npm - memory-journal-mcp - Versions diffs - 6.1.2 → 6.2.1 - Mend

memory-journal-mcp 6.1.2 → 6.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (372) hide show

package/README.md +44 -28
package/dist/{chunk-X4SWFATC.js → chunk-BI4ZNSKA.js} +38 -24
package/dist/{chunk-HCEWINSB.js → chunk-N6EBIDN7.js} +99 -102
package/dist/cli.js +2 -2
package/dist/index.js +2 -2
package/dist/tools-WPRY5MJ6.js +2 -0
package/package.json +10 -1
package/skills/github-commander/SKILL.md +151 -0
package/skills/github-commander/config/project-config.example.md +125 -0
package/skills/github-commander/workflows/code-quality-audit.md +80 -0
package/skills/github-commander/workflows/full-audit.md +134 -0
package/skills/github-commander/workflows/issue-triage.md +239 -0
package/skills/github-commander/workflows/milestone-sprint.md +81 -0
package/skills/github-commander/workflows/perf-audit.md +142 -0
package/skills/github-commander/workflows/pr-review.md +123 -0
package/skills/github-commander/workflows/security-audit.md +170 -0
package/skills/github-commander/workflows/update-deps.md +109 -0
package/.dockerignore +0 -139
package/.gitattributes +0 -20
package/.github/ISSUE_TEMPLATE/bug_report.md +0 -95
package/.github/ISSUE_TEMPLATE/config.yml +0 -11
package/.github/ISSUE_TEMPLATE/feature_request.md +0 -110
package/.github/ISSUE_TEMPLATE/question.md +0 -78
package/.github/aw/actions-lock.json +0 -14
package/.github/copilot-instructions.md +0 -122
package/.github/dependabot.yml +0 -93
package/.github/pull_request_template.md +0 -135
package/.github/workflows/README.md +0 -133
package/.github/workflows/agentics-maintenance.yml +0 -141
package/.github/workflows/auto-release.yml +0 -68
package/.github/workflows/ci-health-monitor.lock.yml +0 -1121
package/.github/workflows/ci-health-monitor.md +0 -87
package/.github/workflows/codeql.yml +0 -41
package/.github/workflows/dependabot-auto-merge.yml +0 -42
package/.github/workflows/dependency-maintenance.lock.yml +0 -1182
package/.github/workflows/dependency-maintenance.md +0 -147
package/.github/workflows/docker-publish.yml +0 -254
package/.github/workflows/docs-drift-detector.lock.yml +0 -1142
package/.github/workflows/docs-drift-detector.md +0 -115
package/.github/workflows/lint-and-test.yml +0 -60
package/.github/workflows/publish-npm.yml +0 -85
package/.github/workflows/secrets-scanning.yml +0 -32
package/.github/workflows/security-update.yml +0 -127
package/.gitleaks.toml +0 -9
package/.prettierignore +0 -21
package/.prettierrc +0 -33
package/.scout-ignore +0 -12
package/.trivyignore +0 -21
package/CHANGELOG.md +0 -1814
package/CODE_OF_CONDUCT.md +0 -133
package/CONTRIBUTING.md +0 -263
package/DOCKER_README.md +0 -331
package/Dockerfile +0 -128
package/SECURITY.md +0 -227
package/UNRELEASED.md +0 -1
package/dist/tools-T4U5A3X4.js +0 -2
package/docker-compose.yml +0 -71
package/docs/README.md +0 -18
package/docs/agentic-journal-synergy.md +0 -175
package/docs/copilot-setup.md +0 -72
package/eslint.config.js +0 -110
package/mcp-config-example.json +0 -21
package/playwright.config.ts +0 -35
package/releases/v2.1.0.md +0 -220
package/releases/v2.2.0.md +0 -168
package/releases/v3.0.0.md +0 -237
package/releases/v3.1.0.md +0 -104
package/releases/v3.1.1.md +0 -42
package/releases/v3.1.2.md +0 -40
package/releases/v3.1.3.md +0 -64
package/releases/v3.1.4.md +0 -32
package/releases/v3.1.5.md +0 -44
package/releases/v4.0.0.md +0 -71
package/releases/v4.1.0.md +0 -88
package/releases/v4.2.0.md +0 -90
package/releases/v4.3.0.md +0 -92
package/releases/v4.3.1.md +0 -69
package/releases/v4.4.0.md +0 -120
package/releases/v4.4.1.md +0 -33
package/releases/v4.4.2.md +0 -31
package/releases/v4.5.0.md +0 -116
package/releases/v5.0.0.md +0 -105
package/releases/v5.0.1.md +0 -25
package/releases/v5.1.0.md +0 -83
package/releases/v5.1.1.md +0 -10
package/releases/v6.0.0.md +0 -48
package/releases/v6.0.1.md +0 -36
package/releases/v6.1.0.md +0 -68
package/releases/v6.1.1.md +0 -30
package/releases/v6.1.2.md +0 -23
package/scripts/generate-server-instructions.ts +0 -306
package/scripts/server-instructions-function-body.ts +0 -107
package/scripts/server-instructions-gotchas.ts +0 -45
package/server.json +0 -42
package/social-preview.png +0 -0
package/src/auth/auth-context.ts +0 -78
package/src/auth/authorization-server-discovery.ts +0 -263
package/src/auth/errors.ts +0 -215
package/src/auth/index.ts +0 -58
package/src/auth/middleware.ts +0 -392
package/src/auth/oauth-resource-server.ts +0 -170
package/src/auth/scope-map.ts +0 -46
package/src/auth/scopes.ts +0 -256
package/src/auth/token-validator.ts +0 -293
package/src/auth/transport-agnostic.ts +0 -164
package/src/auth/types.ts +0 -372
package/src/cli.ts +0 -279
package/src/codemode/api-constants.ts +0 -263
package/src/codemode/api.ts +0 -302
package/src/codemode/auto-return.ts +0 -65
package/src/codemode/index.ts +0 -47
package/src/codemode/sandbox-factory.ts +0 -144
package/src/codemode/sandbox.ts +0 -220
package/src/codemode/security.ts +0 -155
package/src/codemode/types.ts +0 -228
package/src/codemode/worker-sandbox.ts +0 -277
package/src/codemode/worker-script.ts +0 -239
package/src/constants/icons.ts +0 -183
package/src/constants/server-instructions.md +0 -166
package/src/constants/server-instructions.ts +0 -514
package/src/database/adapter-factory.ts +0 -16
package/src/database/core/entry-columns.ts +0 -10
package/src/database/core/interfaces.ts +0 -188
package/src/database/core/schema.ts +0 -152
package/src/database/sqlite-adapter/backup.ts +0 -167
package/src/database/sqlite-adapter/entries/crud.ts +0 -233
package/src/database/sqlite-adapter/entries/importance.ts +0 -76
package/src/database/sqlite-adapter/entries/index.ts +0 -142
package/src/database/sqlite-adapter/entries/search.ts +0 -294
package/src/database/sqlite-adapter/entries/shared.ts +0 -102
package/src/database/sqlite-adapter/entries/statistics.ts +0 -162
package/src/database/sqlite-adapter/index.ts +0 -265
package/src/database/sqlite-adapter/native-connection.ts +0 -301
package/src/database/sqlite-adapter/relationships.ts +0 -70
package/src/database/sqlite-adapter/tags.ts +0 -182
package/src/filtering/tool-filter.ts +0 -312
package/src/github/github-integration/client.ts +0 -114
package/src/github/github-integration/index.ts +0 -297
package/src/github/github-integration/insights.ts +0 -155
package/src/github/github-integration/issues.ts +0 -213
package/src/github/github-integration/milestones.ts +0 -262
package/src/github/github-integration/projects.ts +0 -414
package/src/github/github-integration/pull-requests.ts +0 -235
package/src/github/github-integration/repository.ts +0 -110
package/src/github/github-integration/types.ts +0 -43
package/src/handlers/prompts/github.ts +0 -210
package/src/handlers/prompts/index.ts +0 -97
package/src/handlers/prompts/workflow.ts +0 -361
package/src/handlers/resources/core/briefing/context-section.ts +0 -182
package/src/handlers/resources/core/briefing/github-section.ts +0 -354
package/src/handlers/resources/core/briefing/index.ts +0 -106
package/src/handlers/resources/core/briefing/user-message.ts +0 -114
package/src/handlers/resources/core/health.ts +0 -75
package/src/handlers/resources/core/index.ts +0 -31
package/src/handlers/resources/core/instructions.ts +0 -45
package/src/handlers/resources/core/utilities.ts +0 -310
package/src/handlers/resources/github.ts +0 -340
package/src/handlers/resources/graph.ts +0 -218
package/src/handlers/resources/help.ts +0 -410
package/src/handlers/resources/index.ts +0 -143
package/src/handlers/resources/shared.ts +0 -219
package/src/handlers/resources/team.ts +0 -134
package/src/handlers/resources/templates.ts +0 -334
package/src/handlers/tools/admin.ts +0 -351
package/src/handlers/tools/analytics.ts +0 -346
package/src/handlers/tools/backup.ts +0 -272
package/src/handlers/tools/codemode.ts +0 -188
package/src/handlers/tools/core.ts +0 -359
package/src/handlers/tools/error-fields-mixin.ts +0 -10
package/src/handlers/tools/export.ts +0 -150
package/src/handlers/tools/github/copilot-tools.ts +0 -72
package/src/handlers/tools/github/helpers.ts +0 -125
package/src/handlers/tools/github/insights-tools.ts +0 -112
package/src/handlers/tools/github/issue-tools.ts +0 -442
package/src/handlers/tools/github/kanban-tools.ts +0 -153
package/src/handlers/tools/github/milestone-tools.ts +0 -371
package/src/handlers/tools/github/mutation-tools.ts +0 -17
package/src/handlers/tools/github/read-tools.ts +0 -302
package/src/handlers/tools/github/schemas.ts +0 -435
package/src/handlers/tools/github.ts +0 -39
package/src/handlers/tools/index.ts +0 -255
package/src/handlers/tools/relationships.ts +0 -390
package/src/handlers/tools/schemas.ts +0 -165
package/src/handlers/tools/search.ts +0 -448
package/src/handlers/tools/team/admin-tools.ts +0 -164
package/src/handlers/tools/team/analytics-tools.ts +0 -233
package/src/handlers/tools/team/backup-tools.ts +0 -83
package/src/handlers/tools/team/core-tools.ts +0 -197
package/src/handlers/tools/team/export-tools.ts +0 -130
package/src/handlers/tools/team/helpers.ts +0 -66
package/src/handlers/tools/team/index.ts +0 -45
package/src/handlers/tools/team/relationship-tools.ts +0 -219
package/src/handlers/tools/team/schemas.ts +0 -558
package/src/handlers/tools/team/search-tools.ts +0 -145
package/src/handlers/tools/team/vector-tools.ts +0 -261
package/src/index.ts +0 -57
package/src/server/mcp-server.ts +0 -446
package/src/server/registration.ts +0 -141
package/src/server/scheduler.ts +0 -283
package/src/transports/http/handlers.ts +0 -78
package/src/transports/http/index.ts +0 -8
package/src/transports/http/security.ts +0 -147
package/src/transports/http/server/index.ts +0 -397
package/src/transports/http/server/legacy-sse.ts +0 -87
package/src/transports/http/server/stateful.ts +0 -222
package/src/transports/http/server/stateless.ts +0 -42
package/src/transports/http/types.ts +0 -132
package/src/types/entities.ts +0 -145
package/src/types/error-types.ts +0 -92
package/src/types/errors.ts +0 -200
package/src/types/filtering.ts +0 -55
package/src/types/github.ts +0 -216
package/src/types/index.ts +0 -348
package/src/utils/error-helpers.ts +0 -78
package/src/utils/errors/error-response-fields.ts +0 -29
package/src/utils/errors/suggestions.ts +0 -94
package/src/utils/github-helpers.ts +0 -33
package/src/utils/logger.ts +0 -107
package/src/utils/mcp-logger.ts +0 -155
package/src/utils/progress-utils.ts +0 -100
package/src/utils/query-helpers.ts +0 -78
package/src/utils/resource-annotations.ts +0 -75
package/src/utils/security-utils.ts +0 -198
package/src/utils/vector-index-helpers.ts +0 -24
package/src/vector/vector-search-manager.ts +0 -409
package/src/version.ts +0 -15
package/test-server/README.md +0 -193
package/test-server/code-map.md +0 -399
package/test-server/test-agent-experience.md +0 -213
package/test-server/test-filter-instructions.mjs +0 -295
package/test-server/test-instruction-levels.mjs +0 -102
package/test-server/test-preflight.md +0 -55
package/test-server/test-prompts.mjs +0 -185
package/test-server/test-scheduler.mjs +0 -174
package/test-server/test-tool-annotations.mjs +0 -115
package/test-server/test-tools-codemode.md +0 -632
package/test-server/test-tools-codemode2.md +0 -1218
package/test-server/test-tools-team.md +0 -215
package/test-server/test-tools.md +0 -429
package/test-server/test-tools2.md +0 -361
package/test-server/test-tools3.md +0 -396
package/test-server/tool-reference.md +0 -231
package/tests/README.md +0 -54
package/tests/auth/auth-context.test.ts +0 -162
package/tests/auth/authorization-server-discovery.test.ts +0 -265
package/tests/auth/errors.test.ts +0 -170
package/tests/auth/middleware.test.ts +0 -585
package/tests/auth/oauth-resource-server.test.ts +0 -173
package/tests/auth/scope-map.test.ts +0 -66
package/tests/auth/scopes.test.ts +0 -347
package/tests/auth/token-validator.test.ts +0 -271
package/tests/codemode/api.test.ts +0 -396
package/tests/codemode/auto-return.test.ts +0 -167
package/tests/codemode/codemode-tool-handlers.test.ts +0 -197
package/tests/codemode/sandbox-factory.test.ts +0 -152
package/tests/codemode/sandbox.test.ts +0 -190
package/tests/codemode/security.test.ts +0 -242
package/tests/codemode/worker-sandbox.test.ts +0 -106
package/tests/constants/icons.test.ts +0 -101
package/tests/constants/server-instructions.test.ts +0 -514
package/tests/database/crud-workflow-branches.test.ts +0 -418
package/tests/database/database-branches.test.ts +0 -132
package/tests/database/entries-auth-branches.test.ts +0 -390
package/tests/database/native-connection.test.ts +0 -249
package/tests/database/shared-helpers.test.ts +0 -103
package/tests/database/sqlite-adapter.bench.ts +0 -63
package/tests/database/sqlite-adapter.test.ts +0 -690
package/tests/database/tags.test.ts +0 -134
package/tests/e2e/README.md +0 -39
package/tests/e2e/auth.spec.ts +0 -106
package/tests/e2e/codemode-abuse.spec.ts +0 -75
package/tests/e2e/health.spec.ts +0 -63
package/tests/e2e/helpers.ts +0 -139
package/tests/e2e/oauth-discovery.spec.ts +0 -102
package/tests/e2e/oauth-scopes.spec.ts +0 -222
package/tests/e2e/payloads-admin.spec.ts +0 -76
package/tests/e2e/payloads-analytics.spec.ts +0 -37
package/tests/e2e/payloads-backup-restore.spec.ts +0 -102
package/tests/e2e/payloads-backup.spec.ts +0 -44
package/tests/e2e/payloads-codemode-api.spec.ts +0 -131
package/tests/e2e/payloads-codemode-readonly.spec.ts +0 -116
package/tests/e2e/payloads-codemode.spec.ts +0 -116
package/tests/e2e/payloads-core.spec.ts +0 -82
package/tests/e2e/payloads-error-contracts.spec.ts +0 -159
package/tests/e2e/payloads-export.spec.ts +0 -46
package/tests/e2e/payloads-github-degradation.spec.ts +0 -73
package/tests/e2e/payloads-github.spec.ts +0 -176
package/tests/e2e/payloads-relationships.spec.ts +0 -56
package/tests/e2e/payloads-search.spec.ts +0 -64
package/tests/e2e/payloads-team-happy.spec.ts +0 -231
package/tests/e2e/payloads-team.spec.ts +0 -174
package/tests/e2e/prompts-expanded.spec.ts +0 -137
package/tests/e2e/prompts.spec.ts +0 -62
package/tests/e2e/protocols.spec.ts +0 -134
package/tests/e2e/rate-limiting.spec.ts +0 -291
package/tests/e2e/resources-briefing-env.spec.ts +0 -106
package/tests/e2e/resources-complete.spec.ts +0 -180
package/tests/e2e/resources-expanded.spec.ts +0 -83
package/tests/e2e/resources-instructions-levels.spec.ts +0 -145
package/tests/e2e/resources-templates.spec.ts +0 -123
package/tests/e2e/resources.spec.ts +0 -103
package/tests/e2e/scheduler.spec.ts +0 -79
package/tests/e2e/security.spec.ts +0 -112
package/tests/e2e/session-advanced.spec.ts +0 -152
package/tests/e2e/sessions.spec.ts +0 -95
package/tests/e2e/stateless.spec.ts +0 -79
package/tests/e2e/streaming.spec.ts +0 -176
package/tests/e2e/tool-filtering-presets.spec.ts +0 -192
package/tests/e2e/tool-filtering.spec.ts +0 -77
package/tests/e2e/tools.spec.ts +0 -111
package/tests/filtering/tool-filter.test.ts +0 -314
package/tests/github/client-issues-errors.test.ts +0 -433
package/tests/github/github-integration-branches.test.ts +0 -490
package/tests/github/github-integration.test.ts +0 -1015
package/tests/github/github-managers-branches.test.ts +0 -907
package/tests/github/pull-requests.test.ts +0 -334
package/tests/handlers/analytics-branches.test.ts +0 -222
package/tests/handlers/backup-branches.test.ts +0 -270
package/tests/handlers/briefing-context-section.test.ts +0 -388
package/tests/handlers/briefing-github-section.test.ts +0 -392
package/tests/handlers/briefing-user-message.test.ts +0 -405
package/tests/handlers/codemode-tools.test.ts +0 -85
package/tests/handlers/copilot-tools.test.ts +0 -126
package/tests/handlers/error-path-coverage.test.ts +0 -324
package/tests/handlers/export-tools.test.ts +0 -203
package/tests/handlers/github-resource-handlers.test.ts +0 -929
package/tests/handlers/github-tool-handlers.test.ts +0 -1452
package/tests/handlers/handler-error-branches.test.ts +0 -346
package/tests/handlers/help-resource.test.ts +0 -92
package/tests/handlers/prompt-handler-coverage.test.ts +0 -108
package/tests/handlers/prompt-handlers.test.ts +0 -131
package/tests/handlers/resource-handler-coverage.test.ts +0 -281
package/tests/handlers/resource-handlers.test.ts +0 -357
package/tests/handlers/resource-prompt-branches.test.ts +0 -495
package/tests/handlers/search-tool-handlers.test.ts +0 -379
package/tests/handlers/targeted-gap-closure.test.ts +0 -387
package/tests/handlers/team-admin.test.ts +0 -291
package/tests/handlers/team-analytics.test.ts +0 -220
package/tests/handlers/team-core.test.ts +0 -148
package/tests/handlers/team-data.test.ts +0 -198
package/tests/handlers/team-relationships.test.ts +0 -271
package/tests/handlers/team-resource-handlers.test.ts +0 -161
package/tests/handlers/team-search.test.ts +0 -134
package/tests/handlers/team-tool-handlers.test.ts +0 -301
package/tests/handlers/team-vector.test.ts +0 -213
package/tests/handlers/template-github-branches.test.ts +0 -676
package/tests/handlers/tool-annotations.test.ts +0 -90
package/tests/handlers/tool-handler-coverage.test.ts +0 -514
package/tests/handlers/tool-handlers.test.ts +0 -510
package/tests/handlers/tool-output-schemas.test.ts +0 -116
package/tests/handlers/vector-tool-handlers.test.ts +0 -238
package/tests/security/sql-injection.test.ts +0 -284
package/tests/server/mcp-server.bench.ts +0 -55
package/tests/server/mcp-server.test.ts +0 -1326
package/tests/server/scheduler.test.ts +0 -400
package/tests/transports/http-legacy-sse.test.ts +0 -275
package/tests/transports/http-security.test.ts +0 -322
package/tests/transports/http-stateful.test.ts +0 -487
package/tests/transports/http-transport-server.test.ts +0 -301
package/tests/transports/http-transport.test.ts +0 -771
package/tests/utils/github-helpers.test.ts +0 -58
package/tests/utils/logger.test.ts +0 -180
package/tests/utils/mcp-logger.test.ts +0 -211
package/tests/utils/progress-utils.test.ts +0 -156
package/tests/utils/query-helpers.test.ts +0 -80
package/tests/utils/security-utils.test.ts +0 -82
package/tests/vector/vector-search-branches.test.ts +0 -111
package/tests/vector/vector-search-manager.test.ts +0 -375
package/tests/vector/vector-search.bench.ts +0 -48
package/tsconfig.json +0 -42
package/tsup.config.ts +0 -19
package/vitest.config.ts +0 -25

package/src/transports/http/server/index.ts DELETED Viewed

@@ -1,397 +0,0 @@
-/**
- * memory-journal-mcp — HTTP Transport Server
- *
- * Dual-protocol HTTP transport:
- * - `/mcp` — Streamable HTTP transport (MCP 2025-03-26)
- * - `/sse` + `/messages` — Legacy SSE transport (MCP 2024-11-05)
- *
- * Modes:
- * - Stateful (default): Multi-session management with SSE streaming
- * - Stateless (opt-in): Lightweight serverless-compatible mode
- *
- * Security utilities and handlers in ./security.ts and ./handlers.ts.
- * Config types and constants in ./types.ts.
- */
-import type { StreamableHTTPServerTransport } from '@modelcontextprotocol/sdk/server/streamableHttp.js'
-import type { SSEServerTransport } from '@modelcontextprotocol/sdk/server/sse.js'
-import type { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js'
-import express from 'express'
-import type { Express, Request, Response, RequestHandler } from 'express'
-import { logger } from '../../../utils/logger.js'
-import type { Scheduler } from '../../../server/scheduler.js'
-import type { HttpTransportConfig, RateLimitEntry } from '../types.js'
-import {
-    DEFAULT_MAX_BODY_BYTES,
-    HTTP_REQUEST_TIMEOUT_MS,
-    HTTP_KEEP_ALIVE_TIMEOUT_MS,
-    HTTP_HEADERS_TIMEOUT_MS,
-} from '../types.js'
-import { setSecurityHeaders, setCorsHeaders, checkRateLimit } from '../security.js'
-import { handleHealthCheck, handleRootInfo, createAuthMiddleware } from '../handlers.js'
-import {
-    createTokenValidator,
-    createOAuthResourceServer,
-    createAuthMiddleware as createOAuthMiddleware,
-    oauthErrorHandler,
-    InsufficientScopeError,
-    SUPPORTED_SCOPES,
-} from '../../../auth/index.js'
-import { getRequiredScope } from '../../../auth/scope-map.js'
-import { hasScope } from '../../../auth/scopes.js'
-import {
-    hostHeaderValidation,
-    localhostHostValidation,
-} from '@modelcontextprotocol/sdk/server/middleware/hostHeaderValidation.js'
-import { setupStateless } from './stateless.js'
-import { setupStateful } from './stateful.js'
-import { setupLegacySSE } from './legacy-sse.js'
-/**
- * HTTP Transport for Memory Journal MCP Server
- *
- * Supports two transport protocols simultaneously:
- * 1. Streamable HTTP (MCP 2025-03-26) via `/mcp` — preferred for modern clients
- * 2. Legacy SSE (MCP 2024-11-05) via `/sse` + `/messages` — backward compatibility
- */
-export class HttpTransport {
-    private readonly app: Express
-    private readonly config: HttpTransportConfig
-    public readonly transports = new Map<string, StreamableHTTPServerTransport>()
-    // eslint-disable-next-line @typescript-eslint/no-deprecated -- backward compat for MCP 2024-11-05 clients
-    public readonly sseTransports = new Map<string, SSEServerTransport>()
-    public readonly sessionLastActivity = new Map<string, number>()
-    /** Tracks whether server.connect() has been called (close-before-reconnect pattern) */
-    public serverConnected = false
-    private httpServer: ReturnType<Express['listen']> | null = null
-    private sessionSweepTimer: ReturnType<typeof setInterval> | null = null
-    // Rate limiting state
-    private readonly rateLimitMap = new Map<string, RateLimitEntry>()
-    private rateLimitCleanupTimer: ReturnType<typeof setInterval> | null = null
-    constructor(config: HttpTransportConfig) {
-        this.config = {
-            ...config,
-            enableRateLimit: config.enableRateLimit ?? true,
-        }
-        this.app = express()
-    }
-    /**
-     * Initialize and start the HTTP transport
-     */
-    async start(server: McpServer, scheduler: Scheduler | null): Promise<void> {
-        const { port, host, authToken, corsOrigins } = this.config
-        if (!corsOrigins || corsOrigins.includes('*')) {
-            logger.warning(
-                'CORS origin is set to "*" (all origins). ' +
-                    'Set --cors-origin or MCP_CORS_ORIGIN for production deployments.',
-                { module: 'HTTP' }
-            )
-        }
-        if (!authToken) {
-            logger.warning(
-                'No authentication configured for HTTP transport. ' +
-                    'Set --auth-token or MCP_AUTH_TOKEN for production deployments.',
-                { module: 'HTTP' }
-            )
-        }
-        // DNS rebinding protection (CVE-2025-66414)
-        // Applied when no auth is configured — defense-in-depth for local HTTP servers.
-        // When OAuth or bearer auth is active, auth already prevents unauthorized access.
-        if (!this.config.oauthEnabled && !authToken) {
-            const isLocalhost = host === 'localhost' || host === '127.0.0.1' || host === '::1'
-            this.app.use(
-                isLocalhost
-                    ? localhostHostValidation()
-                    : hostHeaderValidation([host, 'localhost', '127.0.0.1', '[::1]'])
-            )
-            logger.info('DNS rebinding protection enabled (host header validation)', {
-                module: 'HTTP',
-                allowedHosts: isLocalhost ? ['localhost', '127.0.0.1', '[::1]'] : [host],
-            })
-        }
-        // Security headers middleware
-        this.app.use((req: Request, res: Response, next: () => void) => {
-            setSecurityHeaders(res, this.config)
-            setCorsHeaders(req, res, this.config)
-            next()
-        })
-        // Handle OPTIONS preflight
-        this.app.use((req: Request, res: Response, next: () => void) => {
-            if (req.method === 'OPTIONS') {
-                res.status(204).end()
-                return
-            }
-            next()
-        })
-        // JSON body parser with size limit (DoS prevention)
-        const maxBody = this.config.maxBodySize ?? DEFAULT_MAX_BODY_BYTES
-        this.app.use(express.json({ limit: maxBody }) as RequestHandler)
-        // Built-in rate limiting (replaces express-rate-limit)
-        if (this.config.enableRateLimit !== false) {
-            this.app.use((req: Request, res: Response, next: () => void) => {
-                // Health check bypasses rate limiting
-                if (req.path === '/health') {
-                    next()
-                    return
-                }
-                const result = checkRateLimit(req, this.config, this.rateLimitMap)
-                if (!result.allowed) {
-                    if (result.retryAfterSeconds !== undefined) {
-                        res.setHeader('Retry-After', String(result.retryAfterSeconds))
-                    }
-                    res.status(429).json({
-                        error: 'Too Many Requests',
-                        retryAfter: result.retryAfterSeconds,
-                    })
-                    return
-                }
-                next()
-            })
-            // Periodic cleanup of expired entries
-            this.rateLimitCleanupTimer = setInterval(() => {
-                const now = Date.now()
-                for (const [ip, entry] of this.rateLimitMap) {
-                    if (now > entry.resetTime) {
-                        this.rateLimitMap.delete(ip)
-                    }
-                }
-            }, 60_000)
-            // Don't block process exit
-            this.rateLimitCleanupTimer.unref()
-            logger.info('Rate limiting enabled: 100 requests/minute per IP', {
-                module: 'HTTP',
-            })
-        }
-        // Authentication middleware
-        if (this.config.oauthEnabled && this.config.oauthIssuer && this.config.oauthAudience) {
-            // OAuth 2.1 authentication
-            const jwksUri =
-                this.config.oauthJwksUri ?? `${this.config.oauthIssuer}/.well-known/jwks.json`
-            const tokenValidator = createTokenValidator({
-                jwksUri,
-                issuer: this.config.oauthIssuer,
-                audience: this.config.oauthAudience,
-                clockTolerance: this.config.oauthClockTolerance ?? 60,
-            })
-            const resourceServer = createOAuthResourceServer({
-                resource: `http://${host}:${String(port)}`,
-                authorizationServers: [this.config.oauthIssuer],
-                scopesSupported: [...SUPPORTED_SCOPES],
-            })
-            // Register RFC 9728 metadata endpoint
-            this.app.get(resourceServer.getWellKnownPath(), resourceServer.getMetadataHandler())
-            // Apply OAuth middleware
-            this.app.use(
-                createOAuthMiddleware({
-                    tokenValidator,
-                    resourceServer,
-                    publicPaths: ['/health', '/', '/.well-known/*'],
-                })
-            )
-            // OAuth error handler
-            this.app.use(oauthErrorHandler)
-            // Per-tool scope enforcement for tools/call requests
-            // Applied after auth middleware so req.auth is already populated.
-            this.app.use((req: Request, res: Response, next: () => void): void => {
-                interface JsonRpcBody {
-                    method?: string
-                    params?: { name?: string }
-                }
-                const body = req.body as JsonRpcBody | null | undefined
-                if (req.method !== 'POST' || body?.method !== 'tools/call') {
-                    next()
-                    return
-                }
-                const toolName = body.params?.name
-                if (!toolName) {
-                    next()
-                    return
-                }
-                const auth = req.auth
-                if (!auth) {
-                    // Auth middleware should have rejected already; defensive guard
-                    res.status(401).json({
-                        error: 'unauthorized',
-                        error_description: 'Authentication required',
-                    })
-                    return
-                }
-                const requiredScope = getRequiredScope(toolName)
-                const granted = hasScope(auth.scopes, requiredScope)
-                if (!granted) {
-                    const err = new InsufficientScopeError(`Tool access: ${toolName}`, auth.scopes)
-                    logger.warning(`Insufficient scope for tool: ${toolName}`, {
-                        module: 'AUTH',
-                        operation: 'scope-check',
-                        entityId: toolName,
-                    })
-                    res.status(err.httpStatus)
-                    if (err.wwwAuthenticate) {
-                        res.setHeader('WWW-Authenticate', err.wwwAuthenticate)
-                    }
-                    res.json({
-                        error: 'insufficient_scope',
-                        error_description: `Access to tool '${toolName}' denied`,
-                        tool: toolName,
-                    })
-                    return
-                }
-                next()
-            })
-            logger.info('OAuth 2.1 authentication enabled', {
-                module: 'HTTP',
-                issuer: this.config.oauthIssuer,
-                audience: this.config.oauthAudience,
-            })
-        } else if (authToken) {
-            // Simple bearer token authentication (non-OAuth)
-            this.app.use(createAuthMiddleware(authToken))
-        }
-        // Health check endpoint
-        this.app.get('/health', handleHealthCheck)
-        // Root info endpoint
-        this.app.get('/', handleRootInfo)
-        // Set up MCP endpoints based on mode
-        if (this.config.stateless) {
-            await setupStateless(this.app, server)
-        } else {
-            this.sessionSweepTimer = setupStateful(this, this.app, server)
-            setupLegacySSE(this, this.app, server)
-        }
-        // 404 handler — must be after all routes
-        this.app.use((_req: Request, res: Response): void => {
-            res.status(404).json({ error: 'Not found' })
-        })
-        // Start HTTP server
-        this.httpServer = this.app.listen(port, host, () => {
-            // Set HTTP server timeouts to prevent slowloris-style DoS attacks
-            if (this.httpServer) {
-                this.httpServer.setTimeout(HTTP_REQUEST_TIMEOUT_MS)
-                this.httpServer.keepAliveTimeout = HTTP_KEEP_ALIVE_TIMEOUT_MS
-                this.httpServer.headersTimeout = HTTP_HEADERS_TIMEOUT_MS
-            }
-            logger.info(
-                `MCP server started on HTTP (${this.config.stateless ? 'stateless' : 'stateful'})`,
-                {
-                    module: 'HTTP',
-                    port,
-                    host,
-                    endpoint: `http://${host}:${String(port)}/mcp`,
-                }
-            )
-        })
-        // Start scheduler after HTTP server is listening
-        scheduler?.start()
-        this.httpServer.on('close', () => {
-            logger.info('HTTP server closed', { module: 'HTTP' })
-        })
-    }
-    /**
-     * Graceful shutdown
-     */
-    async stop(scheduler: Scheduler | null): Promise<void> {
-        logger.info('Shutting down HTTP server...', { module: 'HTTP' })
-        scheduler?.stop()
-        // Stop rate limit cleanup timer
-        if (this.rateLimitCleanupTimer) {
-            clearInterval(this.rateLimitCleanupTimer)
-            this.rateLimitCleanupTimer = null
-        }
-        // Close all Streamable HTTP transports
-        for (const [sessionId, transport] of this.transports) {
-            try {
-                logger.debug('Closing Streamable HTTP transport', {
-                    module: 'HTTP',
-                    sessionId,
-                })
-                await transport.close()
-            } catch (error) {
-                logger.error('Error closing transport', {
-                    module: 'HTTP',
-                    sessionId,
-                    error: error instanceof Error ? error.message : String(error),
-                })
-            }
-        }
-        this.transports.clear()
-        // Close all Legacy SSE transports
-        for (const [sessionId, transport] of this.sseTransports) {
-            try {
-                logger.debug('Closing Legacy SSE transport', {
-                    module: 'HTTP',
-                    sessionId,
-                })
-                await transport.close()
-            } catch (error) {
-                logger.error('Error closing SSE transport', {
-                    module: 'HTTP',
-                    sessionId,
-                    error: error instanceof Error ? error.message : String(error),
-                })
-            }
-        }
-        this.sseTransports.clear()
-        this.sessionLastActivity.clear()
-        if (this.sessionSweepTimer !== null) {
-            clearInterval(this.sessionSweepTimer)
-        }
-        if (this.httpServer !== null) {
-            this.httpServer.close()
-        }
-        logger.info('Shutdown complete', { module: 'HTTP' })
-    }
-    // =========================================================================
-    // Session  Activity Tracking
-    // =========================================================================
-    /** Update the last-activity timestamp for a session */
-    public touchSession(sid: string): void {
-        this.sessionLastActivity.set(sid, Date.now())
-    }
-    // =========================================================================
-}

package/src/transports/http/server/legacy-sse.ts DELETED Viewed

@@ -1,87 +0,0 @@
-import { SSEServerTransport } from '@modelcontextprotocol/sdk/server/sse.js'
-import type { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js'
-import type { Request, Response, Express } from 'express'
-import type { IncomingMessage, ServerResponse } from 'node:http'
-import { logger } from '../../../utils/logger.js'
-import type { StatefulContext } from './stateful.js'
-import { JSONRPC_SERVER_ERROR } from '../types.js'
-export function setupLegacySSE(ctx: StatefulContext, app: Express, server: McpServer): void {
-    app.get('/sse', (req: Request, res: Response): void => {
-        logger.info('Legacy SSE connection requested', { module: 'HTTP' })
-        // eslint-disable-next-line @typescript-eslint/no-deprecated -- backward compat for MCP 2024-11-05 clients
-        const sseTransport = new SSEServerTransport('/messages', res as ServerResponse)
-        // Store transport by session ID after start
-        sseTransport.onclose = () => {
-            logger.info('Legacy SSE transport closed', {
-                module: 'HTTP',
-                sessionId: sseTransport.sessionId,
-            })
-            ctx.sseTransports.delete(sseTransport.sessionId)
-        }
-        void (async () => {
-            try {
-                // Connect SSE transport to server
-                // SDK requires close() before reconnecting to a new transport.
-                if (ctx.serverConnected) {
-                    await server.close()
-                }
-                await server.connect(sseTransport as Parameters<typeof server.connect>[0])
-                ctx.serverConnected = true
-                ctx.sseTransports.set(sseTransport.sessionId, sseTransport)
-                ctx.touchSession(sseTransport.sessionId)
-                logger.info('Legacy SSE connection established', {
-                    module: 'HTTP',
-                    sessionId: sseTransport.sessionId,
-                })
-            } catch (error) {
-                logger.error('Error starting SSE transport', {
-                    module: 'HTTP',
-                    error: error instanceof Error ? error.message : String(error),
-                })
-                if (!res.headersSent) {
-                    res.status(500).end()
-                }
-            }
-        })()
-        // Clean up when client disconnects
-        req.on('close', () => {
-            ctx.sseTransports.delete(sseTransport.sessionId)
-            ctx.sessionLastActivity.delete(sseTransport.sessionId)
-        })
-    })
-    // POST /messages?sessionId=<id> — Route messages to Legacy SSE transport
-    app.post('/messages', (req: Request, res: Response): void => {
-        const sessionId =
-            typeof req.query['sessionId'] === 'string' ? req.query['sessionId'] : undefined
-        if (sessionId === undefined) {
-            res.status(400).json({
-                jsonrpc: '2.0',
-                error: { code: JSONRPC_SERVER_ERROR, message: 'Missing sessionId parameter' },
-                id: null,
-            })
-            return
-        }
-        const transport = ctx.sseTransports.get(sessionId)
-        if (transport === undefined) {
-            res.status(404).json({
-                jsonrpc: '2.0',
-                error: { code: JSONRPC_SERVER_ERROR, message: 'Session not found' },
-                id: null,
-            })
-            return
-        }
-        // Refresh session activity on message receipt
-        ctx.touchSession(sessionId)
-        void transport.handlePostMessage(req as IncomingMessage, res as ServerResponse, req.body)
-    })
-}