npm - toolception - Versions diffs - 0.6.2 → 0.6.3 - Mend

toolception 0.6.2 → 0.6.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/http/FastifyTransport.d.ts +25 -0
package/dist/http/FastifyTransport.d.ts.map +1 -1
package/dist/index.js +158 -127
package/dist/index.js.map +1 -1
package/dist/permissions/PermissionAwareFastifyTransport.d.ts.map +1 -1
package/package.json +2 -2

package/dist/index.js CHANGED Viewed

@@ -1,15 +1,15 @@
-var ge = Object.defineProperty;
+var ve = Object.defineProperty;
 var H = (r) => {
   throw TypeError(r);
 };
-var ye = (r, e, t) => e in r ? ge(r, e, { enumerable: !0, configurable: !0, writable: !0, value: t }) : r[e] = t;
-var d = (r, e, t) => ye(r, typeof e != "symbol" ? e + "" : e, t), ve = (r, e, t) => e.has(r) || H("Cannot " + t);
+var be = (r, e, t) => e in r ? ve(r, e, { enumerable: !0, configurable: !0, writable: !0, value: t }) : r[e] = t;
+var d = (r, e, t) => be(r, typeof e != "symbol" ? e + "" : e, t), we = (r, e, t) => e.has(r) || H("Cannot " + t);
 var x = (r, e, t) => e.has(r) ? H("Cannot add the same private member more than once") : e instanceof WeakSet ? e.add(r) : e.set(r, t);
-var m = (r, e, t) => (ve(r, e, "access private method"), t);
+var m = (r, e, t) => (we(r, e, "access private method"), t);
 import { z as g } from "zod";
 import U from "fastify";
 import J from "@fastify/cors";
-import { randomUUID as S, createHash as be } from "node:crypto";
+import { randomUUID as S, createHash as Te } from "node:crypto";
 import { StreamableHTTPServerTransport as Q } from "@modelcontextprotocol/sdk/server/streamableHttp.js";
 import { isInitializeRequest as G } from "@modelcontextprotocol/sdk/types.js";
 const V = {
@@ -520,9 +520,9 @@ class N {
     return this.enableToolsets(e);
   }
 }
-const T = "_meta";
-function Te(r, e, t, s) {
-  (s?.mode ?? "DYNAMIC") === "DYNAMIC" && (t.addForToolset(T, "enable_toolset"), r.tool(
+const w = "_meta";
+function xe(r, e, t, s) {
+  (s?.mode ?? "DYNAMIC") === "DYNAMIC" && (t.addForToolset(w, "enable_toolset"), r.tool(
     "enable_toolset",
     "Enable a toolset by name",
     { name: g.string().describe("Toolset name") },
@@ -533,7 +533,7 @@ function Te(r, e, t, s) {
         content: [{ type: "text", text: JSON.stringify(i) }]
       };
     }
-  ), t.addForToolset(T, "disable_toolset"), r.tool(
+  ), t.addForToolset(w, "disable_toolset"), r.tool(
     "disable_toolset",
     "Disable a toolset by name (state only)",
     { name: g.string().describe("Toolset name") },
@@ -544,7 +544,7 @@ function Te(r, e, t, s) {
         content: [{ type: "text", text: JSON.stringify(i) }]
       };
     }
-  ), t.addForToolset(T, "list_toolsets"), r.tool(
+  ), t.addForToolset(w, "list_toolsets"), r.tool(
     "list_toolsets",
     "List available toolsets with active status and definitions",
     {},
@@ -570,7 +570,7 @@ function Te(r, e, t, s) {
         ]
       };
     }
-  ), t.addForToolset(T, "describe_toolset"), r.tool(
+  ), t.addForToolset(w, "describe_toolset"), r.tool(
     "describe_toolset",
     "Describe a toolset with definition, active status and tools",
     { name: g.string().describe("Toolset name") },
@@ -601,7 +601,7 @@ function Te(r, e, t, s) {
         content: [{ type: "text", text: JSON.stringify(l) }]
       };
     }
-  )), t.addForToolset(T, "list_tools"), r.tool(
+  )), t.addForToolset(w, "list_tools"), r.tool(
     "list_tools",
     "List currently registered tool names (best effort)",
     {},
@@ -631,7 +631,7 @@ class A {
     const o = C.builder().namespaceWithToolset(
       e.exposurePolicy?.namespaceToolsWithSetKey ?? !0
     ).build(), n = N.builder().server(e.server).resolver(this.resolver).context(e.context).toolRegistry(o);
-    e.notifyToolsListChanged && n.onToolsListChanged(e.notifyToolsListChanged), e.exposurePolicy && n.exposurePolicy(e.exposurePolicy), this.manager = n.build(), e.registerMetaTools !== !1 && Te(e.server, this.manager, o, { mode: this.mode });
+    e.notifyToolsListChanged && n.onToolsListChanged(e.notifyToolsListChanged), e.exposurePolicy && n.exposurePolicy(e.exposurePolicy), this.manager = n.build(), e.registerMetaTools !== !1 && xe(e.server, this.manager, o, { mode: this.mode });
     const i = s.toolsets;
     this.initPromise = this.initializeToolsets(i);
   }
@@ -746,10 +746,10 @@ class A {
     return this.manager;
   }
 }
-var w, M;
+var T, M;
 const D = class D {
   constructor(e = {}) {
-    x(this, w);
+    x(this, T);
     d(this, "storage", /* @__PURE__ */ new Map());
     d(this, "maxSize");
     d(this, "ttlMs");
@@ -803,7 +803,7 @@ const D = class D {
    */
   delete(e) {
     const t = this.storage.get(e);
-    t && (this.storage.delete(e), m(this, w, M).call(this, e, t.resource));
+    t && (this.storage.delete(e), m(this, T, M).call(this, e, t.resource));
   }
   /**
    * @param clearEntries - If true, also removes all entries and calls onEvict for each
@@ -815,7 +815,7 @@ const D = class D {
     const e = Array.from(this.storage.entries());
     this.storage.clear();
     for (const [t, s] of e)
-      m(this, w, M).call(this, t, s.resource);
+      m(this, T, M).call(this, t, s.resource);
   }
   evictLeastRecentlyUsed() {
     const e = this.storage.keys().next().value;
@@ -829,7 +829,7 @@ const D = class D {
       this.delete(s);
   }
 };
-w = new WeakSet(), /**
+T = new WeakSet(), /**
  * @param key - The key being evicted
  * @param resource - The resource being evicted
  */
@@ -845,10 +845,10 @@ M = function(e, t) {
     }
 };
 let E = D;
-function tt(r) {
+function rt(r) {
   return r;
 }
-function st(r) {
+function ot(r) {
   return r;
 }
 function Z(r, e, t, s) {
@@ -936,7 +936,7 @@ function P(r, e, t) {
     }
   };
 }
-const we = g.string({ message: "Missing required mcp-client-id header" }).trim().min(1, "mcp-client-id header must not be empty");
+const Se = g.string({ message: "Missing required mcp-client-id header" }).trim().min(1, "mcp-client-id header must not be empty");
 class O {
   constructor(e, t, s = {}, o, n, i) {
     d(this, "options");
@@ -1061,7 +1061,7 @@ class O {
     e.post(
       `${t}/mcp`,
       async (s, o) => {
-        const n = we.safeParse(
+        const n = Se.safeParse(
           s.headers["mcp-client-id"]
         );
         if (!n.success)
@@ -1088,13 +1088,16 @@ class O {
         if (u && c.sessions.get(u))
           f = c.sessions.get(u);
         else if (!u && G(s.body)) {
+          await this.drainExistingSessions(c.sessions), await this.disconnectServer(c.server);
           const v = S();
           f = new Q({
             sessionIdGenerator: () => v,
             onsessioninitialized: (b) => {
               c.sessions.set(b, f);
             }
-          });
+          }), f.onclose = () => {
+            f?.sessionId && c.sessions.delete(f.sessionId);
+          };
           try {
             await c.server.connect(f);
           } catch {
@@ -1104,20 +1107,13 @@ class O {
               id: null
             };
           }
-          f.onclose = () => {
-            f?.sessionId && c.sessions.delete(f.sessionId);
-          };
         } else
           return o.code(400), {
             jsonrpc: "2.0",
             error: { code: -32e3, message: "Session not found or expired" },
             id: null
           };
-        return await f.handleRequest(
-          s.raw,
-          o.raw,
-          s.body
-        ), o;
+        return await f.handleRequest(s.raw, o.raw, s.body), o;
       }
     );
   }
@@ -1166,11 +1162,8 @@ class O {
             id: null
           };
         try {
-          if (typeof u.close == "function")
-            try {
-              await u.close();
-            } catch {
-            }
+          await u.close();
+        } catch {
         } finally {
           u?.sessionId ? c.sessions.delete(u.sessionId) : c.sessions.delete(a);
         }
@@ -1181,18 +1174,53 @@ class O {
   async stop() {
     this.app && (this.clientCache.stop(!0), this.options.app || await this.app.close(), this.app = null);
   }
+  /**
+   * Closes all active sessions and clears the session map so the server is
+   * free to accept a new connection. Required for SDK 1.26+, which throws
+   * "Already connected" when `connect()` is called while a transport is
+   * still attached. Handles unclean client disconnects followed by re-init.
+   *
+   * The map is cleared before closing so that `onclose` handlers fired by
+   * `transport.close()` do not attempt double-deletion.
+   *
+   * @param sessions - The client's active session map to drain
+   */
+  async drainExistingSessions(e) {
+    if (e.size === 0) return;
+    const t = Array.from(e.values());
+    e.clear();
+    for (const s of t)
+      try {
+        await s.close();
+      } catch {
+      }
+  }
+  /**
+   * Disconnects the server from its current transport so that `Protocol._transport`
+   * is cleared before a new connection is established.
+   *
+   * `drainExistingSessions` handles same-bundle reconnects (sessions in the map).
+   * This method handles the STATIC-mode cross-client case: a different client's
+   * bundle has an empty sessions map, but the shared server is still attached to
+   * the previous client's transport because `StreamableHTTPClientTransport.close()`
+   * does not send DELETE—it only aborts connections.
+   *
+   * @param server - The MCP server to disconnect from its current transport
+   */
+  async disconnectServer(e) {
+    try {
+      await e.close();
+    } catch {
+    }
+  }
   /**
    * @param bundle - The client bundle to clean up
    */
   cleanupBundle(e) {
     for (const [t, s] of e.sessions.entries())
-      try {
-        typeof s.close == "function" && s.close().catch((o) => {
-          console.warn(`Error closing session ${t}:`, o);
-        });
-      } catch (o) {
+      s.close().catch((o) => {
         console.warn(`Error closing session ${t}:`, o);
-      }
+      });
     e.sessions.clear();
   }
   /**
@@ -1391,25 +1419,25 @@ class k {
     for (const n of t)
       s[n] = e[n];
     const o = JSON.stringify(s);
-    return be("sha256").update(o).digest("hex").slice(0, 16);
+    return Te("sha256").update(o).digest("hex").slice(0, 16);
   }
 }
 function X(r) {
-  xe(r), Se(r), Ee(r), Ce(r), Ae(r);
+  Ee(r), Ce(r), Ae(r), Pe(r), Me(r);
 }
-function xe(r) {
+function Ee(r) {
   if (!r || typeof r != "object")
     throw new Error(
       "Session context configuration must be an object"
     );
 }
-function Se(r) {
+function Ce(r) {
   if (r.enabled !== void 0 && typeof r.enabled != "boolean")
     throw new Error(
       `enabled must be a boolean, got ${typeof r.enabled}`
     );
 }
-function Ee(r) {
+function Ae(r) {
   if (r.queryParam !== void 0) {
     if (typeof r.queryParam != "object" || r.queryParam === null)
       throw new Error("queryParam must be an object");
@@ -1432,25 +1460,25 @@ function Ee(r) {
     }
   }
 }
-function Ce(r) {
+function Pe(r) {
   if (r.contextResolver !== void 0 && typeof r.contextResolver != "function")
     throw new Error(
       "contextResolver must be a function: (request, baseContext, parsedQueryConfig?) => unknown"
     );
 }
-function Ae(r) {
+function Me(r) {
   if (r.merge !== void 0 && r.merge !== "shallow" && r.merge !== "deep")
     throw new Error(
       `Invalid merge strategy: "${r.merge}". Must be "shallow" or "deep"`
     );
 }
-const Pe = g.object({
+const Ie = g.object({
   mode: g.enum(["DYNAMIC", "STATIC"]).optional(),
   toolsets: g.union([g.array(g.string()), g.literal("ALL")]).optional()
 }).strict();
-function Me(r) {
+function $e(r) {
   try {
-    Pe.parse(r);
+    Ie.parse(r);
   } catch (e) {
     if (e instanceof g.ZodError) {
       const t = e.format();
@@ -1464,7 +1492,7 @@ Hint: Common mistake - use "toolsets" not "initialToolsets"`
     throw e;
   }
 }
-function Ie() {
+function Re() {
   const r = (t) => typeof t?.server?.notification == "function", e = (t) => typeof t?.notifyToolsListChanged == "function";
   return async (t) => {
     try {
@@ -1482,12 +1510,12 @@ function Ie() {
     }
   };
 }
-function $e(r, e) {
+function Le(r, e) {
   return r !== void 0 ? r : e === "DYNAMIC";
 }
-async function rt(r) {
-  Re(r);
-  const e = r.startup?.mode ?? "DYNAMIC", t = $e(r.registerMetaTools, e), s = Le(r, e), o = Ie(), n = r.createServer(), i = ee(
+async function nt(r) {
+  je(r);
+  const e = r.startup?.mode ?? "DYNAMIC", t = Le(r.registerMetaTools, e), s = Ne(r, e), o = Re(), n = r.createServer(), i = ee(
     n,
     r,
     e,
@@ -1495,14 +1523,14 @@ async function rt(r) {
     o
   );
   e === "STATIC" && await i.ensureReady();
-  const a = je(
+  const a = Oe(
     r,
     e,
     n,
     i,
     t,
     o
-  ), l = Ne(
+  ), l = ke(
     r,
     i.getManager(),
     a,
@@ -1514,11 +1542,11 @@ async function rt(r) {
     close: () => l.stop()
   };
 }
-function Re(r) {
-  if (r.startup && Me(r.startup), typeof r.createServer != "function")
+function je(r) {
+  if (r.startup && $e(r.startup), typeof r.createServer != "function")
     throw new Error("createMcpServer: `createServer` (factory) is required");
 }
-function Le(r, e) {
+function Ne(r, e) {
   if (!r.sessionContext) return;
   X(r.sessionContext);
   const t = k.builder().enabled(r.sessionContext.enabled ?? !0).queryParam(r.sessionContext.queryParam).contextResolver(r.sessionContext.contextResolver).merge(r.sessionContext.merge ?? "shallow").build();
@@ -1530,7 +1558,7 @@ function ee(r, e, t, s, o, n) {
   const i = A.builder().server(r).catalog(e.catalog).moduleLoaders(e.moduleLoaders ?? {}).context(n !== void 0 ? n : e.context).notifyToolsListChanged(async () => o(r)).registerMetaTools(s);
   return e.exposurePolicy && i.exposurePolicy(e.exposurePolicy), e.startup && i.startup(e.startup), i.build();
 }
-function je(r, e, t, s, o, n) {
+function Oe(r, e, t, s, o, n) {
   return (i) => {
     if (e === "STATIC")
       return { server: t, orchestrator: s };
@@ -1545,20 +1573,20 @@ function je(r, e, t, s, o, n) {
     return { server: l, orchestrator: c };
   };
 }
-function Ne(r, e, t, s) {
+function ke(r, e, t, s) {
   const o = O.builder().defaultManager(e).createBundle(t).host(r.http?.host ?? "0.0.0.0").port(r.http?.port ?? 3e3).basePath(r.http?.basePath ?? "/").cors(r.http?.cors ?? !0).logger(r.http?.logger ?? !1);
   return r.http?.app && o.app(r.http.app), r.http?.customEndpoints && o.customEndpoints(r.http.customEndpoints), r.configSchema && o.configSchema(r.configSchema), s && o.sessionContextResolver(s), r.context !== void 0 && o.baseContext(r.context), o.build();
 }
-function Oe(r) {
-  ke(r), De(r), ze(r), qe(r);
+function De(r) {
+  ze(r), qe(r), Fe(r), _e(r);
 }
-function ke(r) {
+function ze(r) {
   if (!r || typeof r != "object")
     throw new Error(
       "Permission configuration is required for createPermissionBasedMcpServer"
     );
 }
-function De(r) {
+function qe(r) {
   if (!r.source)
     throw new Error('Permission source must be either "headers" or "config"');
   if (r.source !== "headers" && r.source !== "config")
@@ -1566,19 +1594,19 @@ function De(r) {
       `Invalid permission source: "${r.source}". Must be either "headers" or "config"`
     );
 }
-function ze(r) {
+function Fe(r) {
   if (r.source === "config" && !r.staticMap && !r.resolver)
     throw new Error(
       "Config-based permissions require at least one of: staticMap or resolver function"
     );
 }
-function qe(r) {
+function _e(r) {
   if (r.staticMap !== void 0) {
     if (typeof r.staticMap != "object" || r.staticMap === null)
       throw new Error(
         "staticMap must be an object mapping client IDs to toolset arrays"
       );
-    Fe(r.staticMap);
+    Ke(r.staticMap);
   }
   if (r.resolver !== void 0 && typeof r.resolver != "function")
     throw new Error(
@@ -1589,14 +1617,14 @@ function qe(r) {
   if (r.headerName !== void 0 && (typeof r.headerName != "string" || r.headerName.length === 0))
     throw new Error("headerName must be a non-empty string");
 }
-function Fe(r) {
+function Ke(r) {
   for (const [e, t] of Object.entries(r))
     if (!Array.isArray(t))
       throw new Error(
         `staticMap value for client "${e}" must be an array of toolset names`
       );
 }
-function _e(r, e) {
+function Be(r, e) {
   return async (t) => {
     const s = e.resolvePermissions(
       t.clientId,
@@ -1621,7 +1649,7 @@ function _e(r, e) {
     };
   };
 }
-function Ke(r) {
+function He(r) {
   if (!r) return;
   const e = {
     namespaceToolsWithSetKey: r.namespaceToolsWithSetKey
@@ -1770,8 +1798,8 @@ ne = function(e) {
   return t !== void 0 ? Array.isArray(t) ? t : [] : null;
 };
 let I = z;
-const Be = g.string({ message: "Missing required mcp-client-id header" }).trim().min(1, "mcp-client-id header must not be empty");
-var h, ie, ae, le, ce, de, ue, he, fe, R, me;
+const Ve = g.string({ message: "Missing required mcp-client-id header" }).trim().min(1, "mcp-client-id header must not be empty");
+var h, ie, ae, le, ce, de, ue, he, fe, me, pe, R, ge;
 const q = class q {
   constructor(e, t, s = {}, o) {
     x(this, h);
@@ -1783,7 +1811,7 @@ const q = class q {
     // Per-client server bundles and per-client session transports
     d(this, "clientCache", new E({
       onEvict: (e, t) => {
-        m(this, h, ie).call(this, t);
+        m(this, h, le).call(this, t);
       }
     }));
     this.defaultManager = e, this.createPermissionAwareBundle = t, this.options = {
@@ -1841,8 +1869,8 @@ const q = class q {
     if (this.app) return;
     const e = this.options.app ?? U({ logger: this.options.logger });
     this.options.cors && await e.register(J, { origin: !0 });
-    const t = m(this, h, ae).call(this, this.options.basePath);
-    m(this, h, le).call(this, e, t), m(this, h, ce).call(this, e, t), m(this, h, de).call(this, e, t), m(this, h, ue).call(this, e, t), m(this, h, he).call(this, e, t), m(this, h, fe).call(this, e, t), this.options.customEndpoints && this.options.customEndpoints.length > 0 && Z(e, t, this.options.customEndpoints, {
+    const t = m(this, h, ce).call(this, this.options.basePath);
+    m(this, h, de).call(this, e, t), m(this, h, ue).call(this, e, t), m(this, h, he).call(this, e, t), m(this, h, fe).call(this, e, t), m(this, h, me).call(this, e, t), m(this, h, pe).call(this, e, t), this.options.customEndpoints && this.options.customEndpoints.length > 0 && Z(e, t, this.options.customEndpoints, {
       contextExtractor: async (s) => {
         const o = m(this, h, R).call(this, s);
         try {
@@ -1866,42 +1894,52 @@ const q = class q {
     this.app && (this.clientCache.stop(!0), this.options.app || await this.app.close(), this.app = null);
   }
 };
-h = new WeakSet(), /**
+h = new WeakSet(), ie = async function(e) {
+  if (e.size === 0) return;
+  const t = Array.from(e.values());
+  e.clear();
+  for (const s of t)
+    try {
+      await s.close();
+    } catch {
+    }
+}, ae = async function(e) {
+  try {
+    await e.close();
+  } catch {
+  }
+}, /**
  * @param bundle - The client bundle to clean up
  */
-ie = function(e) {
+le = function(e) {
   for (const [t, s] of e.sessions.entries())
-    try {
-      typeof s.close == "function" && s.close().catch((o) => {
-        console.warn(`Error closing session ${t}:`, o);
-      });
-    } catch (o) {
+    s.close().catch((o) => {
       console.warn(`Error closing session ${t}:`, o);
-    }
+    });
   e.sessions.clear();
 }, /**
  * @param basePath - The base path to normalize
  * @returns Normalized base path without trailing slash
  */
-ae = function(e) {
+ce = function(e) {
   return e.endsWith("/") ? e.slice(0, -1) : e;
 }, /**
  * @param app - Fastify instance
  * @param base - Base path for routes
  */
-le = function(e, t) {
+de = function(e, t) {
   e.get(`${t}/healthz`, async () => ({ ok: !0 }));
 }, /**
  * @param app - Fastify instance
  * @param base - Base path for routes
  */
-ce = function(e, t) {
+ue = function(e, t) {
   e.get(`${t}/tools`, async () => this.defaultManager.getStatus());
 }, /**
  * @param app - Fastify instance
  * @param base - Base path for routes
  */
-de = function(e, t) {
+he = function(e, t) {
   e.get(`${t}/.well-known/mcp-config`, async (s, o) => (o.header("Content-Type", "application/schema+json; charset=utf-8"), this.configSchema ?? {
     $schema: "https://json-schema.org/draft/2020-12/schema",
     title: "MCP Session Configuration",
@@ -1916,11 +1954,11 @@ de = function(e, t) {
  * @param app - Fastify instance
  * @param base - Base path for routes
  */
-ue = function(e, t) {
+fe = function(e, t) {
   e.post(
     `${t}/mcp`,
     async (s, o) => {
-      const n = Be.safeParse(
+      const n = Ve.safeParse(
         s.headers["mcp-client-id"]
       );
       if (!n.success)
@@ -1949,20 +1987,23 @@ ue = function(e, t) {
           return console.error(
             `Failed to create permission-aware bundle for client ${i.clientId}:`,
             u
-          ), o.code(403), m(this, h, me).call(this, "Access denied");
+          ), o.code(403), m(this, h, ge).call(this, "Access denied");
         }
       const l = s.headers["mcp-session-id"];
       let c;
       if (l && a.sessions.get(l))
         c = a.sessions.get(l);
       else if (!l && G(s.body)) {
+        await m(this, h, ie).call(this, a.sessions), await m(this, h, ae).call(this, a.server);
         const u = S();
         c = new Q({
           sessionIdGenerator: () => u,
           onsessioninitialized: (f) => {
             a.sessions.set(f, c);
           }
-        });
+        }), c.onclose = () => {
+          c?.sessionId && a.sessions.delete(c.sessionId);
+        };
         try {
           await a.server.connect(c);
         } catch {
@@ -1972,27 +2013,20 @@ ue = function(e, t) {
             id: null
           };
         }
-        c.onclose = () => {
-          c?.sessionId && a.sessions.delete(c.sessionId);
-        };
       } else
         return o.code(400), {
           jsonrpc: "2.0",
           error: { code: -32e3, message: "Session not found or expired" },
           id: null
         };
-      return await c.handleRequest(
-        s.raw,
-        o.raw,
-        s.body
-      ), o;
+      return await c.handleRequest(s.raw, o.raw, s.body), o;
     }
   );
 }, /**
  * @param app - Fastify instance
  * @param base - Base path for routes
  */
-he = function(e, t) {
+me = function(e, t) {
   e.get(`${t}/mcp`, async (s, o) => {
     const n = s.headers["mcp-client-id"]?.trim(), i = n && n.length > 0 ? n : "";
     if (!i)
@@ -2010,7 +2044,7 @@ he = function(e, t) {
  * @param app - Fastify instance
  * @param base - Base path for routes
  */
-fe = function(e, t) {
+pe = function(e, t) {
   e.delete(
     `${t}/mcp`,
     async (s, o) => {
@@ -2032,11 +2066,8 @@ fe = function(e, t) {
           id: null
         };
       try {
-        if (typeof c.close == "function")
-          try {
-            await c.close();
-          } catch {
-          }
+        await c.close();
+      } catch {
       } finally {
         c?.sessionId ? l.sessions.delete(c.sessionId) : l.sessions.delete(a);
       }
@@ -2057,7 +2088,7 @@ R = function(e) {
  * @param code - JSON-RPC error code
  * @returns JSON-RPC error response object
  */
-me = function(e = "Access denied", t = -32e3) {
+ge = function(e = "Access denied", t = -32e3) {
   return {
     jsonrpc: "2.0",
     error: {
@@ -2068,12 +2099,12 @@ me = function(e = "Access denied", t = -32e3) {
   };
 };
 let $ = q;
-async function ot(r) {
-  He(r);
-  const e = Ke(r.exposurePolicy), t = Ve(r), s = r.createServer(), o = pe(s, r, e), n = _e(
-    We(r, e),
+async function it(r) {
+  We(r);
+  const e = He(r.exposurePolicy), t = Ye(r), s = r.createServer(), o = ye(s, r, e), n = Be(
+    Ue(r, e),
     t
-  ), i = Ye(r, o.getManager(), n);
+  ), i = Je(r, o.getManager(), n);
   return {
     server: s,
     start: () => i.start(),
@@ -2086,12 +2117,12 @@ async function ot(r) {
     }
   };
 }
-function He(r) {
+function We(r) {
   if (!r.permissions)
     throw new Error(
       "Permission configuration is required for createPermissionBasedMcpServer. Please provide a 'permissions' field in the options."
     );
-  if (Oe(r.permissions), r.sessionContext && (X(r.sessionContext), console.warn(
+  if (De(r.permissions), r.sessionContext && (X(r.sessionContext), console.warn(
     "Session context support for permission-based servers is limited. The base context will be used for module loaders."
   )), r.startup)
     throw new Error(
@@ -2102,29 +2133,29 @@ function He(r) {
       "createPermissionBasedMcpServer: `createServer` (factory) is required"
     );
 }
-function Ve(r) {
+function Ye(r) {
   const e = I.builder().source(r.permissions.source).headerName(r.permissions.headerName ?? "mcp-toolset-permissions").staticMap(r.permissions.staticMap ?? {}).defaultPermissions(r.permissions.defaultPermissions ?? []);
   return r.permissions.resolver && e.resolver(r.permissions.resolver), e.build();
 }
-function pe(r, e, t) {
+function ye(r, e, t) {
   const s = A.builder().server(r).catalog(e.catalog).moduleLoaders(e.moduleLoaders ?? {}).context(e.context).startup({ mode: "STATIC", toolsets: [] }).registerMetaTools(!1);
   return t && s.exposurePolicy(t), s.build();
 }
-function We(r, e) {
+function Ue(r, e) {
   return (t) => {
-    const s = r.createServer(), o = pe(s, r, e);
+    const s = r.createServer(), o = ye(s, r, e);
     return { server: s, orchestrator: o };
   };
 }
-function Ye(r, e, t) {
+function Je(r, e, t) {
   const s = $.builder().defaultManager(e).createPermissionAwareBundle(t).host(r.http?.host ?? "0.0.0.0").port(r.http?.port ?? 3e3).basePath(r.http?.basePath ?? "/").cors(r.http?.cors ?? !0).logger(r.http?.logger ?? !1);
   return r.http?.app && s.app(r.http.app), r.http?.customEndpoints && s.customEndpoints(r.http.customEndpoints), r.configSchema && s.configSchema(r.configSchema), s.build();
 }
 export {
   k as SessionContextResolver,
-  rt as createMcpServer,
-  ot as createPermissionBasedMcpServer,
-  tt as defineEndpoint,
-  st as definePermissionAwareEndpoint
+  nt as createMcpServer,
+  it as createPermissionBasedMcpServer,
+  rt as defineEndpoint,
+  ot as definePermissionAwareEndpoint
 };
 //# sourceMappingURL=index.js.map