sunpeak 0.18.13 → 0.18.14

package/dist/mcp/index.cjs

@@ -7570,7 +7570,7 @@ var toRequestError = (e) => {
 	return new RequestError(e.message, { cause: e });
 };
 var GlobalRequest = global.Request;
-var Request = class extends GlobalRequest {
+var Request$1 = class extends GlobalRequest {
 	constructor(input, options) {
 		if (typeof input === "object" && getRequestCache in input) input = input[getRequestCache]();
 		if (typeof options?.body?.getReader !== "undefined") options.duplex ??= "half";
@@ -7595,7 +7595,7 @@ var newRequestFromIncoming = (method, url, headers, incoming, abortController) =
 	};
 	if (method === "TRACE") {
 		init.method = "GET";
-		const req = new Request(url, init);
+		const req = new Request$1(url, init);
 		Object.defineProperty(req, "method", { get() {
 			return "TRACE";
 		} });
@@ -7618,7 +7618,7 @@ var newRequestFromIncoming = (method, url, headers, incoming, abortController) =
 			}
 		} });
 	} else init.body = stream.Readable.toWeb(incoming);
-	return new Request(url, init);
+	return new Request$1(url, init);
 };
 var getRequestCache = Symbol("getRequestCache");
 var requestCache = Symbol("requestCache");
@@ -7675,7 +7675,7 @@ var requestPrototype = {
 		return this[getRequestCache]()[k]();
 	} });
 });
-Object.setPrototypeOf(requestPrototype, Request.prototype);
+Object.setPrototypeOf(requestPrototype, Request$1.prototype);
 var newRequest = (incoming, defaultHostname) => {
 	const req = Object.create(requestPrototype);
 	req[incomingKey] = incoming;
@@ -7926,8 +7926,8 @@ var responseViaResponseObject = async (res, outgoing, options = {}) => {
 };
 var getRequestListener = (fetchCallback, options = {}) => {
 	const autoCleanupIncoming = options.autoCleanupIncoming ?? true;
-	if (options.overrideGlobalObjects !== false && global.Request !== Request) {
-		Object.defineProperty(global, "Request", { value: Request });
+	if (options.overrideGlobalObjects !== false && global.Request !== Request$1) {
+		Object.defineProperty(global, "Request", { value: Request$1 });
 		Object.defineProperty(global, "Response", { value: Response2 });
 	}
 	return async (incoming, outgoing) => {
@@ -9870,6 +9870,39 @@ var CORS_HEADERS = {
 	"Access-Control-Allow-Headers": "content-type, accept, authorization, mcp-session-id, ngrok-skip-browser-warning",
 	"Access-Control-Expose-Headers": "mcp-session-id"
 };
+/** Convert a Node.js IncomingMessage to a minimal Web Standard Request (body is passed separately). */
+function nodeReqToWebRequest(req) {
+	const url = new node_url.URL(req.url, `http://${req.headers.host ?? "localhost"}`);
+	const headers = new Headers();
+	for (const [key, value] of Object.entries(req.headers)) if (value != null) headers.set(key, Array.isArray(value) ? value.join(", ") : value);
+	return new Request(url.toString(), {
+		method: req.method,
+		headers
+	});
+}
+/** Pipe a Web Standard Response (including streaming SSE) back to a Node.js ServerResponse. */
+async function pipeWebResponseToNode(webResponse, res) {
+	const headers = {};
+	webResponse.headers.forEach((value, key) => {
+		headers[key] = value;
+	});
+	res.writeHead(webResponse.status, headers);
+	if (!webResponse.body) {
+		res.end();
+		return;
+	}
+	const reader = webResponse.body.getReader();
+	res.on("close", () => reader.cancel());
+	try {
+		for (;;) {
+			const { done, value } = await reader.read();
+			if (done) break;
+			if (!res.destroyed) res.write(value);
+		}
+	} finally {
+		if (!res.destroyed) res.end();
+	}
+}
 /**
 * Create a request handler that manages MCP sessions over Streamable HTTP.
 *
@@ -9921,15 +9954,18 @@ function createMcpHandler(config) {
 			res.end();
 			return;
 		}
-		for (const [key, value] of Object.entries(CORS_HEADERS)) res.setHeader(key, value);
+		let authInfo;
 		if (authFn) {
-			const authInfo = await authFn(req);
-			if (!authInfo) {
-				res.writeHead(401, { "WWW-Authenticate": "Bearer" });
+			const result = await authFn(req);
+			if (!result) {
+				res.writeHead(401, {
+					...CORS_HEADERS,
+					"WWW-Authenticate": "Bearer"
+				});
 				res.end("Unauthorized");
 				return;
 			}
-			req.auth = authInfo;
+			authInfo = result;
 		}
 		let parsedBody;
 		if (req.method === "POST") {
@@ -9955,6 +9991,7 @@ function createMcpHandler(config) {
 				return;
 			}
 		}
+		const webRequest = nodeReqToWebRequest(req);
 		const sessionId = req.headers["mcp-session-id"];
 		if (sessionId) {
 			const session = sessions.get(sessionId);
@@ -9963,12 +10000,15 @@ function createMcpHandler(config) {
 				return;
 			}
 			session.lastActivity = Date.now();
-			await session.transport.handleRequest(req, res, parsedBody);
+			await pipeWebResponseToNode(addCorsHeaders(await session.transport.handleRequest(webRequest, {
+				parsedBody,
+				authInfo
+			})), res);
 			return;
 		}
 		if (req.method === "POST") {
 			const server = createProductionMcpServer(config);
-			const transport = new StreamableHTTPServerTransport({
+			const transport = new WebStandardStreamableHTTPServerTransport({
 				sessionIdGenerator: () => (0, node_crypto.randomUUID)(),
 				enableJsonResponse: config.enableJsonResponse ?? true,
 				onsessioninitialized: (id) => {
@@ -10008,7 +10048,10 @@ function createMcpHandler(config) {
 				}
 			};
 			await server.connect(transport);
-			await transport.handleRequest(req, res, parsedBody);
+			await pipeWebResponseToNode(addCorsHeaders(await transport.handleRequest(webRequest, {
+				parsedBody,
+				authInfo
+			})), res);
 			return;
 		}
 		res.writeHead(400).end("Bad Request: session ID required");
@@ -10141,8 +10184,7 @@ function createHandler(config) {
 /** Add CORS headers to a response (including streaming SSE responses). */
 function addCorsHeaders(response) {
 	const headers = new Headers(response.headers);
-	headers.set("Access-Control-Allow-Origin", "*");
-	headers.set("Access-Control-Expose-Headers", "mcp-session-id");
+	for (const [key, value] of Object.entries(CORS_HEADERS)) headers.set(key, value);
 	return new Response(response.body, {
 		status: response.status,
 		statusText: response.statusText,