npm - sunpeak - Versions diffs - 0.19.2 → 0.19.10 - Mend

sunpeak 0.19.2 → 0.19.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (90) hide show

package/README.md +6 -4
package/bin/commands/dev.mjs +1 -1
package/bin/commands/inspect.mjs +1 -1
package/bin/commands/new.mjs +9 -5
package/bin/commands/start.mjs +3 -1
package/bin/commands/test-init.mjs +478 -76
package/bin/commands/test.mjs +357 -4
package/bin/lib/eval/eval-reporter.mjs +105 -0
package/bin/lib/eval/eval-runner.mjs +310 -0
package/bin/lib/eval/eval-types.d.mts +168 -0
package/bin/lib/eval/eval-vitest-plugin.mjs +158 -0
package/bin/lib/eval/model-registry.mjs +73 -0
package/bin/lib/sandbox-server.mjs +5 -2
package/bin/sunpeak.js +1 -0
package/dist/chatgpt/index.cjs +1 -1
package/dist/chatgpt/index.js +1 -1
package/dist/claude/index.cjs +1 -1
package/dist/claude/index.js +1 -1
package/dist/host/chatgpt/index.cjs +1 -1
package/dist/host/chatgpt/index.js +1 -1
package/dist/index.cjs +134 -124
package/dist/index.cjs.map +1 -1
package/dist/index.d.ts +3 -1
package/dist/index.js +71 -62
package/dist/index.js.map +1 -1
package/dist/inspector/index.cjs +1 -1
package/dist/inspector/index.js +1 -1
package/dist/{inspector-Cdo5BK2D.js → inspector-D5DckQuU.js} +236 -98
package/dist/inspector-D5DckQuU.js.map +1 -0
package/dist/{inspector-8nPV2A-z.cjs → inspector-jY9O18z9.cjs} +237 -99
package/dist/inspector-jY9O18z9.cjs.map +1 -0
package/dist/mcp/index.cjs +237 -140
package/dist/mcp/index.cjs.map +1 -1
package/dist/mcp/index.d.ts +1 -1
package/dist/mcp/index.js +230 -134
package/dist/mcp/index.js.map +1 -1
package/dist/mcp/production-server.d.ts +31 -0
package/dist/{protocol-C7kTcBr_.cjs → protocol-C8pFDmcy.cjs} +8194 -8187
package/dist/protocol-C8pFDmcy.cjs.map +1 -0
package/dist/{protocol-BfAACnv0.js → protocol-CRqiPTLT.js} +8186 -8185
package/dist/protocol-CRqiPTLT.js.map +1 -0
package/dist/{use-app-CfP9VypY.js → use-app-Bfargfa3.js} +194 -94
package/dist/use-app-Bfargfa3.js.map +1 -0
package/dist/{use-app-CzcYw1Kz.cjs → use-app-CbsBEmwv.cjs} +254 -148
package/dist/use-app-CbsBEmwv.cjs.map +1 -0
package/package.json +27 -3
package/template/README.md +17 -7
package/template/_gitignore +2 -0
package/template/dist/albums/albums.html +15 -15
package/template/dist/albums/albums.json +1 -1
package/template/dist/carousel/carousel.html +19 -19
package/template/dist/carousel/carousel.json +1 -1
package/template/dist/map/map.html +14 -14
package/template/dist/map/map.json +1 -1
package/template/dist/review/review.html +11 -11
package/template/dist/review/review.json +1 -1
package/template/node_modules/.bin/vitest +2 -2
package/template/node_modules/.vite/deps/_metadata.json +3 -3
package/template/node_modules/.vite-mcp/deps/@modelcontextprotocol_ext-apps.js +192 -91
package/template/node_modules/.vite-mcp/deps/@modelcontextprotocol_ext-apps.js.map +1 -1
package/template/node_modules/.vite-mcp/deps/@modelcontextprotocol_ext-apps_app-bridge.js +231 -92
package/template/node_modules/.vite-mcp/deps/@modelcontextprotocol_ext-apps_app-bridge.js.map +1 -1
package/template/node_modules/.vite-mcp/deps/@modelcontextprotocol_ext-apps_react.js +208 -105
package/template/node_modules/.vite-mcp/deps/@modelcontextprotocol_ext-apps_react.js.map +1 -1
package/template/node_modules/.vite-mcp/deps/_metadata.json +25 -25
package/template/node_modules/.vite-mcp/deps/{protocol-B_qKkui_.js → protocol-BqGB4zBx.js} +45 -45
package/template/node_modules/.vite-mcp/deps/protocol-BqGB4zBx.js.map +1 -0
package/template/node_modules/.vite-mcp/deps/vitest.js +7 -7
package/template/node_modules/.vite-mcp/deps/vitest.js.map +1 -1
package/template/tests/e2e/visual.spec.ts-snapshots/albums-dark-chatgpt-darwin.png +0 -0
package/template/tests/e2e/visual.spec.ts-snapshots/albums-dark-claude-darwin.png +0 -0
package/template/tests/e2e/visual.spec.ts-snapshots/albums-fullscreen-chatgpt-darwin.png +0 -0
package/template/tests/e2e/visual.spec.ts-snapshots/albums-fullscreen-claude-darwin.png +0 -0
package/template/tests/e2e/visual.spec.ts-snapshots/albums-light-chatgpt-darwin.png +0 -0
package/template/tests/e2e/visual.spec.ts-snapshots/albums-light-claude-darwin.png +0 -0
package/template/tests/e2e/visual.spec.ts-snapshots/albums-page-light-chatgpt-darwin.png +0 -0
package/template/tests/e2e/visual.spec.ts-snapshots/albums-page-light-claude-darwin.png +0 -0
package/template/tests/evals/.env.example +5 -0
package/template/tests/evals/albums.eval.ts +28 -0
package/template/tests/evals/carousel.eval.ts +26 -0
package/template/tests/evals/eval.config.ts +26 -0
package/template/tests/evals/map.eval.ts +23 -0
package/template/tests/evals/review.eval.ts +48 -0
package/dist/inspector-8nPV2A-z.cjs.map +0 -1
package/dist/inspector-Cdo5BK2D.js.map +0 -1
package/dist/protocol-BfAACnv0.js.map +0 -1
package/dist/protocol-C7kTcBr_.cjs.map +0 -1
package/dist/use-app-CfP9VypY.js.map +0 -1
package/dist/use-app-CzcYw1Kz.cjs.map +0 -1
package/template/node_modules/.vite-mcp/deps/protocol-B_qKkui_.js.map +0 -1

package/dist/mcp/index.cjs CHANGED Viewed

@@ -1,6 +1,6 @@
 Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
 const require_chunk = require("../chunk-9hOWP6kD.cjs");
-const require_protocol = require("../protocol-C7kTcBr_.cjs");
+const require_protocol = require("../protocol-C8pFDmcy.cjs");
 let node_http = require("node:http");
 let node_url = require("node:url");
 let node_fs = require("node:fs");
@@ -8684,12 +8684,12 @@ var StreamableHTTPServerTransport = class {
 	}
 };
 //#endregion
-//#region ../../node_modules/.pnpm/@modelcontextprotocol+ext-apps@1.3.2_@modelcontextprotocol+sdk@1.29.0_zod@4.3.6__react-_38e5f6c50a4ca9cf3f1dffc73a60c951/node_modules/@modelcontextprotocol/ext-apps/dist/src/server/index.js
-var M = require_protocol.union([require_protocol.literal("light"), require_protocol.literal("dark")]).describe("Color theme preference for the host environment."), G = require_protocol.union([
+//#region ../../node_modules/.pnpm/@modelcontextprotocol+ext-apps@1.5.0_@modelcontextprotocol+sdk@1.29.0_zod@4.3.6__react-_f4871531d9cf52c692eb6edc1ee416ef/node_modules/@modelcontextprotocol/ext-apps/dist/src/server/index.js
+var S = require_protocol.union([require_protocol.literal("light"), require_protocol.literal("dark")]).describe("Color theme preference for the host environment."), W = require_protocol.union([
 	require_protocol.literal("inline"),
 	require_protocol.literal("fullscreen"),
 	require_protocol.literal("pip")
-]).describe("Display mode for UI presentation."), p = require_protocol.union([
+]).describe("Display mode for UI presentation."), i = require_protocol.union([
 	require_protocol.literal("--color-background-primary"),
 	require_protocol.literal("--color-background-secondary"),
 	require_protocol.literal("--color-background-tertiary"),
@@ -8766,7 +8766,7 @@ var M = require_protocol.union([require_protocol.literal("light"), require_proto
 	require_protocol.literal("--shadow-sm"),
 	require_protocol.literal("--shadow-md"),
 	require_protocol.literal("--shadow-lg")
-]).describe("CSS variable keys available to MCP apps for theming."), r = require_protocol.record(p.describe(`Style variables for theming MCP apps.
+]).describe("CSS variable keys available to MCP apps for theming."), n = require_protocol.record(i.describe(`Style variables for theming MCP apps.
 Individual style keys are optional - hosts may provide any subset of these values.
 Values are strings containing CSS values (colors, sizes, font stacks, etc.).
@@ -8796,7 +8796,7 @@ require_protocol.object({
 	method: require_protocol.literal("ui/notifications/sandbox-proxy-ready"),
 	params: require_protocol.object({})
 });
-var B = require_protocol.object({
+var K = require_protocol.object({
 	connectDomains: require_protocol.array(require_protocol.string()).optional().describe(`Origins for network requests (fetch/XHR/WebSocket).
 - Maps to CSP \`connect-src\` directive
@@ -8804,7 +8804,7 @@ var B = require_protocol.object({
 	resourceDomains: require_protocol.array(require_protocol.string()).optional().describe("Origins for static resources (images, scripts, stylesheets, fonts, media).\n\n- Maps to CSP `img-src`, `script-src`, `style-src`, `font-src`, `media-src` directives\n- Wildcard subdomains supported: `https://*.example.com`\n- Empty or omitted → no network resources (secure default)"),
 	frameDomains: require_protocol.array(require_protocol.string()).optional().describe("Origins for nested iframes.\n\n- Maps to CSP `frame-src` directive\n- Empty or omitted → no nested iframes allowed (`frame-src 'none'`)"),
 	baseUriDomains: require_protocol.array(require_protocol.string()).optional().describe("Allowed base URIs for the document.\n\n- Maps to CSP `base-uri` directive\n- Empty or omitted → only same origin allowed (`base-uri 'self'`)")
-}), K = require_protocol.object({
+}), N = require_protocol.object({
 	camera: require_protocol.object({}).optional().describe("Request camera access.\n\nMaps to Permission Policy `camera` feature."),
 	microphone: require_protocol.object({}).optional().describe("Request microphone access.\n\nMaps to Permission Policy `microphone` feature."),
 	geolocation: require_protocol.object({}).optional().describe("Request geolocation access.\n\nMaps to Permission Policy `geolocation` feature."),
@@ -8829,8 +8829,8 @@ require_protocol.object({
 	method: require_protocol.literal("ui/notifications/tool-cancelled"),
 	params: require_protocol.object({ reason: require_protocol.string().optional().describe("Optional reason for the cancellation (e.g., \"user action\", \"timeout\").") })
 });
-var b = require_protocol.object({ fonts: require_protocol.string().optional() }), g = require_protocol.object({
-	variables: r.optional().describe("CSS variables for theming the app."),
+var b = require_protocol.object({ fonts: require_protocol.string().optional() }), C = require_protocol.object({
+	variables: n.optional().describe("CSS variables for theming the app."),
 	css: b.optional().describe("CSS blocks that apps can inject.")
 });
 require_protocol.object({
@@ -8838,7 +8838,7 @@ require_protocol.object({
 	params: require_protocol.object({})
 });
 require_protocol.record(require_protocol.string(), require_protocol.unknown());
-var z$1 = require_protocol.object({
+var q = require_protocol.object({
 	text: require_protocol.object({}).optional().describe("Host supports text content blocks."),
 	image: require_protocol.object({}).optional().describe("Host supports image content blocks."),
 	audio: require_protocol.object({}).optional().describe("Host supports audio content blocks."),
@@ -8850,7 +8850,7 @@ require_protocol.object({
 	method: require_protocol.literal("ui/notifications/request-teardown"),
 	params: require_protocol.object({}).optional()
 });
-var S = require_protocol.object({
+var y = require_protocol.object({
 	experimental: require_protocol.object({}).optional().describe("Experimental features (structure TBD)."),
 	openLinks: require_protocol.object({}).optional().describe("Host supports opening external URLs."),
 	downloadFile: require_protocol.object({}).optional().describe("Host supports file downloads via ui/download-file."),
@@ -8858,23 +8858,23 @@ var S = require_protocol.object({
 	serverResources: require_protocol.object({ listChanged: require_protocol.boolean().optional().describe("Host supports resources/list_changed notifications.") }).optional().describe("Host can proxy resource reads to the MCP server."),
 	logging: require_protocol.object({}).optional().describe("Host accepts log messages."),
 	sandbox: require_protocol.object({
-		permissions: K.optional().describe("Permissions granted by the host (camera, microphone, geolocation)."),
-		csp: B.optional().describe("CSP domains approved by the host.")
+		permissions: N.optional().describe("Permissions granted by the host (camera, microphone, geolocation)."),
+		csp: K.optional().describe("CSP domains approved by the host.")
 	}).optional().describe("Sandbox configuration applied by the host."),
-	updateModelContext: z$1.optional().describe("Host accepts context updates (ui/update-model-context) to be included in the model's context for future turns."),
-	message: z$1.optional().describe("Host supports receiving content messages (ui/message) from the view.")
-}), y = require_protocol.object({
+	updateModelContext: q.optional().describe("Host accepts context updates (ui/update-model-context) to be included in the model's context for future turns."),
+	message: q.optional().describe("Host supports receiving content messages (ui/message) from the view.")
+}), v = require_protocol.object({
 	experimental: require_protocol.object({}).optional().describe("Experimental features (structure TBD)."),
 	tools: require_protocol.object({ listChanged: require_protocol.boolean().optional().describe("App supports tools/list_changed notifications.") }).optional().describe("App exposes MCP-style tools that the host can call."),
-	availableDisplayModes: require_protocol.array(G).optional().describe("Display modes the app supports.")
+	availableDisplayModes: require_protocol.array(W).optional().describe("Display modes the app supports.")
 });
 require_protocol.object({
 	method: require_protocol.literal("ui/notifications/initialized"),
 	params: require_protocol.object({}).optional()
 });
 require_protocol.object({
-	csp: B.optional().describe("Content Security Policy configuration for UI resources."),
-	permissions: K.optional().describe("Sandbox permissions requested by the UI resource."),
+	csp: K.optional().describe("Content Security Policy configuration for UI resources."),
+	permissions: N.optional().describe("Sandbox permissions requested by the UI resource."),
 	domain: require_protocol.string().optional().describe(`Dedicated origin for view sandbox.
 Useful when views need stable, dedicated origins for OAuth callbacks, CORS policies, or API key allowlists.
@@ -8894,13 +8894,13 @@ Boolean requesting whether a visible border and background is provided by the ho
 });
 require_protocol.object({
 	method: require_protocol.literal("ui/request-display-mode"),
-	params: require_protocol.object({ mode: G.describe("The display mode being requested.") })
+	params: require_protocol.object({ mode: W.describe("The display mode being requested.") })
 });
-require_protocol.object({ mode: G.describe("The display mode that was actually set. May differ from requested if not supported.") }).passthrough();
-var C = require_protocol.union([require_protocol.literal("model"), require_protocol.literal("app")]).describe("Tool visibility scope - who can access the tool.");
+require_protocol.object({ mode: W.describe("The display mode that was actually set. May differ from requested if not supported.") }).passthrough();
+var f = require_protocol.union([require_protocol.literal("model"), require_protocol.literal("app")]).describe("Tool visibility scope - who can access the tool.");
 require_protocol.object({
 	resourceUri: require_protocol.string().optional(),
-	visibility: require_protocol.array(C).optional().describe(`Who can access this tool. Default: ["model", "app"]
+	visibility: require_protocol.array(f).optional().describe(`Who can access this tool. Default: ["model", "app"]
 - "model": Tool visible to and callable by the agent
 - "app": Tool callable by the app from this server only`)
 });
@@ -8921,8 +8921,8 @@ require_protocol.object({
 	params: require_protocol.object({
 		html: require_protocol.string().describe("HTML content to load into the inner iframe."),
 		sandbox: require_protocol.string().optional().describe("Optional override for the inner iframe's sandbox attribute."),
-		csp: B.optional().describe("CSP configuration from resource metadata."),
-		permissions: K.optional().describe("Sandbox permissions from resource metadata.")
+		csp: K.optional().describe("CSP configuration from resource metadata."),
+		permissions: N.optional().describe("Sandbox permissions from resource metadata.")
 	})
 });
 require_protocol.object({
@@ -8934,10 +8934,10 @@ var E = require_protocol.object({
 		id: require_protocol.RequestIdSchema.optional().describe("JSON-RPC id of the tools/call request."),
 		tool: require_protocol.ToolSchema.describe("Tool definition including name, inputSchema, etc.")
 	}).optional().describe("Metadata of the tool call that instantiated this App."),
-	theme: M.optional().describe("Current color theme preference."),
-	styles: g.optional().describe("Style configuration for theming the app."),
-	displayMode: G.optional().describe("How the UI is currently displayed."),
-	availableDisplayModes: require_protocol.array(G).optional().describe("Display modes the host supports."),
+	theme: S.optional().describe("Current color theme preference."),
+	styles: C.optional().describe("Style configuration for theming the app."),
+	displayMode: W.optional().describe("How the UI is currently displayed."),
+	availableDisplayModes: require_protocol.array(W).optional().describe("Display modes the host supports."),
 	containerDimensions: require_protocol.union([require_protocol.object({ height: require_protocol.number().describe("Fixed container height in pixels.") }), require_protocol.object({ maxHeight: require_protocol.union([require_protocol.number(), require_protocol._undefined()]).optional().describe("Maximum container height in pixels.") })]).and(require_protocol.union([require_protocol.object({ width: require_protocol.number().describe("Fixed container width in pixels.") }), require_protocol.object({ maxWidth: require_protocol.union([require_protocol.number(), require_protocol._undefined()]).optional().describe("Maximum container width in pixels.") })])).optional().describe(`Container dimensions. Represents the dimensions of the iframe or other
 container holding the app. Specify either width or maxWidth, and either height or maxHeight.`),
 	locale: require_protocol.string().optional().describe("User's language and region preference in BCP 47 format."),
@@ -8974,45 +8974,45 @@ require_protocol.object({
 	method: require_protocol.literal("ui/initialize"),
 	params: require_protocol.object({
 		appInfo: require_protocol.ImplementationSchema.describe("App identification (name and version)."),
-		appCapabilities: y.describe("Features and capabilities this app provides."),
+		appCapabilities: v.describe("Features and capabilities this app provides."),
 		protocolVersion: require_protocol.string().describe("Protocol version this app supports.")
 	})
 });
 require_protocol.object({
 	protocolVersion: require_protocol.string().describe("Negotiated protocol version string (e.g., \"2025-11-21\")."),
 	hostInfo: require_protocol.ImplementationSchema.describe("Host application identification and version."),
-	hostCapabilities: S.describe("Features and capabilities provided by the host."),
+	hostCapabilities: y.describe("Features and capabilities provided by the host."),
 	hostContext: E.describe("Rich context about the host environment.")
 }).passthrough();
-var U = "ui/resourceUri", f = "text/html;profile=mcp-app";
-function fZ(Z, $, J, X) {
-	let V = J._meta, W = V.ui, L = V[U], D = V;
-	if (W?.resourceUri && !L) D = {
+var M = "ui/resourceUri", u = "text/html;profile=mcp-app";
+function hZ(Z, $, J, X) {
+	let V = J._meta, D = V.ui, G = V[M], L = V;
+	if (D?.resourceUri && !G) L = {
 		...V,
-		[U]: W.resourceUri
+		[M]: D.resourceUri
 	};
-	else if (L && !W?.resourceUri) D = {
+	else if (G && !D?.resourceUri) L = {
 		...V,
 		ui: {
-			...W,
-			resourceUri: L
+			...D,
+			resourceUri: G
 		}
 	};
 	return Z.registerTool($, {
 		...J,
-		_meta: D
+		_meta: L
 	}, X);
 }
-function uZ(Z, $, J, X, V) {
+function mZ(Z, $, J, X, V) {
 	return Z.registerResource($, J, {
-		mimeType: f,
+		mimeType: u,
 		...X
 	}, V);
 }
-var zQ = "io.modelcontextprotocol/ui";
-function dZ(Z) {
+var qQ = "io.modelcontextprotocol/ui";
+function pZ(Z) {
 	if (!Z) return;
-	return Z.extensions?.[zQ];
+	return Z.extensions?.[qQ];
 }
 //#endregion
 //#region src/mcp/resolve-domain.ts
@@ -9327,7 +9327,7 @@ function createAppServer(config, simulations, viteMode) {
 				registeredUriSet.add(uri);
 				const listMeta = viteMode ? injectViteCSP(resourceMeta) : resourceMeta;
 				const handle = mcpServer.registerResource(resourceName, uri, {
-					mimeType: f,
+					mimeType: u,
 					description: resource.description,
 					_meta: listMeta
 				}, async (readUri, extra) => {
@@ -9346,7 +9346,7 @@ function createAppServer(config, simulations, viteMode) {
 					console.log(`[MCP] ReadResource: ${readUri.href} → ${sizeKB}KB${servedVite ? " (vite)" : " (built)"}`);
 					return { contents: [{
 						uri: readUri.href,
-						mimeType: f,
+						mimeType: u,
 						text: content,
 						_meta: readMeta
 					}] };
@@ -9360,7 +9360,7 @@ function createAppServer(config, simulations, viteMode) {
 					...toolMeta.ui?.visibility ? { visibility: toolMeta.ui.visibility } : {}
 				}
 			};
-			const toolHandle = fZ(mcpServer, tool.name, {
+			const toolHandle = hZ(mcpServer, tool.name, {
 				description: tool.description,
 				inputSchema: zod.z.object({}).passthrough(),
 				...simulation.outputSchema ? { outputSchema: simulation.outputSchema } : {},
@@ -9519,6 +9519,11 @@ async function handleMcpRequest(req, res, config, simulations, viteMode) {
 				const extra = parsed.method === "resources/read" ? ` uri=${JSON.stringify(parsed.params?.uri)}` : "";
 				console.log(`[MCP] ← ${parsed.method}${extra}${sidStr}`);
 			}
+			if (process.env.SUNPEAK_LOG_HEADERS) {
+				const headerEntries = {};
+				for (const [key, value] of Object.entries(req.headers)) if (value != null) headerEntries[key] = Array.isArray(value) ? value.join(", ") : value;
+				console.log(`[MCP] Headers: ${JSON.stringify(headerEntries, null, 2)}`);
+			}
 		} catch {
 			res.writeHead(400).end("Invalid JSON");
 			return;
@@ -9563,6 +9568,7 @@ async function handleMcpRequest(req, res, config, simulations, viteMode) {
 				return;
 			}
 			if (error.message?.includes("Server not initialized")) return;
+			if (error.message?.includes("Only one SSE stream")) return;
 			const id = transport.sessionId;
 			console.error(`[MCP] Transport error${id ? ` (${id.substring(0, 8)}...)` : ""}:`, error);
 		};
@@ -9647,7 +9653,7 @@ function runMCPServer(config) {
 		viteServer.ws.handleUpgrade(request, socket, head);
 	});
 	httpServer.on("clientError", (err, socket) => {
-		if (err.code === "ECONNRESET") {} else if (err.code === "HPE_INVALID_METHOD" && "rawPacket" in err && Buffer.isBuffer(err.rawPacket) && err.rawPacket[0] === 22) console.error("Received HTTPS request on HTTP server. If you're using ngrok, make sure the upstream is http:// (not https://). Example: ngrok http 8000");
+		if (err.code === "ECONNRESET") {} else if (err.code === "HPE_INVALID_METHOD" && "rawPacket" in err && Buffer.isBuffer(err.rawPacket) && err.rawPacket[0] >= 20 && err.rawPacket[0] <= 24) console.error("Received HTTPS request on HTTP server. If you're using ngrok, make sure the upstream is http:// (not https://). Example: ngrok http 8000\nIf this only happens in Safari, use Chrome for `sunpeak dev` instead. Safari is not compatible with the dev server. Production deploys (`sunpeak start`) work in all browsers.");
 		else console.error("HTTP client error", err);
 		socket.end("HTTP/1.1 400 Bad Request\r\n\r\n");
 	});
@@ -9741,6 +9747,20 @@ function log(level, msg, extra) {
 		else console.log(extra ? `${prefix} ${msg} ${JSON.stringify(extra)}` : `${prefix} ${msg}`);
 	}
 }
+/** Build an InternalServerConfig from any handler config + detected client name. */
+function toInternalConfig(config, clientName) {
+	return {
+		name: config.name,
+		version: config.version,
+		serverInfo: config.serverInfo,
+		tools: config.tools,
+		resources: config.resources,
+		serverUrl: config.serverUrl,
+		enableJsonResponse: config.enableJsonResponse,
+		stateless: config.stateless,
+		_clientName: clientName
+	};
+}
 /**
 * Create an MCP server with production tool handlers and pre-built resources.
 *
@@ -9749,6 +9769,7 @@ function log(level, msg, extra) {
 */
 function createProductionMcpServer(config) {
 	const { name = "sunpeak-app", version = "0.1.0", serverInfo, tools, resources, serverUrl } = config;
+	const clientName = config._clientName;
 	const mcpServer = new McpServer({
 		name: serverInfo?.name ?? name,
 		version: serverInfo?.version ?? version,
@@ -9764,23 +9785,9 @@ function createProductionMcpServer(config) {
 		resources: {},
 		tools: {}
 	} });
-	let clientName;
-	mcpServer.server.oninitialized = () => {
-		clientName = mcpServer.server.getClientVersion()?.name;
-		for (const handle of resourceHandles) {
-			const currentMeta = handle.metadata?._meta;
-			const resolved = injectResolvedDomain(currentMeta, clientName) ?? currentMeta;
-			const withDefault = serverUrl ? injectDefaultDomain(resolved, clientName, serverUrl) : resolved;
-			if (withDefault !== resolved) handle.update({ metadata: {
-				...handle.metadata,
-				_meta: withDefault
-			} });
-		}
-	};
 	const resourceByName = /* @__PURE__ */ new Map();
 	for (const res of resources) resourceByName.set(res.name, res);
 	const registeredResources = /* @__PURE__ */ new Set();
-	const resourceHandles = [];
 	let toolCount = 0;
 	for (const tool of tools) {
 		const makeCallback = () => {
@@ -9808,20 +9815,17 @@ function createProductionMcpServer(config) {
 		if (res) {
 			if (!registeredResources.has(res.uri)) {
 				registeredResources.add(res.uri);
-				const handle = uZ(mcpServer, res.name, res.uri, {
+				const resolvedMeta = injectResolvedDomain(res._meta, clientName) ?? res._meta;
+				const finalMeta = serverUrl ? injectDefaultDomain(resolvedMeta, clientName, serverUrl) : resolvedMeta;
+				mZ(mcpServer, res.name, res.uri, {
 					description: res.description,
-					_meta: res._meta
-				}, async () => {
-					const resolved = injectResolvedDomain(res._meta, clientName) ?? res._meta;
-					const readMeta = serverUrl ? injectDefaultDomain(resolved, clientName, serverUrl) : resolved;
-					return { contents: [{
-						uri: res.uri,
-						mimeType: f,
-						text: res.html,
-						_meta: readMeta
-					}] };
-				});
-				resourceHandles.push(handle);
+					_meta: finalMeta
+				}, async () => ({ contents: [{
+					uri: res.uri,
+					mimeType: u,
+					text: res.html,
+					_meta: finalMeta
+				}] }));
 			}
 			const toolConfig = {
 				title: tool.tool.title,
@@ -9837,7 +9841,7 @@ function createProductionMcpServer(config) {
 					}
 				}
 			};
-			fZ(mcpServer, tool.name, toolConfig, makeCallback());
+			hZ(mcpServer, tool.name, toolConfig, makeCallback());
 		} else {
 			const cb = makeCallback();
 			const toolConfig = {
@@ -9864,6 +9868,20 @@ var SESSION_IDLE_TIMEOUT_MS = 300 * 1e3;
 function isJsonRpcMessage(value) {
 	return typeof value === "object" && value !== null && typeof value.method === "string";
 }
+function detectClientFromHeaders(headers) {
+	const get = (name) => {
+		if (headers instanceof Headers) return headers.get(name) ?? void 0;
+		const raw = headers[name];
+		return typeof raw === "string" ? raw : Array.isArray(raw) ? raw[0] : void 0;
+	};
+	const ua = get("user-agent");
+	if (ua) {
+		if (/claude/i.test(ua)) return "claude";
+		if (/openai/i.test(ua)) return "openai-mcp";
+	}
+	if (get("x-anthropic-client")) return "claude";
+	if (get("x-openai-session")) return "openai-mcp";
+}
 var CORS_HEADERS = {
 	"Access-Control-Allow-Origin": "*",
 	"Access-Control-Allow-Methods": "GET, POST, DELETE, OPTIONS",
@@ -9934,25 +9952,14 @@ async function pipeWebResponseToNode(webResponse, res) {
 * ```
 */
 function createMcpHandler(config) {
-	const sessions = /* @__PURE__ */ new Map();
 	const authFn = config.auth;
-	setInterval(() => {
-		const now = Date.now();
-		for (const [id, session] of sessions) if (now - session.lastActivity > SESSION_IDLE_TIMEOUT_MS) {
-			log("info", `Session expired: ${id.substring(0, 8)}...`, {
-				sessionId: id,
-				active: sessions.size - 1
-			});
-			session.server.close();
-		}
-	}, 6e4).unref();
-	return async (req, res) => {
-		if (!req.url) return;
-		if (new node_url.URL(req.url, `http://${req.headers.host ?? "localhost"}`).pathname !== MCP_PATH) return;
+	async function preamble(req, res) {
+		if (!req.url) return null;
+		if (new node_url.URL(req.url, `http://${req.headers.host ?? "localhost"}`).pathname !== MCP_PATH) return null;
 		if (req.method === "OPTIONS") {
 			res.writeHead(204, CORS_HEADERS);
 			res.end();
-			return;
+			return null;
 		}
 		let authInfo;
 		if (authFn) {
@@ -9963,7 +9970,7 @@ function createMcpHandler(config) {
 					"WWW-Authenticate": "Bearer"
 				});
 				res.end("Unauthorized");
-				return;
+				return null;
 			}
 			authInfo = result;
 		}
@@ -9986,12 +9993,58 @@ function createMcpHandler(config) {
 					const extra = parsedBody.method === "resources/read" ? ` uri=${JSON.stringify(parsedBody.params?.uri)}` : "";
 					log("info", `← ${parsedBody.method}${extra}${sidStr}`);
 				}
+				if (process.env.SUNPEAK_LOG_HEADERS) {
+					const headerEntries = {};
+					for (const [key, value] of Object.entries(req.headers)) if (value != null) headerEntries[key] = Array.isArray(value) ? value.join(", ") : value;
+					log("info", `Headers: ${JSON.stringify(headerEntries, null, 2)}`);
+				}
 			} catch {
 				res.writeHead(400).end("Invalid JSON");
-				return;
+				return null;
 			}
 		}
-		const webRequest = nodeReqToWebRequest(req);
+		return {
+			authInfo,
+			parsedBody,
+			webRequest: nodeReqToWebRequest(req)
+		};
+	}
+	if (config.stateless) return async (req, res) => {
+		const ctx = await preamble(req, res);
+		if (!ctx) return;
+		if (req.method !== "POST") {
+			res.writeHead(405, CORS_HEADERS);
+			res.end("Method Not Allowed: stateless mode only supports POST");
+			return;
+		}
+		const server = createProductionMcpServer(toInternalConfig(config, detectClientFromHeaders(req.headers)));
+		const transport = new WebStandardStreamableHTTPServerTransport({
+			sessionIdGenerator: void 0,
+			enableJsonResponse: config.enableJsonResponse ?? true
+		});
+		transport.onerror = (error) => {
+			log("error", "Transport error (stateless)", { error: String(error) });
+		};
+		await server.connect(transport);
+		await pipeWebResponseToNode(addCorsHeaders(await transport.handleRequest(ctx.webRequest, {
+			parsedBody: ctx.parsedBody,
+			authInfo: ctx.authInfo
+		})), res);
+	};
+	const sessions = /* @__PURE__ */ new Map();
+	setInterval(() => {
+		const now = Date.now();
+		for (const [id, session] of sessions) if (now - session.lastActivity > SESSION_IDLE_TIMEOUT_MS) {
+			log("info", `Session expired: ${id.substring(0, 8)}...`, {
+				sessionId: id,
+				active: sessions.size - 1
+			});
+			session.server.close();
+		}
+	}, 6e4).unref();
+	return async (req, res) => {
+		const ctx = await preamble(req, res);
+		if (!ctx) return;
 		const sessionId = req.headers["mcp-session-id"];
 		if (sessionId) {
 			const session = sessions.get(sessionId);
@@ -10000,14 +10053,14 @@ function createMcpHandler(config) {
 				return;
 			}
 			session.lastActivity = Date.now();
-			await pipeWebResponseToNode(addCorsHeaders(await session.transport.handleRequest(webRequest, {
-				parsedBody,
-				authInfo
+			await pipeWebResponseToNode(addCorsHeaders(await session.transport.handleRequest(ctx.webRequest, {
+				parsedBody: ctx.parsedBody,
+				authInfo: ctx.authInfo
 			})), res);
 			return;
 		}
 		if (req.method === "POST") {
-			const server = createProductionMcpServer(config);
+			const server = createProductionMcpServer(toInternalConfig(config, detectClientFromHeaders(req.headers)));
 			const transport = new WebStandardStreamableHTTPServerTransport({
 				sessionIdGenerator: () => (0, node_crypto.randomUUID)(),
 				enableJsonResponse: config.enableJsonResponse ?? true,
@@ -10048,9 +10101,9 @@ function createMcpHandler(config) {
 				}
 			};
 			await server.connect(transport);
-			await pipeWebResponseToNode(addCorsHeaders(await transport.handleRequest(webRequest, {
-				parsedBody,
-				authInfo
+			await pipeWebResponseToNode(addCorsHeaders(await transport.handleRequest(ctx.webRequest, {
+				parsedBody: ctx.parsedBody,
+				authInfo: ctx.authInfo
 			})), res);
 			return;
 		}
@@ -10088,19 +10141,8 @@ function createMcpHandler(config) {
 * ```
 */
 function createHandler(config) {
-	const sessions = /* @__PURE__ */ new Map();
 	const authFn = config.auth;
-	setInterval(() => {
-		const now = Date.now();
-		for (const [id, session] of sessions) if (now - session.lastActivity > SESSION_IDLE_TIMEOUT_MS) {
-			log("info", `Session expired: ${id.substring(0, 8)}...`, {
-				sessionId: id,
-				active: sessions.size - 1
-			});
-			session.server.close();
-		}
-	}, 6e4).unref();
-	return async (req) => {
+	async function webPreamble(req) {
 		if (req.method === "OPTIONS") return new Response(null, {
 			status: 204,
 			headers: CORS_HEADERS
@@ -10118,31 +10160,75 @@ function createHandler(config) {
 			authInfo = result;
 		}
 		let parsedBody;
-		if (req.method === "POST") try {
-			parsedBody = await req.json();
-		} catch {
-			return new Response("Invalid JSON", { status: 400 });
+		if (req.method === "POST") {
+			try {
+				parsedBody = await req.json();
+			} catch {
+				return new Response("Invalid JSON", { status: 400 });
+			}
+			if (isJsonRpcMessage(parsedBody)) {
+				const sid = req.headers.get("mcp-session-id");
+				const sidStr = sid ? ` (${sid.substring(0, 8)}...)` : "";
+				const extra = parsedBody.method === "resources/read" ? ` uri=${JSON.stringify(parsedBody.params?.uri)}` : "";
+				log("info", `← ${parsedBody.method}${extra}${sidStr}`);
+			}
+			if (typeof globalThis.process !== "undefined" && globalThis.process.env?.SUNPEAK_LOG_HEADERS) {
+				const headerEntries = {};
+				req.headers.forEach((value, key) => {
+					headerEntries[key] = value;
+				});
+				log("info", `Headers: ${JSON.stringify(headerEntries, null, 2)}`);
+			}
+		}
+		return {
+			authInfo,
+			parsedBody
+		};
+	}
+	if (config.stateless) return async (req) => {
+		const ctx = await webPreamble(req);
+		if (ctx instanceof Response) return ctx;
+		if (req.method !== "POST") return addCorsHeaders(new Response("Method Not Allowed: stateless mode only supports POST", { status: 405 }));
+		const server = createProductionMcpServer(toInternalConfig(config, detectClientFromHeaders(req.headers)));
+		const transport = new WebStandardStreamableHTTPServerTransport({
+			sessionIdGenerator: void 0,
+			enableJsonResponse: config.enableJsonResponse ?? true
+		});
+		transport.onerror = (error) => {
+			log("error", "Transport error (stateless)", { error: String(error) });
+		};
+		await server.connect(transport);
+		return addCorsHeaders(await transport.handleRequest(req, {
+			parsedBody: ctx.parsedBody,
+			authInfo: ctx.authInfo
+		}));
+	};
+	const sessions = /* @__PURE__ */ new Map();
+	setInterval(() => {
+		const now = Date.now();
+		for (const [id, session] of sessions) if (now - session.lastActivity > SESSION_IDLE_TIMEOUT_MS) {
+			log("info", `Session expired: ${id.substring(0, 8)}...`, {
+				sessionId: id,
+				active: sessions.size - 1
+			});
+			session.server.close();
 		}
+	}, 6e4).unref();
+	return async (req) => {
+		const ctx = await webPreamble(req);
+		if (ctx instanceof Response) return ctx;
 		const sessionId = req.headers.get("mcp-session-id");
 		if (sessionId) {
 			const session = sessions.get(sessionId);
 			if (!session) return new Response("Unknown session", { status: 404 });
 			session.lastActivity = Date.now();
 			return addCorsHeaders(await session.transport.handleRequest(req, {
-				parsedBody,
-				authInfo
+				parsedBody: ctx.parsedBody,
+				authInfo: ctx.authInfo
 			}));
 		}
 		if (req.method === "POST") {
-			const { name, version, serverInfo, tools, resources, serverUrl } = config;
-			const server = createProductionMcpServer({
-				name,
-				version,
-				serverInfo,
-				tools,
-				resources,
-				serverUrl
-			});
+			const server = createProductionMcpServer(toInternalConfig(config, detectClientFromHeaders(req.headers)));
 			const transport = new WebStandardStreamableHTTPServerTransport({
 				sessionIdGenerator: () => (0, node_crypto.randomUUID)(),
 				enableJsonResponse: config.enableJsonResponse ?? true,
@@ -10166,16 +10252,26 @@ function createHandler(config) {
 				}
 			});
 			transport.onerror = (error) => {
-				log("error", "Transport error", { error: String(error) });
+				const id = transport.sessionId;
+				log("error", `Transport error${id ? ` (${id.substring(0, 8)}...)` : ""}`, {
+					sessionId: id,
+					error: String(error)
+				});
 			};
 			transport.onclose = () => {
 				const id = transport.sessionId;
-				if (id && sessions.has(id)) sessions.delete(id);
+				if (id && sessions.has(id)) {
+					sessions.delete(id);
+					log("info", `Session closed: ${id.substring(0, 8)}...`, {
+						sessionId: id,
+						active: sessions.size
+					});
+				}
 			};
 			await server.connect(transport);
 			return addCorsHeaders(await transport.handleRequest(req, {
-				parsedBody,
-				authInfo
+				parsedBody: ctx.parsedBody,
+				authInfo: ctx.authInfo
 			}));
 		}
 		return new Response("Bad Request: session ID required", { status: 400 });
@@ -10264,7 +10360,7 @@ function startProductionHttpServer(config, portOrOptions) {
 		}
 	});
 	httpServer.on("clientError", (err, socket) => {
-		if (err.code === "HPE_INVALID_METHOD" && "rawPacket" in err && Buffer.isBuffer(err.rawPacket) && err.rawPacket[0] === 22) log("error", "Received HTTPS request on HTTP server. If you're using ngrok, make sure the upstream is http:// (not https://). Example: ngrok http 8000");
+		if (err.code === "ECONNRESET") {} else if (err.code === "HPE_INVALID_METHOD" && "rawPacket" in err && Buffer.isBuffer(err.rawPacket) && err.rawPacket[0] >= 20 && err.rawPacket[0] <= 24) log("error", "Received HTTPS request on HTTP server. If you're using ngrok, make sure the upstream is http:// (not https://). Example: ngrok http 8000");
 		else log("error", "HTTP client error", { error: err.message });
 		socket.end("HTTP/1.1 400 Bad Request\r\n\r\n");
 	});
@@ -10299,22 +10395,23 @@ function startProductionHttpServer(config, portOrOptions) {
 	process.on("SIGINT", () => void shutdown());
 }
 //#endregion
-exports.EXTENSION_ID = zQ;
+exports.EXTENSION_ID = qQ;
 exports.FAVICON_BASE64 = FAVICON_BASE64;
 exports.FAVICON_BUFFER = FAVICON_BUFFER;
 exports.FAVICON_DATA_URI = FAVICON_DATA_URI;
-exports.RESOURCE_MIME_TYPE = f;
-exports.RESOURCE_URI_META_KEY = U;
+exports.RESOURCE_MIME_TYPE = u;
+exports.RESOURCE_URI_META_KEY = M;
 exports.computeChatGPTDomain = computeChatGPTDomain;
 exports.computeClaudeDomain = computeClaudeDomain;
 exports.createHandler = createHandler;
 exports.createMcpHandler = createMcpHandler;
 exports.createProductionMcpServer = createProductionMcpServer;
-exports.getUiCapability = dZ;
+exports.detectClientFromHeaders = detectClientFromHeaders;
+exports.getUiCapability = pZ;
 exports.injectDefaultDomain = injectDefaultDomain;
 exports.injectResolvedDomain = injectResolvedDomain;
-exports.registerAppResource = uZ;
-exports.registerAppTool = fZ;
+exports.registerAppResource = mZ;
+exports.registerAppTool = hZ;
 exports.resolveDomain = resolveDomain;
 exports.runMCPServer = runMCPServer;
 exports.setJsonLogging = setJsonLogging;