skybridge 0.0.0-dev.f0904af → 0.0.0-dev.f0c826f

package/dist/server/asset-base-url-transform-plugin.d.ts

@@ -0,0 +1,11 @@
+import type { Plugin } from "vite";
+export declare function isCssRequest(id: string): boolean;
+/**
+ * Transforms asset import paths to resolve at runtime via `window.skybridge.serverUrl`,
+ * so they work both locally and behind tunnels.
+ */
+export declare function assetBaseUrlTransform(code: string): string;
+/**
+ * Vite plugin that transforms asset import paths to resolve at runtime via `window.skybridge.serverUrl`.
+ */
+export declare function assetBaseUrlTransformPlugin(): Plugin;

package/dist/server/asset-base-url-transform-plugin.js

@@ -0,0 +1,48 @@
+// Mirrors Vite's own `isCSSRequest`: matches the css family of extensions
+// either at the end of the id or right before the query string. Catches both
+// plain `.css` requests and SFC style blocks (e.g. `Foo.vue?vue&type=style&lang.css`).
+const CSS_LANGS_RE = /\.(css|less|sass|scss|styl|stylus|pcss|postcss|sss)(?:$|\?)/;
+export function isCssRequest(id) {
+    return CSS_LANGS_RE.test(id);
+}
+/**
+ * Transforms asset import paths to resolve at runtime via `window.skybridge.serverUrl`,
+ * so they work both locally and behind tunnels.
+ */
+export function assetBaseUrlTransform(code) {
+    const assetStringPattern = /(?<!\bfrom\s)(?<!https?:\/\/)(["'`])(\/[^"'`]+\.(svg|png|jpeg|jpg|gif|webp|mp3|mp4|woff|woff2|ttf|eot))\1/g;
+    code = code.replace(assetStringPattern, (_match, _quote, assetPath) => {
+        return `(window.skybridge?.serverUrl ?? "") + "${assetPath}"`;
+    });
+    return code;
+}
+/**
+ * Vite plugin that transforms asset import paths to resolve at runtime via `window.skybridge.serverUrl`.
+ */
+export function assetBaseUrlTransformPlugin() {
+    return {
+        name: "asset-base-url-transform",
+        transform(code, id) {
+            if (!code) {
+                return null;
+            }
+            // Vite serves CSS modules as JS that embeds the stylesheet as a string
+            // literal. Rewriting `url("/foo.woff2")` inside that string to a JS
+            // concatenation expression produces invalid CSS once it lands in a
+            // <style> tag. CSS asset URLs are already handled at build time by
+            // `experimental.renderBuiltUrl`, so skip CSS requests here.
+            if (isCssRequest(id)) {
+                return null;
+            }
+            const transformedCode = assetBaseUrlTransform(code);
+            if (transformedCode === code) {
+                return null;
+            }
+            return {
+                code: transformedCode,
+                map: null,
+            };
+        },
+    };
+}
+//# sourceMappingURL=asset-base-url-transform-plugin.js.map

package/dist/server/asset-base-url-transform-plugin.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"asset-base-url-transform-plugin.js","sourceRoot":"","sources":["../../src/server/asset-base-url-transform-plugin.ts"],"names":[],"mappings":"AAEA,0EAA0E;AAC1E,6EAA6E;AAC7E,uFAAuF;AACvF,MAAM,YAAY,GAChB,6DAA6D,CAAC;AAEhE,MAAM,UAAU,YAAY,CAAC,EAAU;IACrC,OAAO,YAAY,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;AAC/B,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,qBAAqB,CAAC,IAAY;IAChD,MAAM,kBAAkB,GACtB,4GAA4G,CAAC;IAE/G,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,kBAAkB,EAAE,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,EAAE;QACpE,OAAO,0CAA0C,SAAS,GAAG,CAAC;IAChE,CAAC,CAAC,CAAC;IAEH,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,2BAA2B;IACzC,OAAO;QACL,IAAI,EAAE,0BAA0B;QAChC,SAAS,CAAC,IAAI,EAAE,EAAE;YAChB,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,OAAO,IAAI,CAAC;YACd,CAAC;YAED,uEAAuE;YACvE,oEAAoE;YACpE,mEAAmE;YACnE,mEAAmE;YACnE,4DAA4D;YAC5D,IAAI,YAAY,CAAC,EAAE,CAAC,EAAE,CAAC;gBACrB,OAAO,IAAI,CAAC;YACd,CAAC;YAED,MAAM,eAAe,GAAG,qBAAqB,CAAC,IAAI,CAAC,CAAC;YAEpD,IAAI,eAAe,KAAK,IAAI,EAAE,CAAC;gBAC7B,OAAO,IAAI,CAAC;YACd,CAAC;YAED,OAAO;gBACL,IAAI,EAAE,eAAe;gBACrB,GAAG,EAAE,IAAI;aACV,CAAC;QACJ,CAAC;KACF,CAAC;AACJ,CAAC","sourcesContent":["import type { Plugin } from \"vite\";\n\n// Mirrors Vite's own `isCSSRequest`: matches the css family of extensions\n// either at the end of the id or right before the query string. Catches both\n// plain `.css` requests and SFC style blocks (e.g. `Foo.vue?vue&type=style&lang.css`).\nconst CSS_LANGS_RE =\n  /\\.(css|less|sass|scss|styl|stylus|pcss|postcss|sss)(?:$|\\?)/;\n\nexport function isCssRequest(id: string): boolean {\n  return CSS_LANGS_RE.test(id);\n}\n\n/**\n * Transforms asset import paths to resolve at runtime via `window.skybridge.serverUrl`,\n * so they work both locally and behind tunnels.\n */\nexport function assetBaseUrlTransform(code: string): string {\n  const assetStringPattern =\n    /(?<!\\bfrom\\s)(?<!https?:\\/\\/)([\"'`])(\\/[^\"'`]+\\.(svg|png|jpeg|jpg|gif|webp|mp3|mp4|woff|woff2|ttf|eot))\\1/g;\n\n  code = code.replace(assetStringPattern, (_match, _quote, assetPath) => {\n    return `(window.skybridge?.serverUrl ?? \"\") + \"${assetPath}\"`;\n  });\n\n  return code;\n}\n\n/**\n * Vite plugin that transforms asset import paths to resolve at runtime via `window.skybridge.serverUrl`.\n */\nexport function assetBaseUrlTransformPlugin(): Plugin {\n  return {\n    name: \"asset-base-url-transform\",\n    transform(code, id) {\n      if (!code) {\n        return null;\n      }\n\n      // Vite serves CSS modules as JS that embeds the stylesheet as a string\n      // literal. Rewriting `url(\"/foo.woff2\")` inside that string to a JS\n      // concatenation expression produces invalid CSS once it lands in a\n      // <style> tag. CSS asset URLs are already handled at build time by\n      // `experimental.renderBuiltUrl`, so skip CSS requests here.\n      if (isCssRequest(id)) {\n        return null;\n      }\n\n      const transformedCode = assetBaseUrlTransform(code);\n\n      if (transformedCode === code) {\n        return null;\n      }\n\n      return {\n        code: transformedCode,\n        map: null,\n      };\n    },\n  };\n}\n"]}

package/dist/server/asset-base-url-transform-plugin.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/server/asset-base-url-transform-plugin.test.js

@@ -0,0 +1,134 @@
+import { describe, expect, it } from "vitest";
+import { assetBaseUrlTransform, assetBaseUrlTransformPlugin, isCssRequest, } from "./asset-base-url-transform-plugin.js";
+describe("assetBaseUrlTransform", () => {
+    it("should transform asset paths to use window.skybridge.serverUrl", () => {
+        const cases = [
+            {
+                desc: "single-quoted",
+                code: `const image = '/assets/logo.png';`,
+                expected: `const image = (window.skybridge?.serverUrl ?? "") + "/assets/logo.png";`,
+            },
+            {
+                desc: "double-quoted",
+                code: `const image = "/assets/logo.png";`,
+                expected: `const image = (window.skybridge?.serverUrl ?? "") + "/assets/logo.png";`,
+            },
+            {
+                desc: "backtick-quoted",
+                code: "const image = `/assets/logo.png`;",
+                expected: `const image = (window.skybridge?.serverUrl ?? "") + "/assets/logo.png";`,
+            },
+        ];
+        for (const { code, expected } of cases) {
+            const result = assetBaseUrlTransform(code);
+            expect(result).toBe(expected);
+        }
+    });
+    it("should transform multiple asset paths", () => {
+        const code = `
+      const logo = '/assets/logo.png';
+      const icon = '/assets/icon.svg';
+      const font = '/assets/font.woff2';
+    `;
+        const result = assetBaseUrlTransform(code);
+        expect(result).toContain(`(window.skybridge?.serverUrl ?? "") + "/assets/logo.png"`);
+        expect(result).toContain(`(window.skybridge?.serverUrl ?? "") + "/assets/icon.svg"`);
+        expect(result).toContain(`(window.skybridge?.serverUrl ?? "") + "/assets/font.woff2"`);
+    });
+    it("should not transform already absolute URLs", () => {
+        const code = `
+      const local = '/assets/logo.png';
+      const http = 'http://example.com/image.png';
+      const https = 'https://example.com/image.png';
+    `;
+        const result = assetBaseUrlTransform(code);
+        expect(result).toContain(`(window.skybridge?.serverUrl ?? "") + "/assets/logo.png"`);
+        expect(result).toContain("http://example.com/image.png");
+        expect(result).toContain("https://example.com/image.png");
+    });
+    it("should not transform code without asset paths", () => {
+        const code = `const text = "Hello World";`;
+        const result = assetBaseUrlTransform(code);
+        expect(result).toBe(code);
+    });
+    it("should not transform asset paths inside static `import ... from` clauses", () => {
+        // Reproducer for #713: a dep does `import * as sprite from './icons.svg'`,
+        // Vite resolves the relative path to absolute, then this transform used
+        // to rewrite the resolved string — producing invalid JS like
+        // `import * as sprite from (expr) + "..."` that crashes vite:import-analysis.
+        const cases = [
+            `import * as sprite from "/Users/me/proj/node_modules/pkg/icons.svg";`,
+            `import sprite from '/assets/icons.svg';`,
+            `import sprite from "/assets/icons.svg";`,
+            `export { default } from "/assets/icons.svg";`,
+            `export * from '/assets/sprites.svg';`,
+        ];
+        for (const code of cases) {
+            expect(assetBaseUrlTransform(code)).toBe(code);
+        }
+    });
+    it("should still transform value-position asset paths in files that also have unrelated imports", () => {
+        const code = [
+            `import { foo } from "./foo.js";`,
+            `import * as sprite from "/assets/sprite.svg";`,
+            `const logo = "/assets/logo.png";`,
+        ].join("\n");
+        const result = assetBaseUrlTransform(code);
+        // Imports untouched
+        expect(result).toContain(`from "./foo.js"`);
+        expect(result).toContain(`from "/assets/sprite.svg"`);
+        // Value-position rewritten
+        expect(result).toContain(`const logo = (window.skybridge?.serverUrl ?? "") + "/assets/logo.png";`);
+    });
+});
+describe("isCssRequest", () => {
+    it("returns true for CSS-family extensions", () => {
+        expect(isCssRequest("/src/styles.css")).toBe(true);
+        expect(isCssRequest("/src/styles.module.css")).toBe(true);
+        expect(isCssRequest("/src/styles.scss")).toBe(true);
+        expect(isCssRequest("/src/styles.sass")).toBe(true);
+        expect(isCssRequest("/src/styles.less")).toBe(true);
+        expect(isCssRequest("/src/styles.styl")).toBe(true);
+    });
+    it("returns true for CSS modules with Vite query strings", () => {
+        expect(isCssRequest("/src/styles.css?direct")).toBe(true);
+        expect(isCssRequest("/src/styles.css?inline")).toBe(true);
+        expect(isCssRequest("/src/styles.css?used")).toBe(true);
+        expect(isCssRequest("/src/Foo.vue?vue&type=style&lang.css")).toBe(true);
+    });
+    it("returns false for non-CSS modules", () => {
+        expect(isCssRequest("/src/index.tsx")).toBe(false);
+        expect(isCssRequest("/src/utils.ts")).toBe(false);
+        expect(isCssRequest("/src/Logo.svg")).toBe(false);
+        expect(isCssRequest("/src/notes.cssx")).toBe(false);
+    });
+});
+describe("assetBaseUrlTransformPlugin", () => {
+    function runTransform(id, code) {
+        const plugin = assetBaseUrlTransformPlugin();
+        const hook = plugin.transform;
+        if (!hook) {
+            throw new Error("plugin.transform is not defined");
+        }
+        const handler = typeof hook === "function" ? hook : hook.handler;
+        return handler.call(
+        // biome-ignore lint/suspicious/noExplicitAny: vitest harness for plugin hook
+        {}, code, id, { moduleType: "js" });
+    }
+    it("rewrites asset paths in JS modules", () => {
+        const result = runTransform("/src/widget.tsx", `const logo = "/assets/logo.png";`);
+        expect(result?.code).toContain(`(window.skybridge?.serverUrl ?? "") + "/assets/logo.png"`);
+    });
+    // Reproducer for #697: CSS imports are served as JS modules with the
+    // stylesheet embedded as a string. Rewriting url("/foo.woff2") inside that
+    // string would produce invalid CSS once the styles are injected.
+    it("does not rewrite asset paths when transforming a CSS module", () => {
+        const cssCode = `__vite__updateStyle("style-id", "@font-face { src: url(\\"/fonts/Brand.woff2\\") format(\\"woff2\\"); }");`;
+        expect(runTransform("/src/fonts.css", cssCode)).toBeNull();
+        expect(runTransform("/src/fonts.css?direct", cssCode)).toBeNull();
+        expect(runTransform("/src/fonts.css?inline", cssCode)).toBeNull();
+        expect(runTransform("/src/styles.scss", cssCode)).toBeNull();
+        expect(runTransform("/src/Foo.vue?vue&type=style&lang.css", cssCode)).toBeNull();
+    });
+});
+//# sourceMappingURL=asset-base-url-transform-plugin.test.js.map

package/dist/server/asset-base-url-transform-plugin.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"asset-base-url-transform-plugin.test.js","sourceRoot":"","sources":["../../src/server/asset-base-url-transform-plugin.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EACL,qBAAqB,EACrB,2BAA2B,EAC3B,YAAY,GACb,MAAM,sCAAsC,CAAC;AAE9C,QAAQ,CAAC,uBAAuB,EAAE,GAAG,EAAE;IACrC,EAAE,CAAC,gEAAgE,EAAE,GAAG,EAAE;QACxE,MAAM,KAAK,GAAG;YACZ;gBACE,IAAI,EAAE,eAAe;gBACrB,IAAI,EAAE,mCAAmC;gBACzC,QAAQ,EAAE,yEAAyE;aACpF;YACD;gBACE,IAAI,EAAE,eAAe;gBACrB,IAAI,EAAE,mCAAmC;gBACzC,QAAQ,EAAE,yEAAyE;aACpF;YACD;gBACE,IAAI,EAAE,iBAAiB;gBACvB,IAAI,EAAE,mCAAmC;gBACzC,QAAQ,EAAE,yEAAyE;aACpF;SACF,CAAC;QAEF,KAAK,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,KAAK,EAAE,CAAC;YACvC,MAAM,MAAM,GAAG,qBAAqB,CAAC,IAAI,CAAC,CAAC;YAC3C,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAChC,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;QAC/C,MAAM,IAAI,GAAG;;;;KAIZ,CAAC;QACF,MAAM,MAAM,GAAG,qBAAqB,CAAC,IAAI,CAAC,CAAC;QAE3C,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CACtB,0DAA0D,CAC3D,CAAC;QACF,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CACtB,0DAA0D,CAC3D,CAAC;QACF,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CACtB,4DAA4D,CAC7D,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4CAA4C,EAAE,GAAG,EAAE;QACpD,MAAM,IAAI,GAAG;;;;KAIZ,CAAC;QACF,MAAM,MAAM,GAAG,qBAAqB,CAAC,IAAI,CAAC,CAAC;QAE3C,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CACtB,0DAA0D,CAC3D,CAAC;QACF,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,8BAA8B,CAAC,CAAC;QACzD,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,+BAA+B,CAAC,CAAC;IAC5D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+CAA+C,EAAE,GAAG,EAAE;QACvD,MAAM,IAAI,GAAG,6BAA6B,CAAC;QAC3C,MAAM,MAAM,GAAG,qBAAqB,CAAC,IAAI,CAAC,CAAC;QAE3C,MAAM,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC5B,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0EAA0E,EAAE,GAAG,EAAE;QAClF,2EAA2E;QAC3E,wEAAwE;QACxE,6DAA6D;QAC7D,8EAA8E;QAC9E,MAAM,KAAK,GAAG;YACZ,sEAAsE;YACtE,yCAAyC;YACzC,yCAAyC;YACzC,8CAA8C;YAC9C,sCAAsC;SACvC,CAAC;QAEF,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,CAAC,qBAAqB,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACjD,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6FAA6F,EAAE,GAAG,EAAE;QACrG,MAAM,IAAI,GAAG;YACX,iCAAiC;YACjC,+CAA+C;YAC/C,kCAAkC;SACnC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACb,MAAM,MAAM,GAAG,qBAAqB,CAAC,IAAI,CAAC,CAAC;QAE3C,oBAAoB;QACpB,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,iBAAiB,CAAC,CAAC;QAC5C,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,2BAA2B,CAAC,CAAC;QACtD,2BAA2B;QAC3B,MAAM,CAAC,MAAM,CAAC,CAAC,SAAS,CACtB,wEAAwE,CACzE,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,cAAc,EAAE,GAAG,EAAE;IAC5B,EAAE,CAAC,wCAAwC,EAAE,GAAG,EAAE;QAChD,MAAM,CAAC,YAAY,CAAC,iBAAiB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACnD,MAAM,CAAC,YAAY,CAAC,wBAAwB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1D,MAAM,CAAC,YAAY,CAAC,kBAAkB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpD,MAAM,CAAC,YAAY,CAAC,kBAAkB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpD,MAAM,CAAC,YAAY,CAAC,kBAAkB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACpD,MAAM,CAAC,YAAY,CAAC,kBAAkB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IACtD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sDAAsD,EAAE,GAAG,EAAE;QAC9D,MAAM,CAAC,YAAY,CAAC,wBAAwB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1D,MAAM,CAAC,YAAY,CAAC,wBAAwB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC1D,MAAM,CAAC,YAAY,CAAC,sBAAsB,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACxD,MAAM,CAAC,YAAY,CAAC,sCAAsC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC1E,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mCAAmC,EAAE,GAAG,EAAE;QAC3C,MAAM,CAAC,YAAY,CAAC,gBAAgB,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACnD,MAAM,CAAC,YAAY,CAAC,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAClD,MAAM,CAAC,YAAY,CAAC,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAClD,MAAM,CAAC,YAAY,CAAC,iBAAiB,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACtD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,6BAA6B,EAAE,GAAG,EAAE;IAG3C,SAAS,YAAY,CAAC,EAAU,EAAE,IAAY;QAC5C,MAAM,MAAM,GAAG,2BAA2B,EAAE,CAAC;QAC7C,MAAM,IAAI,GAAG,MAAM,CAAC,SAAS,CAAC;QAC9B,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAC;QACrD,CAAC;QACD,MAAM,OAAO,GAAG,OAAO,IAAI,KAAK,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC;QACjE,OAAO,OAAO,CAAC,IAAI;QACjB,6EAA6E;QAC7E,EAAS,EACT,IAAI,EACJ,EAAE,EACF,EAAE,UAAU,EAAE,IAAI,EAAE,CACF,CAAC;IACvB,CAAC;IAED,EAAE,CAAC,oCAAoC,EAAE,GAAG,EAAE;QAC5C,MAAM,MAAM,GAAG,YAAY,CACzB,iBAAiB,EACjB,kCAAkC,CACnC,CAAC;QACF,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC,SAAS,CAC5B,0DAA0D,CAC3D,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,qEAAqE;IACrE,2EAA2E;IAC3E,iEAAiE;IACjE,EAAE,CAAC,6DAA6D,EAAE,GAAG,EAAE;QACrE,MAAM,OAAO,GAAG,4GAA4G,CAAC;QAE7H,MAAM,CAAC,YAAY,CAAC,gBAAgB,EAAE,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;QAC3D,MAAM,CAAC,YAAY,CAAC,uBAAuB,EAAE,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;QAClE,MAAM,CAAC,YAAY,CAAC,uBAAuB,EAAE,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;QAClE,MAAM,CAAC,YAAY,CAAC,kBAAkB,EAAE,OAAO,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;QAC7D,MAAM,CACJ,YAAY,CAAC,sCAAsC,EAAE,OAAO,CAAC,CAC9D,CAAC,QAAQ,EAAE,CAAC;IACf,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC","sourcesContent":["import { describe, expect, it } from \"vitest\";\nimport {\n  assetBaseUrlTransform,\n  assetBaseUrlTransformPlugin,\n  isCssRequest,\n} from \"./asset-base-url-transform-plugin.js\";\n\ndescribe(\"assetBaseUrlTransform\", () => {\n  it(\"should transform asset paths to use window.skybridge.serverUrl\", () => {\n    const cases = [\n      {\n        desc: \"single-quoted\",\n        code: `const image = '/assets/logo.png';`,\n        expected: `const image = (window.skybridge?.serverUrl ?? \"\") + \"/assets/logo.png\";`,\n      },\n      {\n        desc: \"double-quoted\",\n        code: `const image = \"/assets/logo.png\";`,\n        expected: `const image = (window.skybridge?.serverUrl ?? \"\") + \"/assets/logo.png\";`,\n      },\n      {\n        desc: \"backtick-quoted\",\n        code: \"const image = `/assets/logo.png`;\",\n        expected: `const image = (window.skybridge?.serverUrl ?? \"\") + \"/assets/logo.png\";`,\n      },\n    ];\n\n    for (const { code, expected } of cases) {\n      const result = assetBaseUrlTransform(code);\n      expect(result).toBe(expected);\n    }\n  });\n\n  it(\"should transform multiple asset paths\", () => {\n    const code = `\n      const logo = '/assets/logo.png';\n      const icon = '/assets/icon.svg';\n      const font = '/assets/font.woff2';\n    `;\n    const result = assetBaseUrlTransform(code);\n\n    expect(result).toContain(\n      `(window.skybridge?.serverUrl ?? \"\") + \"/assets/logo.png\"`,\n    );\n    expect(result).toContain(\n      `(window.skybridge?.serverUrl ?? \"\") + \"/assets/icon.svg\"`,\n    );\n    expect(result).toContain(\n      `(window.skybridge?.serverUrl ?? \"\") + \"/assets/font.woff2\"`,\n    );\n  });\n\n  it(\"should not transform already absolute URLs\", () => {\n    const code = `\n      const local = '/assets/logo.png';\n      const http = 'http://example.com/image.png';\n      const https = 'https://example.com/image.png';\n    `;\n    const result = assetBaseUrlTransform(code);\n\n    expect(result).toContain(\n      `(window.skybridge?.serverUrl ?? \"\") + \"/assets/logo.png\"`,\n    );\n    expect(result).toContain(\"http://example.com/image.png\");\n    expect(result).toContain(\"https://example.com/image.png\");\n  });\n\n  it(\"should not transform code without asset paths\", () => {\n    const code = `const text = \"Hello World\";`;\n    const result = assetBaseUrlTransform(code);\n\n    expect(result).toBe(code);\n  });\n\n  it(\"should not transform asset paths inside static `import ... from` clauses\", () => {\n    // Reproducer for #713: a dep does `import * as sprite from './icons.svg'`,\n    // Vite resolves the relative path to absolute, then this transform used\n    // to rewrite the resolved string — producing invalid JS like\n    // `import * as sprite from (expr) + \"...\"` that crashes vite:import-analysis.\n    const cases = [\n      `import * as sprite from \"/Users/me/proj/node_modules/pkg/icons.svg\";`,\n      `import sprite from '/assets/icons.svg';`,\n      `import sprite from \"/assets/icons.svg\";`,\n      `export { default } from \"/assets/icons.svg\";`,\n      `export * from '/assets/sprites.svg';`,\n    ];\n\n    for (const code of cases) {\n      expect(assetBaseUrlTransform(code)).toBe(code);\n    }\n  });\n\n  it(\"should still transform value-position asset paths in files that also have unrelated imports\", () => {\n    const code = [\n      `import { foo } from \"./foo.js\";`,\n      `import * as sprite from \"/assets/sprite.svg\";`,\n      `const logo = \"/assets/logo.png\";`,\n    ].join(\"\\n\");\n    const result = assetBaseUrlTransform(code);\n\n    // Imports untouched\n    expect(result).toContain(`from \"./foo.js\"`);\n    expect(result).toContain(`from \"/assets/sprite.svg\"`);\n    // Value-position rewritten\n    expect(result).toContain(\n      `const logo = (window.skybridge?.serverUrl ?? \"\") + \"/assets/logo.png\";`,\n    );\n  });\n});\n\ndescribe(\"isCssRequest\", () => {\n  it(\"returns true for CSS-family extensions\", () => {\n    expect(isCssRequest(\"/src/styles.css\")).toBe(true);\n    expect(isCssRequest(\"/src/styles.module.css\")).toBe(true);\n    expect(isCssRequest(\"/src/styles.scss\")).toBe(true);\n    expect(isCssRequest(\"/src/styles.sass\")).toBe(true);\n    expect(isCssRequest(\"/src/styles.less\")).toBe(true);\n    expect(isCssRequest(\"/src/styles.styl\")).toBe(true);\n  });\n\n  it(\"returns true for CSS modules with Vite query strings\", () => {\n    expect(isCssRequest(\"/src/styles.css?direct\")).toBe(true);\n    expect(isCssRequest(\"/src/styles.css?inline\")).toBe(true);\n    expect(isCssRequest(\"/src/styles.css?used\")).toBe(true);\n    expect(isCssRequest(\"/src/Foo.vue?vue&type=style&lang.css\")).toBe(true);\n  });\n\n  it(\"returns false for non-CSS modules\", () => {\n    expect(isCssRequest(\"/src/index.tsx\")).toBe(false);\n    expect(isCssRequest(\"/src/utils.ts\")).toBe(false);\n    expect(isCssRequest(\"/src/Logo.svg\")).toBe(false);\n    expect(isCssRequest(\"/src/notes.cssx\")).toBe(false);\n  });\n});\n\ndescribe(\"assetBaseUrlTransformPlugin\", () => {\n  type TransformResult = { code: string; map: null } | null;\n\n  function runTransform(id: string, code: string): TransformResult {\n    const plugin = assetBaseUrlTransformPlugin();\n    const hook = plugin.transform;\n    if (!hook) {\n      throw new Error(\"plugin.transform is not defined\");\n    }\n    const handler = typeof hook === \"function\" ? hook : hook.handler;\n    return handler.call(\n      // biome-ignore lint/suspicious/noExplicitAny: vitest harness for plugin hook\n      {} as any,\n      code,\n      id,\n      { moduleType: \"js\" },\n    ) as TransformResult;\n  }\n\n  it(\"rewrites asset paths in JS modules\", () => {\n    const result = runTransform(\n      \"/src/widget.tsx\",\n      `const logo = \"/assets/logo.png\";`,\n    );\n    expect(result?.code).toContain(\n      `(window.skybridge?.serverUrl ?? \"\") + \"/assets/logo.png\"`,\n    );\n  });\n\n  // Reproducer for #697: CSS imports are served as JS modules with the\n  // stylesheet embedded as a string. Rewriting url(\"/foo.woff2\") inside that\n  // string would produce invalid CSS once the styles are injected.\n  it(\"does not rewrite asset paths when transforming a CSS module\", () => {\n    const cssCode = `__vite__updateStyle(\"style-id\", \"@font-face { src: url(\\\\\"/fonts/Brand.woff2\\\\\") format(\\\\\"woff2\\\\\"); }\");`;\n\n    expect(runTransform(\"/src/fonts.css\", cssCode)).toBeNull();\n    expect(runTransform(\"/src/fonts.css?direct\", cssCode)).toBeNull();\n    expect(runTransform(\"/src/fonts.css?inline\", cssCode)).toBeNull();\n    expect(runTransform(\"/src/styles.scss\", cssCode)).toBeNull();\n    expect(\n      runTransform(\"/src/Foo.vue?vue&type=style&lang.css\", cssCode),\n    ).toBeNull();\n  });\n});\n"]}

package/dist/server/auth.d.ts

@@ -0,0 +1,20 @@
+import { type BearerAuthMiddlewareOptions } from "@modelcontextprotocol/sdk/server/auth/middleware/bearerAuth.js";
+import type { RequestHandler } from "express";
+export { InvalidTokenError } from "@modelcontextprotocol/sdk/server/auth/errors.js";
+export { type BearerAuthMiddlewareOptions, requireBearerAuth, } from "@modelcontextprotocol/sdk/server/auth/middleware/bearerAuth.js";
+export { type AuthMetadataOptions, mcpAuthMetadataRouter, } from "@modelcontextprotocol/sdk/server/auth/router.js";
+export type { AuthInfo } from "@modelcontextprotocol/sdk/server/auth/types.js";
+/**
+ * Like `requireBearerAuth`, but lets requests through when no
+ * `Authorization` header is present. Used for mixed-auth servers where some
+ * tools are public and others require sign-in: each tool enforces its own
+ * `securitySchemes` against `extra.authInfo`.
+ *
+ * Behavior:
+ * - No `Authorization` header → `next()` without `req.auth`.
+ * - Valid Bearer token → `req.auth` set, same as `requireBearerAuth`.
+ * - Invalid / malformed / expired / insufficient-scope → same error response
+ *   as `requireBearerAuth` (401/403). Sending a bad token is still a client
+ *   error.
+ */
+export declare function optionalBearerAuth(options: BearerAuthMiddlewareOptions): RequestHandler;

package/dist/server/auth.js

@@ -0,0 +1,28 @@
+import { requireBearerAuth, } from "@modelcontextprotocol/sdk/server/auth/middleware/bearerAuth.js";
+export { InvalidTokenError } from "@modelcontextprotocol/sdk/server/auth/errors.js";
+export { requireBearerAuth, } from "@modelcontextprotocol/sdk/server/auth/middleware/bearerAuth.js";
+export { mcpAuthMetadataRouter, } from "@modelcontextprotocol/sdk/server/auth/router.js";
+/**
+ * Like `requireBearerAuth`, but lets requests through when no
+ * `Authorization` header is present. Used for mixed-auth servers where some
+ * tools are public and others require sign-in: each tool enforces its own
+ * `securitySchemes` against `extra.authInfo`.
+ *
+ * Behavior:
+ * - No `Authorization` header → `next()` without `req.auth`.
+ * - Valid Bearer token → `req.auth` set, same as `requireBearerAuth`.
+ * - Invalid / malformed / expired / insufficient-scope → same error response
+ *   as `requireBearerAuth` (401/403). Sending a bad token is still a client
+ *   error.
+ */
+export function optionalBearerAuth(options) {
+    const required = requireBearerAuth(options);
+    return (req, res, next) => {
+        if (!req.headers.authorization) {
+            next();
+            return;
+        }
+        return required(req, res, next);
+    };
+}
+//# sourceMappingURL=auth.js.map

package/dist/server/auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../src/server/auth.ts"],"names":[],"mappings":"AAAA,OAAO,EAEL,iBAAiB,GAClB,MAAM,gEAAgE,CAAC;AAIxE,OAAO,EAAE,iBAAiB,EAAE,MAAM,iDAAiD,CAAC;AACpF,OAAO,EAEL,iBAAiB,GAClB,MAAM,gEAAgE,CAAC;AACxE,OAAO,EAEL,qBAAqB,GACtB,MAAM,iDAAiD,CAAC;AAGzD;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,kBAAkB,CAChC,OAAoC;IAEpC,MAAM,QAAQ,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;IAC5C,OAAO,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;QACxB,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,aAAa,EAAE,CAAC;YAC/B,IAAI,EAAE,CAAC;YACP,OAAO;QACT,CAAC;QACD,OAAO,QAAQ,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;IAClC,CAAC,CAAC;AACJ,CAAC","sourcesContent":["import {\n  type BearerAuthMiddlewareOptions,\n  requireBearerAuth,\n} from \"@modelcontextprotocol/sdk/server/auth/middleware/bearerAuth.js\";\n\nimport type { RequestHandler } from \"express\";\n\nexport { InvalidTokenError } from \"@modelcontextprotocol/sdk/server/auth/errors.js\";\nexport {\n  type BearerAuthMiddlewareOptions,\n  requireBearerAuth,\n} from \"@modelcontextprotocol/sdk/server/auth/middleware/bearerAuth.js\";\nexport {\n  type AuthMetadataOptions,\n  mcpAuthMetadataRouter,\n} from \"@modelcontextprotocol/sdk/server/auth/router.js\";\nexport type { AuthInfo } from \"@modelcontextprotocol/sdk/server/auth/types.js\";\n\n/**\n * Like `requireBearerAuth`, but lets requests through when no\n * `Authorization` header is present. Used for mixed-auth servers where some\n * tools are public and others require sign-in: each tool enforces its own\n * `securitySchemes` against `extra.authInfo`.\n *\n * Behavior:\n * - No `Authorization` header → `next()` without `req.auth`.\n * - Valid Bearer token → `req.auth` set, same as `requireBearerAuth`.\n * - Invalid / malformed / expired / insufficient-scope → same error response\n *   as `requireBearerAuth` (401/403). Sending a bad token is still a client\n *   error.\n */\nexport function optionalBearerAuth(\n  options: BearerAuthMiddlewareOptions,\n): RequestHandler {\n  const required = requireBearerAuth(options);\n  return (req, res, next) => {\n    if (!req.headers.authorization) {\n      next();\n      return;\n    }\n    return required(req, res, next);\n  };\n}\n"]}

package/dist/server/content-helpers.d.ts

@@ -0,0 +1,27 @@
+import type { AudioContent, EmbeddedResource, ImageContent, ResourceLink, TextContent } from "@modelcontextprotocol/sdk/types.js";
+type ContentAnnotations = {
+    audience?: ("user" | "assistant")[];
+    priority?: number;
+    lastModified?: string;
+};
+export declare function text(value: string, annotations?: ContentAnnotations): TextContent;
+export declare function image(data: string | Uint8Array, mimeType: string, annotations?: ContentAnnotations): ImageContent;
+export declare function audio(data: string | Uint8Array, mimeType: string, annotations?: ContentAnnotations): AudioContent;
+export declare function embeddedResource(resource: {
+    uri: string;
+    mimeType?: string;
+    text: string;
+} | {
+    uri: string;
+    mimeType?: string;
+    blob: string;
+}, annotations?: ContentAnnotations): EmbeddedResource;
+export declare function resourceLink(link: {
+    uri: string;
+    name: string;
+    title?: string;
+    description?: string;
+    mimeType?: string;
+    size?: number;
+}, annotations?: ContentAnnotations): ResourceLink;
+export {};

package/dist/server/content-helpers.js

@@ -0,0 +1,46 @@
+/**
+ * Returns a base64-encoded string.
+ * - `Uint8Array` input is encoded via `Buffer.toString("base64")`.
+ * - `string` input is assumed to be **already base64-encoded** and is returned
+ *   as-is. Passing raw/unencoded string bytes will produce invalid MCP content.
+ */
+function toBase64(data) {
+    if (typeof data === "string") {
+        return data;
+    }
+    return Buffer.from(data).toString("base64");
+}
+export function text(value, annotations) {
+    return { type: "text", text: value, ...(annotations && { annotations }) };
+}
+export function image(data, mimeType, annotations) {
+    return {
+        type: "image",
+        data: toBase64(data),
+        mimeType,
+        ...(annotations && { annotations }),
+    };
+}
+export function audio(data, mimeType, annotations) {
+    return {
+        type: "audio",
+        data: toBase64(data),
+        mimeType,
+        ...(annotations && { annotations }),
+    };
+}
+export function embeddedResource(resource, annotations) {
+    return {
+        type: "resource",
+        resource,
+        ...(annotations && { annotations }),
+    };
+}
+export function resourceLink(link, annotations) {
+    return {
+        type: "resource_link",
+        ...link,
+        ...(annotations && { annotations }),
+    };
+}
+//# sourceMappingURL=content-helpers.js.map

package/dist/server/content-helpers.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"content-helpers.js","sourceRoot":"","sources":["../../src/server/content-helpers.ts"],"names":[],"mappings":"AAcA;;;;;GAKG;AACH,SAAS,QAAQ,CAAC,IAAyB;IACzC,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE,CAAC;QAC7B,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;AAC9C,CAAC;AAED,MAAM,UAAU,IAAI,CAClB,KAAa,EACb,WAAgC;IAEhC,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,CAAC,WAAW,IAAI,EAAE,WAAW,EAAE,CAAC,EAAE,CAAC;AAC5E,CAAC;AAED,MAAM,UAAU,KAAK,CACnB,IAAyB,EACzB,QAAgB,EAChB,WAAgC;IAEhC,OAAO;QACL,IAAI,EAAE,OAAO;QACb,IAAI,EAAE,QAAQ,CAAC,IAAI,CAAC;QACpB,QAAQ;QACR,GAAG,CAAC,WAAW,IAAI,EAAE,WAAW,EAAE,CAAC;KACpC,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,KAAK,CACnB,IAAyB,EACzB,QAAgB,EAChB,WAAgC;IAEhC,OAAO;QACL,IAAI,EAAE,OAAO;QACb,IAAI,EAAE,QAAQ,CAAC,IAAI,CAAC;QACpB,QAAQ;QACR,GAAG,CAAC,WAAW,IAAI,EAAE,WAAW,EAAE,CAAC;KACpC,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,gBAAgB,CAC9B,QAEoD,EACpD,WAAgC;IAEhC,OAAO;QACL,IAAI,EAAE,UAAU;QAChB,QAAQ;QACR,GAAG,CAAC,WAAW,IAAI,EAAE,WAAW,EAAE,CAAC;KACpC,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,YAAY,CAC1B,IAOC,EACD,WAAgC;IAEhC,OAAO;QACL,IAAI,EAAE,eAAe;QACrB,GAAG,IAAI;QACP,GAAG,CAAC,WAAW,IAAI,EAAE,WAAW,EAAE,CAAC;KACpC,CAAC;AACJ,CAAC","sourcesContent":["import type {\n  AudioContent,\n  EmbeddedResource,\n  ImageContent,\n  ResourceLink,\n  TextContent,\n} from \"@modelcontextprotocol/sdk/types.js\";\n\ntype ContentAnnotations = {\n  audience?: (\"user\" | \"assistant\")[];\n  priority?: number;\n  lastModified?: string;\n};\n\n/**\n * Returns a base64-encoded string.\n * - `Uint8Array` input is encoded via `Buffer.toString(\"base64\")`.\n * - `string` input is assumed to be **already base64-encoded** and is returned\n *   as-is. Passing raw/unencoded string bytes will produce invalid MCP content.\n */\nfunction toBase64(data: string | Uint8Array): string {\n  if (typeof data === \"string\") {\n    return data;\n  }\n  return Buffer.from(data).toString(\"base64\");\n}\n\nexport function text(\n  value: string,\n  annotations?: ContentAnnotations,\n): TextContent {\n  return { type: \"text\", text: value, ...(annotations && { annotations }) };\n}\n\nexport function image(\n  data: string | Uint8Array,\n  mimeType: string,\n  annotations?: ContentAnnotations,\n): ImageContent {\n  return {\n    type: \"image\",\n    data: toBase64(data),\n    mimeType,\n    ...(annotations && { annotations }),\n  };\n}\n\nexport function audio(\n  data: string | Uint8Array,\n  mimeType: string,\n  annotations?: ContentAnnotations,\n): AudioContent {\n  return {\n    type: \"audio\",\n    data: toBase64(data),\n    mimeType,\n    ...(annotations && { annotations }),\n  };\n}\n\nexport function embeddedResource(\n  resource:\n    | { uri: string; mimeType?: string; text: string }\n    | { uri: string; mimeType?: string; blob: string },\n  annotations?: ContentAnnotations,\n): EmbeddedResource {\n  return {\n    type: \"resource\",\n    resource,\n    ...(annotations && { annotations }),\n  };\n}\n\nexport function resourceLink(\n  link: {\n    uri: string;\n    name: string;\n    title?: string;\n    description?: string;\n    mimeType?: string;\n    size?: number;\n  },\n  annotations?: ContentAnnotations,\n): ResourceLink {\n  return {\n    type: \"resource_link\",\n    ...link,\n    ...(annotations && { annotations }),\n  };\n}\n"]}

package/dist/server/content-helpers.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/server/content-helpers.test.js

@@ -0,0 +1,70 @@
+import { describe, expect, it } from "vitest";
+import { audio, embeddedResource, image, resourceLink, text, } from "./content-helpers.js";
+describe("text", () => {
+    it("returns a TextContent without annotations when none given", () => {
+        expect(text("hello")).toEqual({ type: "text", text: "hello" });
+    });
+    it("includes annotations when provided", () => {
+        expect(text("hi", { priority: 1 })).toEqual({
+            type: "text",
+            text: "hi",
+            annotations: { priority: 1 },
+        });
+    });
+});
+describe("image", () => {
+    it("base64-encodes Uint8Array data", () => {
+        const bytes = new Uint8Array([104, 105]);
+        expect(image(bytes, "image/png")).toEqual({
+            type: "image",
+            data: "aGk=",
+            mimeType: "image/png",
+        });
+    });
+    it("passes string data through unchanged (caller is responsible for base64)", () => {
+        expect(image("YWxyZWFkeS1iNjQ=", "image/png")).toEqual({
+            type: "image",
+            data: "YWxyZWFkeS1iNjQ=",
+            mimeType: "image/png",
+        });
+    });
+});
+describe("audio", () => {
+    it("base64-encodes Uint8Array data", () => {
+        const bytes = new Uint8Array([104, 105]);
+        expect(audio(bytes, "audio/mpeg")).toMatchObject({
+            type: "audio",
+            data: "aGk=",
+            mimeType: "audio/mpeg",
+        });
+    });
+});
+describe("embeddedResource", () => {
+    it("wraps a text resource with a type tag", () => {
+        expect(embeddedResource({
+            uri: "file:///a.txt",
+            mimeType: "text/plain",
+            text: "x",
+        })).toEqual({
+            type: "resource",
+            resource: { uri: "file:///a.txt", mimeType: "text/plain", text: "x" },
+        });
+    });
+    it("wraps a blob resource with a type tag", () => {
+        expect(embeddedResource({ uri: "file:///a.bin", blob: "YmFy" })).toEqual({
+            type: "resource",
+            resource: { uri: "file:///a.bin", blob: "YmFy" },
+        });
+    });
+});
+describe("resourceLink", () => {
+    it("spreads link fields alongside the type tag", () => {
+        expect(resourceLink({ uri: "file:///a", name: "a", title: "A" })).toEqual({
+            type: "resource_link",
+            uri: "file:///a",
+            name: "a",
+            title: "A",
+        });
+    });
+});
+//# sourceMappingURL=content-helpers.test.js.map

package/dist/server/content-helpers.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"content-helpers.test.js","sourceRoot":"","sources":["../../src/server/content-helpers.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EACL,KAAK,EACL,gBAAgB,EAChB,KAAK,EACL,YAAY,EACZ,IAAI,GACL,MAAM,sBAAsB,CAAC;AAE9B,QAAQ,CAAC,MAAM,EAAE,GAAG,EAAE;IACpB,EAAE,CAAC,2DAA2D,EAAE,GAAG,EAAE;QACnE,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;IACjE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,oCAAoC,EAAE,GAAG,EAAE;QAC5C,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,QAAQ,EAAE,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC;YAC1C,IAAI,EAAE,MAAM;YACZ,IAAI,EAAE,IAAI;YACV,WAAW,EAAE,EAAE,QAAQ,EAAE,CAAC,EAAE;SAC7B,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,OAAO,EAAE,GAAG,EAAE;IACrB,EAAE,CAAC,gCAAgC,EAAE,GAAG,EAAE;QACxC,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC;QACzC,MAAM,CAAC,KAAK,CAAC,KAAK,EAAE,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC;YACxC,IAAI,EAAE,OAAO;YACb,IAAI,EAAE,MAAM;YACZ,QAAQ,EAAE,WAAW;SACtB,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yEAAyE,EAAE,GAAG,EAAE;QACjF,MAAM,CAAC,KAAK,CAAC,kBAAkB,EAAE,WAAW,CAAC,CAAC,CAAC,OAAO,CAAC;YACrD,IAAI,EAAE,OAAO;YACb,IAAI,EAAE,kBAAkB;YACxB,QAAQ,EAAE,WAAW;SACtB,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,OAAO,EAAE,GAAG,EAAE;IACrB,EAAE,CAAC,gCAAgC,EAAE,GAAG,EAAE;QACxC,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC,CAAC;QACzC,MAAM,CAAC,KAAK,CAAC,KAAK,EAAE,YAAY,CAAC,CAAC,CAAC,aAAa,CAAC;YAC/C,IAAI,EAAE,OAAO;YACb,IAAI,EAAE,MAAM;YACZ,QAAQ,EAAE,YAAY;SACvB,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,kBAAkB,EAAE,GAAG,EAAE;IAChC,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;QAC/C,MAAM,CACJ,gBAAgB,CAAC;YACf,GAAG,EAAE,eAAe;YACpB,QAAQ,EAAE,YAAY;YACtB,IAAI,EAAE,GAAG;SACV,CAAC,CACH,CAAC,OAAO,CAAC;YACR,IAAI,EAAE,UAAU;YAChB,QAAQ,EAAE,EAAE,GAAG,EAAE,eAAe,EAAE,QAAQ,EAAE,YAAY,EAAE,IAAI,EAAE,GAAG,EAAE;SACtE,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;QAC/C,MAAM,CAAC,gBAAgB,CAAC,EAAE,GAAG,EAAE,eAAe,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC;YACvE,IAAI,EAAE,UAAU;YAChB,QAAQ,EAAE,EAAE,GAAG,EAAE,eAAe,EAAE,IAAI,EAAE,MAAM,EAAE;SACjD,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,cAAc,EAAE,GAAG,EAAE;IAC5B,EAAE,CAAC,4CAA4C,EAAE,GAAG,EAAE;QACpD,MAAM,CAAC,YAAY,CAAC,EAAE,GAAG,EAAE,WAAW,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC;YACxE,IAAI,EAAE,eAAe;YACrB,GAAG,EAAE,WAAW;YAChB,IAAI,EAAE,GAAG;YACT,KAAK,EAAE,GAAG;SACX,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC","sourcesContent":["import { describe, expect, it } from \"vitest\";\nimport {\n  audio,\n  embeddedResource,\n  image,\n  resourceLink,\n  text,\n} from \"./content-helpers.js\";\n\ndescribe(\"text\", () => {\n  it(\"returns a TextContent without annotations when none given\", () => {\n    expect(text(\"hello\")).toEqual({ type: \"text\", text: \"hello\" });\n  });\n\n  it(\"includes annotations when provided\", () => {\n    expect(text(\"hi\", { priority: 1 })).toEqual({\n      type: \"text\",\n      text: \"hi\",\n      annotations: { priority: 1 },\n    });\n  });\n});\n\ndescribe(\"image\", () => {\n  it(\"base64-encodes Uint8Array data\", () => {\n    const bytes = new Uint8Array([104, 105]);\n    expect(image(bytes, \"image/png\")).toEqual({\n      type: \"image\",\n      data: \"aGk=\",\n      mimeType: \"image/png\",\n    });\n  });\n\n  it(\"passes string data through unchanged (caller is responsible for base64)\", () => {\n    expect(image(\"YWxyZWFkeS1iNjQ=\", \"image/png\")).toEqual({\n      type: \"image\",\n      data: \"YWxyZWFkeS1iNjQ=\",\n      mimeType: \"image/png\",\n    });\n  });\n});\n\ndescribe(\"audio\", () => {\n  it(\"base64-encodes Uint8Array data\", () => {\n    const bytes = new Uint8Array([104, 105]);\n    expect(audio(bytes, \"audio/mpeg\")).toMatchObject({\n      type: \"audio\",\n      data: \"aGk=\",\n      mimeType: \"audio/mpeg\",\n    });\n  });\n});\n\ndescribe(\"embeddedResource\", () => {\n  it(\"wraps a text resource with a type tag\", () => {\n    expect(\n      embeddedResource({\n        uri: \"file:///a.txt\",\n        mimeType: \"text/plain\",\n        text: \"x\",\n      }),\n    ).toEqual({\n      type: \"resource\",\n      resource: { uri: \"file:///a.txt\", mimeType: \"text/plain\", text: \"x\" },\n    });\n  });\n\n  it(\"wraps a blob resource with a type tag\", () => {\n    expect(embeddedResource({ uri: \"file:///a.bin\", blob: \"YmFy\" })).toEqual({\n      type: \"resource\",\n      resource: { uri: \"file:///a.bin\", blob: \"YmFy\" },\n    });\n  });\n});\n\ndescribe(\"resourceLink\", () => {\n  it(\"spreads link fields alongside the type tag\", () => {\n    expect(resourceLink({ uri: \"file:///a\", name: \"a\", title: \"A\" })).toEqual({\n      type: \"resource_link\",\n      uri: \"file:///a\",\n      name: \"a\",\n      title: \"A\",\n    });\n  });\n});\n"]}

package/dist/server/express.d.ts

@@ -0,0 +1,11 @@
+import type http from "node:http";
+import express from "express";
+import type { McpServer } from "./server.js";
+export declare function createApp({ mcpServer, httpServer, errorMiddleware, }: {
+    mcpServer: McpServer;
+    httpServer: http.Server;
+    errorMiddleware?: {
+        path?: string;
+        handlers: express.ErrorRequestHandler[];
+    }[];
+}): Promise<express.Express>;

package/dist/server/express.js

@@ -0,0 +1,101 @@
+import path from "node:path";
+import { StreamableHTTPServerTransport } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
+import cors from "cors";
+import express from "express";
+function parseControlPort(raw) {
+    if (raw === undefined) {
+        return null;
+    }
+    const n = Number.parseInt(raw, 10);
+    if (!Number.isFinite(n) || n <= 0 || n >= 65536) {
+        return null;
+    }
+    return n;
+}
+function applyMiddlewares(app, middlewares) {
+    for (const middleware of middlewares) {
+        if (middleware.path) {
+            app.use(middleware.path, ...middleware.handlers);
+        }
+        else {
+            app.use(...middleware.handlers);
+        }
+    }
+}
+function defaultErrorHandler(err, _req, res, _next) {
+    console.error("Error handling MCP request:", err);
+    if (!res.headersSent) {
+        res.status(500).json({
+            jsonrpc: "2.0",
+            error: { code: -32603, message: "Internal server error" },
+            id: null,
+        });
+    }
+}
+export async function createApp({ mcpServer, httpServer, errorMiddleware = [], }) {
+    const app = mcpServer.express;
+    // Read `process.env.NODE_ENV` inline: wrangler/esbuild only substitute the literal expression,
+    // so a local const would defeat dead-code elimination of the dev-only imports below.
+    if (process.env.NODE_ENV !== "production") {
+        const { devtoolsStaticServer } = await import("@skybridge/devtools");
+        app.use(await devtoolsStaticServer());
+        const { viewsDevServer } = await import("./viewsDevServer.js");
+        app.use(await viewsDevServer(httpServer));
+        const controlPort = parseControlPort(process.env.__TUNNEL_CONTROL_PORT);
+        if (controlPort !== null) {
+            const { createTunnelProxyRouter } = await import("./tunnel-proxy-router.js");
+            app.use(createTunnelProxyRouter(controlPort));
+        }
+        else if (process.env.__TUNNEL_CONTROL_PORT !== undefined) {
+            console.warn(`Ignoring invalid __TUNNEL_CONTROL_PORT=${process.env.__TUNNEL_CONTROL_PORT}`);
+        }
+    }
+    else {
+        const assetsPath = path.join(process.cwd(), "dist", "assets");
+        app.use("/assets", cors());
+        app.use("/assets", express.static(assetsPath));
+    }
+    app.use("/mcp", mcpMiddleware(mcpServer));
+    applyMiddlewares(app, errorMiddleware);
+    app.use("/mcp", defaultErrorHandler);
+    return app;
+}
+const mcpMiddleware = (server) => {
+    return async (req, res, next) => {
+        if (req.method !== "POST") {
+            res.writeHead(405).end(JSON.stringify({
+                jsonrpc: "2.0",
+                error: {
+                    code: -32000,
+                    message: "Method not allowed.",
+                },
+                id: null,
+            }));
+            return;
+        }
+        try {
+            const transport = new StreamableHTTPServerTransport({
+                sessionIdGenerator: undefined,
+                // Respond with a single JSON body instead of SSE. Skybridge's stateless
+                // transport never streams server-initiated messages, so SSE adds no
+                // capability — and on workerd specifically, `cloudflare:node`'s http
+                // bridge silently drops chunked writes that happen after the request
+                // handler awaits, which manifests as a 200 with empty body for any
+                // async tools/call.
+                enableJsonResponse: true,
+            });
+            res.on("close", () => {
+                transport.close();
+            });
+            await server.connectStatelessTransport(transport);
+            // Express strips the mount path from req.url (e.g. "/mcp" becomes "/").
+            // Restore it so the SDK builds the correct requestInfo.url.
+            req.url = req.originalUrl;
+            await transport.handleRequest(req, res, req.body);
+        }
+        catch (error) {
+            next(error);
+        }
+    };
+};
+//# sourceMappingURL=express.js.map

package/dist/server/express.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"express.js","sourceRoot":"","sources":["../../src/server/express.ts"],"names":[],"mappings":"AACA,OAAO,IAAI,MAAM,WAAW,CAAC;AAC7B,OAAO,EAAE,6BAA6B,EAAE,MAAM,oDAAoD,CAAC;AACnG,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,OAAO,MAAM,SAAS,CAAC;AAG9B,SAAS,gBAAgB,CAAC,GAAuB;IAC/C,IAAI,GAAG,KAAK,SAAS,EAAE,CAAC;QACtB,OAAO,IAAI,CAAC;IACd,CAAC;IACD,MAAM,CAAC,GAAG,MAAM,CAAC,QAAQ,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;IACnC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,KAAK,EAAE,CAAC;QAChD,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC;AAED,SAAS,gBAAgB,CACvB,GAAoB,EACpB,WAGE;IAEF,KAAK,MAAM,UAAU,IAAI,WAAW,EAAE,CAAC;QACrC,IAAI,UAAU,CAAC,IAAI,EAAE,CAAC;YACpB,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,EAAE,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC;QACnD,CAAC;aAAM,CAAC;YACN,GAAG,CAAC,GAAG,CAAC,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC;QAClC,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,mBAAmB,CAC1B,GAAY,EACZ,IAAqB,EACrB,GAAqB,EACrB,KAA2B;IAE3B,OAAO,CAAC,KAAK,CAAC,6BAA6B,EAAE,GAAG,CAAC,CAAC;IAClD,IAAI,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;QACrB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YACnB,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,EAAE,IAAI,EAAE,CAAC,KAAK,EAAE,OAAO,EAAE,uBAAuB,EAAE;YACzD,EAAE,EAAE,IAAI;SACT,CAAC,CAAC;IACL,CAAC;AACH,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,SAAS,CAAC,EAC9B,SAAS,EACT,UAAU,EACV,eAAe,GAAG,EAAE,GAQrB;IACC,MAAM,GAAG,GAAG,SAAS,CAAC,OAAO,CAAC;IAE9B,+FAA+F;IAC/F,qFAAqF;IACrF,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,EAAE,CAAC;QAC1C,MAAM,EAAE,oBAAoB,EAAE,GAAG,MAAM,MAAM,CAAC,qBAAqB,CAAC,CAAC;QACrE,GAAG,CAAC,GAAG,CAAC,MAAM,oBAAoB,EAAE,CAAC,CAAC;QACtC,MAAM,EAAE,cAAc,EAAE,GAAG,MAAM,MAAM,CAAC,qBAAqB,CAAC,CAAC;QAC/D,GAAG,CAAC,GAAG,CAAC,MAAM,cAAc,CAAC,UAAU,CAAC,CAAC,CAAC;QAE1C,MAAM,WAAW,GAAG,gBAAgB,CAAC,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;QACxE,IAAI,WAAW,KAAK,IAAI,EAAE,CAAC;YACzB,MAAM,EAAE,uBAAuB,EAAE,GAAG,MAAM,MAAM,CAC9C,0BAA0B,CAC3B,CAAC;YACF,GAAG,CAAC,GAAG,CAAC,uBAAuB,CAAC,WAAW,CAAC,CAAC,CAAC;QAChD,CAAC;aAAM,IAAI,OAAO,CAAC,GAAG,CAAC,qBAAqB,KAAK,SAAS,EAAE,CAAC;YAC3D,OAAO,CAAC,IAAI,CACV,0CAA0C,OAAO,CAAC,GAAG,CAAC,qBAAqB,EAAE,CAC9E,CAAC;QACJ,CAAC;IACH,CAAC;SAAM,CAAC;QACN,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;QAE9D,GAAG,CAAC,GAAG,CAAC,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC3B,GAAG,CAAC,GAAG,CAAC,SAAS,EAAE,OAAO,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC,CAAC;IACjD,CAAC;IAED,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,aAAa,CAAC,SAAS,CAAC,CAAC,CAAC;IAE1C,gBAAgB,CAAC,GAAG,EAAE,eAAe,CAAC,CAAC;IAEvC,GAAG,CAAC,GAAG,CAAC,MAAM,EAAE,mBAAmB,CAAC,CAAC;IAErC,OAAO,GAAG,CAAC;AACb,CAAC;AAED,MAAM,aAAa,GAAG,CAAC,MAAiB,EAA0B,EAAE;IAClE,OAAO,KAAK,EACV,GAAoB,EACpB,GAAqB,EACrB,IAA0B,EAC1B,EAAE;QACF,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;YAC1B,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,GAAG,CACpB,IAAI,CAAC,SAAS,CAAC;gBACb,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE;oBACL,IAAI,EAAE,CAAC,KAAK;oBACZ,OAAO,EAAE,qBAAqB;iBAC/B;gBACD,EAAE,EAAE,IAAI;aACT,CAAC,CACH,CAAC;YACF,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,IAAI,6BAA6B,CAAC;gBAClD,kBAAkB,EAAE,SAAS;gBAC7B,wEAAwE;gBACxE,oEAAoE;gBACpE,qEAAqE;gBACrE,qEAAqE;gBACrE,mEAAmE;gBACnE,oBAAoB;gBACpB,kBAAkB,EAAE,IAAI;aACzB,CAAC,CAAC;YAEH,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;gBACnB,SAAS,CAAC,KAAK,EAAE,CAAC;YACpB,CAAC,CAAC,CAAC;YAEH,MAAM,MAAM,CAAC,yBAAyB,CAAC,SAAS,CAAC,CAAC;YAClD,wEAAwE;YACxE,4DAA4D;YAC5D,GAAG,CAAC,GAAG,GAAG,GAAG,CAAC,WAAW,CAAC;YAC1B,MAAM,SAAS,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;QACpD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,KAAK,CAAC,CAAC;QACd,CAAC;IACH,CAAC,CAAC;AACJ,CAAC,CAAC","sourcesContent":["import type http from \"node:http\";\nimport path from \"node:path\";\nimport { StreamableHTTPServerTransport } from \"@modelcontextprotocol/sdk/server/streamableHttp.js\";\nimport cors from \"cors\";\nimport express from \"express\";\nimport type { McpServer } from \"./server.js\";\n\nfunction parseControlPort(raw: string | undefined): number | null {\n  if (raw === undefined) {\n    return null;\n  }\n  const n = Number.parseInt(raw, 10);\n  if (!Number.isFinite(n) || n <= 0 || n >= 65536) {\n    return null;\n  }\n  return n;\n}\n\nfunction applyMiddlewares(\n  app: express.Express,\n  middlewares: Array<{\n    path?: string;\n    handlers: express.ErrorRequestHandler[];\n  }>,\n): void {\n  for (const middleware of middlewares) {\n    if (middleware.path) {\n      app.use(middleware.path, ...middleware.handlers);\n    } else {\n      app.use(...middleware.handlers);\n    }\n  }\n}\n\nfunction defaultErrorHandler(\n  err: unknown,\n  _req: express.Request,\n  res: express.Response,\n  _next: express.NextFunction,\n) {\n  console.error(\"Error handling MCP request:\", err);\n  if (!res.headersSent) {\n    res.status(500).json({\n      jsonrpc: \"2.0\",\n      error: { code: -32603, message: \"Internal server error\" },\n      id: null,\n    });\n  }\n}\n\nexport async function createApp({\n  mcpServer,\n  httpServer,\n  errorMiddleware = [],\n}: {\n  mcpServer: McpServer;\n  httpServer: http.Server;\n  errorMiddleware?: {\n    path?: string;\n    handlers: express.ErrorRequestHandler[];\n  }[];\n}): Promise<express.Express> {\n  const app = mcpServer.express;\n\n  // Read `process.env.NODE_ENV` inline: wrangler/esbuild only substitute the literal expression,\n  // so a local const would defeat dead-code elimination of the dev-only imports below.\n  if (process.env.NODE_ENV !== \"production\") {\n    const { devtoolsStaticServer } = await import(\"@skybridge/devtools\");\n    app.use(await devtoolsStaticServer());\n    const { viewsDevServer } = await import(\"./viewsDevServer.js\");\n    app.use(await viewsDevServer(httpServer));\n\n    const controlPort = parseControlPort(process.env.__TUNNEL_CONTROL_PORT);\n    if (controlPort !== null) {\n      const { createTunnelProxyRouter } = await import(\n        \"./tunnel-proxy-router.js\"\n      );\n      app.use(createTunnelProxyRouter(controlPort));\n    } else if (process.env.__TUNNEL_CONTROL_PORT !== undefined) {\n      console.warn(\n        `Ignoring invalid __TUNNEL_CONTROL_PORT=${process.env.__TUNNEL_CONTROL_PORT}`,\n      );\n    }\n  } else {\n    const assetsPath = path.join(process.cwd(), \"dist\", \"assets\");\n\n    app.use(\"/assets\", cors());\n    app.use(\"/assets\", express.static(assetsPath));\n  }\n\n  app.use(\"/mcp\", mcpMiddleware(mcpServer));\n\n  applyMiddlewares(app, errorMiddleware);\n\n  app.use(\"/mcp\", defaultErrorHandler);\n\n  return app;\n}\n\nconst mcpMiddleware = (server: McpServer): express.RequestHandler => {\n  return async (\n    req: express.Request,\n    res: express.Response,\n    next: express.NextFunction,\n  ) => {\n    if (req.method !== \"POST\") {\n      res.writeHead(405).end(\n        JSON.stringify({\n          jsonrpc: \"2.0\",\n          error: {\n            code: -32000,\n            message: \"Method not allowed.\",\n          },\n          id: null,\n        }),\n      );\n      return;\n    }\n\n    try {\n      const transport = new StreamableHTTPServerTransport({\n        sessionIdGenerator: undefined,\n        // Respond with a single JSON body instead of SSE. Skybridge's stateless\n        // transport never streams server-initiated messages, so SSE adds no\n        // capability — and on workerd specifically, `cloudflare:node`'s http\n        // bridge silently drops chunked writes that happen after the request\n        // handler awaits, which manifests as a 200 with empty body for any\n        // async tools/call.\n        enableJsonResponse: true,\n      });\n\n      res.on(\"close\", () => {\n        transport.close();\n      });\n\n      await server.connectStatelessTransport(transport);\n      // Express strips the mount path from req.url (e.g. \"/mcp\" becomes \"/\").\n      // Restore it so the SDK builds the correct requestInfo.url.\n      req.url = req.originalUrl;\n      await transport.handleRequest(req, res, req.body);\n    } catch (error) {\n      next(error);\n    }\n  };\n};\n"]}

package/dist/server/express.test.d.ts

@@ -0,0 +1 @@
+export {};