mcp4openapi 0.2.8 → 0.3.1

package/dist/src/http-transport.js

@@ -18,20 +18,20 @@ import { MetricsCollector } from './metrics.js';
 import { ExternalOAuthProvider } from './oauth-provider.js';
 import { HTTP_STATUS, MIME_TYPES, OAUTH_PATHS, TIMEOUTS, OAUTH_RATE_LIMIT } from './constants.js';
 import { escapeHtmlSafe } from './validation-utils.js';
-import { AuthenticationError, AuthorizationError, RateLimitError, ValidationError, generateCorrelationId, } from './errors.js';
-// Default maximum token length (1000 characters)
+import { AuthenticationError, AuthorizationError, ConfigurationError, RateLimitError, ValidationError, generateCorrelationId, } from './errors.js';
+import { parseFilteringHeader, normalizeFilteringHeaderValue } from './filtering.js';
+import { ToolFilterService, EnvConfigParser, HeaderConfigParser, RegexCompiler, RegexValidator, OperationClassifier, OpenAPIOperationResolver, OperationDetector, normalizeToolFilterHeaderValue, parseSessionToolFilterHeader, } from './tool-filter/index.js';
 const DEFAULT_MAX_TOKEN_LENGTH = 1000;
 export class HttpTransport {
     constructor(config, logger) {
         this.server = null;
-        this.sessions = new Map();
         this.metrics = null;
         this.cleanupInterval = null;
         this.messageHandler = null;
-        this.oauthProvider = null;
-        // Map access_token -> { refreshToken, expiresAt, clientId, scopes }
-        // Used to bridge /oauth/token endpoint (where we see OAuthTokens) and session initialization (where we only see access token)
-        this.oauthTokensByAccessToken = new Map();
+        this.profileContextProvider = null;
+        this.profileStates = new Map();
+        this.oauthRedirectHostCache = new Map();
+        this.warnedMissingOAuthRedirectEnvVars = new Set();
         this.hasWarnedAboutBinding = false;
         /**
          * Session destruction listeners for cleanup in other components
@@ -47,20 +47,6 @@ export class HttpTransport {
                 prefix: 'mcp_',
             });
         }
-        // Initialize OAuth provider if configured
-        if (config.oauthConfig) {
-            this.logger.info('Initializing OAuth provider with config', { hasClientId: !!config.oauthConfig.client_id });
-            this.oauthProvider = new ExternalOAuthProvider(config.oauthConfig, logger);
-            // Note: authorizationEndpoint may be undefined at this point if config uses issuer-based discovery
-            // It will be resolved lazily on first OAuth operation (authorize/token)
-            this.logger.info('OAuth provider initialized', {
-                endpoint: this.oauthProvider.authorizationEndpoint || '(to be derived from issuer)',
-                hasIssuer: !!config.oauthConfig.issuer,
-            });
-        }
-        else {
-            this.logger.info('No OAuth config provided - OAuth provider not initialized');
-        }
         this.app = express();
         this.setupMiddleware();
         this.setupRoutes();
@@ -71,6 +57,21 @@ export class HttpTransport {
      * Why: Security (Origin validation, rate limiting), JSON parsing, session extraction, metrics
      */
     setupMiddleware() {
+        // Security: standard headers
+        this.app.disable('x-powered-by');
+        this.app.use((req, res, next) => {
+            res.setHeader('Content-Security-Policy', "default-src 'self'; frame-ancestors 'none'");
+            res.setHeader('X-Frame-Options', 'DENY');
+            res.setHeader('X-Content-Type-Options', 'nosniff');
+            res.setHeader('Referrer-Policy', 'no-referrer');
+            res.setHeader('Permissions-Policy', 'geolocation=(), microphone=(), camera=(), payment=()');
+            // Additional security headers
+            res.setHeader('Cross-Origin-Opener-Policy', 'same-origin');
+            res.setHeader('Cross-Origin-Resource-Policy', 'same-origin');
+            res.setHeader('X-Permitted-Cross-Domain-Policies', 'none');
+            res.setHeader('X-DNS-Prefetch-Control', 'off');
+            next();
+        });
         // Request logging (before any middleware)
         this.app.use((req, res, next) => {
             this.logger.debug('Request received', {
@@ -103,7 +104,9 @@ export class HttpTransport {
             next();
         });
         // JSON body parser
-        this.app.use(express.json());
+        // Limit set to 10MB to support large tool inputs/results (e.g. file content)
+        // while preventing massive DoS attacks. Default is 100kb.
+        this.app.use(express.json({ limit: '10mb' }));
         // Metrics: Track request start time
         this.app.use((req, res, next) => {
             req.startTime = Date.now();
@@ -157,19 +160,31 @@ export class HttpTransport {
                 this.logger.warn('HTTP transport bound to 0.0.0.0 - accessible from network. Ensure firewall protection.');
                 this.hasWarnedAboutBinding = true;
             }
-            // Skip Origin check for localhost
-            if (req.hostname === 'localhost' || req.hostname === '127.0.0.1') {
-                return next();
+            // Validate Origin header
+            // We do not skip this check for localhost, as requests to localhost can still be CSRF targets
+            if (!origin) {
+                next();
+                return;
             }
-            // Validate Origin header for non-localhost
-            if (origin && !this.isAllowedOrigin(origin)) {
-                this.logger.warn('Rejected request from disallowed origin', { origin, ip: req.ip });
-                return res.status(HTTP_STATUS.FORBIDDEN).json({
+            this.isAllowedOriginForRequest(origin, req)
+                .then((allowed) => {
+                if (!allowed) {
+                    this.logger.warn('Rejected request from disallowed origin', { origin, ip: req.ip });
+                    res.status(HTTP_STATUS.FORBIDDEN).json({
+                        error: 'Forbidden',
+                        message: 'Origin not allowed'
+                    });
+                    return;
+                }
+                next();
+            })
+                .catch((error) => {
+                this.logger.error('Origin validation failed', error instanceof Error ? error : new Error(String(error)));
+                res.status(HTTP_STATUS.FORBIDDEN).json({
                     error: 'Forbidden',
                     message: 'Origin not allowed'
                 });
-            }
-            next();
+            });
         });
         // Extract session ID from header
         this.app.use((req, res, next) => {
@@ -180,6 +195,101 @@ export class HttpTransport {
             next();
         });
     }
+    setProfileContextProvider(provider) {
+        this.profileContextProvider = provider;
+    }
+    getDefaultProfileId() {
+        if (this.config.defaultProfileId) {
+            return this.config.defaultProfileId;
+        }
+        if (this.config.profileRoutingEnabled) {
+            return undefined;
+        }
+        return 'default';
+    }
+    buildDefaultProfileContext() {
+        const profileId = this.getDefaultProfileId();
+        if (!profileId) {
+            return null;
+        }
+        return {
+            profileId,
+            oauthConfig: this.config.oauthConfig,
+            authConfigs: this.config.authConfigs,
+            baseUrl: this.config.baseUrl,
+            rateLimitOAuthMax: this.config.rateLimitOAuthMax,
+            rateLimitOAuthWindowMs: this.config.rateLimitOAuthWindowMs,
+            resourceName: this.config.resourceName,
+            resourceDocumentation: this.config.resourceDocumentation,
+            parser: this.config.parser,
+        };
+    }
+    async getProfileState(profileId) {
+        const existing = this.profileStates.get(profileId);
+        if (existing) {
+            return existing;
+        }
+        let context = null;
+        if (this.profileContextProvider) {
+            try {
+                context = await this.profileContextProvider(profileId);
+            }
+            catch (error) {
+                if (error instanceof ConfigurationError && error.message === 'Profile not found') {
+                    this.logger.warn('Profile not found during request', { profileId });
+                    return null;
+                }
+                throw error;
+            }
+        }
+        else {
+            const defaultContext = this.buildDefaultProfileContext();
+            if (defaultContext?.profileId === profileId) {
+                context = defaultContext;
+            }
+        }
+        if (!context) {
+            return null;
+        }
+        let oauthProvider = null;
+        if (context.oauthConfig) {
+            this.logger.info('Initializing OAuth provider with config', {
+                profileId,
+                hasClientId: !!context.oauthConfig.client_id,
+            });
+            oauthProvider = new ExternalOAuthProvider(context.oauthConfig, this.logger);
+            this.logger.info('OAuth provider initialized', {
+                profileId,
+                endpoint: oauthProvider.authorizationEndpoint || '(to be derived from issuer)',
+                hasIssuer: !!context.oauthConfig.issuer,
+            });
+        }
+        else {
+            this.logger.info('No OAuth config provided - OAuth provider not initialized', { profileId });
+        }
+        const state = {
+            profileId,
+            context,
+            oauthProvider,
+            oauthTokensByAccessToken: new Map(),
+            sessions: new Map(),
+        };
+        this.profileStates.set(profileId, state);
+        return state;
+    }
+    getProfileIdForRequest(req) {
+        if (req.profileId) {
+            return req.profileId;
+        }
+        return this.getDefaultProfileId();
+    }
+    async getProfileStateForRequest(req) {
+        const profileId = this.getProfileIdForRequest(req);
+        if (!profileId) {
+            return null;
+        }
+        return await this.getProfileState(profileId);
+    }
     /**
      * Check if origin is allowed
      *
@@ -203,16 +313,10 @@ export class HttpTransport {
             if (hostname === this.config.host) {
                 return true;
             }
-            // Allow OAuth redirect URI host if configured
-            if (this.oauthProvider?.redirectUri) {
-                try {
-                    const redirectUrl = new URL(this.oauthProvider.redirectUri);
-                    if (hostname === redirectUrl.hostname) {
-                        return true;
-                    }
-                }
-                catch {
-                    // Invalid URL, ignore
+            // Allow OAuth redirect URI hosts (initialized + cached + configured)
+            for (const redirectHost of this.getOAuthRedirectHostPatterns()) {
+                if (this.matchOrigin(hostname, redirectHost)) {
+                    return true;
                 }
             }
             // Check custom allowed origins
@@ -229,6 +333,139 @@ export class HttpTransport {
             return false;
         }
     }
+    getOAuthRedirectHostPatterns() {
+        const hosts = new Set();
+        const defaultProfileId = this.getDefaultProfileId() ?? 'default';
+        for (const state of this.profileStates.values()) {
+            const redirectUri = state.oauthProvider?.redirectUri;
+            if (!redirectUri) {
+                continue;
+            }
+            try {
+                const redirectUrl = new URL(redirectUri);
+                hosts.add(redirectUrl.hostname);
+            }
+            catch {
+                // Ignore invalid URL
+            }
+        }
+        if (this.config.oauthConfig) {
+            for (const pattern of this.extractRedirectHostPatterns(this.config.oauthConfig, defaultProfileId)) {
+                hosts.add(pattern);
+            }
+        }
+        for (const patterns of this.oauthRedirectHostCache.values()) {
+            for (const pattern of patterns) {
+                hosts.add(pattern);
+            }
+        }
+        return Array.from(hosts);
+    }
+    extractRedirectHostPatterns(oauthConfig, profileId) {
+        if (!oauthConfig?.redirect_uri) {
+            return [];
+        }
+        const resolvedRedirectUri = this.resolveRedirectUriFromEnv(oauthConfig.redirect_uri, profileId);
+        if (!resolvedRedirectUri) {
+            return [];
+        }
+        try {
+            const redirectUrl = new URL(resolvedRedirectUri);
+            return [redirectUrl.hostname];
+        }
+        catch {
+            return [];
+        }
+    }
+    resolveRedirectUriFromEnv(value, profileId) {
+        const match = value.match(/^\$\{env:([^}]+)\}$/);
+        if (!match) {
+            return value;
+        }
+        const envVar = match[1];
+        const envValue = process.env[envVar];
+        if (!envValue || envValue.trim().length === 0) {
+            const warningKey = `${profileId}:${envVar}`;
+            if (!this.warnedMissingOAuthRedirectEnvVars.has(warningKey)) {
+                this.warnedMissingOAuthRedirectEnvVars.add(warningKey);
+                this.logger.warn('OAuth redirect_uri environment variable is empty', {
+                    profileId,
+                    envVar,
+                });
+            }
+            return undefined;
+        }
+        return envValue;
+    }
+    resolveProfileIdFromPath(pathname) {
+        if (!this.config.profileRoutingEnabled) {
+            return null;
+        }
+        const match = /^\/profile\/([^/]+)/.exec(pathname);
+        if (!match) {
+            return null;
+        }
+        try {
+            return decodeURIComponent(match[1]);
+        }
+        catch {
+            return null;
+        }
+    }
+    resolveProfileIdForOriginCheck(req) {
+        const pathProfileId = this.resolveProfileIdFromPath(req.path);
+        if (pathProfileId) {
+            return pathProfileId;
+        }
+        const resource = req.query?.resource;
+        if (typeof resource === 'string') {
+            const profileId = this.resolveProfileIdFromResourceUrl(resource);
+            if (profileId) {
+                return profileId;
+            }
+        }
+        return this.getDefaultProfileId() ?? null;
+    }
+    async primeOAuthRedirectHosts(profileId) {
+        if (!this.profileContextProvider) {
+            return;
+        }
+        if (this.oauthRedirectHostCache.has(profileId)) {
+            return;
+        }
+        try {
+            const context = await this.profileContextProvider(profileId);
+            if (!context?.oauthConfig) {
+                this.oauthRedirectHostCache.set(profileId, []);
+                return;
+            }
+            const patterns = this.extractRedirectHostPatterns(context.oauthConfig, profileId);
+            this.oauthRedirectHostCache.set(profileId, patterns);
+        }
+        catch (error) {
+            if (error instanceof ConfigurationError && error.message === 'Profile not found') {
+                return;
+            }
+            this.logger.warn('Failed to preload OAuth redirect hosts', {
+                profileId,
+                error: String(error),
+            });
+        }
+    }
+    async isAllowedOriginForRequest(origin, req) {
+        if (this.isAllowedOrigin(origin)) {
+            return true;
+        }
+        if (!this.config.profileRoutingEnabled) {
+            return false;
+        }
+        const profileId = this.resolveProfileIdForOriginCheck(req);
+        if (!profileId) {
+            return false;
+        }
+        await this.primeOAuthRedirectHosts(profileId);
+        return this.isAllowedOrigin(origin);
+    }
     /**
      * Match hostname against allowed origin pattern
      *
@@ -280,9 +517,12 @@ export class HttpTransport {
             }
             const ipInt = this.ipv4ToInt(ip);
             const rangeInt = this.ipv4ToInt(range);
+            /* c8 ignore start - defensive check for edge cases where isIP() passes but parsing fails
+             * This should never happen in practice, but serves as a fail-safe */
             if (ipInt === null || rangeInt === null) {
                 return false;
             }
+            /* c8 ignore end */
             const mask = (0xFFFFFFFF << (32 - maskBits)) >>> 0;
             return (ipInt & mask) === (rangeInt & mask);
         }
@@ -292,9 +532,12 @@ export class HttpTransport {
         }
         const ipInt = this.ipv6ToBigInt(ip);
         const rangeInt = this.ipv6ToBigInt(range);
+        /* c8 ignore start - defensive check for edge cases where isIP() passes but parsing fails
+         * This should never happen in practice, but serves as a fail-safe */
         if (ipInt === null || rangeInt === null) {
             return false;
         }
+        /* c8 ignore end */
         const mask = this.ipv6Mask(maskBits);
         return (ipInt & mask) === (rangeInt & mask);
     }
@@ -368,17 +611,21 @@ export class HttpTransport {
             return null;
         }
         segments = [...headVals, ...Array(missing).fill(0), ...tailVals];
+        /* c8 ignore start - defensive check that should never trigger if logic above is correct */
         if (segments.length !== totalSegmentsNeeded) {
             return null;
         }
+        /* c8 ignore end */
         if (ipv4Tail !== null) {
             const high = (ipv4Tail >>> 16) & 0xFFFF;
             const low = ipv4Tail & 0xFFFF;
             segments.push(high, low);
         }
+        /* c8 ignore start - defensive check that should never trigger if logic above is correct */
         if (segments.length !== 8) {
             return null;
         }
+        /* c8 ignore end */
         let value = 0n;
         for (const part of segments) {
             value = (value << 16n) + BigInt(part);
@@ -428,6 +675,83 @@ export class HttpTransport {
     formatRateLimitMessage(scope, maxRequests, windowMs) {
         return `Rate limit exceeded for ${scope}. Max ${maxRequests} requests per ${windowMs / 1000} seconds.`;
     }
+    getProfilePrefix(profileId, options) {
+        if (!this.config.profileRoutingEnabled) {
+            return '';
+        }
+        if (options?.forceProfilePrefix && profileId) {
+            return `/profile/${encodeURIComponent(profileId)}`;
+        }
+        const defaultProfileId = this.getDefaultProfileId();
+        if (!profileId || (defaultProfileId && profileId === defaultProfileId)) {
+            return '';
+        }
+        return `/profile/${encodeURIComponent(profileId)}`;
+    }
+    buildProfilePath(profileId, path, options) {
+        const prefix = this.getProfilePrefix(profileId, options);
+        const normalizedPath = path.startsWith('/') ? path : `/${path}`;
+        return `${prefix}${normalizedPath}`;
+    }
+    getServerOrigin(profileId) {
+        if (profileId) {
+            const state = this.profileStates.get(profileId);
+            if (state?.oauthProvider?.redirectUri) {
+                try {
+                    return new URL(state.oauthProvider.redirectUri).origin;
+                }
+                catch {
+                    // Ignore invalid URL
+                }
+            }
+        }
+        const protocol = this.config.host.includes('://') ? '' : 'http://';
+        const host = this.config.host.includes('://') ? this.config.host : this.config.host;
+        return `${protocol}${host}:${this.config.port}`;
+    }
+    buildProfileUrl(profileId, path, options) {
+        return `${this.getServerOrigin(profileId)}${this.buildProfilePath(profileId, path, options)}`;
+    }
+    normalizeResourcePath(pathname) {
+        const normalized = pathname.replace(/\/+$/, '');
+        return normalized === '' ? '/' : normalized;
+    }
+    resolveProfileIdFromResourceUrl(resource) {
+        let url;
+        try {
+            url = new URL(resource);
+        }
+        catch {
+            return null;
+        }
+        const path = this.normalizeResourcePath(url.pathname);
+        if (path === '/mcp') {
+            return this.getDefaultProfileId() ?? null;
+        }
+        if (!this.config.profileRoutingEnabled) {
+            return null;
+        }
+        const match = /^\/profile\/([^/]+)\/mcp$/.exec(path);
+        if (!match) {
+            return null;
+        }
+        try {
+            return decodeURIComponent(match[1]);
+        }
+        catch {
+            return null;
+        }
+    }
+    getOAuthProtectedResourceUrl(profileId) {
+        const effectiveProfileId = profileId ?? this.getDefaultProfileId();
+        return this.buildProfileUrl(effectiveProfileId, OAUTH_PATHS.WELL_KNOWN_PROTECTED_RESOURCE);
+    }
+    respondProfileNotFound(res, profileId) {
+        res.status(HTTP_STATUS.NOT_FOUND).json({
+            error: 'Not Found',
+            message: profileId ? `Profile '${profileId}' not found` : 'Profile not found',
+        });
+    }
     /**
      * Setup MCP endpoint routes
      *
@@ -437,303 +761,100 @@ export class HttpTransport {
         this.logger.info('Setting up HTTP routes');
         // Security: Rate limiting setup (needed for OAuth routes)
         const rateLimitEnabled = this.config.rateLimitEnabled !== false; // default: true
-        // Rate limiter for OAuth endpoints (stricter limits for security)
-        // OAuth endpoints are sensitive and should have lower limits than general API
-        // Configuration priority: profile > env vars > defaults
-        const oauthWindowMs = this.config.rateLimitOAuthWindowMs || OAUTH_RATE_LIMIT.WINDOW_MS;
-        const oauthMaxRequests = this.config.rateLimitOAuthMax || OAUTH_RATE_LIMIT.MAX_REQUESTS;
-        const oauthRateLimiter = this.createRateLimiter({
-            enabled: rateLimitEnabled,
-            windowMs: oauthWindowMs,
-            maxRequests: oauthMaxRequests,
-            logMessage: 'Rate limit exceeded for OAuth',
-            responseMessage: `Too many OAuth requests. Limit: ${oauthMaxRequests} requests per ${Math.round(oauthWindowMs / 60000)} minutes. Please try again later.`,
-        });
-        // OAuth 2.0 routes (if configured)
-        if (this.oauthProvider) {
-            // Build redirect URI
-            const redirectUri = this.oauthProvider.redirectUri ||
-                `http://${this.config.host}:${this.config.port}/oauth/callback`;
-            // Derive serverUrl from redirectUri
-            const baseUrl = new URL(redirectUri).origin;
-            const serverUrl = new URL(`${baseUrl}/mcp`);
-            // issuerUrl should be the base URL of the authorization server (e.g. https://gitlab.com),
-            // NOT the authorization endpoint (e.g. https://gitlab.com/oauth/authorize)
-            // We try to derive it from authorizationEndpoint if not explicitly configured
-            // Note: authorizationEndpoint might not be ready yet (async initialization),
-            // so we use serverUrl.origin as fallback
-            let issuerUrl;
-            try {
-                const authEndpoint = this.oauthProvider.authorizationEndpoint;
-                if (authEndpoint) {
-                    // Try to extract base URL from auth endpoint
-                    const authUrl = new URL(authEndpoint);
-                    issuerUrl = new URL(authUrl.origin);
-                }
-                else {
-                    // Fallback: use server origin (will be updated after async init)
-                    issuerUrl = new URL(serverUrl.origin);
-                }
-            }
-            catch (e) {
-                // Fallback: use server origin
-                issuerUrl = new URL(serverUrl.origin);
+        const profileRoutingEnabled = this.config.profileRoutingEnabled === true;
+        const defaultProfileId = this.getDefaultProfileId();
+        const attachProfileId = (req, _res, next) => {
+            req.profileId = req.params.profileId;
+            next();
+        };
+        const oauthRateLimiterByProfile = new Map();
+        const getOAuthRateLimiter = (profileState) => {
+            const existing = oauthRateLimiterByProfile.get(profileState.profileId);
+            if (existing) {
+                return existing;
             }
-            this.logger.info('Setting up OAuth routes', {
-                serverUrl: serverUrl.toString(),
-                issuerUrl: issuerUrl.toString(),
-                redirectUri,
-            });
-            // Install MCP OAuth router
-            // This adds standard OAuth endpoints:
-            // - /.well-known/oauth-authorization-server
-            // - /.well-known/oauth-protected-resource
-            // - /oauth/authorize
-            // - /oauth/token
-            // - /oauth/register (dynamic client registration)
-            // - /oauth/revoke (token revocation)
-            // Only register resource server endpoints, not authorization server endpoints
-            // since our MCP server is not an OAuth authorization server
-            this.app.get(OAUTH_PATHS.WELL_KNOWN_PROTECTED_RESOURCE, oauthRateLimiter, (req, res) => {
-                // Build metadata object with only defined fields (RFC 8707)
-                const metadata = {
-                    resource: serverUrl.href,
-                    authorization_servers: [serverUrl.origin], // We are the authorization server (proxy)
-                    bearer_methods_supported: ['header'],
-                };
-                // Optional: scopes_supported (only if scopes are defined)
-                if (this.oauthProvider?.scopes && this.oauthProvider.scopes.length > 0) {
-                    metadata.scopes_supported = this.oauthProvider.scopes;
-                }
-                // Optional: resource_name (from config, already has fallback in mcp-server.ts)
-                if (this.config.resourceName) {
-                    metadata.resource_name = this.config.resourceName;
-                }
-                // Optional: resource_documentation (from config, may be undefined)
-                if (this.config.resourceDocumentation) {
-                    metadata.resource_documentation = this.config.resourceDocumentation;
-                }
-                res.json(metadata);
-            });
-            // Authorization endpoint
-            // Initiates the OAuth flow by redirecting the user to the external provider
-            this.app.get(OAUTH_PATHS.AUTHORIZE, oauthRateLimiter, async (req, res) => {
-                try {
-                    const { response_type, client_id, redirect_uri, scope, state, code_challenge, code_challenge_method } = req.query;
-                    if (!client_id || typeof client_id !== 'string') {
-                        res.status(HTTP_STATUS.BAD_REQUEST).send('Missing client_id');
-                        return;
-                    }
-                    if (!redirect_uri || typeof redirect_uri !== 'string') {
-                        res.status(HTTP_STATUS.BAD_REQUEST).send('Missing redirect_uri');
-                        return;
-                    }
-                    if (this.oauthProvider) {
-                        // Ensure provider is initialized before client validation
-                        // This registers configured client_id if present
-                        await this.oauthProvider.ensureEndpointsInitialized();
-                        // Find the client to validate configuration
-                        const client = await this.oauthProvider.clientsStore.getClient(client_id);
-                        if (!client) {
-                            res.status(HTTP_STATUS.BAD_REQUEST).send('Invalid client_id');
-                            return;
-                        }
-                        // Prepare parameters for provider authorization
-                        const scopeStr = (scope || '').trim();
-                        const params = {
-                            responseType: response_type || 'code',
-                            clientId: client_id,
-                            redirectUri: redirect_uri,
-                            scope: scopeStr ? scopeStr.split(' ') : [],
-                            state: state,
-                            codeChallenge: code_challenge,
-                            codeChallengeMethod: code_challenge_method,
-                            scopes: scopeStr ? scopeStr.split(' ') : [],
-                        };
-                        // Call provider authorize method which handles the redirect logic
-                        await this.oauthProvider.authorize(client, params, res);
-                    }
-                    else {
-                        res.status(HTTP_STATUS.INTERNAL_SERVER_ERROR).send('OAuth provider not initialized');
-                    }
-                }
-                catch (error) {
-                    this.logger.error('OAuth authorize error', error instanceof Error ? error : new Error(String(error)));
-                    res.status(HTTP_STATUS.INTERNAL_SERVER_ERROR).send('OAuth authorization failed');
-                }
-            });
-            // Token endpoint
-            // Exchanges authorization code or refresh token for access token
-            this.app.post(OAUTH_PATHS.TOKEN, oauthRateLimiter, express.urlencoded({ extended: false }), async (req, res) => {
-                try {
-                    const { grant_type, code, redirect_uri, client_id, code_verifier, refresh_token } = req.body;
-                    this.logger.debug('OAuth token request', {
-                        grant_type,
-                        client_id,
-                        has_code: !!code,
-                        has_code_verifier: !!code_verifier,
-                        redirect_uri,
-                    });
-                    if (grant_type === 'authorization_code') {
-                        // Authorization Code Flow
-                        if (!code) {
-                            res.status(HTTP_STATUS.BAD_REQUEST).json({ error: 'invalid_request', error_description: 'Missing code' });
-                            return;
-                        }
-                        if (this.oauthProvider) {
-                            // Ensure provider is initialized before client validation
-                            await this.oauthProvider.ensureEndpointsInitialized();
-                            const client = await this.oauthProvider.clientsStore.getClient(client_id);
-                            if (!client) {
-                                res.status(HTTP_STATUS.BAD_REQUEST).json({ error: 'invalid_client' });
-                                return;
-                            }
-                            const tokens = await this.oauthProvider.exchangeAuthorizationCode(client, code, code_verifier, redirect_uri);
-                            // Store OAuth tokens for later session initialization
-                            this.storeOAuthTokens(tokens, client.client_id, client.scope?.split(' ') || []);
-                            res.json(tokens);
-                        }
-                        else {
-                            res.status(HTTP_STATUS.INTERNAL_SERVER_ERROR).json({ error: 'server_error', error_description: 'OAuth provider not initialized' });
-                        }
-                    }
-                    else if (grant_type === 'refresh_token') {
-                        // Refresh Token Flow
-                        if (!refresh_token) {
-                            res.status(HTTP_STATUS.BAD_REQUEST).json({ error: 'invalid_request', error_description: 'Missing refresh_token' });
-                            return;
-                        }
-                        if (this.oauthProvider) {
-                            // Ensure provider is initialized before client validation
-                            await this.oauthProvider.ensureEndpointsInitialized();
-                            const client = await this.oauthProvider.clientsStore.getClient(client_id);
-                            if (!client) {
-                                res.status(HTTP_STATUS.BAD_REQUEST).json({ error: 'invalid_client' });
-                                return;
-                            }
-                            const tokens = await this.oauthProvider.exchangeRefreshToken(client, refresh_token);
-                            // Store OAuth tokens for later session initialization
-                            // Note: When refreshing, the old access token should be invalidated
-                            // but we don't track it here - the new token replaces it in the map
-                            this.storeOAuthTokens(tokens, client.client_id, client.scope?.split(' ') || []);
-                            res.json(tokens);
-                        }
-                        else {
-                            res.status(HTTP_STATUS.INTERNAL_SERVER_ERROR).json({ error: 'server_error', error_description: 'OAuth provider not initialized' });
-                        }
-                    }
-                    else {
-                        this.logger.warn('Unsupported grant type', { grant_type, expected: 'authorization_code or refresh_token' });
-                        res.status(HTTP_STATUS.BAD_REQUEST).json({ error: 'unsupported_grant_type' });
-                        return;
-                    }
-                }
-                catch (error) {
-                    this.logger.error('OAuth token exchange error', error instanceof Error ? error : new Error(String(error)));
-                    res.status(HTTP_STATUS.BAD_REQUEST).json({ error: 'invalid_grant', error_description: String(error) });
-                }
+            const oauthWindowMs = profileState.context.rateLimitOAuthWindowMs || OAUTH_RATE_LIMIT.WINDOW_MS;
+            const oauthMaxRequests = profileState.context.rateLimitOAuthMax || OAUTH_RATE_LIMIT.MAX_REQUESTS;
+            const limiter = this.createRateLimiter({
+                enabled: rateLimitEnabled,
+                windowMs: oauthWindowMs,
+                maxRequests: oauthMaxRequests,
+                logMessage: 'Rate limit exceeded for OAuth',
+                responseMessage: `Too many OAuth requests. Limit: ${oauthMaxRequests} requests per ${Math.round(oauthWindowMs / 60000)} minutes. Please try again later.`,
             });
-            // OAuth callback endpoint to receive tokens from authorization server
-            this.app.get(OAUTH_PATHS.CALLBACK, oauthRateLimiter, async (req, res) => {
-                try {
-                    const { code, state, error, error_description } = req.query;
-                    this.logger.info('OAuth callback received', {
-                        hasCode: !!code,
-                        hasState: !!state,
-                        error: error,
-                        errorDescription: error_description
-                    });
-                    if (error) {
-                        // Sanitize error messages to prevent XSS
-                        const safeError = escapeHtmlSafe(error);
-                        const safeErrorDesc = escapeHtmlSafe(error_description);
-                        res.status(HTTP_STATUS.BAD_REQUEST).json({
-                            error: safeError,
-                            error_description: safeErrorDesc || safeError
-                        });
-                        return;
-                    }
-                    if (!code || typeof code !== 'string') {
-                        res.status(HTTP_STATUS.BAD_REQUEST).send('Missing authorization code');
-                        return;
-                    }
-                    // Delegate to OAuth provider to handle token exchange and redirect back to client (Cursor)
-                    if (this.oauthProvider) {
-                        await this.oauthProvider.handleCallback(req, res);
-                    }
-                    else {
-                        res.status(HTTP_STATUS.INTERNAL_SERVER_ERROR).send('OAuth provider not initialized');
-                    }
-                }
-                catch (error) {
-                    this.logger.error('OAuth callback error', error instanceof Error ? error : new Error(String(error)));
-                    if (!res.headersSent) {
-                        res.status(HTTP_STATUS.INTERNAL_SERVER_ERROR).send('OAuth callback failed');
-                    }
-                }
-            });
-            // Provide authorization server metadata
-            // We advertise the MCP server itself as the authorization server (Proxy Mode)
-            // This allows us to handle the redirect dance between Cursor -> MCP -> GitLab -> MCP -> Cursor
-            this.app.get(OAUTH_PATHS.WELL_KNOWN_AUTHORIZATION_SERVER, async (req, res) => {
-                try {
-                    res.json({
-                        issuer: serverUrl.origin, // We are the issuer for the client
-                        authorization_endpoint: new URL(OAUTH_PATHS.AUTHORIZE, serverUrl.origin).href,
-                        token_endpoint: new URL(OAUTH_PATHS.TOKEN, serverUrl.origin).href,
-                        registration_endpoint: new URL(OAUTH_PATHS.REGISTER, serverUrl.origin).href,
-                        response_types_supported: ['code'],
-                        code_challenge_methods_supported: ['S256'],
-                        grant_types_supported: ['authorization_code', 'refresh_token'],
-                        scopes_supported: this.oauthProvider?.scopes || ['api'],
-                    });
-                }
-                catch (error) {
-                    this.logger.error('OAuth authorization server metadata error', error instanceof Error ? error : new Error(String(error)));
-                    res.status(HTTP_STATUS.INTERNAL_SERVER_ERROR).send('OAuth metadata failed');
-                }
-            });
-            // Dynamic Client Registration endpoint
-            // Cursor requires this to register itself with a redirect URI
-            this.app.post(OAUTH_PATHS.REGISTER, express.json(), async (req, res) => {
-                try {
-                    const { redirect_uris } = req.body;
-                    this.logger.info('Dynamic client registration request', { redirect_uris });
-                    // We don't actually strictly enforce registration in this proxy mode,
-                    // but we return a valid client configuration to satisfy the client.
-                    // We use a static client ID for the internal mapping.
-                    const clientId = 'mcp-proxy-client';
-                    const clientSecret = 'mcp-proxy-secret';
-                    // Register this client in our internal store so authorize requests pass validation
-                    if (this.oauthProvider) {
-                        const client = {
-                            client_id: clientId,
-                            client_secret: clientSecret,
-                            redirect_uris: redirect_uris || [],
-                            grant_types: ['authorization_code', 'refresh_token'],
-                            response_types: ['code'],
-                            scope: (this.oauthProvider.scopes || []).join(' '),
-                        };
-                        // We need to cast to any because registerClient might not be exposed on the interface
-                        // but we know ExternalOAuthProvider uses InMemoryClientsStore
-                        await this.oauthProvider.clientsStore.registerClient(client);
-                    }
-                    res.status(HTTP_STATUS.CREATED).json({
-                        client_id: clientId,
-                        client_secret: clientSecret,
-                        redirect_uris: redirect_uris,
-                        grant_types: ['authorization_code', 'refresh_token'],
-                        response_types: ['code'],
-                        scope: (this.oauthProvider?.scopes || []).join(' '),
-                        token_endpoint_auth_method: 'client_secret_post'
-                    });
-                }
-                catch (error) {
-                    this.logger.error('Client registration failed', error instanceof Error ? error : new Error(String(error)));
-                    res.status(HTTP_STATUS.INTERNAL_SERVER_ERROR).json({ error: 'server_error', error_description: 'Registration failed' });
+            oauthRateLimiterByProfile.set(profileState.profileId, limiter);
+            return limiter;
+        };
+        const oauthRateLimiter = async (req, res, next) => {
+            const profileState = await this.getProfileStateForRequest(req);
+            if (!profileState) {
+                this.respondProfileNotFound(res, req.profileId);
+                return;
+            }
+            const limiter = getOAuthRateLimiter(profileState);
+            return limiter(req, res, next);
+        };
+        const withProfileState = (handler) => {
+            return async (req, res) => {
+                const profileState = await this.getProfileStateForRequest(req);
+                if (!profileState) {
+                    this.respondProfileNotFound(res, req.profileId);
+                    return;
                 }
+                await handler(req, res, profileState);
+            };
+        };
+        const registerOAuthRoutes = (basePath, includeProfileParam, includeProtectedResource) => {
+            const middlewares = includeProfileParam ? [attachProfileId] : [];
+            const withOAuthRateLimit = [...middlewares, oauthRateLimiter];
+            const withProfile = (handler) => {
+                return [...middlewares, oauthRateLimiter, withProfileState(handler)];
+            };
+            if (includeProtectedResource) {
+                this.app.get(`${basePath}${OAUTH_PATHS.WELL_KNOWN_PROTECTED_RESOURCE}`, ...withProfile((req, res, profileState) => this.handleOAuthProtectedResource(req, res, profileState)));
+            }
+            this.app.get(`${basePath}${OAUTH_PATHS.AUTHORIZE}`, ...withProfile((req, res, profileState) => this.handleOAuthAuthorize(req, res, profileState)));
+            this.app.post(`${basePath}${OAUTH_PATHS.TOKEN}`, ...middlewares, oauthRateLimiter, express.urlencoded({ extended: false, limit: '50kb' }), withProfileState((req, res, profileState) => this.handleOAuthToken(req, res, profileState)));
+            this.app.get(`${basePath}${OAUTH_PATHS.CALLBACK}`, ...withProfile((req, res, profileState) => this.handleOAuthCallback(req, res, profileState)));
+            this.app.get(`${basePath}${OAUTH_PATHS.WELL_KNOWN_AUTHORIZATION_SERVER}`, ...withProfile((req, res, profileState) => this.handleOAuthAuthorizationServerMetadata(req, res, profileState)));
+            this.app.post(`${basePath}${OAUTH_PATHS.REGISTER}`, ...middlewares, oauthRateLimiter, express.json(), withProfileState((req, res, profileState) => this.handleOAuthRegister(req, res, profileState)));
+            this.logger.info('OAuth routes registered', {
+                basePath,
+                profileRoutingEnabled,
             });
-            this.logger.info('OAuth routes registered');
+        };
+        if (defaultProfileId) {
+            registerOAuthRoutes('', false, false);
+        }
+        if (profileRoutingEnabled) {
+            registerOAuthRoutes('/profile/:profileId', true, true);
+        }
+        const attachProfileFromResourceQuery = (req, res, next) => {
+            const { resource } = req.query;
+            if (resource === undefined) {
+                next();
+                return;
+            }
+            if (typeof resource !== 'string') {
+                res.status(HTTP_STATUS.BAD_REQUEST).json({
+                    error: 'invalid_request',
+                    message: 'Invalid resource query parameter',
+                });
+                return;
+            }
+            const profileId = this.resolveProfileIdFromResourceUrl(resource);
+            if (!profileId) {
+                res.status(HTTP_STATUS.NOT_FOUND).json({
+                    error: 'Not Found',
+                    message: 'OAuth metadata unavailable for requested resource',
+                });
+                return;
+            }
+            req.profileId = profileId;
+            next();
+        };
+        if (defaultProfileId || profileRoutingEnabled) {
+            this.app.get(OAUTH_PATHS.WELL_KNOWN_PROTECTED_RESOURCE, attachProfileFromResourceQuery, oauthRateLimiter, withProfileState((req, res, profileState) => this.handleOAuthProtectedResource(req, res, profileState)));
         }
         // Security: Rate limiting setup (for MCP endpoints)
         const windowMs = this.config.rateLimitWindowMs || TIMEOUTS.RATE_LIMIT_WINDOW_MS;
@@ -761,47 +882,67 @@ export class HttpTransport {
             logMessage: 'Rate limit exceeded for metrics',
             responseMessage: this.formatRateLimitMessage('metrics', metricsMaxRequests, windowMs),
         });
-        // Main MCP endpoint - POST for sending messages
-        this.app.post('/mcp', mcpRateLimiter, this.handlePost.bind(this));
-        // CORS preflight handler
-        this.app.options('/mcp', (req, res) => {
-            const origin = req.headers.origin;
-            // Only send CORS headers for explicitly allowed origins; otherwise reject
-            if (origin && this.isAllowedOrigin(origin)) {
-                // nosemgrep: javascript.express.security.cors-misconfiguration.cors-misconfiguration
-                res.setHeader('Access-Control-Allow-Origin', origin);
-                res.setHeader('Access-Control-Allow-Methods', 'POST, GET, OPTIONS');
-                res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization, Accept, Mcp-Session-Id');
-                // We do not allow credentials; prevents cookie-based attacks by default
-                res.setHeader('Access-Control-Allow-Credentials', 'false');
-                res.setHeader('Access-Control-Max-Age', '86400'); // 24 hours cache
-                return res.status(HTTP_STATUS.OK).send();
-            }
-            // Disallowed origin: do not echo origin or emit permissive headers
-            res.status(HTTP_STATUS.FORBIDDEN).json({ error: 'Forbidden', message: 'Origin not allowed' });
-        });
-        this.logger.info('Registered POST /mcp route');
-        // Main MCP endpoint - GET for SSE streaming
-        this.app.get('/mcp', mcpRateLimiter, this.handleGet.bind(this));
-        // Session termination
-        this.app.delete('/mcp', mcpRateLimiter, this.handleDelete.bind(this));
-        // Legacy alias endpoints - deprecated
-        // Why: Backward compatibility for clients using /sse during migration
-        this.app.post('/sse', mcpRateLimiter, (req, res, next) => {
-            this.logger.warn('Deprecated endpoint used: POST /sse. Please migrate to POST /mcp');
-            this.logger.info('Handling POST /sse request');
-            return this.handlePost(req, res, next);
-        });
-        this.app.get('/sse', mcpRateLimiter, (req, res, next) => {
-            this.logger.warn('Deprecated endpoint used: GET /sse. Please migrate to GET /mcp');
-            this.logger.info(`Handling GET /sse request from: ${req.ip}`);
-            return this.handleGet(req, res, next);
-        });
-        this.logger.info('Registered SSE routes: POST/GET/DELETE /sse');
-        this.app.delete('/sse', mcpRateLimiter, (req, res, next) => {
-            this.logger.warn('Deprecated endpoint used: DELETE /sse. Please migrate to DELETE /mcp');
-            return this.handleDelete(req, res, next);
-        });
+        const registerMcpRoutes = (basePath, includeProfileParam, isDefault) => {
+            const middlewares = includeProfileParam ? [attachProfileId] : [];
+            const pathPrefix = basePath || '';
+            // Main MCP endpoint - POST for sending messages
+            this.app.post(`${pathPrefix}/mcp`, ...middlewares, mcpRateLimiter, this.handlePost.bind(this));
+            // CORS preflight handler
+            this.app.options(`${pathPrefix}/mcp`, ...middlewares, async (req, res) => {
+                const origin = req.headers.origin;
+                try {
+                    // Only send CORS headers for explicitly allowed origins; otherwise reject
+                    if (origin && await this.isAllowedOriginForRequest(origin, req)) {
+                        // nosemgrep: javascript.express.security.cors-misconfiguration.cors-misconfiguration
+                        res.setHeader('Access-Control-Allow-Origin', origin);
+                        res.setHeader('Access-Control-Allow-Methods', 'POST, GET, OPTIONS');
+                        res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization, Accept, Mcp-Session-Id');
+                        // We do not allow credentials; prevents cookie-based attacks by default
+                        res.setHeader('Access-Control-Allow-Credentials', 'false');
+                        res.setHeader('Access-Control-Max-Age', '86400'); // 24 hours cache
+                        return res.status(HTTP_STATUS.OK).send();
+                    }
+                    // Disallowed origin: do not echo origin or emit permissive headers
+                    res.status(HTTP_STATUS.FORBIDDEN).json({ error: 'Forbidden', message: 'Origin not allowed' });
+                }
+                catch (error) {
+                    this.logger.error('Origin validation failed', error instanceof Error ? error : new Error(String(error)));
+                    res.status(HTTP_STATUS.FORBIDDEN).json({ error: 'Forbidden', message: 'Origin not allowed' });
+                }
+            });
+            // Main MCP endpoint - GET for SSE streaming
+            this.app.get(`${pathPrefix}/mcp`, ...middlewares, mcpRateLimiter, this.handleGet.bind(this));
+            // Session termination
+            this.app.delete(`${pathPrefix}/mcp`, ...middlewares, mcpRateLimiter, this.handleDelete.bind(this));
+            // Legacy alias endpoints - deprecated
+            // Why: Backward compatibility for clients using /sse during migration
+            this.app.post(`${pathPrefix}/sse`, ...middlewares, mcpRateLimiter, (req, res, next) => {
+                this.logger.warn('Deprecated endpoint used: POST /sse. Please migrate to POST /mcp');
+                this.logger.info('Handling POST /sse request');
+                return this.handlePost(req, res, next);
+            });
+            this.app.get(`${pathPrefix}/sse`, ...middlewares, mcpRateLimiter, (req, res, next) => {
+                this.logger.warn('Deprecated endpoint used: GET /sse. Please migrate to GET /mcp');
+                this.logger.info(`Handling GET /sse request from: ${req.ip}`);
+                return this.handleGet(req, res, next);
+            });
+            this.app.delete(`${pathPrefix}/sse`, ...middlewares, mcpRateLimiter, (req, res, next) => {
+                this.logger.warn('Deprecated endpoint used: DELETE /sse. Please migrate to DELETE /mcp');
+                return this.handleDelete(req, res, next);
+            });
+            if (isDefault) {
+                this.logger.info('Registered MCP routes for default profile', { pathPrefix: pathPrefix || '/mcp' });
+            }
+            else {
+                this.logger.info('Registered MCP routes for profile routing', { pathPrefix: `${pathPrefix}/mcp` });
+            }
+        };
+        if (defaultProfileId) {
+            registerMcpRoutes('', false, true);
+        }
+        if (profileRoutingEnabled) {
+            registerMcpRoutes('/profile/:profileId', true, false);
+        }
         // Metrics endpoint (if enabled)
         if (this.config.metricsEnabled) {
             this.app.get(this.config.metricsPath, metricsRateLimiter, this.handleMetrics.bind(this));
@@ -809,7 +950,11 @@ export class HttpTransport {
         // Health check (with rate limiting)
         this.app.get('/health', mcpRateLimiter, (req, res) => {
             const startTime = Date.now();
-            res.json({ status: 'ok', sessions: this.sessions.size });
+            let totalSessions = 0;
+            for (const state of this.profileStates.values()) {
+                totalSessions += state.sessions.size;
+            }
+            res.json({ status: 'ok', sessions: totalSessions });
             if (this.metrics) {
                 const duration = (Date.now() - startTime) / 1000;
                 this.metrics.recordHttpRequest(req.method, req.path, res.statusCode, duration);
@@ -833,6 +978,243 @@ export class HttpTransport {
             });
         });
     }
+    getProfileIssuerUrl(profileId, options) {
+        const origin = this.getServerOrigin(profileId);
+        const prefix = this.getProfilePrefix(profileId, options);
+        return `${origin}${prefix}`;
+    }
+    async handleOAuthProtectedResource(req, res, profileState) {
+        if (!profileState.oauthProvider) {
+            res.status(HTTP_STATUS.NOT_FOUND).json({ error: 'Not Found', message: 'OAuth not configured for this profile' });
+            return;
+        }
+        const profileId = profileState.profileId;
+        const isProfileScoped = typeof req.params?.profileId === 'string';
+        const urlOptions = isProfileScoped ? { forceProfilePrefix: true } : undefined;
+        const serverUrl = new URL(this.buildProfileUrl(profileId, '/mcp', urlOptions));
+        const issuerUrl = this.getProfileIssuerUrl(profileId, urlOptions);
+        const metadata = {
+            resource: serverUrl.href,
+            authorization_servers: [issuerUrl],
+            bearer_methods_supported: ['header'],
+        };
+        if (profileState.oauthProvider.scopes && profileState.oauthProvider.scopes.length > 0) {
+            metadata.scopes_supported = profileState.oauthProvider.scopes;
+        }
+        if (profileState.context.resourceName) {
+            metadata.resource_name = profileState.context.resourceName;
+        }
+        if (profileState.context.resourceDocumentation) {
+            metadata.resource_documentation = profileState.context.resourceDocumentation;
+        }
+        res.json(metadata);
+    }
+    async handleOAuthAuthorize(req, res, profileState) {
+        if (!profileState.oauthProvider) {
+            res.status(HTTP_STATUS.NOT_FOUND).send('OAuth not configured for this profile');
+            return;
+        }
+        try {
+            res.setHeader('Cache-Control', 'no-store');
+            const { response_type, client_id, redirect_uri, scope, state, code_challenge, code_challenge_method } = req.query;
+            if (!client_id || typeof client_id !== 'string') {
+                res.status(HTTP_STATUS.BAD_REQUEST).send('Missing client_id');
+                return;
+            }
+            if (!response_type || typeof response_type !== 'string') {
+                res.status(HTTP_STATUS.BAD_REQUEST).send('Missing response_type');
+                return;
+            }
+            if (response_type !== 'code') {
+                res.status(HTTP_STATUS.BAD_REQUEST).send('Unsupported response_type');
+                return;
+            }
+            if (!redirect_uri || typeof redirect_uri !== 'string') {
+                res.status(HTTP_STATUS.BAD_REQUEST).send('Missing redirect_uri');
+                return;
+            }
+            await profileState.oauthProvider.ensureEndpointsInitialized();
+            const client = await profileState.oauthProvider.clientsStore.getClient(client_id);
+            if (!client) {
+                res.status(HTTP_STATUS.BAD_REQUEST).send('Invalid client_id');
+                return;
+            }
+            const scopeStr = (scope || '').trim();
+            const params = {
+                responseType: response_type,
+                clientId: client_id,
+                redirectUri: redirect_uri,
+                scope: scopeStr ? scopeStr.split(' ') : [],
+                state: state,
+                codeChallenge: code_challenge,
+                codeChallengeMethod: code_challenge_method,
+                scopes: scopeStr ? scopeStr.split(' ') : [],
+            };
+            await profileState.oauthProvider.authorize(client, params, res);
+        }
+        catch (error) {
+            this.logger.error('OAuth authorize error', error instanceof Error ? error : new Error(String(error)));
+            res.status(HTTP_STATUS.INTERNAL_SERVER_ERROR).send('OAuth authorization failed');
+        }
+    }
+    async handleOAuthToken(req, res, profileState) {
+        if (!profileState.oauthProvider) {
+            res.status(HTTP_STATUS.NOT_FOUND).json({ error: 'server_error', error_description: 'OAuth provider not initialized' });
+            return;
+        }
+        try {
+            res.setHeader('Cache-Control', 'no-store');
+            const { grant_type, code, redirect_uri, client_id, code_verifier, refresh_token } = req.body;
+            this.logger.debug('OAuth token request', {
+                profileId: profileState.profileId,
+                grant_type,
+                client_id,
+                has_code: !!code,
+                has_code_verifier: !!code_verifier,
+                redirect_uri,
+            });
+            if (grant_type === 'authorization_code') {
+                if (!code) {
+                    res.status(HTTP_STATUS.BAD_REQUEST).json({ error: 'invalid_request', error_description: 'Missing code' });
+                    return;
+                }
+                await profileState.oauthProvider.ensureEndpointsInitialized();
+                const client = await profileState.oauthProvider.clientsStore.getClient(client_id);
+                if (!client) {
+                    res.status(HTTP_STATUS.BAD_REQUEST).json({ error: 'invalid_client' });
+                    return;
+                }
+                const tokens = await profileState.oauthProvider.exchangeAuthorizationCode(client, code, code_verifier, redirect_uri);
+                this.storeOAuthTokens(profileState, tokens, client.client_id, client.scope?.split(' ') || []);
+                res.json(tokens);
+                return;
+            }
+            if (grant_type === 'refresh_token') {
+                if (!refresh_token) {
+                    res.status(HTTP_STATUS.BAD_REQUEST).json({ error: 'invalid_request', error_description: 'Missing refresh_token' });
+                    return;
+                }
+                await profileState.oauthProvider.ensureEndpointsInitialized();
+                const client = await profileState.oauthProvider.clientsStore.getClient(client_id);
+                if (!client) {
+                    res.status(HTTP_STATUS.BAD_REQUEST).json({ error: 'invalid_client' });
+                    return;
+                }
+                const tokens = await profileState.oauthProvider.exchangeRefreshToken(client, refresh_token);
+                this.storeOAuthTokens(profileState, tokens, client.client_id, client.scope?.split(' ') || []);
+                res.json(tokens);
+                return;
+            }
+            this.logger.warn('Unsupported grant type', { grant_type, expected: 'authorization_code or refresh_token' });
+            res.status(HTTP_STATUS.BAD_REQUEST).json({ error: 'unsupported_grant_type' });
+        }
+        catch (error) {
+            this.logger.error('OAuth token exchange error', error instanceof Error ? error : new Error(String(error)));
+            res.status(HTTP_STATUS.BAD_REQUEST).json({
+                error: 'invalid_grant',
+                error_description: 'Token exchange failed',
+            });
+        }
+    }
+    async handleOAuthCallback(req, res, profileState) {
+        if (!profileState.oauthProvider) {
+            res.status(HTTP_STATUS.NOT_FOUND).send('OAuth provider not initialized');
+            return;
+        }
+        try {
+            const { code, state, error, error_description } = req.query;
+            this.logger.info('OAuth callback received', {
+                profileId: profileState.profileId,
+                hasCode: !!code,
+                hasState: !!state,
+                error: error,
+                errorDescription: error_description,
+            });
+            if (error) {
+                const safeError = escapeHtmlSafe(error);
+                const safeErrorDesc = escapeHtmlSafe(error_description);
+                res.status(HTTP_STATUS.BAD_REQUEST).json({
+                    error: safeError,
+                    error_description: safeErrorDesc || safeError,
+                });
+                return;
+            }
+            if (!code || typeof code !== 'string') {
+                res.status(HTTP_STATUS.BAD_REQUEST).send('Missing authorization code');
+                return;
+            }
+            await profileState.oauthProvider.handleCallback(req, res);
+        }
+        catch (error) {
+            this.logger.error('OAuth callback error', error instanceof Error ? error : new Error(String(error)));
+            if (!res.headersSent) {
+                res.status(HTTP_STATUS.INTERNAL_SERVER_ERROR).send('OAuth callback failed');
+            }
+        }
+    }
+    async handleOAuthAuthorizationServerMetadata(req, res, profileState) {
+        if (!profileState.oauthProvider) {
+            res.status(HTTP_STATUS.NOT_FOUND).send('OAuth metadata unavailable');
+            return;
+        }
+        try {
+            const profileId = profileState.profileId;
+            const isProfileScoped = typeof req.params?.profileId === 'string';
+            const urlOptions = isProfileScoped ? { forceProfilePrefix: true } : undefined;
+            const issuer = this.getProfileIssuerUrl(profileId, urlOptions);
+            res.json({
+                issuer,
+                authorization_endpoint: this.buildProfileUrl(profileId, OAUTH_PATHS.AUTHORIZE, urlOptions),
+                token_endpoint: this.buildProfileUrl(profileId, OAUTH_PATHS.TOKEN, urlOptions),
+                registration_endpoint: this.buildProfileUrl(profileId, OAUTH_PATHS.REGISTER, urlOptions),
+                response_types_supported: ['code'],
+                code_challenge_methods_supported: ['S256'],
+                grant_types_supported: ['authorization_code', 'refresh_token'],
+                scopes_supported: profileState.oauthProvider.scopes || ['api'],
+            });
+        }
+        catch (error) {
+            this.logger.error('OAuth authorization server metadata error', error instanceof Error ? error : new Error(String(error)));
+            res.status(HTTP_STATUS.INTERNAL_SERVER_ERROR).send('OAuth metadata failed');
+        }
+    }
+    async handleOAuthRegister(req, res, profileState) {
+        if (!profileState.oauthProvider) {
+            res.status(HTTP_STATUS.NOT_FOUND).json({ error: 'server_error', error_description: 'Registration unavailable' });
+            return;
+        }
+        try {
+            const { redirect_uris } = req.body;
+            this.logger.info('Dynamic client registration request', {
+                profileId: profileState.profileId,
+                redirect_uris,
+            });
+            const clientId = 'mcp-proxy-client';
+            const clientSecret = 'mcp-proxy-secret';
+            const client = {
+                client_id: clientId,
+                client_secret: clientSecret,
+                redirect_uris: redirect_uris || [],
+                grant_types: ['authorization_code', 'refresh_token'],
+                response_types: ['code'],
+                scope: (profileState.oauthProvider.scopes || []).join(' '),
+            };
+            await profileState.oauthProvider.clientsStore.registerClient(client);
+            res.status(HTTP_STATUS.CREATED).json({
+                client_id: clientId,
+                client_secret: clientSecret,
+                redirect_uris: redirect_uris,
+                grant_types: ['authorization_code', 'refresh_token'],
+                response_types: ['code'],
+                scope: (profileState.oauthProvider.scopes || []).join(' '),
+                token_endpoint_auth_method: 'client_secret_post',
+            });
+        }
+        catch (error) {
+            this.logger.error('Client registration failed', error instanceof Error ? error : new Error(String(error)));
+            res.status(HTTP_STATUS.INTERNAL_SERVER_ERROR).json({ error: 'server_error', error_description: 'Registration failed' });
+        }
+    }
     /**
      * Handle metrics endpoint
      *
@@ -851,8 +1233,14 @@ export class HttpTransport {
             // Don't record metrics call in metrics (avoid recursion)
         }
         catch (error) {
-            this.logger.error('Metrics endpoint error', error);
-            res.status(HTTP_STATUS.INTERNAL_SERVER_ERROR).json({ error: 'Internal Server Error', message: error.message });
+            const correlationId = generateCorrelationId();
+            this.logger.error('Metrics endpoint error', error, { correlationId });
+            res.setHeader('Cache-Control', 'no-store');
+            res.status(HTTP_STATUS.INTERNAL_SERVER_ERROR).json({
+                error: 'Internal Server Error',
+                message: `Internal error (correlation ID: ${correlationId})`,
+                correlationId
+            });
         }
     }
     /**
@@ -969,11 +1357,11 @@ export class HttpTransport {
      *
      * Returns: { type: 'bearer' | 'oauth' | 'api-token', token: string, sessionId?: string }
      */
-    extractAuthToken(req) {
+    extractAuthToken(req, profileState) {
         // 1. Check for OAuth session first (highest priority for authenticated sessions)
         const sessionId = req.sessionId || req.headers['mcp-session-id'];
-        if (sessionId && this.sessions.has(sessionId)) {
-            const session = this.sessions.get(sessionId);
+        if (sessionId && profileState.sessions.has(sessionId)) {
+            const session = profileState.sessions.get(sessionId);
             if (session && session.authToken) {
                 return { type: 'oauth', token: session.authToken, sessionId };
             }
@@ -1008,6 +1396,26 @@ export class HttpTransport {
         }
         return { type: 'none' };
     }
+    /**
+     * Lazy initialization of ToolFilterService
+     */
+    getToolFilterService(profileState) {
+        if (!profileState.toolFilterService) {
+            const validator = new RegexValidator();
+            const compiler = new RegexCompiler(validator);
+            const envParser = new EnvConfigParser(compiler);
+            const headerParser = new HeaderConfigParser(compiler);
+            // Create OperationDetector for category filtering (if parser available)
+            let detector;
+            if (profileState.context.parser) {
+                const classifier = new OperationClassifier();
+                const resolver = new OpenAPIOperationResolver(profileState.context.parser);
+                detector = new OperationDetector(classifier, resolver);
+            }
+            profileState.toolFilterService = new ToolFilterService(envParser, headerParser, this.logger, detector);
+        }
+        return profileState.toolFilterService;
+    }
     /**
      * Handle POST requests - Client sending messages to server
      *
@@ -1017,8 +1425,19 @@ export class HttpTransport {
         const startTime = Date.now();
         try {
             this.logger.debug('handlePost called', { method: req.method, path: req.path, sessionId: req.sessionId, accept: req.headers.accept });
+            const profileState = await this.getProfileStateForRequest(req);
+            if (!profileState) {
+                this.respondProfileNotFound(res, req.profileId);
+                return;
+            }
+            const requestProfileId = req.profileId ?? profileState.profileId;
             const sessionId = req.sessionId;
             const body = req.body;
+            const filteringHeader = normalizeFilteringHeaderValue(this.getFilteringHeaderValue(req));
+            const parsedFiltering = filteringHeader ? parseFilteringHeader(filteringHeader) : undefined;
+            const toolFilterHeader = normalizeToolFilterHeaderValue(this.getToolFilterHeaderValue(req));
+            const parsedToolFilter = toolFilterHeader !== undefined ? parseSessionToolFilterHeader(toolFilterHeader) : undefined;
+            const normalizedToolFilterHeader = parsedToolFilter?.normalizedHeader;
             // Validate Accept header per MCP Streamable HTTP specification
             const accept = req.headers.accept || '';
             // POST requests can return either JSON or SSE, so must accept both if specified
@@ -1047,12 +1466,22 @@ export class HttpTransport {
             this.logger.debug('Session validation', { isInitialization, sessionId, bodyMethod: body?.method });
             // Validate session (except for initialization)
             if (!isInitialization && sessionId) {
-                const session = this.sessions.get(sessionId);
+                const session = profileState.sessions.get(sessionId);
                 if (!session) {
                     res.status(HTTP_STATUS.NOT_FOUND).json({ error: 'Not Found', message: 'Session not found or expired' });
                     return;
                 }
-                this.updateSessionActivity(sessionId);
+                if (filteringHeader !== undefined) {
+                    if (!session.filteringHeader || session.filteringHeader !== filteringHeader) {
+                        throw new ValidationError('X-Mcp4-Params header mismatch for existing session.');
+                    }
+                }
+                if (normalizedToolFilterHeader !== undefined) {
+                    if (!session.toolFilterHeader || session.toolFilterHeader !== normalizedToolFilterHeader) {
+                        throw new ValidationError(`X-Mcp4-Tools header mismatch for existing session. Expected: '${session.toolFilterHeader ?? ''}', Got: '${normalizedToolFilterHeader}'.`);
+                    }
+                }
+                this.updateSessionActivity(profileState, sessionId);
             }
             else if (!isInitialization && !sessionId) {
                 this.logger.debug('Session validation failed: non-init request without sessionId');
@@ -1065,7 +1494,7 @@ export class HttpTransport {
             // If only notifications/responses, return 202 Accepted
             if (messageType === 'notification-only' || messageType === 'response-only') {
                 if (this.messageHandler) {
-                    await this.messageHandler(body);
+                    await this.messageHandler(body, undefined, requestProfileId);
                 }
                 res.status(HTTP_STATUS.ACCEPTED).send();
                 return;
@@ -1080,14 +1509,14 @@ export class HttpTransport {
                 let newSessionId;
                 if (isInitialization) {
                     // Extract and validate auth token from headers
-                    const authInfo = this.extractAuthToken(req);
+                    const authInfo = this.extractAuthToken(req, profileState);
                     this.logger.debug('Auth token extracted', { authType: authInfo?.type, hasToken: !!authInfo?.token });
                     // If OAuth is configured, require authentication for initialization
                     // This ensures clients like Cursor properly handle OAuth flow
-                    if (this.oauthProvider && !authInfo.token) {
+                    if (profileState.oauthProvider && !authInfo.token) {
                         this.logger.debug('OAuth configured but no token provided, triggering OAuth flow');
-                        const resourceMetadataUrl = new URL(OAUTH_PATHS.WELL_KNOWN_PROTECTED_RESOURCE, this.getServerUrl()).href;
-                        res.setHeader('WWW-Authenticate', `Bearer resource_metadata="${resourceMetadataUrl}", scope="${this.oauthProvider.scopes.join(' ')}"`);
+                        const resourceMetadataUrl = this.getOAuthProtectedResourceUrl(requestProfileId);
+                        res.setHeader('WWW-Authenticate', `Bearer resource_metadata="${resourceMetadataUrl}", scope="${profileState.oauthProvider.scopes.join(' ')}"`);
                         res.status(HTTP_STATUS.UNAUTHORIZED).json({
                             error: 'Unauthorized',
                             message: 'Authentication required for OAuth'
@@ -1096,17 +1525,17 @@ export class HttpTransport {
                     }
                     // Allow initialization without token for non-OAuth scenarios
                     // Validate token if auth is configured and token is provided
-                    if (authInfo && authInfo.token && this.config.authConfigs && this.config.baseUrl) {
+                    if (authInfo && authInfo.token && profileState.context.authConfigs && profileState.context.baseUrl) {
                         // Find matching auth config based on priority (authConfigs is sorted)
                         // For 'bearer' token type, 'oauth' config is also a match
-                        const authConfig = this.config.authConfigs.find(c => c.type === authInfo.type ||
+                        const authConfig = profileState.context.authConfigs.find(c => c.type === authInfo.type ||
                             (authInfo.type === 'bearer' && c.type === 'oauth'));
                         if (authConfig && authConfig.validation_endpoint) {
                             this.logger.info('Validating auth token during initialization', {
                                 authType: authConfig.type, // Use config type for logging
                                 endpoint: authConfig.validation_endpoint,
                             });
-                            const isValid = await this.validateAuthToken(authConfig, authInfo.token, this.config.baseUrl);
+                            const isValid = await this.validateAuthToken(authConfig, authInfo.token, profileState.context.baseUrl);
                             if (!isValid) {
                                 this.logger.warn('Auth token validation failed during initialization', {
                                     authType: authInfo.type,
@@ -1126,7 +1555,7 @@ export class HttpTransport {
                     let scopes;
                     let oauthClientId;
                     if (authInfo.token && (authInfo.type === 'oauth' || authInfo.type === 'bearer')) {
-                        const tokenData = this.oauthTokensByAccessToken.get(authInfo.token);
+                        const tokenData = profileState.oauthTokensByAccessToken.get(authInfo.token);
                         if (tokenData) {
                             refreshToken = tokenData.refreshToken;
                             accessTokenExpiresAt = tokenData.expiresAt;
@@ -1144,21 +1573,21 @@ export class HttpTransport {
                             });
                         }
                     }
-                    newSessionId = this.createSession(authInfo.token, refreshToken, accessTokenExpiresAt, scopes, oauthClientId);
+                    newSessionId = this.createSession(profileState, authInfo.token, refreshToken, accessTokenExpiresAt, scopes, oauthClientId, parsedFiltering?.filtering, parsedFiltering?.normalizedHeader, parsedToolFilter, normalizedToolFilterHeader);
                 }
                 this.logger.debug('Calling messageHandler', { body, sessionId: isInitialization ? newSessionId : sessionId });
-                const response = await this.messageHandler(body, isInitialization ? newSessionId : sessionId);
+                const response = await this.messageHandler(body, isInitialization ? newSessionId : sessionId, requestProfileId);
                 this.logger.debug('MessageHandler response', { response });
                 // Debug: Check OAuth conditions
                 this.logger.debug('Checking OAuth conditions', {
                     responseError: response.error,
-                    hasOAuthProvider: !!this.oauthProvider,
-                    oauthProviderType: typeof this.oauthProvider
+                    hasOAuthProvider: !!profileState.oauthProvider,
+                    oauthProviderType: typeof profileState.oauthProvider
                 });
                 // Check if response contains OAuth error and add WWW-Authenticate header
                 const responseObj = response;
                 if (responseObj.error && responseObj.error.data && responseObj.error.data.oauth_required) {
-                    const resourceMetadataUrl = new URL(OAUTH_PATHS.WELL_KNOWN_PROTECTED_RESOURCE, this.getServerUrl()).href;
+                    const resourceMetadataUrl = this.getOAuthProtectedResourceUrl(requestProfileId);
                     res.setHeader('WWW-Authenticate', `Bearer resource_metadata="${resourceMetadataUrl}", scope="api"`);
                     res.status(HTTP_STATUS.UNAUTHORIZED); // Set 401 status for OAuth errors
                 }
@@ -1175,6 +1604,8 @@ export class HttpTransport {
                     if (newSessionId) {
                         res.setHeader('Mcp-Session-Id', newSessionId);
                     }
+                    // Security: Prevent caching of sensitive API responses
+                    res.setHeader('Cache-Control', 'no-store');
                     this.logger.debug('Sending JSON response', { response, newSessionId });
                     res.json(response);
                 }
@@ -1185,6 +1616,7 @@ export class HttpTransport {
         catch (error) {
             const correlationId = generateCorrelationId();
             this.logger.error('POST request error', error, { correlationId });
+            res.setHeader('Cache-Control', 'no-store');
             let status = 500;
             let errorLabel = 'Internal Server Error';
             let message = `Internal error (correlation ID: ${correlationId})`;
@@ -1231,6 +1663,11 @@ export class HttpTransport {
     async handleGet(req, res) {
         const startTime = Date.now();
         try {
+            const profileState = await this.getProfileStateForRequest(req);
+            if (!profileState) {
+                this.respondProfileNotFound(res, req.profileId);
+                return;
+            }
             const sessionId = req.sessionId;
             const lastEventId = req.headers['last-event-id'];
             // Validate Accept header
@@ -1244,14 +1681,14 @@ export class HttpTransport {
                 res.status(HTTP_STATUS.BAD_REQUEST).json({ error: 'Bad Request', message: 'Mcp-Session-Id header required' });
                 return;
             }
-            const session = this.sessions.get(sessionId);
+            const session = profileState.sessions.get(sessionId);
             if (!session) {
                 res.status(HTTP_STATUS.NOT_FOUND).json({ error: 'Not Found', message: 'Session not found or expired' });
                 return;
             }
-            this.updateSessionActivity(sessionId);
+            this.updateSessionActivity(profileState, sessionId);
             // Start SSE stream
-            this.startSSEStream(res, sessionId, lastEventId);
+            this.startSSEStream(res, sessionId, lastEventId, profileState);
             // Record metrics for successful SSE start
             if (this.metrics) {
                 const duration = (Date.now() - startTime) / 1000;
@@ -1259,10 +1696,16 @@ export class HttpTransport {
             }
         }
         catch (error) {
-            this.logger.error('GET request error', error);
+            const correlationId = generateCorrelationId();
+            this.logger.error('GET request error', error, { correlationId });
             const status = 500;
             if (!res.headersSent) {
-                res.status(status).json({ error: 'Internal Server Error', message: error.message });
+                res.setHeader('Cache-Control', 'no-store');
+                res.status(status).json({
+                    error: 'Internal Server Error',
+                    message: `Internal error (correlation ID: ${correlationId})`,
+                    correlationId
+                });
             }
             // Record error metrics
             if (this.metrics) {
@@ -1279,6 +1722,11 @@ export class HttpTransport {
     handleDelete(req, res) {
         const startTime = Date.now();
         const sessionId = req.sessionId;
+        const profileId = this.getProfileIdForRequest(req);
+        if (!profileId) {
+            this.respondProfileNotFound(res, req.profileId);
+            return;
+        }
         if (!sessionId) {
             const status = 400;
             res.status(status).json({ error: 'Bad Request', message: 'Mcp-Session-Id header required' });
@@ -1288,7 +1736,12 @@ export class HttpTransport {
             }
             return;
         }
-        const session = this.sessions.get(sessionId);
+        const profileState = this.profileStates.get(profileId);
+        if (!profileState) {
+            this.respondProfileNotFound(res, profileId);
+            return;
+        }
+        const session = profileState.sessions.get(sessionId);
         if (!session) {
             const status = 404;
             res.status(status).json({ error: 'Not Found', message: 'Session not found' });
@@ -1298,7 +1751,7 @@ export class HttpTransport {
             }
             return;
         }
-        this.destroySession(sessionId);
+        this.destroySession(profileState, sessionId);
         const status = 204;
         res.status(status).send();
         if (this.metrics) {
@@ -1330,12 +1783,12 @@ export class HttpTransport {
      *
      * Why: Allows server to send requests/notifications to client
      */
-    startSSEStream(res, sessionId, lastEventId) {
+    startSSEStream(res, sessionId, lastEventId, profileState) {
         res.setHeader('Content-Type', MIME_TYPES.EVENT_STREAM);
         res.setHeader('Cache-Control', 'no-cache');
         res.setHeader('Connection', 'keep-alive');
         const streamId = crypto.randomBytes(16).toString('hex');
-        const session = this.sessions.get(sessionId);
+        const session = profileState.sessions.get(sessionId);
         const streamState = {
             streamId,
             lastEventId: lastEventId ? parseInt(lastEventId, 10) : 0,
@@ -1385,10 +1838,10 @@ export class HttpTransport {
      *
      * Why: Server-initiated requests/notifications
      */
-    sendToClient(sessionId, message) {
-        const session = this.sessions.get(sessionId);
+    sendToClient(profileId, sessionId, message) {
+        const session = this.profileStates.get(profileId)?.sessions.get(sessionId);
         if (!session) {
-            this.logger.warn('Cannot send to client: session not found', { sessionId });
+            this.logger.warn('Cannot send to client: session not found', { profileId, sessionId });
             return;
         }
         const eventId = Date.now();
@@ -1437,12 +1890,38 @@ export class HttpTransport {
         }
         return 'unknown';
     }
+    getFilteringHeaderValue(req) {
+        const headerValue = req.headers['x-mcp4-params'];
+        if (Array.isArray(headerValue)) {
+            if (headerValue.length === 0) {
+                return undefined;
+            }
+            if (headerValue.length > 1) {
+                throw new ValidationError('Invalid X-Mcp4-Params header. Expected comma-separated key=value pairs.');
+            }
+            return headerValue[0];
+        }
+        return headerValue;
+    }
+    getToolFilterHeaderValue(req) {
+        const headerValue = req.headers['x-mcp4-tools'];
+        if (Array.isArray(headerValue)) {
+            if (headerValue.length === 0) {
+                return undefined;
+            }
+            if (headerValue.length > 1) {
+                throw new ValidationError('Invalid X-Mcp4-Tools header. Expected comma-separated tool names.');
+            }
+            return headerValue[0];
+        }
+        return headerValue;
+    }
     /**
      * Create new session
      *
      * Why: Stateful sessions for MCP protocol
      */
-    createSession(authToken, refreshToken, accessTokenExpiresAt, scopes, oauthClientId) {
+    createSession(profileState, authToken, refreshToken, accessTokenExpiresAt, scopes, oauthClientId, filtering, filteringHeader, toolFilterRequest, toolFilterHeader) {
         // Validate token if provided (defense in depth)
         if (authToken) {
             this.validateToken(authToken, 'Session auth token');
@@ -1458,9 +1937,14 @@ export class HttpTransport {
             accessTokenExpiresAt,
             scopes,
             oauthClientId,
+            filtering,
+            filteringHeader,
+            toolFilterRequest,
+            toolFilterHeader,
         };
-        this.sessions.set(sessionId, session);
+        profileState.sessions.set(sessionId, session);
         this.logger.info('Session created', {
+            profileId: profileState.profileId,
             sessionId,
             hasAuthToken: !!authToken,
             hasRefreshToken: !!refreshToken,
@@ -1475,8 +1959,8 @@ export class HttpTransport {
     /**
      * Update session activity timestamp
      */
-    updateSessionActivity(sessionId) {
-        const session = this.sessions.get(sessionId);
+    updateSessionActivity(profileState, sessionId) {
+        const session = profileState.sessions.get(sessionId);
         if (session) {
             session.lastActivityAt = Date.now();
         }
@@ -1486,8 +1970,8 @@ export class HttpTransport {
      *
      * Why: Free memory, close streams
      */
-    destroySession(sessionId) {
-        const session = this.sessions.get(sessionId);
+    destroySession(profileState, sessionId) {
+        const session = profileState.sessions.get(sessionId);
         if (session) {
             // Close all active SSE streams
             for (const [, streamState] of session.sseStreams) {
@@ -1506,15 +1990,16 @@ export class HttpTransport {
             session.sseStreams.clear();
             // Clean up OAuth token from map if present
             if (session.authToken) {
-                this.oauthTokensByAccessToken.delete(session.authToken);
+                profileState.oauthTokensByAccessToken.delete(session.authToken);
             }
-            this.sessions.delete(sessionId);
-            this.logger.info('Session destroyed', { sessionId });
+            profileState.sessions.delete(sessionId);
+            this.logger.info('Session destroyed', { profileId: profileState.profileId, sessionId });
             // Notify session destruction listeners (for cleanup in MCPServer)
-            this.notifySessionDestroyed(sessionId);
+            this.notifySessionDestroyed(profileState.profileId, sessionId);
             // Record metrics
             if (this.metrics) {
                 this.metrics.recordSessionDestroyed();
+                this.metrics.clearToolsSession(sessionId);
             }
         }
     }
@@ -1529,10 +2014,10 @@ export class HttpTransport {
     /**
      * Notify all listeners about session destruction
      */
-    notifySessionDestroyed(sessionId) {
+    notifySessionDestroyed(profileId, sessionId) {
         for (const listener of this.sessionDestroyedListeners) {
             try {
-                listener(sessionId);
+                listener(profileId, sessionId);
             }
             catch (error) {
                 this.logger.error('Session destroyed listener error', error);
@@ -1545,7 +2030,7 @@ export class HttpTransport {
      * Why: Bridge between /oauth/token endpoint (where we see OAuthTokens)
      * and session initialization (where we only see access token in Authorization header)
      */
-    storeOAuthTokens(tokens, clientId, scopes) {
+    storeOAuthTokens(profileState, tokens, clientId, scopes) {
         if (!tokens.access_token) {
             this.logger.warn('OAuth tokens missing access_token, skipping storage');
             return;
@@ -1553,13 +2038,14 @@ export class HttpTransport {
         const expiresAt = tokens.expires_in
             ? Date.now() + tokens.expires_in * 1000
             : undefined;
-        this.oauthTokensByAccessToken.set(tokens.access_token, {
+        profileState.oauthTokensByAccessToken.set(tokens.access_token, {
             refreshToken: tokens.refresh_token,
             expiresAt,
             clientId,
             scopes,
         });
         this.logger.debug('Stored OAuth tokens', {
+            profileId: profileState.profileId,
             hasRefreshToken: !!tokens.refresh_token,
             expiresAt,
             clientId,
@@ -1580,25 +2066,33 @@ export class HttpTransport {
         // Default OAuth session timeout: 24 hours (or configurable)
         const oauthSessionTimeoutMs = this.config.oauthSessionTimeoutMs
             ?? (24 * 60 * 60 * 1000); // 24 hours default
-        for (const [sessionId, session] of this.sessions) {
-            const age = now - session.lastActivityAt;
-            // OAuth sessions with refresh tokens: use extended timeout or never expire
-            if (session.refreshToken) {
-                // If oauthSessionTimeoutMs is 0 or negative, never expire OAuth sessions
-                if (oauthSessionTimeoutMs > 0 && age > oauthSessionTimeoutMs) {
-                    expiredSessions.push(sessionId);
-                }
-                // Otherwise, keep the session alive (unlimited timeout)
+        for (const profileState of this.profileStates.values()) {
+            // Cleanup OAuth provider resources (states, codes, tokens)
+            if (profileState.oauthProvider) {
+                profileState.oauthProvider.cleanup();
             }
-            else {
-                // Non-OAuth sessions: use standard timeout
-                if (age > this.config.sessionTimeoutMs) {
-                    expiredSessions.push(sessionId);
+            for (const [sessionId, session] of profileState.sessions) {
+                const age = now - session.lastActivityAt;
+                // OAuth sessions with refresh tokens: use extended timeout or never expire
+                if (session.refreshToken) {
+                    // If oauthSessionTimeoutMs is 0 or negative, never expire OAuth sessions
+                    if (oauthSessionTimeoutMs > 0 && age > oauthSessionTimeoutMs) {
+                        expiredSessions.push({ profileId: profileState.profileId, sessionId });
+                    }
+                }
+                else {
+                    // Non-OAuth sessions: use standard timeout
+                    if (age > this.config.sessionTimeoutMs) {
+                        expiredSessions.push({ profileId: profileState.profileId, sessionId });
+                    }
                 }
             }
         }
-        for (const sessionId of expiredSessions) {
-            this.destroySession(sessionId);
+        for (const entry of expiredSessions) {
+            const state = this.profileStates.get(entry.profileId);
+            if (state) {
+                this.destroySession(state, entry.sessionId);
+            }
         }
         if (expiredSessions.length > 0) {
             this.logger.info('Cleaned up expired sessions', { count: expiredSessions.length });
@@ -1609,18 +2103,71 @@ export class HttpTransport {
      *
      * Why public: Allows MCPServer to securely access session tokens without breaking encapsulation
      */
-    getSessionToken(sessionId) {
-        const session = this.sessions.get(sessionId);
+    getSessionToken(profileId, sessionId) {
+        const session = this.profileStates.get(profileId)?.sessions.get(sessionId);
         return session?.authToken;
     }
+    getSessionFiltering(profileId, sessionId) {
+        const session = this.profileStates.get(profileId)?.sessions.get(sessionId);
+        return session?.filtering;
+    }
+    getSessionFilteringHeader(profileId, sessionId) {
+        const session = this.profileStates.get(profileId)?.sessions.get(sessionId);
+        return session?.filteringHeader;
+    }
+    getSessionToolFilterRequest(profileId, sessionId) {
+        const session = this.profileStates.get(profileId)?.sessions.get(sessionId);
+        return session?.toolFilterRequest;
+    }
+    getSessionToolFilter(profileId, sessionId) {
+        const session = this.profileStates.get(profileId)?.sessions.get(sessionId);
+        return session?.toolFilter;
+    }
+    getSessionToolFilterHeader(profileId, sessionId) {
+        const session = this.profileStates.get(profileId)?.sessions.get(sessionId);
+        return session?.toolFilterHeader;
+    }
+    setSessionToolFilter(profileId, sessionId, toolFilter) {
+        const session = this.profileStates.get(profileId)?.sessions.get(sessionId);
+        if (!session) {
+            return;
+        }
+        session.toolFilter = toolFilter;
+    }
+    recordGlobalToolFilterMetrics(summary) {
+        if (!this.metrics) {
+            return;
+        }
+        this.metrics.recordToolsTotal('profile', summary.originalCount);
+        this.metrics.recordToolsFiltered('global_env', 'allowed', summary.allowedCount);
+        this.metrics.recordToolsFiltered('global_env', 'denied', summary.removedCount);
+        for (const [type, count] of Object.entries(summary.patternCounts)) {
+            this.metrics.recordToolFilterPatternCount(type, count);
+        }
+    }
+    recordSessionToolFilterMetrics(sessionId, allowedCount, request) {
+        if (!this.metrics) {
+            return;
+        }
+        this.metrics.recordToolsSession(sessionId, allowedCount);
+        this.metrics.recordToolFilterPatternCount('session_allow_list', request.exactNames.size);
+        this.metrics.recordToolFilterPatternCount('session_allow_regex', request.regexPatterns.length);
+    }
+    recordToolFilterRejection(tool, source) {
+        if (!this.metrics) {
+            return;
+        }
+        this.metrics.recordToolFilterRejection(tool, source);
+    }
     /**
      * Ensure session has a valid access token, refreshing if necessary
      *
      * Why: Transparently refresh expired OAuth tokens before making API calls
      * Returns true if token is valid (or was successfully refreshed), false otherwise
      */
-    async ensureValidSessionToken(sessionId) {
-        const session = this.sessions.get(sessionId);
+    async ensureValidSessionToken(profileId, sessionId) {
+        const profileState = this.profileStates.get(profileId);
+        const session = profileState?.sessions.get(sessionId);
         if (!session) {
             return false;
         }
@@ -1634,11 +2181,12 @@ export class HttpTransport {
         // If token is expired or about to expire, refresh it
         if (timeUntilExpiration <= refreshThresholdMs) {
             this.logger.debug('Access token expired or expiring soon, refreshing', {
+                profileId,
                 sessionId,
                 expiresAt: new Date(session.accessTokenExpiresAt).toISOString(),
                 timeUntilExpiration,
             });
-            return await this.refreshAccessToken(sessionId);
+            return await this.refreshAccessToken(profileId, sessionId);
         }
         return true;
     }
@@ -1648,14 +2196,16 @@ export class HttpTransport {
      * Why: Automatically renew expired OAuth access tokens without user intervention
      * Returns true on success, false on failure
      */
-    async refreshAccessToken(sessionId) {
-        const session = this.sessions.get(sessionId);
-        if (!session || !session.refreshToken || !this.oauthProvider) {
+    async refreshAccessToken(profileId, sessionId) {
+        const profileState = this.profileStates.get(profileId);
+        const session = profileState?.sessions.get(sessionId);
+        if (!profileState || !session || !session.refreshToken || !profileState.oauthProvider) {
             this.logger.warn('Cannot refresh token: missing session, refreshToken, or OAuth provider', {
+                profileId,
                 sessionId,
                 hasSession: !!session,
                 hasRefreshToken: !!session?.refreshToken,
-                hasOAuthProvider: !!this.oauthProvider,
+                hasOAuthProvider: !!profileState?.oauthProvider,
             });
             return false;
         }
@@ -1664,32 +2214,33 @@ export class HttpTransport {
             // Try to find client by clientId stored in session, or use default client
             let client;
             if (session.oauthClientId) {
-                await this.oauthProvider.ensureEndpointsInitialized();
-                client = await this.oauthProvider.clientsStore.getClient(session.oauthClientId);
+                await profileState.oauthProvider.ensureEndpointsInitialized();
+                client = await profileState.oauthProvider.clientsStore.getClient(session.oauthClientId);
             }
             // Fallback to default client from config if session client not found
-            if (!client && this.oauthProvider) {
-                await this.oauthProvider.ensureEndpointsInitialized();
+            if (!client && profileState.oauthProvider) {
+                await profileState.oauthProvider.ensureEndpointsInitialized();
                 // Try common client IDs
                 const defaultClientIds = ['mcp-proxy-client'];
-                if (this.config.oauthConfig?.client_id) {
-                    defaultClientIds.unshift(this.config.oauthConfig.client_id);
+                if (profileState.context.oauthConfig?.client_id) {
+                    defaultClientIds.unshift(profileState.context.oauthConfig.client_id);
                 }
                 for (const clientId of defaultClientIds) {
-                    client = await this.oauthProvider.clientsStore.getClient(clientId);
+                    client = await profileState.oauthProvider.clientsStore.getClient(clientId);
                     if (client)
                         break;
                 }
             }
             if (!client) {
                 this.logger.error('Cannot refresh token: OAuth client not found', undefined, {
+                    profileId,
                     sessionId,
                     oauthClientId: session.oauthClientId,
                 });
                 return false;
             }
             // Exchange refresh token for new tokens
-            const tokens = await this.oauthProvider.exchangeRefreshToken(client, session.refreshToken, session.scopes);
+            const tokens = await profileState.oauthProvider.exchangeRefreshToken(client, session.refreshToken, session.scopes);
             // Update session with new tokens
             const oldAccessToken = session.authToken;
             session.authToken = tokens.access_token;
@@ -1699,10 +2250,11 @@ export class HttpTransport {
                 : undefined;
             // Update token map: remove old token, add new one
             if (oldAccessToken) {
-                this.oauthTokensByAccessToken.delete(oldAccessToken);
+                profileState.oauthTokensByAccessToken.delete(oldAccessToken);
             }
-            this.storeOAuthTokens(tokens, client.client_id, session.scopes || []);
+            this.storeOAuthTokens(profileState, tokens, client.client_id, session.scopes || []);
             this.logger.info('Access token refreshed successfully', {
+                profileId,
                 sessionId,
                 newExpiresAt: session.accessTokenExpiresAt ? new Date(session.accessTokenExpiresAt).toISOString() : undefined,
             });
@@ -1710,6 +2262,7 @@ export class HttpTransport {
         }
         catch (error) {
             this.logger.error('Token refresh failed', error instanceof Error ? error : new Error(String(error)), {
+                profileId,
                 sessionId,
             });
             return false;
@@ -1724,41 +2277,49 @@ export class HttpTransport {
     /**
      * Check if OAuth provider is configured
      */
-    hasOAuthProvider() {
-        return this.oauthProvider !== null;
+    hasOAuthProvider(profileId) {
+        if (!profileId) {
+            const defaultProfileId = this.getDefaultProfileId();
+            if (!defaultProfileId) {
+                return false;
+            }
+            const state = this.profileStates.get(defaultProfileId);
+            return state ? state.oauthProvider !== null : false;
+        }
+        const state = this.profileStates.get(profileId);
+        return state ? state.oauthProvider !== null : false;
     }
     /**
      * Get server URL
      */
-    getServerUrl() {
-        // Prefer base URL derived from OAuth redirect URI if available
-        // This ensures consistency with the public address used for OAuth callbacks
-        if (this.oauthProvider?.redirectUri) {
-            try {
-                return new URL(this.oauthProvider.redirectUri).origin;
-            }
-            catch (e) {
-                // Ignore invalid URL format
-            }
-        }
-        // Fallback to configured host/port
-        // If configured with 0.0.0.0, this will return http://0.0.0.0:port
-        // which is usually fine for internal communication but not for external clients
-        const protocol = this.config.host.includes('://') ? '' : 'http://';
-        const host = this.config.host.includes('://') ? this.config.host : this.config.host;
-        return `${protocol}${host}:${this.config.port}`;
+    getServerUrl(profileId) {
+        return this.getServerOrigin(profileId);
     }
     /**
      * Get OAuth authorization URL
      */
-    getOAuthAuthorizationUrl() {
-        return this.oauthProvider?.authorizationEndpoint || '';
+    getOAuthAuthorizationUrl(profileId) {
+        if (!profileId) {
+            const defaultProfileId = this.getDefaultProfileId();
+            if (!defaultProfileId) {
+                return '';
+            }
+            return this.profileStates.get(defaultProfileId)?.oauthProvider?.authorizationEndpoint || '';
+        }
+        return this.profileStates.get(profileId)?.oauthProvider?.authorizationEndpoint || '';
     }
     /**
      * Get OAuth scopes
      */
-    getOAuthScopes() {
-        return this.oauthProvider?.scopes || [];
+    getOAuthScopes(profileId) {
+        if (!profileId) {
+            const defaultProfileId = this.getDefaultProfileId();
+            if (!defaultProfileId) {
+                return [];
+            }
+            return this.profileStates.get(defaultProfileId)?.oauthProvider?.scopes || [];
+        }
+        return this.profileStates.get(profileId)?.oauthProvider?.scopes || [];
     }
     /**
      * Start HTTP server
@@ -1829,8 +2390,10 @@ export class HttpTransport {
             this.cleanupInterval = null;
         }
         // Destroy all sessions
-        for (const sessionId of this.sessions.keys()) {
-            this.destroySession(sessionId);
+        for (const profileState of this.profileStates.values()) {
+            for (const sessionId of profileState.sessions.keys()) {
+                this.destroySession(profileState, sessionId);
+            }
         }
         if (this.server) {
             return new Promise((resolve, reject) => {