zidane 4.0.2 → 4.1.4

package/dist/mcp-8wClKY-3.js

@@ -0,0 +1,771 @@
+import { t as toolOutputByteLength } from "./types-Bx_F8jet.js";
+import { Buffer } from "node:buffer";
+import { SSEClientTransport } from "@modelcontextprotocol/sdk/client/sse.js";
+import { StdioClientTransport, getDefaultEnvironment } from "@modelcontextprotocol/sdk/client/stdio.js";
+import { StreamableHTTPClientTransport } from "@modelcontextprotocol/sdk/client/streamableHttp.js";
+import { Client } from "@modelcontextprotocol/sdk/client/index.js";
+import { Protocol } from "@modelcontextprotocol/sdk/shared/protocol.js";
+import { InitializeResultSchema, LATEST_PROTOCOL_VERSION, SUPPORTED_PROTOCOL_VERSIONS } from "@modelcontextprotocol/sdk/types.js";
+//#region src/mcp/sse-to-json-fetch.ts
+/**
+* `fetch` shim that converts streamable-http POST responses with
+* `Content-Type: text/event-stream` into synthetic `application/json`
+* responses, preserving every original header (notably `mcp-session-id`).
+*
+* Why this exists
+* ----------------
+* The MCP SDK's streamable-http transport handles POST responses two ways
+* depending on `content-type`:
+*
+*   - `application/json` → `await response.json()` (works on every runtime).
+*   - `text/event-stream` → `body.pipeThrough(TextDecoderStream)
+*                              .pipeThrough(EventSourceParserStream)`
+*                          and forward each parsed event to `onmessage`.
+*
+* On Bun + MCP SDK 1.29.x the second pipeline silently drops the parsed
+* event: the full `event: message\ndata: {...}\n\n` arrives intact, the
+* stream closes, but `onmessage` is never called. Bootstrap then waits the
+* full `bootstrapTimeout` (10s default) and the agent loses every tool the
+* server would have exposed.
+*
+* The MCP spec lets clients accept either content type
+* (`Accept: application/json, text/event-stream`), so flipping the stream
+* to JSON at the boundary is a transparent, server-agnostic workaround.
+*
+* Scope of the shim
+* -----------------
+*   - POST + `text/event-stream` → drain, parse SSE message events, return
+*     a synthetic `application/json` response. Single event becomes a JSON
+*     object (matching the shape the SDK expects from non-streaming
+*     servers); multiple events become a JSON array (the SDK already
+*     iterates `Array.isArray(data)` from a JSON response).
+*   - GET (long-lived `_startOrAuthSse` listener) → untouched. Per-event
+*     latency matters there and the SSE pipeline isn't always broken on
+*     GET in the same way (different code path inside Bun's stream impl).
+*   - 202 / non-SSE / malformed SSE / no body → passthrough.
+*
+* Runtime gating
+* --------------
+* `sseToJsonFetchIfNeeded()` only returns a wrapper on Bun. Node + browser
+* runtimes get `undefined` and the SDK uses global `fetch` directly — no
+* extra buffer-and-redrain on the happy path, and no risk of collapsing a
+* future progress-streaming response into a single batched array. If you
+* need to apply the shim unconditionally (testing, custom hosts), call
+* `sseToJsonFetch()` directly.
+*
+* Cleanup
+* -------
+* Remove this file and its `fetch:` injection in `createTransport` once
+* either Bun fixes the `pipeThrough` chain or the SDK switches off the
+* streaming pipeline by default.
+*/
+/**
+* Detect whether we're running on Bun. The `Bun` global is set by the
+* runtime itself and isn't faked by Bun's Node-compat layer.
+*/
+function isBunRuntime() {
+	return typeof globalThis.Bun !== "undefined";
+}
+/**
+* Returns the `sseToJsonFetch` wrapper only on runtimes that need it
+* (currently Bun). Returns `undefined` everywhere else, which makes the
+* SDK fall back to the global `fetch` and keeps the streaming pipeline
+* intact on Node where it works correctly.
+*
+* Designed as the value to pass directly to `StreamableHTTPClientTransport`'s
+* `fetch` option:
+*
+*     new StreamableHTTPClientTransport(url, {
+*       fetch: sseToJsonFetchIfNeeded(),
+*     })
+*/
+function sseToJsonFetchIfNeeded() {
+	return isBunRuntime() ? sseToJsonFetch() : void 0;
+}
+/**
+* Wrap a `fetch` implementation so streamable-http POST responses that come
+* back as `text/event-stream` are converted to JSON. Pass the result as
+* `opts.fetch` to `StreamableHTTPClientTransport`.
+*
+* Always-on (i.e. unconditional) — for the runtime-gated entry point,
+* use {@link sseToJsonFetchIfNeeded} instead.
+*/
+function sseToJsonFetch(baseFetch = fetch) {
+	return async function sseToJsonWrappedFetch(input, init) {
+		const response = await baseFetch(input, init);
+		if ((init?.method ?? "GET").toString().toUpperCase() !== "POST") return response;
+		const contentType = response.headers.get("content-type");
+		if (!contentType || !contentType.includes("text/event-stream")) return response;
+		if (!response.body) return response;
+		let raw;
+		try {
+			raw = await response.text();
+		} catch {
+			return response;
+		}
+		const events = parseSseDataEvents(raw);
+		return synthesizeJsonResponse(response, events.length === 1 ? events[0] : events);
+	};
+}
+/**
+* Parse a buffered SSE body into the JSON payloads of its `message` events.
+*
+* Skips:
+* - SSE comments (lines starting with `:`).
+* - Non-default event types (`event: foo` ≠ `message`). The MCP server
+*   only ever emits `message` events for JSON-RPC; anything else is out of
+*   band and the SDK wouldn't have surfaced it to `onmessage` either.
+* - Malformed `data:` payloads (anything that fails `JSON.parse`).
+*/
+function parseSseDataEvents(raw) {
+	const events = [];
+	for (const block of raw.split(/\r?\n\r?\n/)) {
+		if (!block.trim()) continue;
+		const dataLines = [];
+		let isMessageEvent = true;
+		for (const line of block.split(/\r?\n/)) {
+			if (line.startsWith(":")) continue;
+			if (line.startsWith("event:")) {
+				const eventType = line.slice(6).trim();
+				if (eventType && eventType !== "message") isMessageEvent = false;
+			} else if (line.startsWith("data:")) {
+				const value = line.slice(5);
+				dataLines.push(value.startsWith(" ") ? value.slice(1) : value);
+			}
+		}
+		if (!isMessageEvent || dataLines.length === 0) continue;
+		try {
+			events.push(JSON.parse(dataLines.join("\n")));
+		} catch {}
+	}
+	return events;
+}
+/**
+* Build a `Response` mirroring the original's status / statusText / headers
+* but with a JSON body and `content-type: application/json`. Header
+* preservation is the whole point — `mcp-session-id` is set by the server
+* on the initialize POST and must round-trip into the SDK's
+* `_sessionId` capture (`response.headers.get('mcp-session-id')`).
+*/
+function synthesizeJsonResponse(original, payload) {
+	const headers = new Headers(original.headers);
+	headers.set("content-type", "application/json");
+	return new Response(JSON.stringify(payload), {
+		status: original.status,
+		statusText: original.statusText,
+		headers
+	});
+}
+//#endregion
+//#region src/mcp/tolerant-client.ts
+/**
+* Drop-in `Client` subclass whose `connect()` mirrors the upstream MCP SDK
+* sequence but treats `notifications/initialized` as best-effort.
+*
+* The MCP spec marks that notification fire-and-forget, but the SDK awaits
+* the underlying transport `send()` and rethrows on any HTTP 4xx. Several
+* real-world streamable-http servers (e.g. browser-codemode, custom MCPs
+* that gate non-initialize routes on a session id that didn't yet exist when
+* the notification posted) reject the notification with a 4xx and still
+* accept every subsequent request. The base `Client.connect()` then closes
+* the transport, the bootstrap fails, and the agent silently loses every
+* tool the server would have exposed.
+*
+* This subclass changes only that single step — log + continue if the
+* notification throws. Initialize, capability/version capture,
+* `setProtocolVersion`, listChanged handler wiring, and the close-on-failure
+* path for everything else are preserved verbatim from the SDK.
+*
+* Should be removed when the SDK lands an opt-in tolerance flag upstream.
+*/
+var TolerantMcpClient = class extends Client {
+	async connect(transport, options) {
+		await Protocol.prototype.connect.call(this, transport);
+		if (transport.sessionId !== void 0) return;
+		const self = this;
+		try {
+			const result = await this.request({
+				method: "initialize",
+				params: {
+					protocolVersion: LATEST_PROTOCOL_VERSION,
+					capabilities: self._capabilities,
+					clientInfo: self._clientInfo
+				}
+			}, InitializeResultSchema, options);
+			if (result === void 0) throw new Error(`Server sent invalid initialize result: ${result}`);
+			if (!SUPPORTED_PROTOCOL_VERSIONS.includes(result.protocolVersion)) throw new Error(`Server's protocol version is not supported: ${result.protocolVersion}`);
+			self._serverCapabilities = result.capabilities;
+			self._serverVersion = result.serverInfo;
+			const setProtocolVersion = transport.setProtocolVersion;
+			if (setProtocolVersion) setProtocolVersion.call(transport, result.protocolVersion);
+			self._instructions = result.instructions;
+			try {
+				await this.notification({ method: "notifications/initialized" });
+			} catch (notifyError) {
+				const msg = notifyError instanceof Error ? notifyError.message : String(notifyError);
+				console.warn(`[zidane:mcp] server rejected notifications/initialized (continuing): ${msg}`);
+			}
+			if (self._pendingListChangedConfig) {
+				self._setupListChangedHandlers(self._pendingListChangedConfig);
+				self._pendingListChangedConfig = void 0;
+			}
+		} catch (error) {
+			this.close();
+			throw error;
+		}
+	}
+};
+//#endregion
+//#region src/mcp/index.ts
+const DEFAULT_MCP_BOOTSTRAP_TIMEOUT_MS = 1e4;
+function inferTransport(raw) {
+	if (raw.transport === "stdio" || raw.transport === "sse" || raw.transport === "streamable-http") return raw.transport;
+	if (raw.type === "stdio" || raw.type === "sse" || raw.type === "streamable-http" || raw.type === "http") return raw.type === "http" ? "streamable-http" : raw.type;
+	if (raw.command) return "stdio";
+	if (raw.httpUrl) return "streamable-http";
+	if (raw.sseUrl) return "sse";
+	if (raw.url) return "streamable-http";
+	throw new Error(`Cannot infer MCP transport from config: ${JSON.stringify(raw)}`);
+}
+function normalizeOne(name, raw) {
+	const transport = inferTransport(raw);
+	const url = raw.url ?? raw.httpUrl ?? raw.sseUrl;
+	const config = {
+		name,
+		transport
+	};
+	if (raw.command) config.command = raw.command;
+	if (raw.args) config.args = raw.args;
+	if (raw.env) config.env = raw.env;
+	if (raw.strictEnv === true) config.strictEnv = true;
+	if (url) config.url = url;
+	if (raw.headers) config.headers = raw.headers;
+	if (typeof raw.bootstrapTimeout === "number") config.bootstrapTimeout = raw.bootstrapTimeout;
+	if (typeof raw.toolTimeout === "number") config.toolTimeout = raw.toolTimeout;
+	if (Array.isArray(raw.enabledTools)) config.enabledTools = raw.enabledTools;
+	if (Array.isArray(raw.disabledTools)) config.disabledTools = raw.disabledTools;
+	if (typeof raw.toolFilter === "function") config.toolFilter = raw.toolFilter;
+	return config;
+}
+/**
+* True when the input looks like a single config object (flat fields like `command`,
+* `transport`, `url`) rather than a record whose values are configs.
+*/
+function looksLikeSingleConfig(obj) {
+	return [
+		"transport",
+		"type",
+		"command",
+		"url",
+		"httpUrl",
+		"sseUrl"
+	].some((key) => typeof obj[key] === "string");
+}
+/**
+* Normalize MCP server configs from any common shape to `McpServerConfig[]`.
+*
+* Accepts:
+* - `McpServerConfig[]` — zidane native (pass-through).
+* - `McpServerConfig` — a single config object (wrapped to a 1-element array).
+* - `Record<string, RawShape>` — name-keyed map (common in host-SDK configs), where the key is the server name.
+* - Mixed shapes with `type` vs `transport`, `httpUrl`/`sseUrl` vs `url`.
+*
+* Returns `[]` when `input` is nullish. Throws a descriptive error when the transport
+* cannot be inferred from a given entry, or when the input shape is unsupported.
+*/
+function normalizeMcpServers(input) {
+	if (input == null) return [];
+	if (Array.isArray(input)) return input.map((raw, idx) => {
+		const obj = raw;
+		return normalizeOne(obj.name ?? `mcp_${idx}`, obj);
+	});
+	if (typeof input === "object") {
+		const obj = input;
+		if (looksLikeSingleConfig(obj)) {
+			const raw = obj;
+			return [normalizeOne(raw.name ?? "mcp_0", raw)];
+		}
+		return Object.entries(obj).map(([name, raw]) => normalizeOne(name, raw ?? {}));
+	}
+	throw new Error(`Unsupported MCP server config shape: ${typeof input}`);
+}
+/**
+* Lossy flattener — converts MCP `CallToolResult.content` blocks to a single
+* string. Text blocks are extracted; non-text blocks are JSON-stringified.
+*
+* Use this only at UI / log boundaries that require a string. The agent
+* loop itself routes through {@link normalizeMcpBlocks} so image blocks
+* survive into provider-native tool_result content (Anthropic blocks,
+* OpenAI companion-user-message).
+*/
+function resultToString(content) {
+	if (!content || !Array.isArray(content)) return "";
+	return content.map((block) => {
+		if (block && typeof block === "object" && block.type === "text") {
+			const text = block.text;
+			if (typeof text === "string") return text;
+		}
+		return JSON.stringify(block);
+	}).join("\n");
+}
+/**
+* Normalize MCP `CallToolResult.content` to zidane's {@link ToolResultContent[]} shape.
+*
+* Handles the four MCP content block types:
+* - `text` → preserved as `{type:'text', text}`
+* - `image` → preserved as `{type:'image', mediaType, data}` (MCP uses `mimeType`)
+* - `resource` with embedded text → flattened to a text block
+* - `resource` with embedded blob whose `mimeType` is `image/*` → flattened to an image block
+* - Any unrecognized block → JSON-stringified fallback text block (lossy but safe)
+*
+* Returns `null` when the input is not an array — callers should fall back to an empty
+* result in that case.
+*/
+function normalizeMcpBlocks(content) {
+	if (!Array.isArray(content)) return null;
+	const out = [];
+	for (const raw of content) {
+		if (!raw || typeof raw !== "object") continue;
+		const block = raw;
+		if (block.type === "text" && typeof block.text === "string") {
+			out.push({
+				type: "text",
+				text: block.text
+			});
+			continue;
+		}
+		if (block.type === "image" && typeof block.data === "string") {
+			const mediaType = typeof block.mimeType === "string" ? block.mimeType : typeof block.mediaType === "string" ? block.mediaType : "image/png";
+			out.push({
+				type: "image",
+				mediaType,
+				data: block.data
+			});
+			continue;
+		}
+		if (block.type === "resource" && block.resource && typeof block.resource === "object") {
+			const res = block.resource;
+			if (typeof res.text === "string") {
+				out.push({
+					type: "text",
+					text: res.text
+				});
+				continue;
+			}
+			if (typeof res.blob === "string" && typeof res.mimeType === "string" && res.mimeType.startsWith("image/")) {
+				out.push({
+					type: "image",
+					mediaType: res.mimeType,
+					data: res.blob
+				});
+				continue;
+			}
+		}
+		out.push({
+			type: "text",
+			text: JSON.stringify(block)
+		});
+	}
+	return out;
+}
+/**
+* Route the MCP result content through the narrowest appropriate zidane shape:
+*
+* - All blocks are `text` → return a joined string (smaller wire payload,
+*   string-friendly for hook consumers that don't need structured access).
+* - Any block is non-text → return a structured `ToolResultContent[]`.
+* - Empty / non-array input → return `''`.
+*/
+function packMcpResult(content) {
+	const normalized = normalizeMcpBlocks(content);
+	if (!normalized || normalized.length === 0) return "";
+	const parts = [];
+	for (const block of normalized) {
+		if (block.type !== "text") return normalized;
+		parts.push(block.text);
+	}
+	return parts.join("\n");
+}
+/**
+* Create the appropriate MCP transport for a server config.
+*
+* For stdio: when `config.env` is provided, it is merged on top of the MCP SDK's
+* `getDefaultEnvironment()` whitelist (`PATH`, `HOME`, `LANG`, `SHELL`, `USER` on
+* POSIX; `APPDATA`, `PATH`, ... on Win32). Without this defensive merge, older
+* MCP SDK versions strip `PATH` the moment a consumer sets any env, breaking
+* `spawn('node', ...)` with ENOENT. Pass `strictEnv: true` to opt out and send
+* `env` verbatim.
+*/
+function createTransport(config) {
+	switch (config.transport) {
+		case "stdio": {
+			const mergedEnv = config.env && !config.strictEnv ? {
+				...getDefaultEnvironment(),
+				...config.env
+			} : config.env;
+			return new StdioClientTransport({
+				command: config.command,
+				args: config.args,
+				env: mergedEnv
+			});
+		}
+		case "sse": return new SSEClientTransport(new URL(config.url), { requestInit: config.headers ? { headers: config.headers } : void 0 });
+		case "streamable-http": return new StreamableHTTPClientTransport(new URL(config.url), {
+			requestInit: config.headers ? { headers: config.headers } : void 0,
+			fetch: sseToJsonFetchIfNeeded()
+		});
+		default: throw new Error(`Unknown MCP transport: ${config.transport}`);
+	}
+}
+/**
+* Connect to MCP servers and discover their tools.
+*
+* Each tool is namespaced as `mcp_{serverName}_{toolName}` to avoid
+* collisions with agent tools or tools from other servers.
+*
+* @param configs - Array of MCP server configurations
+* @param _clientFactory - Internal: override client construction for testing
+* @param hooks - Optional agent hooks for firing mcp:connect, mcp:error, mcp:close events
+*/
+async function connectMcpServers(configs, _clientFactory, hooks) {
+	const connections = [];
+	const tools = {};
+	const errors = [];
+	let closed = false;
+	const bootstrapResults = await Promise.all(configs.map((config) => bootstrapServer(config, _clientFactory, hooks)));
+	for (const result of bootstrapResults) {
+		if (!result.ok) {
+			errors.push({
+				name: result.name,
+				error: result.error
+			});
+			await hooks?.callHook("mcp:error", {
+				name: result.name,
+				error: result.error
+			});
+			continue;
+		}
+		connections.push({
+			name: result.name,
+			client: result.client
+		});
+		const toolNames = [];
+		for (const tool of result.tools) {
+			const namespacedName = `mcp_${result.config.name}_${tool.name}`;
+			toolNames.push(namespacedName);
+			tools[namespacedName] = buildMcpToolDef(result.config, result.client, tool, namespacedName, hooks);
+		}
+		await hooks?.callHook("mcp:connect", {
+			name: result.name,
+			transport: result.config.transport,
+			tools: toolNames
+		});
+	}
+	if (errors.length > 0 && connections.length === 0) {
+		const messages = errors.map((e) => `${e.name}: ${e.error.message}`).join(", ");
+		throw new Error(`All MCP servers failed to connect: ${messages}`);
+	}
+	return {
+		tools,
+		close: async () => {
+			if (closed) return;
+			closed = true;
+			await Promise.allSettled(connections.map(async ({ name, client }) => {
+				await hooks?.callHook("mcp:close", { name });
+				await client.close();
+			}));
+		}
+	};
+}
+/**
+* Connect one MCP server and list its tools, wrapped in a single race against
+* `config.bootstrapTimeout` (default 10s). Always emits `mcp:bootstrap:start`
+* before network I/O and `mcp:bootstrap:end` with `durationMs` + outcome, so a
+* host can build a timing view even when every server succeeds.
+*
+* Errors are captured into the `{ ok: false }` result rather than thrown — the
+* parent uses `Promise.all` across every server and we can't let one rejection
+* short-circuit the batch.
+*/
+async function bootstrapServer(config, _clientFactory, hooks) {
+	const start = Date.now();
+	if (config.enabledTools && config.disabledTools) {
+		const error = /* @__PURE__ */ new Error(`MCP server "${config.name}": enabledTools and disabledTools are mutually exclusive — set one or the other, not both.`);
+		await hooks?.callHook("mcp:bootstrap:start", {
+			name: config.name,
+			transport: config.transport
+		});
+		await hooks?.callHook("mcp:bootstrap:end", {
+			name: config.name,
+			transport: config.transport,
+			durationMs: 0,
+			ok: false,
+			error
+		});
+		return {
+			ok: false,
+			name: config.name,
+			error
+		};
+	}
+	await hooks?.callHook("mcp:bootstrap:start", {
+		name: config.name,
+		transport: config.transport
+	});
+	let client = null;
+	try {
+		client = _clientFactory ? _clientFactory() : new TolerantMcpClient({
+			name: "zidane",
+			version: "1.0.0"
+		});
+		const currentClient = client;
+		const transport = createTransport(config);
+		const bootstrapTimeout = config.bootstrapTimeout ?? DEFAULT_MCP_BOOTSTRAP_TIMEOUT_MS;
+		const { tools: mcpTools } = await raceWithTimeout(async () => {
+			await currentClient.connect(transport);
+			return await currentClient.listTools();
+		}, bootstrapTimeout, `MCP server "${config.name}" bootstrap timed out after ${bootstrapTimeout}ms`);
+		const filteredTools = await applyMcpToolFilters(config, mcpTools, hooks);
+		const durationMs = Date.now() - start;
+		await hooks?.callHook("mcp:bootstrap:end", {
+			name: config.name,
+			transport: config.transport,
+			durationMs,
+			ok: true,
+			toolCount: filteredTools.length
+		});
+		return {
+			ok: true,
+			name: config.name,
+			config,
+			client: currentClient,
+			tools: filteredTools
+		};
+	} catch (err) {
+		const error = err instanceof Error ? err : new Error(String(err));
+		await closeClientQuietly(client);
+		const durationMs = Date.now() - start;
+		await hooks?.callHook("mcp:bootstrap:end", {
+			name: config.name,
+			transport: config.transport,
+			durationMs,
+			ok: false,
+			error
+		});
+		return {
+			ok: false,
+			name: config.name,
+			error
+		};
+	}
+}
+/**
+* Apply config-side filters (`enabledTools` / `disabledTools` / `toolFilter`)
+* and then the `mcp:tools:filter` hook to the upstream tool list.
+*
+* Composition order — narrowest-to-widest:
+* 1. Allow-list (`enabledTools`) — keep only listed tools.
+* 2. Deny-list (`disabledTools`) — drop listed tools.
+* 3. Predicate (`toolFilter`) — fine-grained metadata filtering.
+* 4. Hook (`mcp:tools:filter`) — runtime / per-host decisions.
+*
+* The mutual exclusion of `enabledTools` and `disabledTools` is checked in
+* `bootstrapServer` so this stays a pure data transform.
+*/
+async function applyMcpToolFilters(config, tools, hooks) {
+	let filtered = tools;
+	if (config.enabledTools && config.enabledTools.length > 0) {
+		const allow = new Set(config.enabledTools);
+		filtered = filtered.filter((t) => allow.has(t.name));
+	}
+	if (config.disabledTools && config.disabledTools.length > 0) {
+		const deny = new Set(config.disabledTools);
+		filtered = filtered.filter((t) => !deny.has(t.name));
+	}
+	if (config.toolFilter) {
+		const predicate = config.toolFilter;
+		filtered = filtered.filter((t) => predicate(t));
+	}
+	if (hooks) {
+		const ctx = {
+			server: config.name,
+			transport: config.transport,
+			tools: [...filtered]
+		};
+		await hooks.callHook("mcp:tools:filter", ctx);
+		filtered = ctx.tools;
+	}
+	return filtered;
+}
+/**
+* Build the zidane `ToolDef` that wraps a single MCP tool. Extracted so the
+* parallel bootstrap path can assemble tools from a results array without
+* inlining a 70-line closure inside the collector loop.
+*
+* The returned `execute` closes over the bootstrapped `client` — reconnects /
+* swap-outs must go through a fresh `connectMcpServers` call rather than
+* rewiring the tool in place.
+*/
+function buildMcpToolDef(config, client, tool, namespacedName, hooks) {
+	return {
+		spec: {
+			name: namespacedName,
+			description: tool.description || "",
+			inputSchema: tool.inputSchema ?? {
+				type: "object",
+				properties: {}
+			}
+		},
+		execute: async (input, ctx) => {
+			const { turnId, callId, signal } = ctx;
+			const displayName = ctx.toolAliases?.[namespacedName] ?? namespacedName;
+			const gateCtx = {
+				turnId,
+				callId,
+				server: config.name,
+				tool: tool.name,
+				displayName,
+				input,
+				block: false,
+				reason: "MCP tool execution was blocked"
+			};
+			await hooks?.callHook("mcp:tool:gate", gateCtx);
+			if (gateCtx.block) return `Blocked: ${gateCtx.reason}`;
+			const effectiveInput = gateCtx.input;
+			if (gateCtx.result !== void 0) {
+				let substitute = gateCtx.result;
+				const transformCtx = {
+					turnId,
+					callId,
+					server: config.name,
+					tool: tool.name,
+					displayName,
+					input: effectiveInput,
+					result: substitute,
+					outputBytes: toolOutputByteLength(substitute)
+				};
+				await hooks?.callHook("mcp:tool:transform", transformCtx);
+				substitute = transformCtx.result;
+				await hooks?.callHook("mcp:tool:after", {
+					turnId,
+					callId,
+					server: config.name,
+					tool: tool.name,
+					displayName,
+					input: effectiveInput,
+					result: substitute,
+					outputBytes: toolOutputByteLength(substitute)
+				});
+				return substitute;
+			}
+			await hooks?.callHook("mcp:tool:before", {
+				turnId,
+				callId,
+				server: config.name,
+				tool: tool.name,
+				displayName,
+				input: effectiveInput
+			});
+			const timeout = config.toolTimeout ?? 3e4;
+			try {
+				let output = packMcpResult((await raceWithTimeoutAndSignal(() => client.callTool({
+					name: tool.name,
+					arguments: effectiveInput
+				}), timeout, `MCP tool "${tool.name}" on server "${config.name}" timed out after ${timeout}ms`, signal)).content);
+				const transformCtx = {
+					turnId,
+					callId,
+					server: config.name,
+					tool: tool.name,
+					displayName,
+					input: effectiveInput,
+					result: output,
+					outputBytes: toolOutputByteLength(output)
+				};
+				await hooks?.callHook("mcp:tool:transform", transformCtx);
+				output = transformCtx.result;
+				await hooks?.callHook("mcp:tool:after", {
+					turnId,
+					callId,
+					server: config.name,
+					tool: tool.name,
+					displayName,
+					input: effectiveInput,
+					result: output,
+					outputBytes: toolOutputByteLength(output)
+				});
+				return output;
+			} catch (err) {
+				const error = err instanceof Error ? err : new Error(String(err));
+				await hooks?.callHook("mcp:tool:error", {
+					turnId,
+					callId,
+					server: config.name,
+					tool: tool.name,
+					displayName,
+					input: effectiveInput,
+					error
+				});
+				await hooks?.callHook("mcp:tool:after", {
+					turnId,
+					callId,
+					server: config.name,
+					tool: tool.name,
+					displayName,
+					input: effectiveInput,
+					result: error.message,
+					outputBytes: Buffer.byteLength(error.message)
+				});
+				throw error;
+			}
+		}
+	};
+}
+async function closeClientQuietly(client) {
+	if (!client) return;
+	try {
+		await client.close();
+	} catch {}
+}
+async function raceWithTimeout(task, timeoutMs, timeoutMessage) {
+	let timer;
+	try {
+		return await new Promise((resolvePromise, rejectPromise) => {
+			timer = setTimeout(() => rejectPromise(new Error(timeoutMessage)), timeoutMs);
+			task().then(resolvePromise, rejectPromise);
+		});
+	} finally {
+		if (timer) clearTimeout(timer);
+	}
+}
+/**
+* Race a promise-returning task against (a) a timeout and (b) an optional
+* abort signal. Cleans up its timer and abort listener on every exit path.
+*
+* The task itself isn't cancellable (the MCP SDK doesn't take a signal), so
+* the rejection unblocks the tool call while the underlying RPC completes in
+* the background. When the agent subsequently calls `connection.close()` the
+* stdio transport kills the subprocess, which clears any stuck in-flight work.
+*/
+async function raceWithTimeoutAndSignal(task, timeoutMs, timeoutMessage, signal) {
+	if (signal?.aborted) throw new Error("MCP tool call aborted");
+	let timer;
+	let onAbort;
+	try {
+		return await new Promise((resolvePromise, rejectPromise) => {
+			timer = setTimeout(() => rejectPromise(new Error(timeoutMessage)), timeoutMs);
+			if (signal) {
+				onAbort = () => rejectPromise(/* @__PURE__ */ new Error("MCP tool call aborted"));
+				signal.addEventListener("abort", onAbort, { once: true });
+			}
+			task().then(resolvePromise, rejectPromise);
+		});
+	} finally {
+		if (timer) clearTimeout(timer);
+		if (signal && onAbort) signal.removeEventListener("abort", onAbort);
+	}
+}
+//#endregion
+export { resultToString as i, normalizeMcpBlocks as n, normalizeMcpServers as r, connectMcpServers as t };
+
+//# sourceMappingURL=mcp-8wClKY-3.js.map