sunpeak 0.20.42 → 0.20.49

package/bin/commands/inspect.mjs

@@ -44,6 +44,7 @@ function parseArgs(args) {
     name: undefined,
     env: undefined,
     cwd: undefined,
+    headers: undefined,
   };
 
   for (let i = 0; i < args.length; i++) {
@@ -66,6 +67,10 @@ function parseArgs(args) {
       }
     } else if (arg === '--cwd' && i + 1 < args.length) {
       opts.cwd = args[++i];
+    } else if ((arg === '--header' || arg === '-H') && i + 1 < args.length) {
+      opts.headers = opts.headers || {};
+      const [name, value] = parseHttpHeader(args[++i]);
+      setHttpHeader(opts.headers, name, value);
     } else if (arg === '--help' || arg === '-h') {
       printHelp();
       process.exit(0);
@@ -89,16 +94,52 @@ Options:
   --name <string>            App name in inspector chrome
   --env <KEY=VALUE>          Environment variable for stdio servers (repeatable)
   --cwd <path>               Working directory for stdio servers
+  --header, -H <Name: value> HTTP header for HTTP MCP servers (repeatable)
   --help, -h                 Show this help
 
 Examples:
   sunpeak inspect --server http://localhost:8000/mcp
+  sunpeak inspect --server http://localhost:8000/mcp -H "Authorization: Bearer $TOKEN"
   sunpeak inspect --server "python my_server.py"
   sunpeak inspect --server "python server.py" --env API_KEY=sk-123 --cwd ./backend
   sunpeak inspect --server http://localhost:8000/mcp --simulations tests/simulations
 `);
 }
 
+function setHttpHeader(headers, name, value) {
+  const lowerName = name.toLowerCase();
+  for (const existingName of Object.keys(headers)) {
+    if (existingName.toLowerCase() === lowerName) {
+      delete headers[existingName];
+    }
+  }
+  headers[name] = value;
+}
+
+function parseHttpHeader(raw) {
+  if (typeof raw !== 'string') {
+    throw new Error('Invalid --header value. Expected "Name: value".');
+  }
+  const separator = raw.indexOf(':');
+  if (separator <= 0) {
+    throw new Error('Invalid --header value. Expected "Name: value".');
+  }
+
+  const name = raw.slice(0, separator).trim();
+  const value = raw.slice(separator + 1).trim();
+  if (!/^[!#$%&'*+.^_`|~0-9A-Za-z-]+$/.test(name)) {
+    throw new Error(`Invalid HTTP header name: ${name || '(empty)'}`);
+  }
+  if (/[\u0000-\u001f\u007f]/.test(value)) {
+    throw new Error(`Invalid HTTP header value for ${name}: control characters are not allowed`);
+  }
+  return [name, value];
+}
+
+function hasAuthorizationHeader(headers) {
+  return Object.keys(headers || {}).some((name) => name.toLowerCase() === 'authorization');
+}
+
 /**
  * Create an in-memory OAuth client provider for the inspector.
  * The provider stores tokens, client info, and code verifier in memory.
@@ -308,7 +349,7 @@ async function negotiateOAuth(serverUrl) {
 
   // Try the anonymous/auto-approved path first: follow the authorization URL
   // without a browser and see if it immediately redirects with a code.
-  const code = await tryAnonymousOAuth(authUrl.toString(), callbackUrl);
+  const code = await tryAnonymousOAuth(authUrl.toString(), callbackUrl, oauthState.stateParam);
   if (code) {
     // Complete the flow with the authorization code.
     const tokenResult = await auth(provider, {
@@ -347,15 +388,17 @@ async function negotiateOAuth(serverUrl) {
  *
  * @param {string} authUrl - The authorization URL
  * @param {string} callbackUrl - The expected callback URL prefix
+ * @param {string} [expectedState] - OAuth state value that must be echoed by the callback
+ * @param {typeof fetch} [fetchFn]
  * @returns {Promise<string | null>}
  */
-async function tryAnonymousOAuth(authUrl, callbackUrl) {
+async function tryAnonymousOAuth(authUrl, callbackUrl, expectedState, fetchFn = fetch) {
   // Follow redirects manually to detect when the server redirects back
   // to our callback URL with a code parameter.
   let url = authUrl;
   const maxRedirects = 10;
   for (let i = 0; i < maxRedirects; i++) {
-    const response = await fetch(url, { redirect: 'manual' });
+    const response = await fetchFn(url, { redirect: 'manual' });
     const location = response.headers.get('location');
 
     if (!location) {
@@ -366,11 +409,21 @@ async function tryAnonymousOAuth(authUrl, callbackUrl) {
     }
 
     // Resolve relative redirects.
-    const resolved = new URL(location, url).toString();
+    const resolvedUrl = new URL(location, url);
+    if (resolvedUrl.protocol !== 'http:' && resolvedUrl.protocol !== 'https:') {
+      throw new Error(
+        `OAuth authorization redirect has unsupported scheme: ${resolvedUrl.protocol}`
+      );
+    }
+    const resolved = resolvedUrl.toString();
 
     // Check if the redirect goes to our callback URL.
     if (resolved.startsWith(callbackUrl)) {
       const params = new URL(resolved).searchParams;
+      const state = params.get('state');
+      if (expectedState && state !== expectedState) {
+        throw new Error('OAuth state mismatch — callback rejected');
+      }
       const code = params.get('code');
       if (code) return code;
       const error = params.get('error');
@@ -491,6 +544,9 @@ function isAuthError(err) {
   // StreamableHTTPError includes a status code in its message.
   // Check for the specific "401" HTTP status pattern, not substring matches.
   const msg = err.message || '';
+  if (/"statusCode"\s*:\s*401\b/.test(msg)) return true;
+  if (/\bstatus(?:Code)?\s*[:=]\s*401\b/i.test(msg)) return true;
+  if (/\bHTTP\s+401\b/i.test(msg)) return true;
   if (msg.includes('invalid_token')) return true;
 
   // Connection errors (ECONNREFUSED, ETIMEDOUT, etc.) are never auth errors.
@@ -681,11 +737,15 @@ async function assertHttpServerUrlAllowed(
 
 async function resolveHttpRedirectsForMcp(
   serverArg,
-  { enforcePublicHttpUrl = false, fetchFn = fetch, lookupFn = dnsLookup } = {}
+  { enforcePublicHttpUrl = false, fetchFn = fetch, lookupFn = dnsLookup, requestInit } = {}
 ) {
   if (!enforcePublicHttpUrl) {
     try {
-      const probeResponse = await fetchFn(serverArg, { method: 'HEAD', redirect: 'follow' });
+      const probeResponse = await fetchFn(serverArg, {
+        ...(requestInit ?? {}),
+        method: 'HEAD',
+        redirect: 'follow',
+      });
       await probeResponse.body?.cancel?.();
       return probeResponse.url && probeResponse.url !== serverArg ? probeResponse.url : serverArg;
     } catch {
@@ -698,7 +758,11 @@ async function resolveHttpRedirectsForMcp(
   for (let i = 0; i < maxRedirects; i++) {
     let probeResponse;
     try {
-      probeResponse = await fetchFn(currentUrl, { method: 'HEAD', redirect: 'manual' });
+      probeResponse = await fetchFn(currentUrl, {
+        ...(requestInit ?? {}),
+        method: 'HEAD',
+        redirect: 'manual',
+      });
     } catch {
       return currentUrl;
     }
@@ -721,7 +785,7 @@ async function resolveHttpRedirectsForMcp(
 /**
  * Create an MCP client connection.
  * @param {string} serverArg - URL or command string
- * @param {{ type?: 'none' | 'bearer' | 'oauth', bearerToken?: string, authProvider?: import('@modelcontextprotocol/sdk/client/auth.js').OAuthClientProvider, env?: Record<string, string>, cwd?: string, enforcePublicHttpUrl?: boolean }} [authConfig]
+ * @param {{ type?: 'none' | 'bearer' | 'oauth', bearerToken?: string, authProvider?: import('@modelcontextprotocol/sdk/client/auth.js').OAuthClientProvider, headers?: Record<string, string>, env?: Record<string, string>, cwd?: string, enforcePublicHttpUrl?: boolean }} [authConfig]
  * @returns {Promise<{ client: import('@modelcontextprotocol/sdk/client/index.js').Client, transport: import('@modelcontextprotocol/sdk/types.js').Transport, serverUrl?: string, stderrOutput?: string[] }>}
  */
 async function createMcpConnection(serverArg, authConfig) {
@@ -737,10 +801,18 @@ async function createMcpConnection(serverArg, authConfig) {
     const { StreamableHTTPClientTransport } =
       await import('@modelcontextprotocol/sdk/client/streamableHttp.js');
 
+    const requestHeaders = { ...(authConfig?.headers ?? {}) };
+    if (authConfig?.type === 'bearer' && authConfig.bearerToken) {
+      requestHeaders.Authorization = `Bearer ${authConfig.bearerToken}`;
+    }
+
     // Follow redirects (e.g. /mcp → /mcp/) before creating the transport.
     // The MCP SDK transport doesn't follow redirects on its own.
     const finalUrl = await resolveHttpRedirectsForMcp(serverArg, {
       enforcePublicHttpUrl: !!authConfig?.enforcePublicHttpUrl,
+      ...(Object.keys(requestHeaders).length > 0
+        ? { requestInit: { headers: requestHeaders } }
+        : {}),
     });
 
     if (authConfig?.enforcePublicHttpUrl) {
@@ -751,11 +823,6 @@ async function createMcpConnection(serverArg, authConfig) {
     if (authConfig?.enforcePublicHttpUrl) {
       transportOpts.requestInit = { redirect: 'manual' };
     }
-
-    const requestHeaders = {};
-    if (authConfig?.type === 'bearer' && authConfig.bearerToken) {
-      requestHeaders.Authorization = `Bearer ${authConfig.bearerToken}`;
-    }
     if (Object.keys(requestHeaders).length > 0) {
       transportOpts.requestInit = {
         ...(transportOpts.requestInit ?? {}),
@@ -906,45 +973,68 @@ async function discoverSimulations(client) {
 
 /**
  * Load simulation JSON fixtures from a directory and merge into discovered simulations.
+ *
+ * Each fixture becomes a simulation keyed by its filename, so a tool can have
+ * multiple fixtures (e.g. `show-albums.json` and `show-albums-empty.json`
+ * both targeting tool `show-albums`). Auto-discovered slots are kept only for
+ * tools that have no fixture file.
+ *
  * @param {string} dir - Simulation directory path
  * @param {Record<string, object>} simulations - Discovered simulations to merge into
  */
-function mergeSimulationFixtures(dir, simulations) {
+export function mergeSimulationFixtures(dir, simulations) {
   if (!existsSync(dir)) return;
 
   const files = readdirSync(dir).filter((f) => f.endsWith('.json'));
+
+  // Load every fixture first so we can group by tool name. We need the grouping
+  // to decide whether to keep the auto-discovered slot (no fixtures) or replace
+  // it with one entry per fixture file (one or more fixtures).
+  const fixtures = [];
   for (const file of files) {
     try {
       const fixture = JSON.parse(readFileSync(join(dir, file), 'utf-8'));
-      const toolName = fixture.tool;
-      if (!toolName) continue;
-
-      // Find matching simulation by tool name
-      const sim = simulations[toolName];
-      if (sim) {
-        // Merge fixture data into discovered simulation
-        if (fixture.toolInput !== undefined) sim.toolInput = fixture.toolInput;
-        if (fixture.toolResult !== undefined) sim.toolResult = fixture.toolResult;
-        if (fixture.serverTools !== undefined) sim.serverTools = fixture.serverTools;
-        if (fixture.userMessage !== undefined) sim.userMessage = fixture.userMessage;
-        if (fixture.hostContext !== undefined) sim.hostContext = fixture.hostContext;
-      } else {
-        // Create a new simulation from the fixture (tool not on server, but user wants to mock it)
-        const simName = file.replace(/\.json$/, '');
-        simulations[simName] = {
-          name: simName,
-          tool: { name: toolName, inputSchema: { type: 'object' } },
-          toolInput: fixture.toolInput,
-          toolResult: fixture.toolResult,
-          serverTools: fixture.serverTools,
-          userMessage: fixture.userMessage,
-          hostContext: fixture.hostContext,
-        };
-      }
+      if (!fixture.tool) continue;
+      fixtures.push({ file, fixture });
     } catch (err) {
       console.warn(`Warning: Failed to parse simulation fixture ${file}:`, err.message);
     }
   }
+
+  const byTool = new Map();
+  for (const item of fixtures) {
+    const tool = item.fixture.tool;
+    if (!byTool.has(tool)) byTool.set(tool, []);
+    byTool.get(tool).push(item);
+  }
+
+  for (const [toolName, items] of byTool) {
+    const discovered = simulations[toolName];
+
+    // Drop the auto-discovered slot if none of the fixtures will reuse its
+    // key (filename === tool name). Otherwise the named fixture overwrites
+    // it in place below.
+    const reusesSlot = items.some(({ file }) => file.replace(/\.json$/, '') === toolName);
+    if (discovered && !reusesSlot) {
+      delete simulations[toolName];
+    }
+
+    for (const { file, fixture } of items) {
+      const simName = file.replace(/\.json$/, '');
+      const sim = discovered
+        ? { ...discovered, name: simName }
+        : {
+            name: simName,
+            tool: { name: toolName, inputSchema: { type: 'object' } },
+          };
+      if (fixture.toolInput !== undefined) sim.toolInput = fixture.toolInput;
+      if (fixture.toolResult !== undefined) sim.toolResult = fixture.toolResult;
+      if (fixture.serverTools !== undefined) sim.serverTools = fixture.serverTools;
+      if (fixture.userMessage !== undefined) sim.userMessage = fixture.userMessage;
+      if (fixture.hostContext !== undefined) sim.hostContext = fixture.hostContext;
+      simulations[simName] = sim;
+    }
+  }
 }
 
 const MODEL_PROVIDERS = new Set(['openai', 'anthropic']);
@@ -2872,9 +2962,13 @@ export const _securityTestExports = {
   normalizeModelId,
   normalizeModelProviderModelId,
   quoteSecurityInteractiveArg,
+  parseHttpHeader,
+  hasAuthorizationHeader,
+  isAuthError,
   readRequestBody,
   resolveHttpRedirectsForMcp,
   shouldAllowPrivateServerUrls,
+  tryAnonymousOAuth,
 };
 
 /**
@@ -2934,6 +3028,7 @@ function readRequestBody(req, { maxBytes = Infinity } = {}) {
  * @param {object} [opts.viteCssConfig] - Vite css config override (e.g., lightningcss customAtRules)
  * @param {Record<string, string>} [opts.env] - Extra environment variables for stdio server processes
  * @param {string} [opts.cwd] - Working directory for stdio server processes
+ * @param {Record<string, string>} [opts.headers] - Extra HTTP headers for HTTP MCP server requests
  */
 export async function inspectServer(opts) {
   const {
@@ -2954,6 +3049,7 @@ export async function inspectServer(opts) {
     viteCssConfig,
     env: serverEnv,
     cwd: serverCwd,
+    headers: serverHeaders,
   } = opts;
 
   // Load favicon from sunpeak package for the inspector UI.
@@ -2981,6 +3077,7 @@ export async function inspectServer(opts) {
   const connectionOpts = {};
   if (serverEnv) connectionOpts.env = serverEnv;
   if (serverCwd) connectionOpts.cwd = serverCwd;
+  if (serverHeaders) connectionOpts.headers = serverHeaders;
   for (let attempt = 1; attempt <= maxRetries; attempt++) {
     try {
       mcpConnection = await createMcpConnection(resolvedServerUrl, connectionOpts);
@@ -2993,7 +3090,11 @@ export async function inspectServer(opts) {
       }
 
       // If the server requires OAuth, negotiate it and retry once.
-      if (isAuthError(err) && resolvedServerUrl.startsWith('http')) {
+      if (
+        isAuthError(err) &&
+        resolvedServerUrl.startsWith('http') &&
+        !hasAuthorizationHeader(connectionOpts.headers)
+      ) {
         console.log('Server requires authentication. Negotiating OAuth...');
         try {
           const authProvider = await negotiateOAuth(resolvedServerUrl);
@@ -3380,5 +3481,6 @@ export async function inspect(args) {
     name: opts.name,
     env: opts.env,
     cwd: opts.cwd,
+    headers: opts.headers,
   });
 }

package/bin/commands/test-init.mjs

@@ -596,8 +596,10 @@ ${serverBlock}
       {
         compilerOptions: {
           target: 'ES2022',
+          lib: ['ESNext', 'DOM'],
           module: 'ESNext',
           moduleResolution: 'bundler',
+          types: ['node'],
           strict: true,
           esModuleInterop: true,
         },

package/bin/lib/eval/eval-runner.mjs

@@ -220,12 +220,16 @@ export async function runSingleEval({
 }) {
   const { generateText } = await import('ai');
   const system = formatEvalAppContextForModel(appContext);
+  const providerOptions = model?.provider?.startsWith('openai.')
+    ? { openai: { strictJsonSchema: false } }
+    : undefined;
 
   const result = await generateText({
     model,
     tools,
     prompt,
     ...(system ? { system } : {}),
+    ...(providerOptions ? { providerOptions } : {}),
     maxSteps,
     temperature,
     maxRetries: 0, // We manage runs ourselves; AI SDK retries compound rate limits

package/bin/lib/eval/model-registry.mjs

@@ -47,12 +47,9 @@ export async function resolveModel(modelId) {
     // @ai-sdk/openai v3 defaults to the Responses API, which requires strict
     // JSON Schema (additionalProperties: false at every level, all properties
     // required) — incompatible with arbitrary MCP server schemas. Use .chat()
-    // (Chat Completions API) when available and disable structured outputs,
-    // because reasoning models also enable strict function schemas by default.
-    const settings = { structuredOutputs: false };
-    return typeof openai.chat === 'function'
-      ? openai.chat(modelId, settings)
-      : openai(modelId, settings);
+    // (Chat Completions API) when available. The eval runner disables strict
+    // JSON Schema through per-call provider options.
+    return typeof openai.chat === 'function' ? openai.chat(modelId) : openai(modelId);
   }
   if (pkg === '@ai-sdk/anthropic') {
     const { anthropic } = provider;

package/bin/lib/inspect/inspect-config.d.mts

@@ -15,6 +15,14 @@ export interface InspectConfigOptions {
   use?: Record<string, unknown>;
   /** Visual regression testing configuration */
   visual?: VisualConfig;
+  /** HTTP headers for HTTP MCP server requests */
+  headers?: Record<string, string>;
+  /** Server startup timeout in ms */
+  timeout?: number;
+  /** Environment variables for stdio servers */
+  env?: Record<string, string>;
+  /** Working directory for stdio servers */
+  cwd?: string;
 }
 
 /**

package/bin/lib/inspect/inspect-config.mjs

@@ -30,6 +30,7 @@ import { resolveSunpeakBin } from '../resolve-bin.mjs';
  * @param {number} [options.timeout] - Server startup timeout in ms (default: 60000)
  * @param {Record<string, string>} [options.env] - Environment variables for stdio servers
  * @param {string} [options.cwd] - Working directory for stdio servers
+ * @param {Record<string, string>} [options.headers] - HTTP headers for HTTP MCP server requests
  * @returns {import('@playwright/test').PlaywrightTestConfig}
  */
 export function defineInspectConfig(options) {
@@ -44,6 +45,7 @@ export function defineInspectConfig(options) {
     timeout,
     env,
     cwd,
+    headers,
   } = options;
 
   if (!server) {
@@ -65,6 +67,9 @@ export function defineInspectConfig(options) {
         })
       : []),
     ...(cwd ? [cwd.includes(' ') ? `--cwd "${cwd}"` : `--cwd ${cwd}`] : []),
+    ...(headers
+      ? Object.entries(headers).map(([k, v]) => `--header ${shellQuote(`${k}: ${v}`)}`)
+      : []),
     ...(simulationsDir ? [`--simulations ${simulationsDir}`] : []),
     `--port ${port}`,
     ...(name ? [`--name "${name}"`] : []),
@@ -83,3 +88,7 @@ export function defineInspectConfig(options) {
     },
   });
 }
+
+function shellQuote(value) {
+  return `'${String(value).replace(/'/g, "'\\''")}'`;
+}

package/bin/lib/inspect/inspect-server.d.mts

@@ -29,4 +29,6 @@ export function inspectServer(opts: {
   env?: Record<string, string>;
   /** Working directory for stdio server processes. */
   cwd?: string;
+  /** HTTP headers for HTTP MCP server requests. */
+  headers?: Record<string, string>;
 }): Promise<void>;

package/bin/lib/test/test-config.d.mts

@@ -12,6 +12,10 @@ export interface ServerConfig {
   url?: string;
   /** Environment variables for the server process. */
   env?: Record<string, string>;
+  /** Working directory for the server process. */
+  cwd?: string;
+  /** HTTP headers for HTTP MCP server requests. */
+  headers?: Record<string, string>;
 }
 
 /**
@@ -55,6 +59,8 @@ export interface TestConfigOptions {
   use?: Record<string, unknown>;
   /** Visual regression testing configuration. */
   visual?: VisualConfig;
+  /** Server startup timeout in ms. */
+  timeout?: number;
 }
 
 /**

package/bin/lib/test/test-config.mjs

@@ -28,6 +28,7 @@ import { resolveSunpeakBin } from '../resolve-bin.mjs';
  * @param {string} [options.server.url] - HTTP server URL (alternative to command)
  * @param {Record<string, string>} [options.server.env] - Environment variables
  * @param {string} [options.server.cwd] - Working directory for the server process
+ * @param {Record<string, string>} [options.server.headers] - HTTP headers for HTTP MCP server requests
  * @param {string[]} [options.hosts] - Host shells to test (default: ['chatgpt', 'claude'])
  * @param {string} [options.testDir] - Test directory
  * @param {string} [options.simulationsDir] - Simulations directory for mock data
@@ -126,6 +127,12 @@ function buildInspectCommand({ server, port, sandboxPort, simulationsDir }) {
     parts.push(server.cwd.includes(' ') ? `--cwd "${server.cwd}"` : `--cwd ${server.cwd}`);
   }
 
+  if (server.headers) {
+    for (const [key, value] of Object.entries(server.headers)) {
+      parts.push(`--header ${shellQuote(`${key}: ${value}`)}`);
+    }
+  }
+
   if (simulationsDir) {
     parts.push(`--simulations ${simulationsDir}`);
   }
@@ -134,3 +141,7 @@ function buildInspectCommand({ server, port, sandboxPort, simulationsDir }) {
 
   return parts.join(' ');
 }
+
+function shellQuote(value) {
+  return `'${String(value).replace(/'/g, "'\\''")}'`;
+}

package/bin/sunpeak.js

@@ -131,6 +131,7 @@ Inspector (works with any MCP server):
   sunpeak inspect          Inspect any MCP server in the inspector
     --server, -s <url|cmd> MCP server URL or stdio command (required)
     --simulations <dir>    Simulation JSON directory
+    --header, -H <header>  HTTP header for HTTP MCP servers (repeatable)
 
   sunpeak --version        Show version number
   Resources: ${resources.join(', ')} (comma/space separated)

package/dist/chatgpt/index.cjs

@@ -1,6 +1,6 @@
 Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
 const require_chunk = require("../chunk-Cek0wNdY.cjs");
-const require_inspector = require("../inspector-DOmiG64-.cjs");
+const require_inspector = require("../inspector-BGnxpdOn.cjs");
 const require_inspector_url = require("../inspector-url-BxScdDag.cjs");
 const require_discovery = require("../discovery-31_n0zcu.cjs");
 //#region src/chatgpt/index.ts

package/dist/chatgpt/index.js

@@ -1,5 +1,5 @@
 import { Ct as __exportAll } from "../protocol-bhrz2H_E.js";
-import { _ as extractResourceCSP, f as ThemeProvider, g as IframeResource, p as useThemeContext, r as resolveServerToolResult, t as Inspector, v as McpAppHost, y as SCREEN_WIDTHS } from "../inspector-C6n8zap3.js";
+import { _ as extractResourceCSP, f as ThemeProvider, g as IframeResource, p as useThemeContext, r as resolveServerToolResult, t as Inspector, v as McpAppHost, y as SCREEN_WIDTHS } from "../inspector-DvduUVNG.js";
 import { t as createInspectorUrl } from "../inspector-url-xUMGbWis.js";
 import { c as toPascalCase, i as findResourceKey, n as extractSimulationKey, r as findResourceDirs, s as getComponentName, t as extractResourceKey } from "../discovery-DOVner--.js";
 //#region src/chatgpt/index.ts

package/dist/claude/index.cjs

@@ -1,4 +1,4 @@
 Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
 require("../chunk-Cek0wNdY.cjs");
-const require_inspector = require("../inspector-DOmiG64-.cjs");
+const require_inspector = require("../inspector-BGnxpdOn.cjs");
 exports.Inspector = require_inspector.Inspector;

package/dist/claude/index.js

@@ -1,2 +1,2 @@
-import { t as Inspector } from "../inspector-C6n8zap3.js";
+import { t as Inspector } from "../inspector-DvduUVNG.js";
 export { Inspector };

package/dist/hooks/tool-data-store.d.ts

@@ -0,0 +1,26 @@
+import { App } from '@modelcontextprotocol/ext-apps';
+export interface ToolData<TInput = unknown, TOutput = unknown> {
+    input: TInput | null;
+    inputPartial: TInput | null;
+    output: TOutput | null;
+    isError: boolean;
+    isLoading: boolean;
+    isCancelled: boolean;
+    cancelReason: string | null;
+}
+export interface ToolDataStore<TInput = unknown, TOutput = unknown> {
+    data: ToolData<TInput, TOutput>;
+    listeners: Set<() => void>;
+}
+declare module '@modelcontextprotocol/ext-apps' {
+    interface App {
+        /** @internal Eager store attached by AppProvider before connect(). */
+        __toolDataStore?: ToolDataStore;
+    }
+}
+/**
+ * Initialize the tool-data store on an App instance and wire its event
+ * listeners. Idempotent - returns the existing store if one is already
+ * attached.
+ */
+export declare function initToolDataStore(app: App): ToolDataStore;

package/dist/hooks/use-tool-data.d.ts

@@ -1,12 +1,6 @@
-export interface ToolData<TInput = unknown, TOutput = unknown> {
-    input: TInput | null;
-    inputPartial: TInput | null;
-    output: TOutput | null;
-    isError: boolean;
-    isLoading: boolean;
-    isCancelled: boolean;
-    cancelReason: string | null;
-}
+import { initToolDataStore, ToolData } from './tool-data-store';
+export type { ToolData };
+export { initToolDataStore };
 /**
  * Reactive access to tool input and output data from the MCP Apps host.
  *

package/dist/host/chatgpt/index.cjs

@@ -1,6 +1,6 @@
 Object.defineProperty(exports, Symbol.toStringTag, { value: "Module" });
 require("../../chunk-Cek0wNdY.cjs");
-const require_use_app = require("../../use-app-DUdnDLP5.cjs");
+const require_use_app = require("../../use-app-fizR-zbu.cjs");
 let react = require("react");
 //#region src/host/chatgpt/openai-types.ts
 /**

package/dist/host/chatgpt/index.js

@@ -1,4 +1,4 @@
-import { t as useApp } from "../../use-app-Duar2Ipu.js";
+import { t as useApp } from "../../use-app-CmrLc3wz.js";
 import { useCallback } from "react";
 //#region src/host/chatgpt/openai-types.ts
 /**