal("logging/setLevel") }).passthrough(),
+      z3.object({ method: z3.literal("logging/setLevel") }).passthrough(),
       (async (request, extra) => {
         const level = request.params?.level;
         if (!level) {
@@ -3581,6 +4536,9 @@ var MCPServerClass = class {
   getActiveSessions = getActiveSessions;
   sendNotification = sendNotification;
   sendNotificationToSession = sendNotificationToSession2;
+  sendToolsListChanged = sendToolsListChanged;
+  sendResourcesListChanged = sendResourcesListChanged;
+  sendPromptsListChanged = sendPromptsListChanged;
   /**
    * Notify subscribed clients that a resource has been updated
    *
@@ -4436,7 +5394,12 @@ function requireAnyScope(needed) {
 }
 __name(requireAnyScope, "requireAnyScope");
 export {
+  FileSystemSessionStore,
+  InMemorySessionStore,
+  InMemoryStreamManager,
   MCPServer,
+  RedisSessionStore,
+  RedisStreamManager,
   VERSION,
   adaptConnectMiddleware,
   adaptMiddleware,