tracelattice 1.3.2 → 1.3.4

package/dist/cli.js

@@ -1,5 +1,1169 @@
 #!/usr/bin/env bun
-import*as e from"./lib.js";import*as t from"node:crypto";import*as s from"node:http";import*as i from"node:url";import*as n from"valibot";import{ValibotJsonSchemaAdapter as o}from"@tmcp/adapter-valibot";import{StdioTransport as r}from"@tmcp/transport-stdio";import{readFileSync as a}from"node:fs";import{dirname as l,join as c}from"node:path";import{McpServer as h}from"tmcp";import{AsyncLocalStorage as p}from"node:async_hooks";var d={787(e,t,s){s.d(t,{Ag:()=>o,m_:()=>a,qA:()=>n,u1:()=>l,yM:()=>r});class i extends Error{code;constructor(e,t){super(e),this.code=t,this.name="SequentialThinkingError",Error.captureStackTrace(this,this.constructor)}}class n extends i{constructor(e){super(`Session '${e}' is not active`,"SESSION_NOT_ACTIVE"),this.name="SessionNotActiveError"}}class o extends i{constructor(e){super(`Session not found: ${e}`,"SESSION_NOT_FOUND"),this.name="SessionNotFoundError"}}class r extends i{constructor(e){super(`Max sessions (${e}) reached. Wait for a session to close or increase maxSessions.`,"MAX_SESSIONS_REACHED"),this.name="MaxSessionsReachedError"}}class a extends i{constructor(){super("ConnectionPool has been terminated","POOL_TERMINATED"),this.name="PoolTerminatedError"}}function l(e){return e instanceof Error?e.message:String(e)}},527(e,t,s){s.d(t,{createConnectionPool:()=>r});var i=s(787);class n{_server;_id;_createdAt;_lastActivityAt;_isActiveValue;_timeout;_cleanupTimer=null;_logger;constructor(e,t,s,i){this._server=t,this._id=e,this._createdAt=Date.now(),this._lastActivityAt=this._createdAt,this._isActiveValue=!0,this._timeout=s,this._logger=i,this._startTimeout()}get isActive(){return this._isActiveValue}async process(e){if(!this.isActive)throw new i.qA(this._id);return this._lastActivityAt=Date.now(),this._resetTimeout(),this._server.processThought(e)}getInfo(){return{id:this._id,server:this._server,createdAt:this._createdAt,lastActivityAt:this._lastActivityAt,isActive:this.isActive}}isTimedOut(){return Date.now()-this._lastActivityAt>this._timeout}async close(){this._isActiveValue=!1,this._cleanupTimer&&(clearTimeout(this._cleanupTimer),this._cleanupTimer=null),this._server.stop()}_startTimeout(){this._cleanupTimer&&clearTimeout(this._cleanupTimer),this._cleanupTimer=setTimeout(()=>{this.isTimedOut()&&(this._logger.warn(`Session ${this._id} timed out, closing`),this.close().catch(e=>{this._logger.error(`Error closing timed out session ${this._id}:`,e)}))},this._timeout)}_resetTimeout(){this._startTimeout()}}class o{_sessions=new Map;_createSessionLock=null;_maxSessions;_sessionTimeout;_autoCleanup;_cleanupInterval;_cleanupTimerId=null;_terminated=!1;_logger;_serverFactory;constructor(e={}){this._maxSessions=e.maxSessions??100,this._sessionTimeout=e.sessionTimeout??3e5,this._autoCleanup=e.autoCleanup??!0,this._cleanupInterval=e.cleanupInterval??6e4,this._serverFactory=e.serverFactory??null,this._logger=e.logger??this._createNoopLogger(),this._autoCleanup&&this._startCleanup()}_createNoopLogger(){return{info:()=>{},warn:()=>{},error:()=>{},debug:()=>{},setLevel:()=>{},getLevel:()=>"info"}}async createSession(){let e;for(;this._createSessionLock;)await this._createSessionLock;if(this._terminated)throw new i.m_;if(this._sessions.size>=this._maxSessions)throw new i.yM(this._maxSessions);if(!this._serverFactory)throw Error("ConnectionPool requires a serverFactory option to create sessions");this._createSessionLock=new Promise(t=>{e=t});try{let e=`session_${Date.now()}_${Math.random().toString(36).substring(2,11)}`,t=await this._serverFactory(),s=new n(e,t,this._sessionTimeout,this._logger);return this._sessions.set(e,s),this._logger.info(`Created session ${e} (${this._sessions.size}/${this._maxSessions} active sessions)`),e}finally{e(),this._createSessionLock=null}}async process(e,t){let s=this._sessions.get(e);if(!s)throw new i.Ag(e);return s.process(t)}async closeSession(e){let t=this._sessions.get(e);if(!t)throw new i.Ag(e);await t.close(),this._sessions.delete(e),this._logger.info(`Closed session ${e} (${this._sessions.size}/${this._maxSessions} active sessions)`)}getSessionInfo(e){var t;return null==(t=this._sessions.get(e))?void 0:t.getInfo()}getActiveSessions(){return Array.from(this._sessions.values()).filter(e=>e.isActive).map(e=>e.getInfo())}getStats(){let e=this.getActiveSessions();return{totalSessions:this._sessions.size,activeSessions:e.length,maxSessions:this._maxSessions,cleanupEnabled:this._autoCleanup,sessionTimeout:this._sessionTimeout}}_startCleanup(){null!==this._cleanupTimerId&&clearInterval(this._cleanupTimerId),this._cleanupTimerId=setInterval(()=>{this._cleanupTimedOutSessions()},this._cleanupInterval)}_cleanupTimedOutSessions(){let e=0;for(let[t,s]of this._sessions.entries())s.isTimedOut()&&(s.close().catch(e=>{this._logger.error(`Error closing timed out session ${t}:`,e)}),this._sessions.delete(t),e++);e>0&&this._logger.info(`Cleaned ${e} timed-out sessions (${this._sessions.size}/${this._maxSessions} active sessions)`)}async terminate(){if(this._terminated)return;this._terminated=!0,null!==this._cleanupTimerId&&(clearInterval(this._cleanupTimerId),this._cleanupTimerId=null);let e=Array.from(this._sessions.values()).map(e=>e.close().catch(t=>{this._logger.error(`Error closing session ${e.getInfo().id}:`,t)}));await Promise.all(e),this._sessions.clear(),this._logger.info("ConnectionPool terminated")}async dispose(){await this.terminate()}isRunning(){return!this._terminated}}function r(e){return new o(e)}},555(e,t,s){s.d(t,{Uv:()=>d,ZK:()=>h,iV:()=>p});var i=s(821);let n=`A detailed tool for dynamic and reflective problem-solving through thoughts.
+import * as __rspack_external__lib_js_262c9725 from "./lib.js";
+import * as __rspack_external_node_crypto_9ba42079 from "node:crypto";
+import * as __rspack_external_node_http_2dc67212 from "node:http";
+import * as __rspack_external_node_url_e96de089 from "node:url";
+import * as __rspack_external_valibot from "valibot";
+import * as __rspack_external_node_async_hooks_e65a2d6c from "node:async_hooks";
+import * as __rspack_external__tmcp_adapter_valibot_fbccc1df from "@tmcp/adapter-valibot";
+import * as __rspack_external__tmcp_transport_stdio_9731848f from "@tmcp/transport-stdio";
+import * as __rspack_external_node_fs_5ea92f0c from "node:fs";
+import * as __rspack_external_node_path_c5b9b54f from "node:path";
+import * as __rspack_external_tmcp from "tmcp";
+var __webpack_modules__ = ({
+923(__unused_rspack_module, __webpack_exports__, __webpack_require__) {
+
+// EXPORTS
+__webpack_require__.d(__webpack_exports__, {
+  RE: () => (/* binding */ getRequestId),
+  Vo: () => (/* binding */ runWithContext)
+});
+
+// UNUSED EXPORTS: getOwner
+
+;// CONCATENATED MODULE: external "node:async_hooks"
+
+;// CONCATENATED MODULE: ./src/context/RequestContext.ts
+/**
+ * Request context management using AsyncLocalStorage for correlation IDs.
+ *
+ * Provides zero-cost request ID propagation across async boundaries
+ * via Node.js AsyncLocalStorage.
+ *
+ * @module context
+ */ 
+/**
+ * AsyncLocalStorage instance for request context.
+ * Stores requestId that propagates across async boundaries.
+ */ const store = new __rspack_external_node_async_hooks_e65a2d6c.AsyncLocalStorage();
+/**
+ * Get the current request ID from context.
+ *
+ * Returns undefined if called outside of a runWithContext() call.
+ *
+ * @returns The current request ID or undefined
+ */ function getRequestId() {
+    return store.getStore()?.requestId;
+}
+/**
+ * Run a function with the given request context. The context propagates
+ * across async boundaries via AsyncLocalStorage.
+ *
+ * @param ctx - Request context to install (requestId, optional owner)
+ * @param fn - Function to execute within the context
+ * @returns The return value of `fn`
+ */ function runWithContext(ctx, fn) {
+    return store.run(ctx, fn);
+}
+/**
+ * Get the current owner identifier from context.
+ *
+ * Returns undefined when called outside of a runWithContext() call or when
+ * the context did not specify an owner (e.g. stdio transport).
+ *
+ * @returns The current owner or undefined
+ */ function getOwner() {
+    return store.getStore()?.owner;
+}
+
+
+},
+937(__unused_rspack_module, __webpack_exports__, __webpack_require__) {
+__webpack_require__.d(__webpack_exports__, {
+  Ag: () => (SessionNotFoundError),
+  m_: () => (PoolTerminatedError),
+  qA: () => (SessionNotActiveError),
+  u1: () => (getErrorMessage),
+  yM: () => (MaxSessionsReachedError)
+});
+/**
+ * Custom error types for the TraceLattice server.
+ *
+ * This module defines a hierarchy of error classes for handling various
+ * error conditions that can occur in the sequential thinking server.
+ * All errors extend the base `SequentialThinkingError` class with
+ * specific error codes for programmatic handling.
+ *
+ * @example
+ * ```typescript
+ * import { ToolNotFoundError, SkillDiscoveryError } from './errors.js';
+ *
+ * // Throw a tool not found error
+ * throw new ToolNotFoundError('my-tool');
+ *
+ * // Catch and handle specific errors
+ * try {
+ *   await discoverSkills(dir);
+ * } catch (error) {
+ *   if (error instanceof SkillDiscoveryError) {
+ *     console.error(`Failed to discover skills: ${error.message}`);
+ *     console.error(`Error code: ${error.code}`);
+ *   }
+ * }
+ * ```
+ * @module errors
+ */ /**
+ * All known error codes as a const object for exhaustive switching.
+ */ const ERROR_CODES = {
+    CONFIGURATION_ERROR: 'CONFIGURATION_ERROR',
+    TOOL_NOT_FOUND: 'TOOL_NOT_FOUND',
+    SKILL_NOT_FOUND: 'SKILL_NOT_FOUND',
+    INVALID_THOUGHT: 'INVALID_THOUGHT',
+    SKILL_DISCOVERY_FAILED: 'SKILL_DISCOVERY_FAILED',
+    HISTORY_LIMIT_EXCEEDED: 'HISTORY_LIMIT_EXCEEDED',
+    DUPLICATE_SKILL: 'DUPLICATE_SKILL',
+    INVALID_SKILL: 'INVALID_SKILL',
+    DUPLICATE_TOOL: 'DUPLICATE_TOOL',
+    INVALID_TOOL: 'INVALID_TOOL',
+    SESSION_NOT_ACTIVE: 'SESSION_NOT_ACTIVE',
+    SESSION_NOT_FOUND: 'SESSION_NOT_FOUND',
+    MAX_SESSIONS_REACHED: 'MAX_SESSIONS_REACHED',
+    POOL_TERMINATED: 'POOL_TERMINATED',
+    VALIDATION_ERROR: 'VALIDATION_ERROR',
+    INVALID_EDGE: 'INVALID_EDGE',
+    CYCLE_DETECTED: 'CYCLE_DETECTED',
+    SUSPENSION_NOT_FOUND: 'SUSPENSION_NOT_FOUND',
+    SUSPENSION_EXPIRED: 'SUSPENSION_EXPIRED',
+    INVALID_TOOL_CALL: 'INVALID_TOOL_CALL',
+    INVALID_BACKTRACK: 'INVALID_BACKTRACK',
+    DUPLICATE_SUMMARY: 'DUPLICATE_SUMMARY',
+    UNKNOWN_TOOL: 'UNKNOWN_TOOL',
+    LOCK_TIMEOUT: 'LOCK_TIMEOUT',
+    SESSION_ACCESS_DENIED: 'SESSION_ACCESS_DENIED'
+};
+/**
+ * All known warning codes as a const object.
+ * Warnings are non-fatal advisory signals returned alongside successful results.
+ */ const WARNING_CODES = (/* unused pure expression or super */ null && ({
+    TOTAL_THOUGHTS_ADJUSTED: 'TOTAL_THOUGHTS_ADJUSTED'
+}));
+/**
+ * Base error class for all Sequential Thinking server errors.
+ *
+ * This error extends the native `Error` class and adds a `code` property
+ * for programmatic error identification and handling. All specific error
+ * types in the system extend this base class.
+ *
+ * @remarks
+ * **Error Codes:**
+ * - `TOOL_NOT_FOUND` - A requested tool was not found
+ * - `SKILL_NOT_FOUND` - A requested skill was not found
+ * - `INVALID_THOUGHT` - Thought validation failed
+ * - `SKILL_DISCOVERY_FAILED` - Skill discovery operation failed
+ * - `HISTORY_LIMIT_EXCEEDED` - History size limit was exceeded
+ * - `INVALID_EDGE` - An invalid edge operation was attempted
+ *
+ * @example
+ * ```typescript
+ * // Throw a custom sequential thinking error
+ * throw new SequentialThinkingError('Custom error message', 'CUSTOM_CODE');
+ *
+ * // Check if an error is a SequentialThinkingError
+ * if (error instanceof SequentialThinkingError) {
+ *   console.error(`Error [${error.code}]: ${error.message}`);
+ * }
+ * ```
+ */ class SequentialThinkingError extends Error {
+    /** The error code for programmatic identification. */ code;
+    /**
+	 * Creates a new SequentialThinkingError.
+	 *
+	 * @param message - Human-readable error message
+	 * @param code - Error code for programmatic handling
+	 *
+	 * @example
+	 * ```typescript
+	 * const error = new SequentialThinkingError(
+	 *   'Something went wrong',
+	 *   'CUSTOM_ERROR'
+	 * );
+	 * console.log(error.code); // 'CUSTOM_ERROR'
+	 * ```
+	 */ constructor(message, code){
+        super(message);
+        this.code = code;
+        this.name = 'SequentialThinkingError';
+        Error.captureStackTrace(this, this.constructor);
+    }
+}
+class ConfigurationError extends SequentialThinkingError {
+    constructor(message){
+        super(message, ERROR_CODES.CONFIGURATION_ERROR);
+        this.name = 'ConfigurationError';
+    }
+}
+/**
+ * Error thrown when a requested tool is not found in the registry.
+ *
+ * This error is thrown when attempting to retrieve, update, or delete
+ * a tool that doesn't exist in the tool registry.
+ *
+ * @example
+ * ```typescript
+ * const tool = registry.getTool('non-existent-tool');
+ * if (!tool) {
+ *   throw new ToolNotFoundError('non-existent-tool');
+ * }
+ * ```
+ */ class ToolNotFoundError extends SequentialThinkingError {
+    /**
+	 * Creates a new ToolNotFoundError.
+	 *
+	 * @param toolName - The name of the tool that was not found
+	 * @param action - Optional action being performed (e.g., 'remove', 'update')
+	 *
+	 * @example
+	 * ```typescript
+	 * throw new ToolNotFoundError('my-custom-tool');
+	 * // Error: tool 'my-custom-tool' not found
+	 *
+	 * throw new ToolNotFoundError('my-custom-tool', 'remove');
+	 * // Error: tool 'my-custom-tool' not found, cannot remove
+	 * // Code: TOOL_NOT_FOUND
+	 * ```
+	 */ constructor(toolName, action){
+        const message = action ? `Tool '${toolName}' not found, cannot ${action}` : `Tool '${toolName}' not found`;
+        super(message, ERROR_CODES.TOOL_NOT_FOUND);
+        this.name = 'ToolNotFoundError';
+    }
+}
+/**
+ * Error thrown when a requested skill is not found in the registry.
+ *
+ * This error is thrown when attempting to retrieve, update, or delete
+ * a skill that doesn't exist in the skill registry.
+ *
+ * @example
+ * ```typescript
+ * const skill = registry.getSkill('non-existent-skill');
+ * if (!skill) {
+ *   throw new SkillNotFoundError('non-existent-skill');
+ * }
+ * ```
+ */ class SkillNotFoundError extends SequentialThinkingError {
+    /**
+	 * Creates a new SkillNotFoundError.
+	 *
+	 * @param skillName - The name of the skill that was not found
+	 * @param action - Optional action being performed (e.g., 'remove', 'update')
+	 *
+	 * @example
+	 * ```typescript
+	 * throw new SkillNotFoundError('my-custom-skill');
+	 * // Error: skill 'my-custom-skill' not found
+	 *
+	 * throw new SkillNotFoundError('my-custom-skill', 'remove');
+	 * // Error: skill 'my-custom-skill' not found, cannot remove
+	 * // Code: SKILL_NOT_FOUND
+	 * ```
+	 */ constructor(skillName, action){
+        const message = action ? `Skill '${skillName}' not found, cannot ${action}` : `Skill '${skillName}' not found`;
+        super(message, ERROR_CODES.SKILL_NOT_FOUND);
+        this.name = 'SkillNotFoundError';
+    }
+}
+/**
+ * Error thrown when thought validation fails.
+ *
+ * This error is thrown when a thought fails validation, typically due to
+ * invalid values, missing required fields, or constraint violations.
+ *
+ * @example
+ * ```typescript
+ * // Validate thought number
+ * if (thought.thought_number < 1) {
+ *   throw new InvalidThoughtError(thought.thought_number, 'thought_number must be >= 1');
+ * }
+ * ```
+ */ class InvalidThoughtError extends SequentialThinkingError {
+    /**
+	 * Creates a new InvalidThoughtError.
+	 *
+	 * @param thoughtNumber - The thought number that failed validation
+	 * @param reason - Human-readable explanation of why validation failed
+	 *
+	 * @example
+	 * ```typescript
+	 * throw new InvalidThoughtError(5, 'thought_number exceeds total_thoughts');
+	 * // Error: Invalid thought 5: thought_number exceeds total_thoughts
+	 * // Code: INVALID_THOUGHT
+	 * ```
+	 */ constructor(thoughtNumber, reason){
+        super(`Invalid thought ${thoughtNumber}: ${reason}`, ERROR_CODES.INVALID_THOUGHT);
+        this.name = 'InvalidThoughtError';
+    }
+}
+/**
+ * Error thrown when skill discovery fails.
+ *
+ * This error is thrown when the skill discovery process encounters an issue,
+ * such as filesystem errors, invalid skill files, or parsing failures.
+ *
+ * @remarks
+ * The original error that caused the discovery failure is preserved in the
+ * `cause` property for debugging purposes.
+ *
+ * @example
+ * ```typescript
+ * try {
+ *   await discoverSkills('./skills');
+ * } catch (error) {
+ *   throw new SkillDiscoveryError('./skills', error as Error);
+ * }
+ * ```
+ */ class SkillDiscoveryError extends SequentialThinkingError {
+    /** The underlying error that caused the discovery failure. */ cause;
+    /**
+	 * Creates a new SkillDiscoveryError.
+	 *
+	 * @param directory - The directory where discovery failed
+	 * @param cause - The underlying error that caused the failure
+	 *
+	 * @example
+	 * ```typescript
+	 * try {
+	 *   const skills = await loadSkills('./invalid-directory');
+	 * } catch (error) {
+	 *   throw new SkillDiscoveryError('./invalid-directory', error as Error);
+	 * }
+	 * ```
+	 */ constructor(directory, cause){
+        super(`Failed to discover skills in ${directory}: ${cause.message}`, ERROR_CODES.SKILL_DISCOVERY_FAILED);
+        this.name = 'SkillDiscoveryError';
+        this.cause = cause;
+    }
+}
+/**
+ * Error thrown when history size exceeds the configured limit.
+ *
+ * This error is thrown when an operation would cause the history size
+ * to exceed the maximum configured size limit.
+ *
+ * @example
+ * ```typescript
+ * if (history.length >= maxSize) {
+ *   throw new HistoryLimitExceededError(history.length, maxSize);
+ * }
+ * ```
+ */ class HistoryLimitExceededError extends SequentialThinkingError {
+    /**
+	 * Creates a new HistoryLimitExceededError.
+	 *
+	 * @param currentSize - The current history size
+	 * @param maxSize - The maximum allowed size
+	 *
+	 * @example
+	 * ```typescript
+	 * throw new HistoryLimitExceededError(1500, 1000);
+	 * // Error: History size 1500 exceeds limit 1000
+	 * // Code: HISTORY_LIMIT_EXCEEDED
+	 * ```
+	 */ constructor(currentSize, maxSize){
+        super(`History size ${currentSize} exceeds limit ${maxSize}`, ERROR_CODES.HISTORY_LIMIT_EXCEEDED);
+        this.name = 'HistoryLimitExceededError';
+    }
+}
+/**
+ * Error thrown when attempting to add a skill that already exists.
+ *
+ * This error is thrown when trying to register a skill with a name that
+ * is already present in the skill registry.
+ *
+ * @example
+ * ```typescript
+ * if (registry.hasSkill(skill.name)) {
+ *   throw new DuplicateSkillError(skill.name);
+ * }
+ * ```
+ */ class DuplicateSkillError extends SequentialThinkingError {
+    /**
+	 * Creates a new DuplicateSkillError.
+	 *
+	 * @param skillName - The name of the duplicate skill
+	 *
+	 * @example
+	 * ```typescript
+	 * throw new DuplicateSkillError('my-skill');
+	 * // Error: skill 'my-skill' already exists
+	 * // Code: DUPLICATE_SKILL
+	 * ```
+	 */ constructor(skillName){
+        super(`skill '${skillName}' already exists`, ERROR_CODES.DUPLICATE_SKILL);
+        this.name = 'DuplicateSkillError';
+    }
+}
+/**
+ * Error thrown when a skill has invalid data.
+ *
+ * This error is thrown when a skill fails validation, typically due to
+ * missing required fields or invalid values.
+ *
+ * @example
+ * ```typescript
+ * if (!skill.name) {
+ *   throw new InvalidSkillError('Skill must have a valid name');
+ * }
+ * ```
+ */ class InvalidSkillError extends SequentialThinkingError {
+    /**
+	 * Creates a new InvalidSkillError.
+	 *
+	 * @param reason - The reason for the validation failure
+	 *
+	 * @example
+	 * ```typescript
+	 * throw new InvalidSkillError('Skill must have a valid name');
+	 * // Error: Invalid skill: Skill must have a valid name
+	 * // Code: INVALID_SKILL
+	 * ```
+	 */ constructor(reason){
+        super(`Invalid skill: ${reason}`, ERROR_CODES.INVALID_SKILL);
+        this.name = 'InvalidSkillError';
+    }
+}
+/**
+ * Error thrown when attempting to add a tool that already exists.
+ *
+ * This error is thrown when trying to register a tool with a name that
+ * is already present in the tool registry.
+ *
+ * @example
+ * ```typescript
+ * if (registry.hasTool(tool.name)) {
+ *   throw new DuplicateToolError(tool.name);
+ * }
+ * ```
+ */ class DuplicateToolError extends SequentialThinkingError {
+    /**
+	 * Creates a new DuplicateToolError.
+	 *
+	 * @param toolName - The name of the duplicate tool
+	 *
+	 * @example
+	 * ```typescript
+	 * throw new DuplicateToolError('my-tool');
+	 * // Error: tool 'my-tool' already exists
+	 * // Code: DUPLICATE_TOOL
+	 * ```
+	 */ constructor(toolName){
+        super(`tool '${toolName}' already exists`, ERROR_CODES.DUPLICATE_TOOL);
+        this.name = 'DuplicateToolError';
+    }
+}
+/**
+ * Error thrown when a tool has invalid data.
+ *
+ * This error is thrown when a tool fails validation, typically due to
+ * missing required fields or invalid values.
+ *
+ * @example
+ * ```typescript
+ * if (!tool.name) {
+ *   throw new InvalidToolError('Tool must have a valid name');
+ * }
+ * ```
+ */ class InvalidToolError extends SequentialThinkingError {
+    /**
+	 * Creates a new InvalidToolError.
+	 *
+	 * @param reason - The reason for the validation failure
+	 *
+	 * @example
+	 * ```typescript
+	 * throw new InvalidToolError('Tool must have a valid name');
+	 * // Error: Invalid tool: Tool must have a valid name
+	 * // Code: INVALID_TOOL
+	 * ```
+	 */ constructor(reason){
+        super(`Invalid tool: ${reason}`, ERROR_CODES.INVALID_TOOL);
+        this.name = 'InvalidToolError';
+    }
+}
+/**
+ * Error thrown when attempting to process a session that is not active.
+ *
+ * This error is thrown when trying to use a session that has been closed
+ * or deactivated.
+ *
+ * @example
+ * ```typescript
+ * if (!session.isActive) {
+ *   throw new SessionNotActiveError(sessionId);
+ * }
+ * ```
+ */ class SessionNotActiveError extends SequentialThinkingError {
+    /**
+	 * Creates a new SessionNotActiveError.
+	 *
+	 * @param sessionId - The ID of the inactive session
+	 *
+	 * @example
+	 * ```typescript
+	 * throw new SessionNotActiveError('session-123');
+	 * // Error: Session 'session-123' is not active
+	 * // Code: SESSION_NOT_ACTIVE
+	 * ```
+	 */ constructor(sessionId){
+        super(`Session '${sessionId}' is not active`, ERROR_CODES.SESSION_NOT_ACTIVE);
+        this.name = 'SessionNotActiveError';
+    }
+}
+/**
+ * Error thrown when a requested session is not found in the pool.
+ *
+ * This error is thrown when attempting to retrieve, process, or close
+ * a session that doesn't exist in the session pool.
+ *
+ * @example
+ * ```typescript
+ * const session = pool.getSession('non-existent-session');
+ * if (!session) {
+ *   throw new SessionNotFoundError('non-existent-session');
+ * }
+ * ```
+ */ class SessionNotFoundError extends SequentialThinkingError {
+    /**
+	 * Creates a new SessionNotFoundError.
+	 *
+	 * @param sessionId - The ID of the session that was not found
+	 *
+	 * @example
+	 * ```typescript
+	 * throw new SessionNotFoundError('session-123');
+	 * // Error: Session not found: session-123
+	 * // Code: SESSION_NOT_FOUND
+	 * ```
+	 */ constructor(sessionId){
+        super(`Session not found: ${sessionId}`, ERROR_CODES.SESSION_NOT_FOUND);
+        this.name = 'SessionNotFoundError';
+    }
+}
+/**
+ * Error thrown when the maximum number of sessions has been reached.
+ *
+ * This error is thrown when trying to create a new session when the
+ * pool has reached its configured maximum session limit.
+ *
+ * @example
+ * ```typescript
+ * if (pool.sessionCount >= pool.maxSessions) {
+ *   throw new MaxSessionsReachedError(pool.maxSessions);
+ * }
+ * ```
+ */ class MaxSessionsReachedError extends SequentialThinkingError {
+    /**
+	 * Creates a new MaxSessionsReachedError.
+	 *
+	 * @param maxSessions - The maximum number of sessions allowed
+	 *
+	 * @example
+	 * ```typescript
+	 * throw new MaxSessionsReachedError(100);
+	 * // Error: Max sessions (100) reached. Wait for a session to close or increase maxSessions.
+	 * // Code: MAX_SESSIONS_REACHED
+	 * ```
+	 */ constructor(maxSessions){
+        super(`Max sessions (${maxSessions}) reached. Wait for a session to close or increase maxSessions.`, ERROR_CODES.MAX_SESSIONS_REACHED);
+        this.name = 'MaxSessionsReachedError';
+    }
+}
+/**
+ * Error thrown when attempting to use a terminated connection pool.
+ *
+ * This error is thrown when trying to create sessions or process requests
+ * after the connection pool has been terminated.
+ *
+ * @example
+ * ```typescript
+ * if (pool.isTerminated) {
+ *   throw new PoolTerminatedError();
+ * }
+ * ```
+ */ class PoolTerminatedError extends SequentialThinkingError {
+    /**
+	 * Creates a new PoolTerminatedError.
+	 *
+	 * @example
+	 * ```typescript
+	 * throw new PoolTerminatedError();
+	 * // Error: ConnectionPool has been terminated
+	 * // Code: POOL_TERMINATED
+	 * ```
+	 */ constructor(){
+        super('ConnectionPool has been terminated', ERROR_CODES.POOL_TERMINATED);
+        this.name = 'PoolTerminatedError';
+    }
+}
+/**
+ * Error thrown when input validation fails due to invalid or malicious data.
+ *
+ * This error is thrown when user input fails security or format validation,
+ * such as path traversal attempts or invalid identifier formats.
+ *
+ * @example
+ * ```typescript
+ * if (!BRANCH_ID_PATTERN.test(branchId)) {
+ *   throw new ValidationError('branchId', 'Invalid format');
+ * }
+ * ```
+ */ class ValidationError extends SequentialThinkingError {
+    /** The field that failed validation. */ field;
+    constructor(field, reason){
+        super(`Validation failed for '${field}': ${reason}`, ERROR_CODES.VALIDATION_ERROR);
+        this.name = 'ValidationError';
+        this.field = field;
+    }
+}
+/**
+ * Error thrown when an invalid edge operation is attempted.
+ *
+ * This error is thrown when attempting to add an edge that violates
+ * structural invariants of the thought DAG, such as a self-edge
+ * (where `from` and `to` reference the same thought).
+ *
+ * @example
+ * ```typescript
+ * if (edge.from === edge.to) {
+ *   throw new InvalidEdgeError(
+ *     `Self-edge not allowed: from and to are the same (${edge.from})`
+ *   );
+ * }
+ * ```
+ */ class InvalidEdgeError extends SequentialThinkingError {
+    /**
+	 * Creates a new InvalidEdgeError.
+	 *
+	 * @param message - Human-readable explanation of the invalid edge
+	 *
+	 * @example
+	 * ```typescript
+	 * throw new InvalidEdgeError('Self-edge not allowed: from and to are the same (t1)');
+	 * // Code: INVALID_EDGE
+	 * ```
+	 */ constructor(message){
+        super(message, ERROR_CODES.INVALID_EDGE);
+        this.name = 'InvalidEdgeError';
+    }
+}
+/**
+ * Error thrown when a cycle is detected during graph traversal.
+ *
+ * This error is thrown by graph algorithms (such as topological sort)
+ * when the thought DAG contains a cycle, violating the acyclic invariant.
+ *
+ * @example
+ * ```typescript
+ * try {
+ *   const order = graphView.topological(sessionId);
+ * } catch (error) {
+ *   if (error instanceof CycleDetectedError) {
+ *     console.error('Cycle in thought graph:', error.message);
+ *   }
+ * }
+ * ```
+ */ class CycleDetectedError extends SequentialThinkingError {
+    /**
+	 * Creates a new CycleDetectedError.
+	 *
+	 * @param message - Human-readable explanation of the cycle
+	 *
+	 * @example
+	 * ```typescript
+	 * throw new CycleDetectedError('Cycle detected in session s1');
+	 * // Code: CYCLE_DETECTED
+	 * ```
+	 */ constructor(message){
+        super(message, ERROR_CODES.CYCLE_DETECTED);
+        this.name = 'CycleDetectedError';
+    }
+}
+/**
+ * Error thrown when a suspension record is not found.
+ *
+ * This error is thrown when attempting to resume a tool interleave
+ * suspension that does not exist in the suspension store.
+ */ class SuspensionNotFoundError extends SequentialThinkingError {
+    constructor(message){
+        super(message, ERROR_CODES.SUSPENSION_NOT_FOUND);
+        this.name = 'SuspensionNotFoundError';
+    }
+}
+/**
+ * Error thrown when a suspension record has expired.
+ *
+ * This error is thrown when attempting to resume a tool interleave
+ * suspension whose TTL has elapsed.
+ */ class SuspensionExpiredError extends SequentialThinkingError {
+    constructor(message){
+        super(message, ERROR_CODES.SUSPENSION_EXPIRED);
+        this.name = 'SuspensionExpiredError';
+    }
+}
+/**
+ * Error thrown when a tool call payload is invalid.
+ *
+ * This error is thrown when a tool interleave invocation has malformed
+ * arguments, missing identifiers, or otherwise fails validation.
+ */ class InvalidToolCallError extends SequentialThinkingError {
+    constructor(message){
+        super(message, ERROR_CODES.INVALID_TOOL_CALL);
+        this.name = 'InvalidToolCallError';
+    }
+}
+/**
+ * Error thrown when a backtrack operation is invalid.
+ *
+ * This error is thrown when an attempt to backtrack the reasoning
+ * chain references an unreachable thought or violates DAG invariants.
+ */ class InvalidBacktrackError extends SequentialThinkingError {
+    constructor(message){
+        super(message, ERROR_CODES.INVALID_BACKTRACK);
+        this.name = 'InvalidBacktrackError';
+    }
+}
+/**
+ * Error thrown when a tool_call references a tool not registered with the server.
+ *
+ * Acts as an allowlist gate: only tools registered in the ToolRegistry may be
+ * invoked through tool interleave. Prevents arbitrary tool name injection.
+ */ class UnknownToolError extends SequentialThinkingError {
+    toolName;
+    constructor(toolName, message){
+        super(message ?? `Unknown tool '${toolName}': not registered with the server`, ERROR_CODES.UNKNOWN_TOOL);
+        this.name = 'UnknownToolError';
+        this.toolName = toolName;
+    }
+}
+/**
+ * Error thrown when a per-session async lock cannot be acquired in time.
+ *
+ * Indicates that a critical section held the lock for longer than the
+ * configured timeout, suggesting a stuck handler or deadlock.
+ */ class LockTimeoutError extends SequentialThinkingError {
+    sessionId;
+    timeoutMs;
+    constructor(sessionId, timeoutMs){
+        super(`Lock timeout for session '${sessionId}' after ${timeoutMs}ms`, ERROR_CODES.LOCK_TIMEOUT);
+        this.name = 'LockTimeoutError';
+        this.sessionId = sessionId;
+        this.timeoutMs = timeoutMs;
+    }
+}
+/**
+ * Error thrown when a session is accessed by a non-owner.
+ *
+ * Sessions are bound to an owner identifier on first creation when accessed
+ * via a multi-user transport (SSE/HTTP). Subsequent access attempts using a
+ * different owner are rejected to prevent IDOR (Insecure Direct Object
+ * Reference) vulnerabilities.
+ *
+ * The stdio transport does not set an owner, so its sessions are unaffected.
+ */ class SessionAccessDeniedError extends SequentialThinkingError {
+    sessionId;
+    expectedOwner;
+    actualOwner;
+    constructor(sessionId, expectedOwner, actualOwner){
+        super(`Access denied to session '${sessionId}': owned by '${expectedOwner}', accessed by '${actualOwner ?? 'anonymous'}'`, ERROR_CODES.SESSION_ACCESS_DENIED);
+        this.name = 'SessionAccessDeniedError';
+        this.sessionId = sessionId;
+        this.expectedOwner = expectedOwner;
+        this.actualOwner = actualOwner;
+    }
+}
+/**
+ * Type guard to check if an error has a specific error code.
+ */ function isErrorCode(err, code) {
+    return err instanceof SequentialThinkingError && err.code === code;
+}
+/**
+ * Extract a human-readable message from an unknown error value.
+ *
+ * Standardizes the common `error instanceof Error ? error.message : String(error)`
+ * pattern used in catch blocks across the codebase.
+ *
+ * @param error - The unknown error value to extract a message from
+ * @returns The error message string
+ *
+ * @example
+ * ```typescript
+ * try {
+ *   await doSomething();
+ * } catch (error) {
+ *   logger.error('Failed', { error: getErrorMessage(error) });
+ * }
+ * ```
+ */ function getErrorMessage(error) {
+    return error instanceof Error ? error.message : String(error);
+}
+
+
+},
+789(__unused_rspack_module, __webpack_exports__, __webpack_require__) {
+__webpack_require__.d(__webpack_exports__, {
+  createConnectionPool: () => (createConnectionPool)
+});
+/* import */ var _errors_js__rspack_import_0 = __webpack_require__(937);
+/**
+ * Connection Pool for managing concurrent user sessions.
+ *
+ * This module provides session management for multi-user scenarios,
+ * allowing multiple concurrent clients to each have isolated state.
+ *
+ * @example
+ * ```typescript
+ * const pool = new ConnectionPool({
+ *   maxSessions: 100,
+ *   sessionTimeout: 300000 // 5 minutes
+ * });
+ *
+ * const sessionId = await pool.createSession();
+ * await pool.process(sessionId, thought);
+ * await pool.closeSession(sessionId);
+ * ```
+ */ 
+/**
+ * Represents a user session with its own server instance.
+ */ class Session {
+    _server;
+    _id;
+    _createdAt;
+    _lastActivityAt;
+    _isActiveValue;
+    _timeout;
+    _cleanupTimer = null;
+    _logger;
+    constructor(id, server, timeout, logger){
+        this._server = server;
+        this._id = id;
+        this._createdAt = Date.now();
+        this._lastActivityAt = this._createdAt;
+        this._isActiveValue = true;
+        this._timeout = timeout;
+        this._logger = logger;
+        // Start session timeout timer
+        this._startTimeout();
+    }
+    /**
+	 * Check if the session is active.
+	 */ get isActive() {
+        return this._isActiveValue;
+    }
+    /**
+	 * Process a thought through this session's server instance.
+	 */ async process(input) {
+        if (!this.isActive) {
+            throw new _errors_js__rspack_import_0/* .SessionNotActiveError */.qA(this._id);
+        }
+        // Update last activity
+        this._lastActivityAt = Date.now();
+        // Reset timeout timer
+        this._resetTimeout();
+        // Process the thought
+        return this._server.processThought(input);
+    }
+    /**
+	 * Get session information.
+	 */ getInfo() {
+        return {
+            id: this._id,
+            server: this._server,
+            createdAt: this._createdAt,
+            lastActivityAt: this._lastActivityAt,
+            isActive: this.isActive
+        };
+    }
+    /**
+	 * Check if the session has timed out.
+	 */ isTimedOut() {
+        return Date.now() - this._lastActivityAt > this._timeout;
+    }
+    /**
+	 * Close the session and stop the server.
+	 */ async close() {
+        this._isActiveValue = false;
+        // Stop timeout timer
+        if (this._cleanupTimer) {
+            clearTimeout(this._cleanupTimer);
+            this._cleanupTimer = null;
+        }
+        // Stop the server
+        this._server.stop();
+    }
+    /**
+	 * Start the session timeout timer.
+	 */ _startTimeout() {
+        if (this._cleanupTimer) {
+            clearTimeout(this._cleanupTimer);
+        }
+        this._cleanupTimer = setTimeout(()=>{
+            if (this.isTimedOut()) {
+                this._logger.warn(`Session ${this._id} timed out, closing`);
+                this.close().catch((err)=>{
+                    this._logger.error(`Error closing timed out session ${this._id}:`, err);
+                });
+            }
+        }, this._timeout);
+    }
+    /**
+	 * Reset the timeout timer after activity.
+	 */ _resetTimeout() {
+        this._startTimeout();
+    }
+}
+/**
+ * ConnectionPool manages multiple concurrent user sessions.
+ *
+ * Each session has its own server instance with isolated state,
+ * allowing multiple users to interact with the system simultaneously.
+ */ class ConnectionPool {
+    _sessions = new Map();
+    _createSessionLock = null;
+    _maxSessions;
+    _sessionTimeout;
+    _autoCleanup;
+    _cleanupInterval;
+    _cleanupTimerId = null;
+    _terminated = false;
+    _logger;
+    _serverFactory;
+    constructor(options = {}){
+        this._maxSessions = options.maxSessions ?? 100;
+        this._sessionTimeout = options.sessionTimeout ?? 300000; // 5 minutes
+        this._autoCleanup = options.autoCleanup ?? true;
+        this._cleanupInterval = options.cleanupInterval ?? 60000; // 1 minute
+        this._serverFactory = options.serverFactory ?? null;
+        this._logger = options.logger ?? this._createNoopLogger();
+        if (this._autoCleanup) {
+            this._startCleanup();
+        }
+    }
+    /**
+	 * Create a no-op logger when none is provided.
+	 */ _createNoopLogger() {
+        return {
+            info: ()=>{},
+            warn: ()=>{},
+            error: ()=>{},
+            debug: ()=>{},
+            setLevel: ()=>{},
+            getLevel: ()=>'info'
+        };
+    }
+    /**
+	 * Create a new session.
+	 *
+	 * @returns The session ID
+	 * @throws Error if max sessions reached
+	 */ async createSession() {
+        while(this._createSessionLock){
+            await this._createSessionLock;
+        }
+        if (this._terminated) {
+            throw new _errors_js__rspack_import_0/* .PoolTerminatedError */.m_();
+        }
+        if (this._sessions.size >= this._maxSessions) {
+            throw new _errors_js__rspack_import_0/* .MaxSessionsReachedError */.yM(this._maxSessions);
+        }
+        if (!this._serverFactory) {
+            throw new Error('ConnectionPool requires a serverFactory option to create sessions');
+        }
+        let resolveLock;
+        this._createSessionLock = new Promise((resolve)=>{
+            resolveLock = resolve;
+        });
+        try {
+            // Generate unique session ID
+            const sessionId = `session_${Date.now()}_${Math.random().toString(36).substring(2, 11)}`;
+            // Create a new server instance for this session
+            const server = await this._serverFactory();
+            // Create session
+            const session = new Session(sessionId, server, this._sessionTimeout, this._logger);
+            this._sessions.set(sessionId, session);
+            this._logger.info(`Created session ${sessionId} (${this._sessions.size}/${this._maxSessions} active sessions)`);
+            return sessionId;
+        } finally{
+            resolveLock();
+            this._createSessionLock = null;
+        }
+    }
+    /**
+	 * Process a thought in the specified session.
+	 *
+	 * @param sessionId - The session ID
+	 * @param input - The thought data to process
+	 * @returns Promise with the processing result
+	 * @throws Error if session not found
+	 */ async process(sessionId, input) {
+        const session = this._sessions.get(sessionId);
+        if (!session) {
+            throw new _errors_js__rspack_import_0/* .SessionNotFoundError */.Ag(sessionId);
+        }
+        return session.process(input);
+    }
+    /**
+	 * Close a session and release resources.
+	 *
+	 * @param sessionId - The session ID to close
+	 * @throws Error if session not found
+	 */ async closeSession(sessionId) {
+        const session = this._sessions.get(sessionId);
+        if (!session) {
+            throw new _errors_js__rspack_import_0/* .SessionNotFoundError */.Ag(sessionId);
+        }
+        await session.close();
+        this._sessions.delete(sessionId);
+        this._logger.info(`Closed session ${sessionId} (${this._sessions.size}/${this._maxSessions} active sessions)`);
+    }
+    /**
+	 * Get information about a session.
+	 *
+	 * @param sessionId - The session ID
+	 * @returns Session info or undefined if not found
+	 */ getSessionInfo(sessionId) {
+        return this._sessions.get(sessionId)?.getInfo();
+    }
+    /**
+	 * Get all active sessions.
+	 *
+	 * @returns Array of session information
+	 */ getActiveSessions() {
+        return Array.from(this._sessions.values()).filter((s)=>s.isActive).map((s)=>s.getInfo());
+    }
+    /**
+	 * Get connection pool statistics.
+	 */ getStats() {
+        const activeSessions = this.getActiveSessions();
+        return {
+            totalSessions: this._sessions.size,
+            activeSessions: activeSessions.length,
+            maxSessions: this._maxSessions,
+            cleanupEnabled: this._autoCleanup,
+            sessionTimeout: this._sessionTimeout
+        };
+    }
+    /**
+	 * Start the automatic cleanup timer.
+	 */ _startCleanup() {
+        if (this._cleanupTimerId !== null) {
+            clearInterval(this._cleanupTimerId);
+        }
+        this._cleanupTimerId = setInterval(()=>{
+            this._cleanupTimedOutSessions();
+        }, this._cleanupInterval);
+    }
+    /**
+	 * Remove timed-out sessions.
+	 */ _cleanupTimedOutSessions() {
+        let cleaned = 0;
+        for (const [sessionId, session] of this._sessions.entries()){
+            if (session.isTimedOut()) {
+                session.close().catch((err)=>{
+                    this._logger.error(`Error closing timed out session ${sessionId}:`, err);
+                });
+                this._sessions.delete(sessionId);
+                cleaned++;
+            }
+        }
+        if (cleaned > 0) {
+            this._logger.info(`Cleaned ${cleaned} timed-out sessions (${this._sessions.size}/${this._maxSessions} active sessions)`);
+        }
+    }
+    /**
+	 * Close all sessions and stop the cleanup timer.
+	 */ async terminate() {
+        if (this._terminated) {
+            return;
+        }
+        this._terminated = true;
+        // Stop cleanup timer
+        if (this._cleanupTimerId !== null) {
+            clearInterval(this._cleanupTimerId);
+            this._cleanupTimerId = null;
+        }
+        // Close all sessions
+        const closePromises = Array.from(this._sessions.values()).map((session)=>session.close().catch((err)=>{
+                this._logger.error(`Error closing session ${session.getInfo().id}:`, err);
+            }));
+        await Promise.all(closePromises);
+        this._sessions.clear();
+        this._logger.info('ConnectionPool terminated');
+    }
+    /**
+	 * Dispose of the connection pool, releasing all resources.
+	 * Implements the IDisposable interface.
+	 * Delegates to terminate() for backward compatibility.
+	 */ async dispose() {
+        await this.terminate();
+    }
+    /**
+	 * Check if the connection pool is active.
+	 */ isRunning() {
+        return !this._terminated;
+    }
+}
+/**
+ * Create a connection pool with the given options.
+ *
+ * @param options - Connection pool configuration
+ * @returns A configured connection pool
+ *
+ * @example
+ * ```typescript
+ * const pool = createConnectionPool({
+ *   maxSessions: 50,
+ *   sessionTimeout: 300000
+ * });
+ * ```
+ */ function createConnectionPool(options) {
+    return new ConnectionPool(options);
+}
+
+
+},
+613(__unused_rspack_module, __webpack_exports__, __webpack_require__) {
+__webpack_require__.d(__webpack_exports__, {
+  Uv: () => (JsonRpcRequestSchema),
+  ZK: () => (SequentialThinkingSchema),
+  iV: () => (SEQUENTIAL_THINKING_TOOL)
+});
+/* import */ var valibot__rspack_import_0 = __webpack_require__(821);
+/**
+ * Valibot validation schemas for the sequential thinking MCP tool.
+ *
+ * This module defines the validation schemas used for the sequential thinking tool,
+ * including schemas for tool recommendations, skill recommendations, step recommendations,
+ * and the main sequential thinking input. All schemas use Valibot for runtime validation
+ * and provide detailed descriptions for MCP protocol compatibility.
+ *
+ * @remarks
+ * **Schema Overview:**
+ * - `ToolRecommendationSchema` - Validates tool recommendation objects with confidence scores
+ * - `SkillRecommendationSchema` - Validates skill recommendation objects
+ * - `StepRecommendationSchema` - Validates step coordination structures
+ * - `SequentialThinkingSchema` - Main schema for thought input validation
+ * - Reasoning enhancement fields: thought_type, quality_score, confidence, hypothesis_id, etc.
+ *
+ * @example
+ * ```typescript
+ * import { SequentialThinkingSchema } from './schema.js';
+ * import { safeParse } from 'valibot';
+ *
+ * const result = safeParse(SequentialThinkingSchema, inputData);
+ * if (result.success) {
+ *   const thought = result.output;
+ *   // Process the valid thought
+ * } else {
+ *   console.error('Validation failed:', result.issues);
+ * }
+ * ```
+ * @module schema
+ */ 
+/**
+ * Detailed description for the sequential thinking tool.
+ *
+ * This description is shown to LLMs when they consider using this tool.
+ * It explains when to use the tool, its features, parameters, and best practices.
+ */ const TOOL_DESCRIPTION = `A detailed tool for dynamic and reflective problem-solving through thoughts.
 This tool helps analyze problems through a flexible thinking process that can adapt and evolve.
 Each thought can build on, question, or revise previous insights as understanding deepens.
 
@@ -102,13 +1266,2443 @@ You should:
 20. Self-assess quality and confidence to track reasoning reliability
 21. Use merge_from_thoughts to combine insights from multiple reasoning branches
 22. Use session_id to isolate independent reasoning chains from each other
-23. Use reset_state: true when starting a completely new analysis to avoid statistical contamination from previous chains`,o=i.object({tool_name:i.pipe(i.string(),i.description("Name of the tool being recommended")),confidence:i.pipe(i.number(),i.minValue(0),i.maxValue(1),i.description("0-1 indicating confidence in recommendation")),rationale:i.pipe(i.string(),i.description("Why this tool is recommended")),priority:i.optional(i.pipe(i.number(),i.description("Order in the recommendation sequence (default: 999)"))),suggested_inputs:i.optional(i.pipe(i.record(i.string(),i.unknown()),i.description("Optional suggested parameters"))),alternatives:i.optional(i.pipe(i.array(i.string()),i.description("Alternative tools that could be used")))}),r=i.object({skill_name:i.pipe(i.string(),i.description("Name of the skill being recommended")),confidence:i.optional(i.pipe(i.number(),i.minValue(0),i.maxValue(1),i.description("0-1 indicating confidence in recommendation (default: 0.5)"))),rationale:i.optional(i.pipe(i.string(),i.description("Why this skill is recommended (default: empty string)"))),priority:i.optional(i.pipe(i.number(),i.description("Order in the recommendation sequence (default: 999)"))),alternatives:i.optional(i.pipe(i.array(i.string()),i.description("Alternative skills that could be used"))),allowed_tools:i.optional(i.pipe(i.array(i.string()),i.description("Tools this skill is allowed to use (from skill frontmatter)"))),user_invocable:i.optional(i.pipe(i.boolean(),i.description("Whether this skill can be user-invoked")))}),a=i.object({step_description:i.pipe(i.string(),i.description("What needs to be done")),recommended_tools:i.pipe(i.array(o),i.description("Tools recommended for this step")),recommended_skills:i.optional(i.pipe(i.array(r),i.description("Skills recommended for this step"))),expected_outcome:i.pipe(i.string(),i.description("What to expect from this step")),next_step_conditions:i.optional(i.pipe(i.array(i.string()),i.description("Conditions to consider for the next step")))}),l=i.object({tool_name:i.pipe(i.string(),i.description("Name of the tool being recommended")),rationale:i.optional(i.pipe(i.string(),i.description("Why this tool is recommended (default: empty string)"))),confidence:i.optional(i.pipe(i.number(),i.minValue(0),i.maxValue(1),i.description("0-1 indicating confidence in recommendation (default: 0.5)"))),priority:i.optional(i.pipe(i.number(),i.description("Order in the recommendation sequence (default: 999)"))),suggested_inputs:i.optional(i.pipe(i.record(i.string(),i.unknown()),i.description("Optional suggested parameters"))),alternatives:i.optional(i.pipe(i.array(i.string()),i.description("Alternative tools that could be used")))}),c=i.object({step_description:i.pipe(i.string(),i.description("What needs to be done")),recommended_tools:i.pipe(i.array(l),i.description("Tools recommended for this step")),recommended_skills:i.optional(i.pipe(i.array(r),i.description("Skills recommended for this step"))),expected_outcome:i.optional(i.pipe(i.string(),i.description("What to expect from this step (default: empty string)"))),next_step_conditions:i.optional(i.pipe(i.array(i.string()),i.description("Conditions to consider for the next step")))}),h=i.object({available_mcp_tools:i.optional(i.pipe(i.array(i.string()),i.description('Array of MCP tool names available for use (e.g., ["mcp-omnisearch", "mcp-turso-cloud"])'))),available_skills:i.optional(i.pipe(i.array(i.string()),i.description('Array of skill names available for use (e.g., ["commit", "review-pr", "pdf"])'))),thought:i.pipe(i.string(),i.description("Your current thinking step")),id:i.optional(i.pipe(i.string(),i.minLength(1),i.maxLength(30),i.description("Unique identifier for this thought. Auto-generated if not provided."))),next_thought_needed:i.optional(i.pipe(i.boolean(),i.description("Whether another thought step is needed (defaults to true if not provided)"))),thought_number:i.pipe(i.number(),i.minValue(1),i.description("Current thought number")),total_thoughts:i.pipe(i.number(),i.minValue(1),i.description("Estimated total thoughts needed")),is_revision:i.optional(i.pipe(i.boolean(),i.description("Whether this revises previous thinking"))),revises_thought:i.optional(i.pipe(i.number(),i.minValue(1),i.description("Which thought is being reconsidered"))),branch_from_thought:i.optional(i.pipe(i.number(),i.minValue(1),i.description("Branching point thought number"))),branch_id:i.optional(i.pipe(i.string(),i.regex(/^[a-zA-Z0-9_-]+$/,"Branch ID must contain only letters, numbers, hyphens, and underscores"),i.minLength(1),i.maxLength(50),i.description("Branch identifier (alphanumeric, hyphens, underscores only, max 50 chars)"))),needs_more_thoughts:i.optional(i.pipe(i.boolean(),i.description("If more thoughts are needed"))),current_step:i.optional(i.pipe(a,i.description("Current step recommendation"))),previous_steps:i.optional(i.pipe(i.array(c),i.description("Steps already recommended (lenient schema - allows partial data with defaults)"))),remaining_steps:i.optional(i.pipe(i.array(i.string()),i.description("High-level descriptions of upcoming steps"))),thought_type:i.optional(i.pipe(i.picklist(["regular","hypothesis","verification","critique","synthesis","meta","tool_call","tool_observation","assumption","decomposition","backtrack"]),i.description("Classified purpose: regular (default), hypothesis, verification, critique, synthesis, meta, tool_call (requires toolInterleave), tool_observation (requires toolInterleave), assumption (requires newThoughtTypes), decomposition (requires newThoughtTypes), backtrack (requires newThoughtTypes)"))),quality_score:i.optional(i.pipe(i.number(),i.minValue(0),i.maxValue(1),i.description("Self-assessed quality score (0-1)"))),confidence:i.optional(i.pipe(i.number(),i.minValue(0),i.maxValue(1),i.description("Explicit confidence in correctness (0-1)"))),hypothesis_id:i.optional(i.pipe(i.string(),i.regex(/^[a-zA-Z0-9_-]+$/,"Hypothesis ID must contain only letters, numbers, hyphens, and underscores"),i.minLength(1),i.maxLength(50),i.description("Identifier linking hypothesis to verification thoughts"))),verification_target:i.optional(i.pipe(i.number(),i.minValue(1),i.description("Thought number being verified or critiqued"))),synthesis_sources:i.optional(i.pipe(i.array(i.pipe(i.number(),i.minValue(1))),i.description("Thought numbers being synthesized"))),merge_from_thoughts:i.optional(i.pipe(i.array(i.pipe(i.number(),i.minValue(1))),i.description("Thought numbers from other branches being merged (DAG)"))),merge_branch_ids:i.optional(i.pipe(i.array(i.pipe(i.string(),i.regex(/^[a-zA-Z0-9_-]+$/),i.maxLength(50))),i.description("Branch IDs being merged into current context"))),meta_observation:i.optional(i.pipe(i.string(),i.description("Metacognitive observation about reasoning process"))),reasoning_depth:i.optional(i.pipe(i.picklist(["shallow","moderate","deep"]),i.description("Effort signal: how deep reasoning should go"))),session_id:i.optional(i.pipe(i.string(),i.regex(/^[a-zA-Z0-9_-]+$/,"Session ID must contain only letters, numbers, hyphens, and underscores"),i.minLength(1),i.maxLength(100),i.description("Optional session identifier for state isolation. When provided, thought history, branches, and statistics are scoped to this session. Omitting preserves global behavior."))),reset_state:i.optional(i.pipe(i.boolean(),i.description("When true, clears all state for the target session before processing this thought. The thought is then processed as the first in a fresh session."))),tool_name:i.optional(i.pipe(i.string(),i.minLength(1),i.description("Name of the tool being invoked (for tool_call thoughts)"))),tool_arguments:i.optional(i.pipe(i.record(i.string(),i.unknown()),i.description("Arguments passed to the tool (for tool_call thoughts)"))),tool_result:i.optional(i.pipe(i.unknown(),i.description("Result returned by the tool (for tool_observation thoughts)"))),continuation_token:i.optional(i.pipe(i.string(),i.minLength(1),i.description("Token for resuming long-running tool invocations"))),decomposition_children:i.optional(i.pipe(i.array(i.string()),i.description("Child thought IDs produced by decomposition"))),backtrack_target:i.optional(i.pipe(i.number(),i.integer(),i.minValue(1),i.description("Thought number to backtrack to. When the parent thought has thought_type=backtrack, this thought is logically retracted: it remains in history but is excluded from quality signals and reasoning stats."))),register_branch_id:i.optional(i.pipe(i.string(),i.regex(/^[a-zA-Z0-9_-]+$/,"register_branch_id must contain only letters, numbers, hyphens, and underscores"),i.minLength(1),i.maxLength(50),i.description("Pre-declares a branch ID for this session before any thoughts reference it. Useful so that subsequent thoughts using merge_branch_ids can target a branch that has not yet received any thoughts.")))}),p={name:"sequentialthinking_tools",description:n,inputSchema:{}},d=i.object({jsonrpc:i.pipe(i.string(),i.literal("2.0"),i.description('JSON-RPC protocol version (must be "2.0")')),method:i.pipe(i.string(),i.minLength(1),i.description("Method name to invoke")),params:i.optional(i.pipe(i.union([i.object({}),i.array(i.unknown())]),i.description("Method parameters (object or array)"))),id:i.optional(i.pipe(i.union([i.string(),i.number(),i.null()]),i.description("Request ID (omit for notifications)")))}),u=i.union([i.literal("sequence"),i.literal("branch"),i.literal("merge"),i.literal("verifies"),i.literal("critiques"),i.literal("derives_from"),i.literal("tool_invocation"),i.literal("revises")]);i.object({id:i.pipe(i.string(),i.minLength(1),i.maxLength(30)),from:i.pipe(i.string(),i.minLength(1),i.maxLength(30)),to:i.pipe(i.string(),i.minLength(1),i.maxLength(30)),kind:u,sessionId:i.pipe(i.string(),i.minLength(1)),createdAt:i.number(),metadata:i.optional(i.record(i.string(),i.unknown()))})},681(e,t,s){s.d(t,{j:()=>r}),s(561);let i=/^[a-zA-Z0-9_-]+$/;class n{_level="info";info(e,t){}warn(e,t){}error(e,t){}debug(e,t){}setLevel(e){this._level=e}getLevel(){return this._level}}let o=new Set(["session","sessionId","client","clientId"]);class r{_port;_host;_corsOrigin;_enableCors;_rateLimitEnabled;_maxRequestsPerMinute;_allowedHosts;_rateLimitMap=new Map;_rateLimitCleanupIntervalId=null;_wasHostExplicitlySet;_isShuttingDown=!1;_logger;_healthChecker;constructor(e={}){this._port=e.port??9108,this._host=e.host??"127.0.0.1",this._wasHostExplicitlySet=void 0!==e.host,this._corsOrigin=e.corsOrigin??"*",this._enableCors=e.enableCors??!0,this._rateLimitEnabled=e.enableRateLimit??!0,this._maxRequestsPerMinute=e.maxRequestsPerMinute??100,this._allowedHosts=this._buildAllowedHosts(e.allowedHosts),this._isShuttingDown=!1,this._logger=e.logger??new n,this._healthChecker=e.healthChecker??null,this._rateLimitEnabled&&this._startRateLimitCleanup()}get serverUrl(){let e=this._wasHostExplicitlySet||"127.0.0.1"!==this._host?this._host:"localhost";return`http://${e}:${this._port}`}validateSessionId(e){return!(e.length>100)&&i.test(e)}sanitizeQueryParams(e){let t={};for(let[s,i]of e.searchParams.entries())o.has(s)&&(t[s]=i);return t}checkRateLimit(e){if(!this._rateLimitEnabled)return!1;let t=Date.now();this._cleanupExpiredRateLimitEntries(t);let s=this._rateLimitMap.get(e);return!s||t>s.resetTime?(this._rateLimitMap.set(e,{count:1,resetTime:t+6e4}),!1):s.count>=this._maxRequestsPerMinute||(s.count++,!1)}_cleanupExpiredRateLimitEntries(e=Date.now()){for(let[t,s]of this._rateLimitMap.entries())s.resetTime<=e&&this._rateLimitMap.delete(t)}_startRateLimitCleanup(){null!==this._rateLimitCleanupIntervalId&&clearInterval(this._rateLimitCleanupIntervalId),this._rateLimitCleanupIntervalId=setInterval(()=>{this._cleanupExpiredRateLimitEntries()},6e4)}_stopRateLimitCleanup(){null!==this._rateLimitCleanupIntervalId&&(clearInterval(this._rateLimitCleanupIntervalId),this._rateLimitCleanupIntervalId=null)}getClientIp(e){let t=e.headers["x-forwarded-for"];return t&&"string"==typeof t?t.split(",")[0].trim():e.socket.remoteAddress||"unknown"}validateCorsOrigin(e){if("*"===this._corsOrigin)return!0;let t=e.headers.origin;if(!t||this._corsOrigin===t)return!0;if(this._corsOrigin.includes("*")){let e=this._corsOrigin.replace(/[.+?^${}()|[\]\\]/g,"\\$&").replace(/\*/g,"[a-zA-Z0-9.-]*");return RegExp(`^${e}$`).test(t)}return!1}setCorsHeaders(e){this._enableCors&&(e.setHeader("Access-Control-Allow-Origin",this._corsOrigin),e.setHeader("Access-Control-Allow-Methods","GET, POST, OPTIONS"),e.setHeader("Access-Control-Allow-Headers","Content-Type"))}validateHostHeader(e){let t=e.headers.host;if(!t)return!0;let s=t.split(":")[0].trim().toLowerCase();return!!s&&(0===this._allowedHosts.size||this._allowedHosts.has(s))}_buildAllowedHosts(e){if(e&&e.length>0)return new Set(e.map(e=>e.toLowerCase().trim()).filter(Boolean));let t=this._host.toLowerCase(),s=["localhost","127.0.0.1","::1"];return new Set(s.includes(t)||"0.0.0.0"===t||"::"===t?s:[t])}log(e,t,s){"info"===e?this._logger.info(t,s):"warn"===e?this._logger.warn(t,s):this._logger.error(t,s)}isShuttingDown(){return this._isShuttingDown}handleHealthEndpoint(e,t){let s={status:"healthy",...t};this._healthChecker&&(s.liveness=this._healthChecker.checkLiveness()),e.writeHead(200,{"Content-Type":"application/json"}),e.end(JSON.stringify(s))}async handleReadinessEndpoint(e){if(this._healthChecker){let t=await this._healthChecker.checkReadiness(),s="ok"===t.status?200:503;e.writeHead(s,{"Content-Type":"application/json"}),e.end(JSON.stringify(t))}else e.writeHead(200,{"Content-Type":"application/json"}),e.end(JSON.stringify({status:"ok",timestamp:new Date().toISOString(),components:{}}))}handleMetricsEndpoint(e,t){if(!t){e.writeHead(404,{"Content-Type":"text/plain"}),e.end("Not Found");return}e.writeHead(200,{"Content-Type":"text/plain; version=0.0.4; charset=utf-8"}),e.end(t())}}},504(e,t,s){s.d(t,{SseTransport:()=>l});var i=s(316),n=s(61),o=s(821),r=s(555),a=s(681);class l extends a.j{_server;_path;_clients=new Set;_clientSessionMap=new Map;_messageQueue=new Map;_metrics;_connectionPool;constructor(e={}){super(e),this._path=e.path??"/sse",this._metrics=e.metrics,this._connectionPool=e.connectionPool,this._updateActiveConnectionsMetric(),this._server=(0,i.createServer)((e,t)=>this._handleRequest(e,t))}async connect(e){return this._mcpServer=e,new Promise(e=>{this._server.listen(this._port,this._host,()=>{this.log("info",`SSE transport listening on http://${this._host}:${this._port}`),e()})})}_mcpServer=null;async _handleRequest(e,t){var s,i,o,r,a;let l=Date.now(),c=e.url||"/",h=e.method||"GET";if(null==(s=this._metrics)||s.counter("http_requests_total",1,{transport:"sse",method:h,path:c},"Total HTTP requests"),t.once("finish",()=>{var e;let t=(Date.now()-l)/1e3;null==(e=this._metrics)||e.histogram("http_request_duration_seconds",t,{transport:"sse",path:c})}),!this.validateHostHeader(e)){null==(i=this._metrics)||i.counter("http_request_errors_total",1,{transport:"sse",error_type:"forbidden"},"Total HTTP request errors"),t.writeHead(403,{"Content-Type":"application/json"}),t.end(JSON.stringify({error:"Forbidden - invalid host header"}));return}let p=new n.URL(e.url||"",`http://${e.headers.host}`),d=this.getClientIp(e);if(this.checkRateLimit(d)){null==(o=this._metrics)||o.counter("http_request_errors_total",1,{transport:"sse",error_type:"rate_limit"},"Total HTTP request errors"),t.writeHead(429,{"Content-Type":"application/json","Retry-After":"60"}),t.end(JSON.stringify({error:"Too many requests"}));return}if(!this.validateCorsOrigin(e)){null==(r=this._metrics)||r.counter("http_request_errors_total",1,{transport:"sse",error_type:"forbidden"},"Total HTTP request errors"),t.writeHead(403,{"Content-Type":"application/json"}),t.end(JSON.stringify({error:"Forbidden - invalid origin"}));return}this.setCorsHeaders(t);let u=this.sanitizeQueryParams(p);if(u.session||u.sessionId){let e=u.session??u.sessionId;if(!this.validateSessionId(e)){null==(a=this._metrics)||a.counter("http_request_errors_total",1,{transport:"sse",error_type:"validation"},"Total HTTP request errors"),t.writeHead(400,{"Content-Type":"application/json"}),t.end(JSON.stringify({error:"Invalid session ID format"}));return}}if(this._enableCors&&"OPTIONS"===e.method){t.writeHead(204),t.end();return}p.pathname===this._path&&"GET"===e.method?await this._handleSseConnection(e,t,u):p.pathname===`${this._path}/message`&&"POST"===e.method?await this._handleMessage(e,t,u):"/health"===p.pathname?this._handleHealthCheck(t):"/ready"===p.pathname?await this._handleReadinessCheck(t):(t.writeHead(404,{"Content-Type":"text/plain"}),t.end("Not Found"))}_handleHealthCheck(e){let t={status:"healthy",clients:this._clients.size};this._connectionPool&&(t.pool=this._connectionPool.getStats()),this._healthChecker&&(t.liveness=this._healthChecker.checkLiveness()),e.writeHead(200,{"Content-Type":"application/json"}),e.end(JSON.stringify(t))}async _handleReadinessCheck(e){if(this._healthChecker){let t=await this._healthChecker.checkReadiness(),s="ok"===t.status?200:503;e.writeHead(s,{"Content-Type":"application/json"}),e.end(JSON.stringify(t))}else e.writeHead(200,{"Content-Type":"application/json"}),e.end(JSON.stringify({status:"ok",timestamp:new Date().toISOString(),components:{}}))}async _handleSseConnection(e,t,s){let i;if(t.writeHead(200,{"Content-Type":"text/event-stream","Cache-Control":"no-cache",Connection:"keep-alive"}),this._connectionPool){let e=s.session??s.sessionId;if(e&&this._connectionPool.getSessionInfo(e))i=e;else try{i=await this._connectionPool.createSession()}catch(e){t.write(`event: error
-`),t.write(`data: ${JSON.stringify({error:e instanceof Error?e.message:"Failed to create session"})}
+23. Use reset_state: true when starting a completely new analysis to avoid statistical contamination from previous chains`;
+/**
+ * Valibot schema for validating tool recommendation objects.
+ *
+ * Validates that a tool recommendation has:
+ * - A tool name (string)
+ * - A confidence score between 0 and 1
+ * - A rationale explaining the recommendation
+ * - A priority number for ordering
+ * - Optional suggested input parameters
+ * - Optional alternative tools
+ *
+ * @example
+ * ```typescript
+ * import { safeParse } from 'valibot';
+ * import { ToolRecommendationSchema } from './schema.js';
+ *
+ * const result = safeParse(ToolRecommendationSchema, {
+ *   tool_name: 'mcp__tavily-mcp__tavily-search',
+ *   confidence: 0.9,
+ *   rationale: 'Best for web search',
+ *   priority: 1
+ * });
+ * ```
+ */ const ToolRecommendationSchema = valibot__rspack_import_0.object({
+    tool_name: valibot__rspack_import_0.pipe(valibot__rspack_import_0.string(), valibot__rspack_import_0.description('Name of the tool being recommended')),
+    confidence: valibot__rspack_import_0.pipe(valibot__rspack_import_0.number(), valibot__rspack_import_0.minValue(0), valibot__rspack_import_0.maxValue(1), valibot__rspack_import_0.description('0-1 indicating confidence in recommendation')),
+    rationale: valibot__rspack_import_0.pipe(valibot__rspack_import_0.string(), valibot__rspack_import_0.maxLength(2000), valibot__rspack_import_0.description('Why this tool is recommended')),
+    priority: valibot__rspack_import_0.optional(valibot__rspack_import_0.pipe(valibot__rspack_import_0.number(), valibot__rspack_import_0.description('Order in the recommendation sequence (default: 999)'))),
+    suggested_inputs: valibot__rspack_import_0.optional(valibot__rspack_import_0.pipe(valibot__rspack_import_0.record(valibot__rspack_import_0.string(), valibot__rspack_import_0.union([
+        valibot__rspack_import_0.string(),
+        valibot__rspack_import_0.number(),
+        valibot__rspack_import_0.boolean(),
+        valibot__rspack_import_0["null"]()
+    ])), valibot__rspack_import_0.description('Optional suggested parameters (flat key-value pairs only)'))),
+    alternatives: valibot__rspack_import_0.optional(valibot__rspack_import_0.pipe(valibot__rspack_import_0.array(valibot__rspack_import_0.string()), valibot__rspack_import_0.description('Alternative tools that could be used')))
+});
+/**
+ * Valibot schema for validating skill recommendation objects.
+ *
+ * Validates that a skill recommendation has:
+ * - A skill name (string)
+ * - A confidence score between 0 and 1
+ * - A rationale explaining the recommendation
+ * - A priority number for ordering
+ * - Optional alternative skills
+ * - Optional allowed tools list
+ * - Optional user invocable flag
+ *
+ * @example
+ * ```typescript
+ * import { safeParse } from 'valibot';
+ * import { SkillRecommendationSchema } from './schema.js';
+ *
+ * const result = safeParse(SkillRecommendationSchema, {
+ *   skill_name: 'commit',
+ *   confidence: 0.95,
+ *   rationale: 'Handles git commit workflow',
+ *   priority: 1,
+ *   user_invocable: true
+ * });
+ * ```
+ */ const SkillRecommendationSchema = valibot__rspack_import_0.object({
+    skill_name: valibot__rspack_import_0.pipe(valibot__rspack_import_0.string(), valibot__rspack_import_0.description('Name of the skill being recommended')),
+    confidence: valibot__rspack_import_0.optional(valibot__rspack_import_0.pipe(valibot__rspack_import_0.number(), valibot__rspack_import_0.minValue(0), valibot__rspack_import_0.maxValue(1), valibot__rspack_import_0.description('0-1 indicating confidence in recommendation (default: 0.5)'))),
+    rationale: valibot__rspack_import_0.optional(valibot__rspack_import_0.pipe(valibot__rspack_import_0.string(), valibot__rspack_import_0.maxLength(2000), valibot__rspack_import_0.description('Why this skill is recommended (default: empty string)'))),
+    priority: valibot__rspack_import_0.optional(valibot__rspack_import_0.pipe(valibot__rspack_import_0.number(), valibot__rspack_import_0.description('Order in the recommendation sequence (default: 999)'))),
+    alternatives: valibot__rspack_import_0.optional(valibot__rspack_import_0.pipe(valibot__rspack_import_0.array(valibot__rspack_import_0.string()), valibot__rspack_import_0.description('Alternative skills that could be used'))),
+    allowed_tools: valibot__rspack_import_0.optional(valibot__rspack_import_0.pipe(valibot__rspack_import_0.array(valibot__rspack_import_0.string()), valibot__rspack_import_0.description('Tools this skill is allowed to use (from skill frontmatter)'))),
+    user_invocable: valibot__rspack_import_0.optional(valibot__rspack_import_0.pipe(valibot__rspack_import_0.boolean(), valibot__rspack_import_0.description('Whether this skill can be user-invoked')))
+});
+/**
+ * Valibot schema for validating step recommendation objects.
+ *
+ * Validates that a step recommendation has:
+ * - A step description
+ * - An array of recommended tools
+ * - An optional array of recommended skills
+ * - An expected outcome
+ * - Optional conditions for the next step
+ *
+ * @example
+ * ```typescript
+ * import { safeParse } from 'valibot';
+ * import { StepRecommendationSchema } from './schema.js';
+ *
+ * const result = safeParse(StepRecommendationSchema, {
+ *   step_description: 'Search for TypeScript files',
+ *   recommended_tools: [{ ... }],
+ *   expected_outcome: 'List of all TypeScript files'
+ * });
+ * ```
+ */ const StepRecommendationSchema = valibot__rspack_import_0.object({
+    step_description: valibot__rspack_import_0.pipe(valibot__rspack_import_0.string(), valibot__rspack_import_0.description('What needs to be done')),
+    recommended_tools: valibot__rspack_import_0.pipe(valibot__rspack_import_0.array(ToolRecommendationSchema), valibot__rspack_import_0.description('Tools recommended for this step')),
+    recommended_skills: valibot__rspack_import_0.optional(valibot__rspack_import_0.pipe(valibot__rspack_import_0.array(SkillRecommendationSchema), valibot__rspack_import_0.description('Skills recommended for this step'))),
+    expected_outcome: valibot__rspack_import_0.pipe(valibot__rspack_import_0.string(), valibot__rspack_import_0.description('What to expect from this step')),
+    next_step_conditions: valibot__rspack_import_0.optional(valibot__rspack_import_0.pipe(valibot__rspack_import_0.array(valibot__rspack_import_0.string()), valibot__rspack_import_0.description('Conditions to consider for the next step')))
+});
+/**
+ * Valibot schema for validating partial tool recommendation objects.
+ *
+ * This is a lenient version of ToolRecommendationSchema used for previous_steps,
+ * where LLMs naturally provide partial/skeletal data. Only tool_name and rationale
+ * are required, while confidence and priority are optional with default values.
+ *
+ * Validates that a partial tool recommendation has:
+ * - A tool name (required)
+ * - A rationale explaining the recommendation (required)
+ * - An optional confidence score (defaults to 0.5)
+ * - An optional priority number (defaults to 999)
+ * - Optional suggested input parameters
+ * - Optional alternative tools
+ *
+ * @remarks
+ * **Design Rationale:**
+ * LLMs tend to provide complete data for current_step but only partial data
+ * for previous_steps (historical context). This schema accommodates that natural
+ * LLM behavior while maintaining data integrity through sensible defaults.
+ *
+ * @example
+ * ```typescript
+ * import { safeParse } from 'valibot';
+ * import { PartialToolRecommendationSchema } from './schema.js';
+ *
+ * // Minimal valid input (LLM often generates this for previous_steps)
+ * const result = safeParse(PartialToolRecommendationSchema, {
+ *   tool_name: 'Read',
+ *   rationale: 'Read the file'
+ * });
+ * // confidence and priority will be filled in by the normalizer
+ * ```
+ */ const PartialToolRecommendationSchema = valibot__rspack_import_0.object({
+    tool_name: valibot__rspack_import_0.pipe(valibot__rspack_import_0.string(), valibot__rspack_import_0.description('Name of the tool being recommended')),
+    rationale: valibot__rspack_import_0.optional(valibot__rspack_import_0.pipe(valibot__rspack_import_0.string(), valibot__rspack_import_0.maxLength(2000), valibot__rspack_import_0.description('Why this tool is recommended (default: empty string)'))),
+    confidence: valibot__rspack_import_0.optional(valibot__rspack_import_0.pipe(valibot__rspack_import_0.number(), valibot__rspack_import_0.minValue(0), valibot__rspack_import_0.maxValue(1), valibot__rspack_import_0.description('0-1 indicating confidence in recommendation (default: 0.5)'))),
+    priority: valibot__rspack_import_0.optional(valibot__rspack_import_0.pipe(valibot__rspack_import_0.number(), valibot__rspack_import_0.description('Order in the recommendation sequence (default: 999)'))),
+    suggested_inputs: valibot__rspack_import_0.optional(valibot__rspack_import_0.pipe(valibot__rspack_import_0.record(valibot__rspack_import_0.string(), valibot__rspack_import_0.union([
+        valibot__rspack_import_0.string(),
+        valibot__rspack_import_0.number(),
+        valibot__rspack_import_0.boolean(),
+        valibot__rspack_import_0["null"]()
+    ])), valibot__rspack_import_0.description('Optional suggested parameters (flat key-value pairs only)'))),
+    alternatives: valibot__rspack_import_0.optional(valibot__rspack_import_0.pipe(valibot__rspack_import_0.array(valibot__rspack_import_0.string()), valibot__rspack_import_0.description('Alternative tools that could be used')))
+});
+/**
+ * Valibot schema for validating partial step recommendation objects.
+ *
+ * This is a lenient version of StepRecommendationSchema used for previous_steps,
+ * where LLMs naturally provide partial/skeletal data. Only step_description is
+ * strictly required, while expected_outcome and tool recommendation fields are
+ * optional with default values.
+ *
+ * Validates that a partial step recommendation has:
+ * - A step description (required)
+ * - An array of recommended tools (with optional confidence/priority)
+ * - An optional array of recommended skills
+ * - An optional expected outcome (defaults to empty string)
+ * - Optional conditions for the next step
+ *
+ * @remarks
+ * **Design Rationale:**
+ * LLMs provide complete, detailed data for current_step but only brief summaries
+ * for previous_steps. This schema allows the natural LLM behavior while the
+ * InputNormalizer fills in sensible defaults for missing fields.
+ *
+ * @example
+ * ```typescript
+ * import { safeParse } from 'valibot';
+ * import { PartialStepRecommendationSchema } from './schema.js';
+ *
+ * // Minimal valid input (LLM often generates this for previous_steps)
+ * const result = safeParse(PartialStepRecommendationSchema, {
+ *   step_description: 'Read the file',
+ *   recommended_tools: [{
+ *     tool_name: 'Read',
+ *     rationale: 'Read the file'
+ *   }]
+ * });
+ * // confidence, priority, and expected_outcome will be filled in by normalizer
+ * ```
+ */ const PartialStepRecommendationSchema = valibot__rspack_import_0.object({
+    step_description: valibot__rspack_import_0.pipe(valibot__rspack_import_0.string(), valibot__rspack_import_0.description('What needs to be done')),
+    recommended_tools: valibot__rspack_import_0.pipe(valibot__rspack_import_0.array(PartialToolRecommendationSchema), valibot__rspack_import_0.description('Tools recommended for this step')),
+    recommended_skills: valibot__rspack_import_0.optional(valibot__rspack_import_0.pipe(valibot__rspack_import_0.array(SkillRecommendationSchema), valibot__rspack_import_0.description('Skills recommended for this step'))),
+    expected_outcome: valibot__rspack_import_0.optional(valibot__rspack_import_0.pipe(valibot__rspack_import_0.string(), valibot__rspack_import_0.description('What to expect from this step (default: empty string)'))),
+    next_step_conditions: valibot__rspack_import_0.optional(valibot__rspack_import_0.pipe(valibot__rspack_import_0.array(valibot__rspack_import_0.string()), valibot__rspack_import_0.description('Conditions to consider for the next step')))
+});
+/**
+ * Main Valibot schema for validating sequential thinking tool input.
+ *
+ * This is the primary schema used for the sequential thinking MCP tool.
+ * It validates all thought data including:
+ * - Optional available tools and skills arrays
+ * - The thought content (required)
+ * - Thought numbering (thought_number, total_thoughts)
+ * - Revision and branching metadata
+ * - Current, previous, and remaining step recommendations
+ *
+ * @remarks
+ * **Validation Rules:**
+ * - `thought_number` must be >= 1
+ * - `total_thoughts` must be >= 1
+ * - `branch_id` must be 1-50 characters, alphanumeric/hyphens/underscores only
+ * - `confidence` values must be between 0 and 1
+ * - `thought_type` must be one of: regular, hypothesis, verification, critique, synthesis, meta
+ * - `quality_score` and `confidence` must be between 0 and 1
+ * - `hypothesis_id` must be 1-50 characters, alphanumeric/hyphens/underscores only
+ *
+ * @example
+ * ```typescript
+ * import { safeParse } from 'valibot';
+ * import { SequentialThinkingSchema } from './schema.js';
+ *
+ * const result = safeParse(SequentialThinkingSchema, {
+ *   thought: 'I need to analyze the problem',
+ *   thought_number: 1,
+ *   total_thoughts: 5,
+ *   next_thought_needed: true,
+ *   available_mcp_tools: ['Read', 'Write', 'Grep']
+ * });
+ *
+ * if (result.success) {
+ *   console.log('Valid thought:', result.output);
+ * } else {
+ *   console.error('Validation errors:', result.issues);
+ * }
+ * ```
+ */ const SequentialThinkingSchema = valibot__rspack_import_0.object({
+    available_mcp_tools: valibot__rspack_import_0.optional(valibot__rspack_import_0.pipe(valibot__rspack_import_0.array(valibot__rspack_import_0.string()), valibot__rspack_import_0.description('Array of MCP tool names available for use (e.g., ["mcp-omnisearch", "mcp-turso-cloud"])'))),
+    available_skills: valibot__rspack_import_0.optional(valibot__rspack_import_0.pipe(valibot__rspack_import_0.array(valibot__rspack_import_0.string()), valibot__rspack_import_0.description('Array of skill names available for use (e.g., ["commit", "review-pr", "pdf"])'))),
+    thought: valibot__rspack_import_0.pipe(valibot__rspack_import_0.string(), valibot__rspack_import_0.description('Your current thinking step')),
+    id: valibot__rspack_import_0.optional(valibot__rspack_import_0.pipe(valibot__rspack_import_0.string(), valibot__rspack_import_0.minLength(1), valibot__rspack_import_0.maxLength(30), valibot__rspack_import_0.description('Unique identifier for this thought. Auto-generated if not provided.'))),
+    next_thought_needed: valibot__rspack_import_0.optional(valibot__rspack_import_0.pipe(valibot__rspack_import_0.boolean(), valibot__rspack_import_0.description('Whether another thought step is needed (defaults to true if not provided)'))),
+    thought_number: valibot__rspack_import_0.pipe(valibot__rspack_import_0.number(), valibot__rspack_import_0.minValue(1), valibot__rspack_import_0.description('Current thought number')),
+    total_thoughts: valibot__rspack_import_0.pipe(valibot__rspack_import_0.number(), valibot__rspack_import_0.minValue(1), valibot__rspack_import_0.description('Estimated total thoughts needed')),
+    is_revision: valibot__rspack_import_0.optional(valibot__rspack_import_0.pipe(valibot__rspack_import_0.boolean(), valibot__rspack_import_0.description('Whether this revises previous thinking'))),
+    revises_thought: valibot__rspack_import_0.optional(valibot__rspack_import_0.pipe(valibot__rspack_import_0.number(), valibot__rspack_import_0.minValue(1), valibot__rspack_import_0.description('Which thought is being reconsidered'))),
+    branch_from_thought: valibot__rspack_import_0.optional(valibot__rspack_import_0.pipe(valibot__rspack_import_0.number(), valibot__rspack_import_0.minValue(1), valibot__rspack_import_0.description('Branching point thought number'))),
+    branch_id: valibot__rspack_import_0.optional(valibot__rspack_import_0.pipe(valibot__rspack_import_0.string(), valibot__rspack_import_0.regex(/^[a-zA-Z0-9_-]+$/, 'Branch ID must contain only letters, numbers, hyphens, and underscores'), valibot__rspack_import_0.minLength(1), valibot__rspack_import_0.maxLength(50), valibot__rspack_import_0.description('Branch identifier (alphanumeric, hyphens, underscores only, max 50 chars)'))),
+    needs_more_thoughts: valibot__rspack_import_0.optional(valibot__rspack_import_0.pipe(valibot__rspack_import_0.boolean(), valibot__rspack_import_0.description('If more thoughts are needed'))),
+    current_step: valibot__rspack_import_0.optional(valibot__rspack_import_0.pipe(StepRecommendationSchema, valibot__rspack_import_0.description('Current step recommendation'))),
+    previous_steps: valibot__rspack_import_0.optional(valibot__rspack_import_0.pipe(valibot__rspack_import_0.array(PartialStepRecommendationSchema), valibot__rspack_import_0.description('Steps already recommended (lenient schema - allows partial data with defaults)'))),
+    remaining_steps: valibot__rspack_import_0.optional(valibot__rspack_import_0.pipe(valibot__rspack_import_0.array(valibot__rspack_import_0.string()), valibot__rspack_import_0.description('High-level descriptions of upcoming steps'))),
+    thought_type: valibot__rspack_import_0.optional(valibot__rspack_import_0.pipe(valibot__rspack_import_0.picklist([
+        'regular',
+        'hypothesis',
+        'verification',
+        'critique',
+        'synthesis',
+        'meta',
+        'tool_call',
+        'tool_observation',
+        'assumption',
+        'decomposition',
+        'backtrack'
+    ]), valibot__rspack_import_0.description('Classified purpose: regular (default), hypothesis, verification, critique, synthesis, meta, tool_call (requires toolInterleave), tool_observation (requires toolInterleave), assumption (requires newThoughtTypes), decomposition (requires newThoughtTypes), backtrack (requires newThoughtTypes)'))),
+    quality_score: valibot__rspack_import_0.optional(valibot__rspack_import_0.pipe(valibot__rspack_import_0.number(), valibot__rspack_import_0.minValue(0), valibot__rspack_import_0.maxValue(1), valibot__rspack_import_0.description('Self-assessed quality score (0-1)'))),
+    confidence: valibot__rspack_import_0.optional(valibot__rspack_import_0.pipe(valibot__rspack_import_0.number(), valibot__rspack_import_0.minValue(0), valibot__rspack_import_0.maxValue(1), valibot__rspack_import_0.description('Explicit confidence in correctness (0-1)'))),
+    hypothesis_id: valibot__rspack_import_0.optional(valibot__rspack_import_0.pipe(valibot__rspack_import_0.string(), valibot__rspack_import_0.regex(/^[a-zA-Z0-9_-]+$/, 'Hypothesis ID must contain only letters, numbers, hyphens, and underscores'), valibot__rspack_import_0.minLength(1), valibot__rspack_import_0.maxLength(50), valibot__rspack_import_0.description('Identifier linking hypothesis to verification thoughts'))),
+    verification_target: valibot__rspack_import_0.optional(valibot__rspack_import_0.pipe(valibot__rspack_import_0.number(), valibot__rspack_import_0.minValue(1), valibot__rspack_import_0.description('Thought number being verified or critiqued'))),
+    synthesis_sources: valibot__rspack_import_0.optional(valibot__rspack_import_0.pipe(valibot__rspack_import_0.array(valibot__rspack_import_0.pipe(valibot__rspack_import_0.number(), valibot__rspack_import_0.minValue(1))), valibot__rspack_import_0.description('Thought numbers being synthesized'))),
+    merge_from_thoughts: valibot__rspack_import_0.optional(valibot__rspack_import_0.pipe(valibot__rspack_import_0.array(valibot__rspack_import_0.pipe(valibot__rspack_import_0.number(), valibot__rspack_import_0.minValue(1))), valibot__rspack_import_0.description('Thought numbers from other branches being merged (DAG)'))),
+    merge_branch_ids: valibot__rspack_import_0.optional(valibot__rspack_import_0.pipe(valibot__rspack_import_0.array(valibot__rspack_import_0.pipe(valibot__rspack_import_0.string(), valibot__rspack_import_0.regex(/^[a-zA-Z0-9_-]+$/), valibot__rspack_import_0.maxLength(50))), valibot__rspack_import_0.description('Branch IDs being merged into current context'))),
+    meta_observation: valibot__rspack_import_0.optional(valibot__rspack_import_0.pipe(valibot__rspack_import_0.string(), valibot__rspack_import_0.description('Metacognitive observation about reasoning process'))),
+    reasoning_depth: valibot__rspack_import_0.optional(valibot__rspack_import_0.pipe(valibot__rspack_import_0.picklist([
+        'shallow',
+        'moderate',
+        'deep'
+    ]), valibot__rspack_import_0.description('Effort signal: how deep reasoning should go'))),
+    session_id: valibot__rspack_import_0.optional(valibot__rspack_import_0.pipe(valibot__rspack_import_0.string(), valibot__rspack_import_0.regex(/^[a-zA-Z0-9_-]+$/, 'Session ID must contain only letters, numbers, hyphens, and underscores'), valibot__rspack_import_0.minLength(1), valibot__rspack_import_0.maxLength(100), valibot__rspack_import_0.description('Optional session identifier for state isolation. When provided, thought history, branches, and statistics are scoped to this session. Omitting preserves global behavior.'))),
+    reset_state: valibot__rspack_import_0.optional(valibot__rspack_import_0.pipe(valibot__rspack_import_0.boolean(), valibot__rspack_import_0.description('When true, clears all state for the target session before processing this thought. The thought is then processed as the first in a fresh session.'))),
+    tool_name: valibot__rspack_import_0.optional(valibot__rspack_import_0.pipe(valibot__rspack_import_0.string(), valibot__rspack_import_0.minLength(1), valibot__rspack_import_0.description('Name of the tool being invoked (for tool_call thoughts)'))),
+    tool_arguments: valibot__rspack_import_0.optional(valibot__rspack_import_0.pipe(valibot__rspack_import_0.record(valibot__rspack_import_0.string(), valibot__rspack_import_0.unknown()), valibot__rspack_import_0.description('Arguments passed to the tool (for tool_call thoughts)'))),
+    tool_result: valibot__rspack_import_0.optional(valibot__rspack_import_0.pipe(valibot__rspack_import_0.unknown(), valibot__rspack_import_0.description('Result returned by the tool (for tool_observation thoughts)'))),
+    continuation_token: valibot__rspack_import_0.optional(valibot__rspack_import_0.pipe(valibot__rspack_import_0.string(), valibot__rspack_import_0.minLength(1), valibot__rspack_import_0.description('Token for resuming long-running tool invocations'))),
+    decomposition_children: valibot__rspack_import_0.optional(valibot__rspack_import_0.pipe(valibot__rspack_import_0.array(valibot__rspack_import_0.string()), valibot__rspack_import_0.description('Child thought IDs produced by decomposition'))),
+    backtrack_target: valibot__rspack_import_0.optional(valibot__rspack_import_0.pipe(valibot__rspack_import_0.number(), valibot__rspack_import_0.integer(), valibot__rspack_import_0.minValue(1), valibot__rspack_import_0.description('Thought number to backtrack to. When the parent thought has thought_type=backtrack, this thought is logically retracted: it remains in history but is excluded from quality signals and reasoning stats.'))),
+    register_branch_id: valibot__rspack_import_0.optional(valibot__rspack_import_0.pipe(valibot__rspack_import_0.string(), valibot__rspack_import_0.regex(/^[a-zA-Z0-9_-]+$/, 'register_branch_id must contain only letters, numbers, hyphens, and underscores'), valibot__rspack_import_0.minLength(1), valibot__rspack_import_0.maxLength(50), valibot__rspack_import_0.description('Pre-declares a branch ID for this session before any thoughts reference it. Useful so that subsequent thoughts using merge_branch_ids can target a branch that has not yet received any thoughts.')))
+});
+/**
+ * The sequential thinking tool definition for MCP registration.
+ *
+ * This object defines the tool that is registered with the MCP server.
+ * The inputSchema is left empty as the schema is handled by tmcp
+ * when registering the tool using the Valibot adapter.
+ *
+ * @example
+ * ```typescript
+ * import { SEQUENTIAL_THINKING_TOOL } from './schema.js';
+ * import { McpServer } from 'tmcp';
+ *
+ * const server = new McpServer({ name: 'my-server', version: '1.0.0' });
+ * server.tool({
+ *   name: SEQUENTIAL_THINKING_TOOL.name,
+ *   description: SEQUENTIAL_THINKING_TOOL.description,
+ *   schema: SequentialThinkingSchema
+ * }, handler);
+ * ```
+ */ const SEQUENTIAL_THINKING_TOOL = {
+    name: 'sequentialthinking_tools',
+    description: TOOL_DESCRIPTION,
+    inputSchema: {}
+};
+/**
+ * Valibot schema for validating JSON-RPC 2.0 request messages.
+ *
+ * Validates that a JSON-RPC request has:
+ * - A jsonrpc version (must be "2.0")
+ * - A method name (string)
+ * - Optional params (object or array)
+ * - Optional id (string, number, or null for notifications)
+ *
+ * @example
+ * ```typescript
+ * import { safeParse } from 'valibot';
+ * import { JsonRpcRequestSchema } from './schema.js';
+ *
+ * const result = safeParse(JsonRpcRequestSchema, {
+ *   jsonrpc: '2.0',
+ *   method: 'tools/list',
+ *   id: 1
+ * });
+ * ```
+ */ const JsonRpcRequestSchema = valibot__rspack_import_0.object({
+    jsonrpc: valibot__rspack_import_0.pipe(valibot__rspack_import_0.string(), valibot__rspack_import_0.literal('2.0'), valibot__rspack_import_0.description('JSON-RPC protocol version (must be "2.0")')),
+    method: valibot__rspack_import_0.pipe(valibot__rspack_import_0.string(), valibot__rspack_import_0.minLength(1), valibot__rspack_import_0.description('Method name to invoke')),
+    params: valibot__rspack_import_0.optional(valibot__rspack_import_0.pipe(valibot__rspack_import_0.union([
+        valibot__rspack_import_0.object({}),
+        valibot__rspack_import_0.array(valibot__rspack_import_0.unknown())
+    ]), valibot__rspack_import_0.description('Method parameters (object or array)'))),
+    id: valibot__rspack_import_0.optional(valibot__rspack_import_0.pipe(valibot__rspack_import_0.union([
+        valibot__rspack_import_0.string(),
+        valibot__rspack_import_0.number(),
+        valibot__rspack_import_0["null"]()
+    ]), valibot__rspack_import_0.description('Request ID (omit for notifications)')))
+});
+/**
+ * Schema for {@link EdgeKind} — the semantic relationship between two thoughts.
+ */ const EdgeKindSchema = valibot__rspack_import_0.union([
+    valibot__rspack_import_0.literal('sequence'),
+    valibot__rspack_import_0.literal('branch'),
+    valibot__rspack_import_0.literal('merge'),
+    valibot__rspack_import_0.literal('verifies'),
+    valibot__rspack_import_0.literal('critiques'),
+    valibot__rspack_import_0.literal('derives_from'),
+    valibot__rspack_import_0.literal('tool_invocation'),
+    valibot__rspack_import_0.literal('revises')
+]);
+/**
+ * Schema for {@link Edge} — a directed edge in the thought DAG.
+ */ const EdgeSchema = valibot__rspack_import_0.object({
+    id: valibot__rspack_import_0.pipe(valibot__rspack_import_0.string(), valibot__rspack_import_0.minLength(1), valibot__rspack_import_0.maxLength(30)),
+    from: valibot__rspack_import_0.pipe(valibot__rspack_import_0.string(), valibot__rspack_import_0.minLength(1), valibot__rspack_import_0.maxLength(30)),
+    to: valibot__rspack_import_0.pipe(valibot__rspack_import_0.string(), valibot__rspack_import_0.minLength(1), valibot__rspack_import_0.maxLength(30)),
+    kind: EdgeKindSchema,
+    sessionId: valibot__rspack_import_0.pipe(valibot__rspack_import_0.string(), valibot__rspack_import_0.minLength(1)),
+    createdAt: valibot__rspack_import_0.number(),
+    metadata: valibot__rspack_import_0.optional(valibot__rspack_import_0.record(valibot__rspack_import_0.string(), valibot__rspack_import_0.unknown()))
+});
+
+
+},
+419(__unused_rspack_module, __webpack_exports__, __webpack_require__) {
+
+// EXPORTS
+__webpack_require__.d(__webpack_exports__, {
+  j: () => (/* binding */ BaseTransport)
+});
+
+// EXTERNAL MODULE: external "node:crypto"
+var external_node_crypto_ = __webpack_require__(561);
+;// CONCATENATED MODULE: ./src/core/ids.ts
+/**
+ * Unique identifier generation utilities for thoughts and edges.
+ *
+ * @module core/ids
+ */ 
+/**
+ * Generate a unique lexicographically-sortable identifier.
+ *
+ * Format: 8-char base36 timestamp + 20-char hex random (10 random bytes).
+ * Result is up to 28 characters, sortable by creation time.
+ *
+ * @returns A unique string identifier.
+ *
+ * @example
+ * ```typescript
+ * const id = generateUlid(); // '01h2k3m400a1b2c3d4e5f6...'
+ * ```
+ */ function generateUlid() {
+    const timestamp = Date.now().toString(36).padStart(8, '0');
+    const random = crypto.randomBytes(10).toString('hex');
+    return `${timestamp}${random}`;
+}
+/**
+ * Valid session ID pattern: alphanumeric, hyphens, underscores.
+ *
+ * Length is enforced separately via {@link MAX_SESSION_ID_LENGTH}.
+ * Same character set as branch IDs.
+ */ const SESSION_ID_PATTERN = /^[a-zA-Z0-9_-]+$/;
+/**
+ * Maximum session ID length (in characters).
+ *
+ * Allows compound identifiers (e.g. `user-123_task-abc`).
+ */ const MAX_SESSION_ID_LENGTH = 100;
+
+;// CONCATENATED MODULE: ./src/transport/BaseTransport.ts
+/**
+ * Base transport implementation.
+ *
+ * This class provides shared functionality for all transport implementations,
+ * including session validation, rate limiting, CORS handling, and IP extraction.
+ *
+ * @remarks
+ * **Security Features:**
+ * - Session ID validation (alphanumeric, max 64 chars)
+ * - Query parameter sanitization (whitelist allowed keys)
+ * - Rate limiting per IP (configurable, default 100 req/min)
+ * - CORS origin validation
+ *
+ * **Rate Limiting:**
+ * - Tracks requests per IP address within a time window
+ * - Returns 429 Too Many Requests when limit exceeded
+ * - Can be disabled via `enableRateLimit: false`
+ */ 
+/**
+ * No-op logger that does nothing. Used when no logger is provided.
+ */ class NoopLogger {
+    _level = 'info';
+    info(_message, _meta) {}
+    warn(_message, _meta) {}
+    error(_message, _meta) {}
+    debug(_message, _meta) {}
+    setLevel(level) {
+        this._level = level;
+    }
+    getLevel() {
+        return this._level;
+    }
+}
+/**
+ * Allowed query parameter names (whitelist for security).
+ */ const ALLOWED_QUERY_PARAMS = new Set([
+    'session',
+    'sessionId',
+    'client',
+    'clientId'
+]);
+/**
+ * Rate limit settings (requests per minute per IP).
+ */ const RATE_LIMIT_REQUESTS = 100;
+const RATE_LIMIT_WINDOW_MS = 60 * 1000; // 1 minute
+class BaseTransport {
+    _port;
+    _host;
+    _corsOrigin;
+    _enableCors;
+    _rateLimitEnabled;
+    _maxRequestsPerMinute;
+    _allowedHosts;
+    _rateLimitMap = new Map();
+    _rateLimitCleanupIntervalId = null;
+    _wasHostExplicitlySet;
+    /** Shutdown state for graceful shutdown. */ _isShuttingDown = false;
+    _logger;
+    _healthChecker;
+    constructor(options = {}){
+        this._port = options.port ?? 9108;
+        this._host = options.host ?? '127.0.0.1';
+        this._wasHostExplicitlySet = options.host !== undefined;
+        this._corsOrigin = options.corsOrigin ?? '*';
+        this._enableCors = options.enableCors ?? true;
+        this._rateLimitEnabled = options.enableRateLimit ?? true;
+        this._maxRequestsPerMinute = options.maxRequestsPerMinute ?? RATE_LIMIT_REQUESTS;
+        this._allowedHosts = this._buildAllowedHosts(options.allowedHosts);
+        this._isShuttingDown = false;
+        this._logger = options.logger ?? new NoopLogger();
+        this._healthChecker = options.healthChecker ?? null;
+        if (this._rateLimitEnabled) {
+            this._startRateLimitCleanup();
+        }
+    }
+    /**
+	 * Get the server URL with localhost substitution for default host.
+	 */ get serverUrl() {
+        const host = !this._wasHostExplicitlySet && this._host === '127.0.0.1' ? 'localhost' : this._host;
+        return `http://${host}:${this._port}`;
+    }
+    /**
+	 * Validate session ID format.
+	 *
+	 * @param sessionId - The session ID to validate
+	 * @returns true if valid, false otherwise
+	 */ validateSessionId(sessionId) {
+        if (sessionId.length > MAX_SESSION_ID_LENGTH) {
+            return false;
+        }
+        return SESSION_ID_PATTERN.test(sessionId);
+    }
+    /**
+	 * Sanitize query parameters by removing any not in whitelist.
+	 *
+	 * @param url - The URL object containing query parameters
+	 * @returns A sanitized record of allowed query parameters
+	 */ sanitizeQueryParams(url) {
+        const sanitized = {};
+        for (const [key, value] of url.searchParams.entries()){
+            if (ALLOWED_QUERY_PARAMS.has(key)) {
+                sanitized[key] = value;
+            }
+        }
+        return sanitized;
+    }
+    /**
+	 * Check rate limit for a given IP address.
+	 *
+	 * @param ip - The IP address to check
+	 * @returns true if rate limit exceeded, false otherwise
+	 */ checkRateLimit(ip) {
+        if (!this._rateLimitEnabled) {
+            return false;
+        }
+        const now = Date.now();
+        this._cleanupExpiredRateLimitEntries(now);
+        const record = this._rateLimitMap.get(ip);
+        if (!record || now > record.resetTime) {
+            this._rateLimitMap.set(ip, {
+                count: 1,
+                resetTime: now + RATE_LIMIT_WINDOW_MS
+            });
+            return false;
+        }
+        if (record.count >= this._maxRequestsPerMinute) {
+            return true; // Rate limit exceeded
+        }
+        record.count++;
+        return false;
+    }
+    _cleanupExpiredRateLimitEntries(now = Date.now()) {
+        for (const [ip, record] of this._rateLimitMap.entries()){
+            if (record.resetTime <= now) {
+                this._rateLimitMap.delete(ip);
+            }
+        }
+    }
+    _startRateLimitCleanup() {
+        if (this._rateLimitCleanupIntervalId !== null) {
+            clearInterval(this._rateLimitCleanupIntervalId);
+        }
+        this._rateLimitCleanupIntervalId = setInterval(()=>{
+            this._cleanupExpiredRateLimitEntries();
+        }, RATE_LIMIT_WINDOW_MS);
+    }
+    _stopRateLimitCleanup() {
+        if (this._rateLimitCleanupIntervalId !== null) {
+            clearInterval(this._rateLimitCleanupIntervalId);
+            this._rateLimitCleanupIntervalId = null;
+        }
+    }
+    /**
+	 * Get client IP address from request.
+	 *
+	 * @param req - The incoming request
+	 * @returns The client IP address
+	 */ getClientIp(req) {
+        const forwardedFor = req.headers['x-forwarded-for'];
+        if (forwardedFor && typeof forwardedFor === 'string') {
+            return forwardedFor.split(',')[0].trim();
+        }
+        const remoteAddress = req.socket.remoteAddress;
+        return remoteAddress || 'unknown';
+    }
+    /**
+	 * Validate CORS origin from request headers.
+	 *
+	 * @param req - The incoming request
+	 * @returns true if origin is valid, false otherwise
+	 */ validateCorsOrigin(req) {
+        if (this._corsOrigin === '*') {
+            return true;
+        }
+        const origin = req.headers.origin;
+        if (!origin) {
+            return true; // No origin header is acceptable
+        }
+        // Exact match
+        if (this._corsOrigin === origin) {
+            return true;
+        }
+        // Check if configured origin is a wildcard pattern
+        if (this._corsOrigin.includes('*')) {
+            // Escape all regex metacharacters EXCEPT *,
+            // then replace * with a hostname-safe pattern (alphanumeric, hyphens, dots)
+            const escaped = this._corsOrigin.replace(/[.+?^${}()|[\]\\]/g, '\\$&') // escape metacharacters (not *)
+            .replace(/\*/g, '[a-zA-Z0-9.-]*'); // * matches valid hostname chars only
+            const regex = new RegExp(`^${escaped}$`);
+            return regex.test(origin);
+        }
+        return false;
+    }
+    /**
+	 * Set CORS headers on response.
+	 *
+	 * @param res - The server response
+	 */ setCorsHeaders(res) {
+        if (this._enableCors) {
+            res.setHeader('Access-Control-Allow-Origin', this._corsOrigin);
+            res.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS');
+            res.setHeader('Access-Control-Allow-Headers', 'Content-Type');
+        }
+    }
+    validateHostHeader(req) {
+        const rawHost = req.headers.host;
+        if (!rawHost) {
+            return true;
+        }
+        const hostWithoutPort = rawHost.split(':')[0].trim().toLowerCase();
+        if (!hostWithoutPort) {
+            return false;
+        }
+        if (this._allowedHosts.size === 0) {
+            return true;
+        }
+        return this._allowedHosts.has(hostWithoutPort);
+    }
+    _buildAllowedHosts(configuredHosts) {
+        if (configuredHosts && configuredHosts.length > 0) {
+            return new Set(configuredHosts.map((host)=>host.toLowerCase().trim()).filter(Boolean));
+        }
+        const boundHost = this._host.toLowerCase();
+        const localHosts = [
+            'localhost',
+            '127.0.0.1',
+            '::1'
+        ];
+        if (localHosts.includes(boundHost)) {
+            return new Set(localHosts);
+        }
+        if (boundHost === '0.0.0.0' || boundHost === '::') {
+            return new Set(localHosts);
+        }
+        return new Set([
+            boundHost
+        ]);
+    }
+    /**
+	 * Log a message using the configured logger.
+	 *
+	 * @param level - Log level
+	 * @param message - Message to log
+	 * @param meta - Optional metadata
+	 */ log(level, message, meta) {
+        if (level === 'info') {
+            this._logger.info(message, meta);
+        } else if (level === 'warn') {
+            this._logger.warn(message, meta);
+        } else {
+            this._logger.error(message, meta);
+        }
+    }
+    /**
+	 * Check if transport is shutting down.
+	 * @returns true if in shutdown phase
+	 */ get isShuttingDown() {
+        return this._isShuttingDown;
+    }
+    /**
+	 * Handle GET /health endpoint — liveness check.
+	 *
+	 * Builds a standard health response with optional liveness data from the health checker.
+	 * Transports can pass extra data (e.g. client counts, session info).
+	 *
+	 * @param res - The server response
+	 * @param extraData - Optional additional health metadata
+	 */ handleHealthEndpoint(res, extraData) {
+        const healthData = {
+            status: 'healthy',
+            ...extraData
+        };
+        if (this._healthChecker) {
+            const liveness = this._healthChecker.checkLiveness();
+            healthData.liveness = liveness;
+        }
+        res.writeHead(200, {
+            'Content-Type': 'application/json'
+        });
+        res.end(JSON.stringify(healthData));
+    }
+    /**
+	 * Handle GET /ready endpoint — readiness check.
+	 *
+	 * Delegates to the health checker if available, otherwise returns a default OK response.
+	 *
+	 * @param res - The server response
+	 */ async handleReadinessEndpoint(res) {
+        if (this._healthChecker) {
+            const readiness = await this._healthChecker.checkReadiness();
+            const statusCode = readiness.status === 'ok' ? 200 : 503;
+            res.writeHead(statusCode, {
+                'Content-Type': 'application/json'
+            });
+            res.end(JSON.stringify(readiness));
+        } else {
+            res.writeHead(200, {
+                'Content-Type': 'application/json'
+            });
+            res.end(JSON.stringify({
+                status: 'ok',
+                timestamp: new Date().toISOString(),
+                components: {}
+            }));
+        }
+    }
+    /**
+	 * Handle GET /metrics endpoint — Prometheus metrics.
+	 *
+	 * Returns 404 if no metrics provider is configured.
+	 *
+	 * @param res - The server response
+	 * @param metricsProvider - Function that returns Prometheus-format metrics text
+	 */ handleMetricsEndpoint(res, metricsProvider) {
+        if (!metricsProvider) {
+            res.writeHead(404, {
+                'Content-Type': 'text/plain'
+            });
+            res.end('Not Found');
+            return;
+        }
+        res.writeHead(200, {
+            'Content-Type': 'text/plain; version=0.0.4; charset=utf-8'
+        });
+        res.end(metricsProvider());
+    }
+}
+
+
+},
+390(__unused_rspack_module, __webpack_exports__, __webpack_require__) {
+__webpack_require__.d(__webpack_exports__, {
+  SseTransport: () => (SseTransport)
+});
+/* import */ var node_http__rspack_import_0 = __webpack_require__(316);
+/* import */ var node_crypto__rspack_import_1 = __webpack_require__(561);
+/* import */ var node_url__rspack_import_2 = __webpack_require__(61);
+/* import */ var valibot__rspack_import_3 = __webpack_require__(821);
+/* import */ var _schema_js__rspack_import_4 = __webpack_require__(613);
+/* import */ var _BaseTransport_js__rspack_import_5 = __webpack_require__(419);
+/* import */ var _context_RequestContext_js__rspack_import_6 = __webpack_require__(923);
+/**
+ * SSE (Server-Sent Events) Transport implementation.
+ *
+ * This transport allows multiple concurrent connections over HTTP using Server-Sent Events,
+ * enabling multi-user scenarios and horizontal scaling.
+ *
+ * When a ConnectionPool is provided, each SSE client gets an isolated session with its own
+ * thought history. Without a pool, all clients share a single server instance (backward compatible).
+ *
+ * @example
+ * ```typescript
+ * const transport = new SseTransport({
+ *   port: 3000,
+ *   host: 'localhost'
+ * });
+ * await transport.connect(server);
+ * ```
+ */ 
+
+
+
+
+
+
+/**
+ * SSE Transport for MCP server over HTTP.
+ *
+ * This transport uses Server-Sent Events (SSE) to communicate with clients,
+ * allowing multiple concurrent connections and web-based clients.
+ *
+ * @remarks
+ * **Security Features:**
+ * - Session ID validation (alphanumeric, max 64 chars)
+ * - Query parameter sanitization (whitelist allowed keys)
+ * - Rate limiting per IP (configurable, default 100 req/min)
+ * - CORS origin validation
+ *
+ * **Rate Limiting:**
+ * - Tracks requests per IP address within a time window
+ * - Returns 429 Too Many Requests when limit exceeded
+ * - Can be disabled via `enableRateLimit: false`
+ */ class SseTransport extends _BaseTransport_js__rspack_import_5/* .BaseTransport */.j {
+    get kind() {
+        return 'sse';
+    }
+    _server;
+    _path;
+    _clients = new Set();
+    _clientSessionMap = new Map();
+    _messageQueue = new Map();
+    _metrics;
+    _connectionPool;
+    constructor(options = {}){
+        super(options);
+        this._path = options.path ?? '/sse';
+        this._metrics = options.metrics;
+        this._connectionPool = options.connectionPool;
+        this._updateActiveConnectionsMetric();
+        this._server = (0,node_http__rspack_import_0.createServer)((req, res)=>this._handleRequest(req, res));
+    }
+    /**
+	 * Connect MCP server to this transport.
+	 *
+	 * @param mcpServer - The MCP server instance
+	 */ async connect(mcpServer) {
+        this._mcpServer = mcpServer;
+        return new Promise((resolve)=>{
+            this._server.listen(this._port, this._host, ()=>{
+                this.log('info', `SSE transport listening on http://${this._host}:${this._port}`);
+                resolve();
+            });
+        });
+    }
+    _mcpServer = null;
+    /**
+	 * Handle incoming HTTP requests
+	 */ async _handleRequest(req, res) {
+        const startTime = Date.now();
+        const requestPath = req.url || '/';
+        const requestMethod = req.method || 'GET';
+        this._metrics?.counter('http_requests_total', 1, {
+            transport: 'sse',
+            method: requestMethod,
+            path: requestPath
+        }, 'Total HTTP requests');
+        res.once('finish', ()=>{
+            const durationSeconds = (Date.now() - startTime) / 1000;
+            this._metrics?.histogram('http_request_duration_seconds', durationSeconds, {
+                transport: 'sse',
+                path: requestPath
+            });
+        });
+        if (!this.validateHostHeader(req)) {
+            this._metrics?.counter('http_request_errors_total', 1, {
+                transport: 'sse',
+                error_type: 'forbidden'
+            }, 'Total HTTP request errors');
+            res.writeHead(403, {
+                'Content-Type': 'application/json'
+            });
+            res.end(JSON.stringify({
+                error: 'Forbidden - invalid host header'
+            }));
+            return;
+        }
+        const url = new node_url__rspack_import_2.URL(req.url || '', `http://${req.headers.host}`);
+        // Check rate limit first
+        const clientIp = this.getClientIp(req);
+        if (this.checkRateLimit(clientIp)) {
+            this._metrics?.counter('http_request_errors_total', 1, {
+                transport: 'sse',
+                error_type: 'rate_limit'
+            }, 'Total HTTP request errors');
+            res.writeHead(429, {
+                'Content-Type': 'application/json',
+                'Retry-After': '60'
+            });
+            res.end(JSON.stringify({
+                error: 'Too many requests'
+            }));
+            return;
+        }
+        // Validate CORS origin
+        if (!this.validateCorsOrigin(req)) {
+            this._metrics?.counter('http_request_errors_total', 1, {
+                transport: 'sse',
+                error_type: 'forbidden'
+            }, 'Total HTTP request errors');
+            res.writeHead(403, {
+                'Content-Type': 'application/json'
+            });
+            res.end(JSON.stringify({
+                error: 'Forbidden - invalid origin'
+            }));
+            return;
+        }
+        // Set CORS headers
+        this.setCorsHeaders(res);
+        // Sanitize query parameters
+        const sanitizedParams = this.sanitizeQueryParams(url);
+        // Validate session ID if present
+        if (sanitizedParams.session || sanitizedParams.sessionId) {
+            const sessionId = sanitizedParams.session ?? sanitizedParams.sessionId;
+            if (!this.validateSessionId(sessionId)) {
+                this._metrics?.counter('http_request_errors_total', 1, {
+                    transport: 'sse',
+                    error_type: 'validation'
+                }, 'Total HTTP request errors');
+                res.writeHead(400, {
+                    'Content-Type': 'application/json'
+                });
+                res.end(JSON.stringify({
+                    error: 'Invalid session ID format'
+                }));
+                return;
+            }
+        }
+        // Handle CORS preflight
+        if (this._enableCors && req.method === 'OPTIONS') {
+            res.writeHead(204);
+            res.end();
+            return;
+        }
+        // Handle SSE endpoint
+        if (url.pathname === this._path && req.method === 'GET') {
+            await this._handleSseConnection(req, res, sanitizedParams);
+            return;
+        }
+        // Handle message endpoint (for receiving messages from clients)
+        if (url.pathname === `${this._path}/message` && req.method === 'POST') {
+            await this._handleMessage(req, res, sanitizedParams);
+            return;
+        }
+        // Handle health check (liveness)
+        if (url.pathname === '/health') {
+            this._handleHealthCheck(res);
+            return;
+        }
+        // Handle readiness check
+        if (url.pathname === '/ready') {
+            await this._handleReadinessCheck(res);
+            return;
+        }
+        // 404 for unknown paths
+        res.writeHead(404, {
+            'Content-Type': 'text/plain'
+        });
+        res.end('Not Found');
+    }
+    /**
+	 * Handle health check (liveness) endpoint
+	 */ _handleHealthCheck(res) {
+        const healthData = {
+            status: 'healthy',
+            clients: this._clients.size
+        };
+        if (this._connectionPool) {
+            const poolStats = this._connectionPool.getStats();
+            healthData.pool = poolStats;
+        }
+        if (this._healthChecker) {
+            const liveness = this._healthChecker.checkLiveness();
+            healthData.liveness = liveness;
+        }
+        res.writeHead(200, {
+            'Content-Type': 'application/json'
+        });
+        res.end(JSON.stringify(healthData));
+    }
+    /**
+	 * Handle readiness check endpoint
+	 */ async _handleReadinessCheck(res) {
+        if (this._healthChecker) {
+            const readiness = await this._healthChecker.checkReadiness();
+            const statusCode = readiness.status === 'ok' ? 200 : 503;
+            res.writeHead(statusCode, {
+                'Content-Type': 'application/json'
+            });
+            res.end(JSON.stringify(readiness));
+        } else {
+            res.writeHead(200, {
+                'Content-Type': 'application/json'
+            });
+            res.end(JSON.stringify({
+                status: 'ok',
+                timestamp: new Date().toISOString(),
+                components: {}
+            }));
+        }
+    }
+    /**
+	 * Handle new SSE connection
+	 */ async _handleSseConnection(req, res, params) {
+        // Set SSE headers
+        res.writeHead(200, {
+            'Content-Type': 'text/event-stream',
+            'Cache-Control': 'no-cache',
+            Connection: 'keep-alive'
+        });
+        // Resolve session ID when pool is active
+        let sessionId;
+        if (this._connectionPool) {
+            const requestedSession = params.session ?? params.sessionId;
+            if (requestedSession && this._connectionPool.getSessionInfo(requestedSession)) {
+                sessionId = requestedSession;
+            } else {
+                try {
+                    sessionId = await this._connectionPool.createSession();
+                } catch (error) {
+                    res.write(`event: error\n`);
+                    res.write(`data: ${JSON.stringify({
+                        error: error instanceof Error ? error.message : 'Failed to create session'
+                    })}\n\n`);
+                    res.end();
+                    return;
+                }
+            }
+            this._clientSessionMap.set(res, sessionId);
+            this._updatePoolMetrics();
+        }
+        // Send initial connection event
+        const connectedPayload = {
+            timestamp: Date.now()
+        };
+        if (sessionId) {
+            connectedPayload.sessionId = sessionId;
+        }
+        this._sendSseEvent(res, 'connected', connectedPayload);
+        // Add to clients
+        this._clients.add(res);
+        this._updateActiveConnectionsMetric();
+        // Handle client disconnect
+        req.on('close', ()=>{
+            this._clients.delete(res);
+            this._clientSessionMap.delete(res);
+            this._updateActiveConnectionsMetric();
+        });
+        // Send any queued messages
+        const clientId = this._generateClientId();
+        const queued = this._messageQueue.get(clientId);
+        if (queued) {
+            for (const message of queued){
+                this._sendSseEvent(res, 'message', message);
+            }
+            this._messageQueue.delete(clientId);
+        }
+    }
+    /**
+	 * Handle incoming message from client
+	 */ async _handleMessage(req, res, _params) {
+        let body = '';
+        for await (const chunk of req){
+            body += chunk.toString();
+        }
+        try {
+            const jsonRpcRequest = JSON.parse(body);
+            const parseResult = (0,valibot__rspack_import_3.safeParse)(_schema_js__rspack_import_4/* .JsonRpcRequestSchema */.Uv, jsonRpcRequest);
+            if (!parseResult.success) {
+                this._metrics?.counter('http_request_errors_total', 1, {
+                    transport: 'sse',
+                    error_type: 'validation'
+                }, 'Total HTTP request errors');
+                res.writeHead(200, {
+                    'Content-Type': 'application/json'
+                });
+                res.end(JSON.stringify({
+                    jsonrpc: '2.0',
+                    id: jsonRpcRequest?.id ?? null,
+                    error: {
+                        code: -32600,
+                        message: 'Invalid Request',
+                        data: parseResult.issues
+                    }
+                }));
+                return;
+            }
+            // Process message through MCP server with owner context
+            if (this._mcpServer) {
+                const sessionId = this._clientSessionMap.get(res);
+                const owner = sessionId ?? `sse-${(0,node_crypto__rspack_import_1.randomUUID)()}`;
+                const response = await (0,_context_RequestContext_js__rspack_import_6/* .runWithContext */.Vo)({
+                    requestId: (0,node_crypto__rspack_import_1.randomUUID)(),
+                    owner
+                }, ()=>this._mcpServer.receive(jsonRpcRequest, {
+                        sessionInfo: {}
+                    }));
+                res.writeHead(200, {
+                    'Content-Type': 'application/json'
+                });
+                if (response) {
+                    res.end(JSON.stringify(response));
+                } else {
+                    res.end(JSON.stringify({
+                        jsonrpc: '2.0',
+                        id: jsonRpcRequest?.id ?? null,
+                        result: null
+                    }));
+                }
+            } else {
+                this._metrics?.counter('http_request_errors_total', 1, {
+                    transport: 'sse',
+                    error_type: 'server_not_ready'
+                }, 'Total HTTP request errors');
+                res.writeHead(503, {
+                    'Content-Type': 'application/json'
+                });
+                res.end(JSON.stringify({
+                    error: 'Server not ready'
+                }));
+            }
+        } catch  {
+            this._metrics?.counter('http_request_errors_total', 1, {
+                transport: 'sse',
+                error_type: 'parse_error'
+            }, 'Total HTTP request errors');
+            res.writeHead(400, {
+                'Content-Type': 'application/json'
+            });
+            res.end(JSON.stringify({
+                error: 'Invalid JSON'
+            }));
+        }
+    }
+    /**
+	 * Send an SSE event to a specific client
+	 */ _sendSseEvent(res, event, data) {
+        try {
+            res.write(`event: ${event}\n`);
+            res.write(`data: ${JSON.stringify(data)}\n\n`);
+        } catch  {
+            // Client disconnected
+            this._clients.delete(res);
+            this._updateActiveConnectionsMetric();
+        }
+    }
+    _updateActiveConnectionsMetric() {
+        this._metrics?.gauge('sse_active_connections', this._clients.size, {}, 'Current active SSE connections');
+    }
+    _updatePoolMetrics() {
+        if (!this._connectionPool || !this._metrics) {
+            return;
+        }
+        const stats = this._connectionPool.getStats();
+        this._metrics.gauge('sse_pool_active_sessions', stats.activeSessions, {}, 'Active sessions in connection pool');
+        this._metrics.gauge('sse_pool_total_sessions', stats.totalSessions, {}, 'Total sessions in connection pool');
+        this._metrics.gauge('sse_pool_max_sessions', stats.maxSessions, {}, 'Maximum sessions in connection pool');
+    }
+    /**
+	 * Broadcast a message to all connected clients
+	 */ broadcast(event, data) {
+        for (const client of this._clients){
+            this._sendSseEvent(client, event, data);
+        }
+    }
+    /**
+	 * Generate a unique client ID
+	 */ _generateClientId() {
+        return `client_${Date.now()}_${Math.random().toString(36).substring(2, 11)}`;
+    }
+    /**
+	 * Get number of connected clients
+	 */ get clientCount() {
+        return this._clients.size;
+    }
+    /**
+	 * Get the connection pool, if one was configured.
+	 */ get connectionPool() {
+        return this._connectionPool;
+    }
+    /**
+	 * Stop the transport server with graceful shutdown.
+	 *
+	 * @param timeout - Maximum time to wait for requests to drain (not used for SSE)
+	 * @returns Promise that resolves when shutdown is complete
+	 */ async stop(_timeout) {
+        this._isShuttingDown = true;
+        this._stopRateLimitCleanup();
+        // Terminate connection pool if present
+        if (this._connectionPool) {
+            await this._connectionPool.terminate();
+        }
+        return new Promise((resolve)=>{
+            // Close all client connections
+            for (const client of this._clients){
+                try {
+                    client.end();
+                } catch  {
+                // Ignore errors
+                }
+            }
+            this._clients.clear();
+            this._clientSessionMap.clear();
+            this._updateActiveConnectionsMetric();
+            // Close server
+            this._server.close(()=>{
+                this.log('info', 'SSE transport stopped');
+                resolve();
+            });
+        });
+    }
+}
+/**
+ * Create an SSE transport with given options.
+ *
+ * @param options - Transport configuration
+ * @returns A configured SSE transport
+ *
+ * @example
+ * ```typescript
+ * const transport = createSseTransport({ port: 3000 });
+ * await transport.connect(mcpServer);
+ * ```
+ */ function createSseTransport(options = {}) {
+    return new SseTransport(options);
+}
+
+
+},
+34(__unused_rspack_module, __webpack_exports__, __webpack_require__) {
+
+// EXPORTS
+__webpack_require__.d(__webpack_exports__, {
+  StreamableHttpTransport: () => (/* binding */ StreamableHttpTransport)
+});
+
+// UNUSED EXPORTS: createStreamableHttpTransport
+
+// EXTERNAL MODULE: external "node:crypto"
+var external_node_crypto_ = __webpack_require__(561);
+// EXTERNAL MODULE: external "node:http"
+var external_node_http_ = __webpack_require__(316);
+// EXTERNAL MODULE: external "valibot"
+var external_valibot_ = __webpack_require__(821);
+// EXTERNAL MODULE: ./src/errors.ts
+var errors = __webpack_require__(937);
+// EXTERNAL MODULE: ./src/schema.ts
+var schema = __webpack_require__(613);
+// EXTERNAL MODULE: ./src/transport/BaseTransport.ts + 1 modules
+var BaseTransport = __webpack_require__(419);
+;// CONCATENATED MODULE: ./src/transport/HttpHelpers.ts
+/**
+ * Shared HTTP helper utilities for MCP transport implementations.
+ *
+ * Centralizes JSON-RPC response formatting, request body reading,
+ * and common HTTP response patterns to eliminate duplication across
+ * HttpTransport, StreamableHttpTransport, and SseTransport.
+ *
+ * @module transport/HttpHelpers
+ */ /**
+ * Send a JSON-RPC 2.0 error response.
+ *
+ * Standardizes error response formatting across all transport implementations.
+ * All JSON-RPC errors use the standard `{ jsonrpc, id, error }` shape.
+ *
+ * @param res - The server response to write to
+ * @param statusCode - HTTP status code (e.g. 400, 403, 429, 500)
+ * @param code - JSON-RPC error code (e.g. -32700, -32600, -32603)
+ * @param message - Human-readable error message
+ * @param id - Optional JSON-RPC request ID (defaults to null)
+ * @param data - Optional additional error data
+ */ function sendJsonRpcError(res, statusCode, code, message, id = null, data) {
+    const body = {
+        jsonrpc: '2.0',
+        id,
+        error: {
+            code,
+            message
+        }
+    };
+    if (data !== undefined) {
+        body.error.data = data;
+    }
+    res.writeHead(statusCode, {
+        'Content-Type': 'application/json'
+    });
+    res.end(JSON.stringify(body));
+}
+/**
+ * Send a JSON-RPC 2.0 success response.
+ *
+ * @param res - The server response to write to
+ * @param response - The JSON-RPC response object to send
+ * @param statusCode - HTTP status code (default: 200)
+ * @param headers - Optional additional response headers
+ */ function sendJsonRpcResponse(res, response, statusCode = 200, headers = {}) {
+    const defaultHeaders = {
+        'Content-Type': 'application/json'
+    };
+    res.writeHead(statusCode, {
+        ...defaultHeaders,
+        ...headers
+    });
+    res.end(JSON.stringify(response));
+}
+/**
+ * Send a CORS preflight (OPTIONS) response.
+ *
+ * @param res - The server response to write to
+ * @param extraAllowHeaders - Optional extra Access-Control-Allow-Headers values
+ */ function sendCorsPreflight(res, extraAllowHeaders) {
+    if (extraAllowHeaders && extraAllowHeaders.length > 0) {
+        res.setHeader('Access-Control-Allow-Headers', `Content-Type, ${extraAllowHeaders.join(', ')}`);
+    }
+    res.writeHead(204);
+    res.end();
+}
+/**
+ * Read the full request body with optional size limit enforcement.
+ *
+ * Streams the request body chunks, tracking total size.
+ * If the body exceeds `maxBodySize`, reading stops and `null` is returned
+ * to indicate the payload is too large.
+ *
+ * @param req - The incoming HTTP request
+ * @param maxBodySize - Maximum allowed body size in bytes (0 = unlimited)
+ * @returns The body string, or `null` if the body exceeded the size limit
+ */ async function readRequestBody(req, maxBodySize) {
+    let body = '';
+    let bodySize = 0;
+    for await (const chunk of req){
+        const chunkStr = typeof chunk === 'string' ? chunk : chunk.toString();
+        bodySize += chunkStr.length;
+        if (maxBodySize > 0 && bodySize > maxBodySize) {
+            return null;
+        }
+        body += chunkStr;
+    }
+    return body;
+}
+
+// EXTERNAL MODULE: ./src/context/RequestContext.ts + 1 modules
+var RequestContext = __webpack_require__(923);
+;// CONCATENATED MODULE: ./src/transport/StreamableHttpTransport.ts
+/**
+ * Streamable HTTP Transport implementation (MCP spec recommended transport).
+ *
+ * This transport implements the MCP Streamable HTTP specification, which replaces
+ * the deprecated SSE transport as the recommended HTTP-based transport since March 2025.
+ *
+ * Key features:
+ * - POST /mcp for JSON-RPC requests (main MCP endpoint)
+ * - GET /mcp for optional SSE server-to-client notifications
+ * - Session management via Mcp-Session-Id header
+ * - Supports both stateful (session-based) and stateless (per-request) modes
+ * - Health endpoints (/health, /ready)
+ *
+ * @example
+ * ```typescript
+ * const transport = new StreamableHttpTransport({
+ *   port: 3000,
+ *   host: 'localhost',
+ *   stateful: true,
+ * });
+ * await transport.connect(server);
+ * ```
+ */ 
+
+
+
+
+
+
+
+/**
+ * Streamable HTTP Transport for MCP server.
+ *
+ * This transport implements the MCP Streamable HTTP specification,
+ * providing JSON-RPC over HTTP with optional session management
+ * and server-to-client SSE notification streams.
+ *
+ * @remarks
+ * **Security Features (inherited from BaseTransport):**
+ * - Session ID validation (alphanumeric, max 64 chars)
+ * - Query parameter sanitization (whitelist allowed keys)
+ * - Rate limiting per IP (configurable, default 100 req/min)
+ * - CORS origin validation
+ * - Host header validation
+ *
+ * **MCP Streamable HTTP Spec Compliance:**
+ * - POST /mcp — JSON-RPC method calls
+ * - GET /mcp — SSE notification stream (server-to-client)
+ * - Mcp-Session-Id header for session management
+ * - Content-Type: application/json for JSON-RPC responses
+ * - Content-Type: text/event-stream for SSE notification streams
+ *
+ * **HTTP Status Code Mapping:**
+ * - 200: Success (JSON-RPC response or SSE stream)
+ * - 202: Accepted (JSON-RPC notification, no response body)
+ * - 204: CORS Preflight (empty body)
+ * - 400: Bad Request (invalid JSON, invalid session ID)
+ * - 403: Forbidden (invalid CORS, invalid host)
+ * - 404: Not Found
+ * - 405: Method Not Allowed
+ * - 413: Payload Too Large
+ * - 429: Too Many Requests
+ * - 500: Internal Server Error
+ * - 503: Server Not Ready / Shutting Down
+ */ class StreamableHttpTransport extends BaseTransport/* .BaseTransport */.j {
+    get kind() {
+        return 'streamable-http';
+    }
+    _server = null;
+    _mcpServer = null;
+    _path;
+    _stateful;
+    _sessionIdGenerator;
+    _sessions = new Map();
+    _requestCount = 0;
+    _activeRequests = 0;
+    _bodySizeLimitEnabled;
+    _maxBodySize;
+    _requestTimeout;
+    _metrics;
+    _metricsProvider;
+    constructor(options = {}){
+        super(options);
+        this._path = options.path ?? '/mcp';
+        this._stateful = options.stateful ?? true;
+        this._sessionIdGenerator = options.sessionIdGenerator ?? (()=>(0,external_node_crypto_.randomUUID)());
+        this._bodySizeLimitEnabled = options.enableBodySizeLimit ?? true;
+        this._maxBodySize = options.maxBodySize ?? 10 * 1024 * 1024;
+        this._requestTimeout = options.requestTimeout ?? 30000;
+        this._metrics = options.metrics;
+        this._metricsProvider = options.metricsProvider ?? null;
+    }
+    /**
+	 * Get number of active sessions (stateful) or active requests (stateless).
+	 */ get clientCount() {
+        return this._stateful ? this._sessions.size : this._activeRequests;
+    }
+    /**
+	 * Get the total number of requests handled.
+	 */ get requestCount() {
+        return this._requestCount;
+    }
+    /**
+	 * Connects MCP server to this transport and starts listening.
+	 */ async connect(mcpServer) {
+        this._mcpServer = mcpServer;
+        this._server = (0,external_node_http_.createServer)((req, res)=>this._handleRequest(req, res));
+        return new Promise((resolve)=>{
+            this._server.listen(this._port, this._host, ()=>{
+                this.log('info', `Streamable HTTP transport listening on http://${this._host}:${this._port}`);
+                resolve();
+            });
+        });
+    }
+    /**
+	 * Route and handle incoming HTTP requests.
+	 */ async _handleRequest(req, res) {
+        const startTime = Date.now();
+        this._metrics?.counter('streamable_http_requests_total', 1, {}, 'Total Streamable HTTP transport requests');
+        res.once('finish', ()=>{
+            const durationSeconds = (Date.now() - startTime) / 1000;
+            this._metrics?.histogram('streamable_http_request_duration_seconds', durationSeconds, {});
+        });
+        // Host validation
+        if (!this.validateHostHeader(req)) {
+            this._sendJsonRpcError(res, 403, -32000, 'Forbidden - invalid host header');
+            return;
+        }
+        // Shutdown check
+        if (this.isShuttingDown) {
+            this._sendJsonRpcError(res, 503, -32603, 'Server is shutting down');
+            return;
+        }
+        // Rate limiting
+        const clientIp = this.getClientIp(req);
+        if (this.checkRateLimit(clientIp)) {
+            res.setHeader('Retry-After', '60');
+            this._sendJsonRpcError(res, 429, -32000, 'Too many requests');
+            return;
+        }
+        // CORS validation
+        if (!this.validateCorsOrigin(req)) {
+            this._sendJsonRpcError(res, 403, -32000, 'Forbidden - invalid origin');
+            return;
+        }
+        this.setCorsHeaders(res);
+        // CORS preflight
+        if (req.method === 'OPTIONS') {
+            res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Mcp-Session-Id');
+            res.writeHead(204);
+            res.end();
+            return;
+        }
+        // Parse URL path
+        const urlPath = req.url?.split('?')[0] ?? '/';
+        // Metrics endpoint
+        if (req.method === 'GET' && urlPath === '/metrics') {
+            this._handleMetrics(res);
+            return;
+        }
+        // Health check (liveness)
+        if (req.method === 'GET' && urlPath === '/health') {
+            this._handleHealthCheck(res);
+            return;
+        }
+        // Readiness check
+        if (req.method === 'GET' && urlPath === '/ready') {
+            await this._handleReadinessCheck(res);
+            return;
+        }
+        // MCP endpoint routing
+        if (urlPath === this._path) {
+            if (req.method === 'POST') {
+                await this._handleMcpPost(req, res);
+                return;
+            }
+            if (req.method === 'GET') {
+                this._handleMcpGet(req, res);
+                return;
+            }
+            res.writeHead(405, {
+                'Content-Type': 'application/json',
+                Allow: 'GET, POST'
+            });
+            res.end(JSON.stringify({
+                jsonrpc: '2.0',
+                id: null,
+                error: {
+                    code: -32601,
+                    message: 'Method not allowed'
+                }
+            }));
+            return;
+        }
+        // 404 for unknown paths
+        this._sendJsonRpcError(res, 404, -32601, 'Not Found');
+    }
+    /**
+	 * Send a JSON-RPC error response.
+	 */ _sendJsonRpcError(res, statusCode, code, message, id = null, extra) {
+        const error = {
+            code,
+            message
+        };
+        if (extra) {
+            Object.assign(error, extra);
+        }
+        res.writeHead(statusCode, {
+            'Content-Type': 'application/json'
+        });
+        res.end(JSON.stringify({
+            jsonrpc: '2.0',
+            id,
+            error
+        }));
+    }
+    /**
+	 * Handle POST /mcp — JSON-RPC method calls.
+	 *
+	 * Per the MCP Streamable HTTP spec:
+	 * - Accepts JSON-RPC request bodies
+	 * - Returns Mcp-Session-Id header for new sessions (stateful mode)
+	 * - Validates Mcp-Session-Id for existing sessions (stateful mode)
+	 * - Content-Type: application/json for responses
+	 */ async _handleMcpPost(req, res) {
+        this._requestCount++;
+        this._activeRequests++;
+        const timeout = setTimeout(()=>{
+            this._activeRequests--;
+            this._sendJsonRpcError(res, 500, -32603, 'Request timeout');
+        }, this._requestTimeout);
+        try {
+            // Read request body with size limit
+            const body = await readRequestBody(req, this._bodySizeLimitEnabled ? this._maxBodySize : 0);
+            if (body === null) {
+                clearTimeout(timeout);
+                this._activeRequests--;
+                this._sendJsonRpcError(res, 413, -32000, 'Request body too large');
+                return;
+            }
+            // Parse JSON
+            let jsonRpcRequest;
+            try {
+                jsonRpcRequest = JSON.parse(body);
+            } catch  {
+                clearTimeout(timeout);
+                this._activeRequests--;
+                this._sendJsonRpcError(res, 200, -32700, 'Parse error');
+                return;
+            }
+            // Validate JSON-RPC schema
+            const parseResult = (0,external_valibot_.safeParse)(schema/* .JsonRpcRequestSchema */.Uv, jsonRpcRequest);
+            if (!parseResult.success) {
+                clearTimeout(timeout);
+                this._activeRequests--;
+                this._sendJsonRpcError(res, 200, -32600, 'Invalid Request', jsonRpcRequest?.id ?? null, {
+                    data: parseResult.issues
+                });
+                return;
+            }
+            // Session management (stateful mode)
+            let sessionId;
+            if (this._stateful) {
+                const sessionResult = this._resolveSession(req, res);
+                if (sessionResult === false) {
+                    clearTimeout(timeout);
+                    this._activeRequests--;
+                    return;
+                }
+                sessionId = sessionResult;
+            }
+            // Check if MCP server is ready
+            if (!this._mcpServer) {
+                clearTimeout(timeout);
+                this._activeRequests--;
+                this._sendJsonRpcError(res, 503, -32603, 'Server not ready', jsonRpcRequest?.id ?? null);
+                return;
+            }
+            // Process JSON-RPC request through MCP server
+            // Process JSON-RPC request through MCP server with owner context
+            const owner = this._stateful ? sessionId ?? (0,external_node_crypto_.randomUUID)() : (0,external_node_crypto_.randomUUID)();
+            const response = await (0,RequestContext/* .runWithContext */.Vo)({
+                requestId: (0,external_node_crypto_.randomUUID)(),
+                owner
+            }, ()=>this._mcpServer.receive(jsonRpcRequest, {
+                    sessionInfo: {}
+                }));
+            clearTimeout(timeout);
+            this._activeRequests--;
+            // Send response with session header if applicable
+            const responseHeaders = {
+                'Content-Type': 'application/json'
+            };
+            if (sessionId) responseHeaders['Mcp-Session-Id'] = sessionId;
+            if (response) {
+                res.writeHead(200, responseHeaders);
+                res.end(JSON.stringify(response));
+            } else {
+                if (sessionId) res.setHeader('Mcp-Session-Id', sessionId);
+                res.writeHead(202);
+                res.end();
+            }
+        } catch (error) {
+            clearTimeout(timeout);
+            this._activeRequests--;
+            this._sendJsonRpcError(res, 200, -32603, 'Internal error', null, {
+                data: (0,errors/* .getErrorMessage */.u1)(error)
+            });
+        }
+    }
+    /**
+	 * Handle GET /mcp — Optional SSE notification stream.
+	 *
+	 * Per the MCP Streamable HTTP spec, clients may open a GET request
+	 * to receive server-initiated notifications as SSE events.
+	 * Requires a valid Mcp-Session-Id in stateful mode.
+	 */ _handleMcpGet(req, res) {
+        if (!this._stateful) {
+            // SSE notification streams require stateful mode
+            res.writeHead(405, {
+                'Content-Type': 'application/json',
+                Allow: 'POST'
+            });
+            res.end(JSON.stringify({
+                jsonrpc: '2.0',
+                id: null,
+                error: {
+                    code: -32601,
+                    message: 'GET not supported in stateless mode'
+                }
+            }));
+            return;
+        }
+        // Require Mcp-Session-Id for GET requests
+        const sessionId = this._getSessionIdFromHeader(req);
+        if (!sessionId) {
+            res.writeHead(400, {
+                'Content-Type': 'application/json'
+            });
+            res.end(JSON.stringify({
+                jsonrpc: '2.0',
+                id: null,
+                error: {
+                    code: -32600,
+                    message: 'Missing Mcp-Session-Id header'
+                }
+            }));
+            return;
+        }
+        const session = this._sessions.get(sessionId);
+        if (!session) {
+            res.writeHead(404, {
+                'Content-Type': 'application/json'
+            });
+            res.end(JSON.stringify({
+                jsonrpc: '2.0',
+                id: null,
+                error: {
+                    code: -32001,
+                    message: 'Session not found'
+                }
+            }));
+            return;
+        }
+        // Set SSE headers
+        res.writeHead(200, {
+            'Content-Type': 'text/event-stream',
+            'Cache-Control': 'no-cache',
+            Connection: 'keep-alive',
+            'Mcp-Session-Id': sessionId
+        });
+        // Send initial connected event
+        this._sendSseEvent(res, 'connected', {
+            sessionId,
+            timestamp: Date.now()
+        });
+        // Track this notification stream
+        session.notificationStreams.add(res);
+        session.lastActivityAt = Date.now();
+        this._updateSessionMetrics();
+        // Handle client disconnect
+        req.on('close', ()=>{
+            session.notificationStreams.delete(res);
+            this._updateSessionMetrics();
+        });
+    }
+    /**
+	 * Resolve or create a session for a stateful request.
+	 *
+	 * @returns Session ID string on success, or `false` if the response was already sent (error).
+	 */ _resolveSession(req, res) {
+        const headerSessionId = this._getSessionIdFromHeader(req);
+        if (headerSessionId) {
+            // Validate format
+            if (!this.validateSessionId(headerSessionId)) {
+                res.writeHead(400, {
+                    'Content-Type': 'application/json'
+                });
+                res.end(JSON.stringify({
+                    jsonrpc: '2.0',
+                    id: null,
+                    error: {
+                        code: -32600,
+                        message: 'Invalid Mcp-Session-Id format'
+                    }
+                }));
+                return false;
+            }
+            // Check if session exists
+            const session = this._sessions.get(headerSessionId);
+            if (session) {
+                session.lastActivityAt = Date.now();
+                return headerSessionId;
+            }
+            // Unknown session ID — per spec, return 404
+            res.writeHead(404, {
+                'Content-Type': 'application/json'
+            });
+            res.end(JSON.stringify({
+                jsonrpc: '2.0',
+                id: null,
+                error: {
+                    code: -32001,
+                    message: 'Session not found'
+                }
+            }));
+            return false;
+        }
+        // No session header — create new session
+        const newSessionId = this._sessionIdGenerator();
+        const sessionState = {
+            id: newSessionId,
+            createdAt: Date.now(),
+            lastActivityAt: Date.now(),
+            notificationStreams: new Set()
+        };
+        this._sessions.set(newSessionId, sessionState);
+        this.log('info', `New session created: ${newSessionId}`);
+        this._updateSessionMetrics();
+        return newSessionId;
+    }
+    /**
+	 * Extract Mcp-Session-Id from request headers.
+	 */ _getSessionIdFromHeader(req) {
+        const value = req.headers['mcp-session-id'];
+        if (typeof value === 'string' && value.length > 0) {
+            return value;
+        }
+        return undefined;
+    }
+    /**
+	 * Send an SSE event to a specific client response stream.
+	 */ _sendSseEvent(res, event, data) {
+        try {
+            res.write(`event: ${event}\n`);
+            res.write(`data: ${JSON.stringify(data)}\n\n`);
+        } catch  {
+        // Client disconnected — ignore
+        }
+    }
+    /**
+	 * Broadcast a notification to all SSE streams in a given session.
+	 *
+	 * @param sessionId - Target session ID
+	 * @param event - SSE event name
+	 * @param data - Event payload
+	 */ broadcastToSession(sessionId, event, data) {
+        const session = this._sessions.get(sessionId);
+        if (!session) {
+            return;
+        }
+        for (const stream of session.notificationStreams){
+            this._sendSseEvent(stream, event, data);
+        }
+    }
+    /**
+	 * Handle GET /metrics endpoint.
+	 */ _handleMetrics(res) {
+        if (!this._metricsProvider) {
+            res.writeHead(404, {
+                'Content-Type': 'text/plain'
+            });
+            res.end('Not Found');
+            return;
+        }
+        res.writeHead(200, {
+            'Content-Type': 'text/plain; version=0.0.4; charset=utf-8'
+        });
+        res.end(this._metricsProvider());
+    }
+    /**
+	 * Handle GET /health — Liveness check.
+	 */ _handleHealthCheck(res) {
+        const healthData = {
+            status: 'healthy',
+            requests: this._requestCount,
+            sessions: this._sessions.size,
+            transport: 'streamable-http'
+        };
+        if (this._healthChecker) {
+            const liveness = this._healthChecker.checkLiveness();
+            healthData.liveness = liveness;
+        }
+        res.writeHead(200, {
+            'Content-Type': 'application/json'
+        });
+        res.end(JSON.stringify(healthData));
+    }
+    /**
+	 * Handle GET /ready — Readiness check.
+	 */ async _handleReadinessCheck(res) {
+        if (this._healthChecker) {
+            const readiness = await this._healthChecker.checkReadiness();
+            const statusCode = readiness.status === 'ok' ? 200 : 503;
+            res.writeHead(statusCode, {
+                'Content-Type': 'application/json'
+            });
+            res.end(JSON.stringify(readiness));
+        } else {
+            res.writeHead(200, {
+                'Content-Type': 'application/json'
+            });
+            res.end(JSON.stringify({
+                status: 'ok',
+                timestamp: new Date().toISOString(),
+                components: {}
+            }));
+        }
+    }
+    /**
+	 * Update session-related metrics.
+	 */ _updateSessionMetrics() {
+        this._metrics?.gauge('streamable_http_active_sessions', this._sessions.size, {}, 'Active Streamable HTTP sessions');
+        let totalStreams = 0;
+        for (const session of this._sessions.values()){
+            totalStreams += session.notificationStreams.size;
+        }
+        this._metrics?.gauge('streamable_http_notification_streams', totalStreams, {}, 'Active SSE notification streams');
+    }
+    /**
+	 * Stop transport server with graceful shutdown.
+	 *
+	 * @param timeout - Maximum time to wait for in-flight requests (default: 30s)
+	 */ async stop(timeout) {
+        this._isShuttingDown = true;
+        this._stopRateLimitCleanup();
+        const shutdownTimeout = timeout ?? 30000;
+        // Close all SSE notification streams
+        for (const session of this._sessions.values()){
+            for (const stream of session.notificationStreams){
+                try {
+                    stream.end();
+                } catch  {
+                // Ignore errors
+                }
+            }
+            session.notificationStreams.clear();
+        }
+        this._sessions.clear();
+        return new Promise((resolve)=>{
+            if (!this._server) {
+                this.log('info', 'Streamable HTTP transport stopped (no server)');
+                resolve();
+                return;
+            }
+            // Force close after timeout
+            const forceClose = setTimeout(()=>{
+                this.log('warn', 'Streamable HTTP transport force-closing after timeout');
+                resolve();
+            }, shutdownTimeout);
+            this._server.close(()=>{
+                clearTimeout(forceClose);
+                this.log('info', 'Streamable HTTP transport stopped');
+                resolve();
+            });
+        });
+    }
+}
+/**
+ * Create a Streamable HTTP transport with given options.
+ *
+ * @param options - Transport configuration
+ * @returns A configured Streamable HTTP transport
+ *
+ * @example
+ * ```typescript
+ * const transport = createStreamableHttpTransport({ port: 3000, stateful: true });
+ * await transport.connect(server);
+ * ```
+ */ function createStreamableHttpTransport(options = {}) {
+    return new StreamableHttpTransport(options);
+}
+
+
+},
+65(module) {
+
+module.exports = __rspack_external__lib_js_262c9725;
+
+
+},
+561(module) {
+
+module.exports = __rspack_external_node_crypto_9ba42079;
+
+
+},
+316(module) {
+
+module.exports = __rspack_external_node_http_2dc67212;
+
+
+},
+61(module) {
+
+module.exports = __rspack_external_node_url_e96de089;
+
+
+},
+821(module) {
+
+module.exports = __rspack_external_valibot;
+
+
+},
+
+});
+// The module cache
+var __webpack_module_cache__ = {};
+
+// The require function
+function __webpack_require__(moduleId) {
+
+// Check if module is in cache
+var cachedModule = __webpack_module_cache__[moduleId];
+if (cachedModule !== undefined) {
+return cachedModule.exports;
+}
+// Create a new module (and put it into the cache)
+var module = (__webpack_module_cache__[moduleId] = {
+exports: {}
+});
+// Execute the module function
+__webpack_modules__[moduleId](module, module.exports, __webpack_require__);
+
+// Return the exports of the module
+return module.exports;
+
+}
+
+// webpack/runtime/define_property_getters
+(() => {
+__webpack_require__.d = (exports, definition) => {
+	for(var key in definition) {
+        if(__webpack_require__.o(definition, key) && !__webpack_require__.o(exports, key)) {
+            Object.defineProperty(exports, key, { enumerable: true, get: definition[key] });
+        }
+    }
+};
+})();
+// webpack/runtime/has_own_property
+(() => {
+__webpack_require__.o = (obj, prop) => (Object.prototype.hasOwnProperty.call(obj, prop))
+})();
+var __webpack_exports__ = {};
+// This entry needs to be wrapped in an IIFE because it needs to be isolated against other modules in the chunk.
+(() => {
+
+;// CONCATENATED MODULE: external "@tmcp/adapter-valibot"
+
+;// CONCATENATED MODULE: external "@tmcp/transport-stdio"
+
+;// CONCATENATED MODULE: external "node:fs"
+
+;// CONCATENATED MODULE: external "node:path"
+
+// EXTERNAL MODULE: external "node:url"
+var external_node_url_ = __webpack_require__(61);
+;// CONCATENATED MODULE: external "tmcp"
+
+// EXTERNAL MODULE: external "./lib.js"
+var external_lib_js_ = __webpack_require__(65);
+// EXTERNAL MODULE: ./src/context/RequestContext.ts + 1 modules
+var RequestContext = __webpack_require__(923);
+;// CONCATENATED MODULE: ./src/logger/StructuredLogger.ts
+/**
+ * Lightweight structured logging without external dependencies.
+ *
+ * This module provides a structured logging implementation that writes to stderr
+ * for MCP server compatibility. It supports multiple log levels, pretty printing,
+ * and hierarchical child loggers with inherited context.
+ *
+ * @module logger
+ */ 
+/**
+ * Structured logger with level filtering and context support.
+ *
+ * This logger provides structured logging capabilities with configurable
+ * output formats, log levels, and hierarchical context. All output is
+ * written to stderr for compatibility with MCP servers.
+ *
+ * @remarks
+ * **Log Level Priority** (lowest to highest):
+ * - `debug` (0) - Detailed debugging information
+ * - `info` (1) - General informational messages
+ * - `warn` (2) - Warning messages for potential issues
+ * - `error` (3) - Error messages for failures
+ *
+ * Only messages at or above the configured level will be output.
+ *
+ * **Output Formats:**
+ * - Pretty (default): `[timestamp] [LEVEL] [context] message {meta}`
+ * - JSON: `{"level":"info","message":"...","timestamp":"...","context":"...","meta":{...}}`
+ *
+ * @example
+ * ```typescript
+ * // Create a logger
+ * const logger = new StructuredLogger({
+ *   level: 'info',
+ *   context: 'SequentialThinking',
+ *   pretty: true
+ * });
+ *
+ * // Log messages
+ * logger.debug('Detailed debug info', { userId: '123' });
+ * logger.info('Server started', { port: 3000 });
+ * logger.warn('High memory usage', { usage: '85%' });
+ * logger.error('Connection failed', { error: 'ECONNREFUSED' });
+ *
+ * // Create a child logger with extended context
+ * const childLogger = logger.createChild('Database');
+ * childLogger.info('Query executed', { rows: 42 });
+ * // Output: [timestamp] [INFO] [SequentialThinking:Database] Query executed {"rows":42}
+ * ```
+ */ class StructuredLogger {
+    /** Current minimum log level. */ _level;
+    /** Default context for log messages. */ _context;
+    /** Whether pretty printing is enabled. */ _pretty;
+    /**
+	 * Log level priority ordering for filtering.
+	 * Higher numbers = higher severity.
+	 * @private
+	 */ static LEVEL_PRIORITY = {
+        debug: 0,
+        info: 1,
+        warn: 2,
+        error: 3
+    };
+    /**
+	 * Creates a new StructuredLogger instance.
+	 *
+	 * @param options - Configuration options for the logger
+	 *
+	 * @example
+	 * ```typescript
+	 * // Default configuration
+	 * const logger1 = new StructuredLogger();
+	 *
+	 * // Custom configuration
+	 * const logger2 = new StructuredLogger({
+	 *   level: 'debug',
+	 *   context: 'MyApp',
+	 *   pretty: false  // JSON output
+	 * });
+	 * ```
+	 */ constructor(options = {}){
+        this._level = options.level ?? 'info';
+        this._context = options.context ?? 'SequentialThinking';
+        this._pretty = options.pretty ?? true;
+    }
+    /**
+	 * Determines whether a message at the given level should be logged.
+	 * @param level - The log level to check
+	 * @returns true if the level meets the threshold, false otherwise
+	 * @private
+	 */ shouldLog(level) {
+        return StructuredLogger.LEVEL_PRIORITY[level] >= StructuredLogger.LEVEL_PRIORITY[this._level];
+    }
+    /**
+	 * Formats a log entry for output.
+	 * @param entry - The log entry to format
+	 * @returns Formatted string representation
+	 * @private
+	 */ format(entry) {
+        if (this._pretty) {
+            const metaStr = entry.meta ? ` ${JSON.stringify(entry.meta)}` : '';
+            const requestIdStr = entry.requestId ? ` [${entry.requestId}]` : '';
+            return `[${entry.timestamp}] [${entry.level.toUpperCase()}]${entry.context ? ` [${entry.context}]` : ''}${requestIdStr} ${entry.message}${metaStr}`;
+        }
+        return JSON.stringify(entry);
+    }
+    /**
+	 * Internal logging method that handles level filtering and output.
+	 * @param level - The log level for this message
+	 * @param message - The message to log
+	 * @param meta - Optional structured metadata
+	 * @private
+	 */ log(level, message, meta) {
+        if (!this.shouldLog(level)) return;
+        const requestId = (0,RequestContext/* .getRequestId */.RE)();
+        const entry = {
+            level,
+            message,
+            timestamp: new Date().toISOString(),
+            context: this._context,
+            meta,
+            ...requestId ? {
+                requestId
+            } : {}
+        };
+        const formatted = this.format(entry);
+        // Write to stderr for MCP server compatibility
+        console.error(formatted);
+    }
+    /**
+	 * Log a debug message.
+	 *
+	 * Debug messages contain detailed information typically used for
+	 * troubleshooting and development. Only output when log level is 'debug'.
+	 *
+	 * @param message - The message to log
+	 * @param meta - Optional structured metadata
+	 *
+	 * @example
+	 * ```typescript
+	 * logger.debug('Processing request', { path: '/api/users', method: 'GET' });
+	 * ```
+	 */ debug(message, meta) {
+        this.log('debug', message, meta);
+    }
+    /**
+	 * Log an info message.
+	 *
+	 * Info messages contain general informational messages about normal operation.
+	 * Output when log level is 'info' or lower.
+	 *
+	 * @param message - The message to log
+	 * @param meta - Optional structured metadata
+	 *
+	 * @example
+	 * ```typescript
+	 * logger.info('Server started', { port: 3000, env: 'production' });
+	 * ```
+	 */ info(message, meta) {
+        this.log('info', message, meta);
+    }
+    /**
+	 * Log a warning message.
+	 *
+	 * Warning messages indicate potential issues that don't prevent operation
+	 * but may require attention. Output when log level is 'warn' or lower.
+	 *
+	 * @param message - The message to log
+	 * @param meta - Optional structured metadata
+	 *
+	 * @example
+	 * ```typescript
+	 * logger.warn('High memory usage detected', { usage: '85%', threshold: '80%' });
+	 * ```
+	 */ warn(message, meta) {
+        this.log('warn', message, meta);
+    }
+    /**
+	 * Log an error message.
+	 *
+	 * Error messages indicate failures or error conditions. Always output
+	 * regardless of log level setting.
+	 *
+	 * @param message - The message to log
+	 * @param meta - Optional structured metadata
+	 *
+	 * @example
+	 * ```typescript
+	 * logger.error('Database connection failed', { error: err.message, code: err.code });
+	 * ```
+	 */ error(message, meta) {
+        this.log('error', message, meta);
+    }
+    /**
+	 * Creates a child logger with inherited settings and extended context.
+	 *
+	 * Child loggers inherit the parent's log level and pretty print setting,
+	 * but have their context appended to the parent's context for hierarchical logging.
+	 *
+	 * @param context - Additional context to append to the parent's context
+	 * @returns A new logger instance with extended context
+	 *
+	 * @example
+	 * ```typescript
+	 * const parentLogger = new StructuredLogger({ context: 'App' });
+	 * const dbLogger = parentLogger.createChild('Database');
+	 * const queryLogger = dbLogger.createChild('Query');
+	 *
+	 * parentLogger.info('Starting up');
+	 * // Output: [timestamp] [INFO] [App] Starting up
+	 *
+	 * dbLogger.info('Connected');
+	 * // Output: [timestamp] [INFO] [App:Database] Connected
+	 *
+	 * queryLogger.info('Executed in 5ms');
+	 * // Output: [timestamp] [INFO] [App:Database:Query] Executed in 5ms
+	 * ```
+	 */ createChild(context) {
+        return new StructuredLogger({
+            level: this._level,
+            context: `${this._context}:${context}`,
+            pretty: this._pretty
+        });
+    }
+    /**
+	 * Sets the minimum log level.
+	 *
+	 * Only messages at or above this level will be output.
+	 *
+	 * @param level - The new minimum log level
+	 *
+	 * @example
+	 * ```typescript
+	 * logger.setLevel('debug');  // Enable all logging
+	 * logger.setLevel('error');  // Only show errors
+	 * ```
+	 */ setLevel(level) {
+        this._level = level;
+    }
+    /**
+	 * Gets the current minimum log level.
+	 *
+	 * @returns The current log level
+	 *
+	 * @example
+	 * ```typescript
+	 * const currentLevel = logger.getLevel();
+	 * console.log(`Current level: ${currentLevel}`);
+	 * ```
+	 */ getLevel() {
+        return this._level;
+    }
+}
+
+// EXTERNAL MODULE: ./src/errors.ts
+var errors = __webpack_require__(937);
+// EXTERNAL MODULE: ./src/schema.ts
+var schema = __webpack_require__(613);
+;// CONCATENATED MODULE: ./src/cli.ts
+//#!/usr/bin/env bun
+// CLI entry point for tracelattice MCP server.
+// This file handles CLI argument parsing, transport selection, and signal handlers.
+// For library usage, import from './lib.js' or './index.js' instead.
+
+
+
+
+
+
+
+
+
 
-`),t.end();return}this._clientSessionMap.set(t,i),this._updatePoolMetrics()}let n={timestamp:Date.now()};i&&(n.sessionId=i),this._sendSseEvent(t,"connected",n),this._clients.add(t),this._updateActiveConnectionsMetric(),e.on("close",()=>{this._clients.delete(t),this._clientSessionMap.delete(t),this._updateActiveConnectionsMetric()});let o=this._generateClientId(),r=this._messageQueue.get(o);if(r){for(let e of r)this._sendSseEvent(t,"message",e);this._messageQueue.delete(o)}}async _handleMessage(e,t,s){var i,n,a;let l="";for await(let t of e)l+=t.toString();try{let e=JSON.parse(l),s=(0,o.safeParse)(r.Uv,e);if(!s.success){null==(i=this._metrics)||i.counter("http_request_errors_total",1,{transport:"sse",error_type:"validation"},"Total HTTP request errors"),t.writeHead(200,{"Content-Type":"application/json"}),t.end(JSON.stringify({jsonrpc:"2.0",id:(null==e?void 0:e.id)??null,error:{code:-32600,message:"Invalid Request",data:s.issues}}));return}if(this._mcpServer){let s=await this._mcpServer.receive(e,{sessionInfo:{}});t.writeHead(200,{"Content-Type":"application/json"}),s?t.end(JSON.stringify(s)):t.end(JSON.stringify({jsonrpc:"2.0",id:(null==e?void 0:e.id)??null,result:null}))}else null==(n=this._metrics)||n.counter("http_request_errors_total",1,{transport:"sse",error_type:"server_not_ready"},"Total HTTP request errors"),t.writeHead(503,{"Content-Type":"application/json"}),t.end(JSON.stringify({error:"Server not ready"}))}catch{null==(a=this._metrics)||a.counter("http_request_errors_total",1,{transport:"sse",error_type:"parse_error"},"Total HTTP request errors"),t.writeHead(400,{"Content-Type":"application/json"}),t.end(JSON.stringify({error:"Invalid JSON"}))}}_sendSseEvent(e,t,s){try{e.write(`event: ${t}
-`),e.write(`data: ${JSON.stringify(s)}
+// Get version from package.json
+const cli_filename = (0,external_node_url_.fileURLToPath)(import.meta.url);
+const cli_dirname = (0,__rspack_external_node_path_c5b9b54f.dirname)(cli_filename);
+const package_json = JSON.parse((0,__rspack_external_node_fs_5ea92f0c.readFileSync)((0,__rspack_external_node_path_c5b9b54f.join)(cli_dirname, '../package.json'), 'utf-8'));
+const { name: cli_name, version } = package_json;
+// Handle CLI arguments
+const args = process.argv.slice(2);
+const shouldShowVersion = args.includes('--version') || args.includes('-v');
+if (shouldShowVersion) {
+    console.log(`${cli_name} v${version}`);
+    process.exit(0);
+}
+async function main() {
+    const adapter = new __rspack_external__tmcp_adapter_valibot_fbccc1df.ValibotJsonSchemaAdapter();
+    const server = new __rspack_external_tmcp.McpServer({
+        name: cli_name,
+        version,
+        description: 'Semantic Sequential Thinking MCP Server'
+    }, {
+        adapter,
+        capabilities: {
+            tools: {
+                listChanged: true
+            }
+        }
+    });
+    const thinkingServer = await (0,external_lib_js_.initializeServer)();
+    server.tool({
+        name: 'sequentialthinking_tools',
+        description: schema/* .SEQUENTIAL_THINKING_TOOL.description */.iV.description,
+        schema: schema/* .SequentialThinkingSchema */.ZK
+    }, async (input)=>{
+        return thinkingServer.processThought(input);
+    });
+    const transportType = process.env.TRANSPORT_TYPE || 'stdio';
+    if (transportType === 'sse') {
+        await startSseTransport(server, thinkingServer);
+    } else if (transportType === 'streamable-http') {
+        await startStreamableHttpTransport(server, thinkingServer);
+    } else {
+        await startStdioTransport(server, thinkingServer);
+    }
+}
+/**
+ * Start SSE transport for multi-user support
+ */ async function startSseTransport(server, thinkingServer) {
+    const { SseTransport } = await Promise.resolve(/* import() */).then(__webpack_require__.bind(__webpack_require__, 390));
+    const { createConnectionPool } = await Promise.resolve(/* import() */).then(__webpack_require__.bind(__webpack_require__, 789));
+    const port = parseInt(process.env.SSE_PORT || '3000', 10);
+    const host = process.env.SSE_HOST || 'localhost';
+    const transportMetrics = thinkingServer.getContainer().resolve('Metrics');
+    const enablePool = process.env.SSE_ENABLE_POOL !== 'false';
+    const maxSessions = parseInt(process.env.SSE_MAX_SESSIONS || '100', 10);
+    const sessionTimeout = parseInt(process.env.SSE_SESSION_TIMEOUT || '300000', 10);
+    const connectionPool = enablePool ? createConnectionPool({
+        maxSessions,
+        sessionTimeout,
+        logger: thinkingServer['_logger'],
+        serverFactory: async ()=>{
+            const { createServer: createThinkingServer } = await Promise.resolve(/* import() */).then(__webpack_require__.bind(__webpack_require__, 65));
+            const sessionServer = await createThinkingServer({
+                autoDiscover: true
+            });
+            return sessionServer;
+        }
+    }) : undefined;
+    const sseTransport = new SseTransport({
+        port,
+        host,
+        corsOrigin: process.env.CORS_ORIGIN || '*',
+        enableCors: process.env.ENABLE_CORS !== 'false',
+        allowedHosts: process.env.ALLOWED_HOSTS?.split(',').map((hostValue)=>hostValue.trim()),
+        metrics: transportMetrics,
+        connectionPool
+    });
+    // Connect the SSE transport
+    await sseTransport.connect(server);
+    const shutdown = async ()=>{
+        await sseTransport.stop();
+        await thinkingServer.stop();
+    };
+    registerShutdownHandlers(shutdown);
+    thinkingServer['_logger'].info(`Sequential Thinking MCP Server running on SSE transport at http://${host}:${port}`);
+}
+/**
+ * Start Streamable HTTP transport (MCP spec recommended)
+ */ async function startStreamableHttpTransport(server, thinkingServer) {
+    const { StreamableHttpTransport } = await Promise.resolve(/* import() */).then(__webpack_require__.bind(__webpack_require__, 34));
+    const port = parseInt(process.env.STREAMABLE_HTTP_PORT || process.env.SSE_PORT || '3000', 10);
+    const host = process.env.STREAMABLE_HTTP_HOST || process.env.SSE_HOST || 'localhost';
+    const transportMetrics = thinkingServer.getContainer().resolve('Metrics');
+    const stateful = process.env.STREAMABLE_HTTP_STATEFUL !== 'false';
+    const streamableTransport = new StreamableHttpTransport({
+        port,
+        host,
+        corsOrigin: process.env.CORS_ORIGIN || '*',
+        enableCors: process.env.ENABLE_CORS !== 'false',
+        allowedHosts: process.env.ALLOWED_HOSTS?.split(',').map((hostValue)=>hostValue.trim()),
+        metrics: transportMetrics,
+        stateful
+    });
+    // Connect the Streamable HTTP transport
+    await streamableTransport.connect(server);
+    const shutdown = async ()=>{
+        await streamableTransport.stop();
+        await thinkingServer.stop();
+    };
+    registerShutdownHandlers(shutdown);
+    thinkingServer['_logger'].info(`Sequential Thinking MCP Server running on Streamable HTTP transport at http://${host}:${port}`);
+}
+/**
+ * Start stdio transport (default, single-user)
+ */ async function startStdioTransport(server, thinkingServer) {
+    const transport = new __rspack_external__tmcp_transport_stdio_9731848f.StdioTransport(server);
+    transport.listen();
+    const shutdown = async ()=>{
+        const forceExit = setTimeout(()=>{
+            thinkingServer['_logger'].error('Graceful shutdown timed out after 30s - forcing exit');
+            process.exit(1);
+        }, 30000).unref(); // 30s timeout, don't keep process alive
+        try {
+            await thinkingServer.stop();
+            clearTimeout(forceExit);
+            process.exit(0);
+        } catch (error) {
+            thinkingServer['_logger'].error('Error during shutdown', {
+                error: (0,errors/* .getErrorMessage */.u1)(error)
+            });
+            process.exit(1);
+        }
+    };
+    // Register signal handlers ONCE (fixes double-registration bug)
+    process.once('SIGINT', ()=>void shutdown());
+    process.once('SIGTERM', ()=>void shutdown());
+    thinkingServer['_logger'].info('Sequential Thinking MCP Server running on stdio');
+}
+/**
+ * Register shutdown signal handlers for a common pattern
+ */ function registerShutdownHandlers(shutdown) {
+    process.once('SIGINT', ()=>{
+        shutdown().then(()=>process.exit(0)).catch(()=>process.exit(1));
+    });
+    process.once('SIGTERM', ()=>{
+        shutdown().then(()=>process.exit(0)).catch(()=>process.exit(1));
+    });
+}
+main().catch((error)=>{
+    const logger = new StructuredLogger({
+        level: 'error',
+        context: 'SequentialThinking',
+        pretty: true
+    });
+    logger.error('Fatal error running server', {
+        error: (0,errors/* .getErrorMessage */.u1)(error)
+    });
+    process.exit(1);
+});
 
-`)}catch{this._clients.delete(e),this._updateActiveConnectionsMetric()}}_updateActiveConnectionsMetric(){var e;null==(e=this._metrics)||e.gauge("sse_active_connections",this._clients.size,{},"Current active SSE connections")}_updatePoolMetrics(){if(!this._connectionPool||!this._metrics)return;let e=this._connectionPool.getStats();this._metrics.gauge("sse_pool_active_sessions",e.activeSessions,{},"Active sessions in connection pool"),this._metrics.gauge("sse_pool_total_sessions",e.totalSessions,{},"Total sessions in connection pool"),this._metrics.gauge("sse_pool_max_sessions",e.maxSessions,{},"Maximum sessions in connection pool")}broadcast(e,t){for(let s of this._clients)this._sendSseEvent(s,e,t)}_generateClientId(){return`client_${Date.now()}_${Math.random().toString(36).substring(2,11)}`}get clientCount(){return this._clients.size}get connectionPool(){return this._connectionPool}async stop(e){return this._isShuttingDown=!0,this._stopRateLimitCleanup(),this._connectionPool&&await this._connectionPool.terminate(),new Promise(e=>{for(let e of this._clients)try{e.end()}catch{}this._clients.clear(),this._clientSessionMap.clear(),this._updateActiveConnectionsMetric(),this._server.close(()=>{this.log("info","SSE transport stopped"),e()})})}}},756(e,t,s){s.d(t,{StreamableHttpTransport:()=>h});var i=s(561),n=s(316),o=s(821),r=s(787),a=s(555),l=s(681);async function c(e,t){let s="",i=0;for await(let n of e){let e="string"==typeof n?n:n.toString();if(i+=e.length,t>0&&i>t)return null;s+=e}return s}class h extends l.j{_server=null;_mcpServer=null;_path;_stateful;_sessionIdGenerator;_sessions=new Map;_requestCount=0;_activeRequests=0;_bodySizeLimitEnabled;_maxBodySize;_requestTimeout;_metrics;_metricsProvider;constructor(e={}){super(e),this._path=e.path??"/mcp",this._stateful=e.stateful??!0,this._sessionIdGenerator=e.sessionIdGenerator??(()=>(0,i.randomUUID)()),this._bodySizeLimitEnabled=e.enableBodySizeLimit??!0,this._maxBodySize=e.maxBodySize??0xa00000,this._requestTimeout=e.requestTimeout??3e4,this._metrics=e.metrics,this._metricsProvider=e.metricsProvider??null}get clientCount(){return this._stateful?this._sessions.size:this._activeRequests}get requestCount(){return this._requestCount}async connect(e){return this._mcpServer=e,this._server=(0,n.createServer)((e,t)=>this._handleRequest(e,t)),new Promise(e=>{this._server.listen(this._port,this._host,()=>{this.log("info",`Streamable HTTP transport listening on http://${this._host}:${this._port}`),e()})})}async _handleRequest(e,t){var s,i;let n=Date.now();if(null==(s=this._metrics)||s.counter("streamable_http_requests_total",1,{},"Total Streamable HTTP transport requests"),t.once("finish",()=>{var e;let t=(Date.now()-n)/1e3;null==(e=this._metrics)||e.histogram("streamable_http_request_duration_seconds",t,{})}),!this.validateHostHeader(e))return void this._sendJsonRpcError(t,403,-32e3,"Forbidden - invalid host header");if(this.isShuttingDown())return void this._sendJsonRpcError(t,503,-32603,"Server is shutting down");let o=this.getClientIp(e);if(this.checkRateLimit(o)){t.setHeader("Retry-After","60"),this._sendJsonRpcError(t,429,-32e3,"Too many requests");return}if(!this.validateCorsOrigin(e))return void this._sendJsonRpcError(t,403,-32e3,"Forbidden - invalid origin");if(this.setCorsHeaders(t),"OPTIONS"===e.method){t.setHeader("Access-Control-Allow-Headers","Content-Type, Mcp-Session-Id"),t.writeHead(204),t.end();return}let r=(null==(i=e.url)?void 0:i.split("?")[0])??"/";"GET"===e.method&&"/metrics"===r?this._handleMetrics(t):"GET"===e.method&&"/health"===r?this._handleHealthCheck(t):"GET"===e.method&&"/ready"===r?await this._handleReadinessCheck(t):r===this._path?"POST"===e.method?await this._handleMcpPost(e,t):"GET"===e.method?this._handleMcpGet(e,t):(t.writeHead(405,{"Content-Type":"application/json",Allow:"GET, POST"}),t.end(JSON.stringify({jsonrpc:"2.0",id:null,error:{code:-32601,message:"Method not allowed"}}))):this._sendJsonRpcError(t,404,-32601,"Not Found")}_sendJsonRpcError(e,t,s,i,n=null,o){let r={code:s,message:i};o&&Object.assign(r,o),e.writeHead(t,{"Content-Type":"application/json"}),e.end(JSON.stringify({jsonrpc:"2.0",id:n,error:r}))}async _handleMcpPost(e,t){this._requestCount++,this._activeRequests++;let s=setTimeout(()=>{this._activeRequests--,this._sendJsonRpcError(t,500,-32603,"Request timeout")},this._requestTimeout);try{let i,n,r=await c(e,this._bodySizeLimitEnabled?this._maxBodySize:0);if(null===r){clearTimeout(s),this._activeRequests--,this._sendJsonRpcError(t,413,-32e3,"Request body too large");return}try{i=JSON.parse(r)}catch{clearTimeout(s),this._activeRequests--,this._sendJsonRpcError(t,200,-32700,"Parse error");return}let l=(0,o.safeParse)(a.Uv,i);if(!l.success){clearTimeout(s),this._activeRequests--,this._sendJsonRpcError(t,200,-32600,"Invalid Request",(null==i?void 0:i.id)??null,{data:l.issues});return}if(this._stateful){let i=this._resolveSession(e,t);if(!1===i){clearTimeout(s),this._activeRequests--;return}n=i}if(!this._mcpServer){clearTimeout(s),this._activeRequests--,this._sendJsonRpcError(t,503,-32603,"Server not ready",(null==i?void 0:i.id)??null);return}let h=await this._mcpServer.receive(i,{sessionInfo:{}});clearTimeout(s),this._activeRequests--;let p={"Content-Type":"application/json"};n&&(p["Mcp-Session-Id"]=n),h?(t.writeHead(200,p),t.end(JSON.stringify(h))):(n&&t.setHeader("Mcp-Session-Id",n),t.writeHead(202),t.end())}catch(e){clearTimeout(s),this._activeRequests--,this._sendJsonRpcError(t,200,-32603,"Internal error",null,{data:(0,r.u1)(e)})}}_handleMcpGet(e,t){if(!this._stateful){t.writeHead(405,{"Content-Type":"application/json",Allow:"POST"}),t.end(JSON.stringify({jsonrpc:"2.0",id:null,error:{code:-32601,message:"GET not supported in stateless mode"}}));return}let s=this._getSessionIdFromHeader(e);if(!s){t.writeHead(400,{"Content-Type":"application/json"}),t.end(JSON.stringify({jsonrpc:"2.0",id:null,error:{code:-32600,message:"Missing Mcp-Session-Id header"}}));return}let i=this._sessions.get(s);if(!i){t.writeHead(404,{"Content-Type":"application/json"}),t.end(JSON.stringify({jsonrpc:"2.0",id:null,error:{code:-32001,message:"Session not found"}}));return}t.writeHead(200,{"Content-Type":"text/event-stream","Cache-Control":"no-cache",Connection:"keep-alive","Mcp-Session-Id":s}),this._sendSseEvent(t,"connected",{sessionId:s,timestamp:Date.now()}),i.notificationStreams.add(t),i.lastActivityAt=Date.now(),this._updateSessionMetrics(),e.on("close",()=>{i.notificationStreams.delete(t),this._updateSessionMetrics()})}_resolveSession(e,t){let s=this._getSessionIdFromHeader(e);if(s){if(!this.validateSessionId(s))return t.writeHead(400,{"Content-Type":"application/json"}),t.end(JSON.stringify({jsonrpc:"2.0",id:null,error:{code:-32600,message:"Invalid Mcp-Session-Id format"}})),!1;let e=this._sessions.get(s);return e?(e.lastActivityAt=Date.now(),s):(t.writeHead(404,{"Content-Type":"application/json"}),t.end(JSON.stringify({jsonrpc:"2.0",id:null,error:{code:-32001,message:"Session not found"}})),!1)}let i=this._sessionIdGenerator(),n={id:i,createdAt:Date.now(),lastActivityAt:Date.now(),notificationStreams:new Set};return this._sessions.set(i,n),this.log("info",`New session created: ${i}`),this._updateSessionMetrics(),i}_getSessionIdFromHeader(e){let t=e.headers["mcp-session-id"];if("string"==typeof t&&t.length>0)return t}_sendSseEvent(e,t,s){try{e.write(`event: ${t}
-`),e.write(`data: ${JSON.stringify(s)}
+})();
 
-`)}catch{}}broadcastToSession(e,t,s){let i=this._sessions.get(e);if(i)for(let e of i.notificationStreams)this._sendSseEvent(e,t,s)}_handleMetrics(e){if(!this._metricsProvider){e.writeHead(404,{"Content-Type":"text/plain"}),e.end("Not Found");return}e.writeHead(200,{"Content-Type":"text/plain; version=0.0.4; charset=utf-8"}),e.end(this._metricsProvider())}_handleHealthCheck(e){let t={status:"healthy",requests:this._requestCount,sessions:this._sessions.size,transport:"streamable-http"};this._healthChecker&&(t.liveness=this._healthChecker.checkLiveness()),e.writeHead(200,{"Content-Type":"application/json"}),e.end(JSON.stringify(t))}async _handleReadinessCheck(e){if(this._healthChecker){let t=await this._healthChecker.checkReadiness(),s="ok"===t.status?200:503;e.writeHead(s,{"Content-Type":"application/json"}),e.end(JSON.stringify(t))}else e.writeHead(200,{"Content-Type":"application/json"}),e.end(JSON.stringify({status:"ok",timestamp:new Date().toISOString(),components:{}}))}_updateSessionMetrics(){var e,t;null==(e=this._metrics)||e.gauge("streamable_http_active_sessions",this._sessions.size,{},"Active Streamable HTTP sessions");let s=0;for(let e of this._sessions.values())s+=e.notificationStreams.size;null==(t=this._metrics)||t.gauge("streamable_http_notification_streams",s,{},"Active SSE notification streams")}async stop(e){this._isShuttingDown=!0,this._stopRateLimitCleanup();let t=e??3e4;for(let e of this._sessions.values()){for(let t of e.notificationStreams)try{t.end()}catch{}e.notificationStreams.clear()}return this._sessions.clear(),new Promise(e=>{if(!this._server){this.log("info","Streamable HTTP transport stopped (no server)"),e();return}let s=setTimeout(()=>{this.log("warn","Streamable HTTP transport force-closing after timeout"),e()},t);this._server.close(()=>{clearTimeout(s),this.log("info","Streamable HTTP transport stopped"),e()})})}}},65(t){t.exports=e},561(e){e.exports=t},316(e){e.exports=s},61(e){e.exports=i},821(e){e.exports=n}},u={};function _(e){var t=u[e];if(void 0!==t)return t.exports;var s=u[e]={exports:{}};return d[e](s,s.exports,_),s.exports}_.d=(e,t)=>{for(var s in t)_.o(t,s)&&!_.o(e,s)&&Object.defineProperty(e,s,{enumerable:!0,get:t[s]})},_.o=(e,t)=>Object.prototype.hasOwnProperty.call(e,t),(()=>{var e=_(61),t=_(65);let s=new p;class i{_level;_context;_pretty;static LEVEL_PRIORITY={debug:0,info:1,warn:2,error:3};constructor(e={}){this._level=e.level??"info",this._context=e.context??"SequentialThinking",this._pretty=e.pretty??!0}shouldLog(e){return i.LEVEL_PRIORITY[e]>=i.LEVEL_PRIORITY[this._level]}format(e){if(this._pretty){let t=e.meta?` ${JSON.stringify(e.meta)}`:"",s=e.requestId?` [${e.requestId}]`:"";return`[${e.timestamp}] [${e.level.toUpperCase()}]${e.context?` [${e.context}]`:""}${s} ${e.message}${t}`}return JSON.stringify(e)}log(e,t,i){var n;if(!this.shouldLog(e))return;let o=null==(n=s.getStore())?void 0:n.requestId,r={level:e,message:t,timestamp:new Date().toISOString(),context:this._context,meta:i,...o?{requestId:o}:{}};console.error(this.format(r))}debug(e,t){this.log("debug",e,t)}info(e,t){this.log("info",e,t)}warn(e,t){this.log("warn",e,t)}error(e,t){this.log("error",e,t)}createChild(e){return new i({level:this._level,context:`${this._context}:${e}`,pretty:this._pretty})}setLevel(e){this._level=e}getLevel(){return this._level}}var n=_(787),d=_(555);let{name:u,version:m}=JSON.parse(a(c(l((0,e.fileURLToPath)(import.meta.url)),"../package.json"),"utf-8")),g=process.argv.slice(2);async function f(e,t){var s;let{SseTransport:i}=await Promise.resolve().then(_.bind(_,504)),{createConnectionPool:n}=await Promise.resolve().then(_.bind(_,527)),o=parseInt(process.env.SSE_PORT||"3000",10),r=process.env.SSE_HOST||"localhost",a=t.getContainer().resolve("Metrics"),l="false"!==process.env.SSE_ENABLE_POOL,c=parseInt(process.env.SSE_MAX_SESSIONS||"100",10),h=parseInt(process.env.SSE_SESSION_TIMEOUT||"300000",10),p=l?n({maxSessions:c,sessionTimeout:h,logger:t._logger,serverFactory:async()=>{let{createServer:e}=await Promise.resolve().then(_.bind(_,65));return await e({autoDiscover:!0})}}):void 0,d=new i({port:o,host:r,corsOrigin:process.env.CORS_ORIGIN||"*",enableCors:"false"!==process.env.ENABLE_CORS,allowedHosts:null==(s=process.env.ALLOWED_HOSTS)?void 0:s.split(",").map(e=>e.trim()),metrics:a,connectionPool:p});await d.connect(e),S(async()=>{await d.stop(),await t.stop()}),t._logger.info(`Sequential Thinking MCP Server running on SSE transport at http://${r}:${o}`)}async function v(e,t){var s;let{StreamableHttpTransport:i}=await Promise.resolve().then(_.bind(_,756)),n=parseInt(process.env.STREAMABLE_HTTP_PORT||process.env.SSE_PORT||"3000",10),o=process.env.STREAMABLE_HTTP_HOST||process.env.SSE_HOST||"localhost",r=t.getContainer().resolve("Metrics"),a="false"!==process.env.STREAMABLE_HTTP_STATEFUL,l=new i({port:n,host:o,corsOrigin:process.env.CORS_ORIGIN||"*",enableCors:"false"!==process.env.ENABLE_CORS,allowedHosts:null==(s=process.env.ALLOWED_HOSTS)?void 0:s.split(",").map(e=>e.trim()),metrics:r,stateful:a});await l.connect(e),S(async()=>{await l.stop(),await t.stop()}),t._logger.info(`Sequential Thinking MCP Server running on Streamable HTTP transport at http://${o}:${n}`)}async function y(e,t){new r(e).listen();let s=async()=>{let e=setTimeout(()=>{t._logger.error("Graceful shutdown timed out after 30s - forcing exit"),process.exit(1)},3e4).unref();try{await t.stop(),clearTimeout(e),process.exit(0)}catch(e){t._logger.error("Error during shutdown",{error:(0,n.u1)(e)}),process.exit(1)}};process.once("SIGINT",()=>void s()),process.once("SIGTERM",()=>void s()),t._logger.info("Sequential Thinking MCP Server running on stdio")}function S(e){process.once("SIGINT",()=>{e().then(()=>process.exit(0)).catch(()=>process.exit(1))}),process.once("SIGTERM",()=>{e().then(()=>process.exit(0)).catch(()=>process.exit(1))})}(g.includes("--version")||g.includes("-v"))&&(console.log(`${u} v${m}`),process.exit(0)),(async function(){let e=new h({name:u,version:m,description:"Semantic Sequential Thinking MCP Server"},{adapter:new o,capabilities:{tools:{listChanged:!0}}}),s=await (0,t.initializeServer)();e.tool({name:"sequentialthinking_tools",description:d.iV.description,schema:d.ZK},async e=>s.processThought(e));let i=process.env.TRANSPORT_TYPE||"stdio";"sse"===i?await f(e,s):"streamable-http"===i?await v(e,s):await y(e,s)})().catch(e=>{new i({level:"error",context:"SequentialThinking",pretty:!0}).error("Fatal error running server",{error:(0,n.u1)(e)}),process.exit(1)})})();